Update network annotations in BinaryUploadService

Bug: 1128574 Change-Id: I324ded6e3bbf92a136ede7021b18ad0a0847241b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2414914 Commit-Queue: Dominique Fauteux-Chapleau <domfc@chromium.org> Reviewed-by: Nicolas Ouellet-Payeur <nicolaso@chromium.org> Reviewed-by: Daniel Rubery <drubery@chromium.org> Cr-Commit-Position: refs/heads/master@{#808060}

Update network annotations in BinaryUploadService
Bug: 1128574 Change-Id: I324ded6e3bbf92a136ede7021b18ad0a0847241b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2414914 Commit-Queue: Dominique Fauteux-Chapleau <domfc@chromium.org> Reviewed-by: Nicolas Ouellet-Payeur <nicolaso@chromium.org> Reviewed-by: Daniel Rubery <drubery@chromium.org> Cr-Commit-Position: refs/heads/master@{#808060}
ffcdd9ca · Dominique Fauteux-Chapleau · Commit Bot · d7471376 · ffcdd9ca · ffcdd9ca
Commit ffcdd9ca authored Sep 17, 2020 by Dominique Fauteux-Chapleau Committed by Commit Bot Sep 17, 2020
3 changed files
--- a/chrome/browser/safe_browsing/cloud_content_scanning/binary_upload_service.cc
+++ b/chrome/browser/safe_browsing/cloud_content_scanning/binary_upload_service.cc
@@ -106,6 +106,73 @@ base::Optional<GURL> GetUrlOverride() {
  return base::nullopt;
 }
+net::NetworkTrafficAnnotationTag GetTrafficAnnotationTag(bool is_app) {
+  if (is_app) {
+    return net::DefineNetworkTrafficAnnotation(
+        "safe_browsing_binary_upload_app", R"(
+        semantics {
+          sender: "Advanced Protection Program"
+          description:
+            "For users part of Google's Advanced Protection Program, when a "
+            "file is downloaded, Chrome will upload that file to Safe Browsing "
+            "for detailed scanning."
+          trigger:
+            "The browser will upload the file to Google when the user "
+            "downloads a file, and the browser is enrolled into the "
+            "Advanced Protection Program."
+          data:
+            "The downloaded file."
+          destination: GOOGLE_OWNED_SERVICE
+        }
+        policy {
+          cookies_allowed: YES
+          cookies_store: "Safe Browsing Cookie Store"
+          setting: "This is disabled by default an can only be enabled by "
+            "policy."
+          chrome_policy {
+            AdvancedProtectionAllowed {
+              AdvancedProtectionAllowed: false
+            }
+          }
+        }
+        )");
+  } else {
+    return net::DefineNetworkTrafficAnnotation(
+        "safe_browsing_binary_upload_connector", R"(
+        semantics {
+          sender: "Chrome Enterprise Connectors"
+          description:
+            "For users with content analysis Chrome Enterprise Connectors "
+            "enabled, Chrome will upload the data corresponding to the "
+            "Connector for scanning."
+          trigger:
+            "If the OnFileAttachedEnterpriseConnector, "
+            "OnFileDownloadedEnterpriseConnector or "
+            "OnBulkDataEntryEnterpriseConnector policy is set, a request is made to "
+            "scan a file attached to Chrome, a file downloaded by Chrome or "
+            "data pasted in Chrome respectively."
+          data:
+            "The uploaded or downloaded file, or pasted data."
+          destination: GOOGLE_OWNED_SERVICE
+        }
+        policy {
+          cookies_allowed: YES
+          cookies_store: "Safe Browsing Cookie Store"
+          setting: "This is disabled by default an can only be enabled by "
+            "policy."
+          chrome_policy {
+            OnFileAttachedEnterpriseConnector {
+            }
+            OnFileDownloadedEnterpriseConnector {
+            }
+            OnBulkDataEntryEnterpriseConnector {
+            }
+          }
+        }
+        )");
+  }
+}
 }  // namespace
 BinaryUploadService::BinaryUploadService(Profile* profile)
@@ -247,44 +314,6 @@ void BinaryUploadService::OnGetRequestData(Request* request,
    return;
  }
-  net::NetworkTrafficAnnotationTag traffic_annotation =
-      net::DefineNetworkTrafficAnnotation("safe_browsing_binary_upload", R"(
-        semantics {
-          sender: "Safe Browsing Download Protection"
-          description:
-            "For users with the enterprise policy "
-            "SendFilesForMalwareCheck set, when a file is "
-            "downloaded, Chrome will upload that file to Safe Browsing for "
-            "detailed scanning."
-          trigger:
-            "The browser will upload the file to Google when "
-            "the user downloads a file, and the enterprise policy "
-            "SendFilesForMalwareCheck is set."
-          data:
-            "The downloaded file."
-          destination: GOOGLE_OWNED_SERVICE
-        }
-        policy {
-          cookies_allowed: YES
-          cookies_store: "Safe Browsing Cookie Store"
-          setting: "This is disabled by default an can only be enabled by "
-            "policy."
-          chrome_policy {
-            SendFilesForMalwareCheck {
-              SendFilesForMalwareCheck: 0
-            }
-          }
-          chrome_policy {
-            SendFilesForMalwareCheck {
-              SendFilesForMalwareCheck: 1
-            }
-          }
-        }
-        comments: "Setting SendFilesForMalwareCheck to 0 (Do not scan "
-          "downloads) or 1 (Forbid the scanning of downloads) will disable "
-          "this feature"
-        )");
  std::string metadata;
  request->SerializeToString(&metadata);
  base::Base64Encode(metadata, &metadata);
@@ -294,7 +323,7 @@ void BinaryUploadService::OnGetRequestData(Request* request,
    url = GetUploadUrl(IsAdvancedProtectionRequest(*request));
  auto upload_request = MultipartUploadRequest::Create(
      url_loader_factory_, std::move(url), metadata, data.contents,
-      traffic_annotation,
+      GetTrafficAnnotationTag(IsAdvancedProtectionRequest(*request)),
      base::BindOnce(&BinaryUploadService::OnUploadComplete,
                     weakptr_factory_.GetWeakPtr(), request));

--- a/tools/traffic_annotation/summary/annotations.xml
+++ b/tools/traffic_annotation/summary/annotations.xml
@@ -278,7 +278,9 @@ Refer to README.md for content description and update process.
 <item id="resource_prefetch" added_in_milestone="62" hash_code="110815970" type="0" deprecated="2018-02-28" content_hash_code="39251261" file_path=""/>
 <item id="rlz_ping" added_in_milestone="63" hash_code="99279418" type="0" content_hash_code="102108802" os_list="windows" file_path="rlz/lib/financial_ping.cc"/>
 <item id="safe_browsing_backup_request" added_in_milestone="62" hash_code="106980485" type="0" deprecated="2018-08-14" content_hash_code="101760679" file_path=""/>
- <item id="safe_browsing_binary_upload" added_in_milestone="78" hash_code="71663319" type="0" content_hash_code="105913171" os_list="linux,windows" file_path="chrome/browser/safe_browsing/cloud_content_scanning/binary_upload_service.cc"/>
+ <item id="safe_browsing_binary_upload" added_in_milestone="78" hash_code="71663319" type="0" deprecated="2020-09-16" content_hash_code="105913171" file_path=""/>
+ <item id="safe_browsing_binary_upload_app" added_in_milestone="87" hash_code="4306022" type="0" content_hash_code="64626873" os_list="linux,windows" file_path="chrome/browser/safe_browsing/cloud_content_scanning/binary_upload_service.cc"/>
+ <item id="safe_browsing_binary_upload_connector" added_in_milestone="87" hash_code="59568147" type="0" content_hash_code="69870179" os_list="linux,windows" file_path="chrome/browser/safe_browsing/cloud_content_scanning/binary_upload_service.cc"/>
 <item id="safe_browsing_cache_collector" added_in_milestone="62" hash_code="115907811" type="0" content_hash_code="62296373" os_list="linux,windows" file_path="components/safe_browsing/content/browser/threat_details_cache.cc"/>
 <item id="safe_browsing_certificate_error_reporting" added_in_milestone="62" hash_code="66590631" type="0" content_hash_code="26108454" os_list="linux,windows" file_path="chrome/browser/ssl/certificate_error_reporter.cc"/>
 <item id="safe_browsing_chunk_backup_request" added_in_milestone="62" hash_code="79957943" type="0" deprecated="2018-08-14" content_hash_code="133850277" file_path=""/>

--- a/tools/traffic_annotation/summary/grouping.xml
+++ b/tools/traffic_annotation/summary/grouping.xml
@@ -208,7 +208,8 @@ hidden="true" so that these annotations don't show up in the document.
      <traffic_annotation unique_id="safe_browsing_module_loader"/>
      <traffic_annotation unique_id="safe_browsing_v4_get_hash"/>
      <traffic_annotation unique_id="safe_browsing_v4_update"/>
-      <traffic_annotation unique_id="safe_browsing_binary_upload"/>
+      <traffic_annotation unique_id="safe_browsing_binary_upload_app"/>
+      <traffic_annotation unique_id="safe_browsing_binary_upload_connector"/>
      <traffic_annotation unique_id="safe_browsing_realtime_url_lookup"/>
      <traffic_annotation unique_id="unwanted_software_report"/>
      <traffic_annotation unique_id="ppapi_download_request"/>