New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 844118 link

Starred by 2 users
Status: Fixed
Owner:
lukasza@chromium.org
Closed: May 2018
Cc:
pastarmovj@chromium.org
leszeks@chromium.org
emilyschechter@chromium.org
nrpeter@chromium.org
pmarko@chromium.org
creis@chromium.org
lukasza@chromium.org
bweeks@google.com
alex...@chromium.org
palmer@chromium.org
nasko@chromium.org
wfh@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 1
Type: Bug



Sign in to add a comment

Limit Android Site Isolation enterprise policy to devices with > 1GB RAM

Project Member Reported by creis@chromium.org, May 17 2018 
Experimental enterprise policies for enabling Site Isolation (specifically SitePerProcess and IsolateOrigins) were added for Android in r559352 in  issue 783842  and  issue 760761 .

As implemented, this will apply to all enrolled Android devices.  However, Site Isolation is known to have significant performance issues on devices with 1 GB of RAM or less, and issue 807468 shows that the policy may not be as critical on most such devices.

We should scope the trial to devices with strictly more than 1 GB of RAM to improve usability and target the devices that need the protection the most.

For reference, lukasza@ added a similar threshold mechanism (kSitePerProcessOnlyForHighMemoryClients) for optional use in field trials in r550194 for  issue 831671 .  We might be able to hardcode the Android enterprise policy to use something like this, or consider whether this should be a configurable enterprise policy value with a default value.

Comment 1 by lukasza@chromium.org, May 22 2018

Cc: palmer@chromium.org
Owner: lukasza@chromium.org
Status: Started (was: Assigned)
I think that I can help with that.

I think that starting with a hardcoded memory threshold should be fine - I am not convinced that we want to expose this knob to enterprise admins.

Comment 2 by lukasza@chromium.org, May 22 2018 

Also - it is a bit unclear if the memory threshold should equally apply to SitePerProcess and IsolateOrigins (the latter should typically have lower memory overhead).

Comment 3 by creis@chromium.org, May 22 2018 

I think it makes sense to exclude them in both policies for now.  We might consider experiments later to see if it's worth including low end devices in IsolateOrigins.
Project Member

Comment 4 by bugdroid1@chromium.org, May 23 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/78c7734a376d6247e4389766071e10906fa2e467

commit 78c7734a376d6247e4389766071e10906fa2e467
Author: Lukasz Anforowicz <lukasza@chromium.org>
Date: Wed May 23 15:53:05 2018

Limit Android Site Isolation enterprise policy to devices with > 1GB RAM

Bug:  844118 
Change-Id: I4fb0545e558e41e44786a3277a65b16b0bdb3f33
Reviewed-on: https://chromium-review.googlesource.com/1069563
Reviewed-by: Julian Pastarmov <pastarmovj@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Commit-Queue: Ɓukasz Anforowicz <lukasza@chromium.org>
Cr-Commit-Position: refs/heads/master@{#561105}
[modify] https://crrev.com/78c7734a376d6247e4389766071e10906fa2e467/chrome/browser/chrome_browser_main.cc
[modify] https://crrev.com/78c7734a376d6247e4389766071e10906fa2e467/components/policy/resources/policy_templates.json

Comment 5 by creis@chromium.org, May 23 2018

Status: Fixed (was: Started)
Thanks!  Should be fixed by r561105.  Probably worth verifying on a low end device, if someone on the enterprise team is able to help with that.  Maybe bweeks@ or nrpeter@?

Sign in to add a comment