base/process/launch.h

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 // This file contains functions for launching subprocesses.
   6
   7 #ifndef BASE_PROCESS_LAUNCH_H_
   8 #define BASE_PROCESS_LAUNCH_H_
   9
  10 #include <string>
  11 #include <utility>
  12 #include <vector>
  13
  14 #include "base/base_export.h"
  15 #include "base/basictypes.h"
  16 #include "base/environment.h"
  17 #include "base/process/process_handle.h"
  18 #include "base/strings/string_piece.h"
  19
  20 #if defined(OS_POSIX)
  21 #include "base/posix/file_descriptor_shuffle.h"
  22 #elif defined(OS_WIN)
  23 #include <windows.h>
  24 #include "base/win/scoped_handle.h"
  25 #endif
  26
  27 namespace base {
  28
  29 class CommandLine;
  30
  31 #if defined(OS_WIN)
  32 typedef std::vector<HANDLE> HandlesToInheritVector;
  33 #endif
  34 // TODO(viettrungluu): Only define this on POSIX?
  35 typedef std::vector<std::pair<int, int> > FileHandleMappingVector;
  36
  37 // Options for launching a subprocess that are passed to LaunchProcess().
  38 // The default constructor constructs the object with default options.
  39 struct BASE_EXPORT LaunchOptions {
  40   LaunchOptions();
  41   ~LaunchOptions();
  42
  43   // If true, wait for the process to complete.
  44   bool wait;
  45
  46 #if defined(OS_WIN)
  47   bool start_hidden;
  48
  49   // If non-null, inherit exactly the list of handles in this vector (these
  50   // handles must be inheritable). This is only supported on Vista and higher.
  51   HandlesToInheritVector* handles_to_inherit;
  52
  53   // If true, the new process inherits handles from the parent. In production
  54   // code this flag should be used only when running short-lived, trusted
  55   // binaries, because open handles from other libraries and subsystems will
  56   // leak to the child process, causing errors such as open socket hangs.
  57   // Note: If |handles_to_inherit| is non-null, this flag is ignored and only
  58   // those handles will be inherited (on Vista and higher).
  59   bool inherit_handles;
  60
  61   // If non-null, runs as if the user represented by the token had launched it.
  62   // Whether the application is visible on the interactive desktop depends on
  63   // the token belonging to an interactive logon session.
  64   //
  65   // To avoid hard to diagnose problems, when specified this loads the
  66   // environment variables associated with the user and if this operation fails
  67   // the entire call fails as well.
  68   UserTokenHandle as_user;
  69
  70   // If true, use an empty string for the desktop name.
  71   bool empty_desktop_name;
  72
  73   // If non-null, launches the application in that job object. The process will
  74   // be terminated immediately and LaunchProcess() will fail if assignment to
  75   // the job object fails.
  76   HANDLE job_handle;
  77
  78   // Handles for the redirection of stdin, stdout and stderr. The handles must
  79   // be inheritable. Caller should either set all three of them or none (i.e.
  80   // there is no way to redirect stderr without redirecting stdin). The
  81   // |inherit_handles| flag must be set to true when redirecting stdio stream.
  82   HANDLE stdin_handle;
  83   HANDLE stdout_handle;
  84   HANDLE stderr_handle;
  85
  86   // If set to true, ensures that the child process is launched with the
  87   // CREATE_BREAKAWAY_FROM_JOB flag which allows it to breakout of the parent
  88   // job if any.
  89   bool force_breakaway_from_job_;
  90 #else
  91   // Set/unset environment variables. Empty (the default) means to inherit
  92   // the same environment. See AlterEnvironment().
  93   EnvironmentMap environ;
  94
  95   // If non-null, remap file descriptors according to the mapping of
  96   // src fd->dest fd to propagate FDs into the child process.
  97   // This pointer is owned by the caller and must live through the
  98   // call to LaunchProcess().
  99   const FileHandleMappingVector* fds_to_remap;
 100
 101   // Each element is an RLIMIT_* constant that should be raised to its
 102   // rlim_max.  This pointer is owned by the caller and must live through
 103   // the call to LaunchProcess().
 104   const std::vector<int>* maximize_rlimits;
 105
 106   // If true, start the process in a new process group, instead of
 107   // inheriting the parent's process group.  The pgid of the child process
 108   // will be the same as its pid.
 109   bool new_process_group;
 110
 111 #if defined(OS_LINUX)
 112   // If non-zero, start the process using clone(), using flags as provided.
 113   int clone_flags;
 114
 115   // By default, child processes will have the PR_SET_NO_NEW_PRIVS bit set. If
 116   // true, then this bit will not be set in the new child process.
 117   bool allow_new_privs;
 118 #endif  // defined(OS_LINUX)
 119
 120 #if defined(OS_CHROMEOS)
 121   // If non-negative, the specified file descriptor will be set as the launched
 122   // process' controlling terminal.
 123   int ctrl_terminal_fd;
 124 #endif  // defined(OS_CHROMEOS)
 125
 126 #endif  // !defined(OS_WIN)
 127 };
 128
 129 // Launch a process via the command line |cmdline|.
 130 // See the documentation of LaunchOptions for details on |options|.
 131 //
 132 // Returns true upon success.
 133 //
 134 // Upon success, if |process_handle| is non-null, it will be filled in with the
 135 // handle of the launched process.  NOTE: In this case, the caller is
 136 // responsible for closing the handle so that it doesn't leak!
 137 // Otherwise, the process handle will be implicitly closed.
 138 //
 139 // Unix-specific notes:
 140 // - All file descriptors open in the parent process will be closed in the
 141 //   child process except for any preserved by options::fds_to_remap, and
 142 //   stdin, stdout, and stderr. If not remapped by options::fds_to_remap,
 143 //   stdin is reopened as /dev/null, and the child is allowed to inherit its
 144 //   parent's stdout and stderr.
 145 // - If the first argument on the command line does not contain a slash,
 146 //   PATH will be searched.  (See man execvp.)
 147 BASE_EXPORT bool LaunchProcess(const CommandLine& cmdline,
 148                                const LaunchOptions& options,
 149                                ProcessHandle* process_handle);
 150
 151 #if defined(OS_WIN)
 152 // Windows-specific LaunchProcess that takes the command line as a
 153 // string.  Useful for situations where you need to control the
 154 // command line arguments directly, but prefer the CommandLine version
 155 // if launching Chrome itself.
 156 //
 157 // The first command line argument should be the path to the process,
 158 // and don't forget to quote it.
 159 //
 160 // Example (including literal quotes)
 161 //  cmdline = "c:\windows\explorer.exe" -foo "c:\bar\"
 162 BASE_EXPORT bool LaunchProcess(const string16& cmdline,
 163                                const LaunchOptions& options,
 164                                win::ScopedHandle* process_handle);
 165
 166 // Launches a process with elevated privileges.  This does not behave exactly
 167 // like LaunchProcess as it uses ShellExecuteEx instead of CreateProcess to
 168 // create the process.  This means the process will have elevated privileges
 169 // and thus some common operations like OpenProcess will fail. The process will
 170 // be available through the |process_handle| argument.  Currently the only
 171 // supported LaunchOptions are |start_hidden| and |wait|.
 172 BASE_EXPORT bool LaunchElevatedProcess(const CommandLine& cmdline,
 173                                        const LaunchOptions& options,
 174                                        ProcessHandle* process_handle);
 175
 176 #elif defined(OS_POSIX)
 177 // A POSIX-specific version of LaunchProcess that takes an argv array
 178 // instead of a CommandLine.  Useful for situations where you need to
 179 // control the command line arguments directly, but prefer the
 180 // CommandLine version if launching Chrome itself.
 181 BASE_EXPORT bool LaunchProcess(const std::vector<std::string>& argv,
 182                                const LaunchOptions& options,
 183                                ProcessHandle* process_handle);
 184
 185 // Close all file descriptors, except those which are a destination in the
 186 // given multimap. Only call this function in a child process where you know
 187 // that there aren't any other threads.
 188 BASE_EXPORT void CloseSuperfluousFds(const InjectiveMultimap& saved_map);
 189 #endif  // defined(OS_POSIX)
 190
 191 #if defined(OS_WIN)
 192 // Set |job_object|'s JOBOBJECT_EXTENDED_LIMIT_INFORMATION
 193 // BasicLimitInformation.LimitFlags to |limit_flags|.
 194 BASE_EXPORT bool SetJobObjectLimitFlags(HANDLE job_object, DWORD limit_flags);
 195
 196 // Output multi-process printf, cout, cerr, etc to the cmd.exe console that ran
 197 // chrome. This is not thread-safe: only call from main thread.
 198 BASE_EXPORT void RouteStdioToConsole();
 199 #endif  // defined(OS_WIN)
 200
 201 // Executes the application specified by |cl| and wait for it to exit. Stores
 202 // the output (stdout) in |output|. Redirects stderr to /dev/null. Returns true
 203 // on success (application launched and exited cleanly, with exit code
 204 // indicating success).
 205 BASE_EXPORT bool GetAppOutput(const CommandLine& cl, std::string* output);
 206
 207 #if defined(OS_WIN)
 208 // A Windows-specific version of GetAppOutput that takes a command line string
 209 // instead of a CommandLine object. Useful for situations where you need to
 210 // control the command line arguments directly.
 211 BASE_EXPORT bool GetAppOutput(const StringPiece16& cl, std::string* output);
 212 #endif
 213
 214 #if defined(OS_POSIX)
 215 // A POSIX-specific version of GetAppOutput that takes an argv array
 216 // instead of a CommandLine.  Useful for situations where you need to
 217 // control the command line arguments directly.
 218 BASE_EXPORT bool GetAppOutput(const std::vector<std::string>& argv,
 219                               std::string* output);
 220
 221 // A restricted version of |GetAppOutput()| which (a) clears the environment,
 222 // and (b) stores at most |max_output| bytes; also, it doesn't search the path
 223 // for the command.
 224 BASE_EXPORT bool GetAppOutputRestricted(const CommandLine& cl,
 225                                         std::string* output, size_t max_output);
 226
 227 // A version of |GetAppOutput()| which also returns the exit code of the
 228 // executed command. Returns true if the application runs and exits cleanly. If
 229 // this is the case the exit code of the application is available in
 230 // |*exit_code|.
 231 BASE_EXPORT bool GetAppOutputWithExitCode(const CommandLine& cl,
 232                                           std::string* output, int* exit_code);
 233 #endif  // defined(OS_POSIX)
 234
 235 // If supported on the platform, and the user has sufficent rights, increase
 236 // the current process's scheduling priority to a high priority.
 237 BASE_EXPORT void RaiseProcessToHighPriority();
 238
 239 #if defined(OS_MACOSX)
 240 // Restore the default exception handler, setting it to Apple Crash Reporter
 241 // (ReportCrash).  When forking and execing a new process, the child will
 242 // inherit the parent's exception ports, which may be set to the Breakpad
 243 // instance running inside the parent.  The parent's Breakpad instance should
 244 // not handle the child's exceptions.  Calling RestoreDefaultExceptionHandler
 245 // in the child after forking will restore the standard exception handler.
 246 // See http://crbug.com/20371/ for more details.
 247 void RestoreDefaultExceptionHandler();
 248 #endif  // defined(OS_MACOSX)
 249
 250 // Creates a LaunchOptions object suitable for launching processes in a test
 251 // binary. This should not be called in production/released code.
 252 BASE_EXPORT LaunchOptions LaunchOptionsForTest();
 253
 254 }  // namespace base
 255
 256 #endif  // BASE_PROCESS_LAUNCH_H_