• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef PPAPI_PROXY_NACL_MESSAGE_SCANNER_H_
6 #define PPAPI_PROXY_NACL_MESSAGE_SCANNER_H_
7 
8 #include <map>
9 #include <vector>
10 
11 #include "base/basictypes.h"
12 #include "base/memory/scoped_ptr.h"
13 #include "base/synchronization/lock.h"
14 #include "ppapi/c/pp_resource.h"
15 #include "ppapi/proxy/ppapi_proxy_export.h"
16 
17 namespace IPC {
18 class Message;
19 }
20 
21 namespace ppapi {
22 namespace proxy {
23 
24 class SerializedHandle;
25 
26 class PPAPI_PROXY_EXPORT NaClMessageScanner {
27  public:
28   NaClMessageScanner();
29   ~NaClMessageScanner();
30 
31   // Scans the message for items that require special handling. Copies any
32   // SerializedHandles in the message into |handles| and if the message must be
33   // rewritten for NaCl, sets |new_msg_ptr| to the new message. If no handles
34   // are found, |handles| is left unchanged. If no rewriting is needed,
35   // |new_msg_ptr| is left unchanged.
36   //
37   // See more explanation in the method definition.
38   //
39   // See chrome/nacl/nacl_ipc_adapter.cc for where this is used to help convert
40   // native handles to NaClDescs.
41   bool ScanMessage(const IPC::Message& msg,
42                    std::vector<SerializedHandle>* handles,
43                    scoped_ptr<IPC::Message>* new_msg_ptr);
44 
45   // Scans an untrusted message for items that require special handling. If the
46   // message had to be rewritten, sets |new_msg_ptr| to the new message.
47   void ScanUntrustedMessage(const IPC::Message& untrusted_msg,
48                             scoped_ptr<IPC::Message>* new_msg_ptr);
49 
50   // FileSystem information for quota auditing.
51   class PPAPI_PROXY_EXPORT FileSystem {
52    public:
53     FileSystem();
54     ~FileSystem();
55 
reserved_quota()56     int64_t reserved_quota() const { return reserved_quota_; }
57 
58     // Adds amount to reserved quota. Returns true if reserved quota >= 0.
59     bool UpdateReservedQuota(int64_t delta);
60 
61    private:
62     base::Lock lock_;
63     // This is the remaining amount of quota reserved for the file system.
64     // Acquire the lock to modify this field, since it may be used on multiple
65     // threads.
66     int64_t reserved_quota_;
67 
68     DISALLOW_COPY_AND_ASSIGN(FileSystem);
69   };
70 
71   // FileIO information for quota auditing.
72   class PPAPI_PROXY_EXPORT FileIO {
73    public:
74     FileIO(FileSystem* file_system, int64_t max_written_offset);
75     ~FileIO();
76 
max_written_offset()77     int64_t max_written_offset() { return max_written_offset_; }
78 
79     void SetMaxWrittenOffset(int64_t max_written_offset);
80 
81     // Grows file by the given amount. Returns true on success.
82     bool Grow(int64_t amount);
83 
84    private:
85     base::Lock lock_;
86 
87     // The file system that contains this file.
88     FileSystem* file_system_;
89 
90     // The maximum written offset. This is initialized by NaClMessageScanner
91     // when the file is opened and modified by a NaClDescQuotaInterface when the
92     // plugin writes to greater maximum offsets.
93     int64_t max_written_offset_;
94 
95     DISALLOW_COPY_AND_ASSIGN(FileIO);
96   };
97 
98   FileIO* GetFile(PP_Resource file_io);
99 
100  private:
101   friend class NaClMessageScannerTest;
102 
103   void RegisterSyncMessageForReply(const IPC::Message& msg);
104   void AuditNestedMessage(PP_Resource resource,
105                           const IPC::Message& msg,
106                           SerializedHandle* handle);
107 
108   // When we send a synchronous message (from untrusted to trusted), we store
109   // its type here, so that later we can associate the reply with its type
110   // for scanning.
111   typedef std::map<int, uint32> PendingSyncMsgMap;
112   PendingSyncMsgMap pending_sync_msgs_;
113 
114   // We intercept FileSystem and FileIO messages to maintain information about
115   // file systems and open files. This is used by NaClQuotaDescs to calculate
116   // quota consumption and check it against the reserved amount.
117   typedef std::map<int32_t, FileSystem*> FileSystemMap;
118   FileSystemMap file_systems_;
119   typedef std::map<int32_t, FileIO*> FileIOMap;
120   FileIOMap files_;
121 
122   DISALLOW_COPY_AND_ASSIGN(NaClMessageScanner);
123 };
124 
125 }  // namespace proxy
126 }  // namespace ppapi
127 
128 #endif  // PPAPI_PROXY_NACL_MESSAGE_SCANNER_H_
129