ppapi/proxy/nacl_message_scanner.h

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef PPAPI_PROXY_NACL_MESSAGE_SCANNER_H_
   6 #define PPAPI_PROXY_NACL_MESSAGE_SCANNER_H_
   7
   8 #include <map>
   9 #include <vector>
  10
  11 #include "base/basictypes.h"
  12 #include "base/memory/scoped_ptr.h"
  13 #include "base/synchronization/lock.h"
  14 #include "ppapi/c/pp_resource.h"
  15 #include "ppapi/proxy/ppapi_proxy_export.h"
  16
  17 namespace IPC {
  18 class Message;
  19 }
  20
  21 namespace ppapi {
  22 namespace proxy {
  23
  24 class SerializedHandle;
  25
  26 class PPAPI_PROXY_EXPORT NaClMessageScanner {
  27  public:
  28   NaClMessageScanner();
  29   ~NaClMessageScanner();
  30
  31   // Scans the message for items that require special handling. Copies any
  32   // SerializedHandles in the message into |handles| and if the message must be
  33   // rewritten for NaCl, sets |new_msg_ptr| to the new message. If no handles
  34   // are found, |handles| is left unchanged. If no rewriting is needed,
  35   // |new_msg_ptr| is left unchanged.
  36   //
  37   // For normal messages, |type| is equivalent to |msg|.id(), but, if |msg| is
  38   // a reply to a synchronous message, |type| is the id of the original
  39   // message.
  40   //
  41   // See more explanation in the method definition.
  42   //
  43   // See chrome/nacl/nacl_ipc_adapter.cc for where this is used to help convert
  44   // native handles to NaClDescs.
  45   bool ScanMessage(const IPC::Message& msg,
  46                    uint32_t type,
  47                    std::vector<SerializedHandle>* handles,
  48                    scoped_ptr<IPC::Message>* new_msg_ptr);
  49
  50   // Scans an untrusted message for items that require special handling. If the
  51   // message had to be rewritten, sets |new_msg_ptr| to the new message.
  52   void ScanUntrustedMessage(const IPC::Message& untrusted_msg,
  53                             scoped_ptr<IPC::Message>* new_msg_ptr);
  54
  55   // FileSystem information for quota auditing.
  56   class PPAPI_PROXY_EXPORT FileSystem {
  57    public:
  58     FileSystem();
  59     ~FileSystem();
  60
  61     int64_t reserved_quota() const { return reserved_quota_; }
  62
  63     // Adds amount to reserved quota. Returns true if reserved quota >= 0.
  64     bool UpdateReservedQuota(int64_t delta);
  65
  66    private:
  67     base::Lock lock_;
  68     // This is the remaining amount of quota reserved for the file system.
  69     // Acquire the lock to modify this field, since it may be used on multiple
  70     // threads.
  71     int64_t reserved_quota_;
  72
  73     DISALLOW_COPY_AND_ASSIGN(FileSystem);
  74   };
  75
  76   // FileIO information for quota auditing.
  77   class PPAPI_PROXY_EXPORT FileIO {
  78    public:
  79     FileIO(FileSystem* file_system, int64_t max_written_offset);
  80     ~FileIO();
  81
  82     int64_t max_written_offset() { return max_written_offset_; }
  83
  84     void SetMaxWrittenOffset(int64_t max_written_offset);
  85
  86     // Grows file by the given amount. Returns true on success.
  87     bool Grow(int64_t amount);
  88
  89    private:
  90     base::Lock lock_;
  91
  92     // The file system that contains this file.
  93     FileSystem* file_system_;
  94
  95     // The maximum written offset. This is initialized by NaClMessageScanner
  96     // when the file is opened and modified by a NaClDescQuotaInterface when the
  97     // plugin writes to greater maximum offsets.
  98     int64_t max_written_offset_;
  99
 100     DISALLOW_COPY_AND_ASSIGN(FileIO);
 101   };
 102
 103   FileIO* GetFile(PP_Resource file_io);
 104
 105  private:
 106   friend class NaClMessageScannerTest;
 107   void AuditNestedMessage(PP_Resource resource,
 108                           const IPC::Message& msg,
 109                           SerializedHandle* handle);
 110
 111   // We intercept FileSystem and FileIO messages to maintain information about
 112   // file systems and open files. This is used by NaClQuotaDescs to calculate
 113   // quota consumption and check it against the reserved amount.
 114   typedef std::map<int32_t, FileSystem*> FileSystemMap;
 115   FileSystemMap file_systems_;
 116   typedef std::map<int32_t, FileIO*> FileIOMap;
 117   FileIOMap files_;
 118
 119   DISALLOW_COPY_AND_ASSIGN(NaClMessageScanner);
 120 };
 121
 122 }  // namespace proxy
 123 }  // namespace ppapi
 124
 125 #endif  // PPAPI_PROXY_NACL_MESSAGE_SCANNER_H_