First, when the browser is started it loads the persistent tab model
asynchronously. Consequently if an external request to open a tab via
D-Bus triggered the browser to load (i.e. it wasn't already running),
the tab could be created before the tab model was loaded. This caused
the PID associated with the created tab to be wiped, and prevented the
external process that opened the tab from closing it again (used e.g. in
OAuth flows).
This change avoids this by delaying creation of tabs requested
externally until after the tab model has completed loading.
Second, when the browser runs inside the sandbox it's not able to check
whether the sender is in the privileged group, so the check is guaranteed
to fail.
This change removes the check.
It leaves it in for the case of dumpMemoryInfo() as this may be useful
when running the browser unsandboxed for debugging purposes, and without
the check there would be no other restrictions on processes calling it.
Makes two changes:
First, when the browser is started it loads the persistent tab model asynchronously. Consequently if an external request to open a tab via D-Bus triggered the browser to load (i.e. it wasn't already running), the tab could be created before the tab model was loaded. This caused the PID associated with the created tab to be wiped, and prevented the external process that opened the tab from closing it again (used e.g. in OAuth flows).
This change avoids this by delaying creation of tabs requested externally until after the tab model has completed loading.
Second, when the browser runs inside the sandbox it's not able to check whether the sender is in the privileged group, so the check is guaranteed to fail.
This change removes the check.
It leaves it in for the case of dumpMemoryInfo() as this may be useful when running the browser unsandboxed for debugging purposes, and without the check there would be no other restrictions on processes calling it.