• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2014 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef BASE_FILES_SCOPED_FILE_H_
6 #define BASE_FILES_SCOPED_FILE_H_
7 
8 #include <stdio.h>
9 
10 #include <memory>
11 
12 #include "base/base_export.h"
13 #include "base/scoped_generic.h"
14 #include "build/build_config.h"
15 
16 namespace base {
17 
18 namespace internal {
19 
20 #if BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX)
21 // Platforms for which it is possible to track ownership of file descriptors.
22 //
23 // On Android, fdsan is used.
24 //
25 // On ChromeOS and Linux, file descriptor lifetime is guarded with a global
26 // table and a hook into libc close().
27 struct BASE_EXPORT ScopedFDCloseTraits : public ScopedGenericOwnershipTracking {
InvalidValueScopedFDCloseTraits28   static int InvalidValue() { return -1; }
29   static void Free(int fd);
30   static void Acquire(const ScopedGeneric<int, ScopedFDCloseTraits>& owner,
31                       int fd);
32   static void Release(const ScopedGeneric<int, ScopedFDCloseTraits>& owner,
33                       int fd);
34 };
35 
36 #elif BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA)
37 
38 struct BASE_EXPORT ScopedFDCloseTraits {
39   static int InvalidValue() { return -1; }
40   static void Free(int fd);
41 };
42 
43 #endif
44 
45 // Functor for `ScopedFILE` (below).
46 struct ScopedFILECloser {
operatorScopedFILECloser47   inline void operator()(FILE* x) const {
48     if (x) {
49       fclose(x);
50     }
51   }
52 };
53 
54 }  // namespace internal
55 
56 #if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX)
57 namespace subtle {
58 
59 #if !defined(COMPONENT_BUILD)
60 // Enables or disables enforcement of FD ownership as tracked by ScopedFD
61 // objects. Enforcement is disabled by default since it proves unwieldy in some
62 // test environments, but tracking is always done. It's best to enable this as
63 // early as possible in a process's lifetime.
64 //
65 // This function is not available in component builds, as the close()
66 // interceptor used by the implementation is unreliable when compiled into
67 // a shared library (b/342530259). If FD ownership needs to be tested or
68 // enforced, it should be done on a non-component build instead.
69 void BASE_EXPORT EnableFDOwnershipEnforcement(bool enabled);
70 #endif  // !defined(COMPONENT_BUILD)
71 
72 // Resets ownership state of all FDs. The only permissible use of this API is
73 // in a forked child process between the fork() and a subsequent exec() call.
74 //
75 // For one issue, it is common to mass-close most open FDs before calling
76 // exec(), to avoid leaking FDs into the new executable's environment. For
77 // processes which have enabled FD ownership enforcement, this reset operation
78 // is necessary before performing such closures.
79 //
80 // Furthermore, fork()+exec() may be used in a multithreaded context, and
81 // because fork() is not atomic, the FD ownership state in the child process may
82 // be inconsistent with the actual set of opened file descriptors once fork()
83 // returns in the child process.
84 //
85 // It is therefore especially important to call this ASAP after fork() in the
86 // child process if any FD manipulation will be done prior to the subsequent
87 // exec call.
88 void BASE_EXPORT ResetFDOwnership();
89 
90 }  // namespace subtle
91 #endif  // BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX)
92 
93 // -----------------------------------------------------------------------------
94 
95 #if BUILDFLAG(IS_POSIX) || BUILDFLAG(IS_FUCHSIA)
96 // A low-level Posix file descriptor closer class. Use this when writing
97 // platform-specific code, especially that does non-file-like things with the
98 // FD (like sockets).
99 //
100 // If you're writing low-level Windows code, see base/win/scoped_handle.h
101 // which provides some additional functionality.
102 //
103 // If you're writing cross-platform code that deals with actual files, you
104 // should generally use base::File instead which can be constructed with a
105 // handle, and in addition to handling ownership, has convenient cross-platform
106 // file manipulation functions on it.
107 using ScopedFD = ScopedGeneric<int, internal::ScopedFDCloseTraits>;
108 #endif
109 
110 // Automatically closes `FILE*`s.
111 using ScopedFILE = std::unique_ptr<FILE, internal::ScopedFILECloser>;
112 
113 #if BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX)
114 // Queries the ownership status of an FD, i.e. whether it is currently owned by
115 // a ScopedFD in the calling process.
116 bool BASE_EXPORT IsFDOwned(int fd);
117 #endif  // BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_LINUX)
118 
119 }  // namespace base
120 
121 #endif  // BASE_FILES_SCOPED_FILE_H_
122