[Fuchsia] Move allocation of PA_HND identifiers into LaunchOptions.

Mojo's PlatformChannel implemented its own mechanism to allocate PA_HND identifiers, and used the PA_USER0 namespace. Separately we had some callers expecting to use statically-defined PA_USER0 identifiers to pass application-specific handles, creating potential for clashes. For features like base::FieldTrialList we also need a mechanism to pass a handle to a child process at startup, for which we'd ideally have a well-known path location in the FDIO namespace supplied to the child. Since FDIO namespaces do not yet support non-file/directory handles, we need a safe way to allocate an id that the FieldTrial implementation can pass via the command-line, similarly to Mojo. We add an AddHandleToTransfer() helper that appends a handle to a handles-to-transfer vector with a unique id, and returns the id, and add comments to clarify that PA_USER1 is used for these ids, leaving PA_USER0 (and others) free for application use. Bug: 909851 Change-Id: If9b8ffaf98155f72cc7a52e5ef0c51ef19048d66 Reviewed-on: https://chromium-review.googlesource.com/c/1354398Reviewed-by: Kevin Marshall <kmarshall@chromium.org> Reviewed-by: Sergey Ulanov <sergeyu@chromium.org> Reviewed-by: Scott Violet <sky@chromium.org> Commit-Queue: Wez <wez@chromium.org> Cr-Commit-Position: refs/heads/master@{#612899}

[Fuchsia] Move allocation of PA_HND identifiers into LaunchOptions.
Mojo's PlatformChannel implemented its own mechanism to allocate PA_HND identifiers, and used the PA_USER0 namespace. Separately we had some callers expecting to use statically-defined PA_USER0 identifiers to pass application-specific handles, creating potential for clashes. For features like base::FieldTrialList we also need a mechanism to pass a handle to a child process at startup, for which we'd ideally have a well-known path location in the FDIO namespace supplied to the child. Since FDIO namespaces do not yet support non-file/directory handles, we need a safe way to allocate an id that the FieldTrial implementation can pass via the command-line, similarly to Mojo. We add an AddHandleToTransfer() helper that appends a handle to a handles-to-transfer vector with a unique id, and returns the id, and add comments to clarify that PA_USER1 is used for these ids, leaving PA_USER0 (and others) free for application use. Bug: 909851 Change-Id: If9b8ffaf98155f72cc7a52e5ef0c51ef19048d66 Reviewed-on: https://chromium-review.googlesource.com/c/1354398Reviewed-by: Kevin Marshall <kmarshall@chromium.org> Reviewed-by: Sergey Ulanov <sergeyu@chromium.org> Reviewed-by: Scott Violet <sky@chromium.org> Commit-Queue: Wez <wez@chromium.org> Cr-Commit-Position: refs/heads/master@{#612899}
35e50b5d · Wez · Commit Bot · 9e102a8d · 35e50b5d · 35e50b5d
Commit 35e50b5d authored Dec 01, 2018 by Wez Committed by Commit Bot Dec 01, 2018
Showing with 20 additions and 2 deletions

base/process/launch.h base/process/launch.h +9 -0

base/process/launch_fuchsia.cc base/process/launch_fuchsia.cc +9 -0

mojo/public/cpp/platform/platform_channel.cc mojo/public/cpp/platform/platform_channel.cc +2 -2

No files found.
--- a/base/process/launch.h
+++ b/base/process/launch.h
@@ -199,8 +199,17 @@ struct BASE_EXPORT LaunchOptions {
  // PA_HND() macro. The child retrieves the handle
  // |zx_take_startup_handle(id)|. The supplied handles are consumed by
  // LaunchProcess() even on failure.
+  // Note that PA_USER1 ids are reserved for use by AddHandleToTransfer(), below
+  // and by convention PA_USER0 is reserved for use by the embedding
+  // application.
  HandlesToTransferVector handles_to_transfer;

+  // Allocates a unique id for |handle| in |handles_to_transfer|, inserts it,
+  // and returns the generated id.
+  static uint32_t AddHandleToTransfer(
+      HandlesToTransferVector* handles_to_transfer,
+      zx_handle_t handle);
+
  // Specifies which basic capabilities to grant to the child process.
  // By default the child process will receive the caller's complete namespace,
  // access to the current base::fuchsia::DefaultJob(), handles for stdio and

--- a/base/process/launch_fuchsia.cc
+++ b/base/process/launch_fuchsia.cc
@@ -93,6 +93,15 @@ fdio_spawn_action_t FdioSpawnActionAddHandle(uint32_t id, zx_handle_t handle) {

 }  // namespace

+// static
+uint32_t LaunchOptions::AddHandleToTransfer(
+    HandlesToTransferVector* handles_to_transfer,
+    zx_handle_t handle) {
+  uint32_t handle_id = PA_HND(PA_USER1, handles_to_transfer->size());
+  handles_to_transfer->push_back({handle_id, handle});
+  return handle_id;
+}
+
 Process LaunchProcess(const CommandLine& cmdline,
                      const LaunchOptions& options) {
  return LaunchProcess(cmdline.argv(), options);

--- a/mojo/public/cpp/platform/platform_channel.cc
+++ b/mojo/public/cpp/platform/platform_channel.cc
@@ -174,8 +174,8 @@ void PlatformChannel::PrepareToPassRemoteEndpoint(HandlePassingInfo* info,
  *value = base::NumberToString(
      HandleToLong(remote_endpoint_.platform_handle().GetHandle().Get()));
 #elif defined(OS_FUCHSIA)
-  const uint32_t id = PA_HND(PA_USER0, info->size());
-  info->push_back({id, remote_endpoint_.platform_handle().GetHandle().get()});
+  const uint32_t id = base::LaunchOptions::AddHandleToTransfer(
+      info, remote_endpoint_.platform_handle().GetHandle().get());
  *value = base::NumberToString(id);
 #elif defined(OS_ANDROID)
  int fd = remote_endpoint_.platform_handle().GetFD().get();