Chromium Code Reviews Chromium Code Reviews
Issue 2064903002:
Mojo: Report bindings validation errors via MojoNotifyBadMessage (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef MOJO_PUBLIC_CPP_BINDINGS_MESSAGE_H_ | 5 #ifndef MOJO_PUBLIC_CPP_BINDINGS_MESSAGE_H_ |
| 6 #define MOJO_PUBLIC_CPP_BINDINGS_MESSAGE_H_ | 6 #define MOJO_PUBLIC_CPP_BINDINGS_MESSAGE_H_ |
| 7 | 7 |
| 8 #include <stddef.h> | 8 #include <stddef.h> |
| 9 #include <stdint.h> | 9 #include <stdint.h> |
| 10 | 10 |
| 11 #include <limits> | 11 #include <limits> |
| 12 #include <memory> | 12 #include <memory> |
| 13 #include <vector> | 13 #include <vector> |
| 14 | 14 |
| 15 #include "base/logging.h" | 15 #include "base/logging.h" |
| 16 #include "mojo/public/cpp/bindings/lib/message_buffer.h" | 16 #include "mojo/public/cpp/bindings/lib/message_buffer.h" |
| 17 #include "mojo/public/cpp/bindings/lib/message_internal.h" | 17 #include "mojo/public/cpp/bindings/lib/message_internal.h" |
| 18 #include "mojo/public/cpp/system/message.h" | 18 #include "mojo/public/cpp/system/message.h" |
| 19 | 19 |
| 20 namespace mojo { | 20 namespace mojo { |
| 21 | 21 |
| 22 class Error; | |
| 23 | |
| 22 // Message is a holder for the data and handles to be sent over a MessagePipe. | 24 // Message is a holder for the data and handles to be sent over a MessagePipe. |
| 23 // Message owns its data and handles, but a consumer of Message is free to | 25 // Message owns its data and handles, but a consumer of Message is free to |
| 24 // mutate the data and handles. The message's data is comprised of a header | 26 // mutate the data and handles. The message's data is comprised of a header |
| 25 // followed by payload. | 27 // followed by payload. |
| 26 class Message { | 28 class Message { |
| 27 public: | 29 public: |
| 28 Message(); | 30 Message(); |
| 29 ~Message(); | 31 ~Message(); |
| 30 | 32 |
| 31 // Initializes a Message with enough space for |capacity| bytes. | 33 // Initializes a Message with enough space for |capacity| bytes. |
| (...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 92 std::vector<Handle>* mutable_handles() { return &handles_; } | 94 std::vector<Handle>* mutable_handles() { return &handles_; } |
| 93 | 95 |
| 94 // Access the underlying Buffer interface. | 96 // Access the underlying Buffer interface. |
| 95 internal::Buffer* buffer() { return buffer_.get(); } | 97 internal::Buffer* buffer() { return buffer_.get(); } |
| 96 | 98 |
| 97 // Takes a scoped MessageHandle which may be passed to |WriteMessageNew()| for | 99 // Takes a scoped MessageHandle which may be passed to |WriteMessageNew()| for |
| 98 // transmission. Note that this invalidates this Message object, taking | 100 // transmission. Note that this invalidates this Message object, taking |
| 99 // ownership of its internal storage and any attached handles. | 101 // ownership of its internal storage and any attached handles. |
| 100 ScopedMessageHandle TakeMojoMessage(); | 102 ScopedMessageHandle TakeMojoMessage(); |
| 101 | 103 |
| 104 // Notifies the system that this message is "bad," in this case meaning it was | |
| 105 // rejected by bindings validation code. | |
| 106 void NotifyBadMessage(const std::string& error); | |
| 107 | |
| 102 private: | 108 private: |
| 103 void CloseHandles(); | 109 void CloseHandles(); |
| 104 | 110 |
| 105 std::unique_ptr<internal::MessageBuffer> buffer_; | 111 std::unique_ptr<internal::MessageBuffer> buffer_; |
| 106 std::vector<Handle> handles_; | 112 std::vector<Handle> handles_; |
| 107 | 113 |
| 108 DISALLOW_COPY_AND_ASSIGN(Message); | 114 DISALLOW_COPY_AND_ASSIGN(Message); |
| 109 }; | 115 }; |
| 110 | 116 |
| 111 class MessageReceiver { | 117 class MessageReceiver { |
| 112 public: | 118 public: |
| 113 virtual ~MessageReceiver() {} | 119 virtual ~MessageReceiver() {} |
| 114 | 120 |
| 115 // The receiver may mutate the given message. Returns true if the message | 121 // The receiver may mutate the given message. Returns true if the message |
| 116 // was accepted and false otherwise, indicating that the message was invalid | 122 // was accepted and false otherwise, indicating that the message was invalid |
| 117 // or malformed. | 123 // or malformed. If this returns false, |*error| may be populated with |
| 118 virtual bool Accept(Message* message) WARN_UNUSED_RESULT = 0; | 124 // additional information about the failure reason. |
| 125 virtual bool Accept(Message* message, Error* error) WARN_UNUSED_RESULT = 0; | |
|
yzshen1
2016/06/14 16:45:32
Does it make sense to merge the return value with
Ken Rockot(use gerrit already)
2016/06/14 21:20:40
Done!
| |
| 119 }; | 126 }; |
| 120 | 127 |
| 121 class MessageReceiverWithResponder : public MessageReceiver { | 128 class MessageReceiverWithResponder : public MessageReceiver { |
| 122 public: | 129 public: |
| 123 ~MessageReceiverWithResponder() override {} | 130 ~MessageReceiverWithResponder() override {} |
| 124 | 131 |
| 125 // A variant on Accept that registers a MessageReceiver (known as the | 132 // A variant on Accept that registers a MessageReceiver (known as the |
| 126 // responder) to handle the response message generated from the given | 133 // responder) to handle the response message generated from the given |
| 127 // message. The responder's Accept method may be called during | 134 // message. The responder's Accept method may be called during |
| 128 // AcceptWithResponder or some time after its return. | 135 // AcceptWithResponder or some time after its return. |
| 129 // | 136 // |
| 130 // NOTE: Upon returning true, AcceptWithResponder assumes ownership of | 137 // NOTE: Upon returning true, AcceptWithResponder assumes ownership of |
| 131 // |responder| and will delete it after calling |responder->Accept| or upon | 138 // |responder| and will delete it after calling |responder->Accept| or upon |
| 132 // its own destruction. | 139 // its own destruction. |
| 133 // | 140 // |
| 134 // TODO(yzshen): consider changing |responder| to | 141 // TODO(yzshen): consider changing |responder| to |
| 135 // std::unique_ptr<MessageReceiver>. | 142 // std::unique_ptr<MessageReceiver>. |
| 136 virtual bool AcceptWithResponder(Message* message, MessageReceiver* responder) | 143 virtual bool AcceptWithResponder(Message* message, |
| 144 MessageReceiver* responder, | |
| 145 Error* error) | |
| 137 WARN_UNUSED_RESULT = 0; | 146 WARN_UNUSED_RESULT = 0; |
| 138 }; | 147 }; |
| 139 | 148 |
| 140 // A MessageReceiver that is also able to provide status about the state | 149 // A MessageReceiver that is also able to provide status about the state |
| 141 // of the underlying MessagePipe to which it will be forwarding messages | 150 // of the underlying MessagePipe to which it will be forwarding messages |
| 142 // received via the |Accept()| call. | 151 // received via the |Accept()| call. |
| 143 class MessageReceiverWithStatus : public MessageReceiver { | 152 class MessageReceiverWithStatus : public MessageReceiver { |
| 144 public: | 153 public: |
| 145 ~MessageReceiverWithStatus() override {} | 154 ~MessageReceiverWithStatus() override {} |
| 146 | 155 |
| (...skipping 19 matching lines...) Expand all Loading... | |
| 166 // message. Any of the responder's methods (Accept or IsValid) may be called | 175 // message. Any of the responder's methods (Accept or IsValid) may be called |
| 167 // during AcceptWithResponder or some time after its return. | 176 // during AcceptWithResponder or some time after its return. |
| 168 // | 177 // |
| 169 // NOTE: Upon returning true, AcceptWithResponder assumes ownership of | 178 // NOTE: Upon returning true, AcceptWithResponder assumes ownership of |
| 170 // |responder| and will delete it after calling |responder->Accept| or upon | 179 // |responder| and will delete it after calling |responder->Accept| or upon |
| 171 // its own destruction. | 180 // its own destruction. |
| 172 // | 181 // |
| 173 // TODO(yzshen): consider changing |responder| to | 182 // TODO(yzshen): consider changing |responder| to |
| 174 // std::unique_ptr<MessageReceiver>. | 183 // std::unique_ptr<MessageReceiver>. |
| 175 virtual bool AcceptWithResponder(Message* message, | 184 virtual bool AcceptWithResponder(Message* message, |
| 176 MessageReceiverWithStatus* responder) | 185 MessageReceiverWithStatus* responder, |
| 186 Error* error) | |
| 177 WARN_UNUSED_RESULT = 0; | 187 WARN_UNUSED_RESULT = 0; |
| 178 }; | 188 }; |
| 179 | 189 |
| 180 // Read a single message from the pipe. The caller should have created the | 190 // Read a single message from the pipe. The caller should have created the |
| 181 // Message, but not called Initialize(). Returns MOJO_RESULT_SHOULD_WAIT if | 191 // Message, but not called Initialize(). Returns MOJO_RESULT_SHOULD_WAIT if |
| 182 // the caller should wait on the handle to become readable. Returns | 192 // the caller should wait on the handle to become readable. Returns |
| 183 // MOJO_RESULT_OK if the message was read successfully and should be | 193 // MOJO_RESULT_OK if the message was read successfully and should be |
| 184 // dispatched, otherwise returns an error code if something went wrong. | 194 // dispatched, otherwise returns an error code if something went wrong. |
| 185 // | 195 // |
| 186 // NOTE: The message hasn't been validated and may be malformed! | 196 // NOTE: The message hasn't been validated and may be malformed! |
| 187 MojoResult ReadMessage(MessagePipeHandle handle, Message* message); | 197 MojoResult ReadMessage(MessagePipeHandle handle, Message* message); |
| 188 | 198 |
| 189 } // namespace mojo | 199 } // namespace mojo |
| 190 | 200 |
| 191 #endif // MOJO_PUBLIC_CPP_BINDINGS_MESSAGE_H_ | 201 #endif // MOJO_PUBLIC_CPP_BINDINGS_MESSAGE_H_ |
| OLD | NEW |
