Introduce support for origins that require process isolation.

content/browser/child_process_security_policy_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/child_process_security_policy_impl.h"
 
 #include <algorithm>
 #include <utility>
 
 #include "base/command_line.h"
 #include "base/debug/dump_without_crashing.h"
 #include "base/files/file_path.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/memory/ptr_util.h"
 #include "base/metrics/histogram_macros.h"
+#include "base/strings/string_split.h"
 #include "base/strings/string_util.h"
 #include "build/build_config.h"
 #include "content/browser/site_instance_impl.h"
 #include "content/common/site_isolation_policy.h"
 #include "content/public/browser/child_process_data.h"
 #include "content/public/browser/content_browser_client.h"
 #include "content/public/browser/render_process_host.h"
 #include "content/public/common/bindings_policy.h"
 #include "content/public/common/url_constants.h"
 #include "net/base/filename_util.h"
@@ skipping 218 matching lines @@
         if (it != file_permissions_.end())
           return (it->second & permissions) == permissions;
       }
       last_path = current_path;
       current_path = current_path.DirName();
     }
 
     return false;
   }
 
-  bool CanAccessDataForOrigin(const GURL& gurl) {
+  bool CanAccessDataForOrigin(const GURL& site_url) {
     if (origin_lock_.is_empty())
       return true;
-    // TODO(creis): We must pass the valid browser_context to convert hosted
-    // apps URLs.  Currently, hosted apps cannot set cookies in this mode.
-    // See http://crbug.com/160576.
-    GURL site_gurl = SiteInstanceImpl::GetSiteForURL(NULL, gurl);
-    return origin_lock_ == site_gurl;
+    return origin_lock_ == site_url;
   }
 
   void LockToOrigin(const GURL& gurl) {
     origin_lock_ = gurl;
   }
 
   bool has_web_ui_bindings() const {
     return enabled_bindings_ & BINDINGS_POLICY_WEB_UI;
   }
 
@@ skipping 641 matching lines @@
 
 bool ChildProcessSecurityPolicyImpl::ChildProcessHasPermissionsForFile(
     int child_id, const base::FilePath& file, int permissions) {
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return false;
   return state->second->HasPermissionsForFile(file, permissions);
 }
 
 bool ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin(int child_id,
-                                                            const GURL& gurl) {
+                                                            const GURL& url) {
+  // It's important to call GetSiteForURL before acquiring |lock_|, since
+  // GetSiteForURL consults IsIsolatedOrigin, which needs to grab the same
+  // lock.
+  //
+  // TODO(creis): We must pass the valid browser_context to convert hosted apps
+  // URLs. Currently, hosted apps cannot set cookies in this mode. See
+  // http://crbug.com/160576.
+  GURL site_url = SiteInstanceImpl::GetSiteForURL(NULL, url);
+
   base::AutoLock lock(lock_);
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end()) {
     // TODO(nick): Returning true instead of false here is a temporary
     // workaround for https://crbug.com/600441
     return true;
   }
-  return state->second->CanAccessDataForOrigin(gurl);
+  return state->second->CanAccessDataForOrigin(site_url);
 }
 
 bool ChildProcessSecurityPolicyImpl::HasSpecificPermissionForOrigin(
     int child_id,
     const url::Origin& origin) {
   base::AutoLock lock(lock_);
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return false;
   return state->second->CanCommitOrigin(origin);
@@ skipping 43 matching lines @@
 bool ChildProcessSecurityPolicyImpl::CanSendMidiSysExMessage(int child_id) {
   base::AutoLock lock(lock_);
 
   SecurityStateMap::iterator state = security_state_.find(child_id);
   if (state == security_state_.end())
     return false;
 
   return state->second->can_send_midi_sysex();
 }
 
+void ChildProcessSecurityPolicyImpl::AddIsolatedOrigin(
+    const url::Origin& origin) {
+  CHECK(!origin.unique())
+      << "Cannot register a unique origin as an isolated origin.";
+  CHECK(!IsIsolatedOrigin(origin))
+      << "Duplicate isolated origin: " << origin.Serialize();
+
+  base::AutoLock lock(lock_);
+  isolated_origins_.insert(origin);
+}
+
+void ChildProcessSecurityPolicyImpl::AddIsolatedOriginsFromCommandLine(
+    const std::string& origin_list) {
+  for (const base::StringPiece& origin_piece :
+       base::SplitStringPiece(origin_list, ",", base::TRIM_WHITESPACE,
+                              base::SPLIT_WANT_NONEMPTY)) {
+    url::Origin origin((GURL(origin_piece)));
+    if (!origin.unique())
+      AddIsolatedOrigin(origin);
+  }
+}
+
+bool ChildProcessSecurityPolicyImpl::IsIsolatedOrigin(
+    const url::Origin& origin) {
+  base::AutoLock lock(lock_);
+  return isolated_origins_.find(origin) != isolated_origins_.end();
+}
+
 }  // namespace content