-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfirewall_manager.h
97 lines (73 loc) · 3.15 KB
/
firewall_manager.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
// Copyright 2015 The ChromiumOS Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef LORGNETTE_FIREWALL_MANAGER_H_
#define LORGNETTE_FIREWALL_MANAGER_H_
#include <memory>
#include <set>
#include <string>
#include <base/files/scoped_file.h>
#include <base/memory/weak_ptr.h>
#include "permission_broker/dbus-proxies.h"
namespace lorgnette {
class FirewallManager;
// Class representing access to an open port. When it goes out of scope,
// it will release the port.
class PortToken {
public:
PortToken(base::WeakPtr<FirewallManager> firewall_manager, uint16_t port);
PortToken(const PortToken&) = delete;
PortToken& operator=(const PortToken&) = delete;
PortToken(PortToken&&);
~PortToken();
private:
base::WeakPtr<FirewallManager> firewall_manager_;
uint16_t port_;
};
// Class for managing required firewall rules for lorgnette.
class FirewallManager {
public:
explicit FirewallManager(const std::string& interface);
FirewallManager(const FirewallManager&) = delete;
FirewallManager& operator=(const FirewallManager&) = delete;
virtual ~FirewallManager() = default;
void Init(std::unique_ptr<org::chromium::PermissionBrokerProxyInterface>
permission_broker_proxy);
// Request port access for all well-known Canon scanner port.
PortToken RequestPixmaPortAccess();
// Request UDP port access for the specified port.
virtual PortToken RequestUdpPortAccess(uint16_t port);
private:
// ReleaseUdpPortAccess() should be private so that users don't free ports
// they didn't request, but PortToken's destructor needs access to it.
friend PortToken::~PortToken();
// Setup lifeline pipe to allow the remote firewall server
// (permission_broker) to monitor this process, so it can remove the firewall
// rules in case this process crashes.
bool SetupLifelinePipe();
void OnServiceAvailable(bool service_available);
void OnServiceNameChanged(const std::string& old_owner,
const std::string& new_owner);
void SendPortAccessRequest(uint16_t port);
// This is called when a new instance of permission_broker is detected. Since
// the new instance doesn't have any knowledge of previously port access
// requests, re-issue those requests to permission_broker to get in sync.
void RequestAllPortsAccess();
void ReleaseUdpPortAccess(uint16_t port);
// DBus proxy for permission_broker.
std::unique_ptr<org::chromium::PermissionBrokerProxyInterface>
permission_broker_proxy_;
// File descriptors for the two end of the pipe use for communicating with
// remote firewall server (permission_broker), where the remote firewall
// server will use the read end of the pipe to detect when this process exits.
base::ScopedFD lifeline_read_;
base::ScopedFD lifeline_write_;
// The interface on which to request network access.
std::string interface_;
// The set of ports for which access has been requested.
std::set<uint16_t> requested_ports_;
// Keep as the last member variable.
base::WeakPtrFactory<FirewallManager> weak_factory_{this};
};
} // namespace lorgnette
#endif // LORGNETTE_FIREWALL_MANAGER_H_