0

spanify: Renewed arrayification (X/43)

This CL is part of the wider spanification / arrayification effort [1]
and does not (intentionally) introduce behavioral change. It applies the
`std::array` rewrite to

sandbox

as close as possible to the output directly written by `spanify`, with
no hand-rolled fixes (except where rebasing would require).

This change (and its siblings taken together) is thought not to cause
any measurable perf regressions [2].

[1] https://issues.chromium.org/356643982
[2] https://docs.google.com/document/d/1jughaR6JKn7T-dDjMou10awyNkhE5T-vLY_K2YMqHE4/edit?tab=t.0#heading=h.r2eguxl5lhu7

This CL was uploaded by an experimental version of git cl split
(https://crbug.com/389069356).

Bug: 406029216
Change-Id: I7272cf68f36effff56dce9a130a4d5364cae1174
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6433380
Commit-Queue: Kalvin Lee <kdlee@chromium.org>
Auto-Submit: Kalvin Lee <kdlee@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1443903}
This commit is contained in:
Kalvin Lee
2025-04-07 20:03:36 -07:00
committed by Chromium LUCI CQ
parent 69ff89d003
commit 7bb4dca949
3 changed files with 24 additions and 14 deletions
sandbox/linux

@ -2,6 +2,8 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <array>
#ifdef UNSAFE_BUFFERS_BUILD
// TODO(crbug.com/351564777): Remove this and convert code to safer constructs.
#pragma allow_unsafe_buffers
@ -202,7 +204,7 @@ bool Credentials::SetCapabilitiesOnCurrentThread(
const std::vector<Capability>& caps) {
struct cap_hdr hdr = {};
hdr.version = _LINUX_CAPABILITY_VERSION_3;
struct cap_data data[_LINUX_CAPABILITY_U32S_3] = {};
std::array<cap_data, _LINUX_CAPABILITY_U32S_3> data = {};
// Initially, cap has no capability flags set. Enable the effective and
// permitted flags only for the requested capabilities.
@ -214,7 +216,7 @@ bool Credentials::SetCapabilitiesOnCurrentThread(
data[index].permitted |= mask;
}
return sys_capset(&hdr, data) == 0;
return sys_capset(&hdr, data.data()) == 0;
}
// static
@ -234,9 +236,9 @@ bool Credentials::SetCapabilities(int proc_fd,
bool Credentials::HasAnyCapability() {
struct cap_hdr hdr = {};
hdr.version = _LINUX_CAPABILITY_VERSION_3;
struct cap_data data[_LINUX_CAPABILITY_U32S_3] = {};
std::array<cap_data, _LINUX_CAPABILITY_U32S_3> data = {};
PCHECK(sys_capget(&hdr, data) == 0);
PCHECK(sys_capget(&hdr, data.data()) == 0);
for (size_t i = 0; i < std::size(data); ++i) {
if (data[i].effective || data[i].permitted || data[i].inheritable) {
@ -250,9 +252,9 @@ bool Credentials::HasAnyCapability() {
bool Credentials::HasCapability(Capability cap) {
struct cap_hdr hdr = {};
hdr.version = _LINUX_CAPABILITY_VERSION_3;
struct cap_data data[_LINUX_CAPABILITY_U32S_3] = {};
std::array<cap_data, _LINUX_CAPABILITY_U32S_3> data = {};
PCHECK(sys_capget(&hdr, data) == 0);
PCHECK(sys_capget(&hdr, data.data()) == 0);
const int cap_num = CapabilityToKernelValue(cap);
const size_t index = CAP_TO_INDEX(cap_num);

@ -2,6 +2,8 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <array>
#ifdef UNSAFE_BUFFERS_BUILD
// TODO(crbug.com/351564777): Remove this and convert code to safer constructs.
#pragma allow_unsafe_buffers
@ -51,11 +53,13 @@ void SetSandboxAPIEnvironmentVariable(base::Environment* env) {
// inside another.
void UnsetExpectedEnvironmentVariables(base::EnvironmentMap* env_map) {
DCHECK(env_map);
const base::NativeEnvironmentString environment_vars[] = {
kSandboxDescriptorEnvironmentVarName, kSandboxHelperPidEnvironmentVarName,
kSandboxEnvironmentApiProvides, kSandboxPIDNSEnvironmentVarName,
const auto environment_vars = std::to_array<base::NativeEnvironmentString>({
kSandboxDescriptorEnvironmentVarName,
kSandboxHelperPidEnvironmentVarName,
kSandboxEnvironmentApiProvides,
kSandboxPIDNSEnvironmentVarName,
kSandboxNETNSEnvironmentVarName,
};
});
for (size_t i = 0; i < std::size(environment_vars); ++i) {
// Setting values in EnvironmentMap to an empty-string will make

@ -2,6 +2,8 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <array>
#ifdef UNSAFE_BUFFERS_BUILD
// TODO(crbug.com/351564777): Remove this and convert code to safer constructs.
#pragma allow_unsafe_buffers
@ -750,14 +752,15 @@ void TestRewriteProcSelfHelper(bool fast_check_in_client) {
// Reading /proc/self/status should return the same PID as the current
// process's PID, not the broker's.
char buf[4096];
std::array<char, 4096> buf;
ssize_t num_read = HANDLE_EINTR(read(fd, buf, sizeof(buf)));
ssize_t num_read = HANDLE_EINTR(
read(fd, buf.data(), (buf.size() * sizeof(decltype(buf)::value_type))));
ASSERT_GE(IGNORE_EINTR(close(fd)), 0);
ASSERT_GT(num_read, 0);
std::string_view status(buf, static_cast<size_t>(num_read));
std::string_view status(buf.data(), static_cast<size_t>(num_read));
std::string_view tracer("Pid:\t");
std::string_view::size_type pid_index = status.find(tracer);
@ -766,7 +769,8 @@ void TestRewriteProcSelfHelper(bool fast_check_in_client) {
std::string_view::size_type pid_end_index = status.find('\n', pid_index);
ASSERT_NE(pid_end_index, std::string_view::npos);
std::string_view pid_str(buf + pid_index, pid_end_index - pid_index);
std::string_view pid_str(base::span<char>(buf).subspan(pid_index).data(),
pid_end_index - pid_index);
int pid = 0;
ASSERT_TRUE(base::StringToInt(pid_str, &pid));