sandbox: Use std::string instead of char*.

--
PiperOrigin-RevId: 151120717
MOS_MIGRATED_REVID=151120717

4 files changed, 63 insertions, 63 deletions

diff --git a/src/main/tools/linux-sandbox-options.cc b/src/main/tools/linux-sandbox-options.cc
index b83c4f68ba..31bd2f425d 100644
--- a/src/main/tools/linux-sandbox-options.cc
+++ b/src/main/tools/linux-sandbox-options.cc
@@ -101,9 +101,9 @@ static void ParseCommandLine(unique_ptr<vector<char *>> args) {
     if (c != 'M' && c != 'm') source_specified = false;
     switch (c) {
       case 'W':
-        if (opt.working_dir == NULL) {
+        if (opt.working_dir.empty()) {
           ValidateIsAbsolutePath(optarg, args->front(), static_cast<char>(c));
-          opt.working_dir = strdup(optarg);
+          opt.working_dir.assign(optarg);
         } else {
           Usage(args->front(),
                 "Multiple working directories (-W) specified, expected one.");
@@ -122,16 +122,16 @@ static void ParseCommandLine(unique_ptr<vector<char *>> args) {
         }
         break;
       case 'l':
-        if (opt.stdout_path == NULL) {
-          opt.stdout_path = optarg;
+        if (opt.stdout_path.empty()) {
+          opt.stdout_path.assign(optarg);
         } else {
           Usage(args->front(),
                 "Cannot redirect stdout to more than one destination.");
         }
         break;
       case 'L':
-        if (opt.stderr_path == NULL) {
-          opt.stderr_path = optarg;
+        if (opt.stderr_path.empty()) {
+          opt.stderr_path.assign(optarg);
         } else {
           Usage(args->front(),
                 "Cannot redirect stderr to more than one destination.");
@@ -139,17 +139,17 @@ static void ParseCommandLine(unique_ptr<vector<char *>> args) {
         break;
       case 'w':
         ValidateIsAbsolutePath(optarg, args->front(), static_cast<char>(c));
-        opt.writable_files.push_back(strdup(optarg));
+        opt.writable_files.emplace_back(optarg);
         break;
       case 'e':
         ValidateIsAbsolutePath(optarg, args->front(), static_cast<char>(c));
-        opt.tmpfs_dirs.push_back(strdup(optarg));
+        opt.tmpfs_dirs.emplace_back(optarg);
         break;
       case 'M':
         ValidateIsAbsolutePath(optarg, args->front(), static_cast<char>(c));
         // Add the current source path to both source and target lists
-        opt.bind_mount_sources.push_back(strdup(optarg));
-        opt.bind_mount_targets.push_back(strdup(optarg));
+        opt.bind_mount_sources.emplace_back(optarg);
+        opt.bind_mount_targets.emplace_back(optarg);
         source_specified = true;
         break;
       case 'm':
@@ -159,7 +159,7 @@ static void ParseCommandLine(unique_ptr<vector<char *>> args) {
                 "The -m option must be strictly preceded by an -M option.");
         }
         opt.bind_mount_targets.pop_back();
-        opt.bind_mount_targets.push_back(strdup(optarg));
+        opt.bind_mount_targets.emplace_back(optarg);
         source_specified = false;
         break;
       case 'H':
@@ -261,7 +261,7 @@ void ParseOptions(int argc, char *argv[]) {
 
   opt.tmpfs_dirs.push_back("/tmp");
 
-  if (opt.working_dir == NULL) {
+  if (opt.working_dir.empty()) {
     opt.working_dir = getcwd(NULL, 0);
   }
 }
diff --git a/src/main/tools/linux-sandbox-options.h b/src/main/tools/linux-sandbox-options.h
index daf1fd684e..a73ca64535 100644
--- a/src/main/tools/linux-sandbox-options.h
+++ b/src/main/tools/linux-sandbox-options.h
@@ -18,28 +18,29 @@
 #include <stdbool.h>
 #include <stddef.h>
 
+#include <string>
 #include <vector>
 
 // Options parsing result.
 struct Options {
   // Working directory (-W)
-  const char *working_dir;
+  std::string working_dir;
   // How long to wait before killing the child (-T)
   int timeout_secs;
   // How long to wait before sending SIGKILL in case of timeout (-t)
   int kill_delay_secs;
   // Where to redirect stdout (-l)
-  const char *stdout_path;
+  std::string stdout_path;
   // Where to redirect stderr (-L)
-  const char *stderr_path;
+  std::string stderr_path;
   // Files or directories to make writable for the sandboxed process (-w)
-  std::vector<const char *> writable_files;
+  std::vector<std::string> writable_files;
   // Directories where to mount an empty tmpfs (-e)
-  std::vector<const char *> tmpfs_dirs;
+  std::vector<std::string> tmpfs_dirs;
   // Source of files or directories to explicitly bind mount in the sandbox (-M)
-  std::vector<const char *> bind_mount_sources;
+  std::vector<std::string> bind_mount_sources;
   // Target of files or directories to explicitly bind mount in the sandbox (-m)
-  std::vector<const char *> bind_mount_targets;
+  std::vector<std::string> bind_mount_targets;
   // Set the hostname inside the sandbox to 'localhost' (-H)
   bool fake_hostname;
   // Create a new network namespace (-N)
diff --git a/src/main/tools/linux-sandbox-pid1.cc b/src/main/tools/linux-sandbox-pid1.cc
index 367c92957e..0095d7262c 100644
--- a/src/main/tools/linux-sandbox-pid1.cc
+++ b/src/main/tools/linux-sandbox-pid1.cc
@@ -54,6 +54,8 @@
 #include <sys/wait.h>
 #include <unistd.h>
 
+#include <string>
+
 static int global_child_pid;
 
 static void SetupSelfDestruction(int *sync_pipe) {
@@ -87,10 +89,10 @@ static void SetupMountNamespace() {
   }
 }
 
-static void WriteFile(const char *filename, const char *fmt, ...) {
-  FILE *stream = fopen(filename, "w");
+static void WriteFile(const std::string &filename, const char *fmt, ...) {
+  FILE *stream = fopen(filename.c_str(), "w");
   if (stream == NULL) {
-    DIE("fopen(%s)", filename);
+    DIE("fopen(%s)", filename.c_str());
   }
 
   va_list ap;
@@ -103,7 +105,7 @@ static void WriteFile(const char *filename, const char *fmt, ...) {
   }
 
   if (fclose(stream) != 0) {
-    DIE("fclose(%s)", filename);
+    DIE("fclose(%s)", filename.c_str());
   }
 }
 
@@ -155,55 +157,59 @@ static void SetupUtsNamespace() {
 }
 
 static void MountFilesystems() {
-  for (const char *tmpfs_dir : opt.tmpfs_dirs) {
-    PRINT_DEBUG("tmpfs: %s", tmpfs_dir);
-    if (mount("tmpfs", tmpfs_dir, "tmpfs", MS_NOSUID | MS_NODEV | MS_NOATIME,
-              NULL) < 0) {
+  for (const std::string &tmpfs_dir : opt.tmpfs_dirs) {
+    PRINT_DEBUG("tmpfs: %s", tmpfs_dir.c_str());
+    if (mount("tmpfs", tmpfs_dir.c_str(), "tmpfs",
+              MS_NOSUID | MS_NODEV | MS_NOATIME, NULL) < 0) {
       DIE("mount(tmpfs, %s, tmpfs, MS_NOSUID | MS_NODEV | MS_NOATIME, NULL)",
-          tmpfs_dir);
+          tmpfs_dir.c_str());
     }
   }
 
   // Make sure that our working directory is a mount point. The easiest way to
   // do this is by bind-mounting it upon itself.
-  PRINT_DEBUG("working dir: %s", opt.working_dir);
+  PRINT_DEBUG("working dir: %s", opt.working_dir.c_str());
 
-  if (mount(opt.working_dir, opt.working_dir, NULL, MS_BIND, NULL) < 0) {
-    DIE("mount(%s, %s, NULL, MS_BIND, NULL)", opt.working_dir, opt.working_dir);
+  if (mount(opt.working_dir.c_str(), opt.working_dir.c_str(), NULL, MS_BIND,
+            NULL) < 0) {
+    DIE("mount(%s, %s, NULL, MS_BIND, NULL)", opt.working_dir.c_str(),
+        opt.working_dir.c_str());
   }
 
   for (size_t i = 0; i < opt.bind_mount_sources.size(); i++) {
-    const char *source = opt.bind_mount_sources.at(i);
-    const char *target = opt.bind_mount_targets.at(i);
-    PRINT_DEBUG("bind mount: %s -> %s", source, target);
-    if (mount(source, target, NULL, MS_BIND, NULL) < 0) {
-      DIE("mount(%s, %s, NULL, MS_BIND, NULL)", source, target);
+    std::string source = opt.bind_mount_sources.at(i);
+    std::string target = opt.bind_mount_targets.at(i);
+    PRINT_DEBUG("bind mount: %s -> %s", source.c_str(), target.c_str());
+    if (mount(source.c_str(), target.c_str(), NULL, MS_BIND, NULL) < 0) {
+      DIE("mount(%s, %s, NULL, MS_BIND, NULL)", source.c_str(), target.c_str());
     }
   }
 
-  for (const char *writable_file : opt.writable_files) {
-    PRINT_DEBUG("writable: %s", writable_file);
-    if (mount(writable_file, writable_file, NULL, MS_BIND, NULL) < 0) {
-      DIE("mount(%s, %s, NULL, MS_BIND, NULL)", writable_file, writable_file);
+  for (const std::string &writable_file : opt.writable_files) {
+    PRINT_DEBUG("writable: %s", writable_file.c_str());
+    if (mount(writable_file.c_str(), writable_file.c_str(), NULL, MS_BIND,
+              NULL) < 0) {
+      DIE("mount(%s, %s, NULL, MS_BIND, NULL)", writable_file.c_str(),
+          writable_file.c_str());
     }
   }
 }
 
 // We later remount everything read-only, except the paths for which this method
 // returns true.
-static bool ShouldBeWritable(char *mnt_dir) {
-  if (strcmp(mnt_dir, opt.working_dir) == 0) {
+static bool ShouldBeWritable(const std::string &mnt_dir) {
+  if (mnt_dir == opt.working_dir) {
     return true;
   }
 
-  for (const char *writable_file : opt.writable_files) {
-    if (strcmp(mnt_dir, writable_file) == 0) {
+  for (const std::string &writable_file : opt.writable_files) {
+    if (mnt_dir == writable_file) {
       return true;
     }
   }
 
-  for (const char *tmpfs_dir : opt.tmpfs_dirs) {
-    if (strcmp(mnt_dir, tmpfs_dir) == 0) {
+  for (const std::string &tmpfs_dir : opt.tmpfs_dirs) {
+    if (mnt_dir == tmpfs_dir) {
       return true;
     }
   }
@@ -315,8 +321,8 @@ static void SetupNetworking() {
 }
 
 static void EnterSandbox() {
-  if (chdir(opt.working_dir) < 0) {
-    DIE("chdir(%s)", opt.working_dir);
+  if (chdir(opt.working_dir.c_str()) < 0) {
+    DIE("chdir(%s)", opt.working_dir.c_str());
   }
 }
 
diff --git a/src/main/tools/linux-sandbox.cc b/src/main/tools/linux-sandbox.cc
index 9d2fd01767..ac81836197 100644
--- a/src/main/tools/linux-sandbox.cc
+++ b/src/main/tools/linux-sandbox.cc
@@ -68,6 +68,7 @@
 #include <sys/wait.h>
 #include <unistd.h>
 
+#include <string>
 #include <vector>
 
 int global_outer_uid;
@@ -211,12 +212,12 @@ static int WaitForPid1() {
   }
 }
 
-static void Redirect(const char *target_path, int fd, const char *name) {
-  if (target_path != NULL && strcmp(target_path, "-") != 0) {
+static void Redirect(const std::string &target_path, int fd) {
+  if (!target_path.empty() && target_path != "-") {
     const int flags = O_WRONLY | O_CREAT | O_TRUNC | O_APPEND;
-    int fd_out = open(target_path, flags, 0666);
+    int fd_out = open(target_path.c_str(), flags, 0666);
     if (fd_out < 0) {
-      DIE("open(%s)", target_path);
+      DIE("open(%s)", target_path.c_str());
     }
     // If we were launched with less than 3 fds (stdin, stdout, stderr) open,
     // but redirection is still requested via a command-line flag, something is
@@ -225,7 +226,7 @@ static void Redirect(const char *target_path, int fd, const char *name) {
     if (fd_out < 3) {
       DIE("open(%s) returned a handle that is reserved for stdin / stdout / "
           "stderr",
-          target_path);
+          target_path.c_str());
     }
     if (dup2(fd_out, fd) < 0) {
       DIE("dup2()");
@@ -236,14 +237,6 @@ static void Redirect(const char *target_path, int fd, const char *name) {
   }
 }
 
-static void RedirectStdout(const char *stdout_path) {
-  Redirect(stdout_path, STDOUT_FILENO, "stdout");
-}
-
-static void RedirectStderr(const char *stderr_path) {
-  Redirect(stderr_path, STDERR_FILENO, "stderr");
-}
-
 int main(int argc, char *argv[]) {
   // Ask the kernel to kill us with SIGKILL if our parent dies.
   if (prctl(PR_SET_PDEATHSIG, SIGKILL) < 0) {
@@ -252,8 +245,8 @@ int main(int argc, char *argv[]) {
 
   ParseOptions(argc, argv);
 
-  RedirectStdout(opt.stdout_path);
-  RedirectStderr(opt.stderr_path);
+  Redirect(opt.stdout_path, STDOUT_FILENO);
+  Redirect(opt.stderr_path, STDERR_FILENO);
 
   // This should never be called as a setuid binary, drop privileges just in
   // case. We don't need to be root, because we use user namespaces anyway.