mirror of
https://github.com/chromium/crashpad.git
synced 2024-12-31 01:43:03 +08:00
4cb79941fc
This enables the following code in util/mach on iOS: - exception_behaviors.{cc,h} - exception_ports.{cc,h} - mach_message.{cc,h} - mach_message_server.{cc,h} Only the ExceptionBehaviors and MachMessage tests are built, because the other two are tested by multiprocess tests that won’t run on iOS. The AuditPIDFromMachMessageTrailer function from mach_message.h is excluded on iOS because it relies on <bsm/libbsm.h>, which is broken on iOS: it depends on <bsm/audit_record.h>, which is missing from the SDK. Additionally, the BSM function that Crashpad uses, audit_token_to_au32, is marked as unavailable on iOS. Crashpad uses it on macOS to authenticate Mach messages sent by other processes, but this is moot on iOS. Bug: crashpad:31 Change-Id: I5ebc4b80543989b9cd0b85b82eb4b3ff98c44e6c Reviewed-on: https://chromium-review.googlesource.com/c/crashpad/crashpad/+/2155086 Reviewed-by: Justin Cohen <justincohen@chromium.org> Commit-Queue: Mark Mentovai <mark@chromium.org>
209 lines
9.3 KiB
C++
209 lines
9.3 KiB
C++
// Copyright 2014 The Crashpad Authors. All rights reserved.
|
||
//
|
||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||
// you may not use this file except in compliance with the License.
|
||
// You may obtain a copy of the License at
|
||
//
|
||
// http://www.apache.org/licenses/LICENSE-2.0
|
||
//
|
||
// Unless required by applicable law or agreed to in writing, software
|
||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||
// See the License for the specific language governing permissions and
|
||
// limitations under the License.
|
||
|
||
#ifndef CRASHPAD_UTIL_MACH_MACH_MESSAGE_H_
|
||
#define CRASHPAD_UTIL_MACH_MACH_MESSAGE_H_
|
||
|
||
#include <mach/mach.h>
|
||
#include <stdint.h>
|
||
#include <sys/types.h>
|
||
|
||
#include "build/build_config.h"
|
||
|
||
namespace crashpad {
|
||
|
||
//! \brief A Mach message option specifying that an audit trailer should be
|
||
//! delivered during a receive operation.
|
||
//!
|
||
//! This constant is provided because the macros normally used to request this
|
||
//! behavior are cumbersome.
|
||
constexpr mach_msg_option_t kMachMessageReceiveAuditTrailer =
|
||
MACH_RCV_TRAILER_TYPE(MACH_MSG_TRAILER_FORMAT_0) |
|
||
MACH_RCV_TRAILER_ELEMENTS(MACH_RCV_TRAILER_AUDIT);
|
||
|
||
//! \brief Special constants used as `mach_msg_timeout_t` values.
|
||
enum : mach_msg_timeout_t {
|
||
//! \brief When passed to MachMessageDeadlineFromTimeout(), that function will
|
||
//! return #kMachMessageDeadlineNonblocking.
|
||
kMachMessageTimeoutNonblocking = 0,
|
||
|
||
//! \brief When passed to MachMessageDeadlineFromTimeout(), that function will
|
||
//! return #kMachMessageDeadlineWaitIndefinitely.
|
||
kMachMessageTimeoutWaitIndefinitely = 0xffffffff,
|
||
};
|
||
|
||
//! \brief The time before which a MachMessageWithDeadline() call should
|
||
//! complete.
|
||
//!
|
||
//! A value of this type may be one of the special constants
|
||
//! #kMachMessageDeadlineNonblocking or #kMachMessageDeadlineWaitIndefinitely.
|
||
//! Any other values should be produced by calling
|
||
//! MachMessageDeadlineFromTimeout().
|
||
//!
|
||
//! Internally, these are currently specified on the same time base as
|
||
//! ClockMonotonicNanoseconds(), although this is an implementation detail.
|
||
using MachMessageDeadline = uint64_t;
|
||
|
||
//! \brief Special constants used as \ref crashpad::MachMessageDeadline
|
||
//! "MachMessageDeadline" values.
|
||
enum : MachMessageDeadline {
|
||
//! \brief MachMessageWithDeadline() should not block at all in its operation.
|
||
kMachMessageDeadlineNonblocking = 0,
|
||
|
||
//! \brief MachMessageWithDeadline() should wait indefinitely for the
|
||
//! requested operation to complete.
|
||
kMachMessageDeadlineWaitIndefinitely = 0xffffffffffffffff,
|
||
};
|
||
|
||
//! \brief Computes the deadline for a specified timeout value.
|
||
//!
|
||
//! While deadlines exist on an absolute time scale, timeouts are relative. This
|
||
//! function calculates the deadline as \a timeout_ms milliseconds after it
|
||
//! executes.
|
||
//!
|
||
//! If \a timeout_ms is #kMachMessageDeadlineNonblocking, this function will
|
||
//! return #kMachMessageDeadlineNonblocking. If \a timeout_ms is
|
||
//! #kMachMessageTimeoutWaitIndefinitely, this function will return
|
||
//! #kMachMessageDeadlineWaitIndefinitely.
|
||
MachMessageDeadline MachMessageDeadlineFromTimeout(
|
||
mach_msg_timeout_t timeout_ms);
|
||
|
||
//! \brief Runs `mach_msg()` with a deadline, as opposed to a timeout.
|
||
//!
|
||
//! This function is similar to `mach_msg()`, with the following differences:
|
||
//! - The `timeout` parameter has been replaced by \a deadline. The deadline
|
||
//! applies uniformly to a call that is requested to both send and receive
|
||
//! a message.
|
||
//! - The `MACH_SEND_TIMEOUT` and `MACH_RCV_TIMEOUT` bits in \a options are
|
||
//! not used. Timeouts are specified by the \a deadline argument.
|
||
//! - The `send_size` parameter has been removed. Its value is implied by
|
||
//! \a message when \a options contains `MACH_SEND_MSG`.
|
||
//! - The \a run_even_if_expired parameter has been added.
|
||
//!
|
||
//! Like the `mach_msg()` wrapper in `libsyscall`, this function will retry
|
||
//! operations when experiencing `MACH_SEND_INTERRUPTED` and
|
||
//! `MACH_RCV_INTERRUPTED`, unless \a options contains `MACH_SEND_INTERRUPT` or
|
||
//! `MACH_RCV_INTERRUPT`. Unlike `mach_msg()`, which restarts the call with the
|
||
//! full timeout when this occurs, this function continues enforcing the
|
||
//! user-specified \a deadline.
|
||
//!
|
||
//! Except as noted, the parameters and return value are identical to those of
|
||
//! `mach_msg()`.
|
||
//!
|
||
//! \param[in,out] message
|
||
//! \param[in] options
|
||
//! \param[in] receive_size
|
||
//! \param[in] receive_port
|
||
//! \param[in] deadline The time by which this call should complete. If the
|
||
//! deadline is exceeded, this call will return `MACH_SEND_TIMED_OUT` or
|
||
//! `MACH_RCV_TIMED_OUT`.
|
||
//! \param[in] notify_port
|
||
//! \param[in] run_even_if_expired If `true`, a deadline that is expired when
|
||
//! this function is called will be treated as though a deadline of
|
||
//! #kMachMessageDeadlineNonblocking had been specified. When `false`, an
|
||
//! expired deadline will result in a `MACH_SEND_TIMED_OUT` or
|
||
//! `MACH_RCV_TIMED_OUT` return value, even if the deadline is already
|
||
//! expired when the function is called.
|
||
//!
|
||
//! \return The return value of `mach_msg()`
|
||
mach_msg_return_t MachMessageWithDeadline(mach_msg_header_t* message,
|
||
mach_msg_option_t options,
|
||
mach_msg_size_t receive_size,
|
||
mach_port_name_t receive_port,
|
||
MachMessageDeadline deadline,
|
||
mach_port_name_t notify_port,
|
||
bool run_even_if_expired);
|
||
|
||
//! \brief Initializes a reply message for a MIG server routine based on its
|
||
//! corresponding request.
|
||
//!
|
||
//! If a request is handled by a server routine, it may be necessary to revise
|
||
//! some of the fields set by this function, such as `msgh_size` and any fields
|
||
//! defined in a routine’s reply structure type.
|
||
//!
|
||
//! \param[in] in_header The request message to base the reply on.
|
||
//! \param[out] out_header The reply message to initialize. \a out_header will
|
||
//! be treated as a `mig_reply_error_t*` and all of its fields will be set
|
||
//! except for `RetCode`, which must be set by SetMIGReplyError(). This
|
||
//! argument is accepted as a `mach_msg_header_t*` instead of a
|
||
//! `mig_reply_error_t*` because that is the type that callers are expected
|
||
//! to possess in the C API.
|
||
void PrepareMIGReplyFromRequest(const mach_msg_header_t* in_header,
|
||
mach_msg_header_t* out_header);
|
||
|
||
//! \brief Sets the error code in a reply message for a MIG server routine.
|
||
//!
|
||
//! \param[in,out] out_header The reply message to operate on. \a out_header
|
||
//! will be treated as a `mig_reply_error_t*` and its `RetCode` field will
|
||
//! be set. This argument is accepted as a `mach_msg_header_t*` instead of a
|
||
//! `mig_reply_error_t*` because that is the type that callers are expected
|
||
//! to possess in the C API.
|
||
//! \param[in] error The error code to store in \a out_header.
|
||
//!
|
||
//! \sa PrepareMIGReplyFromRequest()
|
||
void SetMIGReplyError(mach_msg_header_t* out_header, kern_return_t error);
|
||
|
||
//! \brief Returns a Mach message trailer for a message that has been received.
|
||
//!
|
||
//! This function must only be called on Mach messages that have been received
|
||
//! via the Mach messaging interface, such as `mach_msg()`. Messages constructed
|
||
//! for sending do not contain trailers.
|
||
//!
|
||
//! \param[in] header A pointer to a received Mach message.
|
||
//!
|
||
//! \return A pointer to the trailer following the received Mach message’s body.
|
||
//! The contents of the trailer depend on the options provided to
|
||
//! `mach_msg()` or a similar function when the message was received.
|
||
const mach_msg_trailer_t* MachMessageTrailerFromHeader(
|
||
const mach_msg_header_t* header);
|
||
|
||
//! \brief Destroys or deallocates a Mach port received in a Mach message.
|
||
//!
|
||
//! This function disposes of port rights received in a Mach message. Receive
|
||
//! rights will be destroyed with `mach_port_mod_refs()`. Send and send-once
|
||
//! rights will be deallocated with `mach_port_deallocate()`.
|
||
//!
|
||
//! \param[in] port The port to destroy or deallocate.
|
||
//! \param[in] port_right_type The right type held for \a port:
|
||
//! `MACH_MSG_TYPE_PORT_RECEIVE`, `MACH_MSG_TYPE_PORT_SEND`, or
|
||
//! `MACH_MSG_TYPE_PORT_SEND_ONCE`.
|
||
//!
|
||
//! \return `true` on success, or `false` on failure with a message logged.
|
||
bool MachMessageDestroyReceivedPort(mach_port_t port,
|
||
mach_msg_type_name_t port_right_type);
|
||
|
||
#if !defined(OS_IOS) || DOXYGEN
|
||
|
||
//! \brief Returns the process ID of a Mach message’s sender from its audit
|
||
//! trailer.
|
||
//!
|
||
//! For the audit trailer to be present, the message must have been received
|
||
//! with #kMachMessageReceiveAuditTrailer or its macro equivalent specified in
|
||
//! the receive options.
|
||
//!
|
||
//! If the kernel is the message’s sender, a process ID of `0` will be returned.
|
||
//!
|
||
//! \param[in] trailer The trailer received with a Mach message.
|
||
//!
|
||
//! \return The process ID of the message’s sender, or `-1` on failure with a
|
||
//! message logged. It is considered a failure for \a trailer to not contain
|
||
//! audit information.
|
||
pid_t AuditPIDFromMachMessageTrailer(const mach_msg_trailer_t* trailer);
|
||
|
||
#endif // !OS_IOS
|
||
|
||
} // namespace crashpad
|
||
|
||
#endif // CRASHPAD_UTIL_MACH_MACH_MESSAGE_H_
|