Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / ppapi / proxy / proxy_channel.h
blobfbd31ad8556332dee1e6ea01af7918cc9dd8cf0b
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef PPAPI_PROXY_PROXY_CHANNEL_H_
6 #define PPAPI_PROXY_PROXY_CHANNEL_H_
8 #include "base/files/scoped_file.h"
9 #include "base/memory/scoped_ptr.h"
10 #include "base/memory/shared_memory.h"
11 #include "base/process/process.h"
12 #include "ipc/ipc_listener.h"
13 #include "ipc/ipc_platform_file.h"
14 #include "ipc/ipc_sender.h"
15 #include "ipc/ipc_sync_channel.h"
16 #include "ppapi/proxy/ppapi_proxy_export.h"
18 namespace base {
19 class SingleThreadTaskRunner;
20 class WaitableEvent;
23 namespace IPC {
24 class TestSink;
27 namespace ppapi {
28 namespace proxy {
30 class PPAPI_PROXY_EXPORT ProxyChannel
31 : public IPC::Listener,
32 public IPC::Sender {
33 public:
34 class PPAPI_PROXY_EXPORT Delegate {
35 public:
36 virtual ~Delegate() {}
38 // Returns the task runner for processing IPC requests.
39 virtual base::SingleThreadTaskRunner* GetIPCTaskRunner() = 0;
41 // Returns the event object that becomes signalled when the main thread's
42 // message loop exits.
43 virtual base::WaitableEvent* GetShutdownEvent() = 0;
45 // Duplicates a handle to the provided object, returning one that is valid
46 // on the other side of the channel. This is part of the delegate interface
47 // because both sides of the channel may not have sufficient permission to
48 // duplicate handles directly. The implementation must provide the same
49 // guarantees as ProxyChannel::ShareHandleWithRemote below.
50 virtual IPC::PlatformFileForTransit ShareHandleWithRemote(
51 base::PlatformFile handle,
52 base::ProcessId remote_pid,
53 bool should_close_source) = 0;
55 // Duplicates a shared memory handle, returning one that is valid on the
56 // other side of the channel. This is part of the delegate interface
57 // because both sides of the channel may not have sufficient permission to
58 // duplicate handles directly. The implementation must provide the same
59 // guarantees as ProxyChannel::ShareSharedMemoryHandleWithRemote below.
60 virtual base::SharedMemoryHandle ShareSharedMemoryHandleWithRemote(
61 const base::SharedMemoryHandle& handle,
62 base::ProcessId remote_pid) = 0;
65 ~ProxyChannel() override;
67 // Alternative to InitWithChannel() for unit tests that want to send all
68 // messages sent via this channel to the given test sink. The test sink
69 // must outlive this class. In this case, the peer PID will be the current
70 // process ID.
71 void InitWithTestSink(IPC::TestSink* test_sink);
73 // Shares a file handle (HANDLE / file descriptor) with the remote side. It
74 // returns a handle that should be sent in exactly one IPC message. Upon
75 // receipt, the remote side then owns that handle. Note: if sending the
76 // message fails, the returned handle is properly closed by the IPC system. If
77 // should_close_source is set to true, the original handle is closed by this
78 // operation and should not be used again.
79 IPC::PlatformFileForTransit ShareHandleWithRemote(
80 base::PlatformFile handle,
81 bool should_close_source);
83 // Shares a shared memory handle with the remote side. It returns a handle
84 // that should be sent in exactly one IPC message. Upon receipt, the remote
85 // side then owns that handle. Note: if sending the message fails, the
86 // returned handle is properly closed by the IPC system. The original handle
87 // is not closed by this operation.
88 base::SharedMemoryHandle ShareSharedMemoryHandleWithRemote(
89 const base::SharedMemoryHandle& handle);
91 // IPC::Sender implementation.
92 bool Send(IPC::Message* msg) override;
94 // IPC::Listener implementation.
95 void OnChannelError() override;
97 // Will be NULL in some unit tests and if the remote side has crashed.
98 IPC::SyncChannel* channel() const {
99 return channel_.get();
102 #if defined(OS_POSIX) && !defined(OS_NACL)
103 base::ScopedFD TakeRendererFD();
104 #endif
106 protected:
107 explicit ProxyChannel();
109 // You must call this function before anything else. Returns true on success.
110 // The delegate pointer must outlive this class, ownership is not
111 // transferred.
112 virtual bool InitWithChannel(Delegate* delegate,
113 base::ProcessId peer_pid,
114 const IPC::ChannelHandle& channel_handle,
115 bool is_client);
117 ProxyChannel::Delegate* delegate() const {
118 return delegate_;
121 private:
122 // Non-owning pointer. Guaranteed non-NULL after init is called.
123 ProxyChannel::Delegate* delegate_;
125 // PID of the remote process. Use this instead of the Channel::peer_pid since
126 // this is set synchronously on construction rather than waiting on the
127 // "hello" message from the peer (which introduces a race condition).
128 base::ProcessId peer_pid_;
130 // When we're unit testing, this will indicate the sink for the messages to
131 // be deposited so they can be inspected by the test. When non-NULL, this
132 // indicates that the channel should not be used.
133 IPC::TestSink* test_sink_;
135 // Will be null for some tests when there is a test_sink_, and if the
136 // remote side has crashed.
137 scoped_ptr<IPC::SyncChannel> channel_;
139 DISALLOW_COPY_AND_ASSIGN(ProxyChannel);
142 } // namespace proxy
143 } // namespace ppapi
145 #endif // PPAPI_PROXY_PROXY_CHANNEL_H_