Update chrome://process-internals for COOP and OAuth isolation.

This CL makes two tweaks to chrome://process-internals for the new Android site isolation modes: - add ability to show COOP and OAuth isolation in the list of site isolation modes. - display currently isolated COOP sites. Currently, these are active for the remainder of the browser session and cleared after a restart. Once we add persistence, we'll want to come back and update the description here. Bug: 1018656, 960888 Change-Id: Ie97df36b7d5b30fe90e73ca240bb900e0458b026 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2872254 Reviewed-by: Nasko Oskov <nasko@chromium.org> Commit-Queue: Alex Moshchuk <alexmos@chromium.org> Cr-Commit-Position: refs/heads/master@{#879193}
Denger-Network · May 5, 2021 · a9bb33e · a9bb33e
1 parent 3906206
commit a9bb33e
Show file tree

Hide file tree

Showing 6 changed files with 55 additions and 4 deletions.
diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc
@@ -2089,10 +2089,12 @@ bool ChromeContentBrowserClient::ShouldDisableSiteIsolation() {
 
 std::vector<std::string>
 ChromeContentBrowserClient::GetAdditionalSiteIsolationModes() {
+  std::vector<std::string> modes;
   if (site_isolation::SiteIsolationPolicy::IsIsolationForPasswordSitesEnabled())
-    return {"Isolate Password Sites"};
-  else
-    return {};
+    modes.push_back("Password Sites");
+  if (site_isolation::SiteIsolationPolicy::IsIsolationForOAuthSitesEnabled())
+    modes.push_back("Logged-in Sites");
+  return modes;
 }
 
 void ChromeContentBrowserClient::PersistIsolatedOrigin(

diff --git a/content/browser/process_internals/process_internals.mojom b/content/browser/process_internals/process_internals.mojom
@@ -66,6 +66,14 @@ interface ProcessInternalsHandler {
   // restarts, and they are cleared when the user clears browsing data.
   GetUserTriggeredIsolatedOrigins() => (array<string> isolated_origins);
 
+  // Returns a list of web-triggered isolated origins, which are typically
+  // added in response to heuristics triggered directly by web sites, such
+  // as headers that suggest the site might benefit from isolation.  Like
+  // user-triggered isolated origins, these isolated origins apply within
+  // the current profile only, though currently they aren't preserved across
+  // restarts.
+  GetWebTriggeredIsolatedOrigins() => (array<string> isolated_origins);
+
   // Returns a list of isolated origins that apply globally in all profiles.
   GetGloballyIsolatedOrigins() => (array<IsolatedOriginInfo> isolated_origins);
 

diff --git a/content/browser/process_internals/process_internals_handler_impl.cc b/content/browser/process_internals/process_internals_handler_impl.cc
@@ -93,6 +93,8 @@ std::string IsolatedOriginSourceToString(IsolatedOriginSource source) {
       return "Test";
     case IsolatedOriginSource::USER_TRIGGERED:
       return "User-triggered";
+    case IsolatedOriginSource::WEB_TRIGGERED:
+      return "Web-triggered";
     default:
       NOTREACHED();
       return "";
@@ -117,6 +119,8 @@ void ProcessInternalsHandlerImpl::GetIsolationMode(
     modes.push_back("Isolate Origins");
   if (SiteIsolationPolicy::IsStrictOriginIsolationEnabled())
     modes.push_back("Strict Origin Isolation");
+  if (SiteIsolationPolicy::IsSiteIsolationForCOOPEnabled())
+    modes.push_back("COOP");
 
   // Retrieve any additional site isolation modes controlled by the embedder.
   std::vector<std::string> additional_modes =
@@ -146,6 +150,19 @@ void ProcessInternalsHandlerImpl::GetUserTriggeredIsolatedOrigins(
   std::move(callback).Run(std::move(serialized_origins));
 }
 
+void ProcessInternalsHandlerImpl::GetWebTriggeredIsolatedOrigins(
+    GetWebTriggeredIsolatedOriginsCallback callback) {
+  // Retrieve serialized user-triggered isolated origins for the current
+  // profile (i.e., profile from which chrome://process-internals is shown).
+  auto* policy = ChildProcessSecurityPolicyImpl::GetInstance();
+  std::vector<std::string> serialized_origins;
+  for (const auto& origin : policy->GetIsolatedOrigins(
+           IsolatedOriginSource::WEB_TRIGGERED, browser_context_)) {
+    serialized_origins.push_back(origin.Serialize());
+  }
+  std::move(callback).Run(std::move(serialized_origins));
+}
+
 void ProcessInternalsHandlerImpl::GetGloballyIsolatedOrigins(
     GetGloballyIsolatedOriginsCallback callback) {
   auto* policy = ChildProcessSecurityPolicyImpl::GetInstance();

diff --git a/content/browser/process_internals/process_internals_handler_impl.h b/content/browser/process_internals/process_internals_handler_impl.h
@@ -26,6 +26,8 @@ class ProcessInternalsHandlerImpl : public ::mojom::ProcessInternalsHandler {
   void GetIsolationMode(GetIsolationModeCallback callback) override;
   void GetUserTriggeredIsolatedOrigins(
       GetUserTriggeredIsolatedOriginsCallback callback) override;
+  void GetWebTriggeredIsolatedOrigins(
+      GetWebTriggeredIsolatedOriginsCallback callback) override;
   void GetGloballyIsolatedOrigins(
       GetGloballyIsolatedOriginsCallback callback) override;
   void GetAllWebContentsInfo(GetAllWebContentsInfoCallback callback) override;

diff --git a/content/browser/resources/process/process_internals.html b/content/browser/resources/process/process_internals.html
@@ -24,6 +24,7 @@
         <div id="site-isolation-mode">Site Isolation mode: <span id='isolation-mode'>unknown</span></div>
         <div id="isolated-origins-container">
           <div id="user-triggered-isolated-origins"></div>
+          <div id="web-triggered-isolated-origins"></div>
           <div id="global-isolated-origins"></div>
         </div>
       </div>

diff --git a/content/browser/resources/process/process_internals.js b/content/browser/resources/process/process_internals.js
@@ -215,7 +215,7 @@ function loadIsolatedOriginInfo() {
 
     $('user-triggered-isolated-origins').textContent =
         'The following origins are isolated because you previously typed a ' +
-        'password into these sites (' + originCount + ' total). ' +
+        'password or logged in on these sites (' + originCount + ' total). ' +
         'Clear cookies or history to wipe this list; this takes effect ' +
         'after a restart.';
 
@@ -229,6 +229,27 @@ function loadIsolatedOriginInfo() {
     $('user-triggered-isolated-origins').appendChild(list);
   });
 
+  pageHandler.getWebTriggeredIsolatedOrigins().then((response) => {
+    const originCount = response.isolatedOrigins.length;
+    if (!originCount) {
+      return;
+    }
+
+    $('web-triggered-isolated-origins').textContent =
+        'The following origins are isolated based on runtime heuristics ' +
+        'triggered directly by web pages, such as Cross-Origin-Opener-Policy ' +
+        'headers. This list is cleared after a restart.';
+
+    const list = document.createElement('ul');
+    for (const origin of response.isolatedOrigins) {
+      const item = document.createElement('li');
+      item.textContent = origin;
+      list.appendChild(item);
+    }
+
+    $('web-triggered-isolated-origins').appendChild(list);
+  });
+
   // Retrieve global isolated origins and insert them into a separate list if
   // there is at least one such origin.  Since these origins may come from
   // multiple sources, include the source info for each origin in parens.