Supports DevTools socket access authentication based on Android permissions.

net/socket/unix_domain_server_socket_posix.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/unix_domain_server_socket_posix.h"
 
 #include <errno.h>
 #include <sys/socket.h>
 #include <sys/un.h>
 #include <unistd.h>
@@ skipping 11 matching lines @@
     : auth_callback_(auth_callback),
       use_abstract_namespace_(use_abstract_namespace) {
   DCHECK(!auth_callback_.is_null());
 }
 
 UnixDomainServerSocket::~UnixDomainServerSocket() {
 }
 
 // static
 bool UnixDomainServerSocket::GetPeerIds(SocketDescriptor socket,
+                                        pid_t* process_id,
                                         uid_t* user_id,
                                         gid_t* group_id) {
 #if defined(OS_LINUX) || defined(OS_ANDROID)
   struct ucred user_cred;
   socklen_t len = sizeof(user_cred);
   if (getsockopt(socket, SOL_SOCKET, SO_PEERCRED, &user_cred, &len) < 0)
     return false;
+  *process_id = user_cred.pid;
   *user_id = user_cred.uid;
   *group_id = user_cred.gid;
   return true;
 #else
+  *process_id = 0;

[mmenke, 2014/08/01 16:26:52]

Not a huge fan of just silently making process_id 0 on certain platforms.  Don't
suppose there's a way to get PID here?

[SeRya, 2014/08/04 10:47:03]

It seems there is no consensus among UNIX systems that kind of credentials could
be retrieved. As an alternative I can introduce a structure SocketCredential
with fileds user_id, group_id and process_id only on Linux(Android).

[mmenke, 2014/08/04 15:45:58]

I'd prefer that approach.  Setting it to 0 on some platforms makes me worry
about broken checks on platforms where it's not set.  Open to other ideas.

[SeRya, 2014/08/04 20:14:25]

Done.

   return getpeereid(socket, user_id, group_id) == 0;
 #endif
 }
 
 int UnixDomainServerSocket::Listen(const IPEndPoint& address, int backlog) {
   NOTIMPLEMENTED();
   return ERR_NOT_IMPLEMENTED;
 }
 
 int UnixDomainServerSocket::ListenWithAddressAndPort(
@@ skipping 70 matching lines @@
   // to the caller.
   rv = Accept(socket, callback);
   if (rv != ERR_IO_PENDING)
     callback.Run(rv);
 }
 
 bool UnixDomainServerSocket::AuthenticateAndGetStreamSocket(
     scoped_ptr<StreamSocket>* socket) {
   DCHECK(accept_socket_);
 
+  pid_t process_id;
   uid_t user_id;
   gid_t group_id;
-  if (!GetPeerIds(accept_socket_->socket_fd(), &user_id, &group_id) ||
-      !auth_callback_.Run(user_id, group_id)) {
+  if (!GetPeerIds(accept_socket_->socket_fd(),
+          &process_id, &user_id, &group_id) ||
+      !auth_callback_.Run(process_id, user_id, group_id)) {
     accept_socket_.reset();
     return false;
   }
 
   socket->reset(new UnixDomainClientSocket(accept_socket_.Pass()));
   return true;
 }
 
 }  // namespace net