Respect extension enforcement of ANTI_ABUSE content setting

The ANTI_ABUSE content setting can be controlled through the Extensions
API. The UI of the ANTI_ABUSE settings page should indicate when the
content setting is being enforced by an extension. Also, the Private
State Token (fka Trust Token) blocking mechanism should be triggered
when an extension sets the ANTI_ABUSE content setting.

Bug: 1418746
Change-Id: If46d5a722a7d1487ad0274ee7693c8dd8c7dc3bd
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4284902
Commit-Queue: Ryan Kalla <ryankalla@google.com>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Reviewed-by: Demetrios Papadopoulos <dpapad@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1121330}

chrome/browser/net/profile_network_context_service.cc

@@ -1079,6 +1079,7 @@ void ProfileNetworkContextService::OnContentSettingChanged(
       UpdateAllStorageAccessSettings(profile_);
       break;
     case ContentSettingsType::DEFAULT:
+      UpdateAntiAbuseSettings(profile_);
       UpdateCookieSettings(profile_);
       UpdateLegacyCookieSettings(profile_);
       UpdateAllStorageAccessSettings(profile_);

chrome/browser/resources/settings/privacy_page/anti_abuse_page.html

@@ -30,10 +30,12 @@
   }
 </style>
 <settings-toggle-button
+    id="toggleButton"
     pref="{{pref_}}"
     no-set-pref
     label="$i18n{siteSettingsAntiAbuse}"
     sub-label="$i18n{siteSettingsAntiAbuseDescription}"
+    disabled="[[toggleDisabled_]]"
     on-settings-boolean-control-change="onToggleChange_">
 </settings-toggle-button>
 <div class="info-container">

chrome/browser/resources/settings/privacy_page/anti_abuse_page.ts

@@ -14,15 +14,24 @@ import '../controls/settings_toggle_button.js';
 import '../icons.html.js';
 import '../settings_shared.css.js';
 
+import {WebUiListenerMixin} from 'chrome://resources/cr_elements/web_ui_listener_mixin.js';
 import {PolymerElement} from 'chrome://resources/polymer/v3_0/polymer/polymer_bundled.min.js';
 
 import {SettingsToggleButtonElement} from '../controls/settings_toggle_button.js';
 import {ContentSetting, ContentSettingsTypes} from '../site_settings/constants.js';
 import {SiteSettingsMixin} from '../site_settings/site_settings_mixin.js';
+import {ContentSettingProvider} from '../site_settings/site_settings_prefs_browser_proxy.js';
 
 import {getTemplate} from './anti_abuse_page.html.js';
 
-const AntiAbuseElementBase = SiteSettingsMixin(PolymerElement);
+export interface SettingsAntiAbusePageElement {
+  $: {
+    toggleButton: SettingsToggleButtonElement,
+  };
+}
+
+const AntiAbuseElementBase =
+    SiteSettingsMixin(WebUiListenerMixin(PolymerElement));
 
 export class SettingsAntiAbusePageElement extends AntiAbuseElementBase {
   static get is() {
@@ -45,32 +54,82 @@ export class SettingsAntiAbusePageElement extends AntiAbuseElementBase {
           return {type: chrome.settingsPrivate.PrefType.BOOLEAN};
         },
       },
+
+      toggleDisabled_: Boolean,
     };
   }
 
+  static get observers() {
+    return [
+      'onEnforcementChanged_(pref_.enforcement)',
+    ];
+  }
+
   private pref_: chrome.settingsPrivate.PrefObject<boolean>;
+  private toggleDisabled_: boolean;
 
   override ready() {
     super.ready();
 
-    this.initializeToggleValue_();
+    this.addWebUiListener(
+        'contentSettingCategoryChanged',
+        (category: ContentSettingsTypes) => this.onCategoryChanged_(category));
+
+    this.updateToggleValue_();
   }
 
-  private async initializeToggleValue_() {
+  private onCategoryChanged_(category: ContentSettingsTypes) {
+    if (category !== ContentSettingsTypes.ANTI_ABUSE) {
+      return;
+    }
+
+    this.updateToggleValue_();
+  }
+
+  private onEnforcementChanged_(enforcement:
+                                    chrome.settingsPrivate.Enforcement) {
+    this.toggleDisabled_ =
+        enforcement === chrome.settingsPrivate.Enforcement.ENFORCED;
+  }
+
+  private async updateToggleValue_() {
     const defaultValue = await this.browserProxy.getDefaultValueForContentType(
         ContentSettingsTypes.ANTI_ABUSE);
+
+    if (defaultValue.source !== undefined &&
+        defaultValue.source !== ContentSettingProvider.PREFERENCE) {
+      this.set(
+          'pref_.enforcement', chrome.settingsPrivate.Enforcement.ENFORCED);
+      let controlledBy = chrome.settingsPrivate.ControlledBy.USER_POLICY;
+      switch (defaultValue.source) {
+        case ContentSettingProvider.POLICY:
+          controlledBy = chrome.settingsPrivate.ControlledBy.DEVICE_POLICY;
+          break;
+        case ContentSettingProvider.SUPERVISED_USER:
+          controlledBy = chrome.settingsPrivate.ControlledBy.PARENT;
+          break;
+        case ContentSettingProvider.EXTENSION:
+          controlledBy = chrome.settingsPrivate.ControlledBy.EXTENSION;
+          break;
+      }
+      this.set('pref_.controlledBy', controlledBy);
+    } else {
+      this.set('pref_.enforcement', null);
+      this.set('pref_.controlledBy', null);
+    }
+
     this.set('pref_.value', this.computeIsSettingEnabled(defaultValue.setting));
   }
 
   /**
    * A handler for changing the default permission value for a the anti-abuse
    * content type.
    */
-  private onToggleChange_(e: Event) {
-    const target = e.target as SettingsToggleButtonElement;
+  private onToggleChange_() {
     this.browserProxy.setDefaultValueForContentType(
         ContentSettingsTypes.ANTI_ABUSE,
-        target.checked ? ContentSetting.ALLOW : ContentSetting.BLOCK);
+        this.$.toggleButton.checked ? ContentSetting.ALLOW :
+                                      ContentSetting.BLOCK);
   }
 }
 

chrome/test/data/webui/settings/BUILD.gn

@@ -17,6 +17,7 @@ build_webui_tests("build") {
     "about_page_tests.ts",
     "advanced_page_test.ts",
     "all_sites_tests.ts",
+    "anti_abuse_page_test.ts",
     "appearance_fonts_page_test.ts",
     "appearance_page_test.ts",
     "autofill_page_test.ts",

chrome/test/data/webui/settings/anti_abuse_page_test.ts

@@ -0,0 +1,131 @@
+// Copyright 2023 The Chromium Authors
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// clang-format off
+import 'chrome://settings/lazy_load.js';
+
+import {ContentSetting, ContentSettingProvider, ContentSettingsTypes, SettingsAntiAbusePageElement, SiteSettingsPrefsBrowserProxyImpl} from 'chrome://settings/lazy_load.js';
+import {assertEquals, assertNotEquals, assertTrue, assertFalse} from 'chrome://webui-test/chai_assert.js';
+import {flushTasks} from 'chrome://webui-test/polymer_test_util.js';
+
+import {TestSiteSettingsPrefsBrowserProxy} from './test_site_settings_prefs_browser_proxy.js';
+import {createContentSettingTypeToValuePair, createSiteSettingsPrefs, SiteSettingsPref} from './test_util.js';
+// clang-format on
+
+/** @fileoverview Suite of tests for settings-anti-abuse-page. */
+suite('SettingsAntiAbusePage', function() {
+  /**
+   * A settings-anti-abuse-page created before each test.
+   */
+  let testElement: SettingsAntiAbusePageElement;
+
+  /**
+   * The mock proxy object to use during test.
+   */
+  let browserProxy: TestSiteSettingsPrefsBrowserProxy;
+
+  // Initialize a settings-anti-abuse-page before each test.
+  setup(function() {
+    browserProxy = new TestSiteSettingsPrefsBrowserProxy();
+    SiteSettingsPrefsBrowserProxyImpl.setInstance(browserProxy);
+    document.body.innerHTML = window.trustedTypes!.emptyHTML;
+    testElement = document.createElement('settings-anti-abuse-page');
+    document.body.appendChild(testElement);
+  });
+
+  /**
+   * @param contentSetting The preference content setting.
+   * @return The created preference object.
+   */
+  function createAntiAbusePref(contentSetting: ContentSetting):
+      SiteSettingsPref {
+    return createSiteSettingsPrefs(
+        [
+          createContentSettingTypeToValuePair(
+              ContentSettingsTypes.ANTI_ABUSE, {setting: contentSetting}),
+        ],
+        []);
+  }
+  /**
+   * Verifies that the widget works as expected for a given |category|,
+   * initial |prefs|, and given expectations.
+   */
+  async function testCategoryEnabled(
+      element: SettingsAntiAbusePageElement,
+      proxy: TestSiteSettingsPrefsBrowserProxy, prefs: SiteSettingsPref,
+      expectedEnabled: boolean) {
+    proxy.reset();
+    proxy.setPrefs(prefs);
+
+    const toggleElement = element.$.toggleButton;
+
+    let category = await proxy.whenCalled('getDefaultValueForContentType');
+    let categoryEnabled = toggleElement.checked;
+    assertEquals(category, ContentSettingsTypes.ANTI_ABUSE);
+    assertEquals(expectedEnabled, categoryEnabled);
+    assertFalse(toggleElement.disabled);
+
+
+    // Click the toggle and verify that the preference value is
+    // updated correctly.
+    proxy.resetResolver('setDefaultValueForContentType');
+    toggleElement.click();
+
+    let setting;
+    [category, setting] =
+        await proxy.whenCalled('setDefaultValueForContentType');
+
+    const oppositeSetting =
+        expectedEnabled ? ContentSetting.BLOCK : ContentSetting.ALLOW;
+    categoryEnabled = toggleElement.checked;
+    assertEquals(category, ContentSettingsTypes.ANTI_ABUSE);
+    assertEquals(oppositeSetting, setting);
+    assertNotEquals(expectedEnabled, categoryEnabled);
+
+    // Click the toggle again and verify that the preference value
+    // is set back to the initial state.
+    proxy.resetResolver('setDefaultValueForContentType');
+    toggleElement.click();
+
+    [category, setting] =
+        await proxy.whenCalled('setDefaultValueForContentType');
+    const initialSetting =
+        expectedEnabled ? ContentSetting.ALLOW : ContentSetting.BLOCK;
+    categoryEnabled = toggleElement.checked;
+    assertEquals(category, ContentSettingsTypes.ANTI_ABUSE);
+    assertEquals(initialSetting, setting);
+    assertEquals(expectedEnabled, categoryEnabled);
+  }
+
+  test('allow anti_abuse disable click triggers update', async function() {
+    const enabledPref = createAntiAbusePref(ContentSetting.ALLOW);
+    await testCategoryEnabled(testElement, browserProxy, enabledPref, true);
+  });
+
+
+  test('toggle is disabled when pref is enforced', async function() {
+    const enforcedPrefs = createSiteSettingsPrefs(
+        [createContentSettingTypeToValuePair(ContentSettingsTypes.ANTI_ABUSE, {
+          setting: ContentSetting.BLOCK,
+          source: ContentSettingProvider.EXTENSION,
+        })],
+        []);
+    browserProxy.reset();
+    browserProxy.setPrefs(enforcedPrefs);
+    const toggleElement = testElement.$.toggleButton;
+
+    await browserProxy.whenCalled('getDefaultValueForContentType');
+    assertFalse(toggleElement.checked);
+    assertTrue(toggleElement.disabled);
+
+    // Stop enforcement.
+    const enabledPref = createAntiAbusePref(ContentSetting.ALLOW);
+    browserProxy.reset();
+    browserProxy.setPrefs(enabledPref);
+
+    await flushTasks();
+    assertTrue(toggleElement.checked);
+    assertFalse(toggleElement.disabled);
+  });
+});

chrome/test/data/webui/settings/cr_settings_browsertest.js

@@ -887,6 +887,7 @@ TEST_F('CrSettingsMenuTest', 'All', function() {
    'SettingsCategoryDefaultRadioGroup',
    'settings_category_default_radio_group_tests.js',
  ],
+ ['AntiAbusePage', 'anti_abuse_page_test.js'],
  ['CategoryDefaultSetting', 'category_default_setting_tests.js'],
  ['CategorySettingExceptions', 'category_setting_exceptions_tests.js'],
  ['Checkbox', 'checkbox_tests.js'],

chrome/test/data/webui/settings/test_util.ts

@@ -119,6 +119,7 @@ export function createSiteSettingsPrefs(
     defaults[ContentSettingsTypes[type as keyof typeof ContentSettingsTypes]] =
         createDefaultContentSetting({});
   }
+  defaults[ContentSettingsTypes.ANTI_ABUSE].setting = ContentSetting.ALLOW;
   defaults[ContentSettingsTypes.COOKIES].setting = ContentSetting.ALLOW;
   defaults[ContentSettingsTypes.IMAGES].setting = ContentSetting.ALLOW;
   defaults[ContentSettingsTypes.JAVASCRIPT].setting = ContentSetting.ALLOW;