Google Git
Sign in
chromium / chromium / src / main / . / content / browser / process_lock.cc
blob: 7eea2fcb1288c678c4f20d57b6fb496ea96623ed [file] [log] [blame]
// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "content/browser/process_lock.h"
#include "base/strings/stringprintf.h"
#include "content/browser/agent_cluster_key.h"
#include "content/public/browser/browser_thread.h"
#include "content/public/browser/web_exposed_isolation_level.h"
namespace content {
// static
ProcessLock ProcessLock::CreateAllowAnySite(
const StoragePartitionConfig& storage_partition_config,
const WebExposedIsolationInfo& web_exposed_isolation_info) {
WebExposedIsolationLevel web_exposed_isolation_level =
SiteInfo::ComputeWebExposedIsolationLevelForEmptySite(
web_exposed_isolation_info);
return ProcessLock(SiteInfo(
/*site_url=*/GURL(), /*process_lock_url=*/GURL(),
/*requires_origin_keyed_process=*/false,
/*requires_origin_keyed_process_by_default=*/false,
/*is_sandboxed=*/false, UrlInfo::kInvalidUniqueSandboxId,
storage_partition_config, web_exposed_isolation_info,
web_exposed_isolation_level, /*is_guest=*/false,
/*does_site_request_dedicated_process_for_coop=*/false,
/*is_jit_disabled=*/false, /*are_v8_optimizations_disabled=*/false,
/*is_pdf=*/false, /*is_fenced=*/false, std::nullopt));
}
// static
ProcessLock ProcessLock::Create(const IsolationContext& isolation_context,
const UrlInfo& url_info) {
DCHECK(url_info.storage_partition_config.has_value());
if (BrowserThread::CurrentlyOn(BrowserThread::UI))
return ProcessLock(SiteInfo::Create(isolation_context, url_info));
DCHECK_CURRENTLY_ON(BrowserThread::IO);
// On the IO thread we need to use a special SiteInfo creation method because
// we cannot properly compute some SiteInfo fields on that thread.
// ProcessLocks must always match no matter which thread they were created on,
// but the SiteInfo objects used to create them may not always match.
return ProcessLock(SiteInfo::CreateOnIOThread(isolation_context, url_info));
}
// static
ProcessLock ProcessLock::FromSiteInfo(const SiteInfo& site_info) {
return ProcessLock(site_info);
}
ProcessLock::ProcessLock(const SiteInfo& site_info) : site_info_(site_info) {}
ProcessLock::ProcessLock() = default;
ProcessLock::ProcessLock(const ProcessLock&) = default;
ProcessLock& ProcessLock::operator=(const ProcessLock&) = default;
ProcessLock::~ProcessLock() = default;
StoragePartitionConfig ProcessLock::GetStoragePartitionConfig() const {
DCHECK(site_info_.has_value());
return site_info_->storage_partition_config();
}
WebExposedIsolationInfo ProcessLock::GetWebExposedIsolationInfo() const {
return site_info_.has_value() ? site_info_->web_exposed_isolation_info()
: WebExposedIsolationInfo::CreateNonIsolated();
}
WebExposedIsolationLevel ProcessLock::GetWebExposedIsolationLevel() const {
return site_info_.has_value() ? site_info_->web_exposed_isolation_level()
: WebExposedIsolationLevel::kNotIsolated;
}
bool ProcessLock::IsASiteOrOrigin() const {
const GURL lock_url = ProcessLock::lock_url();
return lock_url.has_scheme() && lock_url.has_host() && lock_url.is_valid();
}
bool ProcessLock::HasOpaqueOrigin() const {
DCHECK(is_locked_to_site());
return url::Origin::Create(lock_url()).opaque();
}
bool ProcessLock::MatchesOrigin(const url::Origin& origin) const {
url::Origin process_lock_origin = url::Origin::Create(lock_url());
return origin == process_lock_origin;
}
bool ProcessLock::IsCompatibleWithWebExposedIsolation(
const SiteInfo& site_info) const {
if (!site_info_.has_value()) {
return true;
}
// Check if the WebExposedIsolationInfos are compatible.
if (site_info_->web_exposed_isolation_info() !=
site_info.web_exposed_isolation_info()) {
return false;
}
// Check if the CrossOriginIsolationKeys are compatible.
//
// TODO(crbug.com/349755777): Currently, this prevents a RenderProcessHost
// with a ProcessLock created with ProcessLock::CreateAllowAnySite to be
// reused for navigations to documents with DocumentIsolationPolicy, even if
// the RenderProcessHost has not been used and it would be safe to reuse it.
//
// Unfortunately, ProcessLock::CreateAllowAnySite will result in the
// associated RenderProcessHost to be marked as crossOriginIsolated or not,
// depending on the passed WebExposedIsolationInfo. It cannot be set to a
// different crossOriginIsolated status again (without removing checks that
// the COI status of the process cannot change).
//
// Therefore, we need this check to avoid reusing a process matching a
// ProcessLock created ProcessLock::CreateAllowAnySite, and triggering the COI
// state change check in the renderer process.
//
// We should refactor how COI status is set in the renderer process, so that
// unused RenderProcessHosts are not assigned a COI status. This will allow
// them to be reused regardless of the COI status of the navigation.
std::optional<AgentClusterKey::CrossOriginIsolationKey> this_coi_key =
site_info_->agent_cluster_key()
? site_info_->agent_cluster_key()->GetCrossOriginIsolationKey()
: std::nullopt;
std::optional<AgentClusterKey::CrossOriginIsolationKey> other_coi_key =
site_info.agent_cluster_key()
? site_info.agent_cluster_key()->GetCrossOriginIsolationKey()
: std::nullopt;
return this_coi_key == other_coi_key;
}
bool ProcessLock::operator==(const ProcessLock& rhs) const {
if (site_info_.has_value() != rhs.site_info_.has_value())
return false;
if (!site_info_.has_value()) // Neither has a value, so they're equal.
return true;
// At this point, both `this` and `rhs` are known to have valid SiteInfos.
// Here we proceed with a comparison almost identical to
// SiteInfo::MakeSecurityPrincipalKey(), except that `site_url_` is excluded.
return site_info_->ProcessLockCompareTo(rhs.site_info_.value()) == 0;
}
bool ProcessLock::operator!=(const ProcessLock& rhs) const {
return !(*this == rhs);
}
bool ProcessLock::operator<(const ProcessLock& rhs) const {
if (!site_info_.has_value() && !rhs.site_info_.has_value())
return false;
if (!site_info_.has_value()) // Here rhs.site_info_.has_value() is true.
return true;
if (!rhs.site_info_.has_value()) // Here site_info_.has_value() is true.
return false;
// At this point, both `this` and `rhs` are known to have valid SiteInfos.
// Here we proceed with a comparison almost identical to
// SiteInfo::MakeSecurityPrincipalKey(), except that `site_url_` is excluded.
return site_info_->ProcessLockCompareTo(rhs.site_info_.value()) < 0;
}
std::string ProcessLock::ToString() const {
std::string ret = "{ ";
if (site_info_.has_value()) {
ret += lock_url().possibly_invalid_spec();
if (is_origin_keyed_process())
ret += " origin-keyed";
if (is_sandboxed()) {
ret += " sandboxed";
if (site_info_->unique_sandbox_id() != UrlInfo::kInvalidUniqueSandboxId)
ret += base::StringPrintf(" (id=%d)", site_info_->unique_sandbox_id());
}
if (is_pdf())
ret += " pdf";
if (is_guest())
ret += " guest";
if (is_fenced())
ret += " fenced";
if (GetWebExposedIsolationInfo().is_isolated()) {
ret += " cross-origin-isolated";
if (GetWebExposedIsolationInfo().is_isolated_application())
ret += "-application";
ret += " coi-origin='" +
GetWebExposedIsolationInfo().origin().GetDebugString() + "'";
}
if (!GetStoragePartitionConfig().is_default()) {
ret += ", partition=" + GetStoragePartitionConfig().partition_domain() +
"." + GetStoragePartitionConfig().partition_name();
if (GetStoragePartitionConfig().in_memory())
ret += ", in-memory";
}
} else {
ret += " no-site-info";
}
ret += " }";
return ret;
}
std::ostream& operator<<(std::ostream& out, const ProcessLock& process_lock) {
return out << process_lock.ToString();
}
} // namespace content