chromeos/network/firewall_hole.cc - Issue 965613002: Open a firewall hole when a TCP server or UDP socket is bound.

Side by Side Diff: chromeos/network/firewall_hole.cc

Issue 965613002: Open a firewall hole when a TCP server or UDP socket is bound. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Actually use the thread_checker_ in FirewallHole. Created 5 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright 2015 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "chromeos/network/firewall_hole.h"

	6

	7 #include <fcntl.h>

	8 #include <unistd.h>

	9

	10 #include "base/bind.h"

	11 #include "base/location.h"

	12 #include "base/threading/worker_pool.h"

	13 #include "chromeos/dbus/dbus_thread_manager.h"

	14 #include "chromeos/dbus/permission_broker_client.h"

	15 #include "dbus/file_descriptor.h"

	16

	17 namespace chromeos {

	18

	19 namespace {

	20

	21 void CreateValidLifeline(dbus::FileDescriptor* lifeline_local,

	22 dbus::FileDescriptor* lifeline_remote) {

	23 int lifeline[2] = {-1, -1};

	24 if (pipe2(lifeline, O_CLOEXEC) < 0) {

	25 PLOG(ERROR) << "Failed to create a lifeline pipe";

	26 return;

	27 }

	28

	29 lifeline_local->PutValue(lifeline[0]);

	30 lifeline_local->CheckValidity();

	31

	32 lifeline_remote->PutValue(lifeline[1]);

	33 lifeline_remote->CheckValidity();

	34 }

	35

	36 void OnPortReleased(FirewallHole::PortType type,

	37 uint16 port,

	38 const std::string& interface,

	39 dbus::FileDescriptor* lifeline_fd,

	40 bool success) {

	41 const char* port_type;
	pneubeck (no reviews) 2015/03/03 22:24:51 please explicitly initialize to null, or probably please explicitly initialize to null, or probably better move this to a helper PortTypeToString that you can call directly in the LOG(...) <<. Currently this code is executed even if success==true Reilly Grant (use Gerrit) 2015/03/04 01:35:50 Done. Show quoted text On 2015/03/03 22:24:51, pneubeck wrote: > please explicitly initialize to null, or probably better move this to a helper > PortTypeToString that you can call directly in the LOG(...) <<. > > Currently this code is executed even if success==true Done.
	42 switch (type) {

	43 case FirewallHole::TCP:

	44 port_type = "TCP";

	45 break;

	46 case FirewallHole::UDP:

	47 port_type = "UDP";

	48 break;

	49 }

	50

	51 if (!success) {

	52 LOG(WARNING) << "Failed to release firewall hold for " << port_type

	53 << " port " << port << " on " << interface << ".";

	54 }

	55

	56 base::WorkerPool::PostTask(

	57 FROM_HERE,

	58 base::Bind(&base::DeletePointer<dbus::FileDescriptor>, lifeline_fd),

	59 false);

	60 }

	61 }

	62

	63 // static

	64 void FirewallHole::Open(PortType type,

	65 uint16 port,

	66 const std::string& interface,

	67 const OpenCallback& callback) {

	68 dbus::FileDescriptor* lifeline_local = new dbus::FileDescriptor();

	69 dbus::FileDescriptor* lifeline_remote = new dbus::FileDescriptor();

	70 FirewallHole* hole = new FirewallHole(type, port, interface, lifeline_local);

	71 base::WorkerPool::PostTaskAndReply(

	72 FROM_HERE,

	73 base::Bind(&CreateValidLifeline, lifeline_local, lifeline_remote),

	74 base::Bind(&FirewallHole::OnLifelineCreated, base::Unretained(hole),

	75 base::Owned(lifeline_remote), callback),

	76 false);

	77 }

	78

	79 FirewallHole::~FirewallHole() {

	80 DCHECK(thread_checker_.CalledOnValidThread());

	81 if (opened_) {

	82 PermissionBrokerClient* client =

	83 DBusThreadManager::Get()->GetPermissionBrokerClient();

	84 if (client) {
	pneubeck (no reviews) 2015/03/03 22:24:51 the 'return' below is a bit hidden. would be clear the 'return' below is a bit hidden. would be clearer with DCHECK(client) << ...; ... return; Reilly Grant (use Gerrit) 2015/03/07 02:36:03 Done. Show quoted text On 2015/03/03 22:24:51, pneubeck wrote: > the 'return' below is a bit hidden. > would be clearer with > DCHECK(client) << ...; > ... > return; Done.
	85 switch (type_) {

	86 case TCP:

	87 client->ReleaseTcpPort(port_, interface_,

	88 base::Bind(OnPortReleased, type_, port_,

	89 interface_, lifeline_fd_));

	90 break;

	91 case UDP:

	92 client->ReleaseUdpPort(port_, interface_,

	93 base::Bind(OnPortReleased, type_, port_,

	94 interface_, lifeline_fd_));

	95 break;

	96 }

	97 return;

	98 } else {

	99 NOTREACHED() << "Could not get permission broker client.";

	100 }

	101 }

	102

	103 base::WorkerPool::PostTask(

	104 FROM_HERE,

	105 base::Bind(&base::DeletePointer<dbus::FileDescriptor>, lifeline_fd_),

	106 false);

	107 }

	108

	109 FirewallHole::FirewallHole(PortType type,

	110 uint16 port,

	111 const std::string& interface,

	112 dbus::FileDescriptor* lifeline_fd)

	113 : type_(type),

	114 port_(port),

	115 interface_(interface),

	116 opened_(false),
	pneubeck (no reviews) 2015/03/03 22:24:51 optional: consider using the new c++11 "Non-Static optional: consider using the new c++11 "Non-Static Class Member Initializers" instead in the header, see http://chromium-cpp.appspot.com/. Reilly Grant (use Gerrit) 2015/03/04 01:35:50 Done. Show quoted text On 2015/03/03 22:24:51, pneubeck wrote: > optional: > consider using the new c++11 "Non-Static Class Member Initializers" instead in > the header, see http://chromium-cpp.appspot.com/. Done.
	117 lifeline_fd_(lifeline_fd) {

	118 }

	119

	120 void FirewallHole::OnLifelineCreated(dbus::FileDescriptor* lifeline_remote,

	121 const OpenCallback& callback) {

	122 DCHECK(thread_checker_.CalledOnValidThread());

	123 PermissionBrokerClient* client =

	124 DBusThreadManager::Get()->GetPermissionBrokerClient();
	pneubeck (no reviews) 2015/03/03 22:24:51 please don't rely on the singleton and pass in the please don't rely on the singleton and pass in the client explicitly. That way you can mock the client in a unit test and you don't have to check !client in here. Reilly Grant (use Gerrit) 2015/03/04 01:35:50 Done. Show quoted text On 2015/03/03 22:24:51, pneubeck wrote: > please don't rely on the singleton and pass in the client explicitly. > That way you can mock the client in a unit test and you don't have to check > !client in here. Done. pneubeck (no reviews) 2015/03/08 03:35:01 Hm. Not really done but I also see the issue with Show quoted text On 2015/03/04 01:35:50, reillyg wrote: > On 2015/03/03 22:24:51, pneubeck wrote: > > please don't rely on the singleton and pass in the client explicitly. > > That way you can mock the client in a unit test and you don't have to check > > !client in here. > > Done. Hm. Not really done but I also see the issue with the lifetime if you pass the client explicitly and that you need some global instance that tells you whether the client is still existent or not. Please add at least a unit test that exercises the positive/successful flow of creating the firewall hole. You'll probably see then what the issues with DBusThreadManager are. (You'll end-up initializing all Stub DBusClients, e.g. Bluetooth)
	125 if (!client) {

	126 NOTREACHED() << "Could not get permission broker client.";

	127 callback.Run(nullptr);

	128 delete this;

	129 return;

	130 }

	131

	132 switch (type_) {

	133 case TCP:

	134 client->RequestTcpPortAccess(

	135 port_, interface_, *lifeline_remote,

	136 base::Bind(&FirewallHole::OnPortAccessGranted, base::Unretained(this),
	pneubeck (no reviews) 2015/03/03 22:24:51 are you assuming here that \|this\| is outliving \|cl are you assuming here that \|this\| is outliving \|client\| ? that seems not to be the case looking at the NOTREACHEDs in line 126 and 99. Reilly Grant (use Gerrit) 2015/03/07 02:36:03 I believe this is addressed in the latest patchset Show quoted text On 2015/03/03 22:24:51, pneubeck wrote: > are you assuming here that \|this\| is outliving \|client\| ? > that seems not to be the case looking at the NOTREACHEDs in line 126 and 99. I believe this is addressed in the latest patchset.
	137 callback));

	138 break;

	139 case UDP:

	140 client->RequestUdpPortAccess(

	141 port_, interface_, *lifeline_remote,

	142 base::Bind(&FirewallHole::OnPortAccessGranted, base::Unretained(this),

	143 callback));

	144 break;

	145 }

	146 }

	147

	148 void FirewallHole::OnPortAccessGranted(

	149 const FirewallHole::OpenCallback& callback,

	150 bool success) {

	151 DCHECK(thread_checker_.CalledOnValidThread());

	152 if (success) {

	153 opened_ = true;

	154 callback.Run(make_scoped_ptr(this));

	155 } else {

	156 callback.Run(nullptr);

	157 delete this;
	pneubeck (no reviews) 2015/03/03 22:24:50 delete this is... dangerous. E.g. if client->Requ delete this is... dangerous. E.g. if client->RequestUdpPortAccess calls its callback synchronously (which isn't unrealistic in certain error cases), you have an invalid this pointer on the call stack after this pointer. You would have to document that at several places. Better not rely on a \|delete this\| at all. Reilly Grant (use Gerrit) 2015/03/04 01:35:49 Done. Show quoted text On 2015/03/03 22:24:50, pneubeck wrote: > delete this is... dangerous. > > E.g. if client->RequestUdpPortAccess calls its callback synchronously (which > isn't unrealistic in certain error cases), you have an invalid this pointer on > the call stack after this pointer. > You would have to document that at several places. > > Better not rely on a \|delete this\| at all. Done.
	158 }

	159 }

	160

	161 } // namespace chromeos

OLD	NEW

« chromeos/network/firewall_hole.h ('K') | « chromeos/network/firewall_hole.h ('k') | extensions/browser/api/socket/socket.h » ('j') | extensions/browser/api/socket/socket_api.h » ('J')