Fix cross-site popups to inherit their opener's sandbox flags even when popup opener is not set

Fix cross-site popups to inherit their opener's sandbox flags even when popup opener is not set.

When a cross-process popup is opened from a sandboxed frame, and the
popup doesn't have window.opener set (e.g., due to rel=noopener), the
popup didn't inherit the opener frame's sandbox flags properly.
This CL fixes this case to work: we already pass the right sandbox
flags to be inherited in frame replication state, and they are also
correctly applied on the browser process side, so there's no need to
check for a non-null opener on the renderer side.

BUG=576204
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation

Committed: https://crrev.com/f5fb5193353e4d19ff45ad2c8baac9196086333d
Cr-Commit-Position: refs/heads/master@{#386492}

[alexmos, 2016-04-06 23:04:18]

Description was changed from

==========
Fix cross-process popups to inherit sandbox flags from subframe openers even
without OOPIF.

Opening a cross-process popup from a subframe in regular-mode Chrome
doesn't maintain window.opener in the popup, since Chrome does not
create subframe proxies in regular mode.  Previously, that also meant
that if the subframe opener was sandboxed, the popup didn't inherit
the sandbox flags properly.  This CL fixes this case to work: we
already pass the right sandbox flags to be inherited in frame
replication state, and they are also correctly applied on the browser
process side, so there's no need to check for a non-null opener on the
renderer side.

BUG=576204
==========

to

==========
Fix cross-process popups to inherit sandbox flags from subframe openers even
without OOPIF.

Opening a cross-process popup from a subframe in regular-mode Chrome
doesn't maintain window.opener in the popup, since Chrome does not
create subframe proxies in regular mode.  Previously, that also meant
that if the subframe opener was sandboxed, the popup didn't inherit
the sandbox flags properly.  This CL fixes this case to work: we
already pass the right sandbox flags to be inherited in frame
replication state, and they are also correctly applied on the browser
process side, so there's no need to check for a non-null opener on the
renderer side.

BUG=576204
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation
==========

[alexmos, 2016-04-06 23:36:42]

Description was changed from

==========
Fix cross-process popups to inherit sandbox flags from subframe openers even
without OOPIF.

Opening a cross-process popup from a subframe in regular-mode Chrome
doesn't maintain window.opener in the popup, since Chrome does not
create subframe proxies in regular mode.  Previously, that also meant
that if the subframe opener was sandboxed, the popup didn't inherit
the sandbox flags properly.  This CL fixes this case to work: we
already pass the right sandbox flags to be inherited in frame
replication state, and they are also correctly applied on the browser
process side, so there's no need to check for a non-null opener on the
renderer side.

BUG=576204
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation
==========

to

==========
Fix cross-site popups to inherit sandbox flags from subframe openers even when
opener is not set.

Opening a cross-process popup from a subframe in regular-mode Chrome
doesn't maintain window.opener in the popup, since Chrome does not
create subframe proxies in regular mode.  That also meant
that if the subframe opener was sandboxed, the popup didn't inherit
the sandbox flags properly.  This CL fixes this case to work: we
already pass the right sandbox flags to be inherited in frame
replication state, and they are also correctly applied on the browser
process side, so there's no need to check for a non-null opener on the
renderer side.

BUG=576204
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation
==========

[alexmos, 2016-04-06 23:40:30]

Description was changed from

==========
Fix cross-site popups to inherit sandbox flags from subframe openers even when
opener is not set.

Opening a cross-process popup from a subframe in regular-mode Chrome
doesn't maintain window.opener in the popup, since Chrome does not
create subframe proxies in regular mode.  That also meant
that if the subframe opener was sandboxed, the popup didn't inherit
the sandbox flags properly.  This CL fixes this case to work: we
already pass the right sandbox flags to be inherited in frame
replication state, and they are also correctly applied on the browser
process side, so there's no need to check for a non-null opener on the
renderer side.

BUG=576204
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation
==========

to

==========
Fix cross-site popups opened from sandboxed frames to inherit sandbox flags even
when the popup's opener is not set.

When a cross-process popup is opened from a sandboxed frame, and the
popup doesn't have window.opener set (e.g., due to rel=noopener), the
popup didn't inherit the opener frame's sandbox flags properly.
This CL fixes this case to work: we already pass the right sandbox
flags to be inherited in frame replication state, and they are also
correctly applied on the browser process side, so there's no need to
check for a non-null opener on the renderer side.

BUG=576204
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation
==========

[alexmos, 2016-04-06 23:40:43]

Description was changed from

==========
Fix cross-site popups opened from sandboxed frames to inherit sandbox flags even
when the popup's opener is not set.

When a cross-process popup is opened from a sandboxed frame, and the
popup doesn't have window.opener set (e.g., due to rel=noopener), the
popup didn't inherit the opener frame's sandbox flags properly.
This CL fixes this case to work: we already pass the right sandbox
flags to be inherited in frame replication state, and they are also
correctly applied on the browser process side, so there's no need to
check for a non-null opener on the renderer side.

BUG=576204
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation
==========

to

==========
Fix cross-site popups opened from sandboxed frames to inherit sandbox flags even
when the popup's opener is not set.

When a cross-process popup is opened from a sandboxed frame, and the
popup doesn't have window.opener set (e.g., due to rel=noopener), the
popup didn't inherit the opener frame's sandbox flags properly.
This CL fixes this case to work: we already pass the right sandbox
flags to be inherited in frame replication state, and they are also
correctly applied on the browser process side, so there's no need to
check for a non-null opener on the renderer side.

BUG=576204
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation
==========

[alexmos, 2016-04-06 23:42:19]

Description was changed from

==========
Fix cross-site popups opened from sandboxed frames to inherit sandbox flags even
when the popup's opener is not set.

When a cross-process popup is opened from a sandboxed frame, and the
popup doesn't have window.opener set (e.g., due to rel=noopener), the
popup didn't inherit the opener frame's sandbox flags properly.
This CL fixes this case to work: we already pass the right sandbox
flags to be inherited in frame replication state, and they are also
correctly applied on the browser process side, so there's no need to
check for a non-null opener on the renderer side.

BUG=576204
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation
==========

to

==========
Fix cross-site popups to inherit their opener's sandbox flags even when popup
opener is not set.

When a cross-process popup is opened from a sandboxed frame, and the
popup doesn't have window.opener set (e.g., due to rel=noopener), the
popup didn't inherit the opener frame's sandbox flags properly.
This CL fixes this case to work: we already pass the right sandbox
flags to be inherited in frame replication state, and they are also
correctly applied on the browser process side, so there's no need to
check for a non-null opener on the renderer side.

BUG=576204
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation
==========

[alexmos, 2016-04-06 23:45:58]

alexmos@chromium.org changed reviewers:
+ creis@chromium.org

[alexmos, 2016-04-06 23:45:59]

Charlie, can you please take a look?  I know you're busy for the next couple of
days, so no rush.

Basically, when a cross-site popup ends up without an opener (due to either
clicking on a link with rel=noopener/noreferrer, or because we don't have a
proxy for a subframe opener in regular mode), we weren't properly inheriting
sandbox flags from the opener frame.  The fix is really simple: just remove the
assumption that the opener frame must be non-null for flags to be inherited in
RenderViewImpl::Initialize, since we already pass in the inherited flags in
frame replication state.  This now becomes consistent with
WebContentsImpl::CreateWithOpener, which sets inherited popup flags regardless
of whether params.opener_suppressed is set.

[Charlie Reis, 2016-04-11 20:03:42]

Nice find.  LGTM!

[alexmos, 2016-04-11 20:04:27]

The CQ bit was checked by alexmos@chromium.org

[commit-bot: I haz the power, 2016-04-11 20:05:20]

CQ is trying da patch. Follow status at
 https://chromium-cq-status.appspot.com/patch-status/1868823002/1
View timeline at
 https://chromium-cq-status.appspot.com/patch-timeline/1868823002/1

[commit-bot: I haz the power, 2016-04-11 22:09:14]

Description was changed from

==========
Fix cross-site popups to inherit their opener's sandbox flags even when popup
opener is not set.

When a cross-process popup is opened from a sandboxed frame, and the
popup doesn't have window.opener set (e.g., due to rel=noopener), the
popup didn't inherit the opener frame's sandbox flags properly.
This CL fixes this case to work: we already pass the right sandbox
flags to be inherited in frame replication state, and they are also
correctly applied on the browser process side, so there's no need to
check for a non-null opener on the renderer side.

BUG=576204
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation
==========

to

==========
Fix cross-site popups to inherit their opener's sandbox flags even when popup
opener is not set.

When a cross-process popup is opened from a sandboxed frame, and the
popup doesn't have window.opener set (e.g., due to rel=noopener), the
popup didn't inherit the opener frame's sandbox flags properly.
This CL fixes this case to work: we already pass the right sandbox
flags to be inherited in frame replication state, and they are also
correctly applied on the browser process side, so there's no need to
check for a non-null opener on the renderer side.

BUG=576204
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation
==========

[commit-bot: I haz the power, 2016-04-11 22:09:16]

Committed patchset #1 (id:1)

[commit-bot: I haz the power, 2016-04-11 22:11:20]

Description was changed from

==========
Fix cross-site popups to inherit their opener's sandbox flags even when popup
opener is not set.

When a cross-process popup is opened from a sandboxed frame, and the
popup doesn't have window.opener set (e.g., due to rel=noopener), the
popup didn't inherit the opener frame's sandbox flags properly.
This CL fixes this case to work: we already pass the right sandbox
flags to be inherited in frame replication state, and they are also
correctly applied on the browser process side, so there's no need to
check for a non-null opener on the renderer side.

BUG=576204
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation
==========

to

==========
Fix cross-site popups to inherit their opener's sandbox flags even when popup
opener is not set.

When a cross-process popup is opened from a sandboxed frame, and the
popup doesn't have window.opener set (e.g., due to rel=noopener), the
popup didn't inherit the opener frame's sandbox flags properly.
This CL fixes this case to work: we already pass the right sandbox
flags to be inherited in frame replication state, and they are also
correctly applied on the browser process side, so there's no need to
check for a non-null opener on the renderer side.

BUG=576204
CQ_INCLUDE_TRYBOTS=tryserver.chromium.linux:linux_site_isolation

Committed: https://crrev.com/f5fb5193353e4d19ff45ad2c8baac9196086333d
Cr-Commit-Position: refs/heads/master@{#386492}
==========

[commit-bot: I haz the power, 2016-04-11 22:11:21]

Patchset 1 (id:??) landed as
https://crrev.com/f5fb5193353e4d19ff45ad2c8baac9196086333d
Cr-Commit-Position: refs/heads/master@{#386492}