Supervised user import: Listen for profile creation/deletion
[chromium-blink-merge.git] / chromeos / network / firewall_hole.cc
blob3ad3463fbd5c4e733ec7a90084f5e6248172392a
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "chromeos/network/firewall_hole.h"
7 #include <fcntl.h>
8 #include <unistd.h>
10 #include "base/bind.h"
11 #include "base/location.h"
12 #include "base/threading/worker_pool.h"
13 #include "chromeos/dbus/dbus_thread_manager.h"
14 #include "chromeos/dbus/permission_broker_client.h"
15 #include "dbus/file_descriptor.h"
17 namespace chromeos {
19 namespace {
21 // Creates a pair of file descriptors that form a "lifeline" between Chrome and
22 // firewalld. If this pipe is closed unexpectedly (i.e. Chrome crashes) then
23 // firewalld will notice and close the hole in the firewall.
24 void CreateValidLifeline(dbus::FileDescriptor* lifeline_local,
25 dbus::FileDescriptor* lifeline_remote) {
26 int lifeline[2] = {-1, -1};
27 if (pipe2(lifeline, O_CLOEXEC) < 0) {
28 PLOG(ERROR) << "Failed to create a lifeline pipe";
29 return;
32 lifeline_local->PutValue(lifeline[0]);
33 lifeline_local->CheckValidity();
35 lifeline_remote->PutValue(lifeline[1]);
36 lifeline_remote->CheckValidity();
39 const char* PortTypeToString(FirewallHole::PortType type) {
40 switch (type) {
41 case FirewallHole::PortType::TCP:
42 return "TCP";
43 case FirewallHole::PortType::UDP:
44 return "UDP";
46 NOTREACHED();
47 return nullptr;
50 void PortReleased(FirewallHole::PortType type,
51 uint16_t port,
52 const std::string& interface,
53 dbus::ScopedFileDescriptor lifeline_fd,
54 bool success) {
55 if (!success) {
56 LOG(WARNING) << "Failed to release firewall hole for "
57 << PortTypeToString(type) << " port " << port << " on "
58 << interface << ".";
62 } // namespace
64 // static
65 void FirewallHole::Open(PortType type,
66 uint16_t port,
67 const std::string& interface,
68 const OpenCallback& callback) {
69 dbus::ScopedFileDescriptor lifeline_local(new dbus::FileDescriptor());
70 dbus::ScopedFileDescriptor lifeline_remote(new dbus::FileDescriptor());
72 // This closure shares pointers with the one below. PostTaskAndReply
73 // guarantees that it will always be deleted first.
74 base::Closure create_lifeline_closure = base::Bind(
75 &CreateValidLifeline, lifeline_local.get(), lifeline_remote.get());
77 base::WorkerPool::PostTaskAndReply(
78 FROM_HERE, create_lifeline_closure,
79 base::Bind(&FirewallHole::RequestPortAccess, type, port, interface,
80 base::Passed(&lifeline_local), base::Passed(&lifeline_remote),
81 callback),
82 false);
85 FirewallHole::~FirewallHole() {
86 base::Callback<void(bool)> port_released_closure = base::Bind(
87 &PortReleased, type_, port_, interface_, base::Passed(&lifeline_fd_));
89 PermissionBrokerClient* client =
90 DBusThreadManager::Get()->GetPermissionBrokerClient();
91 DCHECK(client) << "Could not get permission broker client.";
92 switch (type_) {
93 case PortType::TCP:
94 client->ReleaseTcpPort(port_, interface_, port_released_closure);
95 return;
96 case PortType::UDP:
97 client->ReleaseUdpPort(port_, interface_, port_released_closure);
98 return;
102 void FirewallHole::RequestPortAccess(PortType type,
103 uint16_t port,
104 const std::string& interface,
105 dbus::ScopedFileDescriptor lifeline_local,
106 dbus::ScopedFileDescriptor lifeline_remote,
107 const OpenCallback& callback) {
108 if (!lifeline_local->is_valid() || !lifeline_remote->is_valid()) {
109 callback.Run(nullptr);
110 return;
113 base::Callback<void(bool)> access_granted_closure =
114 base::Bind(&FirewallHole::PortAccessGranted, type, port, interface,
115 base::Passed(&lifeline_local), callback);
117 PermissionBrokerClient* client =
118 DBusThreadManager::Get()->GetPermissionBrokerClient();
119 DCHECK(client) << "Could not get permission broker client.";
121 switch (type) {
122 case PortType::TCP:
123 client->RequestTcpPortAccess(port, interface, *lifeline_remote,
124 access_granted_closure);
125 return;
126 case PortType::UDP:
127 client->RequestUdpPortAccess(port, interface, *lifeline_remote,
128 access_granted_closure);
129 return;
133 void FirewallHole::PortAccessGranted(PortType type,
134 uint16_t port,
135 const std::string& interface,
136 dbus::ScopedFileDescriptor lifeline_fd,
137 const FirewallHole::OpenCallback& callback,
138 bool success) {
139 if (success) {
140 callback.Run(make_scoped_ptr(
141 new FirewallHole(type, port, interface, lifeline_fd.Pass())));
142 } else {
143 callback.Run(nullptr);
147 FirewallHole::FirewallHole(PortType type,
148 uint16_t port,
149 const std::string& interface,
150 dbus::ScopedFileDescriptor lifeline_fd)
151 : type_(type),
152 port_(port),
153 interface_(interface),
154 lifeline_fd_(lifeline_fd.Pass()) {
157 } // namespace chromeos