Google Git
Sign in
chromium / chromium / src.git / 687f70056d4ea2c6fc3e2eaea35186b7da8bfdba^! / . / content / browser / renderer_host / policy_container_host.cc
commit687f70056d4ea2c6fc3e2eaea35186b7da8bfdba[log] [tgz]
authorPâris Meuleman <[email protected]>Wed Feb 16 11:11:34 2022
committerChromium LUCI CQ <[email protected]>Wed Feb 16 11:11:34 2022
tree1de5819e3c3cc482883624f6d452b072c28a118e
parent655dc26dc418cb0e36dead278f7f85c16b35473e [diff] [blame]
Migrate browser side document's sandbox flags to policy container

This moves sandbox flags from
|NavigationRequest::sandbox_flags_to_commit_| and
|RenderFrameHostImpl::active_sandbox_flags_| to |PolicyContainerHost|.
Policy container takes care of inheriting the flags similarly to other
policies.
The computation of the final sandbox flags applied to the document where
moved from NavigationRequest to PolicyContainerNavigationBundle.

Bug: 1148405
Change-Id: Iff38936242ab274d574ba3437e69aed6f9d4b861
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3416630
Reviewed-by: Arthur Sonzogni <[email protected]>
Commit-Queue: Pâris Meuleman <[email protected]>
Auto-Submit: Pâris Meuleman <[email protected]>
Cr-Commit-Position: refs/heads/main@{#971742}

diff --git a/content/browser/renderer_host/policy_container_host.cc b/content/browser/renderer_host/policy_container_host.cc
index 8ff13d85..68256a7 100644
--- a/content/browser/renderer_host/policy_container_host.cc
+++ b/content/browser/renderer_host/policy_container_host.cc

@@ -48,7 +48,8 @@
                     rhs.content_security_policies.begin(),
                     rhs.content_security_policies.end()) &&
          lhs.cross_origin_opener_policy == rhs.cross_origin_opener_policy &&
-         lhs.cross_origin_embedder_policy == rhs.cross_origin_embedder_policy;
+         lhs.cross_origin_embedder_policy == rhs.cross_origin_embedder_policy &&
+         lhs.sandbox_flags == rhs.sandbox_flags;
 }
 
 bool operator!=(const PolicyContainerPolicies& lhs,
@@ -99,6 +100,8 @@
              .value_or("<null>")
       << " }";
 
+  out << ", sandbox_flags: " << policies.sandbox_flags;
+
   return out << " }";
 }
 
@@ -111,13 +114,15 @@
     std::vector<network::mojom::ContentSecurityPolicyPtr>
         content_security_policies,
     const network::CrossOriginOpenerPolicy& cross_origin_opener_policy,
-    const network::CrossOriginEmbedderPolicy& cross_origin_embedder_policy)
+    const network::CrossOriginEmbedderPolicy& cross_origin_embedder_policy,
+    network::mojom::WebSandboxFlags sandbox_flags)
     : referrer_policy(referrer_policy),
       ip_address_space(ip_address_space),
       is_web_secure_context(is_web_secure_context),
       content_security_policies(std::move(content_security_policies)),
       cross_origin_opener_policy(cross_origin_opener_policy),
-      cross_origin_embedder_policy(cross_origin_embedder_policy) {}
+      cross_origin_embedder_policy(cross_origin_embedder_policy),
+      sandbox_flags(sandbox_flags) {}
 
 PolicyContainerPolicies::~PolicyContainerPolicies() = default;
 
@@ -126,7 +131,7 @@
   return std::make_unique<PolicyContainerPolicies>(
       referrer_policy, ip_address_space, is_web_secure_context,
       mojo::Clone(content_security_policies), cross_origin_opener_policy,
-      cross_origin_embedder_policy);
+      cross_origin_embedder_policy, sandbox_flags);
 }
 
 void PolicyContainerPolicies::AddContentSecurityPolicies(