Google Git
Sign in
chromium / chromium / src / 188e7630e81f47a7dfebcfd69dcc91c8b010e97e
commit188e7630e81f47a7dfebcfd69dcc91c8b010e97e[log] [tgz]
authorLiam Brady <lbrady@google.com>Fri Aug 08 18:13:59 2025
committerChromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com>Fri Aug 08 18:13:59 2025
treef3c11b30da8dd4fd1ee8da64cf08421fe22b7403
parentd9b756988cc1c0b348fc0ad2412e4fe1bb341b0c [diff]
Reland "Add enterprise policy for origin-keyed processes."

This is a reland of commit I08e365ec9580356dcd07a61bab0c7d7295dcfa6e

The CL was reverted because a bot was failing that turned the feature
on. That was treated by my CL as a command-line override, which bypassed
site isolation checks that tests were relying on. The intention was to
only bypass memory checks if the feature was overridden on, but instead
it bypassed all checks to try to simplify logic. The reland will only
have it bypass the memory checks, and keep all other checks in place.

Original change's description:
> Add enterprise policy for origin-keyed processes.
>
> This CL allows enterprise policy to enable or disable origin-keyed
> processes by default. If the policy is explicitly enabled, it will
> ignore any memory thresholds or checks on whether site isolation is
> enabled. For consistency, this CL also changes command-line overrides to
> ignore the same checks.
>
> Explicitly disabling this policy means that Chrome will not attempt to
> enable it (such as for devices over a memory threshold), allowing
> enterprises to choose to avoid extra process isolation that might be
> enabled by default further down the line.
>
> The origin-keyed processes enterprise policy can be overridden by the
> user if they set the feature flag either in chrome://flags or via
> command line arguments. That means that if the enterprise policy wants
> OKP by default, the user can choose to disable OKP, and vice versa.
>
> Change-Id: I08e365ec9580356dcd07a61bab0c7d7295dcfa6e
> Bug: 40259221
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6807600
> Reviewed-by: Charlie Reis <creis@chromium.org>
> Commit-Queue: Liam Brady <lbrady@google.com>
> Reviewed-by: Victor Gabriel Savu <vsavu@google.com>
> Cr-Commit-Position: refs/heads/main@{#1498226}

Bug: 40259221
Change-Id: Ia3b8febc0acdd800e5e014d0f75d4a7169b165f5
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6825278
Commit-Queue: Liam Brady <lbrady@google.com>
Reviewed-by: Victor Gabriel Savu <vsavu@google.com>
Reviewed-by: Charlie Reis <creis@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1498923}
14 files changed
tree: f3c11b30da8dd4fd1ee8da64cf08421fe22b7403
  1. .gemini/
  2. .github/
  3. agents/
  4. android_webview/
  5. apps/
  6. ash/
  7. base/
  8. build/
  9. build_overrides/
  10. buildtools/
  11. cc/
  12. chrome/
  13. chromecast/
  14. chromeos/
  15. codelabs/
  16. components/
  17. content/
  18. crypto/
  19. dbus/
  20. device/
  21. docs/
  22. extensions/
  23. fuchsia_web/
  24. gin/
  25. google_apis/
  26. gpu/
  27. headless/
  28. infra/
  29. ios/
  30. ipc/
  31. media/
  32. mojo/
  33. net/
  34. pdf/
  35. printing/
  36. remoting/
  37. rlz/
  38. sandbox/
  39. services/
  40. skia/
  41. sql/
  42. storage/
  43. styleguide/
  44. testing/
  45. third_party/
  46. tools/
  47. ui/
  48. url/
  49. webkit/
  50. clank
  51. clusterfuzz-data
  52. internal
  53. ios_internal
  54. signing_keys
  55. v8
  56. .clang-format
  57. .clang-tidy
  58. .clangd
  59. .cursorignore
  60. .geminiignore
  61. .git-blame-ignore-revs
  62. .gitallowed
  63. .gitattributes
  64. .gitignore
  65. .gitmodules
  66. .gn
  67. .mailmap
  68. .rustfmt.toml
  69. .vpython3
  70. .yapfignore
  71. ATL_OWNERS
  72. AUTHORS
  73. BUILD.gn
  74. CODE_OF_CONDUCT.md
  75. codereview.settings
  76. CPPLINT.cfg
  77. CRYPTO_OWNERS
  78. DEPS
  79. DIR_METADATA
  80. LICENSE
  81. LICENSE.chromium_os
  82. OWNERS
  83. PRESUBMIT.py
  84. PRESUBMIT_test.py
  85. PRESUBMIT_test_mocks.py
  86. README.md
  87. SECURITY_OWNERS
  88. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure.

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.

If you found a bug, please file it at https://crbug.com/new.