Chromium Code Reviews Chromium Code Reviews
Issue 2047253002:
Add hooks to permission layer for permission action reporting (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@permission-reporter-implementation| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/permissions/permission_uma_util.h" | 5 #include "chrome/browser/permissions/permission_uma_util.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/command_line.h" | |
| 9 #include "base/metrics/histogram_macros.h" | 10 #include "base/metrics/histogram_macros.h" |
| 10 #include "base/strings/stringprintf.h" | 11 #include "base/strings/stringprintf.h" |
| 11 #include "chrome/browser/browser_process.h" | 12 #include "chrome/browser/browser_process.h" |
| 12 #include "chrome/browser/permissions/permission_manager.h" | 13 #include "chrome/browser/permissions/permission_manager.h" |
| 13 #include "chrome/browser/permissions/permission_util.h" | 14 #include "chrome/browser/permissions/permission_util.h" |
| 14 #include "chrome/browser/profiles/profile.h" | 15 #include "chrome/browser/profiles/profile.h" |
| 16 #include "chrome/browser/safe_browsing/safe_browsing_service.h" | |
| 17 #include "chrome/browser/safe_browsing/ui_manager.h" | |
| 18 #include "chrome/browser/sync/profile_sync_service_factory.h" | |
| 15 #include "chrome/browser/ui/website_settings/permission_bubble_request.h" | 19 #include "chrome/browser/ui/website_settings/permission_bubble_request.h" |
| 20 #include "chrome/common/chrome_switches.h" | |
| 21 #include "chrome/common/pref_names.h" | |
| 22 #include "components/browser_sync/browser/profile_sync_service.h" | |
| 23 #include "components/prefs/pref_service.h" | |
| 16 #include "components/rappor/rappor_service.h" | 24 #include "components/rappor/rappor_service.h" |
| 17 #include "components/rappor/rappor_utils.h" | 25 #include "components/rappor/rappor_utils.h" |
| 18 #include "content/public/browser/permission_type.h" | 26 #include "content/public/browser/permission_type.h" |
| 19 #include "content/public/common/origin_util.h" | 27 #include "content/public/common/origin_util.h" |
| 20 #include "url/gurl.h" | 28 #include "url/gurl.h" |
| 21 | 29 |
| 22 // UMA keys need to be statically initialized so plain function would not | 30 // UMA keys need to be statically initialized so plain function would not |
| 23 // work. Use macros instead. | 31 // work. Use macros instead. |
| 24 #define PERMISSION_ACTION_UMA(secure_origin, permission, permission_secure, \ | 32 #define PERMISSION_ACTION_UMA(secure_origin, permission, permission_secure, \ |
| 25 permission_insecure, action) \ | 33 permission_insecure, action) \ |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 67 } | 75 } |
| 68 | 76 |
| 69 std::string permission_str = | 77 std::string permission_str = |
| 70 PermissionUtil::GetPermissionString(permission); | 78 PermissionUtil::GetPermissionString(permission); |
| 71 if (permission_str.empty()) | 79 if (permission_str.empty()) |
| 72 return ""; | 80 return ""; |
| 73 return base::StringPrintf("ContentSettings.PermissionActions_%s.%s.Url", | 81 return base::StringPrintf("ContentSettings.PermissionActions_%s.%s.Url", |
| 74 permission_str.c_str(), action_str.c_str()); | 82 permission_str.c_str(), action_str.c_str()); |
| 75 } | 83 } |
| 76 | 84 |
| 77 void RecordPermissionAction(PermissionType permission, | |
| 78 PermissionAction action, | |
| 79 const GURL& requesting_origin) { | |
| 80 bool secure_origin = content::IsOriginSecure(requesting_origin); | |
| 81 | |
| 82 switch (permission) { | |
| 83 case PermissionType::GEOLOCATION: | |
| 84 PERMISSION_ACTION_UMA( | |
| 85 secure_origin, | |
| 86 "Permissions.Action.Geolocation", | |
| 87 "Permissions.Action.SecureOrigin.Geolocation", | |
| 88 "Permissions.Action.InsecureOrigin.Geolocation", | |
| 89 action); | |
| 90 break; | |
| 91 case PermissionType::NOTIFICATIONS: | |
| 92 PERMISSION_ACTION_UMA( | |
| 93 secure_origin, | |
| 94 "Permissions.Action.Notifications", | |
| 95 "Permissions.Action.SecureOrigin.Notifications", | |
| 96 "Permissions.Action.InsecureOrigin.Notifications", | |
| 97 action); | |
| 98 break; | |
| 99 case PermissionType::MIDI_SYSEX: | |
| 100 PERMISSION_ACTION_UMA( | |
| 101 secure_origin, | |
| 102 "Permissions.Action.MidiSysEx", | |
| 103 "Permissions.Action.SecureOrigin.MidiSysEx", | |
| 104 "Permissions.Action.InsecureOrigin.MidiSysEx", | |
| 105 action); | |
| 106 break; | |
| 107 case PermissionType::PUSH_MESSAGING: | |
| 108 PERMISSION_ACTION_UMA( | |
| 109 secure_origin, | |
| 110 "Permissions.Action.PushMessaging", | |
| 111 "Permissions.Action.SecureOrigin.PushMessaging", | |
| 112 "Permissions.Action.InsecureOrigin.PushMessaging", | |
| 113 action); | |
| 114 break; | |
| 115 case PermissionType::PROTECTED_MEDIA_IDENTIFIER: | |
| 116 PERMISSION_ACTION_UMA( | |
| 117 secure_origin, | |
| 118 "Permissions.Action.ProtectedMedia", | |
| 119 "Permissions.Action.SecureOrigin.ProtectedMedia", | |
| 120 "Permissions.Action.InsecureOrigin.ProtectedMedia", | |
| 121 action); | |
| 122 break; | |
| 123 case PermissionType::DURABLE_STORAGE: | |
| 124 PERMISSION_ACTION_UMA( | |
| 125 secure_origin, | |
| 126 "Permissions.Action.DurableStorage", | |
| 127 "Permissions.Action.SecureOrigin.DurableStorage", | |
| 128 "Permissions.Action.InsecureOrigin.DurableStorage", | |
| 129 action); | |
| 130 break; | |
| 131 case PermissionType::AUDIO_CAPTURE: | |
| 132 // Media permissions are disabled on insecure origins, so there's no | |
| 133 // need to record metrics for secure/insecue. | |
| 134 UMA_HISTOGRAM_ENUMERATION("Permissions.Action.AudioCapture", action, | |
| 135 PERMISSION_ACTION_NUM); | |
| 136 break; | |
| 137 case PermissionType::VIDEO_CAPTURE: | |
| 138 UMA_HISTOGRAM_ENUMERATION("Permissions.Action.VideoCapture", action, | |
| 139 PERMISSION_ACTION_NUM); | |
| 140 break; | |
| 141 // The user is not prompted for these permissions, thus there is no | |
| 142 // permission action recorded for them. | |
| 143 case PermissionType::MIDI: | |
| 144 case PermissionType::BACKGROUND_SYNC: | |
| 145 case PermissionType::NUM: | |
| 146 NOTREACHED() << "PERMISSION " | |
| 147 << PermissionUtil::GetPermissionString(permission) | |
| 148 << " not accounted for"; | |
| 149 } | |
| 150 | |
| 151 // Retrieve the name of the RAPPOR metric. Currently, the new metric name is | |
| 152 // the deprecated name with "2" on the end, e.g. | |
| 153 // ContentSettings.PermissionActions_Geolocation.Granted.Url2. For simplicity, | |
| 154 // we retrieve the deprecated name and append the "2" for the new name. | |
| 155 // TODO(dominickn): remove the deprecated metric and replace it solely with | |
| 156 // the new one in GetRapporMetric - crbug.com/605836. | |
| 157 const std::string deprecated_metric = GetRapporMetric(permission, action); | |
| 158 rappor::RapporService* rappor_service = g_browser_process->rappor_service(); | |
| 159 if (!deprecated_metric.empty() && rappor_service) { | |
| 160 rappor::SampleDomainAndRegistryFromGURL(rappor_service, deprecated_metric, | |
| 161 requesting_origin); | |
| 162 | |
| 163 std::string rappor_metric = deprecated_metric + "2"; | |
| 164 rappor_service->RecordSample( | |
| 165 rappor_metric, rappor::LOW_FREQUENCY_ETLD_PLUS_ONE_RAPPOR_TYPE, | |
| 166 rappor::GetDomainAndRegistrySampleFromGURL(requesting_origin)); | |
| 167 } | |
| 168 } | |
| 169 | |
| 170 void RecordPermissionRequest(PermissionType permission, | 85 void RecordPermissionRequest(PermissionType permission, |
| 171 const GURL& requesting_origin, | 86 const GURL& requesting_origin, |
| 172 const GURL& embedding_origin, | 87 const GURL& embedding_origin, |
| 173 Profile* profile) { | 88 Profile* profile) { |
| 174 rappor::RapporService* rappor_service = g_browser_process->rappor_service(); | 89 rappor::RapporService* rappor_service = g_browser_process->rappor_service(); |
| 175 if (rappor_service) { | 90 if (rappor_service) { |
| 176 if (permission == PermissionType::GEOLOCATION) { | 91 if (permission == PermissionType::GEOLOCATION) { |
| 177 // TODO(dominickn): remove this deprecated metric - crbug.com/605836. | 92 // TODO(dominickn): remove this deprecated metric - crbug.com/605836. |
| 178 rappor::SampleDomainAndRegistryFromGURL( | 93 rappor::SampleDomainAndRegistryFromGURL( |
| 179 rappor_service, | 94 rappor_service, |
| (...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 273 // add new permission | 188 // add new permission |
| 274 void PermissionUmaUtil::PermissionRequested(PermissionType permission, | 189 void PermissionUmaUtil::PermissionRequested(PermissionType permission, |
| 275 const GURL& requesting_origin, | 190 const GURL& requesting_origin, |
| 276 const GURL& embedding_origin, | 191 const GURL& embedding_origin, |
| 277 Profile* profile) { | 192 Profile* profile) { |
| 278 RecordPermissionRequest(permission, requesting_origin, embedding_origin, | 193 RecordPermissionRequest(permission, requesting_origin, embedding_origin, |
| 279 profile); | 194 profile); |
| 280 } | 195 } |
| 281 | 196 |
| 282 void PermissionUmaUtil::PermissionGranted(PermissionType permission, | 197 void PermissionUmaUtil::PermissionGranted(PermissionType permission, |
| 283 const GURL& requesting_origin) { | 198 const GURL& requesting_origin, |
| 284 RecordPermissionAction(permission, GRANTED, requesting_origin); | 199 Profile* profile) { |
| 200 RecordPermissionAction(permission, GRANTED, requesting_origin, profile); | |
| 285 } | 201 } |
| 286 | 202 |
| 287 void PermissionUmaUtil::PermissionDenied(PermissionType permission, | 203 void PermissionUmaUtil::PermissionDenied(PermissionType permission, |
| 288 const GURL& requesting_origin) { | 204 const GURL& requesting_origin, |
| 289 RecordPermissionAction(permission, DENIED, requesting_origin); | 205 Profile* profile) { |
| 206 RecordPermissionAction(permission, DENIED, requesting_origin, profile); | |
| 290 } | 207 } |
| 291 | 208 |
| 292 void PermissionUmaUtil::PermissionDismissed(PermissionType permission, | 209 void PermissionUmaUtil::PermissionDismissed(PermissionType permission, |
| 293 const GURL& requesting_origin) { | 210 const GURL& requesting_origin, |
| 294 RecordPermissionAction(permission, DISMISSED, requesting_origin); | 211 Profile* profile) { |
| 212 RecordPermissionAction(permission, DISMISSED, requesting_origin, profile); | |
| 295 } | 213 } |
| 296 | 214 |
| 297 void PermissionUmaUtil::PermissionIgnored(PermissionType permission, | 215 void PermissionUmaUtil::PermissionIgnored(PermissionType permission, |
| 298 const GURL& requesting_origin) { | 216 const GURL& requesting_origin, |
| 299 RecordPermissionAction(permission, IGNORED, requesting_origin); | 217 Profile* profile) { |
| 218 RecordPermissionAction(permission, IGNORED, requesting_origin, profile); | |
| 300 } | 219 } |
| 301 | 220 |
| 302 void PermissionUmaUtil::PermissionRevoked(PermissionType permission, | 221 void PermissionUmaUtil::PermissionRevoked(PermissionType permission, |
| 303 const GURL& revoked_origin) { | 222 const GURL& revoked_origin, |
| 223 Profile* profile) { | |
| 304 // TODO(tsergeant): Expand metrics definitions for revocation to include all | 224 // TODO(tsergeant): Expand metrics definitions for revocation to include all |
| 305 // permissions. | 225 // permissions. |
| 306 if (permission == PermissionType::NOTIFICATIONS || | 226 if (permission == PermissionType::NOTIFICATIONS || |
| 307 permission == PermissionType::GEOLOCATION || | 227 permission == PermissionType::GEOLOCATION || |
| 308 permission == PermissionType::AUDIO_CAPTURE || | 228 permission == PermissionType::AUDIO_CAPTURE || |
| 309 permission == PermissionType::VIDEO_CAPTURE) { | 229 permission == PermissionType::VIDEO_CAPTURE) { |
| 310 RecordPermissionAction(permission, REVOKED, revoked_origin); | 230 RecordPermissionAction(permission, REVOKED, revoked_origin, profile); |
| 311 } | 231 } |
| 312 } | 232 } |
| 313 | 233 |
| 314 void PermissionUmaUtil::PermissionPromptShown( | 234 void PermissionUmaUtil::PermissionPromptShown( |
| 315 const std::vector<PermissionBubbleRequest*>& requests) { | 235 const std::vector<PermissionBubbleRequest*>& requests) { |
| 316 DCHECK(!requests.empty()); | 236 DCHECK(!requests.empty()); |
| 317 | 237 |
| 318 PermissionBubbleType permission_prompt_type = PermissionBubbleType::MULTIPLE; | 238 PermissionBubbleType permission_prompt_type = PermissionBubbleType::MULTIPLE; |
| 319 if (requests.size() == 1) | 239 if (requests.size() == 1) |
| 320 permission_prompt_type = requests[0]->GetPermissionBubbleType(); | 240 permission_prompt_type = requests[0]->GetPermissionBubbleType(); |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 367 } | 287 } |
| 368 | 288 |
| 369 void PermissionUmaUtil::PermissionPromptDenied( | 289 void PermissionUmaUtil::PermissionPromptDenied( |
| 370 const std::vector<PermissionBubbleRequest*>& requests) { | 290 const std::vector<PermissionBubbleRequest*>& requests) { |
| 371 DCHECK(!requests.empty()); | 291 DCHECK(!requests.empty()); |
| 372 DCHECK(requests.size() == 1); | 292 DCHECK(requests.size() == 1); |
| 373 | 293 |
| 374 PERMISSION_BUBBLE_TYPE_UMA(kPermissionsPromptDenied, | 294 PERMISSION_BUBBLE_TYPE_UMA(kPermissionsPromptDenied, |
| 375 requests[0]->GetPermissionBubbleType()); | 295 requests[0]->GetPermissionBubbleType()); |
| 376 } | 296 } |
| 297 | |
| 298 bool PermissionUmaUtil::IsOptedInPermissionActionReporting(Profile* profile) { | |
|
kcarattini
2016/07/06 01:44:33
Nice work on this method!
| |
| 299 if (!base::CommandLine::ForCurrentProcess()->HasSwitch( | |
| 300 switches::kEnablePermissionActionReporting)) | |
| 301 return false; | |
| 302 // TODO(stefanocs): Remove this check once all callsites have been updated | |
| 303 // to not pass a nullptr. | |
| 304 if (!profile) | |
| 305 return false; | |
| 306 if (profile->GetProfileType() == Profile::INCOGNITO_PROFILE) | |
| 307 return false; | |
| 308 if (!profile->GetPrefs()->GetBoolean(prefs::kSafeBrowsingEnabled)) | |
| 309 return false; | |
| 310 | |
| 311 ProfileSyncService* profile_sync_service = | |
| 312 ProfileSyncServiceFactory::GetForProfile(profile); | |
| 313 | |
| 314 // Do not report if profile can't get a profile sync service due to disable | |
| 315 // sync flag. | |
| 316 if (!profile_sync_service) | |
| 317 return false; | |
| 318 | |
| 319 if (!profile_sync_service->CanSyncStart()) | |
| 320 return false; | |
| 321 | |
| 322 syncer::ModelTypeSet preferred_data_types = | |
| 323 profile_sync_service->GetPreferredDataTypes(); | |
| 324 | |
|
kcarattini
2016/07/06 01:44:33
nit: remove blank line
stefanocs
2016/07/06 04:25:45
Done.
| |
| 325 if (!preferred_data_types.Has(syncer::PROXY_TABS)) | |
| 326 return false; | |
| 327 if (!preferred_data_types.Has(syncer::PREFERENCES)) | |
| 328 return false; | |
| 329 return true; | |
|
kcarattini
2016/07/06 01:44:33
nit: add blank line above
stefanocs
2016/07/06 04:25:45
Done.
| |
| 330 } | |
| 331 | |
| 332 void PermissionUmaUtil::RecordPermissionAction(PermissionType permission, | |
| 333 PermissionAction action, | |
| 334 const GURL& requesting_origin, | |
| 335 Profile* profile) { | |
| 336 if (IsOptedInPermissionActionReporting(profile)) { | |
| 337 g_browser_process->safe_browsing_service() | |
| 338 ->ui_manager() | |
| 339 ->ReportPermissionAction(requesting_origin, permission, action); | |
| 340 } | |
| 341 | |
| 342 bool secure_origin = content::IsOriginSecure(requesting_origin); | |
| 343 | |
| 344 switch (permission) { | |
| 345 case PermissionType::GEOLOCATION: | |
| 346 PERMISSION_ACTION_UMA(secure_origin, "Permissions.Action.Geolocation", | |
| 347 "Permissions.Action.SecureOrigin.Geolocation", | |
| 348 "Permissions.Action.InsecureOrigin.Geolocation", | |
| 349 action); | |
| 350 break; | |
| 351 case PermissionType::NOTIFICATIONS: | |
| 352 PERMISSION_ACTION_UMA(secure_origin, "Permissions.Action.Notifications", | |
| 353 "Permissions.Action.SecureOrigin.Notifications", | |
| 354 "Permissions.Action.InsecureOrigin.Notifications", | |
| 355 action); | |
| 356 break; | |
| 357 case PermissionType::MIDI_SYSEX: | |
| 358 PERMISSION_ACTION_UMA(secure_origin, "Permissions.Action.MidiSysEx", | |
| 359 "Permissions.Action.SecureOrigin.MidiSysEx", | |
| 360 "Permissions.Action.InsecureOrigin.MidiSysEx", | |
| 361 action); | |
| 362 break; | |
| 363 case PermissionType::PUSH_MESSAGING: | |
| 364 PERMISSION_ACTION_UMA(secure_origin, "Permissions.Action.PushMessaging", | |
| 365 "Permissions.Action.SecureOrigin.PushMessaging", | |
| 366 "Permissions.Action.InsecureOrigin.PushMessaging", | |
| 367 action); | |
| 368 break; | |
| 369 case PermissionType::PROTECTED_MEDIA_IDENTIFIER: | |
| 370 PERMISSION_ACTION_UMA(secure_origin, "Permissions.Action.ProtectedMedia", | |
| 371 "Permissions.Action.SecureOrigin.ProtectedMedia", | |
| 372 "Permissions.Action.InsecureOrigin.ProtectedMedia", | |
| 373 action); | |
| 374 break; | |
| 375 case PermissionType::DURABLE_STORAGE: | |
| 376 PERMISSION_ACTION_UMA(secure_origin, "Permissions.Action.DurableStorage", | |
| 377 "Permissions.Action.SecureOrigin.DurableStorage", | |
| 378 "Permissions.Action.InsecureOrigin.DurableStorage", | |
| 379 action); | |
| 380 break; | |
| 381 case PermissionType::AUDIO_CAPTURE: | |
| 382 // Media permissions are disabled on insecure origins, so there's no | |
| 383 // need to record metrics for secure/insecue. | |
| 384 UMA_HISTOGRAM_ENUMERATION("Permissions.Action.AudioCapture", action, | |
| 385 PERMISSION_ACTION_NUM); | |
| 386 break; | |
| 387 case PermissionType::VIDEO_CAPTURE: | |
| 388 UMA_HISTOGRAM_ENUMERATION("Permissions.Action.VideoCapture", action, | |
| 389 PERMISSION_ACTION_NUM); | |
| 390 break; | |
| 391 // The user is not prompted for these permissions, thus there is no | |
| 392 // permission action recorded for them. | |
| 393 case PermissionType::MIDI: | |
| 394 case PermissionType::BACKGROUND_SYNC: | |
| 395 case PermissionType::NUM: | |
| 396 NOTREACHED() << "PERMISSION " | |
| 397 << PermissionUtil::GetPermissionString(permission) | |
| 398 << " not accounted for"; | |
| 399 } | |
| 400 | |
| 401 // Retrieve the name of the RAPPOR metric. Currently, the new metric name is | |
| 402 // the deprecated name with "2" on the end, e.g. | |
| 403 // ContentSettings.PermissionActions_Geolocation.Granted.Url2. For simplicity, | |
| 404 // we retrieve the deprecated name and append the "2" for the new name. | |
| 405 // TODO(dominickn): remove the deprecated metric and replace it solely with | |
| 406 // the new one in GetRapporMetric - crbug.com/605836. | |
| 407 const std::string deprecated_metric = GetRapporMetric(permission, action); | |
| 408 rappor::RapporService* rappor_service = g_browser_process->rappor_service(); | |
| 409 if (!deprecated_metric.empty() && rappor_service) { | |
| 410 rappor::SampleDomainAndRegistryFromGURL(rappor_service, deprecated_metric, | |
| 411 requesting_origin); | |
| 412 | |
| 413 std::string rappor_metric = deprecated_metric + "2"; | |
| 414 rappor_service->RecordSample( | |
| 415 rappor_metric, rappor::LOW_FREQUENCY_ETLD_PLUS_ONE_RAPPOR_TYPE, | |
| 416 rappor::GetDomainAndRegistrySampleFromGURL(requesting_origin)); | |
| 417 } | |
| 418 } | |
| OLD | NEW |
