0

Move ParsedPermissionsPolicyDeclaration from Blink to Network service

The network service is going to need access to the "storage-access"
Permissions Policy. This is the third step of moving some of the
Permissions Policy logic out of Blink to maintain a single
implementation of https://w3c.github.io/webappsec-permissions-policy
across Chromium.

Bug: 382291442
Low-Coverage-Reason: LARGE_SCALE_REFACTOR
Change-Id: Ic6ad87dd4bd6f882a135a0c580d481dc1b219831
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6254141
Reviewed-by: Guido Urdaneta <guidou@chromium.org>
Reviewed-by: Rick Byers <rbyers@chromium.org>
Reviewed-by: Giovanni Ortuno Urquidi <ortuno@chromium.org>
Owners-Override: Rick Byers <rbyers@chromium.org>
Reviewed-by: Adam Rice <ricea@chromium.org>
Reviewed-by: Ari Chivukula <arichiv@chromium.org>
Commit-Queue: Sandor «Alex» Major <sandormajor@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1421574}
This commit is contained in:
Sandor Major
2025-02-18 12:16:02 -08:00
committed by Chromium LUCI CQ
parent daa5659557
commit 878f835180
161 changed files with 769 additions and 679 deletions
chrome/browser
components
content
browser
common
public
renderer
shell
test
web_test
mojo/public/tools/mojom/mojom/format
services/network/public
third_party/blink
common
public
renderer
tools
blinkpy

@ -37,9 +37,9 @@
#include "content/public/test/browser_task_environment.h"
#include "content/public/test/fake_service_worker_context.h"
#include "extensions/common/constants.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
namespace ash::shimless_rma {
namespace {
@ -327,14 +327,14 @@ TEST_F(ChromeShimlessRmaDelegatePrepareDiagnosticsAppProfileTest,
TEST_F(ChromeShimlessRmaDelegatePrepareDiagnosticsAppProfileTest,
IWACanHaveAllowlistedPermissionsPolicy) {
fake_diagnostics_app_profile_helper_delegate_->web_app().SetPermissionsPolicy(
blink::ParsedPermissionsPolicy{
{blink::ParsedPermissionsPolicyDeclaration{
network::ParsedPermissionsPolicy{
{network::ParsedPermissionsPolicyDeclaration{
network::mojom::PermissionsPolicyFeature::kCamera},
blink::ParsedPermissionsPolicyDeclaration{
network::ParsedPermissionsPolicyDeclaration{
network::mojom::PermissionsPolicyFeature::kFullscreen},
blink::ParsedPermissionsPolicyDeclaration{
network::ParsedPermissionsPolicyDeclaration{
network::mojom::PermissionsPolicyFeature::kMicrophone},
blink::ParsedPermissionsPolicyDeclaration{
network::ParsedPermissionsPolicyDeclaration{
network::mojom::PermissionsPolicyFeature::kHid}}});
auto result = PrepareDiagnosticsAppBrowserContext(
@ -348,10 +348,10 @@ TEST_F(ChromeShimlessRmaDelegatePrepareDiagnosticsAppProfileTest,
TEST_F(ChromeShimlessRmaDelegatePrepareDiagnosticsAppProfileTest,
IWACannotHavePermissionsPolicyOutsideAllowlist) {
fake_diagnostics_app_profile_helper_delegate_->web_app().SetPermissionsPolicy(
blink::ParsedPermissionsPolicy{
blink::ParsedPermissionsPolicyDeclaration{
network::ParsedPermissionsPolicy{
network::ParsedPermissionsPolicyDeclaration{
network::mojom::PermissionsPolicyFeature::kCamera},
{blink::ParsedPermissionsPolicyDeclaration{
{network::ParsedPermissionsPolicyDeclaration{
network::mojom::PermissionsPolicyFeature::kNotFound}}});
auto result = PrepareDiagnosticsAppBrowserContext(
@ -371,8 +371,9 @@ TEST_F(ChromeShimlessRmaDelegatePrepareDiagnosticsAppProfileTest,
ash::features::kShimlessRMA3pDiagnosticsAllowPermissionPolicy);
fake_diagnostics_app_profile_helper_delegate_->web_app().SetPermissionsPolicy(
blink::ParsedPermissionsPolicy{{blink::ParsedPermissionsPolicyDeclaration{
network::mojom::PermissionsPolicyFeature::kCamera}}});
network::ParsedPermissionsPolicy{
{network::ParsedPermissionsPolicyDeclaration{
network::mojom::PermissionsPolicyFeature::kCamera}}});
auto result = PrepareDiagnosticsAppBrowserContext(
base::PathService::CheckedGet(base::DIR_SRC_TEST_DATA_ROOT)
@ -392,8 +393,9 @@ TEST_F(ChromeShimlessRmaDelegatePrepareDiagnosticsAppProfileTest,
expected_url_origin.GetURL());
fake_diagnostics_app_profile_helper_delegate_->web_app().SetPermissionsPolicy(
blink::ParsedPermissionsPolicy{{blink::ParsedPermissionsPolicyDeclaration{
network::mojom::PermissionsPolicyFeature::kNotFound}}});
network::ParsedPermissionsPolicy{
{network::ParsedPermissionsPolicyDeclaration{
network::mojom::PermissionsPolicyFeature::kNotFound}}});
auto result = PrepareDiagnosticsAppBrowserContext(
base::PathService::CheckedGet(base::DIR_SRC_TEST_DATA_ROOT)

@ -399,6 +399,7 @@
#include "services/network/public/cpp/features.h"
#include "services/network/public/cpp/is_potentially_trustworthy.h"
#include "services/network/public/cpp/network_switches.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/cpp/resource_request.h"
#include "services/network/public/cpp/self_deleting_url_loader_factory.h"
#include "services/network/public/cpp/web_sandbox_flags.h"
@ -2421,7 +2422,7 @@ size_t ChromeContentBrowserClient::GetProcessCountToIgnoreForLimit() {
#endif
}
std::optional<blink::ParsedPermissionsPolicy>
std::optional<network::ParsedPermissionsPolicy>
ChromeContentBrowserClient::GetPermissionsPolicyForIsolatedWebApp(
content::WebContents* web_contents,
const url::Origin& app_origin) {
@ -2441,13 +2442,13 @@ ChromeContentBrowserClient::GetPermissionsPolicyForIsolatedWebApp(
registrar.FindAllAppsNestedInUrl(
app_origin.GetURL(), web_app::WebAppFilter::InstalledInChrome());
if (app_ids_for_origin.empty()) {
return blink::ParsedPermissionsPolicy();
return network::ParsedPermissionsPolicy();
}
return registrar.GetPermissionsPolicy(app_ids_for_origin[0]);
#else
NOTIMPLEMENTED();
return blink::ParsedPermissionsPolicy();
return network::ParsedPermissionsPolicy();
#endif
}

@ -43,6 +43,7 @@
#include "pdf/buildflags.h"
#include "services/device/public/cpp/geolocation/buildflags.h"
#include "services/metrics/public/cpp/ukm_source_id.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/network_context.mojom.h"
#include "services/network/public/mojom/url_loader_factory.mojom.h"
#include "services/video_effects/public/cpp/buildflags.h"
@ -250,7 +251,7 @@ class ChromeContentBrowserClient : public content::ContentBrowserClient {
const GURL& site_url) override;
bool MayReuseHost(content::RenderProcessHost* process_host) override;
size_t GetProcessCountToIgnoreForLimit() override;
std::optional<blink::ParsedPermissionsPolicy>
std::optional<network::ParsedPermissionsPolicy>
GetPermissionsPolicyForIsolatedWebApp(content::WebContents* web_contents,
const url::Origin& app_origin) override;
bool ShouldTryToUseExistingProcessHost(

@ -19,6 +19,8 @@
#include "content/public/test/navigation_simulator.h"
#include "content/public/test/permissions_test_utils.h"
#include "extensions/buildflags/buildflags.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
#include "testing/gtest/include/gtest/gtest.h"
class ChromePermissionManagerTest : public ChromeRenderViewHostTestHarness {
@ -47,7 +49,7 @@ class ChromePermissionManagerTest : public ChromeRenderViewHostTestHarness {
const GURL& origin,
network::mojom::PermissionsPolicyFeature feature =
network::mojom::PermissionsPolicyFeature::kNotFound) {
blink::ParsedPermissionsPolicy frame_policy = {};
network::ParsedPermissionsPolicy frame_policy = {};
if (feature != network::mojom::PermissionsPolicyFeature::kNotFound) {
frame_policy.emplace_back(
feature,

@ -19,6 +19,7 @@
#include "content/public/test/navigation_simulator.h"
#include "content/public/test/test_renderer_host.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom.h"
#include "third_party/blink/public/common/features.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
@ -65,7 +66,7 @@ class PermissionContextBasePermissionsPolicyTest
const char* origin,
network::mojom::PermissionsPolicyFeature feature =
network::mojom::PermissionsPolicyFeature::kNotFound) {
blink::ParsedPermissionsPolicy frame_policy = {};
network::ParsedPermissionsPolicy frame_policy = {};
if (feature != network::mojom::PermissionsPolicyFeature::kNotFound) {
frame_policy.emplace_back(
feature,

@ -19,6 +19,7 @@
#include "content/public/test/navigation_simulator.h"
#include "content/public/test/permissions_test_utils.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom.h"
#include "third_party/blink/public/common/permissions/permission_utils.h"
#include "url/origin.h"
@ -114,7 +115,7 @@ class PermissionSubscriptionTest : public ChromeRenderViewHostTestHarness {
content::RenderFrameHost* parent,
const GURL& origin,
PermissionsPolicyFeature feature = PermissionsPolicyFeature::kNotFound) {
blink::ParsedPermissionsPolicy frame_policy = {};
network::ParsedPermissionsPolicy frame_policy = {};
if (feature != PermissionsPolicyFeature::kNotFound) {
frame_policy.emplace_back(
feature,

@ -49,11 +49,11 @@
#include "net/test/embedded_test_server/http_response.h"
#include "net/test/embedded_test_server/request_handler_util.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "skia/ext/codec_utils.h"
#include "third_party/abseil-cpp/absl/types/variant.h"
#include "third_party/blink/public/common/manifest/manifest.h"
#include "third_party/blink/public/common/manifest/manifest_util.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/common/permissions_policy/policy_helper_public.h"
#include "third_party/blink/public/mojom/manifest/manifest.mojom.h"
#include "third_party/skia/include/core/SkBitmap.h"
@ -390,7 +390,7 @@ blink::mojom::ManifestPtr ManifestBuilder::ToBlinkManifest(
}
for (const auto& policy : permissions_policy_) {
blink::ParsedPermissionsPolicyDeclaration decl;
network::ParsedPermissionsPolicyDeclaration decl;
decl.feature = policy.first;
if (policy.second.wildcard) {
decl.matches_all_origins = true;

@ -86,10 +86,10 @@
#include "content/public/browser/service_worker_context.h"
#include "content/public/browser/storage_partition.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/abseil-cpp/absl/types/variant.h"
#include "third_party/blink/public/common/manifest/manifest.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/common/permissions_policy/policy_helper_public.h"
#include "third_party/blink/public/common/safe_url_pattern.h"
#include "third_party/blink/public/common/storage_key/storage_key.h"
@ -237,7 +237,7 @@ apps::ShareTarget CreateRandomShareTarget(uint32_t suffix) {
return share_target;
}
blink::ParsedPermissionsPolicy CreateRandomPermissionsPolicy(
network::ParsedPermissionsPolicy CreateRandomPermissionsPolicy(
RandomHelper& random) {
const int num_permissions_policy_declarations =
random.next_uint(test_features.size());
@ -248,7 +248,7 @@ blink::ParsedPermissionsPolicy CreateRandomPermissionsPolicy(
std::default_random_engine rng;
std::shuffle(available_features.begin(), available_features.end(), rng);
blink::ParsedPermissionsPolicy permissions_policy(
network::ParsedPermissionsPolicy permissions_policy(
num_permissions_policy_declarations);
const auto& feature_name_map = blink::GetPermissionsPolicyNameToFeatureMap();
for (int i = 0; i < num_permissions_policy_declarations; ++i) {

@ -41,9 +41,9 @@
#include "components/sync/protocol/proto_value_conversions.h"
#include "components/sync/protocol/web_app_specifics.pb.h"
#include "components/webapps/browser/installable/installable_metrics.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "third_party/abseil-cpp/absl/types/variant.h"
#include "third_party/blink/public/common/manifest/manifest_util.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/common/permissions_policy/policy_helper_public.h"
#include "third_party/blink/public/common/safe_url_pattern.h"
#include "third_party/blink/public/mojom/manifest/manifest.mojom-shared.h"
@ -732,7 +732,7 @@ void WebApp::SetParentAppId(
}
void WebApp::SetPermissionsPolicy(
blink::ParsedPermissionsPolicy permissions_policy) {
network::ParsedPermissionsPolicy permissions_policy) {
permissions_policy_ = std::move(permissions_policy);
}
@ -1277,7 +1277,7 @@ bool operator!=(const WebAppOsIntegrationState& os_integration_state1,
} // namespace proto
std::vector<std::string> GetSerializedAllowedOrigins(
const blink::ParsedPermissionsPolicyDeclaration
const network::ParsedPermissionsPolicyDeclaration
permissions_policy_declaration) {
std::vector<std::string> allowed_origins;
if (permissions_policy_declaration.self_if_matches) {

@ -41,8 +41,8 @@
#include "components/sync/model/string_ordinal.h"
#include "components/sync/protocol/web_app_specifics.pb.h"
#include "components/webapps/common/web_app_id.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/common/manifest/manifest.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/mojom/manifest/capture_links.mojom-shared.h"
#include "third_party/blink/public/mojom/manifest/display_mode.mojom-shared.h"
#include "third_party/skia/include/core/SkColor.h"
@ -272,7 +272,7 @@ class WebApp {
return parent_app_id_;
}
const blink::ParsedPermissionsPolicy& permissions_policy() const {
const network::ParsedPermissionsPolicy& permissions_policy() const {
return permissions_policy_;
}
@ -451,7 +451,8 @@ class WebApp {
void SetWindowControlsOverlayEnabled(bool enabled);
void SetLaunchHandler(std::optional<LaunchHandler> launch_handler);
void SetParentAppId(const std::optional<webapps::AppId>& parent_app_id);
void SetPermissionsPolicy(blink::ParsedPermissionsPolicy permissions_policy);
void SetPermissionsPolicy(
network::ParsedPermissionsPolicy permissions_policy);
void SetLatestInstallSource(
std::optional<webapps::WebappInstallSource> latest_install_source);
void SetAppSizeInBytes(std::optional<int64_t> app_size_in_bytes);
@ -573,7 +574,7 @@ class WebApp {
bool window_controls_overlay_enabled_ = false;
std::optional<LaunchHandler> launch_handler_;
std::optional<webapps::AppId> parent_app_id_;
blink::ParsedPermissionsPolicy permissions_policy_;
network::ParsedPermissionsPolicy permissions_policy_;
// The source of the latest install. WebAppRegistrar provides range
// validation. Optional only to support legacy installations, since this used
// to be tracked as a pref. It might also be null if the value read from the
@ -672,7 +673,7 @@ bool operator!=(const WebAppOsIntegrationState& os_integration_state1,
} // namespace proto
std::vector<std::string> GetSerializedAllowedOrigins(
const blink::ParsedPermissionsPolicyDeclaration
const network::ParsedPermissionsPolicyDeclaration
permissions_policy_declaration);
} // namespace web_app

@ -60,9 +60,9 @@
#include "components/webapps/browser/installable/installable_metrics.h"
#include "components/webapps/common/web_app_id.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "third_party/abseil-cpp/absl/types/variant.h"
#include "third_party/blink/public/common/manifest/manifest.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/common/permissions_policy/policy_helper_public.h"
#include "third_party/blink/public/common/safe_url_pattern.h"
#include "third_party/blink/public/mojom/manifest/capture_links.mojom.h"
@ -1594,11 +1594,11 @@ std::unique_ptr<WebApp> WebAppDatabase::CreateWebApp(
}
if (local_data.permissions_policy_size()) {
blink::ParsedPermissionsPolicy policy;
network::ParsedPermissionsPolicy policy;
const auto& name_to_feature_map =
blink::GetPermissionsPolicyNameToFeatureMap();
for (const auto& decl_proto : local_data.permissions_policy()) {
blink::ParsedPermissionsPolicyDeclaration decl;
network::ParsedPermissionsPolicyDeclaration decl;
const auto feature_enum = name_to_feature_map.find(decl_proto.feature());
if (feature_enum == name_to_feature_map.end())
continue;

@ -61,11 +61,11 @@
#include "components/web_package/signed_web_bundles/ed25519_signature.h"
#include "components/web_package/signed_web_bundles/signed_web_bundle_signature_stack_entry.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/abseil-cpp/absl/types/variant.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "url/gurl.h"
#include "url/origin.h"
@ -986,7 +986,7 @@ class WebAppDatabaseProtoDataTest : public ::testing::Test {
}
std::unique_ptr<WebApp> CreateWebAppWithPermissionsPolicy(
const blink::ParsedPermissionsPolicy& permissions_policy) {
const network::ParsedPermissionsPolicy& permissions_policy) {
std::unique_ptr<WebApp> web_app = CreateMinimalWebApp();
web_app->SetPermissionsPolicy(permissions_policy);
return web_app;
@ -1262,7 +1262,7 @@ TEST_F(WebAppDatabaseProtoDataTest, SavesIsolationDataUpdateInfo) {
}
TEST_F(WebAppDatabaseProtoDataTest, PermissionsPolicyRoundTrip) {
const blink::ParsedPermissionsPolicy policy = {
const network::ParsedPermissionsPolicy policy = {
{network::mojom::PermissionsPolicyFeature::kGyroscope,
/*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
@ -1292,7 +1292,7 @@ TEST_F(WebAppDatabaseProtoDataTest, PermissionsPolicyRoundTrip) {
}
TEST_F(WebAppDatabaseProtoDataTest, PermissionsPolicyProto) {
const blink::ParsedPermissionsPolicy policy = {
const network::ParsedPermissionsPolicy policy = {
{network::mojom::PermissionsPolicyFeature::kGyroscope,
/*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,

@ -27,8 +27,8 @@
#include "components/services/app_service/public/cpp/protocol_handler_info.h"
#include "components/services/app_service/public/cpp/share_target.h"
#include "components/webapps/common/web_app_id.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/common/manifest/manifest.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/mojom/manifest/capture_links.mojom-shared.h"
#include "third_party/blink/public/mojom/manifest/display_mode.mojom.h"
#include "third_party/blink/public/mojom/manifest/manifest.mojom.h"
@ -417,7 +417,7 @@ struct WebAppInstallInfo {
// The declared permissions policy to apply as the baseline policy for all
// documents belonging to the application.
blink::ParsedPermissionsPolicy permissions_policy;
network::ParsedPermissionsPolicy permissions_policy;
// See ExternallyManagedAppManager for placeholder app documentation.
// Intended to be a temporary app while we wait for the install_url to

@ -69,10 +69,10 @@
#include "content/public/common/content_features.h"
#include "mojo/public/cpp/bindings/struct_ptr.h"
#include "net/http/http_util.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/common/features.h"
#include "third_party/blink/public/common/manifest/manifest.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/mojom/manifest/display_mode.mojom-shared.h"
#include "third_party/blink/public/mojom/manifest/manifest.mojom-shared.h"
#include "third_party/blink/public/mojom/manifest/manifest.mojom.h"
@ -802,7 +802,7 @@ void UpdateWebAppInfoFromManifest(const blink::mojom::Manifest& manifest,
web_app_info->permissions_policy.clear();
for (const auto& decl : manifest.permissions_policy) {
blink::ParsedPermissionsPolicyDeclaration copy;
network::ParsedPermissionsPolicyDeclaration copy;
copy.feature = decl.feature;
copy.self_if_matches = decl.self_if_matches;
for (const auto& origin : decl.allowed_origins)

@ -37,12 +37,12 @@
#include "components/services/app_service/public/cpp/share_target.h"
#include "mojo/public/cpp/bindings/struct_ptr.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/blink/public/common/features.h"
#include "third_party/blink/public/common/manifest/manifest.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/mojom/manifest/display_mode.mojom-shared.h"
#include "third_party/blink/public/mojom/manifest/manifest.mojom-shared.h"
#include "third_party/blink/public/mojom/manifest/manifest.mojom.h"
@ -158,7 +158,7 @@ TEST(WebAppInstallUtils, UpdateWebAppInfoFromManifest) {
}
{
blink::ParsedPermissionsPolicyDeclaration declaration;
network::ParsedPermissionsPolicyDeclaration declaration;
declaration.feature = network::mojom::PermissionsPolicyFeature::kFullscreen;
declaration.allowed_origins = {
*network::OriginWithPossibleWildcards::FromOrigin(

@ -53,6 +53,7 @@
#include "content/public/browser/isolated_web_apps_policy.h"
#include "content/public/browser/storage_partition_config.h"
#include "content/public/common/content_features.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/common/features.h"
#include "third_party/blink/public/common/manifest/manifest_util.h"
#include "url/gurl.h"
@ -166,11 +167,11 @@ WebAppRegistrar::~WebAppRegistrar() {
}
}
blink::ParsedPermissionsPolicy WebAppRegistrar::GetPermissionsPolicy(
network::ParsedPermissionsPolicy WebAppRegistrar::GetPermissionsPolicy(
const webapps::AppId& app_id) const {
auto* web_app = GetAppById(app_id);
return web_app ? web_app->permissions_policy()
: blink::ParsedPermissionsPolicy();
: network::ParsedPermissionsPolicy();
}
bool WebAppRegistrar::IsPlaceholderApp(

@ -34,6 +34,7 @@
#include "components/services/app_service/public/cpp/file_handler.h"
#include "components/services/app_service/public/cpp/protocol_handler_info.h"
#include "components/webapps/common/web_app_id.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
#include "third_party/blink/public/mojom/installedapp/related_application.mojom.h"
#include "third_party/skia/include/core/SkColor.h"
@ -185,7 +186,7 @@ class WebAppRegistrar {
// the app with |app_id|. This permissions policy is not yet parsed by the
// PermissionsPolicyParser, and thus may contain invalid permissions and/or
// origin allowlists.
blink::ParsedPermissionsPolicy GetPermissionsPolicy(
network::ParsedPermissionsPolicy GetPermissionsPolicy(
const webapps::AppId& app_id) const;
// Returns true if there exists a currently installed app that has been

@ -39,7 +39,6 @@
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "url/gurl.h"
#include "url/origin.h"

@ -25,6 +25,8 @@
#include "services/metrics/public/cpp/metrics_utils.h"
#include "services/metrics/public/cpp/ukm_builders.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
namespace browsing_topics {
@ -89,7 +91,7 @@ class BrowsingTopicsPageLoadDataTrackerTest
simulator->SetSocketAddress(net::IPEndPoint(address, /*port=*/0));
}
blink::ParsedPermissionsPolicy policy;
network::ParsedPermissionsPolicy policy;
if (!browsing_topics_permissions_policy_allowed) {
policy.emplace_back(

@ -31,6 +31,7 @@ include_rules = [
"+sql",
"+services/network/public/cpp/is_potentially_trustworthy.h",
"+services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h",
"+services/network/public/cpp/permissions_policy/permissions_policy_declaration.h",
"+third_party/blink/public/common/bluetooth/web_bluetooth_device_id.h",
"+third_party/blink/public/common/permissions/permission_utils.h",
"+third_party/blink/public/common/permissions_policy/permissions_policy.h",

@ -22,6 +22,8 @@
#include "content/public/test/test_browser_context.h"
#include "content/public/test/test_renderer_host.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/blink/public/common/features.h"
#include "third_party/blink/public/mojom/permissions/permission.mojom.h"
@ -269,7 +271,7 @@ TEST_F(PEPCInitiatedPermissionRequestTest,
prompt_factory()->set_response_type(
PermissionRequestManager::AutoResponseType::ACCEPT_ALL);
blink::ParsedPermissionsPolicy frame_policy;
network::ParsedPermissionsPolicy frame_policy;
frame_policy.emplace_back(
network::mojom::PermissionsPolicyFeature::kMicrophone,
/*allowed_origins=*/
@ -299,7 +301,7 @@ TEST_F(PEPCInitiatedPermissionRequestTest,
TEST_F(PEPCInitiatedPermissionRequestTest,
PEPCRequestBlockedWithoutFeaturePolicy) {
blink::ParsedPermissionsPolicy frame_policy;
network::ParsedPermissionsPolicy frame_policy;
frame_policy.push_back({network::mojom::PermissionsPolicyFeature::kMicrophone,
/*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOrigin(

@ -29,6 +29,7 @@
#include "content/public/test/test_browser_context.h"
#include "content/public/test/test_renderer_host.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/blink/public/common/permissions/permission_utils.h"
@ -258,7 +259,7 @@ class PermissionManagerTest : public content::RenderViewHostTestHarness {
content::RenderFrameHost* parent,
const GURL& origin,
PermissionsPolicyFeature feature = PermissionsPolicyFeature::kNotFound) {
blink::ParsedPermissionsPolicy frame_policy = {};
network::ParsedPermissionsPolicy frame_policy = {};
if (feature != PermissionsPolicyFeature::kNotFound) {
frame_policy.emplace_back(
feature,

@ -31,6 +31,7 @@
#include "content/public/test/test_renderer_host.h"
#include "content/test/test_render_frame_host.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom.h"
#include "testing/gtest/include/gtest/gtest.h"
@ -52,7 +53,7 @@ constexpr const char* kGeolocationPermissionsPolicyActionHistogramName =
"Permissions.Action.Geolocation.CrossOriginFrame."
"TopLevelHeaderPolicy";
blink::ParsedPermissionsPolicy CreatePermissionsPolicy(
network::ParsedPermissionsPolicy CreatePermissionsPolicy(
network::mojom::PermissionsPolicyFeature feature,
const std::vector<std::string>& origins,
bool matches_all_origins = false) {
@ -137,7 +138,7 @@ class PermissionsDelegationUmaUtilTest
content::RenderFrameHost* AddChildFrameWithPermissionsPolicy(
content::RenderFrameHost* parent,
const char* origin,
blink::ParsedPermissionsPolicy policy) {
network::ParsedPermissionsPolicy policy) {
content::RenderFrameHost* result =
content::RenderFrameHostTester::For(parent)->AppendChildWithPolicy(
"", policy);
@ -150,7 +151,7 @@ class PermissionsDelegationUmaUtilTest
// The permissions policy is invariant and required the page to be
// refreshed
void RefreshAndSetPermissionsPolicy(content::RenderFrameHost** rfh,
blink::ParsedPermissionsPolicy policy) {
network::ParsedPermissionsPolicy policy) {
content::RenderFrameHost* current = *rfh;
auto navigation = content::NavigationSimulator::CreateRendererInitiated(
current->GetLastCommittedURL(), current);
@ -770,7 +771,7 @@ TEST_P(PermissionsDelegationUmaUtilTest, TopLevelFrame) {
base::HistogramTester histograms;
auto* main_frame = GetMainFrameAndNavigate(kTopLevelUrl);
auto feature = PermissionUtil::GetPermissionsPolicyFeature(type);
blink::ParsedPermissionsPolicy top_policy;
network::ParsedPermissionsPolicy top_policy;
if (feature.has_value() &&
(GetParam().matches_all_origins || !GetParam().origins.empty())) {
top_policy = CreatePermissionsPolicy(
@ -866,7 +867,7 @@ TEST_P(CrossFramePermissionsDelegationUmaUtilTest, CrossOriginFrame) {
base::HistogramTester histograms;
auto* main_frame = GetMainFrameAndNavigate(kTopLevelUrl);
auto feature = PermissionUtil::GetPermissionsPolicyFeature(type);
blink::ParsedPermissionsPolicy top_policy;
network::ParsedPermissionsPolicy top_policy;
if (feature.has_value() &&
(GetParam().matches_all_origins || !GetParam().origins.empty())) {
top_policy = CreatePermissionsPolicy(
@ -881,7 +882,7 @@ TEST_P(CrossFramePermissionsDelegationUmaUtilTest, CrossOriginFrame) {
}
// Add nested subframes A(B(C))
blink::ParsedPermissionsPolicy empty_policy;
network::ParsedPermissionsPolicy empty_policy;
auto* child_frame = AddChildFrameWithPermissionsPolicy(
main_frame, kCrossOriginFrameUrl,
feature.has_value()

@ -6,6 +6,7 @@ include_rules = [
"+content/public/test",
"+net",
"+services/network/public/cpp/is_potentially_trustworthy.h",
"+services/network/public/mojom/permissions_policy",
"+third_party/blink/public/common",
"+third_party/blink/public/mojom",
"+third_party/webrtc",

@ -37,11 +37,11 @@
#include "mojo/public/cpp/test_support/fake_message_dispatch_context.h"
#include "mojo/public/cpp/test_support/test_utils.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/blink/public/common/features.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/common/tokens/tokens.h"
#include "third_party/blink/public/mojom/conversions/conversions.mojom.h"
#include "url/gurl.h"
@ -134,9 +134,9 @@ class AttributionHostTest : public RenderViewHostTestHarness {
fenced_frame_node->set_fenced_frame_properties(new_props);
}
blink::ParsedPermissionsPolicy RestrictivePermissionsPolicy(
network::ParsedPermissionsPolicy RestrictivePermissionsPolicy(
const url::Origin& allowed_origin) {
return {blink::ParsedPermissionsPolicyDeclaration(
return {network::ParsedPermissionsPolicyDeclaration(
network::mojom::PermissionsPolicyFeature::kAttributionReporting,
/*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOrigin(allowed_origin)},

@ -21,10 +21,10 @@
#include "content/test/navigation_simulator_impl.h"
#include "content/test/test_web_contents.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/attribution.mojom-shared.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "url/gurl.h"
#include "url/origin.h"
@ -55,12 +55,12 @@ class AttributionSuitableContextTest : public RenderViewHostTestHarness {
return scoped_feature_list_;
}
blink::ParsedPermissionsPolicy RestrictivePermissionsPolicy(
network::ParsedPermissionsPolicy RestrictivePermissionsPolicy(
const GURL& allowed_url) {
const auto origin = network::OriginWithPossibleWildcards::FromOrigin(
url::Origin::Create(allowed_url));
CHECK(origin.has_value());
return {blink::ParsedPermissionsPolicyDeclaration(
return {network::ParsedPermissionsPolicyDeclaration(
network::mojom::PermissionsPolicyFeature::kAttributionReporting,
/*allowed_origins=*/{origin.value()},
/*self_if_matches=*/std::nullopt,

@ -18,9 +18,11 @@
#include "mojo/public/cpp/system/functions.h"
#include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/cpp/weak_wrapper_shared_url_loader_factory.h"
#include "services/network/public/cpp/wrapper_shared_url_loader_factory.h"
#include "services/network/public/mojom/parsed_headers.mojom.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
#include "services/network/test/test_url_loader_factory.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "third_party/blink/public/mojom/browsing_topics/browsing_topics.mojom.h"
@ -172,7 +174,7 @@ class BrowsingTopicsURLLoaderTest : public RenderViewHostTestHarness {
auto simulator =
NavigationSimulator::CreateBrowserInitiated(url, web_contents());
blink::ParsedPermissionsPolicy policy;
network::ParsedPermissionsPolicy policy;
policy.emplace_back(
network::mojom::PermissionsPolicyFeature::kBrowsingTopics,
/*allowed_origins=*/

@ -51,6 +51,8 @@
#include "services/network/public/cpp/client_hints.h"
#include "services/network/public/cpp/is_potentially_trustworthy.h"
#include "services/network/public/cpp/network_quality_tracker.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
#include "services/network/public/mojom/web_client_hints_types.mojom-shared.h"
#include "third_party/blink/public/common/client_hints/client_hints.h"
#include "third_party/blink/public/common/client_hints/enabled_client_hints.h"
@ -629,7 +631,7 @@ bool IsJavascriptEnabled(FrameTreeNode* frame_tree_node) {
// TODO(crbug.com/40208054): Replace w/ generic HTML policy modification.
void UpdateIFramePermissionsPolicyWithDelegationSupportForClientHints(
ClientHintsExtendedData& data,
const blink::ParsedPermissionsPolicy& container_policy) {
const network::ParsedPermissionsPolicy& container_policy) {
if (container_policy.empty()) {
return;
}
@ -637,7 +639,7 @@ void UpdateIFramePermissionsPolicyWithDelegationSupportForClientHints(
// For client hints specifically, we need to allow the container policy
// to overwrite the parent policy so that permissions policies set in HTML
// via an accept-ch meta tag can be respected.
blink::ParsedPermissionsPolicy client_hints_container_policy;
network::ParsedPermissionsPolicy client_hints_container_policy;
for (const auto& container_policy_item : container_policy) {
const auto& it = blink::GetPolicyFeatureToClientHintMap().find(
container_policy_item.feature);
@ -678,7 +680,7 @@ void UpdateNavigationRequestClientUaHeadersImpl(
FrameTreeNode* frame_tree_node,
ClientUaHeaderCallType call_type,
net::HttpRequestHeaders* headers,
const blink::ParsedPermissionsPolicy& container_policy,
const network::ParsedPermissionsPolicy& container_policy,
const std::optional<GURL>& request_url,
const ClientHintsExtendedData& data) {
std::optional<blink::UserAgentMetadata> ua_metadata;
@ -840,7 +842,7 @@ void AddRequestClientHintsHeaders(
ClientHintsControllerDelegate* delegate,
bool is_ua_override_on,
FrameTreeNode* frame_tree_node,
const blink::ParsedPermissionsPolicy& container_policy,
const network::ParsedPermissionsPolicy& container_policy,
const std::optional<GURL>& request_url) {
ClientHintsExtendedData data(origin, frame_tree_node, delegate, request_url);
UpdateIFramePermissionsPolicyWithDelegationSupportForClientHints(
@ -947,7 +949,7 @@ void AddNavigationRequestClientHintsHeaders(
ClientHintsControllerDelegate* delegate,
bool is_ua_override_on,
FrameTreeNode* frame_tree_node,
const blink::ParsedPermissionsPolicy& container_policy,
const network::ParsedPermissionsPolicy& container_policy,
const std::optional<GURL>& request_url) {
DCHECK(frame_tree_node);
DCHECK_CURRENTLY_ON(BrowserThread::UI);

@ -11,8 +11,8 @@
#include "content/common/content_export.h"
#include "content/public/browser/client_hints_controller_delegate.h"
#include "net/http/http_request_headers.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/parsed_headers.mojom-forward.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
#include "url/gurl.h"
namespace net {
@ -90,7 +90,7 @@ CONTENT_EXPORT void AddNavigationRequestClientHintsHeaders(
ClientHintsControllerDelegate* delegate,
bool is_ua_override_on,
FrameTreeNode*,
const blink::ParsedPermissionsPolicy&,
const network::ParsedPermissionsPolicy&,
const std::optional<GURL>& request_url = std::nullopt);
// Adds client hints headers for a prefetch navigation that is not associated

@ -26,10 +26,10 @@
#include "services/device/public/cpp/test/scoped_pressure_manager_overrider.h"
#include "services/device/public/mojom/pressure_manager.mojom.h"
#include "services/device/public/mojom/pressure_update.mojom.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/mojom/compute_pressure/web_pressure_manager.mojom.h"
#include "url/gurl.h"
@ -283,7 +283,7 @@ TEST_F(PressureServiceForFrameTest, PermissionsPolicyBlock) {
// made once on page load, so we refresh the page to simulate that.
RenderFrameHost* rfh =
static_cast<RenderFrameHost*>(contents()->GetPrimaryMainFrame());
blink::ParsedPermissionsPolicy permissions_policy(1);
network::ParsedPermissionsPolicy permissions_policy(1);
permissions_policy[0].feature =
network::mojom::PermissionsPolicyFeature::kComputePressure;
auto navigation_simulator = NavigationSimulator::CreateRendererInitiated(

@ -28,10 +28,10 @@
#include "services/device/public/mojom/pressure_manager.mojom.h"
#include "services/device/public/mojom/pressure_update.mojom.h"
#include "services/metrics/public/cpp/ukm_source_id.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/common/tokens/tokens.h"
#include "third_party/blink/public/mojom/compute_pressure/web_pressure_manager.mojom.h"
#include "url/gurl.h"
@ -222,7 +222,7 @@ TEST_F(PressureServiceForDedicatedWorkerTest,
TEST_F(PressureServiceForDedicatedWorkerTest, PermissionsPolicyBlock) {
// Make compute pressure blocked by permissions policy and it can only be
// made once on page load, so we refresh the page to simulate that.
blink::ParsedPermissionsPolicy permissions_policy(1);
network::ParsedPermissionsPolicy permissions_policy(1);
permissions_policy[0].feature =
network::mojom::PermissionsPolicyFeature::kComputePressure;
auto navigation_simulator =
@ -344,7 +344,7 @@ TEST_F(PressureServiceForSharedWorkerTest, WebContentPressureManagerProxyTest) {
TEST_F(PressureServiceForSharedWorkerTest, PermissionsPolicyBlock) {
// Make compute pressure blocked by permissions policy and it can only be
// made once on page load, so we refresh the page to simulate that.
blink::ParsedPermissionsPolicy permissions_policy(1);
network::ParsedPermissionsPolicy permissions_policy(1);
permissions_policy[0].feature =
network::mojom::PermissionsPolicyFeature::kComputePressure;
auto navigation_simulator =
@ -364,7 +364,7 @@ TEST_F(PressureServiceForSharedWorkerTest,
auto web_contents = TestWebContents::Create(browser_context(), nullptr);
auto* rfh = web_contents->GetPrimaryMainFrame();
blink::ParsedPermissionsPolicy permissions_policy(1);
network::ParsedPermissionsPolicy permissions_policy(1);
permissions_policy[0].feature =
network::mojom::PermissionsPolicyFeature::kComputePressure;
auto navigation_simulator =

@ -41,14 +41,15 @@
#include "net/test/embedded_test_server/embedded_test_server.h"
#include "net/traffic_annotation/network_traffic_annotation.h"
#include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/clear_data_filter.mojom.h"
#include "services/network/public/mojom/host_resolver.mojom.h"
#include "services/network/public/mojom/network_context.mojom.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
#include "services/network/public/mojom/tcp_socket.mojom.h"
#include "testing/gmock/include/gmock/gmock-matchers.h"
#include "third_party/blink/public/common/features.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "url/gurl.h"
#if BUILDFLAG(IS_CHROMEOS)
@ -743,11 +744,11 @@ class NoCoiPermissionIsolatedWebAppContentBrowserClient
const url::Origin& isolated_app_origin)
: IsolatedWebAppContentBrowserClient(isolated_app_origin) {}
std::optional<blink::ParsedPermissionsPolicy>
std::optional<network::ParsedPermissionsPolicy>
GetPermissionsPolicyForIsolatedWebApp(
WebContents* web_contents,
const url::Origin& app_origin) override {
return {{blink::ParsedPermissionsPolicyDeclaration(
return {{network::ParsedPermissionsPolicyDeclaration(
network::mojom::PermissionsPolicyFeature::kDirectSockets,
/*allowed_origins=*/{},
/*self_if_matches=*/app_origin,

@ -14,9 +14,9 @@
#include "content/public/test/browser_test_utils.h"
#include "content/public/test/web_contents_tester.h"
#include "net/dns/host_resolver.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/clear_data_filter.mojom.h"
#include "services/network/public/mojom/udp_socket.mojom.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "url/origin.h"
namespace content::test {
@ -170,23 +170,23 @@ bool IsolatedWebAppContentBrowserClient::ShouldUrlUseApplicationIsolationLevel(
return isolated_app_origin_ == url::Origin::Create(url);
}
std::optional<blink::ParsedPermissionsPolicy>
std::optional<network::ParsedPermissionsPolicy>
IsolatedWebAppContentBrowserClient::GetPermissionsPolicyForIsolatedWebApp(
WebContents* web_contents,
const url::Origin& app_origin) {
blink::ParsedPermissionsPolicyDeclaration coi_decl(
network::ParsedPermissionsPolicyDeclaration coi_decl(
network::mojom::PermissionsPolicyFeature::kCrossOriginIsolated,
/*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/true, /*matches_opaque_src=*/false);
blink::ParsedPermissionsPolicyDeclaration sockets_decl(
network::ParsedPermissionsPolicyDeclaration sockets_decl(
network::mojom::PermissionsPolicyFeature::kDirectSockets,
/*allowed_origins=*/{},
/*self_if_matches=*/app_origin,
/*matches_all_origins=*/false, /*matches_opaque_src=*/false);
blink::ParsedPermissionsPolicyDeclaration sockets_pna_decl(
network::ParsedPermissionsPolicyDeclaration sockets_pna_decl(
network::mojom::PermissionsPolicyFeature::kDirectSocketsPrivate,
/*allowed_origins=*/{},
/*self_if_matches=*/app_origin,

@ -23,6 +23,7 @@
#include "mojo/public/cpp/bindings/pending_receiver.h"
#include "mojo/public/cpp/bindings/receiver.h"
#include "mojo/public/cpp/bindings/remote.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/test/test_network_context_with_host_resolver.h"
#include "services/network/test/test_restricted_udp_socket.h"
#include "services/network/test/test_udp_socket.h"
@ -181,7 +182,7 @@ class IsolatedWebAppContentBrowserClient
bool ShouldUrlUseApplicationIsolationLevel(BrowserContext* browser_context,
const GURL& url) override;
std::optional<blink::ParsedPermissionsPolicy>
std::optional<network::ParsedPermissionsPolicy>
GetPermissionsPolicyForIsolatedWebApp(WebContents* web_contents,
const url::Origin& app_origin) override;

@ -10,10 +10,10 @@
#include "base/strings/string_util.h"
#include "base/uuid.h"
#include "content/browser/fenced_frame/fenced_frame_reporter.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/common/frame/fenced_frame_permissions_policies.h"
#include "third_party/blink/public/common/interest_group/ad_auction_constants.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
namespace content {
@ -362,7 +362,7 @@ void FencedFrameProperties::UpdateParentParsedPermissionsPolicy(
// loaded through any other means, the vector remains empty.
CHECK_EQ(effective_enabled_permissions_.size(), 0u);
CHECK(parent_policy);
std::vector<blink::ParsedPermissionsPolicyDeclaration> parsed_policies;
std::vector<network::ParsedPermissionsPolicyDeclaration> parsed_policies;
for (auto feature : blink::kFencedFrameAllowedFeatures) {
const blink::PermissionsPolicy::Allowlist allow_list =
parent_policy->GetAllowlistForFeature(feature);

@ -25,6 +25,7 @@
#include "services/device/public/mojom/geolocation_context.mojom.h"
#include "services/device/public/mojom/geoposition.mojom.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/blink/public/common/permissions/permission_utils.h"
@ -106,7 +107,7 @@ class GeolocationServiceTest : public RenderViewHostImplTestHarness {
void CreateEmbeddedFrameAndGeolocationService(
bool allow_via_permissions_policy) {
const GURL kEmbeddedUrl("https://embeddables.com/someframe");
blink::ParsedPermissionsPolicy frame_policy = {};
network::ParsedPermissionsPolicy frame_policy = {};
if (allow_via_permissions_policy) {
frame_policy.push_back(
{network::mojom::PermissionsPolicyFeature::kGeolocation,

@ -28,7 +28,9 @@
#include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
#include "services/data_decoder/public/cpp/test_support/in_process_data_decoder.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/cpp/resource_request.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "third_party/blink/public/common/features.h"
#include "url/gurl.h"
@ -70,8 +72,8 @@ class InterceptingContentBrowserClient : public ContentBrowserClient {
bool interest_group_allowed_by_settings_ = false;
};
blink::ParsedPermissionsPolicy CreatePermissivePolicy() {
blink::ParsedPermissionsPolicy policy;
network::ParsedPermissionsPolicy CreatePermissivePolicy() {
network::ParsedPermissionsPolicy policy;
policy.emplace_back(
network::mojom::PermissionsPolicyFeature::kRunAdAuction,
/*allowed_origins=*/
@ -85,8 +87,8 @@ blink::ParsedPermissionsPolicy CreatePermissivePolicy() {
return policy;
}
blink::ParsedPermissionsPolicy CreateRestrictivePolicy() {
blink::ParsedPermissionsPolicy policy;
network::ParsedPermissionsPolicy CreateRestrictivePolicy() {
network::ParsedPermissionsPolicy policy;
policy.emplace_back(
network::mojom::PermissionsPolicyFeature::kRunAdAuction,
/*allowed_origins=*/std::vector<network::OriginWithPossibleWildcards>(),

@ -92,6 +92,8 @@
#include "services/data_decoder/public/cpp/test_support/in_process_data_decoder.h"
#include "services/network/network_service.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/blink/public/common/features.h"
@ -9799,7 +9801,7 @@ function reportResult() {
// seller origin C should fail.
auto simulator =
NavigationSimulator::CreateBrowserInitiated(kUrlA, web_contents());
blink::ParsedPermissionsPolicy policy;
network::ParsedPermissionsPolicy policy;
policy.emplace_back(
network::mojom::PermissionsPolicyFeature::kSharedStorage,
/*allowed_origins=*/
@ -10000,7 +10002,7 @@ function scoreAd(
{
auto simulator =
NavigationSimulator::CreateBrowserInitiated(kUrlA, web_contents());
blink::ParsedPermissionsPolicy policy;
network::ParsedPermissionsPolicy policy;
policy.emplace_back(
network::mojom::PermissionsPolicyFeature::kPrivateAggregation,
/*allowed_origins=*/
@ -10026,7 +10028,7 @@ function scoreAd(
{
auto simulator =
NavigationSimulator::CreateBrowserInitiated(kUrlA, web_contents());
blink::ParsedPermissionsPolicy policy;
network::ParsedPermissionsPolicy policy;
policy.emplace_back(
network::mojom::PermissionsPolicyFeature::kPrivateAggregation,
/*allowed_origins=*/
@ -10087,7 +10089,7 @@ function scoreAd(
{
auto simulator =
NavigationSimulator::CreateBrowserInitiated(kUrlA, web_contents());
blink::ParsedPermissionsPolicy policy;
network::ParsedPermissionsPolicy policy;
policy.emplace_back(
network::mojom::PermissionsPolicyFeature::kPrivateAggregation,
/*allowed_origins=*/
@ -10113,7 +10115,7 @@ function scoreAd(
{
auto simulator =
NavigationSimulator::CreateBrowserInitiated(kUrlA, web_contents());
blink::ParsedPermissionsPolicy policy;
network::ParsedPermissionsPolicy policy;
policy.emplace_back(
network::mojom::PermissionsPolicyFeature::kPrivateAggregation,
/*allowed_origins=*/

@ -25,10 +25,12 @@
#include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
#include "services/data_decoder/public/cpp/test_support/in_process_data_decoder.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/cpp/weak_wrapper_shared_url_loader_factory.h"
#include "services/network/public/cpp/wrapper_shared_url_loader_factory.h"
#include "services/network/public/mojom/early_hints.mojom.h"
#include "services/network/public/mojom/parsed_headers.mojom.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
#include "services/network/test/test_url_loader_factory.h"
#include "testing/gmock/include/gmock/gmock.h"
@ -240,7 +242,7 @@ class AdAuctionURLLoaderInterceptorTest : public RenderViewHostTestHarness {
auto simulator =
NavigationSimulator::CreateBrowserInitiated(url, web_contents());
blink::ParsedPermissionsPolicy policy;
network::ParsedPermissionsPolicy policy;
policy.emplace_back(
network::mojom::PermissionsPolicyFeature::kRunAdAuction,
/*allowed_origins=*/

@ -18,6 +18,8 @@
#include "content/public/test/test_renderer_host.h"
#include "content/public/test/web_contents_tester.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/blink/public/common/permissions/permission_utils.h"
@ -564,7 +566,7 @@ class PermissionControllerImplWithDelegateTest
const GURL& origin,
network::mojom::PermissionsPolicyFeature feature =
network::mojom::PermissionsPolicyFeature::kNotFound) {
blink::ParsedPermissionsPolicy frame_policy = {};
network::ParsedPermissionsPolicy frame_policy = {};
if (feature != network::mojom::PermissionsPolicyFeature::kNotFound) {
frame_policy.emplace_back(
feature,

@ -10,6 +10,7 @@
#include "content/browser/renderer_host/render_view_host_impl.h"
#include "content/browser/site_instance_impl.h"
#include "content/common/content_navigation_policy.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/cpp/web_sandbox_flags.h"
#include "services/network/public/mojom/web_sandbox_flags.mojom.h"
@ -175,7 +176,7 @@ size_t BrowsingContextState::GetProxyCount() {
bool BrowsingContextState::UpdateFramePolicyHeaders(
network::mojom::WebSandboxFlags sandbox_flags,
const blink::ParsedPermissionsPolicy& parsed_header) {
const network::ParsedPermissionsPolicy& parsed_header) {
bool changed = false;
if (replication_state_->permissions_policy_header != parsed_header) {
replication_state_->permissions_policy_header = parsed_header;

@ -14,6 +14,7 @@
#include "content/browser/security/coop/coop_related_group.h"
#include "content/browser/site_instance_group.h"
#include "content/public/browser/browsing_instance_id.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/mojom/frame/frame_replication_state.mojom-forward.h"
#include "third_party/perfetto/include/perfetto/tracing/traced_value_forward.h"
@ -218,7 +219,7 @@ class CONTENT_EXPORT BrowsingContextState
// or permissions policy.
bool UpdateFramePolicyHeaders(
network::mojom::WebSandboxFlags sandbox_flags,
const blink::ParsedPermissionsPolicy& parsed_header);
const network::ParsedPermissionsPolicy& parsed_header);
// Notify all of the proxies about the updated FramePolicy, excluding the
// parent, as it will already know.

@ -23,9 +23,9 @@
#include "content/test/navigation_simulator_impl.h"
#include "content/test/test_render_frame_host.h"
#include "net/base/net_errors.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "ui/base/page_transition_types.h"
#include "url/origin.h"
@ -97,11 +97,11 @@ class IsolatedWebAppContentBrowserClient : public ContentBrowserClient {
bool AreIsolatedWebAppsEnabled(BrowserContext*) override { return true; }
std::optional<blink::ParsedPermissionsPolicy>
std::optional<network::ParsedPermissionsPolicy>
GetPermissionsPolicyForIsolatedWebApp(
WebContents* web_contents,
const url::Origin& app_origin) override {
return {{blink::ParsedPermissionsPolicyDeclaration(
return {{network::ParsedPermissionsPolicyDeclaration(
network::mojom::PermissionsPolicyFeature::kCrossOriginIsolated,
/*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,

@ -161,12 +161,14 @@
#include "services/network/public/cpp/features.h"
#include "services/network/public/cpp/header_util.h"
#include "services/network/public/cpp/is_potentially_trustworthy.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/cpp/resource_request_body.h"
#include "services/network/public/cpp/supports_loading_mode/supports_loading_mode_parser.h"
#include "services/network/public/cpp/url_loader_completion_status.h"
#include "services/network/public/cpp/web_sandbox_flags.h"
#include "services/network/public/mojom/device_bound_sessions.mojom.h"
#include "services/network/public/mojom/fetch_api.mojom.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
#include "services/network/public/mojom/supports_loading_mode.mojom.h"
#include "services/network/public/mojom/url_response_head.mojom-forward.h"
#include "services/network/public/mojom/url_response_head.mojom-shared.h"
@ -189,7 +191,6 @@
#include "third_party/blink/public/common/navigation/navigation_policy.h"
#include "third_party/blink/public/common/origin_trials/trial_token_validator.h"
#include "third_party/blink/public/common/permissions_policy/document_policy.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_features.h"
#include "third_party/blink/public/common/permissions_policy/policy_helper_public.h"
#include "third_party/blink/public/common/renderer_preferences/renderer_preferences.h"
@ -9565,11 +9566,11 @@ bool NavigationRequest::IsFencedFrameRequiredPolicyFeatureAllowed(
// explicitly enabled for `origin`, or the policy must by default
// be enabled for all origins. Note: because the policies have not been
// read into a RenderFrameHost's permissions_policy_ yet, we need to check
// the ParsedPermissionsPolicyDeclaration object directly.
// the network::ParsedPermissionsPolicyDeclaration object directly.
auto policy_iter = std::find_if(
commit_params_->frame_policy.container_policy.begin(),
commit_params_->frame_policy.container_policy.end(),
[feature](const blink::ParsedPermissionsPolicyDeclaration& d) {
[feature](const network::ParsedPermissionsPolicyDeclaration& d) {
return d.feature == feature;
});
if (policy_iter == commit_params_->frame_policy.container_policy.end()) {

@ -16,6 +16,7 @@
#include "content/public/browser/cookie_access_details.h"
#include "content/public/browser/trust_token_access_details.h"
#include "ipc/ipc_message.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/mojom/frame/fullscreen.mojom.h"
#include "third_party/blink/public/mojom/frame/text_autosizer_page_info.mojom.h"
#include "third_party/blink/public/mojom/mediastream/media_stream.mojom-shared.h"
@ -201,10 +202,10 @@ bool RenderFrameHostDelegate::ShouldIgnoreUnresponsiveRenderer() {
return false;
}
std::optional<blink::ParsedPermissionsPolicy>
std::optional<network::ParsedPermissionsPolicy>
RenderFrameHostDelegate::GetPermissionsPolicyForIsolatedWebApp(
RenderFrameHostImpl* source) {
return blink::ParsedPermissionsPolicy();
return network::ParsedPermissionsPolicy();
}
bool RenderFrameHostDelegate::IsPopup() const {

@ -39,6 +39,7 @@
#include "services/device/public/mojom/geolocation_context.mojom.h"
#include "services/device/public/mojom/wake_lock.mojom.h"
#include "services/metrics/public/cpp/ukm_source_id.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/common/mediastream/media_stream_request.h"
#include "third_party/blink/public/mojom/choosers/popup_menu.mojom.h"
#include "third_party/blink/public/mojom/devtools/console_message.mojom.h"
@ -738,7 +739,7 @@ class CONTENT_EXPORT RenderFrameHostDelegate {
// Returns the base permissions policy that should be applied to the Isolated
// Web App running in the given RenderFrameHostImpl. If std::nullopt is
// returned the default non-isolated permissions policy will be applied.
virtual std::optional<blink::ParsedPermissionsPolicy>
virtual std::optional<network::ParsedPermissionsPolicy>
GetPermissionsPolicyForIsolatedWebApp(RenderFrameHostImpl* source);
// Updates the draggable regions defined by the app-region CSS property.

@ -238,8 +238,10 @@
#include "services/network/public/cpp/is_potentially_trustworthy.h"
#include "services/network/public/cpp/network_service_buildflags.h"
#include "services/network/public/cpp/not_implemented_url_loader_factory.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/cpp/simple_url_loader.h"
#include "services/network/public/cpp/web_sandbox_flags.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
#include "services/network/public/mojom/url_loader_factory.mojom.h"
#include "services/network/public/mojom/web_sandbox_flags.mojom-shared.h"
#include "services/service_manager/public/cpp/interface_provider.h"
@ -659,7 +661,7 @@ DetermineWhetherToForbidTrustTokenOperation(
// permissions from their parent's permissions policy.
const blink::PermissionsPolicy* parent_policy =
frame->GetParentOrOuterDocument()->GetPermissionsPolicy();
blink::ParsedPermissionsPolicy container_policy =
network::ParsedPermissionsPolicy container_policy =
commit_params.frame_policy.container_policy;
subframe_policy = blink::PermissionsPolicy::CreateFlexibleForFencedFrame(
parent_policy, /*header_policy=*/{}, container_policy,
@ -684,7 +686,7 @@ DetermineWhetherToForbidTrustTokenOperation(
const blink::PermissionsPolicy* parent_policy =
frame->GetParent()->GetPermissionsPolicy();
blink::ParsedPermissionsPolicy container_policy =
network::ParsedPermissionsPolicy container_policy =
commit_params.frame_policy.container_policy;
subframe_policy = blink::PermissionsPolicy::CreateFromParentPolicy(
@ -7641,7 +7643,7 @@ const blink::PermissionsPolicy* RenderFrameHostImpl::GetPermissionsPolicy() {
return permissions_policy_.get();
}
const blink::ParsedPermissionsPolicy&
const network::ParsedPermissionsPolicy&
RenderFrameHostImpl::GetPermissionsPolicyHeader() {
return permissions_policy_header_;
}
@ -12378,7 +12380,7 @@ void RenderFrameHostImpl::CommitNavigation(
auto isolation_info = GetSiteInstance()->GetWebExposedIsolationInfo();
std::optional<blink::ParsedPermissionsPolicy> manifest_policy;
std::optional<network::ParsedPermissionsPolicy> manifest_policy;
if (IsOutermostMainFrame() && isolation_info.is_isolated_application()) {
if (auto isolated_web_app_permissions_policy =
delegate_->GetPermissionsPolicyForIsolatedWebApp(this)) {
@ -13528,7 +13530,7 @@ void RenderFrameHostImpl::CreateWebUsbService(
}
void RenderFrameHostImpl::ResetPermissionsPolicy(
const blink::ParsedPermissionsPolicy& header_policy) {
const network::ParsedPermissionsPolicy& header_policy) {
if (IsFencedFrameRoot()) {
const std::optional<FencedFrameProperties>& fenced_frame_properties =
frame_tree_node()->GetFencedFrameProperties();
@ -13544,7 +13546,7 @@ void RenderFrameHostImpl::ResetPermissionsPolicy(
// permissions from their parent's permissions policy.
const blink::PermissionsPolicy* parent_policy =
GetParentOrOuterDocument()->GetPermissionsPolicy();
blink::ParsedPermissionsPolicy container_policy =
network::ParsedPermissionsPolicy container_policy =
browsing_context_state_->effective_frame_policy().container_policy;
permissions_policy_ =
blink::PermissionsPolicy::CreateFlexibleForFencedFrame(
@ -13583,7 +13585,7 @@ void RenderFrameHostImpl::ResetPermissionsPolicy(
RenderFrameHostImpl* parent_frame_host = GetParent();
const blink::PermissionsPolicy* parent_policy =
parent_frame_host ? parent_frame_host->GetPermissionsPolicy() : nullptr;
blink::ParsedPermissionsPolicy container_policy =
network::ParsedPermissionsPolicy container_policy =
browsing_context_state_->effective_frame_policy().container_policy;
permissions_policy_ = blink::PermissionsPolicy::CreateFromParentPolicy(
@ -15757,7 +15759,7 @@ void RenderFrameHostImpl::SendCommitNavigation(
keep_alive_loader_factory,
mojo::PendingAssociatedRemote<blink::mojom::FetchLaterLoaderFactory>
fetch_later_loader_factory,
const std::optional<blink::ParsedPermissionsPolicy>& permissions_policy,
const std::optional<network::ParsedPermissionsPolicy>& permissions_policy,
blink::mojom::PolicyContainerPtr policy_container,
const blink::DocumentToken& document_token,
const base::UnguessableToken& devtools_navigation_token) {

@ -118,6 +118,7 @@
#include "services/metrics/public/cpp/ukm_source_id.h"
#include "services/network/public/cpp/cross_origin_embedder_policy.h"
#include "services/network/public/cpp/cross_origin_opener_policy.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/cookie_access_observer.mojom.h"
#include "services/network/public/mojom/fetch_api.mojom-forward.h"
#include "services/network/public/mojom/mdns_responder.mojom.h"
@ -130,7 +131,6 @@
#include "third_party/blink/public/common/frame/history_user_activation_state.h"
#include "third_party/blink/public/common/frame/user_activation_state.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/common/scheduler/web_scheduler_tracked_feature.h"
#include "third_party/blink/public/common/storage_key/storage_key.h"
#include "third_party/blink/public/common/tokens/tokens.h"
@ -543,7 +543,7 @@ class CONTENT_EXPORT RenderFrameHostImpl
bool IsFeatureEnabled(
network::mojom::PermissionsPolicyFeature feature) override;
const blink::PermissionsPolicy* GetPermissionsPolicy() override;
const blink::ParsedPermissionsPolicy& GetPermissionsPolicyHeader() override;
const network::ParsedPermissionsPolicy& GetPermissionsPolicyHeader() override;
void ViewSource() override;
void ExecuteMediaPlayerActionAtLocation(
const gfx::Point&,
@ -3272,7 +3272,7 @@ class CONTENT_EXPORT RenderFrameHostImpl
keep_alive_loader_factory,
mojo::PendingAssociatedRemote<blink::mojom::FetchLaterLoaderFactory>
fetch_later_loader_factory,
const std::optional<blink::ParsedPermissionsPolicy>& permissions_policy,
const std::optional<network::ParsedPermissionsPolicy>& permissions_policy,
blink::mojom::PolicyContainerPtr policy_container,
const blink::DocumentToken& document_token,
const base::UnguessableToken& devtools_navigation_token);
@ -3852,7 +3852,7 @@ class CONTENT_EXPORT RenderFrameHostImpl
// Clears any existing policy and constructs a new policy for this frame,
// based on its parent frame and the parsed `header_policy`.
void ResetPermissionsPolicy(
const blink::ParsedPermissionsPolicy& header_policy);
const network::ParsedPermissionsPolicy& header_policy);
// Runs |callback| for all the local roots immediately under this frame, i.e.
// local roots which are under this frame and their first ancestor which is a
@ -4906,7 +4906,7 @@ class CONTENT_EXPORT RenderFrameHostImpl
// Parsed permissions policy header. It is parsed from blink, received during
// DidCommitProvisionalLoad. This is constant during the whole lifetime of
// this document.
blink::ParsedPermissionsPolicy permissions_policy_header_;
network::ParsedPermissionsPolicy permissions_policy_header_;
// Tracks the permissions policy which has been set on this frame.
std::unique_ptr<blink::PermissionsPolicy> permissions_policy_;

@ -83,6 +83,7 @@
#include "content/public/common/url_utils.h"
#include "net/base/url_util.h"
#include "services/network/public/cpp/features.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/common/chrome_debug_urls.h"
#include "third_party/blink/public/common/features.h"
#include "third_party/blink/public/common/tokens/tokens.h"
@ -633,7 +634,7 @@ void RenderFrameHostManager::InitRoot(
scoped_refptr<BrowsingContextState> browsing_context_state =
base::MakeRefCounted<BrowsingContextState>(
blink::mojom::FrameReplicationState::New(
url::Origin(), name, "", blink::ParsedPermissionsPolicy(),
url::Origin(), name, "", network::ParsedPermissionsPolicy(),
network::mojom::WebSandboxFlags::kNone, initial_main_frame_policy,
// should enforce strict mixed content checking
blink::mojom::InsecureRequestPolicy::kLeaveInsecureRequestsAlone,
@ -685,7 +686,7 @@ void RenderFrameHostManager::InitChild(
base::MakeRefCounted<BrowsingContextState>(
blink::mojom::FrameReplicationState::New(
url::Origin(), frame_name, frame_unique_name,
blink::ParsedPermissionsPolicy(),
network::ParsedPermissionsPolicy(),
network::mojom::WebSandboxFlags::kNone, frame_policy,
// should enforce strict mixed content checking
blink::mojom::InsecureRequestPolicy::kLeaveInsecureRequestsAlone,

@ -11,6 +11,8 @@
#include "content/public/test/test_renderer_host.h"
#include "content/test/test_render_frame_host.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
#include "third_party/blink/public/common/frame/frame_policy.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
#include "third_party/blink/public/mojom/frame/deferred_fetch_policy.mojom-shared.h"
@ -102,10 +104,10 @@ class RenderFrameHostPermissionsPolicyTest
}
private:
blink::ParsedPermissionsPolicy CreateFPHeader(
network::ParsedPermissionsPolicy CreateFPHeader(
network::mojom::PermissionsPolicyFeature feature,
const std::vector<std::string>& origins) {
blink::ParsedPermissionsPolicy result(1);
network::ParsedPermissionsPolicy result(1);
result[0].feature = feature;
for (auto const& origin : origins) {
result[0].allowed_origins.emplace_back(

@ -48,9 +48,9 @@
#include "net/base/test_completion_callback.h"
#include "net/http/http_response_info.h"
#include "net/http/http_util.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/common/loader/throttling_url_loader.h"
#include "third_party/blink/public/common/navigation/navigation_params.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/common/storage_key/storage_key.h"
#include "third_party/blink/public/mojom/back_forward_cache_not_restored_reasons.mojom.h"
#include "third_party/blink/public/mojom/loader/referrer.mojom.h"
@ -109,7 +109,7 @@ class FakeNavigationClient : public mojom::NavigationClient {
const blink::DocumentToken& document_token,
const base::UnguessableToken& devtools_navigation_token,
const base::Uuid& base_auction_nonce,
const std::optional<blink::ParsedPermissionsPolicy>& permissions_policy,
const std::optional<network::ParsedPermissionsPolicy>& permissions_policy,
blink::mojom::PolicyContainerPtr policy_container,
mojo::PendingRemote<blink::mojom::CodeCacheHost> code_cache_host,
mojo::PendingRemote<blink::mojom::CodeCacheHost>
@ -298,7 +298,7 @@ CommittedServiceWorkerClient::CommittedServiceWorkerClient(
/*document_token=*/blink::DocumentToken(),
/*devtools_navigation_token=*/base::UnguessableToken::Create(),
/*base_auction_nonce=*/base::Uuid::GenerateRandomV4(),
std::vector<blink::ParsedPermissionsPolicyDeclaration>(),
std::vector<network::ParsedPermissionsPolicyDeclaration>(),
CreateStubPolicyContainer(), /*code_cache_host=*/mojo::NullRemote(),
/*code_cache_host_for_background=*/mojo::NullRemote(),
/*cookie_manager_info=*/nullptr,

@ -29,14 +29,15 @@
#include "content/public/test/test_shared_storage_header_observer.h"
#include "content/test/test_web_contents.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/cpp/shared_storage_utils.h"
#include "services/network/public/mojom/optional_bool.mojom.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
#include "services/network/public/mojom/url_loader_network_service_observer.mojom.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest-param-test.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/blink/public/common/features.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "url/gurl.h"
#include "url/origin.h"
@ -74,18 +75,18 @@ enum class TestCaseType {
using OperationAndResult = SharedStorageWriteOperationAndResult;
[[nodiscard]] blink::ParsedPermissionsPolicy MakeSharedStoragePermissionsPolicy(
const url::Origin& request_origin,
bool shared_storage_enabled_for_request,
bool shared_storage_enabled_for_all) {
[[nodiscard]] network::ParsedPermissionsPolicy
MakeSharedStoragePermissionsPolicy(const url::Origin& request_origin,
bool shared_storage_enabled_for_request,
bool shared_storage_enabled_for_all) {
std::vector<network::OriginWithPossibleWildcards> allowed_origins =
shared_storage_enabled_for_request
? std::vector<network::OriginWithPossibleWildcards>(
{*network::OriginWithPossibleWildcards::FromOrigin(
request_origin)})
: std::vector<network::OriginWithPossibleWildcards>();
return blink::ParsedPermissionsPolicy(
{blink::ParsedPermissionsPolicyDeclaration(
return network::ParsedPermissionsPolicy(
{network::ParsedPermissionsPolicyDeclaration(
network::mojom::PermissionsPolicyFeature::kSharedStorage,
std::move(allowed_origins),
/*self_if_matches=*/std::nullopt,

@ -142,7 +142,9 @@
#include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
#include "services/network/public/cpp/features.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/cpp/web_sandbox_flags.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
#include "services/network/public/mojom/web_sandbox_flags.mojom-shared.h"
#include "services/viz/privileged/mojom/compositing/features.mojom-features.h"
#include "testing/gmock/include/gmock/gmock.h"
@ -151,7 +153,6 @@
#include "third_party/blink/public/common/features.h"
#include "third_party/blink/public/common/input/web_input_event.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/common/permissions_policy/policy_value.h"
#include "third_party/blink/public/common/switches.h"
#include "third_party/blink/public/common/tokens/tokens.h"
@ -372,13 +373,13 @@ bool ConvertJSONToPoint(const std::string& str, gfx::PointF* point) {
// list of origins. (Equivalent to the declared policy "feature origin1 origin2
// ...".) If the origins list is empty, it's treated as matches all origins
// (Equivalent to the declared policy "feature *")
blink::ParsedPermissionsPolicyDeclaration
network::ParsedPermissionsPolicyDeclaration
CreateParsedPermissionsPolicyDeclaration(
network::mojom::PermissionsPolicyFeature feature,
const std::vector<GURL>& origins,
bool match_all_origins = false,
const std::optional<GURL> self_if_matches = std::nullopt) {
blink::ParsedPermissionsPolicyDeclaration declaration;
network::ParsedPermissionsPolicyDeclaration declaration;
declaration.feature = feature;
if (self_if_matches.has_value()) {
@ -398,12 +399,12 @@ CreateParsedPermissionsPolicyDeclaration(
return declaration;
}
blink::ParsedPermissionsPolicy CreateParsedPermissionsPolicy(
network::ParsedPermissionsPolicy CreateParsedPermissionsPolicy(
const std::vector<network::mojom::PermissionsPolicyFeature>& features,
const std::vector<GURL>& origins,
bool match_all_origins = false,
const std::optional<GURL> self_if_matches = std::nullopt) {
blink::ParsedPermissionsPolicy result;
network::ParsedPermissionsPolicy result;
result.reserve(features.size());
for (const auto& feature : features)
result.push_back(CreateParsedPermissionsPolicyDeclaration(
@ -411,18 +412,18 @@ blink::ParsedPermissionsPolicy CreateParsedPermissionsPolicy(
return result;
}
blink::ParsedPermissionsPolicy CreateParsedPermissionsPolicyMatchesSelf(
network::ParsedPermissionsPolicy CreateParsedPermissionsPolicyMatchesSelf(
const std::vector<network::mojom::PermissionsPolicyFeature>& features,
const GURL& self_if_matches) {
return CreateParsedPermissionsPolicy(features, {}, false, self_if_matches);
}
blink::ParsedPermissionsPolicy CreateParsedPermissionsPolicyMatchesAll(
network::ParsedPermissionsPolicy CreateParsedPermissionsPolicyMatchesAll(
const std::vector<network::mojom::PermissionsPolicyFeature>& features) {
return CreateParsedPermissionsPolicy(features, {}, true);
}
blink::ParsedPermissionsPolicy CreateParsedPermissionsPolicyMatchesNone(
network::ParsedPermissionsPolicy CreateParsedPermissionsPolicyMatchesNone(
const std::vector<network::mojom::PermissionsPolicyFeature>& features) {
return CreateParsedPermissionsPolicy(features, {});
}
@ -7644,7 +7645,7 @@ IN_PROC_BROWSER_TEST_P(SitePerProcessBrowserTest,
// Validate that the effective container policy contains a single non-unique
// origin.
const blink::ParsedPermissionsPolicy initial_effective_policy =
const network::ParsedPermissionsPolicy initial_effective_policy =
root->child_at(2)->effective_frame_policy().container_policy;
EXPECT_EQ(1UL, initial_effective_policy[0].allowed_origins.size());
@ -7654,9 +7655,9 @@ IN_PROC_BROWSER_TEST_P(SitePerProcessBrowserTest,
// origin yet) but the effective policy should remain unchanged.
EXPECT_TRUE(ExecJs(
root, "document.getElementById('child-2').setAttribute('sandbox','')"));
const blink::ParsedPermissionsPolicy updated_effective_policy =
const network::ParsedPermissionsPolicy updated_effective_policy =
root->child_at(2)->effective_frame_policy().container_policy;
const blink::ParsedPermissionsPolicy updated_pending_policy =
const network::ParsedPermissionsPolicy updated_pending_policy =
root->child_at(2)->pending_frame_policy().container_policy;
EXPECT_EQ(1UL, updated_effective_policy[0].allowed_origins.size());
EXPECT_TRUE(updated_pending_policy[0].matches_opaque_src);
@ -7664,7 +7665,7 @@ IN_PROC_BROWSER_TEST_P(SitePerProcessBrowserTest,
// Navigate the frame; pending policy should now be committed.
EXPECT_TRUE(NavigateToURLFromRenderer(root->child_at(2), nav_url));
const blink::ParsedPermissionsPolicy final_effective_policy =
const network::ParsedPermissionsPolicy final_effective_policy =
root->child_at(2)->effective_frame_policy().container_policy;
EXPECT_TRUE(final_effective_policy[0].matches_opaque_src);
EXPECT_EQ(0UL, final_effective_policy[0].allowed_origins.size());

@ -27,10 +27,11 @@
#include "net/test/embedded_test_server/default_handlers.h"
#include "net/test/embedded_test_server/embedded_test_server.h"
#include "services/device/public/mojom/smart_card.mojom.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/blink/public/common/features_generated.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/mojom/smart_card/smart_card.mojom.h"
using base::test::RunOnceCallback;
@ -184,7 +185,7 @@ class SmartCardTestContentBrowserClient
SmartCardDelegate* GetSmartCardDelegate() override;
bool ShouldUrlUseApplicationIsolationLevel(BrowserContext* browser_context,
const GURL& url) override;
std::optional<blink::ParsedPermissionsPolicy>
std::optional<network::ParsedPermissionsPolicy>
GetPermissionsPolicyForIsolatedWebApp(WebContents* web_contents,
const url::Origin& app_origin) override;
@ -311,16 +312,16 @@ bool SmartCardTestContentBrowserClient::ShouldUrlUseApplicationIsolationLevel(
return true;
}
std::optional<blink::ParsedPermissionsPolicy>
std::optional<network::ParsedPermissionsPolicy>
SmartCardTestContentBrowserClient::GetPermissionsPolicyForIsolatedWebApp(
WebContents* web_contents,
const url::Origin& app_origin) {
blink::ParsedPermissionsPolicyDeclaration coi_decl(
network::ParsedPermissionsPolicyDeclaration coi_decl(
network::mojom::PermissionsPolicyFeature::kCrossOriginIsolated,
/*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt, /*matches_all_origins=*/true,
/*matches_opaque_src=*/false);
blink::ParsedPermissionsPolicyDeclaration smart_card_decl(
network::ParsedPermissionsPolicyDeclaration smart_card_decl(
network::mojom::PermissionsPolicyFeature::kSmartCard,
/*allowed_origins=*/{},
/*self_if_matches=*/app_origin, /*matches_all_origins=*/false,
@ -1638,11 +1639,11 @@ IN_PROC_BROWSER_TEST_F(SmartCardTest, ContextDiesConnectionStays) {
class NoCoiPermissionSmartCardTestContentBrowserClient
: public SmartCardTestContentBrowserClient {
public:
std::optional<blink::ParsedPermissionsPolicy>
std::optional<network::ParsedPermissionsPolicy>
GetPermissionsPolicyForIsolatedWebApp(
WebContents* web_contents,
const url::Origin& app_origin) override {
return {{blink::ParsedPermissionsPolicyDeclaration(
return {{network::ParsedPermissionsPolicyDeclaration(
network::mojom::PermissionsPolicyFeature::kSmartCard,
/*allowed_origins=*/{},
/*self_if_matches=*/app_origin,

@ -3735,7 +3735,7 @@ void WebContentsImpl::OnVibrate(RenderFrameHostImpl* rfh) {
observers_.NotifyObservers(&WebContentsObserver::VibrationRequested);
}
std::optional<blink::ParsedPermissionsPolicy>
std::optional<network::ParsedPermissionsPolicy>
WebContentsImpl::GetPermissionsPolicyForIsolatedWebApp(
RenderFrameHostImpl* source) {
WebExposedIsolationInfo weii =

@ -71,6 +71,7 @@
#include "partition_alloc/buildflags.h"
#include "ppapi/buildflags/buildflags.h"
#include "services/device/public/mojom/geolocation_context.mojom.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/fetch_api.mojom-forward.h"
#include "third_party/blink/public/common/renderer_preferences/renderer_preferences.h"
#include "third_party/blink/public/common/web_preferences/web_preferences.h"
@ -825,7 +826,7 @@ class CONTENT_EXPORT WebContentsImpl
bool blocked) override;
void OnVibrate(RenderFrameHostImpl*) override;
std::optional<blink::ParsedPermissionsPolicy>
std::optional<network::ParsedPermissionsPolicy>
GetPermissionsPolicyForIsolatedWebApp(RenderFrameHostImpl* source) override;
// Called when WebAudio starts or stops playing audible audio in an

@ -117,7 +117,9 @@
#include "services/data_decoder/public/cpp/test_support/in_process_data_decoder.h"
#include "services/metrics/public/cpp/ukm_builders.h"
#include "services/metrics/public/cpp/ukm_source.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/network_context.mojom.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/blink/public/mojom/webauthn/authenticator.mojom.h"
@ -1127,7 +1129,7 @@ TEST_F(AuthenticatorImplTest,
TEST_F(AuthenticatorImplTest,
GetClientCapabilities_HybridTransport_BluetoothDisabled) {
blink::ParsedPermissionsPolicy permissions_policy(1);
network::ParsedPermissionsPolicy permissions_policy(1);
permissions_policy[0].feature =
network::mojom::PermissionsPolicyFeature::kBluetooth;
// Simulate navigating to a page with this Permissions Policy.

@ -18,9 +18,10 @@
#include "content/public/test/test_browser_context.h"
#include "content/public/test/test_renderer_host.h"
#include "content/public/test/test_web_contents_factory.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/mojom/webauthn/authenticator.mojom.h"
#include "url/gurl.h"
#include "url/origin.h"
@ -29,8 +30,8 @@
namespace content {
namespace {
blink::ParsedPermissionsPolicy CreatePolicyToAllowWebAuthn() {
return {blink::ParsedPermissionsPolicyDeclaration(
network::ParsedPermissionsPolicy CreatePolicyToAllowWebAuthn() {
return {network::ParsedPermissionsPolicyDeclaration(
network::mojom::PermissionsPolicyFeature::kPublicKeyCredentialsGet,
/*allowed_origins=*/{}, /*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/true,
@ -39,16 +40,16 @@ blink::ParsedPermissionsPolicy CreatePolicyToAllowWebAuthn() {
// The default policy allows same-origin with ancestors, but this creates one
// with value 'none'.
blink::ParsedPermissionsPolicy CreatePolicyToDenyWebAuthn() {
return {blink::ParsedPermissionsPolicyDeclaration(
network::ParsedPermissionsPolicy CreatePolicyToDenyWebAuthn() {
return {network::ParsedPermissionsPolicyDeclaration(
network::mojom::PermissionsPolicyFeature::kPublicKeyCredentialsGet,
/*allowed_origins=*/{}, /*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/false,
/*matches_opaque_src=*/false)};
}
blink::ParsedPermissionsPolicy CreatePolicyToAllowWebPayments() {
return {blink::ParsedPermissionsPolicyDeclaration(
network::ParsedPermissionsPolicy CreatePolicyToAllowWebPayments() {
return {network::ParsedPermissionsPolicyDeclaration(
network::mojom::PermissionsPolicyFeature::kPayment,
/*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
@ -57,7 +58,7 @@ blink::ParsedPermissionsPolicy CreatePolicyToAllowWebPayments() {
struct TestCase {
TestCase(const std::string_view& url,
const blink::ParsedPermissionsPolicy& policy,
const network::ParsedPermissionsPolicy& policy,
WebAuthRequestSecurityChecker::RequestType request_type,
bool expected_is_cross_origin,
blink::mojom::AuthenticatorStatus expected_status)
@ -70,7 +71,7 @@ struct TestCase {
~TestCase() = default;
const std::string_view url;
const blink::ParsedPermissionsPolicy policy;
const network::ParsedPermissionsPolicy policy;
const WebAuthRequestSecurityChecker::RequestType request_type;
const bool expected_is_cross_origin;
const blink::mojom::AuthenticatorStatus expected_status;
@ -151,34 +152,34 @@ INSTANTIATE_TEST_SUITE_P(
WebAuthRequestSecurityCheckerTest,
testing::Values(
TestCase("https://same-origin.com",
blink::ParsedPermissionsPolicy(),
network::ParsedPermissionsPolicy(),
WebAuthRequestSecurityChecker::RequestType::kGetAssertion,
/*expected_is_cross_origin=*/false,
blink::mojom::AuthenticatorStatus::SUCCESS),
TestCase("https://cross-origin.com",
blink::ParsedPermissionsPolicy(),
network::ParsedPermissionsPolicy(),
WebAuthRequestSecurityChecker::RequestType::kGetAssertion,
/*expected_is_cross_origin=*/true,
blink::mojom::AuthenticatorStatus::NOT_ALLOWED_ERROR),
TestCase("https://same-origin.com",
blink::ParsedPermissionsPolicy(),
network::ParsedPermissionsPolicy(),
WebAuthRequestSecurityChecker::RequestType::kMakeCredential,
/*expected_is_cross_origin=*/false,
blink::mojom::AuthenticatorStatus::SUCCESS),
TestCase("https://cross-origin.com",
blink::ParsedPermissionsPolicy(),
network::ParsedPermissionsPolicy(),
WebAuthRequestSecurityChecker::RequestType::kMakeCredential,
/*expected_is_cross_origin=*/true,
blink::mojom::AuthenticatorStatus::NOT_ALLOWED_ERROR),
TestCase(
"https://same-origin.com",
blink::ParsedPermissionsPolicy(),
network::ParsedPermissionsPolicy(),
WebAuthRequestSecurityChecker::RequestType::kMakePaymentCredential,
/*expected_is_cross_origin=*/false,
blink::mojom::AuthenticatorStatus::SUCCESS),
TestCase(
"https://cross-origin.com",
blink::ParsedPermissionsPolicy(),
network::ParsedPermissionsPolicy(),
WebAuthRequestSecurityChecker::RequestType::kMakePaymentCredential,
/*expected_is_cross_origin=*/true,
blink::mojom::AuthenticatorStatus::NOT_ALLOWED_ERROR)));
@ -258,7 +259,7 @@ INSTANTIATE_TEST_SUITE_P(
blink::mojom::AuthenticatorStatus::SUCCESS)));
struct SingleFrameTestCase {
SingleFrameTestCase(const blink::ParsedPermissionsPolicy& policy,
SingleFrameTestCase(const network::ParsedPermissionsPolicy& policy,
WebAuthRequestSecurityChecker::RequestType request_type,
blink::mojom::AuthenticatorStatus expected_status)
: policy(policy),
@ -267,7 +268,7 @@ struct SingleFrameTestCase {
~SingleFrameTestCase() = default;
const blink::ParsedPermissionsPolicy policy;
const network::ParsedPermissionsPolicy policy;
const WebAuthRequestSecurityChecker::RequestType request_type;
const blink::mojom::AuthenticatorStatus expected_status;
};

@ -650,6 +650,7 @@ mojom("mojo_bindings") {
"//mojo/public/mojom/base",
"//services/audio/public/mojom",
"//services/network/public/mojom",
"//services/network/public/mojom:mojom_permissions_policy",
"//services/service_manager/public/mojom",
"//services/tracing/public/mojom",
"//services/video_capture/public/mojom",

@ -25,7 +25,7 @@ import "third_party/blink/public/mojom/loader/transferrable_url_loader.mojom";
import "third_party/blink/public/mojom/loader/url_loader_factory_bundle.mojom";
import "third_party/blink/public/mojom/navigation/navigation_params.mojom";
import "third_party/blink/public/mojom/permissions_policy/document_policy_feature.mojom";
import "third_party/blink/public/mojom/permissions_policy/permissions_policy.mojom";
import "services/network/public/mojom/permissions_policy/permissions_policy.mojom";
import "third_party/blink/public/mojom/permissions_policy/policy_value.mojom";
import "third_party/blink/public/mojom/security_context/insecure_request_policy.mojom";
import "third_party/blink/public/mojom/service_worker/controller_service_worker.mojom";
@ -128,7 +128,7 @@ struct DidCommitProvisionalLoadParams {
// https://w3c.github.io/webappsec-permissions-policy/#permissions-policy-http-header-field
// Note: For backward compatibility, this field also contains
// 'Feature-Policy' headers applied to the document.
array<blink.mojom.ParsedPermissionsPolicyDeclaration>
array<network.mojom.ParsedPermissionsPolicyDeclaration>
permissions_policy_header;
// The 'Document-Policy' headers applied to the document.
@ -339,7 +339,7 @@ interface NavigationClient {
blink.mojom.DocumentToken document_token,
mojo_base.mojom.UnguessableToken devtools_navigation_token,
mojo_base.mojom.Uuid base_auction_nonce,
array<blink.mojom.ParsedPermissionsPolicyDeclaration>? permissions_policy,
array<network.mojom.ParsedPermissionsPolicyDeclaration>? permissions_policy,
blink.mojom.PolicyContainer policy_container,
pending_remote<blink.mojom.CodeCacheHost>? code_cache_host,
pending_remote<blink.mojom.CodeCacheHost>? code_cache_host_for_background,

@ -302,11 +302,11 @@ size_t ContentBrowserClient::GetProcessCountToIgnoreForLimit() {
return 0;
}
std::optional<blink::ParsedPermissionsPolicy>
std::optional<network::ParsedPermissionsPolicy>
ContentBrowserClient::GetPermissionsPolicyForIsolatedWebApp(
WebContents* web_contents,
const url::Origin& app_origin) {
return blink::ParsedPermissionsPolicy();
return network::ParsedPermissionsPolicy();
}
bool ContentBrowserClient::ShouldTryToUseExistingProcessHost(

@ -68,6 +68,7 @@
#include "services/cert_verifier/public/mojom/cert_verifier_service_factory.mojom-forward.h"
#include "services/metrics/public/cpp/ukm_source_id.h"
#include "services/network/public/cpp/cross_origin_embedder_policy.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/ip_address_space.mojom-forward.h"
#include "services/network/public/mojom/network_context.mojom-forward.h"
#include "services/network/public/mojom/proxy_config.mojom-forward.h"
@ -655,7 +656,7 @@ class CONTENT_EXPORT ContentBrowserClient {
// Web App Manifest. The embedder might choose to return an std::nullopt in
// specific cases -- then the default non-isolated permissions policy will be
// applied.
virtual std::optional<blink::ParsedPermissionsPolicy>
virtual std::optional<network::ParsedPermissionsPolicy>
GetPermissionsPolicyForIsolatedWebApp(WebContents* web_contents,
const url::Origin& app_origin);

@ -29,10 +29,10 @@
#include "net/cookies/cookie_setting_override.h"
#include "services/metrics/public/cpp/ukm_source_id.h"
#include "services/network/public/cpp/cross_origin_embedder_policy.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-forward.h"
#include "services/network/public/mojom/web_sandbox_flags.mojom-forward.h"
#include "third_party/blink/public/common/frame/frame_owner_element_type.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/common/tokens/tokens.h"
#include "third_party/blink/public/mojom/devtools/console_message.mojom-forward.h"
#include "third_party/blink/public/mojom/devtools/inspector_issue.mojom-forward.h"
@ -875,7 +875,7 @@ class CONTENT_EXPORT RenderFrameHost : public IPC::Listener,
virtual const blink::PermissionsPolicy* GetPermissionsPolicy() = 0;
// Returns the parsed permissions policy header for this frame.
virtual const blink::ParsedPermissionsPolicy&
virtual const network::ParsedPermissionsPolicy&
GetPermissionsPolicyHeader() = 0;
// Returns true if the queried PermissionsPolicyFeature is allowed by

@ -6,8 +6,8 @@
#define CONTENT_PUBLIC_TEST_FAKE_REMOTE_FRAME_H_
#include "mojo/public/cpp/bindings/associated_receiver.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/common/associated_interfaces/associated_interface_provider.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/mojom/frame/frame_owner_properties.mojom.h"
#include "third_party/blink/public/mojom/frame/fullscreen.mojom.h"
#include "third_party/blink/public/mojom/frame/intrinsic_sizing_info.mojom.h"
@ -77,7 +77,7 @@ class FakeRemoteFrame : public blink::mojom::RemoteFrame {
blink::mojom::IntrinsicSizingInfoPtr sizing_info) override;
void DidSetFramePolicyHeaders(
network::mojom::WebSandboxFlags sandbox_flags,
const std::vector<blink::ParsedPermissionsPolicyDeclaration>&
const std::vector<network::ParsedPermissionsPolicyDeclaration>&
parsed_permissions_policy) override {}
void DidUpdateFramePolicy(const blink::FramePolicy& frame_policy) override {}
void UpdateOpener(

@ -13,6 +13,7 @@
#include "content/public/browser/reload_type.h"
#include "mojo/public/cpp/bindings/pending_receiver.h"
#include "net/dns/public/resolve_error_info.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/service_manager/public/cpp/interface_provider.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
#include "third_party/blink/public/mojom/loader/referrer.mojom-forward.h"
@ -283,7 +284,7 @@ class NavigationSimulator {
// Simulate receiving Permissions-Policy headers.
virtual void SetPermissionsPolicyHeader(
blink::ParsedPermissionsPolicy permissions_policy_header) = 0;
network::ParsedPermissionsPolicy permissions_policy_header) = 0;
// Provides the contents mime type to be set at commit. It should be
// specified before calling |ReadyToCommit| or |Commit|.

@ -39,14 +39,14 @@ class AuraTestHelper;
}
} // namespace aura
namespace blink {
namespace network {
struct ParsedPermissionsPolicyDeclaration;
using ParsedPermissionsPolicy = std::vector<ParsedPermissionsPolicyDeclaration>;
} // namespace network
namespace web_pref {
namespace blink::web_pref {
struct WebPreferences;
}
} // namespace blink
} // namespace blink::web_pref
namespace display {
#if BUILDFLAG(IS_ANDROID)
@ -121,7 +121,7 @@ class RenderFrameHostTester {
// used as the container policy.
virtual RenderFrameHost* AppendChildWithPolicy(
const std::string& frame_name,
const blink::ParsedPermissionsPolicy& allow) = 0;
const network::ParsedPermissionsPolicy& allow) = 0;
// Same as AppendChild above, but simulates the `credentialless` attribute
// being added.

@ -67,7 +67,7 @@ void NavigationClient::CommitNavigation(
const blink::DocumentToken& document_token,
const base::UnguessableToken& devtools_navigation_token,
const base::Uuid& base_auction_nonce,
const std::optional<blink::ParsedPermissionsPolicy>& permissions_policy,
const std::optional<network::ParsedPermissionsPolicy>& permissions_policy,
blink::mojom::PolicyContainerPtr policy_container,
mojo::PendingRemote<blink::mojom::CodeCacheHost> code_cache_host,
mojo::PendingRemote<blink::mojom::CodeCacheHost>

@ -12,6 +12,7 @@
#include "content/public/common/alternative_error_page_override_info.mojom.h"
#include "mojo/public/cpp/bindings/associated_receiver.h"
#include "mojo/public/cpp/bindings/pending_associated_receiver.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
namespace content {
@ -51,7 +52,7 @@ class NavigationClient : mojom::NavigationClient {
const blink::DocumentToken& document_token,
const base::UnguessableToken& devtools_navigation_token,
const base::Uuid& base_auction_nonce,
const std::optional<blink::ParsedPermissionsPolicy>& permissions_policy,
const std::optional<network::ParsedPermissionsPolicy>& permissions_policy,
blink::mojom::PolicyContainerPtr policy_container,
mojo::PendingRemote<blink::mojom::CodeCacheHost> code_cache_host,
mojo::PendingRemote<blink::mojom::CodeCacheHost>

@ -2714,7 +2714,7 @@ void RenderFrameImpl::CommitNavigation(
const blink::DocumentToken& document_token,
const base::UnguessableToken& devtools_navigation_token,
const base::Uuid& base_auction_nonce,
const std::optional<blink::ParsedPermissionsPolicy>& permissions_policy,
const std::optional<network::ParsedPermissionsPolicy>& permissions_policy,
blink::mojom::PolicyContainerPtr policy_container,
mojo::PendingRemote<blink::mojom::CodeCacheHost> code_cache_host,
mojo::PendingRemote<blink::mojom::CodeCacheHost>
@ -3977,7 +3977,7 @@ void RenderFrameImpl::DidCreateDocumentLoader(
void RenderFrameImpl::DidCommitNavigation(
blink::WebHistoryCommitType commit_type,
bool should_reset_browser_interface_broker,
const blink::ParsedPermissionsPolicy& permissions_policy_header,
const network::ParsedPermissionsPolicy& permissions_policy_header,
const blink::DocumentPolicyFeatureState& document_policy_header) {
TRACE_EVENT_WITH_FLOW0("navigation", "RenderFrameImpl::DidCommitNavigation",
TRACE_ID_LOCAL(this),
@ -4314,7 +4314,7 @@ void RenderFrameImpl::DidFinishSameDocumentNavigation(
DidCommitNavigationInternal(
commit_type, transition,
blink::ParsedPermissionsPolicy(), // permissions_policy_header
network::ParsedPermissionsPolicy(), // permissions_policy_header
blink::DocumentPolicyFeatureState(), // document_policy_header
nullptr, // interface_params
std::move(same_document_params),
@ -4961,7 +4961,7 @@ mojom::DidCommitProvisionalLoadParamsPtr
RenderFrameImpl::MakeDidCommitProvisionalLoadParams(
blink::WebHistoryCommitType commit_type,
ui::PageTransition transition,
const blink::ParsedPermissionsPolicy& permissions_policy_header,
const network::ParsedPermissionsPolicy& permissions_policy_header,
const blink::DocumentPolicyFeatureState& document_policy_header,
const std::optional<base::UnguessableToken>& embedding_token) {
WebDocumentLoader* document_loader = frame_->GetDocumentLoader();
@ -5251,7 +5251,7 @@ void RenderFrameImpl::UpdateStateForCommit(
void RenderFrameImpl::DidCommitNavigationInternal(
blink::WebHistoryCommitType commit_type,
ui::PageTransition transition,
const blink::ParsedPermissionsPolicy& permissions_policy_header,
const network::ParsedPermissionsPolicy& permissions_policy_header,
const blink::DocumentPolicyFeatureState& document_policy_header,
mojom::DidCommitProvisionalLoadInterfaceParamsPtr interface_params,
mojom::DidCommitSameDocumentNavigationParamsPtr same_document_params,

@ -68,6 +68,7 @@
#include "mojo/public/cpp/bindings/remote.h"
#include "mojo/public/cpp/system/data_pipe.h"
#include "ppapi/buildflags/buildflags.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/url_loader_factory.mojom.h"
#include "services/network/public/mojom/url_response_head.mojom-forward.h"
#include "services/service_manager/public/cpp/binder_registry.h"
@ -491,7 +492,7 @@ class CONTENT_EXPORT RenderFrameImpl
const blink::DocumentToken& document_token,
const base::UnguessableToken& devtools_navigation_token,
const base::Uuid& base_auction_nonce,
const std::optional<blink::ParsedPermissionsPolicy>& permissions_policy,
const std::optional<network::ParsedPermissionsPolicy>& permissions_policy,
blink::mojom::PolicyContainerPtr policy_container,
mojo::PendingRemote<blink::mojom::CodeCacheHost> code_cache_host,
mojo::PendingRemote<blink::mojom::CodeCacheHost>
@ -583,7 +584,7 @@ class CONTENT_EXPORT RenderFrameImpl
void DidCommitNavigation(
blink::WebHistoryCommitType commit_type,
bool should_reset_browser_interface_broker,
const blink::ParsedPermissionsPolicy& permissions_policy_header,
const network::ParsedPermissionsPolicy& permissions_policy_header,
const blink::DocumentPolicyFeatureState& document_policy_header) override;
void DidCommitDocumentReplacementNavigation(
blink::WebDocumentLoader* document_loader) override;
@ -1117,7 +1118,7 @@ class CONTENT_EXPORT RenderFrameImpl
mojom::DidCommitProvisionalLoadParamsPtr MakeDidCommitProvisionalLoadParams(
blink::WebHistoryCommitType commit_type,
ui::PageTransition transition,
const blink::ParsedPermissionsPolicy& permissions_policy_header,
const network::ParsedPermissionsPolicy& permissions_policy_header,
const blink::DocumentPolicyFeatureState& document_policy_header,
const std::optional<base::UnguessableToken>& embedding_token);
@ -1141,7 +1142,7 @@ class CONTENT_EXPORT RenderFrameImpl
void DidCommitNavigationInternal(
blink::WebHistoryCommitType commit_type,
ui::PageTransition transition,
const blink::ParsedPermissionsPolicy& permissions_policy_header,
const network::ParsedPermissionsPolicy& permissions_policy_header,
const blink::DocumentPolicyFeatureState& document_policy_header,
mojom::DidCommitProvisionalLoadInterfaceParamsPtr interface_params,
mojom::DidCommitSameDocumentNavigationParamsPtr same_document_params,

@ -88,11 +88,11 @@
#include "services/device/public/cpp/geolocation/location_system_permission_status.h"
#include "services/network/public/cpp/features.h"
#include "services/network/public/cpp/network_service_buildflags.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/network_context.mojom.h"
#include "services/network/public/mojom/network_service.mojom.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
#include "third_party/blink/public/common/features.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/common/switches.h"
#include "third_party/blink/public/common/user_agent/user_agent_metadata.h"
#include "third_party/blink/public/common/web_preferences/web_preferences.h"
@ -1001,17 +1001,17 @@ void ShellContentBrowserClient::SetUpFieldTrials() {
/*enable_limited_entropy_mode=*/false));
}
std::optional<blink::ParsedPermissionsPolicy>
std::optional<network::ParsedPermissionsPolicy>
ShellContentBrowserClient::GetPermissionsPolicyForIsolatedWebApp(
WebContents* web_contents,
const url::Origin& app_origin) {
blink::ParsedPermissionsPolicyDeclaration coi_decl(
network::ParsedPermissionsPolicyDeclaration coi_decl(
network::mojom::PermissionsPolicyFeature::kCrossOriginIsolated,
/*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/true, /*matches_opaque_src=*/false);
blink::ParsedPermissionsPolicyDeclaration socket_decl(
network::ParsedPermissionsPolicyDeclaration socket_decl(
network::mojom::PermissionsPolicyFeature::kDirectSockets,
/*allowed_origins=*/{}, app_origin,
/*matches_all_origins=*/false, /*matches_opaque_src=*/false);

@ -14,6 +14,7 @@
#include "build/build_config.h"
#include "content/public/browser/content_browser_client.h"
#include "content/shell/browser/shell_speech_recognition_manager_delegate.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/network_context.mojom-forward.h"
class PrefService;
@ -178,7 +179,7 @@ class ShellContentBrowserClient : public ContentBrowserClient {
// Turns on features via permissions policy for Isolated App
// Web Platform Tests.
std::optional<blink::ParsedPermissionsPolicy>
std::optional<network::ParsedPermissionsPolicy>
GetPermissionsPolicyForIsolatedWebApp(WebContents* web_contents,
const url::Origin& app_origin) override;

@ -1052,7 +1052,7 @@ void NavigationSimulatorImpl::SetIsSignedExchangeInnerResponse(
}
void NavigationSimulatorImpl::SetPermissionsPolicyHeader(
blink::ParsedPermissionsPolicy permissions_policy_header) {
network::ParsedPermissionsPolicy permissions_policy_header) {
CHECK_LE(state_, STARTED) << "The Permissions-Policy headers cannot be set "
"after the navigation has committed or failed";
permissions_policy_header_ = std::move(permissions_policy_header);

@ -25,6 +25,7 @@
#include "net/base/load_flags.h"
#include "net/dns/public/resolve_error_info.h"
#include "net/http/http_connection_info.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/common/navigation/impression.h"
#include "third_party/blink/public/mojom/loader/mixed_content.mojom.h"
#include "third_party/blink/public/mojom/loader/referrer.mojom-forward.h"
@ -97,7 +98,7 @@ class NavigationSimulatorImpl : public NavigationSimulator,
void SetIsSignedExchangeInnerResponse(
bool is_signed_exchange_inner_response) override;
void SetPermissionsPolicyHeader(
blink::ParsedPermissionsPolicy permissions_policy_header) override;
network::ParsedPermissionsPolicy permissions_policy_header) override;
void SetContentsMimeType(const std::string& contents_mime_type) override;
void SetRedirectHeaders(
scoped_refptr<net::HttpResponseHeaders> redirect_headers) override;
@ -383,7 +384,7 @@ class NavigationSimulatorImpl : public NavigationSimulator,
std::string contents_mime_type_;
scoped_refptr<net::HttpResponseHeaders> redirect_headers_;
scoped_refptr<net::HttpResponseHeaders> response_headers_;
blink::ParsedPermissionsPolicy permissions_policy_header_;
network::ParsedPermissionsPolicy permissions_policy_header_;
mojo::ScopedDataPipeConsumerHandle response_body_;
network::mojom::CSPDisposition should_check_main_world_csp_ =
network::mojom::CSPDisposition::CHECK;

@ -26,6 +26,7 @@
#include "mojo/public/cpp/bindings/remote.h"
#include "net/base/data_url.h"
#include "services/network/public/cpp/not_implemented_url_loader_factory.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/url_response_head.mojom.h"
#include "third_party/blink/public/common/associated_interfaces/associated_interface_provider.h"
#include "third_party/blink/public/common/features.h"
@ -273,7 +274,7 @@ void TestRenderFrame::Navigate(
/*document_token=*/blink::DocumentToken(),
/*devtools_navigation_token=*/base::UnguessableToken::Create(),
/*base_auction_nonce=*/base::Uuid::GenerateRandomV4(),
blink::ParsedPermissionsPolicy(),
network::ParsedPermissionsPolicy(),
blink::mojom::PolicyContainer::New(
blink::mojom::PolicyContainerPolicies::New(),
mock_policy_container_host.BindNewEndpointAndPassDedicatedRemote()),

@ -191,7 +191,7 @@ TestRenderFrameHost* TestRenderFrameHost::AppendChild(
TestRenderFrameHost* TestRenderFrameHost::AppendChildWithPolicy(
const std::string& frame_name,
const blink::ParsedPermissionsPolicy& allow) {
const network::ParsedPermissionsPolicy& allow) {
std::string frame_unique_name =
base::Uuid::GenerateRandomV4().AsLowercaseString();
OnCreateChildFrame(
@ -629,7 +629,7 @@ void TestRenderFrameHost::SendCommitNavigation(
keep_alive_loader_factory,
mojo::PendingAssociatedRemote<blink::mojom::FetchLaterLoaderFactory>
fetch_later_loader_factory,
const std::optional<blink::ParsedPermissionsPolicy>& permissions_policy,
const std::optional<network::ParsedPermissionsPolicy>& permissions_policy,
blink::mojom::PolicyContainerPtr policy_container,
const blink::DocumentToken& document_token,
const base::UnguessableToken& devtools_navigation_token) {

@ -24,6 +24,7 @@
#include "content/test/test_render_widget_host.h"
#include "mojo/public/cpp/bindings/pending_receiver.h"
#include "mojo/public/cpp/bindings/pending_remote.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/common/tokens/tokens.h"
#include "third_party/blink/public/mojom/loader/transferrable_url_loader.mojom.h"
#include "third_party/blink/public/mojom/navigation/navigation_params.mojom-forward.h"
@ -96,7 +97,7 @@ class TestRenderFrameHost : public RenderFrameHostImpl,
TestRenderFrameHost* AppendChild(const std::string& frame_name) override;
TestRenderFrameHost* AppendChildWithPolicy(
const std::string& frame_name,
const blink::ParsedPermissionsPolicy& allow) override;
const network::ParsedPermissionsPolicy& allow) override;
TestRenderFrameHost* AppendCredentiallessChild(
const std::string& frame_name) override;
void Detach() override;
@ -272,7 +273,7 @@ class TestRenderFrameHost : public RenderFrameHostImpl,
keep_alive_loader_factory,
mojo::PendingAssociatedRemote<blink::mojom::FetchLaterLoaderFactory>
fetch_later_loader_factory,
const std::optional<blink::ParsedPermissionsPolicy>& permissions_policy,
const std::optional<network::ParsedPermissionsPolicy>& permissions_policy,
blink::mojom::PolicyContainerPtr policy_container,
const blink::DocumentToken& document_token,
const base::UnguessableToken& devtools_navigation_token) override;

@ -16,6 +16,7 @@ include_rules = [
"+services/device/public/cpp/generic_sensor",
"+services/device/public/mojom",
"+services/network/public/mojom/cors.mojom.h",
"+services/network/public/cpp/permissions_policy",
"+services/service_manager/public/cpp",
"+skia",
"+third_party/khronos/GLES2/gl2.h",

@ -764,7 +764,7 @@ void WebFrameTestProxy::DidClearWindowObject() {
void WebFrameTestProxy::DidCommitNavigation(
blink::WebHistoryCommitType commit_type,
bool should_reset_browser_interface_broker,
const blink::ParsedPermissionsPolicy& permissions_policy_header,
const network::ParsedPermissionsPolicy& permissions_policy_header,
const blink::DocumentPolicyFeatureState& document_policy_header) {
if (should_block_parsing_in_next_commit_) {
should_block_parsing_in_next_commit_ = false;

@ -17,6 +17,7 @@
#include "content/web_test/renderer/text_input_controller.h"
#include "mojo/public/cpp/bindings/associated_receiver.h"
#include "mojo/public/cpp/bindings/pending_associated_receiver.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/platform/web_effective_connection_type.h"
#include "third_party/blink/public/platform/web_string.h"
#include "third_party/blink/public/test/frame_widget_test_helper.h"
@ -89,7 +90,7 @@ class WebFrameTestProxy : public RenderFrameImpl,
void DidCommitNavigation(
blink::WebHistoryCommitType commit_type,
bool should_reset_browser_interface_broker,
const blink::ParsedPermissionsPolicy& permissions_policy_header,
const network::ParsedPermissionsPolicy& permissions_policy_header,
const blink::DocumentPolicyFeatureState& document_policy_header) override;
void HandleAXObjectDetachedForTest(unsigned axid) override;
void HandleWebAccessibilityEventForTest(

@ -75,11 +75,12 @@ class LineWrapperTest(unittest.TestCase):
def testWrapWithIndent(self):
lw = mojofmt.LineWrapper(base_indent=2)
data = ('array<blink.mojom.ParsedPermissionsPolicyDeclaration> ' +
data = ('array<network.mojom.ParsedPermissionsPolicyDeclaration> ' +
'permissions_policy_header;')
lw.write(data)
expected = (' array<blink.mojom.ParsedPermissionsPolicyDeclaration>' +
'\n permissions_policy_header;')
expected = (
' array<network.mojom.ParsedPermissionsPolicyDeclaration>' +
'\n permissions_policy_header;')
self.assertEqual(expected, lw.finish())
def testAlreadyIndented(self):

@ -110,7 +110,10 @@ component("cpp") {
"parsed_headers.h",
"permissions_policy/origin_with_possible_wildcards.cc",
"permissions_policy/origin_with_possible_wildcards.h",
"permissions_policy/permissions_policy_declaration.cc",
"permissions_policy/permissions_policy_declaration.h",
"permissions_policy/permissions_policy_mojom_traits.cc",
"permissions_policy/permissions_policy_mojom_traits.h",
"private_network_access_check_result.cc",
"private_network_access_check_result.h",
"record_ontransfersizeupdate_utils.h",
@ -165,7 +168,7 @@ component("cpp") {
":cpp_base",
"//net",
"//services/network/public/mojom",
"//services/network/public/mojom:mojom_permissions_policy",
"//services/network/public/mojom:mojom_permissions_policy_shared",
"//services/network/public/mojom:url_loader_base",
"//url",
"//url/ipc:url_ipc",
@ -601,6 +604,7 @@ source_set("tests") {
"parsed_headers_unittest.cc",
"parsed_request_cookie_mojom_traits_unittest.cc",
"permissions_policy/origin_with_possible_wildcards_unittest.cc",
"permissions_policy/permissions_policy_declaration_unittest.cc",
"proxy_config_mojom_traits_unittest.cc",
"request_destination_unittest.cc",
"schemeful_site_mojom_traits_unittest.cc",
@ -642,6 +646,7 @@ source_set("tests") {
"//services/network:network_service",
"//services/network:test_support",
"//services/network/public/cpp/cert_verifier:cert_verifier_tests",
"//services/network/public/mojom:mojom_permissions_policy",
"//testing/gtest",
]

@ -7,7 +7,7 @@
#include "base/component_export.h"
#include "services/network/public/mojom/content_security_policy.mojom.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy.mojom-forward.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy.mojom-shared.h"
#include "url/origin.h"
namespace network {

@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include <tuple>
#include <vector>
@ -11,7 +11,7 @@
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "url/origin.h"
namespace blink {
namespace network {
ParsedPermissionsPolicyDeclaration::ParsedPermissionsPolicyDeclaration() =
default;
@ -66,4 +66,4 @@ bool operator==(const ParsedPermissionsPolicyDeclaration& lhs,
rhs.allowed_origins);
}
} // namespace blink
} // namespace network

@ -2,23 +2,23 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef THIRD_PARTY_BLINK_PUBLIC_COMMON_PERMISSIONS_POLICY_PERMISSIONS_POLICY_DECLARATION_H_
#define THIRD_PARTY_BLINK_PUBLIC_COMMON_PERMISSIONS_POLICY_PERMISSIONS_POLICY_DECLARATION_H_
#ifndef SERVICES_NETWORK_PUBLIC_CPP_PERMISSIONS_POLICY_PERMISSIONS_POLICY_DECLARATION_H_
#define SERVICES_NETWORK_PUBLIC_CPP_PERMISSIONS_POLICY_PERMISSIONS_POLICY_DECLARATION_H_
#include <vector>
#include "base/component_export.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-forward.h"
#include "third_party/blink/public/common/common_export.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
#include "url/origin.h"
namespace blink {
namespace network {
// This struct holds permissions policy allowlist data that needs to be
// replicated between a RenderFrame and any of its associated
// RenderFrameProxies. A list of these form a ParsedPermissionsPolicy. NOTE:
// These types are used for replication frame state between processes.
struct BLINK_COMMON_EXPORT ParsedPermissionsPolicyDeclaration {
struct COMPONENT_EXPORT(NETWORK_CPP) ParsedPermissionsPolicyDeclaration {
ParsedPermissionsPolicyDeclaration();
explicit ParsedPermissionsPolicyDeclaration(
network::mojom::PermissionsPolicyFeature feature);
@ -61,10 +61,11 @@ struct BLINK_COMMON_EXPORT ParsedPermissionsPolicyDeclaration {
using ParsedPermissionsPolicy = std::vector<ParsedPermissionsPolicyDeclaration>;
bool BLINK_COMMON_EXPORT
operator==(const ParsedPermissionsPolicyDeclaration& lhs,
const ParsedPermissionsPolicyDeclaration& rhs);
bool COMPONENT_EXPORT(
NETWORK_CPP) operator==(const ParsedPermissionsPolicyDeclaration & lhs,
const ParsedPermissionsPolicyDeclaration &
rhs);
} // namespace blink
} // namespace network
#endif // THIRD_PARTY_BLINK_PUBLIC_COMMON_PERMISSIONS_POLICY_PERMISSIONS_POLICY_DECLARATION_H_
#endif // SERVICES_NETWORK_PUBLIC_CPP_PERMISSIONS_POLICY_PERMISSIONS_POLICY_DECLARATION_H_

@ -2,14 +2,14 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "url/gurl.h"
#include "url/origin.h"
namespace blink {
namespace network {
TEST(ParsedPermissionsPolicyDeclarationTest, Contains) {
const url::Origin kTestOrigin =
@ -63,4 +63,4 @@ TEST(ParsedPermissionsPolicyDeclarationTest, Contains) {
EXPECT_TRUE(opaque_self_decl.Contains(kOpaqueOrigin));
}
} // namespace blink
} // namespace network

@ -4,6 +4,10 @@
#include "services/network/public/cpp/permissions_policy/permissions_policy_mojom_traits.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "url/mojom/origin_mojom_traits.h"
namespace mojo {
bool StructTraits<network::mojom::OriginWithPossibleWildcardsDataView,
@ -21,4 +25,15 @@ bool StructTraits<network::mojom::OriginWithPossibleWildcardsDataView,
return out->csp_source.scheme.length() != 0;
}
bool StructTraits<network::mojom::ParsedPermissionsPolicyDeclarationDataView,
network::ParsedPermissionsPolicyDeclaration>::
Read(network::mojom::ParsedPermissionsPolicyDeclarationDataView in,
network::ParsedPermissionsPolicyDeclaration* out) {
out->matches_all_origins = in.matches_all_origins();
out->matches_opaque_src = in.matches_opaque_src();
return in.ReadFeature(&out->feature) &&
in.ReadAllowedOrigins(&out->allowed_origins) &&
in.ReadSelfIfMatches(&out->self_if_matches);
}
} // namespace mojo

@ -9,6 +9,7 @@
#include "base/component_export.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy.mojom-shared.h"
namespace mojo {
@ -43,6 +44,41 @@ class COMPONENT_EXPORT(NETWORK_CPP)
network::OriginWithPossibleWildcards* out);
};
template <>
class COMPONENT_EXPORT(NETWORK_CPP)
StructTraits<network::mojom::ParsedPermissionsPolicyDeclarationDataView,
network::ParsedPermissionsPolicyDeclaration> {
public:
static network::mojom::PermissionsPolicyFeature feature(
const network::ParsedPermissionsPolicyDeclaration& policy) {
return policy.feature;
}
static const std::vector<network::OriginWithPossibleWildcards>&
allowed_origins(const network::ParsedPermissionsPolicyDeclaration& policy) {
return policy.allowed_origins;
}
static const std::optional<url::Origin>& self_if_matches(
const network::ParsedPermissionsPolicyDeclaration& policy) {
return policy.self_if_matches;
}
static bool matches_all_origins(
const network::ParsedPermissionsPolicyDeclaration& policy) {
return policy.matches_all_origins;
}
static bool matches_opaque_src(
const network::ParsedPermissionsPolicyDeclaration& policy) {
return policy.matches_opaque_src;
}
static const std::optional<std::string>& reporting_endpoint(
const network::ParsedPermissionsPolicyDeclaration& policy) {
return policy.reporting_endpoint;
}
static bool Read(
network::mojom::ParsedPermissionsPolicyDeclarationDataView in,
network::ParsedPermissionsPolicyDeclaration* out);
};
} // namespace mojo
#endif // SERVICES_NETWORK_PUBLIC_CPP_PERMISSIONS_POLICY_PERMISSIONS_POLICY_MOJOM_TRAITS_H_

@ -1504,24 +1504,35 @@ mojom("mojom_permissions_policy") {
"permissions_policy/permissions_policy_feature.mojom",
]
cpp_typemaps = [
public_deps = [ "//url/mojom:url_mojom_origin" ]
shared_cpp_typemaps = [
{
types = [
{
mojom = "network.mojom.OriginWithPossibleWildcards"
cpp = "::network::OriginWithPossibleWildcards"
},
{
mojom = "network.mojom.ParsedPermissionsPolicyDeclaration"
cpp = "::network::ParsedPermissionsPolicyDeclaration"
},
]
traits_headers = [ "//services/network/public/cpp/permissions_policy/permissions_policy_mojom_traits.h" ]
traits_public_deps = [
"//services/network/public/cpp:cpp",
"//services/network/public/mojom:url_loader_base",
"//url/mojom:mojom_traits",
]
traits_headers = [ "//services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h" ]
traits_private_headers = [ "//services/network/public/cpp/permissions_policy/permissions_policy_mojom_traits.h" ]
traits_public_deps = [ "//services/network/public/mojom:url_loader_base" ]
},
]
cpp_typemaps = shared_cpp_typemaps
blink_cpp_typemaps = shared_cpp_typemaps
if (!is_ios) {
export_class_attribute = "BLINK_COMMON_EXPORT"
export_define = "BLINK_COMMON_IMPLEMENTATION=1"
export_header = "third_party/blink/public/common/common_export.h"
export_class_attribute_blink = "BLINK_PLATFORM_EXPORT"
export_define_blink = "BLINK_PLATFORM_IMPLEMENTATION=1"
export_header_blink = "third_party/blink/public/platform/web_common.h"
}
# Don't scramble message IDs so they are redistributable to external tests.

@ -4,6 +4,9 @@
module network.mojom;
import "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom";
import "url/mojom/origin.mojom";
// This struct mirrors network.mojom.CSPSource, but excludes members not used
// in permissions policies like `path`.
// TODO(crbug.com/40126948): Consider merging this with CSPSource as discussed
@ -15,3 +18,16 @@ struct OriginWithPossibleWildcards {
bool is_host_wildcard = false;
bool is_port_wildcard = false;
};
// This struct holds permissions policy allowlist data that needs to be replicated
// between a RenderFrame and any of its associated RenderFrameProxies. A list of
// these form a ParsedPermissionsPolicy.
// NOTE: These types are used for replication frame state between processes.
struct ParsedPermissionsPolicyDeclaration {
PermissionsPolicyFeature feature;
array<OriginWithPossibleWildcards> allowed_origins;
url.mojom.Origin? self_if_matches;
bool matches_all_origins;
bool matches_opaque_src;
string? reporting_endpoint;
};

@ -267,12 +267,10 @@ source_set("common") {
"permissions/permission_utils.cc",
"permissions_policy/document_policy.cc",
"permissions_policy/permissions_policy.cc",
"permissions_policy/permissions_policy_declaration.cc",
"permissions_policy/permissions_policy_features.cc",
"permissions_policy/permissions_policy_features_generated.h",
"permissions_policy/permissions_policy_features_internal.cc",
"permissions_policy/permissions_policy_features_internal.h",
"permissions_policy/permissions_policy_mojom_traits.cc",
"permissions_policy/policy_value.cc",
"renderer_preferences/renderer_preferences.cc",
"renderer_preferences/renderer_preferences_mojom_traits.cc",
@ -341,6 +339,7 @@ source_set("common") {
"//services/metrics/public/cpp:ukm_builders",
"//services/metrics/public/mojom:mojom",
"//services/network/public/cpp:cpp",
"//services/network/public/mojom:mojom_permissions_policy",
"//third_party/blink/common/rust_crash",
"//third_party/blink/public/common:buildflags",
"//third_party/re2",
@ -451,7 +450,6 @@ source_set("common_unittests_sources") {
"page_state/page_state_serialization_unittest.cc",
"peerconnection/webrtc_ip_handling_policy_unittest.cc",
"permissions_policy/document_policy_unittest.cc",
"permissions_policy/permissions_policy_declaration_unittest.cc",
"permissions_policy/permissions_policy_features_internal.h",
"permissions_policy/permissions_policy_unittest.cc",
"permissions_policy/policy_value_unittest.cc",

@ -4,10 +4,10 @@
#include "third_party/blink/public/common/fenced_frame/redacted_fenced_frame_config_mojom_traits.h"
#include "third_party/blink/common/permissions_policy/permissions_policy_mojom_traits.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_mojom_traits.h"
#include "third_party/blink/public/common/fenced_frame/fenced_frame_utils.h"
#include "third_party/blink/public/common/fenced_frame/redacted_fenced_frame_config.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/mojom/fenced_frame/fenced_frame_config.mojom.h"
namespace mojo {
@ -171,7 +171,7 @@ bool StructTraits<blink::mojom::SharedStorageBudgetMetadataDataView,
}
// static
const std::vector<blink::ParsedPermissionsPolicyDeclaration>&
const std::vector<network::ParsedPermissionsPolicyDeclaration>&
StructTraits<blink::mojom::ParentPermissionsInfoDataView,
blink::FencedFrame::ParentPermissionsInfo>::
parsed_permissions_policy(

@ -3,6 +3,8 @@
// found in the LICENSE file.
#include "third_party/blink/public/common/frame/frame_policy.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/web_sandbox_flags.mojom-shared.h"
namespace blink {
@ -15,7 +17,7 @@ FramePolicy::FramePolicy()
FramePolicy::FramePolicy(
network::mojom::WebSandboxFlags sandbox_flags,
const ParsedPermissionsPolicy& container_policy,
const network::ParsedPermissionsPolicy& container_policy,
const DocumentPolicyFeatureState& required_document_policy,
mojom::DeferredFetchPolicy deferred_fetch_policy)
: sandbox_flags(sandbox_flags),

@ -5,10 +5,11 @@
#ifndef THIRD_PARTY_BLINK_COMMON_FRAME_FRAME_POLICY_MOJOM_TRAITS_H_
#define THIRD_PARTY_BLINK_COMMON_FRAME_FRAME_POLICY_MOJOM_TRAITS_H_
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_mojom_traits.h"
#include "services/network/public/mojom/web_sandbox_flags.mojom-shared.h"
#include "third_party/blink/common/permissions_policy/permissions_policy_mojom_traits.h"
#include "third_party/blink/common/permissions_policy/policy_value_mojom_traits.h"
#include "third_party/blink/public/common/frame/frame_policy.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/mojom/fenced_frame/fenced_frame.mojom-shared.h"
#include "third_party/blink/public/mojom/frame/frame_policy.mojom-shared.h"
@ -18,7 +19,7 @@ template <>
class BLINK_COMMON_EXPORT
StructTraits<blink::mojom::FramePolicyDataView, blink::FramePolicy> {
public:
static const std::vector<blink::ParsedPermissionsPolicyDeclaration>&
static const std::vector<network::ParsedPermissionsPolicyDeclaration>&
container_policy(const blink::FramePolicy& frame_policy) {
return frame_policy.container_policy;
}

@ -9,6 +9,7 @@
#include "base/memory/ptr_util.h"
#include "base/no_destructor.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/cpp/resource_request.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom.h"
#include "services/network/public/mojom/web_sandbox_flags.mojom-shared.h"
@ -27,7 +28,7 @@ PermissionsPolicy::Allowlist::Allowlist(const Allowlist& rhs) = default;
PermissionsPolicy::Allowlist::~Allowlist() = default;
PermissionsPolicy::Allowlist PermissionsPolicy::Allowlist::FromDeclaration(
const ParsedPermissionsPolicyDeclaration& parsed_declaration) {
const network::ParsedPermissionsPolicyDeclaration& parsed_declaration) {
auto result = PermissionsPolicy::Allowlist();
if (parsed_declaration.self_if_matches) {
result.AddSelf(parsed_declaration.self_if_matches);
@ -92,8 +93,8 @@ bool PermissionsPolicy::Allowlist::MatchesOpaqueSrc() const {
// static
std::unique_ptr<PermissionsPolicy> PermissionsPolicy::CreateFromParentPolicy(
const PermissionsPolicy* parent_policy,
const ParsedPermissionsPolicy& header_policy,
const ParsedPermissionsPolicy& container_policy,
const network::ParsedPermissionsPolicy& header_policy,
const network::ParsedPermissionsPolicy& container_policy,
const url::Origin& origin,
bool headerless) {
return CreateFromParentPolicy(parent_policy, header_policy, container_policy,
@ -118,8 +119,8 @@ std::unique_ptr<PermissionsPolicy> PermissionsPolicy::CopyStateFrom(
// static
std::unique_ptr<PermissionsPolicy> PermissionsPolicy::CreateFromParsedPolicy(
const ParsedPermissionsPolicy& parsed_policy,
const std::optional<ParsedPermissionsPolicy>& base_policy,
const network::ParsedPermissionsPolicy& parsed_policy,
const std::optional<network::ParsedPermissionsPolicy>& base_policy,
const url::Origin& origin) {
return CreateFromParsedPolicy(parsed_policy, base_policy, origin,
GetPermissionsPolicyFeatureList(origin));
@ -127,8 +128,8 @@ std::unique_ptr<PermissionsPolicy> PermissionsPolicy::CreateFromParsedPolicy(
// static
std::unique_ptr<PermissionsPolicy> PermissionsPolicy::CreateFromParsedPolicy(
const ParsedPermissionsPolicy& parsed_policy,
const std::optional<ParsedPermissionsPolicy>&
const network::ParsedPermissionsPolicy& parsed_policy,
const std::optional<network::ParsedPermissionsPolicy>&
parsed_policy_for_isolated_app,
const url::Origin& origin,
const PermissionsPolicyFeatureList& features) {
@ -342,9 +343,9 @@ std::optional<std::string> PermissionsPolicy::GetEndpointForFeature(
// static
PermissionsPolicy::AllowlistsAndReportingEndpoints
PermissionsPolicy::CreateAllowlistsAndReportingEndpoints(
const ParsedPermissionsPolicy& parsed_header) {
const network::ParsedPermissionsPolicy& parsed_header) {
AllowlistsAndReportingEndpoints allow_lists_and_reporting_endpoints;
for (const ParsedPermissionsPolicyDeclaration& parsed_declaration :
for (const network::ParsedPermissionsPolicyDeclaration& parsed_declaration :
parsed_header) {
network::mojom::PermissionsPolicyFeature feature =
parsed_declaration.feature;
@ -362,12 +363,12 @@ PermissionsPolicy::CreateAllowlistsAndReportingEndpoints(
// static
PermissionsPolicy::AllowlistsAndReportingEndpoints
PermissionsPolicy::CombinePolicies(
const ParsedPermissionsPolicy& base_policy,
const ParsedPermissionsPolicy& second_policy) {
const network::ParsedPermissionsPolicy& base_policy,
const network::ParsedPermissionsPolicy& second_policy) {
PermissionsPolicy::AllowlistsAndReportingEndpoints
allow_lists_and_reporting_endpoints =
CreateAllowlistsAndReportingEndpoints(base_policy);
for (const ParsedPermissionsPolicyDeclaration& parsed_declaration :
for (const network::ParsedPermissionsPolicyDeclaration& parsed_declaration :
second_policy) {
network::mojom::PermissionsPolicyFeature feature =
parsed_declaration.feature;
@ -421,10 +422,10 @@ PermissionsPolicy::CombinePolicies(
}
std::unique_ptr<PermissionsPolicy> PermissionsPolicy::WithClientHints(
const ParsedPermissionsPolicy& parsed_header) const {
const network::ParsedPermissionsPolicy& parsed_header) const {
std::map<network::mojom::PermissionsPolicyFeature, Allowlist> allowlists =
allowlists_;
for (const ParsedPermissionsPolicyDeclaration& parsed_declaration :
for (const network::ParsedPermissionsPolicyDeclaration& parsed_declaration :
parsed_header) {
network::mojom::PermissionsPolicyFeature feature =
parsed_declaration.feature;
@ -465,8 +466,8 @@ PermissionsPolicy::~PermissionsPolicy() = default;
std::unique_ptr<PermissionsPolicy>
PermissionsPolicy::CreateFlexibleForFencedFrame(
const PermissionsPolicy* parent_policy,
const ParsedPermissionsPolicy& header_policy,
const ParsedPermissionsPolicy& container_policy,
const network::ParsedPermissionsPolicy& header_policy,
const network::ParsedPermissionsPolicy& container_policy,
const url::Origin& subframe_origin) {
return CreateFlexibleForFencedFrame(
parent_policy, header_policy, container_policy, subframe_origin,
@ -477,8 +478,8 @@ PermissionsPolicy::CreateFlexibleForFencedFrame(
std::unique_ptr<PermissionsPolicy>
PermissionsPolicy::CreateFlexibleForFencedFrame(
const PermissionsPolicy* parent_policy,
const ParsedPermissionsPolicy& header_policy,
const ParsedPermissionsPolicy& container_policy,
const network::ParsedPermissionsPolicy& header_policy,
const network::ParsedPermissionsPolicy& container_policy,
const url::Origin& subframe_origin,
const PermissionsPolicyFeatureList& features) {
PermissionsPolicyFeatureState inherited_policies;
@ -498,7 +499,7 @@ PermissionsPolicy::CreateFlexibleForFencedFrame(
// static
std::unique_ptr<PermissionsPolicy> PermissionsPolicy::CreateFixedForFencedFrame(
const url::Origin& origin,
const ParsedPermissionsPolicy& header_policy,
const network::ParsedPermissionsPolicy& header_policy,
base::span<const network::mojom::PermissionsPolicyFeature>
effective_enabled_permissions) {
return CreateFixedForFencedFrame(origin, header_policy,
@ -509,7 +510,7 @@ std::unique_ptr<PermissionsPolicy> PermissionsPolicy::CreateFixedForFencedFrame(
// static
std::unique_ptr<PermissionsPolicy> PermissionsPolicy::CreateFixedForFencedFrame(
const url::Origin& origin,
const ParsedPermissionsPolicy& header_policy,
const network::ParsedPermissionsPolicy& header_policy,
const PermissionsPolicyFeatureList& features,
base::span<const network::mojom::PermissionsPolicyFeature>
effective_enabled_permissions) {
@ -530,8 +531,8 @@ std::unique_ptr<PermissionsPolicy> PermissionsPolicy::CreateFixedForFencedFrame(
// static
std::unique_ptr<PermissionsPolicy> PermissionsPolicy::CreateFromParentPolicy(
const PermissionsPolicy* parent_policy,
const ParsedPermissionsPolicy& header_policy,
const ParsedPermissionsPolicy& container_policy,
const network::ParsedPermissionsPolicy& header_policy,
const network::ParsedPermissionsPolicy& container_policy,
const url::Origin& origin,
const PermissionsPolicyFeatureList& features,
bool headerless) {
@ -624,7 +625,7 @@ bool PermissionsPolicy::InheritedValueForFeature(
const PermissionsPolicy* parent_policy,
std::pair<network::mojom::PermissionsPolicyFeature,
PermissionsPolicyFeatureDefault> feature,
const ParsedPermissionsPolicy& container_policy) {
const network::ParsedPermissionsPolicy& container_policy) {
// 9.7 1: If container is null, return "Enabled".
if (!parent_policy) {
return true;

@ -1,25 +0,0 @@
// Copyright 2017 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "third_party/blink/common/permissions_policy/permissions_policy_mojom_traits.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_mojom_traits.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "url/mojom/origin_mojom_traits.h"
#include "url/origin.h"
namespace mojo {
bool StructTraits<blink::mojom::ParsedPermissionsPolicyDeclarationDataView,
blink::ParsedPermissionsPolicyDeclaration>::
Read(blink::mojom::ParsedPermissionsPolicyDeclarationDataView in,
blink::ParsedPermissionsPolicyDeclaration* out) {
out->matches_all_origins = in.matches_all_origins();
out->matches_opaque_src = in.matches_opaque_src();
return in.ReadFeature(&out->feature) &&
in.ReadAllowedOrigins(&out->allowed_origins) &&
in.ReadSelfIfMatches(&out->self_if_matches);
}
} // namespace mojo

@ -1,59 +0,0 @@
// Copyright 2017 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef THIRD_PARTY_BLINK_COMMON_PERMISSIONS_POLICY_PERMISSIONS_POLICY_MOJOM_TRAITS_H_
#define THIRD_PARTY_BLINK_COMMON_PERMISSIONS_POLICY_PERMISSIONS_POLICY_MOJOM_TRAITS_H_
#include <map>
#include "mojo/public/cpp/bindings/enum_traits.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_mojom_traits.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy.mojom-shared.h"
#include "third_party/blink/common/permissions_policy/policy_value_mojom_traits.h"
#include "third_party/blink/public/common/common_export.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/mojom/permissions_policy/permissions_policy.mojom-shared.h"
#include "url/mojom/origin_mojom_traits.h"
namespace mojo {
template <>
class BLINK_COMMON_EXPORT
StructTraits<blink::mojom::ParsedPermissionsPolicyDeclarationDataView,
blink::ParsedPermissionsPolicyDeclaration> {
public:
static network::mojom::PermissionsPolicyFeature feature(
const blink::ParsedPermissionsPolicyDeclaration& policy) {
return policy.feature;
}
static const std::vector<network::OriginWithPossibleWildcards>&
allowed_origins(const blink::ParsedPermissionsPolicyDeclaration& policy) {
return policy.allowed_origins;
}
static const std::optional<url::Origin>& self_if_matches(
const blink::ParsedPermissionsPolicyDeclaration& policy) {
return policy.self_if_matches;
}
static bool matches_all_origins(
const blink::ParsedPermissionsPolicyDeclaration& policy) {
return policy.matches_all_origins;
}
static bool matches_opaque_src(
const blink::ParsedPermissionsPolicyDeclaration& policy) {
return policy.matches_opaque_src;
}
static const std::optional<std::string>& reporting_endpoint(
const blink::ParsedPermissionsPolicyDeclaration& policy) {
return policy.reporting_endpoint;
}
static bool Read(blink::mojom::ParsedPermissionsPolicyDeclarationDataView in,
blink::ParsedPermissionsPolicyDeclaration* out);
};
} // namespace mojo
#endif // THIRD_PARTY_BLINK_COMMON_PERMISSIONS_POLICY_PERMISSIONS_POLICY_MOJOM_TRAITS_H_

@ -12,6 +12,7 @@
#include "base/test/gtest_util.h"
#include "base/test/scoped_feature_list.h"
#include "services/network/public/cpp/permissions_policy/origin_with_possible_wildcards.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/cpp/resource_request.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom-shared.h"
#include "testing/gmock/include/gmock/gmock.h"
@ -77,19 +78,19 @@ class PermissionsPolicyTest : public testing::Test {
std::unique_ptr<PermissionsPolicy> CreateFromParentPolicy(
const PermissionsPolicy* parent,
ParsedPermissionsPolicy header_policy,
network::ParsedPermissionsPolicy header_policy,
const url::Origin& origin,
bool headerless = false) {
ParsedPermissionsPolicy empty_container_policy;
network::ParsedPermissionsPolicy empty_container_policy;
return PermissionsPolicy::CreateFromParentPolicy(
parent, header_policy, empty_container_policy, origin, feature_list_,
headerless);
}
std::unique_ptr<PermissionsPolicy> CreateFromParsedPolicy(
const ParsedPermissionsPolicy& parsed_policy,
const network::ParsedPermissionsPolicy& parsed_policy,
const url::Origin& origin,
const std::optional<ParsedPermissionsPolicy>& base_policy =
const std::optional<network::ParsedPermissionsPolicy>& base_policy =
std::nullopt) {
return PermissionsPolicy::CreateFromParsedPolicy(parsed_policy, base_policy,
origin, feature_list_);
@ -97,8 +98,8 @@ class PermissionsPolicyTest : public testing::Test {
std::unique_ptr<PermissionsPolicy> CreateFromParentWithFramePolicy(
const PermissionsPolicy* parent,
ParsedPermissionsPolicy header_policy,
const ParsedPermissionsPolicy& frame_policy,
network::ParsedPermissionsPolicy header_policy,
const network::ParsedPermissionsPolicy& frame_policy,
const url::Origin& origin,
bool headerless = false) {
return PermissionsPolicy::CreateFromParentPolicy(
@ -107,16 +108,16 @@ class PermissionsPolicyTest : public testing::Test {
std::unique_ptr<PermissionsPolicy> CreateFlexibleForFencedFrame(
const PermissionsPolicy* parent,
ParsedPermissionsPolicy header_policy,
network::ParsedPermissionsPolicy header_policy,
const url::Origin& origin) {
ParsedPermissionsPolicy empty_container_policy;
network::ParsedPermissionsPolicy empty_container_policy;
return PermissionsPolicy::CreateFlexibleForFencedFrame(
parent, header_policy, empty_container_policy, origin, feature_list_);
}
std::unique_ptr<PermissionsPolicy> CreateFixedForFencedFrame(
const url::Origin& origin,
ParsedPermissionsPolicy header_policy,
network::ParsedPermissionsPolicy header_policy,
base::span<const network::mojom::PermissionsPolicyFeature>
effective_enabled_permissions) {
return PermissionsPolicy::CreateFixedForFencedFrame(
@ -385,7 +386,7 @@ TEST_F(PermissionsPolicyTest,
/*matches_opaque_src=*/false}}},
origin_a_);
ASSERT_TRUE(policy1->IsFeatureEnabled(kDefaultOffFeature));
ParsedPermissionsPolicy frame_policy = {
network::ParsedPermissionsPolicy frame_policy = {
{{kDefaultOffFeature, /*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
origin_a_,
@ -452,7 +453,7 @@ TEST_F(PermissionsPolicyTest,
ASSERT_TRUE(policy1->IsFeatureEnabled(kDefaultOffFeature));
{
ParsedPermissionsPolicy frame_policy = {{
network::ParsedPermissionsPolicy frame_policy = {{
{kDefaultOffFeature, /*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
origin_a_,
@ -491,7 +492,7 @@ TEST_F(PermissionsPolicyTest,
// +--------------------------------------------------------------+
// Features disabled in the parent should not be enabled in a headerless
// subframe.
ParsedPermissionsPolicy header_policy = {{
network::ParsedPermissionsPolicy header_policy = {{
{kDefaultOnFeature, /*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
origin_b_,
@ -512,7 +513,7 @@ TEST_F(PermissionsPolicyTest,
ASSERT_FALSE(policy1->IsFeatureEnabled(kDefaultOffFeature));
{
ParsedPermissionsPolicy frame_policy = {{
network::ParsedPermissionsPolicy frame_policy = {{
{kDefaultOffFeature, /*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/true,
@ -558,7 +559,7 @@ TEST_F(PermissionsPolicyTest,
/*matches_opaque_src=*/false}}},
origin_a_);
ASSERT_TRUE(policy1->IsFeatureEnabled(kDefaultOffFeature));
ParsedPermissionsPolicy frame_policy = {
network::ParsedPermissionsPolicy frame_policy = {
{{kDefaultOffFeature, /*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
origin_b_,
@ -741,7 +742,7 @@ TEST_F(PermissionsPolicyTest, TestSelectiveFrameInheritance2) {
/*matches_all_origins=*/false,
/*matches_opaque_src=*/false}}},
origin_a_);
ParsedPermissionsPolicy frame_policy = {
network::ParsedPermissionsPolicy frame_policy = {
{{kDefaultSelfFeature, /*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
origin_b_,
@ -925,7 +926,7 @@ TEST_F(PermissionsPolicyTest, TestEnableForAllOriginsAndDelegate) {
/*matches_all_origins=*/true,
/*matches_opaque_src=*/false}}},
origin_a_);
ParsedPermissionsPolicy frame_policy = {
network::ParsedPermissionsPolicy frame_policy = {
{{kDefaultSelfFeature, /*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
origin_b_,
@ -1075,7 +1076,7 @@ TEST_F(PermissionsPolicyTest, TestDefaultSelfRespectsSameOriginEmbedding) {
/*matches_all_origins=*/false,
/*matches_opaque_src=*/false}}},
origin_a_);
ParsedPermissionsPolicy frame_policy = {
network::ParsedPermissionsPolicy frame_policy = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/origin_b_,
/*matches_all_origins=*/false,
@ -1115,7 +1116,7 @@ TEST_F(PermissionsPolicyTest, TestDelegationRequiredAtAllLevels) {
/*matches_all_origins=*/true,
/*matches_opaque_src=*/false}}},
origin_a_);
ParsedPermissionsPolicy frame_policy = {
network::ParsedPermissionsPolicy frame_policy = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/true,
@ -1186,14 +1187,14 @@ TEST_F(PermissionsPolicyTest, TestEnabledFrameCanDelegate) {
// Feature should be enabled in all frames.
std::unique_ptr<PermissionsPolicy> policy1 =
CreateFromParentPolicy(nullptr, /*header_policy=*/{}, origin_a_);
ParsedPermissionsPolicy frame_policy = {
network::ParsedPermissionsPolicy frame_policy = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/origin_b_,
/*matches_all_origins=*/false,
/*matches_opaque_src=*/false}}};
std::unique_ptr<PermissionsPolicy> policy2 = CreateFromParentWithFramePolicy(
policy1.get(), /*header_policy=*/{}, frame_policy, origin_b_);
ParsedPermissionsPolicy frame_policy2 = {
network::ParsedPermissionsPolicy frame_policy2 = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/origin_c_,
/*matches_all_origins=*/false,
@ -1315,7 +1316,7 @@ TEST_F(PermissionsPolicyTest, TestFeaturesAreIndependent) {
/*matches_all_origins=*/false,
/*matches_opaque_src=*/false}}},
origin_a_);
ParsedPermissionsPolicy frame_policy = {
network::ParsedPermissionsPolicy frame_policy = {
{{kDefaultSelfFeature, /*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
origin_b_,
@ -1329,7 +1330,7 @@ TEST_F(PermissionsPolicyTest, TestFeaturesAreIndependent) {
/*matches_opaque_src=*/false}}};
std::unique_ptr<PermissionsPolicy> policy2 = CreateFromParentWithFramePolicy(
policy1.get(), /*header_policy=*/{}, frame_policy, origin_b_);
ParsedPermissionsPolicy frame_policy2 = {
network::ParsedPermissionsPolicy frame_policy2 = {
{{kDefaultSelfFeature, /*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
origin_c_,
@ -1370,7 +1371,7 @@ TEST_F(PermissionsPolicyTest, TestSimpleFramePolicy) {
// <iframe allow="default-self">
std::unique_ptr<PermissionsPolicy> policy1 =
CreateFromParentPolicy(nullptr, /*header_policy=*/{}, origin_a_);
ParsedPermissionsPolicy frame_policy = {
network::ParsedPermissionsPolicy frame_policy = {
{{kDefaultSelfFeature, /*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
origin_b_,
@ -1403,7 +1404,7 @@ TEST_F(PermissionsPolicyTest, TestAllOriginFramePolicy) {
// <iframe allowfullscreen>
std::unique_ptr<PermissionsPolicy> policy1 =
CreateFromParentPolicy(nullptr, /*header_policy=*/{}, origin_a_);
ParsedPermissionsPolicy frame_policy = {
network::ParsedPermissionsPolicy frame_policy = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/true,
@ -1444,7 +1445,7 @@ TEST_F(PermissionsPolicyTest, TestFramePolicyCanBeFurtherDelegated) {
// delegated through frame policy.
std::unique_ptr<PermissionsPolicy> policy1 =
CreateFromParentPolicy(nullptr, /*header_policy=*/{}, origin_a_);
ParsedPermissionsPolicy frame_policy1 = {{
network::ParsedPermissionsPolicy frame_policy1 = {{
{kDefaultSelfFeature, /*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
origin_b_,
@ -1455,7 +1456,7 @@ TEST_F(PermissionsPolicyTest, TestFramePolicyCanBeFurtherDelegated) {
}};
std::unique_ptr<PermissionsPolicy> policy2 = CreateFromParentWithFramePolicy(
policy1.get(), /*header_policy=*/{}, frame_policy1, origin_b_);
ParsedPermissionsPolicy frame_policy2 = {{
network::ParsedPermissionsPolicy frame_policy2 = {{
{kDefaultSelfFeature, /*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
origin_c_,
@ -1499,14 +1500,14 @@ TEST_F(PermissionsPolicyTest, TestDefaultOnCanBeDisabledByFramePolicy) {
// child frames because permission was removed through frame policy.
std::unique_ptr<PermissionsPolicy> policy1 =
CreateFromParentPolicy(nullptr, /*header_policy=*/{}, origin_a_);
ParsedPermissionsPolicy frame_policy1 = {
network::ParsedPermissionsPolicy frame_policy1 = {
{{kDefaultOnFeature, /*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/false,
/*matches_opaque_src=*/false}}};
std::unique_ptr<PermissionsPolicy> policy2 = CreateFromParentWithFramePolicy(
policy1.get(), /*header_policy=*/{}, frame_policy1, origin_a_);
ParsedPermissionsPolicy frame_policy2 = {
network::ParsedPermissionsPolicy frame_policy2 = {
{{kDefaultOnFeature, /*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/false,
@ -1564,14 +1565,14 @@ TEST_F(PermissionsPolicyTest, TestFramePolicyModifiesHeaderPolicy) {
/*matches_opaque_src=*/false},
}},
origin_a_);
ParsedPermissionsPolicy frame_policy1 = {
network::ParsedPermissionsPolicy frame_policy1 = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/false,
/*matches_opaque_src=*/false}}};
std::unique_ptr<PermissionsPolicy> policy2 = CreateFromParentWithFramePolicy(
policy1.get(), /*header_policy=*/{}, frame_policy1, origin_b_);
ParsedPermissionsPolicy frame_policy2 = {{
network::ParsedPermissionsPolicy frame_policy2 = {{
{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/false,
@ -1619,7 +1620,7 @@ TEST_F(PermissionsPolicyTest, TestCombineFrameAndHeaderPolicies) {
// 4. Feature should be disabled in frame 3 by frame policy.
std::unique_ptr<PermissionsPolicy> policy1 =
CreateFromParentPolicy(nullptr, /*header_policy=*/{}, origin_a_);
ParsedPermissionsPolicy frame_policy1 = {
network::ParsedPermissionsPolicy frame_policy1 = {
{{kDefaultSelfFeature, /*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
origin_b_,
@ -1634,7 +1635,7 @@ TEST_F(PermissionsPolicyTest, TestCombineFrameAndHeaderPolicies) {
/*matches_all_origins=*/true,
/*matches_opaque_src=*/false}}},
frame_policy1, origin_b_);
ParsedPermissionsPolicy frame_policy2 = {
network::ParsedPermissionsPolicy frame_policy2 = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/false,
@ -1678,7 +1679,7 @@ TEST_F(PermissionsPolicyTest, TestFeatureDeclinedAtTopLevel) {
/*matches_opaque_src=*/false},
}},
origin_a_);
ParsedPermissionsPolicy frame_policy1 = {{
network::ParsedPermissionsPolicy frame_policy1 = {{
{kDefaultSelfFeature, /*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
origin_b_,
@ -1689,7 +1690,7 @@ TEST_F(PermissionsPolicyTest, TestFeatureDeclinedAtTopLevel) {
}};
std::unique_ptr<PermissionsPolicy> policy2 = CreateFromParentWithFramePolicy(
policy1.get(), /*header_policy=*/{}, frame_policy1, origin_b_);
ParsedPermissionsPolicy frame_policy2 = {
network::ParsedPermissionsPolicy frame_policy2 = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/true,
@ -1739,7 +1740,7 @@ TEST_F(PermissionsPolicyTest, TestFeatureDelegatedAndAllowed) {
/*matches_all_origins=*/false,
/*matches_opaque_src=*/false}}},
origin_a_);
ParsedPermissionsPolicy frame_policy1 = {
network::ParsedPermissionsPolicy frame_policy1 = {
{{kDefaultSelfFeature, /*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
origin_a_,
@ -1749,7 +1750,7 @@ TEST_F(PermissionsPolicyTest, TestFeatureDelegatedAndAllowed) {
/*matches_opaque_src=*/false}}};
std::unique_ptr<PermissionsPolicy> policy2 = CreateFromParentWithFramePolicy(
policy1.get(), /*header_policy=*/{}, frame_policy1, origin_b_);
ParsedPermissionsPolicy frame_policy2 = {
network::ParsedPermissionsPolicy frame_policy2 = {
{{kDefaultSelfFeature, /*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
origin_b_,
@ -1759,7 +1760,7 @@ TEST_F(PermissionsPolicyTest, TestFeatureDelegatedAndAllowed) {
/*matches_opaque_src=*/false}}};
std::unique_ptr<PermissionsPolicy> policy3 = CreateFromParentWithFramePolicy(
policy1.get(), /*header_policy=*/{}, frame_policy2, origin_b_);
ParsedPermissionsPolicy frame_policy3 = {
network::ParsedPermissionsPolicy frame_policy3 = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/true,
@ -1824,7 +1825,7 @@ TEST_F(PermissionsPolicyTest, TestSandboxedFramePolicyForAllOrigins) {
std::unique_ptr<PermissionsPolicy> policy1 =
CreateFromParentPolicy(nullptr, /*header_policy=*/{}, origin_a_);
url::Origin sandboxed_origin = url::Origin();
ParsedPermissionsPolicy frame_policy = {
network::ParsedPermissionsPolicy frame_policy = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/true,
@ -1856,7 +1857,7 @@ TEST_F(PermissionsPolicyTest, TestSandboxedFramePolicyForSelf) {
std::unique_ptr<PermissionsPolicy> policy1 =
CreateFromParentPolicy(nullptr, /*header_policy=*/{}, origin_a_);
url::Origin sandboxed_origin = url::Origin();
ParsedPermissionsPolicy frame_policy = {
network::ParsedPermissionsPolicy frame_policy = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/sandboxed_origin,
/*matches_all_origins=*/true,
@ -1888,7 +1889,7 @@ TEST_F(PermissionsPolicyTest, TestSandboxedFramePolicyForOpaqueSrcOrigin) {
std::unique_ptr<PermissionsPolicy> policy1 =
CreateFromParentPolicy(nullptr, /*header_policy=*/{}, origin_a_);
url::Origin sandboxed_origin = url::Origin();
ParsedPermissionsPolicy frame_policy = {
network::ParsedPermissionsPolicy frame_policy = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/false,
@ -1924,7 +1925,7 @@ TEST_F(PermissionsPolicyTest, TestSandboxedFrameFromHeaderPolicy) {
/*matches_opaque_src=*/false}}},
origin_a_);
url::Origin sandboxed_origin = url::Origin();
ParsedPermissionsPolicy frame_policy = {
network::ParsedPermissionsPolicy frame_policy = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/false,
@ -1958,7 +1959,7 @@ TEST_F(PermissionsPolicyTest, TestSandboxedPolicyIsNotInherited) {
CreateFromParentPolicy(nullptr, /*header_policy=*/{}, origin_a_);
url::Origin sandboxed_origin_1 = url::Origin();
url::Origin sandboxed_origin_2 = url::Origin();
ParsedPermissionsPolicy frame_policy = {
network::ParsedPermissionsPolicy frame_policy = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/true,
@ -2005,14 +2006,14 @@ TEST_F(PermissionsPolicyTest, TestSandboxedPolicyCanBePropagated) {
CreateFromParentPolicy(nullptr, /*header_policy=*/{}, origin_a_);
url::Origin sandboxed_origin_1 = origin_a_.DeriveNewOpaqueOrigin();
url::Origin sandboxed_origin_2 = sandboxed_origin_1.DeriveNewOpaqueOrigin();
ParsedPermissionsPolicy frame_policy_1 = {
network::ParsedPermissionsPolicy frame_policy_1 = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/true,
/*matches_opaque_src=*/true}}};
std::unique_ptr<PermissionsPolicy> policy2 = CreateFromParentWithFramePolicy(
policy1.get(), /*header_policy=*/{}, frame_policy_1, sandboxed_origin_1);
ParsedPermissionsPolicy frame_policy_2 = {
network::ParsedPermissionsPolicy frame_policy_2 = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/true,
@ -2042,7 +2043,7 @@ TEST_F(PermissionsPolicyTest, TestUndefinedFeaturesInFramePolicy) {
// present in a container policy.
std::unique_ptr<PermissionsPolicy> policy1 =
CreateFromParentPolicy(nullptr, /*header_policy=*/{}, origin_a_);
ParsedPermissionsPolicy frame_policy = {
network::ParsedPermissionsPolicy frame_policy = {
{{network::mojom::PermissionsPolicyFeature::kNotFound,
/*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
@ -2692,7 +2693,7 @@ TEST_F(PermissionsPolicyTest, ProposedTestCompletelyBlockedPolicy) {
CreateFromParentPolicy(policy1.get(), /*header_policy=*/{}, origin_b_);
EXPECT_FALSE(policy3->IsFeatureEnabled(kDefaultSelfFeature));
ParsedPermissionsPolicy frame_policy4 = {
network::ParsedPermissionsPolicy frame_policy4 = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/true,
@ -2701,7 +2702,7 @@ TEST_F(PermissionsPolicyTest, ProposedTestCompletelyBlockedPolicy) {
policy1.get(), /*header_policy=*/{}, frame_policy4, origin_b_);
EXPECT_FALSE(policy4->IsFeatureEnabled(kDefaultSelfFeature));
ParsedPermissionsPolicy frame_policy5 = {
network::ParsedPermissionsPolicy frame_policy5 = {
{{kDefaultSelfFeature, /*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
origin_b_,
@ -2713,7 +2714,7 @@ TEST_F(PermissionsPolicyTest, ProposedTestCompletelyBlockedPolicy) {
policy1.get(), /*header_policy=*/{}, frame_policy5, origin_b_);
EXPECT_FALSE(policy5->IsFeatureEnabled(kDefaultSelfFeature));
ParsedPermissionsPolicy frame_policy6 = {
network::ParsedPermissionsPolicy frame_policy6 = {
{{kDefaultSelfFeature, /*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
origin_c_,
@ -2771,7 +2772,7 @@ TEST_F(PermissionsPolicyTest, ProposedTestDisallowedCrossOriginChildPolicy) {
EXPECT_FALSE(policy3->IsFeatureEnabled(kDefaultSelfFeature));
// This is a critical change from the existing semantics.
ParsedPermissionsPolicy frame_policy4 = {
network::ParsedPermissionsPolicy frame_policy4 = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/true,
@ -2781,7 +2782,7 @@ TEST_F(PermissionsPolicyTest, ProposedTestDisallowedCrossOriginChildPolicy) {
EXPECT_FALSE(policy4->IsFeatureEnabled(kDefaultSelfFeature));
// This is a critical change from the existing semantics.
ParsedPermissionsPolicy frame_policy5 = {
network::ParsedPermissionsPolicy frame_policy5 = {
{{kDefaultSelfFeature, /*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
origin_b_,
@ -2793,7 +2794,7 @@ TEST_F(PermissionsPolicyTest, ProposedTestDisallowedCrossOriginChildPolicy) {
policy1.get(), /*header_policy=*/{}, frame_policy5, origin_b_);
EXPECT_FALSE(policy5->IsFeatureEnabled(kDefaultSelfFeature));
ParsedPermissionsPolicy frame_policy6 = {
network::ParsedPermissionsPolicy frame_policy6 = {
{{kDefaultSelfFeature, /*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
origin_c_,
@ -2855,7 +2856,7 @@ TEST_F(PermissionsPolicyTest, ProposedTestAllowedCrossOriginChildPolicy) {
CreateFromParentPolicy(policy1.get(), /*header_policy=*/{}, origin_b_);
EXPECT_FALSE(policy3->IsFeatureEnabled(kDefaultSelfFeature));
ParsedPermissionsPolicy frame_policy4 = {
network::ParsedPermissionsPolicy frame_policy4 = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/true,
@ -2864,7 +2865,7 @@ TEST_F(PermissionsPolicyTest, ProposedTestAllowedCrossOriginChildPolicy) {
policy1.get(), /*header_policy=*/{}, frame_policy4, origin_b_);
EXPECT_TRUE(policy4->IsFeatureEnabled(kDefaultSelfFeature));
ParsedPermissionsPolicy frame_policy5 = {
network::ParsedPermissionsPolicy frame_policy5 = {
{{kDefaultSelfFeature, /*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
origin_b_,
@ -2876,7 +2877,7 @@ TEST_F(PermissionsPolicyTest, ProposedTestAllowedCrossOriginChildPolicy) {
policy1.get(), /*header_policy=*/{}, frame_policy5, origin_b_);
EXPECT_TRUE(policy5->IsFeatureEnabled(kDefaultSelfFeature));
ParsedPermissionsPolicy frame_policy6 = {
network::ParsedPermissionsPolicy frame_policy6 = {
{{kDefaultSelfFeature, /*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
origin_c_,
@ -2935,7 +2936,7 @@ TEST_F(PermissionsPolicyTest, ProposedTestAllAllowedCrossOriginChildPolicy) {
CreateFromParentPolicy(policy1.get(), /*header_policy=*/{}, origin_b_);
EXPECT_FALSE(policy3->IsFeatureEnabled(kDefaultSelfFeature));
ParsedPermissionsPolicy frame_policy4 = {
network::ParsedPermissionsPolicy frame_policy4 = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/true,
@ -2944,7 +2945,7 @@ TEST_F(PermissionsPolicyTest, ProposedTestAllAllowedCrossOriginChildPolicy) {
policy1.get(), /*header_policy=*/{}, frame_policy4, origin_b_);
EXPECT_TRUE(policy4->IsFeatureEnabled(kDefaultSelfFeature));
ParsedPermissionsPolicy frame_policy5 = {
network::ParsedPermissionsPolicy frame_policy5 = {
{{kDefaultSelfFeature, /*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
origin_b_,
@ -2956,7 +2957,7 @@ TEST_F(PermissionsPolicyTest, ProposedTestAllAllowedCrossOriginChildPolicy) {
policy1.get(), /*header_policy=*/{}, frame_policy5, origin_b_);
EXPECT_TRUE(policy5->IsFeatureEnabled(kDefaultSelfFeature));
ParsedPermissionsPolicy frame_policy6 = {
network::ParsedPermissionsPolicy frame_policy6 = {
{{kDefaultSelfFeature, /*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
origin_c_,
@ -3003,7 +3004,7 @@ TEST_F(PermissionsPolicyTest, ProposedTestNestedPolicyPropagates) {
EXPECT_FALSE(policy2->IsFeatureEnabled(kDefaultSelfFeature));
// The proposed value in frame 2 should affect the proposed value in frame 3.
ParsedPermissionsPolicy frame_policy3 = {
network::ParsedPermissionsPolicy frame_policy3 = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/true,
@ -3072,7 +3073,7 @@ TEST_F(PermissionsPolicyTest, CreateForSharedStorageFencedFrame) {
}
TEST_F(PermissionsPolicyTest, CreateFromParsedPolicy) {
ParsedPermissionsPolicy parsed_policy = {
network::ParsedPermissionsPolicy parsed_policy = {
{{kDefaultSelfFeature, /*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
origin_a_,
@ -3091,7 +3092,7 @@ TEST_F(PermissionsPolicyTest, CreateFromParsedPolicy) {
}
TEST_F(PermissionsPolicyTest, CreateFromParsedPolicyExcludingSelf) {
ParsedPermissionsPolicy parsed_policy = {
network::ParsedPermissionsPolicy parsed_policy = {
{{kDefaultSelfFeature, /*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
origin_b_,
@ -3107,7 +3108,7 @@ TEST_F(PermissionsPolicyTest, CreateFromParsedPolicyExcludingSelf) {
}
TEST_F(PermissionsPolicyTest, CreateFromParsedPolicyWithEmptyAllowlist) {
ParsedPermissionsPolicy parsed_policy = {
network::ParsedPermissionsPolicy parsed_policy = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/false,
@ -3118,7 +3119,7 @@ TEST_F(PermissionsPolicyTest, CreateFromParsedPolicyWithEmptyAllowlist) {
TEST_F(PermissionsPolicyTest, CreateFromParsedPolicyWithBasePolicy) {
url::Origin origin_self = url::Origin::Create(GURL("https://example.edu/"));
ParsedPermissionsPolicy base_policy = {
network::ParsedPermissionsPolicy base_policy = {
{{kDefaultSelfFeature, /*allowed_origins=*/
{
*network::OriginWithPossibleWildcards::
@ -3131,7 +3132,7 @@ TEST_F(PermissionsPolicyTest, CreateFromParsedPolicyWithBasePolicy) {
/*self_if_matches=*/origin_self,
/*matches_all_origins=*/false,
/*matches_opaque_src=*/false}}};
ParsedPermissionsPolicy parsed_policy = {
network::ParsedPermissionsPolicy parsed_policy = {
{{kDefaultSelfFeature, /*allowed_origins=*/
{
*network::OriginWithPossibleWildcards::
@ -3158,12 +3159,12 @@ TEST_F(PermissionsPolicyTest, CreateFromParsedPolicyWithBasePolicy) {
TEST_F(PermissionsPolicyTest,
CreateFromParsedPolicyWithBasePolicyExcludingSelf) {
url::Origin origin_self = url::Origin::Create(GURL("https://example.edu/"));
ParsedPermissionsPolicy base_policy = {
network::ParsedPermissionsPolicy base_policy = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/false,
/*matches_opaque_src=*/false}}};
ParsedPermissionsPolicy parsed_policy = {
network::ParsedPermissionsPolicy parsed_policy = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/origin_a_,
/*matches_all_origins=*/false,
@ -3175,12 +3176,12 @@ TEST_F(PermissionsPolicyTest,
TEST_F(PermissionsPolicyTest, CreateFromParsedPolicyWithoutSelfWithBasePolicy) {
url::Origin origin_self = url::Origin::Create(GURL("https://example.edu/"));
ParsedPermissionsPolicy base_policy = {
network::ParsedPermissionsPolicy base_policy = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/origin_a_,
/*matches_all_origins=*/false,
/*matches_opaque_src=*/false}}};
ParsedPermissionsPolicy parsed_policy = {
network::ParsedPermissionsPolicy parsed_policy = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/false,
@ -3192,7 +3193,7 @@ TEST_F(PermissionsPolicyTest, CreateFromParsedPolicyWithoutSelfWithBasePolicy) {
TEST_F(PermissionsPolicyTest,
CreateFromParsedPolicyWildcardWithMoreRestrictiveBasePolicy) {
ParsedPermissionsPolicy base_policy = {
network::ParsedPermissionsPolicy base_policy = {
{{kDefaultSelfFeature, /*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
origin_b_,
@ -3200,7 +3201,7 @@ TEST_F(PermissionsPolicyTest,
/*self_if_matches=*/origin_a_,
/*matches_all_origins=*/false,
/*matches_opaque_src=*/false}}};
ParsedPermissionsPolicy parsed_policy = {
network::ParsedPermissionsPolicy parsed_policy = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/true,
@ -3215,12 +3216,12 @@ TEST_F(PermissionsPolicyTest,
}
TEST_F(PermissionsPolicyTest, CreateFromParsedPolicyWithWildcardBasePolicy) {
ParsedPermissionsPolicy base_policy = {
network::ParsedPermissionsPolicy base_policy = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/true,
/*matches_opaque_src=*/false}}};
ParsedPermissionsPolicy parsed_policy = {
network::ParsedPermissionsPolicy parsed_policy = {
{{kDefaultSelfFeature, /*allowed_origins=*/
{*network::OriginWithPossibleWildcards::FromOriginAndWildcardsForTest(
origin_a_,
@ -3240,12 +3241,12 @@ TEST_F(PermissionsPolicyTest, CreateFromParsedPolicyWithWildcardBasePolicy) {
TEST_F(PermissionsPolicyTest, CreateFromParsedPolicyWithMissingBasePolicy) {
// Tests a parsed policy that includes an allowlist for a feature not
// declared in the base policy.
ParsedPermissionsPolicy base_policy = {
network::ParsedPermissionsPolicy base_policy = {
{{kDefaultOnFeature, /*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/true,
/*matches_opaque_src=*/false}}};
ParsedPermissionsPolicy parsed_policy = {
network::ParsedPermissionsPolicy parsed_policy = {
{{kDefaultSelfFeature, /*allowed_origins=*/{},
/*self_if_matches=*/std::nullopt,
/*matches_all_origins=*/true,

@ -273,7 +273,6 @@ source_set("headers") {
"permissions_policy/document_policy.h",
"permissions_policy/document_policy_features.h",
"permissions_policy/permissions_policy.h",
"permissions_policy/permissions_policy_declaration.h",
"permissions_policy/permissions_policy_features.h",
"permissions_policy/policy_helper_public.h",
"permissions_policy/policy_value.h",
@ -330,6 +329,7 @@ source_set("headers") {
"//mojo/public/cpp/bindings",
"//services/metrics/public/cpp:metrics_cpp",
"//services/network/public/cpp:cpp",
"//services/network/public/mojom:mojom_permissions_policy",
"//skia",
"//skia/public/mojom:shared_typemap_traits",
"//third_party/blink/public:runtime_features_for_public",

@ -14,9 +14,9 @@
#include <vector>
#include "net/base/schemeful_site.h"
#include "services/network/public/cpp/permissions_policy/permissions_policy_declaration.h"
#include "services/network/public/mojom/permissions_policy/permissions_policy_feature.mojom.h"
#include "third_party/blink/public/common/common_export.h"
#include "third_party/blink/public/common/permissions_policy/permissions_policy_declaration.h"
#include "third_party/blink/public/mojom/fenced_frame/fenced_frame_config.mojom-forward.h"
#include "ui/gfx/geometry/size.h"
#include "url/gurl.h"
@ -74,7 +74,7 @@ struct BLINK_COMMON_EXPORT SharedStorageBudgetMetadata {
};
struct BLINK_COMMON_EXPORT ParentPermissionsInfo {
std::vector<blink::ParsedPermissionsPolicyDeclaration>
std::vector<network::ParsedPermissionsPolicyDeclaration>
parsed_permissions_policy;
url::Origin origin;
};

Some files were not shown because too many files have changed in this diff Show More