| // Copyright 2014 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "mojo/edk/embedder/platform_channel_utils_posix.h" |
| |
| #include <stddef.h> |
| #include <sys/socket.h> |
| #include <unistd.h> |
| |
| #include <utility> |
| |
| #include "base/files/file_util.h" |
| #include "base/logging.h" |
| #include "base/posix/eintr_wrapper.h" |
| #include "build/build_config.h" |
| #include "mojo/edk/embedder/scoped_platform_handle.h" |
| |
| #if !defined(OS_NACL) |
| #include <sys/uio.h> |
| #endif |
| |
| #if !defined(SO_PEEK_OFF) |
| #define SO_PEEK_OFF 42 |
| #endif |
| |
| namespace mojo { |
| namespace edk { |
| namespace { |
| |
| #if !defined(OS_NACL) |
| bool IsRecoverableError() { |
| return errno == ECONNABORTED || errno == EMFILE || errno == ENFILE || |
| errno == ENOMEM || errno == ENOBUFS; |
| } |
| |
| bool GetPeerEuid(PlatformHandle handle, uid_t* peer_euid) { |
| DCHECK(peer_euid); |
| #if defined(OS_MACOSX) || defined(OS_OPENBSD) || defined(OS_FREEBSD) |
| uid_t socket_euid; |
| gid_t socket_gid; |
| if (getpeereid(handle.handle, &socket_euid, &socket_gid) < 0) { |
| PLOG(ERROR) << "getpeereid " << handle.handle; |
| return false; |
| } |
| *peer_euid = socket_euid; |
| return true; |
| #else |
| struct ucred cred; |
| socklen_t cred_len = sizeof(cred); |
| if (getsockopt(handle.handle, SOL_SOCKET, SO_PEERCRED, &cred, &cred_len) < |
| 0) { |
| PLOG(ERROR) << "getsockopt " << handle.handle; |
| return false; |
| } |
| if (static_cast<unsigned>(cred_len) < sizeof(cred)) { |
| NOTREACHED() << "Truncated ucred from SO_PEERCRED?"; |
| return false; |
| } |
| *peer_euid = cred.uid; |
| return true; |
| #endif |
| } |
| |
| bool IsPeerAuthorized(PlatformHandle peer_handle) { |
| uid_t peer_euid; |
| if (!GetPeerEuid(peer_handle, &peer_euid)) |
| return false; |
| if (peer_euid != geteuid()) { |
| DLOG(ERROR) << "Client euid is not authorised"; |
| return false; |
| } |
| return true; |
| } |
| #endif // !defined(OS_NACL) |
| |
| } // namespace |
| |
| // On Linux, |SIGPIPE| is suppressed by passing |MSG_NOSIGNAL| to |
| // |send()|/|sendmsg()|. (There is no way of suppressing |SIGPIPE| on |
| // |write()|/|writev().) On Mac, |SIGPIPE| is suppressed by setting the |
| // |SO_NOSIGPIPE| option on the socket. |
| // |
| // Performance notes: |
| // - On Linux, we have to use |send()|/|sendmsg()| rather than |
| // |write()|/|writev()| in order to suppress |SIGPIPE|. This is okay, since |
| // |send()| is (slightly) faster than |write()| (!), while |sendmsg()| is |
| // quite comparable to |writev()|. |
| // - On Mac, we may use |write()|/|writev()|. Here, |write()| is considerably |
| // faster than |send()|, whereas |sendmsg()| is quite comparable to |
| // |writev()|. |
| // - On both platforms, an appropriate |sendmsg()|/|writev()| is considerably |
| // faster than two |send()|s/|write()|s. |
| // - Relative numbers (minimum real times from 10 runs) for one |write()| of |
| // 1032 bytes, one |send()| of 1032 bytes, one |writev()| of 32+1000 bytes, |
| // one |sendmsg()| of 32+1000 bytes, two |write()|s of 32 and 1000 bytes, two |
| // |send()|s of 32 and 1000 bytes: |
| // - Linux: 0.81 s, 0.77 s, 0.87 s, 0.89 s, 1.31 s, 1.22 s |
| // - Mac: 2.21 s, 2.91 s, 2.98 s, 3.08 s, 3.59 s, 4.74 s |
| |
| // Flags to use with calling |send()| or |sendmsg()| (see above). |
| #if defined(OS_MACOSX) |
| const int kSendFlags = 0; |
| #else |
| const int kSendFlags = MSG_NOSIGNAL; |
| #endif |
| |
| ssize_t PlatformChannelWrite(PlatformHandle h, |
| const void* bytes, |
| size_t num_bytes) { |
| DCHECK(h.is_valid()); |
| DCHECK(bytes); |
| DCHECK_GT(num_bytes, 0u); |
| |
| #if defined(OS_MACOSX) || defined(OS_NACL_NONSFI) |
| // send() is not available under NaCl-nonsfi. |
| return HANDLE_EINTR(write(h.handle, bytes, num_bytes)); |
| #else |
| return send(h.handle, bytes, num_bytes, kSendFlags); |
| #endif |
| } |
| |
| ssize_t PlatformChannelWritev(PlatformHandle h, |
| struct iovec* iov, |
| size_t num_iov) { |
| DCHECK(h.is_valid()); |
| DCHECK(iov); |
| DCHECK_GT(num_iov, 0u); |
| |
| #if defined(OS_MACOSX) |
| return HANDLE_EINTR(writev(h.handle, iov, static_cast<int>(num_iov))); |
| #else |
| struct msghdr msg = {}; |
| msg.msg_iov = iov; |
| msg.msg_iovlen = num_iov; |
| return HANDLE_EINTR(sendmsg(h.handle, &msg, kSendFlags)); |
| #endif |
| } |
| |
| ssize_t PlatformChannelSendmsgWithHandles(PlatformHandle h, |
| struct iovec* iov, |
| size_t num_iov, |
| PlatformHandle* platform_handles, |
| size_t num_platform_handles) { |
| DCHECK(iov); |
| DCHECK_GT(num_iov, 0u); |
| DCHECK(platform_handles); |
| DCHECK_GT(num_platform_handles, 0u); |
| DCHECK_LE(num_platform_handles, kPlatformChannelMaxNumHandles); |
| |
| char cmsg_buf[CMSG_SPACE(kPlatformChannelMaxNumHandles * sizeof(int))]; |
| struct msghdr msg = {}; |
| msg.msg_iov = iov; |
| msg.msg_iovlen = num_iov; |
| msg.msg_control = cmsg_buf; |
| msg.msg_controllen = CMSG_LEN(num_platform_handles * sizeof(int)); |
| struct cmsghdr* cmsg = CMSG_FIRSTHDR(&msg); |
| cmsg->cmsg_level = SOL_SOCKET; |
| cmsg->cmsg_type = SCM_RIGHTS; |
| cmsg->cmsg_len = CMSG_LEN(num_platform_handles * sizeof(int)); |
| for (size_t i = 0; i < num_platform_handles; i++) { |
| DCHECK(platform_handles[i].is_valid()); |
| reinterpret_cast<int*>(CMSG_DATA(cmsg))[i] = platform_handles[i].handle; |
| } |
| |
| return HANDLE_EINTR(sendmsg(h.handle, &msg, kSendFlags)); |
| } |
| |
| bool PlatformChannelSendHandles(PlatformHandle h, |
| PlatformHandle* handles, |
| size_t num_handles) { |
| DCHECK(handles); |
| DCHECK_GT(num_handles, 0u); |
| DCHECK_LE(num_handles, kPlatformChannelMaxNumHandles); |
| |
| // Note: |sendmsg()| fails on Mac if we don't write at least one character. |
| struct iovec iov = {const_cast<char*>(""), 1}; |
| char cmsg_buf[CMSG_SPACE(kPlatformChannelMaxNumHandles * sizeof(int))]; |
| struct msghdr msg = {}; |
| msg.msg_iov = &iov; |
| msg.msg_iovlen = 1; |
| msg.msg_control = cmsg_buf; |
| msg.msg_controllen = CMSG_LEN(num_handles * sizeof(int)); |
| struct cmsghdr* cmsg = CMSG_FIRSTHDR(&msg); |
| cmsg->cmsg_level = SOL_SOCKET; |
| cmsg->cmsg_type = SCM_RIGHTS; |
| cmsg->cmsg_len = CMSG_LEN(num_handles * sizeof(int)); |
| for (size_t i = 0; i < num_handles; i++) { |
| DCHECK(handles[i].is_valid()); |
| reinterpret_cast<int*>(CMSG_DATA(cmsg))[i] = handles[i].handle; |
| } |
| |
| ssize_t result = HANDLE_EINTR(sendmsg(h.handle, &msg, kSendFlags)); |
| if (result < 1) { |
| DCHECK_EQ(result, -1); |
| return false; |
| } |
| |
| for (size_t i = 0; i < num_handles; i++) |
| handles[i].CloseIfNecessary(); |
| return true; |
| } |
| |
| ssize_t PlatformChannelRecvmsg(PlatformHandle h, |
| void* buf, |
| size_t num_bytes, |
| std::deque<PlatformHandle>* platform_handles, |
| bool block) { |
| DCHECK(buf); |
| DCHECK_GT(num_bytes, 0u); |
| DCHECK(platform_handles); |
| |
| struct iovec iov = {buf, num_bytes}; |
| char cmsg_buf[CMSG_SPACE(kPlatformChannelMaxNumHandles * sizeof(int))]; |
| struct msghdr msg = {}; |
| msg.msg_iov = &iov; |
| msg.msg_iovlen = 1; |
| msg.msg_control = cmsg_buf; |
| msg.msg_controllen = sizeof(cmsg_buf); |
| |
| ssize_t result = |
| HANDLE_EINTR(recvmsg(h.handle, &msg, block ? 0 : MSG_DONTWAIT)); |
| if (result < 0) |
| return result; |
| |
| // Success; no control messages. |
| if (msg.msg_controllen == 0) |
| return result; |
| |
| DCHECK(!(msg.msg_flags & MSG_CTRUNC)); |
| |
| for (cmsghdr* cmsg = CMSG_FIRSTHDR(&msg); cmsg; |
| cmsg = CMSG_NXTHDR(&msg, cmsg)) { |
| if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) { |
| size_t payload_length = cmsg->cmsg_len - CMSG_LEN(0); |
| DCHECK_EQ(payload_length % sizeof(int), 0u); |
| size_t num_fds = payload_length / sizeof(int); |
| const int* fds = reinterpret_cast<int*>(CMSG_DATA(cmsg)); |
| for (size_t i = 0; i < num_fds; i++) { |
| platform_handles->push_back(PlatformHandle(fds[i])); |
| DCHECK(platform_handles->back().is_valid()); |
| } |
| } |
| } |
| |
| return result; |
| } |
| |
| bool ServerAcceptConnection(PlatformHandle server_handle, |
| ScopedPlatformHandle* connection_handle, |
| bool check_peer_user) { |
| DCHECK(server_handle.is_valid()); |
| connection_handle->reset(); |
| #if defined(OS_NACL) |
| NOTREACHED(); |
| return false; |
| #else |
| ScopedPlatformHandle accept_handle( |
| PlatformHandle(HANDLE_EINTR(accept(server_handle.handle, NULL, 0)))); |
| if (!accept_handle.is_valid()) |
| return IsRecoverableError(); |
| |
| // Verify that the IPC channel peer is running as the same user. |
| if (check_peer_user && !IsPeerAuthorized(accept_handle.get())) { |
| return true; |
| } |
| |
| if (!base::SetNonBlocking(accept_handle.get().handle)) { |
| PLOG(ERROR) << "base::SetNonBlocking() failed " |
| << accept_handle.get().handle; |
| // It's safe to keep listening on |server_handle| even if the attempt to set |
| // O_NONBLOCK failed on the client fd. |
| return true; |
| } |
| |
| *connection_handle = std::move(accept_handle); |
| return true; |
| #endif // defined(OS_NACL) |
| } |
| |
| } // namespace edk |
| } // namespace mojo |