[COOP] Access reporting [8/N] Inherit virtual browsing context group.

This implements the following:

1. New RenderFrameHost are put in their own new virtual browsing context
   group.
2. When a new window is created, the initial empty document inherits
   from its opener.
3. When a navigation happens, the virtual browsing context group is
   inherited from the previous document, except if the COOP/COEP/Origin
   states require a new virtual browsing context group to be used.

COOP access reporting:
[1/N] https://chromium-review.googlesource.com/c/chromium/src/+/2264294
[2/N] https://chromium-review.googlesource.com/c/chromium/src/+/2270185
[3/N] https://chromium-review.googlesource.com/c/chromium/src/+/2270472
[4/N] https://chromium-review.googlesource.com/c/chromium/src/+/2273120
[5/N] https://chromium-review.googlesource.com/c/chromium/src/+/2309433
[6/N] https://chromium-review.googlesource.com/c/chromium/src/+/2308715
[7/N] https://chromium-review.googlesource.com/c/chromium/src/+/2309697
[8/N] this patch.

Bug: 1090273
Change-Id: Ic9c2d5a17e222743c1f498ff30bb6564980bec27
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2275889
Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org>
Reviewed-by: Pâris Meuleman <pmeuleman@chromium.org>
Reviewed-by: Camille Lamy <clamy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#790843}

content/browser/frame_host/navigation_request.cc

@@ -1263,6 +1263,11 @@ NavigationRequest::NavigationRequest(
   navigation_entry_offset_ = EstimateHistoryOffset();
 
   commit_params_->is_browser_initiated = browser_initiated_;
+
+  // In the absence of response, the new RenderFrameHost will inherit its
+  // virtual context group from the previous RenderFrameHost, a priori.
+  coop_status_.virtual_browsing_context_group =
+      frame_tree_node->current_frame_host()->virtual_browsing_context_group();
 }
 
 NavigationRequest::~NavigationRequest() {
@@ -5020,6 +5025,12 @@ void NavigationRequest::UpdateCoopStatus(
   if (frame_tree_node_->opener()) {
     coop_status_.had_opener_before_browsing_instance_swap = true;
   }
+
+  if (coop_status_.require_browsing_instance_swap ||
+      coop_status_.virtual_browsing_instance_swap) {
+    coop_status_.virtual_browsing_context_group =
+        CrossOriginOpenerPolicyReporter::NextVirtualBrowsingContextGroup();
+  }
 }
 
 }  // namespace content

content/browser/frame_host/navigation_request.h

@@ -96,6 +96,9 @@ struct CrossOriginOpenerPolicyStatus {
   // involved documents would cause a browsing context group swap.
   bool virtual_browsing_instance_swap = false;
 
+  // The virtual browsing context group of the document to commit.
+  int virtual_browsing_context_group;
+
   // When a page has a reachable opener and COOP triggers a browsing instance
   // swap we potentially break the page. This is one of the case that can be
   // reported using the COOP reporting API.

content/browser/frame_host/render_frame_host_impl.cc

@@ -904,6 +904,13 @@ RenderFrameHostImpl::RenderFrameHostImpl(
                                  : frame_tree_node_->opener();
   if (frame_owner)
     CSPContext::SetSelf(frame_owner->current_origin());
+
+  // New RenderFrameHostImpl are put in their own virtual browsing context
+  // group. Then, they can inherit from:
+  // 1) Their opener in RenderFrameHostImpl::CreateNewWindow().
+  // 2) Their navigation in RenderFrameHostImpl::DidCommitNavigationInternal().
+  virtual_browsing_context_group_ =
+      CrossOriginOpenerPolicyReporter::NextVirtualBrowsingContextGroup();
 }
 
 RenderFrameHostImpl::~RenderFrameHostImpl() {
@@ -4743,6 +4750,11 @@ void RenderFrameHostImpl::CreateNewWindow(
   if (!params->opener_suppressed)
     popup_coep = cross_origin_embedder_policy();
 
+  int popup_virtual_browsing_context_group =
+      params->opener_suppressed
+          ? CrossOriginOpenerPolicyReporter::NextVirtualBrowsingContextGroup()
+          : top_level_opener->virtual_browsing_context_group();
+
   // If the opener is suppressed or script access is disallowed, we should
   // open the window in a new BrowsingInstance, and thus a new process. That
   // means the current renderer process will not be able to route messages to
@@ -4780,6 +4792,8 @@ void RenderFrameHostImpl::CreateNewWindow(
   main_frame->SetOriginAndIsolationInfoOfNewFrame(GetLastCommittedOrigin());
   main_frame->cross_origin_opener_policy_ = popup_coop;
   main_frame->cross_origin_embedder_policy_ = popup_coep;
+  main_frame->virtual_browsing_context_group_ =
+      popup_virtual_browsing_context_group;
 
   // If inheriting coop (checking this via |opener_suppressed|) and the original
   // coop page has a reporter we make sure the the newly created popup also has
@@ -8025,6 +8039,9 @@ bool RenderFrameHostImpl::DidCommitNavigationInternal(
   // is expected to be received in DidSetFramePolicyHeaders(..).
   active_sandbox_flags_control_ = navigation_request->SandboxFlagsToCommit();
 
+  virtual_browsing_context_group_ =
+      navigation_request->coop_status().virtual_browsing_context_group;
+
   // If we still have a PeakGpuMemoryTracker, then the loading it was observing
   // never completed. Cancel it's callback so that we don't report partial
   // loads to UMA.

content/browser/frame_host/render_frame_host_impl.h

@@ -3040,9 +3040,7 @@ class CONTENT_EXPORT RenderFrameHostImpl
   // Whenever we detect that the enforcement of a report-only COOP policy would
   // have resulted in a BrowsingInstance switch, we assign a new virtual
   // browsing context group ID to the RenderFrameHostImpl that has navigated.
-  //
-  // TODO(https://crbug.com/1101339): Implement this.
-  int virtual_browsing_context_group_ = -1;
+  int virtual_browsing_context_group_;
 
   // Navigation ID for the last committed cross-document non-bfcached navigation
   // in this RenderFrameHost.

content/browser/net/cross_origin_opener_policy_reporter.cc

@@ -326,4 +326,10 @@ void CrossOriginOpenerPolicyReporter::MonitorAccesses(
       accessed_window_token, std::move(remote_reporter));
 }
 
+// static
+int CrossOriginOpenerPolicyReporter::NextVirtualBrowsingContextGroup() {
+  static int id = -1;
+  return ++id;
+}
+
 }  // namespace content

content/browser/net/cross_origin_opener_policy_reporter.h

@@ -70,6 +70,9 @@ class CONTENT_EXPORT CrossOriginOpenerPolicyReporter final
       mojo::PendingReceiver<network::mojom::CrossOriginOpenerPolicyReporter>
           receiver) override;
 
+  // Generate a new, previously unused, virtualBrowsingContextId.
+  static int NextVirtualBrowsingContextGroup();
+
  private:
   friend class CrossOriginOpenerPolicyReporterTest;