1 // Copyright 2016 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef THIRD_PARTY_BLINK_RENDERER_CORE_FEATURE_POLICY_FEATURE_POLICY_PARSER_H_ 6 #define THIRD_PARTY_BLINK_RENDERER_CORE_FEATURE_POLICY_FEATURE_POLICY_PARSER_H_ 7 8 #include <memory> 9 10 #include "base/memory/scoped_refptr.h" 11 #include "third_party/blink/public/common/feature_policy/feature_policy.h" 12 #include "third_party/blink/renderer/core/core_export.h" 13 #include "third_party/blink/renderer/core/feature_policy/policy_helper.h" 14 #include "third_party/blink/renderer/platform/weborigin/security_origin.h" 15 #include "third_party/blink/renderer/platform/wtf/text/string_hash.h" 16 #include "third_party/blink/renderer/platform/wtf/text/wtf_string.h" 17 #include "third_party/blink/renderer/platform/wtf/vector.h" 18 19 namespace blink { 20 21 class ExecutionContext; 22 23 // These values match the "FeaturePolicyAllowlistType" enum in 24 // tools/metrics/histograms/enums.xml. Entries should not be renumbered and 25 // numeric values should never be reused. 26 enum class FeaturePolicyAllowlistType { 27 kEmpty = 0, 28 kNone = 1, 29 kSelf = 2, 30 kSrc = 3, 31 kStar = 4, 32 kOrigins = 5, 33 kKeywordsOnly = 6, 34 kMixed = 7, 35 kMinValue = 0, 36 kMaxValue = kMixed 37 }; 38 39 // Returns the list of features which are currently available in this context, 40 // including any features which have been made available by an origin trial. 41 CORE_EXPORT const Vector<String> GetAvailableFeatures(ExecutionContext*); 42 43 // FeaturePolicyParser is a collection of methods which are used to convert 44 // Feature Policy declarations, in headers and iframe attributes, into 45 // ParsedFeaturePolicy structs. This class encapsulates all of the logic for 46 // parsing feature names, origin lists, and threshold values. 47 // Note that code outside of /renderer/ should not be parsing policy directives 48 // from strings, but if necessary, should be constructing ParsedFeaturePolicy 49 // structs directly. 50 class CORE_EXPORT FeaturePolicyParser { 51 STATIC_ONLY(FeaturePolicyParser); 52 53 public: 54 // Converts a header policy string into a vector of allowlists, one for each 55 // feature specified. Unrecognized features are filtered out. The optional 56 // ExecutionContext is used to determine if any origin trials affect the 57 // parsing. Example of a feature policy string: 58 // "vibrate a.com b.com; fullscreen 'none'; payment 'self', payment *". 59 static ParsedFeaturePolicy ParseHeader( 60 const String& feature_policy_header, 61 const String& permission_policy_header, 62 scoped_refptr<const SecurityOrigin>, 63 PolicyParserMessageBuffer& feature_policy_logger, 64 PolicyParserMessageBuffer& permissions_policy_logger, 65 ExecutionContext* = nullptr); 66 67 // Converts a container policy string into a vector of allowlists, given self 68 // and src origins provided, one for each feature specified. Unrecognized 69 // features are filtered out. Example of a 70 // feature policy string: 71 // "vibrate a.com 'src'; fullscreen 'none'; payment 'self', payment *". 72 static ParsedFeaturePolicy ParseAttribute( 73 const String& policy, 74 scoped_refptr<const SecurityOrigin> self_origin, 75 scoped_refptr<const SecurityOrigin> src_origin, 76 PolicyParserMessageBuffer& logger, 77 ExecutionContext* = nullptr); 78 79 static ParsedFeaturePolicy ParseFeaturePolicyForTest( 80 const String& policy, 81 scoped_refptr<const SecurityOrigin> self_origin, 82 scoped_refptr<const SecurityOrigin> src_origin, 83 PolicyParserMessageBuffer& logger, 84 const FeatureNameMap& feature_names, 85 ExecutionContext* = nullptr); 86 87 static ParsedFeaturePolicy ParsePermissionsPolicyForTest( 88 const String& policy, 89 scoped_refptr<const SecurityOrigin> self_origin, 90 scoped_refptr<const SecurityOrigin> src_origin, 91 PolicyParserMessageBuffer& logger, 92 const FeatureNameMap& feature_names, 93 ExecutionContext* = nullptr); 94 }; 95 96 // Returns true iff any declaration in the policy is for the given feature. 97 CORE_EXPORT bool IsFeatureDeclared(mojom::blink::FeaturePolicyFeature, 98 const ParsedFeaturePolicy&); 99 100 // Removes any declaration in the policy for the given feature. Returns true if 101 // the policy was modified. 102 CORE_EXPORT bool RemoveFeatureIfPresent(mojom::blink::FeaturePolicyFeature, 103 ParsedFeaturePolicy&); 104 105 // If no declaration in the policy exists already for the feature, adds a 106 // declaration which disallows the feature in all origins. Returns true if the 107 // policy was modified. 108 CORE_EXPORT bool DisallowFeatureIfNotPresent(mojom::blink::FeaturePolicyFeature, 109 ParsedFeaturePolicy&); 110 111 // If no declaration in the policy exists already for the feature, adds a 112 // declaration which allows the feature in all origins. Returns true if the 113 // policy was modified. 114 CORE_EXPORT bool AllowFeatureEverywhereIfNotPresent( 115 mojom::blink::FeaturePolicyFeature, 116 ParsedFeaturePolicy&); 117 118 // Replaces any existing declarations in the policy for the given feature with 119 // a declaration which disallows the feature in all origins. 120 CORE_EXPORT void DisallowFeature(mojom::blink::FeaturePolicyFeature, 121 ParsedFeaturePolicy&); 122 123 // Returns true iff the feature should not be exposed to script. 124 CORE_EXPORT bool IsFeatureForMeasurementOnly( 125 mojom::blink::FeaturePolicyFeature); 126 127 // Replaces any existing declarations in the policy for the given feature with 128 // a declaration which allows the feature in all origins. 129 CORE_EXPORT void AllowFeatureEverywhere(mojom::blink::FeaturePolicyFeature, 130 ParsedFeaturePolicy&); 131 132 CORE_EXPORT const String& GetNameForFeature(mojom::blink::FeaturePolicyFeature); 133 134 } // namespace blink 135 136 #endif // THIRD_PARTY_BLINK_RENDERER_CORE_FEATURE_POLICY_FEATURE_POLICY_PARSER_H_ 137