Kill renderers for bad password forms in --site-per-process.

components/password_manager/content/browser/content_password_manager_driver.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "components/password_manager/content/browser/content_password_manager_driver.h"
 
 #include "components/autofill/content/common/autofill_messages.h"
 #include "components/autofill/core/common/form_data.h"
 #include "components/autofill/core/common/password_form.h"
+#include "components/password_manager/content/browser/bad_message.h"
 #include "components/password_manager/content/browser/content_password_manager_driver_factory.h"
 #include "components/password_manager/core/browser/password_manager_client.h"
 #include "content/public/browser/browser_context.h"
+#include "content/public/browser/child_process_security_policy.h"
 #include "content/public/browser/navigation_details.h"
 #include "content/public/browser/navigation_entry.h"
 #include "content/public/browser/render_frame_host.h"
+#include "content/public/browser/render_process_host.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/site_instance.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/ssl_status.h"
 #include "ipc/ipc_message_macros.h"
 #include "net/cert/cert_status_flags.h"
 
 namespace password_manager {
 
 ContentPasswordManagerDriver::ContentPasswordManagerDriver(
@@ skipping 118 matching lines @@
                       PasswordAutofillManager::OnShowPasswordSuggestions)
   IPC_MESSAGE_FORWARD(AutofillHostMsg_RecordSavePasswordProgress, client_,
                       PasswordManagerClient::LogSavePasswordProgress)
   IPC_MESSAGE_UNHANDLED(handled = false)
   IPC_END_MESSAGE_MAP()
   return handled;
 }
 
 void ContentPasswordManagerDriver::OnPasswordFormsParsed(
     const std::vector<autofill::PasswordForm>& forms) {
+  for (const auto& form : forms)
+    if (!CheckChildProcessSecurityPolicy(
+            form.origin,
+            bad_message::BadMessageReason::CPMD_BAD_ORIGIN_FORMS_PARSED))
+      return;
   GetPasswordManager()->OnPasswordFormsParsed(this, forms);
 }
 
 void ContentPasswordManagerDriver::OnPasswordFormsRendered(
     const std::vector<autofill::PasswordForm>& visible_forms,
     bool did_stop_loading) {
+  for (const auto& form : visible_forms)
+    if (!CheckChildProcessSecurityPolicy(
+            form.origin,
+            bad_message::BadMessageReason::CPMD_BAD_ORIGIN_FORMS_RENDERED))
+      return;
   GetPasswordManager()->OnPasswordFormsRendered(this, visible_forms,
                                                 did_stop_loading);
 }
 
 void ContentPasswordManagerDriver::OnPasswordFormSubmitted(
     const autofill::PasswordForm& password_form) {
+  if (!CheckChildProcessSecurityPolicy(
+          password_form.origin,
+          bad_message::BadMessageReason::CPMD_BAD_ORIGIN_FORM_SUBMITTED))
+    return;
   GetPasswordManager()->OnPasswordFormSubmitted(this, password_form);
 }
 
 void ContentPasswordManagerDriver::OnFocusedPasswordFormFound(
     const autofill::PasswordForm& password_form) {
+  if (!CheckChildProcessSecurityPolicy(
+          password_form.origin,
+          bad_message::BadMessageReason::
+              CPMD_BAD_ORIGIN_FOCUSED_PASSWORD_FORM_FOUND))
+    return;
   GetPasswordManager()->OnPasswordFormForceSaveRequested(this, password_form);
 }
 
 void ContentPasswordManagerDriver::DidNavigateFrame(
     const content::LoadCommittedDetails& details,
     const content::FrameNavigateParams& params) {
   // Clear page specific data after main frame navigation.
   if (!render_frame_host_->GetParent() && !details.is_in_page) {
     GetPasswordManager()->DidNavigateMainFrame();
     GetPasswordAutofillManager()->DidNavigateMainFrame();
   }
 }
 
 void ContentPasswordManagerDriver::OnInPageNavigation(
     const autofill::PasswordForm& password_form) {
+  if (!CheckChildProcessSecurityPolicy(
+          password_form.origin,
+          bad_message::BadMessageReason::CPMD_BAD_ORIGIN_IN_PAGE_NAVIGATION))
+    return;
   GetPasswordManager()->OnInPageNavigation(this, password_form);
 }
 
 void ContentPasswordManagerDriver::OnPasswordNoLongerGenerated(
     const autofill::PasswordForm& password_form) {
+  if (!CheckChildProcessSecurityPolicy(
+          password_form.origin,
+          bad_message::BadMessageReason::
+              CPMD_BAD_ORIGIN_PASSWORD_NO_LONGER_GENERATED))
+    return;
   GetPasswordManager()->SetHasGeneratedPasswordForForm(this, password_form,
                                                        false);
 }
 
+bool ContentPasswordManagerDriver::CheckChildProcessSecurityPolicy(
+    const GURL& url,
+    bad_message::BadMessageReason reason) {
+  content::ChildProcessSecurityPolicy* policy =
+      content::ChildProcessSecurityPolicy::GetInstance();
+  if (!policy->CanAccessDataForOrigin(render_frame_host_->GetProcess()->GetID(),
+                                      url)) {
+    bad_message::ReceivedBadMessage(render_frame_host_->GetProcess(), reason);
+    return false;
+  }
+
+  return true;
+}
+
 }  // namespace password_manager