Show proxy privacy warning

If the user has manually set a proxy in the network settings, a warning
is shown in the tray to let them know that traffic may be monitored.

This CL implements showing the proxy privacy disclosure message
regardless of the proxy source or configuration mode (PAC, WPAD etc).

Bug: 1119754, 919691
Test: unittest
Change-Id: I6da49a72650614c1bd58c76e7bdb474ed4881c50
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2367042Reviewed-by: Denis Kuznetsov [CET] <antrim@chromium.org>
Reviewed-by: Steven Bennetts <stevenjb@chromium.org>
Commit-Queue: Andreea-Elena Costinas <acostinas@google.com>
Cr-Commit-Position: refs/heads/master@{#801288}

ash/system/network/network_list_view.cc

@@ -258,8 +258,8 @@ NetworkListView::UpdateNetworkListEntries() {
   int index = 0;
 
   const NetworkStateProperties* default_network = model()->default_network();
-  bool using_proxy = default_network &&
-                     default_network->proxy_mode == ProxyMode::kFixedServers;
+  bool using_proxy =
+      default_network && default_network->proxy_mode != ProxyMode::kDirect;
   // Show a warning that the connection might be monitored if connected to a VPN
   // or if the default network has a proxy installed.
   if (vpn_connected_ || using_proxy) {

chrome/browser/chromeos/net/network_pref_state_observer_unittest.cc

@@ -86,7 +86,7 @@ class NetworkPrefStateObserverTest : public testing::Test {
 TEST_F(NetworkPrefStateObserverTest, LoginUser) {
   // UIProxyConfigService should exist with device PrefService.
   UIProxyConfigService* device_ui_proxy_config_service =
-      NetworkHandler::Get()->ui_proxy_config_service();
+      NetworkHandler::GetUiProxyConfigService();
   ASSERT_TRUE(device_ui_proxy_config_service);
   // There should be no proxy config available.
   base::Value ui_proxy_config(base::Value::Type::DICTIONARY);
@@ -97,7 +97,7 @@ TEST_F(NetworkPrefStateObserverTest, LoginUser) {
 
   // New UIProxyConfigService should be created with a profile PrefService.
   UIProxyConfigService* profile_ui_proxy_config_service =
-      NetworkHandler::Get()->ui_proxy_config_service();
+      NetworkHandler::GetUiProxyConfigService();
   ASSERT_TRUE(profile_ui_proxy_config_service);
   ASSERT_NE(device_ui_proxy_config_service, profile_ui_proxy_config_service);
   ui_proxy_config = base::Value(base::Value::Type::DICTIONARY);
@@ -114,9 +114,9 @@ TEST_F(NetworkPrefStateObserverTest, LoginUser) {
 
   // Mode should now be MODE_PAC_SCRIPT.
   ui_proxy_config = base::Value(base::Value::Type::DICTIONARY);
-  EXPECT_TRUE(NetworkHandler::Get()
-                  ->ui_proxy_config_service()
-                  ->MergeEnforcedProxyConfig(kNetworkId, &ui_proxy_config));
+  EXPECT_TRUE(
+      NetworkHandler::GetUiProxyConfigService()->MergeEnforcedProxyConfig(
+          kNetworkId, &ui_proxy_config));
   base::Value* mode = ui_proxy_config.FindPath(
       {::onc::network_config::kType, ::onc::kAugmentationActiveSetting});
   ASSERT_TRUE(mode);

chrome/browser/ui/webui/chromeos/login/network_state_informer.cc

@@ -48,16 +48,14 @@ NetworkStateInformer::State GetStateForDefaultNetwork() {
     // NetworkPortalDetector's state of current network is unknown.
     if (status == NetworkPortalDetector::CAPTIVE_PORTAL_STATUS_ONLINE ||
         (status == NetworkPortalDetector::CAPTIVE_PORTAL_STATUS_UNKNOWN &&
-         !NetworkHandler::Get()
-              ->ui_proxy_config_service()
+         !NetworkHandler::GetUiProxyConfigService()
               ->HasDefaultNetworkProxyConfigured() &&
          network->connection_state() == shill::kStateOnline)) {
       return NetworkStateInformer::ONLINE;
     }
     if (status ==
             NetworkPortalDetector::CAPTIVE_PORTAL_STATUS_PROXY_AUTH_REQUIRED &&
-        NetworkHandler::Get()
-            ->ui_proxy_config_service()
+        NetworkHandler::GetUiProxyConfigService()
             ->HasDefaultNetworkProxyConfigured()) {
       return NetworkStateInformer::PROXY_AUTH_REQUIRED;
     }

chrome/browser/ui/webui/management_ui_handler.cc

@@ -640,13 +640,14 @@ void ManagementUIHandler::AddProxyServerPrivacyDisclosure(
   base::Value proxy_settings(base::Value::Type::DICTIONARY);
   // |ui_proxy_config_service| may be missing in tests. If the device is offline
   // (no network connected) the |DefaultNetwork| is null.
-  if (network_handler->has_ui_proxy_config_service() &&
+  if (chromeos::NetworkHandler::HasUiProxyConfigService() &&
       network_handler->network_state_handler()->DefaultNetwork()) {
     // Check if proxy is enforced by user policy, a forced install extension or
     // ONC policies. This will only read managed settings.
-    network_handler->ui_proxy_config_service()->MergeEnforcedProxyConfig(
-        network_handler->network_state_handler()->DefaultNetwork()->guid(),
-        &proxy_settings);
+    chromeos::NetworkHandler::GetUiProxyConfigService()
+        ->MergeEnforcedProxyConfig(
+            network_handler->network_state_handler()->DefaultNetwork()->guid(),
+            &proxy_settings);
   }
   if (!proxy_settings.DictEmpty()) {
     // Proxies can be specified by web server url, via a PAC script or via the

chromeos/network/network_handler.cc

@@ -135,6 +135,15 @@ void NetworkHandler::ShutdownPrefServices() {
   network_metadata_store_.reset();
 }
 
+bool NetworkHandler::HasUiProxyConfigService() {
+  return IsInitialized() && Get()->ui_proxy_config_service_.get();
+}
+
+UIProxyConfigService* NetworkHandler::GetUiProxyConfigService() {
+  DCHECK(HasUiProxyConfigService());
+  return Get()->ui_proxy_config_service_.get();
+}
+
 NetworkStateHandler* NetworkHandler::network_state_handler() {
   return network_state_handler_.get();
 }
@@ -189,9 +198,4 @@ NetworkHandler::prohibited_technologies_handler() {
   return prohibited_technologies_handler_.get();
 }
 
-UIProxyConfigService* NetworkHandler::ui_proxy_config_service() {
-  CHECK(ui_proxy_config_service_.get());
-  return ui_proxy_config_service_.get();
-}
-
 }  // namespace chromeos

chromeos/network/network_handler.h

@@ -64,6 +64,10 @@ class COMPONENT_EXPORT(CHROMEOS_NETWORK) NetworkHandler {
   // Must be called before pref services are shut down.
   void ShutdownPrefServices();
 
+  // Global network configuration services.
+  static bool HasUiProxyConfigService();
+  static UIProxyConfigService* GetUiProxyConfigService();
+
   // Returns the task runner for posting NetworkHandler calls from other
   // threads.
   base::SingleThreadTaskRunner* task_runner() { return task_runner_.get(); }
@@ -85,10 +89,6 @@ class COMPONENT_EXPORT(CHROMEOS_NETWORK) NetworkHandler {
   GeolocationHandler* geolocation_handler();
   ProhibitedTechnologiesHandler* prohibited_technologies_handler();
 
-  // Global network configuration services.
-  UIProxyConfigService* ui_proxy_config_service();
-  bool has_ui_proxy_config_service() { return ui_proxy_config_service_.get(); }
-
   void set_is_enterprise_managed(bool is_enterprise_managed) {
     is_enterprise_managed_ = is_enterprise_managed;
   }

chromeos/network/proxy/ui_proxy_config_service.cc

@@ -17,8 +17,10 @@
 #include "chromeos/network/proxy/proxy_config_handler.h"
 #include "chromeos/network/proxy/proxy_config_service_impl.h"
 #include "chromeos/network/tether_constants.h"
+#include "components/prefs/pref_service.h"
 #include "components/proxy_config/pref_proxy_config_tracker_impl.h"
 #include "components/proxy_config/proxy_config_pref_names.h"
+#include "components/proxy_config/proxy_prefs.h"
 #include "net/proxy_resolution/proxy_config.h"
 
 namespace chromeos {
@@ -179,6 +181,19 @@ base::Value NetProxyConfigAsOncValue(const net::ProxyConfig& net_config,
   return base::Value();
 }
 
+ProxyPrefs::ProxyMode OncStringToProxyMode(const std::string& onc_proxy_type) {
+  if (onc_proxy_type == ::onc::proxy::kDirect)
+    return ProxyPrefs::ProxyMode::MODE_DIRECT;
+  if (onc_proxy_type == ::onc::proxy::kWPAD)
+    return ProxyPrefs::ProxyMode::MODE_AUTO_DETECT;
+  if (onc_proxy_type == ::onc::proxy::kPAC)
+    return ProxyPrefs::ProxyMode::MODE_PAC_SCRIPT;
+  if (onc_proxy_type == ::onc::proxy::kManual)
+    return ProxyPrefs::ProxyMode::MODE_FIXED_SERVERS;
+  NOTREACHED() << "Unsupported ONC proxy type: " << onc_proxy_type;
+  return ProxyPrefs::ProxyMode::MODE_DIRECT;
+}
+
 }  // namespace
 
 UIProxyConfigService::UIProxyConfigService(
@@ -291,16 +306,35 @@ bool UIProxyConfigService::HasDefaultNetworkProxyConfigured() {
 
 ProxyPrefs::ProxyMode UIProxyConfigService::ProxyModeForNetwork(
     const NetworkState* network) {
-  // TODO(919691): Include proxies set by an extension and per-user proxies.
   onc::ONCSource onc_source = onc::ONC_SOURCE_NONE;
   std::unique_ptr<ProxyConfigDictionary> proxy_dict =
       proxy_config::GetProxyConfigForNetwork(nullptr, local_state_prefs_,
                                              *network, network_profile_handler_,
                                              &onc_source);
-  ProxyPrefs::ProxyMode mode;
-  if (!proxy_dict || !proxy_dict->GetMode(&mode))
-    return ProxyPrefs::MODE_DIRECT;
-  return mode;
+  base::Value proxy_settings(base::Value::Type::DICTIONARY);
+  if (proxy_dict)
+    proxy_settings = proxy_dict->GetDictionary().Clone();
+
+  PrefService* top_pref_service =
+      profile_prefs_ ? profile_prefs_ : local_state_prefs_;
+
+  // On the OOBE screen and/or tests.
+  if (!network->IsInProfile() ||
+      !top_pref_service->HasPrefPath(::proxy_config::prefs::kProxy)) {
+    ProxyPrefs::ProxyMode mode;
+    if (!proxy_dict || !proxy_dict->GetMode(&mode))
+      return ProxyPrefs::MODE_DIRECT;
+    return mode;
+  }
+
+  MergeEnforcedProxyConfig(network->guid(), &proxy_settings);
+  if (!proxy_settings.DictEmpty()) {
+    base::Value* proxy_specification_mode = proxy_settings.FindPath(
+        {::onc::network_config::kType, ::onc::kAugmentationActiveSetting});
+    if (proxy_specification_mode)
+      return OncStringToProxyMode(proxy_specification_mode->GetString());
+  }
+  return ProxyPrefs::ProxyMode::MODE_DIRECT;
 }
 
 void UIProxyConfigService::OnPreferenceChanged(const std::string& pref_name) {

chromeos/network/proxy/ui_proxy_config_service.h

@@ -64,7 +64,9 @@ class COMPONENT_EXPORT(CHROMEOS_NETWORK) UIProxyConfigService {
   // with mode == MODE_FIXED_SERVERS.
   bool HasDefaultNetworkProxyConfigured();
 
-  // Returns the ProxyMode for |network| using |local_state_prefs_|
+  // Returns the ProxyMode for |network| by merging proxy configurations from
+  // different sources, including user set, policy and extensions. See
+  // |MergeEnforcedProxyConfig| for order of preference.
   ProxyPrefs::ProxyMode ProxyModeForNetwork(const NetworkState* network);
 
  private:

chromeos/services/network_config/cros_network_config.cc

@@ -312,17 +312,11 @@ mojom::NetworkStatePropertiesPtr NetworkStateToMojo(
   result->priority = network->priority();
   result->prohibited_by_policy = network->blocked_by_policy();
   result->source = GetMojoOncSource(network);
-
-  // NetworkHandler and UIProxyConfigService may not exist in tests.
-  UIProxyConfigService* ui_proxy_config_service =
-      NetworkHandler::IsInitialized() &&
-              NetworkHandler::Get()->has_ui_proxy_config_service()
-          ? NetworkHandler::Get()->ui_proxy_config_service()
-          : nullptr;
   result->proxy_mode =
-      ui_proxy_config_service
+      NetworkHandler::HasUiProxyConfigService()
           ? mojom::ProxyMode(
-                ui_proxy_config_service->ProxyModeForNetwork(network))
+                NetworkHandler::GetUiProxyConfigService()->ProxyModeForNetwork(
+                    network))
           : mojom::ProxyMode::kDirect;
 
   const NetworkState::CaptivePortalProviderInfo* captive_portal_provider =

chromeos/services/network_config/cros_network_config_unittest.cc

@@ -457,6 +457,9 @@ class CrosNetworkConfigTest : public testing::Test {
   }
   std::string wifi1_path() { return wifi1_path_; }
 
+ protected:
+  sync_preferences::TestingPrefServiceSyncable user_prefs_;
+
  private:
   base::test::SingleThreadTaskEnvironment task_environment_;
   NetworkStateTestHelper helper_{false /* use_default_devices_and_services */};
@@ -468,7 +471,6 @@ class CrosNetworkConfigTest : public testing::Test {
       managed_network_configuration_handler_;
   std::unique_ptr<NetworkConnectionHandler> network_connection_handler_;
   std::unique_ptr<chromeos::UIProxyConfigService> ui_proxy_config_service_;
-  sync_preferences::TestingPrefServiceSyncable user_prefs_;
   TestingPrefServiceSimple local_state_;
   std::unique_ptr<CrosNetworkConfig> cros_network_config_;
   std::unique_ptr<CrosNetworkConfigTestObserver> observer_;
@@ -1249,5 +1251,18 @@ TEST_F(CrosNetworkConfigTest, NetworkStateChanged) {
   EXPECT_EQ(0, observer()->GetNetworkChangedCount("wifi2_guid"));
 }
 
+TEST_F(CrosNetworkConfigTest, PolicyEnforcedProxyMode) {
+  // Proxies enforced by policy and/or extension are set in the kProxy
+  // preference.
+  base::Value policy_prefs_config = ProxyConfigDictionary::CreateAutoDetect();
+  user_prefs_.SetUserPref(
+      proxy_config::prefs::kProxy,
+      base::Value::ToUniquePtrValue(std::move(policy_prefs_config)));
+
+  mojom::NetworkStatePropertiesPtr network = GetNetworkState("wifi2_guid");
+  ASSERT_TRUE(network);
+  EXPECT_EQ(network->proxy_mode, mojom::ProxyMode::kAutoDetect);
+}
+
 }  // namespace network_config
 }  // namespace chromeos