Replace base::SharedMemory read-only methods with GetReadOnlyHandle.

base/memory/shared_memory.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef BASE_MEMORY_SHARED_MEMORY_H_
 #define BASE_MEMORY_SHARED_MEMORY_H_
 
 #include <stddef.h>
 
 #include <string>
@@ skipping 62 matching lines @@
   // Similar to the default constructor, except that this allows for
   // calling LockDeprecated() to acquire the named mutex before either Create or
   // Open are called on Windows.
   explicit SharedMemory(const std::wstring& name);
 #endif
 
   // Create a new SharedMemory object from an existing, open
   // shared memory file.
   //
   // WARNING: This does not reduce the OS-level permissions on the handle; it
-  // only affects how the SharedMemory will be mmapped.  Use
-  // ShareReadOnlyToProcess to drop permissions.  TODO(jln,jyasskin): DCHECK
+  // only affects how the SharedMemory will be mmapped. Use
+  // GetReadOnlyHandle to drop permissions. TODO(jln,jyasskin): DCHECK
   // that |read_only| matches the permissions of the handle.
   SharedMemory(const SharedMemoryHandle& handle, bool read_only);
 
   // Closes any open files.
   ~SharedMemory();
 
   // Return true iff the given handle is valid (i.e. not the distingished
   // invalid value; NULL for a HANDLE and -1 for a file descriptor)
   static bool IsHandleValid(const SharedMemoryHandle& handle);
 
@@ skipping 104 matching lines @@
   //   SharedMemoryHandle dup = DuplicateHandle(handle());
   //   Close();
   //   return dup;
   SharedMemoryHandle TakeHandle();
 
   // Closes the open shared memory segment. The memory will remain mapped if
   // it was previously mapped.
   // It is safe to call Close repeatedly.
   void Close();
 
-  // Shares the shared memory to another process.  Attempts to create a
-  // platform-specific new_handle which can be used in a remote process to read
-  // the shared memory file.  new_handle is an output parameter to receive the
-  // handle for use in the remote process.
-  //
-  // |*this| must have been initialized using one of the Create*() or Open()
-  // methods with share_read_only=true. If it was constructed from a
-  // SharedMemoryHandle, this call will CHECK-fail.
-  //
-  // Returns true on success, false otherwise.
-  bool ShareReadOnlyToProcess(ProcessHandle process,
-                              SharedMemoryHandle* new_handle) {
-    return ShareToProcessCommon(process, new_handle, false, SHARE_READONLY);
-  }
-
-  // Logically equivalent to:
-  //   bool ok = ShareReadOnlyToProcess(process, new_handle);
-  //   Close();
-  //   return ok;
-  // Note that the memory is unmapped by calling this method, regardless of the
-  // return value.
-  bool GiveReadOnlyToProcess(ProcessHandle process,
-                             SharedMemoryHandle* new_handle) {
-    return ShareToProcessCommon(process, new_handle, true, SHARE_READONLY);
-  }
+  // Returns a read-only handle to this shared memory region. The caller takes
+  // ownership of the handle. CHECK-fails if the region wasn't Created or

[Nico, 2017/05/02 15:48:39]

I didn't see this promised CHECK on all platforms.

[erikchen, 2017/05/02 17:52:18]

It's only relevant for POSIX handles. I've updated the comment.

+  // Opened with share_read_only=true. When the handle is passed to the IPC
+  // subsystem, that takes ownership of the handle. As such, it's not valid to
+  // pass the sample handle to the IPC subsystem twice.

[Nico, 2017/05/02 15:48:39]

Say that this will return an invalid handle on failure.

[erikchen, 2017/05/02 17:52:18]

Done.

+  SharedMemoryHandle GetReadOnlyHandle();
 
   // Shares the shared memory to another process.  Attempts
   // to create a platform-specific new_handle which can be
   // used in a remote process to access the shared memory
   // file.  new_handle is an output parameter to receive
   // the handle for use in the remote process.
   // Returns true on success, false otherwise.
   bool ShareToProcess(ProcessHandle process,
                       SharedMemoryHandle* new_handle) {
-    return ShareToProcessCommon(process, new_handle, false, SHARE_CURRENT_MODE);
+    return ShareToProcessCommon(process, new_handle, false);
   }
 
   // Logically equivalent to:
   //   bool ok = ShareToProcess(process, new_handle);
   //   Close();
   //   return ok;
   // Note that the memory is unmapped by calling this method, regardless of the
   // return value.
   bool GiveToProcess(ProcessHandle process,
                      SharedMemoryHandle* new_handle) {
-    return ShareToProcessCommon(process, new_handle, true, SHARE_CURRENT_MODE);
+    return ShareToProcessCommon(process, new_handle, true);
   }
 
 #if defined(OS_POSIX) && (!defined(OS_MACOSX) || defined(OS_IOS)) && \
     !defined(OS_NACL)
   using UniqueId = std::pair<dev_t, ino_t>;
 
   struct UniqueIdHash {
     size_t operator()(const UniqueId& id) const {
       return HashInts(id.first, id.second);
     }
   };
 
   // Returns a unique ID for this shared memory's handle. Note this function may
   // access file system and be slow.
   bool GetUniqueId(UniqueId* id) const;
 #endif
 
  private:
 #if defined(OS_POSIX) && !defined(OS_NACL) && !defined(OS_ANDROID) && \
     (!defined(OS_MACOSX) || defined(OS_IOS))
   bool FilePathForMemoryName(const std::string& mem_name, FilePath* path);
 #endif
 
-  enum ShareMode {
-    SHARE_READONLY,
-    SHARE_CURRENT_MODE,
-  };
-
 #if defined(OS_MACOSX)
-  bool Share(SharedMemoryHandle* new_handle, ShareMode share_mode);
+  bool Share(SharedMemoryHandle* new_handle);
 #endif
 
   bool ShareToProcessCommon(ProcessHandle process,
                             SharedMemoryHandle* new_handle,
-                            bool close_self,
-                            ShareMode);
+                            bool close_self);
 
 #if defined(OS_WIN)
   // If true indicates this came from an external source so needs extra checks
   // before being mapped.
   bool external_section_;
   std::wstring       name_;
   win::ScopedHandle  mapped_file_;
-#elif defined(OS_MACOSX) && !defined(OS_IOS)
+#else
   // The OS primitive that backs the shared memory region.
   SharedMemoryHandle shm_;
 
+  // If valid, points to the same memory region as shm_, but with readonly
+  // permissions.
+  SharedMemoryHandle readonly_shm_;
+#endif
+
+#if defined(OS_MACOSX) && !defined(OS_IOS)
   // The mechanism by which the memory is mapped. Only valid if |memory_| is not
   // |nullptr|.
   SharedMemoryHandle::Type mapped_memory_mechanism_;
+#endif
 
-  int readonly_mapped_file_;
-#elif defined(OS_POSIX)
-  // The OS primitive that backs the shared memory region.
-  SharedMemoryHandle shm_;
-  int                readonly_mapped_file_;
-#endif
   size_t             mapped_size_;
   void*              memory_;
   bool               read_only_;
   size_t             requested_size_;
 
   DISALLOW_COPY_AND_ASSIGN(SharedMemory);
 };
 
 }  // namespace base
 
 #endif  // BASE_MEMORY_SHARED_MEMORY_H_