Merge branch 'master' of https://chromium.googlesource.com/chromium/src into master.lion

Author: bluebox

DEPS

@@ -204,7 +204,7 @@ vars = {
   # Three lines of non-changing comments so that
   # the commit queue can handle CLs rolling Skia
   # and whatever else without interference from each other.
-  'skia_revision': 'e9b6e2f2a995b49d6c531be4916844f0db28a64f',
+  'skia_revision': '91113acfd1d607e4218a13f3c9152f7547cef900',
   # Three lines of non-changing comments so that
   # the commit queue can handle CLs rolling V8
   # and whatever else without interference from each other.
@@ -283,7 +283,7 @@ vars = {
   # Three lines of non-changing comments so that
   # the commit queue can handle CLs rolling devtools-frontend
   # and whatever else without interference from each other.
-  'devtools_frontend_revision': '4773d6b482d3f1699ce420326a11fccb94809b9c',
+  'devtools_frontend_revision': 'b417167d58fa0ced80f01ebd6576b40777a98d03',
   # Three lines of non-changing comments so that
   # the commit queue can handle CLs rolling libprotobuf-mutator
   # and whatever else without interference from each other.

chrome/browser/site_isolation/prefs_observer.cc

@@ -40,14 +40,15 @@ void SiteIsolationPrefsObserver::OnChangeInIsolatedOriginsPref() {
   if (!site_isolation::SiteIsolationPolicy::IsEnterprisePolicyApplicable())
     return;
 
-  // Add isolated origins based on the policy.  Note that the policy may only
+  // Add isolated origins based on the policy.  The added origins will only be
+  // isolated in future browsing context groups.  Note that the policy may only
   // *add* origins (e.g. if policy changes from isolating A,B,C to isolating
   // B,C,D origins then *all* of A,B,C,D will be isolated until the next Chrome
   // restart).
   std::string isolated_origins =
       pref_change_registrar_.prefs()->GetString(prefs::kIsolateOrigins);
   auto* policy = content::ChildProcessSecurityPolicy::GetInstance();
-  policy->AddIsolatedOrigins(
+  policy->AddFutureIsolatedOrigins(
       isolated_origins,
       content::ChildProcessSecurityPolicy::IsolatedOriginSource::POLICY,
       /* browser_context = */ nullptr);

components/site_isolation/site_isolation_policy.cc

@@ -122,8 +122,8 @@ void SiteIsolationPolicy::ApplyPersistedIsolatedOrigins(
     auto* policy = content::ChildProcessSecurityPolicy::GetInstance();
     using IsolatedOriginSource =
         content::ChildProcessSecurityPolicy::IsolatedOriginSource;
-    policy->AddIsolatedOrigins(origins, IsolatedOriginSource::USER_TRIGGERED,
-                               browser_context);
+    policy->AddFutureIsolatedOrigins(
+        origins, IsolatedOriginSource::USER_TRIGGERED, browser_context);
   }
 
   UMA_HISTOGRAM_COUNTS_1000(

content/browser/child_process_security_policy_impl.cc

@@ -1880,7 +1880,7 @@ bool ChildProcessSecurityPolicyImpl::CanSendMidiSysExMessage(int child_id) {
   return state->second->can_send_midi_sysex();
 }
 
-void ChildProcessSecurityPolicyImpl::AddIsolatedOrigins(
+void ChildProcessSecurityPolicyImpl::AddFutureIsolatedOrigins(
     const std::vector<url::Origin>& origins_to_add,
     IsolatedOriginSource source,
     BrowserContext* browser_context) {
@@ -1891,19 +1891,19 @@ void ChildProcessSecurityPolicyImpl::AddIsolatedOrigins(
                  [](const url::Origin& o) -> IsolatedOriginPattern {
                    return IsolatedOriginPattern(o);
                  });
-  AddIsolatedOrigins(patterns, source, browser_context);
+  AddFutureIsolatedOrigins(patterns, source, browser_context);
 }
 
-void ChildProcessSecurityPolicyImpl::AddIsolatedOrigins(
+void ChildProcessSecurityPolicyImpl::AddFutureIsolatedOrigins(
     base::StringPiece origins_to_add,
     IsolatedOriginSource source,
     BrowserContext* browser_context) {
   std::vector<IsolatedOriginPattern> patterns =
       ParseIsolatedOrigins(origins_to_add);
-  AddIsolatedOrigins(patterns, source, browser_context);
+  AddFutureIsolatedOrigins(patterns, source, browser_context);
 }
 
-void ChildProcessSecurityPolicyImpl::AddIsolatedOrigins(
+void ChildProcessSecurityPolicyImpl::AddFutureIsolatedOrigins(
     const std::vector<IsolatedOriginPattern>& patterns,
     IsolatedOriginSource source,
     BrowserContext* browser_context) {
@@ -2442,7 +2442,8 @@ void ChildProcessSecurityPolicyImpl::AddIsolatedOriginForBrowsingInstance(
     // Explicitly set `applies_to_future_browsing_instances` to false to only
     // isolate `origin` within the provided BrowsingInstance, but not future
     // ones.  Note that it's possible for `origin` to also become isolated for
-    // future BrowsingInstances if AddIsolatedOrigins() is called for it later.
+    // future BrowsingInstances if AddFutureIsolatedOrigins() is called for it
+    // later.
     AddIsolatedOriginInternal(
         isolation_context.browser_or_resource_context().ToBrowserContext(),
         origin, false /* applies_to_future_browsing_instances */,

content/browser/child_process_security_policy_impl.h

@@ -240,7 +240,7 @@ class CONTENT_EXPORT ChildProcessSecurityPolicyImpl
     // This can only return false for processes locked to a particular origin,
     // which can happen for any origin when the --site-per-process flag is used,
     // or for isolated origins that require a dedicated process (see
-    // AddIsolatedOrigins).
+    // AddFutureIsolatedOrigins and AddIsolatedOriginForBrowsingInstance).
     bool CanAccessDataForOrigin(const url::Origin& origin);
 
    private:
@@ -308,12 +308,14 @@ class CONTENT_EXPORT ChildProcessSecurityPolicyImpl
   bool HasWebUIBindings(int child_id) override;
   void GrantSendMidiSysExMessage(int child_id) override;
   bool CanAccessDataForOrigin(int child_id, const url::Origin& origin) override;
-  void AddIsolatedOrigins(base::StringPiece origins_list,
-                          IsolatedOriginSource source,
-                          BrowserContext* browser_context = nullptr) override;
-  void AddIsolatedOrigins(const std::vector<url::Origin>& origins,
-                          IsolatedOriginSource source,
-                          BrowserContext* browser_context = nullptr) override;
+  void AddFutureIsolatedOrigins(
+      base::StringPiece origins_list,
+      IsolatedOriginSource source,
+      BrowserContext* browser_context = nullptr) override;
+  void AddFutureIsolatedOrigins(
+      const std::vector<url::Origin>& origins,
+      IsolatedOriginSource source,
+      BrowserContext* browser_context = nullptr) override;
   bool IsGloballyIsolatedOriginForTesting(const url::Origin& origin) override;
   std::vector<url::Origin> GetIsolatedOrigins(
       base::Optional<IsolatedOriginSource> source = base::nullopt,
@@ -650,7 +652,8 @@ class CONTENT_EXPORT ChildProcessSecurityPolicyImpl
   FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyInProcessBrowserTest,
                            NoLeak);
   FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyTest, FilePermissions);
-  FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyTest, AddIsolatedOrigins);
+  FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyTest,
+                           AddFutureIsolatedOrigins);
   FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyTest,
                            DynamicIsolatedOrigins);
   FRIEND_TEST_ALL_PREFIXES(ChildProcessSecurityPolicyTest,
@@ -840,13 +843,14 @@ class CONTENT_EXPORT ChildProcessSecurityPolicyImpl
   // Convert a list of comma separated isolated origins in |pattern_list|,
   // specified either as wildcard origins, non-wildcard origins or a mix of the
   // two into IsolatedOriginPatterns, suitable for addition via
-  // AddIsolatedOrigins().
+  // AddFutureIsolatedOrigins().
   static std::vector<IsolatedOriginPattern> ParseIsolatedOrigins(
       base::StringPiece pattern_list);
 
-  void AddIsolatedOrigins(const std::vector<IsolatedOriginPattern>& patterns,
-                          IsolatedOriginSource source,
-                          BrowserContext* browser_context = nullptr);
+  void AddFutureIsolatedOrigins(
+      const std::vector<IsolatedOriginPattern>& patterns,
+      IsolatedOriginSource source,
+      BrowserContext* browser_context = nullptr);
 
   // Internal helper used for adding a particular isolated origin.  See
   // IsolatedOriginEntry for descriptions of various parameters.