Bootstrap Mojo IPC independent of Chrome IPC

mojo/edk/system/node_controller.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "mojo/edk/system/node_controller.h"
 
 #include <algorithm>
 #include <limits>
 
 #include "base/bind.h"
@@ skipping 98 matching lines @@
 
 void NodeController::SetIOTaskRunner(
     scoped_refptr<base::TaskRunner> task_runner) {
   io_task_runner_ = task_runner;
   ThreadDestructionObserver::Create(
       io_task_runner_,
       base::Bind(&NodeController::DropAllPeers, base::Unretained(this)));
 }
 
 void NodeController::ConnectToChild(base::ProcessHandle process_handle,
-                                    ScopedPlatformHandle platform_handle) {
+                                    ScopedPlatformHandle platform_handle,
+                                    const std::string& secret) {
+#if !defined(OS_WIN)
+  // We don't require or support secret validation on non-Windows platforms.
+  CHECK(secret.empty());
+#endif
   io_task_runner_->PostTask(
       FROM_HERE,
       base::Bind(&NodeController::ConnectToChildOnIOThread,
-                 base::Unretained(this),
-                 process_handle,
-                 base::Passed(&platform_handle)));
+                 base::Unretained(this), process_handle,
+                 base::Passed(&platform_handle), secret));
 }
 
-void NodeController::ConnectToParent(ScopedPlatformHandle platform_handle) {
+void NodeController::ConnectToParent(ScopedPlatformHandle platform_handle,
+                                     const std::string& secret) {
+#if !defined(OS_WIN)
+  // We don't require or support secret validation on non-Windows platforms.
+  CHECK(secret.empty());
+#endif
+
 // TODO(amistry): Consider the need for a broker on Windows.
 #if defined(OS_POSIX)
   // On posix, use the bootstrap channel for the broker and receive the node's
   // channel synchronously as the first message from the broker.
   broker_.reset(new Broker(std::move(platform_handle)));
   platform_handle = broker_->GetParentPlatformHandle();
 #endif
 
   io_task_runner_->PostTask(
       FROM_HERE,
       base::Bind(&NodeController::ConnectToParentOnIOThread,
-                 base::Unretained(this),
-                 base::Passed(&platform_handle)));
+                 base::Unretained(this), base::Passed(&platform_handle),
+                 secret));
 }
 
 void NodeController::SetPortObserver(
     const ports::PortRef& port,
     const scoped_refptr<PortObserver>& observer) {
   node_->SetUserData(port, observer);
 }
 
 void NodeController::ClosePort(const ports::PortRef& port) {
   SetPortObserver(port, nullptr);
@@ skipping 21 matching lines @@
   DVLOG(2) << "Reserving port " << port.name() << "@" << name_ << " for token "
            << token;
 
   base::AutoLock lock(reserved_ports_lock_);
   auto result = reserved_ports_.insert(std::make_pair(token, port));
   DCHECK(result.second);
 }
 
 void NodeController::MergePortIntoParent(const std::string& token,
                                          const ports::PortRef& port) {
+  {
+    // This request may be coming from within the process that reserved the
+    // "parent" side (e.g. for Chrome single-process mode), so if this token is
+    // reserved locally, merge locally instead.
+    base::AutoLock lock(reserved_ports_lock_);
+    auto it = reserved_ports_.find(token);
+    if (it != reserved_ports_.end()) {
+      node_->MergePorts(port, name_, it->second.name());
+      reserved_ports_.erase(it);
+      return;
+    }
+  }
+
   scoped_refptr<NodeChannel> parent = GetParentChannel();
   if (parent) {
     parent->RequestPortMerge(port.name(), token);
     return;
   }
 
   base::AutoLock lock(pending_port_merges_lock_);
   pending_port_merges_.push_back(std::make_pair(token, port));
 }
 
@@ skipping 15 matching lines @@
   {
     base::AutoLock lock(shutdown_lock_);
     shutdown_callback_ = callback;
   }
 
   AttemptShutdownIfRequested();
 }
 
 void NodeController::ConnectToChildOnIOThread(
     base::ProcessHandle process_handle,
-    ScopedPlatformHandle platform_handle) {
+    ScopedPlatformHandle platform_handle,
+    const std::string& secret) {
   DCHECK(io_task_runner_->RunsTasksOnCurrentThread());
 
 #if defined(OS_POSIX)
   PlatformChannelPair node_channel;
   // BrokerHost owns itself.
   BrokerHost* broker_host = new BrokerHost(std::move(platform_handle));
   broker_host->SendChannel(node_channel.PassClientHandle());
   scoped_refptr<NodeChannel> channel = NodeChannel::Create(
       this, node_channel.PassServerHandle(), io_task_runner_);
 #else
   scoped_refptr<NodeChannel> channel =
       NodeChannel::Create(this, std::move(platform_handle), io_task_runner_);
 #endif
 
   // We set up the child channel with a temporary name so it can be identified
   // as a pending child if it writes any messages to the channel. We may start
   // receiving messages from it (though we shouldn't) as soon as Start() is
   // called below.
   ports::NodeName token;
   GenerateRandomName(&token);
 
   pending_children_.insert(std::make_pair(token, channel));
   RecordPendingChildCount(pending_children_.size());
 
   channel->SetRemoteNodeName(token);
   channel->SetRemoteProcessHandle(process_handle);
+  channel->SetExpectedSecret(secret);
   channel->Start();
 
   channel->AcceptChild(name_, token);
 }
 
 void NodeController::ConnectToParentOnIOThread(
-    ScopedPlatformHandle platform_handle) {
+    ScopedPlatformHandle platform_handle,
+    const std::string& secret) {
   DCHECK(io_task_runner_->RunsTasksOnCurrentThread());
 
   base::AutoLock lock(parent_lock_);
   DCHECK(parent_name_ == ports::kInvalidNodeName);
 
   // At this point we don't know the parent's name, so we can't yet insert it
   // into our |peers_| map. That will happen as soon as we receive an
   // AcceptChild message from them.
   bootstrap_parent_channel_ =
       NodeChannel::Create(this, std::move(platform_handle), io_task_runner_);
   bootstrap_parent_channel_->Start();
+
+  if (!secret.empty()) {
+    // On Windows we start out by sending a secret token to the parent process
+    // which it will use to authenticate our end of the pipe.
+#if !defined(OS_WIN)
+    // We don't ever want to send a secret on non-Windows.
+    NOTREACHED();
+#endif
+    bootstrap_parent_channel_->SendSecret(secret);
+  }
 }
 
 scoped_refptr<NodeChannel> NodeController::GetPeerChannel(
     const ports::NodeName& name) {
   base::AutoLock lock(peers_lock_);
   auto it = peers_.find(name);
   if (it == peers_.end())
     return nullptr;
   return it->second;
 }
@@ skipping 597 matching lines @@
     shutdown_callback_.Reset();
   }
 
   DCHECK(!callback.is_null());
 
   callback.Run();
 }
 
 }  // namespace edk
 }  // namespace mojo