components/site_isolation/site_isolation_policy.h - chromium/src - Git at Google

 // Copyright 2019 The Chromium Authors
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef COMPONENTS_SITE_ISOLATION_SITE_ISOLATION_POLICY_H_
 #define COMPONENTS_SITE_ISOLATION_SITE_ISOLATION_POLICY_H_

 #include <vector>

 #include "content/public/browser/child_process_security_policy.h"

 class GURL;

 namespace content {
 enum class SiteIsolationMode;
 class BrowserContext;
 }

 namespace url {
 class Origin;
 }

 namespace site_isolation {

 // A centralized place for making policy decisions about site isolation modes
 // which can be shared between content embedders. This supplements
 // content::SiteIsolationPolicy with features that may be useful to embedders.
 //
 // These methods can be called from any thread.
 class SiteIsolationPolicy {
  public:
   SiteIsolationPolicy() = delete;
   SiteIsolationPolicy(const SiteIsolationPolicy&) = delete;
   SiteIsolationPolicy& operator=(const SiteIsolationPolicy&) = delete;

   // Returns true if the site isolation mode for isolating sites where users
   // enter passwords is enabled.
   static bool IsIsolationForPasswordSitesEnabled();

   // Returns true if the site isolation mode for isolating sites where users
   // log in via OAuth, as determined by runtime heuristics.
   static bool IsIsolationForOAuthSitesEnabled();

   // Returns true if Site Isolation related enterprise policies should take
   // effect (e.g. such policies might not be applicable to low-end Android
   // devices because of 1) performance impact and 2) infeasibility of
   // Spectre-like attacks on such devices).
   static bool IsEnterprisePolicyApplicable();

   // Saves a new dynamic isolated origin to user prefs associated with
   // `context` so that it can be persisted across restarts. `source`
   // specifies why the isolated origin was added; different sources may have
   // different persistence policies.
   static void PersistIsolatedOrigin(
       content::BrowserContext* context,
       const url::Origin& origin,
       content::ChildProcessSecurityPolicy::IsolatedOriginSource source);

   // Reads and applies any isolated origins stored in user prefs associated with
   // |browser_context|.  This is expected to be called on startup after user
   // prefs have been loaded.
   static void ApplyPersistedIsolatedOrigins(
       content::BrowserContext* browser_context);

   // Helper to register all passed-in `logged_in_sites` as isolated sites in
   // the provided `browser_context`. Should be called on startup before any
   // navigations in `browser_context`.
   static void IsolateStoredOAuthSites(
       content::BrowserContext* browser_context,
       const std::vector<url::Origin>& logged_in_sites);

   // Called when runtime heuristics have determined a user logging in via
   // OAuth on `signed_in_url`, so that site isolation can be applied to the
   // corresponding site (i.e., scheme + eTLD+1).  Used only when site isolation
   // for OAuth sites is enabled (see IsIsolationForOAuthSitesEnabled() above),
   // which is typically on Android.
   static void IsolateNewOAuthURL(content::BrowserContext* browser_context,
                                  const GURL& signed_in_url);

   // Determines whether Site Isolation should be disabled because the device
   // does not have the minimum required amount of memory. `site_isolation_mode`
   // determines the type of memory threshold to apply; for example, strict site
   // isolation on Android might require a higher memory threshold than partial
   // site isolation.
   static bool ShouldDisableSiteIsolationDueToMemoryThreshold(
       content::SiteIsolationMode site_isolation_mode);

   // Returns true if the PDF compositor should be enabled to allow out-of-
   // process iframes (OOPIF's) to print properly.
   static bool ShouldPdfCompositorBeEnabledForOopifs();

   // When set to true bypasses the caching of the results of
   // ShouldDisableSiteIsolationDueToMemoryThreshold(). Setting to false reverts
   // to the default behavior (caching is controlled by a base::Feature).
   static void SetDisallowMemoryThresholdCachingForTesting(
       bool disallow_caching);

  private:
   // Helpers for implementing PersistIsolatedOrigin().
   static void PersistUserTriggeredIsolatedOrigin(
       content::BrowserContext* context,
       const url::Origin& origin);
   static void PersistWebTriggeredIsolatedOrigin(
       content::BrowserContext* context,
       const url::Origin& origin);
 };

 }  // namespace site_isolation

 #endif  // COMPONENTS_SITE_ISOLATION_SITE_ISOLATION_POLICY_H_
	// Copyright 2019 The Chromium Authors
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef COMPONENTS_SITE_ISOLATION_SITE_ISOLATION_POLICY_H_
	#define COMPONENTS_SITE_ISOLATION_SITE_ISOLATION_POLICY_H_

	#include <vector>

	#include "content/public/browser/child_process_security_policy.h"

	class GURL;

	namespace content {
	enum class SiteIsolationMode;
	class BrowserContext;
	}

	namespace url {
	class Origin;
	}

	namespace site_isolation {

	// A centralized place for making policy decisions about site isolation modes
	// which can be shared between content embedders. This supplements
	// content::SiteIsolationPolicy with features that may be useful to embedders.
	//
	// These methods can be called from any thread.
	class SiteIsolationPolicy {
	public:
	SiteIsolationPolicy() = delete;
	SiteIsolationPolicy(const SiteIsolationPolicy&) = delete;
	SiteIsolationPolicy& operator=(const SiteIsolationPolicy&) = delete;

	// Returns true if the site isolation mode for isolating sites where users
	// enter passwords is enabled.
	static bool IsIsolationForPasswordSitesEnabled();

	// Returns true if the site isolation mode for isolating sites where users
	// log in via OAuth, as determined by runtime heuristics.
	static bool IsIsolationForOAuthSitesEnabled();

	// Returns true if Site Isolation related enterprise policies should take
	// effect (e.g. such policies might not be applicable to low-end Android
	// devices because of 1) performance impact and 2) infeasibility of
	// Spectre-like attacks on such devices).
	static bool IsEnterprisePolicyApplicable();

	// Saves a new dynamic isolated origin to user prefs associated with
	// `context` so that it can be persisted across restarts. `source`
	// specifies why the isolated origin was added; different sources may have
	// different persistence policies.
	static void PersistIsolatedOrigin(
	content::BrowserContext* context,
	const url::Origin& origin,
	content::ChildProcessSecurityPolicy::IsolatedOriginSource source);

	// Reads and applies any isolated origins stored in user prefs associated with
	// \|browser_context\|. This is expected to be called on startup after user
	// prefs have been loaded.
	static void ApplyPersistedIsolatedOrigins(
	content::BrowserContext* browser_context);

	// Helper to register all passed-in `logged_in_sites` as isolated sites in
	// the provided `browser_context`. Should be called on startup before any
	// navigations in `browser_context`.
	static void IsolateStoredOAuthSites(
	content::BrowserContext* browser_context,
	const std::vector<url::Origin>& logged_in_sites);

	// Called when runtime heuristics have determined a user logging in via
	// OAuth on `signed_in_url`, so that site isolation can be applied to the
	// corresponding site (i.e., scheme + eTLD+1). Used only when site isolation
	// for OAuth sites is enabled (see IsIsolationForOAuthSitesEnabled() above),
	// which is typically on Android.
	static void IsolateNewOAuthURL(content::BrowserContext* browser_context,
	const GURL& signed_in_url);

	// Determines whether Site Isolation should be disabled because the device
	// does not have the minimum required amount of memory. `site_isolation_mode`
	// determines the type of memory threshold to apply; for example, strict site
	// isolation on Android might require a higher memory threshold than partial
	// site isolation.
	static bool ShouldDisableSiteIsolationDueToMemoryThreshold(
	content::SiteIsolationMode site_isolation_mode);

	// Returns true if the PDF compositor should be enabled to allow out-of-
	// process iframes (OOPIF's) to print properly.
	static bool ShouldPdfCompositorBeEnabledForOopifs();

	// When set to true bypasses the caching of the results of
	// ShouldDisableSiteIsolationDueToMemoryThreshold(). Setting to false reverts
	// to the default behavior (caching is controlled by a base::Feature).
	static void SetDisallowMemoryThresholdCachingForTesting(
	bool disallow_caching);

	private:
	// Helpers for implementing PersistIsolatedOrigin().
	static void PersistUserTriggeredIsolatedOrigin(
	content::BrowserContext* context,
	const url::Origin& origin);
	static void PersistWebTriggeredIsolatedOrigin(
	content::BrowserContext* context,
	const url::Origin& origin);
	};

	} // namespace site_isolation

	#endif // COMPONENTS_SITE_ISOLATION_SITE_ISOLATION_POLICY_H_