forked from chromium/chromium
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathattachment_broker_privileged.h
130 lines (112 loc) · 4.73 KB
/
attachment_broker_privileged.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef IPC_ATTACHMENT_BROKER_PRIVILEGED_H_
#define IPC_ATTACHMENT_BROKER_PRIVILEGED_H_
#include <utility>
#include <vector>
#include "base/macros.h"
#include "base/memory/ref_counted.h"
#include "build/build_config.h"
#include "ipc/attachment_broker.h"
#include "ipc/ipc_export.h"
#if defined(OS_MACOSX) && !defined(OS_IOS)
namespace base {
class PortProvider;
} // namespace base
#endif // defined(OS_MACOSX) && !defined(OS_IOS)
namespace IPC {
class Endpoint;
class Sender;
// This abstract subclass of AttachmentBroker is intended for use in a
// privileged process . When unprivileged processes want to send attachments,
// the attachments get routed through the privileged process, and more
// specifically, an instance of this class.
class IPC_EXPORT AttachmentBrokerPrivileged : public IPC::AttachmentBroker {
public:
AttachmentBrokerPrivileged();
~AttachmentBrokerPrivileged() override;
// If there is no global attachment broker, makes a new
// AttachmentBrokerPrivileged and sets it as the global attachment broker.
// This method is thread safe.
#if defined(OS_MACOSX) && !defined(OS_IOS)
static void CreateBrokerIfNeeded(base::PortProvider* provider);
#else
static void CreateBrokerIfNeeded();
#endif // defined(OS_MACOSX) && !defined(OS_IOS)
// Similar to CreateBrokerIfNeeded(), but useful for single process unit tests
// that don't need real attachment brokering, and don't want to deal with
// setting up a fake PortProvider.
static void CreateBrokerForSingleProcessTests();
// AttachmentBroker overrides.
void RegisterCommunicationChannel(
Endpoint* endpoint,
scoped_refptr<base::SingleThreadTaskRunner> runner) override;
void DeregisterCommunicationChannel(Endpoint* endpoint) override;
bool IsPrivilegedBroker() override;
protected:
using EndpointRunnerPair =
std::pair<Endpoint*, scoped_refptr<base::SingleThreadTaskRunner>>;
// Returns the sender whose peer's process id is |id|.
// Returns nullptr if no sender is found.
// The lock returned by get_lock() must already be acquired before calling
// this method. The return value is only guaranteed to be valid while the lock
// is held.
EndpointRunnerPair GetSenderWithProcessId(base::ProcessId id);
// Sends a message to the endpoint, dispatching onto another thread if
// necessary.
void SendMessageToEndpoint(EndpointRunnerPair pair, Message* message);
// Errors that can be reported by subclasses.
// These match tools/metrics/histograms/histograms.xml.
// This enum is append-only.
enum UMAError {
// The brokerable attachment had a valid destination. This is the success
// case.
DESTINATION_FOUND = 0,
// The brokerable attachment had a destination, but the broker did not have
// a channel of communication with that process.
DESTINATION_NOT_FOUND = 1,
// The brokerable attachment did not have a destination process.
NO_DESTINATION = 2,
// Error making an intermediate Mach port.
ERROR_MAKE_INTERMEDIATE = 3,
// Error parsing DuplicateMachPort message.
ERROR_PARSE_DUPLICATE_MACH_PORT_MESSAGE = 4,
// Couldn't get a task port for the process with a given pid.
ERROR_TASK_FOR_PID = 5,
// Couldn't make a port with receive rights in the destination process.
ERROR_MAKE_RECEIVE_PORT = 6,
// Couldn't change the attributes of a Mach port.
ERROR_SET_ATTRIBUTES = 7,
// Couldn't extract a right from the destination.
ERROR_EXTRACT_DEST_RIGHT = 8,
// Couldn't send a Mach port in a call to mach_msg().
ERROR_SEND_MACH_PORT = 9,
// Couldn't decrease the ref count on a Mach port.
ERROR_DECREASE_REF = 10,
// Couldn't extract a right from the source.
ERROR_EXTRACT_SOURCE_RIGHT = 11,
// The broker did not have a channel of communication with the source
// process.
ERROR_SOURCE_NOT_FOUND = 12,
// The broker could not open the source or destination process with extra
// privileges.
ERROR_COULD_NOT_OPEN_SOURCE_OR_DEST = 13,
// The broker was asked to transfer a HANDLE with invalid permissions.
ERROR_INVALID_PERMISSIONS = 14,
// The broker was not immediately able to send an attachment.
DELAYED = 15,
// The broker successfully sent a delayed attachment.
DELAYED_SEND = 16,
ERROR_MAX
};
// Emits an UMA metric.
void LogError(UMAError error);
private:
// A vector of Endpoints, and the SingleThreadTaskRunner that should be used
// to invoke Send() on each Endpoint.
std::vector<EndpointRunnerPair> endpoints_;
DISALLOW_COPY_AND_ASSIGN(AttachmentBrokerPrivileged);
};
} // namespace IPC
#endif // IPC_ATTACHMENT_BROKER_PRIVILEGED_H_