OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef DBUS_FILE_DESCRIPTOR_H_ | 5 #ifndef DBUS_FILE_DESCRIPTOR_H_ |
6 #define DBUS_FILE_DESCRIPTOR_H_ | 6 #define DBUS_FILE_DESCRIPTOR_H_ |
7 | 7 |
8 #include <memory> | 8 #include <memory> |
9 | 9 |
10 #include "base/macros.h" | 10 #include "base/move.h" |
11 #include "dbus/dbus_export.h" | 11 #include "dbus/dbus_export.h" |
12 | 12 |
13 namespace dbus { | 13 namespace dbus { |
14 | 14 |
15 // FileDescriptor is a type used to encapsulate D-Bus file descriptors | 15 // FileDescriptor is a type used to encapsulate D-Bus file descriptors |
16 // and to follow the RAII idiom appropiate for use with message operations | 16 // and to follow the RAII idiom appropiate for use with message operations |
17 // where the descriptor might be easily leaked. To guard against this the | 17 // where the descriptor might be easily leaked. To guard against this the |
18 // descriptor is closed when an instance is destroyed if it is owned. | 18 // descriptor is closed when an instance is destroyed if it is owned. |
19 // Ownership is asserted only when PutValue is used and TakeValue can be | 19 // Ownership is asserted only when PutValue is used and TakeValue can be |
20 // used to take ownership. | 20 // used to take ownership. |
21 // | 21 // |
22 // For example, in the following | 22 // For example, in the following |
23 // FileDescriptor fd; | 23 // FileDescriptor fd; |
24 // if (!reader->PopString(&name) || | 24 // if (!reader->PopString(&name) || |
25 // !reader->PopFileDescriptor(&fd) || | 25 // !reader->PopFileDescriptor(&fd) || |
26 // !reader->PopUint32(&flags)) { | 26 // !reader->PopUint32(&flags)) { |
27 // the descriptor in fd will be closed if the PopUint32 fails. But | 27 // the descriptor in fd will be closed if the PopUint32 fails. But |
28 // writer.AppendFileDescriptor(dbus::FileDescriptor(1)); | 28 // writer.AppendFileDescriptor(dbus::FileDescriptor(1)); |
29 // will not automatically close "1" because it is not owned. | 29 // will not automatically close "1" because it is not owned. |
30 // | 30 // |
31 // Descriptors must be validated before marshalling in a D-Bus message | 31 // Descriptors must be validated before marshalling in a D-Bus message |
32 // or using them after unmarshalling. We disallow descriptors to a | 32 // or using them after unmarshalling. We disallow descriptors to a |
33 // directory to reduce the security risks. Splitting out validation | 33 // directory to reduce the security risks. Splitting out validation |
34 // also allows the caller to do this work on the File thread to conform | 34 // also allows the caller to do this work on the File thread to conform |
35 // with i/o restrictions. | 35 // with i/o restrictions. |
36 class CHROME_DBUS_EXPORT FileDescriptor { | 36 class CHROME_DBUS_EXPORT FileDescriptor { |
| 37 MOVE_ONLY_TYPE_FOR_CPP_03(FileDescriptor); |
| 38 |
37 public: | 39 public: |
38 // This provides a simple way to pass around file descriptors since they must | 40 // This provides a simple way to pass around file descriptors since they must |
39 // be closed on a thread that is allowed to perform I/O. | 41 // be closed on a thread that is allowed to perform I/O. |
40 struct Deleter { | 42 struct Deleter { |
41 void CHROME_DBUS_EXPORT operator()(FileDescriptor* fd); | 43 void CHROME_DBUS_EXPORT operator()(FileDescriptor* fd); |
42 }; | 44 }; |
43 | 45 |
44 // Permits initialization without a value for passing to | 46 // Permits initialization without a value for passing to |
45 // dbus::MessageReader::PopFileDescriptor to fill in and from int values. | 47 // dbus::MessageReader::PopFileDescriptor to fill in and from int values. |
46 FileDescriptor() : value_(-1), owner_(false), valid_(false) {} | 48 FileDescriptor() : value_(-1), owner_(false), valid_(false) {} |
(...skipping 26 matching lines...) Expand all Loading... |
73 // We disallow directories to avoid potential sandbox escapes. | 75 // We disallow directories to avoid potential sandbox escapes. |
74 // Note this call must be made on a thread where file i/o is allowed. | 76 // Note this call must be made on a thread where file i/o is allowed. |
75 void CheckValidity(); | 77 void CheckValidity(); |
76 | 78 |
77 private: | 79 private: |
78 void Swap(FileDescriptor* other); | 80 void Swap(FileDescriptor* other); |
79 | 81 |
80 int value_; | 82 int value_; |
81 bool owner_; | 83 bool owner_; |
82 bool valid_; | 84 bool valid_; |
83 | |
84 DISALLOW_COPY_AND_ASSIGN(FileDescriptor); | |
85 }; | 85 }; |
86 | 86 |
87 using ScopedFileDescriptor = | 87 using ScopedFileDescriptor = |
88 std::unique_ptr<FileDescriptor, FileDescriptor::Deleter>; | 88 std::unique_ptr<FileDescriptor, FileDescriptor::Deleter>; |
89 | 89 |
90 } // namespace dbus | 90 } // namespace dbus |
91 | 91 |
92 #endif // DBUS_FILE_DESCRIPTOR_H_ | 92 #endif // DBUS_FILE_DESCRIPTOR_H_ |
OLD | NEW |