| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 syntax = "proto3"; |
| 6 package traffic_annotation; |
| 7 |
| 8 import "components/policy/cloud_policy_full_runtime.proto"; |
| 9 |
| 10 // Describes a specific kind of network traffic based on a fine-grained |
| 11 // semantic classification of all network traffic generated by Chrome. |
| 12 // Used for auditing purposes. |
| 13 message NetworkTrafficAnnotation { |
| 14 // This is a globally unique identifier that must stay unchanged while the |
| 15 // network request carries the same semantic meaning. If the network request |
| 16 // gets a new meaning, this ID needs to be changed. |
| 17 // The purpose of this ID is to give humans a chance to reference |
| 18 // NetworkTrafficAnnotations externally even when those change a little bit |
| 19 // (e.g. adding a new piece of data that is sent along with a network |
| 20 // request). |
| 21 // IDs of one component should have a shared prefix so that sorting all |
| 22 // NetworkTrafficAnnotations by unique_id groups those that belong to the same |
| 23 // component together. |
| 24 // For example: |
| 25 // "spellchecker_lookup" |
| 26 string unique_id = 1; |
| 27 |
| 28 // Encapsulates information about the code location that generates this kind |
| 29 // of network traffic. |
| 30 message TrafficSource { |
| 31 // File name where the network request is triggered. |
| 32 // This is typically filled by the extractor and does not need to be |
| 33 // specified in the source code. For manual whitelisting this needs to be |
| 34 // specified. |
| 35 string file = 1; |
| 36 |
| 37 // Function name where the network request is instantiated. |
| 38 // This is typically filled by the extractor and does not need to be |
| 39 // specified in the source code. For manual whitelisting this needs to be |
| 40 // specified. |
| 41 string function = 2; |
| 42 |
| 43 // __LINE__ in file, where the AuditPolicy object is instantiated. |
| 44 // This is typically filled by the extractor and does not need to be |
| 45 // specified in the source code. |
| 46 // For whitelisted network requests in third_party/ that cannot be properly |
| 47 // annotated in the source code, this attribute is empty. |
| 48 int32 line = 3; |
| 49 |
| 50 // For whitelisted network requests in third_party/ that cannot be properly |
| 51 // annotated in the source code, this distinguishes between the first, |
| 52 // second, ... annotated call. |
| 53 // For annotations in the source code, this is not used because the line |
| 54 // attribute uniquely identifies the network request. |
| 55 int32 call_number = 4; |
| 56 } |
| 57 |
| 58 TrafficSource source = 2; |
| 59 |
| 60 // Meta information about the network request. |
| 61 message TrafficSemantics { |
| 62 // Justification for an empty AuditPolicy policy. |
| 63 // Typically this can be either a TODO or a hint that the annotation is |
| 64 // made upstream in the code. For example, if net::URLFetcher::Create() has |
| 65 // an annotation, the net::TCPClientSocket() that is used by the URLFetcher |
| 66 // does not need to be annotated as well. |
| 67 string empty_policy_justification = 1; |
| 68 |
| 69 // What component triggers the request. The components should be human |
| 70 // readable and don’t need to reflect the components/ directory. Avoid |
| 71 // abbreviations. |
| 72 // Examples: spellchecker, component updater, website |
| 73 string sender = 2; |
| 74 |
| 75 // Plaintext description of the network request in language that is |
| 76 // understandable by admins (ideally also users). Please avoid acronyms. |
| 77 // Please describe the feature and the feature's value proposition as well. |
| 78 // Examples: |
| 79 // - Google Chrome can provide smarter spell-checking by sending text you |
| 80 // type into the browser to Google's servers, allowing you to use the same |
| 81 // spell-checking technology used by Google products, such as Docs. |
| 82 // If the feature is enabled, Chrome will send the entire contents of text |
| 83 // fields as you type in them to Google along with the browser’s default |
| 84 // language. Google returns a list of suggested spellings, which will be |
| 85 // displayed in the context menu. |
| 86 // - A network request that comes from web content (a page the user visits) |
| 87 string description = 3; |
| 88 |
| 89 // What triggered the network request. Use a textual description. This |
| 90 // should be a human readable string. |
| 91 // For things that are clearly part of the website (resource load, form |
| 92 // submission, fetch by a service worker,...), you *may* just put “website” |
| 93 // here. |
| 94 string trigger = 4; |
| 95 |
| 96 // What nature of data is being sent. This should be a human readable |
| 97 // string. Any user data and/or PII should be pointed out. |
| 98 // Examples: “log files from /var/...”, “statistics about foobar”, “the |
| 99 // signature of a form of a website”, “installed extensions and their |
| 100 // version”, “a word on a website the user tapped on” |
| 101 string data = 5; |
| 102 |
| 103 enum Destination { |
| 104 // A website the user visits or interacts with. The distinction from a |
| 105 // google owned service can be difficult when the user navigates to |
| 106 // google.com or searches with the omnibar. Therefore follow the following |
| 107 // guideline: If the source code has hardcoded that the request goes to |
| 108 // Google (e.g. for ZeroSuggest), use GOOGLE_OWNED_SERVICE. If the request |
| 109 // can go to other domains and is perceived as a part of a website rather |
| 110 // than a native browser feature, use WEBSITE. In other cases use OTHER. |
| 111 WEBSITE = 0; |
| 112 // A Google owned service, like SafeBrowsing, spellchecking, ... |
| 113 GOOGLE_OWNED_SERVICE = 1; |
| 114 // Other endpoints, e.g. a service hosting a PAC script. In case of doubt, |
| 115 // use this category. We will audit it in the future to see whether we |
| 116 // need more categories. |
| 117 OTHER = 1000; |
| 118 } |
| 119 Destination destination = 6; |
| 120 |
| 121 // Human readable description in case the destination points to OTHER. |
| 122 string destination_other = 7; |
| 123 } |
| 124 |
| 125 TrafficSemantics semantics = 3; |
| 126 |
| 127 message TrafficPolicy { |
| 128 // Whether cookies/channel IDs/... can be sent or saved (use true if at |
| 129 // least one is correct). |
| 130 bool cookies_allowed = 1; |
| 131 |
| 132 // If a request sends or stores cookies/channel IDs/... (i.e. if |
| 133 // cookies_allowed is true), we want to know which cookie store is being |
| 134 // used. The answer to this question can typically be derived from the |
| 135 // URLRequestContext that is being used. |
| 136 // The three most common cases will be: |
| 137 // - If cookies_allowed is false, leave this field unset. |
| 138 // - If the profile's default URLRequestContext is being used (e.g. from |
| 139 // Profile::GetRequestContext()), this means that the user's normal |
| 140 // cookies are sent. In this case, put "user" here. |
| 141 // - If the system URLRequestContext is being used (for example via |
| 142 // io_thread()->system_url_request_context_getter()), put "system" here. |
| 143 // Otherwise, please explain (e.g. SafeBrowsing uses a separate cookie |
| 144 // store). |
| 145 string cookies_store = 2; |
| 146 |
| 147 // Human readable description of how to enable/disable a feature that |
| 148 // triggers this network request by a user. Use “NA”, if no such setting |
| 149 // exists (e.g. “Disable ‘Use a web service to help resolve spelling |
| 150 // errors.’ in Chrome’s settings under Advanced”). |
| 151 string setting = 3; |
| 152 |
| 153 // Example policy configuration that disables this network request. |
| 154 // This would be a text serialized protobuf of any enterprise policy. |
| 155 // see out/Debug/gen/components/policy/cloud_policy.proto |
| 156 repeated enterprise_management.CloudPolicySettings policy = 4; |
| 157 |
| 158 // Justification for not having a policy that disables this feature. |
| 159 string policy_exception_justification = 5; |
| 160 } |
| 161 |
| 162 TrafficPolicy policy = 4; |
| 163 }; |
| 164 |
| 165 // NetworkTrafficAnnotations that were extracted from the source code. |
| 166 message ExtractedNetworkTrafficAnnotation { |
| 167 repeated NetworkTrafficAnnotation network_traffic_annotation = 1; |
| 168 }; |
| 169 |
| 170 // NetworkTrafficAnnotations that had to go into a whitelist file because the |
| 171 // source code could not be annotated (e.g. because it is in a third-party |
| 172 // library). |
| 173 message WhitelistedNetworkTrafficAnnotations { |
| 174 repeated NetworkTrafficAnnotation network_traffic_annotation = 1; |
| 175 }; |
| 176 |
| 177 // All NetworkTrafficAnnotations from a Chromium configuration. |
| 178 message NetworkTrafficAnnotations { |
| 179 ExtractedNetworkTrafficAnnotation extracted_network_traffic_annotations = 1; |
| 180 WhitelistedNetworkTrafficAnnotations whitelisted_network_traffic_annotations = |
| 181 2; |
| 182 }; |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2421333002:
Protobuf for Traffic Annotation and first use by a URLFetcher. (Closed)
