1 // Copyright 2016 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "base/mac/mach_port_util.h" 6 7 #include "base/logging.h" 8 9 namespace base { 10 11 namespace { 12 13 // Struct for sending a complex Mach message. 14 struct MachSendComplexMessage { 15 mach_msg_header_t header; 16 mach_msg_body_t body; 17 mach_msg_port_descriptor_t data; 18 }; 19 20 // Struct for receiving a complex message. 21 struct MachReceiveComplexMessage { 22 mach_msg_header_t header; 23 mach_msg_body_t body; 24 mach_msg_port_descriptor_t data; 25 mach_msg_trailer_t trailer; 26 }; 27 28 } // namespace 29 30 kern_return_t SendMachPort(mach_port_t endpoint, 31 mach_port_t port_to_send, 32 int disposition) { 33 MachSendComplexMessage send_msg; 34 send_msg.header.msgh_bits = 35 MACH_MSGH_BITS(MACH_MSG_TYPE_MOVE_SEND_ONCE, 0) | MACH_MSGH_BITS_COMPLEX; 36 send_msg.header.msgh_size = sizeof(send_msg); 37 send_msg.header.msgh_remote_port = endpoint; 38 send_msg.header.msgh_local_port = MACH_PORT_NULL; 39 send_msg.header.msgh_reserved = 0; 40 send_msg.header.msgh_id = 0; 41 send_msg.body.msgh_descriptor_count = 1; 42 send_msg.data.name = port_to_send; 43 send_msg.data.disposition = disposition; 44 send_msg.data.type = MACH_MSG_PORT_DESCRIPTOR; 45 46 kern_return_t kr = 47 mach_msg(&send_msg.header, MACH_SEND_MSG | MACH_SEND_TIMEOUT, 48 send_msg.header.msgh_size, 49 0, // receive limit 50 MACH_PORT_NULL, // receive name 51 0, // timeout 52 MACH_PORT_NULL); // notification port 53 54 if (kr != KERN_SUCCESS) 55 mach_port_deallocate(mach_task_self(), endpoint); 56 57 return kr; 58 } 59 60 base::mac::ScopedMachSendRight ReceiveMachPort(mach_port_t port_to_listen_on) { 61 MachReceiveComplexMessage recv_msg; 62 mach_msg_header_t* recv_hdr = &recv_msg.header; 63 recv_hdr->msgh_local_port = port_to_listen_on; 64 recv_hdr->msgh_size = sizeof(recv_msg); 65 66 kern_return_t kr = 67 mach_msg(recv_hdr, MACH_RCV_MSG | MACH_RCV_TIMEOUT, 0, 68 recv_hdr->msgh_size, port_to_listen_on, 0, MACH_PORT_NULL); 69 if (kr != KERN_SUCCESS) 70 return base::mac::ScopedMachSendRight(MACH_PORT_NULL); 71 if (recv_msg.header.msgh_id != 0) 72 return base::mac::ScopedMachSendRight(MACH_PORT_NULL); 73 return base::mac::ScopedMachSendRight(recv_msg.data.name); 74 } 75 76 mach_port_name_t CreateIntermediateMachPort( 77 mach_port_t task_port, 78 base::mac::ScopedMachSendRight port_to_insert, 79 MachCreateError* error_code) { 80 DCHECK_NE(mach_task_self(), task_port); 81 DCHECK_NE(static_cast<mach_port_name_t>(MACH_PORT_NULL), task_port); 82 83 // Make a port with receive rights in the destination task. 84 mach_port_name_t endpoint; 85 kern_return_t kr = 86 mach_port_allocate(task_port, MACH_PORT_RIGHT_RECEIVE, &endpoint); 87 if (kr != KERN_SUCCESS) { 88 if (error_code) 89 *error_code = MachCreateError::ERROR_MAKE_RECEIVE_PORT; 90 return MACH_PORT_NULL; 91 } 92 93 // Change its message queue limit so that it accepts one message. 94 mach_port_limits limits = {}; 95 limits.mpl_qlimit = 1; 96 kr = mach_port_set_attributes(task_port, endpoint, MACH_PORT_LIMITS_INFO, 97 reinterpret_cast<mach_port_info_t>(&limits), 98 MACH_PORT_LIMITS_INFO_COUNT); 99 if (kr != KERN_SUCCESS) { 100 if (error_code) 101 *error_code = MachCreateError::ERROR_SET_ATTRIBUTES; 102 mach_port_deallocate(task_port, endpoint); 103 return MACH_PORT_NULL; 104 } 105 106 // Get a send right. 107 mach_port_t send_once_right; 108 mach_msg_type_name_t send_right_type; 109 kr = 110 mach_port_extract_right(task_port, endpoint, MACH_MSG_TYPE_MAKE_SEND_ONCE, 111 &send_once_right, &send_right_type); 112 if (kr != KERN_SUCCESS) { 113 if (error_code) 114 *error_code = MachCreateError::ERROR_EXTRACT_DEST_RIGHT; 115 mach_port_deallocate(task_port, endpoint); 116 return MACH_PORT_NULL; 117 } 118 DCHECK_EQ(static_cast<mach_msg_type_name_t>(MACH_MSG_TYPE_PORT_SEND_ONCE), 119 send_right_type); 120 121 // This call takes ownership of |send_once_right|. 122 kr = base::SendMachPort( 123 send_once_right, port_to_insert.get(), MACH_MSG_TYPE_COPY_SEND); 124 if (kr != KERN_SUCCESS) { 125 if (error_code) 126 *error_code = MachCreateError::ERROR_SEND_MACH_PORT; 127 mach_port_deallocate(task_port, endpoint); 128 return MACH_PORT_NULL; 129 } 130 131 // Endpoint is intentionally leaked into the destination task. An IPC must be 132 // sent to the destination task so that it can clean up this port. 133 return endpoint; 134 } 135 136 } // namespace base 137