Replace std::unique_ptr<uint8_t[]> with vector

No need for the smart pointer indirection when an `std::vector` can also hold
the BPF policy.

PiperOrigin-RevId: 340809220
Change-Id: I8a63567e8042d9ff875cba739e8552db87b6901a

sandboxed_api/sandbox2/client.cc

@@ -169,10 +169,7 @@ void Client::SetUpIPC() {
 void Client::ReceivePolicy() {
   std::vector<uint8_t> bytes;
   SAPI_RAW_CHECK(comms_->RecvBytes(&bytes), "receive bytes");
-  policy_len_ = bytes.size();
-
-  policy_ = absl::make_unique<uint8_t[]>(policy_len_);
-  memcpy(policy_.get(), bytes.data(), policy_len_);
+  policy_ = std::move(bytes);
 }
 
 void Client::ApplyPolicyAndBecomeTracee() {
@@ -201,12 +198,12 @@ void Client::ApplyPolicyAndBecomeTracee() {
                  "setting PR_SET_KEEPCAPS flag");
 
   sock_fprog prog;
-  prog.len = static_cast<uint16_t>(policy_len_ / sizeof(sock_filter));
-  prog.filter = reinterpret_cast<sock_filter*>(policy_.get());
+  prog.len = static_cast<uint16_t>(policy_.size() / sizeof(sock_filter));
+  prog.filter = reinterpret_cast<sock_filter*>(&policy_.front());
 
   SAPI_RAW_VLOG(
       1, "Applying policy in PID %d, sock_fprog.len: %hd entries (%d bytes)",
-      syscall(__NR_gettid), prog.len, policy_len_);
+      syscall(__NR_gettid), prog.len, policy_.size());
 
   // Signal executor we are ready to have limits applied on us and be ptraced.
   // We want limits at the last moment to avoid triggering them too early and we

sandboxed_api/sandbox2/client.h

@@ -72,10 +72,7 @@ class Client {
   friend class ForkServer;
 
   // Seccomp-bpf policy received from the monitor.
-  std::unique_ptr<uint8_t[]> policy_;
-
-  // Length of the policy received from the monitor.
-  int policy_len_;
+  std::vector<uint8_t> policy_;
 
   // LogSink that forwards all log messages to the supervisor.
   std::unique_ptr<LogSink> logsink_;