Commit 1767ece6 authored by Charlie Hu's avatar Charlie Hu Committed by Commit Bot

Use default value for incoming policy when required entry not found in incoming policy

This CL let document policy use default value when not specified in header.
This CL also lets static content such as about:blank/about:srcdoc to always fulfill required document policy so that they are not blocked.

Change-Id: I14bf7d114fcd838f92ae91f773bde944f65f2c13
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2039972
Commit-Queue: Charlie Hu <chenleihu@google.com>
Reviewed-by: default avatarDaniel Cheng <dcheng@chromium.org>
Reviewed-by: default avatarIan Clelland <iclelland@chromium.org>
Cr-Commit-Position: refs/heads/master@{#741485}
parent 097912fa
...@@ -172,17 +172,21 @@ std::unique_ptr<DocumentPolicy> DocumentPolicy::CreateWithHeaderPolicy( ...@@ -172,17 +172,21 @@ std::unique_ptr<DocumentPolicy> DocumentPolicy::CreateWithHeaderPolicy(
bool DocumentPolicy::IsPolicyCompatible( bool DocumentPolicy::IsPolicyCompatible(
const DocumentPolicy::FeatureState& required_policy, const DocumentPolicy::FeatureState& required_policy,
const DocumentPolicy::FeatureState& incoming_policy) { const DocumentPolicy::FeatureState& incoming_policy) {
for (const auto& incoming_entry : incoming_policy) { for (const auto& required_entry : required_policy) {
// feature value > threshold => enabled, where feature value is the value in // feature value > threshold => enabled, where feature value is the value in
// document policy and threshold is the value to test against. // document policy and threshold is the value to test against.
// The smaller the feature value, the stricter the policy. // The smaller the feature value, the stricter the policy.
// Incoming policy should be at least as strict as the required one. // Incoming policy should be at least as strict as the required one.
const auto required_entry = const auto& feature = required_entry.first;
required_policy.find(incoming_entry.first /* feature */); const auto& required_value = required_entry.second;
// Use default value when incoming policy does not specify a value.
if (required_entry != required_policy.end() && const auto incoming_entry = incoming_policy.find(feature);
required_entry->second /* required_value */ < const auto& incoming_value =
incoming_entry.second /* incoming_value */) incoming_entry != incoming_policy.end()
? incoming_entry->second
: GetDocumentPolicyFeatureInfoMap().at(feature).default_value;
if (required_value < incoming_value)
return false; return false;
} }
return true; return true;
......
...@@ -5,18 +5,13 @@ ...@@ -5,18 +5,13 @@
#include "third_party/blink/public/common/feature_policy/document_policy.h" #include "third_party/blink/public/common/feature_policy/document_policy.h"
#include "testing/gtest/include/gtest/gtest.h" #include "testing/gtest/include/gtest/gtest.h"
#include "third_party/blink/public/common/feature_policy/document_policy_features.h"
#include "third_party/blink/public/mojom/feature_policy/feature_policy_feature.mojom.h" #include "third_party/blink/public/mojom/feature_policy/feature_policy_feature.mojom.h"
namespace blink { namespace blink {
namespace { namespace {
class DocumentPolicyTest : public ::testing::Test { using DocumentPolicyTest = ::testing::Test;
public:
DocumentPolicyTest() = default;
protected:
std::unique_ptr<DocumentPolicy> document_policy_;
};
// Helper function to convert literal to FeatureState. // Helper function to convert literal to FeatureState.
template <class T> template <class T>
...@@ -49,5 +44,24 @@ TEST_F(DocumentPolicyTest, MergeFeatureState) { ...@@ -49,5 +44,24 @@ TEST_F(DocumentPolicyTest, MergeFeatureState) {
FeatureState<double>({{1, 1.0}, {2, 0.5}, {3, 1.0}, {4, 0.5}, {5, 1.0}})); FeatureState<double>({{1, 1.0}, {2, 0.5}, {3, 1.0}, {4, 0.5}, {5, 1.0}}));
} }
// IsPolicyCompatible should use default value for incoming policy when required
// policy specifies a value for a feature and incoming policy is missing value
// for that feature.
TEST_F(DocumentPolicyTest, IsPolicyCompatible) {
mojom::FeaturePolicyFeature feature =
mojom::FeaturePolicyFeature::kUnoptimizedLosslessImages;
double default_policy_value =
GetDocumentPolicyFeatureInfoMap().at(feature).default_value.DoubleValue();
// Cap the default_policy_value, as it can be INF.
double strict_policy_value =
default_policy_value > 1.0 ? 1.0 : default_policy_value / 2;
EXPECT_FALSE(DocumentPolicy::IsPolicyCompatible(
DocumentPolicy::FeatureState{
{feature, PolicyValue(strict_policy_value)}}, /* required policy */
DocumentPolicy::FeatureState{} /* incoming policy */
));
}
} // namespace } // namespace
} // namespace blink } // namespace blink
...@@ -822,6 +822,13 @@ DocumentPolicy::FeatureState DocumentLoader::CreateDocumentPolicy() { ...@@ -822,6 +822,13 @@ DocumentPolicy::FeatureState DocumentLoader::CreateDocumentPolicy() {
if (!RuntimeEnabledFeatures::DocumentPolicyEnabled()) if (!RuntimeEnabledFeatures::DocumentPolicyEnabled())
return DocumentPolicy::FeatureState{}; return DocumentPolicy::FeatureState{};
// For URLs referring to local content to parent frame, they have no way to
// specify the document policy they use. If the parent frame requires a
// document policy on them, use the required policy as effective policy.
if (url_.IsEmpty() || url_.ProtocolIsAbout() || url_.ProtocolIsData() ||
url_.ProtocolIs("blob") || url_.ProtocolIs("filesystem"))
return frame_policy_.required_document_policy;
const DocumentPolicy::FeatureState header_policy = const DocumentPolicy::FeatureState header_policy =
DocumentPolicyParser::Parse( DocumentPolicyParser::Parse(
response_.HttpHeaderField(http_names::kDocumentPolicy)) response_.HttpHeaderField(http_names::kDocumentPolicy))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment