Add origin trial check on document policy

This CL filters out features that are disabled by origin trial
when initializing document policy in SecurityContextInit and when
parsing from policy attribute on iframe element.

Bug: 993790
Change-Id: I5b6a9f9e4b19275cb483c23c8d3cefa9e74af29c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2019925
Commit-Queue: Charlie Hu <chenleihu@google.com>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Ian Clelland <iclelland@chromium.org>
Cr-Commit-Position: refs/heads/master@{#737861}

third_party/blink/renderer/build/scripts/templates/feature_policy_helper.cc.tmpl

@@ -84,4 +84,18 @@ bool DisabledByOriginTrial(const String& feature_name,
   return false;
 }
 
+bool DisabledByOriginTrial(mojom::blink::FeaturePolicyFeature feature,
+                           FeatureContext* feature_context) {
+  {% for feature_name, dependencies in origin_trial_dependency_map.items() | sort %}
+  if (feature == mojom::FeaturePolicyFeature::k{{feature_name}}) {
+    return
+    {%- for dependency in dependencies %}
+    {%- if not loop.first %} &&{% endif %}
+ !RuntimeEnabledFeatures::{{dependency}}Enabled(feature_context)
+    {%- endfor %};
+  }
+  {% endfor %}
+  return false;
+}
+
 }  // namespace blink

third_party/blink/renderer/core/execution_context/security_context_init.cc

@@ -63,7 +63,7 @@ SecurityContextInit::SecurityContextInit(const DocumentInit& initializer) {
   InitializeFeaturePolicy(initializer);
 
   // Initialize document policy.
-  document_policy_ = initializer.GetDocumentPolicy();
+  InitializeDocumentPolicy(initializer);
 
   // Initialize the agent. Depends on security origin.
   InitializeAgent(initializer);
@@ -260,6 +260,19 @@ void SecurityContextInit::InitializeOrigin(const DocumentInit& initializer) {
   }
 }
 
+void SecurityContextInit::InitializeDocumentPolicy(
+    const DocumentInit& initializer) {
+  // Because Document-Policy http header is parsed in DocumentLoader,
+  // when origin trial context is not initialized yet.
+  // Needs to filter out features that are not in origin trial after
+  // we have origin trial information available.
+  for (const auto& entry : initializer.GetDocumentPolicy()) {
+    if (!DisabledByOriginTrial(entry.first, this)) {
+      document_policy_.insert(entry);
+    }
+  }
+}
+
 void SecurityContextInit::InitializeFeaturePolicy(
     const DocumentInit& initializer) {
   initialized_feature_policy_state_ = true;
@@ -341,9 +354,7 @@ std::unique_ptr<FeaturePolicy> SecurityContextInit::CreateFeaturePolicy()
 
 std::unique_ptr<DocumentPolicy> SecurityContextInit::CreateDocumentPolicy()
     const {
-  if (!document_policy_)
-    return nullptr;
-  return DocumentPolicy::CreateWithHeaderPolicy(document_policy_.value());
+  return DocumentPolicy::CreateWithHeaderPolicy(document_policy_);
 }
 
 void SecurityContextInit::InitializeSecureContextMode(

third_party/blink/renderer/core/execution_context/security_context_init.h

@@ -74,6 +74,7 @@ class CORE_EXPORT SecurityContextInit : public FeaturePolicyParserDelegate {
   void InitializeContentSecurityPolicy(const DocumentInit&);
   void InitializeOrigin(const DocumentInit&);
   void InitializeSandboxFlags(const DocumentInit&);
+  void InitializeDocumentPolicy(const DocumentInit&);
   void InitializeFeaturePolicy(const DocumentInit&);
   void InitializeSecureContextMode(const DocumentInit&);
   void InitializeOriginTrials(const DocumentInit&);
@@ -81,7 +82,7 @@ class CORE_EXPORT SecurityContextInit : public FeaturePolicyParserDelegate {
 
   scoped_refptr<SecurityOrigin> security_origin_;
   WebSandboxFlags sandbox_flags_ = WebSandboxFlags::kNone;
-  base::Optional<DocumentPolicy::FeatureState> document_policy_;
+  DocumentPolicy::FeatureState document_policy_;
   bool initialized_feature_policy_state_ = false;
   Vector<String> feature_policy_parse_messages_;
   ParsedFeaturePolicy feature_policy_header_;

third_party/blink/renderer/core/feature_policy/feature_policy_helper.h

@@ -36,6 +36,10 @@ const FeatureSet& GetAvailableDocumentPolicyFeatures();
 // origin trial controlled, and the origin trial is not enabled).
 bool DisabledByOriginTrial(const String&, FeatureContext*);
 
+// Returns true if this feature is currently disabled by an origin trial (it is
+// origin trial controlled, and the origin trial is not enabled).
+bool DisabledByOriginTrial(mojom::blink::FeaturePolicyFeature, FeatureContext*);
+
 }  // namespace blink
 
 #endif  // THIRD_PARTY_BLINK_RENDERER_CORE_FEATURE_POLICY_FEATURE_POLICY_HELPER_H_

third_party/blink/renderer/core/html/html_frame_owner_element.cc

@@ -314,9 +314,15 @@ void HTMLFrameOwnerElement::UpdateRequiredPolicy() {
       ConstructRequiredPolicy();
   const auto* frame = GetDocument().GetFrame();
   DCHECK(frame);
-  frame_policy_.required_document_policy = DocumentPolicy::MergeFeatureState(
-      self_required_policy,
-      frame->GetRequiredDocumentPolicy() /* parent required policy */);
+  DocumentPolicy::FeatureState new_required_policy;
+  for (const auto& entry : DocumentPolicy::MergeFeatureState(
+           self_required_policy,
+           frame->GetRequiredDocumentPolicy() /* parent required policy */)) {
+    if (!DisabledByOriginTrial(entry.first, &GetDocument()))
+      new_required_policy.insert(entry);
+  }
+  frame_policy_.required_document_policy = std::move(new_required_policy);
+
   if (ContentFrame()) {
     frame->Client()->DidChangeFramePolicy(ContentFrame(), frame_policy_);
   }