Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(196)

Unified Diff: chromeos/network/firewall_hole.h

Issue 965613002: Open a firewall hole when a TCP server or UDP socket is bound. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Rebased. Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chromeos/dbus/fake_permission_broker_client.cc ('k') | chromeos/network/firewall_hole.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chromeos/network/firewall_hole.h
diff --git a/chromeos/network/firewall_hole.h b/chromeos/network/firewall_hole.h
new file mode 100644
index 0000000000000000000000000000000000000000..2bd678813210ee0f142e2c1e90590b903a3132a6
--- /dev/null
+++ b/chromeos/network/firewall_hole.h
@@ -0,0 +1,80 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROMEOS_NETWORK_FIREWALL_HOLE_H_
+#define CHROMEOS_NETWORK_FIREWALL_HOLE_H_
+
+#include <stdint.h>
+#include <string>
+
+#include "base/callback_forward.h"
+#include "base/memory/scoped_ptr.h"
+#include "chromeos/chromeos_export.h"
+
+namespace dbus {
+class FileDescriptor;
+}
+
+namespace chromeos {
+
+// This class works with the Chrome OS permission broker to open a port in the
+// system firewall. It is closed on destruction.
+class CHROMEOS_EXPORT FirewallHole {
+ public:
+ enum class PortType {
+ UDP,
+ TCP,
+ };
+
+ typedef base::Callback<void(scoped_ptr<FirewallHole>)> OpenCallback;
+
+ // This provides a simple way to pass around file descriptors since they must
+ // be closed on a thread that is allowed to perform I/O.
+ struct FileDescriptorDeleter {
+ void CHROMEOS_EXPORT operator()(dbus::FileDescriptor* fd);
+ };
+ typedef scoped_ptr<dbus::FileDescriptor, FileDescriptorDeleter>
+ ScopedFileDescriptor;
+
+ // Opens a port on the system firewall for the given network interface (or all
+ // interfaces if |interface| is ""). The hole will be closed when the object
+ // provided to the callback is destroyed.
+ static void Open(PortType type,
+ uint16_t port,
+ const std::string& interface,
+ const OpenCallback& callback);
+
+ ~FirewallHole();
+
+ private:
+ static void RequestPortAccess(PortType type,
+ uint16_t port,
+ const std::string& interface,
+ ScopedFileDescriptor lifeline_local,
+ ScopedFileDescriptor lifeline_remote,
+ const OpenCallback& callback);
+
+ static void PortAccessGranted(PortType type,
+ uint16_t port,
+ const std::string& interface,
+ ScopedFileDescriptor lifeline_fd,
+ const FirewallHole::OpenCallback& callback,
+ bool success);
+
+ FirewallHole(PortType type,
+ uint16_t port,
+ const std::string& interface,
+ ScopedFileDescriptor lifeline_fd);
+
+ const PortType type_;
+ const uint16_t port_;
+ const std::string interface_;
+
+ // A file descriptor used by firewalld to track the lifetime of this process.
+ ScopedFileDescriptor lifeline_fd_;
+};
+
+} // namespace chromeos
+
+#endif // CHROMEOS_NETWORK_FIREWALL_HOLE_H_
« no previous file with comments | « chromeos/dbus/fake_permission_broker_client.cc ('k') | chromeos/network/firewall_hole.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698