| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef MOJO_PUBLIC_CPP_BINDINGS_SYNC_CALL_RESTRICTIONS_H_ | 5 #ifndef MOJO_PUBLIC_CPP_BINDINGS_SYNC_CALL_RESTRICTIONS_H_ |
| 6 #define MOJO_PUBLIC_CPP_BINDINGS_SYNC_CALL_RESTRICTIONS_H_ | 6 #define MOJO_PUBLIC_CPP_BINDINGS_SYNC_CALL_RESTRICTIONS_H_ |
| 7 | 7 |
| 8 #include "base/macros.h" | 8 #include "base/macros.h" |
| 9 #include "base/threading/thread_restrictions.h" | 9 #include "base/threading/thread_restrictions.h" |
| 10 | 10 |
| 11 #if (!defined(NDEBUG) || defined(DCHECK_ALWAYS_ON)) | 11 #if (!defined(NDEBUG) || defined(DCHECK_ALWAYS_ON)) |
| 12 #define ENABLE_SYNC_CALL_RESTRICTIONS 1 | 12 #define ENABLE_SYNC_CALL_RESTRICTIONS 1 |
| 13 #else | 13 #else |
| 14 #define ENABLE_SYNC_CALL_RESTRICTIONS 0 | 14 #define ENABLE_SYNC_CALL_RESTRICTIONS 0 |
| 15 #endif | 15 #endif |
| 16 | 16 |
| 17 namespace mus { | 17 namespace mus { |
| 18 class GpuService; | 18 class GpuService; |
| 19 } | 19 } |
| 20 | 20 |
| 21 namespace views { |
| 22 class ClipboardMus; |
| 23 } |
| 24 |
| 21 namespace mojo { | 25 namespace mojo { |
| 22 | 26 |
| 23 // In some processes, sync calls are disallowed. For example, in the browser | 27 // In some processes, sync calls are disallowed. For example, in the browser |
| 24 // process we don't want any sync calls to child processes for performance, | 28 // process we don't want any sync calls to child processes for performance, |
| 25 // security and stability reasons. SyncCallRestrictions helps to enforce such | 29 // security and stability reasons. SyncCallRestrictions helps to enforce such |
| 26 // rules. | 30 // rules. |
| 27 // | 31 // |
| 28 // Before processing a sync call, the bindings call | 32 // Before processing a sync call, the bindings call |
| 29 // SyncCallRestrictions::AssertSyncCallAllowed() to check whether sync calls are | 33 // SyncCallRestrictions::AssertSyncCallAllowed() to check whether sync calls are |
| 30 // allowed. By default, it is determined by the mojo system property | 34 // allowed. By default, it is determined by the mojo system property |
| 31 // MOJO_PROPERTY_SYNC_CALL_ALLOWED. If the default setting says no but you have | 35 // MOJO_PROPERTY_SYNC_CALL_ALLOWED. If the default setting says no but you have |
| 32 // a very compelling reason to disregard that (which should be very very rare), | 36 // a very compelling reason to disregard that (which should be very very rare), |
| 33 // you can override it by constructing a ScopedAllowSyncCall object, which | 37 // you can override it by constructing a ScopedAllowSyncCall object, which |
| 34 // allows making sync calls on the current thread during its lifetime. | 38 // allows making sync calls on the current thread during its lifetime. |
| 35 class SyncCallRestrictions { | 39 class SyncCallRestrictions { |
| 36 public: | 40 public: |
| 37 #if ENABLE_SYNC_CALL_RESTRICTIONS | 41 #if ENABLE_SYNC_CALL_RESTRICTIONS |
| 38 // Checks whether the current thread is allowed to make sync calls, and causes | 42 // Checks whether the current thread is allowed to make sync calls, and causes |
| 39 // a DCHECK if not. | 43 // a DCHECK if not. |
| 40 static void AssertSyncCallAllowed(); | 44 static void AssertSyncCallAllowed(); |
| 41 #else | 45 #else |
| 42 // Inline the empty definitions of functions so that they can be compiled out. | 46 // Inline the empty definitions of functions so that they can be compiled out. |
| 43 static void AssertSyncCallAllowed() {} | 47 static void AssertSyncCallAllowed() {} |
| 44 #endif | 48 #endif |
| 45 | 49 |
| 46 private: | 50 private: |
| 47 // DO NOT ADD ANY OTHER FRIEND STATEMENTS, talk to mojo/OWNERS first. | 51 // DO NOT ADD ANY OTHER FRIEND STATEMENTS, talk to mojo/OWNERS first. |
| 48 // BEGIN ALLOWED USAGE. | 52 // BEGIN ALLOWED USAGE. |
| 49 friend class mus::GpuService; // http://crbug.com/620058 | 53 friend class mus::GpuService; // http://crbug.com/620058 |
| 50 // END ALLOWED USAGE. | 54 // END ALLOWED USAGE. |
| 55 |
| 56 // BEGIN USAGE THAT NEEDS TO BE FIXED. |
| 57 // In the non-mus case, we called blocking OS functions in the ui::Clipboard |
| 58 // implementation which weren't caught by sync call restrictions. Our blocking |
| 59 // calls to mus, however, are. |
| 60 friend class views::ClipboardMus; |
| 61 // END USAGE THAT NEEDS TO BE FIXED. |
| 51 | 62 |
| 52 #if ENABLE_SYNC_CALL_RESTRICTIONS | 63 #if ENABLE_SYNC_CALL_RESTRICTIONS |
| 53 static void IncreaseScopedAllowCount(); | 64 static void IncreaseScopedAllowCount(); |
| 54 static void DecreaseScopedAllowCount(); | 65 static void DecreaseScopedAllowCount(); |
| 55 #else | 66 #else |
| 56 static void IncreaseScopedAllowCount() {} | 67 static void IncreaseScopedAllowCount() {} |
| 57 static void DecreaseScopedAllowCount() {} | 68 static void DecreaseScopedAllowCount() {} |
| 58 #endif | 69 #endif |
| 59 | 70 |
| 60 // If a process is configured to disallow sync calls in general, constructing | 71 // If a process is configured to disallow sync calls in general, constructing |
| (...skipping 13 matching lines...) Expand all Loading... |
| 74 | 85 |
| 75 DISALLOW_COPY_AND_ASSIGN(ScopedAllowSyncCall); | 86 DISALLOW_COPY_AND_ASSIGN(ScopedAllowSyncCall); |
| 76 }; | 87 }; |
| 77 | 88 |
| 78 DISALLOW_IMPLICIT_CONSTRUCTORS(SyncCallRestrictions); | 89 DISALLOW_IMPLICIT_CONSTRUCTORS(SyncCallRestrictions); |
| 79 }; | 90 }; |
| 80 | 91 |
| 81 } // namespace mojo | 92 } // namespace mojo |
| 82 | 93 |
| 83 #endif // MOJO_PUBLIC_CPP_BINDINGS_SYNC_CALL_RESTRICTIONS_H_ | 94 #endif // MOJO_PUBLIC_CPP_BINDINGS_SYNC_CALL_RESTRICTIONS_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2085353003:
Change ClipboardMus to use mojo::SyncCallRestrictions::ScopedAllowSyncCall. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master