content/browser/renderer_host/policy_container_host.h

// Copyright 2020 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CONTENT_BROWSER_RENDERER_HOST_POLICY_CONTAINER_HOST_H_
#define CONTENT_BROWSER_RENDERER_HOST_POLICY_CONTAINER_HOST_H_

#include "content/common/content_export.h"
#include "mojo/public/cpp/bindings/associated_receiver.h"
#include "mojo/public/cpp/bindings/pending_associated_remote.h"
#include "services/network/public/mojom/ip_address_space.mojom-shared.h"
#include "services/network/public/mojom/referrer_policy.mojom-shared.h"
#include "third_party/blink/public/mojom/frame/policy_container.mojom.h"

namespace content {

// PolicyContainerHost serves as a container for several security policies. It
// should be owned by a RenderFrameHost. It keep tracks of the policies assigned
// to a document. When a document creates/opens another document with a local
// scheme (about:blank, about:srcdoc, data, blob, filesystem), the
// PolicyContainerHost of the opener is cloned and a copy is attached to the new
// document, so that the same security policies are applied to it. It implements
// a mojo interface that allows updates coming from Blink.
class CONTENT_EXPORT PolicyContainerHost
    : public blink::mojom::PolicyContainerHost {
 public:
  struct DocumentPolicies {
    // The referrer policy for the associated document. If not overwritten via a
    // call to SetReferrerPolicy (for example after parsing the Referrer-Policy
    // header or a meta tag), the default referrer policy will be applied to the
    // document.
    network::mojom::ReferrerPolicy referrer_policy =
        network::mojom::ReferrerPolicy::kDefault;

    // The IPAddressSpace associated with the document. In all non-network
    // pages (srcdoc, data urls, etc.) where we don't have an ip address to work
    // with, it is inherited following the general rules of the
    // PolicyContainerHost.
    network::mojom::IPAddressSpace ip_address_space =
        network::mojom::IPAddressSpace::kUnknown;
  };

  PolicyContainerHost();
  explicit PolicyContainerHost(const DocumentPolicies& document_policies);
  PolicyContainerHost(const PolicyContainerHost&) = delete;
  PolicyContainerHost& operator=(const PolicyContainerHost&) = delete;
  ~PolicyContainerHost() override;

  network::mojom::ReferrerPolicy referrer_policy() const {
    return document_policies_.referrer_policy;
  }

  network::mojom::IPAddressSpace ip_address_space() const {
    return document_policies_.ip_address_space;
  }
  void SetIPAddressSpace(network::mojom::IPAddressSpace ip_address_space) {
    document_policies_.ip_address_space = ip_address_space;
  }

  const DocumentPolicies& document_policies() const {
    return document_policies_;
  }

  // Return a PolicyContainer containing copies of the policies and a pending
  // mojo remote that can be used to update policies in this object. If called a
  // second time, it resets the receiver and creates a new PolicyContainer,
  // invalidating the remote of the previous one.
  blink::mojom::PolicyContainerPtr CreatePolicyContainerForBlink();

  // Create a new PolicyContainerHost with the same policies (i.e. a deep copy),
  // but with a new, unbound mojo receiver.
  std::unique_ptr<PolicyContainerHost> Clone() const;

  // Bind this PolicyContainerHost with the given mojo receiver, so that it can
  // handle mojo messages coming from the corresponding remote.
  void Bind(mojo::PendingAssociatedReceiver<blink::mojom::PolicyContainerHost>
                receiver);

 private:
  void SetReferrerPolicy(network::mojom::ReferrerPolicy referrer_policy) final;

  DocumentPolicies document_policies_;

  mojo::AssociatedReceiver<blink::mojom::PolicyContainerHost>
      policy_container_host_receiver_{this};
};

}  // namespace content

#endif