Enhance --enable-strict-site-isolation to prevent a site-isolated renderer

content/browser/site_instance.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/site_instance.h"
 
+#include "base/command_line.h"
 #include "content/browser/browsing_instance.h"
+#include "content/browser/child_process_security_policy.h"
 #include "content/browser/renderer_host/render_process_host_impl.h"
 #include "content/browser/webui/web_ui_factory.h"
 #include "content/public/browser/content_browser_client.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/notification_types.h"
 #include "content/public/browser/render_process_host_factory.h"
+#include "content/public/common/content_switches.h"
 #include "content/public/common/url_constants.h"
 #include "net/base/registry_controlled_domain.h"
 
 static bool IsURLSameAsAnySiteInstance(const GURL& url) {
   if (!url.is_valid())
     return false;
 
   // We treat javascript: as the same site as any URL since it is actually
   // a modifier on existing pages.
   if (url.SchemeIs(chrome::kJavaScriptScheme))
@@ skipping 56 matching lines @@
         process_ =
             new RenderProcessHostImpl(browsing_instance_->browser_context());
       }
     }
 
     content::GetContentClient()->browser()->SiteInstanceGotProcess(this);
 
     // Make sure the process starts at the right max_page_id, and ensure that
     // we send an update to the renderer process.
     process_->UpdateAndSendMaxPageID(max_page_id_);
+
+    if (has_site_)
+      LockToOrigin();
   }
   DCHECK(process_);
 
   return process_;
 }
 
 void SiteInstance::SetSite(const GURL& url) {
   // A SiteInstance's site should not change.
   // TODO(creis): When following links or script navigations, we can currently
   // render pages from other sites in this SiteInstance.  This will eventually
   // be fixed, but until then, we should still not set the site of a
   // SiteInstance more than once.
   DCHECK(!has_site_);
 
   // Remember that this SiteInstance has been used to load a URL, even if the
   // URL is invalid.
   has_site_ = true;
   site_ = GetSiteForURL(browsing_instance_->browser_context(), url);
 
   // Now that we have a site, register it with the BrowsingInstance.  This
   // ensures that we won't create another SiteInstance for this site within
   // the same BrowsingInstance, because all same-site pages within a
   // BrowsingInstance can script each other.
   browsing_instance_->RegisterSiteInstance(this);
+
+  if (process_)
+    LockToOrigin();
 }
 
 bool SiteInstance::HasRelatedSiteInstance(const GURL& url) {
   return browsing_instance_->HasSiteInstance(url);
 }
 
 SiteInstance* SiteInstance::GetRelatedSiteInstance(const GURL& url) {
   return browsing_instance_->GetSiteInstanceForURL(url);
 }
 
@@ skipping 99 matching lines @@
 
 void SiteInstance::Observe(int type,
                            const content::NotificationSource& source,
                            const content::NotificationDetails& details) {
   DCHECK(type == content::NOTIFICATION_RENDERER_PROCESS_TERMINATED);
   content::RenderProcessHost* rph =
       content::Source<content::RenderProcessHost>(source).ptr();
   if (rph == process_)
     process_ = NULL;
 }
+
+void SiteInstance::LockToOrigin() {
+  const CommandLine& command_line = *CommandLine::ForCurrentProcess();
+  if (command_line.HasSwitch(switches::kEnableStrictSiteIsolation)) {
+    ChildProcessSecurityPolicy* policy =
+        ChildProcessSecurityPolicy::GetInstance();
+    policy->LockToOrigin(process_->GetID(), site_);
+  }
+}
+