I recently realized that it doesn't really make sense to be doing policy enforcement (calling the enter() trap) for all Wrappers, because for vanilla Wrapper and CrossCompartmentWrapper enter() should always just return true. Now that we have a common superclass for all security wrappers, I'm wondering if it's worth the effort to hoist the calls to enter() into SecurityWrapper. The primary benefit would be that we'd slice a branch and a virtual function call off the hot paths we care about (CrossCompartmentWrappers). I'm not sure if that's actually significant though. The downside would be that we'd need to make sure SecurityWrapper always overrides all the traps from wrapper. I wonder if there's some MFBT magic that could help us with that.
You need to log in before you can comment on or make changes to this bug.