Feature policy: Add basic algorithm for supporting frame policies.

content/common/feature_policy/feature_policy.h

 // Copyright 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CONTENT_COMMON_FEATURE_POLICY_FEATURE_POLICY_H_
 #define CONTENT_COMMON_FEATURE_POLICY_FEATURE_POLICY_H_
 
 #include <map>
 #include <memory>
 #include <string>
@@ skipping 39 matching lines @@
 // A feature policy declaration is a mapping of a feature name to a whitelist.
 // A set of declarations is a declared policy.
 //
 // Inherited Policy
 // ----------------
 // In addition to the declared policy (which may be empty), every frame has
 // an inherited policy, which is determined by the context in which it is
 // embedded, or by the defaults for each feature in the case of the top-level
 // document.
 //
+// Container Policy
+// ----------------
+// A declared policy can be set on a specific frame by the embedding page using
+// the iframe "allow" attribute, or through attributes such as "allowfullscreen"
+// or "allowpaymentrequest". This is the container policy for the embedded
+// frame.
+//
 // Defaults
 // --------
 // Each defined feature has a default policy, which determines whether the
 // feature is available when no policy has been declared, ans determines how the
 // feature is inherited across origin boundaries.
 //
 // If the default policy  is in effect for a frame, then it controls how the
 // feature is inherited by any cross-origin iframes embedded by the frame. (See
 // the comments below in FeaturePolicy::DefaultPolicy for specifics)
 //
@@ skipping 82 matching lines @@
     FeatureDefault default_policy;
   };
 
   using FeatureList =
       std::map<blink::WebFeaturePolicyFeature, const FeaturePolicy::Feature*>;
 
   ~FeaturePolicy();
 
   static std::unique_ptr<FeaturePolicy> CreateFromParentPolicy(
       const FeaturePolicy* parent_policy,
+      const ParsedFeaturePolicyHeader* container_policy,
       const url::Origin& origin);
 
   // Returns whether or not the given feature is enabled by this policy.
   bool IsFeatureEnabledForOrigin(blink::WebFeaturePolicyFeature feature,
                                  const url::Origin& origin) const;
 
   // Returns whether or not the given feature is enabled for the origin of the
   // document that owns the policy.
   bool IsFeatureEnabled(blink::WebFeaturePolicyFeature feature) const;
 
   // Sets the declared policy from the parsed Feature-Policy HTTP header.
   // Unrecognized features will be ignored.
   void SetHeaderPolicy(const ParsedFeaturePolicyHeader& parsed_header);
 
  private:
   friend class FeaturePolicyTest;
 
   explicit FeaturePolicy(url::Origin origin);
   FeaturePolicy(url::Origin origin, const FeatureList& feature_list);
   static std::unique_ptr<FeaturePolicy> CreateFromParentPolicy(
       const FeaturePolicy* parent_policy,
+      const ParsedFeaturePolicyHeader* container_policy,
       const url::Origin& origin,
       const FeatureList& features);
 
+  // Updates the inherited policy with the declarations from the iframe allow*
+  // attributes.
+  void AddContainerPolicy(const ParsedFeaturePolicyHeader* container_policy,
+                          const FeaturePolicy* parent_policy);
+
   // Returns the list of features which can be controlled by Feature Policy.
   static const FeatureList& GetDefaultFeatureList();
 
   url::Origin origin_;
 
   // Map of feature names to declared whitelists. Any feature which is missing
   // from this map should use the inherited policy.
   std::map<blink::WebFeaturePolicyFeature, std::unique_ptr<Whitelist>>
       whitelists_;
 
   // Records whether or not each feature was enabled for this frame by its
   // parent frame.
   // TODO(iclelland): Generate, instead of this map, a set of bool flags, one
   // for each feature, as all features are supposed to be represented here.
   std::map<blink::WebFeaturePolicyFeature, bool> inherited_policies_;
 
   const FeatureList& feature_list_;
 
   DISALLOW_COPY_AND_ASSIGN(FeaturePolicy);
 };
 
 }  // namespace content
 
 #endif  // CONTENT_COMMON_FEATURE_POLICY_FEATURE_POLICY_H_