[email protected] | 6761d63 | 2012-04-18 17:54:49 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
[email protected] | 5c96602 | 2011-09-13 18:09:37 | [diff] [blame] | 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #ifndef PPAPI_PROXY_INTERFACE_LIST_H_ |
| 6 | #define PPAPI_PROXY_INTERFACE_LIST_H_ |
| 7 | |
| 8 | #include <map> |
dcheng | ced9224 | 2016-04-07 00:00:12 | [diff] [blame] | 9 | #include <memory> |
[email protected] | 5c96602 | 2011-09-13 18:09:37 | [diff] [blame] | 10 | #include <string> |
avi | 6e1b4e7 | 2016-12-29 22:02:57 | [diff] [blame] | 11 | #include <unordered_map> |
[email protected] | 5c96602 | 2011-09-13 18:09:37 | [diff] [blame] | 12 | |
dmichael | fee3a51 | 2014-09-18 21:32:13 | [diff] [blame] | 13 | #include "base/synchronization/lock.h" |
[email protected] | 5c96602 | 2011-09-13 18:09:37 | [diff] [blame] | 14 | #include "ppapi/proxy/interface_proxy.h" |
[email protected] | 195d4cde | 2012-10-02 18:12:41 | [diff] [blame] | 15 | #include "ppapi/proxy/ppapi_proxy_export.h" |
| 16 | #include "ppapi/shared_impl/ppapi_permissions.h" |
[email protected] | 5c96602 | 2011-09-13 18:09:37 | [diff] [blame] | 17 | |
| 18 | namespace ppapi { |
| 19 | namespace proxy { |
| 20 | |
[email protected] | 84350ef | 2013-12-19 17:10:50 | [diff] [blame] | 21 | class PPAPI_PROXY_EXPORT InterfaceList { |
[email protected] | 5c96602 | 2011-09-13 18:09:37 | [diff] [blame] | 22 | public: |
| 23 | InterfaceList(); |
Peter Boström | 3d5b3cb | 2021-09-23 21:35:45 | [diff] [blame] | 24 | |
| 25 | InterfaceList(const InterfaceList&) = delete; |
| 26 | InterfaceList& operator=(const InterfaceList&) = delete; |
| 27 | |
[email protected] | 5c96602 | 2011-09-13 18:09:37 | [diff] [blame] | 28 | ~InterfaceList(); |
| 29 | |
| 30 | static InterfaceList* GetInstance(); |
| 31 | |
[email protected] | 195d4cde | 2012-10-02 18:12:41 | [diff] [blame] | 32 | // Sets the permissions that the interface list will use to compute |
| 33 | // whether an interface is available to the current process. By default, |
| 34 | // this will be "no permissions", which will give only access to public |
| 35 | // stable interfaces via GetInterface. |
| 36 | // |
| 37 | // IMPORTANT: This is not a security boundary. Malicious plugins can bypass |
| 38 | // this check since they run in the same address space as this code in the |
| 39 | // plugin process. A real security check is required for all IPC messages. |
| 40 | // This check just allows us to return NULL for interfaces you "shouldn't" be |
| 41 | // using to keep honest plugins honest. |
[email protected] | 84350ef | 2013-12-19 17:10:50 | [diff] [blame] | 42 | static void SetProcessGlobalPermissions(const PpapiPermissions& permissions); |
[email protected] | 195d4cde | 2012-10-02 18:12:41 | [diff] [blame] | 43 | |
[email protected] | 5c96602 | 2011-09-13 18:09:37 | [diff] [blame] | 44 | // Looks up the factory function for the given ID. Returns NULL if not |
| 45 | // supported. |
[email protected] | ac4b54d | 2011-10-20 23:09:28 | [diff] [blame] | 46 | InterfaceProxy::Factory GetFactoryForID(ApiID id) const; |
[email protected] | 5c96602 | 2011-09-13 18:09:37 | [diff] [blame] | 47 | |
| 48 | // Returns the interface pointer for the given browser or plugin interface, |
| 49 | // or NULL if it's not supported. |
[email protected] | ea44183 | 2014-02-05 15:34:21 | [diff] [blame] | 50 | const void* GetInterfaceForPPB(const std::string& name); |
[email protected] | 5c96602 | 2011-09-13 18:09:37 | [diff] [blame] | 51 | const void* GetInterfaceForPPP(const std::string& name) const; |
| 52 | |
| 53 | private: |
[email protected] | 84350ef | 2013-12-19 17:10:50 | [diff] [blame] | 54 | friend class InterfaceListTest; |
| 55 | |
dmichael | fee3a51 | 2014-09-18 21:32:13 | [diff] [blame] | 56 | class InterfaceInfo { |
| 57 | public: |
[email protected] | 058cebc | 2013-12-17 17:49:39 | [diff] [blame] | 58 | InterfaceInfo(const void* in_interface, Permission in_perm) |
dmichael | fee3a51 | 2014-09-18 21:32:13 | [diff] [blame] | 59 | : iface_(in_interface), |
| 60 | required_permission_(in_perm), |
| 61 | sent_to_uma_(false) { |
[email protected] | 5c96602 | 2011-09-13 18:09:37 | [diff] [blame] | 62 | } |
| 63 | |
Peter Boström | 896f137 | 2021-11-05 01:12:30 | [diff] [blame] | 64 | InterfaceInfo(const InterfaceInfo&) = delete; |
| 65 | InterfaceInfo& operator=(const InterfaceInfo&) = delete; |
| 66 | |
dmichael | fee3a51 | 2014-09-18 21:32:13 | [diff] [blame] | 67 | const void* iface() { return iface_; } |
[email protected] | 195d4cde | 2012-10-02 18:12:41 | [diff] [blame] | 68 | |
| 69 | // Permission required to return non-null for this interface. This will |
| 70 | // be checked with the value set via SetProcessGlobalPermissionBits when |
| 71 | // an interface is requested. |
Nico Weber | 199cd02 | 2019-02-07 19:07:54 | [diff] [blame] | 72 | Permission required_permission() { return required_permission_; } |
[email protected] | ea44183 | 2014-02-05 15:34:21 | [diff] [blame] | 73 | |
dmichael | fee3a51 | 2014-09-18 21:32:13 | [diff] [blame] | 74 | // Call this any time the interface is requested. It will log a UMA count |
| 75 | // only the first time. This is safe to call from any thread, regardless of |
| 76 | // whether the proxy lock is held. |
John Abd-El-Malek | ea75308 | 2021-04-07 22:38:13 | [diff] [blame] | 77 | void LogWithUmaOnce(const std::string& name); |
| 78 | |
dmichael | fee3a51 | 2014-09-18 21:32:13 | [diff] [blame] | 79 | private: |
dmichael | fee3a51 | 2014-09-18 21:32:13 | [diff] [blame] | 80 | const void* const iface_; |
| 81 | const Permission required_permission_; |
| 82 | |
| 83 | bool sent_to_uma_; |
| 84 | base::Lock sent_to_uma_lock_; |
[email protected] | 5c96602 | 2011-09-13 18:09:37 | [diff] [blame] | 85 | }; |
dmichael | fee3a51 | 2014-09-18 21:32:13 | [diff] [blame] | 86 | // Give friendship for HashInterfaceName. |
| 87 | friend class InterfaceInfo; |
[email protected] | 5c96602 | 2011-09-13 18:09:37 | [diff] [blame] | 88 | |
avi | 6e1b4e7 | 2016-12-29 22:02:57 | [diff] [blame] | 89 | using NameToInterfaceInfoMap = |
| 90 | std::unordered_map<std::string, std::unique_ptr<InterfaceInfo>>; |
[email protected] | 5c96602 | 2011-09-13 18:09:37 | [diff] [blame] | 91 | |
[email protected] | ac4b54d | 2011-10-20 23:09:28 | [diff] [blame] | 92 | void AddProxy(ApiID id, InterfaceProxy::Factory factory); |
[email protected] | 5c96602 | 2011-09-13 18:09:37 | [diff] [blame] | 93 | |
[email protected] | 195d4cde | 2012-10-02 18:12:41 | [diff] [blame] | 94 | // Permissions is the type of permission required to access the corresponding |
| 95 | // interface. Currently this must be just one unique permission (rather than |
| 96 | // a bitfield). |
[email protected] | 058cebc | 2013-12-17 17:49:39 | [diff] [blame] | 97 | void AddPPB(const char* name, const void* iface, Permission permission); |
| 98 | void AddPPP(const char* name, const void* iface); |
[email protected] | 5c96602 | 2011-09-13 18:09:37 | [diff] [blame] | 99 | |
[email protected] | ea44183 | 2014-02-05 15:34:21 | [diff] [blame] | 100 | // Hash the interface name for UMA logging. |
| 101 | static int HashInterfaceName(const std::string& name); |
| 102 | |
[email protected] | 195d4cde | 2012-10-02 18:12:41 | [diff] [blame] | 103 | PpapiPermissions permissions_; |
| 104 | |
[email protected] | 5c96602 | 2011-09-13 18:09:37 | [diff] [blame] | 105 | NameToInterfaceInfoMap name_to_browser_info_; |
| 106 | NameToInterfaceInfoMap name_to_plugin_info_; |
| 107 | |
[email protected] | ac4b54d | 2011-10-20 23:09:28 | [diff] [blame] | 108 | InterfaceProxy::Factory id_to_factory_[API_ID_COUNT]; |
[email protected] | 5c96602 | 2011-09-13 18:09:37 | [diff] [blame] | 109 | }; |
| 110 | |
| 111 | } // namespace proxy |
| 112 | } // namespace ppapi |
| 113 | |
| 114 | #endif // PPAPI_PROXY_INTERFACE_LIST_H_ |