Add firewall methods to chromeos::PermissionBrokerClient.

This patch adds DBus method wrappers to PermissionBrokerClient for the
new Request(Tcp|Udp)PortAccess and Release(Tcp|Udp)Port methods
supported by permission_broker.

BUG=435404

Review URL: https://codereview.chromium.org/960033002

Cr-Commit-Position: refs/heads/master@{#318186}

4 files changed, 138 insertions, 0 deletions

diff --git a/chromeos/dbus/fake_permission_broker_client.cc b/chromeos/dbus/fake_permission_broker_client.cc
index defc010..17d84ac 100644
--- a/chromeos/dbus/fake_permission_broker_client.cc
+++ b/chromeos/dbus/fake_permission_broker_client.cc
@@ -21,4 +21,34 @@ void FakePermissionBrokerClient::RequestPathAccess(
   callback.Run(false);
 }
 
+void FakePermissionBrokerClient::RequestTcpPortAccess(
+    uint16 port,
+    const std::string& interface,
+    const dbus::FileDescriptor& lifeline_fd,
+    const ResultCallback& callback) {
+  callback.Run(false);
+}
+
+void FakePermissionBrokerClient::RequestUdpPortAccess(
+    uint16 port,
+    const std::string& interface,
+    const dbus::FileDescriptor& lifeline_fd,
+    const ResultCallback& callback) {
+  callback.Run(false);
+}
+
+void FakePermissionBrokerClient::ReleaseTcpPort(
+    uint16 port,
+    const std::string& interface,
+    const ResultCallback& callback) {
+  callback.Run(false);
+}
+
+void FakePermissionBrokerClient::ReleaseUdpPort(
+    uint16 port,
+    const std::string& interface,
+    const ResultCallback& callback) {
+  callback.Run(false);
+}
+
 }  // namespace chromeos
diff --git a/chromeos/dbus/fake_permission_broker_client.h b/chromeos/dbus/fake_permission_broker_client.h
index 2c475ac..4f7fff4 100644
--- a/chromeos/dbus/fake_permission_broker_client.h
+++ b/chromeos/dbus/fake_permission_broker_client.h
@@ -20,6 +20,20 @@ class FakePermissionBrokerClient : public PermissionBrokerClient {
   void RequestPathAccess(const std::string& path,
                          int interface_id,
                          const ResultCallback& callback) override;
+  void RequestTcpPortAccess(uint16 port,
+                            const std::string& interface,
+                            const dbus::FileDescriptor& lifeline_fd,
+                            const ResultCallback& callback) override;
+  void RequestUdpPortAccess(uint16 port,
+                            const std::string& interface,
+                            const dbus::FileDescriptor& lifeline_fd,
+                            const ResultCallback& callback) override;
+  void ReleaseTcpPort(uint16 port,
+                      const std::string& interface,
+                      const ResultCallback& callback) override;
+  void ReleaseUdpPort(uint16 port,
+                      const std::string& interface,
+                      const ResultCallback& callback) override;
 
  private:
   DISALLOW_COPY_AND_ASSIGN(FakePermissionBrokerClient);
diff --git a/chromeos/dbus/permission_broker_client.cc b/chromeos/dbus/permission_broker_client.cc
index 4a9e432..c26d53c 100644
--- a/chromeos/dbus/permission_broker_client.cc
+++ b/chromeos/dbus/permission_broker_client.cc
@@ -14,7 +14,11 @@
 using permission_broker::kPermissionBrokerInterface;
 using permission_broker::kPermissionBrokerServiceName;
 using permission_broker::kPermissionBrokerServicePath;
+using permission_broker::kReleaseTcpPort;
+using permission_broker::kReleaseUdpPort;
 using permission_broker::kRequestPathAccess;
+using permission_broker::kRequestTcpPortAccess;
+using permission_broker::kRequestUdpPortAccess;
 
 namespace chromeos {
 
@@ -36,6 +40,60 @@ class PermissionBrokerClientImpl : public PermissionBrokerClient {
                                   weak_ptr_factory_.GetWeakPtr(), callback));
   }
 
+  void RequestTcpPortAccess(uint16 port,
+                            const std::string& interface,
+                            const dbus::FileDescriptor& lifeline_fd,
+                            const ResultCallback& callback) override {
+    dbus::MethodCall method_call(kPermissionBrokerInterface,
+                                 kRequestTcpPortAccess);
+    dbus::MessageWriter writer(&method_call);
+    writer.AppendUint16(port);
+    writer.AppendString(interface);
+    writer.AppendFileDescriptor(lifeline_fd);
+    proxy_->CallMethod(&method_call, dbus::ObjectProxy::TIMEOUT_USE_DEFAULT,
+                       base::Bind(&PermissionBrokerClientImpl::OnResponse,
+                                  weak_ptr_factory_.GetWeakPtr(), callback));
+  }
+
+  void RequestUdpPortAccess(uint16 port,
+                            const std::string& interface,
+                            const dbus::FileDescriptor& lifeline_fd,
+                            const ResultCallback& callback) override {
+    dbus::MethodCall method_call(kPermissionBrokerInterface,
+                                 kRequestUdpPortAccess);
+    dbus::MessageWriter writer(&method_call);
+    writer.AppendUint16(port);
+    writer.AppendString(interface);
+    writer.AppendFileDescriptor(lifeline_fd);
+    proxy_->CallMethod(&method_call, dbus::ObjectProxy::TIMEOUT_USE_DEFAULT,
+                       base::Bind(&PermissionBrokerClientImpl::OnResponse,
+                                  weak_ptr_factory_.GetWeakPtr(), callback));
+  }
+
+  void ReleaseTcpPort(uint16 port,
+                      const std::string& interface,
+                      const ResultCallback& callback) override {
+    dbus::MethodCall method_call(kPermissionBrokerInterface, kReleaseTcpPort);
+    dbus::MessageWriter writer(&method_call);
+    writer.AppendUint16(port);
+    writer.AppendString(interface);
+    proxy_->CallMethod(&method_call, dbus::ObjectProxy::TIMEOUT_USE_DEFAULT,
+                       base::Bind(&PermissionBrokerClientImpl::OnResponse,
+                                  weak_ptr_factory_.GetWeakPtr(), callback));
+  }
+
+  void ReleaseUdpPort(uint16 port,
+                      const std::string& interface,
+                      const ResultCallback& callback) override {
+    dbus::MethodCall method_call(kPermissionBrokerInterface, kReleaseUdpPort);
+    dbus::MessageWriter writer(&method_call);
+    writer.AppendUint16(port);
+    writer.AppendString(interface);
+    proxy_->CallMethod(&method_call, dbus::ObjectProxy::TIMEOUT_USE_DEFAULT,
+                       base::Bind(&PermissionBrokerClientImpl::OnResponse,
+                                  weak_ptr_factory_.GetWeakPtr(), callback));
+  }
+
  protected:
   void Init(dbus::Bus* bus) override {
     proxy_ =
diff --git a/chromeos/dbus/permission_broker_client.h b/chromeos/dbus/permission_broker_client.h
index 752f82b..aa14757 100644
--- a/chromeos/dbus/permission_broker_client.h
+++ b/chromeos/dbus/permission_broker_client.h
@@ -12,6 +12,10 @@
 #include "chromeos/chromeos_export.h"
 #include "chromeos/dbus/dbus_client.h"
 
+namespace dbus {
+class FileDescriptor;
+}
+
 namespace chromeos {
 
 // PermissionBrokerClient is used to communicate with the permission broker, a
@@ -42,6 +46,38 @@ class CHROMEOS_EXPORT PermissionBrokerClient : public DBusClient {
                                  int interface_id,
                                  const ResultCallback& callback) = 0;
 
+  // Requests the |port| be opened on the firewall for incoming TCP/IP
+  // connections received on |interface| (an empty string indicates all
+  // interfaces). An open pipe must be passed as |lifeline_fd| so that the
+  // permission broker can monitor the lifetime of the calling process.
+  virtual void RequestTcpPortAccess(uint16 port,
+                                    const std::string& interface,
+                                    const dbus::FileDescriptor& lifeline_fd,
+                                    const ResultCallback& callback) = 0;
+
+  // Requests the |port| be opened on the firewall for incoming UDP packets
+  // received on |interface| (an empty string indicates all interfaces). An open
+  // pipe must be passed as |lifeline_fd| so that the permission broker can
+  // monitor the lifetime of the calling process.
+  virtual void RequestUdpPortAccess(uint16 port,
+                                    const std::string& interface,
+                                    const dbus::FileDescriptor& lifeline_fd,
+                                    const ResultCallback& callback) = 0;
+
+  // Releases a request for an open firewall port for TCP/IP connections. The
+  // |port| and |interface| parameters must be the same as a previous call to
+  // RequestTcpPortAccess.
+  virtual void ReleaseTcpPort(uint16 port,
+                              const std::string& interface,
+                              const ResultCallback& callback) = 0;
+
+  // Releases a request for an open firewall port for UDP packets. The |port|
+  // and |interface| parameters must be the same as a previous call to
+  // RequestUdpPortAccess.
+  virtual void ReleaseUdpPort(uint16 port,
+                              const std::string& interface,
+                              const ResultCallback& callback) = 0;
+
  protected:
   PermissionBrokerClient();