Chromium Code Reviews Chromium Code Reviews
Issue 18337010:
Avoid std::string copying in GetFileNameInWhitelist. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master| Index: sandbox/linux/services/broker_process.cc |
| diff --git a/sandbox/linux/services/broker_process.cc b/sandbox/linux/services/broker_process.cc |
| index d2302ea098215c8188eb74b0d36da37506ff302a..17099c4a2a58538eed6fe1fffd4ca49c50067d3d 100644 |
| --- a/sandbox/linux/services/broker_process.cc |
| +++ b/sandbox/linux/services/broker_process.cc |
| @@ -21,6 +21,7 @@ |
| #include "base/posix/eintr_wrapper.h" |
| #include "base/posix/unix_domain_socket_linux.h" |
| #include "build/build_config.h" |
| +#include "sandbox/linux/services/broker_process_utils.h" |
| #include "sandbox/linux/services/linux_syscalls.h" |
| #if defined(OS_ANDROID) && !defined(MSG_CMSG_CLOEXEC) |
| @@ -53,7 +54,7 @@ static const int kCurrentProcessOpenFlagsMask = O_CLOEXEC; |
| // async signal safe if |file_to_open| is NULL. |
| // TODO(jln): assert signal safety. |
| bool GetFileNameInWhitelist(const std::vector<std::string>& allowed_file_names, |
| - const std::string& requested_filename, |
| + const char* requested_filename, |
| const char** file_to_open) { |
| if (file_to_open && *file_to_open) { |
| // Make sure that callers never pass a non-empty string. In case callers |
| @@ -62,12 +63,12 @@ bool GetFileNameInWhitelist(const std::vector<std::string>& allowed_file_names, |
| RAW_LOG(FATAL, "*file_to_open should be NULL"); |
| return false; |
| } |
| - std::vector<std::string>::const_iterator it; |
| - it = std::find(allowed_file_names.begin(), allowed_file_names.end(), |
| - requested_filename); |
| - if (it < allowed_file_names.end()) { // requested_filename was found? |
| + const char* found_filename = |
| + sandbox::BrokerProcessUtils::Find(requested_filename, allowed_file_names); |
| + |
| + if (found_filename) { // |requested_filename| was found? |
| if (file_to_open) |
| - *file_to_open = it->c_str(); |
| + *file_to_open = found_filename; |
| return true; |
| } |
| return false; |
| @@ -393,6 +394,7 @@ void BrokerProcess::AccessFileForIPC(const std::string& requested_filename, |
| const char* file_to_access = NULL; |
| const bool safe_to_access_file = GetFileNameIfAllowedToAccess( |
| requested_filename.c_str(), mode, &file_to_access); |
| + |
| if (safe_to_access_file) { |
| CHECK(file_to_access); |
| int access_ret = access(file_to_access, mode); |
| @@ -447,8 +449,9 @@ void BrokerProcess::OpenFileForIPC(const std::string& requested_filename, |
| // return true if calling access() on this file should be allowed, false |
| // otherwise. |
| // Async signal safe if and only if |file_to_access| is NULL. |
| -bool BrokerProcess::GetFileNameIfAllowedToAccess(const char* requested_filename, |
| - int requested_mode, const char** file_to_access) const { |
|
jln (very slow on Chromium)
2013/07/08 22:36:51
Why the re-indent?
Jorge Lucangeli Obes
2013/07/09 03:52:12
Done.
|
| +bool BrokerProcess::GetFileNameIfAllowedToAccess( |
| + const char* requested_filename, int requested_mode, |
| + const char** file_to_access) const { |
| // First, check if |requested_mode| is existence, ability to read or ability |
| // to write. We do not support X_OK. |
| if (requested_mode != F_OK && |
| @@ -489,8 +492,9 @@ bool BrokerProcess::GetFileNameIfAllowedToAccess(const char* requested_filename, |
| // string comparison mechanism. |
| // Return true if opening should be allowed, false otherwise. |
| // Async signal safe if and only if |file_to_open| is NULL. |
| -bool BrokerProcess::GetFileNameIfAllowedToOpen(const char* requested_filename, |
| - int requested_flags, const char** file_to_open) const { |
| +bool BrokerProcess::GetFileNameIfAllowedToOpen( |
| + const char* requested_filename, int requested_flags, |
| + const char** file_to_open) const { |
|
jln (very slow on Chromium)
2013/07/08 22:36:51
Why the re-indent?
Jorge Lucangeli Obes
2013/07/09 03:52:12
Done.
|
| if (!IsAllowedOpenFlags(requested_flags)) { |
| return false; |
| } |
