Commit c10006df authored by Andreea Costinas's avatar Andreea Costinas Committed by Commit Bot

[Reland] Change proxy disclosure at chrome://management

Change the wording and location of the proxy server disclosure in the
transparency panel.

First landed as CL:2360073, reveted due to failed MSAN tests.

TBR=glevin@chromium.org

Bug: 1116961
Test: unittests
Change-Id: I133ad760e41d03ad3edf2ba3685c552257c8e9e9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2366772Reviewed-by: default avatarDenis Kuznetsov [CET] <antrim@chromium.org>
Reviewed-by: default avatarAndreea-Elena Costinas <acostinas@google.com>
Commit-Queue: Andreea-Elena Costinas <acostinas@google.com>
Cr-Commit-Position: refs/heads/master@{#800094}
parent d0308991
...@@ -40,7 +40,8 @@ export let BrowserReportingResponse; ...@@ -40,7 +40,8 @@ export let BrowserReportingResponse;
* threatProtectionDescription: string, * threatProtectionDescription: string,
* showUpdateRequiredEol: boolean, * showUpdateRequiredEol: boolean,
* eolMessage: string, * eolMessage: string,
* eolAdminMessage: string * eolAdminMessage: string,
* showProxyServerPrivacyDisclosure: boolean
* }} * }}
*/ */
let ManagedDataResponse; let ManagedDataResponse;
...@@ -79,7 +80,6 @@ export const DeviceReportingType = { ...@@ -79,7 +80,6 @@ export const DeviceReportingType = {
USERNAME: 'username', USERNAME: 'username',
EXTENSION: 'extension', EXTENSION: 'extension',
ANDROID_APPLICATION: 'android application', ANDROID_APPLICATION: 'android application',
PROXY_SERVER: 'proxy server'
}; };
......
...@@ -275,6 +275,10 @@ ...@@ -275,6 +275,10 @@
if="[[showDeviceReportingInfo_(deviceReportingInfo_)]]"> if="[[showDeviceReportingInfo_(deviceReportingInfo_)]]">
<section> <section>
<h2 class="cr-title-text">$i18n{deviceReporting}</h2> <h2 class="cr-title-text">$i18n{deviceReporting}</h2>
<div class="subtitle"
hidden="[[!showProxyServerPrivacyDisclosure_]]">
$i18n{proxyServerPrivacyDisclosure}
</div>
<div class="subtitle"> <div class="subtitle">
$i18n{deviceConfiguration} $i18n{deviceConfiguration}
</div> </div>
......
...@@ -81,6 +81,9 @@ Polymer({ ...@@ -81,6 +81,9 @@ Polymer({
/** @private */ /** @private */
eolMessage_: String, eolMessage_: String,
/** @private */
showProxyServerPrivacyDisclosure_: Boolean,
// </if> // </if>
/** @private */ /** @private */
...@@ -267,8 +270,6 @@ Polymer({ ...@@ -267,8 +270,6 @@ Polymer({
return 'cr:extension'; return 'cr:extension';
case DeviceReportingType.ANDROID_APPLICATION: case DeviceReportingType.ANDROID_APPLICATION:
return 'management:play-store'; return 'management:play-store';
case DeviceReportingType.PROXY_SERVER:
return 'management:vpn-lock';
default: default:
return 'cr:computer'; return 'cr:computer';
} }
...@@ -346,6 +347,8 @@ Polymer({ ...@@ -346,6 +347,8 @@ Polymer({
this.customerLogo_ = data.customerLogo; this.customerLogo_ = data.customerLogo;
this.managementOverview_ = data.overview; this.managementOverview_ = data.overview;
this.eolMessage_ = data.eolMessage; this.eolMessage_ = data.eolMessage;
this.showProxyServerPrivacyDisclosure_ =
data.showProxyServerPrivacyDisclosure;
try { try {
// Sanitizing the message could throw an error if it contains non // Sanitizing the message could throw an error if it contains non
// supported markup. // supported markup.
......
...@@ -72,7 +72,8 @@ content::WebUIDataSource* CreateManagementUIHtmlSource(Profile* profile) { ...@@ -72,7 +72,8 @@ content::WebUIDataSource* CreateManagementUIHtmlSource(Profile* profile) {
{kManagementReportExtensions, IDS_MANAGEMENT_REPORT_EXTENSIONS}, {kManagementReportExtensions, IDS_MANAGEMENT_REPORT_EXTENSIONS},
{kManagementReportAndroidApplications, {kManagementReportAndroidApplications,
IDS_MANAGEMENT_REPORT_ANDROID_APPLICATIONS}, IDS_MANAGEMENT_REPORT_ANDROID_APPLICATIONS},
{kManagementReportProxyServer, IDS_MANAGEMENT_REPORT_PROXY_SERVER}, {"proxyServerPrivacyDisclosure",
IDS_MANAGEMENT_PROXY_SERVER_PRIVACY_DISCLOSURE},
#endif // defined(OS_CHROMEOS) #endif // defined(OS_CHROMEOS)
{"browserReporting", IDS_MANAGEMENT_BROWSER_REPORTING}, {"browserReporting", IDS_MANAGEMENT_BROWSER_REPORTING},
{"browserReportingExplanation", {"browserReportingExplanation",
......
...@@ -170,7 +170,6 @@ const char kManagementPrinting[] = "managementPrinting"; ...@@ -170,7 +170,6 @@ const char kManagementPrinting[] = "managementPrinting";
const char kManagementCrostini[] = "managementCrostini"; const char kManagementCrostini[] = "managementCrostini";
const char kManagementCrostiniContainerConfiguration[] = const char kManagementCrostiniContainerConfiguration[] =
"managementCrostiniContainerConfiguration"; "managementCrostiniContainerConfiguration";
const char kManagementReportProxyServer[] = "managementReportProxyServer";
const char kAccountManagedInfo[] = "accountManagedInfo"; const char kAccountManagedInfo[] = "accountManagedInfo";
const char kDeviceManagedInfo[] = "deviceManagedInfo"; const char kDeviceManagedInfo[] = "deviceManagedInfo";
const char kOverview[] = "overview"; const char kOverview[] = "overview";
...@@ -213,8 +212,7 @@ enum class DeviceReportingType { ...@@ -213,8 +212,7 @@ enum class DeviceReportingType {
kCrostini, kCrostini,
kUsername, kUsername,
kExtensions, kExtensions,
kAndroidApplication, kAndroidApplication
kProxyServer
}; };
// Corresponds to DeviceReportingType in management_browser_proxy.js // Corresponds to DeviceReportingType in management_browser_proxy.js
...@@ -244,8 +242,6 @@ std::string ToJSDeviceReportingType(const DeviceReportingType& type) { ...@@ -244,8 +242,6 @@ std::string ToJSDeviceReportingType(const DeviceReportingType& type) {
return "extension"; return "extension";
case DeviceReportingType::kAndroidApplication: case DeviceReportingType::kAndroidApplication:
return "android application"; return "android application";
case DeviceReportingType::kProxyServer:
return "proxy server";
default: default:
NOTREACHED() << "Unknown device reporting type"; NOTREACHED() << "Unknown device reporting type";
return "device"; return "device";
...@@ -609,33 +605,6 @@ void ManagementUIHandler::AddDeviceReportingInfo( ...@@ -609,33 +605,6 @@ void ManagementUIHandler::AddDeviceReportingInfo(
kManagementReportAndroidApplications, kManagementReportAndroidApplications,
DeviceReportingType::kAndroidApplication); DeviceReportingType::kAndroidApplication);
} }
chromeos::NetworkHandler* network_handler = chromeos::NetworkHandler::Get();
base::Value proxy_settings(base::Value::Type::DICTIONARY);
// |ui_proxy_config_service| may be missing in tests. If the device is offline
// (no network connected) the |DefaultNetwork| is null.
if (network_handler->has_ui_proxy_config_service() &&
network_handler->network_state_handler()->DefaultNetwork()) {
// Check if proxy is enforced by user policy, a forced install extension or
// ONC policies. This will only read managed settings.
network_handler->ui_proxy_config_service()->MergeEnforcedProxyConfig(
network_handler->network_state_handler()->DefaultNetwork()->guid(),
&proxy_settings);
}
if (!proxy_settings.DictEmpty()) {
// Proxies can be specified by web server url, via a PAC script or via the
// web proxy auto-discovery protocol. Chrome also supports the "direct"
// mode, in which no proxy is used.
base::Value* proxy_specification_mode = proxy_settings.FindPath(
{::onc::network_config::kType, ::onc::kAugmentationActiveSetting});
bool use_proxy =
proxy_specification_mode &&
proxy_specification_mode->GetString() != ::onc::proxy::kDirect;
if (use_proxy) {
AddDeviceReportingElement(report_sources, kManagementReportProxyServer,
DeviceReportingType::kProxyServer);
}
}
} }
bool ManagementUIHandler::IsUpdateRequiredEol() const { bool ManagementUIHandler::IsUpdateRequiredEol() const {
...@@ -663,6 +632,35 @@ void ManagementUIHandler::AddUpdateRequiredEolInfo( ...@@ -663,6 +632,35 @@ void ManagementUIHandler::AddUpdateRequiredEolInfo(
chromeos::kDeviceMinimumVersionAueMessage, &eol_admin_message); chromeos::kDeviceMinimumVersionAueMessage, &eol_admin_message);
response->SetStringPath("eolAdminMessage", eol_admin_message); response->SetStringPath("eolAdminMessage", eol_admin_message);
} }
void ManagementUIHandler::AddProxyServerPrivacyDisclosure(
base::Value* response) const {
bool showProxyDisclosure = false;
chromeos::NetworkHandler* network_handler = chromeos::NetworkHandler::Get();
base::Value proxy_settings(base::Value::Type::DICTIONARY);
// |ui_proxy_config_service| may be missing in tests. If the device is offline
// (no network connected) the |DefaultNetwork| is null.
if (network_handler->has_ui_proxy_config_service() &&
network_handler->network_state_handler()->DefaultNetwork()) {
// Check if proxy is enforced by user policy, a forced install extension or
// ONC policies. This will only read managed settings.
network_handler->ui_proxy_config_service()->MergeEnforcedProxyConfig(
network_handler->network_state_handler()->DefaultNetwork()->guid(),
&proxy_settings);
}
if (!proxy_settings.DictEmpty()) {
// Proxies can be specified by web server url, via a PAC script or via the
// web proxy auto-discovery protocol. Chrome also supports the "direct"
// mode, in which no proxy is used.
base::Value* proxy_specification_mode = proxy_settings.FindPath(
{::onc::network_config::kType, ::onc::kAugmentationActiveSetting});
showProxyDisclosure =
proxy_specification_mode &&
proxy_specification_mode->GetString() != ::onc::proxy::kDirect;
}
response->SetBoolPath("showProxyServerPrivacyDisclosure",
showProxyDisclosure);
}
#endif #endif
base::Value ManagementUIHandler::GetContextualManagedData(Profile* profile) { base::Value ManagementUIHandler::GetContextualManagedData(Profile* profile) {
...@@ -672,6 +670,7 @@ base::Value ManagementUIHandler::GetContextualManagedData(Profile* profile) { ...@@ -672,6 +670,7 @@ base::Value ManagementUIHandler::GetContextualManagedData(Profile* profile) {
if (management_domain.empty()) if (management_domain.empty())
management_domain = GetAccountDomain(profile); management_domain = GetAccountDomain(profile);
AddUpdateRequiredEolInfo(&response); AddUpdateRequiredEolInfo(&response);
AddProxyServerPrivacyDisclosure(&response);
#else #else
std::string management_domain = GetAccountDomain(profile); std::string management_domain = GetAccountDomain(profile);
......
...@@ -39,7 +39,6 @@ extern const char kManagementCrostini[]; ...@@ -39,7 +39,6 @@ extern const char kManagementCrostini[];
extern const char kManagementCrostiniContainerConfiguration[]; extern const char kManagementCrostiniContainerConfiguration[];
extern const char kManagementReportExtensions[]; extern const char kManagementReportExtensions[];
extern const char kManagementReportAndroidApplications[]; extern const char kManagementReportAndroidApplications[];
extern const char kManagementReportProxyServer[];
#endif // defined(OS_CHROMEOS) #endif // defined(OS_CHROMEOS)
extern const char kCloudReportingExtensionId[]; extern const char kCloudReportingExtensionId[];
...@@ -154,6 +153,11 @@ class ManagementUIHandler : public content::WebUIMessageHandler, ...@@ -154,6 +153,11 @@ class ManagementUIHandler : public content::WebUIMessageHandler,
// as per device policy but the device cannot be updated due to End of Life // as per device policy but the device cannot be updated due to End of Life
// (Auto Update Expiration). // (Auto Update Expiration).
void AddUpdateRequiredEolInfo(base::Value* response) const; void AddUpdateRequiredEolInfo(base::Value* response) const;
// Adds a boolean which indicates if there's a proxy on the device enforced by
// the admin. If true, a warning will be added to the transparency panel to
// inform the user that the admin may be able to see their network traffic.
void AddProxyServerPrivacyDisclosure(base::Value* response) const;
#endif // defined(OS_CHROMEOS) #endif // defined(OS_CHROMEOS)
private: private:
void GetManagementStatus(Profile* profile, base::Value* status) const; void GetManagementStatus(Profile* profile, base::Value* status) const;
......
// Copyright 2019 The Chromium Authors. All rights reserved. // Copyright 2019 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be // Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file. // found in the LICENSE file.
...@@ -85,6 +86,7 @@ struct ContextualManagementSourceUpdate { ...@@ -85,6 +86,7 @@ struct ContextualManagementSourceUpdate {
#if defined(OS_CHROMEOS) #if defined(OS_CHROMEOS)
base::string16 management_overview; base::string16 management_overview;
base::string16 update_required_eol; base::string16 update_required_eol;
bool show_proxy_server_privacy_disclosure;
#else #else
base::string16 browser_management_notice; base::string16 browser_management_notice;
#endif // defined(OS_CHROMEOS) #endif // defined(OS_CHROMEOS)
...@@ -299,6 +301,10 @@ class ManagementUIHandlerTests : public TestingBaseClass { ...@@ -299,6 +301,10 @@ class ManagementUIHandlerTests : public TestingBaseClass {
#if defined(OS_CHROMEOS) #if defined(OS_CHROMEOS)
extracted_.management_overview = ExtractPathFromDict(data, "overview"); extracted_.management_overview = ExtractPathFromDict(data, "overview");
extracted_.update_required_eol = ExtractPathFromDict(data, "eolMessage"); extracted_.update_required_eol = ExtractPathFromDict(data, "eolMessage");
base::Optional<bool> showProxyDisclosure =
data.FindBoolPath("showProxyServerPrivacyDisclosure");
extracted_.show_proxy_server_privacy_disclosure =
showProxyDisclosure.has_value() && showProxyDisclosure.value();
#else #else
extracted_.browser_management_notice = extracted_.browser_management_notice =
ExtractPathFromDict(data, "browserManagementNotice"); ExtractPathFromDict(data, "browserManagementNotice");
...@@ -459,6 +465,10 @@ class ManagementUIHandlerTests : public TestingBaseClass { ...@@ -459,6 +465,10 @@ class ManagementUIHandlerTests : public TestingBaseClass {
base::string16 GetUpdateRequiredEolMessage() const { base::string16 GetUpdateRequiredEolMessage() const {
return extracted_.update_required_eol; return extracted_.update_required_eol;
} }
bool GetShowProxyServerPrivacyDisclosure() const {
return extracted_.show_proxy_server_privacy_disclosure;
}
#else #else
base::string16 GetBrowserManagementNotice() const { base::string16 GetBrowserManagementNotice() const {
...@@ -918,32 +928,30 @@ TEST_F(ManagementUIHandlerTests, AllDisabledDeviceReportingInfo) { ...@@ -918,32 +928,30 @@ TEST_F(ManagementUIHandlerTests, AllDisabledDeviceReportingInfo) {
expected_elements); expected_elements);
} }
TEST_F(ManagementUIHandlerTests, ProxyServerShowReport) { TEST_F(ManagementUIHandlerTests, ShowProxyServerDisclosure) {
ResetTestConfig();
// Set pref to use a proxy.
PrefProxyConfigTrackerImpl::RegisterProfilePrefs(user_prefs_.registry()); PrefProxyConfigTrackerImpl::RegisterProfilePrefs(user_prefs_.registry());
chromeos::NetworkHandler::Get()->InitializePrefServices(&user_prefs_, chromeos::NetworkHandler::Get()->InitializePrefServices(&user_prefs_,
&local_state_); &local_state_);
// Set pref to use a proxy.
base::Value policy_prefs_config = ProxyConfigDictionary::CreateAutoDetect(); base::Value policy_prefs_config = ProxyConfigDictionary::CreateAutoDetect();
user_prefs_.SetUserPref( user_prefs_.SetUserPref(
proxy_config::prefs::kProxy, proxy_config::prefs::kProxy,
base::Value::ToUniquePtrValue(std::move(policy_prefs_config))); base::Value::ToUniquePtrValue(std::move(policy_prefs_config)));
base::RunLoop().RunUntilIdle(); base::RunLoop().RunUntilIdle();
ResetTestConfig(false); GetTestConfig().managed_device = true;
const base::Value info = SetUpForReportingInfo(); SetUpProfileAndHandler();
const std::map<std::string, std::string> expected_elements = {
{kManagementReportProxyServer, "proxy server"}};
ASSERT_PRED_FORMAT2(ReportingElementsToBeEQ, info.GetList(), EXPECT_TRUE(GetShowProxyServerPrivacyDisclosure());
expected_elements);
} }
TEST_F(ManagementUIHandlerTests, ProxyServerShowReportDeviceOffline) { TEST_F(ManagementUIHandlerTests, ProxyServerDisclosureDeviceOffline) {
ResetTestConfig();
// Simulate network disconnected state.
PrefProxyConfigTrackerImpl::RegisterProfilePrefs(user_prefs_.registry()); PrefProxyConfigTrackerImpl::RegisterProfilePrefs(user_prefs_.registry());
chromeos::NetworkHandler::Get()->InitializePrefServices(&user_prefs_, chromeos::NetworkHandler::Get()->InitializePrefServices(&user_prefs_,
&local_state_); &local_state_);
// Simulate network disconnected state.
chromeos::NetworkStateHandler::NetworkStateList networks; chromeos::NetworkStateHandler::NetworkStateList networks;
chromeos::NetworkHandler::Get() chromeos::NetworkHandler::Get()
->network_state_handler() ->network_state_handler()
...@@ -962,33 +970,31 @@ TEST_F(ManagementUIHandlerTests, ProxyServerShowReportDeviceOffline) { ...@@ -962,33 +970,31 @@ TEST_F(ManagementUIHandlerTests, ProxyServerShowReportDeviceOffline) {
} }
base::RunLoop().RunUntilIdle(); base::RunLoop().RunUntilIdle();
ResetTestConfig(false); GetTestConfig().managed_device = true;
const base::Value info = SetUpForReportingInfo(); SetUpProfileAndHandler();
const std::map<std::string, std::string> expected_elements = {}; EXPECT_FALSE(GetShowProxyServerPrivacyDisclosure());
ASSERT_PRED_FORMAT2(ReportingElementsToBeEQ, info.GetList(),
expected_elements);
chromeos::NetworkHandler::Get()->NetworkHandler::ShutdownPrefServices(); chromeos::NetworkHandler::Get()->NetworkHandler::ShutdownPrefServices();
} }
TEST_F(ManagementUIHandlerTests, ProxyServerHideReportForDirectProxy) { TEST_F(ManagementUIHandlerTests, HideProxyServerDisclosureForDirectProxy) {
ResetTestConfig();
// Set pref not to use proxy.
PrefProxyConfigTrackerImpl::RegisterProfilePrefs(user_prefs_.registry()); PrefProxyConfigTrackerImpl::RegisterProfilePrefs(user_prefs_.registry());
chromeos::NetworkHandler::Get()->InitializePrefServices(&user_prefs_, chromeos::NetworkHandler::Get()->InitializePrefServices(&user_prefs_,
&local_state_); &local_state_);
// Set pref not to use proxy.
base::Value policy_prefs_config = ProxyConfigDictionary::CreateDirect(); base::Value policy_prefs_config = ProxyConfigDictionary::CreateDirect();
user_prefs_.SetUserPref( user_prefs_.SetUserPref(
proxy_config::prefs::kProxy, proxy_config::prefs::kProxy,
base::Value::ToUniquePtrValue(std::move(policy_prefs_config))); base::Value::ToUniquePtrValue(std::move(policy_prefs_config)));
base::RunLoop().RunUntilIdle(); base::RunLoop().RunUntilIdle();
ResetTestConfig(false); GetTestConfig().managed_device = true;
const base::Value info = SetUpForReportingInfo(); SetUpProfileAndHandler();
EXPECT_FALSE(GetShowProxyServerPrivacyDisclosure());
const std::map<std::string, std::string> expected_elements = {};
ASSERT_PRED_FORMAT2(ReportingElementsToBeEQ, info.GetList(),
expected_elements);
chromeos::NetworkHandler::Get()->NetworkHandler::ShutdownPrefServices(); chromeos::NetworkHandler::Get()->NetworkHandler::ShutdownPrefServices();
} }
......
...@@ -83,6 +83,9 @@ ...@@ -83,6 +83,9 @@
<message name="IDS_MANAGEMENT_DEVICE_REPORTING" desc="Title of the types of device reporting section of the page"> <message name="IDS_MANAGEMENT_DEVICE_REPORTING" desc="Title of the types of device reporting section of the page">
Device Device
</message> </message>
<message name="IDS_MANAGEMENT_PROXY_SERVER_PRIVACY_DISCLOSURE" desc="Message stating that administrators can see user's traffic when connected to a proxy server.">
Administrators of this device have configured your network connection, which may allow them to see your network traffic, including which websites you visit.
</message>
<message name="IDS_MANAGEMENT_DEVICE_CONFIGURATION" desc="Message telling users that their administrator has set some specific policies on their device"> <message name="IDS_MANAGEMENT_DEVICE_CONFIGURATION" desc="Message telling users that their administrator has set some specific policies on their device">
Your administrator can see: Your administrator can see:
</message> </message>
...@@ -122,9 +125,6 @@ ...@@ -122,9 +125,6 @@
<message name="IDS_MANAGEMENT_REPORT_ANDROID_APPLICATIONS" desc="Message stating that administrators can see user's installed Android applications."> <message name="IDS_MANAGEMENT_REPORT_ANDROID_APPLICATIONS" desc="Message stating that administrators can see user's installed Android applications.">
Which Google Play apps you have installed Which Google Play apps you have installed
</message> </message>
<message name="IDS_MANAGEMENT_REPORT_PROXY_SERVER" desc="Message stating that administrators can see user's traffic when connected to a proxy server.">
Websites you visit and the contents of not secure pages
</message>
<message name="IDS_MANAGEMENT_REPORT_PLUGIN_VM" desc="Message telling users that Plugin VM can collect data."> <message name="IDS_MANAGEMENT_REPORT_PLUGIN_VM" desc="Message telling users that Plugin VM can collect data.">
Your administrator has allowed <ph name="APP_NAME">$1<ex>Plugin VM</ex></ph> to collect diagnostics data to improve the product experience. See <ph name="BEGIN_LINK">&lt;a target="_blank" href="https://www.parallels.com/pcep"&gt;</ph>https://www.parallels.com/pcep<ph name="END_LINK">&lt;/a&gt;</ph> for more information. Your administrator has allowed <ph name="APP_NAME">$1<ex>Plugin VM</ex></ph> to collect diagnostics data to improve the product experience. See <ph name="BEGIN_LINK">&lt;a target="_blank" href="https://www.parallels.com/pcep"&gt;</ph>https://www.parallels.com/pcep<ph name="END_LINK">&lt;/a&gt;</ph> for more information.
</message> </message>
......
b0b948edf91fae1dd9a31455eab621918025fa36
\ No newline at end of file
a35ceef3ad7c9e9ad08ac68788efc2a63720c506
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment