1
    2
    3
    4
    5
    6
    7
    8
    9
   10
   11
   12
   13
   14
   15
   16
   17
   18
   19
   20
   21
   22
   23
   24
   25
   26
   27
   28
   29
   30
   31
   32
   33
   34
   35
   36
   37
   38
   39
   40
   41
   42
   43
   44
   45
   46
   47
   48
   49
   50
   51
   52
   53
   54
   55
   56
   57
   58
   59
   60
   61
   62
   63
   64
   65
   66
   67
   68
   69
   70
   71
   72
   73
   74
   75
   76


content / browser / security / coop / cross_origin_opener_policy_access_report_manager.h [blame]

// Copyright 2021 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CONTENT_BROWSER_SECURITY_COOP_CROSS_ORIGIN_OPENER_POLICY_ACCESS_REPORT_MANAGER_H_
#define CONTENT_BROWSER_SECURITY_COOP_CROSS_ORIGIN_OPENER_POLICY_ACCESS_REPORT_MANAGER_H_

#include <string>

#include "base/values.h"
#include "content/browser/security/coop/cross_origin_opener_policy_reporter.h"
#include "content/browser/security/coop/coop_swap_result.h"

namespace content {

class FrameTreeNode;

// Used to monitor (potential) COOP breakages.
// A CrossOriginOpenerPolicyAccessReportManager lives in the browser process and
// has a 1:1 relationship with a RenderFrameHost.
class CrossOriginOpenerPolicyAccessReportManager {
 public:
  CrossOriginOpenerPolicyAccessReportManager();
  ~CrossOriginOpenerPolicyAccessReportManager();

  CrossOriginOpenerPolicyReporter* coop_reporter() {
    return coop_reporter_.get();
  }
  void set_coop_reporter(
      std::unique_ptr<CrossOriginOpenerPolicyReporter> coop_reporter) {
    coop_reporter_ = std::move(coop_reporter);
  }

  // For every other window in the same browsing context group, but in a
  // different virtual browsing context group, install the necessary
  // CoopAccessMonitor. The first window is identified by |node|.
  static void InstallAccessMonitorsIfNeeded(FrameTreeNode* node);

  // Return a new virtual browsing context group ID belong to a new
  // CoopRelatedGroup.
  static int GetNewVirtualBrowsingContextGroup();

  // Return a virtual browsing context group ID that is suitable given the
  // information passed in. `enforce_result` and `report_only_result` indicate
  // whether actual COOP values and report-only COOP values, respectively, need
  // a browsing context group swap. It also accounts for swapping in the same
  // CoopRelatedGroup or in a different one. Combined with
  // `current_virtual_browsing_context_group`, we can decide what virtual
  // browsing context group is suitable and return its ID.
  static int GetVirtualBrowsingContextGroup(
      CoopSwapResult enforce_result,
      CoopSwapResult report_only_result,
      int current_virtual_browsing_context_group);

 private:
  // Generate a new, previously unused, virtual browsing context group ID.
  static int NextVirtualBrowsingContextGroup();

  // Generate a new, previously unused, virtual CoopRelatedGroup ID.
  static int NextVirtualCoopRelatedGroup();

  // Install the CoopAccessMonitors monitoring accesses from `accessing_node`
  // toward `accessed_node`. `is_in_same_virtual_coop_related_group` indicates
  // whether the two nodes would be in the same CoopRelatedGroup. If that's the
  // case, do not report window.postMessage() and window.closed accesses, which
  // would be permitted by COOP: restrict-properties.
  void MonitorAccesses(FrameTreeNode* accessing_node,
                       FrameTreeNode* accessed_node,
                       bool is_in_same_virtual_coop_related_group);

  std::unique_ptr<CrossOriginOpenerPolicyReporter> coop_reporter_;
};

}  // namespace content

#endif  // CONTENT_BROWSER_SECURITY_COOP_CROSS_ORIGIN_OPENER_POLICY_ACCESS_REPORT_MANAGER_H_