OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "ipc/attachment_broker_privileged_win.h" | 5 #include "ipc/attachment_broker_privileged_win.h" |
6 | 6 |
7 #include <windows.h> | 7 #include <windows.h> |
8 | 8 |
9 #include <tuple> | 9 #include <tuple> |
10 | 10 |
(...skipping 16 matching lines...) Expand all Loading... |
27 case BrokerableAttachment::WIN_HANDLE: { | 27 case BrokerableAttachment::WIN_HANDLE: { |
28 internal::HandleAttachmentWin* handle_attachment = | 28 internal::HandleAttachmentWin* handle_attachment = |
29 static_cast<internal::HandleAttachmentWin*>(attachment.get()); | 29 static_cast<internal::HandleAttachmentWin*>(attachment.get()); |
30 HandleWireFormat wire_format = | 30 HandleWireFormat wire_format = |
31 handle_attachment->GetWireFormat(destination_process); | 31 handle_attachment->GetWireFormat(destination_process); |
32 HandleWireFormat new_wire_format = | 32 HandleWireFormat new_wire_format = |
33 DuplicateWinHandle(wire_format, base::Process::Current().Pid()); | 33 DuplicateWinHandle(wire_format, base::Process::Current().Pid()); |
34 handle_attachment->reset_handle_ownership(); | 34 handle_attachment->reset_handle_ownership(); |
35 if (new_wire_format.handle == 0) | 35 if (new_wire_format.handle == 0) |
36 return false; | 36 return false; |
37 RouteDuplicatedHandle(new_wire_format); | 37 RouteDuplicatedHandle(new_wire_format, true); |
38 return true; | 38 return true; |
39 } | 39 } |
40 case BrokerableAttachment::MACH_PORT: | 40 case BrokerableAttachment::MACH_PORT: |
41 case BrokerableAttachment::PLACEHOLDER: | 41 case BrokerableAttachment::PLACEHOLDER: |
42 NOTREACHED(); | 42 NOTREACHED(); |
43 return false; | 43 return false; |
44 } | 44 } |
45 return false; | 45 return false; |
46 } | 46 } |
47 | 47 |
| 48 void AttachmentBrokerPrivilegedWin::ReceivedPeerPid(base::ProcessId peer_pid) { |
| 49 auto it = stored_wire_formats_.find(peer_pid); |
| 50 if (it == stored_wire_formats_.end()) |
| 51 return; |
| 52 |
| 53 // Make a copy, and destroy the original. |
| 54 WireFormats wire_formats = it->second; |
| 55 stored_wire_formats_.erase(it); |
| 56 |
| 57 for (const HandleWireFormat& format : wire_formats) { |
| 58 RouteDuplicatedHandle(format, false); |
| 59 } |
| 60 } |
| 61 |
48 bool AttachmentBrokerPrivilegedWin::OnMessageReceived(const Message& msg) { | 62 bool AttachmentBrokerPrivilegedWin::OnMessageReceived(const Message& msg) { |
49 bool handled = true; | 63 bool handled = true; |
50 switch (msg.type()) { | 64 switch (msg.type()) { |
51 IPC_MESSAGE_HANDLER_GENERIC(AttachmentBrokerMsg_DuplicateWinHandle, | 65 IPC_MESSAGE_HANDLER_GENERIC(AttachmentBrokerMsg_DuplicateWinHandle, |
52 OnDuplicateWinHandle(msg)) | 66 OnDuplicateWinHandle(msg)) |
53 IPC_MESSAGE_UNHANDLED(handled = false) | 67 IPC_MESSAGE_UNHANDLED(handled = false) |
54 } | 68 } |
55 return handled; | 69 return handled; |
56 } | 70 } |
57 | 71 |
58 void AttachmentBrokerPrivilegedWin::OnDuplicateWinHandle( | 72 void AttachmentBrokerPrivilegedWin::OnDuplicateWinHandle( |
59 const IPC::Message& message) { | 73 const IPC::Message& message) { |
60 AttachmentBrokerMsg_DuplicateWinHandle::Param param; | 74 AttachmentBrokerMsg_DuplicateWinHandle::Param param; |
61 if (!AttachmentBrokerMsg_DuplicateWinHandle::Read(&message, ¶m)) | 75 if (!AttachmentBrokerMsg_DuplicateWinHandle::Read(&message, ¶m)) |
62 return; | 76 return; |
63 IPC::internal::HandleAttachmentWin::WireFormat wire_format = | 77 IPC::internal::HandleAttachmentWin::WireFormat wire_format = |
64 std::get<0>(param); | 78 std::get<0>(param); |
65 | 79 |
66 if (wire_format.destination_process == base::kNullProcessId) { | 80 if (wire_format.destination_process == base::kNullProcessId) { |
67 LogError(NO_DESTINATION); | 81 LogError(NO_DESTINATION); |
68 return; | 82 return; |
69 } | 83 } |
70 | 84 |
71 HandleWireFormat new_wire_format = | 85 HandleWireFormat new_wire_format = |
72 DuplicateWinHandle(wire_format, message.get_sender_pid()); | 86 DuplicateWinHandle(wire_format, message.get_sender_pid()); |
73 RouteDuplicatedHandle(new_wire_format); | 87 RouteDuplicatedHandle(new_wire_format, true); |
74 } | 88 } |
75 | 89 |
76 void AttachmentBrokerPrivilegedWin::RouteDuplicatedHandle( | 90 void AttachmentBrokerPrivilegedWin::RouteDuplicatedHandle( |
77 const HandleWireFormat& wire_format) { | 91 const HandleWireFormat& wire_format, |
| 92 bool store_on_failure) { |
78 // This process is the destination. | 93 // This process is the destination. |
79 if (wire_format.destination_process == base::Process::Current().Pid()) { | 94 if (wire_format.destination_process == base::Process::Current().Pid()) { |
80 scoped_refptr<BrokerableAttachment> attachment( | 95 scoped_refptr<BrokerableAttachment> attachment( |
81 new internal::HandleAttachmentWin(wire_format)); | 96 new internal::HandleAttachmentWin(wire_format)); |
82 HandleReceivedAttachment(attachment); | 97 HandleReceivedAttachment(attachment); |
83 return; | 98 return; |
84 } | 99 } |
85 | 100 |
86 // Another process is the destination. | 101 // Another process is the destination. |
87 base::ProcessId dest = wire_format.destination_process; | 102 base::ProcessId dest = wire_format.destination_process; |
88 base::AutoLock auto_lock(*get_lock()); | 103 base::AutoLock auto_lock(*get_lock()); |
89 AttachmentBrokerPrivileged::EndpointRunnerPair pair = | 104 AttachmentBrokerPrivileged::EndpointRunnerPair pair = |
90 GetSenderWithProcessId(dest); | 105 GetSenderWithProcessId(dest); |
91 if (!pair.first) { | 106 if (!pair.first) { |
92 // Assuming that this message was not sent from a malicious process, the | 107 if (store_on_failure) { |
93 // channel endpoint that would have received this message will block | 108 LogError(DELAYED); |
94 // forever. | 109 stored_wire_formats_[dest].push_back(wire_format); |
95 LOG(ERROR) << "Failed to deliver brokerable attachment to process with id: " | 110 } else { |
96 << dest; | 111 // Assuming that this message was not sent from a malicious process, the |
97 LogError(DESTINATION_NOT_FOUND); | 112 // channel endpoint that would have received this message will block |
| 113 // forever. |
| 114 LOG(ERROR) |
| 115 << "Failed to deliver brokerable attachment to process with id: " |
| 116 << dest; |
| 117 LogError(DESTINATION_NOT_FOUND); |
| 118 } |
98 return; | 119 return; |
99 } | 120 } |
100 | 121 |
101 LogError(DESTINATION_FOUND); | 122 LogError(DESTINATION_FOUND); |
| 123 if (!store_on_failure) |
| 124 LogError(DELAYED_SEND); |
| 125 |
102 SendMessageToEndpoint( | 126 SendMessageToEndpoint( |
103 pair, new AttachmentBrokerMsg_WinHandleHasBeenDuplicated(wire_format)); | 127 pair, new AttachmentBrokerMsg_WinHandleHasBeenDuplicated(wire_format)); |
104 } | 128 } |
105 | 129 |
106 AttachmentBrokerPrivilegedWin::HandleWireFormat | 130 AttachmentBrokerPrivilegedWin::HandleWireFormat |
107 AttachmentBrokerPrivilegedWin::DuplicateWinHandle( | 131 AttachmentBrokerPrivilegedWin::DuplicateWinHandle( |
108 const HandleWireFormat& wire_format, | 132 const HandleWireFormat& wire_format, |
109 base::ProcessId source_pid) { | 133 base::ProcessId source_pid) { |
110 // If the source process is the destination process, then no additional work | 134 // If the source process is the destination process, then no additional work |
111 // is required. | 135 // is required. |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
151 | 175 |
152 AttachmentBrokerPrivilegedWin::HandleWireFormat | 176 AttachmentBrokerPrivilegedWin::HandleWireFormat |
153 AttachmentBrokerPrivilegedWin::CopyWireFormat( | 177 AttachmentBrokerPrivilegedWin::CopyWireFormat( |
154 const HandleWireFormat& wire_format, | 178 const HandleWireFormat& wire_format, |
155 int handle) { | 179 int handle) { |
156 return HandleWireFormat(handle, wire_format.destination_process, | 180 return HandleWireFormat(handle, wire_format.destination_process, |
157 wire_format.permissions, wire_format.attachment_id); | 181 wire_format.permissions, wire_format.attachment_id); |
158 } | 182 } |
159 | 183 |
160 } // namespace IPC | 184 } // namespace IPC |
OLD | NEW |