Move Pepper TCP and UDP annotations to the same place, update UDP ones.

This CL moves the pepper network anntotations to the same file, to more easily keep them in sync, and makes the UDP one match the more complete TCP one. Bug: 878136 Change-Id: I7d607aacedb9298afc3796990c5a713247c32001 Reviewed-on: https://chromium-review.googlesource.com/1194958Reviewed-by: Ramin Halavati <rhalavati@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Matt Menke <mmenke@chromium.org> Cr-Commit-Position: refs/heads/master@{#587478}

Move Pepper TCP and UDP annotations to the same place, update UDP ones.
This CL moves the pepper network anntotations to the same file, to more easily keep them in sync, and makes the UDP one match the more complete TCP one. Bug: 878136 Change-Id: I7d607aacedb9298afc3796990c5a713247c32001 Reviewed-on: https://chromium-review.googlesource.com/1194958Reviewed-by: Ramin Halavati <rhalavati@chromium.org> Reviewed-by: Bill Budge <bbudge@chromium.org> Commit-Queue: Matt Menke <mmenke@chromium.org> Cr-Commit-Position: refs/heads/master@{#587478}
dda4be7a · Matt Menke · Commit Bot · 613c1bf0 · dda4be7a · dda4be7a
Commit dda4be7a authored Aug 30, 2018 by Matt Menke Committed by Commit Bot Aug 30, 2018
5 changed files
--- a/content/browser/renderer_host/pepper/pepper_socket_utils.cc
+++ b/content/browser/renderer_host/pepper/pepper_socket_utils.cc
@@ -186,5 +186,94 @@ void OpenUDPFirewallHole(const net::IPEndPoint& address,
 }
 #endif  // defined(OS_CHROMEOS)

+net::MutableNetworkTrafficAnnotationTag PepperTCPNetworkAnnotationTag() {
+  return net::MutableNetworkTrafficAnnotationTag(
+      net::DefineNetworkTrafficAnnotation("pepper_tcp_socket",
+                                          R"(
+        semantics {
+          sender: "Pepper TCP Socket"
+          description:
+            "Pepper plugins use this API to send and receive data over the "
+            "network using TCP connections. This inteface is used by Flash and "
+            "PDF viewer, and Chrome Apps which use plugins to send/receive TCP "
+            "traffic (require Chrome Apps TCP socket permission). This "
+            "interface allows creation of client and server sockets."
+          trigger:
+            "A request from a Pepper plugin."
+          data: "Any data that the plugin sends."
+          destination: OTHER
+          destination_other:
+            "Data can be sent to any destination."
+        }
+        policy {
+          cookies_allowed: NO
+          setting:
+            "These requests cannot be disabled, but will not happen if user "
+            "does not use Flash, internal PDF Viewer, or Chrome Apps that use "
+            "Pepper interface."
+          chrome_policy {
+            DefaultPluginsSetting {
+              DefaultPluginsSetting: 2
+            }
+          }
+          chrome_policy {
+            AlwaysOpenPdfExternally {
+              AlwaysOpenPdfExternally: true
+            }
+          }
+          chrome_policy {
+            ExtensionInstallBlacklist {
+              ExtensionInstallBlacklist: {
+                entries: '*'
+              }
+            }
+          }
+        })"));
+}
+
+net::MutableNetworkTrafficAnnotationTag PepperUDPNetworkAnnotationTag() {
+  return net::MutableNetworkTrafficAnnotationTag(
+      net::DefineNetworkTrafficAnnotation("pepper_udp_socket",
+                                          R"(
+        semantics {
+          sender: "Pepper UDP Socket"
+          description:
+            "Pepper plugins use this API to send and receive data over the "
+            "network using UDP connections. This inteface is used by Flash and "
+            "PDF viewer, and Chrome Apps which use plugins to send/receive UDP "
+            "traffic (require Chrome Apps UDP socket permission)."
+          trigger:
+            "A request from a Pepper plugin."
+          data: "Any data that the plugin sends."
+          destination: OTHER
+          destination_other:
+            "Data can be sent to any destination."
+        }
+        policy {
+          cookies_allowed: NO
+          setting:
+            "These requests cannot be disabled, but will not happen if user "
+            "does not use Flash, internal PDF Viewer, or Chrome Apps that use "
+            "Pepper interface."
+          chrome_policy {
+            DefaultPluginsSetting {
+              DefaultPluginsSetting: 2
+            }
+          }
+          chrome_policy {
+            AlwaysOpenPdfExternally {
+              AlwaysOpenPdfExternally: true
+            }
+          }
+          chrome_policy {
+            ExtensionInstallBlacklist {
+              ExtensionInstallBlacklist: {
+                entries: '*'
+              }
+            }
+          }
+        })"));
+}
+
 }  // namespace pepper_socket_utils
 }  // namespace content
--- a/content/browser/renderer_host/pepper/pepper_socket_utils.h
+++ b/content/browser/renderer_host/pepper/pepper_socket_utils.h
@@ -9,6 +9,7 @@

 #include "build/build_config.h"
 #include "content/public/common/socket_permission_request.h"
+#include "net/traffic_annotation/network_traffic_annotation.h"
 #include "ppapi/c/pp_stdint.h"

 #if defined(OS_CHROMEOS)
@@ -72,6 +73,11 @@ void OpenUDPFirewallHole(const net::IPEndPoint& address,
                         FirewallHoleOpenCallback callback);
 #endif  // defined(OS_CHROMEOS)

+// Annotations for TCP and UDP network requests. Defined here to make it easier
+// to keep them in sync.
+net::MutableNetworkTrafficAnnotationTag PepperTCPNetworkAnnotationTag();
+net::MutableNetworkTrafficAnnotationTag PepperUDPNetworkAnnotationTag();
+
 }  // namespace pepper_socket_utils

 }  // namespace content

--- a/content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.cc
+++ b/content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.cc
@@ -692,60 +692,22 @@ void PepperTCPSocketMessageFilter::DoWrite(
  DCHECK(state_.IsConnected());

  int net_result = net::ERR_FAILED;
-  net::NetworkTrafficAnnotationTag traffic_annotation =
-      net::DefineNetworkTrafficAnnotation("pepper_tcp_socket", R"(
-        semantics {
-          sender: "Pepper TCP Socket"
-          description:
-            "Pepper plugins use this API to send and receive data over the "
-            "network using TCP connections. This inteface is used by Flash and "
-            "PDF viewer, and Chrome Apps which use plugins to send/receive TCP "
-            "traffic (require Chrome Apps TCP socket permission)."
-          trigger:
-            "A request from a Pepper plugin."
-          data: "Any data that the plugin sends."
-          destination: OTHER
-          destination_other:
-            "Data can be sent to any destination."
-        }
-        policy {
-          cookies_allowed: NO
-          setting:
-            "These requests cannot be disabled, but will not happen if user "
-            "does not use Flash, internal PDF Viewer, or Chrome Apps that use "
-            "Pepper interface."
-          chrome_policy {
-            DefaultPluginsSetting {
-              DefaultPluginsSetting: 2
-            }
-          }
-          chrome_policy {
-            AlwaysOpenPdfExternally {
-              AlwaysOpenPdfExternally: true
-            }
-          }
-          chrome_policy {
-            ExtensionInstallBlacklist {
-              ExtensionInstallBlacklist: {
-                entries: '*'
-              }
-            }
-          }
-        })");
  if (socket_) {
    DCHECK_EQ(state_.state(), TCPSocketState::CONNECTED);
    net_result = socket_->Write(
        write_buffer_.get(), write_buffer_->BytesRemaining(),
        base::BindOnce(&PepperTCPSocketMessageFilter::OnWriteCompleted,
                       base::Unretained(this), context),
-        traffic_annotation);
+        static_cast<net::NetworkTrafficAnnotationTag>(
+            pepper_socket_utils::PepperTCPNetworkAnnotationTag()));
  } else if (ssl_socket_) {
    DCHECK_EQ(state_.state(), TCPSocketState::SSL_CONNECTED);
    net_result = ssl_socket_->Write(
        write_buffer_.get(), write_buffer_->BytesRemaining(),
        base::BindOnce(&PepperTCPSocketMessageFilter::OnWriteCompleted,
                       base::Unretained(this), context),
-        traffic_annotation);
+        static_cast<net::NetworkTrafficAnnotationTag>(
+            pepper_socket_utils::PepperTCPNetworkAnnotationTag()));
  }
  if (net_result != net::ERR_IO_PENDING)
    OnWriteCompleted(context, net_result);

--- a/content/browser/renderer_host/pepper/pepper_udp_socket_message_filter.cc
+++ b/content/browser/renderer_host/pepper/pepper_udp_socket_message_filter.cc
@@ -622,36 +622,12 @@ void PepperUDPSocketMessageFilter::StartPendingSend() {
  DCHECK(!pending_sends_.empty());
  DCHECK(socket_);

-  net::NetworkTrafficAnnotationTag annotation =
-      net::DefineNetworkTrafficAnnotation("pepper_udp_socket_message_filter",
-                                          R"(
-        semantics {
-          sender: "Chrome Plugin UDP Socket API"
-          description:
-            "Chrome plugins can use this API to send and receive data over the "
-            "network using UDP connections."
-          trigger: "A request from a plugin."
-          data: "Any data that the plugin sends."
-          destination: OTHER
-          destination_other:
-            "Data can be sent to any destination."
-        }
-        policy {
-          cookies_allowed: NO
-          setting:
-            "The only remaining plugin is Flash, so disabling it in Content "
-            "settings will prevent all use of UDP sockets by plugins."
-          policy_exception_justification:
-            "There is no single policy related to plugin use of UDP sockets, "
-            "but there are a number of policies that allow disabling plugins."
-        })");
-
  const PendingSend& pending_send = pending_sends_.front();
  // See OnMsgRecvFrom() for the reason why we use base::Unretained(this)
  // when calling |socket_| methods.
  socket_->SendTo(
      net::IPEndPoint(pending_send.address, pending_send.port),
-      pending_send.data, net::MutableNetworkTrafficAnnotationTag(annotation),
+      pending_send.data, pepper_socket_utils::PepperUDPNetworkAnnotationTag(),
      base::BindOnce(&PepperUDPSocketMessageFilter::OnSendToCompleted,
                     base::Unretained(this)));
 }

--- a/tools/traffic_annotation/summary/annotations.xml
+++ b/tools/traffic_annotation/summary/annotations.xml
@@ -176,14 +176,14 @@ Refer to README.md for content description and update process.
 <item id="payment_manifest_downloader" hash_code="84045030" type="0" content_hash_code="19293316" os_list="linux,windows" file_path="components/payments/core/payment_manifest_downloader.cc"/>
 <item id="payments_sync_cards" hash_code="95588446" type="0" content_hash_code="56526513" os_list="linux,windows" file_path="components/autofill/core/browser/payments/payments_client.cc"/>
 <item id="pdf_plugin_placeholder" hash_code="56866367" type="0" content_hash_code="16907221" os_list="linux,windows" file_path="chrome/browser/plugins/pdf_plugin_placeholder_observer.cc"/>
- <item id="pepper_tcp_socket" hash_code="120623198" type="0" content_hash_code="55474823" os_list="linux,windows" file_path="content/browser/renderer_host/pepper/pepper_tcp_socket_message_filter.cc"/>
- <item id="pepper_udp_socket_message_filter" hash_code="19997224" type="0" content_hash_code="62688533" os_list="linux,mac,windows" file_path="content/browser/renderer_host/pepper/pepper_udp_socket_message_filter.cc"/>
+ <item id="pepper_tcp_socket" hash_code="120623198" type="0" content_hash_code="105652563" os_list="linux,windows" file_path="content/browser/renderer_host/pepper/pepper_socket_utils.cc"/>
+ <item id="pepper_udp_socket" hash_code="53512439" type="0" content_hash_code="85431089" os_list="linux,windows" file_path="content/browser/renderer_host/pepper/pepper_socket_utils.cc"/>
 <item id="per_user_topic_registration_request" hash_code="10498172" type="0" content_hash_code="32495619" os_list="linux,windows" file_path="components/invalidation/impl/per_user_topic_registration_request.cc"/>
 <item id="permission_reporting" hash_code="131741641" type="0" deprecated="2018-03-06" content_hash_code="7213535" file_path=""/>
 <item id="permission_request_creator" hash_code="43206794" type="0" content_hash_code="73571699" os_list="linux,windows" file_path="chrome/browser/supervised_user/child_accounts/permission_request_creator_apiary.cc"/>
 <item id="persist_blob_to_indexed_db" hash_code="32030464" type="0" deprecated="2018-08-13" content_hash_code="35410079" file_path=""/>
 <item id="plugins_resource_service" hash_code="49601082" type="0" content_hash_code="6877335" os_list="linux,windows" file_path="chrome/browser/plugins/plugins_resource_service.cc"/>
- <item id="policy_blacklist_service" hash_code="49799644" type="0" content_hash_code="57843386" os_list="linux,mac,windows" file_path="components/policy/content/policy_blacklist_service.cc"/>
+ <item id="policy_blacklist_service" hash_code="49799644" type="0" content_hash_code="57843386" os_list="linux,windows" file_path="components/policy/content/policy_blacklist_service.cc"/>
 <item id="popular_sites_fetch" hash_code="50755044" type="0" content_hash_code="6910083" os_list="linux,windows" file_path="components/ntp_tiles/popular_sites_impl.cc"/>
 <item id="port_forwarding_controller_socket" hash_code="95075845" type="0" content_hash_code="122163428" os_list="linux,windows" file_path="chrome/browser/devtools/device/port_forwarding_controller.cc"/>
 <item id="ppapi_download_request" hash_code="135967426" type="0" content_hash_code="110461402" os_list="linux,windows" file_path="chrome/browser/safe_browsing/download_protection/ppapi_download_request.cc"/>