OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/mach_broker_mac.h" | 5 #include "content/browser/mach_broker_mac.h" |
6 | 6 |
| 7 #include <bsm/libbsm.h> |
| 8 |
7 #include "base/bind.h" | 9 #include "base/bind.h" |
8 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
9 #include "base/command_line.h" | 11 #include "base/command_line.h" |
10 #include "base/logging.h" | 12 #include "base/logging.h" |
11 #include "base/mac/foundation_util.h" | 13 #include "base/mac/foundation_util.h" |
| 14 #include "base/mac/scoped_mach_port.h" |
12 #include "base/mach_ipc_mac.h" | 15 #include "base/mach_ipc_mac.h" |
13 #include "base/string_util.h" | 16 #include "base/string_util.h" |
14 #include "base/stringprintf.h" | 17 #include "base/stringprintf.h" |
15 #include "base/strings/sys_string_conversions.h" | 18 #include "base/strings/sys_string_conversions.h" |
16 #include "base/threading/platform_thread.h" | 19 #include "base/threading/platform_thread.h" |
17 #include "content/browser/renderer_host/render_process_host_impl.h" | 20 #include "content/browser/renderer_host/render_process_host_impl.h" |
18 #include "content/public/browser/child_process_data.h" | 21 #include "content/public/browser/child_process_data.h" |
19 #include "content/public/browser/browser_thread.h" | 22 #include "content/public/browser/browser_thread.h" |
20 #include "content/public/browser/notification_service.h" | 23 #include "content/public/browser/notification_service.h" |
21 #include "content/public/browser/notification_types.h" | 24 #include "content/public/browser/notification_types.h" |
22 #include "content/public/common/content_switches.h" | 25 #include "content/public/common/content_switches.h" |
23 | 26 |
24 namespace content { | 27 namespace content { |
25 | 28 |
26 namespace { | 29 namespace { |
| 30 |
27 // Prints a string representation of a Mach error code. | 31 // Prints a string representation of a Mach error code. |
28 std::string MachErrorCode(kern_return_t err) { | 32 std::string MachErrorCode(kern_return_t err) { |
29 return base::StringPrintf("0x%x %s", err, mach_error_string(err)); | 33 return base::StringPrintf("0x%x %s", err, mach_error_string(err)); |
30 } | 34 } |
| 35 |
| 36 // Mach message structure used in the child as a sending message. |
| 37 struct MachBroker_ChildSendMsg { |
| 38 mach_msg_header_t header; |
| 39 mach_msg_body_t body; |
| 40 mach_msg_port_descriptor_t child_task_port; |
| 41 }; |
| 42 |
| 43 // Complement to the ChildSendMsg, this is used in the parent for receiving |
| 44 // a message. Contains a message trailer with audit information. |
| 45 struct MachBroker_ParentRecvMsg : public MachBroker_ChildSendMsg { |
| 46 mach_msg_audit_trailer_t trailer; |
| 47 }; |
| 48 |
31 } // namespace | 49 } // namespace |
32 | 50 |
33 class MachListenerThreadDelegate : public base::PlatformThread::Delegate { | 51 class MachListenerThreadDelegate : public base::PlatformThread::Delegate { |
34 public: | 52 public: |
35 MachListenerThreadDelegate(MachBroker* broker) : broker_(broker) { | 53 explicit MachListenerThreadDelegate(MachBroker* broker) |
| 54 : broker_(broker), |
| 55 server_port_(MACH_PORT_NULL) { |
36 DCHECK(broker_); | 56 DCHECK(broker_); |
37 std::string port_name = MachBroker::GetMachPortName(); | 57 } |
38 | 58 |
39 // Create the receive port in the constructor, not in ThreadMain(). It is | 59 bool Init() { |
40 // important to create and register the receive port before starting the | 60 DCHECK(server_port_ == MACH_PORT_NULL); |
41 // thread so that child processes will always have someone who's listening. | 61 |
42 receive_port_.reset(new base::ReceivePort(port_name.c_str())); | 62 mach_port_t port; |
| 63 kern_return_t kr = mach_port_allocate(mach_task_self(), |
| 64 MACH_PORT_RIGHT_RECEIVE, |
| 65 &port); |
| 66 if (kr != KERN_SUCCESS) { |
| 67 LOG(ERROR) << "Failed to allocate MachBroker server port: " |
| 68 << MachErrorCode(kr); |
| 69 return false; |
| 70 } |
| 71 |
| 72 // Allocate a send right for the server port. |
| 73 kr = mach_port_insert_right( |
| 74 mach_task_self(), port, port, MACH_MSG_TYPE_MAKE_SEND); |
| 75 if (kr != KERN_SUCCESS) { |
| 76 LOG(ERROR) << "Failed to insert send right for MachBroker server port: " |
| 77 << MachErrorCode(kr); |
| 78 return false; |
| 79 } |
| 80 |
| 81 server_port_.reset(port); |
| 82 |
| 83 // Register the port with the bootstrap server. Because bootstrap_register |
| 84 // is deprecated, this has to be wraped in an ObjC interface. |
| 85 NSPort* ns_port = [NSMachPort portWithMachPort:port |
| 86 options:NSMachPortDeallocateNone]; |
| 87 NSString* name = base::SysUTF8ToNSString(broker_->GetMachPortName()); |
| 88 return [[NSMachBootstrapServer sharedInstance] registerPort:ns_port |
| 89 name:name]; |
43 } | 90 } |
44 | 91 |
45 // Implement |PlatformThread::Delegate|. | 92 // Implement |PlatformThread::Delegate|. |
46 virtual void ThreadMain() OVERRIDE { | 93 virtual void ThreadMain() OVERRIDE { |
47 base::MachReceiveMessage message; | 94 MachBroker_ParentRecvMsg msg; |
48 kern_return_t err; | 95 bzero(&msg, sizeof(msg)); |
49 while ((err = receive_port_->WaitForMessage(&message, | 96 msg.header.msgh_size = sizeof(msg); |
50 MACH_MSG_TIMEOUT_NONE)) == | 97 msg.header.msgh_local_port = server_port_.get(); |
51 KERN_SUCCESS) { | 98 |
52 // 0 was the secret message id. Reject any messages that don't have it. | 99 kern_return_t kr; |
53 if (message.GetMessageID() != 0) { | 100 do { |
54 LOG(ERROR) << "Received message with incorrect id: " | 101 // Use the kernel audit information to make sure this message is from |
55 << message.GetMessageID(); | 102 // a task that this process spawned. The kernel audit token contains the |
56 continue; | 103 // unspoofable pid of the task that sent the message. |
| 104 mach_msg_option_t options = MACH_RCV_MSG | |
| 105 MACH_RCV_TRAILER_TYPE(MACH_RCV_TRAILER_AUDIT) | |
| 106 MACH_RCV_TRAILER_ELEMENTS(MACH_RCV_TRAILER_AUDIT); |
| 107 |
| 108 kr = mach_msg(&msg.header, options, 0, sizeof(msg), server_port_, |
| 109 MACH_MSG_TIMEOUT_NONE, MACH_PORT_NULL); |
| 110 if (kr == KERN_SUCCESS) { |
| 111 // TODO(rsesek): In the 10.7 SDK, there's audit_token_to_pid(). |
| 112 pid_t child_pid; |
| 113 audit_token_to_au32(msg.trailer.msgh_audit, |
| 114 NULL, NULL, NULL, NULL, NULL, &child_pid, NULL, NULL); |
| 115 |
| 116 mach_port_t child_task_port = msg.child_task_port.name; |
| 117 |
| 118 // Take the lock and update the broker information. |
| 119 base::AutoLock lock(broker_->GetLock()); |
| 120 broker_->FinalizePid(child_pid, child_task_port); |
57 } | 121 } |
| 122 } while (kr == KERN_SUCCESS); |
58 | 123 |
59 const task_t child_task = message.GetTranslatedPort(0); | 124 LOG(ERROR) << "MachBroker thread exiting; mach_msg() likely failed: " |
60 if (child_task == MACH_PORT_NULL) { | 125 << MachErrorCode(kr); |
61 LOG(ERROR) << "parent GetTranslatedPort(0) failed."; | |
62 continue; | |
63 } | |
64 | |
65 // It is possible for the child process to die after the call to | |
66 // |pid_for_task()| but before the call to |FinalizePid()|. To prevent | |
67 // leaking MachBroker map entries in this case, lock around both these | |
68 // calls. If the child dies, the death notification will be processed | |
69 // after the call to FinalizePid(), ensuring proper cleanup. | |
70 base::AutoLock lock(broker_->GetLock()); | |
71 | |
72 int pid; | |
73 err = pid_for_task(child_task, &pid); | |
74 if (err == KERN_SUCCESS) { | |
75 broker_->FinalizePid(pid, | |
76 MachBroker::MachInfo().SetTask(child_task)); | |
77 } else { | |
78 LOG(ERROR) << "Error getting pid for task " << child_task | |
79 << ": " << MachErrorCode(err); | |
80 } | |
81 } | |
82 | |
83 LOG(ERROR) << "Mach listener thread exiting; " | |
84 << "parent WaitForMessage() likely failed: " | |
85 << MachErrorCode(err); | |
86 } | 126 } |
87 | 127 |
88 private: | 128 private: |
89 // The Mach port to listen on. Created on thread startup. | |
90 scoped_ptr<base::ReceivePort> receive_port_; | |
91 | |
92 // The MachBroker to use when new child task rights are received. Can be | 129 // The MachBroker to use when new child task rights are received. Can be |
93 // NULL. | 130 // NULL. |
94 MachBroker* broker_; // weak | 131 MachBroker* broker_; // weak |
95 | 132 |
| 133 base::mac::ScopedMachPort server_port_; |
| 134 |
96 DISALLOW_COPY_AND_ASSIGN(MachListenerThreadDelegate); | 135 DISALLOW_COPY_AND_ASSIGN(MachListenerThreadDelegate); |
97 }; | 136 }; |
98 | 137 |
99 // Returns the global MachBroker. | 138 bool MachBroker::ChildSendTaskPortToParent() { |
| 139 // Look up the named MachBroker port that's been registered with the |
| 140 // bootstrap server. |
| 141 mach_port_t bootstrap_port; |
| 142 kern_return_t kr = task_get_bootstrap_port(mach_task_self(), &bootstrap_port); |
| 143 if (kr != KERN_SUCCESS) { |
| 144 LOG(ERROR) << "Failed to look up bootstrap port: " << MachErrorCode(kr); |
| 145 return false; |
| 146 } |
| 147 |
| 148 mach_port_t parent_port; |
| 149 kr = bootstrap_look_up(bootstrap_port, |
| 150 const_cast<char*>(GetMachPortName().c_str()), &parent_port); |
| 151 if (kr != KERN_SUCCESS) { |
| 152 LOG(ERROR) << "Failed to look up named parent port: " << MachErrorCode(kr); |
| 153 return false; |
| 154 } |
| 155 |
| 156 // Create the check in message. This will copy a send right on this process' |
| 157 // (the child's) task port and send it to the parent. |
| 158 MachBroker_ChildSendMsg msg; |
| 159 bzero(&msg, sizeof(msg)); |
| 160 msg.header.msgh_bits = MACH_MSGH_BITS_REMOTE(MACH_MSG_TYPE_COPY_SEND) | |
| 161 MACH_MSGH_BITS_COMPLEX; |
| 162 msg.header.msgh_remote_port = parent_port; |
| 163 msg.header.msgh_size = sizeof(msg); |
| 164 msg.body.msgh_descriptor_count = 1; |
| 165 msg.child_task_port.name = mach_task_self(); |
| 166 msg.child_task_port.disposition = MACH_MSG_TYPE_PORT_SEND; |
| 167 msg.child_task_port.type = MACH_MSG_PORT_DESCRIPTOR; |
| 168 |
| 169 kr = mach_msg(&msg.header, MACH_SEND_MSG | MACH_SEND_TIMEOUT, sizeof(msg), |
| 170 0, MACH_PORT_NULL, 100 /*milliseconds*/, MACH_PORT_NULL); |
| 171 if (kr != KERN_SUCCESS) { |
| 172 LOG(ERROR) << "Failed to send task port to parent: " << MachErrorCode(kr); |
| 173 return false; |
| 174 } |
| 175 |
| 176 return true; |
| 177 } |
| 178 |
100 MachBroker* MachBroker::GetInstance() { | 179 MachBroker* MachBroker::GetInstance() { |
101 return Singleton<MachBroker, LeakySingletonTraits<MachBroker> >::get(); | 180 return Singleton<MachBroker, LeakySingletonTraits<MachBroker> >::get(); |
102 } | 181 } |
103 | 182 |
| 183 base::Lock& MachBroker::GetLock() { |
| 184 return lock_; |
| 185 } |
| 186 |
104 void MachBroker::EnsureRunning() { | 187 void MachBroker::EnsureRunning() { |
105 lock_.AssertAcquired(); | 188 lock_.AssertAcquired(); |
106 | 189 |
107 if (!listener_thread_started_) { | 190 if (!listener_thread_started_) { |
108 listener_thread_started_ = true; | 191 listener_thread_started_ = true; |
109 | 192 |
110 BrowserThread::PostTask( | 193 BrowserThread::PostTask( |
111 BrowserThread::UI, FROM_HERE, | 194 BrowserThread::UI, FROM_HERE, |
112 base::Bind(&MachBroker::RegisterNotifications, base::Unretained(this))); | 195 base::Bind(&MachBroker::RegisterNotifications, base::Unretained(this))); |
113 | 196 |
114 // Intentional leak. This thread is never joined or reaped. | 197 // Intentional leak. This thread is never joined or reaped. |
115 base::PlatformThread::CreateNonJoinable( | 198 MachListenerThreadDelegate* thread = new MachListenerThreadDelegate(this); |
116 0, new MachListenerThreadDelegate(this)); | 199 if (thread->Init()) { |
| 200 base::PlatformThread::CreateNonJoinable(0, thread); |
| 201 } else { |
| 202 LOG(ERROR) << "Failed to initialize the MachListenerThreadDelegate"; |
| 203 } |
117 } | 204 } |
118 } | 205 } |
119 | 206 |
120 // Adds a placeholder to the map for the given pid with MACH_PORT_NULL. | |
121 void MachBroker::AddPlaceholderForPid(base::ProcessHandle pid) { | 207 void MachBroker::AddPlaceholderForPid(base::ProcessHandle pid) { |
122 lock_.AssertAcquired(); | 208 lock_.AssertAcquired(); |
123 | 209 |
124 MachInfo mach_info; | |
125 DCHECK_EQ(0u, mach_map_.count(pid)); | 210 DCHECK_EQ(0u, mach_map_.count(pid)); |
126 mach_map_[pid] = mach_info; | 211 mach_map_[pid] = MACH_PORT_NULL; |
127 } | 212 } |
128 | 213 |
129 // Updates the mapping for |pid| to include the given |mach_info|. | |
130 void MachBroker::FinalizePid(base::ProcessHandle pid, | |
131 const MachInfo& mach_info) { | |
132 lock_.AssertAcquired(); | |
133 | |
134 const int count = mach_map_.count(pid); | |
135 if (count == 0) { | |
136 // Do nothing for unknown pids. | |
137 LOG(ERROR) << "Unknown process " << pid << " is sending Mach IPC messages!"; | |
138 return; | |
139 } | |
140 | |
141 DCHECK_EQ(1, count); | |
142 DCHECK(mach_map_[pid].mach_task_ == MACH_PORT_NULL); | |
143 if (mach_map_[pid].mach_task_ == MACH_PORT_NULL) | |
144 mach_map_[pid] = mach_info; | |
145 } | |
146 | |
147 // Removes all mappings belonging to |pid| from the broker. | |
148 void MachBroker::InvalidatePid(base::ProcessHandle pid) { | |
149 base::AutoLock lock(lock_); | |
150 MachBroker::MachMap::iterator it = mach_map_.find(pid); | |
151 if (it == mach_map_.end()) | |
152 return; | |
153 | |
154 kern_return_t kr = mach_port_deallocate(mach_task_self(), | |
155 it->second.mach_task_); | |
156 LOG_IF(WARNING, kr != KERN_SUCCESS) | |
157 << "Failed to mach_port_deallocate mach task " << it->second.mach_task_ | |
158 << ", error " << MachErrorCode(kr); | |
159 mach_map_.erase(it); | |
160 } | |
161 | |
162 base::Lock& MachBroker::GetLock() { | |
163 return lock_; | |
164 } | |
165 | |
166 // Returns the mach task belonging to |pid|. | |
167 mach_port_t MachBroker::TaskForPid(base::ProcessHandle pid) const { | 214 mach_port_t MachBroker::TaskForPid(base::ProcessHandle pid) const { |
168 base::AutoLock lock(lock_); | 215 base::AutoLock lock(lock_); |
169 MachBroker::MachMap::const_iterator it = mach_map_.find(pid); | 216 MachBroker::MachMap::const_iterator it = mach_map_.find(pid); |
170 if (it == mach_map_.end()) | 217 if (it == mach_map_.end()) |
171 return MACH_PORT_NULL; | 218 return MACH_PORT_NULL; |
172 return it->second.mach_task_; | 219 return it->second; |
173 } | 220 } |
174 | 221 |
175 void MachBroker::BrowserChildProcessHostDisconnected( | 222 void MachBroker::BrowserChildProcessHostDisconnected( |
176 const ChildProcessData& data) { | 223 const ChildProcessData& data) { |
177 InvalidatePid(data.handle); | 224 InvalidatePid(data.handle); |
178 } | 225 } |
179 | 226 |
180 void MachBroker::BrowserChildProcessCrashed(const ChildProcessData& data) { | 227 void MachBroker::BrowserChildProcessCrashed(const ChildProcessData& data) { |
181 InvalidatePid(data.handle); | 228 InvalidatePid(data.handle); |
182 } | 229 } |
(...skipping 13 matching lines...) Expand all Loading... |
196 case NOTIFICATION_RENDERER_PROCESS_TERMINATED: | 243 case NOTIFICATION_RENDERER_PROCESS_TERMINATED: |
197 handle = Source<RenderProcessHost>(source)->GetHandle(); | 244 handle = Source<RenderProcessHost>(source)->GetHandle(); |
198 break; | 245 break; |
199 default: | 246 default: |
200 NOTREACHED() << "Unexpected notification"; | 247 NOTREACHED() << "Unexpected notification"; |
201 break; | 248 break; |
202 } | 249 } |
203 InvalidatePid(handle); | 250 InvalidatePid(handle); |
204 } | 251 } |
205 | 252 |
| 253 MachBroker::MachBroker() : listener_thread_started_(false) { |
| 254 } |
| 255 |
| 256 MachBroker::~MachBroker() {} |
| 257 |
| 258 void MachBroker::FinalizePid(base::ProcessHandle pid, |
| 259 mach_port_t task_port) { |
| 260 lock_.AssertAcquired(); |
| 261 |
| 262 MachMap::iterator it = mach_map_.find(pid); |
| 263 if (it == mach_map_.end()) { |
| 264 // Do nothing for unknown pids. |
| 265 LOG(ERROR) << "Unknown process " << pid << " is sending Mach IPC messages!"; |
| 266 return; |
| 267 } |
| 268 |
| 269 DCHECK(it->second == MACH_PORT_NULL); |
| 270 if (it->second == MACH_PORT_NULL) |
| 271 it->second = task_port; |
| 272 } |
| 273 |
| 274 void MachBroker::InvalidatePid(base::ProcessHandle pid) { |
| 275 base::AutoLock lock(lock_); |
| 276 MachBroker::MachMap::iterator it = mach_map_.find(pid); |
| 277 if (it == mach_map_.end()) |
| 278 return; |
| 279 |
| 280 kern_return_t kr = mach_port_deallocate(mach_task_self(), |
| 281 it->second); |
| 282 LOG_IF(WARNING, kr != KERN_SUCCESS) |
| 283 << "Failed to mach_port_deallocate mach task " << it->second |
| 284 << ", error " << MachErrorCode(kr); |
| 285 mach_map_.erase(it); |
| 286 } |
| 287 |
206 // static | 288 // static |
207 std::string MachBroker::GetMachPortName() { | 289 std::string MachBroker::GetMachPortName() { |
208 const CommandLine* command_line = CommandLine::ForCurrentProcess(); | 290 const CommandLine* command_line = CommandLine::ForCurrentProcess(); |
209 const bool is_child = command_line->HasSwitch(switches::kProcessType); | 291 const bool is_child = command_line->HasSwitch(switches::kProcessType); |
210 | 292 |
211 // In non-browser (child) processes, use the parent's pid. | 293 // In non-browser (child) processes, use the parent's pid. |
212 const pid_t pid = is_child ? getppid() : getpid(); | 294 const pid_t pid = is_child ? getppid() : getpid(); |
213 return base::StringPrintf("%s.rohitfork.%d", base::mac::BaseBundleID(), pid); | 295 return base::StringPrintf("%s.rohitfork.%d", base::mac::BaseBundleID(), pid); |
214 } | 296 } |
215 | 297 |
216 MachBroker::MachBroker() : listener_thread_started_(false) { | |
217 } | |
218 | |
219 MachBroker::~MachBroker() {} | |
220 | |
221 void MachBroker::RegisterNotifications() { | 298 void MachBroker::RegisterNotifications() { |
222 registrar_.Add(this, NOTIFICATION_RENDERER_PROCESS_CLOSED, | 299 registrar_.Add(this, NOTIFICATION_RENDERER_PROCESS_CLOSED, |
223 NotificationService::AllBrowserContextsAndSources()); | 300 NotificationService::AllBrowserContextsAndSources()); |
224 registrar_.Add(this, NOTIFICATION_RENDERER_PROCESS_TERMINATED, | 301 registrar_.Add(this, NOTIFICATION_RENDERER_PROCESS_TERMINATED, |
225 NotificationService::AllBrowserContextsAndSources()); | 302 NotificationService::AllBrowserContextsAndSources()); |
226 | 303 |
227 // No corresponding StopObservingBrowserChildProcesses, | 304 // No corresponding StopObservingBrowserChildProcesses, |
228 // we leak this singleton. | 305 // we leak this singleton. |
229 BrowserChildProcessObserver::Add(this); | 306 BrowserChildProcessObserver::Add(this); |
230 } | 307 } |
231 | 308 |
232 } // namespace content | 309 } // namespace content |
OLD | NEW |