Index: ipc/attachment_broker_privileged_win.h |
diff --git a/ipc/attachment_broker_privileged_win.h b/ipc/attachment_broker_privileged_win.h |
index 467a97776ee51aee9b045ef2fb0fa8740948ed94..bf2eec82f15fcd760015cbadd1bc81181c2e6b80 100644 |
--- a/ipc/attachment_broker_privileged_win.h |
+++ b/ipc/attachment_broker_privileged_win.h |
@@ -5,6 +5,9 @@ |
#ifndef IPC_ATTACHMENT_BROKER_PRIVILEGED_WIN_H_ |
#define IPC_ATTACHMENT_BROKER_PRIVILEGED_WIN_H_ |
+#include <map> |
+#include <vector> |
+ |
#include "base/macros.h" |
#include "ipc/attachment_broker_privileged.h" |
#include "ipc/handle_attachment_win.h" |
@@ -24,6 +27,7 @@ class IPC_EXPORT AttachmentBrokerPrivilegedWin |
bool SendAttachmentToProcess( |
const scoped_refptr<IPC::BrokerableAttachment>& attachment, |
base::ProcessId destination_process) override; |
+ void ReceivedPeerPid(base::ProcessId peer_pid) override; |
// IPC::Listener overrides. |
bool OnMessageReceived(const Message& message) override; |
@@ -44,7 +48,23 @@ class IPC_EXPORT AttachmentBrokerPrivilegedWin |
// If the HANDLE's destination is this process, queue it and notify the |
// observers. Otherwise, send it in an IPC to its destination. |
- void RouteDuplicatedHandle(const HandleWireFormat& wire_format); |
+ // If the destination process cannot be found, |store_on_failure| indicates |
+ // whether the |wire_format| should be stored, or an error should be emitted. |
+ void RouteDuplicatedHandle(const HandleWireFormat& wire_format, |
+ bool store_on_failure); |
+ |
+ // Wire formats that cannot be immediately sent to the destination process |
+ // because the connection has not been established. If, for some reason, the |
+ // connection is never established, then the assumption is that the |
+ // destination process died. The resource itself will be cleaned up by the OS, |
+ // but the data structure HandleWireFormat will leak. If, at a later point in |
+ // time, a new process is created with the same process id, the WireFormats |
+ // will be passed to the new process. There is no security problem, since the |
+ // resource itself is not being sent. Furthermore, it is unlikely to affect |
+ // the functionality of the new process, since AttachmentBroker ids are large, |
+ // unguessable nonces. |
+ using WireFormats = std::vector<HandleWireFormat>; |
+ std::map<base::ProcessId, WireFormats> stored_wire_formats_; |
DISALLOW_COPY_AND_ASSIGN(AttachmentBrokerPrivilegedWin); |
}; |