Move BrokerDuplicateHandle() to be declared in content/public

This is necessary so that BrokerDuplicateHandle() can be used from
chrome/browser while passing the check_deps rules.

BUG=http://code.google.com/p/nativeclient/issues/detail?id=2719
TEST=build

Review URL: https://chromiumcodereview.appspot.com/10082018

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@132405 0039d316-1c4b-4281-b951-d872f2087c98

7 files changed, 66 insertions, 51 deletions

diff --git a/content/common/gpu/client/command_buffer_proxy_impl.cc b/content/common/gpu/client/command_buffer_proxy_impl.cc
index 1bb1887..ce54be75 100644
--- a/content/common/gpu/client/command_buffer_proxy_impl.cc
+++ b/content/common/gpu/client/command_buffer_proxy_impl.cc
@@ -21,7 +21,7 @@
 #include "ui/gfx/size.h"
 
 #if defined(OS_WIN)
-#include "content/common/sandbox_policy.h"
+#include "content/public/common/sandbox_init.h"
 #endif
 
 using gpu::Buffer;
@@ -240,7 +240,7 @@ int32 CommandBufferProxyImpl::CreateTransferBuffer(
   base::SharedMemoryHandle handle = shm->handle();
 #if defined(OS_WIN)
   // Windows needs to explicitly duplicate the handle out to another process.
-  if (!sandbox::BrokerDuplicateHandle(handle, channel_->gpu_pid(),
+  if (!content::BrokerDuplicateHandle(handle, channel_->gpu_pid(),
                                       &handle, FILE_MAP_WRITE, 0)) {
     return -1;
   }
@@ -271,7 +271,7 @@ int32 CommandBufferProxyImpl::RegisterTransferBuffer(
   base::SharedMemoryHandle handle = shared_memory->handle();
 #if defined(OS_WIN)
   // Windows needs to explicitly duplicate the handle out to another process.
-  if (!sandbox::BrokerDuplicateHandle(handle, channel_->gpu_pid(),
+  if (!content::BrokerDuplicateHandle(handle, channel_->gpu_pid(),
                                       &handle, FILE_MAP_WRITE, 0)) {
     return -1;
   }
diff --git a/content/common/gpu/gpu_command_buffer_stub.cc b/content/common/gpu/gpu_command_buffer_stub.cc
index 1f22bce..90876b6 100644
--- a/content/common/gpu/gpu_command_buffer_stub.cc
+++ b/content/common/gpu/gpu_command_buffer_stub.cc
@@ -24,7 +24,7 @@
 #include "ui/gfx/gl/gl_switches.h"
 
 #if defined(OS_WIN)
-#include "content/common/sandbox_policy.h"
+#include "content/public/common/sandbox_init.h"
 #endif
 
 GpuCommandBufferStub::SurfaceState::SurfaceState(int32 surface_id,
@@ -508,7 +508,7 @@ void GpuCommandBufferStub::OnGetTransferBuffer(
     if (buffer.shared_memory) {
 #if defined(OS_WIN)
       transfer_buffer = NULL;
-      sandbox::BrokerDuplicateHandle(buffer.shared_memory->handle(),
+      content::BrokerDuplicateHandle(buffer.shared_memory->handle(),
           channel_->renderer_pid(), &transfer_buffer, FILE_MAP_READ |
           FILE_MAP_WRITE, 0);
       CHECK(transfer_buffer != NULL);
diff --git a/content/common/sandbox_policy.cc b/content/common/sandbox_policy.cc
index dc07070..da359a8 100644
--- a/content/common/sandbox_policy.cc
+++ b/content/common/sandbox_policy.cc
@@ -22,6 +22,7 @@
 #include "content/public/common/content_client.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/common/process_type.h"
+#include "content/public/common/sandbox_init.h"
 #include "sandbox/src/sandbox.h"
 #include "ui/gfx/gl/gl_switches.h"
 
@@ -458,41 +459,6 @@ bool InitTargetServices(sandbox::TargetServices* target_services) {
   return SBOX_ALL_OK == result;
 }
 
-bool BrokerDuplicateHandle(HANDLE source_handle,
-                           DWORD target_process_id,
-                           HANDLE* target_handle,
-                           DWORD desired_access,
-                           DWORD options) {
-  // If our process is the target just duplicate the handle.
-  if (::GetCurrentProcessId() == target_process_id) {
-    return !!::DuplicateHandle(::GetCurrentProcess(), source_handle,
-                               ::GetCurrentProcess(), target_handle,
-                               desired_access, FALSE, options);
-
-  }
-
-  // Try the broker next
-  if (g_target_services &&
-      g_target_services->DuplicateHandle(source_handle, target_process_id,
-                                         target_handle, desired_access,
-                                         options) == SBOX_ALL_OK) {
-    return true;
-  }
-
-  // Finally, see if we already have access to the process.
-  base::win::ScopedHandle target_process;
-  target_process.Set(::OpenProcess(PROCESS_DUP_HANDLE, FALSE,
-                                    target_process_id));
-  if (target_process.IsValid()) {
-    return !!::DuplicateHandle(::GetCurrentProcess(), source_handle,
-                                target_process, target_handle,
-                                desired_access, FALSE, options);
-  }
-
-  return false;
-}
-
-
 base::ProcessHandle StartProcessWithAccess(CommandLine* cmd_line,
                                            const FilePath& exposed_dir) {
   const CommandLine& browser_command_line = *CommandLine::ForCurrentProcess();
@@ -688,3 +654,41 @@ base::ProcessHandle StartProcessWithAccess(CommandLine* cmd_line,
 }
 
 }  // namespace sandbox
+
+namespace content {
+
+bool BrokerDuplicateHandle(HANDLE source_handle,
+                           DWORD target_process_id,
+                           HANDLE* target_handle,
+                           DWORD desired_access,
+                           DWORD options) {
+  // If our process is the target just duplicate the handle.
+  if (::GetCurrentProcessId() == target_process_id) {
+    return !!::DuplicateHandle(::GetCurrentProcess(), source_handle,
+                               ::GetCurrentProcess(), target_handle,
+                               desired_access, FALSE, options);
+
+  }
+
+  // Try the broker next
+  if (g_target_services &&
+      g_target_services->DuplicateHandle(source_handle, target_process_id,
+                                         target_handle, desired_access,
+                                         options) == sandbox::SBOX_ALL_OK) {
+    return true;
+  }
+
+  // Finally, see if we already have access to the process.
+  base::win::ScopedHandle target_process;
+  target_process.Set(::OpenProcess(PROCESS_DUP_HANDLE, FALSE,
+                                    target_process_id));
+  if (target_process.IsValid()) {
+    return !!::DuplicateHandle(::GetCurrentProcess(), source_handle,
+                                target_process, target_handle,
+                                desired_access, FALSE, options);
+  }
+
+  return false;
+}
+
+}  // namespace content
diff --git a/content/common/sandbox_policy.h b/content/common/sandbox_policy.h
index 34c374e..53e4c2f 100644
--- a/content/common/sandbox_policy.h
+++ b/content/common/sandbox_policy.h
@@ -23,12 +23,6 @@ CONTENT_EXPORT bool InitBrokerServices(
 CONTENT_EXPORT bool InitTargetServices(
     sandbox::TargetServices* target_services);
 
-CONTENT_EXPORT bool BrokerDuplicateHandle(HANDLE source_handle,
-                                          DWORD target_process_id,
-                                          HANDLE* target_handle,
-                                          DWORD desired_access,
-                                          DWORD options);
-
 // Starts a sandboxed process with the given directory unsandboxed
 // and returns a handle to it.
 CONTENT_EXPORT base::ProcessHandle StartProcessWithAccess(
diff --git a/content/plugin/webplugin_proxy.cc b/content/plugin/webplugin_proxy.cc
index 704058d..ee1c721 100644
--- a/content/plugin/webplugin_proxy.cc
+++ b/content/plugin/webplugin_proxy.cc
@@ -36,7 +36,7 @@
 #endif
 
 #if defined(OS_WIN)
-#include "content/common/sandbox_policy.h"
+#include "content/public/common/sandbox_init.h"
 #endif
 
 using WebKit::WebBindings;
@@ -133,7 +133,7 @@ void WebPluginProxy::WillDestroyWindow(gfx::PluginWindowHandle window) {
 #if defined(OS_WIN)
 void WebPluginProxy::SetWindowlessPumpEvent(HANDLE pump_messages_event) {
   HANDLE pump_messages_event_for_renderer = NULL;
-  sandbox::BrokerDuplicateHandle(pump_messages_event, channel_->peer_pid(),
+  content::BrokerDuplicateHandle(pump_messages_event, channel_->peer_pid(),
                                  &pump_messages_event_for_renderer,
                                  SYNCHRONIZE | EVENT_MODIFY_STATE, 0);
   DCHECK(pump_messages_event_for_renderer != NULL);
diff --git a/content/public/common/sandbox_init.h b/content/public/common/sandbox_init.h
index 26b7d38..8952323 100644
--- a/content/public/common/sandbox_init.h
+++ b/content/public/common/sandbox_init.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -6,6 +6,7 @@
 #define CONTENT_PUBLIC_COMMON_SANDBOX_INIT_H_
 #pragma once
 
+#include "base/process.h"
 #include "build/build_config.h"
 #include "content/common/content_export.h"
 
@@ -20,6 +21,7 @@ class FilePath;
 namespace content {
 
 #if defined(OS_WIN)
+
 // Initialize the sandbox for renderer, gpu, utility, worker, nacl, and plug-in
 // processes, depending on the command line flags. Although The browser process
 // is not sandboxed, this also needs to be called because it will initialize
@@ -29,7 +31,19 @@ namespace content {
 // returned.
 CONTENT_EXPORT bool InitializeSandbox(
     sandbox::SandboxInterfaceInfo* sandbox_info);
+
+// This is a restricted version of Windows' DuplicateHandle() function
+// that works inside the sandbox and can send handles but not retrieve
+// them.  Unlike DuplicateHandle(), it takes a process ID rather than
+// a process handle.  It returns true on success, false otherwise.
+CONTENT_EXPORT bool BrokerDuplicateHandle(HANDLE source_handle,
+                                          DWORD target_process_id,
+                                          HANDLE* target_handle,
+                                          DWORD desired_access,
+                                          DWORD options);
+
 #elif defined(OS_MACOSX)
+
 // Initialize the sandbox of the given |sandbox_type|, optionally specifying a
 // directory to allow access to. Note specifying a directory needs to be
 // supported by the sandbox profile associated with the given |sandbox_type|.
@@ -46,8 +60,11 @@ CONTENT_EXPORT bool InitializeSandbox(
 // taken and true is always returned.
 CONTENT_EXPORT bool InitializeSandbox(int sandbox_type,
                                       const FilePath& allowed_path);
+
 #elif defined(OS_LINUX)
+
 CONTENT_EXPORT void InitializeSandbox();
+
 #endif
 
 }  // namespace content
diff --git a/content/renderer/webplugin_delegate_proxy.cc b/content/renderer/webplugin_delegate_proxy.cc
index 16739b3..d319dbd 100644
--- a/content/renderer/webplugin_delegate_proxy.cc
+++ b/content/renderer/webplugin_delegate_proxy.cc
@@ -62,7 +62,7 @@
 #endif
 
 #if defined(OS_WIN)
-#include "content/common/sandbox_policy.h"
+#include "content/public/common/sandbox_init.h"
 #endif
 
 using WebKit::WebBindings;
@@ -503,7 +503,7 @@ static void CopyTransportDIBHandleForMessage(
 #elif defined(OS_WIN)
   // On Windows we need to duplicate the handle for the plugin process.
   *handle_out = NULL;
-  sandbox::BrokerDuplicateHandle(handle_in, peer_pid, handle_out,
+  content::BrokerDuplicateHandle(handle_in, peer_pid, handle_out,
                                  FILE_MAP_READ | FILE_MAP_WRITE, 0);
   DCHECK(*handle_out != NULL);
 #else