Apply Chrome-specific built-in isolated origins on startup.
This CL adds the ability to apply built-in isolated origins that might
be optionally specified in the internal repo. Note that this is still
subject to normal site isolation memory thresholds as well as flags
that disable site isolation. The purpose of this CL is to introduce a
permanent mechanism to replace the set of origins that are currently
applied via field trials on Android using IsolateOrigins.
The internal list is currently set up to be loaded only on Android
official Chrome builds. It can be tested on any developer builds,
including on desktop, by setting a GN flag
use_internal_isolated_origins=true. This requires having src-internal
in your checkout (in particular, having
components/site_isolation/internal).
Other relevant (internal-only) CLs:
Adding internal isolated origins list:
https://chrome-internal-review.googlesource.com/c/chrome/components/site_isolation/+/2829993
Setting up internal repo to populate components/site_isolation/internal:
https://chrome-internal-review.googlesource.com/c/chrome/src-internal/+/2841494
Bug: 1005895
Change-Id: I22f3834ac2cecdab7a461a58c11455f6cd7f6697
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2121074
Reviewed-by: Thomas Anderson <[email protected]>
Reviewed-by: Daniel Cheng <[email protected]>
Reviewed-by: Colin Blundell <[email protected]>
Reviewed-by: Ćukasz Anforowicz <[email protected]>
Commit-Queue: Alex Moshchuk <[email protected]>
Cr-Commit-Position: refs/heads/master@{#761528}
diff --git a/chrome/browser/BUILD.gn b/chrome/browser/BUILD.gn
index 1d1552e..654866a9 100644
--- a/chrome/browser/BUILD.gn
+++ b/chrome/browser/BUILD.gn
@@ -2143,6 +2143,7 @@
"//components/signin/public/base:signin_buildflags",
"//components/signin/public/identity_manager",
"//components/signin/public/webdata",
+ "//components/site_isolation",
"//components/spellcheck:buildflags",
"//components/sqlite_proto",
"//components/ssl_errors",
diff --git a/chrome/browser/DEPS b/chrome/browser/DEPS
index f0b0891..634c8e9 100644
--- a/chrome/browser/DEPS
+++ b/chrome/browser/DEPS
@@ -242,6 +242,7 @@
"+components/sessions/core",
"+components/signin/core/browser",
"+components/signin/public",
+ "+components/site_isolation",
"+components/spellcheck",
"+components/sqlite_proto",
"+components/ssl_errors",
diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc
index abcd3c0b..8d5f1994 100644
--- a/chrome/browser/chrome_content_browser_client.cc
+++ b/chrome/browser/chrome_content_browser_client.cc
@@ -250,6 +250,7 @@
#include "components/security_interstitials/content/ssl_error_handler.h"
#include "components/security_interstitials/content/ssl_error_navigation_throttle.h"
#include "components/signin/public/identity_manager/identity_manager.h"
+#include "components/site_isolation/preloaded_isolated_origins.h"
#include "components/subresource_filter/content/browser/content_subresource_filter_throttle_manager.h"
#include "components/translate/core/common/translate_switches.h"
#include "components/ukm/app_source_url_recorder.h"
@@ -280,6 +281,7 @@
#include "content/public/browser/render_process_host.h"
#include "content/public/browser/render_view_host.h"
#include "content/public/browser/resource_context.h"
+#include "content/public/browser/site_isolation_policy.h"
#include "content/public/browser/storage_partition.h"
#include "content/public/browser/tts_controller.h"
#include "content/public/browser/tts_platform.h"
@@ -1859,6 +1861,14 @@
std::back_inserter(isolated_origin_list));
#endif
+ // Include additional origins preloaded with specific browser configurations,
+ // if any. For example, this is used on Google Chrome for Android to preload
+ // a list of important sites to isolate.
+ auto built_in_origins =
+ site_isolation::GetBrowserSpecificBuiltInIsolatedOrigins();
+ std::move(std::begin(built_in_origins), std::end(built_in_origins),
+ std::back_inserter(isolated_origin_list));
+
return isolated_origin_list;
}
diff --git a/chrome/browser/site_isolation/site_isolation_policy_unittest.cc b/chrome/browser/site_isolation/site_isolation_policy_unittest.cc
index 8ee3c20..0ea740bb 100644
--- a/chrome/browser/site_isolation/site_isolation_policy_unittest.cc
+++ b/chrome/browser/site_isolation/site_isolation_policy_unittest.cc
@@ -770,3 +770,98 @@
EXPECT_TRUE(content::SiteIsolationPolicy::IsStrictOriginIsolationEnabled());
}
+
+// The following tests verify that the list of Android's built-in isolated
+// origins takes effect. This list is only used in official builds, and only
+// when above the memory threshold.
+#if BUILDFLAG(GOOGLE_CHROME_BRANDING) && defined(OS_ANDROID)
+class BuiltInIsolatedOriginsTest : public SiteIsolationPolicyTest {
+ public:
+ BuiltInIsolatedOriginsTest() {}
+
+ protected:
+ void SetUp() override {
+ // Simulate a 512MB device.
+ base::CommandLine::ForCurrentProcess()->AppendSwitch(
+ switches::kEnableLowEndDeviceMode);
+ EXPECT_EQ(512, base::SysInfo::AmountOfPhysicalMemoryMB());
+ }
+
+ private:
+ DISALLOW_COPY_AND_ASSIGN(BuiltInIsolatedOriginsTest);
+};
+
+// Check that the list of preloaded isolated origins is properly applied when
+// device RAM is above the site isolation memory threshold.
+TEST_F(BuiltInIsolatedOriginsTest, DefaultThreshold) {
+ if (ShouldSkipBecauseOfConflictingCommandLineSwitches())
+ return;
+
+ // Define a memory threshold at 128MB. This is below the 512MB of physical
+ // memory that this test simulates, so preloaded isolated origins should take
+ // effect.
+ base::test::ScopedFeatureList memory_feature;
+ memory_feature.InitAndEnableFeatureWithParameters(
+ features::kSitePerProcessOnlyForHighMemoryClients,
+ {{features::kSitePerProcessOnlyForHighMemoryClientsParamName, "128"}});
+
+ // Ensure that isolated origins that are normally loaded on browser
+ // startup are applied.
+ content::SiteIsolationPolicy::ApplyGlobalIsolatedOrigins();
+
+ EXPECT_TRUE(
+ content::SiteIsolationPolicy::ArePreloadedIsolatedOriginsEnabled());
+
+ auto* cpsp = content::ChildProcessSecurityPolicy::GetInstance();
+ std::vector<url::Origin> isolated_origins = cpsp->GetIsolatedOrigins(
+ content::ChildProcessSecurityPolicy::IsolatedOriginSource::BUILT_IN);
+
+ // The list of built-in origins is fairly large; we don't want to hardcode
+ // the size here as it might change, so just check that there are at least 10
+ // origins.
+ EXPECT_GT(isolated_origins.size(), 10u);
+
+ // Check that a couple of well-known origins are on the list.
+ EXPECT_THAT(
+ isolated_origins,
+ ::testing::Contains(url::Origin::Create(GURL("https://google.com/"))));
+ EXPECT_THAT(
+ isolated_origins,
+ ::testing::Contains(url::Origin::Create(GURL("https://amazon.com/"))));
+ EXPECT_THAT(
+ isolated_origins,
+ ::testing::Contains(url::Origin::Create(GURL("https://facebook.com/"))));
+
+ cpsp->ClearIsolatedOriginsForTesting();
+}
+
+TEST_F(BuiltInIsolatedOriginsTest, BelowThreshold) {
+ if (ShouldSkipBecauseOfConflictingCommandLineSwitches())
+ return;
+
+ // Define a memory threshold at 768MB. This is above the 512MB of physical
+ // memory that this test simulates, so preloaded isolated origins shouldn't
+ // take effect.
+ base::test::ScopedFeatureList memory_feature;
+ memory_feature.InitAndEnableFeatureWithParameters(
+ features::kSitePerProcessOnlyForHighMemoryClients,
+ {{features::kSitePerProcessOnlyForHighMemoryClientsParamName, "768"}});
+
+ // Ensure that isolated origins that are normally loaded on browser
+ // startup are applied.
+ content::SiteIsolationPolicy::ApplyGlobalIsolatedOrigins();
+
+ EXPECT_FALSE(
+ content::SiteIsolationPolicy::ArePreloadedIsolatedOriginsEnabled());
+
+ auto* cpsp = content::ChildProcessSecurityPolicy::GetInstance();
+ std::vector<url::Origin> isolated_origins = cpsp->GetIsolatedOrigins(
+ content::ChildProcessSecurityPolicy::IsolatedOriginSource::BUILT_IN);
+
+ // There shouldn't be any built-in origins on Android. (Note that desktop has
+ // some built-in origins that are applied regardless of memory threshold.)
+ EXPECT_EQ(isolated_origins.size(), 0u);
+
+ cpsp->ClearIsolatedOriginsForTesting();
+}
+#endif
