OLD | NEW |
| (Empty) |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "ipc/attachment_broker_privileged_win.h" | |
6 | |
7 #include <windows.h> | |
8 | |
9 #include <tuple> | |
10 | |
11 #include "base/process/process.h" | |
12 #include "ipc/attachment_broker_messages.h" | |
13 #include "ipc/brokerable_attachment.h" | |
14 #include "ipc/handle_attachment_win.h" | |
15 #include "ipc/ipc_channel.h" | |
16 | |
17 namespace IPC { | |
18 | |
19 AttachmentBrokerPrivilegedWin::AttachmentBrokerPrivilegedWin() {} | |
20 | |
21 AttachmentBrokerPrivilegedWin::~AttachmentBrokerPrivilegedWin() {} | |
22 | |
23 bool AttachmentBrokerPrivilegedWin::SendAttachmentToProcess( | |
24 const scoped_refptr<IPC::BrokerableAttachment>& attachment, | |
25 base::ProcessId destination_process) { | |
26 switch (attachment->GetBrokerableType()) { | |
27 case BrokerableAttachment::WIN_HANDLE: { | |
28 internal::HandleAttachmentWin* handle_attachment = | |
29 static_cast<internal::HandleAttachmentWin*>(attachment.get()); | |
30 HandleWireFormat wire_format = | |
31 handle_attachment->GetWireFormat(destination_process); | |
32 HandleWireFormat new_wire_format = | |
33 DuplicateWinHandle(wire_format, base::Process::Current().Pid()); | |
34 handle_attachment->reset_handle_ownership(); | |
35 if (new_wire_format.handle == 0) | |
36 return false; | |
37 RouteDuplicatedHandle(new_wire_format, true); | |
38 return true; | |
39 } | |
40 case BrokerableAttachment::MACH_PORT: | |
41 case BrokerableAttachment::PLACEHOLDER: | |
42 NOTREACHED(); | |
43 return false; | |
44 } | |
45 return false; | |
46 } | |
47 | |
48 void AttachmentBrokerPrivilegedWin::ReceivedPeerPid(base::ProcessId peer_pid) { | |
49 auto it = stored_wire_formats_.find(peer_pid); | |
50 if (it == stored_wire_formats_.end()) | |
51 return; | |
52 | |
53 // Make a copy, and destroy the original. | |
54 WireFormats wire_formats = it->second; | |
55 stored_wire_formats_.erase(it); | |
56 | |
57 for (const HandleWireFormat& format : wire_formats) { | |
58 RouteDuplicatedHandle(format, false); | |
59 } | |
60 } | |
61 | |
62 bool AttachmentBrokerPrivilegedWin::OnMessageReceived(const Message& msg) { | |
63 bool handled = true; | |
64 switch (msg.type()) { | |
65 IPC_MESSAGE_HANDLER_GENERIC(AttachmentBrokerMsg_DuplicateWinHandle, | |
66 OnDuplicateWinHandle(msg)) | |
67 IPC_MESSAGE_UNHANDLED(handled = false) | |
68 } | |
69 return handled; | |
70 } | |
71 | |
72 void AttachmentBrokerPrivilegedWin::OnDuplicateWinHandle( | |
73 const IPC::Message& message) { | |
74 AttachmentBrokerMsg_DuplicateWinHandle::Param param; | |
75 if (!AttachmentBrokerMsg_DuplicateWinHandle::Read(&message, ¶m)) | |
76 return; | |
77 IPC::internal::HandleAttachmentWin::WireFormat wire_format = | |
78 std::get<0>(param); | |
79 | |
80 if (wire_format.destination_process == base::kNullProcessId) { | |
81 LogError(NO_DESTINATION); | |
82 return; | |
83 } | |
84 | |
85 HandleWireFormat new_wire_format = | |
86 DuplicateWinHandle(wire_format, message.get_sender_pid()); | |
87 RouteDuplicatedHandle(new_wire_format, true); | |
88 } | |
89 | |
90 void AttachmentBrokerPrivilegedWin::RouteDuplicatedHandle( | |
91 const HandleWireFormat& wire_format, | |
92 bool store_on_failure) { | |
93 // This process is the destination. | |
94 if (wire_format.destination_process == base::Process::Current().Pid()) { | |
95 scoped_refptr<BrokerableAttachment> attachment( | |
96 new internal::HandleAttachmentWin(wire_format)); | |
97 HandleReceivedAttachment(attachment); | |
98 return; | |
99 } | |
100 | |
101 // Another process is the destination. | |
102 base::ProcessId dest = wire_format.destination_process; | |
103 base::AutoLock auto_lock(*get_lock()); | |
104 AttachmentBrokerPrivileged::EndpointRunnerPair pair = | |
105 GetSenderWithProcessId(dest); | |
106 if (!pair.first) { | |
107 if (store_on_failure) { | |
108 LogError(DELAYED); | |
109 stored_wire_formats_[dest].push_back(wire_format); | |
110 } else { | |
111 // Assuming that this message was not sent from a malicious process, the | |
112 // channel endpoint that would have received this message will block | |
113 // forever. | |
114 LOG(ERROR) | |
115 << "Failed to deliver brokerable attachment to process with id: " | |
116 << dest; | |
117 LogError(DESTINATION_NOT_FOUND); | |
118 } | |
119 return; | |
120 } | |
121 | |
122 LogError(DESTINATION_FOUND); | |
123 if (!store_on_failure) | |
124 LogError(DELAYED_SEND); | |
125 | |
126 SendMessageToEndpoint( | |
127 pair, new AttachmentBrokerMsg_WinHandleHasBeenDuplicated(wire_format)); | |
128 } | |
129 | |
130 AttachmentBrokerPrivilegedWin::HandleWireFormat | |
131 AttachmentBrokerPrivilegedWin::DuplicateWinHandle( | |
132 const HandleWireFormat& wire_format, | |
133 base::ProcessId source_pid) { | |
134 // If the source process is the destination process, then no additional work | |
135 // is required. | |
136 if (source_pid == wire_format.destination_process) | |
137 return wire_format; | |
138 | |
139 // If the handle is not valid, no additional work is required. | |
140 if (wire_format.handle == 0) | |
141 return wire_format; | |
142 | |
143 base::Process source_process = | |
144 base::Process::OpenWithExtraPrivileges(source_pid); | |
145 base::Process dest_process = | |
146 base::Process::OpenWithExtraPrivileges(wire_format.destination_process); | |
147 if (!source_process.Handle() || !dest_process.Handle()) { | |
148 LogError(ERROR_COULD_NOT_OPEN_SOURCE_OR_DEST); | |
149 return wire_format; | |
150 } | |
151 | |
152 DWORD desired_access = 0; | |
153 DWORD options = DUPLICATE_CLOSE_SOURCE; | |
154 switch (wire_format.permissions) { | |
155 case HandleWin::INVALID: | |
156 LogError(ERROR_INVALID_PERMISSIONS); | |
157 return CopyWireFormat(wire_format, 0); | |
158 case HandleWin::DUPLICATE: | |
159 options |= DUPLICATE_SAME_ACCESS; | |
160 break; | |
161 case HandleWin::FILE_READ_WRITE: | |
162 desired_access = FILE_GENERIC_READ | FILE_GENERIC_WRITE; | |
163 break; | |
164 } | |
165 | |
166 HANDLE new_handle; | |
167 HANDLE original_handle = LongToHandle(wire_format.handle); | |
168 DWORD result = ::DuplicateHandle(source_process.Handle(), original_handle, | |
169 dest_process.Handle(), &new_handle, | |
170 desired_access, FALSE, options); | |
171 | |
172 int new_wire_format_handle = (result != 0) ? HandleToLong(new_handle) : 0; | |
173 return CopyWireFormat(wire_format, new_wire_format_handle); | |
174 } | |
175 | |
176 AttachmentBrokerPrivilegedWin::HandleWireFormat | |
177 AttachmentBrokerPrivilegedWin::CopyWireFormat( | |
178 const HandleWireFormat& wire_format, | |
179 int handle) { | |
180 return HandleWireFormat(handle, wire_format.destination_process, | |
181 wire_format.permissions, wire_format.attachment_id); | |
182 } | |
183 | |
184 } // namespace IPC | |
OLD | NEW |