Network traffic annotation added to supervised users.

chrome/browser/supervised_user/child_accounts/permission_request_creator_apiary.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/supervised_user/child_accounts/permission_request_creator_apiary.h"
 
 #include "base/callback.h"
 #include "base/command_line.h"
 #include "base/json/json_reader.h"
 #include "base/json/json_writer.h"
 #include "base/logging.h"
 #include "base/memory/ptr_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/values.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
 #include "chrome/browser/signin/signin_manager_factory.h"
 #include "chrome/browser/supervised_user/child_accounts/kids_management_api.h"
 #include "chrome/common/chrome_switches.h"
 #include "components/data_use_measurement/core/data_use_user_data.h"
 #include "components/signin/core/browser/profile_oauth2_token_service.h"
 #include "components/signin/core/browser/signin_manager.h"
 #include "components/signin/core/browser/signin_manager_base.h"
 #include "google_apis/gaia/google_service_auth_error.h"
 #include "net/base/load_flags.h"
 #include "net/base/net_errors.h"
 #include "net/http/http_status_code.h"
+#include "net/traffic_annotation/network_traffic_annotation.h"
 #include "net/url_request/url_fetcher.h"
 #include "net/url_request/url_request_status.h"
 #include "url/gurl.h"
 
 using net::URLFetcher;
 
 const char kApiPath[] = "people/me/permissionRequests";
 const char kApiScope[] = "https://www.googleapis.com/auth/kid.permission";
 
 const int kNumRetries = 1;
@@ skipping 137 matching lines @@
     const base::Time& expiration_time) {
   RequestIterator it = requests_.begin();
   while (it != requests_.end()) {
     if (request == (*it)->access_token_request.get())
       break;
     ++it;
   }
   DCHECK(it != requests_.end());
   (*it)->access_token = access_token;
 
-  (*it)->url_fetcher = URLFetcher::Create((*it)->url_fetcher_id, GetApiUrl(),
-                                          URLFetcher::POST, this);
+  net::NetworkTrafficAnnotationTag traffic_annotation =
+      net::DefineNetworkTrafficAnnotation("...", R"(

[Bernhard Bauer, 2017/03/14 10:02:49]

permission_request_creator

[Ramin Halavati, 2017/03/14 10:56:20]

Done.

+        semantics {
+          sender: "..."

[Bernhard Bauer, 2017/03/14 10:02:49]

supervised_users

[Ramin Halavati, 2017/03/14 10:56:20]

Done.

+          description: "..."

[Bernhard Bauer, 2017/03/14 10:02:49]

Requests permission for the user to access a blocked site.

[Ramin Halavati, 2017/03/14 10:56:20]

Done.

+          trigger: "..."

[Bernhard Bauer, 2017/03/14 10:02:48]

Initiated by the user.

[Ramin Halavati, 2017/03/14 10:56:19]

Done.

+          data: "..."

[Bernhard Bauer, 2017/03/14 10:02:49]

The request is authenticated with an OAuth2 access token identifying the Google
account and contains the URL that the user requests access to.

[Ramin Halavati, 2017/03/14 10:56:20]

Done.

+          destination: WEBSITE/GOOGLE_OWNED_SERVICE/OTHER
+        }
+        policy {
+          cookies_allowed: false/true

[Bernhard Bauer, 2017/03/14 10:02:48]

false

[Ramin Halavati, 2017/03/14 10:56:20]

Done.

+          cookies_store: "..."

[Bernhard Bauer, 2017/03/14 10:02:49]

user

[Ramin Halavati, 2017/03/14 10:56:19]

Done.

+          setting: "..."

[Bernhard Bauer, 2017/03/14 10:02:48]

This feature is only enabled for child accounts. If sign-in is restricted to
accounts from a managed domain, those accounts are not going to be child
accounts.

[Ramin Halavati, 2017/03/14 10:56:19]

Done.

+          chrome_policy {
+            [POLICY_NAME] {

[Bernhard Bauer, 2017/03/14 10:02:48]

RestrictSigninToPattern

[Ramin Halavati, 2017/03/14 10:56:20]

Done.

+              policy_options {mode: MANDATORY/RECOMMENDED/UNSET}

[Bernhard Bauer, 2017/03/14 10:02:49]

MANDATORY

[Ramin Halavati, 2017/03/14 10:56:19]

Done.

+              [POLICY_NAME]: ... //(value to disable it)

[Bernhard Bauer, 2017/03/14 10:02:49]

"*@manageddomain.com"

[Ramin Halavati, 2017/03/14 10:56:19]

Done.

+            }
+          }
+          policy_exception_justification: "..."
+        })");
+  (*it)->url_fetcher =
+      URLFetcher::Create((*it)->url_fetcher_id, GetApiUrl(), URLFetcher::POST,
+                         this, traffic_annotation);
 
   data_use_measurement::DataUseUserData::AttachToFetcher(
       (*it)->url_fetcher.get(),
       data_use_measurement::DataUseUserData::SUPERVISED_USER);
   (*it)->url_fetcher->SetRequestContext(context_);
   (*it)->url_fetcher->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES |
                                    net::LOAD_DO_NOT_SAVE_COOKIES);
   (*it)->url_fetcher->SetAutomaticallyRetryOnNetworkChanges(kNumRetries);
   (*it)->url_fetcher->AddExtraRequestHeader(
       base::StringPrintf(kAuthorizationHeaderFormat, access_token.c_str()));
@@ skipping 80 matching lines @@
     return;
   }
   DispatchResult(it, true);
 }
 
 void PermissionRequestCreatorApiary::DispatchResult(RequestIterator it,
                                                     bool success) {
   (*it)->callback.Run(success);
   requests_.erase(it);
 }