StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity

Replace std::unique_ptr<uint8_t[]> with vector

Browse Source 
No need for the smart pointer indirection when an `std::vector` can also hold
the BPF policy.

PiperOrigin-RevId: 340809220
Change-Id: I8a63567e8042d9ff875cba739e8552db87b6901a
This commit is contained in:
Christian Blichmann 2020-11-05 02:03:20 -08:00 committed by Copybara-Service
parent 7c30aebe2d
commit c99076bf94
2 changed files with 5 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
sandboxed_api/sandbox2/client.cc
View File

@ -169,10 +169,7 @@ void Client::SetUpIPC() {
void Client::ReceivePolicy() { void Client::ReceivePolicy() {
std::vector<uint8_t> bytes; std::vector<uint8_t> bytes;
SAPI_RAW_CHECK(comms_->RecvBytes(&bytes), "receive bytes"); SAPI_RAW_CHECK(comms_->RecvBytes(&bytes), "receive bytes");
policy_len_ = bytes.size(); policy_ = std::move(bytes);
policy_ = absl::make_unique<uint8_t[]>(policy_len_);
memcpy(policy_.get(), bytes.data(), policy_len_);
} }
void Client::ApplyPolicyAndBecomeTracee() { void Client::ApplyPolicyAndBecomeTracee() {
@ -201,12 +198,12 @@ void Client::ApplyPolicyAndBecomeTracee() {
"setting PR_SET_KEEPCAPS flag"); "setting PR_SET_KEEPCAPS flag");
sock_fprog prog; sock_fprog prog;
prog.len = static_cast<uint16_t>(policy_len_ / sizeof(sock_filter)); prog.len = static_cast<uint16_t>(policy_.size() / sizeof(sock_filter));
prog.filter = reinterpret_cast<sock_filter*>(policy_.get()); prog.filter = reinterpret_cast<sock_filter*>(&policy_.front());
SAPI_RAW_VLOG( SAPI_RAW_VLOG(
1, "Applying policy in PID %d, sock_fprog.len: %hd entries (%d bytes)", 1, "Applying policy in PID %d, sock_fprog.len: %hd entries (%d bytes)",
syscall(__NR_gettid), prog.len, policy_len_); syscall(__NR_gettid), prog.len, policy_.size());
// Signal executor we are ready to have limits applied on us and be ptraced. // Signal executor we are ready to have limits applied on us and be ptraced.
// We want limits at the last moment to avoid triggering them too early and we // We want limits at the last moment to avoid triggering them too early and we

5
sandboxed_api/sandbox2/client.h
View File

@ -72,10 +72,7 @@ class Client {
friend class ForkServer; friend class ForkServer;
// Seccomp-bpf policy received from the monitor. // Seccomp-bpf policy received from the monitor.
std::unique_ptr<uint8_t[]> policy_; std::vector<uint8_t> policy_;
// Length of the policy received from the monitor.
int policy_len_;
// LogSink that forwards all log messages to the supervisor. // LogSink that forwards all log messages to the supervisor.
std::unique_ptr<LogSink> logsink_; std::unique_ptr<LogSink> logsink_;