chromeos/network/firewall_hole.cc - Issue 965613002: Open a firewall hole when a TCP server or UDP socket is bound.

Side by Side Diff: chromeos/network/firewall_hole.cc

Issue 965613002: Open a firewall hole when a TCP server or UDP socket is bound. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Add firewall_hole_unittest.cc. Created 5 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright 2015 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "chromeos/network/firewall_hole.h"

	6

	7 #include <fcntl.h>

	8 #include <unistd.h>

	9

	10 #include "base/bind.h"

	11 #include "base/location.h"

	12 #include "base/threading/worker_pool.h"

	13 #include "chromeos/dbus/dbus_thread_manager.h"

	14 #include "chromeos/dbus/permission_broker_client.h"

	15 #include "dbus/file_descriptor.h"

	16

	17 namespace chromeos {

	18

	19 namespace {

	20

	21 // Creates a pair of file descriptors that form a "lifeline" between Chrome and

	22 // firewalld. If this pipe is closed unexpectedly (i.e. Chrome crashes) then

	23 // firewalld will notice and close the hole in the firewall.

	24 void CreateValidLifeline(dbus::FileDescriptor* lifeline_local,

	25 dbus::FileDescriptor* lifeline_remote) {

	26 int lifeline[2] = {-1, -1};

	27 if (pipe2(lifeline, O_CLOEXEC) < 0) {

	28 PLOG(ERROR) << "Failed to create a lifeline pipe";

	29 return;

	30 }

	31

	32 lifeline_local->PutValue(lifeline[0]);

	33 lifeline_local->CheckValidity();

	34

	35 lifeline_remote->PutValue(lifeline[1]);

	36 lifeline_remote->CheckValidity();

	37 }

	38

	39 const char* PortTypeToString(FirewallHole::PortType type) {

	40 switch (type) {

	41 case FirewallHole::PortType::TCP:

	42 return "TCP";

	43 case FirewallHole::PortType::UDP:

	44 return "UDP";

	45 }

	46 NOTREACHED();

	47 return nullptr;

	48 }

	49

	50 void PortReleased(FirewallHole::PortType type,

	51 uint16_t port,

	52 const std::string& interface,

	53 FirewallHole::ScopedFileDescriptor lifeline_fd,

	54 bool success) {

	55 if (!success) {

	56 LOG(WARNING) << "Failed to release firewall hole for "

	57 << PortTypeToString(type) << " port " << port << " on "

	58 << interface << ".";

	59 }

	60 }

	61

	62 } // namespace

	63

	64 void CHROMEOS_EXPORT FirewallHole::FileDescriptorDeleter::operator()(

	65 dbus::FileDescriptor* fd) {

	66 base::WorkerPool::PostTask(

	67 FROM_HERE, base::Bind(&base::DeletePointer<dbus::FileDescriptor>, fd),

	68 false);

	69 }

	70

	71 // static

	72 void FirewallHole::Open(PortType type,

	73 uint16_t port,

	74 const std::string& interface,

	75 const OpenCallback& callback) {

	76 ScopedFileDescriptor lifeline_local(new dbus::FileDescriptor());

	77 ScopedFileDescriptor lifeline_remote(new dbus::FileDescriptor());

	78

	79 // This closure shares pointers with the one below. PostTaskAndReply

	80 // guarantees that it will always be deleted first.

	81 base::Closure create_lifeline_closure = base::Bind(

	82 &CreateValidLifeline, lifeline_local.get(), lifeline_remote.get());

	83

	84 base::WorkerPool::PostTaskAndReply(

	85 FROM_HERE, create_lifeline_closure,

	86 base::Bind(&FirewallHole::RequestPortAccess, type, port, interface,

	87 base::Passed(&lifeline_local), base::Passed(&lifeline_remote),

	88 callback),

	89 false);

	90 }

	91

	92 FirewallHole::~FirewallHole() {

	93 base::Callback<void(bool)> port_released_closure = base::Bind(

	94 &PortReleased, type_, port_, interface_, base::Passed(&lifeline_fd_));

	95

	96 PermissionBrokerClient* client =

	97 DBusThreadManager::Get()->GetPermissionBrokerClient();

	98 DCHECK(client) << "Could not get permission broker client.";

	99 if (client) {

	100 switch (type_) {

	101 case PortType::TCP:

	102 client->ReleaseTcpPort(port_, interface_, port_released_closure);

	103 return;

	104 case PortType::UDP:

	105 client->ReleaseUdpPort(port_, interface_, port_released_closure);

	106 return;

	107 }

	108 }

	109

	110 NOTREACHED();
	pneubeck (no reviews) 2015/03/10 08:49:21 this is equivalent to the DCHECK above. and DCHECK this is equivalent to the DCHECK above. and DCHECKs shouldn't be handled (according to the chromium styleguide), so just remove lines 99, 110 and 111. Reilly Grant (use Gerrit) 2015/03/10 20:15:16 Done. Show quoted text On 2015/03/10 08:49:21, pneubeck wrote: > this is equivalent to the DCHECK above. > and DCHECKs shouldn't be handled (according to the chromium styleguide), so just > remove lines 99, 110 and 111. Done.
	111 port_released_closure.Run(false);

	112 }

	113

	114 void FirewallHole::RequestPortAccess(PortType type,

	115 uint16_t port,

	116 const std::string& interface,

	117 ScopedFileDescriptor lifeline_local,

	118 ScopedFileDescriptor lifeline_remote,

	119 const OpenCallback& callback) {

	120 if (!lifeline_local->is_valid() \|\| !lifeline_remote->is_valid()) {

	121 callback.Run(nullptr);

	122 return;

	123 }

	124

	125 base::Callback<void(bool)> access_granted_closure =

	126 base::Bind(&FirewallHole::PortAccessGranted, type, port, interface,

	127 base::Passed(&lifeline_local), callback);

	128

	129 PermissionBrokerClient* client =

	130 DBusThreadManager::Get()->GetPermissionBrokerClient();

	131 DCHECK(client) << "Could not get permission broker client.";

	132 if (!client) {
	pneubeck (no reviews) 2015/03/10 08:49:21 same as above. DCHECKs should not be handled. Plea same as above. DCHECKs should not be handled. Please remove lines 132-135. Reilly Grant (use Gerrit) 2015/03/10 20:15:16 Done. Show quoted text On 2015/03/10 08:49:21, pneubeck wrote: > same as above. DCHECKs should not be handled. > Please remove lines 132-135. Done.
	133 callback.Run(nullptr);

	134 return;

	135 }

	136

	137 switch (type) {

	138 case PortType::TCP:

	139 client->RequestTcpPortAccess(port, interface, *lifeline_remote,

	140 access_granted_closure);

	141 return;

	142 case PortType::UDP:

	143 client->RequestUdpPortAccess(port, interface, *lifeline_remote,

	144 access_granted_closure);

	145 return;

	146 }

	147

	148 NOTREACHED();

	149 callback.Run(nullptr);
	pneubeck (no reviews) 2015/03/10 08:49:21 NOTREACHED = DCHECK should not be handled. Remove NOTREACHED = DCHECK should not be handled. Remove line 149 Reilly Grant (use Gerrit) 2015/03/10 20:15:16 Done. Show quoted text On 2015/03/10 08:49:21, pneubeck wrote: > NOTREACHED = DCHECK should not be handled. > Remove line 149 Done.
	150 }

	151

	152 void FirewallHole::PortAccessGranted(PortType type,

	153 uint16_t port,

	154 const std::string& interface,

	155 ScopedFileDescriptor lifeline_fd,

	156 const FirewallHole::OpenCallback& callback,

	157 bool success) {

	158 if (success) {

	159 callback.Run(make_scoped_ptr(

	160 new FirewallHole(type, port, interface, lifeline_fd.Pass())));

	161 } else {

	162 callback.Run(nullptr);

	163 }

	164 }

	165

	166 FirewallHole::FirewallHole(PortType type,

	167 uint16_t port,

	168 const std::string& interface,

	169 ScopedFileDescriptor lifeline_fd)

	170 : type_(type),

	171 port_(port),

	172 interface_(interface),

	173 lifeline_fd_(lifeline_fd.Pass()) {

	174 }

	175

	176 } // namespace chromeos

OLD	NEW

« no previous file with comments | « chromeos/network/firewall_hole.h ('k') | chromeos/network/firewall_hole_unittest.cc » ('j') | chromeos/network/firewall_hole_unittest.cc » ('J')