| // Copyright 2015 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef IPC_ATTACHMENT_BROKER_PRIVILEGED_WIN_H_ |
| #define IPC_ATTACHMENT_BROKER_PRIVILEGED_WIN_H_ |
| |
| #include <map> |
| #include <vector> |
| |
| #include "base/macros.h" |
| #include "ipc/attachment_broker_privileged.h" |
| #include "ipc/handle_attachment_win.h" |
| #include "ipc/ipc_export.h" |
| |
| namespace IPC { |
| |
| // This class is a concrete subclass of AttachmentBrokerPrivileged for the |
| // Windows platform. |
| class IPC_EXPORT AttachmentBrokerPrivilegedWin |
| : public AttachmentBrokerPrivileged { |
| public: |
| AttachmentBrokerPrivilegedWin(); |
| ~AttachmentBrokerPrivilegedWin() override; |
| |
| // IPC::AttachmentBroker overrides. |
| bool SendAttachmentToProcess( |
| const scoped_refptr<IPC::BrokerableAttachment>& attachment, |
| base::ProcessId destination_process) override; |
| void ReceivedPeerPid(base::ProcessId peer_pid) override; |
| |
| // IPC::Listener overrides. |
| bool OnMessageReceived(const Message& message) override; |
| |
| private: |
| using HandleWireFormat = internal::HandleAttachmentWin::WireFormat; |
| // IPC message handlers. |
| void OnDuplicateWinHandle(const Message& message); |
| |
| // Duplicates |wire_Format| from |source_process| into its destination |
| // process. Closes the original HANDLE. |
| HandleWireFormat DuplicateWinHandle(const HandleWireFormat& wire_format, |
| base::ProcessId source_process); |
| |
| // Copies an existing |wire_format|, but substitutes in a different handle. |
| HandleWireFormat CopyWireFormat(const HandleWireFormat& wire_format, |
| int handle); |
| |
| // If the HANDLE's destination is this process, queue it and notify the |
| // observers. Otherwise, send it in an IPC to its destination. |
| // If the destination process cannot be found, |store_on_failure| indicates |
| // whether the |wire_format| should be stored, or an error should be emitted. |
| void RouteDuplicatedHandle(const HandleWireFormat& wire_format, |
| bool store_on_failure); |
| |
| // Wire formats that cannot be immediately sent to the destination process |
| // because the connection has not been established. If, for some reason, the |
| // connection is never established, then the assumption is that the |
| // destination process died. The resource itself will be cleaned up by the OS, |
| // but the data structure HandleWireFormat will leak. If, at a later point in |
| // time, a new process is created with the same process id, the WireFormats |
| // will be passed to the new process. There is no security problem, since the |
| // resource itself is not being sent. Furthermore, it is unlikely to affect |
| // the functionality of the new process, since AttachmentBroker ids are large, |
| // unguessable nonces. |
| using WireFormats = std::vector<HandleWireFormat>; |
| std::map<base::ProcessId, WireFormats> stored_wire_formats_; |
| |
| DISALLOW_COPY_AND_ASSIGN(AttachmentBrokerPrivilegedWin); |
| }; |
| |
| } // namespace IPC |
| |
| #endif // IPC_ATTACHMENT_BROKER_PRIVILEGED_WIN_H_ |