diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2021-03-12 09:13:00 +0100 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2021-03-16 09:58:26 +0000 |
commit | 03561cae90f1d99b5c54b1ef3be69f10e882b25e (patch) | |
tree | cc5f0958e823c044e7ae51cc0117fe51432abe5e /chromium/components/site_isolation | |
parent | fa98118a45f7e169f8846086dc2c22c49a8ba310 (diff) | |
download | qtwebengine-chromium-03561cae90f1d99b5c54b1ef3be69f10e882b25e.tar.gz |
BASELINE: Update Chromium to 88.0.4324.208
Change-Id: I3ae87d23e4eff4b4a469685658740a213600c667
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'chromium/components/site_isolation')
4 files changed, 142 insertions, 3 deletions
diff --git a/chromium/components/site_isolation/BUILD.gn b/chromium/components/site_isolation/BUILD.gn index 6e877b2c355..ee7127a3ab2 100644 --- a/chromium/components/site_isolation/BUILD.gn +++ b/chromium/components/site_isolation/BUILD.gn @@ -6,8 +6,10 @@ import("//build/buildflag_header.gni") import("//build/config/chrome_build.gni") declare_args() { - # Normally, only official Chrome Android builds will use a Google-internal - # list of isolated origins defined below. + # Normally, only Google Chrome Android and Fuchsia WebEngine builds will use + # a Google-internal list of isolated origins defined below. + # If other Fuchsia embedders are added, the associated logic may need to be + # updated. See crbug.com/1179087. # # You can set the variable 'use_internal_isolated_origins' to true to use this # Google-internal list of isolated origins even in a developer build. Setting @@ -15,7 +17,7 @@ declare_args() { # internal file is missing. use_internal_isolated_origins = false - if (is_chrome_branded && is_android) { + if (is_chrome_branded && (is_android || is_fuchsia)) { use_internal_isolated_origins = true } } diff --git a/chromium/components/site_isolation/site_isolation_policy.cc b/chromium/components/site_isolation/site_isolation_policy.cc index 9a91d3034b0..e9e300cfebd 100644 --- a/chromium/components/site_isolation/site_isolation_policy.cc +++ b/chromium/components/site_isolation/site_isolation_policy.cc @@ -130,4 +130,19 @@ void SiteIsolationPolicy::ApplyPersistedIsolatedOrigins( "SiteIsolation.SavedUserTriggeredIsolatedOrigins.Size", origins.size()); } +// static +bool SiteIsolationPolicy::ShouldPdfCompositorBeEnabledForOopifs() { + // We only create pdf compositor client and use pdf compositor service when + // one of the site isolation modes that forces OOPIFs is on. This includes + // full site isolation on desktop, password-triggered site isolation on + // Android for high-memory devices, and/or isolated origins specified via + // command line, enterprise policy, or field trials. + // + // TODO(weili, thestig): Eventually, we should remove this check and use pdf + // compositor service by default for printing. + return content::SiteIsolationPolicy::UseDedicatedProcessesForAllSites() || + IsIsolationForPasswordSitesEnabled() || + content::SiteIsolationPolicy::AreIsolatedOriginsEnabled(); +} + } // namespace site_isolation diff --git a/chromium/components/site_isolation/site_isolation_policy.h b/chromium/components/site_isolation/site_isolation_policy.h index ade65a884d6..2a56331cb09 100644 --- a/chromium/components/site_isolation/site_isolation_policy.h +++ b/chromium/components/site_isolation/site_isolation_policy.h @@ -45,6 +45,10 @@ class SiteIsolationPolicy { // memory threshold. static bool ShouldDisableSiteIsolationDueToMemoryThreshold(); + // Returns true if the PDF compositor should be enabled to allow out-of- + // process iframes (OOPIF's) to print properly. + static bool ShouldPdfCompositorBeEnabledForOopifs(); + private: DISALLOW_IMPLICIT_CONSTRUCTORS(SiteIsolationPolicy); }; diff --git a/chromium/components/site_isolation/site_isolation_policy_unittest.cc b/chromium/components/site_isolation/site_isolation_policy_unittest.cc index 47d16fddefb..c77a6989461 100644 --- a/chromium/components/site_isolation/site_isolation_policy_unittest.cc +++ b/chromium/components/site_isolation/site_isolation_policy_unittest.cc @@ -27,8 +27,11 @@ #include "content/public/common/content_features.h" #include "content/public/common/content_switches.h" #include "content/public/test/browser_task_environment.h" +#include "content/public/test/navigation_simulator.h" #include "content/public/test/test_browser_context.h" +#include "content/public/test/test_renderer_host.h" #include "content/public/test/test_utils.h" +#include "content/public/test/web_contents_tester.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" @@ -935,4 +938,119 @@ TEST_F(BuiltInIsolatedOriginsTest, NotAppliedWithFullSiteIsolation) { } #endif +// Helper class for tests that use header-based opt-in origin isolation and +// simulate a 512MB device, while turning off strict site isolation. This is +// used for checking how opt-in origin isolation behaves with site isolation +// memory thresholds. +class OptInOriginIsolationPolicyTest : public BaseSiteIsolationTest { + public: + OptInOriginIsolationPolicyTest() = default; + + protected: + void SetUp() override { + // Simulate a 512MB device. + base::CommandLine::ForCurrentProcess()->AppendSwitch( + switches::kEnableLowEndDeviceMode); + EXPECT_EQ(512, base::SysInfo::AmountOfPhysicalMemoryMB()); + // Turn off strict site isolation. This simulates what would happen on + // Android. + SetEnableStrictSiteIsolation(false); + // Enable Origin-Agent-Cluster header. + feature_list_.InitAndEnableFeature(::features::kOriginIsolationHeader); + BaseSiteIsolationTest::SetUp(); + } + + content::BrowserContext* browser_context() { return &browser_context_; } + + private: + content::BrowserTaskEnvironment task_environment_; + content::TestBrowserContext browser_context_; + content::RenderViewHostTestEnabler rvh_test_enabler_; + + base::test::ScopedFeatureList feature_list_; + + DISALLOW_COPY_AND_ASSIGN(OptInOriginIsolationPolicyTest); +}; + +// Check that opt-in origin isolation is not applied when below the memory +// threshold (and when full site isolation is not used). +TEST_F(OptInOriginIsolationPolicyTest, BelowThreshold) { + if (ShouldSkipBecauseOfConflictingCommandLineSwitches()) + return; + + // Define a memory threshold at 768MB. This is above the 512MB of physical + // memory that this test simulates, so opt-in origin isolation should be + // disabled. + base::test::ScopedFeatureList memory_feature; + memory_feature.InitAndEnableFeatureWithParameters( + features::kSitePerProcessOnlyForHighMemoryClients, + {{features::kSitePerProcessOnlyForHighMemoryClientsParamName, "768"}}); + + EXPECT_FALSE(content::SiteIsolationPolicy::IsOptInOriginIsolationEnabled()); + + // Simulate a navigation to a URL that serves an Origin-Agent-Cluster header. + // Since we're outside of content/, it's difficult to verify that internal + // ChildProcessSecurityPolicy state wasn't changed by opt-in origin + // isolation. Instead, verify that the resulting SiteInstance doesn't + // require a dedicated process. This should be the end result, and it + // implicitly checks that ChildProcessSecurityPolicy::IsIsolatedOrigin() + // doesn't return true for this origin. + const GURL kUrl("https://www.google.com/"); + std::unique_ptr<content::WebContents> web_contents = + content::WebContentsTester::CreateTestWebContents(browser_context(), + nullptr); + std::unique_ptr<content::NavigationSimulator> simulator = + content::NavigationSimulator::CreateBrowserInitiated(kUrl, + web_contents.get()); + simulator->Start(); + auto response_headers = + base::MakeRefCounted<net::HttpResponseHeaders>("HTTP/1.1 200 OK"); + response_headers->SetHeader("Origin-Agent-Cluster", "?1"); + simulator->SetResponseHeaders(response_headers); + simulator->Commit(); + + content::SiteInstance* site_instance = + simulator->GetFinalRenderFrameHost()->GetSiteInstance(); + EXPECT_FALSE(site_instance->RequiresDedicatedProcess()); +} + +// Counterpart to the test above, but verifies that opt-in origin isolation is +// enabled when above the memory threshold. +TEST_F(OptInOriginIsolationPolicyTest, AboveThreshold) { + if (ShouldSkipBecauseOfConflictingCommandLineSwitches()) + return; + + // Define a memory threshold at 128MB. This is below the 512MB of physical + // memory that this test simulates, so opt-in origin isolation should be + // enabled. + base::test::ScopedFeatureList memory_feature; + memory_feature.InitAndEnableFeatureWithParameters( + features::kSitePerProcessOnlyForHighMemoryClients, + {{features::kSitePerProcessOnlyForHighMemoryClientsParamName, "128"}}); + + EXPECT_TRUE(content::SiteIsolationPolicy::IsOptInOriginIsolationEnabled()); + + // Simulate a navigation to a URL that serves an Origin-Agent-Cluster header. + // Verify that the resulting SiteInstance requires a dedicated process. Note + // that this test disables strict site isolation, so this would happen only + // if opt-in isolation took place. + const GURL kUrl("https://www.google.com/"); + std::unique_ptr<content::WebContents> web_contents = + content::WebContentsTester::CreateTestWebContents(browser_context(), + nullptr); + std::unique_ptr<content::NavigationSimulator> simulator = + content::NavigationSimulator::CreateBrowserInitiated(kUrl, + web_contents.get()); + simulator->Start(); + auto response_headers = + base::MakeRefCounted<net::HttpResponseHeaders>("HTTP/1.1 200 OK"); + response_headers->SetHeader("Origin-Agent-Cluster", "?1"); + simulator->SetResponseHeaders(response_headers); + simulator->Commit(); + + content::SiteInstance* site_instance = + simulator->GetFinalRenderFrameHost()->GetSiteInstance(); + EXPECT_TRUE(site_instance->RequiresDedicatedProcess()); +} + } // namespace site_isolation |