diff options
| author | pneubeck@chromium.org <pneubeck@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-11-13 12:33:37 +0000 |
|---|---|---|
| committer | pneubeck@chromium.org <pneubeck@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-11-13 12:33:37 +0000 |
| commit | 24a9f1c9f1b762ac5ff864b06a8d1b6b6a30561e (patch) | |
| tree | 05ca8b77d95ab9efb86837d2ef1c721d8e3d0e88 /chrome/browser/profiles/profile_io_data.h | |
| parent | 9091b28ce5ec8ba66c73bc07375630464c19592f (diff) | |
| download | chromium_src-24a9f1c9f1b762ac5ff864b06a8d1b6b6a30561e.zip chromium_src-24a9f1c9f1b762ac5ff864b06a8d1b6b6a30561e.tar.gz chromium_src-24a9f1c9f1b762ac5ff864b06a8d1b6b6a30561e.tar.bz2 | |
Fix cyclic dependency between ProfilePolicyConnector and PrefService.
PolicyCertVerifier lives (at least partially) on IO to provide certificate trust anchors to the net subsystem.
The list of trust anchors is provided by the policy subsystem, which lives on UI.
On each usage of one of the trust anchors, the profile must be tainted by setting a specific Pref value, which must happen on UI.
There were several problems and bugs, all of which are solved with this CL:
- NetworkConfigurationUpdater keeps a PolicyCertVerifier* until destruction, although PolicyCertVerifier is invalidated earlier and destructed in parallel on IO.
- Instead of explicitly managing lifetime/dependencies, PolicyCertVerifier accesses ProfilePolicyConnector through a WeakPtr.
- Cyclic static dependency between ProfilePolicyConnector and PrefService.
- Each, the original profile and the OffTheRecordProfile (OTRProfile), have a separate PolicyCertVerifier instance. The ProfilePolicyConnector/UserNetworkConfigurationUpdater are shared however. This wasn't considered during the implementation of the latter. They only have a SetPolicyCertVerifier instead of a AddPolicyCertVerifier method.
- ProfilePolicyConnector stores a Profile* instead of a PrefService* .
This CL moves the certificate related parts out of ProfilePolicyConnector and puts them into a separate keyed service NetworkPolicyService (living on UI, taking care of syncing with IO) which is tightly coupled with the PolicyCertVerifier (purely living on IO).
The new dependencies are:
NetworkConfigurationUpdater --(Observer::OnTrustAnchorsChanged)-> NetworkPolicyService --(post to IO)-> PolicyCertVerifier --(run callback, post to UI)-> NetworkPolicyService
For a summary of the dependencies see the accompanying bug.
Depends on:
https://codereview.chromium.org/53923004/
BUG=312660, 77155
TBR=ben@chromium.org,jcivelli@chromium.org
Review URL: https://codereview.chromium.org/24153012
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@234806 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/profiles/profile_io_data.h')
| -rw-r--r-- | chrome/browser/profiles/profile_io_data.h | 7 |
1 files changed, 1 insertions, 6 deletions
diff --git a/chrome/browser/profiles/profile_io_data.h b/chrome/browser/profiles/profile_io_data.h index b835b2b..493a4a1 100644 --- a/chrome/browser/profiles/profile_io_data.h +++ b/chrome/browser/profiles/profile_io_data.h @@ -46,7 +46,6 @@ class InfoMap; } namespace net { -class CertVerifier; class CookieStore; class FraudulentCertificateReporter; class FtpTransactionFactory; @@ -277,10 +276,6 @@ class ProfileIOData { scoped_refptr<const ManagedModeURLFilter> managed_mode_url_filter; #endif -#if defined(OS_CHROMEOS) - scoped_ptr<policy::PolicyCertVerifier> cert_verifier; -#endif - // The profile this struct was populated from. It's passed as a void* to // ensure it's not accidently used on the IO thread. Before using it on the // UI thread, call ProfileManager::IsValidProfile to ensure it's alive. @@ -501,7 +496,7 @@ class ProfileIOData { mutable scoped_ptr<net::HttpServerProperties> http_server_properties_; #if defined(OS_CHROMEOS) - mutable scoped_ptr<net::CertVerifier> cert_verifier_; + mutable scoped_ptr<policy::PolicyCertVerifier> cert_verifier_; #endif #if defined(ENABLE_NOTIFICATIONS) |