From: uazo <uazo@users.noreply.github.com>
Date: Sat, 29 Jan 2022 15:25:19 +0000
Subject: Enable StrictOriginIsolation and SitePerProcess

Enable the StrictOriginIsolation feature and the SitePerProcess preference.
SitePerProcess: bypass any device memory size check.
SitePerProcess: always consider enterprise policies applicable.

Original License: GPL-2.0-or-later - https://spdx.org/licenses/GPL-2.0-or-later.html
License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html
---
 chrome/browser/about_flags.cc                      | 3 ---
 chrome/browser/chrome_content_browser_client.cc    | 4 ++--
 chrome/common/chrome_features.cc                   | 8 ++------
 components/site_isolation/site_isolation_policy.cc | 3 +++
 content/public/common/content_features.cc          | 4 ++--
 5 files changed, 9 insertions(+), 13 deletions(-)

diff --git a/chrome/browser/about_flags.cc b/chrome/browser/about_flags.cc
--- a/chrome/browser/about_flags.cc
+++ b/chrome/browser/about_flags.cc
@@ -5099,9 +5099,6 @@ const FeatureEntry kFeatureEntries[] = {
      flag_descriptions::kSiteIsolationForPasswordSitesDescription, kOsAndroid,
      FEATURE_VALUE_TYPE(
          site_isolation::features::kSiteIsolationForPasswordSites)},
-    {"enable-site-per-process", flag_descriptions::kStrictSiteIsolationName,
-     flag_descriptions::kStrictSiteIsolationDescription, kOsAndroid,
-     SINGLE_VALUE_TYPE(switches::kSitePerProcess)},
 #endif
     {"enable-isolated-web-apps", flag_descriptions::kEnableIsolatedWebAppsName,
      flag_descriptions::kEnableIsolatedWebAppsDescription, kOsDesktop,
diff --git a/chrome/browser/chrome_content_browser_client.cc b/chrome/browser/chrome_content_browser_client.cc
--- a/chrome/browser/chrome_content_browser_client.cc
+++ b/chrome/browser/chrome_content_browser_client.cc
@@ -1587,7 +1587,7 @@ void ChromeContentBrowserClient::RegisterLocalStatePrefs(
   registry->RegisterFilePathPref(prefs::kDiskCacheDir, base::FilePath());
   registry->RegisterIntegerPref(prefs::kDiskCacheSize, 0);
   registry->RegisterStringPref(prefs::kIsolateOrigins, std::string());
-  registry->RegisterBooleanPref(prefs::kSitePerProcess, false);
+  registry->RegisterBooleanPref(prefs::kSitePerProcess, true);
   registry->RegisterBooleanPref(prefs::kTabFreezingEnabled, true);
   registry->RegisterIntegerPref(prefs::kSCTAuditingHashdanceReportCount, 0);
   registry->RegisterBooleanPref(
@@ -1612,7 +1612,7 @@ void ChromeContentBrowserClient::RegisterProfilePrefs(
   // user policy in addition to the same named ones in Local State (which are
   // used for mapping the command-line flags).
   registry->RegisterStringPref(prefs::kIsolateOrigins, std::string());
-  registry->RegisterBooleanPref(prefs::kSitePerProcess, false);
+  registry->RegisterBooleanPref(prefs::kSitePerProcess, true);
   registry->RegisterListPref(
       site_isolation::prefs::kUserTriggeredIsolatedOrigins);
   registry->RegisterDictionaryPref(
diff --git a/chrome/common/chrome_features.cc b/chrome/common/chrome_features.cc
--- a/chrome/common/chrome_features.cc
+++ b/chrome/common/chrome_features.cc
@@ -1177,12 +1177,8 @@ const base::FeatureParam<base::TimeDelta> kSCTLogMaxIngestionRandomDelay{
 // TODO(alexmos): Move this and the other site isolation features below to
 // browser_features, as they are only used on the browser side.
 BASE_FEATURE(kSitePerProcess,
-             "SitePerProcess",
-#if BUILDFLAG(IS_ANDROID)
-             base::FEATURE_DISABLED_BY_DEFAULT
-#else
-             base::FEATURE_ENABLED_BY_DEFAULT
-#endif
+             "SitePerProcess",                  // enabled by default
+             base::FEATURE_ENABLED_BY_DEFAULT   // in Bromite
 );
 
 #if BUILDFLAG(IS_CHROMEOS_ASH)
diff --git a/components/site_isolation/site_isolation_policy.cc b/components/site_isolation/site_isolation_policy.cc
--- a/components/site_isolation/site_isolation_policy.cc
+++ b/components/site_isolation/site_isolation_policy.cc
@@ -38,6 +38,7 @@ struct IsolationDisableDecisions {
 
 bool ShouldDisableSiteIsolationDueToMemorySlow(
     content::SiteIsolationMode site_isolation_mode) {
+  if ((true)) return false;
   // The memory threshold behavior differs for desktop and Android:
   // - Android uses a 1900MB default threshold for partial site isolation modes
   //   and a 3200MB default threshold for strict site isolation. See docs in
@@ -164,6 +165,7 @@ bool SiteIsolationPolicy::IsIsolationForOAuthSitesEnabled() {
 
 // static
 bool SiteIsolationPolicy::IsEnterprisePolicyApplicable() {
+  if ((true)) return true;
 #if BUILDFLAG(IS_ANDROID)
   // https://crbug.com/844118: Limiting policy to devices with > 1GB RAM.
   // Using 1077 rather than 1024 because it helps ensure that devices with
@@ -179,6 +181,7 @@ bool SiteIsolationPolicy::IsEnterprisePolicyApplicable() {
 // static
 bool SiteIsolationPolicy::ShouldDisableSiteIsolationDueToMemoryThreshold(
     content::SiteIsolationMode site_isolation_mode) {
+  if ((true)) return false;
   if (!g_disallow_memory_threshold_caching_for_testing) {
     return CachedDisableSiteIsolation(site_isolation_mode);
   }
diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc
--- a/content/public/common/content_features.cc
+++ b/content/public/common/content_features.cc
@@ -1008,8 +1008,8 @@ BASE_FEATURE(kSpareRendererForSitePerProcess,
 // Controls whether site isolation should use origins instead of scheme and
 // eTLD+1.
 BASE_FEATURE(kStrictOriginIsolation,
-             "StrictOriginIsolation",
-             base::FEATURE_DISABLED_BY_DEFAULT);
+             "StrictOriginIsolation",              // must be enabled
+             base::FEATURE_ENABLED_BY_DEFAULT);    // in Bromite
 
 // Disallows window.{alert, prompt, confirm} if triggered inside a subframe that
 // is not same origin with the main frame.
--
2.25.1