Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(185)

Side by Side Diff: chromeos/network/firewall_hole.cc

Issue 965613002: Open a firewall hole when a TCP server or UDP socket is bound. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Add firewall_hole_unittest.cc. Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
(Empty)
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "chromeos/network/firewall_hole.h"
6
7 #include <fcntl.h>
8 #include <unistd.h>
9
10 #include "base/bind.h"
11 #include "base/location.h"
12 #include "base/threading/worker_pool.h"
13 #include "chromeos/dbus/dbus_thread_manager.h"
14 #include "chromeos/dbus/permission_broker_client.h"
15 #include "dbus/file_descriptor.h"
16
17 namespace chromeos {
18
19 namespace {
20
21 // Creates a pair of file descriptors that form a "lifeline" between Chrome and
22 // firewalld. If this pipe is closed unexpectedly (i.e. Chrome crashes) then
23 // firewalld will notice and close the hole in the firewall.
24 void CreateValidLifeline(dbus::FileDescriptor* lifeline_local,
25 dbus::FileDescriptor* lifeline_remote) {
26 int lifeline[2] = {-1, -1};
27 if (pipe2(lifeline, O_CLOEXEC) < 0) {
28 PLOG(ERROR) << "Failed to create a lifeline pipe";
29 return;
30 }
31
32 lifeline_local->PutValue(lifeline[0]);
33 lifeline_local->CheckValidity();
34
35 lifeline_remote->PutValue(lifeline[1]);
36 lifeline_remote->CheckValidity();
37 }
38
39 const char* PortTypeToString(FirewallHole::PortType type) {
40 switch (type) {
41 case FirewallHole::PortType::TCP:
42 return "TCP";
43 case FirewallHole::PortType::UDP:
44 return "UDP";
45 }
46 NOTREACHED();
47 return nullptr;
48 }
49
50 void PortReleased(FirewallHole::PortType type,
51 uint16_t port,
52 const std::string& interface,
53 FirewallHole::ScopedFileDescriptor lifeline_fd,
54 bool success) {
55 if (!success) {
56 LOG(WARNING) << "Failed to release firewall hole for "
57 << PortTypeToString(type) << " port " << port << " on "
58 << interface << ".";
59 }
60 }
61
62 } // namespace
63
64 void CHROMEOS_EXPORT FirewallHole::FileDescriptorDeleter::operator()(
65 dbus::FileDescriptor* fd) {
66 base::WorkerPool::PostTask(
67 FROM_HERE, base::Bind(&base::DeletePointer<dbus::FileDescriptor>, fd),
68 false);
69 }
70
71 // static
72 void FirewallHole::Open(PortType type,
73 uint16_t port,
74 const std::string& interface,
75 const OpenCallback& callback) {
76 ScopedFileDescriptor lifeline_local(new dbus::FileDescriptor());
77 ScopedFileDescriptor lifeline_remote(new dbus::FileDescriptor());
78
79 // This closure shares pointers with the one below. PostTaskAndReply
80 // guarantees that it will always be deleted first.
81 base::Closure create_lifeline_closure = base::Bind(
82 &CreateValidLifeline, lifeline_local.get(), lifeline_remote.get());
83
84 base::WorkerPool::PostTaskAndReply(
85 FROM_HERE, create_lifeline_closure,
86 base::Bind(&FirewallHole::RequestPortAccess, type, port, interface,
87 base::Passed(&lifeline_local), base::Passed(&lifeline_remote),
88 callback),
89 false);
90 }
91
92 FirewallHole::~FirewallHole() {
93 base::Callback<void(bool)> port_released_closure = base::Bind(
94 &PortReleased, type_, port_, interface_, base::Passed(&lifeline_fd_));
95
96 PermissionBrokerClient* client =
97 DBusThreadManager::Get()->GetPermissionBrokerClient();
98 DCHECK(client) << "Could not get permission broker client.";
99 if (client) {
100 switch (type_) {
101 case PortType::TCP:
102 client->ReleaseTcpPort(port_, interface_, port_released_closure);
103 return;
104 case PortType::UDP:
105 client->ReleaseUdpPort(port_, interface_, port_released_closure);
106 return;
107 }
108 }
109
110 NOTREACHED();
pneubeck (no reviews) 2015/03/10 08:49:21 this is equivalent to the DCHECK above. and DCHECK
Reilly Grant (use Gerrit) 2015/03/10 20:15:16 Done.
111 port_released_closure.Run(false);
112 }
113
114 void FirewallHole::RequestPortAccess(PortType type,
115 uint16_t port,
116 const std::string& interface,
117 ScopedFileDescriptor lifeline_local,
118 ScopedFileDescriptor lifeline_remote,
119 const OpenCallback& callback) {
120 if (!lifeline_local->is_valid() || !lifeline_remote->is_valid()) {
121 callback.Run(nullptr);
122 return;
123 }
124
125 base::Callback<void(bool)> access_granted_closure =
126 base::Bind(&FirewallHole::PortAccessGranted, type, port, interface,
127 base::Passed(&lifeline_local), callback);
128
129 PermissionBrokerClient* client =
130 DBusThreadManager::Get()->GetPermissionBrokerClient();
131 DCHECK(client) << "Could not get permission broker client.";
132 if (!client) {
pneubeck (no reviews) 2015/03/10 08:49:21 same as above. DCHECKs should not be handled. Plea
Reilly Grant (use Gerrit) 2015/03/10 20:15:16 Done.
133 callback.Run(nullptr);
134 return;
135 }
136
137 switch (type) {
138 case PortType::TCP:
139 client->RequestTcpPortAccess(port, interface, *lifeline_remote,
140 access_granted_closure);
141 return;
142 case PortType::UDP:
143 client->RequestUdpPortAccess(port, interface, *lifeline_remote,
144 access_granted_closure);
145 return;
146 }
147
148 NOTREACHED();
149 callback.Run(nullptr);
pneubeck (no reviews) 2015/03/10 08:49:21 NOTREACHED = DCHECK should not be handled. Remove
Reilly Grant (use Gerrit) 2015/03/10 20:15:16 Done.
150 }
151
152 void FirewallHole::PortAccessGranted(PortType type,
153 uint16_t port,
154 const std::string& interface,
155 ScopedFileDescriptor lifeline_fd,
156 const FirewallHole::OpenCallback& callback,
157 bool success) {
158 if (success) {
159 callback.Run(make_scoped_ptr(
160 new FirewallHole(type, port, interface, lifeline_fd.Pass())));
161 } else {
162 callback.Run(nullptr);
163 }
164 }
165
166 FirewallHole::FirewallHole(PortType type,
167 uint16_t port,
168 const std::string& interface,
169 ScopedFileDescriptor lifeline_fd)
170 : type_(type),
171 port_(port),
172 interface_(interface),
173 lifeline_fd_(lifeline_fd.Pass()) {
174 }
175
176 } // namespace chromeos
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698