Whitelisting exts and plugins from cross-site document blocking

content/child/site_isolation_policy.cc

Index: content/child/site_isolation_policy.cc
diff --git a/content/child/site_isolation_policy.cc b/content/child/site_isolation_policy.cc
index 91eb15898d08cadf6cc542d099cde6a5b6c56295..9cc42e2f0945fe428b2473a8d7694527a51a780d 100644
--- a/content/child/site_isolation_policy.cc
+++ b/content/child/site_isolation_policy.cc
@@ -45,14 +45,39 @@ const char kTextPlain[] = "text/plain";
 
 }  // anonymous namespace
 
+// The cross-site document blocking/UMA data collection is deactivated by
+// default, and only activated for a rederer process backed-up by

[Charlie Reis, 2013/09/03 20:22:10]

You missed my comment about this in the earlier patch set.

[dsjang, 2013/09/03 22:31:30]

Done.

+// RenderProcessImpl (so we exclude plugin processes too), when the renderer is
+// not for extensions.
+
 SiteIsolationPolicy::ResponseMetaData::ResponseMetaData() {}
 
+// The cross-site document blocking/UMA data collection is deactivated by
+// default, and only activated for a renderer process, not for extensions.
+bool SiteIsolationPolicy::g_policy_enabled = false;
+
+void SiteIsolationPolicy::SetPolicyEnabled(bool flag) {
+  g_policy_enabled = flag;
+}
+
 void SiteIsolationPolicy::OnReceivedResponse(
     int request_id,
     GURL& frame_origin,
     GURL& response_url,
     ResourceType::Type resource_type,
+    int origin_pid,
     const webkit_glue::ResourceResponseInfo& info) {
+  if (!g_policy_enabled)
+    return;
+
+  // if |origin_pid| is non-zero, it means that this response is for the plugin

[Charlie Reis, 2013/09/03 20:22:10]

for the -> for a

[dsjang, 2013/09/03 22:31:30]

Done.

+  // spawned from this renderer process. We exclude responses for plugins for
+  // now, but eventually, we're going to make plugin processes directly talk to
+  // the browser process so that we can apply the cross-site document blocking

[Charlie Reis, 2013/09/03 20:22:10]

I agree with everything but the last part.  The goal is to make them talk
directly to the browser process so that we do *not* try to apply the document
blocking policy to them.

[dsjang, 2013/09/03 22:31:30]

Done.

+  // to them.
+  if (origin_pid)
+    return;
+
   UMA_HISTOGRAM_COUNTS("SiteIsolation.AllResponses", 1);
 
   // See if this is for navigation. If it is, don't block it, under the
@@ -156,6 +181,9 @@ bool SiteIsolationPolicy::ShouldBlockResponse(
     const char* data,
     int length,
     std::string* alternative_data) {
+  if (!g_policy_enabled)
+    return false;
+
   RequestIdToMetaDataMap* metadata_map = GetRequestIdToMetaDataMap();
   RequestIdToResultMap* result_map = GetRequestIdToResultMap();
 
@@ -270,7 +298,6 @@ bool SiteIsolationPolicy::ShouldBlockResponse(
     LOG(ERROR) << resp_data.response_url
                << " is blocked as an illegal cross-site document from "
                << resp_data.frame_origin;
-
   }
   return result;
 }
@@ -280,6 +307,8 @@ bool SiteIsolationPolicy::ShouldBlockResponse(
 #undef SITE_ISOLATION_POLICY_COUNT_BLOCK
 
 void SiteIsolationPolicy::OnRequestComplete(int request_id) {
+  if (!g_policy_enabled)
+    return;
   RequestIdToMetaDataMap* metadata_map = GetRequestIdToMetaDataMap();
   RequestIdToResultMap* result_map = GetRequestIdToResultMap();
   metadata_map->erase(request_id);