Fill is_chrome_signin_password field in the password entry pings.

components/safe_browsing/password_protection/password_protection_request.cc

 // Copyright 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 #include "components/safe_browsing/password_protection/password_protection_request.h"
 
 #include "base/memory/ptr_util.h"
 #include "base/memory/weak_ptr.h"
 #include "base/metrics/histogram_macros.h"
 #include "components/data_use_measurement/core/data_use_user_data.h"
 #include "content/public/browser/web_contents.h"
+#include "google_apis/gaia/gaia_urls.h"
 #include "net/base/escape.h"
 #include "net/base/load_flags.h"
 #include "net/base/url_util.h"
 #include "net/http/http_status_code.h"
 #include "net/traffic_annotation/network_traffic_annotation.h"
+#include "url/origin.h"
 
 using content::BrowserThread;
 using content::WebContents;
 
 namespace safe_browsing {
 
 PasswordProtectionRequest::PasswordProtectionRequest(
     WebContents* web_contents,
     const GURL& main_frame_url,
     const GURL& password_form_action,
@@ skipping 91 matching lines @@
         password_frame->set_has_password_field(true);
         // TODO(jialiul): Add referrer chain for subframes later.
         password_form = password_frame->add_forms();
       }
       password_form->set_action_url(password_form_action_.spec());
       // TODO(jialiul): Fill more frame specific info when Safe Browsing backend
       // is ready to handle these pieces of information.
       break;
     }
     case LoginReputationClientRequest::PASSWORD_REUSE_EVENT: {
-      // TODO(jialiul): Fill more password reuse related information when ready.
+      LoginReputationClientRequest::PasswordReuseEvent* reuse_event =
+          request_proto_->mutable_password_reuse_event();
+      const url::Origin gaia_origin(
+          GaiaUrls::GetInstance()->gaia_url().GetOrigin());
+      reuse_event->set_is_chrome_signin_password(

[Nathan Parker, 2017/05/31 22:40:55]

I think we want to know that this password matches the chrome-sync password,
rather than the URL matches google.  Otherwise, someone could save their google
password (but not sync with it) and we'd end up marking this true.

[Jialiu Lin, 2017/06/01 01:22:01]

You're right. I overlooked this possibility.
My latest patch uses a semi-hacky way to distinguish chrome sync
password reuse without changing too much password_manager code. 

+          url::Origin(GURL(saved_domain_)).IsSameOriginWith(gaia_origin));
       break;
     }
     default:
       NOTREACHED();
   }
 }
 
 void PasswordProtectionRequest::SendRequest() {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
   FillRequestProto();
@@ skipping 135 matching lines @@
 void PasswordProtectionRequest::Cancel(bool timed_out) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
   fetcher_.reset();
 
   Finish(timed_out ? PasswordProtectionService::TIMEDOUT
                    : PasswordProtectionService::CANCELED,
          nullptr);
 }
 
 }  // namespace safe_browsing