Add Core::ReplaceHandleWithReducedRights().

mojo/edk/system/handle_table.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "mojo/edk/system/handle_table.h"
 
 #include <limits>
 #include <utility>
 
 #include "base/logging.h"
@@ skipping 90 matching lines @@
     if (handles->at(i)) {
       handle_values[i] = AddHandleNoSizeCheck(std::move(handles->at(i)));
     } else {
       LOG(WARNING) << "Invalid dispatcher at index " << i;
       handle_values[i] = MOJO_HANDLE_INVALID;
     }
   }
   return true;
 }
 
+MojoResult HandleTable::ReplaceHandleWithReducedRights(
+    MojoHandle handle_value,
+    MojoHandleRights rights_to_remove,
+    MojoHandle* replacement_handle_value) {
+  DCHECK_NE(handle_value, MOJO_HANDLE_INVALID);
+  DCHECK(replacement_handle_value);
+
+  HandleToEntryMap::iterator it = handle_to_entry_map_.find(handle_value);
+  if (it == handle_to_entry_map_.end())
+    return MOJO_RESULT_INVALID_ARGUMENT;
+
+  Entry entry = it->second;
+  if (entry.busy)
+    return MOJO_RESULT_BUSY;
+  // We don't need to mark the entry as busy, since we do everything under the
+  // handle table lock (unlike sending messages).
+
+  // Try to start the transport. (This just tries to take the dispatcher's
+  // lock.)
+  HandleTransport transport =
+      Dispatcher::HandleTableAccess::TryStartTransport(entry.handle);
+  if (!transport.is_valid())
+    return MOJO_RESULT_BUSY;
+
+  // We don't need to check the capacity of the handle table, since we're just
+  // going to replace the old handle. (Nothing below can fail, so we won't need
+  // to unwind.)
+
+  Handle replacement_handle =
+      transport.CreateEquivalentHandleAndClose(nullptr, 0);
+  replacement_handle.rights &= ~rights_to_remove;
+  transport.End();
+
+  // |it| is still valid here.
+  handle_to_entry_map_.erase(it);
+
+  *replacement_handle_value =
+      AddHandleNoSizeCheck(std::move(replacement_handle));
+  return MOJO_RESULT_OK;
+}
+
 MojoResult HandleTable::MarkBusyAndStartTransport(
-    MojoHandle disallowed_handle,
+    MojoHandle disallowed_handle_value,
     const MojoHandle* handle_values,
     uint32_t num_handles,
     std::vector<HandleTransport>* transports) {
-  DCHECK_NE(disallowed_handle, MOJO_HANDLE_INVALID);
+  DCHECK_NE(disallowed_handle_value, MOJO_HANDLE_INVALID);
   DCHECK(handle_values);
   DCHECK_LE(num_handles, GetConfiguration().max_message_num_handles);
   DCHECK(transports);
   DCHECK_EQ(transports->size(), num_handles);
 
   std::vector<Entry*> entries(num_handles);
 
   // First verify all the handle values and get their dispatchers.
   uint32_t i;
   MojoResult error_result = MOJO_RESULT_INTERNAL;
   for (i = 0; i < num_handles; i++) {
     // Sending your own handle is not allowed (and, for consistency, returns
     // "busy").
-    if (handle_values[i] == disallowed_handle) {
+    if (handle_values[i] == disallowed_handle_value) {
       error_result = MOJO_RESULT_BUSY;
       break;
     }
 
     HandleToEntryMap::iterator it = handle_to_entry_map_.find(handle_values[i]);
     if (it == handle_to_entry_map_.end()) {
       error_result = MOJO_RESULT_INVALID_ARGUMENT;
       break;
     }
 
@@ skipping 92 matching lines @@
   for (uint32_t i = 0; i < num_handles; i++) {
     HandleToEntryMap::iterator it = handle_to_entry_map_.find(handle_values[i]);
     DCHECK(it != handle_to_entry_map_.end());
     DCHECK(it->second.busy);
     it->second.busy = false;
   }
 }
 
 }  // namespace system
 }  // namespace mojo