Whitelist policy field for preloaded HSTS entries.

Bug: 778047
Cq-Include-Trybots: master.tryserver.chromium.android:android_cronet_tester;master.tryserver.chromium.mac:ios-simulator-cronet
Change-Id: Ib879c1e7dfd9f664ed733dcc51a1f80e24fdc806
Reviewed-on: https://chromium-review.googlesource.com/751664Reviewed-by: Ryan Sleevi <rsleevi@chromium.org>
Commit-Queue: Martijn Croonen <martijnc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#515514}

net/tools/transport_security_state_generator/input_file_parsers.cc

@@ -165,7 +165,8 @@ enum class CertificateParserState {
   IN_PUBLIC_KEY
 };
 
-// Valid JSON keys.
+// Valid keys for entries in the input JSON. These fields will be included in
+// the output.
 static const char kNameJSONKey[] = "name";
 static const char kIncludeSubdomainsJSONKey[] = "include_subdomains";
 static const char kIncludeSubdomainsForPinningJSONKey[] =
@@ -179,6 +180,10 @@ static const char kExpectStapleReportURIJSONKey[] = "expect_staple_report_uri";
 static const char kIncludeSubdomainsForExpectStapleJSONKey[] =
     "include_subdomains_for_expect_staple";
 
+// Additional valid keys for entries in the input JSON that will not be included
+// in the output and contain metadata (e.g., for list maintenance).
+static const char kPolicyJSONKey[] = "policy";
+
 }  // namespace
 
 bool ParseCertificatesFile(base::StringPiece certs_input, Pinsets* pinsets) {
@@ -295,6 +300,7 @@ bool ParseJSON(base::StringPiece json,
                TransportSecurityStateEntries* entries,
                Pinsets* pinsets) {
   std::set<std::string> valid_keys = {kNameJSONKey,
+                                      kPolicyJSONKey,
                                       kIncludeSubdomainsJSONKey,
                                       kIncludeSubdomainsForPinningJSONKey,
                                       kModeJSONKey,