| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "mojo/edk/embedder/platform_channel_utils_posix.h" | 5 #include "mojo/edk/embedder/platform_channel_utils_posix.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 #include <sys/socket.h> | 8 #include <sys/socket.h> |
| 9 #include <unistd.h> | 9 #include <unistd.h> |
| 10 | 10 |
| 11 #include <utility> |
| 12 |
| 13 #include "base/files/file_util.h" |
| 11 #include "base/logging.h" | 14 #include "base/logging.h" |
| 12 #include "base/posix/eintr_wrapper.h" | 15 #include "base/posix/eintr_wrapper.h" |
| 13 #include "build/build_config.h" | 16 #include "build/build_config.h" |
| 17 #include "mojo/edk/embedder/scoped_platform_handle.h" |
| 14 | 18 |
| 15 #if !defined(OS_NACL) | 19 #if !defined(OS_NACL) |
| 16 #include <sys/uio.h> | 20 #include <sys/uio.h> |
| 17 #endif | 21 #endif |
| 18 | 22 |
| 19 #if !defined(SO_PEEK_OFF) | 23 #if !defined(SO_PEEK_OFF) |
| 20 #define SO_PEEK_OFF 42 | 24 #define SO_PEEK_OFF 42 |
| 21 #endif | 25 #endif |
| 22 | 26 |
| 23 namespace mojo { | 27 namespace mojo { |
| 24 namespace edk { | 28 namespace edk { |
| 29 namespace { |
| 30 |
| 31 #if !defined(OS_NACL) |
| 32 bool IsRecoverableError() { |
| 33 return errno == ECONNABORTED || errno == EMFILE || errno == ENFILE || |
| 34 errno == ENOMEM || errno == ENOBUFS; |
| 35 } |
| 36 |
| 37 bool GetPeerEuid(PlatformHandle handle, uid_t* peer_euid) { |
| 38 DCHECK(peer_euid); |
| 39 #if defined(OS_MACOSX) || defined(OS_OPENBSD) || defined(OS_FREEBSD) |
| 40 uid_t socket_euid; |
| 41 gid_t socket_gid; |
| 42 if (getpeereid(handle.handle, &socket_euid, &socket_gid) < 0) { |
| 43 PLOG(ERROR) << "getpeereid " << handle.handle; |
| 44 return false; |
| 45 } |
| 46 *peer_euid = socket_euid; |
| 47 return true; |
| 48 #else |
| 49 struct ucred cred; |
| 50 socklen_t cred_len = sizeof(cred); |
| 51 if (getsockopt(handle.handle, SOL_SOCKET, SO_PEERCRED, &cred, &cred_len) < |
| 52 0) { |
| 53 PLOG(ERROR) << "getsockopt " << handle.handle; |
| 54 return false; |
| 55 } |
| 56 if (static_cast<unsigned>(cred_len) < sizeof(cred)) { |
| 57 NOTREACHED() << "Truncated ucred from SO_PEERCRED?"; |
| 58 return false; |
| 59 } |
| 60 *peer_euid = cred.uid; |
| 61 return true; |
| 62 #endif |
| 63 } |
| 64 |
| 65 bool IsPeerAuthorized(PlatformHandle peer_handle) { |
| 66 uid_t peer_euid; |
| 67 if (!GetPeerEuid(peer_handle, &peer_euid)) |
| 68 return false; |
| 69 if (peer_euid != geteuid()) { |
| 70 DLOG(ERROR) << "Client euid is not authorised"; |
| 71 return false; |
| 72 } |
| 73 return true; |
| 74 } |
| 75 #endif // !defined(OS_NACL) |
| 76 |
| 77 } // namespace |
| 25 | 78 |
| 26 // On Linux, |SIGPIPE| is suppressed by passing |MSG_NOSIGNAL| to | 79 // On Linux, |SIGPIPE| is suppressed by passing |MSG_NOSIGNAL| to |
| 27 // |send()|/|sendmsg()|. (There is no way of suppressing |SIGPIPE| on | 80 // |send()|/|sendmsg()|. (There is no way of suppressing |SIGPIPE| on |
| 28 // |write()|/|writev().) On Mac, |SIGPIPE| is suppressed by setting the | 81 // |write()|/|writev().) On Mac, |SIGPIPE| is suppressed by setting the |
| 29 // |SO_NOSIGPIPE| option on the socket. | 82 // |SO_NOSIGPIPE| option on the socket. |
| 30 // | 83 // |
| 31 // Performance notes: | 84 // Performance notes: |
| 32 // - On Linux, we have to use |send()|/|sendmsg()| rather than | 85 // - On Linux, we have to use |send()|/|sendmsg()| rather than |
| 33 // |write()|/|writev()| in order to suppress |SIGPIPE|. This is okay, since | 86 // |write()|/|writev()| in order to suppress |SIGPIPE|. This is okay, since |
| 34 // |send()| is (slightly) faster than |write()| (!), while |sendmsg()| is | 87 // |send()| is (slightly) faster than |write()| (!), while |sendmsg()| is |
| (...skipping 151 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 186 for (size_t i = 0; i < num_fds; i++) { | 239 for (size_t i = 0; i < num_fds; i++) { |
| 187 platform_handles->push_back(PlatformHandle(fds[i])); | 240 platform_handles->push_back(PlatformHandle(fds[i])); |
| 188 DCHECK(platform_handles->back().is_valid()); | 241 DCHECK(platform_handles->back().is_valid()); |
| 189 } | 242 } |
| 190 } | 243 } |
| 191 } | 244 } |
| 192 | 245 |
| 193 return result; | 246 return result; |
| 194 } | 247 } |
| 195 | 248 |
| 249 bool ServerAcceptConnection(PlatformHandle server_handle, |
| 250 ScopedPlatformHandle* connection_handle) { |
| 251 DCHECK(server_handle.is_valid()); |
| 252 connection_handle->reset(); |
| 253 #if defined(OS_NACL) |
| 254 NOTREACHED(); |
| 255 return false; |
| 256 #else |
| 257 ScopedPlatformHandle accept_handle( |
| 258 PlatformHandle(HANDLE_EINTR(accept(server_handle.handle, NULL, 0)))); |
| 259 if (!accept_handle.is_valid()) |
| 260 return IsRecoverableError(); |
| 261 |
| 262 // Verify that the IPC channel peer is running as the same user. |
| 263 if (!IsPeerAuthorized(accept_handle.get())) { |
| 264 return true; |
| 265 } |
| 266 |
| 267 if (!base::SetNonBlocking(accept_handle.get().handle)) { |
| 268 PLOG(ERROR) << "base::SetNonBlocking() failed " |
| 269 << accept_handle.get().handle; |
| 270 // It's safe to keep listening on |server_handle| even if the attempt to set |
| 271 // O_NONBLOCK failed on the client fd. |
| 272 return true; |
| 273 } |
| 274 |
| 275 *connection_handle = std::move(accept_handle); |
| 276 return true; |
| 277 #endif // defined(OS_NACL) |
| 278 } |
| 279 |
| 196 } // namespace edk | 280 } // namespace edk |
| 197 } // namespace mojo | 281 } // namespace mojo |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2282413004:
Support creating mojo peer connections from named pipes. (Closed)
