Add removal filter support for Cookies, Storage, and Content Settings.

chrome/browser/browsing_data/browsing_data_filter_builder.h

Index: chrome/browser/browsing_data/browsing_data_filter_builder.h
diff --git a/chrome/browser/browsing_data/browsing_data_filter_builder.h b/chrome/browser/browsing_data/browsing_data_filter_builder.h
new file mode 100644
index 0000000000000000000000000000000000000000..8c075035bb957f86b010d682b0b5656b2773d484
--- /dev/null
+++ b/chrome/browser/browsing_data/browsing_data_filter_builder.h
@@ -0,0 +1,120 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_BROWSING_DATA_BROWSING_DATA_FILTER_BUILDER_H_
+#define CHROME_BROWSER_BROWSING_DATA_BROWSING_DATA_FILTER_BUILDER_H_
+
+#include <ostream>
+#include <set>
+#include <vector>
+
+#include "base/callback.h"
+#include "net/cookies/canonical_cookie.h"
+#include "url/gurl.h"
+#include "url/origin.h"
+
+class ContentSettingsPattern;
+
+// A class that constructs URL deletion filters (represented as GURL->bool
+// predicates) that match registerable domains - which is basically an eTLD + 1.
+// We use registerable domains as our filter because of the cookie visibility
+// model. This means that we ignore schemes and subdomains.
+//
+// Cookies are domain-scoped, and websites often rely on cookies that are living
+// on various subdomains. For example, plus.google.com relies on google.com
+// cookies, which eventually talks to account.google.com cookies for GAIA
+// account auth. This means that when we save cookies for an origin, we need
+// to save all cookies for the TLD+1. This means blacklisting (or whitelisting)
+// https://plus.google.com will have us save (or delete) any cookies for
+// *.google.com (http://www.google.com, https://accounts.google.com, etc). For
+// this reason we don't use origins, and instead use registerable domains.
+//
+// See net/base/registry_controlled_domains/registry_controlled_domain.h for
+// more details on registrable domains and the current list of effective eTLDs.
+class BrowsingDataFilterBuilder {
+ public:
+  enum Mode {
+    // This means that only the origins given will be deleted.
+    WHITELIST,
+    // Everyone EXCEPT the origins given will be deleted.
+    BLACKLIST
+  };
+
+  // Constructs a filter with the given |mode| - whitelist or blacklist.
+  explicit BrowsingDataFilterBuilder(Mode mode);
+
+  ~BrowsingDataFilterBuilder();
+
+  // Adds a registerable domain to the (white- or black-) list. This is expected
+  // to not include subdomains, so basically tld+1. This can also be an IP
+  // address.
+  // Refer to net/base/registry_controlled_domains/registry_controlled_domain.h
+  // for more details on registrable domains and the current list of effective.
+  // TLDs. We expect a string that would be returned by
+  // net::registry_controlled_domains::GetDomainAndRegistry.
+  void AddRegisterableDomain(const std::string& domain);
+
+  // Sets the |mode| of the filter.
+  void SetMode(Mode mode);
+
+  // Returns true if we're an empty blacklist, where we delete everything.
+  bool IsEmptyBlacklist() const;
+
+  // Builds a filter that matches URLs whose origins or domains are in the
+  // whitelist, or aren't in the blacklist.
+  base::Callback<bool(const GURL&)> BuildSameDomainFilter() const;
+
+  // Builds a filter that calls ContentSettingsPattern::Compare on the given
+  // pattern and a new pattern constructed by each domain in this filter. The
+  // domain pattern A and given pattern B match when A.Compare(B) is IDENTITY
+  // or PREDECESSOR. This means we only match patterns that are the same pattern
+  // or a more specific pattern than our domain (so we shouldn't be matching
+  // wildcard patterns like "*" or "*:80").
+  base::Callback<bool(const ContentSettingsPattern& pattern)>
+  BuildWebsiteSettingsPatternMatchesFilter() const;
+
+  // We do a direct comparison to the registerable domain of the cookie. A
+  // whitelist filter will return true if any of its domains match the cookie,
+  // and a blacklist filter will return true only if none of its domains match
+  // the cookie.
+  base::Callback<bool(const net::CanonicalCookie& pattern)>
+  BuildDomainCookieFilter() const;
+
+  // A convenience method to produce an empty blacklist, a filter that matches
+  // everything.
+  static base::Callback<bool(const GURL&)> BuildNoopFilter();
+
+ private:
+  // True if the origin or domain of |url| is in the whitelist, or isn't in the
+  // blacklist.
+  // The whitelist or blacklist is represented as |origins| and |mode|.
+  static bool MatchesURL(std::set<std::string>* registerable_domains,
+                         Mode mode,
+                         const GURL& url);
+
+  // True if the pattern something in the whitelist, or doesn't match something
+  // in the blacklist.
+  // The whitelist or blacklist is represented as |origins|,  and |mode|.
+  static bool MatchesWebsiteSettingsPattern(
+      std::vector<ContentSettingsPattern>* domain_patterns,
+      Mode mode,
+      const ContentSettingsPattern& pattern);
+
+  // True if no origins can see the given cookie and we're a blacklist, or any
+  // origins can see the cookie and we're a whitelist.
+  // The whitelist or blacklist is represented as |origins| and |mode|.
+  static bool MatchesCookieForRegisterableDomainsAndIPs(
+      std::set<std::string>* domains_and_ips,
+      Mode mode,
+      const net::CanonicalCookie& cookie);
+
+  // The list of domains and whether they should be interpreted as a whitelist
+  // or blacklist.
+  std::set<std::string> domain_list_;
+  Mode mode_;
+
+  DISALLOW_COPY_AND_ASSIGN(BrowsingDataFilterBuilder);
+};
+
+#endif  // CHROME_BROWSER_BROWSING_DATA_BROWSING_DATA_FILTER_BUILDER_H_