1// Copyright (c) 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "content/browser/media/midi_host.h"
6
7#include "base/bind.h"
8#include "base/bind_helpers.h"
9#include "base/debug/trace_event.h"
10#include "base/process/process.h"
11#include "content/browser/browser_main_loop.h"
12#include "content/browser/child_process_security_policy_impl.h"
13#include "content/browser/media/media_internals.h"
14#include "content/common/media/midi_messages.h"
15#include "content/public/browser/content_browser_client.h"
16#include "content/public/browser/media_observer.h"
17#include "content/public/browser/user_metrics.h"
18#include "media/midi/midi_manager.h"
19#include "media/midi/midi_message_queue.h"
20#include "media/midi/midi_message_util.h"
21
22using media::MidiManager;
23using media::MidiPortInfoList;
24
25namespace content {
26namespace {
27
28// The total number of bytes which we're allowed to send to the OS
29// before knowing that they have been successfully sent.
30const size_t kMaxInFlightBytes = 10 * 1024 * 1024;  // 10 MB.
31
32// We keep track of the number of bytes successfully sent to
33// the hardware.  Every once in a while we report back to the renderer
34// the number of bytes sent since the last report. This threshold determines
35// how many bytes will be sent before reporting back to the renderer.
36const size_t kAcknowledgementThresholdBytes = 1024 * 1024;  // 1 MB.
37
38bool IsDataByte(uint8 data) {
39  return (data & 0x80) == 0;
40}
41
42bool IsSystemRealTimeMessage(uint8 data) {
43  return 0xf8 <= data && data <= 0xff;
44}
45
46}  // namespace
47
48using media::kSysExByte;
49using media::kEndOfSysExByte;
50
51MidiHost::MidiHost(int renderer_process_id, media::MidiManager* midi_manager)
52    : BrowserMessageFilter(MidiMsgStart),
53      renderer_process_id_(renderer_process_id),
54      has_sys_ex_permission_(false),
55      midi_manager_(midi_manager),
56      sent_bytes_in_flight_(0),
57      bytes_sent_since_last_acknowledgement_(0) {
58}
59
60MidiHost::~MidiHost() {
61  if (midi_manager_)
62    midi_manager_->EndSession(this);
63}
64
65void MidiHost::OnDestruct() const {
66  BrowserThread::DeleteOnIOThread::Destruct(this);
67}
68
69// IPC Messages handler
70bool MidiHost::OnMessageReceived(const IPC::Message& message) {
71  bool handled = true;
72  IPC_BEGIN_MESSAGE_MAP(MidiHost, message)
73    IPC_MESSAGE_HANDLER(MidiHostMsg_StartSession, OnStartSession)
74    IPC_MESSAGE_HANDLER(MidiHostMsg_SendData, OnSendData)
75    IPC_MESSAGE_UNHANDLED(handled = false)
76  IPC_END_MESSAGE_MAP()
77
78  return handled;
79}
80
81void MidiHost::OnStartSession(int client_id) {
82  if (midi_manager_)
83    midi_manager_->StartSession(this, client_id);
84}
85
86void MidiHost::OnSendData(uint32 port,
87                          const std::vector<uint8>& data,
88                          double timestamp) {
89  if (!midi_manager_)
90    return;
91
92  if (data.empty())
93    return;
94
95  // Blink running in a renderer checks permission to raise a SecurityError
96  // in JavaScript. The actual permission check for security purposes
97  // happens here in the browser process.
98  if (!has_sys_ex_permission_ &&
99      std::find(data.begin(), data.end(), kSysExByte) != data.end()) {
100    RecordAction(base::UserMetricsAction("BadMessageTerminate_MIDI"));
101    BadMessageReceived();
102    return;
103  }
104
105  if (!IsValidWebMIDIData(data))
106    return;
107
108  {
109    base::AutoLock auto_lock(in_flight_lock_);
110    // Sanity check that we won't send too much data.
111    // TODO(yukawa): Consider to send an error event back to the renderer
112    // after some future discussion in W3C.
113    if (data.size() + sent_bytes_in_flight_ > kMaxInFlightBytes)
114      return;
115    sent_bytes_in_flight_ += data.size();
116  }
117  midi_manager_->DispatchSendMidiData(this, port, data, timestamp);
118}
119
120void MidiHost::CompleteStartSession(int client_id, media::MidiResult result) {
121  MidiPortInfoList input_ports;
122  MidiPortInfoList output_ports;
123
124  if (result == media::MIDI_OK) {
125    input_ports = midi_manager_->input_ports();
126    output_ports = midi_manager_->output_ports();
127    received_messages_queues_.clear();
128    received_messages_queues_.resize(input_ports.size());
129    // ChildSecurityPolicy is set just before OnStartSession by
130    // MidiDispatcherHost. So we can safely cache the policy.
131    has_sys_ex_permission_ = ChildProcessSecurityPolicyImpl::GetInstance()->
132        CanSendMidiSysExMessage(renderer_process_id_);
133  }
134
135  Send(new MidiMsg_SessionStarted(client_id,
136                                  result,
137                                  input_ports,
138                                  output_ports));
139}
140
141void MidiHost::ReceiveMidiData(
142    uint32 port,
143    const uint8* data,
144    size_t length,
145    double timestamp) {
146  TRACE_EVENT0("midi", "MidiHost::ReceiveMidiData");
147
148  if (received_messages_queues_.size() <= port)
149    return;
150
151  // Lazy initialization
152  if (received_messages_queues_[port] == NULL)
153    received_messages_queues_[port] = new media::MidiMessageQueue(true);
154
155  received_messages_queues_[port]->Add(data, length);
156  std::vector<uint8> message;
157  while (true) {
158    received_messages_queues_[port]->Get(&message);
159    if (message.empty())
160      break;
161
162    // MIDI devices may send a system exclusive messages even if the renderer
163    // doesn't have a permission to receive it. Don't kill the renderer as
164    // OnSendData() does.
165    if (message[0] == kSysExByte && !has_sys_ex_permission_)
166      continue;
167
168    // Send to the renderer.
169    Send(new MidiMsg_DataReceived(port, message, timestamp));
170  }
171}
172
173void MidiHost::AccumulateMidiBytesSent(size_t n) {
174  {
175    base::AutoLock auto_lock(in_flight_lock_);
176    if (n <= sent_bytes_in_flight_)
177      sent_bytes_in_flight_ -= n;
178  }
179
180  if (bytes_sent_since_last_acknowledgement_ + n >=
181      bytes_sent_since_last_acknowledgement_)
182    bytes_sent_since_last_acknowledgement_ += n;
183
184  if (bytes_sent_since_last_acknowledgement_ >=
185      kAcknowledgementThresholdBytes) {
186    Send(new MidiMsg_AcknowledgeSentData(
187        bytes_sent_since_last_acknowledgement_));
188    bytes_sent_since_last_acknowledgement_ = 0;
189  }
190}
191
192// static
193bool MidiHost::IsValidWebMIDIData(const std::vector<uint8>& data) {
194  bool in_sysex = false;
195  size_t waiting_data_length = 0;
196  for (size_t i = 0; i < data.size(); ++i) {
197    const uint8 current = data[i];
198    if (IsSystemRealTimeMessage(current))
199      continue;  // Real time message can be placed at any point.
200    if (waiting_data_length > 0) {
201      if (!IsDataByte(current))
202        return false;  // Error: |current| should have been data byte.
203      --waiting_data_length;
204      continue;  // Found data byte as expected.
205    }
206    if (in_sysex) {
207      if (data[i] == kEndOfSysExByte)
208        in_sysex = false;
209      else if (!IsDataByte(current))
210        return false;  // Error: |current| should have been data byte.
211      continue;  // Found data byte as expected.
212    }
213    if (current == kSysExByte) {
214      in_sysex = true;
215      continue;  // Found SysEX
216    }
217    waiting_data_length = media::GetMidiMessageLength(current);
218    if (waiting_data_length == 0)
219      return false;  // Error: |current| should have been a valid status byte.
220    --waiting_data_length;  // Found status byte
221  }
222  return waiting_data_length == 0 && !in_sysex;
223}
224
225}  // namespace content
226