Use fixed socket name instead of SecureSocketWithKey

chrome/common/service_process_util_mac.mm

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/common/service_process_util_posix.h"
 
 #import <Foundation/Foundation.h>
 #include <launch.h>
 
 #include <vector>
 
 #include "base/bind.h"
 #include "base/command_line.h"
 #include "base/files/file_path.h"
 #include "base/mac/bundle_locations.h"
 #include "base/mac/foundation_util.h"
 #include "base/mac/mac_util.h"
 #include "base/mac/scoped_nsautorelease_pool.h"
 #include "base/mac/scoped_nsobject.h"
 #include "base/path_service.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/strings/sys_string_conversions.h"
 #include "base/threading/thread_restrictions.h"
 #include "base/version.h"
 #include "chrome/common/chrome_paths.h"
 #include "chrome/common/chrome_switches.h"
 #include "chrome/common/chrome_version_info.h"
 #include "chrome/common/mac/launchd.h"
+#include "ipc/unix_domain_socket_util.h"
 
 using ::base::FilePathWatcher;
 
 namespace {
 
 #define kServiceProcessSessionType "Aqua"
 
 CFStringRef CopyServiceProcessLaunchDName() {
   base::mac::ScopedNSAutoreleasePool pool;
   NSBundle* bundle = base::mac::FrameworkBundle();
   return CFStringCreateCopy(kCFAllocatorDefault,
                             base::mac::NSToCFCast([bundle bundleIdentifier]));
 }
 
 NSString* GetServiceProcessLaunchDLabel() {
   base::scoped_nsobject<NSString> name(
       base::mac::CFToNSCast(CopyServiceProcessLaunchDName()));
   NSString *label = [name stringByAppendingString:@".service_process"];
   base::FilePath user_data_dir;
   PathService::Get(chrome::DIR_USER_DATA, &user_data_dir);
   std::string user_data_dir_path = user_data_dir.value();
   NSString *ns_path = base::SysUTF8ToNSString(user_data_dir_path);
   ns_path = [ns_path stringByReplacingOccurrencesOfString:@" "
                                                withString:@"_"];
   label = [label stringByAppendingString:ns_path];
   return label;
 }
 
-NSString* GetServiceProcessLaunchDSocketKey() {
-  return @"ServiceProcessSocket";
-}
-
 bool GetParentFSRef(const FSRef& child, FSRef* parent) {
   return FSGetCatalogInfo(&child, 0, NULL, NULL, NULL, parent) == noErr;
 }
 
 bool RemoveFromLaunchd() {
   // We're killing a file.
   base::ThreadRestrictions::AssertIOAllowed();
   base::ScopedCFTypeRef<CFStringRef> name(CopyServiceProcessLaunchDName());
   return Launchd::GetInstance()->DeletePlist(Launchd::User,
                                              Launchd::Agent,
                                              name);
 }
 
 class ExecFilePathWatcherCallback {
  public:
   ExecFilePathWatcherCallback() {}
   ~ExecFilePathWatcherCallback() {}
 
   bool Init(const base::FilePath& path);
   void NotifyPathChanged(const base::FilePath& path, bool error);
 
  private:
   FSRef executable_fsref_;
 };
 
+base::FilePath GetServiceProcessSocketName() {
+  base::FilePath socket_name;
+  PathService::Get(base::DIR_TEMP, &socket_name);
+  std::string pipe_name = GetServiceProcessScopedName("srv");
+  socket_name = socket_name.Append(pipe_name);
+  if (socket_name.value().size() < IPC::kMaxSocketNameLength)
+    return socket_name;
+  // Fallback to /tmp if $TMPDIR is too long.

[Robert Sesek, 2015/03/05 22:34:02]

When would this happen?

[Vitaly Buka (NO REVIEWS), 2015/03/05 23:22:13]

kMaxSocketNameLength is 104

name generated on my machine is about 94
e.g
/var/folders/00/0dpyh000h01000cxqpysvccm001pvt/T/758B1E1062CD965F78D92951B1E9E136D28155CB.srv

not sure if I can rely that it's constant

+  return base::FilePath("/tmp").Append(pipe_name);
+}
+
 }  // namespace
 
-NSString* GetServiceProcessLaunchDSocketEnvVar() {
-  NSString *label = GetServiceProcessLaunchDLabel();
-  NSString *env_var = [label stringByReplacingOccurrencesOfString:@"."
-                                                       withString:@"_"];
-  env_var = [env_var stringByAppendingString:@"_SOCKET"];
-  env_var = [env_var uppercaseString];
-  return env_var;
-}
-
-// Gets the name of the service process IPC channel.
 IPC::ChannelHandle GetServiceProcessChannel() {
-  base::mac::ScopedNSAutoreleasePool pool;
-  std::string socket_path;
-  base::scoped_nsobject<NSDictionary> dictionary(
-      base::mac::CFToNSCast(Launchd::GetInstance()->CopyExports()));
-  NSString *ns_socket_path =
-      [dictionary objectForKey:GetServiceProcessLaunchDSocketEnvVar()];
-  if (ns_socket_path) {
-    socket_path = base::SysNSStringToUTF8(ns_socket_path);
-  }
-  return IPC::ChannelHandle(socket_path);
+  base::FilePath socket_name = GetServiceProcessSocketName();
+  VLOG(1) << "ServiceProcessChannel: " << socket_name.value();
+  return IPC::ChannelHandle(socket_name.value());
 }
 
 bool ForceServiceProcessShutdown(const std::string& /* version */,
                                  base::ProcessId /* process_id */) {
   base::mac::ScopedNSAutoreleasePool pool;
   CFStringRef label = base::mac::NSToCFCast(GetServiceProcessLaunchDLabel());
   CFErrorRef err = NULL;
   bool ret = Launchd::GetInstance()->RemoveJob(label, &err);
   if (!ret) {
     DLOG(ERROR) << "ForceServiceProcessShutdown: " << err << " "
@@ skipping 58 matching lines @@
     DLOG(ERROR) << "ServiceProcess must be launched by launchd. "
                 << "CopyLaunchdDictionaryByCheckingIn: " << err;
     CFRelease(err);
     return false;
   }
   state_->launchd_conf.reset(dict);
   return true;
 }
 
 IPC::ChannelHandle ServiceProcessState::GetServiceProcessChannel() {
-  DCHECK(state_);
-  NSDictionary *ns_launchd_conf = base::mac::CFToNSCast(state_->launchd_conf);
-  NSDictionary* socket_dict =
-      [ns_launchd_conf objectForKey:@ LAUNCH_JOBKEY_SOCKETS];
-  NSArray* sockets =
-      [socket_dict objectForKey:GetServiceProcessLaunchDSocketKey()];
-  DCHECK_EQ([sockets count], 1U);
-  int socket = [[sockets objectAtIndex:0] intValue];
-  base::FileDescriptor fd(socket, false);
-  return IPC::ChannelHandle(std::string(), fd);
+  return ::GetServiceProcessChannel();
 }
 
 bool CheckServiceProcessReady() {
   std::string version;
   pid_t pid;
-  if (!GetServiceProcessData(&version, &pid)) {
+  if (!GetServiceProcessData(&version, &pid) || pid == -1) {
     return false;
   }
   Version service_version(version);
   bool ready = true;
   if (!service_version.IsValid()) {
     ready = false;
   } else {
     chrome::VersionInfo version_info;
     Version running_version(version_info.Version());
     if (!running_version.IsValid()) {
@@ skipping 22 matching lines @@
 
   std::vector<std::string> args = cmd_line->argv();
   NSMutableArray *ns_args = [NSMutableArray arrayWithCapacity:args.size()];
 
   for (std::vector<std::string>::iterator iter = args.begin();
        iter < args.end();
        ++iter) {
     [ns_args addObject:base::SysUTF8ToNSString(*iter)];
   }
 
-  NSDictionary *socket =
-      [NSDictionary dictionaryWithObject:GetServiceProcessLaunchDSocketEnvVar()
-                                  forKey:@ LAUNCH_JOBSOCKETKEY_SECUREWITHKEY];
-  NSDictionary *sockets =
-      [NSDictionary dictionaryWithObject:socket
-                                  forKey:GetServiceProcessLaunchDSocketKey()];
-
   // See the man page for launchd.plist.
   NSMutableDictionary *launchd_plist =
       [[NSMutableDictionary alloc] initWithObjectsAndKeys:
         GetServiceProcessLaunchDLabel(), @ LAUNCH_JOBKEY_LABEL,
         program, @ LAUNCH_JOBKEY_PROGRAM,
         ns_args, @ LAUNCH_JOBKEY_PROGRAMARGUMENTS,
-        sockets, @ LAUNCH_JOBKEY_SOCKETS,
+        [NSNumber numberWithBool:YES], @ LAUNCH_JOBKEY_RUNATLOAD,

[Robert Sesek, 2015/03/05 22:34:02]

This is changing the RunAtLoad to be from only when for_auto_launch is true to
unconditional. Why that change?

[Robert Sesek, 2015/03/05 22:34:02]

You can use @YES

[Vitaly Buka (NO REVIEWS), 2015/03/05 23:22:13]

Done.

[Vitaly Buka (NO REVIEWS), 2015/03/05 23:22:13]

for_auto_launch means that this file is going to be permanently stored 
~/Library/LaunchAgents to be used after reboot

without for_auto_launch it's just plist in temp directory. and we are going to
run it once to start service setup. it's not important a problem that it has
RunAtLoad, because this file will not be loaded after reboot, only by us in
ServiceProcessControl::Launcher::DoRun()

         nil];
 
   if (for_auto_launch) {
     // We want the service process to be able to exit if there are no services
     // enabled. With a value of NO in the SuccessfulExit key, launchd will
     // relaunch the service automatically in any other case than exiting
     // cleanly with a 0 return code.
     NSDictionary *keep_alive =
       [NSDictionary
         dictionaryWithObject:[NSNumber numberWithBool:NO]
                       forKey:@ LAUNCH_JOBKEY_KEEPALIVE_SUCCESSFULEXIT];
     NSDictionary *auto_launchd_plist =
       [[NSDictionary alloc] initWithObjectsAndKeys:
-        [NSNumber numberWithBool:YES], @ LAUNCH_JOBKEY_RUNATLOAD,
         keep_alive, @ LAUNCH_JOBKEY_KEEPALIVE,
         @ kServiceProcessSessionType, @ LAUNCH_JOBKEY_LIMITLOADTOSESSIONTYPE,
         nil];
     [launchd_plist addEntriesFromDictionary:auto_launchd_plist];
   }
   return reinterpret_cast<CFDictionaryRef>(launchd_plist);
 }
 
 // Writes the launchd property list into the user's LaunchAgents directory,
 // creating that directory if needed. This will cause the service process to be
@@ skipping 150 matching lines @@
       CFErrorRef err = NULL;
       if (!Launchd::GetInstance()->RemoveJob(label, &err)) {
         base::ScopedCFTypeRef<CFErrorRef> scoped_err(err);
         DLOG(ERROR) << "RemoveJob " << err;
         // Exiting with zero, so launchd doesn't restart the process.
         exit(0);
       }
     }
   }
 }