| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "mojo/edk/embedder/named_platform_channel_pair.h" | |
| 6 | |
| 7 #include <sddl.h> | |
| 8 #include <windows.h> | |
| 9 | |
| 10 #include <memory> | |
| 11 #include <string> | |
| 12 #include <utility> | |
| 13 | |
| 14 #include "base/command_line.h" | |
| 15 #include "base/logging.h" | |
| 16 #include "base/rand_util.h" | |
| 17 #include "base/strings/string_number_conversions.h" | |
| 18 #include "base/strings/stringprintf.h" | |
| 19 #include "base/win/windows_version.h" | |
| 20 #include "mojo/edk/embedder/platform_handle.h" | |
| 21 | |
| 22 namespace mojo { | |
| 23 namespace edk { | |
| 24 | |
| 25 namespace { | |
| 26 | |
| 27 const char kMojoNamedPlatformChannelPipeSwitch[] = | |
| 28 "mojo-named-platform-channel-pipe"; | |
| 29 | |
| 30 std::wstring GeneratePipeName() { | |
| 31 return base::StringPrintf(L"\\\\.\\pipe\\mojo.%u.%u.%I64u", | |
| 32 GetCurrentProcessId(), GetCurrentThreadId(), | |
| 33 base::RandUint64()); | |
| 34 | |
| 35 } | |
| 36 | |
| 37 } // namespace | |
| 38 | |
| 39 NamedPlatformChannelPair::NamedPlatformChannelPair() { | |
| 40 pipe_name_ = GeneratePipeName(); | |
| 41 | |
| 42 PSECURITY_DESCRIPTOR security_desc = nullptr; | |
| 43 ULONG security_desc_len = 0; | |
| 44 // Create a DACL to grant: | |
| 45 // GA = Generic All | |
| 46 // access to: | |
| 47 // SY = LOCAL_SYSTEM | |
| 48 // BA = BUILTIN_ADMINISTRATORS | |
| 49 // OW = OWNER_RIGHTS | |
| 50 PCHECK(ConvertStringSecurityDescriptorToSecurityDescriptor( | |
| 51 L"D:(A;;GA;;;SY)(A;;GA;;;BA)(A;;GA;;;OW)", | |
| 52 SDDL_REVISION_1, &security_desc, &security_desc_len)); | |
| 53 std::unique_ptr<void, decltype(::LocalFree)*> p(security_desc, ::LocalFree); | |
| 54 SECURITY_ATTRIBUTES security_attributes = { | |
| 55 sizeof(SECURITY_ATTRIBUTES), security_desc, FALSE }; | |
| 56 | |
| 57 const DWORD kOpenMode = | |
| 58 PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED | FILE_FLAG_FIRST_PIPE_INSTANCE; | |
| 59 const DWORD kPipeMode = | |
| 60 PIPE_TYPE_BYTE | PIPE_READMODE_BYTE | PIPE_REJECT_REMOTE_CLIENTS; | |
| 61 PlatformHandle handle( | |
| 62 CreateNamedPipeW(pipe_name_.c_str(), kOpenMode, kPipeMode, | |
| 63 1, // Max instances. | |
| 64 4096, // Out buffer size. | |
| 65 4096, // In buffer size. | |
| 66 5000, // Timeout in milliseconds. | |
| 67 &security_attributes)); | |
| 68 handle.needs_connection = true; | |
| 69 server_handle_.reset(handle); | |
| 70 PCHECK(server_handle_.is_valid()); | |
| 71 } | |
| 72 | |
| 73 NamedPlatformChannelPair::~NamedPlatformChannelPair() {} | |
| 74 | |
| 75 ScopedPlatformHandle NamedPlatformChannelPair::PassServerHandle() { | |
| 76 return std::move(server_handle_); | |
| 77 } | |
| 78 | |
| 79 // static | |
| 80 ScopedPlatformHandle | |
| 81 NamedPlatformChannelPair::PassClientHandleFromParentProcess( | |
| 82 const base::CommandLine& command_line) { | |
| 83 std::wstring client_handle_string = | |
| 84 command_line.GetSwitchValueNative(kMojoNamedPlatformChannelPipeSwitch); | |
| 85 | |
| 86 if (client_handle_string.empty()) | |
| 87 return ScopedPlatformHandle(); | |
| 88 | |
| 89 // Note: This may block. | |
| 90 BOOL ok = WaitNamedPipeW(client_handle_string.c_str(), | |
| 91 NMPWAIT_USE_DEFAULT_WAIT); | |
| 92 if (!ok) | |
| 93 return ScopedPlatformHandle(); | |
| 94 | |
| 95 // In order to support passing the pipe name on the command line, the pipe | |
| 96 // handle is lazily created from the pipe name when requested. | |
| 97 const DWORD kDesiredAccess = GENERIC_READ | GENERIC_WRITE; | |
| 98 // The SECURITY_ANONYMOUS flag means that the server side cannot impersonate | |
| 99 // the client. | |
| 100 const DWORD kFlags = | |
| 101 SECURITY_SQOS_PRESENT | SECURITY_ANONYMOUS | FILE_FLAG_OVERLAPPED; | |
| 102 ScopedPlatformHandle handle( | |
| 103 PlatformHandle(CreateFileW(client_handle_string.c_str(), kDesiredAccess, | |
| 104 0, // No sharing. | |
| 105 nullptr, OPEN_EXISTING, kFlags, | |
| 106 nullptr))); // No template file. | |
| 107 PCHECK(handle.is_valid()); | |
| 108 return handle; | |
| 109 } | |
| 110 | |
| 111 void NamedPlatformChannelPair::PrepareToPassClientHandleToChildProcess( | |
| 112 base::CommandLine* command_line) const { | |
| 113 DCHECK(command_line); | |
| 114 | |
| 115 // Log a warning if the command line already has the switch, but "clobber" it | |
| 116 // anyway, since it's reasonably likely that all the switches were just copied | |
| 117 // from the parent. | |
| 118 LOG_IF(WARNING, | |
| 119 command_line->HasSwitch(kMojoNamedPlatformChannelPipeSwitch)) | |
| 120 << "Child command line already has switch --" | |
| 121 << kMojoNamedPlatformChannelPipeSwitch << "=" | |
| 122 << command_line->GetSwitchValueNative( | |
| 123 kMojoNamedPlatformChannelPipeSwitch); | |
| 124 // (Any existing switch won't actually be removed from the command line, but | |
| 125 // the last one appended takes precedence.) | |
| 126 command_line->AppendSwitchNative( | |
| 127 kMojoNamedPlatformChannelPipeSwitch, pipe_name_); | |
| 128 } | |
| 129 | |
| 130 } // namespace edk | |
| 131 } // namespace mojo | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2009033002:
Revert of [mojo] Use a pipe path to initialise Mojo in elevated utility processes. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master