Chromium Code Reviews Chromium Code Reviews
Issue 1208143002:
Move existing kSitePerProcess checks to a policy-oracle object (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@swapped_out_cmdline_checks| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/site_instance_impl.h" | 5 #include "content/browser/site_instance_impl.h" |
| 6 | 6 |
| 7 #include "base/command_line.h" | |
| 8 #include "content/browser/browsing_instance.h" | 7 #include "content/browser/browsing_instance.h" |
| 9 #include "content/browser/child_process_security_policy_impl.h" | 8 #include "content/browser/child_process_security_policy_impl.h" |
| 10 #include "content/browser/frame_host/debug_urls.h" | 9 #include "content/browser/frame_host/debug_urls.h" |
| 11 #include "content/browser/renderer_host/render_process_host_impl.h" | 10 #include "content/browser/renderer_host/render_process_host_impl.h" |
| 12 #include "content/browser/storage_partition_impl.h" | 11 #include "content/browser/storage_partition_impl.h" |
| 13 #include "content/public/browser/content_browser_client.h" | 12 #include "content/public/browser/content_browser_client.h" |
| 14 #include "content/public/browser/render_process_host_factory.h" | 13 #include "content/public/browser/render_process_host_factory.h" |
| 15 #include "content/public/browser/web_ui_controller_factory.h" | 14 #include "content/public/browser/web_ui_controller_factory.h" |
| 16 #include "content/public/common/content_switches.h" | 15 #include "content/public/common/site_isolation_policy.h" |
| 17 #include "content/public/common/url_constants.h" | 16 #include "content/public/common/url_constants.h" |
| 18 #include "net/base/registry_controlled_domains/registry_controlled_domain.h" | 17 #include "net/base/registry_controlled_domains/registry_controlled_domain.h" |
| 19 | 18 |
| 20 namespace content { | 19 namespace content { |
| 21 | 20 |
| 22 const RenderProcessHostFactory* | 21 const RenderProcessHostFactory* |
| 23 SiteInstanceImpl::g_render_process_host_factory_ = NULL; | 22 SiteInstanceImpl::g_render_process_host_factory_ = NULL; |
| 24 int32 SiteInstanceImpl::next_site_instance_id_ = 1; | 23 int32 SiteInstanceImpl::next_site_instance_id_ = 1; |
| 25 | 24 |
| 26 SiteInstanceImpl::SiteInstanceImpl(BrowsingInstance* browsing_instance) | 25 SiteInstanceImpl::SiteInstanceImpl(BrowsingInstance* browsing_instance) |
| (...skipping 177 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 204 if (IsRendererDebugURL(url)) | 203 if (IsRendererDebugURL(url)) |
| 205 return false; | 204 return false; |
| 206 | 205 |
| 207 // If the site URL is an extension (e.g., for hosted apps or WebUI) but the | 206 // If the site URL is an extension (e.g., for hosted apps or WebUI) but the |
| 208 // process is not (or vice versa), make sure we notice and fix it. | 207 // process is not (or vice versa), make sure we notice and fix it. |
| 209 GURL site_url = GetSiteForURL(browsing_instance_->browser_context(), url); | 208 GURL site_url = GetSiteForURL(browsing_instance_->browser_context(), url); |
| 210 return !RenderProcessHostImpl::IsSuitableHost( | 209 return !RenderProcessHostImpl::IsSuitableHost( |
| 211 GetProcess(), browsing_instance_->browser_context(), site_url); | 210 GetProcess(), browsing_instance_->browser_context(), site_url); |
| 212 } | 211 } |
| 213 | 212 |
| 213 bool SiteInstanceImpl::RequiresDedicatedProcess() { | |
| 214 if (!has_site_) | |
| 215 return false; | |
| 216 return SiteIsolationPolicy::DoesSiteRequireDedicatedProcess(site_); | |
| 217 } | |
| 218 | |
| 214 void SiteInstanceImpl::IncrementRelatedActiveContentsCount() { | 219 void SiteInstanceImpl::IncrementRelatedActiveContentsCount() { |
| 215 browsing_instance_->increment_active_contents_count(); | 220 browsing_instance_->increment_active_contents_count(); |
| 216 } | 221 } |
| 217 | 222 |
| 218 void SiteInstanceImpl::DecrementRelatedActiveContentsCount() { | 223 void SiteInstanceImpl::DecrementRelatedActiveContentsCount() { |
| 219 browsing_instance_->decrement_active_contents_count(); | 224 browsing_instance_->decrement_active_contents_count(); |
| 220 } | 225 } |
| 221 | 226 |
| 222 void SiteInstanceImpl::set_render_process_host_factory( | 227 void SiteInstanceImpl::set_render_process_host_factory( |
| 223 const RenderProcessHostFactory* rph_factory) { | 228 const RenderProcessHostFactory* rph_factory) { |
| (...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 334 GetEffectiveURL(browser_context, url); | 339 GetEffectiveURL(browser_context, url); |
| 335 } | 340 } |
| 336 | 341 |
| 337 void SiteInstanceImpl::RenderProcessHostDestroyed(RenderProcessHost* host) { | 342 void SiteInstanceImpl::RenderProcessHostDestroyed(RenderProcessHost* host) { |
| 338 DCHECK_EQ(process_, host); | 343 DCHECK_EQ(process_, host); |
| 339 process_->RemoveObserver(this); | 344 process_->RemoveObserver(this); |
| 340 process_ = NULL; | 345 process_ = NULL; |
| 341 } | 346 } |
| 342 | 347 |
| 343 void SiteInstanceImpl::LockToOrigin() { | 348 void SiteInstanceImpl::LockToOrigin() { |
| 344 // We currently only restrict this process to a particular site if --site-per- | 349 // TODO(nick): When all sites are isolated, this operation provides strong |
| 345 // process flag is present. | 350 // protection. If only some sites are isolated, we need additional logic here |
|
Charlie Reis
2015/07/13 22:13:14
nit: Drop "here," since the additional logic will
ncarter (slow)
2015/07/20 17:45:46
Done.
| |
| 346 const base::CommandLine& command_line = | 351 // to prevent the non-isolated sites from requesting resources for isolated |
| 347 *base::CommandLine::ForCurrentProcess(); | 352 // sites. https://crbug.com/509125 |
| 348 if (command_line.HasSwitch(switches::kSitePerProcess)) { | 353 if (SiteIsolationPolicy::DoesSiteRequireDedicatedProcess(site_)) { |
| 349 // Guest processes cannot be locked to its site because guests always have | 354 // Guest processes cannot be locked to its site because guests always have |
| 350 // a fixed SiteInstance. The site of GURLs a guest loads doesn't match that | 355 // a fixed SiteInstance. The site of GURLs a guest loads doesn't match that |
| 351 // SiteInstance. So we skip locking the guest process to the site. | 356 // SiteInstance. So we skip locking the guest process to the site. |
| 352 // TODO(ncarter): Remove this exclusion once we can make origin lock per | 357 // TODO(ncarter): Remove this exclusion once we can make origin lock per |
| 353 // RenderFrame routing id. | 358 // RenderFrame routing id. |
| 354 if (site_.SchemeIs(content::kGuestScheme)) | 359 if (site_.SchemeIs(content::kGuestScheme)) |
| 355 return; | 360 return; |
| 356 | 361 |
| 357 ChildProcessSecurityPolicyImpl* policy = | 362 ChildProcessSecurityPolicyImpl* policy = |
| 358 ChildProcessSecurityPolicyImpl::GetInstance(); | 363 ChildProcessSecurityPolicyImpl::GetInstance(); |
| 359 policy->LockToOrigin(process_->GetID(), site_); | 364 policy->LockToOrigin(process_->GetID(), site_); |
| 360 } | 365 } |
| 361 } | 366 } |
| 362 | 367 |
| 363 } // namespace content | 368 } // namespace content |
| OLD | NEW |
