Apply SitePerProcess policy without restart

As site isolation is now enabled by default, the only remaining effect
of the SitePerProcess user policy is to prevent the user from disabling
site isolation.

Instead of passing --site-per-process through a chrome process restart
to enforce this, simply avoid passing swithces::kDisableSiteIsolation
when the policy is set to true.

Bug: 964068
Test: browser_test --gtest_filter=*SiteIsolationFlagHandling*
Change-Id: I52b89604932a2f41e94ccb3ede7e48ec591d73f3
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1653948
Commit-Queue: Pavol Marko <pmarko@chromium.org>
Reviewed-by: Xiyuan Xia <xiyuan@chromium.org>
Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org>
Cr-Commit-Position: refs/heads/master@{#671565}

chrome/browser/chromeos/login/session/user_session_manager.cc

@@ -317,7 +317,7 @@ base::CommandLine CreatePerSessionCommandLine(Profile* profile) {
   about_flags::ConvertFlagsToSwitches(&flags_storage, &user_flags,
                                       flags_ui::kAddSentinels);
 
-  UserSessionManager::MaybeAppendPolicySwitches(profile->GetPrefs(),
+  UserSessionManager::ApplyUserPolicyToSwitches(profile->GetPrefs(),
                                                 &user_flags);
 
   return user_flags;
@@ -448,31 +448,27 @@ void UserSessionManager::RegisterPrefs(PrefRegistrySimple* registry) {
 }
 
 // static
-void UserSessionManager::MaybeAppendPolicySwitches(
+void UserSessionManager::ApplyUserPolicyToSwitches(
     PrefService* user_profile_prefs,
     base::CommandLine* user_flags) {
   // Get target value for --site-per-process for the user session according to
-  // policy. Values from command-line flags should not be honored at this point,
-  // so check |IsManaged()|.
+  // policy. If it is supposed to be enabled, make sure it can not be disabled
+  // using flags-induced command-line switches.
   const PrefService::Preference* site_per_process_pref =
       user_profile_prefs->FindPreference(prefs::kSitePerProcess);
-  bool site_per_process = site_per_process_pref->IsManaged() &&
-                          site_per_process_pref->GetValue()->GetBool();
+  if (site_per_process_pref->IsManaged() &&
+      site_per_process_pref->GetValue()->GetBool()) {
+    user_flags->RemoveSwitch(::switches::kDisableSiteIsolation);
+  }
 
-  // Append sentinels indicating that these values originate from policy.
+  // Note: If a user policy is introduced again which translates to command-line
+  // switches, make sure to wrap the policy-added command-line switches in
+  // |"--policy-switches-begin"| / |"--policy-switches-end"| sentinels.
   // This is important, because only command-line switches between the
   // |"--policy-switches-begin"| / |"--policy-switches-end"| and the
   // |"--flag-switches-begin"| / |"--flag-switches-end"| sentinels will be
   // compared when comparing the current command line and the user session
   // command line in order to decide if chrome should be restarted.
-  // We use the policy-style sentinels because these values originate from
-  // policy, and because login_manager uses the same sentinels when adding the
-  // login-screen site isolation flags.
-  if (site_per_process) {
-    user_flags->AppendSwitch(chromeos::switches::kPolicySwitchesBegin);
-    user_flags->AppendSwitch(::switches::kSitePerProcess);
-    user_flags->AppendSwitch(chromeos::switches::kPolicySwitchesEnd);
-  }
 }
 
 UserSessionManager::UserSessionManager()

chrome/browser/chromeos/login/session/user_session_manager.h

@@ -162,9 +162,10 @@ class UserSessionManager
   // Registers session related preferences.
   static void RegisterPrefs(PrefRegistrySimple* registry);
 
-  // Appends additional command switches to the given command line if
-  // SitePerProcess/IsolateOrigins policy is present.
-  static void MaybeAppendPolicySwitches(PrefService* user_profile_prefs,
+  // Applies user policies to |user_flags| .
+  // This could mean removing command-line switchis that have been added by the
+  // flag handling logic or appending additional switches due to policy.
+  static void ApplyUserPolicyToSwitches(PrefService* user_profile_prefs,
                                         base::CommandLine* user_flags);
 
   // Invoked after the tmpfs is successfully mounted.

chrome/browser/ui/webui/flags_ui.cc

@@ -248,9 +248,9 @@ void FlagsDOMHandler::HandleRestartBrowser(const base::ListValue* args) {
                                       &user_flags,
                                       flags_ui::kAddSentinels);
 
-  // Apply additional switches from policy that should not be dropped when
-  // applying flags..
-  chromeos::UserSessionManager::MaybeAppendPolicySwitches(
+  // Adhere to policy-enforced command-line switch handling when
+  // applying modified flags..
+  chromeos::UserSessionManager::ApplyUserPolicyToSwitches(
       Profile::FromWebUI(web_ui())->GetPrefs(), &user_flags);
 
   base::CommandLine::StringVector flags;