| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef MOJO_EDK_SYSTEM_TRANSPORT_DATA_H_ | |
| 6 #define MOJO_EDK_SYSTEM_TRANSPORT_DATA_H_ | |
| 7 | |
| 8 #include <stdint.h> | |
| 9 | |
| 10 #include <vector> | |
| 11 | |
| 12 #include "base/macros.h" | |
| 13 #include "base/memory/aligned_memory.h" | |
| 14 #include "base/memory/scoped_ptr.h" | |
| 15 #include "build/build_config.h" | |
| 16 #include "mojo/edk/embedder/platform_handle.h" | |
| 17 #include "mojo/edk/embedder/platform_handle_vector.h" | |
| 18 #include "mojo/edk/system/dispatcher.h" | |
| 19 #include "mojo/edk/system/system_impl_export.h" | |
| 20 | |
| 21 namespace mojo { | |
| 22 namespace system { | |
| 23 | |
| 24 class Channel; | |
| 25 | |
| 26 // This class is used by |MessageInTransit| to represent handles (|Dispatcher|s) | |
| 27 // in various stages of serialization. | |
| 28 // | |
| 29 // The stages are: | |
| 30 // - Before reaching |TransportData|: Turn |DispatcherTransport|s into | |
| 31 // |Dispatcher|s that are "owned" by (and attached to) a |MessageInTransit|. | |
| 32 // This invalidates the handles in the space of the sending application | |
| 33 // (and, e.g., if another thread is waiting on such a handle, it'll be | |
| 34 // notified of this invalidation). | |
| 35 // - Serialize these dispatchers into the |TransportData|: First, for each | |
| 36 // attached dispatcher, there's an entry in the |TransportData|'s "handle | |
| 37 // table", which points to a segment of (dispatcher-type-dependent) data. | |
| 38 // - During the serialization of the dispatchers, |PlatformHandle|s may be | |
| 39 // detached from the dispatchers and attached to the |TransportData|. | |
| 40 // - Before sending the |MessageInTransit|, including its main buffer and the | |
| 41 // |TransportData|'s buffer, the |Channel| sends any |PlatformHandle|s (in a | |
| 42 // platform-, and possibly sandbox-situation-, specific way) first. In doing | |
| 43 // so, it appends a "platform handle table" to the |TransportData| | |
| 44 // containing information about how to deserialize these |PlatformHandle|s. | |
| 45 // - Finally, at this point, to send the |MessageInTransit|, there only | |
| 46 // remains "inert" data: the |MessageInTransit|'s main buffer and data from | |
| 47 // the |TransportData|, consisting of the "handle table" (one entry for each | |
| 48 // attached dispatcher), dispatcher-type-specific data (one segment for each | |
| 49 // entry in the "handle table"), and the "platform handle table" (one entry | |
| 50 // for each attached |PlatformHandle|). | |
| 51 // | |
| 52 // To receive a message (|MessageInTransit|), the "reverse" happens: | |
| 53 // - On POSIX, receive and buffer |PlatformHandle|s (i.e., FDs), which were | |
| 54 // sent before the "inert" data. | |
| 55 // - Receive the "inert" data from the |MessageInTransit|. Examine its | |
| 56 // "platform handle table". On POSIX, match its entries with the buffered | |
| 57 // |PlatformHandle|s, which were previously received. On Windows, do what's | |
| 58 // necessary to obtain |PlatformHandle|s (e.g.: i. if the sender is fully | |
| 59 // trusted and able to duplicate handle into the receiver, then just pick | |
| 60 // out the |HANDLE| value; ii. if the receiver is fully trusted and able to | |
| 61 // duplicate handles from the receiver, do the |DuplicateHandle()|; iii. | |
| 62 // otherwise, talk to a broker to get handles). Reattach all the | |
| 63 // |PlatformHandle|s to the |MessageInTransit|. | |
| 64 // - For each entry in the "handle table", use serialized dispatcher data to | |
| 65 // reconstitute a dispatcher, taking ownership of associated | |
| 66 // |PlatformHandle|s (and detaching them). Attach these dispatchers to the | |
| 67 // |MessageInTransit|. | |
| 68 // - At this point, the |MessageInTransit| consists of its main buffer | |
| 69 // (primarily the data payload) and the attached dispatchers; the | |
| 70 // |TransportData| can be discarded. | |
| 71 // - When |MojoReadMessage()| is to give data to the application, attach the | |
| 72 // dispatchers to the (global, "core") handle table, getting handles; give | |
| 73 // the application the data payload and these handles. | |
| 74 // | |
| 75 // TODO(vtl): Everything above involving |PlatformHandle|s. | |
| 76 class MOJO_SYSTEM_IMPL_EXPORT TransportData { | |
| 77 public: | |
| 78 // The maximum size of a single serialized dispatcher. This must be a multiple | |
| 79 // of |kMessageAlignment|. | |
| 80 static const size_t kMaxSerializedDispatcherSize = 10000; | |
| 81 | |
| 82 // The maximum number of platform handles to attach for a single serialized | |
| 83 // dispatcher. | |
| 84 static const size_t kMaxSerializedDispatcherPlatformHandles = 2; | |
| 85 | |
| 86 // The maximum possible size of a valid transport data buffer. | |
| 87 static size_t GetMaxBufferSize(); | |
| 88 | |
| 89 // The maximum total number of platform handles that may be attached. | |
| 90 static size_t GetMaxPlatformHandles(); | |
| 91 | |
| 92 TransportData(scoped_ptr<DispatcherVector> dispatchers, Channel* channel); | |
| 93 | |
| 94 // This is used for users of |MessageInTransit|/|TransportData|/|RawChannel| | |
| 95 // that want to simply transport data and platform handles, and not | |
| 96 // |Dispatcher|s. (|Header| will be present, and zero except for | |
| 97 // |num_platform_handles|, and |platform_handle_table_offset| if necessary.) | |
| 98 explicit TransportData( | |
| 99 embedder::ScopedPlatformHandleVectorPtr platform_handles); | |
| 100 | |
| 101 ~TransportData(); | |
| 102 | |
| 103 const void* buffer() const { return buffer_.get(); } | |
| 104 void* buffer() { return buffer_.get(); } | |
| 105 size_t buffer_size() const { return buffer_size_; } | |
| 106 | |
| 107 uint32_t platform_handle_table_offset() const { | |
| 108 return header()->platform_handle_table_offset; | |
| 109 } | |
| 110 | |
| 111 // Gets attached platform-specific handles; this may return null if there are | |
| 112 // none. Note that the caller may mutate the set of platform-specific handles. | |
| 113 const embedder::PlatformHandleVector* platform_handles() const { | |
| 114 return platform_handles_.get(); | |
| 115 } | |
| 116 embedder::PlatformHandleVector* platform_handles() { | |
| 117 return platform_handles_.get(); | |
| 118 } | |
| 119 | |
| 120 // Receive-side functions: | |
| 121 | |
| 122 // Checks if the given buffer (from the "wire") looks like a valid | |
| 123 // |TransportData| buffer. (Should only be called if |buffer_size| is | |
| 124 // nonzero.) Returns null if valid, and a pointer to a human-readable error | |
| 125 // message (for debug/logging purposes) on error. Note: This checks the | |
| 126 // validity of the handle table entries (i.e., does range checking), but does | |
| 127 // not check that the validity of the actual serialized dispatcher | |
| 128 // information. | |
| 129 static const char* ValidateBuffer(size_t serialized_platform_handle_size, | |
| 130 const void* buffer, | |
| 131 size_t buffer_size); | |
| 132 | |
| 133 // Gets the platform handle table from a (valid) |TransportData| buffer (which | |
| 134 // should have been validated using |ValidateBuffer()| first). | |
| 135 static void GetPlatformHandleTable(const void* transport_data_buffer, | |
| 136 size_t* num_platform_handles, | |
| 137 const void** platform_handle_table); | |
| 138 | |
| 139 // Deserializes dispatchers from the given (serialized) transport data buffer | |
| 140 // (typically from a |MessageInTransit::View|) and vector of platform handles. | |
| 141 // |buffer| should be non-null and |buffer_size| should be nonzero. | |
| 142 static scoped_ptr<DispatcherVector> DeserializeDispatchers( | |
| 143 const void* buffer, | |
| 144 size_t buffer_size, | |
| 145 embedder::ScopedPlatformHandleVectorPtr platform_handles, | |
| 146 Channel* channel); | |
| 147 | |
| 148 private: | |
| 149 // To allow us to make compile-assertions about |Header|, etc. in the .cc | |
| 150 // file. | |
| 151 struct PrivateStructForCompileAsserts; | |
| 152 | |
| 153 // Header for the "secondary buffer"/"transport data". Must be a multiple of | |
| 154 // |MessageInTransit::kMessageAlignment| in size. Must be POD. | |
| 155 struct Header { | |
| 156 uint32_t num_handles; | |
| 157 // TODO(vtl): Not used yet: | |
| 158 uint32_t platform_handle_table_offset; | |
| 159 uint32_t num_platform_handles; | |
| 160 uint32_t unused; | |
| 161 }; | |
| 162 | |
| 163 struct HandleTableEntry { | |
| 164 int32_t type; // From |Dispatcher::Type| (|kTypeUnknown| for "invalid"). | |
| 165 uint32_t offset; // Relative to the start of the "secondary buffer". | |
| 166 uint32_t size; // (Not including any padding.) | |
| 167 uint32_t unused; | |
| 168 }; | |
| 169 | |
| 170 const Header* header() const { | |
| 171 return reinterpret_cast<const Header*>(buffer_.get()); | |
| 172 } | |
| 173 | |
| 174 size_t buffer_size_; | |
| 175 scoped_ptr<char, base::AlignedFreeDeleter> buffer_; // Never null. | |
| 176 | |
| 177 // Any platform-specific handles attached to this message (for inter-process | |
| 178 // transport). The vector (if any) owns the handles that it contains (and is | |
| 179 // responsible for closing them). | |
| 180 // TODO(vtl): With C++11, change it to a vector of |ScopedPlatformHandle|s. | |
| 181 embedder::ScopedPlatformHandleVectorPtr platform_handles_; | |
| 182 | |
| 183 DISALLOW_COPY_AND_ASSIGN(TransportData); | |
| 184 }; | |
| 185 | |
| 186 } // namespace system | |
| 187 } // namespace mojo | |
| 188 | |
| 189 #endif // MOJO_EDK_SYSTEM_TRANSPORT_DATA_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 814543006:
Move //mojo/{public, edk} underneath //third_party (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master