Move most Feature Policy code into content/

content/common/feature_policy/feature_policy.h

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef FeaturePolicy_h
-#define FeaturePolicy_h
+#ifndef CONTENT_COMMON_FEATURE_POLICY_FEATURE_POLICY_H_
+#define CONTENT_COMMON_FEATURE_POLICY_FEATURE_POLICY_H_
 
-#include "platform/PlatformExport.h"
-#include "platform/weborigin/SecurityOrigin.h"
-#include "public/platform/WebFeaturePolicy.h"
-#include "wtf/RefPtr.h"
-#include "wtf/Vector.h"
-#include "wtf/text/WTFString.h"
+#include <map>
+#include <memory>
+#include <string>
+#include <vector>
 
-#include <memory>
+#include "content/common/content_export.h"
+#include "third_party/WebKit/public/platform/WebFeaturePolicy.h"
+#include "url/origin.h"
 
-namespace blink {
+namespace content {
 
 // Feature Policy is a mechanism for controlling the availability of web
 // platform features in a frame, including all embedded frames. It can be used
 // to remove features, automatically refuse API permission requests, or modify
 // the behaviour of features. (The specific changes which are made depend on the
 // feature; see the specification for details).
 //
 // Policies can be defined in the HTTP header stream, with the |Feature-Policy|
-// HTTP header, or can be set by |enable| and |disable| attributes on the iframe
-// element which embeds the document.
+// HTTP header, or can be set by the |allow| attributes on the iframe element
+// which embeds the document.
 //
 // See https://wicg.github.io/FeaturePolicy/
 //
 // Key concepts:
 //
 // Features
 // --------
-// Features which can be controlled by policy are defined as instances of the
-// FeaturePoliicy::Feature struct. The features are referenced by pointer, so
-// only a single instance of each feature should be defined. The features which
-// are declared in the feature policy specification are all defined in
-// |FeaturePolicy.cpp|.
+// Features which can be controlled by policy are defined by instances of the
+// FeaturePolicy::Feature struct. The features are referenced by the
+// |WebFeaturePolicyFeature| enum, declared in |WebFeaturePolicy.h|.
 //
 // Whitelists
 // ----------
-// Policies are defined as a mapping of feaure names to whitelists. Whitelists
-// are collections of origins, although two special terms can be used when
-// declaring them:
+// Whitelists are collections of origins, although two special terms can be used
+// when declaring them:
 //   "self" refers to the orgin of the frame which is declaring the policy.
 //   "*" refers to all origins; any origin will match a whitelist which contains
 //     it.
 //
+// Declarations
+// ------------
+// A feature policy declaration is a mapping of a feature name to a whitelist.
+// A set of declarations is a declared policy.
+//
+// Inherited Policy
+// ----------------
+// In addition to the declared policy (which may be empty), every frame has
+// an inherited policy, which is determined by the context in which it is
+// embedded, or by the defaults for each feature in the case of the top-level
+// document.
+//
 // Defaults
 // --------
 // Each defined feature has a default policy, which determines whether the
 // feature is available when no policy has been declared, ans determines how the
 // feature is inherited across origin boundaries.
 //
 // If the default policy  is in effect for a frame, then it controls how the
 // feature is inherited by any cross-origin iframes embedded by the frame. (See
 // the comments below in FeaturePolicy::DefaultPolicy for specifics)
 //
 // Policy Inheritance
 // ------------------
 // Policies in effect for a frame are inherited by any child frames it embeds.
 // Unless another policy is declared in the child, all same-origin children will
 // receive the same set of enables features as the parent frame. Whether or not
 // features are inherited by cross-origin iframes without an explicit policy is
 // determined by the feature's default policy. (Again, see the comments in
 // FeaturePolicy::DefaultPolicy for details)
 
-class PLATFORM_EXPORT FeaturePolicy final {
+// This struct holds feature policy whitelist data that needs to be replicated
+// between a RenderFrame and any of its associated RenderFrameProxies. A list of
+// these form a FeaturePolicyHeader.
+// NOTE: These types are used for replication frame state between processes.
+// They exist only because we can't transfer WebVectors directly over IPC.
+struct CONTENT_EXPORT FeaturePolicyParsedDeclaration {
+  FeaturePolicyParsedDeclaration();
+  FeaturePolicyParsedDeclaration(std::string feature_name,
+                                 bool matches_all_origins,
+                                 std::vector<url::Origin> origins);
+  FeaturePolicyParsedDeclaration(const FeaturePolicyParsedDeclaration& rhs);
+  ~FeaturePolicyParsedDeclaration();
+
+  std::string feature_name;
+  bool matches_all_origins;
+  std::vector<url::Origin> origins;
+};
+using FeaturePolicyHeader = std::vector<FeaturePolicyParsedDeclaration>;
+
+class CONTENT_EXPORT FeaturePolicy : public blink::WebFeaturePolicy {
  public:
   // Represents a collection of origins which make up a whitelist in a feature
   // policy. This collection may be set to match every origin (corresponding to
-  // the "*" syntax in the policy string, in which case the contains() method
+  // the "*" syntax in the policy string, in which case the Contains() method
   // will always return true.
   class Whitelist final {
    public:
-    static std::unique_ptr<Whitelist> from(
-        const WebFeaturePolicy::ParsedWhitelist&);
-
     Whitelist();
+    ~Whitelist();
 
     // Adds a single origin to the whitelist.
-    void add(RefPtr<SecurityOrigin>);
+    void Add(const url::Origin& origin);
 
     // Adds all origins to the whitelist.
-    void addAll();
+    void AddAll();
 
     // Returns true if the given origin has been added to the whitelist.
-    bool contains(const SecurityOrigin&) const;
-    String toString();
+    bool Contains(const url::Origin& origin) const;
+
+    // Extracts a Whitelist from a FeaturePolicyParsedDeclaration
+    static std::unique_ptr<Whitelist> FromDeclaration(
+        const FeaturePolicyParsedDeclaration& parsed_declaration);

[raymes, 2017/01/19 02:40:57]

Can this just be an implementation detail (standalone function in the cc file)?

[iclelland, 2017/01/19 05:40:40]

Yes it can, thanks. Done.

 
    private:
-    bool m_matchesAllOrigins;
-    Vector<RefPtr<SecurityOrigin>> m_origins;
+    bool matches_all_origins_;
+    std::vector<url::Origin> origins_;
   };
 
   // The FeaturePolicy::FeatureDefault enum defines the default enable state for
   // a feature when neither it nor any parent frame have declared an explicit
   // policy. The three possibilities map directly to Feature Policy Whitelist
   // semantics.
   enum class FeatureDefault {
     // Equivalent to []. If this default policy is in effect for a frame, then
     // the feature will not be enabled for that frame or any of its children.
     DisableForAll,
 
     // Equivalent to ["self"]. If this default policy is in effect for a frame,
     // then the feature will be enabled for that frame, and any same-origin
     // child frames, but not for any cross-origin child frames.
     EnableForSelf,
 
     // Equivalent to ["*"]. If in effect for a frame, then the feature is
     // enabled for that frame and all of its children.
     EnableForAll
   };
 
   // The FeaturePolicy::Feature struct is used to define all features under
   // control of Feature Policy. There should only be one instance of this struct
   // for any given feature (declared below).
   struct Feature {
     // The name of the feature, as it should appear in a policy string
-    const char* const featureName;
+    const char* const feature_name;
 
     // Controls whether the feature should be available in the platform by
     // default, in the absence of any declared policy.
-    FeatureDefault defaultPolicy;
+    FeatureDefault default_policy;
   };
 
-  using FeatureList = const Vector<const FeaturePolicy::Feature*>;
+  using FeatureList =
+      std::map<blink::WebFeaturePolicyFeature, const FeaturePolicy::Feature*>;
 
-  // Converts a JSON feature policy string into a vector of whitelists, one for
-  // each feature specified. Unrecognized features are parsed and included
-  // but will be filtered out when the policy is constructed. If |messages| is
-  // not null, then any errors in the input will cause an error message to be
-  // appended to it.
-  static WebParsedFeaturePolicy parseFeaturePolicy(const String& policy,
-                                                   RefPtr<SecurityOrigin>,
-                                                   Vector<String>* messages);
+  ~FeaturePolicy() override;
 
-  static std::unique_ptr<FeaturePolicy> createFromParentPolicy(
-      const FeaturePolicy* parent,
-      RefPtr<SecurityOrigin>);
+  static std::unique_ptr<FeaturePolicy> CreateFromParentPolicy(
+      const FeaturePolicy* parent_policy,
+      url::Origin origin);
+
+  // Returns whether or not the given feature is enabled by this policy.
+  bool IsFeatureEnabledForOrigin(blink::WebFeaturePolicyFeature feature,
+                                 url::Origin origin) const;
+
+  // Returns whether or not the given feature is enabled for the origin of the
+  // document that owns the policy.
+  bool IsFeatureEnabled(blink::WebFeaturePolicyFeature feature) const;
 
   // Sets the declared policy from the parsed Feature-Policy HTTP header.
   // Unrecognized features will be ignored.
-  void setHeaderPolicy(const WebParsedFeaturePolicy&);
-
-  // Returns whether or not the given feature is enabled by this policy.
-  bool isFeatureEnabledForOrigin(const Feature&, const SecurityOrigin&) const;
-
-  // Returns whether or not the given feature is enabled for the frame that owns
-  // the policy.
-  bool isFeatureEnabled(const Feature&) const;
-
-  // Returns the list of features which can be controlled by Feature Policy.
-  static FeatureList& getDefaultFeatureList();
-
-  String toString();
+  void SetHeaderPolicy(const FeaturePolicyHeader& parsed_header);
 
  private:
   friend class FeaturePolicyTest;
-  friend class FeaturePolicyInFrameTest;
 
-  FeaturePolicy(RefPtr<SecurityOrigin>, FeatureList& features);
+  explicit FeaturePolicy(url::Origin origin);
+  FeaturePolicy(url::Origin origin, const FeatureList& feature_list);
+  static std::unique_ptr<FeaturePolicy> CreateFromParentPolicy(
+      const FeaturePolicy* parent_policy,
+      url::Origin origin,
+      const FeatureList& features);
 
-  static std::unique_ptr<FeaturePolicy> createFromParentPolicy(
-      const FeaturePolicy* parent,
-      RefPtr<SecurityOrigin>,
-      FeatureList& features);
+  // Returns the list of features which can be controlled by Feature Policy.
+  static const FeatureList& getDefaultFeatureList();
 
-  RefPtr<SecurityOrigin> m_origin;
+  url::Origin origin_;
+
+  // Map of feature names to declared whitelists. Any feature which is missing
+  // from this map should use the inherited policy.
+  std::map<blink::WebFeaturePolicyFeature, std::unique_ptr<Whitelist>>
+      whitelists_;
 
   // Records whether or not each feature was enabled for this frame by its
   // parent frame.
   // TODO(iclelland): Generate, instead of this map, a set of bool flags, one
   // for each feature, as all features are supposed to be represented here.
-  HashMap<const Feature*, bool> m_inheritedFeatures;
+  std::map<blink::WebFeaturePolicyFeature, bool> inherited_policies_;
 
-  // Map of feature names to declared whitelists. Any feature which is missing
-  // from this map should use the inherited policy.
-  HashMap<const Feature*, std::unique_ptr<Whitelist>> m_headerWhitelists;
-
-  // Contains the set of all features which can be controlled by this policy.
-  FeatureList& m_features;
-
-  DISALLOW_COPY_AND_ASSIGN(FeaturePolicy);
+  const FeatureList& feature_list_;
 };
 
-// Declarations for all features currently under control of the Feature Policy
-// mechanism should be placed here.
-extern const PLATFORM_EXPORT FeaturePolicy::Feature kDocumentCookie;
-extern const PLATFORM_EXPORT FeaturePolicy::Feature kDocumentDomain;
-extern const PLATFORM_EXPORT FeaturePolicy::Feature kDocumentWrite;
-extern const PLATFORM_EXPORT FeaturePolicy::Feature kGeolocationFeature;
-extern const PLATFORM_EXPORT FeaturePolicy::Feature kFullscreenFeature;
-extern const PLATFORM_EXPORT FeaturePolicy::Feature kMidiFeature;
-extern const PLATFORM_EXPORT FeaturePolicy::Feature kNotificationsFeature;
-extern const PLATFORM_EXPORT FeaturePolicy::Feature kPaymentFeature;
-extern const PLATFORM_EXPORT FeaturePolicy::Feature kPushFeature;
-extern const PLATFORM_EXPORT FeaturePolicy::Feature kSyncScript;
-extern const PLATFORM_EXPORT FeaturePolicy::Feature kSyncXHR;
-extern const PLATFORM_EXPORT FeaturePolicy::Feature kUsermedia;
-extern const PLATFORM_EXPORT FeaturePolicy::Feature kVibrateFeature;
-extern const PLATFORM_EXPORT FeaturePolicy::Feature kWebRTC;
+}  // namespace content
 
-}  // namespace blink
-
-#endif  // FeaturePolicy_h
+#endif  // CONTENT_COMMON_FEATURE_POLICY_FEATURE_POLICY_H_