-
Ken Rockot authored
Mojo passes around base::ProcessHandle values for various reasons. On most systems this is fine, but at least on Windows, a ProcessHandle refers to an owned reference to a system process object, and if not careful it's possible for a base::ProcessHandle value to inadvertently change meaning over time. This CL introduces the concept of a move-only ScopedProcessHandle within Mojo, which on most platforms is just a base::PlatformHandle. On Windows, this represents an owned base::ProcessHandle which closes on destruction and clones correctly using DuplicateHandle rather than merely copying the raw handle value. ScopedProcessHandle is used in a few places where process handle ownership semantics were previously weaker than necessary, or were correct but implemented ad hoc. This also updates ScopedPlatformHandle (and supporting code like Channel::RewriteHandles) such that the |owning_process| field (if not the current process) is always an owned process handle. This ensures that when such handles are closed in unsent messages, they can be safely closed in the target process (from within the source process) without any risk of raciness against target process termination. Bug: 837612 Change-Id: I943bb5f70ede56351d52b2ecea7d76fcfdee46ce Reviewed-on: https://chromium-review.googlesource.com/1036459Reviewed-by:
Jay Civelli <jcivelli@chromium.org> Commit-Queue: Ken Rockot <rockot@chromium.org> Cr-Commit-Position: refs/heads/master@{#555117}
27c99670
