3 files changed, 36 insertions, 8 deletions

diff --git a/net/base/static_cookie_policy.cc b/net/base/static_cookie_policy.cc
index 0ff6ead..19e0a16 100644
--- a/net/base/static_cookie_policy.cc
+++ b/net/base/static_cookie_policy.cc
@@ -16,9 +16,13 @@ int StaticCookiePolicy::CanGetCookies(const GURL& url,
                                       CompletionCallback* callback) {
   switch (type_) {
     case StaticCookiePolicy::ALLOW_ALL_COOKIES:
+    case StaticCookiePolicy::BLOCK_SETTING_THIRD_PARTY_COOKIES:
       return OK;
-    case StaticCookiePolicy::BLOCK_THIRD_PARTY_COOKIES:
-      return OK;
+    case StaticCookiePolicy::BLOCK_ALL_THIRD_PARTY_COOKIES:
+      if (first_party_for_cookies.is_empty())
+        return OK;  // Empty first-party URL indicates a first-party request.
+      return RegistryControlledDomainService::SameDomainOrHost(
+          url, first_party_for_cookies) ? OK : ERR_ACCESS_DENIED;
     case StaticCookiePolicy::BLOCK_ALL_COOKIES:
       return ERR_ACCESS_DENIED;
     default:
@@ -34,7 +38,8 @@ int StaticCookiePolicy::CanSetCookie(const GURL& url,
   switch (type_) {
     case StaticCookiePolicy::ALLOW_ALL_COOKIES:
       return OK;
-    case StaticCookiePolicy::BLOCK_THIRD_PARTY_COOKIES:
+    case StaticCookiePolicy::BLOCK_SETTING_THIRD_PARTY_COOKIES:
+    case StaticCookiePolicy::BLOCK_ALL_THIRD_PARTY_COOKIES:
       if (first_party_for_cookies.is_empty())
         return OK;  // Empty first-party URL indicates a first-party request.
       return RegistryControlledDomainService::SameDomainOrHost(
diff --git a/net/base/static_cookie_policy.h b/net/base/static_cookie_policy.h
index 4633161..815aadc 100644
--- a/net/base/static_cookie_policy.h
+++ b/net/base/static_cookie_policy.h
@@ -23,10 +23,17 @@ namespace net {
 //
 class StaticCookiePolicy : public CookiePolicy {
  public:
+  // Do not change the order of these types as they are persisted in
+  // preferences.
   enum Type {
-    ALLOW_ALL_COOKIES = 0,      // Do not perform any cookie blocking.
-    BLOCK_THIRD_PARTY_COOKIES,  // Prevent third-party cookies from being set.
-    BLOCK_ALL_COOKIES           // Disable cookies.
+    // Do not perform any cookie blocking.
+    ALLOW_ALL_COOKIES = 0,
+    // Prevent only third-party cookies from being set.
+    BLOCK_SETTING_THIRD_PARTY_COOKIES,
+    // Block all cookies (third-party or not) from begin set or read.
+    BLOCK_ALL_COOKIES,
+    // Prevent only third-party cookies from being set or read.
+    BLOCK_ALL_THIRD_PARTY_COOKIES
   };
 
   StaticCookiePolicy()
diff --git a/net/base/static_cookie_policy_unittest.cc b/net/base/static_cookie_policy_unittest.cc
index 35c1a82..57dc4fa 100644
--- a/net/base/static_cookie_policy_unittest.cc
+++ b/net/base/static_cookie_policy_unittest.cc
@@ -62,8 +62,8 @@ TEST_F(StaticCookiePolicyTest, AllowAllCookiesTest) {
   EXPECT_EQ(net::OK, CanSetCookie(url_google_, GURL()));
 }
 
-TEST_F(StaticCookiePolicyTest, BlockThirdPartyCookiesTest) {
-  SetPolicyType(net::StaticCookiePolicy::BLOCK_THIRD_PARTY_COOKIES);
+TEST_F(StaticCookiePolicyTest, BlockSettingThirdPartyCookiesTest) {
+  SetPolicyType(net::StaticCookiePolicy::BLOCK_SETTING_THIRD_PARTY_COOKIES);
 
   EXPECT_EQ(net::OK, CanGetCookies(url_google_, url_google_));
   EXPECT_EQ(net::OK, CanGetCookies(url_google_, url_google_secure_));
@@ -78,6 +78,22 @@ TEST_F(StaticCookiePolicyTest, BlockThirdPartyCookiesTest) {
   EXPECT_EQ(net::OK, CanSetCookie(url_google_, GURL()));
 }
 
+TEST_F(StaticCookiePolicyTest, BlockAllThirdPartyCookiesTest) {
+  SetPolicyType(net::StaticCookiePolicy::BLOCK_ALL_THIRD_PARTY_COOKIES);
+
+  EXPECT_EQ(net::OK, CanGetCookies(url_google_, url_google_));
+  EXPECT_EQ(net::OK, CanGetCookies(url_google_, url_google_secure_));
+  EXPECT_EQ(net::OK, CanGetCookies(url_google_, url_google_mail_));
+  EXPECT_NE(net::OK, CanGetCookies(url_google_, url_google_analytics_));
+  EXPECT_EQ(net::OK, CanGetCookies(url_google_, GURL()));
+
+  EXPECT_EQ(net::OK, CanSetCookie(url_google_, url_google_));
+  EXPECT_EQ(net::OK, CanSetCookie(url_google_, url_google_secure_));
+  EXPECT_EQ(net::OK, CanSetCookie(url_google_, url_google_mail_));
+  EXPECT_NE(net::OK, CanSetCookie(url_google_, url_google_analytics_));
+  EXPECT_EQ(net::OK, CanSetCookie(url_google_, GURL()));
+}
+
 TEST_F(StaticCookiePolicyTest, BlockAllCookiesTest) {
   SetPolicyType(net::StaticCookiePolicy::BLOCK_ALL_COOKIES);