1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef IPC_IPC_MESSAGE_ATTACHMENT_SET_H_
6 #define IPC_IPC_MESSAGE_ATTACHMENT_SET_H_
7 
8 #include <stddef.h>
9 
10 #include <vector>
11 
12 #include "base/macros.h"
13 #include "base/memory/ref_counted.h"
14 #include "build/build_config.h"
15 #include "ipc/ipc_message_support_export.h"
16 
17 namespace IPC {
18 
19 class MessageAttachment;
20 
21 // -----------------------------------------------------------------------------
22 // A MessageAttachmentSet is an ordered set of MessageAttachment objects
23 // associated with an IPC message. All attachments are wrapped in a mojo handle
24 // if necessary and sent over the mojo message pipe.
25 //
26 // For ChannelNacl under SFI NaCl, only Type::PLATFORM_FILE is supported. In
27 // that case, the FD is sent over socket.
28 // -----------------------------------------------------------------------------
29 class IPC_MESSAGE_SUPPORT_EXPORT MessageAttachmentSet
30     : public base::RefCountedThreadSafe<MessageAttachmentSet> {
31  public:
32   MessageAttachmentSet();
33 
34   // Return the number of attachments
35   unsigned size() const;
36 
37   // Return true if no unconsumed descriptors remain
empty()38   bool empty() const { return attachments_.empty(); }
39 
40   // Returns whether the attachment was successfully added.
41   // |index| is an output variable. On success, it contains the index of the
42   // newly added attachment.
43   bool AddAttachment(scoped_refptr<MessageAttachment> attachment,
44                      size_t* index);
45 
46   // Similar to the above method, but without output variables.
47   bool AddAttachment(scoped_refptr<MessageAttachment> attachment);
48 
49   // Take the nth from the beginning of the vector, Code using this /must/
50   // access the attachments in order, and must do it at most once.
51   //
52   // This interface is designed for the deserialising code as it doesn't
53   // support close flags.
54   //   returns: an attachment, or nullptr on error
55   scoped_refptr<MessageAttachment> GetAttachmentAt(unsigned index);
56 
57   // Marks all the descriptors as consumed and closes those which are
58   // auto-close.
59   void CommitAllDescriptors();
60 
61 #if defined(OS_POSIX) || defined(OS_FUCHSIA)
62   // This is the maximum number of descriptors per message. We need to know this
63   // because the control message kernel interface has to be given a buffer which
64   // is large enough to store all the descriptor numbers. Otherwise the kernel
65   // tells us that it truncated the control data and the extra descriptors are
66   // lost.
67   //
68   // In debugging mode, it's a fatal error to try and add more than this number
69   // of descriptors to a MessageAttachmentSet.
70   static const size_t kMaxDescriptorsPerMessage = 7;
71 #endif  // OS_POSIX || OS_FUCHSIA
72 
73   // ---------------------------------------------------------------------------
74 
75  private:
76   friend class base::RefCountedThreadSafe<MessageAttachmentSet>;
77 
78   ~MessageAttachmentSet();
79 
80   // Return the number of file descriptors
81   unsigned num_descriptors() const;
82 
83   std::vector<scoped_refptr<MessageAttachment>> attachments_;
84 
85   // This contains the index of the next descriptor which should be consumed.
86   // It's used in a couple of ways. Firstly, at destruction we can check that
87   // all the descriptors have been read (with GetNthDescriptor). Secondly, we
88   // can check that they are read in order.
89   unsigned consumed_descriptor_highwater_;
90 
91   DISALLOW_COPY_AND_ASSIGN(MessageAttachmentSet);
92 };
93 
94 }  // namespace IPC
95 
96 #endif  // IPC_IPC_MESSAGE_ATTACHMENT_SET_H_
97