[mojo] refactor shmem utilities to hide implementation details.

Code should just use the //base abstractions directly. Update the API to just expose a way to install the Mojo hooks. Fixed: 876525 Change-Id: Ic90adb8eae9ee065977e81c7ec7ccf330a12c93b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2102635 Commit-Queue: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Ken Rockot <rockot@google.com> Cr-Commit-Position: refs/heads/master@{#755187}

[mojo] refactor shmem utilities to hide implementation details.
Code should just use the //base abstractions directly. Update the API to just expose a way to install the Mojo hooks. Fixed: 876525 Change-Id: Ic90adb8eae9ee065977e81c7ec7ccf330a12c93b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2102635 Commit-Queue: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Ken Rockot <rockot@google.com> Cr-Commit-Position: refs/heads/master@{#755187}
0d486ae8 · Daniel Cheng · Commit Bot · daa07449 · 0d486ae8 · 0d486ae8
Commit 0d486ae8 authored Apr 01, 2020 by Daniel Cheng Committed by Commit Bot Apr 01, 2020
7 changed files
--- a/base/memory/read_only_shared_memory_region.h
+++ b/base/memory/read_only_shared_memory_region.h
@@ -32,12 +32,6 @@ class BASE_EXPORT ReadOnlySharedMemoryRegion {
  // This means that the caller's process is the only process that can modify
  // the region content. If you need to pass write access to another process,
  // consider using WritableSharedMemoryRegion or UnsafeSharedMemoryRegion.
-  //
-  // This call will fail if the process does not have sufficient permissions to
-  // create a shared memory region itself. See
-  // mojo::CreateReadOnlySharedMemoryRegion in
-  // mojo/public/cpp/base/shared_memory_utils.h for creating a shared memory
-  // region from a an unprivileged process where a broker must be used.
  static MappedReadOnlyRegion Create(size_t size);
  using CreateFunction = decltype(Create);


--- a/base/memory/shared_memory_hooks.h
+++ b/base/memory/shared_memory_hooks.h
@@ -16,10 +16,11 @@ struct MainFunctionParams;
 }  // namespace content
 int CloudPrintServiceProcessMain(const content::MainFunctionParams& parameters);

-namespace service_manager {
-struct MainParams;
-int Main(const MainParams&);
-}  // namespace service_manager
+namespace mojo {
+
+class SharedMemoryUtils;
+
+}  // namespace mojo

 namespace base {

@@ -31,7 +32,7 @@ class SharedMemoryHooks {
  friend class SharedMemoryHooksTest;
  friend int ::CloudPrintServiceProcessMain(
      const content::MainFunctionParams& parameters);
-  friend int service_manager::Main(const service_manager::MainParams&);
+  friend mojo::SharedMemoryUtils;

  // Allows shared memory region creation to be hooked. Useful for sandboxed
  // processes that are restricted from invoking the platform APIs directly.

--- a/base/memory/unsafe_shared_memory_region.h
+++ b/base/memory/unsafe_shared_memory_region.h
@@ -31,12 +31,6 @@ class BASE_EXPORT UnsafeSharedMemoryRegion {
  using MappingType = WritableSharedMemoryMapping;
  // Creates a new UnsafeSharedMemoryRegion instance of a given size that can be
  // used for mapping writable shared memory into the virtual address space.
-  //
-  // This call will fail if the process does not have sufficient permissions to
-  // create a shared memory region itself. See
-  // mojo::CreateUnsafeSharedMemoryRegion in
-  // mojo/public/cpp/base/shared_memory_utils.h for creating a shared memory
-  // region from a an unprivileged process where a broker must be used.
  static UnsafeSharedMemoryRegion Create(size_t size);
  using CreateFunction = decltype(Create);


--- a/base/memory/writable_shared_memory_region.h
+++ b/base/memory/writable_shared_memory_region.h
@@ -33,12 +33,6 @@ class BASE_EXPORT WritableSharedMemoryRegion {
  // Creates a new WritableSharedMemoryRegion instance of a given
  // size that can be used for mapping writable shared memory into the virtual
  // address space.
-  //
-  // This call will fail if the process does not have sufficient permissions to
-  // create a shared memory region itself. See
-  // mojo::CreateWritableSharedMemoryRegion in
-  // mojo/public/cpp/base/shared_memory_utils.h for creating a shared memory
-  // region from a an unprivileged process where a broker must be used.
  static WritableSharedMemoryRegion Create(size_t size);
  using CreateFunction = decltype(Create);


--- a/mojo/public/cpp/base/shared_memory_utils.cc
+++ b/mojo/public/cpp/base/shared_memory_utils.cc
@@ -4,12 +4,27 @@

 #include "mojo/public/cpp/base/shared_memory_utils.h"

+#include "base/memory/read_only_shared_memory_region.h"
+#include "base/memory/shared_memory_hooks.h"
 #include "base/memory/shared_memory_mapping.h"
+#include "base/memory/unsafe_shared_memory_region.h"
+#include "base/memory/writable_shared_memory_region.h"
 #include "mojo/public/cpp/system/buffer.h"
 #include "mojo/public/cpp/system/platform_handle.h"

 namespace mojo {

+namespace {
+
+base::WritableSharedMemoryRegion CreateWritableSharedMemoryRegion(size_t size) {
+  mojo::ScopedSharedBufferHandle handle =
+      mojo::SharedBufferHandle::Create(size);
+  if (!handle.is_valid())
+    return base::WritableSharedMemoryRegion();
+
+  return mojo::UnwrapWritableSharedMemoryRegion(std::move(handle));
+}
+
 base::MappedReadOnlyRegion CreateReadOnlySharedMemoryRegion(size_t size) {
  auto writable_region = CreateWritableSharedMemoryRegion(size);
  if (!writable_region.IsValid())
@@ -30,13 +45,12 @@ base::UnsafeSharedMemoryRegion CreateUnsafeSharedMemoryRegion(size_t size) {
      std::move(writable_region));
 }

-base::WritableSharedMemoryRegion CreateWritableSharedMemoryRegion(size_t size) {
-  mojo::ScopedSharedBufferHandle handle =
-      mojo::SharedBufferHandle::Create(size);
-  if (!handle.is_valid())
-    return base::WritableSharedMemoryRegion();
+}  // namespace

-  return mojo::UnwrapWritableSharedMemoryRegion(std::move(handle));
+void SharedMemoryUtils::InstallBaseHooks() {
+  base::SharedMemoryHooks::SetCreateHooks(&CreateReadOnlySharedMemoryRegion,
+                                          &CreateUnsafeSharedMemoryRegion,
+                                          &CreateWritableSharedMemoryRegion);
 }

 }  // namespace mojo
--- a/mojo/public/cpp/base/shared_memory_utils.h
+++ b/mojo/public/cpp/base/shared_memory_utils.h
@@ -6,25 +6,13 @@
 #define MOJO_PUBLIC_CPP_BASE_SHARED_MEMORY_UTILS_H_

 #include "base/component_export.h"
-#include "base/memory/read_only_shared_memory_region.h"
-#include "base/memory/unsafe_shared_memory_region.h"
-#include "base/memory/writable_shared_memory_region.h"

 namespace mojo {

-// These creation methods are parallel to the base::*SharedMemoryRegion::Create
-// methods. These methods should be used instead of the base:: ones to create
-// shared memory in an unprivileged context, in which case a broker in a
-// privileged process will be used to create the region.
-//
-// IsValid() should be checked on the return value of the following methods to
-// determine if the creation was successful.
-COMPONENT_EXPORT(MOJO_BASE)
-base::MappedReadOnlyRegion CreateReadOnlySharedMemoryRegion(size_t size);
-COMPONENT_EXPORT(MOJO_BASE)
-base::UnsafeSharedMemoryRegion CreateUnsafeSharedMemoryRegion(size_t size);
-COMPONENT_EXPORT(MOJO_BASE)
-base::WritableSharedMemoryRegion CreateWritableSharedMemoryRegion(size_t size);
+class SharedMemoryUtils {
+ public:
+  COMPONENT_EXPORT(MOJO_BASE) static void InstallBaseHooks();
+};

 }  // namespace mojo


--- a/services/service_manager/embedder/main.cc
+++ b/services/service_manager/embedder/main.cc
@@ -401,10 +401,7 @@ int Main(const MainParams& params) {
      DCHECK(!mojo_config.is_broker_process);
      // Otherwise, this is a sandboxed process that will need brokering to
      // allocate shared memory.
-      base::SharedMemoryHooks::SetCreateHooks(
-          &mojo::CreateReadOnlySharedMemoryRegion,
-          &mojo::CreateUnsafeSharedMemoryRegion,
-          &mojo::CreateWritableSharedMemoryRegion);
+      mojo::SharedMemoryUtils::InstallBaseHooks();
    }
 #endif  // !defined(OS_MACOSX) && !defined(OS_NACL_SFI) && !defined(OS_FUCHSIA)