From 8bd4a46da03767be3a2fa16c9fc32ed2233e47f7 Mon Sep 17 00:00:00 2001
From: "sleffler@chromium.org"
 <sleffler@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Thu, 10 May 2012 17:41:10 +0000
Subject: dbus: revamp fd passing support for i/o restrictions

Encapsulate file descriptor validity checking and status in the companion FileDescriptor class so callers can do descriptor checking in a context where i/o is allowed.

Update the debug daemon client support to validate the pipe descriptors in a worker thread so it is not done on the UI thread.

BUG=126142

TEST=new unit tests + collect trace data on chrome os and verify no assert is triggered

Review URL: https://chromiumcodereview.appspot.com/10382021

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@136331 0039d316-1c4b-4281-b951-d872f2087c98
---
 dbus/message.cc | 16 +++-------------
 1 file changed, 3 insertions(+), 13 deletions(-)

(limited to 'dbus/message.cc')

diff --git a/dbus/message.cc b/dbus/message.cc
index d525912..400c1bc 100644
--- a/dbus/message.cc
+++ b/dbus/message.cc
@@ -9,7 +9,6 @@
 #include "base/basictypes.h"
 #include "base/format_macros.h"
 #include "base/logging.h"
-#include "base/platform_file.h"
 #include "base/stringprintf.h"
 #include "dbus/object_path.h"
 #include "third_party/protobuf/src/google/protobuf/message_lite.h"
@@ -691,13 +690,11 @@ void MessageWriter::AppendVariantOfBasic(int dbus_type, const void* value) {
 void MessageWriter::AppendFileDescriptor(const FileDescriptor& value) {
   CHECK(kDBusTypeUnixFdIsSupported);
 
-  base::PlatformFileInfo info;
-  int fd = value.value();
-  bool ok = base::GetPlatformFileInfo(fd, &info);
-  if (!ok || info.is_directory) {
+  if (!value.is_valid()) {
     // NB: sending a directory potentially enables sandbox escape
     LOG(FATAL) << "Attempt to pass invalid file descriptor";
   }
+  int fd = value.value();
   AppendBasic(DBUS_TYPE_UNIX_FD, &fd);
 }
 
@@ -968,15 +965,8 @@ bool MessageReader::PopFileDescriptor(FileDescriptor* value) {
   if (!success)
     return false;
 
-  base::PlatformFileInfo info;
-  bool ok = base::GetPlatformFileInfo(fd, &info);
-  if (!ok || info.is_directory) {
-    base::ClosePlatformFile(fd);
-    // NB: receiving a directory potentially enables sandbox escape
-    LOG(FATAL) << "Attempt to receive invalid file descriptor";
-    return false;  // NB: not reached
-  }
   value->PutValue(fd);
+  // NB: the caller must check validity before using the value
   return true;
 }
 
-- 
cgit v1.1