Add per-profile reporting client to SafeBrowsingPrivateEventRouter

This adds the basic internal changes to SafeBrowsingPrivateEventRouter
needed to report per-profile events. This CL doesn't add new tests, as
this is difficult without other per-profile CLs being submitted. Adding
such tests is tracked in crbug.com/1159930

Bug: 1159533
Change-Id: I65f626941367fb31ac6005fa230624d01f861718
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2595833Reviewed-by: Daniel Rubery <drubery@chromium.org>
Commit-Queue: Dominique Fauteux-Chapleau <domfc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#841152}

chrome/browser/enterprise/connectors/content_analysis_delegate_browsertest.cc

@@ -217,9 +217,10 @@ class ContentAnalysisDelegateBrowserTest
                                                true);
 
     client_ = std::make_unique<policy::MockCloudPolicyClient>();
+    client_->SetDMToken(kDmToken);
     extensions::SafeBrowsingPrivateEventRouterFactory::GetForProfile(
         browser()->profile())
-        ->SetCloudPolicyClientForTesting(client_.get());
+        ->SetBrowserCloudPolicyClientForTesting(client_.get());
     extensions::SafeBrowsingPrivateEventRouterFactory::GetForProfile(
         browser()->profile())
         ->SetBinaryUploadServiceForTesting(FakeBinaryUploadServiceStorage());

chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router.h

@@ -14,6 +14,7 @@
 #include "base/memory/weak_ptr.h"
 #include "base/values.h"
 #include "build/chromeos_buildflags.h"
+#include "chrome/browser/enterprise/connectors/common.h"
 #include "chrome/browser/safe_browsing/cloud_content_scanning/deep_scanning_utils.h"
 #include "components/keyed_service/core/keyed_service.h"
 #include "components/policy/core/common/cloud/cloud_policy_client.h"
@@ -190,11 +191,12 @@ class SafeBrowsingPrivateEventRouter
       const int64_t content_size);
 
   // Returns true if enterprise real-time reporting should be initialized,
-  // checking both the feature flag and whether the browser is managed.  This
-  // function is public so that it can called in tests.
+  // checking both the feature flag. This function is public so that it can
+  // called in tests.
   static bool ShouldInitRealtimeReportingClient();
 
-  void SetCloudPolicyClientForTesting(policy::CloudPolicyClient* client);
+  void SetBrowserCloudPolicyClientForTesting(policy::CloudPolicyClient* client);
+  void SetProfileCloudPolicyClientForTesting(policy::CloudPolicyClient* client);
 
   void SetBinaryUploadServiceForTesting(
       safe_browsing::BinaryUploadService* binary_upload_service);
@@ -212,29 +214,50 @@ class SafeBrowsingPrivateEventRouter
   // directly by tests. Events are created lazily to avoid doing useless work if
   // they are discarded.
   using EventBuilder = base::OnceCallback<base::Value()>;
-  void ReportRealtimeEventCallback(const std::string& name,
-                                   EventBuilder event_builder,
-                                   bool authorized);
+  void ReportRealtimeEventCallback(
+      const std::string& name,
+      enterprise_connectors::ReportingSettings settings,
+      EventBuilder event_builder,
+      bool authorized);
 
  private:
-  // Initialize the real-time report client if needed.  This client is used only
+  // Initialize a real-time report client if needed.  This client is used only
   // if real-time reporting is enabled, the machine is properly reigistered
   // with CBCM and the appropriate policies are enabled.
-  void InitRealtimeReportingClient();
+  void InitRealtimeReportingClient(
+      const enterprise_connectors::ReportingSettings& settings);
+
+  // Sub-methods called by InitRealtimeReportingClient to make appropriate
+  // verifications and initialize the corresponding client. Returns a policy
+  // client description and a client, which can be nullptr if it can't be
+  // initialized.
+  std::pair<std::string, policy::CloudPolicyClient*> InitBrowserReportingClient(
+      const std::string& dm_token);
+
+#if !defined(OS_CHROMEOS)
+  std::pair<std::string, policy::CloudPolicyClient*> InitProfileReportingClient(
+      const std::string& dm_token);
+#endif
 
   // Continues execution if the client is authorized to do so.
-  void IfAuthorized(base::OnceCallback<void(bool)> cont);
+  void IfAuthorized(const std::string& dm_token,
+                    base::OnceCallback<void(bool)> cont);
 
   // Determines if the real-time reporting feature is enabled.
-  bool IsRealtimeReportingEnabled();
+  // Obtain settings to apply to a reporting event from ConnectorsService.
+  // base::nullopt represents that reporting should not be done.
+  base::Optional<enterprise_connectors::ReportingSettings>
+  GetReportingSettings();
 
   // Called whenever the real-time reporting policy changes.
   void RealtimeReportingPrefChanged(const std::string& pref);
 
   // Report safe browsing event through real-time reporting channel, if enabled.
   // Declared as virtual for tests.
-  virtual void ReportRealtimeEvent(const std::string&,
-                                   EventBuilder event_builder);
+  virtual void ReportRealtimeEvent(
+      const std::string&,
+      enterprise_connectors::ReportingSettings settings,
+      EventBuilder event_builder);
 
   // Create a privately owned cloud policy client for events routing.
   void CreatePrivateCloudPolicyClient(
@@ -291,12 +314,17 @@ class SafeBrowsingPrivateEventRouter
   signin::IdentityManager* identity_manager_ = nullptr;
   EventRouter* event_router_ = nullptr;
   safe_browsing::BinaryUploadService* binary_upload_service_ = nullptr;
-  // The cloud policy client used to upload events to the cloud. This client
-  // is never used to fetch policies. This pointer is not owned by the class.
-  policy::CloudPolicyClient* client_ = nullptr;
-  // The |private_client_| is used on platforms where we cannot just get a
-  // client and we create our own (used through |client_|).
-  std::unique_ptr<policy::CloudPolicyClient> private_client_;
+
+  // The cloud policy clients used to upload browser events and profile events
+  // to the cloud. These clients are never used to fetch policies. These
+  // pointers are not owned by the class.
+  policy::CloudPolicyClient* browser_client_ = nullptr;
+  policy::CloudPolicyClient* profile_client_ = nullptr;
+
+  // The private clients are used on platforms where we cannot just get a
+  // client and we create our own (used through the above client pointers).
+  std::unique_ptr<policy::CloudPolicyClient> browser_private_client_;
+  std::unique_ptr<policy::CloudPolicyClient> profile_private_client_;
 
   base::WeakPtrFactory<SafeBrowsingPrivateEventRouter> weak_ptr_factory_{this};
   DISALLOW_COPY_AND_ASSIGN(SafeBrowsingPrivateEventRouter);

chrome/browser/extensions/api/safe_browsing_private/safe_browsing_private_event_router_unittest.cc

@@ -82,8 +82,10 @@ class FakeAuthorizedSafeBrowsingPrivateEventRouter
 
  private:
   void ReportRealtimeEvent(const std::string& name,
+                           enterprise_connectors::ReportingSettings settings,
                            EventBuilder event_builder) override {
-    ReportRealtimeEventCallback(name, std::move(event_builder), true);
+    ReportRealtimeEventCallback(name, std::move(settings),
+                                std::move(event_builder), true);
   }
 };
 
@@ -96,8 +98,10 @@ class FakeUnauthorizedSafeBrowsingPrivateEventRouter
 
  private:
   void ReportRealtimeEvent(const std::string& name,
+                           enterprise_connectors::ReportingSettings settings,
                            EventBuilder event_builder) override {
-    ReportRealtimeEventCallback(name, std::move(event_builder), false);
+    ReportRealtimeEventCallback(name, std::move(settings),
+                                std::move(event_builder), false);
   }
 };
 
@@ -237,8 +241,9 @@ class SafeBrowsingPrivateEventRouterTest : public testing::Test {
 
     // Set a mock cloud policy client in the router.
     client_ = std::make_unique<policy::MockCloudPolicyClient>();
+    client_->SetDMToken("fake-token");
     SafeBrowsingPrivateEventRouterFactory::GetForProfile(profile_)
-        ->SetCloudPolicyClientForTesting(client_.get());
+        ->SetBrowserCloudPolicyClientForTesting(client_.get());
   }
 
   void SetUpRouters(bool realtime_reporting_enable = true,
@@ -995,7 +1000,7 @@ class SafeBrowsingIsRealtimeReportingEnabledTest
   }
 
   bool should_init() {
-#if BUILDFLAG(GOOGLE_CHROME_BRANDING) && !BUILDFLAG(IS_CHROMEOS_ASH)
+#if !BUILDFLAG(IS_CHROMEOS_ASH)
     return is_feature_flag_enabled_;
 #else
     return is_feature_flag_enabled_ && is_manageable_;
@@ -1031,12 +1036,10 @@ TEST_P(SafeBrowsingIsRealtimeReportingEnabledTest, CheckRealtimeReport) {
       api::safe_browsing_private::OnPolicySpecifiedPasswordChanged::kEventName);
   event_router_->AddEventObserver(&event_observer);
 
-#if BUILDFLAG(GOOGLE_CHROME_BRANDING) && !BUILDFLAG(IS_CHROMEOS_ASH)
   bool should_report =
       is_feature_flag_enabled_ && is_policy_enabled_ && is_authorized_;
-#else
-  bool should_report = is_feature_flag_enabled_ && is_manageable_ &&
-                       is_policy_enabled_ && is_authorized_;
+#if BUILDFLAG(IS_CHROMEOS_ASH)
+  should_report &= is_manageable_;
 #endif
 
   if (should_report) {

chrome/browser/safe_browsing/download_protection/deep_scanning_browsertest.cc

@@ -118,9 +118,10 @@ class DownloadDeepScanningBrowserTest
   void SetUpReporting() {
     SetOnSecurityEventReporting(browser()->profile()->GetPrefs(), true);
     client_ = std::make_unique<policy::MockCloudPolicyClient>();
+    client_->SetDMToken("dm_token");
     extensions::SafeBrowsingPrivateEventRouterFactory::GetForProfile(
         browser()->profile())
-        ->SetCloudPolicyClientForTesting(client_.get());
+        ->SetBrowserCloudPolicyClientForTesting(client_.get());
     identity_test_environment_ =
         std::make_unique<signin::IdentityTestEnvironment>();
     identity_test_environment_->MakePrimaryAccountAvailable(kUserName);

chrome/browser/safe_browsing/download_protection/deep_scanning_request_unittest.cc

@@ -431,7 +431,7 @@ class DeepScanningReportingTest : public DeepScanningRequestTest {
             profile_,
             base::BindRepeating(&BuildSafeBrowsingPrivateEventRouter));
     extensions::SafeBrowsingPrivateEventRouterFactory::GetForProfile(profile_)
-        ->SetCloudPolicyClientForTesting(client_.get());
+        ->SetBrowserCloudPolicyClientForTesting(client_.get());
     extensions::SafeBrowsingPrivateEventRouterFactory::GetForProfile(profile_)
         ->SetBinaryUploadServiceForTesting(
             download_protection_service_.GetFakeBinaryUploadService());
@@ -448,7 +448,7 @@ class DeepScanningReportingTest : public DeepScanningRequestTest {
 
   void TearDown() override {
     extensions::SafeBrowsingPrivateEventRouterFactory::GetForProfile(profile_)
-        ->SetCloudPolicyClientForTesting(nullptr);
+        ->SetBrowserCloudPolicyClientForTesting(nullptr);
     DeepScanningRequestTest::TearDown();
   }