Move existing kSitePerProcess checks to a policy-oracle object

content/browser/site_instance_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/site_instance_impl.h"
 
-#include "base/command_line.h"
 #include "content/browser/browsing_instance.h"
 #include "content/browser/child_process_security_policy_impl.h"
 #include "content/browser/frame_host/debug_urls.h"
 #include "content/browser/renderer_host/render_process_host_impl.h"
 #include "content/browser/storage_partition_impl.h"
+#include "content/common/site_isolation_policy.h"
 #include "content/public/browser/content_browser_client.h"
 #include "content/public/browser/render_process_host_factory.h"
 #include "content/public/browser/web_ui_controller_factory.h"
-#include "content/public/common/content_switches.h"
 #include "content/public/common/url_constants.h"
 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
 
 namespace content {
 
 const RenderProcessHostFactory*
     SiteInstanceImpl::g_render_process_host_factory_ = NULL;
 int32 SiteInstanceImpl::next_site_instance_id_ = 1;
 
 SiteInstanceImpl::SiteInstanceImpl(BrowsingInstance* browsing_instance)
@@ skipping 177 matching lines @@
   if (IsRendererDebugURL(url))
     return false;
 
   // If the site URL is an extension (e.g., for hosted apps or WebUI) but the
   // process is not (or vice versa), make sure we notice and fix it.
   GURL site_url = GetSiteForURL(browsing_instance_->browser_context(), url);
   return !RenderProcessHostImpl::IsSuitableHost(
       GetProcess(), browsing_instance_->browser_context(), site_url);
 }
 
+bool SiteInstanceImpl::RequiresDedicatedProcess() {
+  if (!has_site_)
+    return false;
+  return SiteIsolationPolicy::DoesSiteRequireDedicatedProcess(site_);
+}
+
 void SiteInstanceImpl::IncrementRelatedActiveContentsCount() {
   browsing_instance_->increment_active_contents_count();
 }
 
 void SiteInstanceImpl::DecrementRelatedActiveContentsCount() {
   browsing_instance_->decrement_active_contents_count();
 }
 
 void SiteInstanceImpl::set_render_process_host_factory(
     const RenderProcessHostFactory* rph_factory) {
@@ skipping 110 matching lines @@
       GetEffectiveURL(browser_context, url);
 }
 
 void SiteInstanceImpl::RenderProcessHostDestroyed(RenderProcessHost* host) {
   DCHECK_EQ(process_, host);
   process_->RemoveObserver(this);
   process_ = NULL;
 }
 
 void SiteInstanceImpl::LockToOrigin() {
-  // We currently only restrict this process to a particular site if --site-per-
-  // process flag is present.
-  const base::CommandLine& command_line =
-      *base::CommandLine::ForCurrentProcess();
-  if (command_line.HasSwitch(switches::kSitePerProcess)) {
+  // TODO(nick): When all sites are isolated, this operation provides strong
+  // protection. If only some sites are isolated, we need additional logic to
+  // prevent the non-isolated sites from requesting resources for isolated
+  // sites. https://crbug.com/509125
+  if (SiteIsolationPolicy::DoesSiteRequireDedicatedProcess(site_)) {
     // Guest processes cannot be locked to its site because guests always have
     // a fixed SiteInstance. The site of GURLs a guest loads doesn't match that
     // SiteInstance. So we skip locking the guest process to the site.
     // TODO(ncarter): Remove this exclusion once we can make origin lock per
     // RenderFrame routing id.
     if (site_.SchemeIs(content::kGuestScheme))
       return;
 
     // TODO(creis, nick) https://crbug.com/510588 Chrome UI pages use the same
     // site (chrome://chrome), so they can't be locked because the site being
     // loaded doesn't match the SiteInstance.
     if (site_.SchemeIs(content::kChromeUIScheme))
       return;
 
     ChildProcessSecurityPolicyImpl* policy =
         ChildProcessSecurityPolicyImpl::GetInstance();
     policy->LockToOrigin(process_->GetID(), site_);
   }
 }
 
 }  // namespace content