Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(697)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/site_instance_impl.cc

Issue 1208143002: Move existing kSitePerProcess checks to a policy-oracle object (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@swapped_out_cmdline_checks
Patch Set: Partial fixes to Nasko's comments. Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/browser/loader/cross_site_resource_handler.cc ('K') | « content/browser/site_instance_impl.h ('k') | content/browser/site_instance_impl_unittest.cc » ('j') | content/public/browser/site_instance.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/site_instance_impl.cc
diff --git a/content/browser/site_instance_impl.cc b/content/browser/site_instance_impl.cc
index 42d29421782ea48d17f1ae70cf9ea3fef376f025..bbedc55076c9c61e3e0ad9888921f8559a3bee75 100644
--- a/content/browser/site_instance_impl.cc
+++ b/content/browser/site_instance_impl.cc
@@ -4,7 +4,6 @@
#include "content/browser/site_instance_impl.h"
-#include "base/command_line.h"
#include "content/browser/browsing_instance.h"
#include "content/browser/child_process_security_policy_impl.h"
#include "content/browser/frame_host/debug_urls.h"
@@ -13,7 +12,7 @@
#include "content/public/browser/content_browser_client.h"
#include "content/public/browser/render_process_host_factory.h"
#include "content/public/browser/web_ui_controller_factory.h"
-#include "content/public/common/content_switches.h"
+#include "content/public/common/site_isolation_policy.h"
#include "content/public/common/url_constants.h"
#include "net/base/registry_controlled_domains/registry_controlled_domain.h"
@@ -211,6 +210,12 @@ bool SiteInstanceImpl::HasWrongProcessForURL(const GURL& url) {
GetProcess(), browsing_instance_->browser_context(), site_url);
}
+bool SiteInstanceImpl::RequiresDedicatedProcess() {
+ if (!has_site_)
+ return false;
+ return SiteIsolationPolicy::DoesSiteRequireDedicatedProcess(site_);
+}
+
void SiteInstanceImpl::IncrementRelatedActiveContentsCount() {
browsing_instance_->increment_active_contents_count();
}
@@ -341,11 +346,11 @@ void SiteInstanceImpl::RenderProcessHostDestroyed(RenderProcessHost* host) {
}
void SiteInstanceImpl::LockToOrigin() {
- // We currently only restrict this process to a particular site if --site-per-
- // process flag is present.
- const base::CommandLine& command_line =
- *base::CommandLine::ForCurrentProcess();
- if (command_line.HasSwitch(switches::kSitePerProcess)) {
+ // TODO(nick): When all sites are isolated, this operation provides strong
+ // protection. If only some sites are isolated, we need additional logic here
Charlie Reis 2015/07/13 22:13:14 nit: Drop "here," since the additional logic will
ncarter (slow) 2015/07/20 17:45:46 Done.
+ // to prevent the non-isolated sites from requesting resources for isolated
+ // sites. https://crbug.com/509125
+ if (SiteIsolationPolicy::DoesSiteRequireDedicatedProcess(site_)) {
// Guest processes cannot be locked to its site because guests always have
// a fixed SiteInstance. The site of GURLs a guest loads doesn't match that
// SiteInstance. So we skip locking the guest process to the site.
« content/browser/loader/cross_site_resource_handler.cc ('K') | « content/browser/site_instance_impl.h ('k') | content/browser/site_instance_impl_unittest.cc » ('j') | content/public/browser/site_instance.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698