Google Git
Sign in
chromium / chromium / src / 4047bc135031f8b1403abe57a4193fbcf9ee6b1b / . / mojo / public / c / system / invitation.h
blob: 09909417f5a39efc1f7ba508f1bf3bab480fef15 [file] [log] [blame]
// Copyright 2018 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// This file contains type and function definitions relevant to Mojo invitation
// APIs.
//
// Note: This header should be compilable as C.
#ifndef MOJO_PUBLIC_C_SYSTEM_INVITATION_H_
#define MOJO_PUBLIC_C_SYSTEM_INVITATION_H_
#include <stdint.h>
#include "mojo/public/c/system/macros.h"
#include "mojo/public/c/system/platform_handle.h"
#include "mojo/public/c/system/system_export.h"
#include "mojo/public/c/system/types.h"
// Flags included in |MojoProcessErrorDetails| indicating additional status
// information.
typedef uint32_t MojoProcessErrorFlags;
// No flags.
#define MOJO_PROCESS_ERROR_FLAG_NONE ((MojoProcessErrorFlags)0)
// If set, the process has been disconnected. No further
// |MojoProcessErrorHandler| invocations occur for it, and any IPC primitives
// (message pipes, data pipes) which were connected to it have been or will
// imminently be disconnected.
#define MOJO_PROCESS_ERROR_FLAG_DISCONNECTED ((MojoProcessErrorFlags)1)
// Details regarding why an invited process has had its connection to this
// process terminated by the system. See |MojoProcessErrorHandler| and
// |MojoSendInvitation()|.
struct MOJO_ALIGNAS(8) MojoProcessErrorDetails {
// The size of this structure, used for versioning.
uint32_t struct_size;
// The length of the string pointed to by |error_message| below.
uint32_t error_message_length;
// An error message corresponding to the reason why the connection was
// terminated. This is an information message which may be useful to
// developers.
MOJO_POINTER_FIELD(const char*, error_message);
// See |MojoProcessErrorFlags|.
MojoProcessErrorFlags flags;
};
MOJO_STATIC_ASSERT(sizeof(struct MojoProcessErrorDetails) == 24,
"MojoProcessErrorDetails has wrong size.");
// An opaque process handle value which must be provided when sending an
// invitation to another process via a platform transport. See
// |MojoSendInvitation()|.
struct MOJO_ALIGNAS(8) MojoPlatformProcessHandle {
// The size of this structure, used for versioning.
uint32_t struct_size;
// The process handle value. For Windows this is a valid process HANDLE value.
// For Fuchsia it must be |zx_handle_t| process handle, and for all other
// POSIX systems, it's a PID.
uint64_t value;
};
MOJO_STATIC_ASSERT(sizeof(struct MojoPlatformProcessHandle) == 16,
"MojoPlatformProcesHandle has wrong size.");
// Enumeration indicating the type of transport over which an invitation will be
// sent or received.
typedef uint32_t MojoInvitationTransportType;
// The channel transport type embodies common platform-specific OS primitives
// for FIFO message passing:
// - For Windows, this is a named pipe.
// - For Fuchsia, it's a channel.
// - For all other POSIX systems, it's a Unix domain socket pair.
//
// See |MojoInvitationTransportHandle| for details.
#define MOJO_INVITATION_TRANSPORT_TYPE_CHANNEL ((MojoInvitationTransportType)0)
// Similar to CHANNEL transport, but used for an endpoint which requires an
// additional step to accept an inbound connection. This corresponds to a
// bound listening socket on POSIX, or named pipe server handle on Windows.
//
// The remote endpoint should establish a working connection to the server side
// and wrap the handle to that connection using a CHANNEL transport.
#define MOJO_INVITATION_TRANSPORT_TYPE_CHANNEL_SERVER \
((MojoInvitationTransportType)1)
// A transport endpoint over which an invitation may be sent or received via
// |MojoSendInvitation()| or |MojoAcceptInvitation()| respectively.
struct MOJO_ALIGNAS(8) MojoInvitationTransportEndpoint {
// The size of this structure, used for versioning.
uint32_t struct_size;
// The type of this transport endpoint. See |MojoInvitationTransportType|.
MojoInvitationTransportType type;
// The number of platform handles in |platform_handles| below.
uint32_t num_platform_handles;
// Platform handle(s) corresponding to the system object(s) backing this
// endpoint. The concrete type of the handle(s) depends on |type|.
//
// For |MOJO_INVITATION_TRANSPORT_TYPE_CHANNEL| endpoints:
// - On Windows, this is a single named pipe HANDLE
// - On Fuchsua, this is a single channel Fuchsia handle
// - On other POSIX systems, this is a single Unix domain socket file
// descriptor.
MOJO_POINTER_FIELD(const struct MojoPlatformHandle*, platform_handles);
};
MOJO_STATIC_ASSERT(sizeof(struct MojoInvitationTransportEndpoint) == 24,
"MojoInvitationTransportEndpoint has wrong size.");
// Flags passed to |MojoCreateInvitation()| via |MojoCreateInvitationOptions|.
typedef uint32_t MojoCreateInvitationFlags;
// No flags. Default behavior.
#define MOJO_CREATE_INVITATION_FLAG_NONE ((MojoCreateInvitationFlags)0)
// Options passed to |MojoCreateInvitation()|.
struct MOJO_ALIGNAS(8) MojoCreateInvitationOptions {
// The size of this structure, used for versioning.
uint32_t struct_size;
// See |MojoCreateInvitationFlags|.
MojoCreateInvitationFlags flags;
};
MOJO_STATIC_ASSERT(sizeof(struct MojoCreateInvitationOptions) == 8,
"MojoCreateInvitationOptions has wrong size");
// Flags passed to |MojoAttachMessagePipeToInvitation()| via
// |MojoAttachMessagePipeToInvitationOptions|.
typedef uint32_t MojoAttachMessagePipeToInvitationFlags;
// No flags. Default behavior.
#define MOJO_ATTACH_MESSAGE_PIPE_TO_INVITATION_FLAG_NONE \
((MojoAttachMessagePipeToInvitationFlags)0)
// Options passed to |MojoAttachMessagePipeToInvitation()|.
struct MOJO_ALIGNAS(8) MojoAttachMessagePipeToInvitationOptions {
// The size of this structure, used for versioning.
uint32_t struct_size;
// See |MojoAttachMessagePipeToInvitationFlags|.
MojoAttachMessagePipeToInvitationFlags flags;
};
MOJO_STATIC_ASSERT(sizeof(struct MojoAttachMessagePipeToInvitationOptions) == 8,
"MojoAttachMessagePipeToInvitationOptions has wrong size");
// Flags passed to |MojoExtractMessagePipeFromInvitation()| via
// |MojoExtractMessagePipeFromInvitationOptions|.
typedef uint32_t MojoExtractMessagePipeFromInvitationFlags;
// No flags. Default behavior.
#define MOJO_EXTRACT_MESSAGE_PIPE_FROM_INVITATION_FLAG_NONE \
((MojoExtractMessagePipeFromInvitationFlags)0)
// Options passed to |MojoExtractMessagePipeFromInvitation()|.
struct MOJO_ALIGNAS(8) MojoExtractMessagePipeFromInvitationOptions {
// The size of this structure, used for versioning.
uint32_t struct_size;
// See |MojoExtractMessagePipeFromInvitationFlags|.
MojoExtractMessagePipeFromInvitationFlags flags;
};
MOJO_STATIC_ASSERT(
sizeof(struct MojoExtractMessagePipeFromInvitationOptions) == 8,
"MojoExtractMessagePipeFromInvitationOptions has wrong size");
// Flags passed to |MojoSendInvitation()| via |MojoSendInvitationOptions|.
typedef uint32_t MojoSendInvitationFlags;
// No flags. Default behavior.
#define MOJO_SEND_INVITATION_FLAG_NONE ((MojoSendInvitationFlags)0)
// Send an isolated invitation to the receiver. Isolated invitations only
// establish communication between the sender and the receiver. Accepting an
// isolated invitation does not make IPC possible between the sender and any
// other members of the receiver's process graph, nor does it make IPC possible
// between the receiver and any other members of the sender's process graph.
//
// Invitations sent with this flag set must be accepted with the corresponding
// |MOJO_ACCEPT_INVITATION_FLAG_ISOLATED| flag set, and may only have a single
// message pipe attached with a name of exactly four zero-bytes ("\0\0\0\0").
#define MOJO_SEND_INVITATION_FLAG_ISOLATED ((MojoSendInvitationFlags)1)
// Options passed to |MojoSendInvitation()|.
struct MOJO_ALIGNAS(8) MojoSendInvitationOptions {
// The size of this structure, used for versioning.
uint32_t struct_size;
// See |MojoSendInvitationFlags|.
MojoSendInvitationFlags flags;
// If |flags| includes |MOJO_SEND_INVITATION_FLAG_ISOLATED| then these fields
// specify a name identifying the established isolated connection. There are
// no restrictions on the value given. If |isolated_connection_name_length| is
// non-zero, the system ensures that only one isolated process connection can
// exist for the given name at any time.
MOJO_POINTER_FIELD(const char*, isolated_connection_name);
uint32_t isolated_connection_name_length;
};
MOJO_STATIC_ASSERT(sizeof(struct MojoSendInvitationOptions) == 24,
"MojoSendInvitationOptions has wrong size");
// Flags passed to |MojoAcceptInvitation()| via |MojoAcceptInvitationOptions|.
typedef uint32_t MojoAcceptInvitationFlags;
// No flags. Default behavior.
#define MOJO_ACCEPT_INVITATION_FLAG_NONE ((MojoAcceptInvitationFlags)0)
// Accept an isoalted invitation from the sender. See
// |MOJO_SEND_INVITATION_FLAG_ISOLATED| for details.
#define MOJO_ACCEPT_INVITATION_FLAG_ISOLATED ((MojoAcceptInvitationFlags)1)
// Options passed to |MojoAcceptInvitation()|.
struct MOJO_ALIGNAS(8) MojoAcceptInvitationOptions {
// The size of this structure, used for versioning.
uint32_t struct_size;
// See |MojoAcceptInvitationFlags|.
MojoAcceptInvitationFlags flags;
};
MOJO_STATIC_ASSERT(sizeof(struct MojoAcceptInvitationOptions) == 8,
"MojoAcceptInvitationOptions has wrong size");
#ifdef __cplusplus
extern "C" {
#endif
// A callback which may be invoked by the system when a connection to an invited
// process is terminated due to a communication error (i.e. the invited process
// has sent a message which fails some validation check in the system). See
// |MojoSendInvitation()|.
//
// |context| is the value of |context| given to |MojoSendInvitation()| when
// inviting the process for whom this callback is being invoked.
typedef void (*MojoProcessErrorHandler)(
uintptr_t context,
const struct MojoProcessErrorDetails* details);
// Creates a new invitation to be sent to another process.
//
// An invitation is used to invite another process to join this process's
// IPC network. The caller must already be a member of a Mojo network, either
// either by itself having been previously invited, or by being the Mojo broker
// process initialized via the Mojo Core Embedder API.
//
// Invitations can have message pipes attached to them, and these message pipes
// are used to bootstrap Mojo IPC between the inviter and the invitee. See
// |MojoAttachMessagePipeToInvitation()| for attaching message pipes, and
// |MojoSendInvitation()| for sending an invitation.
//
// |options| controls behavior. May be null for default behavior.
// |invitation_handle| must be the address of storage for a MojoHandle value
// to be output upon success.
//
// NOTE: If discarding an invitation instead of sending it with
// |MojoSendInvitation()|, you must close its handle (i.e. |MojoClose()|) to
// avoid leaking associated system resources.
//
// Returns:
// |MOJO_RESULT_OK| if the invitation was created successfully. The new
// invitation's handle is stored in |*invitation_handle| before returning.
// |MOJO_RESULT_INVALID_ARGUMENT| if |options| was non-null but malformed.
// |MOJO_RESULT_RESOURCE_EXHAUSTED| if a handle could not be allocated for the
// new invitation.
MOJO_SYSTEM_EXPORT MojoResult
MojoCreateInvitation(const struct MojoCreateInvitationOptions* options,
MojoHandle* invitation_handle);
// Attaches a message pipe endpoint to an invitation.
//
// This creates a new message pipe which will span the boundary between the
// calling process and the invitation's eventual target process. One end of the
// new pipe is attached to the invitation while the other end is returned to the
// caller. Every attached message pipe has an arbitrary |name| value which
// identifies it within the invitation.
//
// Message pipes can be extracted by the recipient by calling
// |MojoExtractMessagePipeFromInvitation()|. It is up to applications to
// communicate out-of-band or establish a convention for how attached pipes
// are named.
//
// |invitation_handle| is the invitation to which a pipe should be attached.
// |name| is an arbitrary name to give this pipe, required to extract the pipe
// on the receiving end of the invitation. Note that the name is scoped to
// this invitation only, so e.g. multiple invitations may attach pipes with
// the name "foo", but any given invitation may only have a single pipe
// attached with that name.
// |name_num_bytes| is the number of bytes from |name| to use as the name.
// |options| controls behavior. May be null for default behavior.
// |message_pipe_handle| is the address of storage for a MojoHandle value.
// Upon success, the handle of the local endpoint of the new message pipe
// will be stored here.
//
// Returns:
// |MOJO_RESULT_OK| if the pipe was created and attached successfully. The
// local endpoint of the pipe has its handle stored in
// |*message_pipe_handle| before returning. The other endpoint is attached
// to the invitation.
// |MOJO_RESULT_INVALID_ARGUMENT| if |invitation_handle| was not an invitation
// handle, |options| was non-null but malformed, or |message_pipe_handle|
// was null.
// |MOJO_RESULT_ALREADY_EXISTS| if |name| was already in use for this
// invitation.
// |MOJO_RESULT_RESOURCE_EXHAUSTED| if a handle could not be allocated for the
// new local message pipe endpoint.
MOJO_SYSTEM_EXPORT MojoResult MojoAttachMessagePipeToInvitation(
MojoHandle invitation_handle,
const void* name,
uint32_t name_num_bytes,
const struct MojoAttachMessagePipeToInvitationOptions* options,
MojoHandle* message_pipe_handle);
// Extracts a message pipe endpoint from an invitation.
//
// |invitation_handle| is the invitation from which to extract the endpoint.
// |name| is the name of the endpoint within the invitation. This corresponds
// to the name that was given to |MojoAttachMessagePipeToInvitation()| when
// the endpoint was attached.
// |name_num_bytes| is the number of bytes from |name| to use as the name.
// |options| controls behavior. May be null for default behavior.
// |message_pipe_handle| is the address of storage for a MojoHandle value.
// Upon success, the handle of the extracted message pipe endpoint will be
// stored here.
//
// Note that it is possible to extract an endpoint from an invitation even
// before the invitation has been sent to a remote process. If this is done and
// then the invitation is sent, the receiver will not see this endpoint as it
// will no longer be attached.
//
// Returns:
// |MOJO_RESULT_OK| if a new local message pipe endpoint was successfully
// created and returned in |*message_pipe_handle|. Note that the
// association of this endpoint with an invitation attachment is
// necessarily an asynchronous operation, and it is not known at return
// whether an attachment named |name| actually exists on the invitation.
// As such, the operation may still fail eventually, resuling in a broken
// pipe, i.e. the extracted pipe will signal peer closure.
// |MOJO_RESULT_INVALID_ARGUMENT| if |invitation_handle| was not an invitation
// handle, |options| was non-null but malformed, or |message_pipe_handle|
// was null.
// |MOJO_RESULT_RESOURCE_EXHAUSTED| if a handle could not be allocated for the
// new local message pipe endpoint.
// |MOJO_RESULT_NOT_FOUND| if it is known at call time that there is no pipe
// named |name| attached to the invitation. This is possible if the
// invtation was created within the calling process by
// |MojoCreateInvitation()|.
MOJO_SYSTEM_EXPORT MojoResult MojoExtractMessagePipeFromInvitation(
MojoHandle invitation_handle,
const void* name,
uint32_t name_num_bytes,
const struct MojoExtractMessagePipeFromInvitationOptions* options,
MojoHandle* message_pipe_handle);
// Sends an invitation on a transport endpoint to bootstrap IPC between the
// calling process and another process.
//
// |invitation_handle| is the handle of the invitation to send.
// |process_handle| is an opaque, platform-specific handle to the remote
// process. See |MojoPlatformProcessHandle|. This is not necessarily
// required to be a valid process handle, but on some platforms (namely
// Windows and Mac) it's important if the invitation target will need to
// send or receive any kind of platform handles (including shared memory)
// over Mojo message pipes.
// |transport_endpoint| is one endpoint of a platform transport primitive, the
// other endpoint of which should be established within the process
// corresponding to |*process_handle|. See |MojoInvitationTransportEndpoint|
// for details.
// |error_handler| is a function to invoke if the connection to the invitee
// encounters any kind of error condition, e.g. a message validation failure
// reported by |MojoNotifyBadMessage()|, or permanent disconnection. See
// |MojoProcessErrorDetails| for more information.
// |error_handler_context| is an arbitrary value to be associated with this
// process invitation. This value is passed as the |context| argument to
// |error_handler| when invoked regarding this invitee.
// |options| controls behavior. May be null for default behavior.
//
// This assumes ownership of any platform handles in |transport_endpoint| if
// and only if returning |MOJO_RESULT_OK|. In that case, |invitation_handle| is
// also invalidated.
//
// NOTE: It's pointless to send an invitation without at least one message pipe
// attached, so it is considered an error to attempt to do so.
//
// Returns:
// |MOJO_RESULT_OK| if the invitation was successfully sent over the
// transport. |invitation_handle| is implicitly closed. Note that this
// does not guarantee that the invitation has been received by the target
// yet, or that it ever will be (e.g. the target process may terminate
// first or simply fail to accept the invitation).
// |MOJO_RESULT_INVALID_ARGUMENT| if |invitation_handle| was not an invitation
// handle, |transport_endpoint| was null or malformed, or |options| was
// non-null but malformed.
// |MOJO_RESULT_ABORTED| if the system failed to issue any necessary
// communication via |transport_endpoint|, possibly due to a configuration
// issue with the endpoint. The caller may attempt to correct this
// situation and call again.
// |MOJO_RESULT_FAILED_PRECONDITION| if there were no message pipes attached
// to the invitation. The caller may correct this situation and call
// again.
// |MOJO_RESULT_UNIMPLEMENTED| if the transport endpoint type is not supported
// by the system's version of Mojo.
MOJO_SYSTEM_EXPORT MojoResult MojoSendInvitation(
MojoHandle invitation_handle,
const struct MojoPlatformProcessHandle* process_handle,
const struct MojoInvitationTransportEndpoint* transport_endpoint,
MojoProcessErrorHandler error_handler,
uintptr_t error_handler_context,
const struct MojoSendInvitationOptions* options);
// Accepts an invitation from a transport endpoint to complete IPC bootstrapping
// between the calling process and whoever sent the invitation from the other
// end of the transport.
//
// |transport_endpoint| is one endpoint of a platform transport primitive, the
// other endpoint of which should be established within a process
// who has sent or will send an invitation via that endpoint. See
// |MojoInvitationTransportEndpoint| for details.
// |options| controls behavior. May be null for default behavior.
// |invitation_handle| is the address of storage for a MojoHandle value. Upon
// success, the handle of the accepted invitation will be stored here.
//
// Once an invitation is accepted, message pipes endpoints may be extracted from
// it by calling |MojoExtractMessagePipeFromInvitation()|.
//
// Note that it is necessary to eventually close (i.e. |MojoClose()|) any
// accepted invitation handle in order to clean up any associated system
// resources. If an accepted invitation is closed while it still has message
// pipes attached (i.e. not exracted as above), those pipe endpoints are also
// closed.
//
// Returns:
// |MOJO_RESULT_OK| if the invitation was successfully accepted. The handle
// to the invitation is stored in |*invitation_handle| before returning.
// |MOJO_RESULT_INVALID_ARGUMENT| if |transport_endpoint| was null or
// malfored, |options| was non-null but malformed, or |invitation_handle|
// was null.
// |MOJO_RESULT_ABORTED| if the system failed to receive any communication via
// |transport_endpoint|, possibly due to some configuration error. The
// caller may attempt to correct this situation and call again.
// |MOJO_RESULT_UNIMPLEMENTED| if the transport endpoint type is not supported
// by the system's version of Mojo.
MOJO_SYSTEM_EXPORT MojoResult MojoAcceptInvitation(
const struct MojoInvitationTransportEndpoint* transport_endpoint,
const struct MojoAcceptInvitationOptions* options,
MojoHandle* invitation_handle);
#ifdef __cplusplus
} // extern "C"
#endif
#endif // MOJO_PUBLIC_C_SYSTEM_INVITATION_H_