Replicate feature policy container policies.

content/renderer/render_frame_proxy.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/renderer/render_frame_proxy.h"
 
 #include <stdint.h>
 #include <map>
 #include <utility>
 
@@ skipping 109 matching lines @@
     if (!render_view->is_swapped_out())
       render_view->SetSwappedOut(true);
   } else {
     // Create a frame under an existing parent. The parent is always expected
     // to be a RenderFrameProxy, because navigations initiated by local frames
     // should not wind up here.
 
     web_frame = parent->web_frame()->createRemoteChild(
         replicated_state.scope,
         blink::WebString::fromUTF8(replicated_state.name),
-        replicated_state.sandbox_flags, proxy.get(), opener);
+        replicated_state.sandbox_flags,
+        FeaturePolicyHeaderToWeb(replicated_state.container_policy),

[lunalu1, 2017/04/05 22:30:03]

same here

[iclelland, 2017/04/09 03:25:54]

Sorry, not sure what this refers to

+        proxy.get(), opener);
     proxy->unique_name_ = replicated_state.unique_name;
     render_view = parent->render_view();
     render_widget = parent->render_widget();
   }
 
   proxy->Init(web_frame, render_view, render_widget);
 
   // Initialize proxy's WebRemoteFrame with the security origin and other
   // replicated information.
   // TODO(dcheng): Calling this when parent_routing_id != MSG_ROUTING_NONE is
@@ skipping 87 matching lines @@
   web_frame_->setReplicatedFeaturePolicyHeader(
       FeaturePolicyHeaderToWeb(state.feature_policy_header));
   if (state.has_received_user_gesture)
     web_frame_->setHasReceivedUserGesture();
 
   web_frame_->resetReplicatedContentSecurityPolicy();
   OnAddContentSecurityPolicies(state.accumulated_csp_headers);
 }
 
 // Update the proxy's SecurityContext and FrameOwner with new sandbox flags
-// that were set by its parent in another process.
+// and container policy that were set by its parent in another process.
 //
 // Normally, when a frame's sandbox attribute is changed dynamically, the
 // frame's FrameOwner is updated with the new sandbox flags right away, while
 // the frame's SecurityContext is updated when the frame is navigated and the
 // new sandbox flags take effect.
 //
 // Currently, there is no use case for a proxy's pending FrameOwner sandbox
 // flags, so there's no message sent to proxies when the sandbox attribute is
 // first updated.  Instead, the update message is sent and this function is
 // called when the new flags take effect, so that the proxy updates its
 // SecurityContext. This is needed to ensure that sandbox flags are inherited
 // properly if this proxy ever parents a local frame.  The proxy's FrameOwner
 // flags are also updated here with the caveat that the FrameOwner won't learn
 // about updates to its flags until they take effect.
-void RenderFrameProxy::OnDidUpdateSandboxFlags(blink::WebSandboxFlags flags) {
+void RenderFrameProxy::OnDidUpdateFramePolicy(
+    blink::WebSandboxFlags flags,
+    const ParsedFeaturePolicyHeader& container_policy) {

[lunalu1, 2017/04/05 22:30:03]

Can we rename ParsedFeaturePolicyHeader to ParsedFeaturePolicy, or leave a TODO
here?

[iclelland, 2017/04/09 03:25:54]

I'll file another CL to rename that, to avoid making this any larger than
necessary

   web_frame_->setReplicatedSandboxFlags(flags);
   web_frame_->setFrameOwnerSandboxFlags(flags);
+  web_frame_->setFrameOwnerContainerPolicy(
+      FeaturePolicyHeaderToWeb(container_policy));
 }
 
 bool RenderFrameProxy::OnMessageReceived(const IPC::Message& msg) {
   // Forward Page IPCs to the RenderView.
   if ((IPC_MESSAGE_CLASS(msg) == PageMsgStart)) {
     if (render_view())
       return render_view()->OnMessageReceived(msg);
 
     return false;
   }
 
   bool handled = true;
   IPC_BEGIN_MESSAGE_MAP(RenderFrameProxy, msg)
     IPC_MESSAGE_HANDLER(FrameMsg_DeleteProxy, OnDeleteProxy)
     IPC_MESSAGE_HANDLER(FrameMsg_ChildFrameProcessGone, OnChildFrameProcessGone)
     IPC_MESSAGE_HANDLER(FrameMsg_SetChildFrameSurface, OnSetChildFrameSurface)
     IPC_MESSAGE_HANDLER(FrameMsg_UpdateOpener, OnUpdateOpener)
     IPC_MESSAGE_HANDLER(FrameMsg_DidStartLoading, OnDidStartLoading)
     IPC_MESSAGE_HANDLER(FrameMsg_DidStopLoading, OnDidStopLoading)
-    IPC_MESSAGE_HANDLER(FrameMsg_DidUpdateSandboxFlags, OnDidUpdateSandboxFlags)
+    IPC_MESSAGE_HANDLER(FrameMsg_DidUpdateFramePolicy, OnDidUpdateFramePolicy)
     IPC_MESSAGE_HANDLER(FrameMsg_DispatchLoad, OnDispatchLoad)
     IPC_MESSAGE_HANDLER(FrameMsg_DidUpdateName, OnDidUpdateName)
     IPC_MESSAGE_HANDLER(FrameMsg_AddContentSecurityPolicies,
                         OnAddContentSecurityPolicies)
     IPC_MESSAGE_HANDLER(FrameMsg_ResetContentSecurityPolicy,
                         OnResetContentSecurityPolicy)
     IPC_MESSAGE_HANDLER(FrameMsg_EnforceInsecureRequestPolicy,
                         OnEnforceInsecureRequestPolicy)
     IPC_MESSAGE_HANDLER(FrameMsg_SetFrameOwnerProperties,
                         OnSetFrameOwnerProperties)
@@ skipping 238 matching lines @@
                                     blink::WebLocalFrame* source) {
   int source_routing_id = RenderFrameImpl::FromWebFrame(source)->GetRoutingID();
   Send(new FrameHostMsg_AdvanceFocus(routing_id_, type, source_routing_id));
 }
 
 void RenderFrameProxy::frameFocused() {
   Send(new FrameHostMsg_FrameFocused(routing_id_));
 }
 
 }  // namespace