chromium/src
0
Fork 0
Code Activity
Files
be826009dec48265af15f6f4dbc8266a334f4df1
src/content/browser/process_lock.h
Arthur Sonzogni c686e8f4fd Rename {absl => std}::optional in //content/ 
Automated patch, intended to be effectively a no-op.

Context:
https://groups.google.com/a/chromium.org/g/cxx/c/nBD_1LaanTc/m/ghh-ZZhWAwAJ?utm_medium=email&utm_source=footer

As of https://crrev.com/1204351, absl::optional is now a type alias for
std::optional. We should migrate toward it.

Script:
```
function replace {
  echo "Replacing $1 by $2"
  git grep -l "$1" \
    | cut -f1 -d: \
    | grep \
      -e "^content" \
    | sort \
    | uniq \
    | grep \
      -e "\.h" \
      -e "\.cc" \
      -e "\.mm" \
      -e "\.py" \
    | xargs sed -i "s/$1/$2/g"
}
replace "absl::make_optional" "std::make_optional"
replace "absl::optional" "std::optional"
replace "absl::nullopt" "std::nullopt"
replace "absl::in_place" "std::in_place"
replace "absl::in_place_t" "std::in_place_t"
replace "\"third_party\/abseil-cpp\/absl\/types\/optional.h\"" "<optional>"
git cl format
```

# Skipping unrelated "check_network_annotation" errors.
NOTRY=True

Bug: chromium:1500249
Change-Id: Icfd31a71d8faf63a2e8d5401127e7ee74cc1c413
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5185537
Auto-Submit: Arthur Sonzogni <arthursonzogni@chromium.org>
Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org>
Owners-Override: Avi Drissman <avi@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Reviewed-by: danakj <danakj@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1245739}
2024-01-11 08:36:37 +00:00

226 lines
10 KiB
C++
Raw Blame History

// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CONTENT_BROWSER_PROCESS_LOCK_H_
#define CONTENT_BROWSER_PROCESS_LOCK_H_
#include <optional>
#include "content/browser/site_info.h"
#include "content/browser/url_info.h"
#include "content/browser/web_exposed_isolation_info.h"
#include "content/public/browser/storage_partition_config.h"
#include "content/public/browser/web_exposed_isolation_level.h"
#include "url/origin.h"
namespace content {
class IsolationContext;
// ProcessLock is a core part of Site Isolation, which is used to determine
// which documents are allowed to load in a process and which site data the
// process is allowed to access, based on the SiteInfo principal.
//
// If a process has a ProcessLock in the "invalid" state, then no SiteInstances
// have been associated with the process and access should not be granted to
// anything.
//
// Once a process is associated with its first SiteInstance, it transitions to
// the "locked_to_site" or "allow_any_site" state depending on whether the
// SiteInstance requires the process to be locked to a specific site or not.
// If the SiteInstance does not require the process to be locked to a site, the
// process will transition to the "allow_any_site" state and will allow any
// site to commit in the process. Such a process can later be upgraded to the
// "locked_to_site" state if something later determines that the process should
// only allow access to a single site, but only if it hasn't otherwise been used
// to render content. Once the process is in the "locked_to_site" state, it will
// not be able to access site data from other sites.
//
// ProcessLock is currently defined in terms of a single SiteInfo with a process
// lock URL, but it could be possible to define it in terms of multiple
// SiteInfos that are compatible with each other.
class CONTENT_EXPORT ProcessLock {
public:
// Create a lock that that represents a process that is associated with at
// least one SiteInstance, but is not locked to a specific site. Any request
// that wants to commit in this process must have a StoragePartitionConfig
// and web-exposed isolation information (COOP/COEP, for example) that
// match the values used to create this lock.
static ProcessLock CreateAllowAnySite(
const StoragePartitionConfig& storage_partition_config,
const WebExposedIsolationInfo& web_exposed_isolation_info);
// Create a lock for a specific UrlInfo. This method can be called from both
// the UI and IO threads. Locks created with the same parameters must always
// be considered equal independent of what thread they are called on. Special
// care must be taken since SiteInfos created on different threads don't
// always have the same contents for all their fields (e.g. site_url field is
// thread dependent).
static ProcessLock Create(const IsolationContext& isolation_context,
const UrlInfo& url_info);
// Returns a ProcessLock representing what the given |site_info| requires.
// Note that this may be different from the actual ProcessLock of the
// resulting process, in cases where a locked process is not required (e.g.,
// SiteInfos for http://unisolated.invalid).
static ProcessLock FromSiteInfo(const SiteInfo& site_info);
ProcessLock();
ProcessLock(const ProcessLock& rhs);
ProcessLock& operator=(const ProcessLock& rhs);
~ProcessLock();
// Returns true if no information has been set on the lock.
bool is_invalid() const { return !site_info_.has_value(); }
// Returns true if the process is locked, but it is not restricted to a
// specific site. Any site is allowed to commit in the process as long as
// the request's COOP/COEP information matches the info provided when
// the lock was created.
bool allows_any_site() const {
return site_info_.has_value() && site_info_->process_lock_url().is_empty();
}
// Returns true if the lock is restricted to a specific site and requires
// the request's COOP/COEP information to match the values provided when
// the lock was created.
bool is_locked_to_site() const {
return site_info_.has_value() && !site_info_->process_lock_url().is_empty();
}
// Returns the url that corresponds to the SiteInfo the lock is used with. It
// will always be the same as the site URL, except in cases where effective
// urls are in use. Always empty if the SiteInfo uses the default site url.
// TODO(wjmaclean): Delete this accessor once we get to the point where we can
// safely just compare ProcessLocks directly.
const GURL lock_url() const {
return site_info_.has_value() ? site_info_->process_lock_url() : GURL();
}
// Returns the site URL of the SiteInfo with which the lock was constructed.
// Prefer comparing ProcessLocks directly or using lock_url(), unless you
// care about effective URLs.
const GURL site_url() const {
return site_info_.has_value() ? site_info_->site_url() : GURL();
}
// Returns whether this ProcessLock is specific to an origin rather than
// including subdomains, such as due to opt-in origin isolation. This resolves
// an ambiguity of whether a process with a lock_url() like
// "https://foo.example" is allowed to include "https://sub.foo.example" or
// not.
bool is_origin_keyed_process() const {
return site_info_.has_value() &&
site_info_->requires_origin_keyed_process();
}
// True if this ProcessLock is for a sandboxed iframe without
// allow-same-origin.
// TODO(wjmaclean): This function's return type could mutate to an enum in
// future if required for sandboxed iframes that are restricted with different
// sandbox flags.
bool is_sandboxed() const {
return site_info_.has_value() && site_info_->is_sandboxed();
}
// If this ProcessLock is for a sandboxed iframe without allow-same-origin,
// and per-document grouping has been enabled for kIsolateSandboxedIframes,
// then each SiteInfo will have a unique sandbox id encoded as part of the
// lock. If per-document grouping is not enabled, this returns
// UrlInfo::kInvalidUniqueSandboxId.
int unique_sandbox_id() const {
return (site_info_.has_value() ? site_info_->unique_sandbox_id()
: UrlInfo::kInvalidUniqueSandboxId);
}
// Returns whether this ProcessLock is specific to PDF contents.
bool is_pdf() const { return site_info_.has_value() && site_info_->is_pdf(); }
// Returns whether this ProcessLock can only be used for error pages.
bool is_error_page() const {
return site_info_.has_value() && site_info_->is_error_page();
}
// Returns whether this ProcessLock is used for a <webview> guest process.
// This may be false for other types of GuestView.
bool is_guest() const {
return site_info_.has_value() && site_info_->is_guest();
}
// Returns whether this ProcessLock is used for a process that exclusively
// hosts content inside a <fencedframe>.
bool is_fenced() const {
return site_info_.has_value() && site_info_->is_fenced();
}
// Returns the StoragePartitionConfig that corresponds to the SiteInfo the
// lock is used with.
StoragePartitionConfig GetStoragePartitionConfig() const;
// Returns the cross-origin isolation mode of the BrowsingInstance that all
// agents allowed in this ProcessLock belong to. See
// https://html.spec.whatwg.org/multipage/document-sequences.html#cross-origin-isolation-mode
// This is tracked on ProcessLock because a RenderProcessHost can host only
// cross-origin isolated agents or only non-cross-origin isolated agents, not
// both.
WebExposedIsolationInfo GetWebExposedIsolationInfo() const;
// Returns the cross-origin isolated capability of all agents allowed in this
// ProcessLock, without taking into account the 'cross-origin-isolated'
// permissions policy. This ignores permissions policy because it's currently
// possible for agents with the same ProcessLock to have different
// 'cross-origin-isolated' permission policies. This can return a lower
// isolation level than `GetWebExposedIsolationInfo()` if this ProcessLock
// hosts agents that are cross-origin to a top-level document with the
// 'isolated application' isolation level. See
// https://html.spec.whatwg.org/multipage/webappapis.html#dom-crossoriginisolated
WebExposedIsolationLevel GetWebExposedIsolationLevel() const;
// Returns whether lock_url() is at least at the granularity of a site (i.e.,
// a scheme plus eTLD+1, like https://google.com). Also returns true if the
// lock is to a more specific origin (e.g., https://accounts.google.com), but
// not if the lock is empty or applies to an entire scheme (e.g., file://).
bool IsASiteOrOrigin() const;
bool matches_scheme(const std::string& scheme) const {
return scheme == lock_url().scheme();
}
// Returns true if lock_url() has an opaque origin.
bool HasOpaqueOrigin() const;
// Returns true if |origin| matches the lock's origin.
bool MatchesOrigin(const url::Origin& origin) const;
// Returns true if the COOP/COEP origin isolation information in this lock
// is set and matches the information in |site_info|.
// Returns true if the web-exposed isolation level in this lock is set and
// matches (or exceeds) the level set in |site_info|.|.
bool IsCompatibleWithWebExposedIsolation(const SiteInfo& site_info) const;
bool operator==(const ProcessLock& rhs) const;
bool operator!=(const ProcessLock& rhs) const;
// Defined to allow this object to act as a key for std::map.
bool operator<(const ProcessLock& rhs) const;
std::string ToString() const;
private:
explicit ProcessLock(const SiteInfo& site_info);
// TODO(creis): Consider tracking multiple compatible SiteInfos in ProcessLock
// (e.g., multiple sites when Site Isolation is disabled). This can better
// restrict what the process has access to in cases that we currently use an
// allows-any-site ProcessLock.
std::optional<SiteInfo> site_info_;
};
CONTENT_EXPORT std::ostream& operator<<(std::ostream& out,
const ProcessLock& process_lock);
} // namespace content
#endif // CONTENT_BROWSER_PROCESS_LOCK_H_
View Git Blame Copy Permalink