nagai/fune
3
0
Fork 0
forked from mirrors/gecko-dev
Code Pull requests Activity
fune/dom/ipc/ProcessIsolation.h
Nika Layzell d5ede54ea6 Bug 1850589 - Migrate worker process selection to use ProcessIsolation as a backend, r=smaug,asuth 
This new backend shares more logic in common with the existing logic in
ProcessIsolation for navigations. This means that it will have support
for precursor principals and alternative process isolation behaviors
like IsolateHighValue on Android.

The logic around custom protocols like web+ and ext+ URIs has been
removed in the new patch, as these will never be used as the principals
for globals. The handling in E10SUtils was just for handling predicting
remote types for URIs before the load has started, which is not relevant
for Workers.

In a future patch we may want to also switch over the prediction logic
which still uses E10SUtils to also use the ProcessIsolation backend,
however it is more different due to the need to handle arbitrary input
URLs, rather than result principals, so the benefit will be smaller.

Differential Revision: https://phabricator.services.mozilla.com/D187227
2023-09-06 18:48:30 +00:00

111 lines
3.9 KiB
C++
Raw Blame History

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef mozilla_dom_ProcessIsolation_h
#define mozilla_dom_ProcessIsolation_h
#include <stdint.h>
#include "mozilla/Logging.h"
#include "mozilla/dom/RemoteType.h"
#include "mozilla/dom/SessionHistoryEntry.h"
#include "mozilla/dom/WorkerPrivate.h"
#include "nsString.h"
#include "nsIPrincipal.h"
#include "nsIURI.h"
namespace mozilla::dom {
class CanonicalBrowsingContext;
class WindowGlobalParent;
extern mozilla::LazyLogModule gProcessIsolationLog;
constexpr nsLiteralCString kHighValueCOOPPermission = "highValueCOOP"_ns;
constexpr nsLiteralCString kHighValueHasSavedLoginPermission =
"highValueHasSavedLogin"_ns;
constexpr nsLiteralCString kHighValueIsLoggedInPermission =
"highValueIsLoggedIn"_ns;
// NavigationIsolationOptions is passed through the methods to store the state
// of the possible process and/or browsing context change.
struct NavigationIsolationOptions {
nsCString mRemoteType;
bool mReplaceBrowsingContext = false;
uint64_t mSpecificGroupId = 0;
bool mTryUseBFCache = false;
RefPtr<SessionHistoryEntry> mActiveSessionHistoryEntry;
};
/**
* Given a specific channel, determines which process the navigation should
* complete in, and whether or not to perform a BrowsingContext-replace load
* or enter the BFCache.
*
* This method will always return a `NavigationIsolationOptions` even if the
* current remote type is compatible. Compatibility with the current process
* should be checked at the call-site. An error should only be returned in
* exceptional circumstances, and should lead to the load being cancelled.
*
* This method is only intended for use with document navigations.
*/
Result<NavigationIsolationOptions, nsresult> IsolationOptionsForNavigation(
CanonicalBrowsingContext* aTopBC, WindowGlobalParent* aParentWindow,
nsIURI* aChannelCreationURI, nsIChannel* aChannel,
const nsACString& aCurrentRemoteType, bool aHasCOOPMismatch,
bool aForNewTab, uint32_t aLoadStateLoadType,
const Maybe<uint64_t>& aChannelId,
const Maybe<nsCString>& aRemoteTypeOverride);
// WorkerIsolationOptions is passed back to the RemoteWorkerManager to store the
// destination process information for remote worker loads.
struct WorkerIsolationOptions {
nsCString mRemoteType;
};
/**
* Given a specific worker principal and kind, determines which process the
* remote worker load should complete in.
*
* This method is only intended for use with remote workers.
*/
Result<WorkerIsolationOptions, nsresult> IsolationOptionsForWorker(
nsIPrincipal* aPrincipal, WorkerKind aWorkerKind,
const nsACString& aCurrentRemoteType, bool aUseRemoteSubframes);
/**
* Adds a `highValue` permission to the permissions database, and make loads of
* that origin isolated.
*
* The 'aPermissionType' parameter indicates why the site is treated as a high
* value site. The possible values are:
*
* kHighValueCOOPPermission
* Called when a document request responds with a
* `Cross-Origin-Opener-Policy` header.
*
* kHighValueHasSavedLoginPermission
* Called for sites that have an associated login saved in the password
* manager.
*
* kHighValueIsLoggedInPermission
* Called when we detect a form with a password is submitted.
*/
void AddHighValuePermission(nsIPrincipal* aResultPrincipal,
const nsACString& aPermissionType);
void AddHighValuePermission(const nsACString& aOrigin,
const nsACString& aPermissionType);
/**
* Returns true when fission is enabled and the
* `fission.webContentIsolationStrategy` pref is set to `IsolateHighValue`.
*/
bool IsIsolateHighValueSiteEnabled();
} // namespace mozilla::dom
#endif
View git blame Copy permalink