Adds ContentSettingsForOneType for the TPCD metadata

This is a no-ops change that adds a new content setting type for 3PCD metadata support. This setting will act as a cookie setting override but will not trump any user specifications (more on this will be established in future CLs). Bug: b/290039145 Change-Id: Icc0c3ce66fdf5a41023874a336e3ef8b36737b92 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4802683 Commit-Queue: Jonathan Njeunje <njeunje@chromium.org> Reviewed-by: Matt Mueller <mattm@chromium.org> Reviewed-by: Steven Bingler <bingler@chromium.org> Reviewed-by: Peter Kasting <pkasting@chromium.org> Reviewed-by: Joe Mason <joenotcharles@google.com> Reviewed-by: Christian Dullweber <dullweber@chromium.org> Cr-Commit-Position: refs/heads/main@{#1188342}
chromium · Aug 25, 2023 · 70e46a2 · 70e46a2
1 parent f0038aa
commit 70e46a2
Show file tree

Hide file tree

Showing 21 changed files with 218 additions and 20 deletions.
diff --git a/...avatests/src/org/chromium/chrome/browser/site_settings/WebsitePermissionsFetcherTest.java b/...avatests/src/org/chromium/chrome/browser/site_settings/WebsitePermissionsFetcherTest.java
@@ -533,7 +533,7 @@ public void testFetchAllPreferencesForSingleOrigin() {
         // If the ContentSettingsType.NUM_TYPES value changes *and* a new value has been exposed on
         // Android, then please update this code block to include a test for your new type.
         // Otherwise, just update count in the assert.
-        Assert.assertEquals(91, ContentSettingsType.NUM_TYPES);
+        Assert.assertEquals(92, ContentSettingsType.NUM_TYPES);
         websitePreferenceBridge.addContentSettingException(
                 new ContentSettingException(ContentSettingsType.COOKIES, googleOrigin,
                         ContentSettingValues.DEFAULT, preferenceSource, /*isEmbargoed=*/false));

diff --git a/chrome/browser/net/profile_network_context_service.cc b/chrome/browser/net/profile_network_context_service.cc
@@ -248,6 +248,19 @@ void Update3pcdSettings(Profile* profile) {
       settings));
 }
 
+void Update3pcdMetadataGrantsSettings(Profile* profile) {
+  ContentSettingsForOneType settings =
+      HostContentSettingsMapFactory::GetForProfile(profile)
+          ->GetSettingsForOneType(ContentSettingsType::TPCD_METADATA_GRANTS);
+  profile->ForEachLoadedStoragePartition(base::BindRepeating(
+      [](ContentSettingsForOneType settings,
+         content::StoragePartition* storage_partition) {
+        storage_partition->GetCookieManagerForBrowserProcess()
+            ->SetContentSettingsFor3pcdMetadataGrants(settings);
+      },
+      settings));
+}
+
 // `kPermissionStorageAccessAPI` enables feature: Storage Access API with
 // Prompts (https://chromestatus.com/feature/5085655327047680). StorageAccessAPI
 // is considered enabled when either feature is enabled (by different field
@@ -637,6 +650,10 @@ ProfileNetworkContextService::CreateCookieManagerParams(
   out->settings_for_3pcd = host_content_settings_map->GetSettingsForOneType(
       ContentSettingsType::TPCD_SUPPORT);
 
+  out->settings_for_3pcd_metadata_grants =
+      host_content_settings_map->GetSettingsForOneType(
+          ContentSettingsType::TPCD_METADATA_GRANTS);
+
   if (StorageAccessAPIEnabled()) {
     out->settings_for_storage_access =
         host_content_settings_map->GetSettingsForOneType(
@@ -1132,6 +1149,9 @@ void ProfileNetworkContextService::OnContentSettingChanged(
     case ContentSettingsType::TPCD_SUPPORT:
       Update3pcdSettings(profile_);
       break;
+    case ContentSettingsType::TPCD_METADATA_GRANTS:
+      Update3pcdMetadataGrantsSettings(profile_);
+      break;
     case ContentSettingsType::STORAGE_ACCESS:
       UpdateStorageAccessSettings(profile_);
       break;
@@ -1143,6 +1163,7 @@ void ProfileNetworkContextService::OnContentSettingChanged(
       UpdateCookieSettings(profile_);
       UpdateLegacyCookieSettings(profile_);
       Update3pcdSettings(profile_);
+      Update3pcdMetadataGrantsSettings(profile_);
       UpdateAllStorageAccessSettings(profile_);
       break;
     default:

diff --git a/chrome/browser/ui/webui/settings/site_settings_helper.cc b/chrome/browser/ui/webui/settings/site_settings_helper.cc
@@ -197,6 +197,7 @@ const ContentSettingsTypeNameEntry kContentSettingsTypeGroupNames[] = {
     {ContentSettingsType::ALL_SCREEN_CAPTURE, nullptr},
     {ContentSettingsType::COOKIE_CONTROLS_METADATA, nullptr},
     {ContentSettingsType::TPCD_SUPPORT, nullptr},
+    {ContentSettingsType::TPCD_METADATA_GRANTS, nullptr},
 };
 
 static_assert(std::size(kContentSettingsTypeGroupNames) ==

diff --git a/components/content_settings/core/browser/content_settings_registry.cc b/components/content_settings/core/browser/content_settings_registry.cc
@@ -292,6 +292,15 @@ void ContentSettingsRegistry::Init() {
            ContentSettingsInfo::INHERIT_IF_LESS_PERMISSIVE,
            ContentSettingsInfo::EXCEPTIONS_ON_SECURE_ORIGINS_ONLY);
 
+  Register(ContentSettingsType::TPCD_METADATA_GRANTS, "3pcd-metadata-grants",
+           CONTENT_SETTING_BLOCK, WebsiteSettingsInfo::UNSYNCABLE,
+           /*allowlisted_schemes=*/{},
+           /*valid_settings=*/{CONTENT_SETTING_ALLOW, CONTENT_SETTING_BLOCK},
+           WebsiteSettingsInfo::REQUESTING_AND_TOP_SCHEMEFUL_SITE_SCOPE,
+           WebsiteSettingsRegistry::ALL_PLATFORMS,
+           ContentSettingsInfo::INHERIT_IF_LESS_PERMISSIVE,
+           ContentSettingsInfo::EXCEPTIONS_ON_SECURE_AND_INSECURE_ORIGINS);
+
   // Content settings that aren't used to store any data. TODO(raymes): use a
   // different mechanism rather than content settings to represent these.
   // Since nothing is stored in them, there is no real point in them being a

diff --git a/components/content_settings/core/browser/content_settings_uma_util.cc b/components/content_settings/core/browser/content_settings_uma_util.cc
@@ -118,6 +118,7 @@ constexpr auto kHistogramValue = base::MakeFixedFlatMap<ContentSettingsType,
     {ContentSettingsType::COOKIE_CONTROLS_METADATA, 104},
     {ContentSettingsType::TPCD_SUPPORT, 105},
     {ContentSettingsType::AUTO_PICTURE_IN_PICTURE, 106},
+    {ContentSettingsType::TPCD_METADATA_GRANTS, 107},
 
     // As mentioned at the top, please don't forget to update ContentType in
     // enums.xml when you add entries here!

diff --git a/components/content_settings/core/browser/cookie_settings_unittest.cc b/components/content_settings/core/browser/cookie_settings_unittest.cc
@@ -25,6 +25,7 @@
 #include "components/content_settings/core/test/content_settings_test_utils.h"
 #include "components/sync_preferences/testing_pref_service_syncable.h"
 #include "extensions/buildflags/buildflags.h"
+#include "net/base/features.h"
 #include "net/cookies/cookie_constants.h"
 #include "net/cookies/cookie_setting_override.h"
 #include "net/cookies/cookie_util.h"
@@ -51,18 +52,41 @@ struct TestCase {
   bool storage_access_grant_eligible;
   bool top_level_storage_access_grant_eligible;
   bool eligible_for_3pcd_support;
+  // tpcd_metadata_grant_eligible aka the feature
+  // `net::features::kThirdPartyStoragePartitioning` is enabled.
+  bool tpcd_metadata_grant_eligible;
 };
 
 static constexpr TestCase kTestCases[] = {
-    {"disable_all", false, false, false},
-    {"disable_SAA_enable_TopLevel_disable_3PCD", false, true, false},
+    {"disable_all", false, false, false, false},
+    {"disable_SAA_disable_TopLevel_disable_3PCD_enable_metadata", false, false,
+     false, true},
+    {"disable_SAA_enable_TopLevel_disable_3PCD_enable_metadata", false, true,
+     false, true},
+    {"disable_SAA_enable_TopLevel_disable_3PCD_disable_metadata", false, true,
+     false, false},
 #if !BUILDFLAG(IS_IOS)
-    {"disable_SAA_enable_TopLevel_enable_3PCD", false, true, true},
-    {"disable_SAA_disable_TopLevel_enable_3PCD", false, false, true},
-    {"enable_SAA_disable_TopLevel_disable_3PCD", true, false, false},
-    {"enable_SAA_disable_TopLevel_enable_3PCD", true, false, true},
-    {"enable_SAA_enable_TopLevel_disable_3PCD", true, true, false},
-    {"enable_all", true, true, true},
+    {"disable_SAA_enable_TopLevel_enable_3PCD_enable_metadata", false, true,
+     true, true},
+    {"disable_SAA_disable_TopLevel_enable_3PCD_enable_metadata", false, false,
+     true, true},
+    {"enable_SAA_disable_TopLevel_disable_3PCD_enable_metadata", true, false,
+     false, true},
+    {"enable_SAA_disable_TopLevel_enable_3PCD_enable_metadata", true, false,
+     true, true},
+    {"enable_SAA_enable_TopLevel_disable_3PCD_enable_metadata", true, true,
+     false, true},
+    {"disable_SAA_enable_TopLevel_enable_3PCD_disable_metadata", false, true,
+     true, false},
+    {"disable_SAA_disable_TopLevel_enable_3PCD_disable_metadata", false, false,
+     true, false},
+    {"enable_SAA_disable_TopLevel_disable_3PCD_disable_metadata", true, false,
+     false, false},
+    {"enable_SAA_disable_TopLevel_enable_3PCD_disable_metadata", true, false,
+     true, false},
+    {"enable_SAA_enable_TopLevel_disable_3PCD_disable_metadata", true, true,
+     false, false},
+    {"enable_all", true, true, true, true},
 #endif
 };
 }  // namespace
@@ -129,6 +153,7 @@ class CookieSettingsTest : public testing::TestWithParam<TestCase> {
     std::vector<base::test::FeatureRef> disabled_features;
     enabled_features.push_back(
         {content_settings::features::kUserBypassUI, {{"expiration", "0d"}}});
+    enabled_features.push_back({net::features::kTpcdMetadataGrants, {}});
 #if BUILDFLAG(IS_IOS)
     enabled_features.push_back({kImprovedCookieControls, {}});
     disabled_features.push_back(net::features::kTpcdSupportSettings);
@@ -180,6 +205,10 @@ class CookieSettingsTest : public testing::TestWithParam<TestCase> {
     return GetParam().eligible_for_3pcd_support;
   }
 
+  bool Is3pcdMetadataGrantEligible() const {
+    return GetParam().tpcd_metadata_grant_eligible;
+  }
+
   net::CookieSettingOverrides GetCookieSettingOverrides() const {
     net::CookieSettingOverrides overrides;
     if (IsStorageAccessGrantEligible()) {
@@ -192,6 +221,9 @@ class CookieSettingsTest : public testing::TestWithParam<TestCase> {
     if (Is3pcdSupportEligible()) {
       overrides.Put(net::CookieSettingOverride::k3pcdSupport);
     }
+    if (Is3pcdMetadataGrantEligible()) {
+      overrides.Put(net::CookieSettingOverride::k3pcdMetadataGrantEligible);
+    }
     return overrides;
   }
 
@@ -218,6 +250,13 @@ class CookieSettingsTest : public testing::TestWithParam<TestCase> {
                                    : CONTENT_SETTING_BLOCK;
   }
 
+  // Assumes that cookie access would be blocked if not for a
+  // `net::CookieSettingOverride::k3pcdMetadataGrantEligible` override.
+  ContentSetting SettingWith3pcdMetadataGrantEligibleOverride() const {
+    return Is3pcdMetadataGrantEligible() ? CONTENT_SETTING_ALLOW
+                                         : CONTENT_SETTING_BLOCK;
+  }
+
   // The cookie access result would be blocked if not for a Storage Access API
   // grant.
   net::cookie_util::StorageAccessResult
@@ -255,6 +294,17 @@ class CookieSettingsTest : public testing::TestWithParam<TestCase> {
     return net::cookie_util::StorageAccessResult::ACCESS_BLOCKED;
   }
 
+  // The storage access result would be blocked if not for a
+  // `net::CookieSettingOverride::k3pcdMetadataGrantEligible` override.
+  net::cookie_util::StorageAccessResult
+  BlockedStorageAccessResultWith3pcdMetadataGrantOverride() const {
+    if (Is3pcdMetadataGrantEligible()) {
+      return net::cookie_util::StorageAccessResult::
+          ACCESS_ALLOWED_3PCD_METADATA_GRANT;
+    }
+    return net::cookie_util::StorageAccessResult::ACCESS_BLOCKED;
+  }
+
  protected:
   bool ShouldDeleteCookieOnExit(const std::string& domain, bool is_https) {
     return cookie_settings_->ShouldDeleteCookieOnExit(
@@ -1269,8 +1319,8 @@ TEST_P(CookieSettingsTest, GetCookieSettingTopLevelStorageAccess) {
       kAllowedRequestsHistogram,
       static_cast<int>(BlockedStorageAccessResultWithTopLevelSaaOverride()), 1);
 
-  // Invalid pair the |top_level_url| granting access to |url| is now
-  // being loaded under |url| as the top level url.
+  // Invalid pair the |top_level_url| granting access to |url| is now being
+  // loaded under |url| as the top level url.
   EXPECT_EQ(cookie_settings_->GetCookieSetting(
                 top_level_url, url, GetCookieSettingOverrides(), nullptr),
             CONTENT_SETTING_BLOCK);
@@ -1411,8 +1461,49 @@ TEST_P(CookieSettingsTest, GetCookieSetting3pcdSupport) {
       kAllowedRequestsHistogram,
       static_cast<int>(BlockedStorageAccessResultWith3pcdSupportOverride()), 1);
 
-  // Invalid pair the |top_level_url| granting access to |url| is now
-  // being loaded under |url| as the top level url.
+  // Invalid pair the |top_level_url| granting access to |url| is now being
+  // loaded under |url| as the top level url.
+  EXPECT_EQ(cookie_settings_->GetCookieSetting(
+                top_level_url, url, GetCookieSettingOverrides(), nullptr),
+            CONTENT_SETTING_BLOCK);
+
+  // Invalid pairs where a |third_url| is used.
+  EXPECT_EQ(cookie_settings_->GetCookieSetting(
+                url, third_url, GetCookieSettingOverrides(), nullptr),
+            CONTENT_SETTING_BLOCK);
+  EXPECT_EQ(cookie_settings_->GetCookieSetting(
+                third_url, top_level_url, GetCookieSettingOverrides(), nullptr),
+            CONTENT_SETTING_BLOCK);
+}
+
+TEST_P(CookieSettingsTest, GetCookieSetting3pcdMetadataGrants) {
+  const GURL top_level_url(kFirstPartySite);
+  const GURL url(kAllowedSite);
+  const GURL third_url(kBlockedSite);
+
+  base::HistogramTester histogram_tester;
+  histogram_tester.ExpectTotalCount(kAllowedRequestsHistogram, 0);
+
+  prefs_.SetInteger(prefs::kCookieControlsMode,
+                    static_cast<int>(CookieControlsMode::kBlockThirdParty));
+
+  settings_map_->SetContentSettingCustomScope(
+      ContentSettingsPattern::FromURLNoWildcard(url),
+      ContentSettingsPattern::FromURLNoWildcard(top_level_url),
+      ContentSettingsType::TPCD_METADATA_GRANTS, CONTENT_SETTING_ALLOW);
+
+  EXPECT_EQ(cookie_settings_->GetCookieSetting(
+                url, top_level_url, GetCookieSettingOverrides(), nullptr),
+            SettingWith3pcdMetadataGrantEligibleOverride());
+  histogram_tester.ExpectTotalCount(kAllowedRequestsHistogram, 1);
+  histogram_tester.ExpectBucketCount(
+      kAllowedRequestsHistogram,
+      static_cast<int>(
+          BlockedStorageAccessResultWith3pcdMetadataGrantOverride()),
+      1);
+
+  // Invalid pair the |top_level_url| granting access to |url| is now being
+  // loaded under |url| as the top level url.
   EXPECT_EQ(cookie_settings_->GetCookieSetting(
                 top_level_url, url, GetCookieSettingOverrides(), nullptr),
             CONTENT_SETTING_BLOCK);

diff --git a/components/content_settings/core/common/content_settings_types.h b/components/content_settings/core/common/content_settings_types.h
@@ -344,13 +344,18 @@ enum class ContentSettingsType : int32_t {
   // Stores per origin metadata for cookie controls.
   COOKIE_CONTROLS_METADATA,
 
-  // Setting for supporting 3PCD.
+  // Content Setting for 3PC accesses granted via 3PC deprecation trial.
   TPCD_SUPPORT,
 
   // Content setting used to indicate whether entering picture-in-picture
   // automatically should be enabled.
   AUTO_PICTURE_IN_PICTURE,
 
+  // Content Setting for 3PC accesses granted by metadata delivered via the
+  // component updater service. This type will only be used when
+  // `net::features::kTpcdMetadataGrants` is enabled.
+  TPCD_METADATA_GRANTS,
+
   NUM_TYPES,
 };
 

diff --git a/components/content_settings/core/common/cookie_settings_base.cc b/components/content_settings/core/common/cookie_settings_base.cc
@@ -193,6 +193,12 @@ bool CookieSettingsBase::ShouldConsider3pcdSupportSettings(
          overrides.Has(net::CookieSettingOverride::k3pcdSupport);
 }
 
+bool CookieSettingsBase::ShouldConsider3pcdMetadataGrantsSettings(
+    net::CookieSettingOverrides overrides) const {
+  return base::FeatureList::IsEnabled(net::features::kTpcdMetadataGrants) &&
+         overrides.Has(net::CookieSettingOverride::k3pcdMetadataGrantEligible);
+}
+
 bool CookieSettingsBase::ShouldConsiderStorageAccessGrants(
     net::CookieSettingOverrides overrides) const {
   return overrides.Has(net::CookieSettingOverride::kStorageAccessGrantEligible);
@@ -211,6 +217,8 @@ net::CookieSettingOverrides CookieSettingsBase::SettingOverridesForStorage()
     // TODO(crbug.com/1466156): Revisit whether the global setting/pref should
     // be checked here.
     overrides.Put(net::CookieSettingOverride::k3pcdSupport);
+
+    overrides.Put(net::CookieSettingOverride::k3pcdMetadataGrantEligible);
   }
   return overrides;
 }
@@ -298,6 +306,15 @@ CookieSettingsBase::GetCookieSettingInternal(
         net::cookie_util::StorageAccessResult::ACCESS_ALLOWED_3PCD);
   }
 
+  if (block_third && ShouldConsider3pcdMetadataGrantsSettings(overrides) &&
+      GetContentSetting(url, first_party_url,
+                        ContentSettingsType::TPCD_METADATA_GRANTS) ==
+          CONTENT_SETTING_ALLOW) {
+    block_third = false;
+    FireStorageAccessHistogram(net::cookie_util::StorageAccessResult::
+                                   ACCESS_ALLOWED_3PCD_METADATA_GRANT);
+  }
+
   if (!IsAllowed(setting) || block_third) {
     FireStorageAccessHistogram(
         net::cookie_util::StorageAccessResult::ACCESS_BLOCKED);

diff --git a/components/content_settings/core/common/cookie_settings_base.h b/components/content_settings/core/common/cookie_settings_base.h
@@ -215,6 +215,9 @@ class CookieSettingsBase {
   bool ShouldConsider3pcdSupportSettings(
       net::CookieSettingOverrides overrides) const;
 
+  bool ShouldConsider3pcdMetadataGrantsSettings(
+      net::CookieSettingOverrides overrides) const;
+
   // Returns a set of overrides that includes Storage Access API and Top-Level
   // Storage Access API overrides iff the config booleans indicate that Storage
   // Access API and Top-Level Storage Access API should unlock access to DOM
@@ -260,9 +263,8 @@ class CookieSettingsBase {
  private:
   // Returns a content setting for the requested parameters and populates |info|
   // if not null. Implementations might only implement a subset of all
-  // ContentSettingsTypes. Currently only COOKIES,
-  // TPCD_SUPPORT, STORAGE_ACCESS and TOP_LEVEL_STORAGE_ACCESS
-  // are required.
+  // ContentSettingsTypes. Currently only COOKIES, TPCD_SUPPORT, STORAGE_ACCESS,
+  // TPCD_METADATA_GRANTS, and TOP_LEVEL_STORAGE_ACCESS are required.
   virtual ContentSetting GetContentSetting(
       const GURL& primary_url,
       const GURL& secondary_url,

diff --git a/components/content_settings/core/common/cookie_settings_base_unittest.cc b/components/content_settings/core/common/cookie_settings_base_unittest.cc
@@ -272,6 +272,9 @@ TEST_P(CookieSettingsBaseStorageAccessAPITest,
       IsStoragePartitioned());
   EXPECT_EQ(overrides.Has(net::CookieSettingOverride::k3pcdSupport),
             IsStoragePartitioned());
+  EXPECT_EQ(
+      overrides.Has(net::CookieSettingOverride::k3pcdMetadataGrantEligible),
+      IsStoragePartitioned());
 }
 
 INSTANTIATE_TEST_SUITE_P(

diff --git a/net/base/features.cc b/net/base/features.cc
@@ -287,6 +287,10 @@ BASE_FEATURE(kTpcdSupportSettings,
              "TpcdSupportSettings",
              base::FEATURE_DISABLED_BY_DEFAULT);
 
+BASE_FEATURE(kTpcdMetadataGrants,
+             "TpcdMetadataGrants",
+             base::FEATURE_DISABLED_BY_DEFAULT);
+
 BASE_FEATURE(kAlpsParsing, "AlpsParsing", base::FEATURE_ENABLED_BY_DEFAULT);
 
 BASE_FEATURE(kAlpsClientHintParsing,

diff --git a/net/base/features.h b/net/base/features.h
@@ -330,6 +330,10 @@ NET_EXPORT BASE_DECLARE_FEATURE(kSupportPartitionedBlobUrl);
 // Feature to enable consideration of 3PCD Support settings.
 NET_EXPORT BASE_DECLARE_FEATURE(kTpcdSupportSettings);
 
+// Whether to enable the use of 3PC based on 3PCD metadata grants delivered via
+// component updater.
+NET_EXPORT BASE_DECLARE_FEATURE(kTpcdMetadataGrants);
+
 // Whether ALPS parsing is on for any type of frame.
 NET_EXPORT BASE_DECLARE_FEATURE(kAlpsParsing);