Add scope prefs to EnterpriseConnectorsPolicyHandler

This adds a pref to track the scope of the Connector prefs. This is
in preparation for code that will read this scope to decide which DM
token to use with the corresponding pref.

Bug: 1147464
Change-Id: Ib40c92fb9532b66f73e9f50e36e3074fbe376c04
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2568435
Commit-Queue: Dominique Fauteux-Chapleau <domfc@chromium.org>
Reviewed-by: Julian Pastarmov <pastarmovj@chromium.org>
Reviewed-by: Daniel Rubery <drubery@chromium.org>
Cr-Commit-Position: refs/heads/master@{#834391}

chrome/browser/enterprise/connectors/common.cc

@@ -41,6 +41,27 @@ const char* ConnectorPref(ReportingConnector connector) {
   }
 }
 
+const char* ConnectorScopePref(AnalysisConnector connector) {
+  switch (connector) {
+    case AnalysisConnector::BULK_DATA_ENTRY:
+      return kOnBulkDataEntryScopePref;
+    case AnalysisConnector::FILE_DOWNLOADED:
+      return kOnFileDownloadedScopePref;
+    case AnalysisConnector::FILE_ATTACHED:
+      return kOnFileAttachedScopePref;
+    case AnalysisConnector::ANALYSIS_CONNECTOR_UNSPECIFIED:
+      NOTREACHED() << "Using unspecified analysis connector";
+      return "";
+  }
+}
+
+const char* ConnectorScopePref(ReportingConnector connector) {
+  switch (connector) {
+    case ReportingConnector::SECURITY_EVENT:
+      return kOnSecurityEventScopePref;
+  }
+}
+
 TriggeredRule::Action GetHighestPrecedenceAction(
     const ContentAnalysisResponse& response) {
   auto action = TriggeredRule::ACTION_UNSPECIFIED;

chrome/browser/enterprise/connectors/common.h

@@ -73,6 +73,8 @@ struct ReportingSettings {
 // Returns the pref path corresponding to a connector.
 const char* ConnectorPref(AnalysisConnector connector);
 const char* ConnectorPref(ReportingConnector connector);
+const char* ConnectorScopePref(AnalysisConnector connector);
+const char* ConnectorScopePref(ReportingConnector connector);
 
 // Returns the highest precedence action in the given parameters.
 TriggeredRule::Action GetHighestPrecedenceAction(

chrome/browser/enterprise/connectors/connectors_prefs.cc

@@ -16,11 +16,24 @@ const char kOnBulkDataEntryPref[] = "enterprise_connectors.on_bulk_data_entry";
 
 const char kOnSecurityEventPref[] = "enterprise_connectors.on_security_event";
 
+const char kOnFileAttachedScopePref[] =
+    "enterprise_connectors.scope.on_file_attached";
+const char kOnFileDownloadedScopePref[] =
+    "enterprise_connectors.scope.on_file_downloaded";
+const char kOnBulkDataEntryScopePref[] =
+    "enterprise_connectors.scope.on_bulk_data_entry";
+const char kOnSecurityEventScopePref[] =
+    "enterprise_connectors.scope.on_security_event";
+
 void RegisterProfilePrefs(PrefRegistrySimple* registry) {
   registry->RegisterListPref(kOnFileAttachedPref);
   registry->RegisterListPref(kOnFileDownloadedPref);
   registry->RegisterListPref(kOnBulkDataEntryPref);
   registry->RegisterListPref(kOnSecurityEventPref);
+  registry->RegisterIntegerPref(kOnFileAttachedScopePref, 0);
+  registry->RegisterIntegerPref(kOnFileDownloadedScopePref, 0);
+  registry->RegisterIntegerPref(kOnBulkDataEntryScopePref, 0);
+  registry->RegisterIntegerPref(kOnSecurityEventScopePref, 0);
 }
 
 }  // namespace enterprise_connectors

chrome/browser/enterprise/connectors/connectors_prefs.h

@@ -21,6 +21,13 @@ extern const char kOnBulkDataEntryPref[];
 // Pref that maps to the "OnSecurityEventEnterpriseConnector" policy.
 extern const char kOnSecurityEventPref[];
 
+// Prefs that map to the scope of each policy using a
+// EnterpriseConnectorsPolicyHandler.
+extern const char kOnFileAttachedScopePref[];
+extern const char kOnFileDownloadedScopePref[];
+extern const char kOnBulkDataEntryScopePref[];
+extern const char kOnSecurityEventScopePref[];
+
 void RegisterProfilePrefs(PrefRegistrySimple* registry);
 
 }  // namespace enterprise_connectors

chrome/browser/enterprise/connectors/enterprise_connectors_policy_handler.cc

@@ -16,12 +16,14 @@ namespace enterprise_connectors {
 EnterpriseConnectorsPolicyHandler::EnterpriseConnectorsPolicyHandler(
     const char* policy_name,
     const char* pref_path,
+    const char* pref_scope_path,
     policy::Schema schema)
     : SchemaValidatingPolicyHandler(
           policy_name,
           schema.GetKnownProperty(policy_name),
           policy::SchemaOnErrorStrategy::SCHEMA_ALLOW_UNKNOWN),
-      pref_path_(pref_path) {}
+      pref_path_(pref_path),
+      pref_scope_path_(pref_scope_path) {}
 
 EnterpriseConnectorsPolicyHandler::~EnterpriseConnectorsPolicyHandler() =
     default;
@@ -46,11 +48,18 @@ bool EnterpriseConnectorsPolicyHandler::CheckPolicySettings(
 void EnterpriseConnectorsPolicyHandler::ApplyPolicySettings(
     const policy::PolicyMap& policies,
     PrefValueMap* prefs) {
-  if (!pref_path_)
+  if (!pref_path_ || !pref_scope_path_)
     return;
-  const base::Value* value = policies.GetValue(policy_name());
-  if (value)
+
+  const policy::PolicyMap::Entry* policy = policies.Get(policy_name());
+  if (!policy)
+    return;
+
+  const base::Value* value = policy->value();
+  if (value) {
     prefs->SetValue(pref_path_, value->Clone());
+    prefs->SetInteger(pref_scope_path_, policy->scope);
+  }
 }
 
 }  // namespace enterprise_connectors

chrome/browser/enterprise/connectors/enterprise_connectors_policy_handler.h

@@ -16,6 +16,7 @@ class EnterpriseConnectorsPolicyHandler
  public:
   EnterpriseConnectorsPolicyHandler(const char* policy_name,
                                     const char* pref_path,
+                                    const char* pref_scope_path,
                                     policy::Schema schema);
   EnterpriseConnectorsPolicyHandler(EnterpriseConnectorsPolicyHandler&) =
       delete;
@@ -31,6 +32,10 @@ class EnterpriseConnectorsPolicyHandler
 
  private:
   const char* pref_path_;
+
+  // Key used to store the policy::PolicyScope of the policy. This is looked up
+  // later so the Connector can adjust its behaviour.
+  const char* pref_scope_path_;
 };
 
 }  // namespace enterprise_connectors

chrome/browser/enterprise/connectors/enterprise_connectors_policy_handler_unittest.cc

@@ -23,6 +23,8 @@ namespace {
 
 const char kTestPref[] = "enterprise_connectors.test_pref";
 
+const char kTestScopePref[] = "enterprise_connectors.scope.test_pref";
+
 const char kPolicyName[] = "PolicyForTesting";
 
 const char kSchema[] = R"(
@@ -106,7 +108,7 @@ TEST_P(EnterpriseConnectorsPolicyHandlerTest, Test) {
   }
 
   auto handler = std::make_unique<EnterpriseConnectorsPolicyHandler>(
-      kPolicyName, kTestPref, validation_schema);
+      kPolicyName, kTestPref, kTestScopePref, validation_schema);
   policy::PolicyErrorMap errors;
   ASSERT_EQ(expect_valid_policy(),
             handler->CheckPolicySettings(policy_map, &errors));
@@ -117,16 +119,21 @@ TEST_P(EnterpriseConnectorsPolicyHandlerTest, Test) {
   // false, this is just to test that it applies the pref correctly.
   PrefValueMap prefs;
   base::Value* value_set_in_pref;
+  int pref_scope = -1;
   handler->ApplyPolicySettings(policy_map, &prefs);
 
   bool policy_is_set = policy() != kEmptyPolicy;
   ASSERT_EQ(policy_is_set, prefs.GetValue(kTestPref, &value_set_in_pref));
+  EXPECT_EQ(policy_is_set, prefs.GetInteger(kTestScopePref, &pref_scope));
 
   auto* value_set_in_map = policy_map.GetValue(kPolicyName);
-  if (value_set_in_map)
+  if (value_set_in_map) {
     ASSERT_TRUE(value_set_in_map->Equals(value_set_in_pref));
-  else
+    ASSERT_EQ(policy::POLICY_SCOPE_MACHINE, pref_scope);
+  } else {
     ASSERT_FALSE(policy_is_set);
+    ASSERT_EQ(-1, pref_scope);
+  }
 }
 
 INSTANTIATE_TEST_SUITE_P(

chrome/browser/policy/configuration_policy_handler_list_factory.cc

@@ -1517,27 +1517,32 @@ std::unique_ptr<ConfigurationPolicyHandlerList> BuildHandlerList(
       std::make_unique<
           enterprise_connectors::EnterpriseConnectorsPolicyHandler>(
           key::kOnFileAttachedEnterpriseConnector,
-          enterprise_connectors::kOnFileAttachedPref, chrome_schema));
+          enterprise_connectors::kOnFileAttachedPref,
+          enterprise_connectors::kOnFileAttachedScopePref, chrome_schema));
   handlers->AddHandler(
       std::make_unique<
           enterprise_connectors::EnterpriseConnectorsPolicyHandler>(
           key::kOnFileDownloadedEnterpriseConnector,
-          enterprise_connectors::kOnFileDownloadedPref, chrome_schema));
+          enterprise_connectors::kOnFileDownloadedPref,
+          enterprise_connectors::kOnFileDownloadedScopePref, chrome_schema));
   handlers->AddHandler(
       std::make_unique<
           enterprise_connectors::EnterpriseConnectorsPolicyHandler>(
           key::kOnBulkDataEntryEnterpriseConnector,
-          enterprise_connectors::kOnBulkDataEntryPref, chrome_schema));
+          enterprise_connectors::kOnBulkDataEntryPref,
+          enterprise_connectors::kOnBulkDataEntryScopePref, chrome_schema));
   handlers->AddHandler(
       std::make_unique<
           enterprise_connectors::EnterpriseConnectorsPolicyHandler>(
           key::kOnSecurityEventEnterpriseConnector,
-          enterprise_connectors::kOnSecurityEventPref, chrome_schema));
+          enterprise_connectors::kOnSecurityEventPref,
+          enterprise_connectors::kOnSecurityEventScopePref, chrome_schema));
   handlers->AddHandler(
       std::make_unique<
           enterprise_connectors::EnterpriseConnectorsPolicyHandler>(
           key::kEnterpriseRealTimeUrlCheckMode,
-          prefs::kSafeBrowsingEnterpriseRealTimeUrlCheckMode, chrome_schema));
+          prefs::kSafeBrowsingEnterpriseRealTimeUrlCheckMode,
+          prefs::kSafeBrowsingEnterpriseRealTimeUrlCheckScope, chrome_schema));
 
   handlers->AddHandler(std::make_unique<SimpleSchemaValidatingPolicyHandler>(
       key::kBrowsingDataLifetime, browsing_data::prefs::kBrowsingDataLifetime,

components/safe_browsing/core/common/safe_browsing_prefs.cc

@@ -71,6 +71,8 @@ const char kSafeBrowsingEnabled[] = "safebrowsing.enabled";
 const char kSafeBrowsingEnhanced[] = "safebrowsing.enhanced";
 const char kSafeBrowsingEnterpriseRealTimeUrlCheckMode[] =
     "safebrowsing.enterprise_real_time_url_check_mode";
+const char kSafeBrowsingEnterpriseRealTimeUrlCheckScope[] =
+    "safebrowsing.enterprise_real_time_url_check_scope";
 const char kSafeBrowsingExtendedReportingOptInAllowed[] =
     "safebrowsing.extended_reporting_opt_in_allowed";
 const char kSafeBrowsingIncidentsSent[] = "safebrowsing.incidents_sent";
@@ -213,6 +215,8 @@ void RegisterProfilePrefs(PrefRegistrySimple* registry) {
   registry->RegisterIntegerPref(
       prefs::kSafeBrowsingEnterpriseRealTimeUrlCheckMode,
       REAL_TIME_CHECK_DISABLED);
+  registry->RegisterIntegerPref(
+      prefs::kSafeBrowsingEnterpriseRealTimeUrlCheckScope, 0);
   registry->RegisterInt64Pref(prefs::kSafeBrowsingMetricsLastLogTime, 0);
 }
 

components/safe_browsing/core/common/safe_browsing_prefs.h

@@ -30,6 +30,10 @@ extern const char kSafeBrowsingEnhanced[];
 // enterprise policy.
 extern const char kSafeBrowsingEnterpriseRealTimeUrlCheckMode[];
 
+// Integer indicating the scope at which the
+// kSafeBrowsingEnterpriseRealTimeUrlCheckMode pref is set.
+extern const char kSafeBrowsingEnterpriseRealTimeUrlCheckScope[];
+
 // Boolean that tells us whether users are given the option to opt in to Safe
 // Browsing extended reporting. This is exposed as a preference that can be
 // overridden by enterprise policy.