Record a boolean metric indicating when an included SameParty cookie

would also have been included due to SameSite rules.


Bug: 1143756
Change-Id: I443a042e08ed0c091c65e55138c5ad0547a6f652
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2611946Reviewed-by: Brian White <bcwhite@chromium.org>
Reviewed-by: Lily Chen <chlily@chromium.org>
Commit-Queue: Chris Fredrickson <cfredric@chromium.org>
Cr-Commit-Position: refs/heads/master@{#841119}

net/cookies/canonical_cookie.cc

@@ -771,17 +771,31 @@ CookieAccessResult CanonicalCookie::IncludeForRequestURL(
       status.AddExclusionReason(
           CookieInclusionStatus::EXCLUDE_SAMEPARTY_CROSS_PARTY_CONTEXT);
       FALLTHROUGH;
-    case CookieSamePartyStatus::kEnforceSamePartyInclude:
+    case CookieSamePartyStatus::kEnforceSamePartyInclude: {
       // Remove any SameSite exclusion reasons, since SameParty overrides
       // SameSite.
       DCHECK(!status.HasExclusionReason(
           CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT));
       DCHECK_NE(effective_same_site, CookieEffectiveSameSite::STRICT_MODE);
-      status.RemoveExclusionReasons({
-          CookieInclusionStatus::EXCLUDE_SAMESITE_LAX,
-          CookieInclusionStatus::EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX,
-      });
+      bool included_by_samesite =
+          !status.HasExclusionReason(
+              CookieInclusionStatus::EXCLUDE_SAMESITE_LAX) &&
+          !status.HasExclusionReason(
+              CookieInclusionStatus::
+                  EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX);
+      if (!included_by_samesite) {
+        status.RemoveExclusionReasons({
+            CookieInclusionStatus::EXCLUDE_SAMESITE_LAX,
+            CookieInclusionStatus::EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX,
+        });
+      }
+      if (status.IsInclude()) {
+        UMA_HISTOGRAM_BOOLEAN(
+            "Cookie.SamePartyReadIncluded.InclusionUnderSameSite",
+            included_by_samesite);
+      }
       break;
+    }
     case CookieSamePartyStatus::kNoSamePartyEnforcement:
       break;
   }
@@ -931,7 +945,7 @@ CookieAccessResult CanonicalCookie::IsSetPermittedInContext(
       access_result.status.AddExclusionReason(
           CookieInclusionStatus::EXCLUDE_SAMEPARTY_CROSS_PARTY_CONTEXT);
       FALLTHROUGH;
-    case CookieSamePartyStatus::kEnforceSamePartyInclude:
+    case CookieSamePartyStatus::kEnforceSamePartyInclude: {
       DCHECK(IsSameParty());
       // Remove any SameSite exclusion reasons, since SameParty overrides
       // SameSite.
@@ -939,11 +953,25 @@ CookieAccessResult CanonicalCookie::IsSetPermittedInContext(
           CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT));
       DCHECK_NE(access_result.effective_same_site,
                 CookieEffectiveSameSite::STRICT_MODE);
-      access_result.status.RemoveExclusionReasons({
-          CookieInclusionStatus::EXCLUDE_SAMESITE_LAX,
-          CookieInclusionStatus::EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX,
-      });
+      bool included_by_samesite =
+          !access_result.status.HasExclusionReason(
+              CookieInclusionStatus::EXCLUDE_SAMESITE_LAX) &&
+          !access_result.status.HasExclusionReason(
+              CookieInclusionStatus::
+                  EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX);
+      if (!included_by_samesite) {
+        access_result.status.RemoveExclusionReasons({
+            CookieInclusionStatus::EXCLUDE_SAMESITE_LAX,
+            CookieInclusionStatus::EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX,
+        });
+      }
+      if (access_result.status.IsInclude()) {
+        UMA_HISTOGRAM_BOOLEAN(
+            "Cookie.SamePartySetIncluded.InclusionUnderSameSite",
+            included_by_samesite);
+      }
       break;
+    }
     case CookieSamePartyStatus::kNoSamePartyEnforcement:
       break;
   }

tools/metrics/histograms/histograms_xml/cookie/histograms.xml

@@ -418,6 +418,17 @@ reviews. Googlers can read more about this at go/gwsq-gerrit.
   </summary>
 </histogram>
 
+<histogram name="Cookie.SamePartyReadIncluded.InclusionUnderSameSite"
+    enum="BooleanIncluded" expires_after="2022-01-05">
+  <owner>cfredric@chromium.org</owner>
+  <owner>chlily@chromium.org</owner>
+  <summary>
+    This histogram records, for each cookie with the SameParty attribute that is
+    read, whether the access would have been allowed by the cookie's SameSite
+    attribute (if SameParty had not been specified).
+  </summary>
+</histogram>
+
 <histogram name="Cookie.SamePartyReadIncluded.IsHTTP" enum="BooleanHTTPVsJS"
     expires_after="2022-01-05">
   <owner>cfredric@chromium.org</owner>
@@ -440,6 +451,17 @@ reviews. Googlers can read more about this at go/gwsq-gerrit.
   </summary>
 </histogram>
 
+<histogram name="Cookie.SamePartySetIncluded.InclusionUnderSameSite"
+    enum="BooleanIncluded" expires_after="2022-01-05">
+  <owner>cfredric@chromium.org</owner>
+  <owner>chlily@chromium.org</owner>
+  <summary>
+    This histogram records, for each cookie with the SameParty attribute that is
+    set, whether the access would have been allowed by the cookie's SameSite
+    attribute (if SameParty had not been specified).
+  </summary>
+</histogram>
+
 <histogram name="Cookie.SamePartySetIncluded.IsHTTP" enum="BooleanHTTPVsJS"
     expires_after="2022-01-05">
   <owner>cfredric@chromium.org</owner>