Network traffic annotation added to supervised users.

chrome/browser/supervised_user/child_accounts/family_info_fetcher.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/supervised_user/child_accounts/family_info_fetcher.h"
 
 #include <stddef.h>
 
 #include "base/json/json_reader.h"
 #include "base/macros.h"
 #include "base/strings/stringprintf.h"
 #include "base/values.h"
 #include "chrome/browser/supervised_user/child_accounts/kids_management_api.h"
 #include "components/data_use_measurement/core/data_use_user_data.h"
 #include "net/base/load_flags.h"
 #include "net/http/http_status_code.h"
+#include "net/traffic_annotation/network_traffic_annotation.h"
 #include "net/url_request/url_request_status.h"
 #include "url/gurl.h"
 
 const char kGetFamilyProfileApiPath[] = "families/mine?alt=json";
 const char kGetFamilyMembersApiPath[] = "families/mine/members?alt=json";
 const char kScope[] = "https://www.googleapis.com/auth/kid.family.readonly";
 const char kAuthorizationHeaderFormat[] = "Authorization: Bearer %s";
 const int kNumRetries = 1;
 
 const char kIdFamily[] = "family";
@@ skipping 137 matching lines @@
 
 void FamilyInfoFetcher::OnGetTokenSuccess(
     const OAuth2TokenService::Request* request,
     const std::string& access_token,
     const base::Time& expiration_time) {
   DCHECK_EQ(access_token_request_.get(), request);
   access_token_ = access_token;
 
   GURL url = kids_management_api::GetURL(request_path_);
   const int id = 0;
-  url_fetcher_ = net::URLFetcher::Create(id, url, net::URLFetcher::GET, this);
+  net::NetworkTrafficAnnotationTag traffic_annotation =
+      net::DefineNetworkTrafficAnnotation("family_info", R"(
+        semantics {
+          sender: "Supervised Users"
+          description:
+            "Fetches information about the user's family group from the Google "
+            "Family API."
+          trigger:
+            "Triggered in regular intervals to update profile information."
+          data:
+            "The request is authenticated with an OAuth2 access token "
+            "identifying the Google account. No other information is sent."
+          destination: GOOGLE_OWNED_SERVICE
+        }
+        policy {
+          cookies_allowed: false
+          setting:
+            "This feature cannot be disabled in settings and is only enabled "
+            "for child accounts. If sign-in is restricted to accounts from a "
+            "managed domain, those accounts are not going to be child accounts."
+          chrome_policy {
+            RestrictSigninToPattern {
+              policy_options {mode: MANDATORY}
+              RestrictSigninToPattern: "*@manageddomain.com"
+            }
+          }
+        })");
+  url_fetcher_ = net::URLFetcher::Create(id, url, net::URLFetcher::GET, this,
+                                         traffic_annotation);
 
   data_use_measurement::DataUseUserData::AttachToFetcher(
       url_fetcher_.get(),
       data_use_measurement::DataUseUserData::SUPERVISED_USER);
   url_fetcher_->SetRequestContext(request_context_);
   url_fetcher_->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES |
                              net::LOAD_DO_NOT_SAVE_COOKIES);
   url_fetcher_->SetAutomaticallyRetryOnNetworkChanges(kNumRetries);
   url_fetcher_->AddExtraRequestHeader(
       base::StringPrintf(kAuthorizationHeaderFormat, access_token.c_str()));
@@ skipping 132 matching lines @@
     consumer_->OnFailure(SERVICE_ERROR);
     return;
   }
   std::vector<FamilyMember> members;
   if (!ParseMembers(members_list, &members)){
     consumer_->OnFailure(SERVICE_ERROR);
     return;
   }
   consumer_->OnGetFamilyMembersSuccess(members);
 }