ppapi/proxy/interface_list.h

// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef PPAPI_PROXY_INTERFACE_LIST_H_
#define PPAPI_PROXY_INTERFACE_LIST_H_

#include <map>
#include <memory>
#include <string>
#include <unordered_map>

#include "base/synchronization/lock.h"
#include "ppapi/proxy/interface_proxy.h"
#include "ppapi/proxy/ppapi_proxy_export.h"
#include "ppapi/shared_impl/ppapi_permissions.h"

namespace ppapi {
namespace proxy {

class PPAPI_PROXY_EXPORT InterfaceList {
 public:
  InterfaceList();

  InterfaceList(const InterfaceList&) = delete;
  InterfaceList& operator=(const InterfaceList&) = delete;

  ~InterfaceList();

  static InterfaceList* GetInstance();

  // Sets the permissions that the interface list will use to compute
  // whether an interface is available to the current process. By default,
  // this will be "no permissions", which will give only access to public
  // stable interfaces via GetInterface.
  //
  // IMPORTANT: This is not a security boundary. Malicious plugins can bypass
  // this check since they run in the same address space as this code in the
  // plugin process. A real security check is required for all IPC messages.
  // This check just allows us to return NULL for interfaces you "shouldn't" be
  // using to keep honest plugins honest.
  static void SetProcessGlobalPermissions(const PpapiPermissions& permissions);

  // Looks up the factory function for the given ID. Returns NULL if not
  // supported.
  InterfaceProxy::Factory GetFactoryForID(ApiID id) const;

  // Returns the interface pointer for the given browser or plugin interface,
  // or NULL if it's not supported.
  const void* GetInterfaceForPPB(const std::string& name);
  const void* GetInterfaceForPPP(const std::string& name) const;

 private:
  friend class InterfaceListTest;

  class InterfaceInfo {
   public:
    InterfaceInfo(const void* in_interface, Permission in_perm)
        : iface_(in_interface),
          required_permission_(in_perm),
          sent_to_uma_(false) {
    }

    InterfaceInfo(const InterfaceInfo&) = delete;
    InterfaceInfo& operator=(const InterfaceInfo&) = delete;

    const void* iface() { return iface_; }

    // Permission required to return non-null for this interface. This will
    // be checked with the value set via SetProcessGlobalPermissionBits when
    // an interface is requested.
    Permission required_permission() { return required_permission_; }

    // Call this any time the interface is requested. It will log a UMA count
    // only the first time. This is safe to call from any thread, regardless of
    // whether the proxy lock is held.
    void LogWithUmaOnce(const std::string& name);

   private:
    const void* const iface_;
    const Permission required_permission_;

    bool sent_to_uma_;
    base::Lock sent_to_uma_lock_;
  };
  // Give friendship for HashInterfaceName.
  friend class InterfaceInfo;

  using NameToInterfaceInfoMap =
      std::unordered_map<std::string, std::unique_ptr<InterfaceInfo>>;

  void AddProxy(ApiID id, InterfaceProxy::Factory factory);

  // Permissions is the type of permission required to access the corresponding
  // interface. Currently this must be just one unique permission (rather than
  // a bitfield).
  void AddPPB(const char* name, const void* iface, Permission permission);
  void AddPPP(const char* name, const void* iface);

  // Hash the interface name for UMA logging.
  static int HashInterfaceName(const std::string& name);

  PpapiPermissions permissions_;

  NameToInterfaceInfoMap name_to_browser_info_;
  NameToInterfaceInfoMap name_to_plugin_info_;

  InterfaceProxy::Factory id_to_factory_[API_ID_COUNT];
};

}  // namespace proxy
}  // namespace ppapi

#endif  // PPAPI_PROXY_INTERFACE_LIST_H_