BASELINE: Update Chromium to 88.0.4324.208

Change-Id: I3ae87d23e4eff4b4a469685658740a213600c667
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

4 files changed, 142 insertions, 3 deletions

diff --git a/chromium/components/site_isolation/BUILD.gn b/chromium/components/site_isolation/BUILD.gn
index 6e877b2c355..ee7127a3ab2 100644
--- a/chromium/components/site_isolation/BUILD.gn
+++ b/chromium/components/site_isolation/BUILD.gn
@@ -6,8 +6,10 @@ import("//build/buildflag_header.gni")
 import("//build/config/chrome_build.gni")
 
 declare_args() {
-  # Normally, only official Chrome Android builds will use a Google-internal
-  # list of isolated origins defined below.
+  # Normally, only Google Chrome Android and Fuchsia WebEngine builds will use
+  # a Google-internal list of isolated origins defined below.
+  # If other Fuchsia embedders are added, the associated logic may need to be
+  # updated. See crbug.com/1179087.
   #
   # You can set the variable 'use_internal_isolated_origins' to true to use this
   # Google-internal list of isolated origins even in a developer build.  Setting
@@ -15,7 +17,7 @@ declare_args() {
   # internal file is missing.
   use_internal_isolated_origins = false
 
-  if (is_chrome_branded && is_android) {
+  if (is_chrome_branded && (is_android || is_fuchsia)) {
     use_internal_isolated_origins = true
   }
 }
diff --git a/chromium/components/site_isolation/site_isolation_policy.cc b/chromium/components/site_isolation/site_isolation_policy.cc
index 9a91d3034b0..e9e300cfebd 100644
--- a/chromium/components/site_isolation/site_isolation_policy.cc
+++ b/chromium/components/site_isolation/site_isolation_policy.cc
@@ -130,4 +130,19 @@ void SiteIsolationPolicy::ApplyPersistedIsolatedOrigins(
       "SiteIsolation.SavedUserTriggeredIsolatedOrigins.Size", origins.size());
 }
 
+// static
+bool SiteIsolationPolicy::ShouldPdfCompositorBeEnabledForOopifs() {
+  // We only create pdf compositor client and use pdf compositor service when
+  // one of the site isolation modes that forces OOPIFs is on. This includes
+  // full site isolation on desktop, password-triggered site isolation on
+  // Android for high-memory devices, and/or isolated origins specified via
+  // command line, enterprise policy, or field trials.
+  //
+  // TODO(weili, thestig): Eventually, we should remove this check and use pdf
+  // compositor service by default for printing.
+  return content::SiteIsolationPolicy::UseDedicatedProcessesForAllSites() ||
+         IsIsolationForPasswordSitesEnabled() ||
+         content::SiteIsolationPolicy::AreIsolatedOriginsEnabled();
+}
+
 }  // namespace site_isolation
diff --git a/chromium/components/site_isolation/site_isolation_policy.h b/chromium/components/site_isolation/site_isolation_policy.h
index ade65a884d6..2a56331cb09 100644
--- a/chromium/components/site_isolation/site_isolation_policy.h
+++ b/chromium/components/site_isolation/site_isolation_policy.h
@@ -45,6 +45,10 @@ class SiteIsolationPolicy {
   // memory threshold.
   static bool ShouldDisableSiteIsolationDueToMemoryThreshold();
 
+  // Returns true if the PDF compositor should be enabled to allow out-of-
+  // process iframes (OOPIF's) to print properly.
+  static bool ShouldPdfCompositorBeEnabledForOopifs();
+
  private:
   DISALLOW_IMPLICIT_CONSTRUCTORS(SiteIsolationPolicy);
 };
diff --git a/chromium/components/site_isolation/site_isolation_policy_unittest.cc b/chromium/components/site_isolation/site_isolation_policy_unittest.cc
index 47d16fddefb..c77a6989461 100644
--- a/chromium/components/site_isolation/site_isolation_policy_unittest.cc
+++ b/chromium/components/site_isolation/site_isolation_policy_unittest.cc
@@ -27,8 +27,11 @@
 #include "content/public/common/content_features.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/test/browser_task_environment.h"
+#include "content/public/test/navigation_simulator.h"
 #include "content/public/test/test_browser_context.h"
+#include "content/public/test/test_renderer_host.h"
 #include "content/public/test/test_utils.h"
+#include "content/public/test/web_contents_tester.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -935,4 +938,119 @@ TEST_F(BuiltInIsolatedOriginsTest, NotAppliedWithFullSiteIsolation) {
 }
 #endif
 
+// Helper class for tests that use header-based opt-in origin isolation and
+// simulate a 512MB device, while turning off strict site isolation.  This is
+// used for checking how opt-in origin isolation behaves with site isolation
+// memory thresholds.
+class OptInOriginIsolationPolicyTest : public BaseSiteIsolationTest {
+ public:
+  OptInOriginIsolationPolicyTest() = default;
+
+ protected:
+  void SetUp() override {
+    // Simulate a 512MB device.
+    base::CommandLine::ForCurrentProcess()->AppendSwitch(
+        switches::kEnableLowEndDeviceMode);
+    EXPECT_EQ(512, base::SysInfo::AmountOfPhysicalMemoryMB());
+    // Turn off strict site isolation.  This simulates what would happen on
+    // Android.
+    SetEnableStrictSiteIsolation(false);
+    // Enable Origin-Agent-Cluster header.
+    feature_list_.InitAndEnableFeature(::features::kOriginIsolationHeader);
+    BaseSiteIsolationTest::SetUp();
+  }
+
+  content::BrowserContext* browser_context() { return &browser_context_; }
+
+ private:
+  content::BrowserTaskEnvironment task_environment_;
+  content::TestBrowserContext browser_context_;
+  content::RenderViewHostTestEnabler rvh_test_enabler_;
+
+  base::test::ScopedFeatureList feature_list_;
+
+  DISALLOW_COPY_AND_ASSIGN(OptInOriginIsolationPolicyTest);
+};
+
+// Check that opt-in origin isolation is not applied when below the memory
+// threshold (and when full site isolation is not used).
+TEST_F(OptInOriginIsolationPolicyTest, BelowThreshold) {
+  if (ShouldSkipBecauseOfConflictingCommandLineSwitches())
+    return;
+
+  // Define a memory threshold at 768MB.  This is above the 512MB of physical
+  // memory that this test simulates, so opt-in origin isolation should be
+  // disabled.
+  base::test::ScopedFeatureList memory_feature;
+  memory_feature.InitAndEnableFeatureWithParameters(
+      features::kSitePerProcessOnlyForHighMemoryClients,
+      {{features::kSitePerProcessOnlyForHighMemoryClientsParamName, "768"}});
+
+  EXPECT_FALSE(content::SiteIsolationPolicy::IsOptInOriginIsolationEnabled());
+
+  // Simulate a navigation to a URL that serves an Origin-Agent-Cluster header.
+  // Since we're outside of content/, it's difficult to verify that internal
+  // ChildProcessSecurityPolicy state wasn't changed by opt-in origin
+  // isolation.  Instead, verify that the resulting SiteInstance doesn't
+  // require a dedicated process.  This should be the end result, and it
+  // implicitly checks that ChildProcessSecurityPolicy::IsIsolatedOrigin()
+  // doesn't return true for this origin.
+  const GURL kUrl("https://www.google.com/");
+  std::unique_ptr<content::WebContents> web_contents =
+      content::WebContentsTester::CreateTestWebContents(browser_context(),
+                                                        nullptr);
+  std::unique_ptr<content::NavigationSimulator> simulator =
+      content::NavigationSimulator::CreateBrowserInitiated(kUrl,
+                                                           web_contents.get());
+  simulator->Start();
+  auto response_headers =
+      base::MakeRefCounted<net::HttpResponseHeaders>("HTTP/1.1 200 OK");
+  response_headers->SetHeader("Origin-Agent-Cluster", "?1");
+  simulator->SetResponseHeaders(response_headers);
+  simulator->Commit();
+
+  content::SiteInstance* site_instance =
+      simulator->GetFinalRenderFrameHost()->GetSiteInstance();
+  EXPECT_FALSE(site_instance->RequiresDedicatedProcess());
+}
+
+// Counterpart to the test above, but verifies that opt-in origin isolation is
+// enabled when above the memory threshold.
+TEST_F(OptInOriginIsolationPolicyTest, AboveThreshold) {
+  if (ShouldSkipBecauseOfConflictingCommandLineSwitches())
+    return;
+
+  // Define a memory threshold at 128MB.  This is below the 512MB of physical
+  // memory that this test simulates, so opt-in origin isolation should be
+  // enabled.
+  base::test::ScopedFeatureList memory_feature;
+  memory_feature.InitAndEnableFeatureWithParameters(
+      features::kSitePerProcessOnlyForHighMemoryClients,
+      {{features::kSitePerProcessOnlyForHighMemoryClientsParamName, "128"}});
+
+  EXPECT_TRUE(content::SiteIsolationPolicy::IsOptInOriginIsolationEnabled());
+
+  // Simulate a navigation to a URL that serves an Origin-Agent-Cluster header.
+  // Verify that the resulting SiteInstance requires a dedicated process.  Note
+  // that this test disables strict site isolation, so this would happen only
+  // if opt-in isolation took place.
+  const GURL kUrl("https://www.google.com/");
+  std::unique_ptr<content::WebContents> web_contents =
+      content::WebContentsTester::CreateTestWebContents(browser_context(),
+                                                        nullptr);
+  std::unique_ptr<content::NavigationSimulator> simulator =
+      content::NavigationSimulator::CreateBrowserInitiated(kUrl,
+                                                           web_contents.get());
+  simulator->Start();
+  auto response_headers =
+      base::MakeRefCounted<net::HttpResponseHeaders>("HTTP/1.1 200 OK");
+  response_headers->SetHeader("Origin-Agent-Cluster", "?1");
+  simulator->SetResponseHeaders(response_headers);
+  simulator->Commit();
+
+  content::SiteInstance* site_instance =
+      simulator->GetFinalRenderFrameHost()->GetSiteInstance();
+  EXPECT_TRUE(site_instance->RequiresDedicatedProcess());
+}
+
 }  // namespace site_isolation