It would be nice if SOAAP understood that cap_enter meant "enter a sandbox and never leave it", rather than manually annotating __soaap_sandbox_region_start at the top-level scope. In Chromium, we currently have to annotate renderer_main, whereas it would be much more programmer-friendly to let SOAAP figure things out based on its sandbox model (even though cap_enter is called deep-ish in the call stack).
It would be nice if SOAAP understood that
cap_entermeant "enter a sandbox and never leave it", rather than manually annotating__soaap_sandbox_region_startat the top-level scope. In Chromium, we currently have to annotaterenderer_main, whereas it would be much more programmer-friendly to let SOAAP figure things out based on its sandbox model (even thoughcap_enteris called deep-ish in the call stack).