Privacy Sandbox Settings: Implement functions for FLEDGE

CL adds two functions for use by FLEDGE to determine whether auction
parties are able to participate in or facilitate on device auctions.

(cherry picked from commit f67d233)

Bug: 1197480
Change-Id: Ie3e4c75a2e062713bf4a875f1cb133b6bf55a18c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2817738
Reviewed-by: Martin Šrámek <msramek@chromium.org>
Commit-Queue: Theodore Olsauskas-Warren <sauski@google.com>
Cr-Original-Commit-Position: refs/heads/master@{#870935}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2822634
Reviewed-by: Theodore Olsauskas-Warren <sauski@google.com>
Reviewed-by: Sean Harrison <harrisonsean@chromium.org>
Auto-Submit: Theodore Olsauskas-Warren <sauski@google.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/branch-heads/4472@{#29}
Cr-Branched-From: 3d60439-refs/heads/master@{#870763}

chrome/browser/privacy_sandbox/privacy_sandbox_settings.cc

@@ -221,6 +221,48 @@ bool PrivacySandboxSettings::ShouldSendConversionReport(
                                            conversion_origin, cookie_settings);
 }
 
+bool PrivacySandboxSettings::IsFledgeAllowed(
+    const url::Origin& top_frame_origin,
+    const GURL& auction_party) {
+  ContentSettingsForOneType cookie_settings;
+  cookie_settings_->GetCookieSettings(&cookie_settings);
+
+  return IsPrivacySandboxAllowedForContext(auction_party, top_frame_origin,
+                                           cookie_settings);
+}
+
+std::vector<GURL> PrivacySandboxSettings::FilterFledgeAllowedParties(
+    const url::Origin& top_frame_origin,
+    const std::vector<GURL>& auction_parties) {
+  ContentSettingsForOneType cookie_settings;
+  cookie_settings_->GetCookieSettings(&cookie_settings);
+
+  std::vector<GURL> allowed_parties;
+
+  // Cookie setting exceptions are rare, in most cases |cookie_settings| will
+  // have a length of 1 and only contain the default setting (which is ignored
+  // for determining if the Privacy Sandbox is allowed). If this is the case
+  // either all |auction_parties|, or none, are allowed based on the Privacy
+  // Sandbox preference, and invidiually checking each auction party can be
+  // avoided.
+  if (base::FeatureList::IsEnabled(features::kPrivacySandboxSettings) &&
+      cookie_settings.size() == 1) {
+    if (pref_service_->GetBoolean(prefs::kPrivacySandboxApisEnabled)) {
+      allowed_parties.insert(allowed_parties.begin(), auction_parties.begin(),
+                             auction_parties.end());
+    }
+    return allowed_parties;
+  }
+
+  for (const auto& party : auction_parties) {
+    if (IsPrivacySandboxAllowedForContext(party, top_frame_origin,
+                                          cookie_settings)) {
+      allowed_parties.push_back(party);
+    }
+  }
+  return allowed_parties;
+}
+
 bool PrivacySandboxSettings::IsPrivacySandboxAllowed() {
   if (!PrivacySandboxSettingsFunctional()) {
     // Simply respect 3rd-party cookies blocking settings if the UI is not

chrome/browser/privacy_sandbox/privacy_sandbox_settings.h

@@ -87,6 +87,18 @@ class PrivacySandboxSettings : public KeyedService,
                                   const url::Origin& conversion_origin,
                                   const url::Origin& reporting_origin) const;
 
+  // Determine whether |auction_party| can register an interest group, or sell /
+  // buy in an auction, on |top_frame_origin|.
+  bool IsFledgeAllowed(const url::Origin& top_frame_origin,
+                       const GURL& auction_party);
+
+  // Filter |auction_parties| down to those that may participate as a buyer for
+  // auctions run on |top_frame_origin|. Logically equivalent to calling
+  // IsFledgeAllowed() for each element of |auction_parties|.
+  std::vector<GURL> FilterFledgeAllowedParties(
+      const url::Origin& top_frame_origin,
+      const std::vector<GURL>& auction_parties);
+
   // Used by FLoC to determine whether the FLoC calculation can start in general
   // and whether the FLoC ID can be queried. If the sandbox experiment is
   // disabled, this check is equivalent to

chrome/browser/privacy_sandbox/privacy_sandbox_settings_unittest.cc

@@ -213,6 +213,14 @@ TEST_F(PrivacySandboxSettingsTest, CookieSettingAppliesWhenUiDisabled) {
       url::Origin::Create(GURL("https://another-test.com")),
       url::Origin::Create(GURL("https://embedded.com"))));
 
+  EXPECT_TRUE(privacy_sandbox_settings()->IsFledgeAllowed(
+      url::Origin::Create(GURL("https://test.com")),
+      GURL("https://embedded.com")));
+  EXPECT_EQ(std::vector<GURL>{GURL("https://embedded.com")},
+            privacy_sandbox_settings()->FilterFledgeAllowedParties(
+                url::Origin::Create(GURL("https://test.com")),
+                {GURL("https://embedded.com")}));
+
   SetupTestState(
       /*privacy_sandbox_available=*/false,
       /*privacy_sandbox_enabled=*/false,
@@ -221,6 +229,8 @@ TEST_F(PrivacySandboxSettingsTest, CookieSettingAppliesWhenUiDisabled) {
       /*user_cookie_exceptions=*/
       {{"https://embedded.com", "https://test.com",
         ContentSetting::CONTENT_SETTING_ALLOW},
+       {"https://another-embedded.com", "*",
+        ContentSetting::CONTENT_SETTING_BLOCK},
        {"https://another-test.com", "*",
         ContentSetting::CONTENT_SETTING_BLOCK}},
       /*managed_cookie_setting=*/kNoSetting,
@@ -240,6 +250,15 @@ TEST_F(PrivacySandboxSettingsTest, CookieSettingAppliesWhenUiDisabled) {
       url::Origin::Create(GURL("https://another-test.com")),
       url::Origin::Create(GURL("https://embedded.com"))));
 
+  EXPECT_TRUE(privacy_sandbox_settings()->IsFledgeAllowed(
+      url::Origin::Create(GURL("https://test.com")),
+      GURL("https://embedded.com")));
+  EXPECT_EQ(std::vector<GURL>{GURL("https://embedded.com")},
+            privacy_sandbox_settings()->FilterFledgeAllowedParties(
+                url::Origin::Create(GURL("https://test.com")),
+                {GURL("https://embedded.com"),
+                 GURL("https://another-embedded.com")}));
+
   SetupTestState(
       /*privacy_sandbox_available=*/false,
       /*privacy_sandbox_enabled=*/true,
@@ -273,6 +292,15 @@ TEST_F(PrivacySandboxSettingsTest, CookieSettingAppliesWhenUiDisabled) {
       url::Origin::Create(GURL("https://another-test.com")),
       url::Origin::Create(GURL("https://test.com")),
       url::Origin::Create(GURL("https://embedded.com"))));
+
+  EXPECT_FALSE(privacy_sandbox_settings()->IsFledgeAllowed(
+      url::Origin::Create(GURL("https://test.com")),
+      GURL("https://embedded.com")));
+  EXPECT_EQ(std::vector<GURL>{GURL("https://another-embedded.com")},
+            privacy_sandbox_settings()->FilterFledgeAllowedParties(
+                url::Origin::Create(GURL("https://test.com")),
+                {GURL("https://embedded.com"),
+                 GURL("https://another-embedded.com")}));
 }
 
 TEST_F(PrivacySandboxSettingsTest, PreferenceOverridesDefaultContentSetting) {
@@ -299,6 +327,16 @@ TEST_F(PrivacySandboxSettingsTest, PreferenceOverridesDefaultContentSetting) {
       url::Origin::Create(GURL("https://another-test.com")),
       url::Origin::Create(GURL("https://embedded.com"))));
 
+  EXPECT_TRUE(privacy_sandbox_settings()->IsFledgeAllowed(
+      url::Origin::Create(GURL("https://test.com")),
+      GURL("https://embedded.com")));
+  EXPECT_EQ((std::vector<GURL>{GURL("https://embedded.com"),
+                               GURL("https://another-embedded.com")}),
+            privacy_sandbox_settings()->FilterFledgeAllowedParties(
+                url::Origin::Create(GURL("https://test.com")),
+                {GURL("https://embedded.com"),
+                 GURL("https://another-embedded.com")}));
+
   // An allow exception should not override the preference value.
   SetupTestState(
       /*privacy_sandbox_available=*/true,
@@ -308,6 +346,8 @@ TEST_F(PrivacySandboxSettingsTest, PreferenceOverridesDefaultContentSetting) {
       /*user_cookie_exceptions=*/
       {{"https://embedded.com", "https://test.com",
         ContentSetting::CONTENT_SETTING_ALLOW},
+       {"https://another-embedded.com", "https://test.com",
+        ContentSetting::CONTENT_SETTING_ALLOW},
        {"https://embedded.com", "https://another-test.com",
         ContentSetting::CONTENT_SETTING_ALLOW}},
       /*managed_cookie_setting=*/kNoSetting,
@@ -324,6 +364,15 @@ TEST_F(PrivacySandboxSettingsTest, PreferenceOverridesDefaultContentSetting) {
       url::Origin::Create(GURL("https://test.com")),
       url::Origin::Create(GURL("https://another-test.com")),
       url::Origin::Create(GURL("https://embedded.com"))));
+
+  EXPECT_FALSE(privacy_sandbox_settings()->IsFledgeAllowed(
+      url::Origin::Create(GURL("https://test.com")),
+      GURL("https://embedded.com")));
+  EXPECT_EQ(std::vector<GURL>{},
+            privacy_sandbox_settings()->FilterFledgeAllowedParties(
+                url::Origin::Create(GURL("https://test.com")),
+                {GURL("https://embedded.com"),
+                 GURL("https://another-embedded.com")}));
 }
 
 TEST_F(PrivacySandboxSettingsTest, CookieBlockExceptionsApply) {
@@ -336,6 +385,8 @@ TEST_F(PrivacySandboxSettingsTest, CookieBlockExceptionsApply) {
       /*default_cookie_setting=*/ContentSetting::CONTENT_SETTING_ALLOW,
       /*user_cookie_exceptions=*/
       {{"https://embedded.com", "https://test.com",
+        ContentSetting::CONTENT_SETTING_BLOCK},
+       {"https://another-embedded.com", "*",
         ContentSetting::CONTENT_SETTING_BLOCK}},
       /*managed_cookie_setting=*/kNoSetting,
       /*managed_cookie_exceptions=*/{});
@@ -352,6 +403,15 @@ TEST_F(PrivacySandboxSettingsTest, CookieBlockExceptionsApply) {
       url::Origin::Create(GURL("https://another-test.com")),
       url::Origin::Create(GURL("https://embedded.com"))));
 
+  EXPECT_FALSE(privacy_sandbox_settings()->IsFledgeAllowed(
+      url::Origin::Create(GURL("https://test.com")),
+      GURL("https://embedded.com")));
+  EXPECT_EQ(std::vector<GURL>{},
+            privacy_sandbox_settings()->FilterFledgeAllowedParties(
+                url::Origin::Create(GURL("https://test.com")),
+                {GURL("https://embedded.com"),
+                 GURL("https://another-embedded.com")}));
+
   // User created exceptions should not apply if a managed default coookie
   // setting exists. What the managed default setting actually is should *not*
   // affect whether APIs are enabled. The cookie managed state is reflected in
@@ -364,6 +424,8 @@ TEST_F(PrivacySandboxSettingsTest, CookieBlockExceptionsApply) {
       /*user_cookie_exceptions=*/
       {{"https://embedded.com", "https://test.com",
         ContentSetting::CONTENT_SETTING_BLOCK},
+       {"https://another-embedded.com", "https://test.com",
+        ContentSetting::CONTENT_SETTING_BLOCK},
        {"https://embedded.com", "https://another-test.com",
         ContentSetting::CONTENT_SETTING_BLOCK}},
       /*managed_cookie_setting=*/ContentSetting::CONTENT_SETTING_BLOCK,
@@ -380,6 +442,16 @@ TEST_F(PrivacySandboxSettingsTest, CookieBlockExceptionsApply) {
       url::Origin::Create(GURL("https://another-test.com")),
       url::Origin::Create(GURL("https://embedded.com"))));
 
+  EXPECT_TRUE(privacy_sandbox_settings()->IsFledgeAllowed(
+      url::Origin::Create(GURL("https://test.com")),
+      GURL("https://embedded.com")));
+  EXPECT_EQ((std::vector<GURL>{GURL("https://embedded.com"),
+                               GURL("https://another-embedded.com")}),
+            privacy_sandbox_settings()->FilterFledgeAllowedParties(
+                url::Origin::Create(GURL("https://test.com")),
+                {GURL("https://embedded.com"),
+                 GURL("https://another-embedded.com")}));
+
   // Managed content setting exceptions should override both the privacy
   // sandbox pref and any user settings.
   SetupTestState(
@@ -390,6 +462,8 @@ TEST_F(PrivacySandboxSettingsTest, CookieBlockExceptionsApply) {
       /*user_cookie_exceptions=*/
       {{"https://embedded.com", "https://test.com",
         ContentSetting::CONTENT_SETTING_ALLOW},
+       {"https://another-embedded.com", "https://test.com",
+        ContentSetting::CONTENT_SETTING_ALLOW},
        {"https://embedded.com", "https://another-test.com",
         ContentSetting::CONTENT_SETTING_ALLOW}},
       /*managed_cookie_setting=*/ContentSetting::CONTENT_SETTING_ALLOW,
@@ -418,6 +492,15 @@ TEST_F(PrivacySandboxSettingsTest, CookieBlockExceptionsApply) {
       url::Origin::Create(GURL("https://unrelated-d.com")),
       url::Origin::Create(GURL("https://unrelated-e.com"))));
 
+  EXPECT_FALSE(privacy_sandbox_settings()->IsFledgeAllowed(
+      url::Origin::Create(GURL("https://test.com")),
+      GURL("https://embedded.com")));
+  EXPECT_EQ(std::vector<GURL>{GURL("https://another-embedded.com")},
+            privacy_sandbox_settings()->FilterFledgeAllowedParties(
+                url::Origin::Create(GURL("https://test.com")),
+                {GURL("https://embedded.com"),
+                 GURL("https://another-embedded.com")}));
+
   // A less specific block exception should not override a more specific allow
   // exception. The effective content setting in this scenario is still allow,
   // even though a block exception exists.
@@ -441,6 +524,10 @@ TEST_F(PrivacySandboxSettingsTest, CookieBlockExceptionsApply) {
       GURL("https://embedded.com"),
       url::Origin::Create(GURL("https://test.com"))));
 
+  EXPECT_TRUE(privacy_sandbox_settings()->IsFledgeAllowed(
+      url::Origin::Create(GURL("https://test.com")),
+      GURL("https://embedded.com")));
+
   // Exceptions which specify a top frame origin should not match against other
   // top frame origins, or an empty origin.
   SetupTestState(
@@ -467,6 +554,15 @@ TEST_F(PrivacySandboxSettingsTest, CookieBlockExceptionsApply) {
       url::Origin::Create(GURL("https://yet-another-test.com")),
       url::Origin::Create(GURL("https://embedded.com"))));
 
+  EXPECT_TRUE(privacy_sandbox_settings()->IsFledgeAllowed(
+      url::Origin::Create(GURL("https://another-test.com")),
+      GURL("https://embedded.com")));
+  EXPECT_EQ(std::vector<GURL>{GURL("https://another-embedded.com")},
+            privacy_sandbox_settings()->FilterFledgeAllowedParties(
+                url::Origin::Create(GURL("https://test.com")),
+                {GURL("https://embedded.com"),
+                 GURL("https://another-embedded.com")}));
+
   // Exceptions which specify a wildcard top frame origin should match both
   // empty top frames and non empty top frames.
   SetupTestState(
@@ -492,6 +588,15 @@ TEST_F(PrivacySandboxSettingsTest, CookieBlockExceptionsApply) {
       url::Origin::Create(GURL("https://test.com")),
       url::Origin::Create(GURL("https://another-test.com")),
       url::Origin::Create(GURL("https://embedded.com"))));
+
+  EXPECT_FALSE(privacy_sandbox_settings()->IsFledgeAllowed(
+      url::Origin::Create(GURL("https://test.com")),
+      GURL("https://embedded.com")));
+  EXPECT_EQ(std::vector<GURL>{GURL("https://another-embedded.com")},
+            privacy_sandbox_settings()->FilterFledgeAllowedParties(
+                url::Origin::Create(GURL("https://test.com")),
+                {GURL("https://embedded.com"),
+                 GURL("https://another-embedded.com")}));
 }
 
 TEST_F(PrivacySandboxSettingsTest, ThirdPartyByDefault) {
@@ -519,6 +624,14 @@ TEST_F(PrivacySandboxSettingsTest, ThirdPartyByDefault) {
       url::Origin::Create(GURL("https://embedded.com")),
       url::Origin::Create(GURL("https://embedded.com")),
       url::Origin::Create(GURL("https://embedded.com"))));
+
+  EXPECT_FALSE(privacy_sandbox_settings()->IsFledgeAllowed(
+      url::Origin::Create(GURL("https://embedded.com")),
+      GURL("https://embedded.com")));
+  EXPECT_EQ(std::vector<GURL>{},
+            privacy_sandbox_settings()->FilterFledgeAllowedParties(
+                url::Origin::Create(GURL("https://embedded.com")),
+                {GURL("https://embedded.com")}));
 }
 
 TEST_F(PrivacySandboxSettingsTest, IsPrivacySandboxAllowed) {