| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "mojo/edk/embedder/named_platform_channel_pair.h" |
| 6 |
| 7 #include <sddl.h> |
| 8 #include <windows.h> |
| 9 |
| 10 #include <memory> |
| 11 #include <string> |
| 12 #include <utility> |
| 13 |
| 14 #include "base/command_line.h" |
| 15 #include "base/logging.h" |
| 16 #include "base/rand_util.h" |
| 17 #include "base/strings/string_number_conversions.h" |
| 18 #include "base/strings/stringprintf.h" |
| 19 #include "base/win/windows_version.h" |
| 20 #include "mojo/edk/embedder/platform_handle.h" |
| 21 |
| 22 namespace mojo { |
| 23 namespace edk { |
| 24 |
| 25 namespace { |
| 26 |
| 27 const char kMojoNamedPlatformChannelPipeSwitch[] = |
| 28 "mojo-named-platform-channel-pipe"; |
| 29 |
| 30 std::wstring GeneratePipeName() { |
| 31 return base::StringPrintf(L"\\\\.\\pipe\\mojo.%u.%u.%I64u", |
| 32 GetCurrentProcessId(), GetCurrentThreadId(), |
| 33 base::RandUint64()); |
| 34 |
| 35 } |
| 36 |
| 37 } // namespace |
| 38 |
| 39 NamedPlatformChannelPair::NamedPlatformChannelPair() { |
| 40 pipe_name_ = GeneratePipeName(); |
| 41 |
| 42 PSECURITY_DESCRIPTOR security_desc = nullptr; |
| 43 ULONG security_desc_len = 0; |
| 44 // Create a DACL to grant: |
| 45 // GA = Generic All |
| 46 // access to: |
| 47 // SY = LOCAL_SYSTEM |
| 48 // BA = BUILTIN_ADMINISTRATORS |
| 49 // OW = OWNER_RIGHTS |
| 50 PCHECK(ConvertStringSecurityDescriptorToSecurityDescriptor( |
| 51 L"D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GA;;;OW)", |
| 52 SDDL_REVISION_1, &security_desc, &security_desc_len)); |
| 53 std::unique_ptr<void, decltype(::LocalFree)*> p(security_desc, ::LocalFree); |
| 54 SECURITY_ATTRIBUTES security_attributes = { |
| 55 sizeof(SECURITY_ATTRIBUTES), security_desc, FALSE }; |
| 56 |
| 57 const DWORD kOpenMode = |
| 58 PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED | FILE_FLAG_FIRST_PIPE_INSTANCE; |
| 59 const DWORD kPipeMode = |
| 60 PIPE_TYPE_BYTE | PIPE_READMODE_BYTE | PIPE_REJECT_REMOTE_CLIENTS; |
| 61 PlatformHandle handle( |
| 62 CreateNamedPipeW(pipe_name_.c_str(), kOpenMode, kPipeMode, |
| 63 1, // Max instances. |
| 64 4096, // Out buffer size. |
| 65 4096, // In buffer size. |
| 66 5000, // Timeout in milliseconds. |
| 67 &security_attributes)); |
| 68 handle.needs_connection = true; |
| 69 server_handle_.reset(handle); |
| 70 PCHECK(server_handle_.is_valid()); |
| 71 } |
| 72 |
| 73 NamedPlatformChannelPair::~NamedPlatformChannelPair() {} |
| 74 |
| 75 ScopedPlatformHandle NamedPlatformChannelPair::PassServerHandle() { |
| 76 return std::move(server_handle_); |
| 77 } |
| 78 |
| 79 // static |
| 80 ScopedPlatformHandle |
| 81 NamedPlatformChannelPair::PassClientHandleFromParentProcess( |
| 82 const base::CommandLine& command_line) { |
| 83 std::wstring client_handle_string = |
| 84 command_line.GetSwitchValueNative(kMojoNamedPlatformChannelPipeSwitch); |
| 85 |
| 86 if (client_handle_string.empty()) |
| 87 return ScopedPlatformHandle(); |
| 88 |
| 89 // Note: This may block. |
| 90 BOOL ok = WaitNamedPipeW(client_handle_string.c_str(), |
| 91 NMPWAIT_USE_DEFAULT_WAIT); |
| 92 if (!ok) |
| 93 return ScopedPlatformHandle(); |
| 94 |
| 95 // In order to support passing the pipe name on the command line, the pipe |
| 96 // handle is lazily created from the pipe name when requested. |
| 97 const DWORD kDesiredAccess = GENERIC_READ | GENERIC_WRITE; |
| 98 // The SECURITY_ANONYMOUS flag means that the server side cannot impersonate |
| 99 // the client. |
| 100 const DWORD kFlags = |
| 101 SECURITY_SQOS_PRESENT | SECURITY_ANONYMOUS | FILE_FLAG_OVERLAPPED; |
| 102 ScopedPlatformHandle handle( |
| 103 PlatformHandle(CreateFileW(client_handle_string.c_str(), kDesiredAccess, |
| 104 0, // No sharing. |
| 105 nullptr, OPEN_EXISTING, kFlags, |
| 106 nullptr))); // No template file. |
| 107 PCHECK(handle.is_valid()); |
| 108 return handle; |
| 109 } |
| 110 |
| 111 void NamedPlatformChannelPair::PrepareToPassClientHandleToChildProcess( |
| 112 base::CommandLine* command_line) const { |
| 113 DCHECK(command_line); |
| 114 |
| 115 // Log a warning if the command line already has the switch, but "clobber" it |
| 116 // anyway, since it's reasonably likely that all the switches were just copied |
| 117 // from the parent. |
| 118 LOG_IF(WARNING, |
| 119 command_line->HasSwitch(kMojoNamedPlatformChannelPipeSwitch)) |
| 120 << "Child command line already has switch --" |
| 121 << kMojoNamedPlatformChannelPipeSwitch << "=" |
| 122 << command_line->GetSwitchValueNative( |
| 123 kMojoNamedPlatformChannelPipeSwitch); |
| 124 // (Any existing switch won't actually be removed from the command line, but |
| 125 // the last one appended takes precedence.) |
| 126 command_line->AppendSwitchNative( |
| 127 kMojoNamedPlatformChannelPipeSwitch, pipe_name_); |
| 128 } |
| 129 |
| 130 } // namespace edk |
| 131 } // namespace mojo |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1893313003:
[mojo] Use a pipe path to initialise Mojo in elevated utility processes. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master