DLP: Track confidentiality of WebContents.

DlpContentTabHelper is being attached to WebContents and tracks all the
frames inside and visibility of WebContents.
This information is reported to DlpContentManager that collects it from
all WebContents and tracks whether any of confidential data is currently
visible.

Bug: 1104884
Test: Unit tests added.

Change-Id: I02ae3d1bec7485569592e7fa746f6e6c06c991d6
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2288104
Commit-Queue: Sergey Poromov <poromov@chromium.org>
Reviewed-by: Scott Violet <sky@chromium.org>
Reviewed-by: Nikita Podguzov <nikitapodguzov@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#793671}

chrome/browser/chromeos/BUILD.gn

@@ -1990,6 +1990,10 @@ source_set("chromeos") {
     "policy/display_rotation_default_handler.h",
     "policy/display_settings_handler.cc",
     "policy/display_settings_handler.h",
+    "policy/dlp/dlp_content_manager.cc",
+    "policy/dlp/dlp_content_manager.h",
+    "policy/dlp/dlp_content_tab_helper.cc",
+    "policy/dlp/dlp_content_tab_helper.h",
     "policy/dlp/enterprise_clipboard_dlp_controller.cc",
     "policy/dlp/enterprise_clipboard_dlp_controller.h",
     "policy/dm_token_storage.cc",
@@ -3279,6 +3283,8 @@ source_set("unit_tests") {
     "policy/device_dock_mac_address_source_handler_unittest.cc",
     "policy/device_local_account_policy_service_unittest.cc",
     "policy/device_policy_decoder_chromeos_unittest.cc",
+    "policy/dlp/dlp_content_manager_unittest.cc",
+    "policy/dlp/dlp_content_tab_helper_unittest.cc",
     "policy/dm_token_storage_unittest.cc",
     "policy/extension_cache_unittest.cc",
     "policy/extension_install_event_log_collector_unittest.cc",

chrome/browser/chromeos/policy/dlp/dlp_content_manager.cc

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/chromeos/policy/dlp/dlp_content_manager.h"
+
+#include "base/stl_util.h"
+#include "content/public/browser/visibility.h"
+#include "content/public/browser/web_contents.h"
+#include "url/gurl.h"
+
+namespace policy {
+
+static DlpContentManager* g_dlp_content_manager = nullptr;
+
+// static
+DlpContentManager* DlpContentManager::Get() {
+  if (!g_dlp_content_manager)
+    g_dlp_content_manager = new DlpContentManager();
+  return g_dlp_content_manager;
+}
+
+bool DlpContentManager::IsWebContentsConfidential(
+    const content::WebContents* web_contents) const {
+  return base::Contains(confidential_web_contents_, web_contents);
+}
+
+bool DlpContentManager::IsConfidentialDataPresentOnScreen() const {
+  return is_confidential_web_contents_visible_;
+}
+
+/* static */
+void DlpContentManager::SetDlpContentManagerForTesting(
+    DlpContentManager* dlp_content_manager) {
+  if (g_dlp_content_manager)
+    delete g_dlp_content_manager;
+  g_dlp_content_manager = dlp_content_manager;
+}
+
+/* static */
+void DlpContentManager::ResetDlpContentManagerForTesting() {
+  g_dlp_content_manager = nullptr;
+}
+
+DlpContentManager::DlpContentManager() = default;
+
+DlpContentManager::~DlpContentManager() = default;
+
+void DlpContentManager::OnConfidentialityChanged(
+    content::WebContents* web_contents,
+    bool confidential) {
+  if (confidential) {
+    AddToConfidential(web_contents);
+  } else {
+    RemoveFromConfidential(web_contents);
+  }
+}
+
+void DlpContentManager::OnWebContentsDestroyed(
+    const content::WebContents* web_contents) {
+  RemoveFromConfidential(web_contents);
+}
+
+bool DlpContentManager::IsURLConfidential(const GURL& url) const {
+  // TODO(crbug/1109783): Implement based on the policy.
+  return false;
+}
+
+void DlpContentManager::OnVisibilityChanged(content::WebContents* web_contents,
+                                            bool visible) {
+  MaybeChangeVisibilityFlag();
+}
+
+void DlpContentManager::AddToConfidential(content::WebContents* web_contents) {
+  confidential_web_contents_.insert(web_contents);
+  if (web_contents->GetVisibility() == content::Visibility::VISIBLE) {
+    MaybeChangeVisibilityFlag();
+  }
+}
+
+void DlpContentManager::RemoveFromConfidential(
+    const content::WebContents* web_contents) {
+  confidential_web_contents_.erase(web_contents);
+  MaybeChangeVisibilityFlag();
+}
+
+void DlpContentManager::MaybeChangeVisibilityFlag() {
+  bool is_confidential_web_contents_currently_visible = false;
+  for (auto* web_contents : confidential_web_contents_) {
+    if (web_contents->GetVisibility() == content::Visibility::VISIBLE) {
+      is_confidential_web_contents_currently_visible = true;
+      break;
+    }
+  }
+  if (is_confidential_web_contents_visible_ !=
+      is_confidential_web_contents_currently_visible) {
+    is_confidential_web_contents_visible_ =
+        is_confidential_web_contents_currently_visible;
+    OnScreenConfidentialityStateChanged(is_confidential_web_contents_visible_);
+  }
+}
+
+void DlpContentManager::OnScreenConfidentialityStateChanged(bool visible) {
+  // TODO(crbug/1105991): Implement enforcing/releasing of restrictions.
+}
+
+}  // namespace policy

chrome/browser/chromeos/policy/dlp/dlp_content_manager.h

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_CHROMEOS_POLICY_DLP_DLP_CONTENT_MANAGER_H_
+#define CHROME_BROWSER_CHROMEOS_POLICY_DLP_DLP_CONTENT_MANAGER_H_
+
+#include "base/containers/flat_set.h"
+
+class GURL;
+
+namespace content {
+class WebContents;
+}  // namespace content
+
+namespace policy {
+
+// System-wide class that tracks the set of currently known confidential
+// WebContents and whether any of them are currently visible.
+// If any confidential WebContents is visible, the corresponding restrictions
+// will be enforced according to the current enterprise policy.
+class DlpContentManager {
+ public:
+  // Creates the instance if not yet created.
+  // There will always be a single instance created on the first access.
+  static DlpContentManager* Get();
+
+  // Checks whether |web_contents| is confidential according to the policy.
+  bool IsWebContentsConfidential(
+      const content::WebContents* web_contents) const;
+
+  // Returns whether any WebContents with a confidential content is currently
+  // visible.
+  bool IsConfidentialDataPresentOnScreen() const;
+
+  // The caller (test) should manage |dlp_content_manager| lifetime.
+  // Reset doesn't delete the object.
+  static void SetDlpContentManagerForTesting(
+      DlpContentManager* dlp_content_manager);
+  static void ResetDlpContentManagerForTesting();
+
+ private:
+  friend class DlpContentManagerTest;
+  friend class DlpContentTabHelper;
+  friend class MockDlpContentManager;
+
+  DlpContentManager();
+  virtual ~DlpContentManager();
+  DlpContentManager(const DlpContentManager&) = delete;
+  DlpContentManager& operator=(const DlpContentManager&) = delete;
+
+  // Called from DlpContentTabHelper:
+  // Being called when confidentiality state changes for |web_contents|, e.g.
+  // because of navigation.
+  virtual void OnConfidentialityChanged(content::WebContents* web_contents,
+                                        bool confidential);
+  // Called when |web_contents| is about to be destroyed.
+  virtual void OnWebContentsDestroyed(const content::WebContents* web_contents);
+  // Should return whether |url| is considered as confidential according to
+  // the policies.
+  virtual bool IsURLConfidential(const GURL& url) const;
+  // Called when |web_contents| becomes visible or not.
+  virtual void OnVisibilityChanged(content::WebContents* web_contents,
+                                   bool visible);
+
+  // Helpers to add/remove WebContents from confidential sets.
+  void AddToConfidential(content::WebContents* web_contents);
+  void RemoveFromConfidential(const content::WebContents* web_contents);
+
+  // Updates |is_confidential_web_contents_visible_| and calls
+  // OnScreenConfidentialityStateChanged() if needed.
+  void MaybeChangeVisibilityFlag();
+
+  // Called when a confidential content becomes visible or all confidential
+  // content becomes not visible.
+  void OnScreenConfidentialityStateChanged(bool visible);
+
+  // Set of currently known confidential WebContents.
+  base::flat_set<content::WebContents*> confidential_web_contents_;
+  // Flag the indicates whether any confidential WebContents is currently
+  // visible or not.
+  bool is_confidential_web_contents_visible_ = false;
+};
+
+}  // namespace policy
+
+#endif  // CHROME_BROWSER_CHROMEOS_POLICY_DLP_DLP_CONTENT_MANAGER_H_

chrome/browser/chromeos/policy/dlp/dlp_content_manager_unittest.cc

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/chromeos/policy/dlp/dlp_content_manager.h"
+
+#include "chrome/test/base/testing_profile.h"
+#include "content/public/test/browser_task_environment.h"
+#include "content/public/test/test_renderer_host.h"
+#include "content/public/test/web_contents_tester.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace policy {
+
+class DlpContentManagerTest : public testing::Test {
+ protected:
+  void SetUp() override {
+    testing::Test::SetUp();
+
+    profile_ = std::make_unique<TestingProfile>();
+  }
+
+  std::unique_ptr<content::WebContents> CreateWebContents() {
+    return content::WebContentsTester::CreateTestWebContents(profile_.get(),
+                                                             nullptr);
+  }
+
+  void ChangeConfidentiality(content::WebContents* web_contents,
+                             bool confidential) {
+    manager_.OnConfidentialityChanged(web_contents, confidential);
+  }
+
+  void ChangeVisibility(content::WebContents* web_contents, bool visible) {
+    if (visible) {
+      web_contents->WasShown();
+    } else {
+      web_contents->WasHidden();
+    }
+    manager_.OnVisibilityChanged(web_contents, visible);
+  }
+
+  void DestroyWebContents(content::WebContents* web_contents) {
+    manager_.OnWebContentsDestroyed(web_contents);
+  }
+
+  DlpContentManager manager_;
+
+ private:
+  content::BrowserTaskEnvironment task_environment_;
+  content::RenderViewHostTestEnabler rvh_test_enabler_;
+  std::unique_ptr<TestingProfile> profile_;
+};
+
+TEST_F(DlpContentManagerTest, NoConfidentialDataShown) {
+  std::unique_ptr<content::WebContents> web_contents = CreateWebContents();
+  EXPECT_FALSE(manager_.IsWebContentsConfidential(web_contents.get()));
+  EXPECT_FALSE(manager_.IsConfidentialDataPresentOnScreen());
+}
+
+TEST_F(DlpContentManagerTest, ConfidentialDataShown) {
+  std::unique_ptr<content::WebContents> web_contents = CreateWebContents();
+  EXPECT_FALSE(manager_.IsWebContentsConfidential(web_contents.get()));
+  EXPECT_FALSE(manager_.IsConfidentialDataPresentOnScreen());
+
+  ChangeConfidentiality(web_contents.get(), /*confidential=*/true);
+  EXPECT_TRUE(manager_.IsWebContentsConfidential(web_contents.get()));
+  EXPECT_TRUE(manager_.IsConfidentialDataPresentOnScreen());
+
+  DestroyWebContents(web_contents.get());
+  EXPECT_FALSE(manager_.IsWebContentsConfidential(web_contents.get()));
+  EXPECT_FALSE(manager_.IsConfidentialDataPresentOnScreen());
+}
+
+TEST_F(DlpContentManagerTest, ConfidentialDataVisibilityChanged) {
+  std::unique_ptr<content::WebContents> web_contents = CreateWebContents();
+  EXPECT_FALSE(manager_.IsWebContentsConfidential(web_contents.get()));
+  EXPECT_FALSE(manager_.IsConfidentialDataPresentOnScreen());
+
+  ChangeConfidentiality(web_contents.get(), /*confidential=*/true);
+  EXPECT_TRUE(manager_.IsWebContentsConfidential(web_contents.get()));
+  EXPECT_TRUE(manager_.IsConfidentialDataPresentOnScreen());
+
+  ChangeVisibility(web_contents.get(), /*visible=*/false);
+  EXPECT_TRUE(manager_.IsWebContentsConfidential(web_contents.get()));
+  EXPECT_FALSE(manager_.IsConfidentialDataPresentOnScreen());
+
+  ChangeVisibility(web_contents.get(), /*visible=*/true);
+  EXPECT_TRUE(manager_.IsWebContentsConfidential(web_contents.get()));
+  EXPECT_TRUE(manager_.IsConfidentialDataPresentOnScreen());
+
+  DestroyWebContents(web_contents.get());
+  EXPECT_FALSE(manager_.IsWebContentsConfidential(web_contents.get()));
+  EXPECT_FALSE(manager_.IsConfidentialDataPresentOnScreen());
+}
+
+TEST_F(DlpContentManagerTest,
+       TwoWebContentsVisibilityAndConfidentialityChanged) {
+  std::unique_ptr<content::WebContents> web_contents1 = CreateWebContents();
+  std::unique_ptr<content::WebContents> web_contents2 = CreateWebContents();
+  EXPECT_FALSE(manager_.IsWebContentsConfidential(web_contents1.get()));
+  EXPECT_FALSE(manager_.IsWebContentsConfidential(web_contents2.get()));
+  EXPECT_FALSE(manager_.IsConfidentialDataPresentOnScreen());
+
+  // WebContents 1 becomes confidential.
+  ChangeConfidentiality(web_contents1.get(), /*confidential=*/true);
+  EXPECT_TRUE(manager_.IsWebContentsConfidential(web_contents1.get()));
+  EXPECT_FALSE(manager_.IsWebContentsConfidential(web_contents2.get()));
+  EXPECT_TRUE(manager_.IsConfidentialDataPresentOnScreen());
+
+  // WebContents 2 is hidden.
+  ChangeVisibility(web_contents2.get(), /*visible=*/false);
+  EXPECT_TRUE(manager_.IsWebContentsConfidential(web_contents1.get()));
+  EXPECT_FALSE(manager_.IsWebContentsConfidential(web_contents2.get()));
+  EXPECT_TRUE(manager_.IsConfidentialDataPresentOnScreen());
+
+  // WebContents 1 becomes non-confidential.
+  ChangeConfidentiality(web_contents1.get(), /*confidential=*/false);
+  EXPECT_FALSE(manager_.IsWebContentsConfidential(web_contents1.get()));
+  EXPECT_FALSE(manager_.IsWebContentsConfidential(web_contents2.get()));
+  EXPECT_FALSE(manager_.IsConfidentialDataPresentOnScreen());
+
+  // WebContents 2 becomes confidential.
+  ChangeConfidentiality(web_contents2.get(), /*confidential=*/true);
+  EXPECT_FALSE(manager_.IsWebContentsConfidential(web_contents1.get()));
+  EXPECT_TRUE(manager_.IsWebContentsConfidential(web_contents2.get()));
+  EXPECT_FALSE(manager_.IsConfidentialDataPresentOnScreen());
+
+  // WebContents 2 is visible.
+  ChangeVisibility(web_contents2.get(), /*visible=*/true);
+  EXPECT_FALSE(manager_.IsWebContentsConfidential(web_contents1.get()));
+  EXPECT_TRUE(manager_.IsWebContentsConfidential(web_contents2.get()));
+  EXPECT_TRUE(manager_.IsConfidentialDataPresentOnScreen());
+
+  DestroyWebContents(web_contents1.get());
+  DestroyWebContents(web_contents2.get());
+  EXPECT_FALSE(manager_.IsWebContentsConfidential(web_contents1.get()));
+  EXPECT_FALSE(manager_.IsWebContentsConfidential(web_contents2.get()));
+  EXPECT_FALSE(manager_.IsConfidentialDataPresentOnScreen());
+}
+
+}  // namespace policy

chrome/browser/chromeos/policy/dlp/dlp_content_tab_helper.cc

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/chromeos/policy/dlp/dlp_content_tab_helper.h"
+
+#include "chrome/browser/chromeos/policy/dlp/dlp_content_manager.h"
+#include "content/public/browser/navigation_handle.h"
+#include "content/public/browser/render_frame_host.h"
+#include "content/public/browser/web_contents.h"
+#include "url/gurl.h"
+
+namespace policy {
+
+DlpContentTabHelper::~DlpContentTabHelper() = default;
+
+void DlpContentTabHelper::RenderFrameCreated(
+    content::RenderFrameHost* render_frame_host) {
+  if (DlpContentManager::Get()->IsURLConfidential(
+          render_frame_host->GetLastCommittedURL())) {
+    const bool inserted = confidential_frames_.insert(render_frame_host).second;
+    if (inserted && confidential_frames_.size() == 1) {
+      DlpContentManager::Get()->OnConfidentialityChanged(web_contents(),
+                                                         /*confidential=*/true);
+    }
+  }
+}
+
+void DlpContentTabHelper::RenderFrameDeleted(
+    content::RenderFrameHost* render_frame_host) {
+  const bool erased = confidential_frames_.erase(render_frame_host);
+  if (erased && confidential_frames_.empty())
+    DlpContentManager::Get()->OnConfidentialityChanged(web_contents(),
+                                                       /*confidential=*/false);
+}
+
+void DlpContentTabHelper::DidFinishNavigation(
+    content::NavigationHandle* navigation_handle) {
+  if (!navigation_handle->HasCommitted() || navigation_handle->IsErrorPage())
+    return;
+  if (DlpContentManager::Get()->IsURLConfidential(
+          navigation_handle->GetURL())) {
+    const bool inserted =
+        confidential_frames_.insert(navigation_handle->GetRenderFrameHost())
+            .second;
+    if (inserted && confidential_frames_.size() == 1) {
+      DlpContentManager::Get()->OnConfidentialityChanged(web_contents(),
+                                                         /*confidential=*/true);
+    }
+  } else {
+    const bool erased =
+        confidential_frames_.erase(navigation_handle->GetRenderFrameHost());
+    if (erased && confidential_frames_.empty())
+      DlpContentManager::Get()->OnConfidentialityChanged(
+          web_contents(),
+          /*confidential=*/false);
+  }
+}
+
+void DlpContentTabHelper::WebContentsDestroyed() {
+  DlpContentManager::Get()->OnWebContentsDestroyed(web_contents());
+}
+
+void DlpContentTabHelper::OnVisibilityChanged(content::Visibility visibility) {
+  // DlpContentManager tracks visibility only for confidential WebContents.
+  if (!IsConfidential())
+    return;
+  DlpContentManager::Get()->OnVisibilityChanged(
+      web_contents(), visibility == content::Visibility::VISIBLE);
+}
+
+DlpContentTabHelper::DlpContentTabHelper(content::WebContents* web_contents)
+    : content::WebContentsObserver(web_contents) {}
+
+bool DlpContentTabHelper::IsConfidential() const {
+  return !confidential_frames_.empty();
+}
+
+WEB_CONTENTS_USER_DATA_KEY_IMPL(DlpContentTabHelper)
+
+}  // namespace policy

chrome/browser/chromeos/policy/dlp/dlp_content_tab_helper.h

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_CHROMEOS_POLICY_DLP_DLP_CONTENT_TAB_HELPER_H_
+#define CHROME_BROWSER_CHROMEOS_POLICY_DLP_DLP_CONTENT_TAB_HELPER_H_
+
+#include "base/containers/flat_set.h"
+#include "content/public/browser/visibility.h"
+#include "content/public/browser/web_contents_observer.h"
+#include "content/public/browser/web_contents_user_data.h"
+
+namespace content {
+class NavigationHandle;
+class RenderFrameHost;
+class WebContents;
+}  // namespace content
+
+namespace policy {
+
+// DlpContentTabHelper attaches to relevant WebContents that are covered by
+// DLP (Data Leak Prevention) feature and observes navigation in all sub-frames
+// as well as visibility of the WebContents and reports it to system-wide
+// DlpContentManager.
+// WebContents is considered as confidential if either the main frame or any
+// of sub-frames are confidential according to the current policy.
+class DlpContentTabHelper
+    : public content::WebContentsUserData<DlpContentTabHelper>,
+      public content::WebContentsObserver {
+ public:
+  ~DlpContentTabHelper() override;
+
+  // content::WebContentsObserver:
+  void RenderFrameCreated(content::RenderFrameHost* render_frame_host) override;
+  void RenderFrameDeleted(content::RenderFrameHost* render_frame_host) override;
+  void DidFinishNavigation(
+      content::NavigationHandle* navigation_handle) override;
+  void WebContentsDestroyed() override;
+  void OnVisibilityChanged(content::Visibility visibility) override;
+
+ private:
+  friend class content::WebContentsUserData<DlpContentTabHelper>;
+
+  explicit DlpContentTabHelper(content::WebContents* web_contents);
+  DlpContentTabHelper(const DlpContentTabHelper&) = delete;
+  DlpContentTabHelper& operator=(const DlpContentTabHelper&) = delete;
+
+  // WebContents is considered as confidential if either the main frame or any
+  // of sub-frames are confidential.
+  bool IsConfidential() const;
+
+  // Set of the currently known confidential frames.
+  base::flat_set<content::RenderFrameHost*> confidential_frames_;
+
+  WEB_CONTENTS_USER_DATA_KEY_DECL();
+};
+
+}  // namespace policy
+
+#endif  // CHROME_BROWSER_CHROMEOS_POLICY_DLP_DLP_CONTENT_TAB_HELPER_H_

chrome/browser/chromeos/policy/dlp/dlp_content_tab_helper_unittest.cc

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/chromeos/policy/dlp/dlp_content_tab_helper.h"
+
+#include "chrome/browser/chromeos/policy/dlp/dlp_content_manager.h"
+#include "chrome/browser/ui/browser.h"
+#include "chrome/browser/ui/tabs/tab_activity_simulator.h"
+#include "chrome/test/base/chrome_render_view_host_test_harness.h"
+#include "chrome/test/base/test_browser_window.h"
+#include "content/public/browser/render_frame_host.h"
+#include "content/public/test/navigation_simulator.h"
+#include "testing/gmock/include/gmock/gmock.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace policy {
+
+using testing::_;
+using testing::Return;
+
+class MockDlpContentManager : public DlpContentManager {
+ public:
+  MOCK_METHOD2(OnConfidentialityChanged, void(content::WebContents*, bool));
+  MOCK_METHOD1(OnWebContentsDestroyed, void(const content::WebContents*));
+  MOCK_CONST_METHOD1(IsURLConfidential, bool(const GURL&));
+  MOCK_METHOD2(OnVisibilityChanged, void(content::WebContents*, bool));
+};
+
+class DlpContentTabHelperTest : public ChromeRenderViewHostTestHarness {
+ protected:
+  void SetUp() override {
+    ChromeRenderViewHostTestHarness::SetUp();
+
+    DlpContentManager::SetDlpContentManagerForTesting(
+        &mock_dlp_content_manager_);
+
+    // Initialize browser.
+    params_ = std::make_unique<Browser::CreateParams>(profile(),
+                                                      /*user_gesture=*/true);
+    browser_ = CreateBrowserWithTestWindowForParams(params_.get());
+    tab_strip_model_ = browser_->tab_strip_model();
+  }
+
+  void TearDown() override {
+    tab_strip_model_->CloseAllTabs();
+    browser_.reset();
+    params_.reset();
+
+    DlpContentManager::ResetDlpContentManagerForTesting();
+
+    ChromeRenderViewHostTestHarness::TearDown();
+  }
+
+  MockDlpContentManager mock_dlp_content_manager_;
+  TabActivitySimulator tab_activity_simulator_;
+  TabStripModel* tab_strip_model_;
+  std::unique_ptr<Browser::CreateParams> params_;
+  std::unique_ptr<Browser> browser_;
+};
+
+TEST_F(DlpContentTabHelperTest, SingleNotConfidentialWebContents) {
+  GURL kUrl = GURL("https://example.com");
+  EXPECT_CALL(mock_dlp_content_manager_, IsURLConfidential(GURL()))
+      .Times(1)
+      .WillOnce(Return(false));
+  EXPECT_CALL(mock_dlp_content_manager_, IsURLConfidential(kUrl))
+      .Times(1)
+      .WillOnce(Return(false));
+  EXPECT_CALL(mock_dlp_content_manager_, OnConfidentialityChanged(_, _))
+      .Times(0);
+  EXPECT_CALL(mock_dlp_content_manager_, OnVisibilityChanged(_, _)).Times(0);
+
+  content::WebContents* web_contents =
+      tab_activity_simulator_.AddWebContentsAndNavigate(tab_strip_model_, kUrl);
+  EXPECT_NE(nullptr, DlpContentTabHelper::FromWebContents(web_contents));
+
+  EXPECT_CALL(mock_dlp_content_manager_, OnWebContentsDestroyed(_)).Times(1);
+}
+
+TEST_F(DlpContentTabHelperTest, SingleConfidentialWebContents) {
+  GURL kUrl = GURL("https://example.com");
+  EXPECT_CALL(mock_dlp_content_manager_, IsURLConfidential(GURL()))
+      .Times(1)
+      .WillOnce(Return(false));
+  EXPECT_CALL(mock_dlp_content_manager_, IsURLConfidential(kUrl))
+      .Times(1)
+      .WillOnce(Return(true));
+  EXPECT_CALL(mock_dlp_content_manager_, OnConfidentialityChanged(_, true))
+      .Times(1);
+  EXPECT_CALL(mock_dlp_content_manager_, OnVisibilityChanged(_, _)).Times(0);
+
+  content::WebContents* web_contents =
+      tab_activity_simulator_.AddWebContentsAndNavigate(tab_strip_model_, kUrl);
+  EXPECT_NE(nullptr, DlpContentTabHelper::FromWebContents(web_contents));
+
+  EXPECT_CALL(mock_dlp_content_manager_, OnConfidentialityChanged(_, false))
+      .Times(1);
+  EXPECT_CALL(mock_dlp_content_manager_, OnWebContentsDestroyed(_)).Times(1);
+}
+
+TEST_F(DlpContentTabHelperTest, TwoWebContentsVisibilityChanged) {
+  GURL kUrl1 = GURL("https://example1.com");
+  GURL kUrl2 = GURL("https://example2.com");
+  EXPECT_CALL(mock_dlp_content_manager_, IsURLConfidential(GURL()))
+      .WillRepeatedly(Return(false));
+  EXPECT_CALL(mock_dlp_content_manager_, IsURLConfidential(kUrl1))
+      .Times(1)
+      .WillOnce(Return(true));
+  EXPECT_CALL(mock_dlp_content_manager_, IsURLConfidential(kUrl2))
+      .Times(1)
+      .WillOnce(Return(false));
+  EXPECT_CALL(mock_dlp_content_manager_, OnConfidentialityChanged(_, true))
+      .Times(1);
+  EXPECT_CALL(mock_dlp_content_manager_, OnVisibilityChanged(_, _)).Times(0);
+
+  content::WebContents* web_contents1 =
+      tab_activity_simulator_.AddWebContentsAndNavigate(tab_strip_model_,
+                                                        kUrl1);
+  content::WebContents* web_contents2 =
+      tab_activity_simulator_.AddWebContentsAndNavigate(tab_strip_model_,
+                                                        kUrl2);
+  EXPECT_NE(nullptr, DlpContentTabHelper::FromWebContents(web_contents1));
+  EXPECT_NE(nullptr, DlpContentTabHelper::FromWebContents(web_contents2));
+  EXPECT_CALL(mock_dlp_content_manager_, OnVisibilityChanged(_, false))
+      .Times(1);
+
+  tab_activity_simulator_.SwitchToTabAt(tab_strip_model_, 1);
+
+  EXPECT_CALL(mock_dlp_content_manager_, OnVisibilityChanged(_, true)).Times(1);
+
+  tab_activity_simulator_.SwitchToTabAt(tab_strip_model_, 0);
+
+  EXPECT_CALL(mock_dlp_content_manager_, OnConfidentialityChanged(_, false))
+      .Times(1);
+  EXPECT_CALL(mock_dlp_content_manager_, OnWebContentsDestroyed(_)).Times(2);
+}
+
+TEST_F(DlpContentTabHelperTest, SubFrameNavigation) {
+  GURL kNonConfidentialUrl = GURL("https://example.com");
+  GURL kConfidentialUrl = GURL("https://google.com");
+  EXPECT_CALL(mock_dlp_content_manager_, IsURLConfidential(GURL()))
+      .WillRepeatedly(Return(false));
+  EXPECT_CALL(mock_dlp_content_manager_, IsURLConfidential(kNonConfidentialUrl))
+      .WillRepeatedly(Return(false));
+  EXPECT_CALL(mock_dlp_content_manager_, IsURLConfidential(kConfidentialUrl))
+      .WillRepeatedly(Return(true));
+  EXPECT_CALL(mock_dlp_content_manager_, OnConfidentialityChanged(_, _))
+      .Times(0);
+  EXPECT_CALL(mock_dlp_content_manager_, OnVisibilityChanged(_, _)).Times(0);
+
+  // Create WebContents.
+  content::WebContents* web_contents =
+      tab_activity_simulator_.AddWebContentsAndNavigate(tab_strip_model_,
+                                                        kNonConfidentialUrl);
+  EXPECT_NE(nullptr, DlpContentTabHelper::FromWebContents(web_contents));
+
+  // Add subframe and navigate to confidential URL.
+  EXPECT_CALL(mock_dlp_content_manager_, OnConfidentialityChanged(_, true))
+      .Times(1);
+  content::RenderFrameHost* subframe =
+      content::NavigationSimulator::NavigateAndCommitFromDocument(
+          kConfidentialUrl,
+          content::RenderFrameHostTester::For(web_contents->GetMainFrame())
+              ->AppendChild("child"));
+
+  // Navigate away from confidential URL.
+  EXPECT_CALL(mock_dlp_content_manager_, OnConfidentialityChanged(_, false))
+      .Times(1);
+  content::NavigationSimulator::NavigateAndCommitFromDocument(
+      kNonConfidentialUrl, subframe);
+
+  EXPECT_CALL(mock_dlp_content_manager_, OnWebContentsDestroyed(_)).Times(1);
+}
+
+}  // namespace policy

chrome/browser/ui/tab_helpers.cc

@@ -139,6 +139,7 @@
 
 #if defined(OS_CHROMEOS)
 #include "chrome/browser/chromeos/child_accounts/time_limits/web_time_navigation_observer.h"
+#include "chrome/browser/chromeos/policy/dlp/dlp_content_tab_helper.h"
 #include "chrome/browser/ui/app_list/search/cros_action_history/cros_action_recorder_tab_tracker.h"
 #endif
 
@@ -374,6 +375,7 @@ void TabHelpers::AttachTabHelpers(WebContents* web_contents) {
   app_list::CrOSActionRecorderTabTracker::CreateForWebContents(web_contents);
   chromeos::app_time::WebTimeNavigationObserver::MaybeCreateForWebContents(
       web_contents);
+  policy::DlpContentTabHelper::CreateForWebContents(web_contents);
 #endif
 
 #if defined(OS_WIN) || defined(OS_MAC) || \