1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef IPC_IPC_CHANNEL_PROXY_H_
6 #define IPC_IPC_CHANNEL_PROXY_H_
7 
8 #include <stdint.h>
9 
10 #include <map>
11 #include <memory>
12 #include <string>
13 #include <vector>
14 
15 #include "base/callback.h"
16 #include "base/component_export.h"
17 #include "base/memory/ref_counted.h"
18 #include "base/sequence_checker.h"
19 #include "base/synchronization/lock.h"
20 #include "build/build_config.h"
21 #include "ipc/ipc_channel.h"
22 #include "ipc/ipc_channel_handle.h"
23 #include "ipc/ipc_listener.h"
24 #include "ipc/ipc_sender.h"
25 #include "mojo/public/cpp/bindings/associated_interface_ptr.h"
26 #include "mojo/public/cpp/bindings/associated_interface_request.h"
27 #include "mojo/public/cpp/bindings/scoped_interface_endpoint_handle.h"
28 #include "mojo/public/cpp/bindings/thread_safe_interface_ptr.h"
29 
30 namespace base {
31 class SingleThreadTaskRunner;
32 }
33 
34 namespace IPC {
35 
36 class ChannelFactory;
37 class MessageFilter;
38 class MessageFilterRouter;
39 
40 //-----------------------------------------------------------------------------
41 // IPC::ChannelProxy
42 //
43 // This class is a helper class that is useful when you wish to run an IPC
44 // channel on a background thread.  It provides you with the option of either
45 // handling IPC messages on that background thread or having them dispatched to
46 // your main thread (the thread on which the IPC::ChannelProxy is created).
47 //
48 // The API for an IPC::ChannelProxy is very similar to that of an IPC::Channel.
49 // When you send a message to an IPC::ChannelProxy, the message is routed to
50 // the background thread, where it is then passed to the IPC::Channel's Send
51 // method.  This means that you can send a message from your thread and your
52 // message will be sent over the IPC channel when possible instead of being
53 // delayed until your thread returns to its message loop.  (Often IPC messages
54 // will queue up on the IPC::Channel when there is a lot of traffic, and the
55 // channel will not get cycles to flush its message queue until the thread, on
56 // which it is running, returns to its message loop.)
57 //
58 // An IPC::ChannelProxy can have a MessageFilter associated with it, which will
59 // be notified of incoming messages on the IPC::Channel's thread.  This gives
60 // the consumer of IPC::ChannelProxy the ability to respond to incoming
61 // messages on this background thread instead of on their own thread, which may
62 // be bogged down with other processing.  The result can be greatly improved
63 // latency for messages that can be handled on a background thread.
64 //
65 // The consumer of IPC::ChannelProxy is responsible for allocating the Thread
66 // instance where the IPC::Channel will be created and operated.
67 //
68 // Thread-safe send
69 //
70 // If a particular |Channel| implementation has a thread-safe |Send()| operation
71 // then ChannelProxy skips the inter-thread hop and calls |Send()| directly. In
72 // this case the |channel_| variable is touched by multiple threads so
73 // |channel_lifetime_lock_| is used to protect it. The locking overhead is only
74 // paid if the underlying channel supports thread-safe |Send|.
75 //
COMPONENT_EXPORT(IPC)76 class COMPONENT_EXPORT(IPC) ChannelProxy : public Sender {
77  public:
78 #if defined(ENABLE_IPC_FUZZER)
79   // Interface for a filter to be imposed on outgoing messages which can
80   // re-write the message. Used for testing.
81   class OutgoingMessageFilter {
82    public:
83     virtual Message* Rewrite(Message* message) = 0;
84   };
85 #endif
86 
87   // Initializes a channel proxy.  The channel_handle and mode parameters are
88   // passed directly to the underlying IPC::Channel.  The listener is called on
89   // the thread that creates the ChannelProxy.  The filter's OnMessageReceived
90   // method is called on the thread where the IPC::Channel is running.  The
91   // filter may be null if the consumer is not interested in handling messages
92   // on the background thread.  Any message not handled by the filter will be
93   // dispatched to the listener.  The given task runner correspond to a thread
94   // on which IPC::Channel is created and used (e.g. IO thread).
95   static std::unique_ptr<ChannelProxy> Create(
96       const IPC::ChannelHandle& channel_handle,
97       Channel::Mode mode,
98       Listener* listener,
99       const scoped_refptr<base::SingleThreadTaskRunner>& ipc_task_runner,
100       const scoped_refptr<base::SingleThreadTaskRunner>& listener_task_runner);
101 
102   static std::unique_ptr<ChannelProxy> Create(
103       std::unique_ptr<ChannelFactory> factory,
104       Listener* listener,
105       const scoped_refptr<base::SingleThreadTaskRunner>& ipc_task_runner,
106       const scoped_refptr<base::SingleThreadTaskRunner>& listener_task_runner);
107 
108   // Constructs a ChannelProxy without initializing it.
109   ChannelProxy(
110       Listener* listener,
111       const scoped_refptr<base::SingleThreadTaskRunner>& ipc_task_runner,
112       const scoped_refptr<base::SingleThreadTaskRunner>& listener_task_runner);
113 
114   ~ChannelProxy() override;
115 
116   // Initializes the channel proxy. Only call this once to initialize a channel
117   // proxy that was not initialized in its constructor. If |create_pipe_now| is
118   // true, the pipe is created synchronously. Otherwise it's created on the IO
119   // thread.
120   void Init(const IPC::ChannelHandle& channel_handle,
121             Channel::Mode mode,
122             bool create_pipe_now);
123   void Init(std::unique_ptr<ChannelFactory> factory,
124             bool create_pipe_now);
125 
126   // Pause the channel. Subsequent calls to Send() will be internally queued
127   // until Unpause() is called. Queued messages will not be sent until the
128   // channel is flushed.
129   void Pause();
130 
131   // Unpause the channel. If |flush| is true the channel will be flushed as soon
132   // as it's unpaused (see Flush() below.) Otherwise you must explicitly call
133   // Flush() to flush messages which were queued while the channel was paused.
134   void Unpause(bool flush);
135 
136   // Flush the channel. This sends any messages which were queued before calling
137   // Connect. Only useful if Unpause(false) was called previously.
138   void Flush();
139 
140   // Close the IPC::Channel.  This operation completes asynchronously, once the
141   // background thread processes the command to close the channel.  It is ok to
142   // call this method multiple times.  Redundant calls are ignored.
143   //
144   // WARNING: MessageFilter objects held by the ChannelProxy is also
145   // released asynchronously, and it may in fact have its final reference
146   // released on the background thread.  The caller should be careful to deal
147   // with / allow for this possibility.
148   void Close();
149 
150   // Send a message asynchronously.  The message is routed to the background
151   // thread where it is passed to the IPC::Channel's Send method.
152   bool Send(Message* message) override;
153 
154   // Used to intercept messages as they are received on the background thread.
155   //
156   // Ordinarily, messages sent to the ChannelProxy are routed to the matching
157   // listener on the worker thread.  This API allows code to intercept messages
158   // before they are sent to the worker thread.
159   // If you call this before the target process is launched, then you're
160   // guaranteed to not miss any messages.  But if you call this anytime after,
161   // then some messages might be missed since the filter is added internally on
162   // the IO thread.
163   void AddFilter(MessageFilter* filter);
164   void RemoveFilter(MessageFilter* filter);
165 
166   using GenericAssociatedInterfaceFactory =
167       base::Callback<void(mojo::ScopedInterfaceEndpointHandle)>;
168 
169   // Adds a generic associated interface factory to bind incoming interface
170   // requests directly on the IO thread. MUST be called either before Init() or
171   // before the remote end of the Channel is able to send messages (e.g. before
172   // its process is launched.)
173   void AddGenericAssociatedInterfaceForIOThread(
174       const std::string& name,
175       const GenericAssociatedInterfaceFactory& factory);
176 
177   template <typename Interface>
178   using AssociatedInterfaceFactory =
179       base::Callback<void(mojo::AssociatedInterfaceRequest<Interface>)>;
180 
181   // Helper to bind an IO-thread associated interface factory, inferring the
182   // interface name from the callback argument's type. MUST be called before
183   // Init().
184   template <typename Interface>
185   void AddAssociatedInterfaceForIOThread(
186       const AssociatedInterfaceFactory<Interface>& factory) {
187     AddGenericAssociatedInterfaceForIOThread(
188         Interface::Name_,
189         base::Bind(&ChannelProxy::BindAssociatedInterfaceRequest<Interface>,
190                    factory));
191   }
192 
193   // Requests an associated interface from the remote endpoint.
194   void GetGenericRemoteAssociatedInterface(
195       const std::string& name,
196       mojo::ScopedInterfaceEndpointHandle handle);
197 
198   // Template helper to request associated interfaces from the remote endpoint.
199   template <typename Interface>
200   void GetRemoteAssociatedInterface(
201       mojo::AssociatedInterfacePtr<Interface>* proxy) {
202     auto request = mojo::MakeRequest(proxy);
203     GetGenericRemoteAssociatedInterface(Interface::Name_, request.PassHandle());
204   }
205 
206 #if defined(ENABLE_IPC_FUZZER)
207   void set_outgoing_message_filter(OutgoingMessageFilter* filter) {
208     outgoing_message_filter_ = filter;
209   }
210 #endif
211 
212   // Creates a ThreadSafeAssociatedInterfacePtr for |Interface|. This object
213   // may be used to send messages on the interface from any thread and those
214   // messages will remain ordered with respect to other messages sent on the
215   // same thread over other ThreadSafeAssociatedInterfacePtrs associated with
216   // the same Channel.
217   template <typename Interface>
218   void GetThreadSafeRemoteAssociatedInterface(
219       scoped_refptr<mojo::ThreadSafeAssociatedInterfacePtr<Interface>>*
220           out_ptr) {
221     mojo::AssociatedInterfacePtrInfo<Interface> ptr_info;
222     auto request = mojo::MakeRequest(&ptr_info);
223     GetGenericRemoteAssociatedInterface(Interface::Name_, request.PassHandle());
224     *out_ptr = mojo::ThreadSafeAssociatedInterfacePtr<Interface>::Create(
225         std::move(ptr_info), ipc_task_runner());
226   }
227 
228   base::SingleThreadTaskRunner* ipc_task_runner() const {
229     return context_->ipc_task_runner();
230   }
231 
232   const scoped_refptr<base::SingleThreadTaskRunner>& ipc_task_runner_refptr()
233       const {
234     return context_->ipc_task_runner_refptr();
235   }
236 
237   // Called to clear the pointer to the IPC task runner when it's going away.
238   void ClearIPCTaskRunner();
239 
240  protected:
241   class Context;
242   // A subclass uses this constructor if it needs to add more information
243   // to the internal state.
244   explicit ChannelProxy(Context* context);
245 
246   // Used internally to hold state that is referenced on the IPC thread.
247   class Context : public base::RefCountedThreadSafe<Context>,
248                   public Listener {
249    public:
250     Context(Listener* listener,
251             const scoped_refptr<base::SingleThreadTaskRunner>& ipc_task_runner,
252             const scoped_refptr<base::SingleThreadTaskRunner>&
253                 listener_task_runner);
254     void ClearIPCTaskRunner();
255     base::SingleThreadTaskRunner* ipc_task_runner() const {
256       return ipc_task_runner_.get();
257     }
258     const scoped_refptr<base::SingleThreadTaskRunner>& ipc_task_runner_refptr()
259         const {
260       return ipc_task_runner_;
261     }
262 
263     scoped_refptr<base::SingleThreadTaskRunner> listener_task_runner() {
264       return listener_task_runner_;
265     }
266 
267     // Dispatches a message on the listener thread.
268     void OnDispatchMessage(const Message& message);
269 
270     // Sends |message| from appropriate thread.
271     void Send(Message* message);
272 
273    protected:
274     friend class base::RefCountedThreadSafe<Context>;
275     ~Context() override;
276 
277     // IPC::Listener methods:
278     bool OnMessageReceived(const Message& message) override;
279     void OnChannelConnected(int32_t peer_pid) override;
280     void OnChannelError() override;
281     void OnAssociatedInterfaceRequest(
282         const std::string& interface_name,
283         mojo::ScopedInterfaceEndpointHandle handle) override;
284 
285     // Like OnMessageReceived but doesn't try the filters.
286     bool OnMessageReceivedNoFilter(const Message& message);
287 
288     // Gives the filters a chance at processing |message|.
289     // Returns true if the message was processed, false otherwise.
290     bool TryFilters(const Message& message);
291 
292     void PauseChannel();
293     void UnpauseChannel(bool flush);
294     void FlushChannel();
295 
296     // Like Open and Close, but called on the IPC thread.
297     virtual void OnChannelOpened();
298     virtual void OnChannelClosed();
299 
300     // Called on the consumers thread when the ChannelProxy is closed.  At that
301     // point the consumer is telling us that they don't want to receive any
302     // more messages, so we honor that wish by forgetting them!
303     virtual void Clear();
304 
305    private:
306     friend class ChannelProxy;
307     friend class IpcSecurityTestUtil;
308 
309     // Create the Channel
310     void CreateChannel(std::unique_ptr<ChannelFactory> factory);
311 
312     // Methods called on the IO thread.
313     void OnSendMessage(std::unique_ptr<Message> message_ptr);
314     void OnAddFilter();
315     void OnRemoveFilter(MessageFilter* filter);
316 
317     // Methods called on the listener thread.
318     void AddFilter(MessageFilter* filter);
319     void OnDispatchConnected();
320     void OnDispatchError();
321     void OnDispatchBadMessage(const Message& message);
322     void OnDispatchAssociatedInterfaceRequest(
323         const std::string& interface_name,
324         mojo::ScopedInterfaceEndpointHandle handle);
325 
326     void ClearChannel();
327 
328     mojom::Channel& thread_safe_channel() {
329       return thread_safe_channel_->proxy();
330     }
331 
332     void AddGenericAssociatedInterfaceForIOThread(
333         const std::string& name,
334         const GenericAssociatedInterfaceFactory& factory);
335 
336     scoped_refptr<base::SingleThreadTaskRunner> listener_task_runner_;
337     Listener* listener_;
338 
339     // List of filters.  This is only accessed on the IPC thread.
340     std::vector<scoped_refptr<MessageFilter> > filters_;
341     scoped_refptr<base::SingleThreadTaskRunner> ipc_task_runner_;
342 
343     // Note, channel_ may be set on the Listener thread or the IPC thread.
344     // But once it has been set, it must only be read or cleared on the IPC
345     // thread.
346     // One exception is the thread-safe send. See the class comment.
347     std::unique_ptr<Channel> channel_;
348     bool channel_connected_called_;
349 
350     // Lock for |channel_| value. This is only relevant in the context of
351     // thread-safe send.
352     base::Lock channel_lifetime_lock_;
353 
354     // Routes a given message to a proper subset of |filters_|, depending
355     // on which message classes a filter might support.
356     std::unique_ptr<MessageFilterRouter> message_filter_router_;
357 
358     // Holds filters between the AddFilter call on the listerner thread and the
359     // IPC thread when they're added to filters_.
360     std::vector<scoped_refptr<MessageFilter> > pending_filters_;
361     // Lock for pending_filters_.
362     base::Lock pending_filters_lock_;
363 
364     // Cached copy of the peer process ID. Set on IPC but read on both IPC and
365     // listener threads.
366     base::ProcessId peer_pid_;
367     base::Lock peer_pid_lock_;
368 
369     // A thread-safe mojom::Channel interface we use to make remote interface
370     // requests from the proxy thread.
371     std::unique_ptr<mojo::ThreadSafeForwarder<mojom::Channel>>
372         thread_safe_channel_;
373 
374     // Holds associated interface binders added by
375     // AddGenericAssociatedInterfaceForIOThread until the underlying channel has
376     // been initialized.
377     base::Lock pending_io_thread_interfaces_lock_;
378     std::vector<std::pair<std::string, GenericAssociatedInterfaceFactory>>
379         pending_io_thread_interfaces_;
380   };
381 
382   Context* context() { return context_.get(); }
383 
384 #if defined(ENABLE_IPC_FUZZER)
385   OutgoingMessageFilter* outgoing_message_filter() const {
386     return outgoing_message_filter_;
387   }
388 #endif
389 
390   bool did_init() const { return did_init_; }
391 
392   // A Send() which doesn't DCHECK if the message is synchronous.
393   void SendInternal(Message* message);
394 
395  private:
396   friend class IpcSecurityTestUtil;
397 
398   template <typename Interface>
399   static void BindAssociatedInterfaceRequest(
400       const AssociatedInterfaceFactory<Interface>& factory,
401       mojo::ScopedInterfaceEndpointHandle handle) {
402     factory.Run(mojo::AssociatedInterfaceRequest<Interface>(std::move(handle)));
403   }
404 
405   // Always called once immediately after Init.
406   virtual void OnChannelInit();
407 
408   // By maintaining this indirection (ref-counted) to our internal state, we
409   // can safely be destroyed while the background thread continues to do stuff
410   // that involves this data.
411   scoped_refptr<Context> context_;
412 
413   // Whether the channel has been initialized.
414   bool did_init_;
415 
416 #if defined(ENABLE_IPC_FUZZER)
417   OutgoingMessageFilter* outgoing_message_filter_;
418 #endif
419 
420   SEQUENCE_CHECKER(sequence_checker_);
421 };
422 
423 }  // namespace IPC
424 
425 #endif  // IPC_IPC_CHANNEL_PROXY_H_
426