Home | History | Annotate | Download | only in mac
      1 // Copyright 2012 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "chrome/browser/mac/relauncher.h"
      6 
      7 #include <ApplicationServices/ApplicationServices.h>
      8 #include <AvailabilityMacros.h>
      9 #include <crt_externs.h>
     10 #include <dlfcn.h>
     11 #include <string.h>
     12 #include <sys/event.h>
     13 #include <sys/time.h>
     14 #include <sys/types.h>
     15 #include <unistd.h>
     16 
     17 #include <string>
     18 #include <vector>
     19 
     20 #include "base/basictypes.h"
     21 #include "base/files/file_util.h"
     22 #include "base/files/scoped_file.h"
     23 #include "base/logging.h"
     24 #include "base/mac/mac_logging.h"
     25 #include "base/mac/mac_util.h"
     26 #include "base/mac/scoped_cftyperef.h"
     27 #include "base/path_service.h"
     28 #include "base/posix/eintr_wrapper.h"
     29 #include "base/process/launch.h"
     30 #include "base/strings/stringprintf.h"
     31 #include "base/strings/sys_string_conversions.h"
     32 #include "chrome/browser/mac/install_from_dmg.h"
     33 #include "chrome/common/chrome_switches.h"
     34 #include "content/public/common/content_paths.h"
     35 #include "content/public/common/content_switches.h"
     36 #include "content/public/common/main_function_params.h"
     37 
     38 namespace mac_relauncher {
     39 
     40 const char* const kRelauncherDMGDeviceArg = "--dmg-device=";
     41 
     42 namespace {
     43 
     44 // The "magic" file descriptor that the relauncher process' write side of the
     45 // pipe shows up on. Chosen to avoid conflicting with stdin, stdout, and
     46 // stderr.
     47 const int kRelauncherSyncFD = STDERR_FILENO + 1;
     48 
     49 // The argument separating arguments intended for the relauncher process from
     50 // those intended for the relaunched process. "---" is chosen instead of "--"
     51 // because CommandLine interprets "--" as meaning "end of switches", but
     52 // for many purposes, the relauncher process' CommandLine ought to interpret
     53 // arguments intended for the relaunched process, to get the correct settings
     54 // for such things as logging and the user-data-dir in case it affects crash
     55 // reporting.
     56 const char kRelauncherArgSeparator[] = "---";
     57 
     58 // When this argument is supplied to the relauncher process, it will launch
     59 // the relaunched process without bringing it to the foreground.
     60 const char kRelauncherBackgroundArg[] = "--background";
     61 
     62 // The beginning of the "process serial number" argument that Launch Services
     63 // sometimes inserts into command lines. A process serial number is only valid
     64 // for a single process, so any PSN arguments will be stripped from command
     65 // lines during relaunch to avoid confusion.
     66 const char kPSNArg[] = "-psn_";
     67 
     68 // Returns the "type" argument identifying a relauncher process
     69 // ("--type=relauncher").
     70 std::string RelauncherTypeArg() {
     71   return base::StringPrintf("--%s=%s",
     72                             switches::kProcessType,
     73                             switches::kRelauncherProcess);
     74 }
     75 
     76 }  // namespace
     77 
     78 bool RelaunchApp(const std::vector<std::string>& args) {
     79   // Use the currently-running application's helper process. The automatic
     80   // update feature is careful to leave the currently-running version alone,
     81   // so this is safe even if the relaunch is the result of an update having
     82   // been applied. In fact, it's safer than using the updated version of the
     83   // helper process, because there's no guarantee that the updated version's
     84   // relauncher implementation will be compatible with the running version's.
     85   base::FilePath child_path;
     86   if (!PathService::Get(content::CHILD_PROCESS_EXE, &child_path)) {
     87     LOG(ERROR) << "No CHILD_PROCESS_EXE";
     88     return false;
     89   }
     90 
     91   std::vector<std::string> relauncher_args;
     92   return RelaunchAppWithHelper(child_path.value(), relauncher_args, args);
     93 }
     94 
     95 bool RelaunchAppWithHelper(const std::string& helper,
     96                            const std::vector<std::string>& relauncher_args,
     97                            const std::vector<std::string>& args) {
     98   std::vector<std::string> relaunch_args;
     99   relaunch_args.push_back(helper);
    100   relaunch_args.push_back(RelauncherTypeArg());
    101 
    102   // If this application isn't in the foreground, the relaunched one shouldn't
    103   // be either.
    104   if (!base::mac::AmIForeground()) {
    105     relaunch_args.push_back(kRelauncherBackgroundArg);
    106   }
    107 
    108   relaunch_args.insert(relaunch_args.end(),
    109                        relauncher_args.begin(), relauncher_args.end());
    110 
    111   relaunch_args.push_back(kRelauncherArgSeparator);
    112 
    113   // When using the CommandLine interface, -psn_ may have been rewritten as
    114   // --psn_. Look for both.
    115   const char alt_psn_arg[] = "--psn_";
    116   for (size_t index = 0; index < args.size(); ++index) {
    117     // Strip any -psn_ arguments, as they apply to a specific process.
    118     if (args[index].compare(0, strlen(kPSNArg), kPSNArg) != 0 &&
    119         args[index].compare(0, strlen(alt_psn_arg), alt_psn_arg) != 0) {
    120       relaunch_args.push_back(args[index]);
    121     }
    122   }
    123 
    124   int pipe_fds[2];
    125   if (HANDLE_EINTR(pipe(pipe_fds)) != 0) {
    126     PLOG(ERROR) << "pipe";
    127     return false;
    128   }
    129 
    130   // The parent process will only use pipe_read_fd as the read side of the
    131   // pipe. It can close the write side as soon as the relauncher process has
    132   // forked off. The relauncher process will only use pipe_write_fd as the
    133   // write side of the pipe. In that process, the read side will be closed by
    134   // base::LaunchApp because it won't be present in fd_map, and the write side
    135   // will be remapped to kRelauncherSyncFD by fd_map.
    136   base::ScopedFD pipe_read_fd(pipe_fds[0]);
    137   base::ScopedFD pipe_write_fd(pipe_fds[1]);
    138 
    139   // Make sure kRelauncherSyncFD is a safe value. base::LaunchProcess will
    140   // preserve these three FDs in forked processes, so kRelauncherSyncFD should
    141   // not conflict with them.
    142   COMPILE_ASSERT(kRelauncherSyncFD != STDIN_FILENO &&
    143                  kRelauncherSyncFD != STDOUT_FILENO &&
    144                  kRelauncherSyncFD != STDERR_FILENO,
    145                  kRelauncherSyncFD_must_not_conflict_with_stdio_fds);
    146 
    147   base::FileHandleMappingVector fd_map;
    148   fd_map.push_back(std::make_pair(pipe_write_fd.get(), kRelauncherSyncFD));
    149 
    150   base::LaunchOptions options;
    151   options.fds_to_remap = &fd_map;
    152   if (!base::LaunchProcess(relaunch_args, options, NULL)) {
    153     LOG(ERROR) << "base::LaunchProcess failed";
    154     return false;
    155   }
    156 
    157   // The relauncher process is now starting up, or has started up. The
    158   // original parent process continues.
    159 
    160   pipe_write_fd.reset();  // close(pipe_fds[1]);
    161 
    162   // Synchronize with the relauncher process.
    163   char read_char;
    164   int read_result = HANDLE_EINTR(read(pipe_read_fd.get(), &read_char, 1));
    165   if (read_result != 1) {
    166     if (read_result < 0) {
    167       PLOG(ERROR) << "read";
    168     } else {
    169       LOG(ERROR) << "read: unexpected result " << read_result;
    170     }
    171     return false;
    172   }
    173 
    174   // Since a byte has been successfully read from the relauncher process, it's
    175   // guaranteed to have set up its kqueue monitoring this process for exit.
    176   // It's safe to exit now.
    177   return true;
    178 }
    179 
    180 namespace {
    181 
    182 // In the relauncher process, performs the necessary synchronization steps
    183 // with the parent by setting up a kqueue to watch for it to exit, writing a
    184 // byte to the pipe, and then waiting for the exit notification on the kqueue.
    185 // If anything fails, this logs a message and returns immediately. In those
    186 // situations, it can be assumed that something went wrong with the parent
    187 // process and the best recovery approach is to attempt relaunch anyway.
    188 void RelauncherSynchronizeWithParent() {
    189   base::ScopedFD relauncher_sync_fd(kRelauncherSyncFD);
    190 
    191   int parent_pid = getppid();
    192 
    193   // PID 1 identifies init. launchd, that is. launchd never starts the
    194   // relauncher process directly, having this parent_pid means that the parent
    195   // already exited and launchd "inherited" the relauncher as its child.
    196   // There's no reason to synchronize with launchd.
    197   if (parent_pid == 1) {
    198     LOG(ERROR) << "unexpected parent_pid";
    199     return;
    200   }
    201 
    202   // Set up a kqueue to monitor the parent process for exit.
    203   base::ScopedFD kq(kqueue());
    204   if (!kq.is_valid()) {
    205     PLOG(ERROR) << "kqueue";
    206     return;
    207   }
    208 
    209   struct kevent change = { 0 };
    210   EV_SET(&change, parent_pid, EVFILT_PROC, EV_ADD, NOTE_EXIT, 0, NULL);
    211   if (kevent(kq.get(), &change, 1, NULL, 0, NULL) == -1) {
    212     PLOG(ERROR) << "kevent (add)";
    213     return;
    214   }
    215 
    216   // Write a '\0' character to the pipe.
    217   if (HANDLE_EINTR(write(relauncher_sync_fd.get(), "", 1)) != 1) {
    218     PLOG(ERROR) << "write";
    219     return;
    220   }
    221 
    222   // Up until now, the parent process was blocked in a read waiting for the
    223   // write above to complete. The parent process is now free to exit. Wait for
    224   // that to happen.
    225   struct kevent event;
    226   int events = kevent(kq.get(), NULL, 0, &event, 1, NULL);
    227   if (events != 1) {
    228     if (events < 0) {
    229       PLOG(ERROR) << "kevent (monitor)";
    230     } else {
    231       LOG(ERROR) << "kevent (monitor): unexpected result " << events;
    232     }
    233     return;
    234   }
    235 
    236   if (event.filter != EVFILT_PROC ||
    237       event.fflags != NOTE_EXIT ||
    238       event.ident != static_cast<uintptr_t>(parent_pid)) {
    239     LOG(ERROR) << "kevent (monitor): unexpected event, filter " << event.filter
    240                << ", fflags " << event.fflags << ", ident " << event.ident;
    241     return;
    242   }
    243 }
    244 
    245 }  // namespace
    246 
    247 namespace internal {
    248 
    249 int RelauncherMain(const content::MainFunctionParams& main_parameters) {
    250   // CommandLine rearranges the order of the arguments returned by
    251   // main_parameters.argv(), rendering it impossible to determine which
    252   // arguments originally came before kRelauncherArgSeparator and which came
    253   // after. It's crucial to distinguish between these because only those
    254   // after the separator should be given to the relaunched process; it's also
    255   // important to not treat the path to the relaunched process as a "loose"
    256   // argument. NXArgc and NXArgv are pointers to the original argc and argv as
    257   // passed to main(), so use those. Access them through _NSGetArgc and
    258   // _NSGetArgv because NXArgc and NXArgv are normally only available to a
    259   // main executable via crt1.o and this code will run from a dylib, and
    260   // because of http://crbug.com/139902.
    261   const int* argcp = _NSGetArgc();
    262   if (!argcp) {
    263     NOTREACHED();
    264     return 1;
    265   }
    266   int argc = *argcp;
    267 
    268   const char* const* const* argvp = _NSGetArgv();
    269   if (!argvp) {
    270     NOTREACHED();
    271     return 1;
    272   }
    273   const char* const* argv = *argvp;
    274 
    275   if (argc < 4 || RelauncherTypeArg() != argv[1]) {
    276     LOG(ERROR) << "relauncher process invoked with unexpected arguments";
    277     return 1;
    278   }
    279 
    280   RelauncherSynchronizeWithParent();
    281 
    282   // The capacity for relaunch_args is 4 less than argc, because it
    283   // won't contain the argv[0] of the relauncher process, the
    284   // RelauncherTypeArg() at argv[1], kRelauncherArgSeparator, or the
    285   // executable path of the process to be launched.
    286   base::ScopedCFTypeRef<CFMutableArrayRef> relaunch_args(
    287       CFArrayCreateMutable(NULL, argc - 4, &kCFTypeArrayCallBacks));
    288   if (!relaunch_args) {
    289     LOG(ERROR) << "CFArrayCreateMutable";
    290     return 1;
    291   }
    292 
    293   // Figure out what to execute, what arguments to pass it, and whether to
    294   // start it in the background.
    295   bool background = false;
    296   bool in_relaunch_args = false;
    297   std::string dmg_bsd_device_name;
    298   bool seen_relaunch_executable = false;
    299   std::string relaunch_executable;
    300   const std::string relauncher_arg_separator(kRelauncherArgSeparator);
    301   for (int argv_index = 2; argv_index < argc; ++argv_index) {
    302     const std::string arg(argv[argv_index]);
    303 
    304     // Strip any -psn_ arguments, as they apply to a specific process.
    305     if (arg.compare(0, strlen(kPSNArg), kPSNArg) == 0) {
    306       continue;
    307     }
    308 
    309     if (!in_relaunch_args) {
    310       if (arg == relauncher_arg_separator) {
    311         in_relaunch_args = true;
    312       } else if (arg == kRelauncherBackgroundArg) {
    313         background = true;
    314       } else if (arg.compare(0, strlen(kRelauncherDMGDeviceArg),
    315                              kRelauncherDMGDeviceArg) == 0) {
    316         dmg_bsd_device_name.assign(arg.substr(strlen(kRelauncherDMGDeviceArg)));
    317       }
    318     } else {
    319       if (!seen_relaunch_executable) {
    320         // The first argument after kRelauncherBackgroundArg is the path to
    321         // the executable file or .app bundle directory. The Launch Services
    322         // interface wants this separate from the rest of the arguments. In
    323         // the relaunched process, this path will still be visible at argv[0].
    324         relaunch_executable.assign(arg);
    325         seen_relaunch_executable = true;
    326       } else {
    327         base::ScopedCFTypeRef<CFStringRef> arg_cf(
    328             base::SysUTF8ToCFStringRef(arg));
    329         if (!arg_cf) {
    330           LOG(ERROR) << "base::SysUTF8ToCFStringRef failed for " << arg;
    331           return 1;
    332         }
    333         CFArrayAppendValue(relaunch_args, arg_cf);
    334       }
    335     }
    336   }
    337 
    338   if (!seen_relaunch_executable) {
    339     LOG(ERROR) << "nothing to relaunch";
    340     return 1;
    341   }
    342 
    343   FSRef app_fsref;
    344   if (!base::mac::FSRefFromPath(relaunch_executable, &app_fsref)) {
    345     LOG(ERROR) << "base::mac::FSRefFromPath failed for " << relaunch_executable;
    346     return 1;
    347   }
    348 
    349   LSApplicationParameters ls_parameters = {
    350     0,  // version
    351     kLSLaunchDefaults | kLSLaunchAndDisplayErrors | kLSLaunchNewInstance |
    352         (background ? kLSLaunchDontSwitch : 0),
    353     &app_fsref,
    354     NULL,  // asyncLaunchRefCon
    355     NULL,  // environment
    356     relaunch_args,
    357     NULL   // initialEvent
    358   };
    359 
    360   OSStatus status = LSOpenApplication(&ls_parameters, NULL);
    361   if (status != noErr) {
    362     OSSTATUS_LOG(ERROR, status) << "LSOpenApplication";
    363     return 1;
    364   }
    365 
    366   // The application should have relaunched (or is in the process of
    367   // relaunching). From this point on, only clean-up tasks should occur, and
    368   // failures are tolerable.
    369 
    370   if (!dmg_bsd_device_name.empty()) {
    371     EjectAndTrashDiskImage(dmg_bsd_device_name);
    372   }
    373 
    374   return 0;
    375 }
    376 
    377 }  // namespace internal
    378 
    379 }  // namespace mac_relauncher
    380