diff --git a/sandboxed_api/sandbox2/client.cc b/sandboxed_api/sandbox2/client.cc index 01f2204..dddbb7a 100644 --- a/sandboxed_api/sandbox2/client.cc +++ b/sandboxed_api/sandbox2/client.cc @@ -169,10 +169,7 @@ void Client::SetUpIPC() { void Client::ReceivePolicy() { std::vector bytes; SAPI_RAW_CHECK(comms_->RecvBytes(&bytes), "receive bytes"); - policy_len_ = bytes.size(); - - policy_ = absl::make_unique(policy_len_); - memcpy(policy_.get(), bytes.data(), policy_len_); + policy_ = std::move(bytes); } void Client::ApplyPolicyAndBecomeTracee() { @@ -201,12 +198,12 @@ void Client::ApplyPolicyAndBecomeTracee() { "setting PR_SET_KEEPCAPS flag"); sock_fprog prog; - prog.len = static_cast(policy_len_ / sizeof(sock_filter)); - prog.filter = reinterpret_cast(policy_.get()); + prog.len = static_cast(policy_.size() / sizeof(sock_filter)); + prog.filter = reinterpret_cast(&policy_.front()); SAPI_RAW_VLOG( 1, "Applying policy in PID %d, sock_fprog.len: %hd entries (%d bytes)", - syscall(__NR_gettid), prog.len, policy_len_); + syscall(__NR_gettid), prog.len, policy_.size()); // Signal executor we are ready to have limits applied on us and be ptraced. // We want limits at the last moment to avoid triggering them too early and we diff --git a/sandboxed_api/sandbox2/client.h b/sandboxed_api/sandbox2/client.h index 8b1d0aa..7d0c917 100644 --- a/sandboxed_api/sandbox2/client.h +++ b/sandboxed_api/sandbox2/client.h @@ -72,10 +72,7 @@ class Client { friend class ForkServer; // Seccomp-bpf policy received from the monitor. - std::unique_ptr policy_; - - // Length of the policy received from the monitor. - int policy_len_; + std::vector policy_; // LogSink that forwards all log messages to the supervisor. std::unique_ptr logsink_;