permission_broker/port_tracker.h - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2015 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef PERMISSION_BROKER_PORT_TRACKER_H_
 #define PERMISSION_BROKER_PORT_TRACKER_H_

 #include <map>
 #include <string>
 #include <utility>
 #include <vector>

 #include <base/macros.h>
 #include <base/message_loop/message_loop.h>
 #include <base/sequenced_task_runner.h>

 #include "permission_broker/firewall.h"

 namespace permission_broker {

 class PortTracker {
  public:
   typedef std::pair<uint16_t, std::string> Hole;

   explicit PortTracker(Firewall* firewall);
   virtual ~PortTracker();

   bool AllowTcpPortAccess(uint16_t port, const std::string& iface, int dbus_fd);
   bool AllowUdpPortAccess(uint16_t port, const std::string& iface, int dbus_fd);
   bool RevokeTcpPortAccess(uint16_t port, const std::string& iface);
   bool RevokeUdpPortAccess(uint16_t port, const std::string& iface);

   bool PerformVpnSetup(const std::vector<std::string>& usernames,
                        const std::string& interface,
                        int dbus_fd);
   bool RemoveVpnSetup();

   // Close all outstanding firewall holes.
   void RevokeAllPortAccess();

  protected:
   PortTracker(scoped_refptr<base::SequencedTaskRunner> task_runner,
               Firewall* firewall);

  private:
   FRIEND_TEST(PortTrackerTest, RequestVpnSetupSuccess);
   FRIEND_TEST(PortTrackerTest, RequestVpnSetupFailure);

   // Helper functions for process lifetime tracking.
   virtual int AddLifelineFd(int dbus_fd);
   virtual bool DeleteLifelineFd(int fd);
   virtual void CheckLifelineFds(bool reschedule_check);
   virtual void ScheduleLifelineCheck();

   bool PlugFirewallHole(int fd);
   bool DeleteVpnRules();

   // epoll(7) helper functions.
   virtual bool InitializeEpollOnce();

   scoped_refptr<base::SequencedTaskRunner> task_runner_;
   int epfd_;

   // For each fd (process), keep track of which hole (port, interface)
   // it requested.
   std::map<int, Hole> tcp_holes_;
   std::map<int, Hole> udp_holes_;

   // For each hole (port, interface), keep track of which fd requested it.
   // We need this for Release{Tcp|Udp}Port(), to avoid traversing
   // |{tcp|udp}_holes_| each time.
   std::map<Hole, int> tcp_fds_;
   std::map<Hole, int> udp_fds_;

   // Keep track of which fd corresponds to VPN rules.
   int vpn_lifeline_;
   std::vector<std::string> vpn_usernames_;
   std::string vpn_interface_;

   // |firewall_| is owned by the PermissionBroker object owning this instance
   // of PortTracker.
   Firewall* firewall_;

   DISALLOW_COPY_AND_ASSIGN(PortTracker);
 };

 }  // namespace permission_broker

 #endif  // PERMISSION_BROKER_PORT_TRACKER_H_
	// Copyright 2015 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef PERMISSION_BROKER_PORT_TRACKER_H_
	#define PERMISSION_BROKER_PORT_TRACKER_H_

	#include <map>
	#include <string>
	#include <utility>
	#include <vector>

	#include <base/macros.h>
	#include <base/message_loop/message_loop.h>
	#include <base/sequenced_task_runner.h>

	#include "permission_broker/firewall.h"

	namespace permission_broker {

	class PortTracker {
	public:
	typedef std::pair<uint16_t, std::string> Hole;

	explicit PortTracker(Firewall* firewall);
	virtual ~PortTracker();

	bool AllowTcpPortAccess(uint16_t port, const std::string& iface, int dbus_fd);
	bool AllowUdpPortAccess(uint16_t port, const std::string& iface, int dbus_fd);
	bool RevokeTcpPortAccess(uint16_t port, const std::string& iface);
	bool RevokeUdpPortAccess(uint16_t port, const std::string& iface);

	bool PerformVpnSetup(const std::vector<std::string>& usernames,
	const std::string& interface,
	int dbus_fd);
	bool RemoveVpnSetup();

	// Close all outstanding firewall holes.
	void RevokeAllPortAccess();

	protected:
	PortTracker(scoped_refptr<base::SequencedTaskRunner> task_runner,
	Firewall* firewall);

	private:
	FRIEND_TEST(PortTrackerTest, RequestVpnSetupSuccess);
	FRIEND_TEST(PortTrackerTest, RequestVpnSetupFailure);

	// Helper functions for process lifetime tracking.
	virtual int AddLifelineFd(int dbus_fd);
	virtual bool DeleteLifelineFd(int fd);
	virtual void CheckLifelineFds(bool reschedule_check);
	virtual void ScheduleLifelineCheck();

	bool PlugFirewallHole(int fd);
	bool DeleteVpnRules();

	// epoll(7) helper functions.
	virtual bool InitializeEpollOnce();

	scoped_refptr<base::SequencedTaskRunner> task_runner_;
	int epfd_;

	// For each fd (process), keep track of which hole (port, interface)
	// it requested.
	std::map<int, Hole> tcp_holes_;
	std::map<int, Hole> udp_holes_;

	// For each hole (port, interface), keep track of which fd requested it.
	// We need this for Release{Tcp\|Udp}Port(), to avoid traversing
	// \|{tcp\|udp}_holes_\| each time.
	std::map<Hole, int> tcp_fds_;
	std::map<Hole, int> udp_fds_;

	// Keep track of which fd corresponds to VPN rules.
	int vpn_lifeline_;
	std::vector<std::string> vpn_usernames_;
	std::string vpn_interface_;

	// \|firewall_\| is owned by the PermissionBroker object owning this instance
	// of PortTracker.
	Firewall* firewall_;

	DISALLOW_COPY_AND_ASSIGN(PortTracker);
	};

	} // namespace permission_broker

	#endif // PERMISSION_BROKER_PORT_TRACKER_H_