1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef PPAPI_PROXY_NACL_MESSAGE_SCANNER_H_ 6 #define PPAPI_PROXY_NACL_MESSAGE_SCANNER_H_ 7 8 #include <map> 9 #include <vector> 10 11 #include "base/basictypes.h" 12 #include "base/memory/scoped_ptr.h" 13 #include "base/synchronization/lock.h" 14 #include "ppapi/c/pp_resource.h" 15 #include "ppapi/proxy/ppapi_proxy_export.h" 16 17 namespace IPC { 18 class Message; 19 } 20 21 namespace ppapi { 22 namespace proxy { 23 24 class SerializedHandle; 25 26 class PPAPI_PROXY_EXPORT NaClMessageScanner { 27 public: 28 NaClMessageScanner(); 29 ~NaClMessageScanner(); 30 31 // Scans the message for items that require special handling. Copies any 32 // SerializedHandles in the message into |handles| and if the message must be 33 // rewritten for NaCl, sets |new_msg_ptr| to the new message. If no handles 34 // are found, |handles| is left unchanged. If no rewriting is needed, 35 // |new_msg_ptr| is left unchanged. 36 // 37 // For normal messages, |type| is equivalent to |msg|.id(), but, if |msg| is 38 // a reply to a synchronous message, |type| is the id of the original 39 // message. 40 // 41 // See more explanation in the method definition. 42 // 43 // See chrome/nacl/nacl_ipc_adapter.cc for where this is used to help convert 44 // native handles to NaClDescs. 45 bool ScanMessage(const IPC::Message& msg, 46 uint32_t type, 47 std::vector<SerializedHandle>* handles, 48 scoped_ptr<IPC::Message>* new_msg_ptr); 49 50 // Scans an untrusted message for items that require special handling. If the 51 // message had to be rewritten, sets |new_msg_ptr| to the new message. 52 void ScanUntrustedMessage(const IPC::Message& untrusted_msg, 53 scoped_ptr<IPC::Message>* new_msg_ptr); 54 55 // FileSystem information for quota auditing. 56 class PPAPI_PROXY_EXPORT FileSystem { 57 public: 58 FileSystem(); 59 ~FileSystem(); 60 61 int64_t reserved_quota() const { return reserved_quota_; } 62 63 // Adds amount to reserved quota. Returns true if reserved quota >= 0. 64 bool UpdateReservedQuota(int64_t delta); 65 66 private: 67 base::Lock lock_; 68 // This is the remaining amount of quota reserved for the file system. 69 // Acquire the lock to modify this field, since it may be used on multiple 70 // threads. 71 int64_t reserved_quota_; 72 73 DISALLOW_COPY_AND_ASSIGN(FileSystem); 74 }; 75 76 // FileIO information for quota auditing. 77 class PPAPI_PROXY_EXPORT FileIO { 78 public: 79 FileIO(FileSystem* file_system, int64_t max_written_offset); 80 ~FileIO(); 81 82 int64_t max_written_offset() { return max_written_offset_; } 83 84 void SetMaxWrittenOffset(int64_t max_written_offset); 85 86 // Grows file by the given amount. Returns true on success. 87 bool Grow(int64_t amount); 88 89 private: 90 base::Lock lock_; 91 92 // The file system that contains this file. 93 FileSystem* file_system_; 94 95 // The maximum written offset. This is initialized by NaClMessageScanner 96 // when the file is opened and modified by a NaClDescQuotaInterface when the 97 // plugin writes to greater maximum offsets. 98 int64_t max_written_offset_; 99 100 DISALLOW_COPY_AND_ASSIGN(FileIO); 101 }; 102 103 FileIO* GetFile(PP_Resource file_io); 104 105 private: 106 friend class NaClMessageScannerTest; 107 void AuditNestedMessage(PP_Resource resource, 108 const IPC::Message& msg, 109 SerializedHandle* handle); 110 111 // We intercept FileSystem and FileIO messages to maintain information about 112 // file systems and open files. This is used by NaClQuotaDescs to calculate 113 // quota consumption and check it against the reserved amount. 114 typedef std::map<int32_t, FileSystem*> FileSystemMap; 115 FileSystemMap file_systems_; 116 typedef std::map<int32_t, FileIO*> FileIOMap; 117 FileIOMap files_; 118 119 DISALLOW_COPY_AND_ASSIGN(NaClMessageScanner); 120 }; 121 122 } // namespace proxy 123 } // namespace ppapi 124 125 #endif // PPAPI_PROXY_NACL_MESSAGE_SCANNER_H_ 126
