Avoid bumping SecurityOrigin refcount when parsing policies [chromium/src : main]

0 views
Skip to first unread message

Daniel Cheng (Gerrit)

unread,
Jan 16, 2026, 2:20:03 PMJan 16
to Daniel Cheng, Dominic Farolino, Chromium LUCI CQ, chromium...@chromium.org, Hongchan Choi, Luna Lu, fuzzin...@chromium.org, security-...@chromium.org, jshin...@chromium.org, blink-rev...@chromium.org, blink-...@chromium.org, chasej...@chromium.org, dmurph+watch...@chromium.org, dtapuska+ch...@chromium.org, feature-me...@chromium.org, iclella...@chromium.org, jmedle...@chromium.org, kinuko...@chromium.org, max+watc...@igalia.com, net-r...@chromium.org, nickdiego+wa...@igalia.com, ozone-...@chromium.org, spang...@chromium.org, tracing...@chromium.org, webap...@microsoft.com, wfh+...@chromium.org
Attention needed from Dominic Farolino

Daniel Cheng added 1 comment

Patchset-level comments
File-level comment, Patchset 3:
Daniel Cheng . resolved

Note that I don't plan on landing this before https://chromium-review.googlesource.com/c/chromium/src/+/7416778; I'll update things more after that lands.

Open in Gerrit

Related details

Attention is currently required from:
  • Dominic Farolino
Submit Requirements:
  • requirement satisfiedCode-Coverage
  • requirement satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: If29c2237ef566f2cf14aac44386fc8751ea32e32
Gerrit-Change-Number: 7477342
Gerrit-PatchSet: 8
Gerrit-Owner: Daniel Cheng <dch...@chromium.org>
Gerrit-Reviewer: Daniel Cheng <dch...@chromium.org>
Gerrit-Reviewer: Dominic Farolino <d...@chromium.org>
Gerrit-CC: Hongchan Choi <hong...@chromium.org>
Gerrit-CC: Luna Lu <loon...@chromium.org>
Gerrit-CC: Michael Wilson <mjwi...@chromium.org>
Gerrit-Attention: Dominic Farolino <d...@chromium.org>
Gerrit-Comment-Date: Fri, 16 Jan 2026 19:19:42 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
satisfied_requirement
unsatisfied_requirement
open
diffy

Dominic Farolino (Gerrit)

unread,
Jan 20, 2026, 10:15:10 AM (13 days ago) Jan 20
to Daniel Cheng, Chromium LUCI CQ, chromium...@chromium.org, Hongchan Choi, Luna Lu, fuzzin...@chromium.org, security-...@chromium.org, jshin...@chromium.org, blink-rev...@chromium.org, blink-...@chromium.org, chasej...@chromium.org, dmurph+watch...@chromium.org, dtapuska+ch...@chromium.org, feature-me...@chromium.org, iclella...@chromium.org, jmedle...@chromium.org, kinuko...@chromium.org, max+watc...@igalia.com, net-r...@chromium.org, nickdiego+wa...@igalia.com, ozone-...@chromium.org, spang...@chromium.org, tracing...@chromium.org, webap...@microsoft.com, wfh+...@chromium.org
Attention needed from Daniel Cheng

Dominic Farolino voted Code-Review+1

Code-Review+1
Open in Gerrit

Related details

Attention is currently required from:
  • Daniel Cheng
Submit Requirements:
    • requirement satisfiedCode-Coverage
    • requirement satisfiedCode-Owners
    • requirement satisfiedCode-Review
    • requirement satisfiedReview-Enforcement
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: If29c2237ef566f2cf14aac44386fc8751ea32e32
    Gerrit-Change-Number: 7477342
    Gerrit-PatchSet: 8
    Gerrit-Owner: Daniel Cheng <dch...@chromium.org>
    Gerrit-Reviewer: Daniel Cheng <dch...@chromium.org>
    Gerrit-Reviewer: Dominic Farolino <d...@chromium.org>
    Gerrit-CC: Hongchan Choi <hong...@chromium.org>
    Gerrit-CC: Luna Lu <loon...@chromium.org>
    Gerrit-CC: Michael Wilson <mjwi...@chromium.org>
    Gerrit-Attention: Daniel Cheng <dch...@chromium.org>
    Gerrit-Comment-Date: Tue, 20 Jan 2026 15:15:02 +0000
    Gerrit-HasComments: No
    Gerrit-Has-Labels: Yes
    satisfied_requirement
    open
    diffy

    Daniel Cheng (Gerrit)

    unread,
    Jan 23, 2026, 5:24:33 PM (9 days ago) Jan 23
    to Daniel Cheng, Dominic Farolino, Chromium LUCI CQ, chromium...@chromium.org, Hongchan Choi, Luna Lu, fuzzin...@chromium.org, security-...@chromium.org, jshin...@chromium.org, blink-rev...@chromium.org, blink-...@chromium.org, chasej...@chromium.org, dmurph+watch...@chromium.org, dtapuska+ch...@chromium.org, feature-me...@chromium.org, iclella...@chromium.org, jmedle...@chromium.org, kinuko...@chromium.org, max+watc...@igalia.com, net-r...@chromium.org, nickdiego+wa...@igalia.com, ozone-...@chromium.org, spang...@chromium.org, tracing...@chromium.org, webap...@microsoft.com, wfh+...@chromium.org

    Daniel Cheng voted Commit-Queue+2

    Commit-Queue+2
    Open in Gerrit

    Related details

    Attention set is empty
    Submit Requirements:
    • requirement satisfiedCode-Coverage
    • requirement satisfiedCode-Owners
    • requirement satisfiedCode-Review
    • requirement satisfiedReview-Enforcement
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: If29c2237ef566f2cf14aac44386fc8751ea32e32
    Gerrit-Change-Number: 7477342
    Gerrit-PatchSet: 9
    Gerrit-Owner: Daniel Cheng <dch...@chromium.org>
    Gerrit-Reviewer: Daniel Cheng <dch...@chromium.org>
    Gerrit-Reviewer: Dominic Farolino <d...@chromium.org>
    Gerrit-CC: Hongchan Choi <hong...@chromium.org>
    Gerrit-CC: Luna Lu <loon...@chromium.org>
    Gerrit-CC: Michael Wilson <mjwi...@chromium.org>
    Gerrit-Comment-Date: Fri, 23 Jan 2026 22:24:24 +0000
    Gerrit-HasComments: No
    Gerrit-Has-Labels: Yes
    satisfied_requirement
    open
    diffy

    Chromium LUCI CQ (Gerrit)

    unread,
    Jan 23, 2026, 5:33:36 PM (9 days ago) Jan 23
    to Daniel Cheng, Dominic Farolino, chromium...@chromium.org, Hongchan Choi, Luna Lu, fuzzin...@chromium.org, security-...@chromium.org, jshin...@chromium.org, blink-rev...@chromium.org, blink-...@chromium.org, chasej...@chromium.org, dmurph+watch...@chromium.org, dtapuska+ch...@chromium.org, feature-me...@chromium.org, iclella...@chromium.org, jmedle...@chromium.org, kinuko...@chromium.org, max+watc...@igalia.com, net-r...@chromium.org, nickdiego+wa...@igalia.com, ozone-...@chromium.org, spang...@chromium.org, tracing...@chromium.org, webap...@microsoft.com, wfh+...@chromium.org

    Chromium LUCI CQ submitted the change with unreviewed changes

    Unreviewed changes

    8 is the latest approved patch-set.
    The change was submitted with unreviewed changes in the following files:

    ```
    The name of the file: third_party/blink/renderer/core/execution_context/security_context_init.cc
    Insertions: 19, Deletions: 0.

    The diff is too large to show. Please review the diff.
    ```
    ```
    The name of the file: third_party/blink/renderer/core/permissions_policy/permissions_policy_parser.h
    Insertions: 23, Deletions: 0.

    The diff is too large to show. Please review the diff.
    ```
    ```
    The name of the file: third_party/blink/renderer/core/permissions_policy/permissions_policy_test.cc
    Insertions: 233, Deletions: 0.

    The diff is too large to show. Please review the diff.
    ```
    ```
    The name of the file: third_party/blink/renderer/core/permissions_policy/permissions_policy_parser.cc
    Insertions: 28, Deletions: 0.

    The diff is too large to show. Please review the diff.
    ```

    Change information

    Commit message:
    Avoid bumping SecurityOrigin refcount when parsing policies

    For `PermissionsPolicyParser`, the passed-in origins are referenced by
    the parser context during parsing, but the parser context only lives on
    the stack. In addition, the created policy does not take ownership of
    the origins. While src origin is usually a newly-created origin, self
    origin is typically an alias of the execution context's origin. Since no
    ownership is involved, pass by const reference or const pointer and use
    LIFETIME_CAPTURE_BY to ensure that the parsing context doesn't
    accidentally outlive the passed-in origins.

    Similarly, `IFramePolicy`'s constructor and `UpdateContainerPolicy()`
    now also take the SecurityOrigin by const reference, since neither took
    ownership of the SecurityOrigin, and the origin should never be null.
    Also fix some style guide violations, since virtual methods should not
    have default arguments.

    A number of callsites were already passing `const SecurityOrigin*`, but
    this implicitly converts to `scoped_refptr<const SecurityOrigin>`; those
    have been fixed. Finally, rename `GetOriginForPermissionPolicy()` to
    `MakeOriginForPermissionsPolicy()` to make it clear that this method can
    create new origins.
    Change-Id: If29c2237ef566f2cf14aac44386fc8751ea32e32
    Reviewed-by: Dominic Farolino <d...@chromium.org>
    Commit-Queue: Daniel Cheng <dch...@chromium.org>
    Cr-Commit-Position: refs/heads/main@{#1573975}
    Files:
    • M third_party/blink/renderer/core/execution_context/security_context_init.cc
    • M third_party/blink/renderer/core/html/fenced_frame/html_fenced_frame_element.cc
    • M third_party/blink/renderer/core/html/html_frame_element_base.cc
    • M third_party/blink/renderer/core/html/html_frame_element_base.h
    • M third_party/blink/renderer/core/html/html_frame_owner_element.h
    • M third_party/blink/renderer/core/html/html_iframe_element.cc
    • M third_party/blink/renderer/core/html/html_iframe_element_test.cc
    • M third_party/blink/renderer/core/origin_trials/origin_trial_context_test.cc
    • M third_party/blink/renderer/core/permissions_policy/dom_feature_policy.h
    • M third_party/blink/renderer/core/permissions_policy/feature_policy_fuzzer.cc
    • M third_party/blink/renderer/core/permissions_policy/iframe_policy.h
    • M third_party/blink/renderer/core/permissions_policy/permissions_policy_attr_fuzzer.cc
    • M third_party/blink/renderer/core/permissions_policy/permissions_policy_fuzzer.cc
    • M third_party/blink/renderer/core/permissions_policy/permissions_policy_parser.cc
    • M third_party/blink/renderer/core/permissions_policy/permissions_policy_parser.h
    • M third_party/blink/renderer/core/permissions_policy/permissions_policy_test.cc
    • M third_party/blink/renderer/core/permissions_policy/policy_test.cc
    • M third_party/blink/renderer/modules/manifest/manifest_parser.cc
    Change size: M
    Delta: 18 files changed, 99 insertions(+), 99 deletions(-)
    Branch: refs/heads/main
    Submit Requirements:
    • requirement satisfiedCode-Review: +1 by Dominic Farolino
    Open in Gerrit
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: merged
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: If29c2237ef566f2cf14aac44386fc8751ea32e32
    Gerrit-Change-Number: 7477342
    Gerrit-PatchSet: 10
    Gerrit-Owner: Daniel Cheng <dch...@chromium.org>
    Gerrit-Reviewer: Chromium LUCI CQ <chromiu...@luci-project-accounts.iam.gserviceaccount.com>
    Gerrit-Reviewer: Daniel Cheng <dch...@chromium.org>
    Gerrit-Reviewer: Dominic Farolino <d...@chromium.org>
    open
    diffy
    satisfied_requirement
    Reply all
    Reply to author
    Forward
    0 new messages