chrome/common/privacy_budget/privacy_budget_settings_provider.h - chromium/src - Git at Google

 // Copyright 2020 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CHROME_COMMON_PRIVACY_BUDGET_PRIVACY_BUDGET_SETTINGS_PROVIDER_H_
 #define CHROME_COMMON_PRIVACY_BUDGET_PRIVACY_BUDGET_SETTINGS_PROVIDER_H_

 #include "chrome/common/privacy_budget/types.h"
 #include "third_party/blink/public/common/privacy_budget/identifiability_study_settings_provider.h"
 #include "third_party/blink/public/common/privacy_budget/identifiable_surface.h"

 // A IdentifiabilityStudySettingsProvider that's based on the identifiability
 // study feature flags and field trial configuration.
 //
 // These features and field trial parameters are found in
 // privacy_budget_features.h.
 //
 // In the browser process these settings are used to filter out metrics that
 // should be excluded from the study. In the renderer they are used to prevent
 // certain surfaces from being sampled at all.
 //
 // Note: The ONLY parameters that should be exposed to the renderer are those
 //   that are shared across a large number of clients since it is possible to
 //   indirectly observe the set of surfaces that are sampled. Thus the set of
 //   sampled surfaces itself could become an identifier.
 //
 //   Renderer-exposed controls are meant to act as a granular kill switches in
 //   cases where the act of sampling itself has unforeseen adverse side-effects.
 //   Filtering done in the browser are privacy controls and cannot address
 //   issues arising at the point of sampling.
 class PrivacyBudgetSettingsProvider final
     : public blink::IdentifiabilityStudySettingsProvider {
  public:
   PrivacyBudgetSettingsProvider();
   PrivacyBudgetSettingsProvider(const PrivacyBudgetSettingsProvider&);
   PrivacyBudgetSettingsProvider(PrivacyBudgetSettingsProvider&&);
   ~PrivacyBudgetSettingsProvider() override;

   bool operator=(const PrivacyBudgetSettingsProvider&) const = delete;
   bool operator=(const PrivacyBudgetSettingsProvider&&) const = delete;

   // blink::IdentifiabilityStudySettingsProvider
   bool IsActive() const override;
   bool IsAnyTypeOrSurfaceBlocked() const override;
   bool IsSurfaceAllowed(blink::IdentifiableSurface surface) const override;
   bool IsTypeAllowed(blink::IdentifiableSurface::Type type) const override;

  private:
   // Set of identifiable surfaces for which we will NOT collect metrics. This
   // list is server controlled.
   const IdentifiableSurfaceSet blocked_surfaces_;

   // Set of identifiable surface types for which we will NOT collect metrics.
   // This list is server controlled.
   const IdentifiableSurfaceTypeSet blocked_types_;

   // True if identifiability study is enabled. If this field is false, then none
   // of the other values are applicable.
   const bool enabled_ = false;
 };

 #endif  // CHROME_COMMON_PRIVACY_BUDGET_PRIVACY_BUDGET_SETTINGS_PROVIDER_H_
	// Copyright 2020 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CHROME_COMMON_PRIVACY_BUDGET_PRIVACY_BUDGET_SETTINGS_PROVIDER_H_
	#define CHROME_COMMON_PRIVACY_BUDGET_PRIVACY_BUDGET_SETTINGS_PROVIDER_H_

	#include "chrome/common/privacy_budget/types.h"
	#include "third_party/blink/public/common/privacy_budget/identifiability_study_settings_provider.h"
	#include "third_party/blink/public/common/privacy_budget/identifiable_surface.h"

	// A IdentifiabilityStudySettingsProvider that's based on the identifiability
	// study feature flags and field trial configuration.
	//
	// These features and field trial parameters are found in
	// privacy_budget_features.h.
	//
	// In the browser process these settings are used to filter out metrics that
	// should be excluded from the study. In the renderer they are used to prevent
	// certain surfaces from being sampled at all.
	//
	// Note: The ONLY parameters that should be exposed to the renderer are those
	// that are shared across a large number of clients since it is possible to
	// indirectly observe the set of surfaces that are sampled. Thus the set of
	// sampled surfaces itself could become an identifier.
	//
	// Renderer-exposed controls are meant to act as a granular kill switches in
	// cases where the act of sampling itself has unforeseen adverse side-effects.
	// Filtering done in the browser are privacy controls and cannot address
	// issues arising at the point of sampling.
	class PrivacyBudgetSettingsProvider final
	: public blink::IdentifiabilityStudySettingsProvider {
	public:
	PrivacyBudgetSettingsProvider();
	PrivacyBudgetSettingsProvider(const PrivacyBudgetSettingsProvider&);
	PrivacyBudgetSettingsProvider(PrivacyBudgetSettingsProvider&&);
	~PrivacyBudgetSettingsProvider() override;

	bool operator=(const PrivacyBudgetSettingsProvider&) const = delete;
	bool operator=(const PrivacyBudgetSettingsProvider&&) const = delete;

	// blink::IdentifiabilityStudySettingsProvider
	bool IsActive() const override;
	bool IsAnyTypeOrSurfaceBlocked() const override;
	bool IsSurfaceAllowed(blink::IdentifiableSurface surface) const override;
	bool IsTypeAllowed(blink::IdentifiableSurface::Type type) const override;

	private:
	// Set of identifiable surfaces for which we will NOT collect metrics. This
	// list is server controlled.
	const IdentifiableSurfaceSet blocked_surfaces_;

	// Set of identifiable surface types for which we will NOT collect metrics.
	// This list is server controlled.
	const IdentifiableSurfaceTypeSet blocked_types_;

	// True if identifiability study is enabled. If this field is false, then none
	// of the other values are applicable.
	const bool enabled_ = false;
	};

	#endif // CHROME_COMMON_PRIVACY_BUDGET_PRIVACY_BUDGET_SETTINGS_PROVIDER_H_