Use allow attribute for permission delegation tests.

With an upcoming change to Feature/Permissions Policy, the header alone will no longer be sufficient to delegate permissions to use powerful features in subframes. The iframe allow attribute must be used in conjunction with it. The header can still be used to block delegation. This change updates the permission delegation unit tests to use the allow attribute when delegating permissions to cross-origin frames. Bug: 1095641 Change-Id: I47d6ab6ed04fdc75b2a7f51581f7213f6411cf89 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2424635Reviewed-by: Scott Violet <sky@chromium.org> Reviewed-by: Balazs Engedy <engedy@chromium.org> Commit-Queue: Balazs Engedy <engedy@chromium.org> Cr-Commit-Position: refs/heads/master@{#812174}

Use allow attribute for permission delegation tests.
With an upcoming change to Feature/Permissions Policy, the header alone will no longer be sufficient to delegate permissions to use powerful features in subframes. The iframe allow attribute must be used in conjunction with it. The header can still be used to block delegation. This change updates the permission delegation unit tests to use the allow attribute when delegating permissions to cross-origin frames. Bug: 1095641 Change-Id: I47d6ab6ed04fdc75b2a7f51581f7213f6411cf89 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2424635Reviewed-by: Scott Violet <sky@chromium.org> Reviewed-by: Balazs Engedy <engedy@chromium.org> Commit-Queue: Balazs Engedy <engedy@chromium.org> Cr-Commit-Position: refs/heads/master@{#812174}
156a520e · Ian Clelland · Commit Bot · a42bdc1e · 156a520e · 156a520e
Commit 156a520e authored Sep 30, 2020 by Ian Clelland Committed by Commit Bot Sep 30, 2020
6 changed files
--- a/chrome/browser/permissions/permission_context_base_feature_policy_unittest.cc
+++ b/chrome/browser/permissions/permission_context_base_feature_policy_unittest.cc
@@ -54,10 +54,20 @@ class PermissionContextBaseFeaturePolicyTest
    return result;
  }
-  content::RenderFrameHost* AddChildRFH(content::RenderFrameHost* parent,
+  content::RenderFrameHost* AddChildRFH(
-                                        const char* origin) {
+      content::RenderFrameHost* parent,
+      const char* origin,
+      blink::mojom::FeaturePolicyFeature feature =
+          blink::mojom::FeaturePolicyFeature::kNotFound) {
+    blink::ParsedFeaturePolicy frame_policy = {};
+    if (feature != blink::mojom::FeaturePolicyFeature::kNotFound) {
+      frame_policy.push_back(
+          {feature, std::vector<url::Origin>{url::Origin::Create(GURL(origin))},
+           false, false});
+    }
    content::RenderFrameHost* result =
-        content::RenderFrameHostTester::For(parent)->AppendChild("");
+        content::RenderFrameHostTester::For(parent)->AppendChildWithPolicy(
+            "", frame_policy);
    content::RenderFrameHostTester::For(result)
        ->InitializeRenderFrameIfNeeded();
    SimulateNavigation(&result, GURL(origin));
@@ -183,19 +193,15 @@ TEST_F(PermissionContextBaseFeaturePolicyTest, EnabledForChildFrame) {
  content::RenderFrameHost* parent = GetMainRFH(kOrigin1);
  // Enable midi for the child frame.
-  RefreshPageAndSetHeaderPolicy(
+  content::RenderFrameHost* child = AddChildRFH(
-      &parent, blink::mojom::FeaturePolicyFeature::kMidiFeature,
+      parent, kOrigin2, blink::mojom::FeaturePolicyFeature::kMidiFeature);
-      {kOrigin1, kOrigin2});
-  content::RenderFrameHost* child = AddChildRFH(parent, kOrigin2);
  MidiPermissionContext midi(profile());
  EXPECT_EQ(CONTENT_SETTING_ALLOW, GetPermissionForFrame(&midi, parent));
  EXPECT_EQ(CONTENT_SETTING_ALLOW, GetPermissionForFrame(&midi, child));
  // Enable geolocation for the child frame.
-  RefreshPageAndSetHeaderPolicy(
+  child = AddChildRFH(parent, kOrigin2,
-      &parent, blink::mojom::FeaturePolicyFeature::kGeolocation,
+                      blink::mojom::FeaturePolicyFeature::kGeolocation);
-      {kOrigin1, kOrigin2});
-  child = AddChildRFH(parent, kOrigin2);
  auto geolocation = MakeGeolocationPermissionContext();
  EXPECT_EQ(CONTENT_SETTING_ASK,
            GetPermissionForFrame(geolocation.get(), parent));

--- a/components/permissions/permission_manager_unittest.cc
+++ b/components/permissions/permission_manager_unittest.cc
@@ -210,10 +210,20 @@ class PermissionManagerTest : public content::RenderViewHostTestHarness {
    *rfh = current;
  }
-  content::RenderFrameHost* AddChildRFH(content::RenderFrameHost* parent,
+  content::RenderFrameHost* AddChildRFH(
-                                        const char* origin) {
+      content::RenderFrameHost* parent,
+      const char* origin,
+      blink::mojom::FeaturePolicyFeature feature =
+          blink::mojom::FeaturePolicyFeature::kNotFound) {
+    blink::ParsedFeaturePolicy frame_policy = {};
+    if (feature != blink::mojom::FeaturePolicyFeature::kNotFound) {
+      frame_policy.push_back(
+          {feature, std::vector<url::Origin>{url::Origin::Create(GURL(origin))},
+           false, false});
+    }
    content::RenderFrameHost* result =
-        content::RenderFrameHostTester::For(parent)->AppendChild("");
+        content::RenderFrameHostTester::For(parent)->AppendChildWithPolicy(
+            "", frame_policy);
    content::RenderFrameHostTester::For(result)
        ->InitializeRenderFrameIfNeeded();
    SimulateNavigation(&result, GURL(origin));
@@ -716,10 +726,8 @@ TEST_F(PermissionManagerTest, GetPermissionStatusDelegation) {
                .content_setting);
  // Enabling geolocation by FP should allow the child to request access also.
-  RefreshPageAndSetHeaderPolicy(
+  child = AddChildRFH(parent, kOrigin2,
-      &parent, blink::mojom::FeaturePolicyFeature::kGeolocation,
+                      blink::mojom::FeaturePolicyFeature::kGeolocation);
-      {kOrigin1, kOrigin2});
-  child = AddChildRFH(parent, kOrigin2);
  EXPECT_EQ(CONTENT_SETTING_ASK,
            GetPermissionControllerDelegate()
@@ -823,10 +831,8 @@ TEST_F(PermissionManagerTest, SubscribeWithPermissionDelegation) {
  EXPECT_FALSE(callback_called());
  // Enabling geolocation by FP should allow the child to request access also.
-  RefreshPageAndSetHeaderPolicy(
+  child = AddChildRFH(parent, kOrigin2,
-      &parent, blink::mojom::FeaturePolicyFeature::kGeolocation,
+                      blink::mojom::FeaturePolicyFeature::kGeolocation);
-      {kOrigin1, kOrigin2});
-  child = AddChildRFH(parent, kOrigin2);
  EXPECT_EQ(CONTENT_SETTING_ALLOW,
            GetPermissionControllerDelegate()

--- a/content/browser/geolocation/geolocation_service_impl_unittest.cc
+++ b/content/browser/geolocation/geolocation_service_impl_unittest.cc
@@ -95,14 +95,16 @@ class GeolocationServiceTest : public RenderViewHostImplTestHarness {
  void CreateEmbeddedFrameAndGeolocationService(bool allow_via_feature_policy) {
    const GURL kEmbeddedUrl("https://embeddables.com/someframe");
+    blink::ParsedFeaturePolicy frame_policy = {};
    if (allow_via_feature_policy) {
-      RenderFrameHostTester::For(main_rfh())
+      frame_policy.push_back(
-          ->SimulateFeaturePolicyHeader(
+          {blink::mojom::FeaturePolicyFeature::kGeolocation,
-              blink::mojom::FeaturePolicyFeature::kGeolocation,
+           std::vector<url::Origin>{url::Origin::Create(kEmbeddedUrl)}, false,
-              std::vector<url::Origin>{url::Origin::Create(kEmbeddedUrl)});
+           false});
    }
    RenderFrameHost* embedded_rfh =
-        RenderFrameHostTester::For(main_rfh())->AppendChild("");
+        RenderFrameHostTester::For(main_rfh())
+            ->AppendChildWithPolicy("", frame_policy);
    RenderFrameHostTester::For(embedded_rfh)->InitializeRenderFrameIfNeeded();
    auto navigation_simulator = NavigationSimulator::CreateRendererInitiated(
        kEmbeddedUrl, embedded_rfh);

--- a/content/public/test/test_renderer_host.h
+++ b/content/public/test/test_renderer_host.h
@@ -105,6 +105,12 @@ class RenderFrameHostTester {
  // RenderFrameHost is owned by the parent RenderFrameHost.
  virtual RenderFrameHost* AppendChild(const std::string& frame_name) = 0;
+  // Same as AppendChild above, but simulates a custom allow attribute being
+  // used as the container policy.
+  virtual RenderFrameHost* AppendChildWithPolicy(
+      const std::string& frame_name,
+      const blink::ParsedFeaturePolicy& allow) = 0;
  // Gives tests access to RenderFrameHostImpl::OnDetach. Destroys |this|.
  virtual void Detach() = 0;

--- a/content/test/test_render_frame_host.cc
+++ b/content/test/test_render_frame_host.cc
@@ -150,13 +150,21 @@ void TestRenderFrameHost::InitializeRenderFrameIfNeeded() {
 TestRenderFrameHost* TestRenderFrameHost::AppendChild(
    const std::string& frame_name) {
+  return AppendChildWithPolicy(frame_name, {});
+}
+TestRenderFrameHost* TestRenderFrameHost::AppendChildWithPolicy(
+    const std::string& frame_name,
+    const blink::ParsedFeaturePolicy& allow) {
  std::string frame_unique_name = base::GenerateGUID();
  OnCreateChildFrame(
      GetProcess()->GetNextRoutingID(), CreateStubInterfaceProviderReceiver(),
      CreateStubBrowserInterfaceBrokerReceiver(),
      blink::mojom::TreeScopeType::kDocument, frame_name, frame_unique_name,
      false, base::UnguessableToken::Create(), base::UnguessableToken::Create(),
-      blink::FramePolicy(), blink::mojom::FrameOwnerProperties(),
+      blink::FramePolicy(
+          {network::mojom::WebSandboxFlags::kNone, allow, {}, true, false}),
+      blink::mojom::FrameOwnerProperties(),
      blink::mojom::FrameOwnerElementType::kIframe);
  return static_cast<TestRenderFrameHost*>(
      child_creation_observer_.last_created_frame());

--- a/content/test/test_render_frame_host.h
+++ b/content/test/test_render_frame_host.h
@@ -79,6 +79,9 @@ class TestRenderFrameHost : public RenderFrameHostImpl,
  // RenderFrameHostTester implementation.
  void InitializeRenderFrameIfNeeded() override;
  TestRenderFrameHost* AppendChild(const std::string& frame_name) override;
+  TestRenderFrameHost* AppendChildWithPolicy(
+      const std::string& frame_name,
+      const blink::ParsedFeaturePolicy& allow) override;
  void Detach() override;
  void SendNavigateWithTransition(int nav_entry_id,
                                  bool did_create_new_entry,