Make content::FeaturePolicy implement WebFeaturePolicy, and use it in blink code

content/common/feature_policy/feature_policy.cc

 // Copyright 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/common/feature_policy/feature_policy.h"
 
 #include "base/macros.h"
 #include "base/memory/ptr_util.h"
 #include "base/stl_util.h"
 
@@ skipping 68 matching lines @@
       matches_all_origins(matches_all_origins),
       origins(origins) {}
 
 ParsedFeaturePolicyDeclaration::ParsedFeaturePolicyDeclaration(
     const ParsedFeaturePolicyDeclaration& rhs) = default;
 
 ParsedFeaturePolicyDeclaration::~ParsedFeaturePolicyDeclaration() {}
 
 FeaturePolicy::Whitelist::Whitelist() : matches_all_origins_(false) {}
 
+FeaturePolicy::Whitelist::Whitelist(const Whitelist& rhs) = default;
+
 FeaturePolicy::Whitelist::~Whitelist() = default;
 
 void FeaturePolicy::Whitelist::Add(const url::Origin& origin) {
   origins_.push_back(origin);
 }
 
 void FeaturePolicy::Whitelist::AddAll() {
   matches_all_origins_ = true;
 }
 
 bool FeaturePolicy::Whitelist::Contains(const url::Origin& origin) const {
+  // This does not handle the case where origin is an opaque origin, which is
+  // also supposed to exist in the whitelist. (The identical opaque origins
+  // should match in that case)
+  // TODO(iclelland): Fix that, possibly by having another flag for
+  // 'matches_self', which will explicitly match the policy's origin.
+  // https://crbug.com/690520
   if (matches_all_origins_)
     return true;
   for (const auto& targetOrigin : origins_) {
     if (targetOrigin.IsSameOriginWith(origin))
       return true;
   }
   return false;
 }
 
 // static
 std::unique_ptr<FeaturePolicy> FeaturePolicy::CreateFromParentPolicy(
     const FeaturePolicy* parent_policy,
-    const ParsedFeaturePolicyHeader* container_policy,
+    const ParsedFeaturePolicyHeader& container_policy,
     const url::Origin& origin) {
   return CreateFromParentPolicy(parent_policy, container_policy, origin,
                                 GetDefaultFeatureList());
 }
 
+// static
+std::unique_ptr<FeaturePolicy> FeaturePolicy::CreateFromPolicyWithOrigin(
+    const FeaturePolicy& policy,
+    const url::Origin& origin) {
+  std::unique_ptr<FeaturePolicy> new_policy =
+      base::WrapUnique(new FeaturePolicy(origin, policy.feature_list_));
+  new_policy->inherited_policies_ = policy.inherited_policies_;
+  for (const auto& feature : policy.whitelists_) {
+    new_policy->whitelists_[feature.first] =
+        base::WrapUnique(new Whitelist(*feature.second));
+  }
+  return new_policy;
+}
+
+bool FeaturePolicy::IsFeatureEnabled(
+    blink::WebFeaturePolicyFeature feature) const {
+  return IsFeatureEnabledForOrigin(feature, origin_);
+}
+
 bool FeaturePolicy::IsFeatureEnabledForOrigin(
     blink::WebFeaturePolicyFeature feature,
     const url::Origin& origin) const {
   DCHECK(base::ContainsKey(feature_list_, feature));
   const FeaturePolicy::Feature* feature_definition = feature_list_.at(feature);
   DCHECK(base::ContainsKey(inherited_policies_, feature));
   if (!inherited_policies_.at(feature))
     return false;
   auto whitelist = whitelists_.find(feature);
   if (whitelist != whitelists_.end())
     return whitelist->second->Contains(origin);
   if (feature_definition->default_policy ==
       FeaturePolicy::FeatureDefault::EnableForAll) {
     return true;
   }
   if (feature_definition->default_policy ==
       FeaturePolicy::FeatureDefault::EnableForSelf) {
-    return origin_.IsSameOriginWith(origin);
+    // TODO(iclelland): Remove the pointer equality check once it is possible to
+    // compare opaque origins successfully against themselves.
+    // https://crbug.com/690520
+    return (&origin_ == &origin) || origin_.IsSameOriginWith(origin);
   }
   return false;
 }
 
-bool FeaturePolicy::IsFeatureEnabled(
-    blink::WebFeaturePolicyFeature feature) const {
-  return IsFeatureEnabledForOrigin(feature, origin_);
-}
-
 void FeaturePolicy::SetHeaderPolicy(
     const ParsedFeaturePolicyHeader& parsed_header) {
   DCHECK(whitelists_.empty());
   for (const ParsedFeaturePolicyDeclaration& parsed_declaration :
        parsed_header) {
     blink::WebFeaturePolicyFeature feature =
         FeatureForName(parsed_declaration.feature_name, feature_list_);
     if (feature == blink::WebFeaturePolicyFeature::NotFound)
       continue;
     whitelists_[feature] = WhitelistFromDeclaration(parsed_declaration);
   }
 }
 
 FeaturePolicy::FeaturePolicy(url::Origin origin,
                              const FeatureList& feature_list)
     : origin_(origin), feature_list_(feature_list) {}
 
 FeaturePolicy::FeaturePolicy(url::Origin origin)
     : origin_(origin), feature_list_(GetDefaultFeatureList()) {}
 
 FeaturePolicy::~FeaturePolicy() {}
 
 // static
 std::unique_ptr<FeaturePolicy> FeaturePolicy::CreateFromParentPolicy(
     const FeaturePolicy* parent_policy,
-    const ParsedFeaturePolicyHeader* container_policy,
+    const ParsedFeaturePolicyHeader& container_policy,
     const url::Origin& origin,
     const FeaturePolicy::FeatureList& features) {
   std::unique_ptr<FeaturePolicy> new_policy =
       base::WrapUnique(new FeaturePolicy(origin, features));
   for (const auto& feature : features) {
     if (!parent_policy ||
         parent_policy->IsFeatureEnabledForOrigin(feature.first, origin)) {
       new_policy->inherited_policies_[feature.first] = true;
     } else {
       new_policy->inherited_policies_[feature.first] = false;
     }
-    if (container_policy)
+    if (!container_policy.empty())
       new_policy->AddContainerPolicy(container_policy, parent_policy);
   }
   return new_policy;
 }
 
 void FeaturePolicy::AddContainerPolicy(
-    const ParsedFeaturePolicyHeader* container_policy,
+    const ParsedFeaturePolicyHeader& container_policy,
     const FeaturePolicy* parent_policy) {
-  DCHECK(container_policy);
   DCHECK(parent_policy);
   for (const ParsedFeaturePolicyDeclaration& parsed_declaration :
-       *container_policy) {
+       container_policy) {
     // If a feature is enabled in the parent frame, and the parent chooses to
     // delegate it to the child frame, using the iframe attribute, then the
     // feature should be enabled in the child frame.
     blink::WebFeaturePolicyFeature feature =
         FeatureForName(parsed_declaration.feature_name, feature_list_);
     if (feature == blink::WebFeaturePolicyFeature::NotFound)
       continue;
     if (WhitelistFromDeclaration(parsed_declaration)->Contains(origin_) &&
         parent_policy->IsFeatureEnabled(feature)) {
       inherited_policies_[feature] = true;
@@ skipping 18 matching lines @@
         {blink::WebFeaturePolicyFeature::Push, &kPushFeature},
         {blink::WebFeaturePolicyFeature::SyncScript, &kSyncScript},
         {blink::WebFeaturePolicyFeature::SyncXHR, &kSyncXHR},
         {blink::WebFeaturePolicyFeature::Usermedia, &kUsermedia},
         {blink::WebFeaturePolicyFeature::Vibrate, &kVibrateFeature},
         {blink::WebFeaturePolicyFeature::WebRTC, &kWebRTC}}));
   return default_feature_list;
 }
 
 }  // namespace content