| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "ipc/attachment_broker_privileged_win.h" | |
| 6 | |
| 7 #include <windows.h> | |
| 8 | |
| 9 #include <tuple> | |
| 10 | |
| 11 #include "base/process/process.h" | |
| 12 #include "ipc/attachment_broker_messages.h" | |
| 13 #include "ipc/brokerable_attachment.h" | |
| 14 #include "ipc/handle_attachment_win.h" | |
| 15 #include "ipc/ipc_channel.h" | |
| 16 | |
| 17 namespace IPC { | |
| 18 | |
| 19 AttachmentBrokerPrivilegedWin::AttachmentBrokerPrivilegedWin() {} | |
| 20 | |
| 21 AttachmentBrokerPrivilegedWin::~AttachmentBrokerPrivilegedWin() {} | |
| 22 | |
| 23 bool AttachmentBrokerPrivilegedWin::SendAttachmentToProcess( | |
| 24 const scoped_refptr<IPC::BrokerableAttachment>& attachment, | |
| 25 base::ProcessId destination_process) { | |
| 26 switch (attachment->GetBrokerableType()) { | |
| 27 case BrokerableAttachment::WIN_HANDLE: { | |
| 28 internal::HandleAttachmentWin* handle_attachment = | |
| 29 static_cast<internal::HandleAttachmentWin*>(attachment.get()); | |
| 30 HandleWireFormat wire_format = | |
| 31 handle_attachment->GetWireFormat(destination_process); | |
| 32 HandleWireFormat new_wire_format = | |
| 33 DuplicateWinHandle(wire_format, base::Process::Current().Pid()); | |
| 34 handle_attachment->reset_handle_ownership(); | |
| 35 if (new_wire_format.handle == 0) | |
| 36 return false; | |
| 37 RouteDuplicatedHandle(new_wire_format, true); | |
| 38 return true; | |
| 39 } | |
| 40 case BrokerableAttachment::MACH_PORT: | |
| 41 case BrokerableAttachment::PLACEHOLDER: | |
| 42 NOTREACHED(); | |
| 43 return false; | |
| 44 } | |
| 45 return false; | |
| 46 } | |
| 47 | |
| 48 void AttachmentBrokerPrivilegedWin::ReceivedPeerPid(base::ProcessId peer_pid) { | |
| 49 auto it = stored_wire_formats_.find(peer_pid); | |
| 50 if (it == stored_wire_formats_.end()) | |
| 51 return; | |
| 52 | |
| 53 // Make a copy, and destroy the original. | |
| 54 WireFormats wire_formats = it->second; | |
| 55 stored_wire_formats_.erase(it); | |
| 56 | |
| 57 for (const HandleWireFormat& format : wire_formats) { | |
| 58 RouteDuplicatedHandle(format, false); | |
| 59 } | |
| 60 } | |
| 61 | |
| 62 bool AttachmentBrokerPrivilegedWin::OnMessageReceived(const Message& msg) { | |
| 63 bool handled = true; | |
| 64 switch (msg.type()) { | |
| 65 IPC_MESSAGE_HANDLER_GENERIC(AttachmentBrokerMsg_DuplicateWinHandle, | |
| 66 OnDuplicateWinHandle(msg)) | |
| 67 IPC_MESSAGE_UNHANDLED(handled = false) | |
| 68 } | |
| 69 return handled; | |
| 70 } | |
| 71 | |
| 72 void AttachmentBrokerPrivilegedWin::OnDuplicateWinHandle( | |
| 73 const IPC::Message& message) { | |
| 74 AttachmentBrokerMsg_DuplicateWinHandle::Param param; | |
| 75 if (!AttachmentBrokerMsg_DuplicateWinHandle::Read(&message, ¶m)) | |
| 76 return; | |
| 77 IPC::internal::HandleAttachmentWin::WireFormat wire_format = | |
| 78 std::get<0>(param); | |
| 79 | |
| 80 if (wire_format.destination_process == base::kNullProcessId) { | |
| 81 LogError(NO_DESTINATION); | |
| 82 return; | |
| 83 } | |
| 84 | |
| 85 HandleWireFormat new_wire_format = | |
| 86 DuplicateWinHandle(wire_format, message.get_sender_pid()); | |
| 87 RouteDuplicatedHandle(new_wire_format, true); | |
| 88 } | |
| 89 | |
| 90 void AttachmentBrokerPrivilegedWin::RouteDuplicatedHandle( | |
| 91 const HandleWireFormat& wire_format, | |
| 92 bool store_on_failure) { | |
| 93 // This process is the destination. | |
| 94 if (wire_format.destination_process == base::Process::Current().Pid()) { | |
| 95 scoped_refptr<BrokerableAttachment> attachment( | |
| 96 new internal::HandleAttachmentWin(wire_format)); | |
| 97 HandleReceivedAttachment(attachment); | |
| 98 return; | |
| 99 } | |
| 100 | |
| 101 // Another process is the destination. | |
| 102 base::ProcessId dest = wire_format.destination_process; | |
| 103 base::AutoLock auto_lock(*get_lock()); | |
| 104 AttachmentBrokerPrivileged::EndpointRunnerPair pair = | |
| 105 GetSenderWithProcessId(dest); | |
| 106 if (!pair.first) { | |
| 107 if (store_on_failure) { | |
| 108 LogError(DELAYED); | |
| 109 stored_wire_formats_[dest].push_back(wire_format); | |
| 110 } else { | |
| 111 // Assuming that this message was not sent from a malicious process, the | |
| 112 // channel endpoint that would have received this message will block | |
| 113 // forever. | |
| 114 LOG(ERROR) | |
| 115 << "Failed to deliver brokerable attachment to process with id: " | |
| 116 << dest; | |
| 117 LogError(DESTINATION_NOT_FOUND); | |
| 118 } | |
| 119 return; | |
| 120 } | |
| 121 | |
| 122 LogError(DESTINATION_FOUND); | |
| 123 if (!store_on_failure) | |
| 124 LogError(DELAYED_SEND); | |
| 125 | |
| 126 SendMessageToEndpoint( | |
| 127 pair, new AttachmentBrokerMsg_WinHandleHasBeenDuplicated(wire_format)); | |
| 128 } | |
| 129 | |
| 130 AttachmentBrokerPrivilegedWin::HandleWireFormat | |
| 131 AttachmentBrokerPrivilegedWin::DuplicateWinHandle( | |
| 132 const HandleWireFormat& wire_format, | |
| 133 base::ProcessId source_pid) { | |
| 134 // If the source process is the destination process, then no additional work | |
| 135 // is required. | |
| 136 if (source_pid == wire_format.destination_process) | |
| 137 return wire_format; | |
| 138 | |
| 139 // If the handle is not valid, no additional work is required. | |
| 140 if (wire_format.handle == 0) | |
| 141 return wire_format; | |
| 142 | |
| 143 base::Process source_process = | |
| 144 base::Process::OpenWithExtraPrivileges(source_pid); | |
| 145 base::Process dest_process = | |
| 146 base::Process::OpenWithExtraPrivileges(wire_format.destination_process); | |
| 147 if (!source_process.Handle() || !dest_process.Handle()) { | |
| 148 LogError(ERROR_COULD_NOT_OPEN_SOURCE_OR_DEST); | |
| 149 return wire_format; | |
| 150 } | |
| 151 | |
| 152 DWORD desired_access = 0; | |
| 153 DWORD options = DUPLICATE_CLOSE_SOURCE; | |
| 154 switch (wire_format.permissions) { | |
| 155 case HandleWin::INVALID: | |
| 156 LogError(ERROR_INVALID_PERMISSIONS); | |
| 157 return CopyWireFormat(wire_format, 0); | |
| 158 case HandleWin::DUPLICATE: | |
| 159 options |= DUPLICATE_SAME_ACCESS; | |
| 160 break; | |
| 161 case HandleWin::FILE_READ_WRITE: | |
| 162 desired_access = FILE_GENERIC_READ | FILE_GENERIC_WRITE; | |
| 163 break; | |
| 164 } | |
| 165 | |
| 166 HANDLE new_handle; | |
| 167 HANDLE original_handle = LongToHandle(wire_format.handle); | |
| 168 DWORD result = ::DuplicateHandle(source_process.Handle(), original_handle, | |
| 169 dest_process.Handle(), &new_handle, | |
| 170 desired_access, FALSE, options); | |
| 171 | |
| 172 int new_wire_format_handle = (result != 0) ? HandleToLong(new_handle) : 0; | |
| 173 return CopyWireFormat(wire_format, new_wire_format_handle); | |
| 174 } | |
| 175 | |
| 176 AttachmentBrokerPrivilegedWin::HandleWireFormat | |
| 177 AttachmentBrokerPrivilegedWin::CopyWireFormat( | |
| 178 const HandleWireFormat& wire_format, | |
| 179 int handle) { | |
| 180 return HandleWireFormat(handle, wire_format.destination_process, | |
| 181 wire_format.permissions, wire_format.attachment_id); | |
| 182 } | |
| 183 | |
| 184 } // namespace IPC | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2473993003:
Delete IPC::ChannelPosix, IPC::ChannelWin and IPC::AttachmentBroker. (Closed)
