Add a build flag to configure bundling of HSTS preload list

net/http/transport_security_state.cc

Index: net/http/transport_security_state.cc
diff --git a/net/http/transport_security_state.cc b/net/http/transport_security_state.cc
index d4d6f495199460c4af336f05ba4f5c5b3649a278..9b69787fd0b506d585849f8e70d80727c204d921 100644
--- a/net/http/transport_security_state.cc
+++ b/net/http/transport_security_state.cc
@@ -40,16 +40,20 @@ namespace net {
 namespace {
 
 #include "net/http/transport_security_state_ct_policies.inc"
+
+#if BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST)
 #include "net/http/transport_security_state_static.h"
+// Points to the active transport security state source.
+const TransportSecurityStateSource* g_hsts_source = &kHSTSSource;
+#else
+const TransportSecurityStateSource* g_hsts_source = nullptr;

[xunjieli, 2017/07/10 22:20:40]

(This is needed now that |kHSTSSource| is not defined when the flag is turned
off.)

[Ryan Sleevi, 2017/07/11 15:29:40]

So you could probably abstract this a little, and thus avoid the whole need to
expose the GetTSSForTesting

#if BUILDFLAG(...)
#include
const TransportSecurityState* const kDefaultHSTSSource = &kHSTSSource;
#else
const TransportSecurityState* const kDefaultHSTSSource = nullptr;
#endif

const TransportSecurityState* g_hsts_source = kDefaultHSTSSource;

[xunjieli, 2017/07/11 16:45:21]

Done. Good idea. Thanks!

+#endif
 
 // Parameters for remembering sent HPKP and Expect-CT reports.
 const size_t kMaxReportCacheEntries = 50;
 const int kTimeToRememberReportsMins = 60;
 const size_t kReportCacheKeyLength = 16;
 
-// Points to the active transport security state source.
-const TransportSecurityStateSource* g_hsts_source = &kHSTSSource;
-
 // Override for CheckCTRequirements() for unit tests. Possible values:
 //  -1: Unless a delegate says otherwise, do not require CT.
 //   0: Use the default implementation (e.g. production)
@@ -637,6 +641,11 @@ bool DecodeHSTSPreloadRaw(const std::string& search_hostname,
 }
 
 bool DecodeHSTSPreload(const std::string& hostname, PreloadResult* out) {
+#if !BUILDFLAG(INCLUDE_TRANSPORT_SECURITY_STATE_PRELOAD_LIST)
+  if (g_hsts_source == nullptr)

[xunjieli, 2017/07/10 22:20:40]

(transport_security_state_unittest.cc can choose to use a test-only static
source, so I returned false only when the test did not provide a |g_hsts_source|
and the flag is false.)

+    return false;
+#endif
+
   bool found;
   if (!DecodeHSTSPreloadRaw(hostname, &found, out)) {
     DCHECK(false) << "Internal error in DecodeHSTSPreloadRaw for hostname "
@@ -734,7 +743,12 @@ const base::Feature TransportSecurityState::kDynamicExpectCTFeature{
 
 void SetTransportSecurityStateSourceForTesting(
     const TransportSecurityStateSource* source) {
-  g_hsts_source = source ? source : &kHSTSSource;
+  g_hsts_source = source;

[Ryan Sleevi, 2017/07/11 15:29:40]

And then here

g_hsts_source = source ? source : kDefaultHSTSSource;

[xunjieli, 2017/07/11 16:45:21]

Done.

+}
+
+const TransportSecurityStateSource*
+GetTransportSecurityStateSourceForTesting() {
+  return g_hsts_source;
 }
 
 TransportSecurityState::TransportSecurityState()