Add definitions to the Process Model and Site Isolation doc
Add definitions for Citadel and jail-style enforcement. Test: No behaviour change Bug: 1506082 Change-Id: I656bedb37a6e2343090c1b6d2b3abf0c24a079a4 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5072176 Commit-Queue: Sharon Yang <yangsharon@chromium.org> Reviewed-by: Charlie Reis <creis@chromium.org> Cr-Commit-Position: refs/heads/main@{#1232036}
This commit is contained in:

committed by
Chromium LUCI CQ

parent
6767be802b
commit
43171370d3
@ -51,12 +51,18 @@ Site Isolation involves:
|
||||
and workers from a single web site or origin, even if such documents are in
|
||||
iframes.
|
||||
* **Browser-Enforced Restrictions**: The privileged browser process can monitor
|
||||
IPC messages from locked processes to limit their actions or access to site
|
||||
data (e.g., using ChildProcessSecurityPolicy::CanAccessDataForOrigin).
|
||||
IPC messages from renderer processes to limit their actions or access to
|
||||
site data (e.g., using ChildProcessSecurityPolicy::CanAccessDataForOrigin).
|
||||
This [prevents compromised renderer
|
||||
processes](https://chromium.googlesource.com/chromium/src/+/main/docs/security/compromised-renderers.md)
|
||||
from asking for cross-site data, using permissions granted to other sites,
|
||||
etc.
|
||||
etc. These restrictions take two main forms:
|
||||
* _"Jail" checks_: Ensure that a process locked to a particular site can only
|
||||
access data belonging to that site. If all processes are locked, this is
|
||||
sufficient protection.
|
||||
* _"Citadel" checks_: Ensure that unlocked processes cannot access data
|
||||
for sites that require a dedicated process. This adds protection in cases
|
||||
where full Site Isolation is not available, such as Android.
|
||||
* **Network Response Limitations**: Chromium can ensure that locked renderer
|
||||
processes are only allowed to receive sensitive data (e.g., HTML, XML,
|
||||
JSON) from their designated site or origin, while still allowing
|
||||
|
Reference in New Issue
Block a user