Issue 2636843003: Move most Feature Policy code into content/

Issue 2636843003: Move most Feature Policy code into content/ (Closed)

Created:
3 years, 11 months ago by iclelland

Modified:
3 years, 10 months ago

Reviewers:
raymes

CC:
chromium-reviews, nasko+codewatch_chromium.org, eae+blinkwatch, dcheng, lunalu1, kinuko+watch, rwlbuis, jam, blink-reviews-dom_chromium.org, dglazkov+blink, darin-cc_chromium.org, gavinp+loader_chromium.org, iclelland, blink-reviews, blink-reviews-bindings_chromium.org, blink-reviews-api_chromium.org, mlamouri+watch-content_chromium.org, creis+watch_chromium.org, sof, loading-reviews_chromium.org, fuzzing_chromium.org, haraken, Nate Chapin, tyoshino+watch_chromium.org, mlamouri+watch-blink_chromium.org, mvanouwerkerk+watch_chromium.org

Target Ref:
refs/pending/heads/master

Project:
chromium

Visibility:
Public.

More Reviews

Description

Move most Feature Policy code into content/ This adds a content::FeaturePolicy object to the FrameTreeNode object which is maintained in parallel with the policy object in the renderer. This also clarifies the difference between a Feature Policy Header (a set of declarations), a Declaration (mapping from a feature to a declared whitelist) and a Policy (a set of defaults inherited from the parent document, as well as a set of whitelists for each feature). BUG= CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:linux_site_isolation

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+799 lines, -1794 lines)			Patch
M	content/browser/frame_host/frame_tree_node.h	View		3 chunks	+4 lines, -1 line	0 comments	Download
M	content/browser/frame_host/frame_tree_node.cc	View		1 chunk	+10 lines, -1 line	0 comments	Download
M	content/browser/frame_host/render_frame_host_impl.h	View		1 chunk	+1 line, -1 line	0 comments	Download
M	content/browser/frame_host/render_frame_host_impl.cc	View		1 chunk	+1 line, -1 line	0 comments	Download
M	content/browser/site_per_process_browsertest.cc	View		2 chunks	+6 lines, -6 lines	0 comments	Download
M	content/child/BUILD.gn	View	1	1 chunk	+2 lines, -0 lines	0 comments	Download
M	content/child/blink_platform_impl.h	View		1 chunk	+9 lines, -0 lines	0 comments	Download
M	content/child/blink_platform_impl.cc	View	1	2 chunks	+21 lines, -0 lines	0 comments	Download
A	content/child/feature_policy/OWNERS	View	1 2	1 chunk	+1 line, -0 lines	0 comments	Download
A	content/child/feature_policy/feature_policy_platform.h	View	1	1 chunk	+28 lines, -0 lines	0 comments	Download
A	content/child/feature_policy/feature_policy_platform.cc	View	1	1 chunk	+48 lines, -0 lines	0 comments	Download
M	content/common/BUILD.gn	View		1 chunk	+2 lines, -0 lines	0 comments	Download
M	content/common/DEPS	View		1 chunk	+1 line, -0 lines	0 comments	Download
A	content/common/feature_policy/OWNERS	View	1 2	1 chunk	+5 lines, -0 lines	0 comments	Download
A +	content/common/feature_policy/feature_policy.h	View	1 2	5 chunks	+91 lines, -93 lines	0 comments	Download
A	content/common/feature_policy/feature_policy.cc	View	1 2	1 chunk	+201 lines, -0 lines	0 comments	Download
A +	content/common/feature_policy/feature_policy_unittest.cc	View		24 chunks	+199 lines, -349 lines	0 comments	Download
M	content/common/frame_messages.h	View		2 chunks	+2 lines, -2 lines	0 comments	Download
M	content/common/frame_replication_state.h	View		3 chunks	+2 lines, -16 lines	0 comments	Download
M	content/common/frame_replication_state.cc	View		1 chunk	+0 lines, -8 lines	0 comments	Download
M	content/renderer/render_frame_impl.h	View		1 chunk	+1 line, -1 line	0 comments	Download
M	content/renderer/render_frame_impl.cc	View	1	3 chunks	+3 lines, -17 lines	0 comments	Download
M	content/renderer/render_frame_proxy.cc	View	1	3 chunks	+2 lines, -17 lines	0 comments	Download
M	content/test/BUILD.gn	View		1 chunk	+1 line, -0 lines	0 comments	Download
M	third_party/WebKit/Source/bindings/core/v8/ConditionalFeatures.h	View		2 chunks	+2 lines, -2 lines	0 comments	Download
M	third_party/WebKit/Source/bindings/core/v8/ConditionalFeatures.cpp	View	1	2 chunks	+19 lines, -10 lines	0 comments	Download
M	third_party/WebKit/Source/core/BUILD.gn	View	1	1 chunk	+0 lines, -1 line	0 comments	Download
M	third_party/WebKit/Source/core/dom/Fullscreen.cpp	View		2 chunks	+8 lines, -3 lines	0 comments	Download
M	third_party/WebKit/Source/core/dom/SecurityContext.h	View		3 chunks	+5 lines, -8 lines	0 comments	Download
M	third_party/WebKit/Source/core/dom/SecurityContext.cpp	View		2 chunks	+8 lines, -5 lines	0 comments	Download
D	third_party/WebKit/Source/core/frame/FeaturePolicyInFrameTest.cpp	View		1 chunk	+0 lines, -133 lines	0 comments	Download
M	third_party/WebKit/Source/core/frame/Frame.h	View		1 chunk	+0 lines, -1 line	0 comments	Download
M	third_party/WebKit/Source/core/loader/FrameLoader.cpp	View		2 chunks	+4 lines, -5 lines	0 comments	Download
M	third_party/WebKit/Source/core/loader/FrameLoaderClient.h	View		1 chunk	+1 line, -1 line	0 comments	Download
M	third_party/WebKit/Source/modules/vibration/NavigatorVibration.cpp	View		1 chunk	+2 lines, -1 line	0 comments	Download
M	third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.h	View		1 chunk	+9 lines, -185 lines	0 comments	Download
M	third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.cpp	View		5 chunks	+11 lines, -209 lines	0 comments	Download
M	third_party/WebKit/Source/platform/feature_policy/FeaturePolicyFuzzer.cpp	View		1 chunk	+1 line, -2 lines	0 comments	Download
M	third_party/WebKit/Source/platform/feature_policy/FeaturePolicyTest.cpp	View		3 chunks	+24 lines, -700 lines	0 comments	Download
M	third_party/WebKit/Source/web/FrameLoaderClientImpl.h	View		1 chunk	+1 line, -1 line	0 comments	Download
M	third_party/WebKit/Source/web/FrameLoaderClientImpl.cpp	View		1 chunk	+1 line, -1 line	0 comments	Download
M	third_party/WebKit/Source/web/WebRemoteFrameImpl.h	View		1 chunk	+1 line, -1 line	0 comments	Download
M	third_party/WebKit/Source/web/WebRemoteFrameImpl.cpp	View		2 chunks	+3 lines, -2 lines	0 comments	Download
M	third_party/WebKit/public/platform/Platform.h	View		2 chunks	+15 lines, -0 lines	0 comments	Download
M	third_party/WebKit/public/platform/WebFeaturePolicy.h	View	1 2	1 chunk	+41 lines, -8 lines	0 comments	Download
M	third_party/WebKit/public/web/WebFrameClient.h	View		1 chunk	+1 line, -1 line	0 comments	Download
M	third_party/WebKit/public/web/WebRemoteFrame.h	View		1 chunk	+1 line, -1 line	0 comments	Download

Dependent Patchsets:

Issue 2653623004 Patch 1

Messages

Total messages: 18 (15 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

iclelland

+r raymes: This is still evolving, but PTAL at the general idea; most of the ...

3 years, 11 months ago (2017-01-17 21:47:11 UTC) #8

raymes

Thanks Ian! Overall this looks great! I was looking at high-level design more than the ...

3 years, 11 months ago (2017-01-19 02:40:57 UTC) #13

iclelland

3 years, 11 months ago (2017-01-19 05:40:40 UTC) #16

https://codereview.chromium.org/2636843003/diff/40001/content/child/blink_pla...
File content/child/blink_platform_impl.cc (right):

https://codereview.chromium.org/2636843003/diff/40001/content/child/blink_pla...
content/child/blink_platform_impl.cc:866:
policy->SetHeaderPolicy(FeaturePolicyHeaderFromWeb(policyHeader));
On 2017/01/19 02:40:57, raymes wrote:
> It looks like we never need to access anything in the
> WebParsedFeaturePolicyHeader in blink. So I was thinking we could potentially
> make it similar to WebFeaturePolicy in the sense that the parsing code lives
in
> content/ and returns an opaque pointer to the header which can be passed
around
> in blink, but always just ends up going back into content. This might save us
> needing these conversion functions to go to/from blink/content classes. It
would
> also save needing to expose those structs publicly. What do you think about
that
> approach? Are there some downsides I'm missing?

I think that might make sense as the final step in this move -- I'm not 100%
certain, though, so I haven't done it yet.

Technically moving it isn't a big deal; It means switching to a different JSON
parser, using the one in base, likely, and switching to using all of those
types, which should be a pretty mechanical change.

The bigger difference to me is that it moves header parsing out of blink, which
(I believe) is different than what we do for all other headers.

https://codereview.chromium.org/2636843003/diff/40001/content/child/blink_pla...
content/child/blink_platform_impl.cc:870: bool
BlinkPlatformImpl::isFeatureEnabledByPolicy(
On 2017/01/19 02:40:56, raymes wrote:
> I don't have a problem with this being a standalone function at all, but I was
> curious why it was easier to do it this way (than to have the function on the
> WebFeaturePolicy object)?

That caused me some grief -- it seems like the obvious way to do it, as a
virtual method on WebFeaturePolicy, taking a WebSecurityOrigin. Implementing
that method in content/common requires linking against all of the code for that
class, and  related classes, from Blink -- that's the reason I was getting
compile failures in the first patch.

I figured the best way out of that mess is to define all of the functions that
deal with WebSecurityOrigin in content/{child,renderer} instead, and have
content/common work only with url::Origin.

(I'll talk to mkwst@ about the plans for unifying the two classes so that we can
eliminate a lot of the conversion functions, but until that happens, I think
this is the cleanest way.)

https://codereview.chromium.org/2636843003/diff/40001/content/child/blink_pla...
content/child/blink_platform_impl.cc:875: //    return
FeaturePolicy::IsFeatureAllowedByDefault("");
On 2017/01/19 02:40:56, raymes wrote:
> Hmm, what is this bit for?

Thanks, that's not moved yet -- it was a placeholder to define the behaviour for
features in case there was no feature policy on the document at all.
That behaviour is actually implemented in
ConditionalFeatures::isFeatureEnabledInFrame, for the case where the runtime
flag is disabled, but I was considering moving it into content/.

https://codereview.chromium.org/2636843003/diff/40001/content/child/feature_p...
File content/child/feature_policy/feature_policy_platform.h (right):

https://codereview.chromium.org/2636843003/diff/40001/content/child/feature_p...
content/child/feature_policy/feature_policy_platform.h:6: #define
CONTENT_CHILD_FEATURE_POLICY_FEATURE_POLICY_PLATFORM_H_
On 2017/01/19 02:40:57, raymes wrote:
> Could be good to add yourself as an owner of this directory and
> content/common/fp 

Good idea, thanks. Done. (Added you as well)

https://codereview.chromium.org/2636843003/diff/40001/content/common/feature_...
File content/common/feature_policy/feature_policy.h (right):

https://codereview.chromium.org/2636843003/diff/40001/content/common/feature_...
content/common/feature_policy/feature_policy.h:119: const
FeaturePolicyParsedDeclaration& parsed_declaration);
On 2017/01/19 02:40:57, raymes wrote:
> Can this just be an implementation detail (standalone function in the cc
file)?

Yes it can, thanks. Done.

https://codereview.chromium.org/2636843003/diff/40001/third_party/WebKit/Sour...
File third_party/WebKit/Source/core/dom/Fullscreen.cpp (right):

https://codereview.chromium.org/2636843003/diff/40001/third_party/WebKit/Sour...
third_party/WebKit/Source/core/dom/Fullscreen.cpp:134:
WebSecurityOrigin(frame->securityContext()->getSecurityOrigin()))) {
On 2017/01/19 02:40:57, raymes wrote:
> I think it's orthogonal to this CL but I'm a bit confused about how this check
> is related to the one below?

It is orthogonal, but: this is a bit of a hack until we land support for
constructing the proper policy given the 'allowfullscreen' iframe attribute.
This check is for when the 'allowfullscreen' attribute is present, and checks
whether the *parent* frame had a feature policy which allowed fullscreen. The
check below is for the opposite case, where this frame does *not* have the
allowfullscreen attribute, but it *does* have a policy which correctly enables
fullscreen anyway.

(And actualy, this code turned out to be wrong; I'm waiting on foolip@ to take a
look at the more-correct-replacement in
https://codereview.chromium.org/2585363002/)

https://codereview.chromium.org/2636843003/diff/40001/third_party/WebKit/Sour...
File third_party/WebKit/Source/core/frame/FeaturePolicyInFrameTest.cpp (left):

https://codereview.chromium.org/2636843003/diff/40001/third_party/WebKit/Sour...
third_party/WebKit/Source/core/frame/FeaturePolicyInFrameTest.cpp:5: #include
"platform/feature_policy/FeaturePolicy.h"
On 2017/01/19 02:40:56, raymes wrote:
> I haven't thought hard about it, but do we lose coverage here?

A bit; I want to put some kind of end-to-end test back in place, but it won't be
able to define new features like this one does. I need to either:
  - figure out how to define test-only-features in this test,
  - Add new features to content shell instead, or
  - Restrict this test to existing features like fullscreen -- that doesn't give
us any coverage of the "off-by-default" type, since we haven't defined any of
those yet.

https://codereview.chromium.org/2636843003/diff/40001/third_party/WebKit/publ...
File third_party/WebKit/public/platform/WebFeaturePolicy.h (right):

https://codereview.chromium.org/2636843003/diff/40001/third_party/WebKit/publ...
third_party/WebKit/public/platform/WebFeaturePolicy.h:41: struct
WebParsedFeature {
On 2017/01/19 02:40:57, raymes wrote:
> Is this class used anymore?

Looks like not; It was only used during the refactor in the
WebParsedFeaturePolicy vector, but that's unused now, too. Thanks for catching
that.

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages