File: nacl_message_scanner.h

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (132 lines) | stat: -rw-r--r-- 4,150 bytes parent folder | download | duplicates (11) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
 
// Copyright 2013 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef PPAPI_PROXY_NACL_MESSAGE_SCANNER_H_
#define PPAPI_PROXY_NACL_MESSAGE_SCANNER_H_

#include <stdint.h>

#include <map>
#include <memory>
#include <vector>

#include "base/synchronization/lock.h"
#include "ppapi/c/pp_resource.h"
#include "ppapi/proxy/ppapi_proxy_export.h"

namespace IPC {
class Message;
}

namespace ppapi {
namespace proxy {

class SerializedHandle;

class PPAPI_PROXY_EXPORT NaClMessageScanner {
 public:
  NaClMessageScanner();

  NaClMessageScanner(const NaClMessageScanner&) = delete;
  NaClMessageScanner& operator=(const NaClMessageScanner&) = delete;

  ~NaClMessageScanner();

  // Scans the message for items that require special handling. Copies any
  // SerializedHandles in the message into |handles| and if the message must be
  // rewritten for NaCl, sets |new_msg_ptr| to the new message. If no handles
  // are found, |handles| is left unchanged. If no rewriting is needed,
  // |new_msg_ptr| is left unchanged.
  //
  // For normal messages, |type| is equivalent to |msg|.id(), but, if |msg| is
  // a reply to a synchronous message, |type| is the id of the original
  // message.
  //
  // See more explanation in the method definition.
  //
  // See chrome/nacl/nacl_ipc_adapter.cc for where this is used to help convert
  // native handles to NaClDescs.
  bool ScanMessage(const IPC::Message& msg,
                   uint32_t type,
                   std::vector<SerializedHandle>* handles,
                   std::unique_ptr<IPC::Message>* new_msg_ptr);

  // Scans an untrusted message for items that require special handling. If the
  // message had to be rewritten, sets |new_msg_ptr| to the new message.
  void ScanUntrustedMessage(const IPC::Message& untrusted_msg,
                            std::unique_ptr<IPC::Message>* new_msg_ptr);

  // FileSystem information for quota auditing.
  class PPAPI_PROXY_EXPORT FileSystem {
   public:
    FileSystem();

    FileSystem(const FileSystem&) = delete;
    FileSystem& operator=(const FileSystem&) = delete;

    ~FileSystem();

    int64_t reserved_quota() const { return reserved_quota_; }

    // Adds amount to reserved quota. Returns true if reserved quota >= 0.
    bool UpdateReservedQuota(int64_t delta);

   private:
    base::Lock lock_;
    // This is the remaining amount of quota reserved for the file system.
    // Acquire the lock to modify this field, since it may be used on multiple
    // threads.
    int64_t reserved_quota_;
  };

  // FileIO information for quota auditing.
  class PPAPI_PROXY_EXPORT FileIO {
   public:
    FileIO(FileSystem* file_system, int64_t max_written_offset);

    FileIO(const FileIO&) = delete;
    FileIO& operator=(const FileIO&) = delete;

    ~FileIO();

    int64_t max_written_offset() { return max_written_offset_; }

    void SetMaxWrittenOffset(int64_t max_written_offset);

    // Grows file by the given amount. Returns true on success.
    bool Grow(int64_t amount);

   private:
    base::Lock lock_;

    // The file system that contains this file.
    FileSystem* file_system_;

    // The maximum written offset. This is initialized by NaClMessageScanner
    // when the file is opened and modified by a NaClDescQuotaInterface when the
    // plugin writes to greater maximum offsets.
    int64_t max_written_offset_;
  };

  FileIO* GetFile(PP_Resource file_io);

 private:
  friend class NaClMessageScannerTest;
  void AuditNestedMessage(PP_Resource resource,
                          const IPC::Message& msg,
                          SerializedHandle* handle);

  // We intercept FileSystem and FileIO messages to maintain information about
  // file systems and open files. This is used by NaClQuotaDescs to calculate
  // quota consumption and check it against the reserved amount.
  typedef std::map<int32_t, FileSystem*> FileSystemMap;
  FileSystemMap file_systems_;
  typedef std::map<int32_t, FileIO*> FileIOMap;
  FileIOMap files_;
};

}  // namespace proxy
}  // namespace ppapi

#endif  // PPAPI_PROXY_NACL_MESSAGE_SCANNER_H_