Implement OOPIFs within Devtools Extensions

content/browser/frame_host/render_frame_host_manager.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/frame_host/render_frame_host_manager.h"
 
 #include <stddef.h>
 
 #include <algorithm>
 #include <string>
@@ skipping 22 matching lines @@
 #include "content/browser/frame_host/render_frame_proxy_host.h"
 #include "content/browser/renderer_host/render_process_host_impl.h"
 #include "content/browser/renderer_host/render_view_host_factory.h"
 #include "content/browser/renderer_host/render_view_host_impl.h"
 #include "content/browser/site_instance_impl.h"
 #include "content/browser/webui/web_ui_controller_factory_registry.h"
 #include "content/common/frame_messages.h"
 #include "content/common/frame_owner_properties.h"
 #include "content/common/site_isolation_policy.h"
 #include "content/common/view_messages.h"
+#include "content/public/browser/child_process_security_policy.h"
 #include "content/public/browser/content_browser_client.h"
 #include "content/public/browser/render_process_host_observer.h"
 #include "content/public/browser/render_widget_host_iterator.h"
 #include "content/public/browser/render_widget_host_view.h"
 #include "content/public/browser/user_metrics.h"
 #include "content/public/common/browser_side_navigation_policy.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/common/referrer.h"
 #include "content/public/common/url_constants.h"
 
@@ skipping 1234 matching lines @@
   // chrome://settings, which currently has multiple "cross-site" subframes that
   // don't need isolation.
   if (SiteIsolationPolicy::AreCrossProcessFramesPossible() &&
       !frame_tree_node_->IsMainFrame()) {
     SiteInstance* parent_site_instance =
         frame_tree_node_->parent()->current_frame_host()->GetSiteInstance();
     if (parent_site_instance->GetSiteURL().SchemeIs(kChromeUIScheme) &&
         dest_url.SchemeIs(kChromeUIScheme)) {
       return SiteInstanceDescriptor(parent_site_instance);
     }
+    // TODO(alexmos, nick): Remove this once https://crbug.com/706169 is fixed.
+    if (parent_site_instance->GetSiteURL().SchemeIs(kChromeDevToolsScheme)) {
+      url::Origin origin(dest_url);
+      auto* policy = ChildProcessSecurityPolicy::GetInstance();
+      // Some non-devtools origins (e.g., devtools extensions) have special
+      // permission to stay in the devtools process.
+      bool is_origin_allowed_in_devtools_process =
+          policy->HasSpecificPermissionForOrigin(
+              parent_site_instance->GetProcess()->GetID(), origin);
+      if (origin.scheme() == kChromeDevToolsScheme ||
+          is_origin_allowed_in_devtools_process) {
+        return SiteInstanceDescriptor(parent_site_instance);
+      }
+    }
   }
 
   // If we haven't used our SiteInstance (and thus RVH) yet, then we can use it
   // for this entry.  We won't commit the SiteInstance to this site until the
   // navigation commits (in DidNavigate), unless the navigation entry was
   // restored or it's a Web UI as described below.
   if (!current_instance_impl->HasSite()) {
     // If we've already created a SiteInstance for our destination, we don't
     // want to use this unused SiteInstance; use the existing one.  (We don't
     // do this check if the current_instance has a site, because for now, we
@@ skipping 158 matching lines @@
     const GURL& dest_url) {
   // A transfer is not needed if the current SiteInstance doesn't yet have a
   // site.  This is the case for tests that use NavigateToURL.
   if (!rfh->GetSiteInstance()->HasSite())
     return false;
 
   // We do not currently swap processes for navigations in webview tag guests.
   if (rfh->GetSiteInstance()->GetSiteURL().SchemeIs(kGuestScheme))
     return false;
 
-  // Don't swap processes for extensions embedded in DevTools. See
-  // https://crbug.com/564216.
+  // TODO(alexmos, nick): Remove this once https://crbug.com/706169 is fixed.
+  // Devtools pages and devtools extensions must stay in the devtools process.
+  // See https://crbug.com/564216.
   if (rfh->GetSiteInstance()->GetSiteURL().SchemeIs(kChromeDevToolsScheme)) {
-    // TODO(nick): https://crbug.com/570483 Check to see if |dest_url| is a
-    // devtools extension, and swap processes if not.
-    return false;
+    url::Origin origin(dest_url);
+    auto* policy = ChildProcessSecurityPolicy::GetInstance();
+    // Some non-devtools origins (e.g., devtools extensions) have special
+    // permission to stay in the devtools process.
+    bool is_origin_allowed_in_devtools_process =
+        policy->HasSpecificPermissionForOrigin(rfh->GetProcess()->GetID(),
+                                               origin);
+    return !(origin.scheme() == kChromeDevToolsScheme ||
+             is_origin_allowed_in_devtools_process);
   }
 
   BrowserContext* context = rfh->GetSiteInstance()->GetBrowserContext();
   // TODO(nasko, nick): These following --site-per-process checks are
   // overly simplistic. Update them to match all the cases
   // considered by DetermineSiteInstanceForURL.
   if (IsCurrentlySameSite(rfh, dest_url)) {
     // The same site, no transition needed for security purposes, and we must
     // keep the same SiteInstance for correctness of synchronous scripting.
     return false;
@@ skipping 1311 matching lines @@
           delegate_->IsHidden()) {
     if (delegate_->IsHidden()) {
       render_frame_host_->GetView()->Hide();
     } else {
       render_frame_host_->GetView()->Show();
     }
   }
 }
 
 }  // namespace content