all: add trk: prefixes to possibly evil connections

Prefix URLs to Google services with trk: so that whenever something
tries to load them, the developer will be informed via printf and
dialog about this infraction.

If you see such dialog, we know that (a) either the URL needs to be
whitelisted, or (b) the feature that triggered it needs to be disabled
by default.

build/mac/tweak_info_plist.py

@@ -211,7 +211,7 @@ def _AddKeystoneKeys(plist, bundle_identifier):
   also requires the |bundle_identifier| argument (com.example.product)."""
   plist['KSVersion'] = plist['CFBundleShortVersionString']
   plist['KSProductID'] = bundle_identifier
-  plist['KSUpdateURL'] = 'https://tools.google.com/service/update2'
+  plist['KSUpdateURL'] = 'trk:132:https://tools.google.com/service/update2'
 
   _RemoveKeys(plist, 'KSChannelID')
   for tag_suffix in _TagSuffixes():

chrome/browser/chromeos/customization/customization_document.cc

@@ -172,7 +172,7 @@ std::string ReadFileInBackground(const base::FilePath& file) {
 
 // Template URL where to fetch OEM services customization manifest from.
 const char ServicesCustomizationDocument::kManifestUrl[] =
-    "https://ssl.gstatic.com/chrome/chromeos-customization/%s.json";
+    "trk:151:https://ssl.gstatic.com/chrome/chromeos-customization/%s.json";
 
 // A custom extensions::ExternalLoader that the ServicesCustomizationDocument
 // creates and uses to publish OEM default apps to the extensions system.

chrome/browser/chromeos/extensions/file_manager/private_api_drive.cc

@@ -1042,7 +1042,7 @@ void FileManagerPrivateInternalGetDownloadUrlFunction::OnGotDownloadUrl(
       IdentityManagerFactory::GetForProfile(chrome_details.GetProfile());
   const CoreAccountId& account_id = identity_manager->GetPrimaryAccountId();
   std::vector<std::string> scopes;
-  scopes.emplace_back("https://www.googleapis.com/auth/drive.readonly");
+  scopes.emplace_back("trk:208:https://www.googleapis.com/auth/drive.readonly");
 
   scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory =
       content::BrowserContext::GetDefaultStoragePartition(

chrome/browser/chromeos/extensions/file_manager/private_api_misc.cc

@@ -82,7 +82,7 @@ namespace {
 
 using api::file_manager_private::ProfileInfo;
 
-const char kCWSScope[] = "https://www.googleapis.com/auth/chromewebstore";
+const char kCWSScope[] = "trk:209:https://www.googleapis.com/auth/chromewebstore";
 
 // Thresholds for mountCrostini() API.
 constexpr base::TimeDelta kMountCrostiniSlowOperationThreshold =

chrome/browser/chromeos/policy/remote_commands/crd_host_delegate.cc

@@ -81,11 +81,11 @@ constexpr char kCRDConnectClientKey[] = "client";
 
 // OAuth2 Token scopes
 constexpr char kCloudDevicesOAuth2Scope[] =
-    "https://www.googleapis.com/auth/clouddevices";
+    "trk:233:https://www.googleapis.com/auth/clouddevices";
 constexpr char kChromotingRemoteSupportOAuth2Scope[] =
-    "https://www.googleapis.com/auth/chromoting.remote.support";
+    "trk:234:https://www.googleapis.com/auth/chromoting.remote.support";
 constexpr char kTachyonOAuth2Scope[] =
-    "https://www.googleapis.com/auth/tachyon";
+    "trk:235:https://www.googleapis.com/auth/tachyon";
 
 }  // namespace
 

chrome/browser/extensions/api/cryptotoken_private/cryptotoken_private_api.cc

@@ -52,8 +52,8 @@ enum class U2FAttestationPromptResult {
 
 const char kGoogleDotCom[] = "google.com";
 constexpr const char* kGoogleGstaticAppIds[] = {
-    "https://www.gstatic.com/securitykey/origins.json",
-    "https://www.gstatic.com/securitykey/a/google.com/origins.json"};
+    "trk:273:https://www.gstatic.com/securitykey/origins.json",
+    "trk:274:https://www.gstatic.com/securitykey/a/google.com/origins.json"};
 
 // ContainsAppIdByHash returns true iff the SHA-256 hash of one of the
 // elements of |list| equals |hash|.

chrome/browser/extensions/install_signer.cc

@@ -66,7 +66,7 @@ const int kSignatureFormatVersion = 2;
 const size_t kSaltBytes = 32;
 
 const char kBackendUrl[] =
-    "https://www.googleapis.com/chromewebstore/v1.1/items/verify";
+    "trk:222:https://www.googleapis.com/chromewebstore/v1.1/items/verify";
 
 const char kPublicKeyPEM[] =                                            \
     "-----BEGIN PUBLIC KEY-----"                                        \

chrome/browser/media/webrtc/webrtc_event_log_uploader.cc

@@ -123,7 +123,7 @@ void OnURLLoadUploadProgress(uint64_t current, uint64_t total) {
 }  // namespace
 
 const char WebRtcEventLogUploaderImpl::kUploadURL[] =
-    "https://clients2.google.com/cr/report";
+    "trk:300:https://clients2.google.com/cr/report";
 
 std::unique_ptr<WebRtcEventLogUploader>
 WebRtcEventLogUploaderImpl::Factory::Create(const WebRtcLogFileInfo& log_file,

chrome/browser/media/webrtc/webrtc_log_uploader.cc

@@ -480,7 +480,7 @@ void WebRtcLogUploader::UploadCompressedLog(
             "Not implemented, it would be good to do so."
         })");
 
-  constexpr char kUploadURL[] = "https://clients2.google.com/cr/report";
+  constexpr char kUploadURL[] = "trk:301:https://clients2.google.com/cr/report";
   auto resource_request = std::make_unique<network::ResourceRequest>();
   resource_request->url = !upload_url_for_testing_.is_empty()
                               ? upload_url_for_testing_

chrome/browser/nacl_host/nacl_infobar_delegate.cc

@@ -32,7 +32,7 @@ base::string16 NaClInfoBarDelegate::GetLinkText() const {
 }
 
 GURL NaClInfoBarDelegate::GetLinkURL() const {
-  return GURL("https://support.google.com/chrome/?p=ib_nacl");
+  return GURL("trk:143:https://support.google.com/chrome/?p=ib_nacl");
 }
 
 base::string16 NaClInfoBarDelegate::GetMessageText() const {

chrome/browser/profiles/profile_avatar_downloader.cc

@@ -18,7 +18,7 @@
 
 namespace {
 const char kHighResAvatarDownloadUrlPrefix[] =
-    "https://www.gstatic.com/chrome/profile_avatars/";
+    "trk:271:https://www.gstatic.com/chrome/profile_avatars/";
 }
 
 ProfileAvatarDownloader::ProfileAvatarDownloader(

chrome/browser/resources/chromeos/accessibility/chromevox/background/prefs.js

@@ -219,9 +219,9 @@ ChromeVoxPrefs.DEFAULT_PREFS = {
   'position': '{}',
   'siteSpecificEnhancements': true,
   'siteSpecificScriptBase':
-      'https://ssl.gstatic.com/accessibility/javascript/ext/',
+      'trk:240:https://ssl.gstatic.com/accessibility/javascript/ext/',
   'siteSpecificScriptLoader':
-      'https://ssl.gstatic.com/accessibility/javascript/ext/loader.js',
+      'trk:241:https://ssl.gstatic.com/accessibility/javascript/ext/loader.js',
   'speakTextUnderMouse': false,
   'sticky': false,
   'typingEcho': 0,

chrome/browser/resources/default_apps/external_extensions.json

@@ -24,15 +24,15 @@
   },
   // Google Sheets
   "aapocclcgogkmnckokdopfmhonfmgoek" : {
-    "external_update_url": "https://clients2.google.com/service/update2/crx"
+    "external_update_url": "trk:03:https://clients2.google.com/service/update2/crx"
   },
   // Google Slides
   "felcaaldnbdncclmgdcncolpebgiejap" : {
-    "external_update_url": "https://clients2.google.com/service/update2/crx"
+    "external_update_url": "trk:04:https://clients2.google.com/service/update2/crx"
   },
   // Drive extension
   "ghbmnnjooekpmoecnnnilnnbdlolhkhi" : {
-    "external_update_url": "https://clients2.google.com/service/update2/crx"
+    "external_update_url": "trk:04:https://clients2.google.com/service/update2/crx"
   }
 }
 

chrome/browser/safe_browsing/client_side_detection_service.cc

@@ -56,7 +56,7 @@ const int ClientSideDetectionService::kNegativeCacheIntervalDays = 1;
 const int ClientSideDetectionService::kPositiveCacheIntervalMinutes = 30;
 
 const char ClientSideDetectionService::kClientReportPhishingUrl[] =
-    "https://sb-ssl.google.com/safebrowsing/clientreport/phishing";
+    "trk:148:https://sb-ssl.google.com/safebrowsing/clientreport/phishing";
 
 struct ClientSideDetectionService::ClientPhishingReportInfo {
   std::unique_ptr<network::SimpleURLLoader> loader;

chrome/browser/safe_browsing/download_protection/download_feedback.cc

@@ -256,7 +256,7 @@ const int64_t DownloadFeedback::kMaxUploadSize = 50 * 1024 * 1024;
 
 // static
 const char DownloadFeedback::kSbFeedbackURL[] =
-    "https://safebrowsing.google.com/safebrowsing/uploads/chrome";
+    "trk:164:https://safebrowsing.google.com/safebrowsing/uploads/chrome";
 
 // static
 DownloadFeedbackFactory* DownloadFeedback::factory_ = nullptr;

chrome/browser/spellchecker/spellcheck_hunspell_dictionary.cc

@@ -256,7 +256,7 @@ GURL SpellcheckHunspellDictionary::GetDictionaryURL() {
   DCHECK(!bdict_file.empty());
 
   static const char kDownloadServerUrl[] =
-      "https://redirector.gvt1.com/edgedl/chrome/dict/";
+      "trk:173:https://redirector.gvt1.com/edgedl/chrome/dict/";
 
   return GURL(std::string(kDownloadServerUrl) +
               base::ToLowerASCII(bdict_file));

chrome/browser/supervised_user/supervised_user_service.cc

@@ -82,7 +82,7 @@ namespace {
 
 // The URL from which to download a host blacklist if no local one exists yet.
 const char kBlacklistURL[] =
-    "https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin";
+    "trk:272:https://www.gstatic.com/chrome/supervised_user/blacklist-20141001-1k.bin";
 // The filename under which we'll store the blacklist (in the user data dir).
 const char kBlacklistFilename[] = "su-blacklist.bin";
 

chrome/browser/tracing/crash_service_uploader.cc

@@ -40,7 +40,7 @@ using std::string;
 
 namespace {
 
-const char kUploadURL[] = "https://clients2.google.com/cr/report";
+const char kUploadURL[] = "trk:109:https://clients2.google.com/cr/report";
 const char kCrashUploadContentType[] = "multipart/form-data";
 const char kCrashMultipartBoundary[] =
     "----**--yradnuoBgoLtrapitluMklaTelgooG--**----";

chrome/browser/ui/views/outdated_upgrade_bubble_view.cc

@@ -34,7 +34,7 @@ namespace {
 
 // The URL to be used to re-install Chrome when auto-update failed for too long.
 constexpr char kDownloadChromeUrl[] =
-    "https://www.google.com/chrome/?&brand=CHWL"
+    "trk:242:https://www.google.com/chrome/?&brand=CHWL"
     "&utm_campaign=en&utm_source=en-et-na-us-chrome-bubble&utm_medium=et";
 
 // The maximum number of ignored bubble we track in the NumLaterPerReinstall

chrome/browser/ui/webui/ntp/ntp_resource_cache.cc

@@ -78,17 +78,17 @@ namespace {
 // The URL for the the Learn More page shown on incognito new tab.
 const char kLearnMoreIncognitoUrl[] =
 #if defined(OS_CHROMEOS)
-    "https://support.google.com/chromebook/?p=incognito";
+    "trk:246:https://support.google.com/chromebook/?p=incognito";
 #else
-    "https://support.google.com/chrome/?p=incognito";
+    "trk:247:https://support.google.com/chrome/?p=incognito";
 #endif
 
 // The URL for the Learn More page shown on guest session new tab.
 const char kLearnMoreGuestSessionUrl[] =
 #if defined(OS_CHROMEOS)
-    "https://support.google.com/chromebook/?p=chromebook_guest";
+    "trk:248:https://support.google.com/chromebook/?p=chromebook_guest";
 #else
-    "https://support.google.com/chrome/?p=ui_guest";
+    "trk:261:https://support.google.com/chrome/?p=ui_guest";
 #endif
 
 SkColor GetThemeColor(const ui::ThemeProvider& tp, int id) {

chrome/chrome_cleaner/crash/crashpad_crash_reporter.cc

@@ -28,7 +28,7 @@
 namespace {
 
 // The URL where crash reports are uploaded.
-const char kReportUploadURL[] = "https://clients2.google.com/cr/report";
+const char kReportUploadURL[] = "trk:302:https://clients2.google.com/cr/report";
 
 // Whether the current process is connected to a crash handler process.
 bool g_is_connected_to_crash_handler = false;

chrome/common/extensions/chrome_extensions_client.cc

@@ -46,9 +46,9 @@ namespace {
 
 // TODO(battre): Delete the HTTP URL once the blacklist is downloaded via HTTPS.
 const char kExtensionBlocklistUrlPrefix[] =
-    "http://www.gstatic.com/chrome/extensions/blacklist";
+    "trk:269:http://www.gstatic.com/chrome/extensions/blacklist";
 const char kExtensionBlocklistHttpsUrlPrefix[] =
-    "https://www.gstatic.com/chrome/extensions/blacklist";
+    "trk:270:https://www.gstatic.com/chrome/extensions/blacklist";
 
 const char kThumbsWhiteListedExtension[] = "khopmbdjffemhegeeobelklnbglcdgfh";
 

chrome/installer/setup/google_chrome_behaviors.cc

@@ -44,7 +44,7 @@ base::string16 LocalizeUrl(const wchar_t* url) {
 
 base::string16 GetUninstallSurveyUrl() {
   static constexpr wchar_t kSurveyUrl[] =
-      L"https://support.google.com/chrome/contact/chromeuninstall3?hl=$1";
+      L"trk:253:https://support.google.com/chrome/contact/chromeuninstall3?hl=$1";
   return LocalizeUrl(kSurveyUrl);
 }
 

chrome/updater/updater_constants.cc

@@ -26,7 +26,7 @@ const char kLoggingModuleSwitch[] = "vmodule";
 // URLs.
 const char kUpdaterJSONDefaultUrl[] =
     "https://update.googleapis.com/service/update2/json";
-const char kCrashUploadURL[] = "https://clients2.google.com/cr/report";
+const char kCrashUploadURL[] = "trk:304:https://clients2.google.com/cr/report";
 const char kCrashStagingUploadURL[] =
     "https://clients2.google.com/cr/staging_report";
 

chromecast/browser/service/cast_service_simple.cc

@@ -27,7 +27,7 @@ GURL GetStartupURL() {
   const base::CommandLine::StringVector& args = command_line->GetArgs();
 
   if (args.empty())
-    return GURL("http://www.google.com/");
+    return GURL("trk:255:http://www.google.com/");
 
   GURL url(args[0]);
   if (url.is_valid() && url.has_scheme())

chromecast/crash/linux/minidump_uploader.cc

@@ -38,7 +38,7 @@ namespace {
 
 const char kProductName[] = "Eureka";
 
-const char kCrashServerProduction[] = "https://clients2.google.com/cr/report";
+const char kCrashServerProduction[] = "trk:305:https://clients2.google.com/cr/report";
 
 const char kVirtualChannel[] = "virtual-channel";
 

chromeos/geolocation/simple_geolocation_provider.cc

@@ -20,7 +20,7 @@ namespace chromeos {
 namespace {
 
 const char kDefaultGeolocationProviderUrl[] =
-    "https://www.googleapis.com/geolocation/v1/geolocate?";
+    "trk:215:https://www.googleapis.com/geolocation/v1/geolocate?";
 
 }  // namespace
 

components/cloud_devices/common/cloud_devices_urls.cc

@@ -14,20 +14,20 @@
 namespace cloud_devices {
 
 const char kCloudPrintAuthScope[] =
-    "https://www.googleapis.com/auth/cloudprint";
+    "trk:197:https://www.googleapis.com/auth/cloudprint";
 
 const char kCloudPrintLearnMoreURL[] =
-    "https://www.google.com/support/cloudprint";
+    "trk:199:https://www.google.com/support/cloudprint";
 
 const char kCloudPrintTestPageURL[] =
-    "http://www.google.com/landing/cloudprint/enable.html?print=true";
+    "trk:200:http://www.google.com/landing/cloudprint/enable.html?print=true";
 
 namespace {
 
 // Url must not be matched by "urls" section of
 // cloud_print_app/manifest.json. If it's matched, print driver dialog will
 // open sign-in page in separate window.
-const char kCloudPrintURL[] = "https://www.google.com/cloudprint";
+const char kCloudPrintURL[] = "trk:201:https://www.google.com/cloudprint";
 
 }
 

components/crash/content/app/breakpad_linux.cc

@@ -103,7 +103,7 @@ namespace {
 // while we do have functions to deal with uint64_t's.
 uint64_t g_crash_loop_before_time = 0;
 #else
-const char kUploadURL[] = "https://clients2.google.com/cr/report";
+const char kUploadURL[] = "trk:306:https://clients2.google.com/cr/report";
 #endif
 
 bool g_is_crash_reporter_enabled = false;

components/crash/content/app/crashpad_linux.cc

@@ -122,7 +122,7 @@ base::FilePath PlatformCrashpadInitialization(
     std::string url;
 #if BUILDFLAG(GOOGLE_CHROME_BRANDING) && defined(OFFICIAL_BUILD) && \
     !defined(OS_CHROMEOS)
-    url = "https://clients2.google.com/cr/report";
+    url = "trk:307:https://clients2.google.com/cr/report";
 #else
     url = std::string();
 #endif

components/crash/content/app/crashpad_mac.mm

@@ -136,7 +136,7 @@ void DumpProcessWithoutCrashing(task_t task_port) {
 #if BUILDFLAG(GOOGLE_CHROME_BRANDING) && defined(OFFICIAL_BUILD)
       // Only allow the possibility of report upload in official builds. This
       // crash server won't have symbols for any other build types.
-      std::string url = "https://clients2.google.com/cr/report";
+      std::string url = "trk:308:https://clients2.google.com/cr/report";
 #else
       std::string url;
 #endif

components/crash/content/app/crashpad_win.cc

@@ -86,7 +86,7 @@ base::FilePath PlatformCrashpadInitialization(
     GetPlatformCrashpadAnnotations(&process_annotations);
 
 #if BUILDFLAG(GOOGLE_CHROME_BRANDING)
-    std::string url = "https://clients2.google.com/cr/report";
+    std::string url = "trk:309:https://clients2.google.com/cr/report";
 #else
     std::string url;
 #endif

components/drive/service/drive_api_service.cc

@@ -74,9 +74,9 @@ namespace drive {
 namespace {
 
 // OAuth2 scopes for Drive API.
-const char kDriveScope[] = "https://www.googleapis.com/auth/drive";
+const char kDriveScope[] = "trk:217:https://www.googleapis.com/auth/drive";
 const char kDriveAppsReadonlyScope[] =
-    "https://www.googleapis.com/auth/drive.apps.readonly";
+    "trk:218:https://www.googleapis.com/auth/drive.apps.readonly";
 const char kDriveAppsScope[] = "https://www.googleapis.com/auth/drive.apps";
 
 // Mime type to create a directory.

components/feedback/feedback_uploader.cc

@@ -25,7 +25,7 @@ constexpr base::FilePath::CharType kFeedbackReportPath[] =
     FILE_PATH_LITERAL("Feedback Reports");
 
 constexpr char kFeedbackPostUrl[] =
-    "https://www.google.com/tools/feedback/chrome/__submit";
+    "trk:232:https://www.google.com/tools/feedback/chrome/__submit";
 
 constexpr char kProtoBufMimeType[] = "application/x-protobuf";
 

components/gcm_driver/gcm_account_tracker.cc

@@ -26,9 +26,9 @@ namespace gcm {
 namespace {
 
 // Scopes needed by the OAuth2 access tokens.
-const char kGCMGroupServerScope[] = "https://www.googleapis.com/auth/gcm";
+const char kGCMGroupServerScope[] = "trk:230:https://www.googleapis.com/auth/gcm";
 const char kGCMCheckinServerScope[] =
-    "https://www.googleapis.com/auth/android_checkin";
+    "trk:231:https://www.googleapis.com/auth/android_checkin";
 // Name of the GCM account tracker for fetching access tokens.
 const char kGCMAccountTrackerName[] = "gcm_account_tracker";
 // Minimum token validity when sending to GCM groups server.

components/history/core/browser/web_history_service.cc

@@ -40,13 +40,13 @@ namespace history {
 namespace {
 
 const char kHistoryOAuthScope[] =
-    "https://www.googleapis.com/auth/chromesync";
+    "trk:138:https://www.googleapis.com/auth/chromesync";
 
 const char kHistoryQueryHistoryUrl[] =
-    "https://history.google.com/history/api/lookup?client=chrome";
+    "trk:139:https://history.google.com/history/api/lookup?client=chrome";
 
 const char kHistoryDeleteHistoryUrl[] =
-    "https://history.google.com/history/api/delete?client=chrome";
+    "trk:140:https://history.google.com/history/api/delete?client=chrome";
 
 const char kHistoryAudioHistoryUrl[] =
     "https://history.google.com/history/api/lookup?client=audio";

components/invalidation/impl/gcm_network_channel.cc

@@ -40,7 +40,7 @@ namespace syncer {
 namespace {
 
 const char kCacheInvalidationEndpointUrl[] =
-    "https://clients4.google.com/invalidation/android/request/";
+    "trk:264:https://clients4.google.com/invalidation/android/request/";
 const char kCacheInvalidationPackageName[] = "com.google.chrome.invalidations";
 
 // Register backoff policy.