Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1454)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/site_instance_impl.cc

Issue 1208143002: Move existing kSitePerProcess checks to a policy-oracle object (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@swapped_out_cmdline_checks
Patch Set: Fix some includes Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/browser/renderer_host/render_process_host_impl.cc ('K') | « content/browser/site_instance_impl.h ('k') | content/browser/site_instance_impl_unittest.cc » ('j') | content/content_common.gypi » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/site_instance_impl.cc
diff --git a/content/browser/site_instance_impl.cc b/content/browser/site_instance_impl.cc
index ad335f51d3adb867a7dd081236de331e4674a65c..77f54bcae84df378b85f7a0305b5a6c9da9e59fa 100644
--- a/content/browser/site_instance_impl.cc
+++ b/content/browser/site_instance_impl.cc
@@ -4,16 +4,15 @@
#include "content/browser/site_instance_impl.h"
-#include "base/command_line.h"
#include "content/browser/browsing_instance.h"
#include "content/browser/child_process_security_policy_impl.h"
#include "content/browser/frame_host/debug_urls.h"
#include "content/browser/renderer_host/render_process_host_impl.h"
#include "content/browser/storage_partition_impl.h"
+#include "content/common/site_isolation_policy.h"
#include "content/public/browser/content_browser_client.h"
#include "content/public/browser/render_process_host_factory.h"
#include "content/public/browser/web_ui_controller_factory.h"
-#include "content/public/common/content_switches.h"
#include "content/public/common/url_constants.h"
#include "net/base/registry_controlled_domains/registry_controlled_domain.h"
@@ -211,6 +210,12 @@ bool SiteInstanceImpl::HasWrongProcessForURL(const GURL& url) {
GetProcess(), browsing_instance_->browser_context(), site_url);
}
+bool SiteInstanceImpl::RequiresDedicatedProcess() {
+ if (!has_site_)
+ return false;
+ return SiteIsolationPolicy::DoesSiteRequireDedicatedProcess(site_);
+}
+
void SiteInstanceImpl::IncrementRelatedActiveContentsCount() {
browsing_instance_->increment_active_contents_count();
}
@@ -341,11 +346,11 @@ void SiteInstanceImpl::RenderProcessHostDestroyed(RenderProcessHost* host) {
}
void SiteInstanceImpl::LockToOrigin() {
- // We currently only restrict this process to a particular site if --site-per-
- // process flag is present.
- const base::CommandLine& command_line =
- *base::CommandLine::ForCurrentProcess();
- if (command_line.HasSwitch(switches::kSitePerProcess)) {
+ // TODO(nick): When all sites are isolated, this operation provides strong
+ // protection. If only some sites are isolated, we need additional logic to
+ // prevent the non-isolated sites from requesting resources for isolated
+ // sites. https://crbug.com/509125
+ if (SiteIsolationPolicy::DoesSiteRequireDedicatedProcess(site_)) {
// Guest processes cannot be locked to its site because guests always have
// a fixed SiteInstance. The site of GURLs a guest loads doesn't match that
// SiteInstance. So we skip locking the guest process to the site.
« content/browser/renderer_host/render_process_host_impl.cc ('K') | « content/browser/site_instance_impl.h ('k') | content/browser/site_instance_impl_unittest.cc » ('j') | content/content_common.gypi » ('J')

Powered by Google App Engine
This is Rietveld 408576698