Feature policy: Add basic algorithm for supporting frame policies.

third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.h

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef FeaturePolicy_h
 #define FeaturePolicy_h
 
 #include "platform/PlatformExport.h"
 #include "platform/weborigin/SecurityOrigin.h"
 #include "public/platform/WebFeaturePolicy.h"
@@ skipping 29 matching lines @@
 //
 // Whitelists
 // ----------
 // Policies are defined as a mapping of feaure names to whitelists. Whitelists
 // are collections of origins, although two special terms can be used when
 // declaring them:
 //   "self" refers to the orgin of the frame which is declaring the policy.
 //   "*" refers to all origins; any origin will match a whitelist which contains
 //     it.
 //
+// Declarations
+// ------------
+// A feature policy declaration is a mapping of a feature name to a whitelist.
+// A set of declarations is a declared policy.
+//
+// Inherited Policy
+// ----------------
+// In addition to the declared policy (which may be empty), every frame has
+// an inherited policy, which is determined by the context in which it is
+// embedded, or by the defaults for each feature in the case of the top-level
+// document.
+//
+// Container Policy
+// ----------------
+// A declared policy can be set on a specific frame by the embedding page using
+// the iframe "allow" attribute, or through attributes such as "allowfullscreen"
+// or "allowpaymentrequest". This is the container policy for the embedded
+// frame.
+//
 // Defaults
 // --------
 // Each defined feature has a default policy, which determines whether the
 // feature is available when no policy has been declared, ans determines how the
 // feature is inherited across origin boundaries.
 //
 // If the default policy  is in effect for a frame, then it controls how the
 // feature is inherited by any cross-origin iframes embedded by the frame. (See
 // the comments below in FeaturePolicy::DefaultPolicy for specifics)
 //
@@ skipping 72 matching lines @@
   // but will be filtered out when the policy is constructed. If |messages| is
   // not null, then any errors in the input will cause an error message to be
   // appended to it.
   static WebParsedFeaturePolicyHeader parseFeaturePolicy(
       const String& policy,
       RefPtr<SecurityOrigin>,
       Vector<String>* messages);
 
   static std::unique_ptr<FeaturePolicy> createFromParentPolicy(
       const FeaturePolicy* parent,
+      const WebParsedFeaturePolicyHeader* containerPolicy,
       RefPtr<SecurityOrigin>);
 
   // Sets the declared policy from the parsed Feature-Policy HTTP header.
   // Unrecognized features will be ignored.
   void setHeaderPolicy(const WebParsedFeaturePolicyHeader&);
 
   // Returns whether or not the given feature is enabled by this policy.
   bool isFeatureEnabledForOrigin(const Feature&, const SecurityOrigin&) const;
 
   // Returns whether or not the given feature is enabled for the frame that owns
@@ skipping 11 matching lines @@
       const String& feature);
 
  private:
   friend class FeaturePolicyTest;
   friend class FeaturePolicyInFrameTest;
 
   FeaturePolicy(RefPtr<SecurityOrigin>, FeatureList& features);
 
   static std::unique_ptr<FeaturePolicy> createFromParentPolicy(
       const FeaturePolicy* parent,
+      const WebParsedFeaturePolicyHeader* containerPolicy,
       RefPtr<SecurityOrigin>,
       FeatureList& features);
 
+  // Updates the inherited policy with the declarations from the iframe allow*
+  // attributes.
+  void addContainerPolicy(const WebParsedFeaturePolicyHeader* containerPolicy,
+                          const FeaturePolicy* parent);
+
   RefPtr<SecurityOrigin> m_origin;
 
   // Records whether or not each feature was enabled for this frame by its
   // parent frame.
   // TODO(iclelland): Generate, instead of this map, a set of bool flags, one
   // for each feature, as all features are supposed to be represented here.
   HashMap<const Feature*, bool> m_inheritedFeatures;
 
   // Map of feature names to declared whitelists. Any feature which is missing
   // from this map should use the inherited policy.
@@ skipping 18 matching lines @@
 extern const PLATFORM_EXPORT FeaturePolicy::Feature kPushFeature;
 extern const PLATFORM_EXPORT FeaturePolicy::Feature kSyncScript;
 extern const PLATFORM_EXPORT FeaturePolicy::Feature kSyncXHR;
 extern const PLATFORM_EXPORT FeaturePolicy::Feature kUsermedia;
 extern const PLATFORM_EXPORT FeaturePolicy::Feature kVibrateFeature;
 extern const PLATFORM_EXPORT FeaturePolicy::Feature kWebRTC;
 
 }  // namespace blink
 
 #endif  // FeaturePolicy_h