content/browser/child_process_security_policy_impl.cc - Issue 2831683002: Introduce support for origins that require process isolation.

Unified Diff: content/browser/child_process_security_policy_impl.cc

Issue 2831683002: Introduce support for origins that require process isolation. (Closed)

Patch Set: Rebase Created 3 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« content/browser/child_process_security_policy_impl.h ('K') | « content/browser/child_process_security_policy_impl.h ('k') | content/browser/child_process_security_policy_unittest.cc » ('j') | content/browser/site_instance_impl.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: content/browser/child_process_security_policy_impl.cc

diff --git a/content/browser/child_process_security_policy_impl.cc b/content/browser/child_process_security_policy_impl.cc

index 28ce45ad809ad34567726a34478ff43627bf5f67..acd54fa5ff52686253b9686ebfb6b6ec6a032f34 100644

--- a/content/browser/child_process_security_policy_impl.cc

+++ b/content/browser/child_process_security_policy_impl.cc

@@ -14,6 +14,7 @@

#include "base/macros.h"

#include "base/memory/ptr_util.h"

#include "base/metrics/histogram_macros.h"

+#include "base/strings/string_split.h"

#include "base/strings/string_util.h"

#include "build/build_config.h"

#include "content/browser/site_instance_impl.h"

@@ -255,6 +256,7 @@ class ChildProcessSecurityPolicyImpl::SecurityState {

bool CanAccessDataForOrigin(const GURL& gurl) {

if (origin_lock_.is_empty())

return true;

Charlie Reis 2017/05/19 00:10:18 nit: No need for churn here.

alexmos 2017/05/24 00:19:56 Done.

// TODO(creis): We must pass the valid browser_context to convert hosted

// apps URLs. Currently, hosted apps cannot set cookies in this mode.

// See http://crbug.com/160576.

@@ -929,6 +931,7 @@ bool ChildProcessSecurityPolicyImpl::CanAccessDataForOrigin(int child_id,

// workaround for https://crbug.com/600441

return true;

}

Charlie Reis 2017/05/19 00:10:18 Or here.

alexmos 2017/05/24 00:19:56 Done.

return state->second->CanAccessDataForOrigin(gurl);

}

@@ -993,4 +996,30 @@ bool ChildProcessSecurityPolicyImpl::CanSendMidiSysExMessage(int child_id) {

return state->second->can_send_midi_sysex();

}

+void ChildProcessSecurityPolicyImpl::AddIsolatedOrigin(

+ const url::Origin& origin) {

+ DCHECK(!origin.unique());

Charlie Reis 2017/05/19 00:10:18 Maybe this should be a CHECK with an error message

alexmos 2017/05/24 00:19:56 Done. Good idea.

+ DCHECK(!IsIsolatedOrigin(origin));

Charlie Reis 2017/05/19 00:10:18 Same here, in case someone said --isolated-origins

alexmos 2017/05/24 00:19:56 Done. This particular one might go away with Safe

+ base::AutoLock lock(isolated_origins_lock_);

+ isolated_origins_.insert(origin);

+void ChildProcessSecurityPolicyImpl::AddIsolatedOriginsFromCommandLine(

+ const std::string& origin_list) {

+ for (const base::StringPiece& origin_piece :

+ base::SplitStringPiece(origin_list, ",", base::TRIM_WHITESPACE,

+ base::SPLIT_WANT_NONEMPTY)) {

+ url::Origin origin((GURL(origin_piece)));

+ if (!origin.unique())

+ AddIsolatedOrigin(origin);

+ }

+bool ChildProcessSecurityPolicyImpl::IsIsolatedOrigin(

+ const url::Origin& origin) {

+ base::AutoLock lock(isolated_origins_lock_);

+ return isolated_origins_.find(origin) != isolated_origins_.end();

} // namespace content