Update network annotations in BinaryUploadService

Bug: 1128574
Change-Id: I324ded6e3bbf92a136ede7021b18ad0a0847241b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2414914
Commit-Queue: Dominique Fauteux-Chapleau <domfc@chromium.org>
Reviewed-by: Nicolas Ouellet-Payeur <nicolaso@chromium.org>
Reviewed-by: Daniel Rubery <drubery@chromium.org>
Cr-Commit-Position: refs/heads/master@{#808060}

chrome/browser/safe_browsing/cloud_content_scanning/binary_upload_service.cc

@@ -106,6 +106,73 @@ base::Optional<GURL> GetUrlOverride() {
   return base::nullopt;
 }
 
+net::NetworkTrafficAnnotationTag GetTrafficAnnotationTag(bool is_app) {
+  if (is_app) {
+    return net::DefineNetworkTrafficAnnotation(
+        "safe_browsing_binary_upload_app", R"(
+        semantics {
+          sender: "Advanced Protection Program"
+          description:
+            "For users part of Google's Advanced Protection Program, when a "
+            "file is downloaded, Chrome will upload that file to Safe Browsing "
+            "for detailed scanning."
+          trigger:
+            "The browser will upload the file to Google when the user "
+            "downloads a file, and the browser is enrolled into the "
+            "Advanced Protection Program."
+          data:
+            "The downloaded file."
+          destination: GOOGLE_OWNED_SERVICE
+        }
+        policy {
+          cookies_allowed: YES
+          cookies_store: "Safe Browsing Cookie Store"
+          setting: "This is disabled by default an can only be enabled by "
+            "policy."
+          chrome_policy {
+            AdvancedProtectionAllowed {
+              AdvancedProtectionAllowed: false
+            }
+          }
+        }
+        )");
+  } else {
+    return net::DefineNetworkTrafficAnnotation(
+        "safe_browsing_binary_upload_connector", R"(
+        semantics {
+          sender: "Chrome Enterprise Connectors"
+          description:
+            "For users with content analysis Chrome Enterprise Connectors "
+            "enabled, Chrome will upload the data corresponding to the "
+            "Connector for scanning."
+          trigger:
+            "If the OnFileAttachedEnterpriseConnector, "
+            "OnFileDownloadedEnterpriseConnector or "
+            "OnBulkDataEntryEnterpriseConnector policy is set, a request is made to "
+            "scan a file attached to Chrome, a file downloaded by Chrome or "
+            "data pasted in Chrome respectively."
+          data:
+            "The uploaded or downloaded file, or pasted data."
+          destination: GOOGLE_OWNED_SERVICE
+        }
+        policy {
+          cookies_allowed: YES
+          cookies_store: "Safe Browsing Cookie Store"
+          setting: "This is disabled by default an can only be enabled by "
+            "policy."
+          chrome_policy {
+            OnFileAttachedEnterpriseConnector {
+            }
+            OnFileDownloadedEnterpriseConnector {
+            }
+            OnBulkDataEntryEnterpriseConnector {
+            }
+          }
+        }
+        )");
+  }
+}
+
 }  // namespace
 
 BinaryUploadService::BinaryUploadService(Profile* profile)
@@ -247,44 +314,6 @@ void BinaryUploadService::OnGetRequestData(Request* request,
     return;
   }
 
-  net::NetworkTrafficAnnotationTag traffic_annotation =
-      net::DefineNetworkTrafficAnnotation("safe_browsing_binary_upload", R"(
-        semantics {
-          sender: "Safe Browsing Download Protection"
-          description:
-            "For users with the enterprise policy "
-            "SendFilesForMalwareCheck set, when a file is "
-            "downloaded, Chrome will upload that file to Safe Browsing for "
-            "detailed scanning."
-          trigger:
-            "The browser will upload the file to Google when "
-            "the user downloads a file, and the enterprise policy "
-            "SendFilesForMalwareCheck is set."
-          data:
-            "The downloaded file."
-          destination: GOOGLE_OWNED_SERVICE
-        }
-        policy {
-          cookies_allowed: YES
-          cookies_store: "Safe Browsing Cookie Store"
-          setting: "This is disabled by default an can only be enabled by "
-            "policy."
-          chrome_policy {
-            SendFilesForMalwareCheck {
-              SendFilesForMalwareCheck: 0
-            }
-          }
-          chrome_policy {
-            SendFilesForMalwareCheck {
-              SendFilesForMalwareCheck: 1
-            }
-          }
-        }
-        comments: "Setting SendFilesForMalwareCheck to 0 (Do not scan "
-          "downloads) or 1 (Forbid the scanning of downloads) will disable "
-          "this feature"
-        )");
-
   std::string metadata;
   request->SerializeToString(&metadata);
   base::Base64Encode(metadata, &metadata);
@@ -294,7 +323,7 @@ void BinaryUploadService::OnGetRequestData(Request* request,
     url = GetUploadUrl(IsAdvancedProtectionRequest(*request));
   auto upload_request = MultipartUploadRequest::Create(
       url_loader_factory_, std::move(url), metadata, data.contents,
-      traffic_annotation,
+      GetTrafficAnnotationTag(IsAdvancedProtectionRequest(*request)),
       base::BindOnce(&BinaryUploadService::OnUploadComplete,
                      weakptr_factory_.GetWeakPtr(), request));
 

tools/traffic_annotation/summary/annotations.xml

@@ -278,7 +278,9 @@ Refer to README.md for content description and update process.
  <item id="resource_prefetch" added_in_milestone="62" hash_code="110815970" type="0" deprecated="2018-02-28" content_hash_code="39251261" file_path=""/>
  <item id="rlz_ping" added_in_milestone="63" hash_code="99279418" type="0" content_hash_code="102108802" os_list="windows" file_path="rlz/lib/financial_ping.cc"/>
  <item id="safe_browsing_backup_request" added_in_milestone="62" hash_code="106980485" type="0" deprecated="2018-08-14" content_hash_code="101760679" file_path=""/>
- <item id="safe_browsing_binary_upload" added_in_milestone="78" hash_code="71663319" type="0" content_hash_code="105913171" os_list="linux,windows" file_path="chrome/browser/safe_browsing/cloud_content_scanning/binary_upload_service.cc"/>
+ <item id="safe_browsing_binary_upload" added_in_milestone="78" hash_code="71663319" type="0" deprecated="2020-09-16" content_hash_code="105913171" file_path=""/>
+ <item id="safe_browsing_binary_upload_app" added_in_milestone="87" hash_code="4306022" type="0" content_hash_code="64626873" os_list="linux,windows" file_path="chrome/browser/safe_browsing/cloud_content_scanning/binary_upload_service.cc"/>
+ <item id="safe_browsing_binary_upload_connector" added_in_milestone="87" hash_code="59568147" type="0" content_hash_code="69870179" os_list="linux,windows" file_path="chrome/browser/safe_browsing/cloud_content_scanning/binary_upload_service.cc"/>
  <item id="safe_browsing_cache_collector" added_in_milestone="62" hash_code="115907811" type="0" content_hash_code="62296373" os_list="linux,windows" file_path="components/safe_browsing/content/browser/threat_details_cache.cc"/>
  <item id="safe_browsing_certificate_error_reporting" added_in_milestone="62" hash_code="66590631" type="0" content_hash_code="26108454" os_list="linux,windows" file_path="chrome/browser/ssl/certificate_error_reporter.cc"/>
  <item id="safe_browsing_chunk_backup_request" added_in_milestone="62" hash_code="79957943" type="0" deprecated="2018-08-14" content_hash_code="133850277" file_path=""/>

tools/traffic_annotation/summary/grouping.xml

@@ -208,7 +208,8 @@ hidden="true" so that these annotations don't show up in the document.
       <traffic_annotation unique_id="safe_browsing_module_loader"/>
       <traffic_annotation unique_id="safe_browsing_v4_get_hash"/>
       <traffic_annotation unique_id="safe_browsing_v4_update"/>
-      <traffic_annotation unique_id="safe_browsing_binary_upload"/>
+      <traffic_annotation unique_id="safe_browsing_binary_upload_app"/>
+      <traffic_annotation unique_id="safe_browsing_binary_upload_connector"/>
       <traffic_annotation unique_id="safe_browsing_realtime_url_lookup"/>
       <traffic_annotation unique_id="unwanted_software_report"/>
       <traffic_annotation unique_id="ppapi_download_request"/>