Change proxy disclosure at chrome://management

Change the wording and location of the proxy server disclosure in the
transparency panel.

Bug: 1116961
Test: unittests
Change-Id: Id394511a6357329e629a37f19a4f83a4d49ea0db
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2360073Reviewed-by: Andreea-Elena Costinas <acostinas@google.com>
Reviewed-by: Denis Kuznetsov [CET] <antrim@chromium.org>
Reviewed-by: Greg Levin <glevin@chromium.org>
Commit-Queue: Andreea-Elena Costinas <acostinas@google.com>
Cr-Commit-Position: refs/heads/master@{#799604}

chrome/browser/resources/management/management_browser_proxy.js

@@ -40,7 +40,8 @@ export let BrowserReportingResponse;
  *   threatProtectionDescription: string,
  *   showUpdateRequiredEol: boolean,
  *   eolMessage: string,
- *   eolAdminMessage: string
+ *   eolAdminMessage: string,
+ *   showProxyServerPrivacyDisclosure: boolean
  * }}
  */
 let ManagedDataResponse;
@@ -79,7 +80,6 @@ export const DeviceReportingType = {
   USERNAME: 'username',
   EXTENSION: 'extension',
   ANDROID_APPLICATION: 'android application',
-  PROXY_SERVER: 'proxy server'
 };
 
 

chrome/browser/resources/management/management_ui.html

@@ -275,6 +275,10 @@
               if="[[showDeviceReportingInfo_(deviceReportingInfo_)]]">
             <section>
               <h2 class="cr-title-text">$i18n{deviceReporting}</h2>
+              <div class="subtitle"
+                hidden="[[!showProxyServerPrivacyDisclosure_]]">
+                $i18n{proxyServerPrivacyDisclosure}
+              </div>
               <div class="subtitle">
                 $i18n{deviceConfiguration}
               </div>

chrome/browser/resources/management/management_ui.js

@@ -81,6 +81,9 @@ Polymer({
     /** @private */
     eolMessage_: String,
 
+    /** @private */
+    showProxyServerPrivacyDisclosure_: Boolean,
+
     // </if>
 
     /** @private */
@@ -267,8 +270,6 @@ Polymer({
         return 'cr:extension';
       case DeviceReportingType.ANDROID_APPLICATION:
         return 'management:play-store';
-      case DeviceReportingType.PROXY_SERVER:
-        return 'management:vpn-lock';
       default:
         return 'cr:computer';
     }
@@ -346,6 +347,8 @@ Polymer({
       this.customerLogo_ = data.customerLogo;
       this.managementOverview_ = data.overview;
       this.eolMessage_ = data.eolMessage;
+      this.showProxyServerPrivacyDisclosure_ =
+          data.showProxyServerPrivacyDisclosure;
       try {
         // Sanitizing the message could throw an error if it contains non
         // supported markup.

chrome/browser/ui/webui/management_ui.cc

@@ -72,7 +72,8 @@ content::WebUIDataSource* CreateManagementUIHtmlSource(Profile* profile) {
     {kManagementReportExtensions, IDS_MANAGEMENT_REPORT_EXTENSIONS},
     {kManagementReportAndroidApplications,
      IDS_MANAGEMENT_REPORT_ANDROID_APPLICATIONS},
-    {kManagementReportProxyServer, IDS_MANAGEMENT_REPORT_PROXY_SERVER},
+    {"proxyServerPrivacyDisclosure",
+     IDS_MANAGEMENT_PROXY_SERVER_PRIVACY_DISCLOSURE},
 #endif  // defined(OS_CHROMEOS)
     {"browserReporting", IDS_MANAGEMENT_BROWSER_REPORTING},
     {"browserReportingExplanation",

chrome/browser/ui/webui/management_ui_handler.cc

@@ -170,7 +170,6 @@ const char kManagementPrinting[] = "managementPrinting";
 const char kManagementCrostini[] = "managementCrostini";
 const char kManagementCrostiniContainerConfiguration[] =
     "managementCrostiniContainerConfiguration";
-const char kManagementReportProxyServer[] = "managementReportProxyServer";
 const char kAccountManagedInfo[] = "accountManagedInfo";
 const char kDeviceManagedInfo[] = "deviceManagedInfo";
 const char kOverview[] = "overview";
@@ -213,8 +212,7 @@ enum class DeviceReportingType {
   kCrostini,
   kUsername,
   kExtensions,
-  kAndroidApplication,
-  kProxyServer
+  kAndroidApplication
 };
 
 // Corresponds to DeviceReportingType in management_browser_proxy.js
@@ -244,8 +242,6 @@ std::string ToJSDeviceReportingType(const DeviceReportingType& type) {
       return "extension";
     case DeviceReportingType::kAndroidApplication:
       return "android application";
-    case DeviceReportingType::kProxyServer:
-      return "proxy server";
     default:
       NOTREACHED() << "Unknown device reporting type";
       return "device";
@@ -609,33 +605,6 @@ void ManagementUIHandler::AddDeviceReportingInfo(
                               kManagementReportAndroidApplications,
                               DeviceReportingType::kAndroidApplication);
   }
-
-  chromeos::NetworkHandler* network_handler = chromeos::NetworkHandler::Get();
-  base::Value proxy_settings(base::Value::Type::DICTIONARY);
-  // |ui_proxy_config_service| may be missing in tests. If the device is offline
-  // (no network connected) the |DefaultNetwork| is null.
-  if (network_handler->has_ui_proxy_config_service() &&
-      network_handler->network_state_handler()->DefaultNetwork()) {
-    // Check if proxy is enforced by user policy, a forced install extension or
-    // ONC policies. This will only read managed settings.
-    network_handler->ui_proxy_config_service()->MergeEnforcedProxyConfig(
-        network_handler->network_state_handler()->DefaultNetwork()->guid(),
-        &proxy_settings);
-  }
-  if (!proxy_settings.DictEmpty()) {
-    // Proxies can be specified by web server url, via a PAC script or via the
-    // web proxy auto-discovery protocol. Chrome also supports the "direct"
-    // mode, in which no proxy is used.
-    base::Value* proxy_specification_mode = proxy_settings.FindPath(
-        {::onc::network_config::kType, ::onc::kAugmentationActiveSetting});
-    bool use_proxy =
-        proxy_specification_mode &&
-        proxy_specification_mode->GetString() != ::onc::proxy::kDirect;
-    if (use_proxy) {
-      AddDeviceReportingElement(report_sources, kManagementReportProxyServer,
-                                DeviceReportingType::kProxyServer);
-    }
-  }
 }
 
 bool ManagementUIHandler::IsUpdateRequiredEol() const {
@@ -663,6 +632,35 @@ void ManagementUIHandler::AddUpdateRequiredEolInfo(
       chromeos::kDeviceMinimumVersionAueMessage, &eol_admin_message);
   response->SetStringPath("eolAdminMessage", eol_admin_message);
 }
+
+void ManagementUIHandler::AddProxyServerPrivacyDisclosure(
+    base::Value* response) const {
+  bool showProxyDisclosure = false;
+  chromeos::NetworkHandler* network_handler = chromeos::NetworkHandler::Get();
+  base::Value proxy_settings(base::Value::Type::DICTIONARY);
+  // |ui_proxy_config_service| may be missing in tests. If the device is offline
+  // (no network connected) the |DefaultNetwork| is null.
+  if (network_handler->has_ui_proxy_config_service() &&
+      network_handler->network_state_handler()->DefaultNetwork()) {
+    // Check if proxy is enforced by user policy, a forced install extension or
+    // ONC policies. This will only read managed settings.
+    network_handler->ui_proxy_config_service()->MergeEnforcedProxyConfig(
+        network_handler->network_state_handler()->DefaultNetwork()->guid(),
+        &proxy_settings);
+  }
+  if (!proxy_settings.DictEmpty()) {
+    // Proxies can be specified by web server url, via a PAC script or via the
+    // web proxy auto-discovery protocol. Chrome also supports the "direct"
+    // mode, in which no proxy is used.
+    base::Value* proxy_specification_mode = proxy_settings.FindPath(
+        {::onc::network_config::kType, ::onc::kAugmentationActiveSetting});
+    showProxyDisclosure =
+        proxy_specification_mode &&
+        proxy_specification_mode->GetString() != ::onc::proxy::kDirect;
+  }
+  response->SetBoolPath("showProxyServerPrivacyDisclosure",
+                        showProxyDisclosure);
+}
 #endif
 
 base::Value ManagementUIHandler::GetContextualManagedData(Profile* profile) {
@@ -672,6 +670,7 @@ base::Value ManagementUIHandler::GetContextualManagedData(Profile* profile) {
   if (management_domain.empty())
     management_domain = GetAccountDomain(profile);
   AddUpdateRequiredEolInfo(&response);
+  AddProxyServerPrivacyDisclosure(&response);
 #else
   std::string management_domain = GetAccountDomain(profile);
 

chrome/browser/ui/webui/management_ui_handler.h

@@ -39,7 +39,6 @@ extern const char kManagementCrostini[];
 extern const char kManagementCrostiniContainerConfiguration[];
 extern const char kManagementReportExtensions[];
 extern const char kManagementReportAndroidApplications[];
-extern const char kManagementReportProxyServer[];
 #endif  // defined(OS_CHROMEOS)
 
 extern const char kCloudReportingExtensionId[];
@@ -154,6 +153,11 @@ class ManagementUIHandler : public content::WebUIMessageHandler,
   // as per device policy but the device cannot be updated due to End of Life
   // (Auto Update Expiration).
   void AddUpdateRequiredEolInfo(base::Value* response) const;
+
+  // Adds a boolean which indicates if there's a proxy on the device enforced by
+  // the admin. If true, a warning will be added to the transparency panel to
+  // inform the user that the admin may be able to see their network traffic.
+  void AddProxyServerPrivacyDisclosure(base::Value* response) const;
 #endif  // defined(OS_CHROMEOS)
  private:
   void GetManagementStatus(Profile* profile, base::Value* status) const;

chrome/browser/ui/webui/management_ui_handler_unittest.cc

+
 // Copyright 2019 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
@@ -85,6 +86,7 @@ struct ContextualManagementSourceUpdate {
 #if defined(OS_CHROMEOS)
   base::string16 management_overview;
   base::string16 update_required_eol;
+  bool show_proxy_server_privacy_disclosure;
 #else
   base::string16 browser_management_notice;
 #endif  // defined(OS_CHROMEOS)
@@ -299,6 +301,10 @@ class ManagementUIHandlerTests : public TestingBaseClass {
 #if defined(OS_CHROMEOS)
     extracted_.management_overview = ExtractPathFromDict(data, "overview");
     extracted_.update_required_eol = ExtractPathFromDict(data, "eolMessage");
+    base::Optional<bool> showProxyDisclosure =
+        data.FindBoolPath("showProxyServerPrivacyDisclosure");
+    extracted_.show_proxy_server_privacy_disclosure =
+        showProxyDisclosure.has_value() && showProxyDisclosure.value();
 #else
     extracted_.browser_management_notice =
         ExtractPathFromDict(data, "browserManagementNotice");
@@ -459,6 +465,10 @@ class ManagementUIHandlerTests : public TestingBaseClass {
   base::string16 GetUpdateRequiredEolMessage() const {
     return extracted_.update_required_eol;
   }
+
+  bool GetShowProxyServerPrivacyDisclosure() const {
+    return extracted_.show_proxy_server_privacy_disclosure;
+  }
 #else
 
   base::string16 GetBrowserManagementNotice() const {
@@ -918,32 +928,28 @@ TEST_F(ManagementUIHandlerTests, AllDisabledDeviceReportingInfo) {
                       expected_elements);
 }
 
-TEST_F(ManagementUIHandlerTests, ProxyServerShowReport) {
+TEST_F(ManagementUIHandlerTests, ShowProxyServerDisclosure) {
+  // Set pref to use a proxy.
   PrefProxyConfigTrackerImpl::RegisterProfilePrefs(user_prefs_.registry());
   chromeos::NetworkHandler::Get()->InitializePrefServices(&user_prefs_,
                                                           &local_state_);
-  // Set pref to use a proxy.
   base::Value policy_prefs_config = ProxyConfigDictionary::CreateAutoDetect();
   user_prefs_.SetUserPref(
       proxy_config::prefs::kProxy,
       base::Value::ToUniquePtrValue(std::move(policy_prefs_config)));
   base::RunLoop().RunUntilIdle();
 
-  ResetTestConfig(false);
-  const base::Value info = SetUpForReportingInfo();
-
-  const std::map<std::string, std::string> expected_elements = {
-      {kManagementReportProxyServer, "proxy server"}};
+  GetTestConfig().managed_device = true;
+  SetUpProfileAndHandler();
 
-  ASSERT_PRED_FORMAT2(ReportingElementsToBeEQ, info.GetList(),
-                      expected_elements);
+  EXPECT_TRUE(GetShowProxyServerPrivacyDisclosure());
 }
 
-TEST_F(ManagementUIHandlerTests, ProxyServerShowReportDeviceOffline) {
+TEST_F(ManagementUIHandlerTests, ProxyServerDisclosureDeviceOffline) {
+  // Simulate network disconnected state.
   PrefProxyConfigTrackerImpl::RegisterProfilePrefs(user_prefs_.registry());
   chromeos::NetworkHandler::Get()->InitializePrefServices(&user_prefs_,
                                                           &local_state_);
-  // Simulate network disconnected state.
   chromeos::NetworkStateHandler::NetworkStateList networks;
   chromeos::NetworkHandler::Get()
       ->network_state_handler()
@@ -962,33 +968,30 @@ TEST_F(ManagementUIHandlerTests, ProxyServerShowReportDeviceOffline) {
   }
   base::RunLoop().RunUntilIdle();
 
-  ResetTestConfig(false);
-  const base::Value info = SetUpForReportingInfo();
+  GetTestConfig().managed_device = true;
+  SetUpProfileAndHandler();
 
-  const std::map<std::string, std::string> expected_elements = {};
+  EXPECT_FALSE(GetShowProxyServerPrivacyDisclosure());
 
-  ASSERT_PRED_FORMAT2(ReportingElementsToBeEQ, info.GetList(),
-                      expected_elements);
   chromeos::NetworkHandler::Get()->NetworkHandler::ShutdownPrefServices();
 }
 
-TEST_F(ManagementUIHandlerTests, ProxyServerHideReportForDirectProxy) {
+TEST_F(ManagementUIHandlerTests, HideProxyServerDisclosureForDirectProxy) {
+  // Set pref not to use proxy.
   PrefProxyConfigTrackerImpl::RegisterProfilePrefs(user_prefs_.registry());
   chromeos::NetworkHandler::Get()->InitializePrefServices(&user_prefs_,
                                                           &local_state_);
-  // Set pref not to use proxy.
   base::Value policy_prefs_config = ProxyConfigDictionary::CreateDirect();
   user_prefs_.SetUserPref(
       proxy_config::prefs::kProxy,
       base::Value::ToUniquePtrValue(std::move(policy_prefs_config)));
   base::RunLoop().RunUntilIdle();
 
-  ResetTestConfig(false);
-  const base::Value info = SetUpForReportingInfo();
+  GetTestConfig().managed_device = true;
+  SetUpProfileAndHandler();
+
+  EXPECT_FALSE(GetShowProxyServerPrivacyDisclosure());
 
-  const std::map<std::string, std::string> expected_elements = {};
-  ASSERT_PRED_FORMAT2(ReportingElementsToBeEQ, info.GetList(),
-                      expected_elements);
   chromeos::NetworkHandler::Get()->NetworkHandler::ShutdownPrefServices();
 }
 

components/management_strings.grdp

@@ -83,6 +83,9 @@
     <message name="IDS_MANAGEMENT_DEVICE_REPORTING" desc="Title of the types of device reporting section of the page">
       Device
     </message>
+    <message name="IDS_MANAGEMENT_PROXY_SERVER_PRIVACY_DISCLOSURE" desc="Message stating that administrators can see user's traffic when connected to a proxy server.">
+      Administrators of this device have configured your network connection, which may allow them to see your network traffic, including which websites you visit.
+    </message>
     <message name="IDS_MANAGEMENT_DEVICE_CONFIGURATION" desc="Message telling users that their administrator has set some specific policies on their device">
       Your administrator can see:
     </message>
@@ -122,9 +125,6 @@
     <message name="IDS_MANAGEMENT_REPORT_ANDROID_APPLICATIONS" desc="Message stating that administrators can see user's installed Android applications.">
       Which Google Play apps you have installed
     </message>
-    <message name="IDS_MANAGEMENT_REPORT_PROXY_SERVER" desc="Message stating that administrators can see user's traffic when connected to a proxy server.">
-      Websites you visit and the contents of not secure pages
-    </message>
     <message name="IDS_MANAGEMENT_REPORT_PLUGIN_VM" desc="Message telling users that Plugin VM can collect data.">
       Your administrator has allowed <ph name="APP_NAME">$1<ex>Plugin VM</ex></ph> to collect diagnostics data to improve the product experience. See <ph name="BEGIN_LINK">&lt;a target="_blank" href="https://www.parallels.com/pcep"&gt;</ph>https://www.parallels.com/pcep<ph name="END_LINK">&lt;/a&gt;</ph> for more information.
     </message>

components/management_strings_grdp/IDS_MANAGEMENT_PROXY_SERVER_PRIVACY_DISCLOSURE.png.sha1

+b0b948edf91fae1dd9a31455eab621918025fa36
\ No newline at end of file

components/management_strings_grdp/IDS_MANAGEMENT_REPORT_PROXY_SERVER.png.sha1

-a35ceef3ad7c9e9ad08ac68788efc2a63720c506
\ No newline at end of file