Improve Storage Service sandboxing support
This corrects some deficiencies in the Storage Service's sandboxing
support by eliminating all remaining instances of direct filesystem
traversal within DOM Storage, replacing them with appropriate
FilesystemProxy usage.
A few new IPCs are added to the Directory mojom interface in support of
this, and a new delegate is added to support use of
sql::SandboxedVfs with a FilesystemProxy backing it.
Bug: 1052045
Test: content_browsertests with StorageServiceOutOfProcess and StorageServiceSandbox enabled
Change-Id: I8e7593d9424be705cb3c2bf561a4fe4c5d61251d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2350542
Commit-Queue: Ken Rockot <[email protected]>
Reviewed-by: Robert Sesek <[email protected]>
Reviewed-by: Victor Costan <[email protected]>
Cr-Commit-Position: refs/heads/master@{#798710}
diff --git a/sql/database.h b/sql/database.h
index 2bf8652f..15dac32 100644
--- a/sql/database.h
+++ b/sql/database.h
@@ -60,6 +60,12 @@
Database();
~Database();
+ // Allows mmapping to be disabled globally by default in the calling process.
+ // Must be called before any threads attempt to create a Database.
+ //
+ // TODO(crbug.com/1117049): Remove this global configuration.
+ static void DisableMmapByDefault();
+
// Pre-init configuration ----------------------------------------------------
// Sets the page size that will be used when creating a new database. This
