Reland: Mojo EDK: Improve internal process handle ownership
Re-reland of r555117 with process handle leak actually fixed.
Totes for reals. Original commit message follows.
Mojo passes around base::ProcessHandle values for various reasons. On
most systems this is fine, but at least on Windows, a ProcessHandle
refers to an owned reference to a system process object, and if not
careful it's possible for a base::ProcessHandle value to inadvertently
change meaning over time.
This CL introduces the concept of a move-only ScopedProcessHandle
within Mojo, which on most platforms is just a base::PlatformHandle.
On Windows, this represents an owned base::ProcessHandle which closes
on destruction and clones correctly using DuplicateHandle rather than
merely copying the raw handle value.
ScopedProcessHandle is used in a few places where process handle
ownership semantics were previously weaker than necessary, or were
correct but implemented ad hoc.
This also updates ScopedPlatformHandle (and supporting code like
Channel::RewriteHandles) such that the |owning_process| field (if not
the current process) is always an owned process handle. This ensures
that when such handles are closed in unsent messages, they can be
safely closed in the target process (from within the source process)
without any risk of raciness against target process termination.
TBR=jcivelli@chromium.org
Bug: 837612
Change-Id: I182e6849fd87fb44e22f6ed21457b17422956613
Reviewed-on: https://chromium-review.googlesource.com/1066999
Commit-Queue: Ken Rockot <rockot@chromium.org>
Reviewed-by: Ken Rockot <rockot@chromium.org>
Cr-Commit-Position: refs/heads/master@{#560206}
CrOS-Libchrome-Original-Commit: 21070080327d78d72e881a2f1c7d030ccae8b256
10 files changed