1
    2
    3
    4
    5
    6
    7
    8
    9
   10
   11
   12
   13
   14
   15
   16
   17
   18
   19
   20
   21
   22
   23
   24
   25
   26
   27
   28
   29
   30
   31
   32
   33
   34
   35
   36
   37
   38
   39
   40
   41
   42
   43
   44
   45
   46
   47
   48
   49
   50
   51
   52
   53
   54
   55
   56
   57
   58
   59
   60
   61
   62
   63
   64
   65
   66
   67
   68
   69
   70
   71
   72
   73
   74
   75
   76
   77
   78
   79
   80


content / public / browser / mojo_binder_policy_map.h [blame]

// Copyright 2020 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CONTENT_PUBLIC_BROWSER_MOJO_BINDER_POLICY_MAP_H_
#define CONTENT_PUBLIC_BROWSER_MOJO_BINDER_POLICY_MAP_H_

#include <string_view>

#include "base/check_op.h"
#include "content/common/content_export.h"

namespace content {

// MojoBinderNonAssociatedPolicy specifies policies for non-associated
// interfaces. It is used by `MojoBinderPolicyMapApplier` for Mojo
// capability control.
// See the comment in
// `MojoBinderPolicyApplier::ApplyPolicyToNonAssociatedBinder()` for details.
enum class MojoBinderNonAssociatedPolicy {
  // Run the binder registered for the requested interface as normal.
  kGrant,
  // Defer running the binder registered for the requested interface. Deferred
  // binders can be explicitly asked to run later.
  kDefer,
  // Used for interface requests that cannot be handled and should cause the
  // requesting context to be discarded (for example, cancel prerendering).
  kCancel,
  // The interface request is not expected. Kill the calling renderer.
  kUnexpected,
};

// MojoBinderAssociatedPolicy specifies policies for channel-associated
// interfaces. It is used by `MojoBinderPolicyMapApplier` for Mojo capability
// control. See the comment in
// `MojoBinderPolicyApplier::ApplyPolicyToAssociatedBinder()` for details.
enum class MojoBinderAssociatedPolicy {
  // Run the binder registered for the requested interface as normal.
  kGrant,
  // Used for interface requests that cannot be handled and should cause the
  // requesting context to be discarded (for example, cancel prerendering).
  kCancel,
  // The interface request is not expected. Kill the calling renderer.
  kUnexpected,
};

// Used by content/ layer to manage interfaces' binding policies. Embedders can
// set their own policies via this interface.
// TODO(crbug.com/40160797): Consider integrating it with
// mojo::BinderMap.
class CONTENT_EXPORT MojoBinderPolicyMap {
 public:
  MojoBinderPolicyMap() = default;
  virtual ~MojoBinderPolicyMap() = default;

  // Called by embedders to set their binder policies for channel-associated
  // interfaces.
  template <typename Interface>
  void SetAssociatedPolicy(MojoBinderAssociatedPolicy policy) {
    SetPolicyByName(Interface::Name_, policy);
  }

  // Called by embedders to set their binder policies for non-associated
  // interfaces.
  template <typename Interface>
  void SetNonAssociatedPolicy(MojoBinderNonAssociatedPolicy policy) {
    SetPolicyByName(Interface::Name_, policy);
  }

 private:
  virtual void SetPolicyByName(const std::string_view& name,
                               MojoBinderAssociatedPolicy policy) = 0;

  virtual void SetPolicyByName(const std::string_view& name,
                               MojoBinderNonAssociatedPolicy policy) = 0;
};

}  // namespace content

#endif  // CONTENT_PUBLIC_BROWSER_MOJO_BINDER_POLICY_MAP_H_