Implement permission embargo suppression metrics.

chrome/browser/permissions/permission_context_base.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/permissions/permission_context_base.h"
 
 #include <stddef.h>
 
 #include <string>
 #include <utility>
 
 #include "base/callback.h"
 #include "base/logging.h"
 #include "base/memory/ptr_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/time/time.h"
 #include "build/build_config.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/content_settings/host_content_settings_map_factory.h"
 #include "chrome/browser/permissions/permission_decision_auto_blocker.h"
 #include "chrome/browser/permissions/permission_request.h"
 #include "chrome/browser/permissions/permission_request_id.h"
 #include "chrome/browser/permissions/permission_request_impl.h"
 #include "chrome/browser/permissions/permission_request_manager.h"
 #include "chrome/browser/permissions/permission_uma_util.h"
-#include "chrome/browser/permissions/permission_util.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/safe_browsing/safe_browsing_service.h"
 #include "chrome/common/chrome_features.h"
 #include "chrome/common/pref_names.h"
 #include "components/content_settings/core/browser/host_content_settings_map.h"
 #include "components/prefs/pref_service.h"
 #include "components/safe_browsing_db/database_manager.h"
 #include "components/variations/variations_associated_data.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/origin_util.h"
 #include "url/gurl.h"
 
 #if defined(OS_ANDROID)
 #include "chrome/browser/permissions/permission_queue_controller.h"
 #endif
 
 // static
 const char PermissionContextBase::kPermissionsKillSwitchFieldStudy[] =
     "PermissionsKillSwitch";
 // static
 const char PermissionContextBase::kPermissionsKillSwitchBlockedValue[] =
     "blocked";
 
-PermissionResult::PermissionResult(ContentSetting cs,
-                                   PermissionStatusSource pss)
-    : content_setting(cs), source(pss) {}
-
-PermissionResult::~PermissionResult() {}
-
 PermissionContextBase::PermissionContextBase(
     Profile* profile,
     const ContentSettingsType content_settings_type)
     : profile_(profile),
       content_settings_type_(content_settings_type),
       weak_factory_(this) {
 #if defined(OS_ANDROID)
   permission_queue_controller_.reset(
       new PermissionQueueController(profile_, content_settings_type_));
 #endif
   PermissionDecisionAutoBlocker::UpdateFromVariations();
 }
 
 PermissionContextBase::~PermissionContextBase() {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
 }
 
 void PermissionContextBase::RequestPermission(
     content::WebContents* web_contents,
     const PermissionRequestID& id,
     const GURL& requesting_frame,
     bool user_gesture,
     const BrowserPermissionCallback& callback) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
 
-  // First check if this permission has been disabled.
-  if (IsPermissionKillSwitchOn()) {
-    // Log to the developer console.
-    web_contents->GetMainFrame()->AddMessageToConsole(
-        content::CONSOLE_MESSAGE_LEVEL_INFO,
-        base::StringPrintf(
-            "%s permission has been blocked.",
-            PermissionUtil::GetPermissionString(content_settings_type_)
-                .c_str()));
-    // The kill switch is enabled for this permission; Block all requests.
-    callback.Run(CONTENT_SETTING_BLOCK);
-    return;
-  }
-
   GURL requesting_origin = requesting_frame.GetOrigin();
   GURL embedding_origin = web_contents->GetLastCommittedURL().GetOrigin();
 
   if (!requesting_origin.is_valid() || !embedding_origin.is_valid()) {
     std::string type_name =
         PermissionUtil::GetPermissionString(content_settings_type_);
 
     DVLOG(1) << "Attempt to use " << type_name
              << " from an invalid URL: " << requesting_origin << ","
              << embedding_origin << " (" << type_name
              << " is not supported in popups)";
     NotifyPermissionSet(id, requesting_origin, embedding_origin, callback,
                         false /* persist */, CONTENT_SETTING_BLOCK);
     return;
   }
 
   // Synchronously check the content setting to see if the user has already made
   // a decision, or if the origin is under embargo. If so, respect that
   // decision.
   PermissionResult result =
       GetPermissionStatus(requesting_origin, embedding_origin);
 
   if (result.content_setting == CONTENT_SETTING_ALLOW ||
       result.content_setting == CONTENT_SETTING_BLOCK) {
+    if (result.source == PermissionStatusSource::KILL_SWITCH) {
+      // Block the request and log to the developer console.
+      web_contents->GetMainFrame()->AddMessageToConsole(
+          content::CONSOLE_MESSAGE_LEVEL_INFO,
+          base::StringPrintf(
+              "%s permission has been blocked.",
+              PermissionUtil::GetPermissionString(content_settings_type_)
+                  .c_str()));
+      callback.Run(CONTENT_SETTING_BLOCK);
+      return;
+    }
+
+    // If we are under embargo, record the embargo reason for which we have
+    // suppressed the prompt. Explicitly switch to ensure that any new
+    // PermissionStatusSource values are dealt with appropriately.
+    switch (result.source) {
+      case PermissionStatusSource::MULTIPLE_DISMISSALS:
+        PermissionUmaUtil::RecordEmbargoPromptSuppression(
+            PermissionEmbargoStatus::REPEATED_DISMISSALS);
+        break;
+      case PermissionStatusSource::SAFE_BROWSING_BLACKLIST:
+        PermissionUmaUtil::RecordEmbargoPromptSuppression(
+            PermissionEmbargoStatus::PERMISSIONS_BLACKLISTING);
+        break;
+      case PermissionStatusSource::UNSPECIFIED:
+      case PermissionStatusSource::KILL_SWITCH:
+      case PermissionStatusSource::NUM:
+        break;
+    }

[raymes, 2017/02/22 23:13:50]

nit: Could we make the conversion a helper function in permission uma util?

[dominickn, 2017/02/22 23:38:54]

This can only be done by proxying the call to RecordEmbargoPromptSuppression in
the helper method entirely since we only record something for 2 cases. I don't
know if this is actually clearer or not.

[raymes, 2017/02/23 01:28:58]

I agree - it's not ideal. We could alternatively have a function which does the
conversion and returns a bool if it should be recorded, e.g.

bool PermissionStatusSourceToPermissionEmbargoStatus(PermissionStatusSource
source, PermissionEmbargoStatus* result);

I don't feel too strongly though.

     NotifyPermissionSet(id, requesting_origin, embedding_origin, callback,
                         false /* persist */, result.content_setting);
     return;
   }
 
   // Asynchronously check whether the origin should be blocked from making this
-  // permission request. It may be on the Safe Browsing API blacklist, or it may
-  // have been dismissed too many times in a row. If the origin is allowed to
-  // request, that request will be made to ContinueRequestPermission().
+  // permission request, e.g. it may be on the Safe Browsing API blacklist.
   PermissionDecisionAutoBlocker::GetForProfile(profile_)->UpdateEmbargoedStatus(
       content_settings_type_, requesting_origin, web_contents,
       base::Bind(&PermissionContextBase::ContinueRequestPermission,
                  weak_factory_.GetWeakPtr(), web_contents, id,
                  requesting_origin, embedding_origin, user_gesture, callback));
 }
 
 void PermissionContextBase::ContinueRequestPermission(
     content::WebContents* web_contents,
     const PermissionRequestID& id,
     const GURL& requesting_origin,
     const GURL& embedding_origin,
     bool user_gesture,
     const BrowserPermissionCallback& callback,
     bool permission_blocked) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
   if (permission_blocked) {
     web_contents->GetMainFrame()->AddMessageToConsole(
         content::CONSOLE_MESSAGE_LEVEL_INFO,
         base::StringPrintf(
             "%s permission has been auto-blocked.",
             PermissionUtil::GetPermissionString(content_settings_type_)
                 .c_str()));
-    // Permission has been automatically blocked.
-    PermissionUmaUtil::RecordPermissionEmbargoStatus(
+    // Permission has been automatically blocked. Record that the prompt was
+    // suppressed and that we hit the blacklist.
+    PermissionUmaUtil::RecordEmbargoPromptSuppression(
+        PermissionEmbargoStatus::PERMISSIONS_BLACKLISTING);
+    PermissionUmaUtil::RecordEmbargoStatus(
         PermissionEmbargoStatus::PERMISSIONS_BLACKLISTING);
     callback.Run(CONTENT_SETTING_BLOCK);
     return;
   }
 
+  // We are going to show a prompt now.
   PermissionUmaUtil::PermissionRequested(
       content_settings_type_, requesting_origin, embedding_origin, profile_);
+  PermissionUmaUtil::RecordEmbargoPromptSuppression(
+      PermissionEmbargoStatus::NOT_EMBARGOED);
 
   DecidePermission(web_contents, id, requesting_origin, embedding_origin,
                    user_gesture, callback);
 }
 
 PermissionResult PermissionContextBase::GetPermissionStatus(
     const GURL& requesting_origin,
     const GURL& embedding_origin) const {
-  // TODO(raymes): Ensure we return appropriate decision reasons in the
-  // PermissionResult. We should add these as each is needed.
-
   // If the permission has been disabled through Finch, block all requests.
   if (IsPermissionKillSwitchOn()) {
     return PermissionResult(CONTENT_SETTING_BLOCK,
-                            PermissionStatusSource::UNSPECIFIED);
+                            PermissionStatusSource::KILL_SWITCH);
   }
 
   if (IsRestrictedToSecureOrigins() &&
       !content::IsOriginSecure(requesting_origin)) {
     return PermissionResult(CONTENT_SETTING_BLOCK,
                             PermissionStatusSource::UNSPECIFIED);
   }
 
   ContentSetting content_setting =
       GetPermissionStatusInternal(requesting_origin, embedding_origin);
-  if (content_setting == CONTENT_SETTING_ASK &&
-      PermissionDecisionAutoBlocker::GetForProfile(profile_)->IsUnderEmbargo(
-          content_settings_type_, requesting_origin)) {
-    return PermissionResult(CONTENT_SETTING_BLOCK,
-                            PermissionStatusSource::UNSPECIFIED);
+  if (content_setting == CONTENT_SETTING_ASK) {
+    return PermissionDecisionAutoBlocker::GetForProfile(profile_)
+        ->GetEmbargoResult(content_settings_type_, requesting_origin);

[raymes, 2017/02/22 23:13:50]

Could we DCHECK that the content setting of the return value here is ASK or
BLOCK? I think this code is making an assumption that it will never be ALLOW.

[dominickn, 2017/02/22 23:38:54]

Done.

   }
 
   return PermissionResult(content_setting, PermissionStatusSource::UNSPECIFIED);
 }
 
-void PermissionContextBase::ResetPermission(
-    const GURL& requesting_origin,
-    const GURL& embedding_origin) {
+void PermissionContextBase::ResetPermission(const GURL& requesting_origin,
+                                            const GURL& embedding_origin) {
   HostContentSettingsMapFactory::GetForProfile(profile_)
       ->SetContentSettingDefaultScope(requesting_origin, embedding_origin,
                                       content_settings_storage_type(),
                                       std::string(), CONTENT_SETTING_DEFAULT);
 }
 
 void PermissionContextBase::CancelPermissionRequest(
     content::WebContents* web_contents,
     const PermissionRequestID& id) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
@@ skipping 107 matching lines @@
     } else {
       PermissionUmaUtil::PermissionDismissed(
           content_settings_type_, gesture_type, requesting_origin, profile_);
 
       if (PermissionDecisionAutoBlocker::GetForProfile(profile_)
               ->RecordDismissAndEmbargo(requesting_origin,
                                         content_settings_type_)) {
         embargo_status = PermissionEmbargoStatus::REPEATED_DISMISSALS;
       }
     }
-    PermissionUmaUtil::RecordPermissionEmbargoStatus(embargo_status);
+    PermissionUmaUtil::RecordEmbargoStatus(embargo_status);
   }
 
   NotifyPermissionSet(id, requesting_origin, embedding_origin, callback,
                       persist, content_setting);
 }
 
 #if defined(OS_ANDROID)
 PermissionQueueController* PermissionContextBase::GetQueueController() {
   return permission_queue_controller_.get();
 }
@@ skipping 45 matching lines @@
                                       content_settings_storage_type(),
                                       std::string(), content_setting);
 }
 
 ContentSettingsType PermissionContextBase::content_settings_storage_type()
     const {
   if (content_settings_type_ == CONTENT_SETTINGS_TYPE_PUSH_MESSAGING)
     return CONTENT_SETTINGS_TYPE_NOTIFICATIONS;
   return content_settings_type_;
 }