Add per-profile reporting client to SafeBrowsingPrivateEventRouter

This adds the basic internal changes to SafeBrowsingPrivateEventRouter needed to report per-profile events. This CL doesn't add new tests, as this is difficult without other per-profile CLs being submitted. Adding such tests is tracked in crbug.com/1159930 Bug: 1159533 Change-Id: I65f626941367fb31ac6005fa230624d01f861718 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2595833Reviewed-by: Daniel Rubery <drubery@chromium.org> Commit-Queue: Dominique Fauteux-Chapleau <domfc@chromium.org> Cr-Commit-Position: refs/heads/master@{#841152}

Add per-profile reporting client to SafeBrowsingPrivateEventRouter
This adds the basic internal changes to SafeBrowsingPrivateEventRouter needed to report per-profile events. This CL doesn't add new tests, as this is difficult without other per-profile CLs being submitted. Adding such tests is tracked in crbug.com/1159930 Bug: 1159533 Change-Id: I65f626941367fb31ac6005fa230624d01f861718 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2595833Reviewed-by: Daniel Rubery <drubery@chromium.org> Commit-Queue: Dominique Fauteux-Chapleau <domfc@chromium.org> Cr-Commit-Position: refs/heads/master@{#841152}
2e1d0d19 · Dominique Fauteux-Chapleau · Chromium LUCI CQ · a2478b8c · 2e1d0d19 · 2e1d0d19
Commit 2e1d0d19 authored Jan 07, 2021 by Dominique Fauteux-Chapleau Committed by Chromium LUCI CQ Jan 07, 2021
6 changed files
--- a/chrome/browser/enterprise/connectors/content_analysis_delegate_browsertest.cc
+++ b/chrome/browser/enterprise/connectors/content_analysis_delegate_browsertest.cc
@@ -217,9 +217,10 @@ class ContentAnalysisDelegateBrowserTest
                                               true);
    client_ = std::make_unique<policy::MockCloudPolicyClient>();
+    client_->SetDMToken(kDmToken);
    extensions::SafeBrowsingPrivateEventRouterFactory::GetForProfile(
        browser()->profile())
-        ->SetCloudPolicyClientForTesting(client_.get());
+        ->SetBrowserCloudPolicyClientForTesting(client_.get());
    extensions::SafeBrowsingPrivateEventRouterFactory::GetForProfile(
        browser()->profile())
        ->SetBinaryUploadServiceForTesting(FakeBinaryUploadServiceStorage());

--- a/chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router.cc
+++ b/chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router.cc
--- a/chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router.h
+++ b/chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router.h
@@ -14,6 +14,7 @@
 #include "base/memory/weak_ptr.h"
 #include "base/values.h"
 #include "build/chromeos_buildflags.h"
+#include "chrome/browser/enterprise/connectors/common.h"
 #include "chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_utils.h"
 #include "components/keyed_service/core/keyed_service.h"
 #include "components/policy/core/common/cloud/cloud_policy_client.h"
@@ -190,11 +191,12 @@ class SafeBrowsingPrivateEventRouter
      const int64_t content_size);
  // Returns true if enterprise real-time reporting should be initialized,
-  // checking both the feature flag and whether the browser is managed.  This
+  // checking both the feature flag. This function is public so that it can
-  // function is public so that it can called in tests.
+  // called in tests.
  static bool ShouldInitRealtimeReportingClient();
-  void SetCloudPolicyClientForTesting(policy::CloudPolicyClient* client);
+  void SetBrowserCloudPolicyClientForTesting(policy::CloudPolicyClient* client);
+  void SetProfileCloudPolicyClientForTesting(policy::CloudPolicyClient* client);
  void SetBinaryUploadServiceForTesting(
      safe_browsing::BinaryUploadService* binary_upload_service);
@@ -212,29 +214,50 @@ class SafeBrowsingPrivateEventRouter
  // directly by tests. Events are created lazily to avoid doing useless work if
  // they are discarded.
  using EventBuilder = base::OnceCallback<base::Value()>;
-  void ReportRealtimeEventCallback(const std::string& name,
+  void ReportRealtimeEventCallback(
-                                   EventBuilder event_builder,
+      const std::string& name,
-                                   bool authorized);
+      enterprise_connectors::ReportingSettings settings,
+      EventBuilder event_builder,
+      bool authorized);
 private:
-  // Initialize the real-time report client if needed.  This client is used only
+  // Initialize a real-time report client if needed.  This client is used only
  // if real-time reporting is enabled, the machine is properly reigistered
  // with CBCM and the appropriate policies are enabled.
-  void InitRealtimeReportingClient();
+  void InitRealtimeReportingClient(
+      const enterprise_connectors::ReportingSettings& settings);
+  // Sub-methods called by InitRealtimeReportingClient to make appropriate
+  // verifications and initialize the corresponding client. Returns a policy
+  // client description and a client, which can be nullptr if it can't be
+  // initialized.
+  std::pair<std::string, policy::CloudPolicyClient*> InitBrowserReportingClient(
+      const std::string& dm_token);
+#if !defined(OS_CHROMEOS)
+  std::pair<std::string, policy::CloudPolicyClient*> InitProfileReportingClient(
+      const std::string& dm_token);
+#endif
  // Continues execution if the client is authorized to do so.
-  void IfAuthorized(base::OnceCallback<void(bool)> cont);
+  void IfAuthorized(const std::string& dm_token,
+                    base::OnceCallback<void(bool)> cont);
  // Determines if the real-time reporting feature is enabled.
-  bool IsRealtimeReportingEnabled();
+  // Obtain settings to apply to a reporting event from ConnectorsService.
+  // base::nullopt represents that reporting should not be done.
+  base::Optional<enterprise_connectors::ReportingSettings>
+  GetReportingSettings();
  // Called whenever the real-time reporting policy changes.
  void RealtimeReportingPrefChanged(const std::string& pref);
  // Report safe browsing event through real-time reporting channel, if enabled.
  // Declared as virtual for tests.
-  virtual void ReportRealtimeEvent(const std::string&,
+  virtual void ReportRealtimeEvent(
-                                   EventBuilder event_builder);
+      const std::string&,
+      enterprise_connectors::ReportingSettings settings,
+      EventBuilder event_builder);
  // Create a privately owned cloud policy client for events routing.
  void CreatePrivateCloudPolicyClient(
@@ -291,12 +314,17 @@ class SafeBrowsingPrivateEventRouter
  signin::IdentityManager* identity_manager_ = nullptr;
  EventRouter* event_router_ = nullptr;
  safe_browsing::BinaryUploadService* binary_upload_service_ = nullptr;
-  // The cloud policy client used to upload events to the cloud. This client
-  // is never used to fetch policies. This pointer is not owned by the class.
+  // The cloud policy clients used to upload browser events and profile events
-  policy::CloudPolicyClient* client_ = nullptr;
+  // to the cloud. These clients are never used to fetch policies. These
-  // The |private_client_| is used on platforms where we cannot just get a
+  // pointers are not owned by the class.
-  // client and we create our own (used through |client_|).
+  policy::CloudPolicyClient* browser_client_ = nullptr;
-  std::unique_ptr<policy::CloudPolicyClient> private_client_;
+  policy::CloudPolicyClient* profile_client_ = nullptr;
+  // The private clients are used on platforms where we cannot just get a
+  // client and we create our own (used through the above client pointers).
+  std::unique_ptr<policy::CloudPolicyClient> browser_private_client_;
+  std::unique_ptr<policy::CloudPolicyClient> profile_private_client_;
  base::WeakPtrFactory<SafeBrowsingPrivateEventRouter> weak_ptr_factory_{this};
  DISALLOW_COPY_AND_ASSIGN(SafeBrowsingPrivateEventRouter);

--- a/chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router_unittest.cc
+++ b/chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router_unittest.cc
@@ -82,8 +82,10 @@ class FakeAuthorizedSafeBrowsingPrivateEventRouter
 private:
  void ReportRealtimeEvent(const std::string& name,
+                           enterprise_connectors::ReportingSettings settings,
                           EventBuilder event_builder) override {
-    ReportRealtimeEventCallback(name, std::move(event_builder), true);
+    ReportRealtimeEventCallback(name, std::move(settings),
+                                std::move(event_builder), true);
  }
 };
@@ -96,8 +98,10 @@ class FakeUnauthorizedSafeBrowsingPrivateEventRouter
 private:
  void ReportRealtimeEvent(const std::string& name,
+                           enterprise_connectors::ReportingSettings settings,
                           EventBuilder event_builder) override {
-    ReportRealtimeEventCallback(name, std::move(event_builder), false);
+    ReportRealtimeEventCallback(name, std::move(settings),
+                                std::move(event_builder), false);
  }
 };
@@ -237,8 +241,9 @@ class SafeBrowsingPrivateEventRouterTest : public testing::Test {
    // Set a mock cloud policy client in the router.
    client_ = std::make_unique<policy::MockCloudPolicyClient>();
+    client_->SetDMToken("fake-token");
    SafeBrowsingPrivateEventRouterFactory::GetForProfile(profile_)
-        ->SetCloudPolicyClientForTesting(client_.get());
+        ->SetBrowserCloudPolicyClientForTesting(client_.get());
  }
  void SetUpRouters(bool realtime_reporting_enable = true,
@@ -995,7 +1000,7 @@ class SafeBrowsingIsRealtimeReportingEnabledTest
  }
  bool should_init() {
-#if BUILDFLAG(GOOGLE_CHROME_BRANDING) && !BUILDFLAG(IS_CHROMEOS_ASH)
+#if !BUILDFLAG(IS_CHROMEOS_ASH)
    return is_feature_flag_enabled_;
 #else
    return is_feature_flag_enabled_ && is_manageable_;
@@ -1031,12 +1036,10 @@ TEST_P(SafeBrowsingIsRealtimeReportingEnabledTest, CheckRealtimeReport) {
      api::safe_browsing_private::OnPolicySpecifiedPasswordChanged::kEventName);
  event_router_->AddEventObserver(&event_observer);
-#if BUILDFLAG(GOOGLE_CHROME_BRANDING) && !BUILDFLAG(IS_CHROMEOS_ASH)
  bool should_report =
      is_feature_flag_enabled_ && is_policy_enabled_ && is_authorized_;
-#else
+#if BUILDFLAG(IS_CHROMEOS_ASH)
-  bool should_report = is_feature_flag_enabled_ && is_manageable_ &&
+  should_report &= is_manageable_;
-                       is_policy_enabled_ && is_authorized_;
 #endif
  if (should_report) {

--- a/chrome/browser/safe_browsing/download_protection/deep_scanning_browsertest.cc
+++ b/chrome/browser/safe_browsing/download_protection/deep_scanning_browsertest.cc
@@ -118,9 +118,10 @@ class DownloadDeepScanningBrowserTest
  void SetUpReporting() {
    SetOnSecurityEventReporting(browser()->profile()->GetPrefs(), true);
    client_ = std::make_unique<policy::MockCloudPolicyClient>();
+    client_->SetDMToken("dm_token");
    extensions::SafeBrowsingPrivateEventRouterFactory::GetForProfile(
        browser()->profile())
-        ->SetCloudPolicyClientForTesting(client_.get());
+        ->SetBrowserCloudPolicyClientForTesting(client_.get());
    identity_test_environment_ =
        std::make_unique<signin::IdentityTestEnvironment>();
    identity_test_environment_->MakePrimaryAccountAvailable(kUserName);

--- a/chrome/browser/safe_browsing/download_protection/deep_scanning_request_unittest.cc
+++ b/chrome/browser/safe_browsing/download_protection/deep_scanning_request_unittest.cc
@@ -431,7 +431,7 @@ class DeepScanningReportingTest : public DeepScanningRequestTest {
            profile_,
            base::BindRepeating(&BuildSafeBrowsingPrivateEventRouter));
    extensions::SafeBrowsingPrivateEventRouterFactory::GetForProfile(profile_)
-        ->SetCloudPolicyClientForTesting(client_.get());
+        ->SetBrowserCloudPolicyClientForTesting(client_.get());
    extensions::SafeBrowsingPrivateEventRouterFactory::GetForProfile(profile_)
        ->SetBinaryUploadServiceForTesting(
            download_protection_service_.GetFakeBinaryUploadService());
@@ -448,7 +448,7 @@ class DeepScanningReportingTest : public DeepScanningRequestTest {
  void TearDown() override {
    extensions::SafeBrowsingPrivateEventRouterFactory::GetForProfile(profile_)
-        ->SetCloudPolicyClientForTesting(nullptr);
+        ->SetBrowserCloudPolicyClientForTesting(nullptr);
    DeepScanningRequestTest::TearDown();
  }