[FeaturePolicy] Initial implementation of Feature Policy

third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.h

Index: third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.h
diff --git a/third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.h b/third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.h
new file mode 100644
index 0000000000000000000000000000000000000000..1ca6a27bd21936823446405fa6b11a195edee1aa
--- /dev/null
+++ b/third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.h
@@ -0,0 +1,139 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef FeaturePolicy_h
+#define FeaturePolicy_h
+
+#include "platform/PlatformExport.h"
+#include "platform/heap/Handle.h"
+#include "platform/weborigin/SecurityOrigin.h"
+#include "wtf/RefPtr.h"
+#include "wtf/Vector.h"
+#include "wtf/text/WTFString.h"
+
+namespace blink {
+
+// The FeaturePolicyFeatureDefault enum defines the default enable state for a
+// feature when neither it nor any parent frame have declared an explicit
+// policy. The three possibilities map directly to Feature Policy Whitelist
+// semantics.
+enum FeaturePolicyFeatureDefault {

[dcheng, 2016/10/20 17:41:44]

Nit: prefer enum classes in new code

[iclelland, 2016/10/21 13:38:25]

Done. Renamed values to avoid unnecessary 'k' as well.

+  // Equivalent to []. The feature is never available by default, and can only
+  // be enabled by an explicit policy.
+  kDisableFeatureForAllOrigins,
+
+  // Equivalent to ["self"]. The feature is enabled for top-level frames, but
+  // must be delegated to child frames in order for them to have access.
+  kEnableFeatureForSelf,
+
+  // Equivalent to ["*"]. The feature is enabled by default for all frames, but
+  // can be disabled through policy by any frame, at which point it cannot be
+  // reenabled by any of that frame's children.
+  kEnableFeatureForAllOrigins
+};
+
+// The FeaturePolicyFeature struct is used to define all features under control
+// of Feature Policy. There should only be one instance of this struct for any
+// given feature (declared below).
+struct FeaturePolicyFeature {
+  // The name of the feature, as it should appear in a policy string
+  const char* featureName;
+
+  // Controls whether the feature should be available in the platform by
+  // default, in the absence of any declared policy.
+  FeaturePolicyFeatureDefault defaultPolicy;
+};
+
+// Declarations for all features currently under control of the Feature Policy
+// mechanism should be placed here.
+extern const PLATFORM_EXPORT FeaturePolicyFeature kDocumentCookie;
+extern const PLATFORM_EXPORT FeaturePolicyFeature kDocumentDomain;
+extern const PLATFORM_EXPORT FeaturePolicyFeature kDocumentWrite;
+extern const PLATFORM_EXPORT FeaturePolicyFeature kGeolocationFeature;
+extern const PLATFORM_EXPORT FeaturePolicyFeature kMidiFeature;
+extern const PLATFORM_EXPORT FeaturePolicyFeature kNotificationsFeature;
+extern const PLATFORM_EXPORT FeaturePolicyFeature kPaymentFeature;
+extern const PLATFORM_EXPORT FeaturePolicyFeature kPushFeature;
+extern const PLATFORM_EXPORT FeaturePolicyFeature kSyncScript;
+extern const PLATFORM_EXPORT FeaturePolicyFeature kSyncXHR;
+extern const PLATFORM_EXPORT FeaturePolicyFeature kUsermedia;
+extern const PLATFORM_EXPORT FeaturePolicyFeature kVibrateFeature;
+extern const PLATFORM_EXPORT FeaturePolicyFeature kWebRTC;
+
+class PLATFORM_EXPORT FeaturePolicy final
+    : public GarbageCollectedFinalized<FeaturePolicy> {
+ public:
+  // Represents a collection of origins which make up a whitelist in a feature
+  // policy. This collection may be set to match every origin (corresponding to
+  // the "*" syntax in the policy string, in which case the contains() method
+  // will always return true.
+  class Whitelist final : public GarbageCollectedFinalized<Whitelist> {

[dcheng, 2016/10/20 17:41:44]

I think this doesn't need to be GCed (nor FeaturePolicy itself)

[iclelland, 2016/10/21 13:38:25]

Done; Removed oilpan. I think the pointer management still makes sense, but
please take a look. I ended up adding it as a unique_ptr in Frame.h, which
doesn't seem as clean as Member<T>, but works. An alternative is to make it a
member var, and either implement copy/assign or add functions to reset the state
of the policy, so that it can be updated in FrameLoader.

+   public:
+    Whitelist();
+
+    // Adds a single origin to the whitelist.
+    void add(RefPtr<SecurityOrigin>);
+
+    // Adds all origins to the whitelist.
+    void addAll();
+
+    // Returns true if the given origin has been added to the whitelist.
+    bool contains(const SecurityOrigin&) const;
+    String toString();
+
+    DEFINE_INLINE_VIRTUAL_TRACE() {}
+
+   private:
+    bool m_matchesAllOrigins;
+    Vector<RefPtr<SecurityOrigin>> m_origins;
+  };
+
+  static FeaturePolicy* createFromParentPolicy(const FeaturePolicy* parent,
+                                               RefPtr<SecurityOrigin>);
+
+  // Sets the declared policy from the Feature-Policy HTTP header.
+  void setHeaderPolicy(const String&);
+
+  // Returns whether or not the given feature is enabled by this policy.
+  bool isFeatureEnabledForOrigin(const FeaturePolicyFeature*,
+                                 const SecurityOrigin&) const;
+
+  // Returns whether or not the given feature is enabled for the frame that owns
+  // the policy.
+  bool isFeatureEnabled(const FeaturePolicyFeature*) const;
+
+  // Returns the global feature registry; the set of all features which can be
+  // controlled by Feature Policy.
+  static Vector<const FeaturePolicyFeature*>& getFeatureRegistry();
+
+  String toString();
+
+  DECLARE_VIRTUAL_TRACE();
+
+ private:
+  explicit FeaturePolicy(RefPtr<SecurityOrigin>);
+
+  // Parses a policy string into a set of whitelists for features.
+  HeapHashMap<const FeaturePolicyFeature*, Member<Whitelist>> parse(
+      const String&);
+
+  RefPtr<SecurityOrigin> m_origin;
+
+  // Records whether or not each feature was enabled for this frame by its
+  // parent frame.
+  // TODO(iclelland): Generate, instead of this map, a set of bool flags, one
+  // for each feature, as all features are supposed to be represented here.
+  HashMap<const FeaturePolicyFeature*, bool> m_inheritedFeatures;
+
+  // Map of feature names to declared whitelists. Any feature which is missing
+  // from this map should use the inherited policy.
+  HeapHashMap<const FeaturePolicyFeature*, Member<Whitelist>>
+      m_headerWhitelists;
+
+  DISALLOW_COPY_AND_ASSIGN(FeaturePolicy);
+};
+
+}  // namespace blink
+
+#endif  // FeaturePolicy_h