mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-19 00:05:36 +00:00
Bug 1644917 - Part 1: Construct content sandbox "common" policy lazily. r=gcp
When the SandboxBrokerPolicyFactory is constructed, prefs aren't available, which constrains the cached subset of the content process policy to entries that don't depend on prefs. Delaying the computation until a content process is started removes that restriction. Differential Revision: https://phabricator.services.mozilla.com/D81423
This commit is contained in:
parent
0808445a13
commit
771b8498b1
@ -290,7 +290,7 @@ static void AddDynamicPathList(SandboxBroker::Policy* policy,
|
||||
}
|
||||
}
|
||||
|
||||
SandboxBrokerPolicyFactory::SandboxBrokerPolicyFactory() {
|
||||
void SandboxBrokerPolicyFactory::InitContentPolicy() {
|
||||
// Policy entries that are the same in every process go here, and
|
||||
// are cached over the lifetime of the factory.
|
||||
SandboxBroker::Policy* policy = new SandboxBroker::Policy;
|
||||
@ -523,6 +523,7 @@ UniquePtr<SandboxBroker::Policy> SandboxBrokerPolicyFactory::GetContentPolicy(
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
std::call_once(mContentInited, [this] { InitContentPolicy(); });
|
||||
MOZ_ASSERT(mCommonContentPolicy);
|
||||
UniquePtr<SandboxBroker::Policy> policy(
|
||||
new SandboxBroker::Policy(*mCommonContentPolicy));
|
||||
|
@ -9,11 +9,13 @@
|
||||
|
||||
#include "mozilla/SandboxBroker.h"
|
||||
|
||||
#include <mutex>
|
||||
|
||||
namespace mozilla {
|
||||
|
||||
class SandboxBrokerPolicyFactory {
|
||||
public:
|
||||
SandboxBrokerPolicyFactory();
|
||||
SandboxBrokerPolicyFactory() = default;
|
||||
|
||||
UniquePtr<SandboxBroker::Policy> GetContentPolicy(int aPid,
|
||||
bool aFileProcess);
|
||||
@ -23,6 +25,9 @@ class SandboxBrokerPolicyFactory {
|
||||
|
||||
private:
|
||||
UniquePtr<const SandboxBroker::Policy> mCommonContentPolicy;
|
||||
std::once_flag mContentInited;
|
||||
|
||||
void InitContentPolicy();
|
||||
};
|
||||
|
||||
} // namespace mozilla
|
||||
|
Loading…
Reference in New Issue
Block a user