OLD | NEW |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/common/feature_policy/feature_policy.h" | 5 #include "content/common/feature_policy/feature_policy.h" |
6 | 6 |
7 #include "base/macros.h" | 7 #include "base/macros.h" |
8 #include "base/memory/ptr_util.h" | 8 #include "base/memory/ptr_util.h" |
9 #include "base/stl_util.h" | 9 #include "base/stl_util.h" |
10 | 10 |
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
79 matches_all_origins(matches_all_origins), | 79 matches_all_origins(matches_all_origins), |
80 origins(origins) {} | 80 origins(origins) {} |
81 | 81 |
82 ParsedFeaturePolicyDeclaration::ParsedFeaturePolicyDeclaration( | 82 ParsedFeaturePolicyDeclaration::ParsedFeaturePolicyDeclaration( |
83 const ParsedFeaturePolicyDeclaration& rhs) = default; | 83 const ParsedFeaturePolicyDeclaration& rhs) = default; |
84 | 84 |
85 ParsedFeaturePolicyDeclaration::~ParsedFeaturePolicyDeclaration() {} | 85 ParsedFeaturePolicyDeclaration::~ParsedFeaturePolicyDeclaration() {} |
86 | 86 |
87 FeaturePolicy::Whitelist::Whitelist() : matches_all_origins_(false) {} | 87 FeaturePolicy::Whitelist::Whitelist() : matches_all_origins_(false) {} |
88 | 88 |
| 89 FeaturePolicy::Whitelist::Whitelist(const Whitelist& rhs) = default; |
| 90 |
89 FeaturePolicy::Whitelist::~Whitelist() = default; | 91 FeaturePolicy::Whitelist::~Whitelist() = default; |
90 | 92 |
91 void FeaturePolicy::Whitelist::Add(const url::Origin& origin) { | 93 void FeaturePolicy::Whitelist::Add(const url::Origin& origin) { |
92 origins_.push_back(origin); | 94 origins_.push_back(origin); |
93 } | 95 } |
94 | 96 |
95 void FeaturePolicy::Whitelist::AddAll() { | 97 void FeaturePolicy::Whitelist::AddAll() { |
96 matches_all_origins_ = true; | 98 matches_all_origins_ = true; |
97 } | 99 } |
98 | 100 |
99 bool FeaturePolicy::Whitelist::Contains(const url::Origin& origin) const { | 101 bool FeaturePolicy::Whitelist::Contains(const url::Origin& origin) const { |
| 102 // This does not handle the case where origin is an opaque origin, which is |
| 103 // also supposed to exist in the whitelist. (The identical opaque origins |
| 104 // should match in that case) |
| 105 // TODO(iclelland): Fix that, possibly by having another flag for |
| 106 // 'matches_self', which will explicitly match the policy's origin. |
| 107 // https://crbug.com/690520 |
100 if (matches_all_origins_) | 108 if (matches_all_origins_) |
101 return true; | 109 return true; |
102 for (const auto& targetOrigin : origins_) { | 110 for (const auto& targetOrigin : origins_) { |
103 if (targetOrigin.IsSameOriginWith(origin)) | 111 if (targetOrigin.IsSameOriginWith(origin)) |
104 return true; | 112 return true; |
105 } | 113 } |
106 return false; | 114 return false; |
107 } | 115 } |
108 | 116 |
109 // static | 117 // static |
110 std::unique_ptr<FeaturePolicy> FeaturePolicy::CreateFromParentPolicy( | 118 std::unique_ptr<FeaturePolicy> FeaturePolicy::CreateFromParentPolicy( |
111 const FeaturePolicy* parent_policy, | 119 const FeaturePolicy* parent_policy, |
112 const ParsedFeaturePolicyHeader* container_policy, | 120 const ParsedFeaturePolicyHeader& container_policy, |
113 const url::Origin& origin) { | 121 const url::Origin& origin) { |
114 return CreateFromParentPolicy(parent_policy, container_policy, origin, | 122 return CreateFromParentPolicy(parent_policy, container_policy, origin, |
115 GetDefaultFeatureList()); | 123 GetDefaultFeatureList()); |
116 } | 124 } |
117 | 125 |
| 126 // static |
| 127 std::unique_ptr<FeaturePolicy> FeaturePolicy::CreateFromPolicyWithOrigin( |
| 128 const FeaturePolicy& policy, |
| 129 const url::Origin& origin) { |
| 130 std::unique_ptr<FeaturePolicy> new_policy = |
| 131 base::WrapUnique(new FeaturePolicy(origin, policy.feature_list_)); |
| 132 new_policy->inherited_policies_ = policy.inherited_policies_; |
| 133 for (const auto& feature : policy.whitelists_) { |
| 134 new_policy->whitelists_[feature.first] = |
| 135 base::WrapUnique(new Whitelist(*feature.second)); |
| 136 } |
| 137 return new_policy; |
| 138 } |
| 139 |
| 140 bool FeaturePolicy::IsFeatureEnabled( |
| 141 blink::WebFeaturePolicyFeature feature) const { |
| 142 return IsFeatureEnabledForOrigin(feature, origin_); |
| 143 } |
| 144 |
118 bool FeaturePolicy::IsFeatureEnabledForOrigin( | 145 bool FeaturePolicy::IsFeatureEnabledForOrigin( |
119 blink::WebFeaturePolicyFeature feature, | 146 blink::WebFeaturePolicyFeature feature, |
120 const url::Origin& origin) const { | 147 const url::Origin& origin) const { |
121 DCHECK(base::ContainsKey(feature_list_, feature)); | 148 DCHECK(base::ContainsKey(feature_list_, feature)); |
122 const FeaturePolicy::Feature* feature_definition = feature_list_.at(feature); | 149 const FeaturePolicy::Feature* feature_definition = feature_list_.at(feature); |
123 DCHECK(base::ContainsKey(inherited_policies_, feature)); | 150 DCHECK(base::ContainsKey(inherited_policies_, feature)); |
124 if (!inherited_policies_.at(feature)) | 151 if (!inherited_policies_.at(feature)) |
125 return false; | 152 return false; |
126 auto whitelist = whitelists_.find(feature); | 153 auto whitelist = whitelists_.find(feature); |
127 if (whitelist != whitelists_.end()) | 154 if (whitelist != whitelists_.end()) |
128 return whitelist->second->Contains(origin); | 155 return whitelist->second->Contains(origin); |
129 if (feature_definition->default_policy == | 156 if (feature_definition->default_policy == |
130 FeaturePolicy::FeatureDefault::EnableForAll) { | 157 FeaturePolicy::FeatureDefault::EnableForAll) { |
131 return true; | 158 return true; |
132 } | 159 } |
133 if (feature_definition->default_policy == | 160 if (feature_definition->default_policy == |
134 FeaturePolicy::FeatureDefault::EnableForSelf) { | 161 FeaturePolicy::FeatureDefault::EnableForSelf) { |
135 return origin_.IsSameOriginWith(origin); | 162 // TODO(iclelland): Remove the pointer equality check once it is possible to |
| 163 // compare opaque origins successfully against themselves. |
| 164 // https://crbug.com/690520 |
| 165 return (&origin_ == &origin) || origin_.IsSameOriginWith(origin); |
136 } | 166 } |
137 return false; | 167 return false; |
138 } | 168 } |
139 | 169 |
140 bool FeaturePolicy::IsFeatureEnabled( | |
141 blink::WebFeaturePolicyFeature feature) const { | |
142 return IsFeatureEnabledForOrigin(feature, origin_); | |
143 } | |
144 | |
145 void FeaturePolicy::SetHeaderPolicy( | 170 void FeaturePolicy::SetHeaderPolicy( |
146 const ParsedFeaturePolicyHeader& parsed_header) { | 171 const ParsedFeaturePolicyHeader& parsed_header) { |
147 DCHECK(whitelists_.empty()); | 172 DCHECK(whitelists_.empty()); |
148 for (const ParsedFeaturePolicyDeclaration& parsed_declaration : | 173 for (const ParsedFeaturePolicyDeclaration& parsed_declaration : |
149 parsed_header) { | 174 parsed_header) { |
150 blink::WebFeaturePolicyFeature feature = | 175 blink::WebFeaturePolicyFeature feature = |
151 FeatureForName(parsed_declaration.feature_name, feature_list_); | 176 FeatureForName(parsed_declaration.feature_name, feature_list_); |
152 if (feature == blink::WebFeaturePolicyFeature::NotFound) | 177 if (feature == blink::WebFeaturePolicyFeature::NotFound) |
153 continue; | 178 continue; |
154 whitelists_[feature] = WhitelistFromDeclaration(parsed_declaration); | 179 whitelists_[feature] = WhitelistFromDeclaration(parsed_declaration); |
155 } | 180 } |
156 } | 181 } |
157 | 182 |
158 FeaturePolicy::FeaturePolicy(url::Origin origin, | 183 FeaturePolicy::FeaturePolicy(url::Origin origin, |
159 const FeatureList& feature_list) | 184 const FeatureList& feature_list) |
160 : origin_(origin), feature_list_(feature_list) {} | 185 : origin_(origin), feature_list_(feature_list) {} |
161 | 186 |
162 FeaturePolicy::FeaturePolicy(url::Origin origin) | 187 FeaturePolicy::FeaturePolicy(url::Origin origin) |
163 : origin_(origin), feature_list_(GetDefaultFeatureList()) {} | 188 : origin_(origin), feature_list_(GetDefaultFeatureList()) {} |
164 | 189 |
165 FeaturePolicy::~FeaturePolicy() {} | 190 FeaturePolicy::~FeaturePolicy() {} |
166 | 191 |
167 // static | 192 // static |
168 std::unique_ptr<FeaturePolicy> FeaturePolicy::CreateFromParentPolicy( | 193 std::unique_ptr<FeaturePolicy> FeaturePolicy::CreateFromParentPolicy( |
169 const FeaturePolicy* parent_policy, | 194 const FeaturePolicy* parent_policy, |
170 const ParsedFeaturePolicyHeader* container_policy, | 195 const ParsedFeaturePolicyHeader& container_policy, |
171 const url::Origin& origin, | 196 const url::Origin& origin, |
172 const FeaturePolicy::FeatureList& features) { | 197 const FeaturePolicy::FeatureList& features) { |
173 std::unique_ptr<FeaturePolicy> new_policy = | 198 std::unique_ptr<FeaturePolicy> new_policy = |
174 base::WrapUnique(new FeaturePolicy(origin, features)); | 199 base::WrapUnique(new FeaturePolicy(origin, features)); |
175 for (const auto& feature : features) { | 200 for (const auto& feature : features) { |
176 if (!parent_policy || | 201 if (!parent_policy || |
177 parent_policy->IsFeatureEnabledForOrigin(feature.first, origin)) { | 202 parent_policy->IsFeatureEnabledForOrigin(feature.first, origin)) { |
178 new_policy->inherited_policies_[feature.first] = true; | 203 new_policy->inherited_policies_[feature.first] = true; |
179 } else { | 204 } else { |
180 new_policy->inherited_policies_[feature.first] = false; | 205 new_policy->inherited_policies_[feature.first] = false; |
181 } | 206 } |
182 if (container_policy) | 207 if (!container_policy.empty()) |
183 new_policy->AddContainerPolicy(container_policy, parent_policy); | 208 new_policy->AddContainerPolicy(container_policy, parent_policy); |
184 } | 209 } |
185 return new_policy; | 210 return new_policy; |
186 } | 211 } |
187 | 212 |
188 void FeaturePolicy::AddContainerPolicy( | 213 void FeaturePolicy::AddContainerPolicy( |
189 const ParsedFeaturePolicyHeader* container_policy, | 214 const ParsedFeaturePolicyHeader& container_policy, |
190 const FeaturePolicy* parent_policy) { | 215 const FeaturePolicy* parent_policy) { |
191 DCHECK(container_policy); | |
192 DCHECK(parent_policy); | 216 DCHECK(parent_policy); |
193 for (const ParsedFeaturePolicyDeclaration& parsed_declaration : | 217 for (const ParsedFeaturePolicyDeclaration& parsed_declaration : |
194 *container_policy) { | 218 container_policy) { |
195 // If a feature is enabled in the parent frame, and the parent chooses to | 219 // If a feature is enabled in the parent frame, and the parent chooses to |
196 // delegate it to the child frame, using the iframe attribute, then the | 220 // delegate it to the child frame, using the iframe attribute, then the |
197 // feature should be enabled in the child frame. | 221 // feature should be enabled in the child frame. |
198 blink::WebFeaturePolicyFeature feature = | 222 blink::WebFeaturePolicyFeature feature = |
199 FeatureForName(parsed_declaration.feature_name, feature_list_); | 223 FeatureForName(parsed_declaration.feature_name, feature_list_); |
200 if (feature == blink::WebFeaturePolicyFeature::NotFound) | 224 if (feature == blink::WebFeaturePolicyFeature::NotFound) |
201 continue; | 225 continue; |
202 if (WhitelistFromDeclaration(parsed_declaration)->Contains(origin_) && | 226 if (WhitelistFromDeclaration(parsed_declaration)->Contains(origin_) && |
203 parent_policy->IsFeatureEnabled(feature)) { | 227 parent_policy->IsFeatureEnabled(feature)) { |
204 inherited_policies_[feature] = true; | 228 inherited_policies_[feature] = true; |
(...skipping 18 matching lines...) Expand all Loading... |
223 {blink::WebFeaturePolicyFeature::Push, &kPushFeature}, | 247 {blink::WebFeaturePolicyFeature::Push, &kPushFeature}, |
224 {blink::WebFeaturePolicyFeature::SyncScript, &kSyncScript}, | 248 {blink::WebFeaturePolicyFeature::SyncScript, &kSyncScript}, |
225 {blink::WebFeaturePolicyFeature::SyncXHR, &kSyncXHR}, | 249 {blink::WebFeaturePolicyFeature::SyncXHR, &kSyncXHR}, |
226 {blink::WebFeaturePolicyFeature::Usermedia, &kUsermedia}, | 250 {blink::WebFeaturePolicyFeature::Usermedia, &kUsermedia}, |
227 {blink::WebFeaturePolicyFeature::Vibrate, &kVibrateFeature}, | 251 {blink::WebFeaturePolicyFeature::Vibrate, &kVibrateFeature}, |
228 {blink::WebFeaturePolicyFeature::WebRTC, &kWebRTC}})); | 252 {blink::WebFeaturePolicyFeature::WebRTC, &kWebRTC}})); |
229 return default_feature_list; | 253 return default_feature_list; |
230 } | 254 } |
231 | 255 |
232 } // namespace content | 256 } // namespace content |
OLD | NEW |