File: masked_domain_list_manager.h

package info (click to toggle)
chromium 139.0.7258.127-2
  • links: PTS, VCS
  • area: main
  • in suites: forky
  • size: 6,122,156 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (108 lines) | stat: -rw-r--r-- 4,661 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
 
// Copyright 2023 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef COMPONENTS_IP_PROTECTION_COMMON_MASKED_DOMAIN_LIST_MANAGER_H_
#define COMPONENTS_IP_PROTECTION_COMMON_MASKED_DOMAIN_LIST_MANAGER_H_

#include <cstddef>
#include <cstdint>
#include <map>
#include <optional>
#include <set>
#include <string>
#include <vector>

#include "base/files/file.h"
#include "base/time/time.h"
#include "components/ip_protection/common/ip_protection_data_types.h"
#include "components/ip_protection/common/url_matcher_with_bypass.h"
#include "components/privacy_sandbox/masked_domain_list/masked_domain_list.pb.h"
#include "net/base/network_anonymization_key.h"
#include "services/network/public/mojom/network_context.mojom.h"
#include "services/network/public/mojom/proxy_config.mojom-shared.h"
#include "url/gurl.h"

namespace ip_protection {

class MaskedDomainList;

// Class MaskedDomainListManager is a pseudo-singleton owned by the
// NetworkService. It uses the MaskedDomainList to generate the
// CustomProxyConfigPtr needed for NetworkContexts that are using the Privacy
// Proxy and determines if pairs of request and top_frame URLs are eligible.
class MaskedDomainListManager {
 public:
  explicit MaskedDomainListManager(
      network::mojom::IpProtectionProxyBypassPolicy);
  ~MaskedDomainListManager();
  MaskedDomainListManager(const MaskedDomainListManager&);

  // Estimates dynamic memory usage.
  // See base/trace_event/memory_usage_estimator.h for more info.
  size_t EstimateMemoryUsage() const;

  // Returns true if the allow list is eligible to be used but does not indicate
  // that the allow list is currently populated.
  bool IsEnabled() const;

  // Returns true if there are entries in the allow list and it is possible to
  // match on them. If false, `Matches` will always return false.
  bool IsPopulated() const;

  // Determines if the request is eligible for the proxy by determining if the
  // request_url is for an eligible domain and if the NAK supports eligibility.
  // If the top_frame_origin of the NAK does not have the same owner as the
  // request_url and the request_url is in the allow list, the request is
  // eligible for the proxy.
  // TODO(crbug.com/354649091): Public Suffix List domains and subdomains
  // proxy 1st party requests because no same-origin check is performed.
  bool Matches(const GURL& request_url,
               const net::NetworkAnonymizationKey& network_anonymization_key,
               MdlType mdl_type) const;

  // Use the Masked Domain List and exclusion list to generate the allow list
  // and the 1P bypass rules.
  void UpdateMaskedDomainList(const masked_domain_list::MaskedDomainList& mdl,
                              const std::vector<std::string>& exclusion_list);
  void UpdateMaskedDomainListFlatbuffer(base::File default_file,
                                        uint64_t default_file_size,
                                        base::File regular_browsing_file,
                                        uint64_t regular_browsing_file_size);

  // Use the Masked Domain List and exclusion list to generate the allow list
  // and the 1P bypass rules.
  // The `exclusion_list` field is deprecated and will be removed when the
  // non-Flatbuffer implementation is removed. Similar functionality will be
  // introduced as part of crbug.com/420956725.
  void UpdateMaskedDomainListForTesting(
      const masked_domain_list::MaskedDomainList& mdl,
      const std::vector<std::string>& exclusion_list = {});

 private:
  void RecordCreationTime();

  // Sanitizes the given URL by removing a trailing dot from its host if
  // present. Returns a reference to either the modified sanitized URL or the
  // original URL if no changes were made.
  const GURL& SanitizeURLIfNeeded(const GURL& url, GURL& sanitized_url) const;

  // The MDLs, for each MdlType.
  std::unique_ptr<MaskedDomainList> default_mdl_;
  std::unique_ptr<MaskedDomainList> regular_browsing_mdl_;

  // Policy that determines which domains are bypassed from IP Protection.
  network::mojom::IpProtectionProxyBypassPolicy proxy_bypass_policy_;

  // Contains match rules from the Masked Domain List.
  UrlMatcherWithBypass url_matcher_with_bypass_;

  // If UpdateMaskedDomainList has not yet been called, stores the time at which
  // the manager was created. The first call to `RecordCreationTime` clears
  // this to nullopt on entry.
  std::optional<base::TimeTicks> creation_time_for_mdl_update_metric_;
};

}  // namespace ip_protection

#endif  // COMPONENTS_IP_PROTECTION_COMMON_MASKED_DOMAIN_LIST_MANAGER_H_