| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 module mojo.shell.mojom; | |
| 6 | |
| 7 import "mojo/shell/public/interfaces/interface_provider.mojom"; | |
| 8 | |
| 9 const string kRootUserID = "505C0EE9-3013-43C0-82B0-A84F50CF8D84"; | |
| 10 const string kInheritUserID = "D26290E4-4485-4EAE-81A2-66D1EEB40A9D"; | |
| 11 | |
| 12 const uint32 kInvalidInstanceID = 0; | |
| 13 | |
| 14 enum ConnectResult { | |
| 15 // The connection was established successfully. | |
| 16 SUCCEEDED, | |
| 17 | |
| 18 // The name or user id supplied was malformed, or the application specified | |
| 19 // by |name| could not be loaded. | |
| 20 INVALID_ARGUMENT, | |
| 21 | |
| 22 // The connection was blocked by policy. Either connections to |name| are | |
| 23 // forbidden from this app by the CapabilityFilter, or the application | |
| 24 // attempted to connect using a user id other than its own, | |
| 25 // kInheritUserID or kRootUserID. | |
| 26 ACCESS_DENIED | |
| 27 }; | |
| 28 | |
| 29 // A collection of metadata that disambiguates instances in the shell. | |
| 30 struct Identity { | |
| 31 // A mojo: or exe: name identifying an application. | |
| 32 string name; | |
| 33 | |
| 34 // The user id of the target application instance to connect to. If no such | |
| 35 // instance exists, the shell may start one. This user id will be passed to | |
| 36 // the new instance via Initialize(). | |
| 37 // When connecting to other applications, applications must generally pass | |
| 38 // kInheritUserID for this value, and the shell will either connect to an | |
| 39 // existing instance matching the caller's user id, create a new instance | |
| 40 // matching the caller's user id, or connect to an existing instance running | |
| 41 // as kRootUserID. By default, applications do not have the ability to set | |
| 42 // arbitrary values to this field, and doing so will result in a connection | |
| 43 // error on the remote service provider. An application with the ability to | |
| 44 // launch applications with arbitrary user ids (e.g. a login app) may set this | |
| 45 // value to something meaningful to it. The user id string is a valid guid of | |
| 46 // the form "%08X-%04X-%04X-%04X-%012llX", and (aside from the root user whose | |
| 47 // guid is defined above) intended to be not-guessable. | |
| 48 // When an application is initialized or receives a connection from another | |
| 49 // application, this value is always the resolved user id, never | |
| 50 // kInheritUserID. | |
| 51 string user_id; | |
| 52 | |
| 53 // An application may spawn multiple instances with the same name,user_id | |
| 54 // pair, provided they are started with unique values of this field. | |
| 55 // TODO(beng): enforce the emptiness of this parameter unless the client bears | |
| 56 // the appropriate capability. | |
| 57 string instance; | |
| 58 }; | |
| 59 | |
| 60 // Implemented by an object in the shell associated with a specific instance. | |
| 61 // Tells it the PID for a process launched by the client. See | |
| 62 // ClientProcessConnection. | |
| 63 interface PIDReceiver { | |
| 64 SetPID(uint32 pid); | |
| 65 }; | |
| 66 | |
| 67 // Typically, the shell will start a process for a service the first time it | |
| 68 // receives a connection request for it. This struct allows a client to start | |
| 69 // the process itself and provide the shell the pipes it needs to communicate | |
| 70 // with it. When an instance of this struct is supplied to Connect(), the client | |
| 71 // owns the lifetime of the child process, not the shell. The shell binds the | |
| 72 // |shell_client| pipe, and when it closes destroys the associated instance but | |
| 73 // the process stays alive. | |
| 74 struct ClientProcessConnection { | |
| 75 // Provides the shell the ability to bind a ShellClient from the client | |
| 76 // process to the instance it creates. | |
| 77 handle<message_pipe> shell_client; | |
| 78 | |
| 79 // Allows the client process launcher to tell the shell the PID of the process | |
| 80 // it created (the pid isn't supplied directly here as the process may not | |
| 81 // have been launched by the time Connect() is called.) | |
| 82 handle<message_pipe> pid_receiver_request; | |
| 83 }; | |
| 84 | |
| 85 // Encapsulates establishing connections with other Mojo applications. | |
| 86 interface Connector { | |
| 87 // Requests a connection with another application. The application originating | |
| 88 // the request is referred to as the "source" and the one receiving the | |
| 89 // "target". | |
| 90 // | |
| 91 // The connection is embodied by a pair of message pipes binding the | |
| 92 // InterfaceProvider interface, which allows both the source and target | |
| 93 // applications to export interfaces to one another. The interfaces bound via | |
| 94 // these InterfaceProviders are brokered by the shell according to the | |
| 95 // security policy defined by each application in its manifest . | |
| 96 // | |
| 97 // If the target application is not running, the shell will run it, calling | |
| 98 // its Initialize() method before completing the connection. | |
| 99 // | |
| 100 // Parameters: | |
| 101 // | |
| 102 // target | |
| 103 // Identifies the target application instance to connect to. | |
| 104 // | |
| 105 // remote_interfaces | |
| 106 // Allows the source application access to interface implementations | |
| 107 // exposed by the target application. The interfaces accessible via this | |
| 108 // InterfaceParameter are filtered by the security policy described by the | |
| 109 // source and target application manifests. | |
| 110 // | |
| 111 // local_interfaces | |
| 112 // Allows the remote application access to interface implementations | |
| 113 // exposed by the source application. The interfaces accessible via this | |
| 114 // InterfaceProvider are filtered by the security policy described by the | |
| 115 // source and target application manifests. | |
| 116 // | |
| 117 // client_process_connection | |
| 118 // When non-null, supplies control pipes the shell can use to bind a | |
| 119 // process created by the client, instead of creating one itself. | |
| 120 // TODO(beng): access to this parameter should be restricted by a | |
| 121 // capability. | |
| 122 // | |
| 123 // Response parameters: | |
| 124 // | |
| 125 // result | |
| 126 // Indicates the result of the Connect() operation. | |
| 127 // | |
| 128 // user_id | |
| 129 // The user id the shell ran the target application as. Typically a client | |
| 130 // passes kInheritUserID as the user id to Connect() which is resolved by | |
| 131 // the shell into a valid user id returned through this callback. | |
| 132 // | |
| 133 // application_id | |
| 134 // A unique identifier for the instance that was connected to. | |
| 135 // | |
| 136 Connect(Identity target, | |
| 137 InterfaceProvider&? remote_interfaces, | |
| 138 InterfaceProvider? local_interfaces, | |
| 139 ClientProcessConnection? client_process_connection) => | |
| 140 (ConnectResult result, string user_id, uint32 application_id); | |
| 141 | |
| 142 // Clones this Connector so it can be passed to another thread. | |
| 143 Clone(Connector& request); | |
| 144 }; | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1877753003:
Move mojo\shell to services\shell (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@62scan