160 lines
5.3 KiB
C++
160 lines
5.3 KiB
C++
// Copyright 2016 The Chromium Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#ifndef MOJO_PUBLIC_CPP_BINDINGS_SYNC_CALL_RESTRICTIONS_H_
|
|
#define MOJO_PUBLIC_CPP_BINDINGS_SYNC_CALL_RESTRICTIONS_H_
|
|
|
|
#include "base/macros.h"
|
|
#include "base/threading/thread_restrictions.h"
|
|
#include "mojo/public/cpp/bindings/bindings_export.h"
|
|
|
|
#if (!defined(NDEBUG) || defined(DCHECK_ALWAYS_ON))
|
|
#define ENABLE_SYNC_CALL_RESTRICTIONS 1
|
|
#else
|
|
#define ENABLE_SYNC_CALL_RESTRICTIONS 0
|
|
#endif
|
|
|
|
class ChromeSelectFileDialogFactory;
|
|
|
|
namespace sync_preferences {
|
|
class PrefServiceSyncable;
|
|
}
|
|
|
|
namespace content {
|
|
class BlinkTestController;
|
|
}
|
|
|
|
namespace display {
|
|
class ForwardingDisplayDelegate;
|
|
}
|
|
|
|
namespace leveldb {
|
|
class LevelDBMojoProxy;
|
|
}
|
|
|
|
namespace prefs {
|
|
class PersistentPrefStoreClient;
|
|
}
|
|
|
|
namespace ui {
|
|
class ClipboardClient;
|
|
class HostContextFactoryPrivate;
|
|
} // namespace ui
|
|
|
|
namespace viz {
|
|
class HostFrameSinkManager;
|
|
}
|
|
|
|
namespace mojo {
|
|
class ScopedAllowSyncCallForTesting;
|
|
|
|
// In some processes, sync calls are disallowed. For example, in the browser
|
|
// process we don't want any sync calls to child processes for performance,
|
|
// security and stability reasons. SyncCallRestrictions helps to enforce such
|
|
// rules.
|
|
//
|
|
// Before processing a sync call, the bindings call
|
|
// SyncCallRestrictions::AssertSyncCallAllowed() to check whether sync calls are
|
|
// allowed. By default sync calls are allowed but they may be globally
|
|
// disallowed within a process by calling DisallowSyncCall().
|
|
//
|
|
// If globally disallowed but you but you have a very compelling reason to
|
|
// disregard that (which should be very very rare), you can override it by
|
|
// constructing a ScopedAllowSyncCall object which allows making sync calls on
|
|
// the current sequence during its lifetime.
|
|
class MOJO_CPP_BINDINGS_EXPORT SyncCallRestrictions {
|
|
public:
|
|
#if ENABLE_SYNC_CALL_RESTRICTIONS
|
|
// Checks whether the current sequence is allowed to make sync calls, and
|
|
// causes a DCHECK if not.
|
|
static void AssertSyncCallAllowed();
|
|
|
|
// Disables sync calls within the calling process. Any caller who wishes to
|
|
// make sync calls once this has been invoked must do so within the extent of
|
|
// a ScopedAllowSyncCall or ScopedAllowSyncCallForTesting.
|
|
static void DisallowSyncCall();
|
|
|
|
#else
|
|
// Inline the empty definitions of functions so that they can be compiled out.
|
|
static void AssertSyncCallAllowed() {}
|
|
static void DisallowSyncCall() {}
|
|
#endif
|
|
|
|
private:
|
|
// DO NOT ADD ANY OTHER FRIEND STATEMENTS, talk to mojo/OWNERS first.
|
|
// BEGIN ALLOWED USAGE.
|
|
// SynchronousCompositorHost is used for Android webview.
|
|
friend class content::SynchronousCompositorHost;
|
|
// LevelDBMojoProxy makes same-process sync calls from the DB thread.
|
|
friend class leveldb::LevelDBMojoProxy;
|
|
// Pref service connection is sync at startup.
|
|
friend class prefs::PersistentPrefStoreClient;
|
|
// Incognito pref service instances are created synchronously.
|
|
friend class sync_preferences::PrefServiceSyncable;
|
|
friend class mojo::ScopedAllowSyncCallForTesting;
|
|
// For file open and save dialogs created synchronously.
|
|
friend class ::ChromeSelectFileDialogFactory;
|
|
// For synchronous system clipboard access.
|
|
friend class ui::ClipboardClient;
|
|
// For destroying the GL context/surface that draw to a platform window before
|
|
// the platform window is destroyed.
|
|
friend class viz::HostFrameSinkManager;
|
|
// Allow for layout test pixel dumps.
|
|
friend class content::BlinkTestController;
|
|
// For preventing frame swaps of wrong size during resize on Windows.
|
|
// (https://crbug.com/811945)
|
|
friend class ui::HostContextFactoryPrivate;
|
|
// END ALLOWED USAGE.
|
|
|
|
// BEGIN USAGE THAT NEEDS TO BE FIXED.
|
|
// In ash::Shell::Init() it assumes that NativeDisplayDelegate will be
|
|
// synchronous at first. In mushrome ForwardingDisplayDelegate uses a
|
|
// synchronous call to get the display snapshots as a workaround.
|
|
friend class display::ForwardingDisplayDelegate;
|
|
// END USAGE THAT NEEDS TO BE FIXED.
|
|
|
|
#if ENABLE_SYNC_CALL_RESTRICTIONS
|
|
static void IncreaseScopedAllowCount();
|
|
static void DecreaseScopedAllowCount();
|
|
#else
|
|
static void IncreaseScopedAllowCount() {}
|
|
static void DecreaseScopedAllowCount() {}
|
|
#endif
|
|
|
|
// If a process is configured to disallow sync calls in general, constructing
|
|
// a ScopedAllowSyncCall object temporarily allows making sync calls on the
|
|
// current sequence. Doing this is almost always incorrect, which is why we
|
|
// limit who can use this through friend. If you find yourself needing to use
|
|
// this, talk to mojo/OWNERS.
|
|
class ScopedAllowSyncCall {
|
|
public:
|
|
ScopedAllowSyncCall() { IncreaseScopedAllowCount(); }
|
|
~ScopedAllowSyncCall() { DecreaseScopedAllowCount(); }
|
|
|
|
private:
|
|
#if ENABLE_SYNC_CALL_RESTRICTIONS
|
|
base::ThreadRestrictions::ScopedAllowWait allow_wait_;
|
|
#endif
|
|
|
|
DISALLOW_COPY_AND_ASSIGN(ScopedAllowSyncCall);
|
|
};
|
|
|
|
DISALLOW_IMPLICIT_CONSTRUCTORS(SyncCallRestrictions);
|
|
};
|
|
|
|
class ScopedAllowSyncCallForTesting {
|
|
public:
|
|
ScopedAllowSyncCallForTesting() {}
|
|
~ScopedAllowSyncCallForTesting() {}
|
|
|
|
private:
|
|
SyncCallRestrictions::ScopedAllowSyncCall scoped_allow_sync_call_;
|
|
|
|
DISALLOW_COPY_AND_ASSIGN(ScopedAllowSyncCallForTesting);
|
|
};
|
|
|
|
} // namespace mojo
|
|
|
|
#endif // MOJO_PUBLIC_CPP_BINDINGS_SYNC_CALL_RESTRICTIONS_H_
|