Create a broker interface for the new Mojo EDK so that the browser can create and duplicate messa...

mojo/edk/system/raw_channel_win.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "mojo/edk/system/raw_channel.h"
 
 #include <windows.h>
 
 #include "base/bind.h"
 #include "base/lazy_instance.h"
 #include "base/location.h"
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/message_loop/message_loop.h"
 #include "base/process/process.h"
 #include "base/synchronization/lock.h"
 #include "base/synchronization/waitable_event.h"
 #include "base/win/scoped_handle.h"
 #include "base/win/windows_version.h"
 #include "mojo/edk/embedder/embedder_internal.h"
 #include "mojo/edk/embedder/platform_handle.h"
+#include "mojo/edk/system/token_serializer_win.h"
 #include "mojo/edk/system/transport_data.h"
 #include "mojo/public/cpp/system/macros.h"
 
 #define STATUS_CANCELLED 0xC0000120
 #define STATUS_PIPE_BROKEN 0xC000014B
 
 namespace mojo {
 namespace edk {
 
 namespace {
 
-struct MOJO_ALIGNAS(8) SerializedHandle {
-  DWORD handle_pid;
-  HANDLE handle;
-};
-
 class VistaOrHigherFunctions {
  public:
   VistaOrHigherFunctions()
       : is_vista_or_higher_(
           base::win::GetVersion() >= base::win::VERSION_VISTA),
         cancel_io_ex_(nullptr),
         get_file_information_by_handle_ex_(nullptr) {
     if (!is_vista_or_higher_)
       return;
 
@@ skipping 547 matching lines @@
     DCHECK(io_handler_);
     DCHECK(!io_handler_->pending_read());
 
     size_t bytes_read = 0;
     return Read(&bytes_read);
   }
 
   ScopedPlatformHandleVectorPtr GetReadPlatformHandles(
       size_t num_platform_handles,
       const void* platform_handle_table) override {
-    // TODO(jam): this code will have to be updated once it's used in a sandbox
-    // and the receiving process doesn't have duplicate permission for the
-    // receiver. Once there's a broker and we have a connection to it (possibly
-    // through ConnectionManager), then we can make a sync IPC to it here to get
-    // a token for this handle, and it will duplicate the handle to is process.
-    // Then we pass the token to the receiver, which will then make a sync call
-    // to the broker to get a duplicated handle. This will also allow us to
-    // avoid leaks of the handle if the receiver dies, since the broker can
-    // notice that.
     DCHECK_GT(num_platform_handles, 0u);
     ScopedPlatformHandleVectorPtr rv(new PlatformHandleVector());
+    rv->resize(num_platform_handles);
 
-    const SerializedHandle* serialization_data =
-        static_cast<const SerializedHandle*>(platform_handle_table);
-    for (size_t i = 0; i < num_platform_handles; i++) {
-      DWORD pid = serialization_data->handle_pid;
-      HANDLE source_handle = serialization_data->handle;
-      serialization_data ++;
-      base::Process sender =
-          base::Process::OpenWithAccess(pid, PROCESS_DUP_HANDLE);
-      DCHECK(sender.IsValid());
-      HANDLE target_handle = NULL;
-      BOOL dup_result = DuplicateHandle(
-          sender.Handle(), source_handle,
-          base::GetCurrentProcessHandle(), &target_handle, 0,
-          FALSE, DUPLICATE_SAME_ACCESS | DUPLICATE_CLOSE_SOURCE);
-      DCHECK(dup_result);
-      rv->push_back(PlatformHandle(target_handle));
-    }
+    const uint64_t* tokens =
+        static_cast<const uint64_t*>(platform_handle_table);
+    internal::g_token_serializer->TokenToHandle(
+        tokens, num_platform_handles, &rv->at(0));
     return rv.Pass();
   }
 
   size_t SerializePlatformHandles(std::vector<int>* fds) override {
     if (!write_buffer_no_lock()->HavePlatformHandlesToSend())
       return 0u;
 
-    // Since we're not sure which process might ultimately deserialize this
-    // message, we can't duplicate the handle now. Instead, write the process
-    // ID and handle now and let the receiver duplicate it.
     PlatformHandle* platform_handles;
     void* serialization_data_temp;
     size_t num_platform_handles;
     write_buffer_no_lock()->GetPlatformHandlesToSend(
         &num_platform_handles, &platform_handles, &serialization_data_temp);
-    SerializedHandle* serialization_data =
-        static_cast<SerializedHandle*>(serialization_data_temp);
+    uint64_t* tokens = static_cast<uint64_t*>(serialization_data_temp);
     DCHECK_GT(num_platform_handles, 0u);
     DCHECK(platform_handles);
 
-    DWORD current_process_id = base::GetCurrentProcId();
-    for (size_t i = 0; i < num_platform_handles; i++) {
-      serialization_data->handle_pid = current_process_id;
-      serialization_data->handle = platform_handles[i].handle;
-      serialization_data++;
+    internal::g_token_serializer->HandleToToken(
+        &platform_handles[0], num_platform_handles, tokens);
+    for (size_t i = 0; i < num_platform_handles; i++)
       platform_handles[i] = PlatformHandle();
-    }
     return num_platform_handles;
   }
 
   IOResult WriteNoLock(size_t* platform_handles_written,
                        size_t* bytes_written) override {
     write_lock().AssertAcquired();
 
     DCHECK(io_handler_);
     DCHECK(!io_handler_->pending_write_no_lock());
 
@@ skipping 100 matching lines @@
 
 }  // namespace
 
 // -----------------------------------------------------------------------------
 
 RawChannel* RawChannel::Create(ScopedPlatformHandle handle) {
   return new RawChannelWin(handle.Pass());
 }
 
 size_t RawChannel::GetSerializedPlatformHandleSize() {
-  return sizeof(SerializedHandle);
+  return sizeof(uint64_t);
 }
 
 bool RawChannel::IsOtherEndOf(RawChannel* other) {
   DCHECK_NE(other, this);
   PlatformHandle this_handle = static_cast<RawChannelWin*>(this)->GetHandle();
   PlatformHandle other_handle = static_cast<RawChannelWin*>(other)->GetHandle();
 
   if (g_vista_or_higher_functions.Get().is_vista_or_higher()) {
     WCHAR data1[_MAX_PATH + sizeof(FILE_NAME_INFO)];
     WCHAR data2[_MAX_PATH + sizeof(FILE_NAME_INFO)];
     FILE_NAME_INFO* fileinfo1 = reinterpret_cast<FILE_NAME_INFO *>(data1);
     FILE_NAME_INFO* fileinfo2 = reinterpret_cast<FILE_NAME_INFO *>(data2);
     CHECK(g_vista_or_higher_functions.Get().GetFileInformationByHandleEx(
         this_handle.handle, FileNameInfo, fileinfo1, arraysize(data1)));
     CHECK(g_vista_or_higher_functions.Get().GetFileInformationByHandleEx(
         other_handle.handle, FileNameInfo, fileinfo2, arraysize(data2)));
     std::wstring filepath1(fileinfo1->FileName, fileinfo1->FileNameLength / 2);
     std::wstring filepath2(fileinfo2->FileName, fileinfo2->FileNameLength / 2);
     return filepath1 == filepath2;
   } else {
     // This is to catch developer errors. Let them be caught on Vista and above,
     // i.e. no point in implementing this on XP since support for it will be
     // removed in early 2016.
     return false;
   }
 }
 
 }  // namespace edk
 }  // namespace mojo