-
W. James MacLean authored
At present ChildProcessSecurityPolicyImpl::SecurityState stores only a single BrowsingInstanceID (the lowest) even though its associated process may contain multiple BrowsingInstances. This may lead CanAccessDataForOrigin to consider the wrong BrowsingInstance when performing its checks for opt-in isolated origins. This CL converts SecurityState to track an ordered set of all the BrowsingInstanceIDs so that they can all be checked. CanAccessDataForOrigin is modified to return 'true' if *any* BrowsingInstance in the set would allow the access, otherwise it returns 'false', and logs the failure reasons for each of the BrowsingInstances. This CL also includes delayed cleanup of BrowsingInstance state from ChildProcessSecurityPolicy when BrowsingInstances are deleted. This avoids memory leaks but may pose a small risk of renderer kills. We will monitor the CanAccessDataForOrigin crash keys to see if such cases occur in practice. Bug: 1135539 Change-Id: Icb7d25a84601b378c0c495a19266cd013667136a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2446370Reviewed-by:
Jesse Doherty <jwd@chromium.org> Reviewed-by:
Alex Moshchuk <alexmos@chromium.org> Reviewed-by:
Charlie Reis <creis@chromium.org> Reviewed-by:
Aaron Colwell <acolwell@chromium.org> Commit-Queue: James MacLean <wjmaclean@chromium.org> Cr-Commit-Position: refs/heads/master@{#819830}
30dc7319
