| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chromeos/network/firewall_hole.h" | 5 #include "chromeos/network/firewall_hole.h" |
| 6 | 6 |
| 7 #include <fcntl.h> | 7 #include <fcntl.h> |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 #include <unistd.h> | 9 #include <unistd.h> |
| 10 | 10 |
| 11 #include <utility> | 11 #include <utility> |
| 12 | 12 |
| 13 #include "base/bind.h" | 13 #include "base/bind.h" |
| 14 #include "base/location.h" | 14 #include "base/location.h" |
| 15 #include "base/memory/ptr_util.h" | 15 #include "base/memory/ptr_util.h" |
| 16 #include "base/threading/thread_task_runner_handle.h" |
| 16 #include "base/threading/worker_pool.h" | 17 #include "base/threading/worker_pool.h" |
| 17 #include "chromeos/dbus/dbus_thread_manager.h" | 18 #include "chromeos/dbus/dbus_thread_manager.h" |
| 18 #include "chromeos/dbus/permission_broker_client.h" | 19 #include "chromeos/dbus/permission_broker_client.h" |
| 19 #include "dbus/file_descriptor.h" | |
| 20 | 20 |
| 21 namespace chromeos { | 21 namespace chromeos { |
| 22 | 22 |
| 23 namespace { | 23 namespace { |
| 24 | 24 |
| 25 // Creates a pair of file descriptors that form a "lifeline" between Chrome and | |
| 26 // firewalld. If this pipe is closed unexpectedly (i.e. Chrome crashes) then | |
| 27 // firewalld will notice and close the hole in the firewall. | |
| 28 void CreateValidLifeline(dbus::FileDescriptor* lifeline_local, | |
| 29 dbus::FileDescriptor* lifeline_remote) { | |
| 30 int lifeline[2] = {-1, -1}; | |
| 31 if (pipe2(lifeline, O_CLOEXEC) < 0) { | |
| 32 PLOG(ERROR) << "Failed to create a lifeline pipe"; | |
| 33 return; | |
| 34 } | |
| 35 | |
| 36 lifeline_local->PutValue(lifeline[0]); | |
| 37 lifeline_local->CheckValidity(); | |
| 38 | |
| 39 lifeline_remote->PutValue(lifeline[1]); | |
| 40 lifeline_remote->CheckValidity(); | |
| 41 } | |
| 42 | |
| 43 const char* PortTypeToString(FirewallHole::PortType type) { | 25 const char* PortTypeToString(FirewallHole::PortType type) { |
| 44 switch (type) { | 26 switch (type) { |
| 45 case FirewallHole::PortType::TCP: | 27 case FirewallHole::PortType::TCP: |
| 46 return "TCP"; | 28 return "TCP"; |
| 47 case FirewallHole::PortType::UDP: | 29 case FirewallHole::PortType::UDP: |
| 48 return "UDP"; | 30 return "UDP"; |
| 49 } | 31 } |
| 50 NOTREACHED(); | 32 NOTREACHED(); |
| 51 return nullptr; | 33 return nullptr; |
| 52 } | 34 } |
| 53 | 35 |
| 54 void PortReleased(FirewallHole::PortType type, | 36 void PortReleased(FirewallHole::PortType type, |
| 55 uint16_t port, | 37 uint16_t port, |
| 56 const std::string& interface, | 38 const std::string& interface, |
| 57 dbus::ScopedFileDescriptor lifeline_fd, | 39 base::ScopedFD lifeline_fd, |
| 58 bool success) { | 40 bool success) { |
| 59 if (!success) { | 41 if (!success) { |
| 60 LOG(WARNING) << "Failed to release firewall hole for " | 42 LOG(WARNING) << "Failed to release firewall hole for " |
| 61 << PortTypeToString(type) << " port " << port << " on " | 43 << PortTypeToString(type) << " port " << port << " on " |
| 62 << interface << "."; | 44 << interface << "."; |
| 63 } | 45 } |
| 64 } | 46 } |
| 65 | 47 |
| 66 } // namespace | 48 } // namespace |
| 67 | 49 |
| 68 // static | 50 // static |
| 69 void FirewallHole::Open(PortType type, | 51 void FirewallHole::Open(PortType type, |
| 70 uint16_t port, | 52 uint16_t port, |
| 71 const std::string& interface, | 53 const std::string& interface, |
| 72 const OpenCallback& callback) { | 54 const OpenCallback& callback) { |
| 73 dbus::ScopedFileDescriptor lifeline_local(new dbus::FileDescriptor()); | 55 int lifeline[2] = {-1, -1}; |
| 74 dbus::ScopedFileDescriptor lifeline_remote(new dbus::FileDescriptor()); | 56 if (pipe2(lifeline, O_CLOEXEC) < 0) { |
| 57 PLOG(ERROR) << "Failed to create a lifeline pipe"; |
| 58 base::ThreadTaskRunnerHandle::Get()->PostTask( |
| 59 FROM_HERE, base::Bind(callback, nullptr)); |
| 60 return; |
| 61 } |
| 62 base::ScopedFD lifeline_local(lifeline[0]); |
| 63 base::ScopedFD lifeline_remote(lifeline[1]); |
| 75 | 64 |
| 76 // This closure shares pointers with the one below. PostTaskAndReply | 65 base::Callback<void(bool)> access_granted_closure = |
| 77 // guarantees that it will always be deleted first. | 66 base::Bind(&FirewallHole::PortAccessGranted, type, port, interface, |
| 78 base::Closure create_lifeline_closure = base::Bind( | 67 base::Passed(&lifeline_local), callback); |
| 79 &CreateValidLifeline, lifeline_local.get(), lifeline_remote.get()); | |
| 80 | 68 |
| 81 base::WorkerPool::PostTaskAndReply( | 69 PermissionBrokerClient* client = |
| 82 FROM_HERE, create_lifeline_closure, | 70 DBusThreadManager::Get()->GetPermissionBrokerClient(); |
| 83 base::Bind(&FirewallHole::RequestPortAccess, type, port, interface, | 71 DCHECK(client) << "Could not get permission broker client."; |
| 84 base::Passed(&lifeline_local), base::Passed(&lifeline_remote), | 72 |
| 85 callback), | 73 switch (type) { |
| 86 false); | 74 case PortType::TCP: |
| 75 client->RequestTcpPortAccess(port, interface, lifeline_remote.get(), |
| 76 access_granted_closure); |
| 77 return; |
| 78 case PortType::UDP: |
| 79 client->RequestUdpPortAccess(port, interface, lifeline_remote.get(), |
| 80 access_granted_closure); |
| 81 return; |
| 82 } |
| 87 } | 83 } |
| 88 | 84 |
| 89 FirewallHole::~FirewallHole() { | 85 FirewallHole::~FirewallHole() { |
| 90 base::Callback<void(bool)> port_released_closure = base::Bind( | 86 base::Callback<void(bool)> port_released_closure = base::Bind( |
| 91 &PortReleased, type_, port_, interface_, base::Passed(&lifeline_fd_)); | 87 &PortReleased, type_, port_, interface_, base::Passed(&lifeline_fd_)); |
| 92 | 88 |
| 93 PermissionBrokerClient* client = | 89 PermissionBrokerClient* client = |
| 94 DBusThreadManager::Get()->GetPermissionBrokerClient(); | 90 DBusThreadManager::Get()->GetPermissionBrokerClient(); |
| 95 DCHECK(client) << "Could not get permission broker client."; | 91 DCHECK(client) << "Could not get permission broker client."; |
| 96 switch (type_) { | 92 switch (type_) { |
| 97 case PortType::TCP: | 93 case PortType::TCP: |
| 98 client->ReleaseTcpPort(port_, interface_, port_released_closure); | 94 client->ReleaseTcpPort(port_, interface_, port_released_closure); |
| 99 return; | 95 return; |
| 100 case PortType::UDP: | 96 case PortType::UDP: |
| 101 client->ReleaseUdpPort(port_, interface_, port_released_closure); | 97 client->ReleaseUdpPort(port_, interface_, port_released_closure); |
| 102 return; | 98 return; |
| 103 } | 99 } |
| 104 } | 100 } |
| 105 | |
| 106 void FirewallHole::RequestPortAccess(PortType type, | |
| 107 uint16_t port, | |
| 108 const std::string& interface, | |
| 109 dbus::ScopedFileDescriptor lifeline_local, | |
| 110 dbus::ScopedFileDescriptor lifeline_remote, | |
| 111 const OpenCallback& callback) { | |
| 112 if (!lifeline_local->is_valid() || !lifeline_remote->is_valid()) { | |
| 113 callback.Run(nullptr); | |
| 114 return; | |
| 115 } | |
| 116 | |
| 117 base::Callback<void(bool)> access_granted_closure = | |
| 118 base::Bind(&FirewallHole::PortAccessGranted, type, port, interface, | |
| 119 base::Passed(&lifeline_local), callback); | |
| 120 | |
| 121 PermissionBrokerClient* client = | |
| 122 DBusThreadManager::Get()->GetPermissionBrokerClient(); | |
| 123 DCHECK(client) << "Could not get permission broker client."; | |
| 124 | |
| 125 switch (type) { | |
| 126 case PortType::TCP: | |
| 127 client->RequestTcpPortAccess(port, interface, *lifeline_remote, | |
| 128 access_granted_closure); | |
| 129 return; | |
| 130 case PortType::UDP: | |
| 131 client->RequestUdpPortAccess(port, interface, *lifeline_remote, | |
| 132 access_granted_closure); | |
| 133 return; | |
| 134 } | |
| 135 } | |
| 136 | 101 |
| 137 void FirewallHole::PortAccessGranted(PortType type, | 102 void FirewallHole::PortAccessGranted(PortType type, |
| 138 uint16_t port, | 103 uint16_t port, |
| 139 const std::string& interface, | 104 const std::string& interface, |
| 140 dbus::ScopedFileDescriptor lifeline_fd, | 105 base::ScopedFD lifeline_fd, |
| 141 const FirewallHole::OpenCallback& callback, | 106 const FirewallHole::OpenCallback& callback, |
| 142 bool success) { | 107 bool success) { |
| 143 if (success) { | 108 if (success) { |
| 144 callback.Run(base::WrapUnique( | 109 callback.Run(base::WrapUnique( |
| 145 new FirewallHole(type, port, interface, std::move(lifeline_fd)))); | 110 new FirewallHole(type, port, interface, std::move(lifeline_fd)))); |
| 146 } else { | 111 } else { |
| 147 callback.Run(nullptr); | 112 callback.Run(nullptr); |
| 148 } | 113 } |
| 149 } | 114 } |
| 150 | 115 |
| 151 FirewallHole::FirewallHole(PortType type, | 116 FirewallHole::FirewallHole(PortType type, |
| 152 uint16_t port, | 117 uint16_t port, |
| 153 const std::string& interface, | 118 const std::string& interface, |
| 154 dbus::ScopedFileDescriptor lifeline_fd) | 119 base::ScopedFD lifeline_fd) |
| 155 : type_(type), | 120 : type_(type), |
| 156 port_(port), | 121 port_(port), |
| 157 interface_(interface), | 122 interface_(interface), |
| 158 lifeline_fd_(std::move(lifeline_fd)) {} | 123 lifeline_fd_(std::move(lifeline_fd)) {} |
| 159 | 124 |
| 160 } // namespace chromeos | 125 } // namespace chromeos |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2291983002:
chromeos: Remove dbus::FileDescriptor from PermissionBrokerClient (Closed)
