ContentFilterMac.mm [plain text]
/*
* Copyright (C) 2013 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
* THE POSSIBILITY OF SUCH DAMAGE.
*/
#import "config.h"
#import "ContentFilter.h"
#if USE(CONTENT_FILTERING)
#import "ResourceResponse.h"
#import "SoftLinking.h"
#import <objc/runtime.h>
#if defined(__has_include) && __has_include(<WebContentAnalysis/WebFilterEvaluator.h>)
#import <WebContentAnalysis/WebFilterEvaluator.h>
#else
static const OSStatus kWFEStateBuffering = 2;
@interface WebFilterEvaluator : NSObject
+ (BOOL)isManagedSession;
- (BOOL)wasBlocked;
- (NSData *)addData:(NSData *)receivedData;
- (NSData *)dataComplete;
- (OSStatus)filterState;
- (id)initWithResponse:(NSURLResponse *)response;
@end
#endif
SOFT_LINK_PRIVATE_FRAMEWORK(WebContentAnalysis);
SOFT_LINK_CLASS(WebContentAnalysis, WebFilterEvaluator);
#if HAVE(NE_FILTER_SOURCE)
#if defined(__has_include) && __has_include(<NetworkExtension/NEFilterSource.h>)
#import <NetworkExtension/NEFilterSource.h>
#else
typedef NS_ENUM(NSInteger, NEFilterSourceStatus) {
NEFilterSourceStatusPass = 1,
NEFilterSourceStatusBlock = 2,
NEFilterSourceStatusNeedsMoreData = 3,
NEFilterSourceStatusError = 4,
};
typedef NS_ENUM(NSInteger, NEFilterSourceDirection) {
NEFilterSourceDirectionOutbound = 1,
NEFilterSourceDirectionInbound = 2,
};
@interface NEFilterSource : NSObject
+ (BOOL)filterRequired;
- (id)initWithURL:(NSURL *)url direction:(NEFilterSourceDirection)direction socketIdentifier:(uint64_t)socketIdentifier;
- (void)addData:(NSData *)data withCompletionQueue:(dispatch_queue_t)queue completionHandler:(void (^)(NEFilterSourceStatus, NSData *))completionHandler;
- (void)dataCompleteWithCompletionQueue:(dispatch_queue_t)queue completionHandler:(void (^)(NEFilterSourceStatus, NSData *))completionHandler;
@property (readonly) NEFilterSourceStatus status;
@property (readonly) NSURL *url;
@property (readonly) NEFilterSourceDirection direction;
@property (readonly) uint64_t socketIdentifier;
@end
#endif
SOFT_LINK_FRAMEWORK(NetworkExtension);
SOFT_LINK_CLASS(NetworkExtension, NEFilterSource);
#endif // HAVE(NE_FILTER_SOURCE)
namespace WebCore {
ContentFilter::ContentFilter()
#if HAVE(NE_FILTER_SOURCE)
: m_neFilterSourceStatus(NEFilterSourceStatusNeedsMoreData)
, m_neFilterSourceQueue(0)
#endif
{
}
ContentFilter::ContentFilter(const ResourceResponse& response)
#if HAVE(NE_FILTER_SOURCE)
: m_neFilterSourceStatus(NEFilterSourceStatusNeedsMoreData)
, m_neFilterSourceQueue(0)
#endif
{
if ([getWebFilterEvaluatorClass() isManagedSession])
m_platformContentFilter = adoptNS([[getWebFilterEvaluatorClass() alloc] initWithResponse:response.nsURLResponse()]);
#if HAVE(NE_FILTER_SOURCE)
if ([getNEFilterSourceClass() filterRequired]) {
m_neFilterSource = adoptNS([[getNEFilterSourceClass() alloc] initWithURL:[response.nsURLResponse() URL] direction:NEFilterSourceDirectionInbound socketIdentifier:0]);
m_neFilterSourceQueue = dispatch_queue_create("com.apple.WebCore.NEFilterSourceQueue", DISPATCH_QUEUE_SERIAL);
long long expectedContentSize = [response.nsURLResponse() expectedContentLength];
if (expectedContentSize < 0)
m_originalData = adoptNS([[NSMutableData alloc] init]);
else
m_originalData = adoptNS([[NSMutableData alloc] initWithCapacity:(NSUInteger)expectedContentSize]);
}
#endif
}
ContentFilter::~ContentFilter()
{
#if HAVE(NE_FILTER_SOURCE)
if (m_neFilterSourceQueue)
dispatch_release(m_neFilterSourceQueue);
#endif
}
bool ContentFilter::isEnabled()
{
return [getWebFilterEvaluatorClass() isManagedSession]
#if HAVE(NE_FILTER_SOURCE)
|| [getNEFilterSourceClass() filterRequired]
#endif
;
}
void ContentFilter::addData(const char* data, int length)
{
ASSERT(needsMoreData());
if (m_platformContentFilter) {
ASSERT(![m_replacementData.get() length]);
m_replacementData = [m_platformContentFilter addData:[NSData dataWithBytesNoCopy:(void*)data length:length freeWhenDone:NO]];
ASSERT(needsMoreData() || [m_replacementData.get() length]);
}
#if HAVE(NE_FILTER_SOURCE)
if (!m_neFilterSource)
return;
// FIXME: NEFilterSource doesn't buffer data like WebFilterEvaluator does,
// so we need to do it ourselves so getReplacementData() can return the
// original bytes back to the loader. We should find a way to remove this
// additional copy.
[m_originalData appendBytes:data length:length];
dispatch_semaphore_t neFilterSourceSemaphore = dispatch_semaphore_create(0);
[m_neFilterSource addData:[NSData dataWithBytes:(void*)data length:length] withCompletionQueue:m_neFilterSourceQueue completionHandler:^(NEFilterSourceStatus status, NSData *) {
m_neFilterSourceStatus = status;
dispatch_semaphore_signal(neFilterSourceSemaphore);
}];
// FIXME: We have to block here since DocumentLoader expects to have a
// blocked/not blocked answer from the filter immediately after calling
// addData(). We should find a way to make this asynchronous.
dispatch_semaphore_wait(neFilterSourceSemaphore, DISPATCH_TIME_FOREVER);
dispatch_release(neFilterSourceSemaphore);
#endif
}
void ContentFilter::finishedAddingData()
{
ASSERT(needsMoreData());
if (m_platformContentFilter) {
ASSERT(![m_replacementData.get() length]);
m_replacementData = [m_platformContentFilter dataComplete];
}
#if HAVE(NE_FILTER_SOURCE)
if (!m_neFilterSource)
return;
dispatch_semaphore_t neFilterSourceSemaphore = dispatch_semaphore_create(0);
[m_neFilterSource dataCompleteWithCompletionQueue:m_neFilterSourceQueue completionHandler:^(NEFilterSourceStatus status, NSData *) {
m_neFilterSourceStatus = status;
dispatch_semaphore_signal(neFilterSourceSemaphore);
}];
// FIXME: We have to block here since DocumentLoader expects to have a
// blocked/not blocked answer from the filter immediately after calling
// finishedAddingData(). We should find a way to make this asynchronous.
dispatch_semaphore_wait(neFilterSourceSemaphore, DISPATCH_TIME_FOREVER);
dispatch_release(neFilterSourceSemaphore);
#endif
ASSERT(!needsMoreData());
}
bool ContentFilter::needsMoreData() const
{
return [m_platformContentFilter filterState] == kWFEStateBuffering
#if HAVE(NE_FILTER_SOURCE)
|| (m_neFilterSource && m_neFilterSourceStatus == NEFilterSourceStatusNeedsMoreData)
#endif
;
}
bool ContentFilter::didBlockData() const
{
return [m_platformContentFilter wasBlocked]
#if HAVE(NE_FILTER_SOURCE)
|| (m_neFilterSource && m_neFilterSourceStatus == NEFilterSourceStatusBlock)
#endif
;
}
const char* ContentFilter::getReplacementData(int& length) const
{
ASSERT(!needsMoreData());
if (didBlockData()) {
length = [m_replacementData length];
return static_cast<const char*>([m_replacementData bytes]);
}
NSData *originalData = m_replacementData.get();
#if HAVE(NE_FILTER_SOURCE)
if (!originalData)
originalData = m_originalData.get();
#endif
length = [originalData length];
return static_cast<const char*>([originalData bytes]);
}
static NSString * const platformContentFilterKey = @"platformContentFilter";
void ContentFilter::encode(NSKeyedArchiver *archiver) const
{
if ([getWebFilterEvaluatorClass() conformsToProtocol:@protocol(NSSecureCoding)])
[archiver encodeObject:m_platformContentFilter.get() forKey:platformContentFilterKey];
}
bool ContentFilter::decode(NSKeyedUnarchiver *unarchiver, ContentFilter& contentFilter)
{
@try {
if ([getWebFilterEvaluatorClass() conformsToProtocol:@protocol(NSSecureCoding)])
contentFilter.m_platformContentFilter = (WebFilterEvaluator *)[unarchiver decodeObjectOfClass:getWebFilterEvaluatorClass() forKey:platformContentFilterKey];
return true;
} @catch (NSException *exception) {
LOG_ERROR("The platform content filter being decoded is not a WebFilterEvaluator.");
}
return false;
}
} // namespace WebCore
#endif // USE(CONTENT_FILTERING)