Network traffic annotation added to policy/core/common/cloud.

Network traffic annotation is added to network request of components/policy/core/common/cloud/device_management_service.cc components/policy/core/common/cloud/external_policy_data_fetcher.cc components/policy/core/common/cloud/user_info_fetcher.cc BUG=656607 Review-Url: https://codereview.chromium.org/2800653002 Cr-Commit-Position: refs/heads/master@{#468999}

Network traffic annotation added to policy/core/common/cloud.
Network traffic annotation is added to network request of components/policy/core/common/cloud/device_management_service.cc components/policy/core/common/cloud/external_policy_data_fetcher.cc components/policy/core/common/cloud/user_info_fetcher.cc BUG=656607 Review-Url: https://codereview.chromium.org/2800653002 Cr-Commit-Position: refs/heads/master@{#468999}
9cde810d · rhalavati · Commit bot · 0abd2199 · 9cde810d · 9cde810d
Commit 9cde810d authored May 03, 2017 by rhalavati Committed by Commit bot May 03, 2017
3 changed files
--- a/components/policy/core/common/cloud/device_management_service.cc
+++ b/components/policy/core/common/cloud/device_management_service.cc
@@ -18,6 +18,7 @@
 #include "net/base/load_flags.h"
 #include "net/base/net_errors.h"
 #include "net/http/http_response_headers.h"
+#include "net/traffic_annotation/network_traffic_annotation.h"
 #include "net/url_request/url_fetcher.h"
 #include "net/url_request/url_request_context_getter.h"
 #include "net/url_request/url_request_status.h"
@@ -589,9 +590,41 @@ void DeviceManagementService::StartJob(DeviceManagementRequestJobImpl* job) {
  GURL url = job->GetURL(GetServerUrl());
  DCHECK(url.is_valid()) << "Maybe invalid --device-management-url was passed?";

+  net::NetworkTrafficAnnotationTag traffic_annotation =
+      net::DefineNetworkTrafficAnnotation("device_management_service", R"(
+        semantics {
+          sender: "Cloud Policy"
+          description:
+            "Communication with the Cloud Policy backend, used to check for "
+            "the existence of cloud policy for the signed-in account, and to "
+            "load/update cloud policy if it exists."
+          trigger:
+            "Sign in to Chrome, also periodic refreshes."
+          data:
+            "During initial signin or device enrollment, auth data is sent up "
+            "as part of registration. After initial signin/enrollment, if the "
+            "session or device is managed, a unique device or profile ID is "
+            "sent with every future request. On Chrome OS, other diagnostic "
+            "information can be sent up for managed sessions, including which "
+            "users have used the device, device hardware status, connected "
+            "networks, CPU usage, etc."
+          destination: GOOGLE_OWNED_SERVICE
+        }
+        policy {
+          cookies_allowed: false
+          setting:
+            "This feature cannot be controlled by Chrome settings, but users "
+            "can sign out of Chrome to disable it."
+          chrome_policy {
+            SigninAllowed {
+              policy_options {mode: MANDATORY}
+              SigninAllowed: false
+            }
+          }
+        })");
  net::URLFetcher* fetcher =
      net::URLFetcher::Create(kURLFetcherID, std::move(url),
-                              net::URLFetcher::POST, this)
+                              net::URLFetcher::POST, this, traffic_annotation)
          .release();
  data_use_measurement::DataUseUserData::AttachToFetcher(
      fetcher, data_use_measurement::DataUseUserData::POLICY);

--- a/components/policy/core/common/cloud/external_policy_data_fetcher.cc
+++ b/components/policy/core/common/cloud/external_policy_data_fetcher.cc
@@ -17,6 +17,7 @@
 #include "components/data_use_measurement/core/data_use_user_data.h"
 #include "net/base/load_flags.h"
 #include "net/base/net_errors.h"
+#include "net/traffic_annotation/network_traffic_annotation.h"
 #include "net/url_request/url_fetcher.h"
 #include "net/url_request/url_request_context_getter.h"
 #include "net/url_request/url_request_status.h"
@@ -177,8 +178,32 @@ ExternalPolicyDataFetcherBackend::CreateFrontend(
 void ExternalPolicyDataFetcherBackend::StartJob(
    ExternalPolicyDataFetcher::Job* job) {
  DCHECK(io_task_runner_->RunsTasksOnCurrentThread());
-  std::unique_ptr<net::URLFetcher> owned_fetcher = net::URLFetcher::Create(
-      ++last_fetch_id_, job->url, net::URLFetcher::GET, this);
+  net::NetworkTrafficAnnotationTag traffic_annotation =
+      net::DefineNetworkTrafficAnnotation("external_policy_fetcher", R"(
+        semantics {
+          sender: "Cloud Policy"
+          description:
+            "Used to fetch policy for extensions, policy-controlled wallpaper, "
+            "and custom terms of service."
+          trigger:
+            "Periodically loaded when a managed user is signed in to Chrome."
+          data:
+            "This request does not send any data. It loads external resources "
+            "by a unique URL provided by the admin."
+          destination: GOOGLE_OWNED_SERVICE
+        }
+        policy {
+          cookies_allowed: false
+          setting:
+            "This feature cannot be controlled by Chrome settings, but users "
+            "can sign out of Chrome to disable it."
+          policy_exception_justification:
+            "Not implemented, considered not useful. This request is part of "
+            "the policy fetcher itself."
+        })");
+  std::unique_ptr<net::URLFetcher> owned_fetcher =
+      net::URLFetcher::Create(++last_fetch_id_, job->url, net::URLFetcher::GET,
+                              this, traffic_annotation);
  net::URLFetcher* fetcher = owned_fetcher.get();
  data_use_measurement::DataUseUserData::AttachToFetcher(
      fetcher, data_use_measurement::DataUseUserData::POLICY);

--- a/components/policy/core/common/cloud/user_info_fetcher.cc
+++ b/components/policy/core/common/cloud/user_info_fetcher.cc
@@ -13,6 +13,7 @@
 #include "google_apis/gaia/google_service_auth_error.h"
 #include "net/base/load_flags.h"
 #include "net/http/http_status_code.h"
+#include "net/traffic_annotation/network_traffic_annotation.h"
 #include "net/url_request/url_fetcher.h"
 #include "net/url_request/url_request_status.h"
 #include "url/gurl.h"
@@ -41,10 +42,33 @@ UserInfoFetcher::~UserInfoFetcher() {
 }

 void UserInfoFetcher::Start(const std::string& access_token) {
+  net::NetworkTrafficAnnotationTag traffic_annotation =
+      net::DefineNetworkTrafficAnnotation("user_info_fetcher", R"(
+        semantics {
+          sender: "Cloud Policy"
+          description:
+            "Calls to the Google Account service to check if the signed-in "
+            "user is managed."
+          trigger: "User signing in to Chrome."
+          data: "OAuth2 token."
+          destination: GOOGLE_OWNED_SERVICE
+        }
+        policy {
+          cookies_allowed: false
+          setting:
+            "This feature cannot be controlled by Chrome settings, but users "
+            "can sign out of Chrome to disable it."
+          chrome_policy {
+            SigninAllowed {
+              policy_options {mode: MANDATORY}
+              SigninAllowed: false
+            }
+          }
+        })");
  // Create a URLFetcher and start it.
  url_fetcher_ =
      net::URLFetcher::Create(0, GaiaUrls::GetInstance()->oauth_user_info_url(),
-                              net::URLFetcher::GET, this);
+                              net::URLFetcher::GET, this, traffic_annotation);
  data_use_measurement::DataUseUserData::AttachToFetcher(
      url_fetcher_.get(), data_use_measurement::DataUseUserData::POLICY);
  url_fetcher_->SetRequestContext(context_);