Prerender: Add content API MojoBinderPolicyMap

This is part of work to control the Mojo interfaces available to
prerendered pages. See design doc[1] for more details.

In addition to content/, embedders define their own Mojo interfaces,
so they need to add their binding policies.
This CL adds a new content API named MojoBinderPolicyMap that allows
embedders to register policies for embedder-specific interfaces by
overriding ContentBrowserClient::RegisterMojoBinderPolicyMap method.

[1] https://docs.google.com/document/d/1E3Ma8HQFmxx8OvWVrjqpLziYIRbTRgLat4cM-nyKB6w/edit?usp=sharing

Bug: 1132752
Change-Id: Ie47a9fc2517fd3cda8438e9c61a5fa6854a8f36d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2507230Reviewed-by: Scott Violet <sky@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Matt Falkenhagen <falken@chromium.org>
Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org>
Commit-Queue: Lingqi Chi <lingqi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#836539}

chrome/browser/BUILD.gn

@@ -278,6 +278,8 @@ static_library("browser") {
     "chrome_browser_main_extra_parts.h",
     "chrome_content_browser_client.cc",
     "chrome_content_browser_client.h",
+    "chrome_content_browser_client_binder_policies.cc",
+    "chrome_content_browser_client_binder_policies.h",
     "chrome_content_browser_client_parts.h",
     "chrome_content_browser_client_receiver_bindings.cc",
     "chrome_notification_types.h",

chrome/browser/OWNERS

@@ -78,6 +78,8 @@ per-file chrome_browser_interface_binders.*=set noparent
 per-file chrome_browser_interface_binders.*=file://ipc/SECURITY_OWNERS
 per-file chrome_content_browser_client_receiver_bindings.*=set noparent
 per-file chrome_content_browser_client_receiver_bindings.*=file://ipc/SECURITY_OWNERS
+per-file chrome_content_browser_client_binder_policies.*=set noparent
+per-file chrome_content_browser_client_binder_policies.*=file://ipc/SECURITY_OWNERS
 
 # Changes to service sandbox configuration require a security review.
 per-file service_sandbox_type.h=file://ipc/SECURITY_OWNERS

chrome/browser/chrome_content_browser_client.cc

@@ -47,6 +47,7 @@
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/browsing_data/chrome_browsing_data_remover_delegate.h"
 #include "chrome/browser/captive_portal/captive_portal_service_factory.h"
+#include "chrome/browser/chrome_content_browser_client_binder_policies.h"
 #include "chrome/browser/chrome_content_browser_client_parts.h"
 #include "chrome/browser/content_settings/cookie_settings_factory.h"
 #include "chrome/browser/content_settings/host_content_settings_map_factory.h"
@@ -3865,6 +3866,14 @@ bool ChromeContentBrowserClient::IsRendererCodeIntegrityEnabled() {
 
 #endif  // defined(OS_WIN)
 
+void ChromeContentBrowserClient::RegisterMojoBinderPoliciesForPrerendering(
+    content::MojoBinderPolicyMap& policy_map) {
+  // Changes to `policy_map` should be made in
+  // RegisterChromeMojoBinderPoliciesForPrerendering() which requires security
+  // review.
+  RegisterChromeMojoBinderPoliciesForPrerendering(policy_map);
+}
+
 void ChromeContentBrowserClient::OpenURL(
     content::SiteInstance* site_instance,
     const content::OpenURLParams& params,

chrome/browser/chrome_content_browser_client.h

@@ -419,6 +419,8 @@ class ChromeContentBrowserClient : public content::ContentBrowserClient {
   void RegisterBrowserInterfaceBindersForFrame(
       content::RenderFrameHost* render_frame_host,
       mojo::BinderMapWithContext<content::RenderFrameHost*>* map) override;
+  void RegisterMojoBinderPoliciesForPrerendering(
+      content::MojoBinderPolicyMap& policy_map) override;
   bool BindAssociatedReceiverFromFrame(
       content::RenderFrameHost* render_frame_host,
       const std::string& interface_name,

chrome/browser/chrome_content_browser_client_binder_policies.cc

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/chrome_content_browser_client_binder_policies.h"
+
+#include "chrome/browser/ui/webui/bluetooth_internals/bluetooth_internals.mojom.h"
+
+void RegisterChromeMojoBinderPoliciesForPrerendering(
+    content::MojoBinderPolicyMap& policy_map) {
+  // TODO(https://crbug.com/1145976): Set all Chrome's interface policies.
+
+  // Prerendering does not happen for WebUI pages, so set kUnexpected as the
+  // policy for interfaces registered by WebUI.
+  policy_map.SetPolicy<::mojom::BluetoothInternalsHandler>(
+      content::MojoBinderPolicy::kUnexpected);
+}

chrome/browser/chrome_content_browser_client_binder_policies.h

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_CHROME_CONTENT_BROWSER_CLIENT_BINDER_POLICIES_H_
+#define CHROME_BROWSER_CHROME_CONTENT_BROWSER_CLIENT_BINDER_POLICIES_H_
+
+#include "content/public/browser/mojo_binder_policy_map.h"
+
+// Intended to be called only by
+// ChromeContentBrowserClient::RegisterMojoBinderPoliciesForPrerendering(). It
+// is in its own file so that security review can be required by the OWNERS
+// file.
+void RegisterChromeMojoBinderPoliciesForPrerendering(
+    content::MojoBinderPolicyMap& policy_map);
+
+#endif  // CHROME_BROWSER_CHROME_CONTENT_BROWSER_CLIENT_BINDER_POLICIES_H_

content/browser/BUILD.gn

@@ -1130,7 +1130,8 @@ source_set("browser") {
     "mime_registry_impl.h",
     "mojo_binder_policy_applier.cc",
     "mojo_binder_policy_applier.h",
-    "mojo_binder_policy_map.h",
+    "mojo_binder_policy_map_impl.cc",
+    "mojo_binder_policy_map_impl.h",
     "native_io/native_io_context.cc",
     "native_io/native_io_context.h",
     "native_io/native_io_file_host.cc",

content/browser/OWNERS

@@ -12,6 +12,8 @@ per-file child_process_security_policy_unittest.cc=set noparent
 per-file child_process_security_policy_unittest.cc=file://content/browser/SITE_ISOLATION_OWNERS
 per-file browser_interface_binders.*=set noparent
 per-file browser_interface_binders.*=file://ipc/SECURITY_OWNERS
+per-file binder_policy_map_impl.*=set noparent
+per-file binder_policy_map_impl.*=file://ipc/SECURITY_OWNERS
 per-file ppapi_plugin_process_host_receiver_bindings.*=set noparent
 per-file ppapi_plugin_process_host_receiver_bindings.*=file://ipc/SECURITY_OWNERS
 per-file browser_child_process_host_impl_receiver_bindings.*=set noparent

content/browser/mojo_binder_policy_applier.cc

@@ -7,7 +7,7 @@
 namespace content {
 
 MojoBinderPolicyApplier::MojoBinderPolicyApplier(
-    const MojoBinderPolicyMap* policy_map,
+    const MojoBinderPolicyMapImpl* policy_map,
     base::OnceClosure cancel_closure)
     : policy_map_(*policy_map), cancel_closure_(std::move(cancel_closure)) {}
 
@@ -52,11 +52,7 @@ void MojoBinderPolicyApplier::GrantAll() {
 
 MojoBinderPolicy MojoBinderPolicyApplier::GetMojoBinderPolicy(
     const std::string& interface_name) const {
-  MojoBinderPolicy policy = default_policy_;
-  const auto& found = policy_map_.find(interface_name);
-  if (found != policy_map_.end())
-    policy = found->second;
-  return policy;
+  return policy_map_.GetMojoBinderPolicy(interface_name, default_policy_);
 }
 
 }  // namespace content

content/browser/mojo_binder_policy_applier.h

@@ -9,7 +9,7 @@
 
 #include "base/bind.h"
 #include "base/callback.h"
-#include "content/browser/mojo_binder_policy_map.h"
+#include "content/browser/mojo_binder_policy_map_impl.h"
 #include "content/common/content_export.h"
 
 namespace content {
@@ -29,7 +29,7 @@ class CONTENT_EXPORT MojoBinderPolicyApplier {
   // `policy_map` must outlive `this` and must not be null.
   // `cancel_closure` will be executed when ApplyPolicyToBinder() processes a
   // kCancel interface.
-  MojoBinderPolicyApplier(const MojoBinderPolicyMap* policy_map,
+  MojoBinderPolicyApplier(const MojoBinderPolicyMapImpl* policy_map,
                           base::OnceClosure cancel_closure);
   ~MojoBinderPolicyApplier();
 
@@ -59,7 +59,7 @@ class CONTENT_EXPORT MojoBinderPolicyApplier {
 
   const MojoBinderPolicy default_policy_ = MojoBinderPolicy::kDefer;
   // Maps Mojo interface name to its policy.
-  const MojoBinderPolicyMap& policy_map_;
+  const MojoBinderPolicyMapImpl& policy_map_;
   // Will be executed upon a request for a kCancel interface.
   base::OnceClosure cancel_closure_;
   // Indicates if MojoBinderPolicyApplier grants all binding requests regardless

content/browser/mojo_binder_policy_applier_unittest.cc

@@ -8,7 +8,7 @@
 #include "base/callback.h"
 #include "base/memory/weak_ptr.h"
 #include "base/test/task_environment.h"
-#include "content/browser/mojo_binder_policy_map.h"
+#include "content/browser/mojo_binder_policy_map_impl.h"
 #include "content/test/test_mojo_binder_policy_applier_unittest.mojom.h"
 #include "mojo/public/cpp/bindings/generic_pending_receiver.h"
 #include "mojo/public/cpp/bindings/receiver.h"
@@ -79,7 +79,7 @@ class MojoBinderPolicyApplierTest : public testing::Test {
   MojoBinderPolicyApplierTest() = default;
 
  protected:
-  const MojoBinderPolicyMap policy_map_{
+  const MojoBinderPolicyMapImpl policy_map_{
       {{"content.mojom.TestInterfaceForDefer", MojoBinderPolicy::kDefer},
        {"content.mojom.TestInterfaceForGrant", MojoBinderPolicy::kGrant},
        {"content.mojom.TestInterfaceForCancel", MojoBinderPolicy::kCancel}}};

content/browser/mojo_binder_policy_map_impl.cc

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/browser/mojo_binder_policy_map_impl.h"
+
+#include "base/no_destructor.h"
+#include "content/public/browser/content_browser_client.h"
+#include "content/public/common/content_client.h"
+
+namespace content {
+
+namespace {
+
+// A singleton class that stores the `MojoBinderPolicyMap` of interfaces which
+// are obtained via `BrowserInterfaceBrowser` for frames.
+// content/ initializes the policy map with predefined policies, then allows
+// embedders to update the map.
+class BrowserInterfaceBrokerMojoBinderPolicyMapHolder {
+ public:
+  BrowserInterfaceBrokerMojoBinderPolicyMapHolder() {
+    GetContentClient()->browser()->RegisterMojoBinderPoliciesForPrerendering(
+        map_);
+  }
+
+  ~BrowserInterfaceBrokerMojoBinderPolicyMapHolder() = default;
+
+  // Remove copy and move operations.
+  BrowserInterfaceBrokerMojoBinderPolicyMapHolder(
+      const BrowserInterfaceBrokerMojoBinderPolicyMapHolder& other) = delete;
+  BrowserInterfaceBrokerMojoBinderPolicyMapHolder& operator=(
+      const BrowserInterfaceBrokerMojoBinderPolicyMapHolder& other) = delete;
+  BrowserInterfaceBrokerMojoBinderPolicyMapHolder(
+      BrowserInterfaceBrokerMojoBinderPolicyMapHolder&&) = delete;
+  BrowserInterfaceBrokerMojoBinderPolicyMapHolder& operator=(
+      BrowserInterfaceBrokerMojoBinderPolicyMapHolder&&) = delete;
+
+  const MojoBinderPolicyMapImpl* GetPolicyMap() const { return &map_; }
+
+ private:
+  // TODO(https://crbug.com/1145976): Set default policy map for content/.
+  // Changes to `map_` require security review.
+  MojoBinderPolicyMapImpl map_;
+};
+
+}  // namespace
+
+MojoBinderPolicyMapImpl::MojoBinderPolicyMapImpl() = default;
+
+MojoBinderPolicyMapImpl::MojoBinderPolicyMapImpl(
+    const base::flat_map<std::string, MojoBinderPolicy>& init_map)
+    : policy_map_(init_map) {}
+
+MojoBinderPolicyMapImpl::~MojoBinderPolicyMapImpl() = default;
+
+const MojoBinderPolicyMapImpl*
+MojoBinderPolicyMapImpl::GetInstanceForPrerendering() {
+  static const base::NoDestructor<
+      BrowserInterfaceBrokerMojoBinderPolicyMapHolder>
+      map;
+  return map->GetPolicyMap();
+}
+
+MojoBinderPolicy MojoBinderPolicyMapImpl::GetMojoBinderPolicy(
+    const std::string& interface_name,
+    const MojoBinderPolicy default_policy) const {
+  const auto& found = policy_map_.find(interface_name);
+  if (found != policy_map_.end())
+    return found->second;
+  return default_policy;
+}
+
+MojoBinderPolicy MojoBinderPolicyMapImpl::GetMojoBinderPolicyOrDieForTesting(
+    const std::string& interface_name) const {
+  const auto& found = policy_map_.find(interface_name);
+  DCHECK(found != policy_map_.end());
+  return found->second;
+}
+
+void MojoBinderPolicyMapImpl::SetPolicyByName(const base::StringPiece& name,
+                                              MojoBinderPolicy policy) {
+  policy_map_.emplace(name, policy);
+}
+
+}  // namespace content

content/browser/mojo_binder_policy_map_impl.h

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CONTENT_BROWSER_MOJO_BINDER_POLICY_MAP_IMPL_H_
+#define CONTENT_BROWSER_MOJO_BINDER_POLICY_MAP_IMPL_H_
+
+#include <string>
+
+#include "base/containers/flat_map.h"
+#include "base/strings/string_piece_forward.h"
+#include "content/common/content_export.h"
+#include "content/public/browser/mojo_binder_policy_map.h"
+
+namespace content {
+
+// Implements MojoBinderPolicyMap and owns a policy map.
+class CONTENT_EXPORT MojoBinderPolicyMapImpl : public MojoBinderPolicyMap {
+ public:
+  MojoBinderPolicyMapImpl();
+  explicit MojoBinderPolicyMapImpl(
+      const base::flat_map<std::string, MojoBinderPolicy>& init_map);
+  ~MojoBinderPolicyMapImpl() override;
+
+  // Disallows copy and move operations.
+  MojoBinderPolicyMapImpl(const MojoBinderPolicyMapImpl& other) = delete;
+  MojoBinderPolicyMapImpl& operator=(const MojoBinderPolicyMapImpl& other) =
+      delete;
+  MojoBinderPolicyMapImpl(MojoBinderPolicyMapImpl&&) = delete;
+  MojoBinderPolicyMapImpl& operator=(MojoBinderPolicyMapImpl&&) = delete;
+
+  // Returns the instance used by BrowserInterfaceBroker for pages that are
+  // prerendering. Currently this is the only use of this class.
+  static const MojoBinderPolicyMapImpl* GetInstanceForPrerendering();
+
+  // Gets the corresponding policy of a given Mojo interface name. If the
+  // interface name is not in `policy_map_`, the given `default_policy` will be
+  // returned.
+  MojoBinderPolicy GetMojoBinderPolicy(
+      const std::string& interface_name,
+      const MojoBinderPolicy default_policy) const;
+  // Fails with DCHECK if the interface is not in the map.
+  MojoBinderPolicy GetMojoBinderPolicyOrDieForTesting(
+      const std::string& interface_name) const;
+
+ private:
+  // MojoBinderPolicyMap implementation:
+  void SetPolicyByName(const base::StringPiece& name,
+                       MojoBinderPolicy policy) override;
+
+  base::flat_map<std::string, MojoBinderPolicy> policy_map_;
+};
+
+}  // namespace content
+
+#endif  // CONTENT_BROWSER_MOJO_BINDER_POLICY_MAP_IMPL_H_

content/browser/mojo_binder_policy_map_impl_unittest.cc

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/browser/mojo_binder_policy_map_impl.h"
+
+#include "base/test/gtest_util.h"
+#include "base/test/task_environment.h"
+#include "content/browser/browser_interface_binders.h"
+#include "content/test/test_content_browser_client.h"
+#include "content/test/test_mojo_binder_policy_applier_unittest.mojom.h"
+#include "mojo/public/cpp/bindings/binder_map.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace content {
+
+namespace {
+
+class MojoBinderPolicyMapImplTest : public testing::Test {
+ public:
+  MojoBinderPolicyMapImplTest() = default;
+
+ private:
+  base::test::TaskEnvironment task_environment_;
+};
+
+// Verifies SetPolicy function works.
+TEST_F(MojoBinderPolicyMapImplTest, SetPolicy) {
+  MojoBinderPolicyMapImpl policy_map;
+  policy_map.SetPolicy<content::mojom::TestInterfaceForDefer>(
+      MojoBinderPolicy::kDefer);
+  EXPECT_EQ(
+      policy_map.GetMojoBinderPolicyOrDieForTesting(
+          mojo::Remote<
+              content::mojom::TestInterfaceForDefer>::InterfaceType::Name_),
+      MojoBinderPolicy::kDefer);
+}
+
+// Verifies if the given interface is not found in the map, GetMojoBinderPolicy
+// will return the given `default_policy`.
+TEST_F(MojoBinderPolicyMapImplTest, InterfaceNotFound) {
+  MojoBinderPolicyMapImpl policy_map;
+  EXPECT_EQ(
+      policy_map.GetMojoBinderPolicy(
+          mojo::Remote<
+              content::mojom::TestInterfaceForDefer>::InterfaceType::Name_,
+          MojoBinderPolicy::kDefer),
+      MojoBinderPolicy::kDefer);
+  EXPECT_EQ(
+      policy_map.GetMojoBinderPolicy(
+          mojo::Remote<
+              content::mojom::TestInterfaceForDefer>::InterfaceType::Name_,
+          MojoBinderPolicy::kCancel),
+      MojoBinderPolicy::kCancel);
+}
+
+class MojoBinderPolicyTestContentBrowserClient
+    : public TestContentBrowserClient {
+ public:
+  void RegisterMojoBinderPoliciesForPrerendering(
+      MojoBinderPolicyMap& policy_map) override {
+    policy_map.SetPolicy<content::mojom::TestInterfaceForDefer>(
+        MojoBinderPolicy::kDefer);
+  }
+};
+
+// Verifies the embedder can register its policies via
+// ContentBrowserClient::RegisterMojoBinderPoliciesForPrerendering.
+TEST_F(MojoBinderPolicyMapImplTest, RegisterMojoBinderPolicyMap) {
+  MojoBinderPolicyTestContentBrowserClient test_browser_client;
+  MojoBinderPolicyMapImpl policy_map;
+  test_browser_client.RegisterMojoBinderPoliciesForPrerendering(policy_map);
+  EXPECT_EQ(
+      policy_map.GetMojoBinderPolicyOrDieForTesting(
+          mojo::Remote<
+              content::mojom::TestInterfaceForDefer>::InterfaceType::Name_),
+      MojoBinderPolicy::kDefer);
+}
+
+}  // namespace
+
+}  // namespace content

content/public/browser/BUILD.gn

@@ -213,6 +213,7 @@ source_set("browser_sources") {
     "mhtml_extra_parts.h",
     "mhtml_generation_result.cc",
     "mhtml_generation_result.h",
+    "mojo_binder_policy_map.h",
     "native_file_system_entry_factory.h",
     "native_file_system_permission_context.h",
     "native_file_system_permission_grant.cc",

content/public/browser/content_browser_client.h

@@ -30,6 +30,7 @@
 #include "content/public/browser/allow_service_worker_result.h"
 #include "content/public/browser/certificate_request_result_type.h"
 #include "content/public/browser/generated_code_cache_settings.h"
+#include "content/public/browser/mojo_binder_policy_map.h"
 #include "content/public/browser/storage_partition_config.h"
 #include "content/public/common/page_visibility_state.h"
 #include "content/public/common/window_container_type.mojom-forward.h"
@@ -1051,6 +1052,21 @@ class CONTENT_EXPORT ContentBrowserClient {
       RenderFrameHost* render_frame_host,
       mojo::BinderMapWithContext<RenderFrameHost*>* map) {}
 
+  // Allows the embedder to control when Mojo interface binders are run for a
+  // frame that is being prerendered.
+  //
+  // Prerender2 limits inactivated pages' capabilities by controlling when to
+  // bind Mojo interfaces. See content/browser/prerender/README.md for more
+  // about capability control.
+  //
+  // This function is called at most once, when the first RenderFrameHost is
+  // created that does a prerender. The embedder can add entries to `policy_map`
+  // for interfaces that it registers in
+  // `RegisterBrowserInterfaceBindersForFrame()`. It should not change or remove
+  // existing entries.
+  virtual void RegisterMojoBinderPoliciesForPrerendering(
+      MojoBinderPolicyMap& policy_map) {}
+
   // Content was unable to bind a receiver for this associated interface, so the
   // embedder should try. Returns true if the |handle| was actually taken and
   // bound; false otherwise.

content/browser/mojo_binder_policy_map.h → content/public/browser/mojo_binder_policy_map.h

@@ -2,10 +2,12 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef CONTENT_BROWSER_MOJO_BINDER_POLICY_MAP_H_
-#define CONTENT_BROWSER_MOJO_BINDER_POLICY_MAP_H_
+#ifndef CONTENT_PUBLIC_BROWSER_MOJO_BINDER_POLICY_MAP_H_
+#define CONTENT_PUBLIC_BROWSER_MOJO_BINDER_POLICY_MAP_H_
 
 #include "base/containers/flat_map.h"
+#include "base/strings/string_piece_forward.h"
+#include "content/common/content_export.h"
 
 namespace content {
 
@@ -26,9 +28,26 @@ enum class MojoBinderPolicy {
   kUnexpected,
 };
 
-// Maps Mojo interface name to policy.
-using MojoBinderPolicyMap = base::flat_map<std::string, MojoBinderPolicy>;
+// Used by content/ layer to manage interfaces' binding policies. Embedders can
+// set their own policies via this interface.
+// TODO(https://crbug.com/1157334): Consider integrating it with
+// mojo::BinderMap.
+class CONTENT_EXPORT MojoBinderPolicyMap {
+ public:
+  MojoBinderPolicyMap() = default;
+  virtual ~MojoBinderPolicyMap() = default;
+
+  // Called by embedders to set their binder policies.
+  template <typename Interface>
+  void SetPolicy(MojoBinderPolicy policy) {
+    SetPolicyByName(Interface::Name_, policy);
+  }
+
+ private:
+  virtual void SetPolicyByName(const base::StringPiece& name,
+                               MojoBinderPolicy policy) = 0;
+};
 
 }  // namespace content
 
-#endif  // CONTENT_BROWSER_MOJO_BINDER_POLICY_MAP_H_
+#endif  // CONTENT_PUBLIC_BROWSER_MOJO_BINDER_POLICY_MAP_H_

content/test/BUILD.gn

@@ -1879,6 +1879,7 @@ test("content_unittests") {
     "../browser/media/webaudio/audio_context_manager_impl_unittest.cc",
     "../browser/memory/swap_metrics_driver_impl_unittest.cc",
     "../browser/mojo_binder_policy_applier_unittest.cc",
+    "../browser/mojo_binder_policy_map_impl_unittest.cc",
     "../browser/native_io/native_io_context_unittest.cc",
     "../browser/net/cross_origin_embedder_policy_reporter_unittest.cc",
     "../browser/net/cross_origin_opener_policy_reporter_unittest.cc",