Modify --isolate-extensions to not isolate hosted apps.

content/browser/site_instance_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/site_instance_impl.h"
 
 #include "content/browser/browsing_instance.h"
 #include "content/browser/child_process_security_policy_impl.h"
 #include "content/browser/frame_host/debug_urls.h"
 #include "content/browser/renderer_host/render_process_host_impl.h"
@@ skipping 195 matching lines @@
   // If the site URL is an extension (e.g., for hosted apps or WebUI) but the
   // process is not (or vice versa), make sure we notice and fix it.
   GURL site_url = GetSiteForURL(browsing_instance_->browser_context(), url);
   return !RenderProcessHostImpl::IsSuitableHost(
       GetProcess(), browsing_instance_->browser_context(), site_url);
 }
 
 bool SiteInstanceImpl::RequiresDedicatedProcess() {
   if (!has_site_)
     return false;
-  return SiteIsolationPolicy::DoesSiteRequireDedicatedProcess(site_);
+  return SiteInstanceImpl::DoesSiteRequireDedicatedProcess(GetBrowserContext(),
+                                                           site_);
 }
 
 void SiteInstanceImpl::IncrementRelatedActiveContentsCount() {
   browsing_instance_->increment_active_contents_count();
 }
 
 void SiteInstanceImpl::DecrementRelatedActiveContentsCount() {
   browsing_instance_->decrement_active_contents_count();
 }
 
 void SiteInstanceImpl::set_render_process_host_factory(
     const RenderProcessHostFactory* rph_factory) {
   g_render_process_host_factory_ = rph_factory;
 }
 
 BrowserContext* SiteInstanceImpl::GetBrowserContext() const {
   return browsing_instance_->browser_context();
 }
 
-/*static*/
+// static
 SiteInstance* SiteInstance::Create(BrowserContext* browser_context) {
   return new SiteInstanceImpl(new BrowsingInstance(browser_context));
 }
 
-/*static*/
+// static
 SiteInstance* SiteInstance::CreateForURL(BrowserContext* browser_context,
                                          const GURL& url) {
   // This will create a new SiteInstance and BrowsingInstance.
   scoped_refptr<BrowsingInstance> instance(
       new BrowsingInstance(browser_context));
   return instance->GetSiteInstanceForURL(url);
 }
 
-/*static*/
+// static
 bool SiteInstance::IsSameWebSite(BrowserContext* browser_context,
                                  const GURL& real_src_url,
                                  const GURL& real_dest_url) {
   GURL src_url = SiteInstanceImpl::GetEffectiveURL(browser_context,
                                                    real_src_url);
   GURL dest_url = SiteInstanceImpl::GetEffectiveURL(browser_context,
                                                     real_dest_url);
 
   // We infer web site boundaries based on the registered domain name of the
   // top-level page and the scheme.  We do not pay attention to the port if
@@ skipping 19 matching lines @@
   // If the schemes differ, they aren't part of the same site.
   if (src_url.scheme() != dest_url.scheme())
     return false;
 
   return net::registry_controlled_domains::SameDomainOrHost(
       src_url,
       dest_url,
       net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES);
 }
 
-/*static*/
+// static
 GURL SiteInstance::GetSiteForURL(BrowserContext* browser_context,
                                  const GURL& real_url) {
   // TODO(fsamuel, creis): For some reason appID is not recognized as a host.
   if (real_url.SchemeIs(kGuestScheme))
     return real_url;
 
   GURL url = SiteInstanceImpl::GetEffectiveURL(browser_context, real_url);
 
   // If the url has a host, then determine the site.
   if (url.has_host()) {
@@ skipping 24 matching lines @@
   // If there is no host but there is a scheme, return the scheme.
   // This is useful for cases like file URLs.
   if (url.has_scheme())
     return GURL(url.scheme() + ":");
 
   // Otherwise the URL should be invalid; return an empty site.
   DCHECK(!url.is_valid());
   return GURL();
 }
 
-/*static*/
+// static
 GURL SiteInstanceImpl::GetEffectiveURL(BrowserContext* browser_context,
                                        const GURL& url) {
   return GetContentClient()->browser()->
       GetEffectiveURL(browser_context, url);
 }
 
+// static
+bool SiteInstanceImpl::DoesSiteRequireDedicatedProcess(
+    BrowserContext* browser_context,
+    const GURL& effective_url) {
+  // If --site-per-process is enabled, site isolation is enabled everywhere.
+  if (SiteIsolationPolicy::UseDedicatedProcessesForAllSites())
+    return true;
+
+  // Let the content embedder enable site isolation for specific URLs.
+  if (GetContentClient()->IsSupplementarySiteIsolationModeEnabled() &&
+      GetContentClient()->browser()->DoesSiteRequireDedicatedProcess(
+          browser_context, effective_url)) {
+    return true;
+  }
+
+  return false;
+}
+
 void SiteInstanceImpl::RenderProcessHostDestroyed(RenderProcessHost* host) {
   DCHECK_EQ(process_, host);
   process_->RemoveObserver(this);
   process_ = NULL;
 }
 
 void SiteInstanceImpl::LockToOrigin() {
   // TODO(nick): When all sites are isolated, this operation provides strong
   // protection. If only some sites are isolated, we need additional logic to
   // prevent the non-isolated sites from requesting resources for isolated
   // sites. https://crbug.com/509125
-  if (SiteIsolationPolicy::DoesSiteRequireDedicatedProcess(site_)) {
+  if (RequiresDedicatedProcess()) {
     // Guest processes cannot be locked to its site because guests always have
     // a fixed SiteInstance. The site of GURLs a guest loads doesn't match that
     // SiteInstance. So we skip locking the guest process to the site.
     // TODO(ncarter): Remove this exclusion once we can make origin lock per
     // RenderFrame routing id.
     if (site_.SchemeIs(content::kGuestScheme))
       return;
 
     // TODO(creis, nick) https://crbug.com/510588 Chrome UI pages use the same
     // site (chrome://chrome), so they can't be locked because the site being
     // loaded doesn't match the SiteInstance.
     if (site_.SchemeIs(content::kChromeUIScheme))
       return;
 
     // TODO(creis, nick): Until we can handle sites with effective URLs at the
     // call sites of ChildProcessSecurityPolicy::CanAccessDataForOrigin, we
     // must give the embedder a chance to exempt some sites to avoid process
     // kills.
     if (!GetContentClient()->browser()->ShouldLockToOrigin(
             browsing_instance_->browser_context(), site_))
       return;
 
     ChildProcessSecurityPolicyImpl* policy =
         ChildProcessSecurityPolicyImpl::GetInstance();
     policy->LockToOrigin(process_->GetID(), site_);
   }
 }
 
 }  // namespace content