Whitelisting exts and plugins from cross-site document blocking

content/child/site_isolation_policy.cc

Index: content/child/site_isolation_policy.cc
diff --git a/content/child/site_isolation_policy.cc b/content/child/site_isolation_policy.cc
index 91eb15898d08cadf6cc542d099cde6a5b6c56295..b01934367d76b2e8bb9119a03f6081932951acd7 100644
--- a/content/child/site_isolation_policy.cc
+++ b/content/child/site_isolation_policy.cc
@@ -8,6 +8,7 @@
 #include "base/command_line.h"
 #include "base/logging.h"
 #include "base/metrics/histogram.h"
+#include "base/process/process_handle.h"

[Charlie Reis, 2013/09/03 16:43:23]

Is this just for the logging statement?  We should remove both.

 #include "base/strings/string_piece.h"
 #include "base/strings/string_util.h"
 #include "content/public/common/content_switches.h"
@@ -45,14 +46,30 @@ const char kTextPlain[] = "text/plain";
 
 }  // anonymous namespace
 
+// The cross-site document blocking/UMA data collection is deactivated by
+// default, and only activated for a rederer process backed-up by

[Charlie Reis, 2013/09/03 16:43:23]

nit: renderer

Also, "backed up by RenderProcessImpl (so we exclude plugin processes too)" is
redundant with "renderer process."

+// RenderProcessImpl (so we exclude plugin processes too), when the renderer is
+// not for extensions.
+bool SiteIsolationPolicy::g_policy_activated = false;
+
 SiteIsolationPolicy::ResponseMetaData::ResponseMetaData() {}
 
+void SiteIsolationPolicy::SetPolicyActivationFlag(bool flag) {
+  LOG(ERROR) << "setpolicyactivationflag:" << flag << ":" <<

[Charlie Reis, 2013/09/03 16:43:23]

We should remove this.

[dsjang, 2013/09/03 19:13:11]

Done.

+      base::GetCurrentProcId();
+  g_policy_activated = flag;
+}
+
 void SiteIsolationPolicy::OnReceivedResponse(
     int request_id,
     GURL& frame_origin,
     GURL& response_url,
     ResourceType::Type resource_type,
     const webkit_glue::ResourceResponseInfo& info) {
+  if (!g_policy_activated) {

[Charlie Reis, 2013/09/03 16:43:23]

nit: No braces needed on one-line body.

+    return;
+  }
+
   UMA_HISTOGRAM_COUNTS("SiteIsolation.AllResponses", 1);
 
   // See if this is for navigation. If it is, don't block it, under the
@@ -156,6 +173,9 @@ bool SiteIsolationPolicy::ShouldBlockResponse(
     const char* data,
     int length,
     std::string* alternative_data) {
+  if (!g_policy_activated)
+    return false;
+
   RequestIdToMetaDataMap* metadata_map = GetRequestIdToMetaDataMap();
   RequestIdToResultMap* result_map = GetRequestIdToResultMap();
 
@@ -270,7 +290,6 @@ bool SiteIsolationPolicy::ShouldBlockResponse(
     LOG(ERROR) << resp_data.response_url
                << " is blocked as an illegal cross-site document from "
                << resp_data.frame_origin;
-
   }
   return result;
 }
@@ -280,6 +299,8 @@ bool SiteIsolationPolicy::ShouldBlockResponse(
 #undef SITE_ISOLATION_POLICY_COUNT_BLOCK
 
 void SiteIsolationPolicy::OnRequestComplete(int request_id) {
+  if (!g_policy_activated)
+    return;
   RequestIdToMetaDataMap* metadata_map = GetRequestIdToMetaDataMap();
   RequestIdToResultMap* result_map = GetRequestIdToResultMap();
   metadata_map->erase(request_id);