1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
content / browser / process_lock.cc [blame]
// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "content/browser/process_lock.h"
#include "base/strings/stringprintf.h"
#include "content/browser/agent_cluster_key.h"
#include "content/public/browser/browser_thread.h"
#include "content/public/browser/web_exposed_isolation_level.h"
namespace content {
// static
ProcessLock ProcessLock::CreateAllowAnySite(
const StoragePartitionConfig& storage_partition_config,
const WebExposedIsolationInfo& web_exposed_isolation_info) {
WebExposedIsolationLevel web_exposed_isolation_level =
SiteInfo::ComputeWebExposedIsolationLevelForEmptySite(
web_exposed_isolation_info);
return ProcessLock(SiteInfo(
/*site_url=*/GURL(), /*process_lock_url=*/GURL(),
/*requires_origin_keyed_process=*/false,
/*requires_origin_keyed_process_by_default=*/false,
/*is_sandboxed=*/false, UrlInfo::kInvalidUniqueSandboxId,
storage_partition_config, web_exposed_isolation_info,
web_exposed_isolation_level, /*is_guest=*/false,
/*does_site_request_dedicated_process_for_coop=*/false,
/*is_jit_disabled=*/false, /*are_v8_optimizations_disabled=*/false,
/*is_pdf=*/false, /*is_fenced=*/false, std::nullopt));
}
// static
ProcessLock ProcessLock::Create(const IsolationContext& isolation_context,
const UrlInfo& url_info) {
DCHECK(url_info.storage_partition_config.has_value());
if (BrowserThread::CurrentlyOn(BrowserThread::UI))
return ProcessLock(SiteInfo::Create(isolation_context, url_info));
DCHECK_CURRENTLY_ON(BrowserThread::IO);
// On the IO thread we need to use a special SiteInfo creation method because
// we cannot properly compute some SiteInfo fields on that thread.
// ProcessLocks must always match no matter which thread they were created on,
// but the SiteInfo objects used to create them may not always match.
return ProcessLock(SiteInfo::CreateOnIOThread(isolation_context, url_info));
}
// static
ProcessLock ProcessLock::FromSiteInfo(const SiteInfo& site_info) {
return ProcessLock(site_info);
}
ProcessLock::ProcessLock(const SiteInfo& site_info) : site_info_(site_info) {}
ProcessLock::ProcessLock() = default;
ProcessLock::ProcessLock(const ProcessLock&) = default;
ProcessLock& ProcessLock::operator=(const ProcessLock&) = default;
ProcessLock::~ProcessLock() = default;
StoragePartitionConfig ProcessLock::GetStoragePartitionConfig() const {
DCHECK(site_info_.has_value());
return site_info_->storage_partition_config();
}
WebExposedIsolationInfo ProcessLock::GetWebExposedIsolationInfo() const {
return site_info_.has_value() ? site_info_->web_exposed_isolation_info()
: WebExposedIsolationInfo::CreateNonIsolated();
}
WebExposedIsolationLevel ProcessLock::GetWebExposedIsolationLevel() const {
return site_info_.has_value() ? site_info_->web_exposed_isolation_level()
: WebExposedIsolationLevel::kNotIsolated;
}
bool ProcessLock::IsASiteOrOrigin() const {
const GURL lock_url = ProcessLock::lock_url();
return lock_url.has_scheme() && lock_url.has_host() && lock_url.is_valid();
}
bool ProcessLock::HasOpaqueOrigin() const {
DCHECK(is_locked_to_site());
return url::Origin::Create(lock_url()).opaque();
}
bool ProcessLock::MatchesOrigin(const url::Origin& origin) const {
url::Origin process_lock_origin = url::Origin::Create(lock_url());
return origin == process_lock_origin;
}
bool ProcessLock::IsCompatibleWithWebExposedIsolation(
const SiteInfo& site_info) const {
if (!site_info_.has_value()) {
return true;
}
// Check if the WebExposedIsolationInfos are compatible.
if (site_info_->web_exposed_isolation_info() !=
site_info.web_exposed_isolation_info()) {
return false;
}
// Check if the CrossOriginIsolationKeys are compatible.
//
// TODO(crbug.com/349755777): Currently, this prevents a RenderProcessHost
// with a ProcessLock created with ProcessLock::CreateAllowAnySite to be
// reused for navigations to documents with DocumentIsolationPolicy, even if
// the RenderProcessHost has not been used and it would be safe to reuse it.
//
// Unfortunately, ProcessLock::CreateAllowAnySite will result in the
// associated RenderProcessHost to be marked as crossOriginIsolated or not,
// depending on the passed WebExposedIsolationInfo. It cannot be set to a
// different crossOriginIsolated status again (without removing checks that
// the COI status of the process cannot change).
//
// Therefore, we need this check to avoid reusing a process matching a
// ProcessLock created ProcessLock::CreateAllowAnySite, and triggering the COI
// state change check in the renderer process.
//
// We should refactor how COI status is set in the renderer process, so that
// unused RenderProcessHosts are not assigned a COI status. This will allow
// them to be reused regardless of the COI status of the navigation.
std::optional<AgentClusterKey::CrossOriginIsolationKey> this_coi_key =
site_info_->agent_cluster_key()
? site_info_->agent_cluster_key()->GetCrossOriginIsolationKey()
: std::nullopt;
std::optional<AgentClusterKey::CrossOriginIsolationKey> other_coi_key =
site_info.agent_cluster_key()
? site_info.agent_cluster_key()->GetCrossOriginIsolationKey()
: std::nullopt;
return this_coi_key == other_coi_key;
}
bool ProcessLock::operator==(const ProcessLock& rhs) const {
if (site_info_.has_value() != rhs.site_info_.has_value())
return false;
if (!site_info_.has_value()) // Neither has a value, so they're equal.
return true;
// At this point, both `this` and `rhs` are known to have valid SiteInfos.
// Here we proceed with a comparison almost identical to
// SiteInfo::MakeSecurityPrincipalKey(), except that `site_url_` is excluded.
return site_info_->ProcessLockCompareTo(rhs.site_info_.value()) == 0;
}
bool ProcessLock::operator!=(const ProcessLock& rhs) const {
return !(*this == rhs);
}
bool ProcessLock::operator<(const ProcessLock& rhs) const {
if (!site_info_.has_value() && !rhs.site_info_.has_value())
return false;
if (!site_info_.has_value()) // Here rhs.site_info_.has_value() is true.
return true;
if (!rhs.site_info_.has_value()) // Here site_info_.has_value() is true.
return false;
// At this point, both `this` and `rhs` are known to have valid SiteInfos.
// Here we proceed with a comparison almost identical to
// SiteInfo::MakeSecurityPrincipalKey(), except that `site_url_` is excluded.
return site_info_->ProcessLockCompareTo(rhs.site_info_.value()) < 0;
}
std::string ProcessLock::ToString() const {
std::string ret = "{ ";
if (site_info_.has_value()) {
ret += lock_url().possibly_invalid_spec();
if (is_origin_keyed_process())
ret += " origin-keyed";
if (is_sandboxed()) {
ret += " sandboxed";
if (site_info_->unique_sandbox_id() != UrlInfo::kInvalidUniqueSandboxId)
ret += base::StringPrintf(" (id=%d)", site_info_->unique_sandbox_id());
}
if (is_pdf())
ret += " pdf";
if (is_guest())
ret += " guest";
if (is_fenced())
ret += " fenced";
if (GetWebExposedIsolationInfo().is_isolated()) {
ret += " cross-origin-isolated";
if (GetWebExposedIsolationInfo().is_isolated_application())
ret += "-application";
ret += " coi-origin='" +
GetWebExposedIsolationInfo().origin().GetDebugString() + "'";
}
if (!GetStoragePartitionConfig().is_default()) {
ret += ", partition=" + GetStoragePartitionConfig().partition_domain() +
"." + GetStoragePartitionConfig().partition_name();
if (GetStoragePartitionConfig().in_memory())
ret += ", in-memory";
}
} else {
ret += " no-site-info";
}
ret += " }";
return ret;
}
std::ostream& operator<<(std::ostream& out, const ProcessLock& process_lock) {
return out << process_lock.ToString();
}
} // namespace content