1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef PPAPI_PROXY_NACL_MESSAGE_SCANNER_H_ 6 #define PPAPI_PROXY_NACL_MESSAGE_SCANNER_H_ 7 8 #include <stdint.h> 9 10 #include <map> 11 #include <memory> 12 #include <vector> 13 14 #include "base/macros.h" 15 #include "base/synchronization/lock.h" 16 #include "ppapi/c/pp_resource.h" 17 #include "ppapi/proxy/ppapi_proxy_export.h" 18 19 namespace IPC { 20 class Message; 21 } 22 23 namespace ppapi { 24 namespace proxy { 25 26 class SerializedHandle; 27 28 class PPAPI_PROXY_EXPORT NaClMessageScanner { 29 public: 30 NaClMessageScanner(); 31 ~NaClMessageScanner(); 32 33 // Scans the message for items that require special handling. Copies any 34 // SerializedHandles in the message into |handles| and if the message must be 35 // rewritten for NaCl, sets |new_msg_ptr| to the new message. If no handles 36 // are found, |handles| is left unchanged. If no rewriting is needed, 37 // |new_msg_ptr| is left unchanged. 38 // 39 // For normal messages, |type| is equivalent to |msg|.id(), but, if |msg| is 40 // a reply to a synchronous message, |type| is the id of the original 41 // message. 42 // 43 // See more explanation in the method definition. 44 // 45 // See chrome/nacl/nacl_ipc_adapter.cc for where this is used to help convert 46 // native handles to NaClDescs. 47 bool ScanMessage(const IPC::Message& msg, 48 uint32_t type, 49 std::vector<SerializedHandle>* handles, 50 std::unique_ptr<IPC::Message>* new_msg_ptr); 51 52 // Scans an untrusted message for items that require special handling. If the 53 // message had to be rewritten, sets |new_msg_ptr| to the new message. 54 void ScanUntrustedMessage(const IPC::Message& untrusted_msg, 55 std::unique_ptr<IPC::Message>* new_msg_ptr); 56 57 // FileSystem information for quota auditing. 58 class PPAPI_PROXY_EXPORT FileSystem { 59 public: 60 FileSystem(); 61 ~FileSystem(); 62 reserved_quota()63 int64_t reserved_quota() const { return reserved_quota_; } 64 65 // Adds amount to reserved quota. Returns true if reserved quota >= 0. 66 bool UpdateReservedQuota(int64_t delta); 67 68 private: 69 base::Lock lock_; 70 // This is the remaining amount of quota reserved for the file system. 71 // Acquire the lock to modify this field, since it may be used on multiple 72 // threads. 73 int64_t reserved_quota_; 74 75 DISALLOW_COPY_AND_ASSIGN(FileSystem); 76 }; 77 78 // FileIO information for quota auditing. 79 class PPAPI_PROXY_EXPORT FileIO { 80 public: 81 FileIO(FileSystem* file_system, int64_t max_written_offset); 82 ~FileIO(); 83 max_written_offset()84 int64_t max_written_offset() { return max_written_offset_; } 85 86 void SetMaxWrittenOffset(int64_t max_written_offset); 87 88 // Grows file by the given amount. Returns true on success. 89 bool Grow(int64_t amount); 90 91 private: 92 base::Lock lock_; 93 94 // The file system that contains this file. 95 FileSystem* file_system_; 96 97 // The maximum written offset. This is initialized by NaClMessageScanner 98 // when the file is opened and modified by a NaClDescQuotaInterface when the 99 // plugin writes to greater maximum offsets. 100 int64_t max_written_offset_; 101 102 DISALLOW_COPY_AND_ASSIGN(FileIO); 103 }; 104 105 FileIO* GetFile(PP_Resource file_io); 106 107 private: 108 friend class NaClMessageScannerTest; 109 void AuditNestedMessage(PP_Resource resource, 110 const IPC::Message& msg, 111 SerializedHandle* handle); 112 113 // We intercept FileSystem and FileIO messages to maintain information about 114 // file systems and open files. This is used by NaClQuotaDescs to calculate 115 // quota consumption and check it against the reserved amount. 116 typedef std::map<int32_t, FileSystem*> FileSystemMap; 117 FileSystemMap file_systems_; 118 typedef std::map<int32_t, FileIO*> FileIOMap; 119 FileIOMap files_; 120 121 DISALLOW_COPY_AND_ASSIGN(NaClMessageScanner); 122 }; 123 124 } // namespace proxy 125 } // namespace ppapi 126 127 #endif // PPAPI_PROXY_NACL_MESSAGE_SCANNER_H_ 128