| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef MOJO_PUBLIC_CPP_BINDINGS_SYNC_CALL_RESTRICTIONS_H_ |
| 6 #define MOJO_PUBLIC_CPP_BINDINGS_SYNC_CALL_RESTRICTIONS_H_ |
| 7 |
| 8 #include "base/macros.h" |
| 9 #include "base/threading/thread_restrictions.h" |
| 10 |
| 11 #if (!defined(NDEBUG) || defined(DCHECK_ALWAYS_ON)) |
| 12 #define ENABLE_SYNC_CALL_RESTRICTIONS 1 |
| 13 #else |
| 14 #define ENABLE_SYNC_CALL_RESTRICTIONS 0 |
| 15 #endif |
| 16 |
| 17 namespace mus { |
| 18 class GpuService; |
| 19 } |
| 20 |
| 21 namespace mojo { |
| 22 |
| 23 // In some processes, sync calls are disallowed. For example, in the browser |
| 24 // process we don't want any sync calls to child processes for performance, |
| 25 // security and stability reasons. SyncCallRestrictions helps to enforce such |
| 26 // rules. |
| 27 // |
| 28 // Before processing a sync call, the bindings call |
| 29 // SyncCallRestrictions::AssertSyncCallAllowed() to check whether sync calls are |
| 30 // allowed. By default, it is determined by the mojo system property |
| 31 // MOJO_PROPERTY_SYNC_CALL_ALLOWED. If the default setting says no but you have |
| 32 // a very compelling reason to disregard that (which should be very very rare), |
| 33 // you can override it by constructing a ScopedAllowSyncCall object, which |
| 34 // allows making sync calls on the current thread during its lifetime. |
| 35 class SyncCallRestrictions { |
| 36 public: |
| 37 #if ENABLE_SYNC_CALL_RESTRICTIONS |
| 38 // Checks whether the current thread is allowed to make sync calls, and causes |
| 39 // a DCHECK if not. |
| 40 static void AssertSyncCallAllowed(); |
| 41 #else |
| 42 // Inline the empty definitions of functions so that they can be compiled out. |
| 43 static void AssertSyncCallAllowed() {} |
| 44 #endif |
| 45 |
| 46 private: |
| 47 // DO NOT ADD ANY OTHER FRIEND STATEMENTS, talk to mojo/OWNERS first. |
| 48 // BEGIN ALLOWED USAGE. |
| 49 friend class mus::GpuService; // http://crbug.com/620058 |
| 50 // END ALLOWED USAGE. |
| 51 |
| 52 #if ENABLE_SYNC_CALL_RESTRICTIONS |
| 53 static void IncreaseScopedAllowCount(); |
| 54 static void DecreaseScopedAllowCount(); |
| 55 #else |
| 56 static void IncreaseScopedAllowCount() {} |
| 57 static void DecreaseScopedAllowCount() {} |
| 58 #endif |
| 59 |
| 60 // If a process is configured to disallow sync calls in general, constructing |
| 61 // a ScopedAllowSyncCall object temporarily allows making sync calls on the |
| 62 // current thread. Doing this is almost always incorrect, which is why we |
| 63 // limit who can use this through friend. If you find yourself needing to use |
| 64 // this, talk to mojo/OWNERS. |
| 65 class ScopedAllowSyncCall { |
| 66 public: |
| 67 ScopedAllowSyncCall() { IncreaseScopedAllowCount(); } |
| 68 ~ScopedAllowSyncCall() { DecreaseScopedAllowCount(); } |
| 69 |
| 70 private: |
| 71 #if ENABLE_SYNC_CALL_RESTRICTIONS |
| 72 base::ThreadRestrictions::ScopedAllowWait allow_wait_; |
| 73 #endif |
| 74 |
| 75 DISALLOW_COPY_AND_ASSIGN(ScopedAllowSyncCall); |
| 76 }; |
| 77 |
| 78 DISALLOW_IMPLICIT_CONSTRUCTORS(SyncCallRestrictions); |
| 79 }; |
| 80 |
| 81 } // namespace mojo |
| 82 |
| 83 #endif // MOJO_PUBLIC_CPP_BINDINGS_SYNC_CALL_RESTRICTIONS_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2084993002:
Mojo: add support for disallowing sync calls for a process. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master