OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/browser/site_instance_impl.h" | 5 #include "content/browser/site_instance_impl.h" |
6 | 6 |
7 #include "base/command_line.h" | |
8 #include "content/browser/browsing_instance.h" | 7 #include "content/browser/browsing_instance.h" |
9 #include "content/browser/child_process_security_policy_impl.h" | 8 #include "content/browser/child_process_security_policy_impl.h" |
10 #include "content/browser/frame_host/debug_urls.h" | 9 #include "content/browser/frame_host/debug_urls.h" |
11 #include "content/browser/renderer_host/render_process_host_impl.h" | 10 #include "content/browser/renderer_host/render_process_host_impl.h" |
12 #include "content/browser/storage_partition_impl.h" | 11 #include "content/browser/storage_partition_impl.h" |
13 #include "content/public/browser/content_browser_client.h" | 12 #include "content/public/browser/content_browser_client.h" |
14 #include "content/public/browser/render_process_host_factory.h" | 13 #include "content/public/browser/render_process_host_factory.h" |
15 #include "content/public/browser/web_ui_controller_factory.h" | 14 #include "content/public/browser/web_ui_controller_factory.h" |
16 #include "content/public/common/content_switches.h" | 15 #include "content/public/common/site_isolation_policy.h" |
17 #include "content/public/common/url_constants.h" | 16 #include "content/public/common/url_constants.h" |
18 #include "net/base/registry_controlled_domains/registry_controlled_domain.h" | 17 #include "net/base/registry_controlled_domains/registry_controlled_domain.h" |
19 | 18 |
20 namespace content { | 19 namespace content { |
21 | 20 |
22 const RenderProcessHostFactory* | 21 const RenderProcessHostFactory* |
23 SiteInstanceImpl::g_render_process_host_factory_ = NULL; | 22 SiteInstanceImpl::g_render_process_host_factory_ = NULL; |
24 int32 SiteInstanceImpl::next_site_instance_id_ = 1; | 23 int32 SiteInstanceImpl::next_site_instance_id_ = 1; |
25 | 24 |
26 SiteInstanceImpl::SiteInstanceImpl(BrowsingInstance* browsing_instance) | 25 SiteInstanceImpl::SiteInstanceImpl(BrowsingInstance* browsing_instance) |
(...skipping 177 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
204 if (IsRendererDebugURL(url)) | 203 if (IsRendererDebugURL(url)) |
205 return false; | 204 return false; |
206 | 205 |
207 // If the site URL is an extension (e.g., for hosted apps or WebUI) but the | 206 // If the site URL is an extension (e.g., for hosted apps or WebUI) but the |
208 // process is not (or vice versa), make sure we notice and fix it. | 207 // process is not (or vice versa), make sure we notice and fix it. |
209 GURL site_url = GetSiteForURL(browsing_instance_->browser_context(), url); | 208 GURL site_url = GetSiteForURL(browsing_instance_->browser_context(), url); |
210 return !RenderProcessHostImpl::IsSuitableHost( | 209 return !RenderProcessHostImpl::IsSuitableHost( |
211 GetProcess(), browsing_instance_->browser_context(), site_url); | 210 GetProcess(), browsing_instance_->browser_context(), site_url); |
212 } | 211 } |
213 | 212 |
213 bool SiteInstanceImpl::RequiresDedicatedProcess() { | |
214 if (!has_site_) | |
215 return false; | |
216 return SiteIsolationPolicy::DoesSiteRequireDedicatedProcess(site_); | |
217 } | |
218 | |
214 void SiteInstanceImpl::IncrementRelatedActiveContentsCount() { | 219 void SiteInstanceImpl::IncrementRelatedActiveContentsCount() { |
215 browsing_instance_->increment_active_contents_count(); | 220 browsing_instance_->increment_active_contents_count(); |
216 } | 221 } |
217 | 222 |
218 void SiteInstanceImpl::DecrementRelatedActiveContentsCount() { | 223 void SiteInstanceImpl::DecrementRelatedActiveContentsCount() { |
219 browsing_instance_->decrement_active_contents_count(); | 224 browsing_instance_->decrement_active_contents_count(); |
220 } | 225 } |
221 | 226 |
222 void SiteInstanceImpl::set_render_process_host_factory( | 227 void SiteInstanceImpl::set_render_process_host_factory( |
223 const RenderProcessHostFactory* rph_factory) { | 228 const RenderProcessHostFactory* rph_factory) { |
(...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
334 GetEffectiveURL(browser_context, url); | 339 GetEffectiveURL(browser_context, url); |
335 } | 340 } |
336 | 341 |
337 void SiteInstanceImpl::RenderProcessHostDestroyed(RenderProcessHost* host) { | 342 void SiteInstanceImpl::RenderProcessHostDestroyed(RenderProcessHost* host) { |
338 DCHECK_EQ(process_, host); | 343 DCHECK_EQ(process_, host); |
339 process_->RemoveObserver(this); | 344 process_->RemoveObserver(this); |
340 process_ = NULL; | 345 process_ = NULL; |
341 } | 346 } |
342 | 347 |
343 void SiteInstanceImpl::LockToOrigin() { | 348 void SiteInstanceImpl::LockToOrigin() { |
344 // We currently only restrict this process to a particular site if --site-per- | 349 // TODO(nick): When all sites are isolated, this operation provides strong |
345 // process flag is present. | 350 // protection. If only some sites are isolated, we need additional logic here |
346 const base::CommandLine& command_line = | 351 // to prevent the non-isolated sites from requesting resources for isolated |
347 *base::CommandLine::ForCurrentProcess(); | 352 // sites. (file a bug for this) |
nasko
2015/07/08 12:52:23
I assume the "file a bug for this" is to happen be
ncarter (slow)
2015/07/10 23:29:18
Done.
| |
348 if (command_line.HasSwitch(switches::kSitePerProcess)) { | 353 if (SiteIsolationPolicy::DoesSiteRequireDedicatedProcess(site_)) { |
349 // Guest processes cannot be locked to its site because guests always have | 354 // Guest processes cannot be locked to its site because guests always have |
350 // a fixed SiteInstance. The site of GURLs a guest loads doesn't match that | 355 // a fixed SiteInstance. The site of GURLs a guest loads doesn't match that |
351 // SiteInstance. So we skip locking the guest process to the site. | 356 // SiteInstance. So we skip locking the guest process to the site. |
352 // TODO(ncarter): Remove this exclusion once we can make origin lock per | 357 // TODO(ncarter): Remove this exclusion once we can make origin lock per |
353 // RenderFrame routing id. | 358 // RenderFrame routing id. |
354 if (site_.SchemeIs(content::kGuestScheme)) | 359 if (site_.SchemeIs(content::kGuestScheme)) |
355 return; | 360 return; |
356 | 361 |
357 ChildProcessSecurityPolicyImpl* policy = | 362 ChildProcessSecurityPolicyImpl* policy = |
358 ChildProcessSecurityPolicyImpl::GetInstance(); | 363 ChildProcessSecurityPolicyImpl::GetInstance(); |
359 policy->LockToOrigin(process_->GetID(), site_); | 364 policy->LockToOrigin(process_->GetID(), site_); |
360 } | 365 } |
361 } | 366 } |
362 | 367 |
363 } // namespace content | 368 } // namespace content |
OLD | NEW |