chrome/browser/ash/policy/dlp/dlp_rules_manager.h - chromium/src - Git at Google

 // Copyright 2020 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef CHROME_BROWSER_ASH_POLICY_DLP_DLP_RULES_MANAGER_H_
 #define CHROME_BROWSER_ASH_POLICY_DLP_DLP_RULES_MANAGER_H_

 #include <string>

 #include "components/keyed_service/core/keyed_service.h"

 class GURL;

 namespace policy {

 class DlpReportingManager;

 // DlpRulesManager parses the rules set by DataLeakPreventionRulesList policy
 // and serves as an available service which can be queried anytime about the
 // restrictions set by the policy.
 class DlpRulesManager : public KeyedService {
  public:
   // A restriction that can be set by DataLeakPreventionRulesList policy.
   // These values are persisted to logs. Entries should not be renumbered and
   // numeric values should never be reused.
   // When new entries are added, EnterpriseDlpPolicyRestriction enum in
   // histograms/enums.xml should be updated.
   enum class Restriction {
     kUnknownRestriction = 0,
     kClipboard = 1,      // Restricts sharing the data via clipboard and
                          // drag-n-drop.
     kScreenshot = 2,     // Restricts taking screenshots of confidential screen
                          // content.
                          // TODO(crbug/1145100): Update to include video capture
     kPrinting = 3,       // Restricts printing confidential screen content.
     kPrivacyScreen = 4,  // Enforces the Eprivacy screen when there's
                          // confidential content on the screen.
     kScreenShare = 5,    // Restricts screen sharing of confidential content
                          // through 3P extensions/websites.
     kFiles = 6,          // Restricts file operations, like copying, uploading
                          // or opening in an app.
     kMaxValue = kFiles
   };

   // A representation of destinations to which sharing confidential data is
   // restricted by DataLeakPreventionRulesList policy.
   enum class Component {
     kUnknownComponent,
     kArc,       // ARC++ as a Guest OS.
     kCrostini,  // Crostini as a Guest OS.
     kPluginVm,  // Plugin VM (Parallels/Windows) as a Guest OS.
     kMaxValue = kPluginVm
   };

   // The enforcement level of the restriction set by DataLeakPreventionRulesList
   // policy. Should be listed in the order of increased priority.
   enum class Level {
     kNotSet = 0,  // Restriction level is not set.
     kReport = 1,  // Restriction level to only report on every action.
     kWarn = 2,    // Restriction level to warn the user on every action.
     kBlock = 3,   // Restriction level to block the user on every action.
     kAllow = 4,   // Restriction level to allow (no restriction).
     kMaxValue = kAllow
   };

   ~DlpRulesManager() override = default;

   // Returns the enforcement level for `restriction` given that data comes
   // from `source`. ALLOW is returned if there is no matching rule. Requires
   // `restriction` to be one of the following: screenshot, printing,
   // privacy screen, screenshare.
   virtual Level IsRestricted(const GURL& source,
                              Restriction restriction) const = 0;

   // Returns the enforcement level for `restriction` given that data comes
   // from `source` and requested to be shared to `destination`. ALLOW is
   // returned if there is no matching rule. Requires `restriction` to be
   // clipboard or files.
   // If there's a rule matching, `out_source_pattern` and
   // `out_destination_pattern` will be changed to the original rule URL
   // patterns.
   virtual Level IsRestrictedDestination(
       const GURL& source,
       const GURL& destination,
       Restriction restriction,
       std::string* out_source_pattern,
       std::string* out_destination_pattern) const = 0;

   // Returns the enforcement level for `restriction` given that data comes
   // from `source` and requested to be shared to `destination`. ALLOW is
   // returned if there is no matching rule. Requires `restriction` to be
   // clipboard.
   // If there's a rule matching, `out_source_pattern` will be changed to the
   // original rule URL patterns.
   virtual Level IsRestrictedComponent(
       const GURL& source,
       const Component& destination,
       Restriction restriction,
       std::string* out_source_pattern) const = 0;

   // Returns true if the general dlp reporting policy is enabled otherwise
   // false.
   virtual bool IsReportingEnabled() const = 0;

   // Returns the reporting manager that is used to report DLPPolicyEvents to the
   // serverside. Should always return a nullptr if reporting is disabled (see
   // IsReportingEnabled).
   virtual DlpReportingManager* GetReportingManager() const = 0;

   // Returns the URL pattern that `source_url` is matched against. The returned
   // URL pattern should be configured in a policy rule with the same
   // `restriction` and `level`.
   virtual std::string GetSourceUrlPattern(const GURL& source_url,
                                           Restriction restriction,
                                           Level level) const = 0;
 };

 }  // namespace policy

 #endif  // CHROME_BROWSER_ASH_POLICY_DLP_DLP_RULES_MANAGER_H_
	// Copyright 2020 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef CHROME_BROWSER_ASH_POLICY_DLP_DLP_RULES_MANAGER_H_
	#define CHROME_BROWSER_ASH_POLICY_DLP_DLP_RULES_MANAGER_H_

	#include <string>

	#include "components/keyed_service/core/keyed_service.h"

	class GURL;

	namespace policy {

	class DlpReportingManager;

	// DlpRulesManager parses the rules set by DataLeakPreventionRulesList policy
	// and serves as an available service which can be queried anytime about the
	// restrictions set by the policy.
	class DlpRulesManager : public KeyedService {
	public:
	// A restriction that can be set by DataLeakPreventionRulesList policy.
	// These values are persisted to logs. Entries should not be renumbered and
	// numeric values should never be reused.
	// When new entries are added, EnterpriseDlpPolicyRestriction enum in
	// histograms/enums.xml should be updated.
	enum class Restriction {
	kUnknownRestriction = 0,
	kClipboard = 1, // Restricts sharing the data via clipboard and
	// drag-n-drop.
	kScreenshot = 2, // Restricts taking screenshots of confidential screen
	// content.
	// TODO(crbug/1145100): Update to include video capture
	kPrinting = 3, // Restricts printing confidential screen content.
	kPrivacyScreen = 4, // Enforces the Eprivacy screen when there's
	// confidential content on the screen.
	kScreenShare = 5, // Restricts screen sharing of confidential content
	// through 3P extensions/websites.
	kFiles = 6, // Restricts file operations, like copying, uploading
	// or opening in an app.
	kMaxValue = kFiles
	};

	// A representation of destinations to which sharing confidential data is
	// restricted by DataLeakPreventionRulesList policy.
	enum class Component {
	kUnknownComponent,
	kArc, // ARC++ as a Guest OS.
	kCrostini, // Crostini as a Guest OS.
	kPluginVm, // Plugin VM (Parallels/Windows) as a Guest OS.
	kMaxValue = kPluginVm
	};

	// The enforcement level of the restriction set by DataLeakPreventionRulesList
	// policy. Should be listed in the order of increased priority.
	enum class Level {
	kNotSet = 0, // Restriction level is not set.
	kReport = 1, // Restriction level to only report on every action.
	kWarn = 2, // Restriction level to warn the user on every action.
	kBlock = 3, // Restriction level to block the user on every action.
	kAllow = 4, // Restriction level to allow (no restriction).
	kMaxValue = kAllow
	};

	~DlpRulesManager() override = default;

	// Returns the enforcement level for `restriction` given that data comes
	// from `source`. ALLOW is returned if there is no matching rule. Requires
	// `restriction` to be one of the following: screenshot, printing,
	// privacy screen, screenshare.
	virtual Level IsRestricted(const GURL& source,
	Restriction restriction) const = 0;

	// Returns the enforcement level for `restriction` given that data comes
	// from `source` and requested to be shared to `destination`. ALLOW is
	// returned if there is no matching rule. Requires `restriction` to be
	// clipboard or files.
	// If there's a rule matching, `out_source_pattern` and
	// `out_destination_pattern` will be changed to the original rule URL
	// patterns.
	virtual Level IsRestrictedDestination(
	const GURL& source,
	const GURL& destination,
	Restriction restriction,
	std::string* out_source_pattern,
	std::string* out_destination_pattern) const = 0;

	// Returns the enforcement level for `restriction` given that data comes
	// from `source` and requested to be shared to `destination`. ALLOW is
	// returned if there is no matching rule. Requires `restriction` to be
	// clipboard.
	// If there's a rule matching, `out_source_pattern` will be changed to the
	// original rule URL patterns.
	virtual Level IsRestrictedComponent(
	const GURL& source,
	const Component& destination,
	Restriction restriction,
	std::string* out_source_pattern) const = 0;

	// Returns true if the general dlp reporting policy is enabled otherwise
	// false.
	virtual bool IsReportingEnabled() const = 0;

	// Returns the reporting manager that is used to report DLPPolicyEvents to the
	// serverside. Should always return a nullptr if reporting is disabled (see
	// IsReportingEnabled).
	virtual DlpReportingManager* GetReportingManager() const = 0;

	// Returns the URL pattern that `source_url` is matched against. The returned
	// URL pattern should be configured in a policy rule with the same
	// `restriction` and `level`.
	virtual std::string GetSourceUrlPattern(const GURL& source_url,
	Restriction restriction,
	Level level) const = 0;
	};

	} // namespace policy

	#endif // CHROME_BROWSER_ASH_POLICY_DLP_DLP_RULES_MANAGER_H_