Return original profile's advanced protection status for incognito

The incognito mode profile should be aware of the user's advanced
protection status (from original profile) if the user signs into
Chrome.

Bug: 887754
Change-Id: Ic4dec677f9adf1464b8c7398934f2d10cb62323b
Reviewed-on: https://chromium-review.googlesource.com/1247001Reviewed-by: Daniel Rubery <drubery@chromium.org>
Commit-Queue: Jialiu Lin <jialiul@chromium.org>
Cr-Commit-Position: refs/heads/master@{#595177}

chrome/browser/safe_browsing/advanced_protection_status_manager.cc

@@ -239,13 +239,14 @@ void AdvancedProtectionStatusManager::UpdateLastRefreshTime() {
 // static
 bool AdvancedProtectionStatusManager::IsUnderAdvancedProtection(
     Profile* profile) {
-  // Advanced protection is off for incognito mode.
-  if (profile->IsOffTheRecord())
-    return false;
-
-  return AdvancedProtectionStatusManagerFactory::GetInstance()
-      ->GetForBrowserContext(static_cast<content::BrowserContext*>(profile))
-      ->is_under_advanced_protection();
+  Profile* original_profile =
+      profile->IsOffTheRecord() ? profile->GetOriginalProfile() : profile;
+
+  return original_profile &&
+         AdvancedProtectionStatusManagerFactory::GetInstance()
+             ->GetForBrowserContext(
+                 static_cast<content::BrowserContext*>(original_profile))
+             ->is_under_advanced_protection();
 }
 
 bool AdvancedProtectionStatusManager::IsPrimaryAccount(

chrome/browser/safe_browsing/advanced_protection_status_manager.h

@@ -17,8 +17,10 @@ namespace safe_browsing {
 
 // Responsible for keeping track of advanced protection status of the sign-in
 // profile.
-// Note that for profile that is not signed-in or is in incognito mode, we
-// consider it NOT under advanced protection.
+// Note that for profile that is not signed-in, we consider it NOT under
+// advanced protection.
+// For incognito profile Chrome returns users' advanced protection status
+// of its original profile.
 class AdvancedProtectionStatusManager : public KeyedService,
                                         public AccountTrackerService::Observer,
                                         public SigninManagerBase::Observer {

chrome/browser/safe_browsing/advanced_protection_status_manager_factory.cc

@@ -51,9 +51,4 @@ bool AdvancedProtectionStatusManagerFactory::
   return true;
 }
 
-bool AdvancedProtectionStatusManagerFactory::ServiceIsNULLWhileTesting() const {
-  // TODO(jialiul): Change this to 'false' when this class is wired into Chrome.
-  return true;
-}
-
 }  // namespace safe_browsing

chrome/browser/safe_browsing/advanced_protection_status_manager_factory.h

@@ -36,7 +36,6 @@ class AdvancedProtectionStatusManagerFactory
   KeyedService* BuildServiceInstanceFor(
       content::BrowserContext* context) const override;
   bool ServiceIsCreatedWithBrowserContext() const override;
-  bool ServiceIsNULLWhileTesting() const override;
 
   DISALLOW_COPY_AND_ASSIGN(AdvancedProtectionStatusManagerFactory);
 };

chrome/browser/safe_browsing/advanced_protection_status_manager_unittest.cc

@@ -225,8 +225,8 @@ TEST_F(AdvancedProtectionStatusManagerTest, AlreadySignedInAndUnderAP) {
       prefs::kAdvancedProtectionLastRefreshInUs,
       base::Time::Now().ToDeltaSinceWindowsEpoch().InMicroseconds());
 
-  // Simulates the situation where user signed in long time ago, thus
-  // has no advanced protection status.
+  // Simulates the situation where the user has already signed in and is
+  // under advanced protection.
   std::string account_id =
       SignIn("gaia_id", "email", /* is_under_advanced_protection = */ true);
   AdvancedProtectionStatusManager aps_manager(
@@ -241,6 +241,44 @@ TEST_F(AdvancedProtectionStatusManagerTest, AlreadySignedInAndUnderAP) {
   aps_manager.UnsubscribeFromSigninEvents();
 }
 
+TEST_F(AdvancedProtectionStatusManagerTest,
+       AlreadySignedInAndUnderAPIncognito) {
+  testing_profile_->GetPrefs()->SetInt64(
+      prefs::kAdvancedProtectionLastRefreshInUs,
+      base::Time::Now().ToDeltaSinceWindowsEpoch().InMicroseconds());
+
+  // Simulates the situation where the user has already signed in and is
+  // under advanced protection.
+  std::string account_id =
+      SignIn("gaia_id", "email", /* is_under_advanced_protection = */ true);
+
+  // Incognito profile should share the advanced protection status with the
+  // original profile.
+  EXPECT_TRUE(AdvancedProtectionStatusManager::IsUnderAdvancedProtection(
+      testing_profile_->GetOffTheRecordProfile()));
+  EXPECT_TRUE(AdvancedProtectionStatusManager::IsUnderAdvancedProtection(
+      testing_profile_.get()));
+}
+
+TEST_F(AdvancedProtectionStatusManagerTest,
+       AlreadySignedInAndNotUnderAPIncognito) {
+  testing_profile_->GetPrefs()->SetInt64(
+      prefs::kAdvancedProtectionLastRefreshInUs,
+      base::Time::Now().ToDeltaSinceWindowsEpoch().InMicroseconds());
+
+  // Simulates the situation where the user has already signed in and is
+  // NOT under advanced protection.
+  std::string account_id =
+      SignIn("gaia_id", "email", /* is_under_advanced_protection = */ false);
+
+  // Incognito profile should share the advanced protection status with the
+  // original profile.
+  EXPECT_FALSE(AdvancedProtectionStatusManager::IsUnderAdvancedProtection(
+      testing_profile_->GetOffTheRecordProfile()));
+  EXPECT_FALSE(AdvancedProtectionStatusManager::IsUnderAdvancedProtection(
+      testing_profile_.get()));
+}
+
 TEST_F(AdvancedProtectionStatusManagerTest, StayInAdvancedProtection) {
   base::Time last_update = base::Time::Now();
   testing_profile_->GetPrefs()->SetInt64(