ChildProcessSecurityPolicy::CanAccessDataForOrigin is the main API for
performing site isolation enforcements, deciding whether a renderer
process is allowed to access data for a particular origin. The
implementation of this check (in CanAccessMaybeOpaqueOrigin) is
currently shared for three different kinds of checks and has gotten
very complicated over the years, trying to compute an expected process
lock from the provided URL and compare it to the actual process lock,
while accounting for things like whether the URL's origin should use
origin vs site isolation.
This CL is a first step towards simplifying this implementation by
providing an alternate mechanism for implementing
CanAccessDataForOrigin (CADFO). Namely, we can track all origins ever
committed for a particular process, and then only allow access to data
for origins that have been committed, because they have already been
validated at commit time. This subsumes the current process lock
checks, since CADFO only ever used the origin comparison and ignored
the other ProcessLock/SiteInfo bits, artificially making them match in
the expected and actual locks (see
https://source.chromium.org/chromium/chromium/src/+/main:content/browser/child_process_security_policy_impl.cc;l=2050-2065;drc=f522344e45882da4c7f7cb1b3a0a7bd747d654bb).
This new check is only useful for kHostsOrigin and
kCanAccessDataForCommittedOrigin checks (i.e., whether an origin was
previously committed in a process, and whether the process can access
data belonging to an already committed origin). It cannot be used for
kCanCommitNewOrigin checks that decide whether a new origin should be
allowed to commit in a particular process. These will still use the
process lock comparisons for now.
For implementation, SecurityState now tracks a set of committed
origins. Committed origins for navigations are added in
RFHI::UpdatePermissionsForNavigation() at ready-to-commit time and in
Navigator::DidNavigate() at DidCommit time. The former is sufficient
in vast majority of cases, but the latter is still needed in cases
like adding a sandboxed about:blank iframe, where a new opaque origin
is introduced into the parent's process (OOPSIFs aren't used in this
case), but this doesn't go through the full navigation flow and
doesn't hit UpdatePermissionsForNavigation(). Committed origins are
also added when creating ServiceWorkers. For now, other workers are
assumed to stay in the origin of their creator document; there is a
corner case where this isn't true (workers created via a data: URL),
but this will be fixed in a followup.
The set of committed origins can only grow; for simplicity, there is
currently no provision to revoke a committed origin. The hope is that
this set won't grow overly large; but this may need to be
revisited. Metrics to track the size of this set will be added in a
followup CL.
This does cause a slight behavior change where a process that no
longer has any documents or workers could be denied access with the
older checks, but would still be allowed access for the older origins
with the new checks. This is covered in
DynamicIsolatedOriginTest.NewBrowsingInstanceInOldProcess, where an
origin becomes dynamically isolated, and a process previously lost
access to that origin as soon as the last BrowsingInstance where the
origin was not isolated is removed from the process, but now that
access is maintained. For now, we don't consider this to be a
meaningful decrease in security, as it's hard for the attacker to take
advantage of, but this could be revisited in the future, e.g., by
marking newly isolated origins as needing revocation when their last
instance goes away from a process.
The new checks are also slightly stricter than the old checks because
they will compare the full origins, rather than the ProcessLocks
computed from them. So, for example, if https://foo.com/ was committed
and isolated at a site granularity, requests for data from
https://sub.foo.com would now be blocked. Also, port mismatches in
origins are no longer ignored. So, if https://foo.com:1234 has
committed, requests for https://foo.com:5678 would now be denied,
whereas they would be allowed by jail/citadel checks previously (since
the ProcessLock computation ignores ports).
The enforcements of the new checks (where they replace jail and
citadel checks) are behind a feature which is off by default.
Nonetheless, all affected existing tests have been fixed to pass with
the checks on. ChildProcessSecurityPolicy tests have been
parameterized to run both with and without the new checks. When the
new checks disagree with the jail/citadel checks, we generate a
DumpWithoutCrashing report to collect more information. (Some of these
cases, like port mismatches, will be expected, as explained above.)
Bug: 40148776
Change-Id: Id31c4130ef1f8b9936b27bddb4658641fca7ffde
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5410347
Commit-Queue: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1378730}
The canonical bug format is TODO(crbug.com/<id>). TODOs of the
following forms will all be migrated to the new format:
- TODO(crbug.com/<old id>)
- TODO(https://crbug.com/<old id>)
- TODO(crbug/<old id>)
- TODO(crbug/monorail/<old id>)
- TODO(<old id>)
- TODO(issues.chromium.org/<old id>)
- TODO(https://issues.chromium.org/<old id>)
- TODO(https://issues.chromium.org/u/1/issues/<old id>)
- TODO(bugs.chromium.org/<old id>)
Bug id mapping is sourced from go/chrome-on-buganizer-prod-issues.
See go/crbug-todo-migration for details.
#crbug-todo-migration
Bug: b/321899722
Change-Id: Ibc66b8c440e4bcdef414e77fef4d9874d2ea9951
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5493800
Auto-Submit: Alison Gale <agale@chromium.org>
Commit-Queue: Alison Gale <agale@chromium.org>
Reviewed-by: Peter Boström <pbos@chromium.org>
Owners-Override: Alison Gale <agale@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1293330}
On Profile destruction, currently there is a race with
the DatabaseTracker shutdown. DatabaseTracker shutdown
will post task[1] on the database task runner because
it needs to do file I/O. However it also has some logic
to retrieve info for special storage policies from the
Profile which may already be destroyed by that time.
This change removes logic for special storage policy from
DatabaseTracker. DatabaseTracker(WebSQL) is removed
from all platforms as of M119 except for WebView, which does
not utilize the special storage policy. All policy and
deprecation support have ended with M123. Therefore cleaning
up the code to avoid the race.
[1]https://source.chromium.org/chromium/chromium/src/+/main:content/browser/storage_partition_impl.cc;l=1200;drc=be92f4cc2f137460213d52a926c9477275a456c5
Bug: 323898565, 325476286
Change-Id: Ie2ef898c558308439a8b0d3fdf67f7157440b20a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5288855
Commit-Queue: Ayu Ishii <ayui@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Evan Stade <estade@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1276451}
This CL is a refactor to store the default OriginAgentIsolationState
in the IsolationContext owned by a BrowsingInstance. By doing this at
the creation of the BrowsingInstance, we snapshot the default in case it
dynamically changes (e.g. via a change in the value of the enterprise
policy OriginAgentClusterDefaultEnabled).
This refactor also allows CanAccessDataForOrigin access to a
BrowsingInstance's default isolation state so that it can appropriately
construct the expected_process_lock. This is potentially a behavior
change, but only after we introduce process-isolated default OAC in a
follow-on CL.
Bug: 1421329
Change-Id: I7829c151365b685c724f79e8d40c56dd27ec5819
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4427512
Commit-Queue: James Maclean <wjmaclean@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Code-Coverage: Findit <findit-for-me@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#1136085}
Until the kill switch for citadel enforcements is removed, this will
provide some test coverage both with and without Citadel enforcements.
This also involves tweaking some tests to do proper cleanup, to allow
them to run twice in a row without breaking.
Bug: 764958
Change-Id: Icd4b4dee0d80ac4247b2badd40db5c3b82039d7f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4396425
Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org>
Commit-Queue: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1127681}
FOR REVIEWERS - This is a large CL, sorry about that. Please review just
the files you're an owner for. In almost all cases, the changes should
be minimal and straightforward.
There's a need to keep StorageKey and BlinkStorageKey partial sync, but
as each organically grew this has gotten lost. As we wrap up and launch
storage partitioning, we should leave this code in a good state.
This CL swaps out the origin constructor for a new static function
called CreateFirstParty. The reason for this is to ensure callsites know
that they are explicitly creating a first-party only StorageKey and
might be missing context important to partition storage. Further, if in
the future we were to want to deprecate this construction method in
prod, we would need a static function we could re-name like this
and so migrating to this style of syntax will make that easier.
This CL is part of a series:
(1) Organize public functions and map work
(2) Rename CreateFirstParty constructors
(3) Rename CreateWithNonce constructors
(4) Rename Create constructors
(5) Remove old test constructors
(6) Define opaque origin behavior
Bug: 1410254
Change-Id: I0be1305f91a454484c68d0faf4015bad3afe05ed
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4251237
Owners-Override: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Steven Bingler <bingler@chromium.org>
Auto-Submit: Ari Chivukula <arichiv@chromium.org>
Commit-Queue: Ari Chivukula <arichiv@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1105850}
Turns out there's a lot of includes, so these will have to be removed
before deleting the implementation of the task runner handles.
To allow the deletion of the task runner handle headers, add
the sequenced/thread task runner handles where they are used in
the codebase with scripts.
This was done with an automated change, with a few touchups afterwards.
The code for the mass-refactor changes are here:
python:
https://paste.googleplex.com/5534570878337024
shell:
https://paste.googleplex.com/6466750748033024
In terms of touchups:
- add sequenced/thread task runner handles to
the third_party/blink/public/DEPS, because multiple files were using
it transitively anyways.
- rewrite certain parts of the codebase which used
ThreadTaskRunnerHandles instead of CurrentDefaultHandles.
- fix a compile issue with forward-declaration in
extensions/browser/extension_file_task_runner.h.
AX-Relnotes: n/a.
Bug: 1026641
Change-Id: I737ef32aee4e77c21eaa3a2bdc403a28322cf1b7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4133323
Owners-Override: Gabriel Charette <gab@chromium.org>
Commit-Queue: Sean Maher <spvw@chromium.org>
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1090532}
This CL implements process isolation for fenced frames (isolating
fenced frames from their embedders) behind a flag. It adds an
'is_fenced' attribute to SiteInfo and IsolationContext to help enforce
this isolation. Having the is_fenced bit in IsolationContext is used to
maintain the same value of is_fenced for all related SiteInstances
created in a particular BrowsingInstance (e.g., for subframes of a
fenced frame).
The changes here currently only have an effect when
the flag is enabled and strict site isolation is enabled. Changes for
other site isolation modes will be in future CLs. See attached bug for
more details on design (design doc, explainer).
Bug: 1340662
Change-Id: I821943158286c9fa69639ad1156112bd74a4410e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3821704
Commit-Queue: Adithya Srinivasan <adithyas@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1041755}
This also implements updating of policy values for pre-existing
buckets. Specifically, expiration and persistence can change if
they're specified in the buckets `open` API. Thus `GetOrCreateBucket`
becomes `UpdateOrCreateBucket`.
Test coverage is partially provided by WPT, e.g.
wpt_internal/storage/buckets/storage_bucket_object.tentative.https.any.sharedworker.html
Upcoming TODOs (for later patches):
* we should determine whether opening the "default" bucket with the
API is allowed, and if so which operations it supports.
* expiration should be respected when `open` is called. That is, the
bucket and its data should be clobbered and re-created if it's
expired.
Bug: 1315393,1176774,1315392
Change-Id: Iaa57393f330434685e0b72b59037887768d5fb28
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3609049
Reviewed-by: Ayu Ishii <ayui@chromium.org>
Reviewed-by: John Rummell <jrummell@chromium.org>
Reviewed-by: Austin Sullivan <asully@chromium.org>
Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Commit-Queue: Evan Stade <estade@chromium.org>
Reviewed-by: Joshua Bell <jsbell@chromium.org>
Reviewed-by: Rakina Zata Amni <rakina@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1004971}
QuotaManagerImpl (and its dependencies UsageTracker and
ClientUsageTracker) currently accept a null SpecialStoragePolicy. In the
interest of having tests match production as much as possible, the
allowance for null SpecialStoragePolicy is getting removed.
This CL switches some tests away from passing null SpecialStoragePolicy
to QuotaManagerImpl. Instead, a default-constructed
MockSpecialStoragePolicy is used. This should result in the same
behavior.
Bug: 1303409
Change-Id: Ife79f9594ba47cd93ae1bd0b47a26c57760d42f1
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3507394
Auto-Submit: Victor Costan <pwnall@chromium.org>
Reviewed-by: Austin Sullivan <asully@chromium.org>
Commit-Queue: Victor Costan <pwnall@chromium.org>
Cr-Commit-Position: refs/heads/main@{#978416}
This CL adds initial support for enabling site isolation inside
<webview> guests. This mode is behind a new feature called
SiteIsolationForGuests.
The overall approach is to stop using special chrome-guest: site URLs
when creating SiteInfos for guests. Instead, site-isolated guests use
real site URLs that are computed with the existing process model code,
and rely on SiteInfo::storage_partition_config to keep navigations
within guests in the same StoragePartition and in guest SiteInstances.
This CL supports cross-process navigations in guests, OOPIFs, and
cross-BrowsingInstance navigations in guests. A particular guest will
no longer be restricted to a single SiteInstance and BrowsingInstance,
though it will always stay in the same StoragePartition, and for all
SiteInstances in a guest, SiteInstance::IsGuest() will be true.
In the current SiteInstance assignment paths, there are various early
returns that make guests always in the same SiteInstance. Those are
now only used when the new feature is off. Since guests will now
descend much deeper into the SiteInstance assignment paths, we needed
an additional signal as to whether the new SiteInstance/SiteInfo would
be for a guest. To do this, instead of plumbing an additional flag to
places like SiteInfo::CreateInternal, is_guest is added to
IsolationContext which is already plumbed into all the needed code
paths (see SiteInfo::CreateInternal for how it's used). Conceptually,
IsolationContext::is_guest just says whether a particular
BrowsingInstance is for a guest or not, so that any related
SiteInstances within it stay in the guest.
To handle cross-BrowsingInstance navigations in guests,
SiteInstanceImpl::CreateForUrlInfo (which is normally used to create
a new SiteInstance in a new BrowsingInstance) is updated to be able to
handle guests, in which case the StoragePartition info needs to be
transferred into the new SiteInstance/BrowsingInstance.
The following are some things that are not part of this CL and will be
addressed in future CLs:
- converting <webview> tests to run in both the legacy and site
isolation modes. (This CL does add standalone tests to validate
site isolation properties.)
- embedder navigating <webview> to about:blank and siteless
SiteInstances.
- error page navigations, WebViewRendererState, loadDataWithBaseURL.
Bug: 1267977
Change-Id: I3b747640c083a302dc07ee4106af4f6d33928165
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3380343
Reviewed-by: James Maclean <wjmaclean@chromium.org>
Reviewed-by: Charles Reis <creis@chromium.org>
Commit-Queue: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#965525}
This CL makes WebDatabaseHostImpl's overridden method declarations
public, whereas they were previously private. The private access control
specifier is misleading, because WebDatabaseHostImpl uses public
inheritance (as mandated by the Google C++ style guide), so outside code
can always call into the overridden methods by creating a superclass
pointer from a WebDatabaseHostImpl instance.
Making the overridden methods public is sufficient for removing
FRIEND_TEST_ALL_PREFIXES from FRIEND_TEST_ALL_PREFIXES, which unlocks a
minor cleanup in testing code.
Change-Id: I63e679d72c390be03590457aa4406311dbbdce55
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3316976
Reviewed-by: Austin Sullivan <asully@chromium.org>
Commit-Queue: Victor Costan <pwnall@chromium.org>
Cr-Commit-Position: refs/heads/main@{#948571}
This change updates WebSQL OpenFile to return an invalid file
if GetOrCreateBucket fails. This is necessary because we do not
want to store any data for a StorageKey unless there is a
StorageBucket associated with it. Eventually when WebSQL integrates
with buckets, the data directory for default buckets will change
to a path with a bucket_id. It will not be able to store data
without a bucket. We enforce rule now, before we bootstrap
QuotaDatabase to create buckets for all existing data for
storage keys, and QuotaDatabase becomes the source of truth for
all stored data for quota managed Storage APIs.
Bug: 1267042
Change-Id: Ibac62187e8d82eb6bc2bd6ae794f5da21af5629f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3274860
Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Commit-Queue: Ayu Ishii <ayui@chromium.org>
Cr-Commit-Position: refs/heads/main@{#941248}
This inlines all remaining DISALLOW_* macros in content/. This is done
manually (vim regex + manually finding insertion position).
IWYU cleanup is left as a separate pass that is easier when these macros
go away.
Bug: 1010217
Change-Id: I8b5ea6dd9f8a3f584cf3eef82634017a38b15be8
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3193883
Commit-Queue: Peter Boström <pbos@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Auto-Submit: Peter Boström <pbos@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Owners-Override: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/main@{#936160}
This CL was generated by using tools/git/move_source_file.py to change
the includes for those files:
base/bind_post_task.h
base/deferred_sequenced_task_runner.h
base/post_task_and_reply_with_result_internal.h
base/sequenced_task_runner.h
base/sequenced_task_runner_helpers.h
base/single_thread_task_runner.h
base/task_runner.h
base/task_runner_util.h
base/updateable_sequenced_task_runner.h
Then formatted using "git cl format". DEPS files were fixed with a
simple search and replace script.
Bug: 1255932
Change-Id: I0d9b5ddd9260fde5e4581e6c6e0080bdb0ed2c44
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3209175
Reviewed-by: Gabriel Charette <gab@chromium.org>
Owners-Override: Gabriel Charette <gab@chromium.org>
Commit-Queue: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/main@{#929867}
This change ensures that a default bucket for an
origin/storage key exists on OpenFile. This will
call to get or create a default bucket for the storage
key to make sure there is an entry in the QuotaDatabase
buckets table. This is a requirement for migrating
Storage APIs to Buckets.
Bug: 1240334
Change-Id: I8dabe3f6d3d94faca4f05dab9930c846978b855b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3099255
Commit-Queue: Ayu Ishii <ayui@chromium.org>
Reviewed-by: Victor Costan <pwnall@chromium.org>
Cr-Commit-Position: refs/heads/main@{#919563}
This is in preparation for a followup change which removes the
aforementioned include from base/memory/ref_counted.h.
This CL was automatically generated with:
python tools/clang/pass_to_move/add_header.py \
--header '"base/gtest_prod_util.h"' \
$(grep -L gtest_prod_util $(git gs FRIEND_TEST_ALL_PREFIXES | cut -d: -f1 | uniq))
add_header.py is an unlanded helper script from
https://codereview.chromium.org/1505823003/
Change-Id: I35d75a74a80b3bcdd9ad76cfeef98b2b64e26cfd
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3132241
Commit-Queue: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Gabriel Charette <gab@chromium.org>
Auto-Submit: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Wez <wez@chromium.org>
Reviewed-by: Gabriel Charette <gab@chromium.org>
Owners-Override: Wez <wez@chromium.org>
Owners-Override: Gabriel Charette <gab@chromium.org>
Cr-Commit-Position: refs/heads/main@{#916900}
This is part of an effort to move the storage APIs to use StorageKey
instead of Origin. For now, the call sites of QuotaManagerProxy (of
which there are many) have been changed to convert an Origin to a
StorageKey, in the cases where the call site does not already have a
StorageKey object created.
Bug: 1215208
Change-Id: I212bed36f8a371d13afc4a55a464684889b5fe8f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2971803
Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Reviewed-by: Bo <boliu@chromium.org>
Commit-Queue: Ali Beyad <abeyad@chromium.org>
Cr-Commit-Position: refs/heads/master@{#894400}
This CL makes the following test improvements. No functional changes are
introduced.
1. Unit tests that instantiate DatabaseTracker now call
DatabaseTracker::Shutdown() on the expected sequence before the
DatabaseTracker is destroyed. Shutdown() has been in the
DatabaseTracker API contract before this CL, so the tests have been
incorrect. The fix is needed because a follow-up CL will DCHECK
consistently if Shutdown() is not called before the destructor.
2. TestQuotaManagerProxy::reset() -> ResetRecordedTestState(). The
method does not meet the style guide requirements for snake_case()
methods. Also, the reset() name is typically used for clearing smart
pointers.
Bug: 1163048
Change-Id: I50af6ea6381de3d9db8db0e6959d3c1f04e4ada7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2939390
Commit-Queue: Victor Costan <pwnall@chromium.org>
Commit-Queue: enne <enne@chromium.org>
Auto-Submit: Victor Costan <pwnall@chromium.org>
Reviewed-by: enne <enne@chromium.org>
Cr-Commit-Position: refs/heads/master@{#889432}
This CL adds a DatabaseTracker::Create() method that must be used to
instantiate the class.
The DatabaseTracker constructor remains public, so base::MakeRefCounted
can still be used with DatabaseTracker. Access to the constructor is
restricted with a base::PassKey.
This CL also turns DatabaseTracker constructor arguments from raw
pointers to scoped_refptr when the DatabaseTracker constructor holds a
reference to the instances.
This CL does not introduce any functional changes.
Bug: 1163048
Change-Id: I7b0074af323a4e7712ec0754544f53244d5feab3
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2927932
Reviewed-by: enne <enne@chromium.org>
Commit-Queue: Victor Costan <pwnall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#888083}
The BadMessage strings in WebDatabaseHostImpl make it hard to recognize
the source of the messages in crash dumps. This CL makes those strings
a little more informative.
Bug: 1148542
Change-Id: I4dbb50166e576a5a256638b5967d87ed7b4f139e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2792347
Commit-Queue: James MacLean <wjmaclean@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#867726}
This change removes calls to base::ASCIIToUTF16 in //content and //ui
with a single-line string literal and replaces them with a u"..."
literal instead. Files where this change would cause compilation errors
were not changed.
This is a mechanical change:
$ git grep -lw ASCIIToUTF16 content ui | xargs \
sed -i 's/\(base::\)\?ASCIIToUTF16(\("\(\\.\|[^\\"]\)*"\))/u\2/g'
$ git cl format
Bug: 1189439
Change-Id: I0d5601dc15324c43012b8d26260405f1efdca07e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2780265
Commit-Queue: Daniel Cheng <dcheng@chromium.org>
Auto-Submit: Jan Wilken Dörrie <jdoerrie@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Owners-Override: Daniel Cheng <dcheng@chromium.org>
Cr-Commit-Position: refs/heads/master@{#865766}
Prereq for https://chromium-review.googlesource.com/c/chromium/src/+/2773408
as we previously had
task_traits.h=>thread_pool.h=>callback_helpers.h
Users that should be including thread_pool.h explicitly did so in
https://chromium-review.googlesource.com/c/chromium/src/+/2775891
These are the remaining users of types in callback_helpers.h that
weren't properly IWYU. e.g.:
../../media/video/software_video_encoder_test.cc:92:54: error: no member named 'NullCallback' in namespace 'base'
std::move(output_cb), base::NullCallback());
Script:
def Fix(file_path):
content = refactor_lib.ReadFile(file_path)
# Assume fwd-decls are correct in first pass.
if 'class ScopedClosureRunner;' in content:
return False
# Using base:: prefix ensures we don't match fwd-decls and other
# things. Will require a few fixups for missing includes in //base
# proper. Complex prefix in regex attempts to skip comments.
matches = re.compile(
r'(\n *[^/\n][^/\n][^/\n]*'
r'(base::ScopedClosureRunner|base::NullCallback|base::DoNothing)'
r'\b[^*])',
re.DOTALL).findall(content)
if not matches:
return False
updated_content = refactor_lib.AddInclude(file_path, content,
"base/callback_helpers.h")
if updated_content == content:
return False
# Write updated file
refactor_lib.WriteFile(file_path, updated_content)
return True
Bug: 1026641
Change-Id: Ic7cfec226f1a13b05f4244d5ffcdd2ad8c4e4c3d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2774781
Commit-Queue: Gabriel Charette <gab@chromium.org>
Reviewed-by: François Doray <fdoray@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Owners-Override: François Doray <fdoray@chromium.org>
Owners-Override: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/master@{#865177}
The `estimatedSize` parameter passed to window.openDatabase() is
persisted in WebSQL's metadata database, but is not used anywhere.
This CL removes the parameter plumbing from Chrome. The parameter
remains in WebIDL and the interface implementation.
Bug: 1188773
Change-Id: I4514a2f93f941393cbb693f8aaac235e25b2af90
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2763192
Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Reviewed-by: Matthew Denton <mpdenton@chromium.org>
Commit-Queue: Victor Costan <pwnall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#863815}
The `estimatedSize` parameter passed to window.openDatabase() is
persisted in WebSQL's metadata database, but is not used anywhere.
This CL removes the parameter from the browser side. This is done
separately from the Blink-side removal, to make it easier to see that
the estimated size is not used anywhere.
Bug: 1188773
Change-Id: I9b114f86bf2a1d52550d451eefcbfe5d013a8d20
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2763335
Reviewed-by: Marijn Kruisselbrink <mek@chromium.org>
Reviewed-by: Colin Blundell <blundell@chromium.org>
Commit-Queue: Colin Blundell <blundell@chromium.org>
Auto-Submit: Victor Costan <pwnall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#863753}
This better conveys the difference between that method and
AddIsolatedOriginsForBrowsingInstance, now that we have a growing
number of use cases for each of these, with COOP isolation using both.
Bug: 1018656
Change-Id: I79ffe77d4c83deb7efee9398951d935f06acae8b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2753527
Reviewed-by: Charlie Reis <creis@chromium.org>
Owners-Override: Charlie Reis <creis@chromium.org>
Commit-Queue: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/master@{#862325}
GetUsageAndQuota() takes a base::SequencedTaskRunner as a raw pointer.
However, in some cases, it may take a reference to this argument. This
CL converts the argument to a scoped_refptr, to show the fact that
GetUsageAndQuota() may extend the argument's lifetime.
Change-Id: I7b7a8e1a708b82fc96084a01122f5f2227400022
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2644682
Reviewed-by: Matt Falkenhagen <falken@chromium.org>
Reviewed-by: Jarryd Goodman <jarrydg@chromium.org>
Commit-Queue: Victor Costan <pwnall@chromium.org>
Auto-Submit: Victor Costan <pwnall@chromium.org>
Cr-Commit-Position: refs/heads/master@{#848060}
