Avoid std::string copying in GetFileNameInWhitelist.

sandbox/linux/services/broker_process.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "sandbox/linux/services/broker_process.h"
 
 #include <fcntl.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <sys/syscall.h>
@@ skipping 35 matching lines @@
 // Since we have to account for buggy userland (see crbug.com/237283), we will
 // open(2) the file with O_CLOEXEC in the broker process if necessary, in
 // addition to calling recvmsg(2) with MSG_CMSG_CLOEXEC.
 static const int kCurrentProcessOpenFlagsMask = O_CLOEXEC;
 
 // Check whether |requested_filename| is in |allowed_file_names|.
 // See GetFileNameIfAllowedToOpen() for an explanation of |file_to_open|.
 // async signal safe if |file_to_open| is NULL.
 // TODO(jln): assert signal safety.
 bool GetFileNameInWhitelist(const std::vector<std::string>& allowed_file_names,
-                            const std::string& requested_filename,
+                            const char* requested_filename,
                             const char** file_to_open) {
   if (file_to_open && *file_to_open) {
     // Make sure that callers never pass a non-empty string. In case callers
     // wrongly forget to check the return value and look at the string
     // instead, this could catch bugs.
     RAW_LOG(FATAL, "*file_to_open should be NULL");
     return false;
   }
+
+  // Look for |requested_filename| in |allowed_file_names|.
+  // We don't use ::find() because it takes a std::string and
+  // the conversion allocates memory.
   std::vector<std::string>::const_iterator it;
-  it = std::find(allowed_file_names.begin(), allowed_file_names.end(),
-                 requested_filename);
-  if (it < allowed_file_names.end()) {  // requested_filename was found?
-    if (file_to_open)
-      *file_to_open = it->c_str();
-    return true;
+  for (it = allowed_file_names.begin(); it != allowed_file_names.end(); it++) {
+    if (strcmp(requested_filename, it->c_str()) == 0) {
+      if (file_to_open)
+        *file_to_open = it->c_str();
+      return true;
+    }
   }
   return false;
 }
 
 // We maintain a list of flags that have been reviewed for "sanity" and that
 // we're ok to allow in the broker.
 // I.e. here is where we wouldn't add O_RESET_FILE_SYSTEM.
 bool IsAllowedOpenFlags(int flags) {
   // First, check the access mode
   const int access_mode = flags & O_ACCMODE;
@@ skipping 304 matching lines @@
 }
 
 // Perform access(2) on |requested_filename| with mode |mode| if allowed by our
 // policy. Write the syscall return value (-errno) to |write_pickle|.
 void BrokerProcess::AccessFileForIPC(const std::string& requested_filename,
                                      int mode, Pickle* write_pickle) const {
   DCHECK(write_pickle);
   const char* file_to_access = NULL;
   const bool safe_to_access_file = GetFileNameIfAllowedToAccess(
       requested_filename.c_str(), mode, &file_to_access);
+
   if (safe_to_access_file) {
     CHECK(file_to_access);
     int access_ret = access(file_to_access, mode);
     int access_errno = errno;
     if (!access_ret)
       write_pickle->WriteInt(0);
     else
       write_pickle->WriteInt(-access_errno);
   } else {
     write_pickle->WriteInt(-EPERM);
@@ skipping 102 matching lines @@
           GetFileNameInWhitelist(allowed_w_files_, requested_filename,
                                  file_to_open);
       return allowed_for_read_and_write;
     }
     default:
       return false;
   }
 }
 
 }  // namespace sandbox.