1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef PPAPI_PROXY_NACL_MESSAGE_SCANNER_H_ 6#define PPAPI_PROXY_NACL_MESSAGE_SCANNER_H_ 7 8#include <map> 9#include <vector> 10 11#include "base/basictypes.h" 12#include "base/memory/scoped_ptr.h" 13#include "base/synchronization/lock.h" 14#include "ppapi/c/pp_resource.h" 15#include "ppapi/proxy/ppapi_proxy_export.h" 16 17namespace IPC { 18class Message; 19} 20 21namespace ppapi { 22namespace proxy { 23 24class SerializedHandle; 25 26class PPAPI_PROXY_EXPORT NaClMessageScanner { 27 public: 28 NaClMessageScanner(); 29 ~NaClMessageScanner(); 30 31 // Scans the message for items that require special handling. Copies any 32 // SerializedHandles in the message into |handles| and if the message must be 33 // rewritten for NaCl, sets |new_msg_ptr| to the new message. If no handles 34 // are found, |handles| is left unchanged. If no rewriting is needed, 35 // |new_msg_ptr| is left unchanged. 36 // 37 // See more explanation in the method definition. 38 // 39 // See chrome/nacl/nacl_ipc_adapter.cc for where this is used to help convert 40 // native handles to NaClDescs. 41 bool ScanMessage(const IPC::Message& msg, 42 std::vector<SerializedHandle>* handles, 43 scoped_ptr<IPC::Message>* new_msg_ptr); 44 45 // Scans an untrusted message for items that require special handling. If the 46 // message had to be rewritten, sets |new_msg_ptr| to the new message. 47 void ScanUntrustedMessage(const IPC::Message& untrusted_msg, 48 scoped_ptr<IPC::Message>* new_msg_ptr); 49 50 // FileSystem information for quota auditing. 51 class PPAPI_PROXY_EXPORT FileSystem { 52 public: 53 FileSystem(); 54 ~FileSystem(); 55 56 int64_t reserved_quota() const { return reserved_quota_; } 57 58 // Adds amount to reserved quota. Returns true if reserved quota >= 0. 59 bool UpdateReservedQuota(int64_t delta); 60 61 private: 62 base::Lock lock_; 63 // This is the remaining amount of quota reserved for the file system. 64 // Acquire the lock to modify this field, since it may be used on multiple 65 // threads. 66 int64_t reserved_quota_; 67 68 DISALLOW_COPY_AND_ASSIGN(FileSystem); 69 }; 70 71 // FileIO information for quota auditing. 72 class PPAPI_PROXY_EXPORT FileIO { 73 public: 74 FileIO(FileSystem* file_system, int64_t max_written_offset); 75 ~FileIO(); 76 77 int64_t max_written_offset() { return max_written_offset_; } 78 79 void SetMaxWrittenOffset(int64_t max_written_offset); 80 81 // Grows file by the given amount. Returns true on success. 82 bool Grow(int64_t amount); 83 84 private: 85 base::Lock lock_; 86 87 // The file system that contains this file. 88 FileSystem* file_system_; 89 90 // The maximum written offset. This is initialized by NaClMessageScanner 91 // when the file is opened and modified by a NaClDescQuotaInterface when the 92 // plugin writes to greater maximum offsets. 93 int64_t max_written_offset_; 94 95 DISALLOW_COPY_AND_ASSIGN(FileIO); 96 }; 97 98 FileIO* GetFile(PP_Resource file_io); 99 100 private: 101 friend class NaClMessageScannerTest; 102 103 void RegisterSyncMessageForReply(const IPC::Message& msg); 104 void AuditNestedMessage(PP_Resource resource, 105 const IPC::Message& msg, 106 SerializedHandle* handle); 107 108 // When we send a synchronous message (from untrusted to trusted), we store 109 // its type here, so that later we can associate the reply with its type 110 // for scanning. 111 typedef std::map<int, uint32> PendingSyncMsgMap; 112 PendingSyncMsgMap pending_sync_msgs_; 113 114 // We intercept FileSystem and FileIO messages to maintain information about 115 // file systems and open files. This is used by NaClQuotaDescs to calculate 116 // quota consumption and check it against the reserved amount. 117 typedef std::map<int32_t, FileSystem*> FileSystemMap; 118 FileSystemMap file_systems_; 119 typedef std::map<int32_t, FileIO*> FileIOMap; 120 FileIOMap files_; 121 122 DISALLOW_COPY_AND_ASSIGN(NaClMessageScanner); 123}; 124 125} // namespace proxy 126} // namespace ppapi 127 128#endif // PPAPI_PROXY_NACL_MESSAGE_SCANNER_H_ 129