0
Commit Graph

15 Commits

Author SHA1 Message Date
Wez
2ef77e717e Revert "Don't skip isolation check for empty BrowsingInstanceId in tests."
This reverts commit eb0a64dbb3.

Reason for revert: Causes a substantial increase in browser crashes on Canary.

Original change's description:
> Don't skip isolation check for empty BrowsingInstanceId in tests.
>
> This CL modifies GetMatchingProcessIsolatedOrigin to make sure that,
> if it's called with an IsolationContext that has no BrowsingInstanceId
> (which commonly happens in tests), that it gives the correct isolation
> when OriginKeyedProcessesByDefault is enabled.
>
> This bug doesn't exist without OriginKeyedProcessesByDefault enabled,
> since all that's left is opt-in/opt-out isolation, and neither of those can occur without a BrowsingInstanceId.
>
> Bug: 40259221
> Change-Id: Ib810c80f9710f8f270a7fad36abb2cbf5332d7a2
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5572325
> Reviewed-by: Charlie Reis <creis@chromium.org>
> Commit-Queue: W. James Maclean <wjmaclean@chromium.org>
> Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#1308848}

Bug: 40259221, 338792924
Change-Id: Ie0bba451babfb732b143d8bbdaaf9fe6d2b1fc61
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5592571
Commit-Queue: Wez <wez@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Auto-Submit: Wez <wez@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Charlie Reis <creis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1309339}
2024-06-03 15:40:38 +00:00
W. James MacLean
eb0a64dbb3 Don't skip isolation check for empty BrowsingInstanceId in tests.
This CL modifies GetMatchingProcessIsolatedOrigin to make sure that,
if it's called with an IsolationContext that has no BrowsingInstanceId
(which commonly happens in tests), that it gives the correct isolation
when OriginKeyedProcessesByDefault is enabled.

This bug doesn't exist without OriginKeyedProcessesByDefault enabled,
since all that's left is opt-in/opt-out isolation, and neither of those can occur without a BrowsingInstanceId.

Bug: 40259221
Change-Id: Ib810c80f9710f8f270a7fad36abb2cbf5332d7a2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5572325
Reviewed-by: Charlie Reis <creis@chromium.org>
Commit-Queue: W. James Maclean <wjmaclean@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1308848}
2024-05-31 19:50:38 +00:00
W. James MacLean
e66843c983 Refactor to store default isolation state in IsolationContext.
This CL is a refactor to store the default OriginAgentIsolationState
in the IsolationContext owned by a BrowsingInstance. By doing this at
the creation of the BrowsingInstance, we snapshot the default in case it
dynamically changes (e.g. via a change in the value of the enterprise
policy OriginAgentClusterDefaultEnabled).

This refactor also allows CanAccessDataForOrigin access to a
BrowsingInstance's default isolation state so that it can appropriately
construct the expected_process_lock. This is potentially a behavior
change, but only after we introduce process-isolated default OAC in a
follow-on CL.

Bug: 1421329
Change-Id: I7829c151365b685c724f79e8d40c56dd27ec5819
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4427512
Commit-Queue: James Maclean <wjmaclean@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Code-Coverage: Findit <findit-for-me@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#1136085}
2023-04-26 19:15:57 +00:00
Avi Drissman
4e1b7bc33d Update copyright headers in content/
The methodology used to generate this CL is documented in
https://crbug.com/1098010#c34.

No-Try: true
No-Presubmit: true
Bug: 1098010
Change-Id: I8c0f009d16350271f07d8e5e561085822cc9dd27
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3895935
Owners-Override: Avi Drissman <avi@chromium.org>
Reviewed-by: Mark Mentovai <mark@chromium.org>
Commit-Queue: Mark Mentovai <mark@chromium.org>
Auto-Submit: Avi Drissman <avi@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1047456}
2022-09-15 14:03:50 +00:00
Adithya Srinivasan
f6377b1af5 [FencedFrames] Implement process isolation for fenced frames
This CL implements process isolation for fenced frames (isolating
fenced frames from their embedders) behind a flag. It adds an
'is_fenced' attribute to SiteInfo and IsolationContext to help enforce
this isolation. Having the is_fenced bit in IsolationContext is used to
maintain the same value of is_fenced for all related SiteInstances
created in a particular BrowsingInstance (e.g., for subframes of a
fenced frame).

The changes here currently only have an effect when
the flag is enabled and strict site isolation is enabled. Changes for
other site isolation modes will be in future CLs. See attached bug for
more details on design (design doc, explainer).

Bug: 1340662
Change-Id: I821943158286c9fa69639ad1156112bd74a4410e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3821704
Commit-Queue: Adithya Srinivasan <adithyas@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1041755}
2022-08-31 21:58:44 +00:00
Alex Moshchuk
ab80d7ddf3 Mark two fields in IsolationContext as const
Neither browsing_instance_id_ nor browser_or_resource_context_ should
change throughout the lifetime of an IsolationContext.  Mark them both
as const.

Change-Id: I69d308eb4c28ee3650d599bb2c273924a057f648
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3441314
Commit-Queue: Alex Moshchuk <alexmos@chromium.org>
Auto-Submit: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Charles Reis <creis@chromium.org>
Commit-Queue: Charles Reis <creis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#967519}
2022-02-04 23:55:09 +00:00
Alex Moshchuk
df15d8e3c4 Introduce a feature for site isolation in <webview> guests
This CL adds initial support for enabling site isolation inside
<webview> guests.  This mode is behind a new feature called
SiteIsolationForGuests.

The overall approach is to stop using special chrome-guest: site URLs
when creating SiteInfos for guests.  Instead, site-isolated guests use
real site URLs that are computed with the existing process model code,
and rely on SiteInfo::storage_partition_config to keep navigations
within guests in the same StoragePartition and in guest SiteInstances.

This CL supports cross-process navigations in guests, OOPIFs, and
cross-BrowsingInstance navigations in guests.  A particular guest will
no longer be restricted to a single SiteInstance and BrowsingInstance,
though it will always stay in the same StoragePartition, and for all
SiteInstances in a guest, SiteInstance::IsGuest() will be true.

In the current SiteInstance assignment paths, there are various early
returns that make guests always in the same SiteInstance.  Those are
now only used when the new feature is off.  Since guests will now
descend much deeper into the SiteInstance assignment paths, we needed
an additional signal as to whether the new SiteInstance/SiteInfo would
be for a guest.  To do this, instead of plumbing an additional flag to
places like SiteInfo::CreateInternal, is_guest is added to
IsolationContext which is already plumbed into all the needed code
paths (see SiteInfo::CreateInternal for how it's used).  Conceptually,
IsolationContext::is_guest just says whether a particular
BrowsingInstance is for a guest or not, so that any related
SiteInstances within it stay in the guest.

To handle cross-BrowsingInstance navigations in guests,
SiteInstanceImpl::CreateForUrlInfo (which is normally used to create
a new SiteInstance in a new BrowsingInstance) is updated to be able to
handle guests, in which case the StoragePartition info needs to be
transferred into the new SiteInstance/BrowsingInstance.

The following are some things that are not part of this CL and will be
addressed in future CLs:
- converting <webview> tests to run in both the legacy and site
  isolation modes.  (This CL does add standalone tests to validate
  site isolation properties.)
- embedder navigating <webview> to about:blank and siteless
  SiteInstances.
- error page navigations, WebViewRendererState, loadDataWithBaseURL.

Bug: 1267977
Change-Id: I3b747640c083a302dc07ee4106af4f6d33928165
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3380343
Reviewed-by: James Maclean <wjmaclean@chromium.org>
Reviewed-by: Charles Reis <creis@chromium.org>
Commit-Queue: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#965525}
2022-02-01 04:43:49 +00:00
Lukasz Anforowicz
15ba43ec8d Use BrowsingInstanceId (not int32_t) in //content/public/browser API.
This CL replaces the return type of SiteInstance::GetBrowsingInstanceId
(int32_t before this CL, BrowsingInstanceId/base::IdType32 after this
CL) and fixes the resulting fall out (switching to use
BrowsingInstanceId instead of int32_t in other places in non-test code).

Bug: 1229798
Change-Id: I7ba69edb38be618b79a16a679c15edddb96be48a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3039322
Reviewed-by: Sigurður Ásgeirsson <siggi@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org>
Cr-Commit-Position: refs/heads/master@{#904092}
2021-07-21 22:50:09 +00:00
Lei Zhang
4f52073ed2 Remove unneeded includes of optional.h from headers.
Headers that do not reference absl::optional do not need to include
third_party/abseil-cpp/absl/types/optional.h.

Bug: 1227131
Change-Id: Ibe634116da4a61260936be5b624fb1b9895505cf
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3036368
Reviewed-by: Nico Weber <thakis@chromium.org>
Owners-Override: Nico Weber <thakis@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/master@{#903283}
2021-07-20 00:52:31 +00:00
Albert J. Wong
1b6dc9656f Merge //base/util/type_safety into //base/types.
This is part of merging all of //base/util back into //base.

Bug: 1227210
Change-Id: I4440beb5ed161cfab78b19915d09e71d4834d82e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3012177
Reviewed-by: Wez <wez@chromium.org>
Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org>
Commit-Queue: Wez <wez@chromium.org>
Owners-Override: Wez <wez@chromium.org>
Auto-Submit: Albert J. Wong <ajwong@chromium.org>
Cr-Commit-Position: refs/heads/master@{#900074}
2021-07-09 18:06:57 +00:00
Anton Bikineev
f62d1bf48e content: Replace base::Optional and friends with absl counterparts
This replaces:
- base::Optional -> absl::optional
- include "base/optional.h"
  ->
  include "third_party/abseil-cpp/absl/types/optional.h"
- base::nullopt -> absl::nullopt
- base::make_optional -> absl::make_optional

Bug: 1202909
Change-Id: Ie9f37bcbf6115632a19f4d063387d07b3723926f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2897246
Commit-Queue: Peter Kasting <pkasting@chromium.org>
Reviewed-by: Peter Kasting <pkasting@chromium.org>
Owners-Override: Peter Kasting <pkasting@chromium.org>
Cr-Commit-Position: refs/heads/master@{#883270}
2021-05-15 17:56:07 +00:00
Maciej Pawlowski
a37782a093 Rename build/util/type-safety to build/util/type_safety
This is for consistency, most other code uses underscores to separate words
rather than dashes.

Bug: 954080
Change-Id: I3b0d1e0a33e5196344fbd7d52f187f87607bbcb2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1608742
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Antoine Labour <piman@chromium.org>
Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org>
Commit-Queue: Maciej Pawlowski <mpawlowski@opera.com>
Cr-Commit-Position: refs/heads/master@{#660307}
2019-05-16 06:40:28 +00:00
Maciej Pawlowski
4a3ac685f3 Move id_type.h from gpu/command_buffer/common to base/util
Changed only the namespace, header guards, BUILD.gn etc., the entire
implementation was left untouched. Further alignments and generalization
to come.

Bug: 954080
Change-Id: I6cb5388fefb606e04b5be1463e86a792a75c4bf7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1571695
Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org>
Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org>
Reviewed-by: Antoine Labour <piman@chromium.org>
Reviewed-by: Albert J. Wong <ajwong@chromium.org>
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Reviewed-by: Reilly Grant <reillyg@chromium.org>
Reviewed-by: Kenneth Russell <kbr@chromium.org>
Reviewed-by: Elly Fong-Jones <ellyjones@chromium.org>
Reviewed-by: Andrew Grieve <agrieve@chromium.org>
Cr-Commit-Position: refs/heads/master@{#658153}
2019-05-09 17:06:14 +00:00
Alex Moshchuk
99b7954248 Implement per-profile isolated origins.
Previously, isolated origins would apply globally for all profiles in
the entire browser.  This CL introduces support for associating
isolated origins with specific BrowserContexts (i.e., profiles):

1. The API for adding new isolated origins,
   ChildProcessSecurityPolicyImpl::AddIsolatedOrigins(), can now take
   a BrowserContext in which the origin should apply.

2. Entries in the map of isolated origins are extended to optionally
   contain the BrowserContext to which they apply.  If this is not
   specified, the corresponding isolated origin still applies globally
   to all profiles.  To facilitate checks on the IO thread, the
   ResourceContext (BrowserContext's representation on the IO thread)
   is also stored in the entry.

3. IsolationContext now also carries profile information (as
   BrowserOrResourceContext), and GetMatchingIsolatedOrigin() consults
   it to see if the profiles match when looking for matching isolated
   origins.  Various tests are updated to pass a proper BrowserContext
   to the IsolationContexts they construct.

Bug: 905513
Change-Id: Iad1fd2ca4ea701f9e088d30fa1b8582de9fbed67
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1497794
Commit-Queue: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org>
Cr-Commit-Position: refs/heads/master@{#638360}
2019-03-07 00:27:32 +00:00
Alex Moshchuk
8e5c195150 Implement support for dynamically added isolated origins.
This CL introduces an ability to add isolated origins at any time, rather
than only at browser startup.  Isolated origins added dynamically will
apply only to future BrowsingInstances and processes.

To do this, the calls involved in making process model decisions and
looking up isolated origins, such as DoesSiteRequireDedicatedProcess,
need to be aware of which BrowsingInstance is asking.  This CL adds
the required plumbing in the form of a new IsolationContext object.
For now, IsolationContext only contains the BrowsingInstance ID, but
in the future it will be extended to include BrowserContext info as
well, allowing isolated origins to also be scoped to particular
profiles.  Calls that currently take both BrowserContext and
IsolationContext will be able to simply pass an IsolationContext.

Design doc: https://goo.gl/4xVPKW

Bug: 905513
Change-Id: I5d6fb7724524e85efe492da26077209fa90be1bf
Reviewed-on: https://chromium-review.googlesource.com/c/1377616
Commit-Queue: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org>
Cr-Commit-Position: refs/heads/master@{#622715}
2019-01-15 03:39:50 +00:00