Direct Sockets: Collect metrics for permission checks.

Track how often each permission check cause Permission Denied failures.
Now only record Permission Denied failures caused by CORS.

TODO: Record other Permission Denied failures.

Explainer: https://github.com/WICG/raw-sockets/blob/master/docs/explainer.md

Bug: 1119681
Change-Id: I70e697143fac58e99cf1006c6326de00ebda2f6f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2638956
Commit-Queue: Eric Willigers <ericwilligers@chromium.org>
Reviewed-by: Brian White <bcwhite@chromium.org>
Reviewed-by: Glen Robertson <glenrob@chromium.org>
Reviewed-by: Eric Willigers <ericwilligers@chromium.org>
Cr-Commit-Position: refs/heads/master@{#846415}

content/browser/direct_sockets/direct_sockets_browsertest.cc

@@ -489,12 +489,20 @@ IN_PROC_BROWSER_TEST_F(DirectSocketsBrowserTest, OpenTcp_MDNS) {
 IN_PROC_BROWSER_TEST_F(DirectSocketsBrowserTest, OpenTcp_CannotEvadeCors) {
   EXPECT_TRUE(NavigateToURL(shell(), GetTestPageURL()));
 
+  base::HistogramTester histogram_tester;
+  histogram_tester.ExpectBucketCount(
+      "DirectSockets.PermissionDeniedFailures",
+      DirectSocketsServiceImpl::FailureType::kCORS, 0);
+
   // HTTPS uses port 443.
   const std::string script =
       "openTcp({remoteAddress: '127.0.0.1', remotePort: 443})";
 
   EXPECT_EQ("openTcp failed: NotAllowedError: Permission denied",
             EvalJs(shell(), script));
+  histogram_tester.ExpectBucketCount(
+      "DirectSockets.PermissionDeniedFailures",
+      DirectSocketsServiceImpl::FailureType::kCORS, 1);
 }
 
 IN_PROC_BROWSER_TEST_F(DirectSocketsBrowserTest,
@@ -686,12 +694,20 @@ IN_PROC_BROWSER_TEST_F(DirectSocketsBrowserTest, OpenUdp_NotAllowedError) {
 IN_PROC_BROWSER_TEST_F(DirectSocketsBrowserTest, OpenUdp_CannotEvadeCors) {
   EXPECT_TRUE(NavigateToURL(shell(), GetTestPageURL()));
 
+  base::HistogramTester histogram_tester;
+  histogram_tester.ExpectBucketCount(
+      "DirectSockets.PermissionDeniedFailures",
+      DirectSocketsServiceImpl::FailureType::kCORS, 0);
+
   // QUIC uses port 443.
   const std::string script =
       "openUdp({remoteAddress: '127.0.0.1', remotePort: 443})";
 
   EXPECT_EQ("openUdp failed: NotAllowedError: Permission denied",
             EvalJs(shell(), script));
+  histogram_tester.ExpectBucketCount(
+      "DirectSockets.PermissionDeniedFailures",
+      DirectSocketsServiceImpl::FailureType::kCORS, 1);
 }
 
 IN_PROC_BROWSER_TEST_F(DirectSocketsBrowserTest,

content/browser/direct_sockets/direct_sockets_service_impl.cc

@@ -8,6 +8,7 @@
 
 #include "base/bind.h"
 #include "base/feature_list.h"
+#include "base/metrics/histogram_functions.h"
 #include "base/optional.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/storage_partition.h"
@@ -345,6 +346,8 @@ net::Error DirectSocketsServiceImpl::ValidateOptions(
   // TODO(crbug.com/1119600): Implement rate limiting.
 
   if (options.remote_port == 443) {
+    base::UmaHistogramEnumeration("DirectSockets.PermissionDeniedFailures",
+                                  FailureType::kCORS);
     // TODO(crbug.com/1119601): Issue a CORS preflight request.
     return net::ERR_UNSAFE_PORT;
   }

content/browser/direct_sockets/direct_sockets_service_impl.h

@@ -29,6 +29,19 @@ class CONTENT_EXPORT DirectSocketsServiceImpl
     : public blink::mojom::DirectSocketsService,
       public WebContentsObserver {
  public:
+  // This enum is used to track how often each permission check cause
+  // Permission Denied failures.
+  enum class FailureType {
+    kPermissionsPolicy = 0,
+    kTransientActivation = 1,
+    kUserDialog = 2,
+    kResolvingToNonPublic = 3,
+    kRateLimiting = 4,
+    kCORS = 5,
+    kEnterprisePolicy = 6,
+    kMaxValue = kEnterprisePolicy,
+  };
+
   enum class ProtocolType { kTcp, kUdp };
 
   using PermissionCallback = base::RepeatingCallback<net::Error(

tools/metrics/histograms/enums.xml

@@ -17873,6 +17873,16 @@ metrics consent we also won't be able to send UMA metrics. -->
   <int value="1" label="Failed"/>
 </enum>
 
+<enum name="DirectSocketPermissionFailureType">
+  <int value="0" label="PermissionsPolicy"/>
+  <int value="1" label="TransientActivation"/>
+  <int value="2" label="UserDialog"/>
+  <int value="3" label="ResolvingToNonPublic"/>
+  <int value="4" label="RateLimiting"/>
+  <int value="5" label="CORS"/>
+  <int value="6" label="EnterprisePolicy"/>
+</enum>
+
 <enum name="DirectWriteFontFallbackResult">
   <int value="0" label="Failed: no font matched"/>
   <int value="1" label="Success: mapped from cache"/>

tools/metrics/histograms/histograms_xml/others/histograms.xml

@@ -3941,6 +3941,18 @@ reviews. Googlers can read more about this at go/gwsq-gerrit.
   </summary>
 </histogram>
 
+<histogram name="DirectSockets.PermissionDeniedFailures"
+    enum="DirectSocketPermissionFailureType" expires_after="2022-1-20">
+  <owner>ericwilligers@chromium.org</owner>
+  <owner>glenrob@chromium.org</owner>
+  <summary>
+    Record how often each permission check (e.g. permissions policy, transient
+    activation, user dialog, hostname resolving to non-public address, rate
+    limiting, CORS, enterprise policy) cause Permission Denied failures.
+    Recorded when the permission is denied.
+  </summary>
+</histogram>
+
 <histogram name="Discarding.DiscardCandidatesCount" units="tabs"
     expires_after="2021-06-27">
   <owner>sebmarchand@chromium.org</owner>