Google Git
Sign in
chromium / chromium / src.git / 47dd00fecb9fb9e9908f3b74de8eb45e658522ec^! / . / content / browser / site_instance_impl.cc
commit47dd00fecb9fb9e9908f3b74de8eb45e658522ec[log] [tgz]
authorAlex Moshchuk <[email protected]>Tue Oct 10 17:15:23 2017
committerCommit Bot <[email protected]>Tue Oct 10 17:15:23 2017
tree12d1859994e73c6cc00e8f4ddd282dece4af9c30
parentffba4ee69dca0e2b4e80b04355e54a34bf45c8bf [diff] [blame]
Add sanity check that regular sites don't commit into dedicated processes

This CHECK ensures that when a site that doesn't require a dedicated
process commits, we are never putting it in a process already locked
to some other site.

Bug: 773140
Change-Id: Ib30e18772d12b9a2bdaa27d8478f1c22aa815dae
Reviewed-on: https://chromium-review.googlesource.com/707784
Reviewed-by: Charlie Reis <[email protected]>
Commit-Queue: Alex Moshchuk <[email protected]>
Cr-Commit-Position: refs/heads/master@{#507700}
diff --git a/content/browser/site_instance_impl.cc b/content/browser/site_instance_impl.cc
index c2a68fc3..94b8958 100644
--- a/content/browser/site_instance_impl.cc
+++ b/content/browser/site_instance_impl.cc

@@ -507,24 +507,24 @@
   bool was_unused = process_->IsUnused();
   process_->SetIsUsed();
 
-  // TODO(nick): When all sites are isolated, this operation provides strong
-  // protection. If only some sites are isolated, we need additional logic to
-  // prevent the non-isolated sites from requesting resources for isolated
-  // sites. https://crbug.com/509125
+  ChildProcessSecurityPolicyImpl* policy =
+      ChildProcessSecurityPolicyImpl::GetInstance();
+  auto lock_state = policy->CheckOriginLock(process_->GetID(), site_);
   if (ShouldLockToOrigin(GetBrowserContext(), process_, site_)) {
-    ChildProcessSecurityPolicyImpl* policy =
-        ChildProcessSecurityPolicyImpl::GetInstance();
-
     // Sanity check that this won't try to assign an origin lock to a <webview>
     // process, which can't be locked.
     CHECK(!process_->IsForGuestsOnly());
 
-    auto lock_state = policy->CheckOriginLock(process_->GetID(), site_);
     switch (lock_state) {
       case ChildProcessSecurityPolicyImpl::CheckOriginLockResult::NO_LOCK: {
         // TODO(alexmos): Turn this into a CHECK once https://crbug.com/738634
         // is fixed.
         DCHECK(was_unused);
+
+        // TODO(nick): When all sites are isolated, this operation provides
+        // strong protection. If only some sites are isolated, we need
+        // additional logic to prevent the non-isolated sites from requesting
+        // resources for isolated sites. https://crbug.com/509125
         policy->LockToOrigin(process_->GetID(), site_);
         break;
       }
@@ -542,6 +542,12 @@
       default:
         NOTREACHED();
     }
+  } else {
+    // If the site that we've just committed doesn't require a dedicated
+    // process, make sure we aren't putting it in a process for a site that
+    // does.
+    CHECK_EQ(lock_state,
+             ChildProcessSecurityPolicyImpl::CheckOriginLockResult::NO_LOCK);
   }
 }