components/metrics/entropy_state.h - chromium/src - Git at Google

 // Copyright 2020 The Chromium Authors
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef COMPONENTS_METRICS_ENTROPY_STATE_H_
 #define COMPONENTS_METRICS_ENTROPY_STATE_H_

 #include <string>

 #include "base/gtest_prod_util.h"
 #include "base/memory/raw_ptr.h"
 #include "components/prefs/pref_registry_simple.h"

 class PrefService;

 namespace metrics {

 // A class to get entropy source values from the PrefService.
 class EntropyState final {
  public:
   // Creates the EntropyState with the given |local_state| to get
   // the entropy source value from this helper class.
   explicit EntropyState(PrefService* local_state);

   EntropyState(const EntropyState&) = delete;
   EntropyState& operator=(const EntropyState&) = delete;

   // Clears low_entropy_source and old_low_entropy_source in the prefs.
   static void ClearPrefs(PrefService* local_state);

   // Registers low_entropy_source and old_low_entropy_source in the prefs.
   static void RegisterPrefs(PrefRegistrySimple* registry);

 #if BUILDFLAG(IS_CHROMEOS_LACROS)
   // Overriding the entropy source preferences with new values as given by
   // Ash upon initialization, before the MetricsService gets created.
   // |limited_entropy_randomization_source| will only be overridden if it's
   // valid. See IsValidLimitedEntropyRandomizationSource().
   static void SetExternalPrefs(
       PrefService* local_state,
       int low_entropy_source,
       int old_low_entropy_source,
       int pseudo_low_entropy_source,
       std::string_view limited_entropy_randomization_source);
 #endif

   // Returns the high entropy source for this client, which is composed of a
   // client ID and the low entropy source. This is intended to be unique for
   // each install. |initial_client_id| is the client_id that was used to
   // randomize field trials and must not be empty.
   std::string GetHighEntropySource(const std::string& initial_client_id);

   // Returns the low entropy source that is used to randomize field trials on
   // startup for this client. Generates a new value if there is none. See the
   // |low_entropy_source_| comment for more info.
   int GetLowEntropySource();

   // Returns the pseudo low entropy source for this client. Generates a new
   // value if there is none. See the |pseudo_low_entropy_source_| comment
   // for more info.
   int GetPseudoLowEntropySource();

   // Returns the old low entropy source for this client. Does not generate a new
   // value, but instead returns |kLowEntropySourceNotSet|, if there is none. See
   // the |old_low_entropy_source_| comment for more info.
   int GetOldLowEntropySource();

   // Returns the limited entropy randomization source that is used to randomize
   // field trials in a limited entropy layer. Generates a new value if there is
   // none. See the |limited_entropy_randomization_source_| comment for more
   // info.
   std::string_view GetLimitedEntropyRandomizationSource();

   // The argument used to generate a non-identifying entropy source. We want no
   // more than 13 bits of entropy, so use this max to return a number in the
   // range [0, 7999] as the entropy source (12.97 bits of entropy).
   //
   // The value should be kept consistent with
   // LowEntropySource.MAX_LOW_ENTROPY_SIZE in Java.
   static constexpr int kMaxLowEntropySize = 8000;

  private:
   FRIEND_TEST_ALL_PREFIXES(EntropyStateTest, LowEntropySourceNotReset);
   FRIEND_TEST_ALL_PREFIXES(EntropyStateTest, PseudoLowEntropySourceNotReset);
   FRIEND_TEST_ALL_PREFIXES(EntropyStateTest, HaveNoLowEntropySource);
   FRIEND_TEST_ALL_PREFIXES(EntropyStateTest, HaveOnlyNewLowEntropySource);
   FRIEND_TEST_ALL_PREFIXES(EntropyStateTest, HaveOnlyOldLowEntropySource);
   FRIEND_TEST_ALL_PREFIXES(EntropyStateTest, CorruptNewLowEntropySources);
   FRIEND_TEST_ALL_PREFIXES(EntropyStateTest, CorruptOldLowEntropySources);
   FRIEND_TEST_ALL_PREFIXES(EntropyStateTest,
                            ValidLimitedEntropyRandomizationSource);
   FRIEND_TEST_ALL_PREFIXES(EntropyStateTest,
                            InvalidLimitedEntropyRandomizationSource);

   // Default value for prefs::kMetricsLowEntropySource.
   static constexpr int kLowEntropySourceNotSet = -1;

   // Loads the low entropy source values from prefs. Creates the new source
   // value if it doesn't exist, but doesn't create the old source value. After
   // this function finishes, |low_entropy_source_| will be set, but
   // |old_low_entropy_source_| may still be |kLowEntropySourceNotSet|.
   void UpdateLowEntropySources();

   // Returns the limited entropy randomization source value if one is already
   // set. Otherwise, attempts to generate a new one either when there isn't a
   // previously set one stored in prefs, or when the command line flag
   // --reset-variation-state is set. In both cases, the newly generated value
   // will be set and stored stored in prefs before returning.
   void UpdateLimitedEntropyRandomizationSource();

   // Checks whether a value is on the range of allowed low entropy source
   // values.
   static bool IsValidLowEntropySource(int value);

   // Checks whether the given value is a valid limited entropy randomization
   // source.
   static bool IsValidLimitedEntropyRandomizationSource(std::string_view value);

   // Generates a new limited entropy randomization source.
   std::string GenerateLimitedEntropyRandomizationSource();

   // The local state prefs store.
   const raw_ptr<PrefService> local_state_;

   // The non-identifying low entropy source values. These values seed the
   // pseudorandom generators which pick experimental groups. The "old" value is
   // thought to be biased in the wild, and is no longer used for experiments
   // requiring low entropy. Clients which already have an "old" value continue
   // incorporating it into the high entropy source, to avoid changing those
   // group assignments. New clients only have the new source.
   //
   // The pseudo-low entropy source is not used for experiment diversion, but
   // only for statistical validation. (Since it's not used for experiment
   // diversion, it won't be subject to drift over time as experiment effects
   // accumulate in actual low entropy source buckets.)
   //
   // During startup these are set to the values used for randomizing field
   // trials and won't be changed within the session even after calling
   // |ClearPrefs|.
   int low_entropy_source_ = kLowEntropySourceNotSet;
   int old_low_entropy_source_ = kLowEntropySourceNotSet;
   int pseudo_low_entropy_source_ = kLowEntropySourceNotSet;

   // This value is used to seed the randomization for field trials in the
   // limited entropy layer. During startup this value is set to one that's
   // previously set. If a previously set value is not available, it will
   // generate a new one. See more in the comments of
   // |UpdateLimitedEntropyRandomizationSource|.
   //
   // Similar to the |low_entropy_source_| above, this value won't be changed
   // within the session, even after calling |ClearPrefs|.
   std::string limited_entropy_randomization_source_;
 };

 }  // namespace metrics

 #endif  // COMPONENTS_METRICS_ENTROPY_STATE_H_
	// Copyright 2020 The Chromium Authors
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef COMPONENTS_METRICS_ENTROPY_STATE_H_
	#define COMPONENTS_METRICS_ENTROPY_STATE_H_

	#include <string>

	#include "base/gtest_prod_util.h"
	#include "base/memory/raw_ptr.h"
	#include "components/prefs/pref_registry_simple.h"

	class PrefService;

	namespace metrics {

	// A class to get entropy source values from the PrefService.
	class EntropyState final {
	public:
	// Creates the EntropyState with the given \|local_state\| to get
	// the entropy source value from this helper class.
	explicit EntropyState(PrefService* local_state);

	EntropyState(const EntropyState&) = delete;
	EntropyState& operator=(const EntropyState&) = delete;

	// Clears low_entropy_source and old_low_entropy_source in the prefs.
	static void ClearPrefs(PrefService* local_state);

	// Registers low_entropy_source and old_low_entropy_source in the prefs.
	static void RegisterPrefs(PrefRegistrySimple* registry);

	#if BUILDFLAG(IS_CHROMEOS_LACROS)
	// Overriding the entropy source preferences with new values as given by
	// Ash upon initialization, before the MetricsService gets created.
	// \|limited_entropy_randomization_source\| will only be overridden if it's
	// valid. See IsValidLimitedEntropyRandomizationSource().
	static void SetExternalPrefs(
	PrefService* local_state,
	int low_entropy_source,
	int old_low_entropy_source,
	int pseudo_low_entropy_source,
	std::string_view limited_entropy_randomization_source);
	#endif

	// Returns the high entropy source for this client, which is composed of a
	// client ID and the low entropy source. This is intended to be unique for
	// each install. \|initial_client_id\| is the client_id that was used to
	// randomize field trials and must not be empty.
	std::string GetHighEntropySource(const std::string& initial_client_id);

	// Returns the low entropy source that is used to randomize field trials on
	// startup for this client. Generates a new value if there is none. See the
	// \|low_entropy_source_\| comment for more info.
	int GetLowEntropySource();

	// Returns the pseudo low entropy source for this client. Generates a new
	// value if there is none. See the \|pseudo_low_entropy_source_\| comment
	// for more info.
	int GetPseudoLowEntropySource();

	// Returns the old low entropy source for this client. Does not generate a new
	// value, but instead returns \|kLowEntropySourceNotSet\|, if there is none. See
	// the \|old_low_entropy_source_\| comment for more info.
	int GetOldLowEntropySource();

	// Returns the limited entropy randomization source that is used to randomize
	// field trials in a limited entropy layer. Generates a new value if there is
	// none. See the \|limited_entropy_randomization_source_\| comment for more
	// info.
	std::string_view GetLimitedEntropyRandomizationSource();

	// The argument used to generate a non-identifying entropy source. We want no
	// more than 13 bits of entropy, so use this max to return a number in the
	// range [0, 7999] as the entropy source (12.97 bits of entropy).
	//
	// The value should be kept consistent with
	// LowEntropySource.MAX_LOW_ENTROPY_SIZE in Java.
	static constexpr int kMaxLowEntropySize = 8000;

	private:
	FRIEND_TEST_ALL_PREFIXES(EntropyStateTest, LowEntropySourceNotReset);
	FRIEND_TEST_ALL_PREFIXES(EntropyStateTest, PseudoLowEntropySourceNotReset);
	FRIEND_TEST_ALL_PREFIXES(EntropyStateTest, HaveNoLowEntropySource);
	FRIEND_TEST_ALL_PREFIXES(EntropyStateTest, HaveOnlyNewLowEntropySource);
	FRIEND_TEST_ALL_PREFIXES(EntropyStateTest, HaveOnlyOldLowEntropySource);
	FRIEND_TEST_ALL_PREFIXES(EntropyStateTest, CorruptNewLowEntropySources);
	FRIEND_TEST_ALL_PREFIXES(EntropyStateTest, CorruptOldLowEntropySources);
	FRIEND_TEST_ALL_PREFIXES(EntropyStateTest,
	ValidLimitedEntropyRandomizationSource);
	FRIEND_TEST_ALL_PREFIXES(EntropyStateTest,
	InvalidLimitedEntropyRandomizationSource);

	// Default value for prefs::kMetricsLowEntropySource.
	static constexpr int kLowEntropySourceNotSet = -1;

	// Loads the low entropy source values from prefs. Creates the new source
	// value if it doesn't exist, but doesn't create the old source value. After
	// this function finishes, \|low_entropy_source_\| will be set, but
	// \|old_low_entropy_source_\| may still be \|kLowEntropySourceNotSet\|.
	void UpdateLowEntropySources();

	// Returns the limited entropy randomization source value if one is already
	// set. Otherwise, attempts to generate a new one either when there isn't a
	// previously set one stored in prefs, or when the command line flag
	// --reset-variation-state is set. In both cases, the newly generated value
	// will be set and stored stored in prefs before returning.
	void UpdateLimitedEntropyRandomizationSource();

	// Checks whether a value is on the range of allowed low entropy source
	// values.
	static bool IsValidLowEntropySource(int value);

	// Checks whether the given value is a valid limited entropy randomization
	// source.
	static bool IsValidLimitedEntropyRandomizationSource(std::string_view value);

	// Generates a new limited entropy randomization source.
	std::string GenerateLimitedEntropyRandomizationSource();

	// The local state prefs store.
	const raw_ptr<PrefService> local_state_;

	// The non-identifying low entropy source values. These values seed the
	// pseudorandom generators which pick experimental groups. The "old" value is
	// thought to be biased in the wild, and is no longer used for experiments
	// requiring low entropy. Clients which already have an "old" value continue
	// incorporating it into the high entropy source, to avoid changing those
	// group assignments. New clients only have the new source.
	//
	// The pseudo-low entropy source is not used for experiment diversion, but
	// only for statistical validation. (Since it's not used for experiment
	// diversion, it won't be subject to drift over time as experiment effects
	// accumulate in actual low entropy source buckets.)
	//
	// During startup these are set to the values used for randomizing field
	// trials and won't be changed within the session even after calling
	// \|ClearPrefs\|.
	int low_entropy_source_ = kLowEntropySourceNotSet;
	int old_low_entropy_source_ = kLowEntropySourceNotSet;
	int pseudo_low_entropy_source_ = kLowEntropySourceNotSet;

	// This value is used to seed the randomization for field trials in the
	// limited entropy layer. During startup this value is set to one that's
	// previously set. If a previously set value is not available, it will
	// generate a new one. See more in the comments of
	// \|UpdateLimitedEntropyRandomizationSource\|.
	//
	// Similar to the \|low_entropy_source_\| above, this value won't be changed
	// within the session, even after calling \|ClearPrefs\|.
	std::string limited_entropy_randomization_source_;
	};

	} // namespace metrics

	#endif // COMPONENTS_METRICS_ENTROPY_STATE_H_