[Reland] Change proxy disclosure at chrome://management

Change the wording and location of the proxy server disclosure in the transparency panel. First landed as CL:2360073, reveted due to failed MSAN tests. TBR=glevin@chromium.org Bug: 1116961 Test: unittests Change-Id: I133ad760e41d03ad3edf2ba3685c552257c8e9e9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2366772Reviewed-by: Denis Kuznetsov [CET] <antrim@chromium.org> Reviewed-by: Andreea-Elena Costinas <acostinas@google.com> Commit-Queue: Andreea-Elena Costinas <acostinas@google.com> Cr-Commit-Position: refs/heads/master@{#800094}

[Reland] Change proxy disclosure at chrome://management
Change the wording and location of the proxy server disclosure in the transparency panel. First landed as CL:2360073, reveted due to failed MSAN tests. TBR=glevin@chromium.org Bug: 1116961 Test: unittests Change-Id: I133ad760e41d03ad3edf2ba3685c552257c8e9e9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2366772Reviewed-by: Denis Kuznetsov [CET] <antrim@chromium.org> Reviewed-by: Andreea-Elena Costinas <acostinas@google.com> Commit-Queue: Andreea-Elena Costinas <acostinas@google.com> Cr-Commit-Position: refs/heads/master@{#800094}
c10006df · Andreea Costinas · Commit Bot · d0308991 · c10006df · c10006df
Commit c10006df authored Aug 20, 2020 by Andreea Costinas Committed by Commit Bot Aug 20, 2020
10 changed files
--- a/chrome/browser/resources/management/management_browser_proxy.js
+++ b/chrome/browser/resources/management/management_browser_proxy.js
@@ -40,7 +40,8 @@ export let BrowserReportingResponse;
 *   threatProtectionDescription: string,
 *   showUpdateRequiredEol: boolean,
 *   eolMessage: string,
- *   eolAdminMessage: string
+ *   eolAdminMessage: string,
+ *   showProxyServerPrivacyDisclosure: boolean
 * }}
 */
 let ManagedDataResponse;
@@ -79,7 +80,6 @@ export const DeviceReportingType = {
  USERNAME: 'username',
  EXTENSION: 'extension',
  ANDROID_APPLICATION: 'android application',
-  PROXY_SERVER: 'proxy server'
 };

--- a/chrome/browser/resources/management/management_ui.html
+++ b/chrome/browser/resources/management/management_ui.html
@@ -275,6 +275,10 @@
              if="[[showDeviceReportingInfo_(deviceReportingInfo_)]]">
            <section>
              <h2 class="cr-title-text">$i18n{deviceReporting}</h2>
+              <div class="subtitle"
+                hidden="[[!showProxyServerPrivacyDisclosure_]]">
+                $i18n{proxyServerPrivacyDisclosure}
+              </div>
              <div class="subtitle">
                $i18n{deviceConfiguration}
              </div>

--- a/chrome/browser/resources/management/management_ui.js
+++ b/chrome/browser/resources/management/management_ui.js
@@ -81,6 +81,9 @@ Polymer({
    /** @private */
    eolMessage_: String,
+    /** @private */
+    showProxyServerPrivacyDisclosure_: Boolean,
    // </if>
    /** @private */
@@ -267,8 +270,6 @@ Polymer({
        return 'cr:extension';
      case DeviceReportingType.ANDROID_APPLICATION:
        return 'management:play-store';
-      case DeviceReportingType.PROXY_SERVER:
-        return 'management:vpn-lock';
      default:
        return 'cr:computer';
    }
@@ -346,6 +347,8 @@ Polymer({
      this.customerLogo_ = data.customerLogo;
      this.managementOverview_ = data.overview;
      this.eolMessage_ = data.eolMessage;
+      this.showProxyServerPrivacyDisclosure_ =
+          data.showProxyServerPrivacyDisclosure;
      try {
        // Sanitizing the message could throw an error if it contains non
        // supported markup.

--- a/chrome/browser/ui/webui/management_ui.cc
+++ b/chrome/browser/ui/webui/management_ui.cc
@@ -72,7 +72,8 @@ content::WebUIDataSource* CreateManagementUIHtmlSource(Profile* profile) {
    {kManagementReportExtensions, IDS_MANAGEMENT_REPORT_EXTENSIONS},
    {kManagementReportAndroidApplications,
     IDS_MANAGEMENT_REPORT_ANDROID_APPLICATIONS},
-    {kManagementReportProxyServer, IDS_MANAGEMENT_REPORT_PROXY_SERVER},
+    {"proxyServerPrivacyDisclosure",
+     IDS_MANAGEMENT_PROXY_SERVER_PRIVACY_DISCLOSURE},
 #endif  // defined(OS_CHROMEOS)
    {"browserReporting", IDS_MANAGEMENT_BROWSER_REPORTING},
    {"browserReportingExplanation",

--- a/chrome/browser/ui/webui/management_ui_handler.cc
+++ b/chrome/browser/ui/webui/management_ui_handler.cc
@@ -170,7 +170,6 @@ const char kManagementPrinting[] = "managementPrinting";
 const char kManagementCrostini[] = "managementCrostini";
 const char kManagementCrostiniContainerConfiguration[] =
    "managementCrostiniContainerConfiguration";
-const char kManagementReportProxyServer[] = "managementReportProxyServer";
 const char kAccountManagedInfo[] = "accountManagedInfo";
 const char kDeviceManagedInfo[] = "deviceManagedInfo";
 const char kOverview[] = "overview";
@@ -213,8 +212,7 @@ enum class DeviceReportingType {
  kCrostini,
  kUsername,
  kExtensions,
-  kAndroidApplication,
+  kAndroidApplication
-  kProxyServer
 };
 // Corresponds to DeviceReportingType in management_browser_proxy.js
@@ -244,8 +242,6 @@ std::string ToJSDeviceReportingType(const DeviceReportingType& type) {
      return "extension";
    case DeviceReportingType::kAndroidApplication:
      return "android application";
-    case DeviceReportingType::kProxyServer:
-      return "proxy server";
    default:
      NOTREACHED() << "Unknown device reporting type";
      return "device";
@@ -609,33 +605,6 @@ void ManagementUIHandler::AddDeviceReportingInfo(
                              kManagementReportAndroidApplications,
                              DeviceReportingType::kAndroidApplication);
  }
-  chromeos::NetworkHandler* network_handler = chromeos::NetworkHandler::Get();
-  base::Value proxy_settings(base::Value::Type::DICTIONARY);
-  // |ui_proxy_config_service| may be missing in tests. If the device is offline
-  // (no network connected) the |DefaultNetwork| is null.
-  if (network_handler->has_ui_proxy_config_service() &&
-      network_handler->network_state_handler()->DefaultNetwork()) {
-    // Check if proxy is enforced by user policy, a forced install extension or
-    // ONC policies. This will only read managed settings.
-    network_handler->ui_proxy_config_service()->MergeEnforcedProxyConfig(
-        network_handler->network_state_handler()->DefaultNetwork()->guid(),
-        &proxy_settings);
-  }
-  if (!proxy_settings.DictEmpty()) {
-    // Proxies can be specified by web server url, via a PAC script or via the
-    // web proxy auto-discovery protocol. Chrome also supports the "direct"
-    // mode, in which no proxy is used.
-    base::Value* proxy_specification_mode = proxy_settings.FindPath(
-        {::onc::network_config::kType, ::onc::kAugmentationActiveSetting});
-    bool use_proxy =
-        proxy_specification_mode &&
-        proxy_specification_mode->GetString() != ::onc::proxy::kDirect;
-    if (use_proxy) {
-      AddDeviceReportingElement(report_sources, kManagementReportProxyServer,
-                                DeviceReportingType::kProxyServer);
-    }
-  }
 }
 bool ManagementUIHandler::IsUpdateRequiredEol() const {
@@ -663,6 +632,35 @@ void ManagementUIHandler::AddUpdateRequiredEolInfo(
      chromeos::kDeviceMinimumVersionAueMessage, &eol_admin_message);
  response->SetStringPath("eolAdminMessage", eol_admin_message);
 }
+void ManagementUIHandler::AddProxyServerPrivacyDisclosure(
+    base::Value* response) const {
+  bool showProxyDisclosure = false;
+  chromeos::NetworkHandler* network_handler = chromeos::NetworkHandler::Get();
+  base::Value proxy_settings(base::Value::Type::DICTIONARY);
+  // |ui_proxy_config_service| may be missing in tests. If the device is offline
+  // (no network connected) the |DefaultNetwork| is null.
+  if (network_handler->has_ui_proxy_config_service() &&
+      network_handler->network_state_handler()->DefaultNetwork()) {
+    // Check if proxy is enforced by user policy, a forced install extension or
+    // ONC policies. This will only read managed settings.
+    network_handler->ui_proxy_config_service()->MergeEnforcedProxyConfig(
+        network_handler->network_state_handler()->DefaultNetwork()->guid(),
+        &proxy_settings);
+  }
+  if (!proxy_settings.DictEmpty()) {
+    // Proxies can be specified by web server url, via a PAC script or via the
+    // web proxy auto-discovery protocol. Chrome also supports the "direct"
+    // mode, in which no proxy is used.
+    base::Value* proxy_specification_mode = proxy_settings.FindPath(
+        {::onc::network_config::kType, ::onc::kAugmentationActiveSetting});
+    showProxyDisclosure =
+        proxy_specification_mode &&
+        proxy_specification_mode->GetString() != ::onc::proxy::kDirect;
+  }
+  response->SetBoolPath("showProxyServerPrivacyDisclosure",
+                        showProxyDisclosure);
+}
 #endif
 base::Value ManagementUIHandler::GetContextualManagedData(Profile* profile) {
@@ -672,6 +670,7 @@ base::Value ManagementUIHandler::GetContextualManagedData(Profile* profile) {
  if (management_domain.empty())
    management_domain = GetAccountDomain(profile);
  AddUpdateRequiredEolInfo(&response);
+  AddProxyServerPrivacyDisclosure(&response);
 #else
  std::string management_domain = GetAccountDomain(profile);

--- a/chrome/browser/ui/webui/management_ui_handler.h
+++ b/chrome/browser/ui/webui/management_ui_handler.h
@@ -39,7 +39,6 @@ extern const char kManagementCrostini[];
 extern const char kManagementCrostiniContainerConfiguration[];
 extern const char kManagementReportExtensions[];
 extern const char kManagementReportAndroidApplications[];
-extern const char kManagementReportProxyServer[];
 #endif  // defined(OS_CHROMEOS)
 extern const char kCloudReportingExtensionId[];
@@ -154,6 +153,11 @@ class ManagementUIHandler : public content::WebUIMessageHandler,
  // as per device policy but the device cannot be updated due to End of Life
  // (Auto Update Expiration).
  void AddUpdateRequiredEolInfo(base::Value* response) const;
+  // Adds a boolean which indicates if there's a proxy on the device enforced by
+  // the admin. If true, a warning will be added to the transparency panel to
+  // inform the user that the admin may be able to see their network traffic.
+  void AddProxyServerPrivacyDisclosure(base::Value* response) const;
 #endif  // defined(OS_CHROMEOS)
 private:
  void GetManagementStatus(Profile* profile, base::Value* status) const;

--- a/chrome/browser/ui/webui/management_ui_handler_unittest.cc
+++ b/chrome/browser/ui/webui/management_ui_handler_unittest.cc
 // Copyright 2019 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
@@ -85,6 +86,7 @@ struct ContextualManagementSourceUpdate {
 #if defined(OS_CHROMEOS)
  base::string16 management_overview;
  base::string16 update_required_eol;
+  bool show_proxy_server_privacy_disclosure;
 #else
  base::string16 browser_management_notice;
 #endif  // defined(OS_CHROMEOS)
@@ -299,6 +301,10 @@ class ManagementUIHandlerTests : public TestingBaseClass {
 #if defined(OS_CHROMEOS)
    extracted_.management_overview = ExtractPathFromDict(data, "overview");
    extracted_.update_required_eol = ExtractPathFromDict(data, "eolMessage");
+    base::Optional<bool> showProxyDisclosure =
+        data.FindBoolPath("showProxyServerPrivacyDisclosure");
+    extracted_.show_proxy_server_privacy_disclosure =
+        showProxyDisclosure.has_value() && showProxyDisclosure.value();
 #else
    extracted_.browser_management_notice =
        ExtractPathFromDict(data, "browserManagementNotice");
@@ -459,6 +465,10 @@ class ManagementUIHandlerTests : public TestingBaseClass {
  base::string16 GetUpdateRequiredEolMessage() const {
    return extracted_.update_required_eol;
  }
+  bool GetShowProxyServerPrivacyDisclosure() const {
+    return extracted_.show_proxy_server_privacy_disclosure;
+  }
 #else
  base::string16 GetBrowserManagementNotice() const {
@@ -918,32 +928,30 @@ TEST_F(ManagementUIHandlerTests, AllDisabledDeviceReportingInfo) {
                      expected_elements);
 }
-TEST_F(ManagementUIHandlerTests, ProxyServerShowReport) {
+TEST_F(ManagementUIHandlerTests, ShowProxyServerDisclosure) {
+  ResetTestConfig();
+  // Set pref to use a proxy.
  PrefProxyConfigTrackerImpl::RegisterProfilePrefs(user_prefs_.registry());
  chromeos::NetworkHandler::Get()->InitializePrefServices(&user_prefs_,
                                                          &local_state_);
-  // Set pref to use a proxy.
  base::Value policy_prefs_config = ProxyConfigDictionary::CreateAutoDetect();
  user_prefs_.SetUserPref(
      proxy_config::prefs::kProxy,
      base::Value::ToUniquePtrValue(std::move(policy_prefs_config)));
  base::RunLoop().RunUntilIdle();
-  ResetTestConfig(false);
+  GetTestConfig().managed_device = true;
-  const base::Value info = SetUpForReportingInfo();
+  SetUpProfileAndHandler();
-  const std::map<std::string, std::string> expected_elements = {
-      {kManagementReportProxyServer, "proxy server"}};
-  ASSERT_PRED_FORMAT2(ReportingElementsToBeEQ, info.GetList(),
+  EXPECT_TRUE(GetShowProxyServerPrivacyDisclosure());
-                      expected_elements);
 }
-TEST_F(ManagementUIHandlerTests, ProxyServerShowReportDeviceOffline) {
+TEST_F(ManagementUIHandlerTests, ProxyServerDisclosureDeviceOffline) {
+  ResetTestConfig();
+  // Simulate network disconnected state.
  PrefProxyConfigTrackerImpl::RegisterProfilePrefs(user_prefs_.registry());
  chromeos::NetworkHandler::Get()->InitializePrefServices(&user_prefs_,
                                                          &local_state_);
-  // Simulate network disconnected state.
  chromeos::NetworkStateHandler::NetworkStateList networks;
  chromeos::NetworkHandler::Get()
      ->network_state_handler()
@@ -962,33 +970,31 @@ TEST_F(ManagementUIHandlerTests, ProxyServerShowReportDeviceOffline) {
  }
  base::RunLoop().RunUntilIdle();
-  ResetTestConfig(false);
+  GetTestConfig().managed_device = true;
-  const base::Value info = SetUpForReportingInfo();
+  SetUpProfileAndHandler();
-  const std::map<std::string, std::string> expected_elements = {};
+  EXPECT_FALSE(GetShowProxyServerPrivacyDisclosure());
-  ASSERT_PRED_FORMAT2(ReportingElementsToBeEQ, info.GetList(),
-                      expected_elements);
  chromeos::NetworkHandler::Get()->NetworkHandler::ShutdownPrefServices();
 }
-TEST_F(ManagementUIHandlerTests, ProxyServerHideReportForDirectProxy) {
+TEST_F(ManagementUIHandlerTests, HideProxyServerDisclosureForDirectProxy) {
+  ResetTestConfig();
+  // Set pref not to use proxy.
  PrefProxyConfigTrackerImpl::RegisterProfilePrefs(user_prefs_.registry());
  chromeos::NetworkHandler::Get()->InitializePrefServices(&user_prefs_,
                                                          &local_state_);
-  // Set pref not to use proxy.
  base::Value policy_prefs_config = ProxyConfigDictionary::CreateDirect();
  user_prefs_.SetUserPref(
      proxy_config::prefs::kProxy,
      base::Value::ToUniquePtrValue(std::move(policy_prefs_config)));
  base::RunLoop().RunUntilIdle();
-  ResetTestConfig(false);
+  GetTestConfig().managed_device = true;
-  const base::Value info = SetUpForReportingInfo();
+  SetUpProfileAndHandler();
+  EXPECT_FALSE(GetShowProxyServerPrivacyDisclosure());
-  const std::map<std::string, std::string> expected_elements = {};
-  ASSERT_PRED_FORMAT2(ReportingElementsToBeEQ, info.GetList(),
-                      expected_elements);
  chromeos::NetworkHandler::Get()->NetworkHandler::ShutdownPrefServices();
 }

--- a/components/management_strings.grdp
+++ b/components/management_strings.grdp
@@ -83,6 +83,9 @@
    <message name="IDS_MANAGEMENT_DEVICE_REPORTING" desc="Title of the types of device reporting section of the page">
      Device
    </message>
+    <message name="IDS_MANAGEMENT_PROXY_SERVER_PRIVACY_DISCLOSURE" desc="Message stating that administrators can see user's traffic when connected to a proxy server.">
+      Administrators of this device have configured your network connection, which may allow them to see your network traffic, including which websites you visit.
+    </message>
    <message name="IDS_MANAGEMENT_DEVICE_CONFIGURATION" desc="Message telling users that their administrator has set some specific policies on their device">
      Your administrator can see:
    </message>
@@ -122,9 +125,6 @@
    <message name="IDS_MANAGEMENT_REPORT_ANDROID_APPLICATIONS" desc="Message stating that administrators can see user's installed Android applications.">
      Which Google Play apps you have installed
    </message>
-    <message name="IDS_MANAGEMENT_REPORT_PROXY_SERVER" desc="Message stating that administrators can see user's traffic when connected to a proxy server.">
-      Websites you visit and the contents of not secure pages
-    </message>
    <message name="IDS_MANAGEMENT_REPORT_PLUGIN_VM" desc="Message telling users that Plugin VM can collect data.">
      Your administrator has allowed <ph name="APP_NAME">$1<ex>Plugin VM</ex></ph> to collect diagnostics data to improve the product experience. See <ph name="BEGIN_LINK">&lt;a target="_blank" href="https://www.parallels.com/pcep"&gt;</ph>https://www.parallels.com/pcep<ph name="END_LINK">&lt;/a&gt;</ph> for more information.
    </message>

--- a/components/management_strings_grdp/IDS_MANAGEMENT_PROXY_SERVER_PRIVACY_DISCLOSURE.png.sha1
+++ b/components/management_strings_grdp/IDS_MANAGEMENT_PROXY_SERVER_PRIVACY_DISCLOSURE.png.sha1
+b0b948edf91fae1dd9a31455eab621918025fa36
\ No newline at end of file
--- a/components/management_strings_grdp/IDS_MANAGEMENT_REPORT_PROXY_SERVER.png.sha1
+++ b/components/management_strings_grdp/IDS_MANAGEMENT_REPORT_PROXY_SERVER.png.sha1
-a35ceef3ad7c9e9ad08ac68788efc2a63720c506
\ No newline at end of file