[FeaturePolicy] Initial implementation of Feature Policy

third_party/WebKit/Source/platform/feature_policy/FeaturePolicyTest.cpp

+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "platform/feature_policy/FeaturePolicy.h"
+
+#include "platform/RuntimeEnabledFeatures.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+// Origin strings used for tests
+#define ORIGIN_A "https://example.com/"
+#define ORIGIN_B "https://example.net/"
+#define ORIGIN_C "https://example.org/"
+
+namespace blink {
+
+namespace {
+
+const char* kValidPolicies[] = {
+    "{\"feature\": []}",
+    "{\"feature\": [\"self\"]}",
+    "{\"feature\": [\"*\"]}",
+    "{\"feature\": [\"" ORIGIN_A "\"]}",
+    "{\"feature\": [\"" ORIGIN_B "\"]}",
+    "{\"feature\": [\"" ORIGIN_A "\", \"" ORIGIN_B "\"]}",
+    "{\"feature1\": [\"" ORIGIN_A "\"], \"feature2\": [\"self\"]}",
+    "{\"feature1\": [\"" ORIGIN_A "\"]}, {\"feature2\": [\"self\"]}"};
+
+const char* kInvalidPolicies[] = {
+    "Not A JSON literal",
+    "\"Not a JSON object\"",
+    "[\"Also\", \"Not a JSON object\"]",
+    "1.0",
+    "{\"Whitelist\": \"Not a JSON array\"}",
+    "{\"feature1\": [\"*\"], \"feature2\": \"Not an array\"}"};
+
+// This is an example of a feature which should be enabled by default in all
+// frames.
+const FeaturePolicyFeature kDefaultOnFeature{
+    "default-on", FeaturePolicyFeatureDefault::EnableForAll};
+
+// This is an example of a feature which should be enabled in top-level frames,
+// and same-origin child-frames, but must be delegated to all cross-origin
+// frames explicitly.
+const FeaturePolicyFeature kDefaultSelfFeature{
+    "default-self", FeaturePolicyFeatureDefault::EnableForSelf};
+
+// This is an example of a feature which should be disabled by default, both in
+// top-level and nested frames.
+const FeaturePolicyFeature kDefaultOffFeature{
+    "default-off", FeaturePolicyFeatureDefault::DisableForAll};
+
+}  // namespace
+
+class FeaturePolicyTest : public ::testing::Test {
+ protected:
+  FeaturePolicyTest()
+      : m_frameworkWasEnabled(RuntimeEnabledFeatures::featurePolicyEnabled()),
+        m_featureList(
+            {&kDefaultOnFeature, &kDefaultSelfFeature, &kDefaultOffFeature}) {
+    RuntimeEnabledFeatures::setFeaturePolicyEnabled(true);
+  }
+
+  ~FeaturePolicyTest() {
+    RuntimeEnabledFeatures::setFeaturePolicyEnabled(m_frameworkWasEnabled);
+  }
+
+  FeaturePolicy* createFromParentPolicy(const FeaturePolicy* parent,
+                                        RefPtr<SecurityOrigin> origin) {
+    return FeaturePolicy::createFromParentPolicy(parent, origin, m_featureList);
+  }
+
+  RefPtr<SecurityOrigin> m_originA = SecurityOrigin::createFromString(ORIGIN_A);
+  RefPtr<SecurityOrigin> m_originB = SecurityOrigin::createFromString(ORIGIN_B);
+  RefPtr<SecurityOrigin> m_originC = SecurityOrigin::createFromString(ORIGIN_C);
+
+ private:
+  const bool m_frameworkWasEnabled;
+
+  // Contains the list of controlled features, so that we are guaranteed to
+  // have at least one of each kind of default behaviour represented.
+  FeatureList m_featureList;
+};
+
+TEST_F(FeaturePolicyTest, ParseValidPolicy) {
+  Vector<String> messages;
+  for (const char* policyString : kValidPolicies) {
+    messages.clear();
+    FeaturePolicy* policy = createFromParentPolicy(nullptr, m_originA);
+    policy->setHeaderPolicy(policyString, messages);
+    EXPECT_EQ(0UL, messages.size());
+  }
+}
+
+TEST_F(FeaturePolicyTest, ParseInvalidPolicy) {
+  Vector<String> messages;
+  for (const char* policyString : kInvalidPolicies) {
+    messages.clear();
+    FeaturePolicy* policy = createFromParentPolicy(nullptr, m_originA);
+    policy->setHeaderPolicy(policyString, messages);
+    EXPECT_NE(0UL, messages.size());
+  }
+}
+
+TEST_F(FeaturePolicyTest, TestInitialPolicy) {
+  // +-------------+
+  // |(1)Origin A  |
+  // |No Policy    |
+  // +-------------+
+  // Default-on and top-level-only features should be enabled in top-level
+  // frame. Default-off features should be disabled.
+  FeaturePolicy* policy1 = createFromParentPolicy(nullptr, m_originA);
+  EXPECT_TRUE(policy1->isFeatureEnabled(&kDefaultOnFeature));
+  EXPECT_TRUE(policy1->isFeatureEnabled(&kDefaultSelfFeature));
+  EXPECT_FALSE(policy1->isFeatureEnabled(&kDefaultOffFeature));
+}
+
+TEST_F(FeaturePolicyTest, TestInitialSameOriginChildPolicy) {
+  // +-----------------+
+  // |(1)Origin A      |
+  // |No Policy        |
+  // | +-------------+ |
+  // | |(2)Origin A  | |
+  // | |No Policy    | |
+  // | +-------------+ |
+  // +-----------------+
+  // Default-on and Default-self features should be enabled in a same-origin
+  // child frame. Default-off features should be disabled.
+  FeaturePolicy* policy1 = createFromParentPolicy(nullptr, m_originA);
+  FeaturePolicy* policy2 = createFromParentPolicy(policy1, m_originA);
+  EXPECT_TRUE(policy2->isFeatureEnabled(&kDefaultOnFeature));
+  EXPECT_TRUE(policy2->isFeatureEnabled(&kDefaultSelfFeature));
+  EXPECT_FALSE(policy2->isFeatureEnabled(&kDefaultOffFeature));
+}
+
+TEST_F(FeaturePolicyTest, TestInitialCrossOriginChildPolicy) {
+  // +-----------------+
+  // |(1)Origin A      |
+  // |No Policy        |
+  // | +-------------+ |
+  // | |(2)Origin B  | |
+  // | |No Policy    | |
+  // | +-------------+ |
+  // +-----------------+
+  // Default-on features should be enabled in child frame. Default-self and
+  // Default-off features should be disabled.
+  FeaturePolicy* policy1 = createFromParentPolicy(nullptr, m_originA);
+  FeaturePolicy* policy2 = createFromParentPolicy(policy1, m_originB);
+  EXPECT_TRUE(policy2->isFeatureEnabled(&kDefaultOnFeature));
+  EXPECT_FALSE(policy2->isFeatureEnabled(&kDefaultSelfFeature));
+  EXPECT_FALSE(policy2->isFeatureEnabled(&kDefaultOffFeature));
+}
+
+TEST_F(FeaturePolicyTest, TestCrossOriginChildCannotEnableFeature) {
+  // +---------------------------------------+
+  // |(1) Origin A                           |
+  // |No Policy                              |
+  // | +-----------------------------------+ |
+  // | |(2) Origin B                       | |
+  // | |Policy: {"default-self": ["self"]} | |
+  // | +-----------------------------------+ |
+  // +---------------------------------------+
+  // Default-self feature should be disabled in cross origin frame, even if no
+  // policy was specified in the parent frame.
+  Vector<String> messages;
+  FeaturePolicy* policy1 = createFromParentPolicy(nullptr, m_originA);
+  FeaturePolicy* policy2 = createFromParentPolicy(policy1, m_originB);
+  policy2->setHeaderPolicy("{\"default-self\": [\"self\"]}", messages);
+  EXPECT_EQ(0UL, messages.size());
+  EXPECT_FALSE(policy2->isFeatureEnabled(&kDefaultSelfFeature));
+}
+
+TEST_F(FeaturePolicyTest, TestFrameSelfInheritance) {
+  // +------------------------------------------+
+  // |(1) Origin A                              |
+  // |Policy: {"default-self": ["self"]}        |
+  // | +-----------------+  +-----------------+ |
+  // | |(2) Origin A     |  |(4) Origin B     | |
+  // | |No Policy        |  |No Policy        | |
+  // | | +-------------+ |  | +-------------+ | |
+  // | | |(3)Origin A  | |  | |(5)Origin B  | | |
+  // | | |No Policy    | |  | |No Policy    | | |
+  // | | +-------------+ |  | +-------------+ | |
+  // | +-----------------+  +-----------------+ |
+  // +------------------------------------------+
+  // Feature should be enabled at the top-level, and through the chain of
+  // same-origin frames 2 and 3. It should be disabled in frames 4 and 5, as
+  // they are at a different origin.
+  Vector<String> messages;
+  FeaturePolicy* policy1 = createFromParentPolicy(nullptr, m_originA);
+  policy1->setHeaderPolicy("{\"default-self\": [\"self\"]}", messages);
+  EXPECT_EQ(0UL, messages.size());
+  FeaturePolicy* policy2 = createFromParentPolicy(policy1, m_originA);
+  FeaturePolicy* policy3 = createFromParentPolicy(policy2, m_originA);
+  FeaturePolicy* policy4 = createFromParentPolicy(policy1, m_originB);
+  FeaturePolicy* policy5 = createFromParentPolicy(policy4, m_originB);
+  EXPECT_TRUE(policy2->isFeatureEnabled(&kDefaultSelfFeature));
+  EXPECT_TRUE(policy3->isFeatureEnabled(&kDefaultSelfFeature));
+  EXPECT_FALSE(policy4->isFeatureEnabled(&kDefaultSelfFeature));
+  EXPECT_FALSE(policy5->isFeatureEnabled(&kDefaultSelfFeature));
+}
+
+TEST_F(FeaturePolicyTest, TestReflexiveFrameSelfInheritance) {
+  // +-----------------------------------+
+  // |(1) Origin A                       |
+  // |Policy: {"default-self": ["self"]} |
+  // | +-----------------+               |
+  // | |(2) Origin B     |               |
+  // | |No Policy        |               |
+  // | | +-------------+ |               |
+  // | | |(3)Origin A  | |               |
+  // | | |No Policy    | |               |
+  // | | +-------------+ |               |
+  // | +-----------------+               |
+  // +-----------------------------------+
+  // Feature which is enabled at top-level should be disabled in frame 3, as
+  // it is embedded by frame 2, for which the feature is not enabled.
+  Vector<String> messages;
+  FeaturePolicy* policy1 = createFromParentPolicy(nullptr, m_originA);
+  policy1->setHeaderPolicy("{\"default-self\": [\"self\"]}", messages);
+  EXPECT_EQ(0UL, messages.size());
+  FeaturePolicy* policy2 = createFromParentPolicy(policy1, m_originB);
+  FeaturePolicy* policy3 = createFromParentPolicy(policy2, m_originA);
+  EXPECT_FALSE(policy2->isFeatureEnabled(&kDefaultSelfFeature));
+  EXPECT_FALSE(policy3->isFeatureEnabled(&kDefaultSelfFeature));
+}
+
+TEST_F(FeaturePolicyTest, TestSelectiveFrameInheritance) {
+  // +------------------------------------------+
+  // |(1) Origin A                              |
+  // |Policy: {"default-self": ["Origin B"]}    |
+  // | +-----------------+  +-----------------+ |
+  // | |(2) Origin B     |  |(3) Origin C     | |
+  // | |No Policy        |  |No Policy        | |
+  // | |                 |  | +-------------+ | |
+  // | |                 |  | |(4)Origin B  | | |
+  // | |                 |  | |No Policy    | | |
+  // | |                 |  | +-------------+ | |
+  // | +-----------------+  +-----------------+ |
+  // +------------------------------------------+
+  // Feature should be enabled in second level Origin B frame, but disabled in
+  // Frame 4, because it is embedded by frame 3, where the feature is not
+  // enabled.
+  Vector<String> messages;
+  FeaturePolicy* policy1 = createFromParentPolicy(nullptr, m_originA);
+  policy1->setHeaderPolicy("{\"default-self\": [\"" ORIGIN_B "\"]}", messages);
+  EXPECT_EQ(0UL, messages.size());
+  FeaturePolicy* policy2 = createFromParentPolicy(policy1, m_originB);
+  FeaturePolicy* policy3 = createFromParentPolicy(policy1, m_originC);
+  FeaturePolicy* policy4 = createFromParentPolicy(policy3, m_originB);
+  EXPECT_TRUE(policy2->isFeatureEnabled(&kDefaultSelfFeature));
+  EXPECT_FALSE(policy3->isFeatureEnabled(&kDefaultSelfFeature));
+  EXPECT_FALSE(policy4->isFeatureEnabled(&kDefaultSelfFeature));
+}
+
+TEST_F(FeaturePolicyTest, TestPolicyCanBlockSelf) {
+  // +----------------------------+
+  // |(1)Origin A                 |
+  // |Policy: {"default-on": []}  |
+  // +----------------------------+
+  // Default-on feature should be disabled in top-level frame.
+  Vector<String> messages;
+  FeaturePolicy* policy1 = createFromParentPolicy(nullptr, m_originA);
+  policy1->setHeaderPolicy("{\"default-on\": []}", messages);
+  EXPECT_EQ(0UL, messages.size());
+  EXPECT_FALSE(policy1->isFeatureEnabled(&kDefaultOnFeature));
+}
+
+TEST_F(FeaturePolicyTest, TestParentPolicyBlocksSameOriginChildPolicy) {
+  // +----------------------------+
+  // |(1)Origin A                 |
+  // |Policy: {"default-on": []}  |
+  // | +-------------+            |
+  // | |(2)Origin A  |            |
+  // | |No Policy    |            |
+  // | +-------------+            |
+  // +----------------------------+
+  // Feature should be disabled in child frame.
+  Vector<String> messages;
+  FeaturePolicy* policy1 = createFromParentPolicy(nullptr, m_originA);
+  policy1->setHeaderPolicy("{\"default-on\": []}", messages);
+  EXPECT_EQ(0UL, messages.size());
+  FeaturePolicy* policy2 = createFromParentPolicy(policy1, m_originA);
+  EXPECT_FALSE(policy2->isFeatureEnabled(&kDefaultOnFeature));
+}
+
+TEST_F(FeaturePolicyTest, TestChildPolicyCanBlockSelf) {
+  // +--------------------------------+
+  // |(1)Origin A                     |
+  // |No Policy                       |
+  // | +----------------------------+ |
+  // | |(2)Origin B                 | |
+  // | |Policy: {"default-on": []}  | |
+  // | +----------------------------+ |
+  // +--------------------------------+
+  // Default-on feature should be disabled by cross-origin child frame.
+  Vector<String> messages;
+  FeaturePolicy* policy1 = createFromParentPolicy(nullptr, m_originA);
+  FeaturePolicy* policy2 = createFromParentPolicy(policy1, m_originB);
+  policy2->setHeaderPolicy("{\"default-on\": []}", messages);
+  EXPECT_EQ(0UL, messages.size());
+  EXPECT_FALSE(policy2->isFeatureEnabled(&kDefaultOnFeature));
+}
+
+TEST_F(FeaturePolicyTest, TestChildPolicyCanBlockChildren) {
+  // +--------------------------------------+
+  // |(1)Origin A                           |
+  // |No Policy                             |
+  // | +----------------------------------+ |
+  // | |(2)Origin B                       | |
+  // | |Policy: {"default-on": ["self"]}  | |
+  // | | +-------------+                  | |
+  // | | |(3)Origin C  |                  | |
+  // | | |No Policy    |                  | |
+  // | | +-------------+                  | |
+  // | +----------------------------------+ |
+  // +--------------------------------------+
+  // Default-on feature should be enabled in frames 1 and 2; disabled in frame
+  // 3 by child frame policy.
+  Vector<String> messages;
+  FeaturePolicy* policy1 = createFromParentPolicy(nullptr, m_originA);
+  FeaturePolicy* policy2 = createFromParentPolicy(policy1, m_originB);
+  policy2->setHeaderPolicy("{\"default-on\": [\"self\"]}", messages);
+  EXPECT_EQ(0UL, messages.size());
+  FeaturePolicy* policy3 = createFromParentPolicy(policy2, m_originC);
+  EXPECT_TRUE(policy2->isFeatureEnabled(&kDefaultOnFeature));
+  EXPECT_FALSE(policy3->isFeatureEnabled(&kDefaultOnFeature));
+}
+
+TEST_F(FeaturePolicyTest, TestParentPolicyBlocksCrossOriginChildPolicy) {
+  // +----------------------------+
+  // |(1)Origin A                 |
+  // |Policy: {"default-on": []}  |
+  // | +-------------+            |
+  // | |(2)Origin B  |            |
+  // | |No Policy    |            |
+  // | +-------------+            |
+  // +----------------------------+
+  // Default-on feature should be disabled in cross-origin child frame.
+  Vector<String> messages;
+  FeaturePolicy* policy1 = createFromParentPolicy(nullptr, m_originA);
+  policy1->setHeaderPolicy("{\"default-on\": []}", messages);
+  EXPECT_EQ(0UL, messages.size());
+  FeaturePolicy* policy2 = createFromParentPolicy(policy1, m_originB);
+  EXPECT_FALSE(policy2->isFeatureEnabled(&kDefaultOnFeature));
+}
+
+TEST_F(FeaturePolicyTest, TestEnableForAllOrigins) {
+  // +--------------------------------+
+  // |(1) Origin A                    |
+  // |Policy: {"default-self": ["*"]} |
+  // | +-----------------+            |
+  // | |(2) Origin B     |            |
+  // | |No Policy        |            |
+  // | | +-------------+ |            |
+  // | | |(3)Origin A  | |            |
+  // | | |No Policy    | |            |
+  // | | +-------------+ |            |
+  // | +-----------------+            |
+  // +--------------------------------+
+  // Feature should be enabled in top and second level; disabled in frame 3.
+  Vector<String> messages;
+  FeaturePolicy* policy1 = createFromParentPolicy(nullptr, m_originA);
+  policy1->setHeaderPolicy("{\"default-self\": [\"*\"]}", messages);
+  EXPECT_EQ(0UL, messages.size());
+  FeaturePolicy* policy2 = createFromParentPolicy(policy1, m_originB);
+  FeaturePolicy* policy3 = createFromParentPolicy(policy2, m_originA);
+  EXPECT_TRUE(policy1->isFeatureEnabled(&kDefaultSelfFeature));
+  EXPECT_TRUE(policy2->isFeatureEnabled(&kDefaultSelfFeature));
+  EXPECT_FALSE(policy3->isFeatureEnabled(&kDefaultSelfFeature));
+}
+
+TEST_F(FeaturePolicyTest, TestDefaultOnEnablesForAllAncestors) {
+  // +---------------------------------------+
+  // |(1) Origin A                           |
+  // |Policy: {"default-on": ["Origin B"]}   |
+  // | +-----------------------------------+ |
+  // | |(2) Origin B                       | |
+  // | |No Policy                          | |
+  // | | +-------------+   +-------------+ | |
+  // | | |(3)Origin B  |   |(4)Origin C  | | |
+  // | | |No Policy    |   |No Policy    | | |
+  // | | +-------------+   +-------------+ | |
+  // | +-----------------------------------+ |
+  // +---------------------------------------+
+  // Feature should be disabled in frame 1; enabled in frames 2, 3 and 4.
+  Vector<String> messages;
+  FeaturePolicy* policy1 = createFromParentPolicy(nullptr, m_originA);
+  policy1->setHeaderPolicy("{\"default-on\": [\"" ORIGIN_B "\"]}", messages);
+  EXPECT_EQ(0UL, messages.size());
+  FeaturePolicy* policy2 = createFromParentPolicy(policy1, m_originB);
+  FeaturePolicy* policy3 = createFromParentPolicy(policy2, m_originB);
+  FeaturePolicy* policy4 = createFromParentPolicy(policy2, m_originC);
+  EXPECT_FALSE(policy1->isFeatureEnabled(&kDefaultOnFeature));
+  EXPECT_TRUE(policy2->isFeatureEnabled(&kDefaultOnFeature));
+  EXPECT_TRUE(policy3->isFeatureEnabled(&kDefaultOnFeature));
+  EXPECT_TRUE(policy4->isFeatureEnabled(&kDefaultOnFeature));
+}
+
+TEST_F(FeaturePolicyTest, TestDefaultSelfRespectsSameOriginEmbedding) {
+  // +---------------------------------------+
+  // |(1) Origin A                           |
+  // |Policy: {"default-self": ["Origin B"]} |
+  // | +-----------------------------------+ |
+  // | |(2) Origin B                       | |
+  // | |No Policy                          | |
+  // | | +-------------+   +-------------+ | |
+  // | | |(3)Origin B  |   |(4)Origin C  | | |
+  // | | |No Policy    |   |No Policy    | | |
+  // | | +-------------+   +-------------+ | |
+  // | +-----------------------------------+ |
+  // +---------------------------------------+
+  // Feature should be disabled in frames 1 and 4; enabled in frames 2 and 3.
+  Vector<String> messages;
+  FeaturePolicy* policy1 = createFromParentPolicy(nullptr, m_originA);
+  policy1->setHeaderPolicy("{\"default-self\": [\"" ORIGIN_B "\"]}", messages);
+  EXPECT_EQ(0UL, messages.size());
+  FeaturePolicy* policy2 = createFromParentPolicy(policy1, m_originB);
+  FeaturePolicy* policy3 = createFromParentPolicy(policy2, m_originB);
+  FeaturePolicy* policy4 = createFromParentPolicy(policy2, m_originC);
+  EXPECT_FALSE(policy1->isFeatureEnabled(&kDefaultSelfFeature));
+  EXPECT_TRUE(policy2->isFeatureEnabled(&kDefaultSelfFeature));
+  EXPECT_TRUE(policy3->isFeatureEnabled(&kDefaultSelfFeature));
+  EXPECT_FALSE(policy4->isFeatureEnabled(&kDefaultSelfFeature));
+}
+
+TEST_F(FeaturePolicyTest, TestDefaultOffMustBeDelegatedToAllCrossOriginFrames) {
+  // +---------------------------------------+
+  // |(1) Origin A                           |
+  // |Policy: {"default-off": ["Origin B"]}  |
+  // | +-----------------------------------+ |
+  // | |(2) Origin B                       | |
+  // | |No Policy                          | |
+  // | | +-------------+   +-------------+ | |
+  // | | |(3)Origin B  |   |(4)Origin C  | | |
+  // | | |No Policy    |   |No Policy    | | |
+  // | | +-------------+   +-------------+ | |
+  // | +-----------------------------------+ |
+  // +---------------------------------------+
+  // Feature should be disabled in frames 1, 3 and 4; enabled in frame 2 only.
+  Vector<String> messages;
+  FeaturePolicy* policy1 = createFromParentPolicy(nullptr, m_originA);
+  policy1->setHeaderPolicy("{\"default-off\": [\"" ORIGIN_B "\"]}", messages);
+  EXPECT_EQ(0UL, messages.size());
+  FeaturePolicy* policy2 = createFromParentPolicy(policy1, m_originB);
+  policy2->setHeaderPolicy("{\"default-off\": [\"self\"]}", messages);
+  FeaturePolicy* policy3 = createFromParentPolicy(policy2, m_originB);
+  FeaturePolicy* policy4 = createFromParentPolicy(policy2, m_originC);
+  policy4->setHeaderPolicy("{\"default-off\": [\"self\"]}", messages);
+  EXPECT_FALSE(policy1->isFeatureEnabled(&kDefaultOffFeature));
+  EXPECT_TRUE(policy2->isFeatureEnabled(&kDefaultOffFeature));

[raymes, 2016/10/23 23:31:05]

Hmm, the code here doesn't seem to match what's in the diagram. (2) sets a
header policy of "self", same with (4). Without that, I think this line should
evaluate to FALSE as well - that is, (2) falls back to the default policy which
is to have the feature disabled in itself, even though the parent allows the
feature to be enabled there.

[iclelland, 2016/10/24 05:14:32]

Thanks, you're right -- I forgot to update the diagram there to match that.

+  EXPECT_FALSE(policy3->isFeatureEnabled(&kDefaultOffFeature));
+  EXPECT_FALSE(policy4->isFeatureEnabled(&kDefaultOffFeature));
+}
+
+TEST_F(FeaturePolicyTest, TestReenableForAllOrigins) {
+  // +------------------------------------+
+  // |(1) Origin A                        |
+  // |Policy: {"default-self": ["*"]}     |
+  // | +--------------------------------+ |
+  // | |(2) Origin B                    | |
+  // | |Policy: {"default-self": ["*"]} | |
+  // | | +-------------+                | |
+  // | | |(3)Origin A  |                | |
+  // | | |No Policy    |                | |
+  // | | +-------------+                | |
+  // | +--------------------------------+ |
+  // +------------------------------------+
+  // Feature should be enabled in all frames.
+  Vector<String> messages;
+  FeaturePolicy* policy1 = createFromParentPolicy(nullptr, m_originA);
+  policy1->setHeaderPolicy("{\"default-self\": [\"*\"]}", messages);
+  EXPECT_EQ(0UL, messages.size());
+  FeaturePolicy* policy2 = createFromParentPolicy(policy1, m_originB);
+  policy2->setHeaderPolicy("{\"default-self\": [\"*\"]}", messages);
+  EXPECT_EQ(0UL, messages.size());
+  FeaturePolicy* policy3 = createFromParentPolicy(policy2, m_originA);
+  EXPECT_TRUE(policy1->isFeatureEnabled(&kDefaultSelfFeature));
+  EXPECT_TRUE(policy2->isFeatureEnabled(&kDefaultSelfFeature));
+  EXPECT_TRUE(policy3->isFeatureEnabled(&kDefaultSelfFeature));
+}
+
+TEST_F(FeaturePolicyTest, TestBlockedFrameCannotReenable) {
+  // +--------------------------------------+
+  // |(1)Origin A                           |
+  // |Policy: {"default-self": ["self"]}    |
+  // | +----------------------------------+ |
+  // | |(2)Origin B                       | |
+  // | |Policy: {"default-self": ["*"]}   | |
+  // | | +-------------+  +-------------+ | |
+  // | | |(3)Origin A  |  |(4)Origin C  | | |
+  // | | |No Policy    |  |No Policy    | | |
+  // | | +-------------+  +-------------+ | |
+  // | +----------------------------------+ |
+  // +--------------------------------------+
+  // Feature should be enabled at the top level; disabled in all other frames.
+  Vector<String> messages;
+  FeaturePolicy* policy1 = createFromParentPolicy(nullptr, m_originA);
+  policy1->setHeaderPolicy("{\"default-self\": [\"self\"]}", messages);
+  EXPECT_EQ(0UL, messages.size());
+  FeaturePolicy* policy2 = createFromParentPolicy(policy1, m_originB);
+  policy2->setHeaderPolicy("{\"default-self\": [\"*\"]}", messages);
+  EXPECT_EQ(0UL, messages.size());
+  FeaturePolicy* policy3 = createFromParentPolicy(policy2, m_originA);
+  FeaturePolicy* policy4 = createFromParentPolicy(policy2, m_originC);
+  EXPECT_TRUE(policy1->isFeatureEnabled(&kDefaultSelfFeature));
+  EXPECT_FALSE(policy2->isFeatureEnabled(&kDefaultSelfFeature));
+  EXPECT_FALSE(policy3->isFeatureEnabled(&kDefaultSelfFeature));
+  EXPECT_FALSE(policy4->isFeatureEnabled(&kDefaultSelfFeature));
+}
+
+TEST_F(FeaturePolicyTest, TestEnabledFrameCanDelegate) {
+  // +---------------------------------------------------+
+  // |(1) Origin A                                       |
+  // |Policy: {"default-self": ["self", "Origin B"]}     |
+  // | +-----------------------------------------------+ |
+  // | |(2) Origin B                                   | |
+  // | |Policy: {"default-self": ["self", "Origin C"]} | |
+  // | | +-------------+                               | |
+  // | | |(3)Origin C  |                               | |
+  // | | |No Policy    |                               | |
+  // | | +-------------+                               | |
+  // | +-----------------------------------------------+ |
+  // +---------------------------------------------------+
+  // Feature should be enabled in all frames.
+  Vector<String> messages;
+  FeaturePolicy* policy1 = createFromParentPolicy(nullptr, m_originA);
+  policy1->setHeaderPolicy("{\"default-self\": [\"self\", \"" ORIGIN_B "\"]}",
+                           messages);
+  EXPECT_EQ(0UL, messages.size());
+  FeaturePolicy* policy2 = createFromParentPolicy(policy1, m_originB);
+  policy2->setHeaderPolicy("{\"default-self\": [\"self\", \"" ORIGIN_C "\"]}",
+                           messages);
+  EXPECT_EQ(0UL, messages.size());
+  FeaturePolicy* policy3 = createFromParentPolicy(policy2, m_originC);
+  EXPECT_TRUE(policy1->isFeatureEnabled(&kDefaultSelfFeature));
+  EXPECT_TRUE(policy2->isFeatureEnabled(&kDefaultSelfFeature));
+  EXPECT_TRUE(policy3->isFeatureEnabled(&kDefaultSelfFeature));
+}
+
+TEST_F(FeaturePolicyTest, TestEnabledFrameCanDelegateByDefault) {
+  // +-----------------------------------------------+
+  // |(1) Origin A                                   |
+  // |Policy: {"default-on": ["self", "Origin B"]}   |
+  // | +--------------------+ +--------------------+ |
+  // | |(2) Origin B        | | (4) Origin C       | |
+  // | |No Policy           | | No Policy          | |
+  // | | +-------------+    | |                    | |
+  // | | |(3)Origin C  |    | |                    | |
+  // | | |No Policy    |    | |                    | |
+  // | | +-------------+    | |                    | |
+  // | +--------------------+ +--------------------+ |
+  // +-----------------------------------------------+
+  // Feature should be enabled in frames 1, 2, and 3, and disabled in frame 4.
+  Vector<String> messages;
+  FeaturePolicy* policy1 = createFromParentPolicy(nullptr, m_originA);
+  policy1->setHeaderPolicy("{\"default-on\": [\"self\", \"" ORIGIN_B "\"]}",
+                           messages);
+  EXPECT_EQ(0UL, messages.size());
+  FeaturePolicy* policy2 = createFromParentPolicy(policy1, m_originB);
+  FeaturePolicy* policy3 = createFromParentPolicy(policy2, m_originC);
+  FeaturePolicy* policy4 = createFromParentPolicy(policy1, m_originC);
+  EXPECT_TRUE(policy1->isFeatureEnabled(&kDefaultOnFeature));
+  EXPECT_TRUE(policy2->isFeatureEnabled(&kDefaultOnFeature));
+  EXPECT_TRUE(policy3->isFeatureEnabled(&kDefaultOnFeature));
+  EXPECT_FALSE(policy4->isFeatureEnabled(&kDefaultOnFeature));
+}
+
+TEST_F(FeaturePolicyTest, TestNonNestedFeaturesDontDelegateByDefault) {
+  // +-----------------------------------------------+
+  // |(1) Origin A                                   |
+  // |Policy: {"default-self": ["self", "Origin B"]} |
+  // | +--------------------+ +--------------------+ |
+  // | |(2) Origin B        | | (4) Origin C       | |
+  // | |No Policy           | | No Policy          | |
+  // | | +-------------+    | |                    | |
+  // | | |(3)Origin C  |    | |                    | |
+  // | | |No Policy    |    | |                    | |
+  // | | +-------------+    | |                    | |
+  // | +--------------------+ +--------------------+ |
+  // +-----------------------------------------------+
+  // Feature should be enabled in frames 1 and 2, and disabled in frames 3 and
+  // 4.
+  Vector<String> messages;
+  FeaturePolicy* policy1 = createFromParentPolicy(nullptr, m_originA);
+  policy1->setHeaderPolicy("{\"default-self\": [\"self\", \"" ORIGIN_B "\"]}",
+                           messages);
+  EXPECT_EQ(0UL, messages.size());
+  FeaturePolicy* policy2 = createFromParentPolicy(policy1, m_originB);
+  FeaturePolicy* policy3 = createFromParentPolicy(policy2, m_originC);
+  FeaturePolicy* policy4 = createFromParentPolicy(policy1, m_originC);
+  EXPECT_TRUE(policy1->isFeatureEnabled(&kDefaultSelfFeature));
+  EXPECT_TRUE(policy2->isFeatureEnabled(&kDefaultSelfFeature));
+  EXPECT_FALSE(policy3->isFeatureEnabled(&kDefaultSelfFeature));
+  EXPECT_FALSE(policy4->isFeatureEnabled(&kDefaultSelfFeature));
+}
+
+TEST_F(FeaturePolicyTest, TestFeaturesAreIndependent) {
+  // +-----------------------------------------------+
+  // |(1) Origin A                                   |
+  // |Policy: {"default-self": ["self", "Origin B"], |
+  // |         "default-on": ["self"]}               |
+  // | +-------------------------------------------+ |
+  // | |(2) Origin B                               | |
+  // | |Policy: {"default-self": ["*"],            | |
+  // | |         "default-on": ["*"]}              | |
+  // | | +-------------+                           | |
+  // | | |(3)Origin C  |                           | |
+  // | | |No Policy    |                           | |
+  // | | +-------------+                           | |
+  // | +-------------------------------------------+ |
+  // +-----------------------------------------------+
+  // Vibrate feature should be enabled in all frames; Docwrite feature
+  // should be enabled in frame 1, and disabled in frames 2 and 3.
+  Vector<String> messages;
+  FeaturePolicy* policy1 = createFromParentPolicy(nullptr, m_originA);
+  policy1->setHeaderPolicy("{\"default-self\": [\"self\", \"" ORIGIN_B
+                           "\"], \"default-on\": [\"self\"]}",
+                           messages);
+  EXPECT_EQ(0UL, messages.size());
+  FeaturePolicy* policy2 = createFromParentPolicy(policy1, m_originB);
+  policy2->setHeaderPolicy(
+      "{\"default-self\": [\"*\"], \"default-on\": [\"*\"]}", messages);
+  EXPECT_EQ(0UL, messages.size());
+  FeaturePolicy* policy3 = createFromParentPolicy(policy2, m_originC);
+  EXPECT_TRUE(policy1->isFeatureEnabled(&kDefaultSelfFeature));
+  EXPECT_TRUE(policy1->isFeatureEnabled(&kDefaultOnFeature));
+  EXPECT_TRUE(policy2->isFeatureEnabled(&kDefaultSelfFeature));
+  EXPECT_FALSE(policy2->isFeatureEnabled(&kDefaultOnFeature));
+  EXPECT_TRUE(policy3->isFeatureEnabled(&kDefaultSelfFeature));
+  EXPECT_FALSE(policy3->isFeatureEnabled(&kDefaultOnFeature));
+}
+
+}  // namespace blink