OLD | NEW |
---|---|
(Empty) | |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "chromeos/network/firewall_hole.h" | |
6 | |
7 #include <fcntl.h> | |
8 #include <unistd.h> | |
9 | |
10 #include "base/bind.h" | |
11 #include "base/location.h" | |
12 #include "base/threading/worker_pool.h" | |
13 #include "chromeos/dbus/dbus_thread_manager.h" | |
14 #include "chromeos/dbus/permission_broker_client.h" | |
15 #include "dbus/file_descriptor.h" | |
16 | |
17 namespace chromeos { | |
18 | |
19 namespace { | |
20 | |
21 // Creates a pair of file descriptors that form a "lifeline" between Chrome and | |
22 // firewalld. If this pipe is closed unexpectedly (i.e. Chrome crashes) then | |
23 // firewalld will notice and close the hole in the firewall. | |
24 void CreateValidLifeline(dbus::FileDescriptor* lifeline_local, | |
25 dbus::FileDescriptor* lifeline_remote) { | |
26 int lifeline[2] = {-1, -1}; | |
27 if (pipe2(lifeline, O_CLOEXEC) < 0) { | |
28 PLOG(ERROR) << "Failed to create a lifeline pipe"; | |
29 return; | |
30 } | |
31 | |
32 lifeline_local->PutValue(lifeline[0]); | |
33 lifeline_local->CheckValidity(); | |
34 | |
35 lifeline_remote->PutValue(lifeline[1]); | |
36 lifeline_remote->CheckValidity(); | |
37 } | |
38 | |
39 const char* PortTypeToString(FirewallHole::PortType type) { | |
40 switch (type) { | |
41 case FirewallHole::PortType::TCP: | |
42 return "TCP"; | |
43 case FirewallHole::PortType::UDP: | |
44 return "UDP"; | |
45 } | |
46 NOTREACHED(); | |
47 return nullptr; | |
48 } | |
49 | |
50 void PortReleased(FirewallHole::PortType type, | |
51 uint16_t port, | |
52 const std::string& interface, | |
53 FirewallHole::ScopedFileDescriptor lifeline_fd, | |
54 bool success) { | |
55 if (!success) { | |
56 LOG(WARNING) << "Failed to release firewall hole for " | |
57 << PortTypeToString(type) << " port " << port << " on " | |
58 << interface << "."; | |
59 } | |
60 } | |
61 | |
62 } // namespace | |
63 | |
64 void CHROMEOS_EXPORT FirewallHole::FileDescriptorDeleter::operator()( | |
65 dbus::FileDescriptor* fd) { | |
66 base::WorkerPool::PostTask( | |
67 FROM_HERE, base::Bind(&base::DeletePointer<dbus::FileDescriptor>, fd), | |
68 false); | |
69 } | |
70 | |
71 // static | |
72 void FirewallHole::Open(PortType type, | |
73 uint16_t port, | |
74 const std::string& interface, | |
75 const OpenCallback& callback) { | |
76 ScopedFileDescriptor lifeline_local(new dbus::FileDescriptor()); | |
77 ScopedFileDescriptor lifeline_remote(new dbus::FileDescriptor()); | |
78 | |
79 // This closure shares pointers with the one below. PostTaskAndReply | |
80 // guarantees that it will always be deleted first. | |
81 base::Closure create_lifeline_closure = base::Bind( | |
82 &CreateValidLifeline, lifeline_local.get(), lifeline_remote.get()); | |
83 | |
84 base::WorkerPool::PostTaskAndReply( | |
85 FROM_HERE, create_lifeline_closure, | |
86 base::Bind(&FirewallHole::RequestPortAccess, type, port, interface, | |
87 base::Passed(&lifeline_local), base::Passed(&lifeline_remote), | |
88 callback), | |
89 false); | |
90 } | |
91 | |
92 FirewallHole::~FirewallHole() { | |
93 base::Callback<void(bool)> port_released_closure = base::Bind( | |
94 &PortReleased, type_, port_, interface_, base::Passed(&lifeline_fd_)); | |
95 | |
96 PermissionBrokerClient* client = | |
97 DBusThreadManager::Get()->GetPermissionBrokerClient(); | |
98 DCHECK(client) << "Could not get permission broker client."; | |
99 if (client) { | |
100 switch (type_) { | |
101 case PortType::TCP: | |
102 client->ReleaseTcpPort(port_, interface_, port_released_closure); | |
103 return; | |
104 case PortType::UDP: | |
105 client->ReleaseUdpPort(port_, interface_, port_released_closure); | |
106 return; | |
107 } | |
108 } | |
109 | |
110 NOTREACHED(); | |
pneubeck (no reviews)
2015/03/10 08:49:21
this is equivalent to the DCHECK above.
and DCHECK
Reilly Grant (use Gerrit)
2015/03/10 20:15:16
Done.
| |
111 port_released_closure.Run(false); | |
112 } | |
113 | |
114 void FirewallHole::RequestPortAccess(PortType type, | |
115 uint16_t port, | |
116 const std::string& interface, | |
117 ScopedFileDescriptor lifeline_local, | |
118 ScopedFileDescriptor lifeline_remote, | |
119 const OpenCallback& callback) { | |
120 if (!lifeline_local->is_valid() || !lifeline_remote->is_valid()) { | |
121 callback.Run(nullptr); | |
122 return; | |
123 } | |
124 | |
125 base::Callback<void(bool)> access_granted_closure = | |
126 base::Bind(&FirewallHole::PortAccessGranted, type, port, interface, | |
127 base::Passed(&lifeline_local), callback); | |
128 | |
129 PermissionBrokerClient* client = | |
130 DBusThreadManager::Get()->GetPermissionBrokerClient(); | |
131 DCHECK(client) << "Could not get permission broker client."; | |
132 if (!client) { | |
pneubeck (no reviews)
2015/03/10 08:49:21
same as above. DCHECKs should not be handled.
Plea
Reilly Grant (use Gerrit)
2015/03/10 20:15:16
Done.
| |
133 callback.Run(nullptr); | |
134 return; | |
135 } | |
136 | |
137 switch (type) { | |
138 case PortType::TCP: | |
139 client->RequestTcpPortAccess(port, interface, *lifeline_remote, | |
140 access_granted_closure); | |
141 return; | |
142 case PortType::UDP: | |
143 client->RequestUdpPortAccess(port, interface, *lifeline_remote, | |
144 access_granted_closure); | |
145 return; | |
146 } | |
147 | |
148 NOTREACHED(); | |
149 callback.Run(nullptr); | |
pneubeck (no reviews)
2015/03/10 08:49:21
NOTREACHED = DCHECK should not be handled.
Remove
Reilly Grant (use Gerrit)
2015/03/10 20:15:16
Done.
| |
150 } | |
151 | |
152 void FirewallHole::PortAccessGranted(PortType type, | |
153 uint16_t port, | |
154 const std::string& interface, | |
155 ScopedFileDescriptor lifeline_fd, | |
156 const FirewallHole::OpenCallback& callback, | |
157 bool success) { | |
158 if (success) { | |
159 callback.Run(make_scoped_ptr( | |
160 new FirewallHole(type, port, interface, lifeline_fd.Pass()))); | |
161 } else { | |
162 callback.Run(nullptr); | |
163 } | |
164 } | |
165 | |
166 FirewallHole::FirewallHole(PortType type, | |
167 uint16_t port, | |
168 const std::string& interface, | |
169 ScopedFileDescriptor lifeline_fd) | |
170 : type_(type), | |
171 port_(port), | |
172 interface_(interface), | |
173 lifeline_fd_(lifeline_fd.Pass()) { | |
174 } | |
175 | |
176 } // namespace chromeos | |
OLD | NEW |