Roll src/third_party/WebKit 605a979:06cb9e9 (svn 202556:202558)
[chromium-blink-merge.git] / components / nacl / loader / nacl_ipc_adapter.h
blob46d9e611909419842d6530773680d6b6ceafc77c
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef COMPONENTS_NACL_LOADER_NACL_IPC_ADAPTER_H_
6 #define COMPONENTS_NACL_LOADER_NACL_IPC_ADAPTER_H_
8 #include <map>
9 #include <queue>
10 #include <string>
11 #include <vector>
13 #include "base/basictypes.h"
14 #include "base/callback.h"
15 #include "base/files/scoped_file.h"
16 #include "base/memory/ref_counted.h"
17 #include "base/memory/scoped_ptr.h"
18 #include "base/pickle.h"
19 #include "base/synchronization/condition_variable.h"
20 #include "base/synchronization/lock.h"
21 #include "base/task_runner.h"
22 #include "ipc/ipc_listener.h"
23 #include "ipc/ipc_platform_file.h"
24 #include "ppapi/c/pp_stdint.h"
25 #include "ppapi/proxy/nacl_message_scanner.h"
27 struct NaClDesc;
28 struct NaClImcTypedMsgHdr;
29 struct PP_Size;
31 namespace IPC {
32 class Channel;
33 struct ChannelHandle;
36 namespace ppapi {
37 class HostResource;
40 // Adapts a Chrome IPC channel to an IPC channel that we expose to Native
41 // Client. This provides a mapping in both directions, so when IPC messages
42 // come in from another process, we rewrite them and allow them to be received
43 // via a recvmsg-like interface in the NaCl code. When NaCl code calls sendmsg,
44 // we implement that as sending IPC messages on the channel.
46 // This object also provides the necessary logic for rewriting IPC messages.
47 // NaCl code is platform-independent and runs in a Posix-like enviroment, but
48 // some formatting in the message and the way handles are transferred varies
49 // by platform. This class bridges that gap to provide what looks like a
50 // normal platform-specific IPC implementation to Chrome, and a Posix-like
51 // version on every platform to NaCl.
53 // This object must be threadsafe since the nacl environment determines which
54 // thread every function is called on.
55 class NaClIPCAdapter : public base::RefCountedThreadSafe<NaClIPCAdapter>,
56 public IPC::Listener {
57 public:
58 // Chrome's IPC message format varies by platform, NaCl's does not. In
59 // particular, the header has some extra fields on Posix platforms. Since
60 // NaCl is a Posix environment, it gets that version of the header. This
61 // header is duplicated here so we have a cross-platform definition of the
62 // header we're exposing to NaCl.
63 #pragma pack(push, 4)
64 struct NaClMessageHeader : public base::Pickle::Header {
65 int32 routing;
66 uint32 type;
67 uint32 flags;
68 uint16 num_fds;
69 uint16 pad;
71 #pragma pack(pop)
73 typedef base::Callback<void(IPC::PlatformFileForTransit, base::FilePath)>
74 ResolveFileTokenReplyCallback;
76 typedef base::Callback<void(uint64_t, // file_token_lo
77 uint64_t, // file_token_hi
78 ResolveFileTokenReplyCallback)>
79 ResolveFileTokenCallback;
81 typedef base::Callback<void(const IPC::Message&,
82 IPC::PlatformFileForTransit,
83 base::FilePath)> OpenResourceReplyCallback;
85 typedef base::Callback<bool(const IPC::Message&,
86 const std::string&, // key
87 OpenResourceReplyCallback)> OpenResourceCallback;
89 // Creates an adapter, using the thread associated with the given task
90 // runner for posting messages. In normal use, the task runner will post to
91 // the I/O thread of the process.
93 // If you use this constructor, you MUST call ConnectChannel after the
94 // NaClIPCAdapter is constructed, or the NaClIPCAdapter's channel will not be
95 // connected.
97 // |resolve_file_token_cb| is an optional callback to be invoked for
98 // resolving file tokens received from the renderer. When the file token
99 // is resolved, the ResolveFileTokenReplyCallback passed inside the
100 // ResolveFileTokenCallback will be invoked. |open_resource_cb| is also an
101 // optional callback to be invoked for intercepting open_resource IRT calls.
102 // |open_resource_cb| may immediately call a OpenResourceReplyCallback
103 // function to send a pre-opened resource descriptor to the untrusted side.
104 // OpenResourceCallback returns true when OpenResourceReplyCallback is called.
105 NaClIPCAdapter(
106 const IPC::ChannelHandle& handle,
107 base::TaskRunner* runner,
108 ResolveFileTokenCallback resolve_file_token_cb,
109 OpenResourceCallback open_resource_cb);
111 // Initializes with a given channel that's already created for testing
112 // purposes. This function will take ownership of the given channel.
113 NaClIPCAdapter(scoped_ptr<IPC::Channel> channel, base::TaskRunner* runner);
115 // Connect the channel. This must be called after the constructor that accepts
116 // an IPC::ChannelHandle, and causes the Channel to be connected on the IO
117 // thread.
118 void ConnectChannel();
120 // Implementation of sendmsg. Returns the number of bytes written or -1 on
121 // failure.
122 int Send(const NaClImcTypedMsgHdr* msg);
124 // Implementation of recvmsg. Returns the number of bytes read or -1 on
125 // failure. This will block until there's an error or there is data to
126 // read.
127 int BlockingReceive(NaClImcTypedMsgHdr* msg);
129 // Closes the IPC channel.
130 void CloseChannel();
132 // Make a NaClDesc that refers to this NaClIPCAdapter. Note that the returned
133 // NaClDesc is reference-counted, and a reference is returned.
134 NaClDesc* MakeNaClDesc();
136 #if defined(OS_POSIX)
137 base::ScopedFD TakeClientFileDescriptor();
138 #endif
140 // Listener implementation.
141 bool OnMessageReceived(const IPC::Message& message) override;
142 void OnChannelConnected(int32 peer_pid) override;
143 void OnChannelError() override;
145 private:
146 friend class base::RefCountedThreadSafe<NaClIPCAdapter>;
148 class RewrittenMessage;
150 // This is the data that must only be accessed inside the lock. This struct
151 // just separates it so it's easier to see.
152 struct LockedData {
153 LockedData();
154 ~LockedData();
156 // Messages that we have read off of the Chrome IPC channel that are waiting
157 // to be received by the plugin.
158 std::queue< scoped_refptr<RewrittenMessage> > to_be_received_;
160 ppapi::proxy::NaClMessageScanner nacl_msg_scanner_;
162 // Data that we've queued from the plugin to send, but doesn't consist of a
163 // full message yet. The calling code can break apart the message into
164 // smaller pieces, and we need to send the message to the other process in
165 // one chunk.
167 // The IPC channel always starts a new send() at the beginning of each
168 // message, so we don't need to worry about arbitrary message boundaries.
169 std::string to_be_sent_;
171 bool channel_closed_;
174 // This is the data that must only be accessed on the I/O thread (as defined
175 // by TaskRunner). This struct just separates it so it's easier to see.
176 struct IOThreadData {
177 IOThreadData();
178 ~IOThreadData();
180 scoped_ptr<IPC::Channel> channel_;
182 // When we send a synchronous message (from untrusted to trusted), we store
183 // its type here, so that later we can associate the reply with its type
184 // for scanning.
185 typedef std::map<int, uint32> PendingSyncMsgMap;
186 PendingSyncMsgMap pending_sync_msgs_;
189 ~NaClIPCAdapter() override;
191 void SaveOpenResourceMessage(const IPC::Message& orig_msg,
192 IPC::PlatformFileForTransit ipc_fd,
193 base::FilePath file_path);
195 bool RewriteMessage(const IPC::Message& msg, uint32_t type);
197 // Returns 0 if nothing is waiting.
198 int LockedReceive(NaClImcTypedMsgHdr* msg);
200 // Sends a message that we know has been completed to the Chrome process.
201 bool SendCompleteMessage(const char* buffer, size_t buffer_len);
203 // Clears the LockedData.to_be_sent_ structure in a way to make sure that
204 // the memory is deleted. std::string can sometimes hold onto the buffer
205 // for future use which we don't want.
206 void ClearToBeSent();
208 void ConnectChannelOnIOThread();
209 void CloseChannelOnIOThread();
210 void SendMessageOnIOThread(scoped_ptr<IPC::Message> message);
212 // Saves the message to forward to NaCl. This method assumes that the caller
213 // holds the lock for locked_data_.
214 void SaveMessage(const IPC::Message& message,
215 RewrittenMessage* rewritten_message);
217 base::Lock lock_;
218 base::ConditionVariable cond_var_;
220 scoped_refptr<base::TaskRunner> task_runner_;
222 ResolveFileTokenCallback resolve_file_token_cb_;
223 OpenResourceCallback open_resource_cb_;
225 // To be accessed inside of lock_ only.
226 LockedData locked_data_;
228 // To be accessed on the I/O thread (via task runner) only.
229 IOThreadData io_thread_data_;
231 DISALLOW_COPY_AND_ASSIGN(NaClIPCAdapter);
234 // Export TranslatePepperFileReadWriteOpenFlags for testing.
235 int TranslatePepperFileReadWriteOpenFlagsForTesting(int32_t pp_open_flags);
237 #endif // COMPONENTS_NACL_LOADER_NACL_IPC_ADAPTER_H_