Chromium Code Reviews Chromium Code Reviews
Issue 8496027:
Enhance --enable-strict-site-isolation to prevent a site-isolated renderer (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 5 #ifndef CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
| 6 #define CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 6 #define CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
| 7 | 7 |
| 8 #pragma once | 8 #pragma once |
| 9 | 9 |
| 10 #include <map> | 10 #include <map> |
| (...skipping 123 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 134 int permissions); | 134 int permissions); |
| 135 | 135 |
| 136 // Returns true if the specified child_id has been granted WebUIBindings. | 136 // Returns true if the specified child_id has been granted WebUIBindings. |
| 137 // The browser should check this property before assuming the child process is | 137 // The browser should check this property before assuming the child process is |
| 138 // allowed to use WebUIBindings. | 138 // allowed to use WebUIBindings. |
| 139 bool HasWebUIBindings(int child_id); | 139 bool HasWebUIBindings(int child_id); |
| 140 | 140 |
| 141 // Returns true if the specified child_id has been granted ReadRawCookies. | 141 // Returns true if the specified child_id has been granted ReadRawCookies. |
| 142 bool CanReadRawCookies(int child_id); | 142 bool CanReadRawCookies(int child_id); |
| 143 | 143 |
| 144 // Returns true if the process is permitted to see and use the cookies for | |
| 145 // the given origin. | |
|
Charlie Reis
2011/11/10 01:09:26
Let's add a comment on these two that they're only
| |
| 146 bool CanUseCookiesForOrigin(int child_id, const GURL& gurl); | |
| 147 | |
| 148 // Sets the process as only permitted to use and see the cookies for the | |
| 149 // given origin. | |
| 150 void LockToOrigin(int child_id, const GURL& gurl); | |
| 151 | |
| 144 private: | 152 private: |
| 145 friend class ChildProcessSecurityPolicyInProcessBrowserTest; | 153 friend class ChildProcessSecurityPolicyInProcessBrowserTest; |
| 146 FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyInProcessBrowserTest, | 154 FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyInProcessBrowserTest, |
| 147 NoLeak); | 155 NoLeak); |
| 148 | 156 |
| 149 class SecurityState; | 157 class SecurityState; |
| 150 | 158 |
| 151 typedef std::set<std::string> SchemeSet; | 159 typedef std::set<std::string> SchemeSet; |
| 152 typedef std::map<int, SecurityState*> SecurityStateMap; | 160 typedef std::map<int, SecurityState*> SecurityStateMap; |
| 153 typedef std::map<int, int> WorkerToMainProcessMap; | 161 typedef std::map<int, int> WorkerToMainProcessMap; |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 190 SecurityStateMap security_state_; | 198 SecurityStateMap security_state_; |
| 191 | 199 |
| 192 // This maps keeps the record of which js worker thread child process | 200 // This maps keeps the record of which js worker thread child process |
| 193 // corresponds to which main js thread child process. | 201 // corresponds to which main js thread child process. |
| 194 WorkerToMainProcessMap worker_map_; | 202 WorkerToMainProcessMap worker_map_; |
| 195 | 203 |
| 196 DISALLOW_COPY_AND_ASSIGN(ChildProcessSecurityPolicy); | 204 DISALLOW_COPY_AND_ASSIGN(ChildProcessSecurityPolicy); |
| 197 }; | 205 }; |
| 198 | 206 |
| 199 #endif // CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ | 207 #endif // CONTENT_BROWSER_CHILD_PROCESS_SECURITY_POLICY_H_ |
| OLD | NEW |
