// Copyright 2015 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef IPC_ATTACHMENT_BROKER_PRIVILEGED_H_ #define IPC_ATTACHMENT_BROKER_PRIVILEGED_H_ #include #include "base/memory/scoped_ptr.h" #include "ipc/attachment_broker.h" #include "ipc/ipc_export.h" #if defined(OS_MACOSX) && !defined(OS_IOS) namespace base { class PortProvider; } // namespace base #endif // defined(OS_MACOSX) && !defined(OS_IOS) namespace IPC { class Endpoint; class Sender; // This abstract subclass of AttachmentBroker is intended for use in a // privileged process . When unprivileged processes want to send attachments, // the attachments get routed through the privileged process, and more // specifically, an instance of this class. class IPC_EXPORT AttachmentBrokerPrivileged : public IPC::AttachmentBroker { public: AttachmentBrokerPrivileged(); ~AttachmentBrokerPrivileged() override; // If there is no global attachment broker, makes a new // AttachmentBrokerPrivileged and sets it as the global attachment broker. // This method is thread safe. #if defined(OS_MACOSX) && !defined(OS_IOS) static void CreateBrokerIfNeeded(base::PortProvider* provider); #else static void CreateBrokerIfNeeded(); #endif // defined(OS_MACOSX) && !defined(OS_IOS) // AttachmentBroker overrides. void RegisterCommunicationChannel(Endpoint* endpoint) override; void DeregisterCommunicationChannel(Endpoint* endpoint) override; protected: // Returns the sender whose peer's process id is |id|. // Returns nullptr if no sender is found. // The lock returned by get_lock() must already be acquired before calling // this method. The return value is only guaranteed to be valid while the lock // is held. Sender* GetSenderWithProcessId(base::ProcessId id); // Errors that can be reported by subclasses. // These match tools/metrics/histograms.xml. // This enum is append-only. enum UMAError { // The brokerable attachment had a valid destination. This is the success // case. DESTINATION_FOUND = 0, // The brokerable attachment had a destination, but the broker did not have // a channel of communication with that process. DESTINATION_NOT_FOUND = 1, // The brokerable attachment did not have a destination process. NO_DESTINATION = 2, // Error making an intermediate Mach port. ERROR_MAKE_INTERMEDIATE = 3, // Error parsing DuplicateMachPort message. ERROR_PARSE_DUPLICATE_MACH_PORT_MESSAGE = 4, // Couldn't get a task port for the process with a given pid. ERROR_TASK_FOR_PID = 5, // Couldn't make a port with receive rights in the destination process. ERROR_MAKE_RECEIVE_PORT = 6, // Couldn't change the attributes of a Mach port. ERROR_SET_ATTRIBUTES = 7, // Couldn't extract a right from the destination. ERROR_EXTRACT_DEST_RIGHT = 8, // Couldn't send a Mach port in a call to mach_msg(). ERROR_SEND_MACH_PORT = 9, // Couldn't decrease the ref count on a Mach port. ERROR_DECREASE_REF = 10, // Couldn't extract a right from the source. ERROR_EXTRACT_SOURCE_RIGHT = 11, // The broker did not have a channel of communication with the source // process. ERROR_SOURCE_NOT_FOUND = 12, // The broker could not open the source or destination process with extra // privileges. ERROR_COULD_NOT_OPEN_SOURCE_OR_DEST = 13, // The broker was asked to transfer a HANDLE with invalid permissions. ERROR_INVALID_PERMISSIONS = 14, ERROR_MAX }; // Emits an UMA metric. void LogError(UMAError error); private: std::vector endpoints_; DISALLOW_COPY_AND_ASSIGN(AttachmentBrokerPrivileged); }; } // namespace IPC #endif // IPC_ATTACHMENT_BROKER_PRIVILEGED_H_