blob: b4f95cb593ce5f00964fedaea13ad2c353cb13e2 [file] [log] [blame]
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef DBUS_FILE_DESCRIPTOR_H_
#define DBUS_FILE_DESCRIPTOR_H_
#include "base/memory/scoped_ptr.h"
#include "base/move.h"
#include "dbus/dbus_export.h"
namespace dbus {
// FileDescriptor is a type used to encapsulate D-Bus file descriptors
// and to follow the RAII idiom appropiate for use with message operations
// where the descriptor might be easily leaked. To guard against this the
// descriptor is closed when an instance is destroyed if it is owned.
// Ownership is asserted only when PutValue is used and TakeValue can be
// used to take ownership.
//
// For example, in the following
// FileDescriptor fd;
// if (!reader->PopString(&name) ||
// !reader->PopFileDescriptor(&fd) ||
// !reader->PopUint32(&flags)) {
// the descriptor in fd will be closed if the PopUint32 fails. But
// writer.AppendFileDescriptor(dbus::FileDescriptor(1));
// will not automatically close "1" because it is not owned.
//
// Descriptors must be validated before marshalling in a D-Bus message
// or using them after unmarshalling. We disallow descriptors to a
// directory to reduce the security risks. Splitting out validation
// also allows the caller to do this work on the File thread to conform
// with i/o restrictions.
class CHROME_DBUS_EXPORT FileDescriptor {
MOVE_ONLY_TYPE_FOR_CPP_03(FileDescriptor);
public:
// This provides a simple way to pass around file descriptors since they must
// be closed on a thread that is allowed to perform I/O.
struct Deleter {
void CHROME_DBUS_EXPORT operator()(FileDescriptor* fd);
};
// Permits initialization without a value for passing to
// dbus::MessageReader::PopFileDescriptor to fill in and from int values.
FileDescriptor() : value_(-1), owner_(false), valid_(false) {}
explicit FileDescriptor(int value) : value_(value), owner_(false),
valid_(false) {}
FileDescriptor(FileDescriptor&& other);
virtual ~FileDescriptor();
FileDescriptor& operator=(FileDescriptor&& other);
// Retrieves value as an int without affecting ownership.
int value() const;
// Retrieves whether or not the descriptor is ok to send/receive.
int is_valid() const { return valid_; }
// Sets the value and assign ownership.
void PutValue(int value) {
value_ = value;
owner_ = true;
valid_ = false;
}
// Takes the value and ownership.
int TakeValue();
// Checks (and records) validity of the file descriptor.
// We disallow directories to avoid potential sandbox escapes.
// Note this call must be made on a thread where file i/o is allowed.
void CheckValidity();
private:
void Swap(FileDescriptor* other);
int value_;
bool owner_;
bool valid_;
};
using ScopedFileDescriptor =
scoped_ptr<FileDescriptor, FileDescriptor::Deleter>;
} // namespace dbus
#endif // DBUS_FILE_DESCRIPTOR_H_