File: private_aggregation_manager.h

package info (click to toggle)
chromium 138.0.7204.183-1~deb12u1
  • links: PTS, VCS
  • area: main
  • in suites: bookworm-proposed-updates
  • size: 6,080,960 kB
  • sloc: cpp: 34,937,079; ansic: 7,176,967; javascript: 4,110,704; python: 1,419,954; asm: 946,768; xml: 739,971; pascal: 187,324; sh: 89,623; perl: 88,663; objc: 79,944; sql: 50,304; cs: 41,786; fortran: 24,137; makefile: 21,811; php: 13,980; tcl: 13,166; yacc: 8,925; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (102 lines) | stat: -rw-r--r-- 4,574 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
 
// Copyright 2022 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef CONTENT_BROWSER_PRIVATE_AGGREGATION_PRIVATE_AGGREGATION_MANAGER_H_
#define CONTENT_BROWSER_PRIVATE_AGGREGATION_PRIVATE_AGGREGATION_MANAGER_H_

#include <stddef.h>
#include <stdint.h>

#include <optional>
#include <string>

#include "base/functional/callback_forward.h"
#include "base/numerics/safe_conversions.h"
#include "base/time/time.h"
#include "content/browser/private_aggregation/private_aggregation_caller_api.h"
#include "content/common/content_export.h"
#include "content/public/browser/storage_partition.h"
#include "mojo/public/cpp/bindings/pending_receiver.h"
#include "third_party/blink/public/mojom/private_aggregation/private_aggregation_host.mojom-forward.h"

namespace url {
class Origin;
}

namespace content {

class BrowserContext;

// Interface that mediates data flow between the Private Aggregation API
// component and other APIs using it.
class CONTENT_EXPORT PrivateAggregationManager {
 public:
  virtual ~PrivateAggregationManager() = default;

  static PrivateAggregationManager* GetManager(BrowserContext& browser_context);

  // Attempts to bind a new pending receiver for a worklet, allowing messages to
  // be sent and processed. The return value indicates whether the receiver was
  // accepted. Virtual for testing.
  //
  // The receiver will only be bound when all of these conditions are met:
  // * `worklet_origin` is potentially trustworthy.
  // * `context_id`, if set, is not too long.
  // * `aggregation_coordinator_origin`, if set, is on the allowlist.
  // * `filtering_id_max_bytes` is positive and no greater than
  //   `AggregationServicePayloadContents::kMaximumFilteringIdMaxBytes`.
  // * `max_contributions`, if set, is positive.
  // * `timeout` is set iff a report should be sent deterministically, i.e.
  //   `PrivateAggregationManager::ShouldSendReportDeterministically(caller_api,
  //   context_id, filtering_id_max_bytes, max_contributions)` is true.
  //
  // When `timeout` is set and developer mode is not enabled, this host will
  // send a report after the given duration of time has passed, regardless of
  // when the receiver is actually disconnected. It is a fatal error for
  // `timeout` to be zero or negative.
  [[nodiscard]] virtual bool BindNewReceiver(
      url::Origin worklet_origin,
      url::Origin top_frame_origin,
      PrivateAggregationCallerApi caller_api,
      std::optional<std::string> context_id,
      std::optional<base::TimeDelta> timeout,
      std::optional<url::Origin> aggregation_coordinator_origin,
      size_t filtering_id_max_bytes,
      std::optional<size_t> max_contributions,
      mojo::PendingReceiver<blink::mojom::PrivateAggregationHost>
          pending_receiver) = 0;

  // Deletes all data in storage for any budgets that could have been set
  // between `delete_begin` and `delete_end` time (inclusive). Note that the
  // discrete time windows used in the budgeter may lead to more data being
  // deleted than strictly necessary. Null times are treated as unbounded lower
  // or upper range. If `!filter.is_null()`, budget keys with an origin that
  // does *not* match the `filter` are retained (i.e. not cleared).
  virtual void ClearBudgetData(
      base::Time delete_begin,
      base::Time delete_end,
      StoragePartition::StorageKeyMatcherFunction filter,
      base::OnceClosure done) = 0;

  // Returns whether debug mode is allowed for a context with the given
  // parameters. If disallowed, any debug mode details specified over the
  // PrivateAggregationHost mojo pipe will be ignored.
  virtual bool IsDebugModeAllowed(const url::Origin& top_frame_origin,
                                  const url::Origin& reporting_origin) = 0;

  // Returns true iff an isolated context with the given parameters requires
  // deterministic report counts, i.e. sending a null report when a real report
  // has no approved contributions. Such contexts also qualify for "reduced
  // delay", meaning they may be sent after a fixed duration of time relative to
  // an event outside of the isolated context.
  [[nodiscard]] static bool ShouldSendReportDeterministically(
      PrivateAggregationCallerApi caller_api,
      const std::optional<std::string>& context_id,
      base::StrictNumeric<size_t> filtering_id_max_bytes,
      std::optional<size_t> requested_max_contributions);
};

}  // namespace content

#endif  // CONTENT_BROWSER_PRIVATE_AGGREGATION_PRIVATE_AGGREGATION_MANAGER_H_