[FeaturePolicy] Initial implementation of Feature Policy

third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.h

+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef FeaturePolicy_h
+#define FeaturePolicy_h
+
+#include "platform/PlatformExport.h"
+#include "platform/weborigin/SecurityOrigin.h"
+#include "wtf/RefPtr.h"
+#include "wtf/Vector.h"
+#include "wtf/text/WTFString.h"
+
+#include <memory>
+
+namespace blink {
+
+// The FeaturePolicyFeatureDefault enum defines the default enable state for a
+// feature when neither it nor any parent frame have declared an explicit
+// policy. The three possibilities map directly to Feature Policy Whitelist
+// semantics.
+enum class FeaturePolicyFeatureDefault {
+  // Equivalent to []. The feature is never available by default, and can only
+  // be enabled by an explicit policy.
+  DisableForAll,
+
+  // Equivalent to ["self"]. The feature is enabled for top-level frames, and
+  // their same-origin children. It must be explicitly delegated to cross-origin
+  // child frames.

[raymes, 2016/10/23 23:31:05]

Preface: Since this is just comments I don't feel too concerned and won't spend
more of your time on this, but some suggestions below :)

That's a good point that there isn't really any concept of a "current frame"
when defining a default for a feature. It still feels a bit like the recursive
case is missing though, e.g. what effect will the default policy of on the child
frames if it takes effect (this comment only says the impact on the top level
frame).

I guess to be very specific (and verbose) about the impact a default policy for
FEATURE will have on a given FRAME is,
1) If FEATURE is enabled for FRAME by its parents, and
2) If the default policy for FEATURE isn't overridden by a header policy in
FRAME
Then the default policy will take effect for FRAME, otherwise the default policy
won't have any effect.

If the default policy takes effect, then:
-If the default policy is [] then FEATURE won't be enabled for FRAME or any of
its children
-If the default policy is ["self"] then FEATURE will be enabled for FRAME but
not its children
-If the default policy is ["*"] then FEATURE will be enabled for FRAME and all
of its children.

[iclelland, 2016/10/24 05:14:32]

Thanks, I'll incorporate that -- I think it may make sense to move much of this
into explanatory comments for the FeaturePolicy class at this point --
especially with the name scoping you suggest below.

+  EnableForSelf,
+
+  // Equivalent to ["*"]. The feature is enabled by default for all frames.
+  EnableForAll
+};
+
+// The FeaturePolicyFeature struct is used to define all features under control
+// of Feature Policy. There should only be one instance of this struct for any
+// given feature (declared below).
+struct FeaturePolicyFeature {

[raymes, 2016/10/23 23:31:05]

nit (optional): if we move the enum above and this class into the public section
of FeaturePolicy it could make the naming simpler. Then we would just have:
FeaturePolicy::FeatureDefault and
FeaturePolicy::Feature

Additionally/alternatively, FeatureDefault could be defined in Feature, so that
it would be:
FeaturePolicy::Feature::Default.

[iclelland, 2016/10/24 05:14:32]

Done.

+  // The name of the feature, as it should appear in a policy string
+  const char* featureName;
+
+  // Controls whether the feature should be available in the platform by
+  // default, in the absence of any declared policy.
+  FeaturePolicyFeatureDefault defaultPolicy;
+};
+
+// Declarations for all features currently under control of the Feature Policy
+// mechanism should be placed here.
+extern const PLATFORM_EXPORT FeaturePolicyFeature kDocumentCookie;
+extern const PLATFORM_EXPORT FeaturePolicyFeature kDocumentDomain;
+extern const PLATFORM_EXPORT FeaturePolicyFeature kDocumentWrite;
+extern const PLATFORM_EXPORT FeaturePolicyFeature kGeolocationFeature;
+extern const PLATFORM_EXPORT FeaturePolicyFeature kMidiFeature;
+extern const PLATFORM_EXPORT FeaturePolicyFeature kNotificationsFeature;
+extern const PLATFORM_EXPORT FeaturePolicyFeature kPaymentFeature;
+extern const PLATFORM_EXPORT FeaturePolicyFeature kPushFeature;
+extern const PLATFORM_EXPORT FeaturePolicyFeature kSyncScript;
+extern const PLATFORM_EXPORT FeaturePolicyFeature kSyncXHR;
+extern const PLATFORM_EXPORT FeaturePolicyFeature kUsermedia;
+extern const PLATFORM_EXPORT FeaturePolicyFeature kVibrateFeature;
+extern const PLATFORM_EXPORT FeaturePolicyFeature kWebRTC;
+
+using FeatureList = const Vector<const FeaturePolicyFeature*>;
+
+class PLATFORM_EXPORT FeaturePolicy final {
+ public:
+  // Represents a collection of origins which make up a whitelist in a feature
+  // policy. This collection may be set to match every origin (corresponding to
+  // the "*" syntax in the policy string, in which case the contains() method
+  // will always return true.
+  class Whitelist final {
+   public:
+    Whitelist();
+
+    // Adds a single origin to the whitelist.
+    void add(RefPtr<SecurityOrigin>);
+
+    // Adds all origins to the whitelist.
+    void addAll();
+
+    // Returns true if the given origin has been added to the whitelist.
+    bool contains(const SecurityOrigin&) const;
+    String toString();
+
+   private:
+    bool m_matchesAllOrigins;
+    Vector<RefPtr<SecurityOrigin>> m_origins;
+  };
+
+  static FeaturePolicy* createFromParentPolicy(const FeaturePolicy* parent,
+                                               RefPtr<SecurityOrigin>,
+                                               FeatureList& features);

[raymes, 2016/10/23 23:31:05]

Is this just for testing? It might be better to make it private and add a
comment mentioning it?

[iclelland, 2016/10/24 05:14:32]

Yes, this interface is just for testing, although it is also used internally by
the intentionally-public createFromParentPolicy(parent, origin) method. I'll
make it private and friend the test class.

+
+  static FeaturePolicy* createFromParentPolicy(const FeaturePolicy* parent,
+                                               RefPtr<SecurityOrigin>);
+
+  // Sets the declared policy from the Feature-Policy HTTP header. If the header
+  // cannot be parsed, errors will be appended to the |messages| vector.
+  void setHeaderPolicy(const String&, Vector<String>& messages);
+
+  // Returns whether or not the given feature is enabled by this policy.
+  bool isFeatureEnabledForOrigin(const FeaturePolicyFeature*,
+                                 const SecurityOrigin&) const;
+
+  // Returns whether or not the given feature is enabled for the frame that owns
+  // the policy.
+  bool isFeatureEnabled(const FeaturePolicyFeature*) const;
+
+  // Returns the list of features which can be controlled by Feature Policy.
+  static FeatureList& getDefaultFeatureList();
+
+  String toString();
+
+ private:
+  FeaturePolicy(RefPtr<SecurityOrigin>, FeatureList& features);
+
+  // Parses a policy string into a set of whitelists for features.
+  HashMap<const FeaturePolicyFeature*, std::unique_ptr<Whitelist>> parse(
+      const String&);
+
+  RefPtr<SecurityOrigin> m_origin;
+
+  // Records whether or not each feature was enabled for this frame by its
+  // parent frame.
+  // TODO(iclelland): Generate, instead of this map, a set of bool flags, one
+  // for each feature, as all features are supposed to be represented here.
+  HashMap<const FeaturePolicyFeature*, bool> m_inheritedFeatures;
+
+  // Map of feature names to declared whitelists. Any feature which is missing
+  // from this map should use the inherited policy.
+  HashMap<const FeaturePolicyFeature*, std::unique_ptr<Whitelist>>
+      m_headerWhitelists;
+
+  // Contains the set of all features which can be controlled by this policy.
+  FeatureList& m_features;
+
+  DISALLOW_COPY_AND_ASSIGN(FeaturePolicy);
+};
+
+}  // namespace blink
+
+#endif  // FeaturePolicy_h