Network traffic annotation added to supervised users.

chrome/browser/supervised_user/experimental/safe_search_url_reporter.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/supervised_user/experimental/safe_search_url_reporter.h"
 
 #include "base/callback.h"
 #include "base/json/json_writer.h"
 #include "base/memory/ptr_util.h"
 #include "base/strings/stringprintf.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/signin/profile_oauth2_token_service_factory.h"
 #include "chrome/browser/signin/signin_manager_factory.h"
 #include "components/data_use_measurement/core/data_use_user_data.h"
 #include "components/signin/core/browser/profile_oauth2_token_service.h"
 #include "components/signin/core/browser/signin_manager.h"
 #include "components/signin/core/browser/signin_manager_base.h"
 #include "google_apis/gaia/google_service_auth_error.h"
 #include "net/base/load_flags.h"
 #include "net/base/net_errors.h"
 #include "net/http/http_status_code.h"
+#include "net/traffic_annotation/network_traffic_annotation.h"
 #include "net/url_request/url_fetcher.h"
 #include "net/url_request/url_request_status.h"
 #include "url/gurl.h"
 
 using net::URLFetcher;
 
 const char kApiUrl[] = "https://safesearch.googleapis.com/v1:report";
 const char kApiScope[] = "https://www.googleapis.com/auth/safesearch.reporting";
 
 const int kNumRetries = 1;
@@ skipping 69 matching lines @@
   ReportIterator it = reports_.begin();
   while (it != reports_.end()) {
     if (request == (*it)->access_token_request.get())
       break;
     it++;
   }
   DCHECK(it != reports_.end());
 
   (*it)->access_token = access_token;
 
-  (*it)->url_fetcher = URLFetcher::Create((*it)->url_fetcher_id, GURL(kApiUrl),
-                                          URLFetcher::POST, this);
+  net::NetworkTrafficAnnotationTag traffic_annotation =
+      net::DefineNetworkTrafficAnnotation("safe_search_url_reporter", R"(
+        semantics {
+          sender: "Supervised Users"
+          description: "Reports a URL wrongfully flagged by SafeSearch."
+          trigger: "Initiated by the user."
+          data:
+            "The request is authenticated with an OAuth2 access token "
+            "identifying the Google account and contains the URL that was "
+            "wrongfully flagged."
+          destination: GOOGLE_OWNED_SERVICE
+        }
+        policy {
+          cookies_allowed: false
+          setting:
+            "This feature cannot be disabled by settings and is only enabled "
+            "for child accounts. If sign-in is restricted to accounts from a "
+            "managed domain, those accounts are not going to be child accounts."
+          chrome_policy {
+            RestrictSigninToPattern {
+              policy_options {mode: MANDATORY}
+              RestrictSigninToPattern: "*@manageddomain.com"
+            }
+          }
+        })");
+  (*it)->url_fetcher =
+      URLFetcher::Create((*it)->url_fetcher_id, GURL(kApiUrl), URLFetcher::POST,
+                         this, traffic_annotation);
 
   data_use_measurement::DataUseUserData::AttachToFetcher(
       (*it)->url_fetcher.get(),
       data_use_measurement::DataUseUserData::SUPERVISED_USER);
   (*it)->url_fetcher->SetRequestContext(context_);
   (*it)->url_fetcher->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES |
                                    net::LOAD_DO_NOT_SAVE_COOKIES);
   (*it)->url_fetcher->SetAutomaticallyRetryOnNetworkChanges(kNumRetries);
   (*it)->url_fetcher->AddExtraRequestHeader(
       base::StringPrintf(kAuthorizationHeaderFormat, access_token.c_str()));
@@ skipping 55 matching lines @@
     return;
   }
 
   DispatchResult(it, true);
 }
 
 void SafeSearchURLReporter::DispatchResult(ReportIterator it, bool success) {
   (*it)->callback.Run(success);
   reports_.erase(it);
 }