File: user_security_signals_service.cc

package info (click to toggle)

chromium 139.0.7258.138-1

links: PTS, VCS
area: main
in suites:
size: 6,120,676 kB
sloc: cpp: 35,100,869; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36

file content (147 lines) | stat: -rw-r--r-- 5,159 bytes

parent folder | download | duplicates (5)

// Copyright 2025 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "components/enterprise/browser/reporting/user_security_signals_service.h"

#include "base/check.h"
#include "base/metrics/histogram_functions.h"
#include "components/device_signals/core/common/signals_features.h"
#include "components/enterprise/browser/reporting/common_pref_names.h"
#include "components/enterprise/browser/reporting/report_scheduler.h"
#include "components/enterprise/browser/reporting/report_util.h"
#include "components/policy/core/common/policy_logger.h"
#include "components/prefs/pref_service.h"
#include "google_apis/gaia/gaia_constants.h"
#include "google_apis/gaia/gaia_urls.h"
#include "net/cookies/cookie_change_dispatcher.h"

namespace enterprise_reporting {

UserSecuritySignalsService::UserSecuritySignalsService(
    PrefService* profile_prefs,
    Delegate* delegate)
    : profile_prefs_(profile_prefs), delegate_(delegate) {
  CHECK(profile_prefs_);
  CHECK(delegate_);
}

UserSecuritySignalsService::~UserSecuritySignalsService() = default;

base::TimeDelta UserSecuritySignalsService::GetSecurityUploadCadence() {
  return enterprise_signals::features::kProfileSignalsReportingInterval.Get();
}

void UserSecuritySignalsService::Start() {
  if (initialized_) {
    return;
  }

  initialized_ = true;

  pref_change_registrar_.Init(profile_prefs_);
  pref_change_registrar_.Add(
      kUserSecuritySignalsReporting,
      base::BindRepeating(
          &UserSecuritySignalsService::OnStatePolicyValueChanged,
          weak_factory_.GetWeakPtr()));
  pref_change_registrar_.Add(
      kUserSecurityAuthenticatedReporting,
      base::BindRepeating(
          &UserSecuritySignalsService::OnCookiePolicyValueChanged,
          weak_factory_.GetWeakPtr()));

  // Manually trigger a policy update to initialize things.
  OnStatePolicyValueChanged();
}

bool UserSecuritySignalsService::IsSecuritySignalsReportingEnabled() {
  return profile_prefs_->GetBoolean(kUserSecuritySignalsReporting);
}

bool UserSecuritySignalsService::ShouldUseCookies() {
  return IsSecuritySignalsReportingEnabled() &&
         profile_prefs_->GetBoolean(kUserSecurityAuthenticatedReporting);
}

void UserSecuritySignalsService::OnReportUploaded() {
  timer_.Start(FROM_HERE, base::Time::Now() + GetSecurityUploadCadence(),
               base::BindRepeating(&UserSecuritySignalsService::TriggerReport,
                                   weak_factory_.GetWeakPtr(),
                                   SecurityReportTrigger::kTimer));
}

void UserSecuritySignalsService::OnCookieChange(
    const net::CookieChangeInfo& change) {
  if (!enterprise_signals::features::kTriggerOnCookieChange.Get()) {
    return;
  }
  // Only trigger a new upload if the cookie change could result in a new or
  // updated session.
  if (change.cause == net::CookieChangeCause::INSERTED) {
    TriggerReport(SecurityReportTrigger::kCookieChange);
  }
}

void UserSecuritySignalsService::InitCookieListener() {
  auto* cookie_manager = delegate_->GetCookieManager();
  if (!cookie_manager) {
    return;
  }

  // Only interested in the secure first-party authentication cookie.
  cookie_manager->AddCookieChangeListener(
      GaiaUrls::GetInstance()->secure_google_url(),
      GaiaConstants::kGaiaSigninCookieName,
      cookie_listener_receiver_.BindNewPipeAndPassRemote());

  cookie_listener_receiver_.set_disconnect_handler(base::BindOnce(
      &UserSecuritySignalsService::OnCookieListenerConnectionError,
      base::Unretained(this)));
}

void UserSecuritySignalsService::OnCookieListenerConnectionError() {
  // A connection error from the CookieManager likely means that the network
  // service process has crashed. Try again to set up a listener.
  cookie_listener_receiver_.reset();
  InitCookieListener();
}

void UserSecuritySignalsService::OnStatePolicyValueChanged() {
  if (!IsSecuritySignalsReportingEnabled()) {
    timer_.Stop();
    return;
  }

  if (timer_.IsRunning()) {
    return;
  }

  // Make sure that cookie observation is properly set-up, as needed.
  OnCookiePolicyValueChanged();

  // The policy is enabled and the timed loop isn't running. Send an upload
  // immediately.
  TriggerReport(SecurityReportTrigger::kTimer);
}

void UserSecuritySignalsService::OnCookiePolicyValueChanged() {
  if (ShouldUseCookies() && !cookie_listener_receiver_.is_bound()) {
    InitCookieListener();
  } else if (!ShouldUseCookies() && cookie_listener_receiver_.is_bound()) {
    cookie_listener_receiver_.reset();
  }
}

void UserSecuritySignalsService::TriggerReport(SecurityReportTrigger trigger) {
  VLOG_POLICY(1, REPORTING) << "Security signals report is triggered by "
                            << static_cast<int>(trigger);
  base::UmaHistogramEnumeration("Enterprise.SecurityReport.User.Trigger",
                                trigger);

  base::SequencedTaskRunner::GetCurrentDefault()->PostTask(
      FROM_HERE, base::BindOnce(&Delegate::OnReportEventTriggered,
                                base::Unretained(delegate_), trigger));
}

}  // namespace enterprise_reporting