| // Copyright 2024 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "mojo/proxy/portal_proxy.h" |
| |
| #include <cstddef> |
| #include <cstdint> |
| #include <utility> |
| #include <vector> |
| |
| #include "base/check.h" |
| #include "base/memory/platform_shared_memory_region.h" |
| #include "base/memory/raw_ref.h" |
| #include "base/notreached.h" |
| #include "mojo/core/ipcz_driver/object.h" |
| #include "mojo/core/ipcz_driver/shared_buffer.h" |
| #include "mojo/core/ipcz_driver/wrapped_platform_handle.h" |
| #include "mojo/proxy/node_proxy.h" |
| #include "mojo/public/c/system/buffer.h" |
| #include "mojo/public/c/system/platform_handle.h" |
| #include "mojo/public/c/system/trap.h" |
| #include "mojo/public/c/system/types.h" |
| #include "mojo/public/cpp/platform/platform_handle.h" |
| #include "mojo/public/cpp/system/message_pipe.h" |
| #include "mojo/public/cpp/system/platform_handle.h" |
| #include "mojo/public/cpp/system/trap.h" |
| #include "third_party/ipcz/include/ipcz/ipcz.h" |
| |
| namespace mojo_proxy { |
| |
| using mojo::core::ScopedIpczHandle; |
| |
| PortalProxy::PortalProxy(const raw_ref<const IpczAPI> ipcz, |
| NodeProxy& node_proxy, |
| ScopedIpczHandle portal, |
| mojo::ScopedMessagePipeHandle pipe) |
| : ipcz_(ipcz), |
| node_proxy_(node_proxy), |
| portal_(std::move(portal)), |
| pipe_(std::move(pipe)) { |
| CHECK_EQ(mojo::CreateTrap(&OnMojoPipeActivity, &pipe_trap_), MOJO_RESULT_OK); |
| const MojoResult add_trigger_result = MojoAddTrigger( |
| pipe_trap_->value(), pipe_->value(), MOJO_HANDLE_SIGNAL_READABLE, |
| MOJO_TRIGGER_CONDITION_SIGNALS_SATISFIED, trap_context(), nullptr); |
| CHECK_EQ(add_trigger_result, MOJO_RESULT_OK); |
| } |
| |
| PortalProxy::~PortalProxy() = default; |
| |
| void PortalProxy::Start() { |
| CHECK(!disconnected_); |
| CHECK(!watching_portal_); |
| CHECK(!watching_pipe_); |
| |
| Flush(); |
| } |
| |
| void PortalProxy::Flush() { |
| CHECK(!in_flush_); |
| in_flush_ = true; |
| while (!disconnected_ && (!watching_portal_ || !watching_pipe_)) { |
| if (!disconnected_ && !watching_portal_) { |
| FlushAndWatchPortal(); |
| } |
| if (!disconnected_ && !watching_pipe_) { |
| FlushAndWatchPipe(); |
| } |
| } |
| in_flush_ = false; |
| |
| if (disconnected_) { |
| // Deletes `this`. |
| Die(); |
| } |
| } |
| |
| void PortalProxy::FlushAndWatchPortal() { |
| for (;;) { |
| std::vector<uint8_t> data; |
| size_t num_bytes = 0; |
| std::vector<IpczHandle> handles; |
| size_t num_handles = 0; |
| IpczResult result = |
| ipcz_->Get(portal_.get(), IPCZ_NO_FLAGS, nullptr, nullptr, &num_bytes, |
| nullptr, &num_handles, nullptr); |
| if (result == IPCZ_RESULT_OK) { |
| mojo::WriteMessageRaw(pipe_.get(), nullptr, 0, nullptr, 0, |
| MOJO_WRITE_MESSAGE_FLAG_NONE); |
| continue; |
| } |
| |
| if (result == IPCZ_RESULT_UNAVAILABLE) { |
| break; |
| } |
| |
| if (result != IPCZ_RESULT_RESOURCE_EXHAUSTED) { |
| disconnected_ = true; |
| return; |
| } |
| |
| data.resize(num_bytes); |
| handles.resize(num_handles); |
| result = ipcz_->Get(portal_.get(), IPCZ_NO_FLAGS, nullptr, data.data(), |
| &num_bytes, handles.data(), &num_handles, nullptr); |
| CHECK_EQ(result, IPCZ_RESULT_OK); |
| |
| std::vector<MojoHandle> mojo_handles; |
| mojo_handles.reserve(handles.size()); |
| for (IpczHandle handle : handles) { |
| mojo_handles.push_back(TranslateIpczToMojoHandle(ScopedIpczHandle(handle)) |
| .release() |
| .value()); |
| } |
| |
| mojo::WriteMessageRaw(pipe_.get(), data.data(), data.size(), |
| mojo_handles.data(), mojo_handles.size(), |
| MOJO_WRITE_MESSAGE_FLAG_NONE); |
| } |
| |
| IpczTrapConditionFlags flags; |
| const IpczTrapConditions trap_conditions{ |
| .size = sizeof(trap_conditions), |
| .flags = IPCZ_TRAP_ABOVE_MIN_LOCAL_PARCELS | IPCZ_TRAP_DEAD, |
| .min_local_parcels = 0, |
| }; |
| const IpczResult trap_result = |
| ipcz_->Trap(portal_.get(), &trap_conditions, &OnIpczPortalActivity, |
| trap_context(), IPCZ_NO_FLAGS, nullptr, &flags, nullptr); |
| if (trap_result == IPCZ_RESULT_OK) { |
| watching_portal_ = true; |
| return; |
| } |
| |
| CHECK_EQ(trap_result, IPCZ_RESULT_FAILED_PRECONDITION); |
| if (flags & IPCZ_TRAP_DEAD) { |
| disconnected_ = true; |
| } |
| } |
| |
| void PortalProxy::FlushAndWatchPipe() { |
| for (;;) { |
| std::vector<uint8_t> data; |
| std::vector<mojo::ScopedHandle> handles; |
| const MojoResult result = mojo::ReadMessageRaw(pipe_.get(), &data, &handles, |
| MOJO_READ_MESSAGE_FLAG_NONE); |
| if (result == MOJO_RESULT_SHOULD_WAIT) { |
| break; |
| } |
| |
| if (result != MOJO_RESULT_OK) { |
| disconnected_ = true; |
| return; |
| } |
| |
| std::vector<IpczHandle> ipcz_handles; |
| ipcz_handles.reserve(handles.size()); |
| for (mojo::ScopedHandle& handle : handles) { |
| ipcz_handles.push_back( |
| TranslateMojoToIpczHandle(std::move(handle)).release()); |
| } |
| |
| const IpczResult put_result = ipcz_->Put( |
| portal_.get(), data.size() ? data.data() : nullptr, data.size(), |
| ipcz_handles.size() ? ipcz_handles.data() : nullptr, |
| ipcz_handles.size(), IPCZ_NO_FLAGS, nullptr); |
| if (put_result != IPCZ_RESULT_OK) { |
| disconnected_ = true; |
| return; |
| } |
| } |
| |
| uint32_t num_events = 1; |
| MojoTrapEvent event{.struct_size = sizeof(event)}; |
| const MojoResult result = |
| MojoArmTrap(pipe_trap_->value(), nullptr, &num_events, &event); |
| if (result == MOJO_RESULT_OK) { |
| watching_pipe_ = true; |
| return; |
| } |
| |
| CHECK_EQ(result, MOJO_RESULT_FAILED_PRECONDITION); |
| CHECK_EQ(num_events, 1u); |
| if (event.result == MOJO_RESULT_FAILED_PRECONDITION) { |
| disconnected_ = true; |
| } |
| } |
| |
| ScopedIpczHandle PortalProxy::TranslateMojoToIpczHandle( |
| mojo::ScopedHandle handle) { |
| // We don't know what kind of handle is in `handle`, but we can find out. |
| // First try to unwrap it as a generic platform handle. |
| MojoPlatformHandle platform_handle; |
| platform_handle.struct_size = sizeof(platform_handle); |
| const MojoResult unwrap_result = |
| MojoUnwrapPlatformHandle(handle->value(), nullptr, &platform_handle); |
| if (unwrap_result == MOJO_RESULT_OK) { |
| std::ignore = handle.release(); |
| // Platform handles in ipcz are transmitted as boxed driver objects. |
| return ScopedIpczHandle( |
| mojo::core::ipcz_driver::WrappedPlatformHandle::MakeBoxed( |
| mojo::PlatformHandle::FromMojoPlatformHandle(&platform_handle))); |
| } |
| |
| // We can non-destructively probe for a shared buffer handle by calling |
| // MojoGetBufferInfo(). |
| MojoSharedBufferInfo info = {.struct_size = sizeof(info)}; |
| const MojoResult info_result = |
| MojoGetBufferInfo(handle->value(), nullptr, &info); |
| if (info_result == MOJO_RESULT_OK) { |
| auto region = |
| mojo::UnwrapPlatformSharedMemoryRegion(mojo::ScopedSharedBufferHandle{ |
| mojo::SharedBufferHandle{handle.release().value()}}); |
| return ScopedIpczHandle( |
| mojo::core::ipcz_driver::SharedBuffer::MakeBoxed(std::move(region))); |
| } |
| |
| // Since data pipe handles are never used on Chrome OS IPC boundaries outside |
| // the browser, we can assume that any other handles are message pipes. |
| IpczHandle portal_to_proxy, portal_to_host; |
| ipcz_->OpenPortals(mojo::core::GetIpczNode(), IPCZ_NO_FLAGS, nullptr, |
| &portal_to_proxy, &portal_to_host); |
| node_proxy_->AddPortalProxy( |
| ScopedIpczHandle{portal_to_proxy}, |
| mojo::ScopedMessagePipeHandle{ |
| mojo::MessagePipeHandle{handle.release().value()}}); |
| return ScopedIpczHandle(portal_to_host); |
| } |
| |
| mojo::ScopedHandle PortalProxy::TranslateIpczToMojoHandle( |
| ScopedIpczHandle handle) { |
| // Attempt a QueryPortalStatus() call. If this succeeds, we have a portal. |
| IpczPortalStatus status = {.size = sizeof(status)}; |
| const IpczResult query_result = |
| ipcz_->QueryPortalStatus(handle.get(), IPCZ_NO_FLAGS, nullptr, &status); |
| if (query_result == IPCZ_RESULT_OK) { |
| // Create a new Mojo message pipe to proxy through. One end is bound to a |
| // new PortalProxy with the input `handle`; the other is returned to be |
| // forwarded to the legacy client. |
| mojo::MessagePipe pipe; |
| node_proxy_->AddPortalProxy(std::move(handle), std::move(pipe.handle0)); |
| return mojo::ScopedHandle{mojo::Handle{pipe.handle1.release().value()}}; |
| } |
| |
| // Otherwise assume it's a boxed driver object. If it's not, something has |
| // gone horribly wrong, so just crash. |
| auto* object = mojo::core::ipcz_driver::ObjectBase::FromBox(handle.get()); |
| CHECK(object); |
| switch (object->type()) { |
| case mojo::core::ipcz_driver::ObjectBase::Type::kWrappedPlatformHandle: { |
| auto wrapped_handle = |
| mojo::core::ipcz_driver::WrappedPlatformHandle::Unbox( |
| handle.release()); |
| return mojo::WrapPlatformHandle(wrapped_handle->TakeHandle()); |
| } |
| |
| case mojo::core::ipcz_driver::ObjectBase::Type::kSharedBuffer: { |
| auto buffer = |
| mojo::core::ipcz_driver::SharedBuffer::Unbox(handle.release()); |
| auto mojo_buffer = |
| mojo::WrapPlatformSharedMemoryRegion(std::move(buffer->region())); |
| return mojo::ScopedHandle{mojo::Handle{mojo_buffer.release().value()}}; |
| } |
| |
| default: |
| // No other types of driver objects are supported by the proxy. |
| NOTREACHED(); |
| } |
| } |
| |
| void PortalProxy::HandlePortalActivity(IpczTrapConditionFlags flags) { |
| if (flags & IPCZ_TRAP_REMOVED) { |
| // Proxy is being shut down. Do nothing. |
| return; |
| } |
| |
| watching_portal_ = false; |
| if (flags & IPCZ_TRAP_DEAD) { |
| disconnected_ = true; |
| if (!in_flush_) { |
| // Deletes `this`. |
| Die(); |
| return; |
| } |
| } else if (!in_flush_) { |
| Flush(); |
| } |
| } |
| |
| void PortalProxy::HandlePipeActivity(MojoResult result) { |
| if (result == MOJO_RESULT_CANCELLED) { |
| // Proxy is being shut down. Do nothing. |
| return; |
| } |
| |
| watching_pipe_ = false; |
| if (result == MOJO_RESULT_FAILED_PRECONDITION) { |
| disconnected_ = true; |
| if (!in_flush_) { |
| // Deletes `this`. |
| Die(); |
| return; |
| } |
| } else if (!in_flush_) { |
| Flush(); |
| } |
| } |
| |
| void PortalProxy::Die() { |
| CHECK(!in_flush_); |
| CHECK(disconnected_); |
| |
| // Deletes `this`. |
| node_proxy_->RemovePortalProxy(this); |
| } |
| |
| } // namespace mojo_proxy |
