[mojo-edk] Add support for transferring mach ports.

mojo/edk/system/node_controller.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "mojo/edk/system/node_controller.h"
 
 #include <algorithm>
 #include <limits>
 
 #include "base/bind.h"
 #include "base/location.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/message_loop/message_loop.h"
 #include "base/metrics/histogram_macros.h"
 #include "base/process/process_handle.h"
 #include "crypto/random.h"
 #include "mojo/edk/embedder/embedder_internal.h"
 #include "mojo/edk/embedder/platform_channel_pair.h"
 #include "mojo/edk/system/broker.h"
 #include "mojo/edk/system/broker_host.h"
 #include "mojo/edk/system/core.h"
 #include "mojo/edk/system/ports_message.h"
 
+#if defined(OS_MACOSX) && !defined(OS_IOS)
+#include "mojo/edk/system/mach_port_relay.h"
+#endif
+
 namespace mojo {
 namespace edk {
 
 namespace {
 
 template <typename T>
 void GenerateRandomName(T* out) { crypto::RandBytes(out, sizeof(T)); }
 
 ports::NodeName GetRandomNodeName() {
   ports::NodeName name;
@@ skipping 65 matching lines @@
 
 NodeController::~NodeController() {}
 
 NodeController::NodeController(Core* core)
     : core_(core),
       name_(GetRandomNodeName()),
       node_(new ports::Node(name_, this)) {
   DVLOG(1) << "Initializing node " << name_;
 }
 
+#if defined(OS_MACOSX) && !defined(OS_IOS)
+void NodeController::CreateMachPortRelayIfNeeded(
+    base::PortProvider* port_provider) {
+  base::AutoLock lock(mach_port_relay_lock_);
+  DCHECK(!mach_port_relay_ ||
+         mach_port_relay_->port_provider() == port_provider);
+  mach_port_relay_.reset(new MachPortRelay(port_provider));
+}
+#endif
+
 void NodeController::SetIOTaskRunner(
     scoped_refptr<base::TaskRunner> task_runner) {
   io_task_runner_ = task_runner;
   ThreadDestructionObserver::Create(
       io_task_runner_,
       base::Bind(&NodeController::DropAllPeers, base::Unretained(this)));
 }
 
 void NodeController::ConnectToChild(base::ProcessHandle process_handle,
                                     ScopedPlatformHandle platform_handle) {
@@ skipping 144 matching lines @@
   channel->SetRemoteProcessHandle(process_handle);
   channel->Start();
 
   channel->AcceptChild(name_, token);
 }
 
 void NodeController::ConnectToParentOnIOThread(
     ScopedPlatformHandle platform_handle) {
   DCHECK(io_task_runner_->RunsTasksOnCurrentThread());
 
-  base::AutoLock lock(parent_lock_);
-  DCHECK(parent_name_ == ports::kInvalidNodeName);
+  {
+    base::AutoLock lock(parent_lock_);
+    DCHECK(parent_name_ == ports::kInvalidNodeName);
 
-  // At this point we don't know the parent's name, so we can't yet insert it
-  // into our |peers_| map. That will happen as soon as we receive an
-  // AcceptChild message from them.
-  bootstrap_parent_channel_ =
-      NodeChannel::Create(this, std::move(platform_handle), io_task_runner_);
+    // At this point we don't know the parent's name, so we can't yet insert it
+    // into our |peers_| map. That will happen as soon as we receive an
+    // AcceptChild message from them.
+    bootstrap_parent_channel_ =
+        NodeChannel::Create(this, std::move(platform_handle), io_task_runner_);
+  }
   bootstrap_parent_channel_->Start();
 }
 
 scoped_refptr<NodeChannel> NodeController::GetPeerChannel(
     const ports::NodeName& name) {
   base::AutoLock lock(peers_lock_);
   auto it = peers_.find(name);
   if (it == peers_.end())
     return nullptr;
   return it->second;
@@ skipping 100 matching lines @@
     if (!peer || !peer->HasRemoteProcessHandle()) {
       if (broker) {
         broker->RelayPortsMessage(name, std::move(channel_message));
       } else {
         base::AutoLock lock(broker_lock_);
         pending_relay_messages_[name].emplace(std::move(channel_message));
       }
       return;
     }
   }
-#endif
+#elif defined(OS_MACOSX) && !defined(OS_IOS)
+  if (channel_message->has_mach_ports()) {
+    // Messages containing Mach ports are always routed through the broker, even
+    // if the broker process is the intended recipient.
+    bool use_broker = false;
+    {
+      base::AutoLock lock(parent_lock_);
+      use_broker = (bootstrap_parent_channel_ ||
+                    parent_name_ != ports::kInvalidNodeName);
+    }
+    if (use_broker) {
+      scoped_refptr<NodeChannel> broker = GetBrokerChannel();
+      if (broker) {
+        broker->RelayPortsMessage(name, std::move(channel_message));
+      } else {
+        base::AutoLock lock(broker_lock_);
+        pending_relay_messages_[name].emplace(std::move(channel_message));
+      }
+      return;
+    }
+  }
+#endif  // defined(OS_WIN)
 
   if (peer) {
     peer->PortsMessage(std::move(channel_message));
     return;
   }
 
   // If we don't know who the peer is, queue the message for delivery. If this
   // is the first message queued for the peer, we also ask the broker to
   // introduce us to them.
 
@@ skipping 229 matching lines @@
 void NodeController::OnBrokerClientAdded(const ports::NodeName& from_node,
                                          const ports::NodeName& client_name,
                                          ScopedPlatformHandle broker_channel) {
   scoped_refptr<NodeChannel> client = GetPeerChannel(client_name);
   if (!client) {
     DLOG(ERROR) << "BrokerClientAdded for unknown child " << client_name;
     return;
   }
 
   // This should have come from our own broker.
-  if(GetBrokerChannel() != GetPeerChannel(from_node)) {
+  if (GetBrokerChannel() != GetPeerChannel(from_node)) {
     DLOG(ERROR) << "BrokerClientAdded from non-broker node " << from_node;
     return;
   }
 
   DVLOG(1) << "Child " << client_name << " accepted by broker " << from_node;
 
   client->AcceptBrokerClient(from_node, std::move(broker_channel));
 }
 
 void NodeController::OnAcceptBrokerClient(const ports::NodeName& from_node,
@@ skipping 47 matching lines @@
 
   // Feed the broker any pending children of our own.
   while (!pending_broker_clients.empty()) {
     const ports::NodeName& child_name = pending_broker_clients.front();
     auto it = pending_children_.find(child_name);
     DCHECK(it != pending_children_.end());
     broker->AddBrokerClient(child_name, it->second->CopyRemoteProcessHandle());
     pending_broker_clients.pop();
   }
 
-#if defined(OS_WIN)
+#if defined(OS_WIN) || (defined(OS_MACOSX) && !defined(OS_IOS))
   // Have the broker relay any messages we have waiting.
   for (auto& entry : pending_relay_messages) {
     const ports::NodeName& destination = entry.first;
     auto& message_queue = entry.second;
     while (!message_queue.empty()) {
       broker->RelayPortsMessage(destination, std::move(message_queue.front()));
       message_queue.pop();
     }
   }
 #endif
@@ skipping 89 matching lines @@
     return;
   }
 
   scoped_refptr<NodeChannel> channel =
       NodeChannel::Create(this, std::move(channel_handle), io_task_runner_);
 
   DVLOG(1) << "Adding new peer " << name << " via parent introduction.";
   AddPeer(name, channel, true /* start_channel */);
 }
 
-#if defined(OS_WIN)
+#if defined(OS_WIN) || (defined(OS_MACOSX) && !defined(OS_IOS))
 void NodeController::OnRelayPortsMessage(const ports::NodeName& from_node,
                                          base::ProcessHandle from_process,
                                          const ports::NodeName& destination,
                                          Channel::MessagePtr message) {
+  DCHECK(io_task_runner_->RunsTasksOnCurrentThread());
+
   if (GetBrokerChannel()) {
     // Only the broker should be asked to relay a message.
     LOG(ERROR) << "Non-broker refusing to relay message.";
     DropPeer(from_node);
     return;
   }
 
   // The parent should always know which process this came from.
   DCHECK(from_process != base::kNullProcessHandle);
 
+#if defined(OS_WIN)
   // Rewrite the handles to this (the parent) process. If the message is
   // destined for another child process, the handles will be rewritten to that
   // process before going out (see NodeChannel::WriteChannelMessage).
   //
   // TODO: We could avoid double-duplication.
   if (!Channel::Message::RewriteHandles(from_process,
                                         base::GetCurrentProcessHandle(),
                                         message->handles(),
                                         message->num_handles())) {
     DLOG(ERROR) << "Failed to relay one or more handles.";
   }
+#else
+  MachPortRelay* relay = GetMachPortRelay();
+  if (!relay) {
+    LOG(ERROR) << "Receiving Mach ports without a port relay from "
+               << from_node << ". Dropping message.";
+    return;
+  }
+  if (!relay->ExtractPortRights(message.get(), from_process)) {
+    // NodeChannel should ensure that MachPortRelay is ready for the remote
+    // process. At this point, if the port extraction failed, either something
+    // went wrong in the mach stuff, or the remote process died.
+    LOG(ERROR) << "Error on receiving Mach ports " << from_node
+               << ". Dropping message.";
+    return;
+  }
+#endif  // defined(OS_WIN)
 
   if (destination == name_) {
     // Great, we can deliver this message locally.
     OnPortsMessage(std::move(message));
     return;
   }
 
   scoped_refptr<NodeChannel> peer = GetPeerChannel(destination);
   if (peer)
     peer->PortsMessage(std::move(message));
   else
     DLOG(ERROR) << "Dropping relay message for unknown node " << destination;
 }
 #endif
 
 void NodeController::OnChannelError(const ports::NodeName& from_node) {
   if (io_task_runner_->RunsTasksOnCurrentThread()) {
     DropPeer(from_node);
   } else {
     io_task_runner_->PostTask(
         FROM_HERE,
         base::Bind(&NodeController::DropPeer, base::Unretained(this),
                    from_node));
   }
 }
 
+#if defined(OS_MACOSX) && !defined(OS_IOS)
+MachPortRelay* NodeController::GetMachPortRelay() {
+  {
+    base::AutoLock lock(parent_lock_);
+    // Return null if we're not the root.
+    if (bootstrap_parent_channel_ || parent_name_ != ports::kInvalidNodeName)
+      return nullptr;
+  }
+
+  base::AutoLock lock(mach_port_relay_lock_);
+  return mach_port_relay_.get();
+}
+#endif
+
 void NodeController::DestroyOnIOThreadShutdown() {
   destroy_on_io_thread_shutdown_ = true;
 }
 
 void NodeController::AttemptShutdownIfRequested() {
   base::Closure callback;
   {
     base::AutoLock lock(shutdown_lock_);
     if (shutdown_callback_.is_null())
       return;
     if (!node_->CanShutdownCleanly(true /* allow_local_ports */)) {
       DVLOG(2) << "Unable to cleanly shut down node " << name_ << ".";
       return;
     }
     callback = shutdown_callback_;
     shutdown_callback_.Reset();
   }
 
   DCHECK(!callback.is_null());
 
   callback.Run();
 }
 
 }  // namespace edk
 }  // namespace mojo