File: privacy_sandbox_settings_impl.h

package info (click to toggle)
chromium 138.0.7204.157-1
  • links: PTS, VCS
  • area: main
  • in suites: sid, trixie
  • size: 6,071,864 kB
  • sloc: cpp: 34,936,859; ansic: 7,176,967; javascript: 4,110,704; python: 1,419,953; asm: 946,768; xml: 739,967; pascal: 187,324; sh: 89,623; perl: 88,663; objc: 79,944; sql: 50,304; cs: 41,786; fortran: 24,137; makefile: 21,806; php: 13,980; tcl: 13,166; yacc: 8,925; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (248 lines) | stat: -rw-r--r-- 10,491 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
 
// Copyright 2023 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef COMPONENTS_PRIVACY_SANDBOX_PRIVACY_SANDBOX_SETTINGS_IMPL_H_
#define COMPONENTS_PRIVACY_SANDBOX_PRIVACY_SANDBOX_SETTINGS_IMPL_H_

#include <set>

#include "base/gtest_prod_util.h"
#include "base/memory/raw_ptr.h"
#include "base/observer_list.h"
#include "base/scoped_observation.h"
#include "base/time/time.h"
#include "components/browsing_topics/common/common_types.h"
#include "components/prefs/pref_change_registrar.h"
#include "components/privacy_sandbox/privacy_sandbox_settings.h"
#include "components/privacy_sandbox/tpcd_experiment_eligibility.h"
#include "components/privacy_sandbox/tracking_protection_settings.h"
#include "components/privacy_sandbox/tracking_protection_settings_observer.h"

class HostContentSettingsMap;
class PrefService;

namespace content_settings {
class CookieSettings;
}
namespace privacy_sandbox_test_util {
class PrivacySandboxSettingsTestPeer;
}

namespace privacy_sandbox {

class PrivacySandboxSettingsImpl : public PrivacySandboxSettings,
                                   public TrackingProtectionSettingsObserver {
 public:
  // Ideally the only external locations that call this constructor are the
  // factory, and dedicated tests.
  // TODO(crbug.com/40252892): Currently tests dedicated to other components
  // rely on this interface, they should be migrated to something better (such
  // as a dedicated test builder)
  PrivacySandboxSettingsImpl(
      std::unique_ptr<Delegate> delegate,
      HostContentSettingsMap* host_content_settings_map,
      scoped_refptr<content_settings::CookieSettings> cookie_settings,
      TrackingProtectionSettings* tracking_protection_settings,
      PrefService* pref_service);
  ~PrivacySandboxSettingsImpl() override;

  // KeyedService:
  void Shutdown() override;

  // PrivacySandboxSettings:
  bool IsTopicsAllowed() const override;
  bool IsTopicsAllowedForContext(
      const url::Origin& top_frame_origin,
      const GURL& url,
      content::RenderFrameHost* console_frame = nullptr) const override;
  bool IsTopicAllowed(const CanonicalTopic& topic) override;
  void SetTopicAllowed(const CanonicalTopic& topic, bool allowed) override;
  bool IsTopicPrioritized(const CanonicalTopic& topic) override;
  void ClearTopicSettings(base::Time start_time, base::Time end_time) override;
  base::Time TopicsDataAccessibleSince() const override;
  bool IsAttributionReportingEverAllowed() const override;
  bool IsAttributionReportingAllowed(
      const url::Origin& top_frame_origin,
      const url::Origin& reporting_origin,
      content::RenderFrameHost* console_frame = nullptr) const override;
  bool MaySendAttributionReport(
      const url::Origin& source_origin,
      const url::Origin& destination_origin,
      const url::Origin& reporting_origin,
      content::RenderFrameHost* console_frame = nullptr) const override;
  bool IsAttributionReportingTransitionalDebuggingAllowed(
      const url::Origin& top_frame_origin,
      const url::Origin& reporting_origin,
      bool& can_bypass) const override;
  void SetFledgeJoiningAllowed(const std::string& top_frame_etld_plus1,
                               bool allowed) override;
  void ClearFledgeJoiningAllowedSettings(base::Time start_time,
                                         base::Time end_time) override;
  bool IsFledgeAllowed(
      const url::Origin& top_frame_origin,
      const url::Origin& auction_party,
      content::InterestGroupApiOperation interest_group_api_operation,
      content::RenderFrameHost* console_frame = nullptr) const override;
  bool IsEventReportingDestinationAttested(
      const url::Origin& destination_origin,
      privacy_sandbox::PrivacySandboxAttestationsGatedAPI invoking_api)
      const override;
  bool IsSharedStorageAllowed(
      const url::Origin& top_frame_origin,
      const url::Origin& accessing_origin,
      std::string* out_debug_message,
      content::RenderFrameHost* console_frame,
      bool* out_block_is_site_setting_specific) const override;
  bool IsSharedStorageSelectURLAllowed(
      const url::Origin& top_frame_origin,
      const url::Origin& accessing_origin,
      std::string* out_debug_message,
      bool* out_block_is_site_setting_specific) const override;
  bool IsFencedStorageReadAllowed(
      const url::Origin& top_frame_origin,
      const url::Origin& accessing_origin,
      content::RenderFrameHost* console_frame) const override;
  bool IsPrivateAggregationAllowed(
      const url::Origin& top_frame_origin,
      const url::Origin& reporting_origin,
      bool* out_block_is_site_setting_specific) const override;
  bool IsPrivateAggregationDebugModeAllowed(
      const url::Origin& top_frame_origin,
      const url::Origin& reporting_origin) const override;
  TpcdExperimentEligibility GetCookieDeprecationExperimentCurrentEligibility()
      const override;

  bool IsCookieDeprecationLabelAllowed() const override;
  bool IsCookieDeprecationLabelAllowedForContext(
      const url::Origin& top_frame_origin,
      const url::Origin& context_origin) const override;
  void SetAllPrivacySandboxAllowedForTesting() override;
  void SetTopicsBlockedForTesting() override;
  bool IsPrivacySandboxRestricted() const override;
  bool IsPrivacySandboxCurrentlyUnrestricted() const override;
  bool IsSubjectToM1NoticeRestricted() const override;
  bool IsRestrictedNoticeEnabled() const override;
  void OnCookiesCleared() override;
  void AddObserver(Observer* observer) override;
  void RemoveObserver(Observer* observer) override;
  void SetDelegateForTesting(std::unique_ptr<Delegate> delegate) override;

  bool AreRelatedWebsiteSetsEnabled() const override;

 private:
  friend class PrivacySandboxAttestations;
  // NOTE: Do not add any new friend classes for testing; tests that need
  // access to private functions / variables should go through this peer class.
  friend class privacy_sandbox_test_util::PrivacySandboxSettingsTestPeer;

  // Called when the Related Website Sets enabled preference is changed.
  void OnRelatedWebsiteSetsEnabledPrefChanged();

  void SetTopicsDataAccessibleFromNow() const;

  // These values are persisted to logs. Entries should not be renumbered and
  // numeric values should never be reused.
  enum class Status {
    kAllowed = 0,
    kRestricted = 1,
    kIncognitoProfile = 2,
    kApisDisabled = 3,
    kSiteDataAccessBlocked = 4,
    kMismatchedConsent = 5,
    kAttestationFailed = 6,
    kAttestationsFileNotYetReadyNOLONGERRECORDED = 7,
    kAttestationsDownloadedNotYetLoaded = 8,
    kAttestationsFileCorrupt = 9,
    kJoiningTopFrameBlocked = 10,
    kBlockedBy3pcdExperiment = 11,
    kAttestationsFileNotYetChecked = 12,
    kAttestationsFileNotPresent = 13,
    kMaxValue = kAttestationsFileNotPresent,
  };

  static bool IsAllowed(Status status);

  static void JoinHistogram(const char* name, Status status);
  static void JoinFledgeHistogram(
      content::InterestGroupApiOperation interest_group_api_operation,
      Status status);

  // Get the Topics that are disabled by Finch.
  const std::set<browsing_topics::Topic>& GetFinchDisabledTopics();

  // Get the Topics that are prioritized for top topic selection by Finch.
  const std::set<browsing_topics::Topic>& GetFinchPrioritizedTopics();

  // Whether the site associated with the URL is allowed to access privacy
  // sandbox APIs within the context of |top_frame_origin|.
  Status GetSiteAccessAllowedStatus(const url::Origin& top_frame_origin,
                                    const GURL& url) const;

  // Whether the privacy sandbox APIs can be allowed given the current
  // environment. For example, the privacy sandbox is always disabled in
  // Incognito and for restricted accounts.
  Status GetPrivacySandboxAllowedStatus(
      bool should_ignore_restriction = false) const;

  // Whether the privacy sandbox associated with  the |pref_name| is enabled.
  // For individual sites, check as well with GetSiteAccessAllowedStatus.
  Status GetM1PrivacySandboxApiEnabledStatus(
      const std::string& pref_name) const;

  // Whether the Topics API can be allowed given the current
  // environment or the reason why it is not allowed.
  Status GetM1TopicAllowedStatus() const;

  // Whether ad measurement APIs can be allowed given the current environment or
  // the reason why it is not allowed.
  Status GetM1AdMeasurementAllowedStatus(
      const url::Origin& top_frame_origin,
      const url::Origin& reporting_origin) const;

  // Whether Fledge can be allowed given the current environment or the reason
  // why it is not allowed.
  Status GetM1FledgeAllowedStatus(const url::Origin& top_frame_origin,
                                  const url::Origin& accessing_origin) const;

  // Internal helper for `IsFledgeAllowed`. Used only when
  // `interest_group_api_operation` is `kJoin`.
  bool IsFledgeJoiningAllowed(const url::Origin& top_frame_origin) const;

  // Whether fenced frame local unpartitioned data access is enabled.
  Status GetFencedStorageReadEnabledStatus() const;

  // From TrackingProtectionSettingsObserver.
  void OnBlockAllThirdPartyCookiesChanged() override;

  // Sets the out parameter `out_block_is_site_setting_specific` if it is
  // non-null, based on the given `status`.
  void SetOutBlockIsSiteSettingSpecificFromStatus(
      Status status,
      bool* out_block_is_site_setting_specific) const;

  base::ObserverList<Observer>::Unchecked observers_;

  std::unique_ptr<Delegate> delegate_;
  raw_ptr<HostContentSettingsMap> host_content_settings_map_;
  scoped_refptr<content_settings::CookieSettings> cookie_settings_;
  raw_ptr<TrackingProtectionSettings> tracking_protection_settings_;
  raw_ptr<PrefService> pref_service_;
  PrefChangeRegistrar pref_change_registrar_;

  base::ScopedObservation<TrackingProtectionSettings,
                          TrackingProtectionSettingsObserver>
      tracking_protection_settings_observation_{this};

  // Which topics are disabled by Finch; This is set and read by
  // GetFinchDisabledTopics.
  std::set<browsing_topics::Topic> finch_disabled_topics_;

  // Which topics are prioritized in top topic selection by Finch. This is set
  // and read by GetFinchPrioritizedTopics.
  std::set<browsing_topics::Topic> finch_prioritized_topics_;
};

}  // namespace privacy_sandbox

#endif  // COMPONENTS_PRIVACY_SANDBOX_PRIVACY_SANDBOX_SETTINGS_IMPL_H_