[Secure Payment Confirmation] Check permission policy and feature.

This patch adds a check for the state of "payment" permission policy (formerly known as feature policy) and the "SecurePaymentConfirmation" content feature before creating the payment credential service in the browser and on each Mojo IPC call into this service. The render frame host is also checked to be "current", that is attached to a web contents, because enrolling a payment credential from a detached iframe should not be allowed. Bug: 2709403 Change-Id: I756a58f144b01e0cbf655527dfc097d182d2453c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2710525 Reviewed-by: Ian Clelland <iclelland@chromium.org> Reviewed-by: Nick Burris <nburris@chromium.org> Commit-Queue: Rouslan Solomakhin <rouslan@chromium.org> Cr-Commit-Position: refs/heads/master@{#857245}
marcosholgado · Feb 24, 2021 · 99e84d0 · 99e84d0
1 parent 8d18859
commit 99e84d0
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 1 deletion.
diff --git a/chrome/browser/payments/payment_credential_factory.cc b/chrome/browser/payments/payment_credential_factory.cc
@@ -8,6 +8,7 @@
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/web_data_service_factory.h"
 #include "components/keyed_service/core/service_access_type.h"
+#include "components/payments/content/payment_credential.h"
 #include "components/payments/content/payment_manifest_web_data_service.h"
 #include "components/payments/content/payment_request_web_contents_manager.h"
 #include "content/public/browser/render_frame_host.h"
@@ -19,6 +20,10 @@ namespace payments {
 void CreatePaymentCredential(
     content::RenderFrameHost* render_frame_host,
     mojo::PendingReceiver<mojom::PaymentCredential> receiver) {
+  if (!PaymentCredential::IsFrameAllowedToUseSecurePaymentConfirmation(
+          render_frame_host))
+    return;
+
   content::WebContents* web_contents =
       content::WebContents::FromRenderFrameHost(render_frame_host);
   if (!web_contents)

diff --git a/components/payments/content/DEPS b/components/payments/content/DEPS
@@ -26,6 +26,7 @@ include_rules = [
   "+sql",
   "+third_party/blink/public/common",
   "+third_party/blink/public/mojom/devtools/console_message.mojom.h",
+  "+third_party/blink/public/mojom/feature_policy",
   "+third_party/blink/public/mojom/payments",
   "+third_party/blink/public/mojom/webauthn",
   "+third_party/blink/public/platform/modules/payments",

diff --git a/components/payments/content/payment_credential.cc b/components/payments/content/payment_credential.cc
@@ -8,16 +8,27 @@
 #include <memory>
 
 #include "base/compiler_specific.h"
+#include "base/feature_list.h"
 #include "base/memory/ref_counted_memory.h"
 #include "base/strings/utf_string_conversions.h"
 #include "components/payments/content/payment_manifest_web_data_service.h"
 #include "components/payments/core/secure_payment_confirmation_instrument.h"
 #include "components/payments/core/url_util.h"
 #include "content/public/browser/web_contents.h"
+#include "content/public/common/content_features.h"
+#include "third_party/blink/public/mojom/feature_policy/feature_policy_feature.mojom-shared.h"
 #include "ui/gfx/image/image.h"
 
 namespace payments {
 
+// static
+bool PaymentCredential::IsFrameAllowedToUseSecurePaymentConfirmation(
+    content::RenderFrameHost* rfh) {
+  return rfh && rfh->IsCurrent() &&
+         rfh->IsFeatureEnabled(blink::mojom::FeaturePolicyFeature::kPayment) &&
+         base::FeatureList::IsEnabled(features::kSecurePaymentConfirmation);
+}
+
 PaymentCredential::PaymentCredential(
     content::WebContents* web_contents,
     content::GlobalFrameRoutingId initiator_frame_routing_id,
@@ -135,7 +146,7 @@ bool PaymentCredential::IsCurrentStateValid() const {
   content::RenderFrameHost* render_frame_host =
       content::RenderFrameHost::FromID(initiator_frame_routing_id_);
 
-  if (!render_frame_host || !render_frame_host->IsCurrent() ||
+  if (!IsFrameAllowedToUseSecurePaymentConfirmation(render_frame_host) ||
       !web_contents() ||
       web_contents() !=
           content::WebContents::FromRenderFrameHost(render_frame_host) ||

diff --git a/components/payments/content/payment_credential.h b/components/payments/content/payment_credential.h
@@ -38,6 +38,9 @@ class PaymentCredential : public mojom::PaymentCredential,
                           public WebDataServiceConsumer,
                           public content::WebContentsObserver {
  public:
+  static bool IsFrameAllowedToUseSecurePaymentConfirmation(
+      content::RenderFrameHost* rfh);
+
   PaymentCredential(
       content::WebContents* web_contents,
       content::GlobalFrameRoutingId initiator_frame_routing_id,