brettw@chromium.org | 293988a | 2012-03-01 07:48:14 +0900 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
agl@chromium.org | 1c6dcf2 | 2009-07-23 08:57:21 +0900 | [diff] [blame] | 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #ifndef IPC_IPC_CHANNEL_POSIX_H_ |
| 6 | #define IPC_IPC_CHANNEL_POSIX_H_ |
| 7 | |
| 8 | #include "ipc/ipc_channel.h" |
| 9 | |
| 10 | #include <sys/socket.h> // for CMSG macros |
| 11 | |
| 12 | #include <queue> |
hubbe@chromium.org | 683920d | 2013-10-15 09:07:00 +0900 | [diff] [blame] | 13 | #include <set> |
agl@chromium.org | 1c6dcf2 | 2009-07-23 08:57:21 +0900 | [diff] [blame] | 14 | #include <string> |
| 15 | #include <vector> |
| 16 | |
morrita | 39722a3 | 2014-09-30 07:25:54 +0900 | [diff] [blame] | 17 | #include "base/files/scoped_file.h" |
avi@chromium.org | a29af56 | 2013-07-18 08:00:30 +0900 | [diff] [blame] | 18 | #include "base/message_loop/message_loop.h" |
rsesek@chromium.org | 1931971 | 2013-07-24 14:15:24 +0900 | [diff] [blame] | 19 | #include "base/process/process.h" |
brettw@chromium.org | 0e9d0a1 | 2012-03-08 21:30:28 +0900 | [diff] [blame] | 20 | #include "ipc/ipc_channel_reader.h" |
morrita | 33a3590 | 2015-01-15 06:17:06 +0900 | [diff] [blame] | 21 | #include "ipc/ipc_message_attachment_set.h" |
agl@chromium.org | 1c6dcf2 | 2009-07-23 08:57:21 +0900 | [diff] [blame] | 22 | |
| 23 | namespace IPC { |
| 24 | |
morrita@chromium.org | 844f1c3 | 2014-06-07 15:15:53 +0900 | [diff] [blame] | 25 | class IPC_EXPORT ChannelPosix : public Channel, |
| 26 | public internal::ChannelReader, |
| 27 | public base::MessageLoopForIO::Watcher { |
agl@chromium.org | 1c6dcf2 | 2009-07-23 08:57:21 +0900 | [diff] [blame] | 28 | public: |
erikchen | 99b3dc0 | 2015-06-17 06:21:04 +0900 | [diff] [blame] | 29 | // |broker| must outlive the newly created object. |
| 30 | ChannelPosix(const IPC::ChannelHandle& channel_handle, |
| 31 | Mode mode, |
erikchen | 2ffe51b | 2015-09-15 02:45:12 +0900 | [diff] [blame] | 32 | Listener* listener); |
dcheng | ef7721a | 2014-10-22 11:29:52 +0900 | [diff] [blame] | 33 | ~ChannelPosix() override; |
morrita@chromium.org | fde2b6b | 2014-06-07 05:13:51 +0900 | [diff] [blame] | 34 | |
| 35 | // Channel implementation |
dcheng | ef7721a | 2014-10-22 11:29:52 +0900 | [diff] [blame] | 36 | bool Connect() override; |
| 37 | void Close() override; |
| 38 | bool Send(Message* message) override; |
erikchen | 99b3dc0 | 2015-06-17 06:21:04 +0900 | [diff] [blame] | 39 | AttachmentBroker* GetAttachmentBroker() override; |
dcheng | ef7721a | 2014-10-22 11:29:52 +0900 | [diff] [blame] | 40 | base::ProcessId GetPeerPID() const override; |
| 41 | base::ProcessId GetSelfPID() const override; |
| 42 | int GetClientFileDescriptor() const override; |
| 43 | base::ScopedFD TakeClientFileDescriptor() override; |
morrita@chromium.org | 844f1c3 | 2014-06-07 15:15:53 +0900 | [diff] [blame] | 44 | |
| 45 | // Returns true if the channel supports listening for connections. |
| 46 | bool AcceptsConnections() const; |
| 47 | |
| 48 | // Returns true if the channel supports listening for connections and is |
| 49 | // currently connected. |
| 50 | bool HasAcceptedConnection() const; |
| 51 | |
| 52 | // Closes any currently connected socket, and returns to a listening state |
| 53 | // for more connections. |
| 54 | void ResetToAcceptingConnectionState(); |
| 55 | |
| 56 | // Returns true if the peer process' effective user id can be determined, in |
| 57 | // which case the supplied peer_euid is updated with it. |
| 58 | bool GetPeerEuid(uid_t* peer_euid) const; |
morrita@chromium.org | fde2b6b | 2014-06-07 05:13:51 +0900 | [diff] [blame] | 59 | |
phajdan.jr@chromium.org | af9455b | 2011-09-20 02:08:12 +0900 | [diff] [blame] | 60 | void CloseClientFileDescriptor(); |
morrita@chromium.org | fde2b6b | 2014-06-07 05:13:51 +0900 | [diff] [blame] | 61 | |
kkania@chromium.org | f37b4e5 | 2011-08-09 15:46:06 +0900 | [diff] [blame] | 62 | static bool IsNamedServerInitialized(const std::string& channel_id); |
perkj | 596cc35 | 2014-12-12 02:27:58 +0900 | [diff] [blame] | 63 | #if defined(OS_LINUX) |
| 64 | static void SetGlobalPid(int pid); |
| 65 | #endif // OS_LINUX |
agl@chromium.org | 1c6dcf2 | 2009-07-23 08:57:21 +0900 | [diff] [blame] | 66 | |
| 67 | private: |
dmaclach@chromium.org | f146c29 | 2011-02-04 05:35:09 +0900 | [diff] [blame] | 68 | bool CreatePipe(const IPC::ChannelHandle& channel_handle); |
agl@chromium.org | 1c6dcf2 | 2009-07-23 08:57:21 +0900 | [diff] [blame] | 69 | |
erikchen | 0948aee | 2015-10-07 06:46:37 +0900 | [diff] [blame] | 70 | // Returns false on recoverable error. |
| 71 | // There are two reasons why this method might leave messages in the |
| 72 | // output_queue_. |
| 73 | // 1. |waiting_connect_| is |true|. |
| 74 | // 2. |is_blocked_on_write_| is |true|. |
| 75 | // If any of these conditionals change, this method should be called, as |
| 76 | // previously blocked messages may no longer be blocked. |
agl@chromium.org | 1c6dcf2 | 2009-07-23 08:57:21 +0900 | [diff] [blame] | 77 | bool ProcessOutgoingMessages(); |
| 78 | |
dmaclach@chromium.org | c1d3d42 | 2010-12-20 15:59:23 +0900 | [diff] [blame] | 79 | bool AcceptConnection(); |
| 80 | void ClosePipeOnError(); |
morrita@chromium.org | 15996aa | 2014-08-05 08:44:17 +0900 | [diff] [blame] | 81 | int GetHelloMessageProcId() const; |
dmaclach@chromium.org | c1d3d42 | 2010-12-20 15:59:23 +0900 | [diff] [blame] | 82 | void QueueHelloMessage(); |
hubbe@chromium.org | 683920d | 2013-10-15 09:07:00 +0900 | [diff] [blame] | 83 | void CloseFileDescriptors(Message* msg); |
| 84 | void QueueCloseFDMessage(int fd, int hops); |
dmaclach@chromium.org | c1d3d42 | 2010-12-20 15:59:23 +0900 | [diff] [blame] | 85 | |
brettw@chromium.org | 0e9d0a1 | 2012-03-08 21:30:28 +0900 | [diff] [blame] | 86 | // ChannelReader implementation. |
dcheng | ef7721a | 2014-10-22 11:29:52 +0900 | [diff] [blame] | 87 | ReadState ReadData(char* buffer, int buffer_len, int* bytes_read) override; |
erikchen | f295bbc | 2015-07-28 03:26:14 +0900 | [diff] [blame] | 88 | bool ShouldDispatchInputMessage(Message* msg) override; |
| 89 | bool GetNonBrokeredAttachments(Message* msg) override; |
dcheng | ef7721a | 2014-10-22 11:29:52 +0900 | [diff] [blame] | 90 | bool DidEmptyInputBuffers() override; |
| 91 | void HandleInternalMessage(const Message& msg) override; |
erikchen | cc6ccfc | 2015-07-29 08:16:48 +0900 | [diff] [blame] | 92 | base::ProcessId GetSenderPID() override; |
erikchen | ca630d7 | 2015-07-31 07:26:08 +0900 | [diff] [blame] | 93 | bool IsAttachmentBrokerEndpoint() override; |
brettw@chromium.org | 293988a | 2012-03-01 07:48:14 +0900 | [diff] [blame] | 94 | |
brettw@chromium.org | 293988a | 2012-03-01 07:48:14 +0900 | [diff] [blame] | 95 | // Finds the set of file descriptors in the given message. On success, |
| 96 | // appends the descriptors to the input_fds_ member and returns true |
| 97 | // |
| 98 | // Returns false if the message was truncated. In this case, any handles that |
| 99 | // were sent will be closed. |
| 100 | bool ExtractFileDescriptorsFromMsghdr(msghdr* msg); |
| 101 | |
| 102 | // Closes all handles in the input_fds_ list and clears the list. This is |
| 103 | // used to clean up handles in error conditions to avoid leaking the handles. |
| 104 | void ClearInputFDs(); |
| 105 | |
agl@chromium.org | 1c6dcf2 | 2009-07-23 08:57:21 +0900 | [diff] [blame] | 106 | // MessageLoopForIO::Watcher implementation. |
dcheng | ef7721a | 2014-10-22 11:29:52 +0900 | [diff] [blame] | 107 | void OnFileCanReadWithoutBlocking(int fd) override; |
| 108 | void OnFileCanWriteWithoutBlocking(int fd) override; |
agl@chromium.org | 1c6dcf2 | 2009-07-23 08:57:21 +0900 | [diff] [blame] | 109 | |
erikchen | 0948aee | 2015-10-07 06:46:37 +0900 | [diff] [blame] | 110 | // Returns |false| on channel error. |
| 111 | // If |message| has brokerable attachments, those attachments are passed to |
| 112 | // the AttachmentBroker (which in turn invokes Send()), so this method must |
| 113 | // be re-entrant. |
| 114 | // Adds |message| to |output_queue_| and calls ProcessOutgoingMessages(). |
| 115 | bool ProcessMessageForDelivery(Message* message); |
| 116 | |
| 117 | // Moves all messages from |prelim_queue_| to |output_queue_| by calling |
| 118 | // ProcessMessageForDelivery(). |
| 119 | // Returns |false| on channel error. |
| 120 | bool FlushPrelimQueue(); |
| 121 | |
agl@chromium.org | 1c6dcf2 | 2009-07-23 08:57:21 +0900 | [diff] [blame] | 122 | Mode mode_; |
| 123 | |
jschuh@chromium.org | a5cd076 | 2012-04-05 11:38:34 +0900 | [diff] [blame] | 124 | base::ProcessId peer_pid_; |
| 125 | |
agl@chromium.org | 1c6dcf2 | 2009-07-23 08:57:21 +0900 | [diff] [blame] | 126 | // After accepting one client connection on our server socket we want to |
| 127 | // stop listening. |
xhwang@chromium.org | 0b2c2a5 | 2013-05-01 05:55:03 +0900 | [diff] [blame] | 128 | base::MessageLoopForIO::FileDescriptorWatcher |
| 129 | server_listen_connection_watcher_; |
| 130 | base::MessageLoopForIO::FileDescriptorWatcher read_watcher_; |
| 131 | base::MessageLoopForIO::FileDescriptorWatcher write_watcher_; |
agl@chromium.org | 1c6dcf2 | 2009-07-23 08:57:21 +0900 | [diff] [blame] | 132 | |
| 133 | // Indicates whether we're currently blocked waiting for a write to complete. |
| 134 | bool is_blocked_on_write_; |
dmaclach@chromium.org | c1d3d42 | 2010-12-20 15:59:23 +0900 | [diff] [blame] | 135 | bool waiting_connect_; |
agl@chromium.org | 1c6dcf2 | 2009-07-23 08:57:21 +0900 | [diff] [blame] | 136 | |
| 137 | // If sending a message blocks then we use this variable |
| 138 | // to keep track of where we are. |
| 139 | size_t message_send_bytes_written_; |
| 140 | |
dmaclach@chromium.org | c1d3d42 | 2010-12-20 15:59:23 +0900 | [diff] [blame] | 141 | // File descriptor we're listening on for new connections if we listen |
| 142 | // for connections. |
morrita | 39722a3 | 2014-09-30 07:25:54 +0900 | [diff] [blame] | 143 | base::ScopedFD server_listen_pipe_; |
agl@chromium.org | 1c6dcf2 | 2009-07-23 08:57:21 +0900 | [diff] [blame] | 144 | |
| 145 | // The pipe used for communication. |
morrita | 39722a3 | 2014-09-30 07:25:54 +0900 | [diff] [blame] | 146 | base::ScopedFD pipe_; |
agl@chromium.org | 1c6dcf2 | 2009-07-23 08:57:21 +0900 | [diff] [blame] | 147 | |
| 148 | // For a server, the client end of our socketpair() -- the other end of our |
| 149 | // pipe_ that is passed to the client. |
morrita | 39722a3 | 2014-09-30 07:25:54 +0900 | [diff] [blame] | 150 | base::ScopedFD client_pipe_; |
morrita@chromium.org | fde2b6b | 2014-06-07 05:13:51 +0900 | [diff] [blame] | 151 | mutable base::Lock client_pipe_lock_; // Lock that protects |client_pipe_|. |
agl@chromium.org | 1c6dcf2 | 2009-07-23 08:57:21 +0900 | [diff] [blame] | 152 | |
agl@chromium.org | 1c6dcf2 | 2009-07-23 08:57:21 +0900 | [diff] [blame] | 153 | // The "name" of our pipe. On Windows this is the global identifier for |
| 154 | // the pipe. On POSIX it's used as a key in a local map of file descriptors. |
| 155 | std::string pipe_name_; |
| 156 | |
erikchen | 0948aee | 2015-10-07 06:46:37 +0900 | [diff] [blame] | 157 | // Messages not yet ready to be sent are queued here. Messages removed from |
| 158 | // this queue are placed in the output_queue_. The double queue is |
| 159 | // unfortunate, but is necessary because messages with brokerable attachments |
| 160 | // can generate multiple messages to be sent (possibly from other channels). |
| 161 | // Some of these generated messages cannot be sent until |peer_pid_| has been |
| 162 | // configured. |
| 163 | // As soon as |peer_pid| has been configured, there is no longer any need for |
| 164 | // |prelim_queue_|. All messages are flushed, and no new messages are added. |
| 165 | std::queue<Message*> prelim_queue_; |
| 166 | |
agl@chromium.org | 1c6dcf2 | 2009-07-23 08:57:21 +0900 | [diff] [blame] | 167 | // Messages to be sent are queued here. |
erikchen | 0948aee | 2015-10-07 06:46:37 +0900 | [diff] [blame] | 168 | std::queue<OutputElement*> output_queue_; |
agl@chromium.org | 1c6dcf2 | 2009-07-23 08:57:21 +0900 | [diff] [blame] | 169 | |
pkasting@chromium.org | 9687a8f | 2011-09-01 09:50:13 +0900 | [diff] [blame] | 170 | // We assume a worst case: kReadBufferSize bytes of messages, where each |
| 171 | // message has no payload and a full complement of descriptors. |
| 172 | static const size_t kMaxReadFDs = |
| 173 | (Channel::kReadBufferSize / sizeof(IPC::Message::Header)) * |
morrita | 33a3590 | 2015-01-15 06:17:06 +0900 | [diff] [blame] | 174 | MessageAttachmentSet::kMaxDescriptorsPerMessage; |
agl@chromium.org | 1c6dcf2 | 2009-07-23 08:57:21 +0900 | [diff] [blame] | 175 | |
brettw@chromium.org | 293988a | 2012-03-01 07:48:14 +0900 | [diff] [blame] | 176 | // Buffer size for file descriptors used for recvmsg. On Mac the CMSG macros |
bratell | 88511de | 2015-05-29 22:19:01 +0900 | [diff] [blame] | 177 | // are not constant so we have to pick a "large enough" padding for headers. |
agl@chromium.org | 1c6dcf2 | 2009-07-23 08:57:21 +0900 | [diff] [blame] | 178 | #if defined(OS_MACOSX) |
bratell | 88511de | 2015-05-29 22:19:01 +0900 | [diff] [blame] | 179 | static const size_t kMaxReadFDBuffer = 1024 + sizeof(int) * kMaxReadFDs; |
agl@chromium.org | 1c6dcf2 | 2009-07-23 08:57:21 +0900 | [diff] [blame] | 180 | #else |
brettw@chromium.org | 293988a | 2012-03-01 07:48:14 +0900 | [diff] [blame] | 181 | static const size_t kMaxReadFDBuffer = CMSG_SPACE(sizeof(int) * kMaxReadFDs); |
agl@chromium.org | 1c6dcf2 | 2009-07-23 08:57:21 +0900 | [diff] [blame] | 182 | #endif |
bratell | 88511de | 2015-05-29 22:19:01 +0900 | [diff] [blame] | 183 | static_assert(kMaxReadFDBuffer <= 8192, |
| 184 | "kMaxReadFDBuffer too big for a stack buffer"); |
brettw@chromium.org | 293988a | 2012-03-01 07:48:14 +0900 | [diff] [blame] | 185 | |
| 186 | // File descriptors extracted from messages coming off of the channel. The |
| 187 | // handles may span messages and come off different channels from the message |
| 188 | // data (in the case of READWRITE), and are processed in FIFO here. |
fischman@chromium.org | 8b60dfa | 2012-04-10 06:40:44 +0900 | [diff] [blame] | 189 | // NOTE: The implementation assumes underlying storage here is contiguous, so |
| 190 | // don't change to something like std::deque<> without changing the |
| 191 | // implementation! |
| 192 | std::vector<int> input_fds_; |
agl@chromium.org | 1c6dcf2 | 2009-07-23 08:57:21 +0900 | [diff] [blame] | 193 | |
morrita | e491a7b | 2015-01-28 05:05:53 +0900 | [diff] [blame] | 194 | |
| 195 | void ResetSafely(base::ScopedFD* fd); |
| 196 | bool in_dtor_; |
| 197 | |
hubbe@chromium.org | 683920d | 2013-10-15 09:07:00 +0900 | [diff] [blame] | 198 | #if defined(OS_MACOSX) |
| 199 | // On OSX, sent FDs must not be closed until we get an ack. |
| 200 | // Keep track of sent FDs here to make sure the remote is not |
| 201 | // trying to bamboozle us. |
| 202 | std::set<int> fds_to_close_; |
| 203 | #endif |
| 204 | |
dmaclach@chromium.org | c1d3d42 | 2010-12-20 15:59:23 +0900 | [diff] [blame] | 205 | // True if we are responsible for unlinking the unix domain socket file. |
| 206 | bool must_unlink_; |
agl@chromium.org | 1c6dcf2 | 2009-07-23 08:57:21 +0900 | [diff] [blame] | 207 | |
perkj | 596cc35 | 2014-12-12 02:27:58 +0900 | [diff] [blame] | 208 | #if defined(OS_LINUX) |
| 209 | // If non-zero, overrides the process ID sent in the hello message. |
| 210 | static int global_pid_; |
| 211 | #endif // OS_LINUX |
| 212 | |
morrita@chromium.org | fde2b6b | 2014-06-07 05:13:51 +0900 | [diff] [blame] | 213 | DISALLOW_IMPLICIT_CONSTRUCTORS(ChannelPosix); |
agl@chromium.org | 1c6dcf2 | 2009-07-23 08:57:21 +0900 | [diff] [blame] | 214 | }; |
| 215 | |
agl@chromium.org | 1c6dcf2 | 2009-07-23 08:57:21 +0900 | [diff] [blame] | 216 | } // namespace IPC |
| 217 | |
| 218 | #endif // IPC_IPC_CHANNEL_POSIX_H_ |