Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(108)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/site_instance.cc

Issue 8496027: Enhance --enable-strict-site-isolation to prevent a site-isolated renderer (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 9 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« content/browser/child_process_security_policy.cc ('K') | « content/browser/renderer_host/resource_dispatcher_host.cc ('k') | content/public/common/content_switches.cc » ('j') | content/public/common/content_switches.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/site_instance.h" 5 #include "content/browser/site_instance.h"
6 6
7 #include "base/command_line.h"
7 #include "content/browser/browsing_instance.h" 8 #include "content/browser/browsing_instance.h"
9 #include "content/browser/child_process_security_policy.h"
8 #include "content/browser/renderer_host/browser_render_process_host.h" 10 #include "content/browser/renderer_host/browser_render_process_host.h"
9 #include "content/browser/webui/web_ui_factory.h" 11 #include "content/browser/webui/web_ui_factory.h"
10 #include "content/public/browser/content_browser_client.h" 12 #include "content/public/browser/content_browser_client.h"
11 #include "content/public/browser/notification_service.h" 13 #include "content/public/browser/notification_service.h"
12 #include "content/public/browser/notification_types.h" 14 #include "content/public/browser/notification_types.h"
15 #include "content/public/common/content_switches.h"
13 #include "content/public/common/url_constants.h" 16 #include "content/public/common/url_constants.h"
14 #include "net/base/registry_controlled_domain.h" 17 #include "net/base/registry_controlled_domain.h"
15 18
16 static bool IsURLSameAsAnySiteInstance(const GURL& url) { 19 static bool IsURLSameAsAnySiteInstance(const GURL& url) {
17 if (!url.is_valid()) 20 if (!url.is_valid())
18 return false; 21 return false;
19 22
20 // We treat javascript: as the same site as any URL since it is actually 23 // We treat javascript: as the same site as any URL since it is actually
21 // a modifier on existing pages. 24 // a modifier on existing pages.
22 if (url.SchemeIs(chrome::kJavaScriptScheme)) 25 if (url.SchemeIs(chrome::kJavaScriptScheme))
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after
79 process_ = render_process_host_factory_->CreateRenderProcessHost( 82 process_ = render_process_host_factory_->CreateRenderProcessHost(
80 browsing_instance_->browser_context()); 83 browsing_instance_->browser_context());
81 } else { 84 } else {
82 process_ = 85 process_ =
83 new BrowserRenderProcessHost(browsing_instance_->browser_context()); 86 new BrowserRenderProcessHost(browsing_instance_->browser_context());
84 } 87 }
85 } 88 }
86 89
87 // Make sure the process starts at the right max_page_id 90 // Make sure the process starts at the right max_page_id
88 process_->UpdateMaxPageID(max_page_id_); 91 process_->UpdateMaxPageID(max_page_id_);
92
93 const CommandLine& command_line = *CommandLine::ForCurrentProcess();
94 if (command_line.HasSwitch(switches::kEnableStrictSiteIsolation)) {
95 ChildProcessSecurityPolicy* policy =
96 ChildProcessSecurityPolicy::GetInstance();
97 policy->LockToOrigin(process_->id(), site_);
98 }
89 } 99 }
90 DCHECK(process_); 100 DCHECK(process_);
91 101
92 return process_; 102 return process_;
93 } 103 }
94 104
95 void SiteInstance::SetSite(const GURL& url) { 105 void SiteInstance::SetSite(const GURL& url) {
96 // A SiteInstance's site should not change. 106 // A SiteInstance's site should not change.
97 // TODO(creis): When following links or script navigations, we can currently 107 // TODO(creis): When following links or script navigations, we can currently
98 // render pages from other sites in this SiteInstance. This will eventually 108 // render pages from other sites in this SiteInstance. This will eventually
(...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after
221 } 231 }
222 232
223 void SiteInstance::Observe(int type, 233 void SiteInstance::Observe(int type,
224 const content::NotificationSource& source, 234 const content::NotificationSource& source,
225 const content::NotificationDetails& details) { 235 const content::NotificationDetails& details) {
226 DCHECK(type == content::NOTIFICATION_RENDERER_PROCESS_TERMINATED); 236 DCHECK(type == content::NOTIFICATION_RENDERER_PROCESS_TERMINATED);
227 RenderProcessHost* rph = content::Source<RenderProcessHost>(source).ptr(); 237 RenderProcessHost* rph = content::Source<RenderProcessHost>(source).ptr();
228 if (rph == process_) 238 if (rph == process_)
229 process_ = NULL; 239 process_ = NULL;
230 } 240 }
OLDNEW
« content/browser/child_process_security_policy.cc ('K') | « content/browser/renderer_host/resource_dispatcher_host.cc ('k') | content/public/common/content_switches.cc » ('j') | content/public/common/content_switches.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698