Introduce support for origins that require process isolation.

content/browser/site_instance_impl.h

Index: content/browser/site_instance_impl.h
diff --git a/content/browser/site_instance_impl.h b/content/browser/site_instance_impl.h
index fc2ad85bd30738cf2167cc2bd8735aeebe7ced99..99d7b645f16b0ac160efac671643a98f20b421ee 100644
--- a/content/browser/site_instance_impl.h
+++ b/content/browser/site_instance_impl.h
@@ -124,9 +124,25 @@ class CONTENT_EXPORT SiteInstanceImpl final : public SiteInstance,
   static bool DoesSiteRequireDedicatedProcess(BrowserContext* browser_context,
                                               const GURL& url);
 
+  // Add an origin to the list of origins that require process isolation.
+  // When making process model decisions for such origins, the full
+  // scheme+host+port tuple rather than eTLD+1 will be used.  SiteInstances for

[Charlie Reis, 2017/05/05 23:18:51]

Maybe clarify that the default is scheme + eTLD+1?

[alexmos, 2017/05/16 17:26:38]

Yes, thanks, I was sloppy there.  Updated here and in a couple of other places.

+  // these origins will also use the full origin as site URL.

[Charlie Reis, 2017/05/05 23:18:51]

This is the first use of url::Origin in this class.  Should we clarify some of
the potential gotchas?  A few that come to mind:
 - Can't use unique origins here (e.g., data)
 - What happens to a sandboxed iframe with this origin (but whose url::Origin is
unique)?
 - Presumably about:blank pages within a url::Origin go into that process?

There's probably more...  :)

[alexmos, 2017/05/16 17:26:38]

Yes, good idea.  This moved to ChildProcessSecurityPolicy, but I added some
comments along those lines there.

+  static void AddIsolatedOrigin(const url::Origin& origin);
+
+  // Register a set of isolated origins as specified on the command line with
+  // the --isolate-origins flag.  |origin_list| is the flag's value, which
+  // contains the list of comma-separated scheme-host-port origins. See
+  // AddIsolatedOrigin for definition of an isolated origin.
+  static void AddIsolatedOriginsFromCommandLine(const std::string& origin_list);
+
+  // Helper to check whether an origin requires origin-wide process isolation.
+  static bool IsIsolatedOrigin(const url::Origin& origin);
+
  private:
   friend class BrowsingInstance;
   friend class SiteInstanceTestBrowserClient;
+  FRIEND_TEST_ALL_PREFIXES(SiteInstanceTest, IsolateOriginsFromCommandLine);
 
   // Create a new SiteInstance.  Only BrowsingInstance should call this
   // directly; clients should use Create() or GetRelatedSiteInstance() instead.
@@ -153,6 +169,12 @@ class CONTENT_EXPORT SiteInstanceImpl final : public SiteInstance,
     is_default_subframe_site_instance_ = true;
   }
 
+  // Tracks origins for which the entire origin should be treated as a site
+  // when making process model decisions, rather than the origin's eTLD+1. Each

[Charlie Reis, 2017/05/05 23:18:51]

Same nit about previous definition of site.

[alexmos, 2017/05/16 17:26:38]

Done.

+  // of these origins requires a dedicated process.
+  using IsolatedOriginSet = std::set<url::Origin>;
+  static IsolatedOriginSet* GetIsolatedOrigins();
+
   // An object used to construct RenderProcessHosts.
   static const RenderProcessHostFactory* g_render_process_host_factory_;