From e41da738c01c870e5c30ccb24bb4c9f9b1cb5ae9 Mon Sep 17 00:00:00 2001
From: Eric Willigers <ericwilligers@chromium.org>
Date: Mon, 20 Jul 2020 09:55:16 +0000
Subject: [PATCH] WebShare: Introduce web-share feature policy

share() requests fail with a rejected promise if the 'web-share'
feature is not enabled.

We define 'self' as the default feature policy for web-share.

The spec has been updated
https://github.com/w3c/web-share/pull/166

Intent to Ship
https://groups.google.com/a/chromium.org/g/blink-dev/c/fgme9KOd8CU/m/TCYPKQAXAwAJ

Bug: 1079104
Change-Id: Id4030448a54589eddb45185cbd6fd8970aee34c3
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2299791
Commit-Queue: Eric Willigers <ericwilligers@chromium.org>
Reviewed-by: Ian Clelland <iclelland@chromium.org>
Reviewed-by: Daniel Murphy <dmurph@chromium.org>
Reviewed-by: Dominick Ng <dominickn@chromium.org>
Cr-Commit-Position: refs/heads/master@{#789872}
---
 .../feature_policy_feature.mojom              |  3 +++
 .../core/feature_policy/feature_policy.dict   |  1 +
 .../feature_policy_features.json5             |  5 +++++
 .../modules/webshare/navigator_share.cc       |  8 ++++++++
 .../disabled-by-feature-policy.https.sub.html | 20 +++++++++++++++++++
 ...d-by-feature-policy.https.sub.html.headers |  1 +
 .../feature-policy-features-expected.txt      |  1 +
 tools/metrics/histograms/enums.xml            |  1 +
 8 files changed, 40 insertions(+)
 create mode 100644 third_party/blink/web_tests/external/wpt/web-share/disabled-by-feature-policy.https.sub.html
 create mode 100644 third_party/blink/web_tests/external/wpt/web-share/disabled-by-feature-policy.https.sub.html.headers

diff --git a/third_party/blink/public/mojom/feature_policy/feature_policy_feature.mojom b/third_party/blink/public/mojom/feature_policy/feature_policy_feature.mojom
index a8fb913ee5e25..2a93558332e3d 100644
--- a/third_party/blink/public/mojom/feature_policy/feature_policy_feature.mojom
+++ b/third_party/blink/public/mojom/feature_policy/feature_policy_feature.mojom
@@ -134,6 +134,9 @@ enum FeaturePolicyFeature {
   // Controls use of Clipboard API Write.
   kClipboardWrite = 77,
 
+  // Controls use of Web Share API.
+  kWebShare = 78,
+
   // Don't change assigned numbers of any item, and don't reuse removed slots.
   // Add new features at the end of the enum.
   // Also, run update_feature_policy_enum.py in
diff --git a/third_party/blink/renderer/core/feature_policy/feature_policy.dict b/third_party/blink/renderer/core/feature_policy/feature_policy.dict
index 38cb4eb7b11e6..d7dcd9a54c99a 100644
--- a/third_party/blink/renderer/core/feature_policy/feature_policy.dict
+++ b/third_party/blink/renderer/core/feature_policy/feature_policy.dict
@@ -41,6 +41,7 @@
 "usb"
 "vertical-scroll"
 "vr"
+"web-share"
 "\"https://example.com/\""
 "*"
 "'self'"
diff --git a/third_party/blink/renderer/core/feature_policy/feature_policy_features.json5 b/third_party/blink/renderer/core/feature_policy/feature_policy_features.json5
index ced3954eb71be..d62c4a7051b58 100644
--- a/third_party/blink/renderer/core/feature_policy/feature_policy_features.json5
+++ b/third_party/blink/renderer/core/feature_policy/feature_policy_features.json5
@@ -331,6 +331,11 @@
       feature_default: "EnableForAll",
       depends_on: ["ExperimentalProductivityFeatures"],
     },
+    {
+      name: "WebShare",
+      feature_policy_name: "web-share",
+      depends_on: ["WebShare"],
+    },
     {
       name: "WebXr",
       feature_policy_name: "xr-spatial-tracking",
diff --git a/third_party/blink/renderer/modules/webshare/navigator_share.cc b/third_party/blink/renderer/modules/webshare/navigator_share.cc
index 520b1a590badf..edae7ee9e8c24 100644
--- a/third_party/blink/renderer/modules/webshare/navigator_share.cc
+++ b/third_party/blink/renderer/modules/webshare/navigator_share.cc
@@ -8,6 +8,7 @@
 #include <utility>
 
 #include "third_party/blink/public/common/browser_interface_broker_proxy.h"
+#include "third_party/blink/public/mojom/feature_policy/feature_policy_feature.mojom-blink.h"
 #include "third_party/blink/public/platform/platform.h"
 #include "third_party/blink/renderer/bindings/modules/v8/v8_share_data.h"
 #include "third_party/blink/renderer/core/dom/dom_exception.h"
@@ -202,6 +203,13 @@ ScriptPromise NavigatorShare::share(ScriptState* script_state,
     return ScriptPromise();
   }
 
+  if (!ExecutionContext::From(script_state)
+           ->IsFeatureEnabled(mojom::blink::FeaturePolicyFeature::kWebShare)) {
+    exception_state.ThrowDOMException(DOMExceptionCode::kNotAllowedError,
+                                      "Permission denied");
+    return ScriptPromise();
+  }
+
   LocalDOMWindow* window = LocalDOMWindow::From(script_state);
   if (!LocalFrame::ConsumeTransientUserActivation(window->GetFrame())) {
     exception_state.ThrowDOMException(
diff --git a/third_party/blink/web_tests/external/wpt/web-share/disabled-by-feature-policy.https.sub.html b/third_party/blink/web_tests/external/wpt/web-share/disabled-by-feature-policy.https.sub.html
new file mode 100644
index 0000000000000..9c1893232997a
--- /dev/null
+++ b/third_party/blink/web_tests/external/wpt/web-share/disabled-by-feature-policy.https.sub.html
@@ -0,0 +1,20 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="utf-8" />
+    <title>WebShare Test: Can be disabled by feature policy</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/resources/testdriver.js"></script>
+    <script src="/resources/testdriver-vendor.js"></script>
+  </head>
+  <body>
+    <script>
+      promise_test(async t => {
+        await test_driver.bless("web share");
+
+        await promise_rejects_dom(t, "NotAllowedError", navigator.share({}));
+      }, "share can be disabled by feature policy");
+    </script>
+  </body>
+</html>
diff --git a/third_party/blink/web_tests/external/wpt/web-share/disabled-by-feature-policy.https.sub.html.headers b/third_party/blink/web_tests/external/wpt/web-share/disabled-by-feature-policy.https.sub.html.headers
new file mode 100644
index 0000000000000..a9b2b95074245
--- /dev/null
+++ b/third_party/blink/web_tests/external/wpt/web-share/disabled-by-feature-policy.https.sub.html.headers
@@ -0,0 +1 @@
+Feature-Policy: web-share 'none'
diff --git a/third_party/blink/web_tests/webexposed/feature-policy-features-expected.txt b/third_party/blink/web_tests/webexposed/feature-policy-features-expected.txt
index 0e5a47196a799..ca081a607c67c 100644
--- a/third_party/blink/web_tests/webexposed/feature-policy-features-expected.txt
+++ b/third_party/blink/web_tests/webexposed/feature-policy-features-expected.txt
@@ -58,5 +58,6 @@ top-navigation
 trust-token-redemption
 usb
 vertical-scroll
+web-share
 xr-spatial-tracking
 
diff --git a/tools/metrics/histograms/enums.xml b/tools/metrics/histograms/enums.xml
index a5ab7ac6bab8e..6e92a82a5139d 100644
--- a/tools/metrics/histograms/enums.xml
+++ b/tools/metrics/histograms/enums.xml
@@ -28608,6 +28608,7 @@ Called by update_feature_policy_enum.py.-->
   <int value="75" label="CrossOriginIsolated"/>
   <int value="76" label="ClipboardRead"/>
   <int value="77" label="ClipboardWrite"/>
+  <int value="78" label="WebShare"/>
 </enum>
 
 <enum name="FeaturePolicyImageCompressionFormat">