Supervised user whitelists: Cleanup
[chromium-blink-merge.git] / ppapi / proxy / plugin_dispatcher.h
blobea840f5f75f054c245d0dd5ae63438b871958a09
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef PPAPI_PROXY_PLUGIN_DISPATCHER_H_
6 #define PPAPI_PROXY_PLUGIN_DISPATCHER_H_
8 #include <set>
9 #include <string>
11 #include "base/basictypes.h"
12 #include "base/containers/hash_tables.h"
13 #include "base/containers/scoped_ptr_hash_map.h"
14 #include "base/memory/ref_counted.h"
15 #include "base/memory/weak_ptr.h"
16 #include "base/process/process.h"
17 #include "build/build_config.h"
18 #include "ipc/ipc_sync_channel.h"
19 #include "ppapi/c/pp_instance.h"
20 #include "ppapi/c/pp_rect.h"
21 #include "ppapi/c/ppb_console.h"
22 #include "ppapi/proxy/dispatcher.h"
23 #include "ppapi/proxy/message_handler.h"
24 #include "ppapi/shared_impl/ppapi_preferences.h"
25 #include "ppapi/shared_impl/ppb_view_shared.h"
26 #include "ppapi/shared_impl/singleton_resource_id.h"
27 #include "ppapi/shared_impl/tracked_callback.h"
29 namespace IPC {
30 class SyncMessageFilter;
33 namespace ppapi {
35 struct Preferences;
36 class Resource;
38 namespace thunk {
39 class PPB_Instance_API;
40 class ResourceCreationAPI;
43 namespace proxy {
45 // Used to keep track of per-instance data.
46 struct InstanceData {
47 InstanceData();
48 ~InstanceData();
50 ViewData view;
52 // When non-NULL, indicates the callback to execute when mouse lock is lost.
53 scoped_refptr<TrackedCallback> mouse_lock_callback;
55 // A map of singleton resources which are lazily created.
56 typedef std::map<SingletonResourceID, scoped_refptr<Resource> >
57 SingletonResourceMap;
58 SingletonResourceMap singleton_resources;
60 // Calls to |RequestSurroundingText()| are done by posted tasks. Track whether
61 // a) a task is pending, to avoid redundant calls, and b) whether we should
62 // actually call |RequestSurroundingText()|, to avoid stale calls (i.e.,
63 // calling when we shouldn't).
64 bool is_request_surrounding_text_pending;
65 bool should_do_request_surrounding_text;
67 // The message handler which should handle JavaScript->Plugin messages, if
68 // one has been registered, otherwise NULL.
69 scoped_ptr<MessageHandler> message_handler;
72 class PPAPI_PROXY_EXPORT PluginDispatcher
73 : public Dispatcher,
74 public base::SupportsWeakPtr<PluginDispatcher> {
75 public:
76 class PPAPI_PROXY_EXPORT PluginDelegate : public ProxyChannel::Delegate {
77 public:
78 // Returns the set used for globally uniquifying PP_Instances. This same
79 // set must be returned for all channels.
81 // DEREFERENCE ONLY ON THE I/O THREAD.
82 virtual std::set<PP_Instance>* GetGloballySeenInstanceIDSet() = 0;
84 // Registers the plugin dispatcher and returns an ID.
85 // Plugin dispatcher IDs will be used to dispatch messages from the browser.
86 // Each call to Register() has to be matched with a call to Unregister().
87 virtual uint32 Register(PluginDispatcher* plugin_dispatcher) = 0;
88 virtual void Unregister(uint32 plugin_dispatcher_id) = 0;
91 // Constructor for the plugin side. The init and shutdown functions will be
92 // will be automatically called when requested by the renderer side. The
93 // module ID will be set upon receipt of the InitializeModule message.
95 // Note about permissions: On the plugin side, the dispatcher and the plugin
96 // run in the same address space (including in nacl). This means that the
97 // permissions here are subject to malicious modification and bypass, and
98 // an exploited or malicious plugin could send any IPC messages and just
99 // bypass the permissions. All permissions must be checked "for realz" in the
100 // host process when receiving messages. We check them on the plugin side
101 // primarily to keep honest plugins honest, especially with respect to
102 // dev interfaces that they "shouldn't" be using.
104 // You must call InitPluginWithChannel after the constructor.
105 PluginDispatcher(PP_GetInterface_Func get_interface,
106 const PpapiPermissions& permissions,
107 bool incognito);
108 virtual ~PluginDispatcher();
110 // The plugin side maintains a mapping from PP_Instance to Dispatcher so
111 // that we can send the messages to the right channel if there are multiple
112 // renderers sharing the same plugin. This mapping is maintained by
113 // DidCreateInstance/DidDestroyInstance.
114 static PluginDispatcher* GetForInstance(PP_Instance instance);
116 // Same as GetForInstance but retrieves the instance from the given resource
117 // object as a convenience. Returns NULL on failure.
118 static PluginDispatcher* GetForResource(const Resource* resource);
120 // Implements the GetInterface function for the plugin to call to retrieve
121 // a browser interface.
122 static const void* GetBrowserInterface(const char* interface_name);
124 // Logs the given log message to the given instance, or, if the instance is
125 // invalid, to all instances associated with all dispatchers. Used for
126 // global log messages.
127 static void LogWithSource(PP_Instance instance,
128 PP_LogLevel level,
129 const std::string& source,
130 const std::string& value);
132 const void* GetPluginInterface(const std::string& interface_name);
134 // You must call this function before anything else. Returns true on success.
135 // The delegate pointer must outlive this class, ownership is not
136 // transferred.
137 bool InitPluginWithChannel(PluginDelegate* delegate,
138 base::ProcessId peer_pid,
139 const IPC::ChannelHandle& channel_handle,
140 bool is_client);
142 // Dispatcher overrides.
143 bool IsPlugin() const override;
144 // Send the message to the renderer. If |msg| is a synchronous message, we
145 // will unlock the ProxyLock so that we can handle incoming messages from the
146 // renderer.
147 bool Send(IPC::Message* msg) override;
149 // Unlike |Send()|, this function continues to hold the Pepper proxy lock
150 // until we are finished sending |msg|, even if it is a synchronous message.
151 bool SendAndStayLocked(IPC::Message* msg);
153 // IPC::Listener implementation.
154 bool OnMessageReceived(const IPC::Message& msg) override;
155 void OnChannelError() override;
157 // Keeps track of which dispatcher to use for each instance, active instances
158 // and tracks associated data like the current size.
159 void DidCreateInstance(PP_Instance instance);
160 void DidDestroyInstance(PP_Instance instance);
162 // Gets the data for an existing instance, or NULL if the instance id doesn't
163 // correspond to a known instance.
164 InstanceData* GetInstanceData(PP_Instance instance);
166 // Returns the corresponding API. These are APIs not associated with a
167 // resource. Guaranteed non-NULL.
168 thunk::PPB_Instance_API* GetInstanceAPI();
169 thunk::ResourceCreationAPI* GetResourceCreationAPI();
171 // Returns the Preferences.
172 const Preferences& preferences() const { return preferences_; }
174 uint32 plugin_dispatcher_id() const { return plugin_dispatcher_id_; }
175 bool incognito() const { return incognito_; }
177 private:
178 friend class PluginDispatcherTest;
180 // Notifies all live instances that they're now closed. This is used when
181 // a renderer crashes or some other error is received.
182 void ForceFreeAllInstances();
184 // IPC message handlers.
185 void OnMsgSupportsInterface(const std::string& interface_name, bool* result);
186 void OnMsgSetPreferences(const Preferences& prefs);
188 virtual bool SendMessage(IPC::Message* msg);
190 PluginDelegate* plugin_delegate_;
192 // Contains all the plugin interfaces we've queried. The mapped value will
193 // be the pointer to the interface pointer supplied by the plugin if it's
194 // supported, or NULL if it's not supported. This allows us to cache failures
195 // and not req-query if a plugin doesn't support the interface.
196 typedef base::hash_map<std::string, const void*> InterfaceMap;
197 InterfaceMap plugin_interfaces_;
199 typedef base::ScopedPtrHashMap<PP_Instance, InstanceData> InstanceDataMap;
200 InstanceDataMap instance_map_;
202 // The preferences sent from the host. We only want to set this once, which
203 // is what the received_preferences_ indicates. See OnMsgSetPreferences.
204 bool received_preferences_;
205 Preferences preferences_;
207 uint32 plugin_dispatcher_id_;
209 // Set to true when the instances associated with this dispatcher are
210 // incognito mode.
211 bool incognito_;
213 // A filter for sending messages from threads other than the main thread.
214 scoped_refptr<IPC::SyncMessageFilter> sync_filter_;
216 DISALLOW_COPY_AND_ASSIGN(PluginDispatcher);
219 } // namespace proxy
220 } // namespace ppapi
222 #endif // PPAPI_PROXY_PLUGIN_DISPATCHER_H_