OLD | NEW |
| (Empty) |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef IPC_ATTACHMENT_BROKER_PRIVILEGED_H_ | |
6 #define IPC_ATTACHMENT_BROKER_PRIVILEGED_H_ | |
7 | |
8 #include <utility> | |
9 #include <vector> | |
10 | |
11 #include "base/macros.h" | |
12 #include "base/memory/ref_counted.h" | |
13 #include "base/single_thread_task_runner.h" | |
14 #include "build/build_config.h" | |
15 #include "ipc/attachment_broker.h" | |
16 #include "ipc/ipc_export.h" | |
17 | |
18 #if defined(OS_MACOSX) && !defined(OS_IOS) | |
19 namespace base { | |
20 class PortProvider; | |
21 } // namespace base | |
22 #endif // defined(OS_MACOSX) && !defined(OS_IOS) | |
23 | |
24 namespace IPC { | |
25 | |
26 class Endpoint; | |
27 class Sender; | |
28 | |
29 // This abstract subclass of AttachmentBroker is intended for use in a | |
30 // privileged process . When unprivileged processes want to send attachments, | |
31 // the attachments get routed through the privileged process, and more | |
32 // specifically, an instance of this class. | |
33 class IPC_EXPORT AttachmentBrokerPrivileged : public IPC::AttachmentBroker { | |
34 public: | |
35 AttachmentBrokerPrivileged(); | |
36 ~AttachmentBrokerPrivileged() override; | |
37 | |
38 // If there is no global attachment broker, makes a new | |
39 // AttachmentBrokerPrivileged and sets it as the global attachment broker. | |
40 // This method is thread safe. | |
41 #if defined(OS_MACOSX) && !defined(OS_IOS) | |
42 static void CreateBrokerIfNeeded(base::PortProvider* provider); | |
43 #else | |
44 static void CreateBrokerIfNeeded(); | |
45 #endif // defined(OS_MACOSX) && !defined(OS_IOS) | |
46 | |
47 // Similar to CreateBrokerIfNeeded(), but useful for single process unit tests | |
48 // that don't need real attachment brokering, and don't want to deal with | |
49 // setting up a fake PortProvider. | |
50 static void CreateBrokerForSingleProcessTests(); | |
51 | |
52 // AttachmentBroker overrides. | |
53 void RegisterCommunicationChannel( | |
54 Endpoint* endpoint, | |
55 scoped_refptr<base::SingleThreadTaskRunner> runner) override; | |
56 void DeregisterCommunicationChannel(Endpoint* endpoint) override; | |
57 bool IsPrivilegedBroker() override; | |
58 | |
59 protected: | |
60 using EndpointRunnerPair = | |
61 std::pair<Endpoint*, scoped_refptr<base::SingleThreadTaskRunner>>; | |
62 | |
63 // Returns the sender whose peer's process id is |id|. | |
64 // Returns nullptr if no sender is found. | |
65 // The lock returned by get_lock() must already be acquired before calling | |
66 // this method. The return value is only guaranteed to be valid while the lock | |
67 // is held. | |
68 EndpointRunnerPair GetSenderWithProcessId(base::ProcessId id); | |
69 | |
70 // Sends a message to the endpoint, dispatching onto another thread if | |
71 // necessary. | |
72 void SendMessageToEndpoint(EndpointRunnerPair pair, Message* message); | |
73 | |
74 // Errors that can be reported by subclasses. | |
75 // These match tools/metrics/histograms/histograms.xml. | |
76 // This enum is append-only. | |
77 enum UMAError { | |
78 // The brokerable attachment had a valid destination. This is the success | |
79 // case. | |
80 DESTINATION_FOUND = 0, | |
81 // The brokerable attachment had a destination, but the broker did not have | |
82 // a channel of communication with that process. | |
83 DESTINATION_NOT_FOUND = 1, | |
84 // The brokerable attachment did not have a destination process. | |
85 NO_DESTINATION = 2, | |
86 // Error making an intermediate Mach port. | |
87 ERROR_MAKE_INTERMEDIATE = 3, | |
88 // Error parsing DuplicateMachPort message. | |
89 ERROR_PARSE_DUPLICATE_MACH_PORT_MESSAGE = 4, | |
90 // Couldn't get a task port for the process with a given pid. | |
91 ERROR_TASK_FOR_PID = 5, | |
92 // Couldn't make a port with receive rights in the destination process. | |
93 ERROR_MAKE_RECEIVE_PORT = 6, | |
94 // Couldn't change the attributes of a Mach port. | |
95 ERROR_SET_ATTRIBUTES = 7, | |
96 // Couldn't extract a right from the destination. | |
97 ERROR_EXTRACT_DEST_RIGHT = 8, | |
98 // Couldn't send a Mach port in a call to mach_msg(). | |
99 ERROR_SEND_MACH_PORT = 9, | |
100 // Couldn't decrease the ref count on a Mach port. | |
101 ERROR_DECREASE_REF = 10, | |
102 // Couldn't extract a right from the source. | |
103 ERROR_EXTRACT_SOURCE_RIGHT = 11, | |
104 // The broker did not have a channel of communication with the source | |
105 // process. | |
106 ERROR_SOURCE_NOT_FOUND = 12, | |
107 // The broker could not open the source or destination process with extra | |
108 // privileges. | |
109 ERROR_COULD_NOT_OPEN_SOURCE_OR_DEST = 13, | |
110 // The broker was asked to transfer a HANDLE with invalid permissions. | |
111 ERROR_INVALID_PERMISSIONS = 14, | |
112 // The broker was not immediately able to send an attachment. | |
113 DELAYED = 15, | |
114 // The broker successfully sent a delayed attachment. | |
115 DELAYED_SEND = 16, | |
116 ERROR_MAX | |
117 }; | |
118 | |
119 // Emits an UMA metric. | |
120 void LogError(UMAError error); | |
121 | |
122 private: | |
123 // A vector of Endpoints, and the SingleThreadTaskRunner that should be used | |
124 // to invoke Send() on each Endpoint. | |
125 std::vector<EndpointRunnerPair> endpoints_; | |
126 DISALLOW_COPY_AND_ASSIGN(AttachmentBrokerPrivileged); | |
127 }; | |
128 | |
129 } // namespace IPC | |
130 | |
131 #endif // IPC_ATTACHMENT_BROKER_PRIVILEGED_H_ | |
OLD | NEW |