Index: sandbox/win/src/broker_services.cc |
diff --git a/sandbox/win/src/broker_services.cc b/sandbox/win/src/broker_services.cc |
index 57f197f26ee71d84a73f255f5faf30d587ec4722..bcba8b8ac2afff4f7d659995191a8ee158b4d722 100644 |
--- a/sandbox/win/src/broker_services.cc |
+++ b/sandbox/win/src/broker_services.cc |
@@ -9,6 +9,7 @@ |
#include "base/logging.h" |
#include "base/macros.h" |
+#include "base/memory/ref_counted.h" |
#include "base/memory/scoped_ptr.h" |
#include "base/stl_util.h" |
#include "base/threading/platform_thread.h" |
@@ -58,19 +59,17 @@ enum { |
// Helper structure that allows the Broker to associate a job notification |
// with a job object and with a policy. |
struct JobTracker { |
- JobTracker(base::win::ScopedHandle job, sandbox::TargetPolicy* policy) |
- : job(job.Pass()), policy(policy) { |
- } |
- ~JobTracker() { |
- FreeResources(); |
- } |
+ JobTracker(base::win::ScopedHandle job, |
+ scoped_refptr<sandbox::TargetPolicy> policy) |
+ : job(job.Pass()), policy(policy.Pass()) {} |
+ ~JobTracker() { FreeResources(); } |
// Releases the Job and notifies the associated Policy object to release its |
// resources as well. |
void FreeResources(); |
base::win::ScopedHandle job; |
- sandbox::TargetPolicy* policy; |
+ scoped_refptr<sandbox::TargetPolicy> policy; |
}; |
void JobTracker::FreeResources() { |
@@ -84,7 +83,6 @@ void JobTracker::FreeResources() { |
// In OnJobEmpty() we don't actually use the job handle directly. |
policy->OnJobEmpty(stale_job_handle); |
- policy->Release(); |
policy = NULL; |
} |
} |
@@ -174,8 +172,8 @@ BrokerServicesBase::~BrokerServicesBase() { |
::DeleteCriticalSection(&lock_); |
} |
-TargetPolicy* BrokerServicesBase::CreatePolicy() { |
- return new TargetPolicy; |
+scoped_refptr<TargetPolicy> BrokerServicesBase::CreatePolicy() { |
+ return make_scoped_refptr(new TargetPolicy); |
} |
// The worker thread stays in a loop waiting for asynchronous notifications |
@@ -219,6 +217,7 @@ DWORD WINAPI BrokerServicesBase::TargetEventsThread(PVOID param) { |
// to appear out of thin air in this job, it safe to assume that |
// we can tell the policy to destroy the target object, and for |
// us to release our reference to the policy object. |
+ // TODO(rickyz): Is tracker removed from tracker_list_ or destroyed? |
tracker->FreeResources(); |
break; |
} |
@@ -286,7 +285,7 @@ DWORD WINAPI BrokerServicesBase::TargetEventsThread(PVOID param) { |
// process inside the sandbox. |
ResultCode BrokerServicesBase::SpawnTarget(const wchar_t* exe_path, |
const wchar_t* command_line, |
- TargetPolicy* policy, |
+ scoped_refptr<TargetPolicy> policy, |
PROCESS_INFORMATION* target_info) { |
if (!exe_path) |
return SBOX_ERROR_BAD_PARAMS; |
@@ -431,11 +430,8 @@ ResultCode BrokerServicesBase::SpawnTarget(const wchar_t* exe_path, |
return SpawnCleanup(target, 0); |
} |
- // We are going to keep a pointer to the policy because we'll call it when |
- // the job object generates notifications using the completion port. |
- policy->AddRef(); |
if (job.IsValid()) { |
- scoped_ptr<JobTracker> tracker(new JobTracker(job.Pass(), policy)); |
+ scoped_ptr<JobTracker> tracker(new JobTracker(job.Pass(), policy.Pass())); |
// There is no obvious recovery after failure here. Previous version with |
// SpawnCleanup() caused deletion of TargetProcess twice. crbug.com/480639 |