Show device policy values in about:policy.

BUG=chromium-os:23385
TEST=Configure device policy, load about:policy and check that the values show up.


Review URL: http://codereview.chromium.org/9425008

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@122757 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 195 insertions, 25 deletions

diff --git a/chrome/app/policy/policy_templates.json b/chrome/app/policy/policy_templates.json
index bea40f1..318324c 100644
--- a/chrome/app/policy/policy_templates.json
+++ b/chrome/app/policy/policy_templates.json
@@ -112,7 +112,7 @@
 #   persistent IDs for all fields (but not for groups!) are needed. These are
 #   specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs,
 #   because doing so would break the deployed wire format!
-#   For your editing convenience: highest ID currently used: 121
+#   For your editing convenience: highest ID currently used: 128
 #
 # Placeholders:
 #   The following placeholder strings are automatically substituted:
@@ -1724,7 +1724,7 @@
 
       Setting this policy overrides the default value of 3 hours. Valid values for this policy are in the range from 1800000 (30 minutes) to 86400000 (1 day). Any values not in this range will be clamped to the respective boundary.
 
-      Leaving this policy not set will make <ph name="PRODUCT_FRAME_NAME">$3<ex>Google Chrome Frame</ex></ph> use the default value of 3 hours.''',
+      Leaving this policy not set will make <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> use the default value of 3 hours.''',
     },
     {
       'name': 'ChromeFrameRendererSettings',
@@ -1959,10 +1959,10 @@
       'features': {'dynamic_refresh': False},
       'example_value': '${user_home}/Chrome Frame',
       'id': 87,
-      'caption': '''Set <ph name="PRODUCT_NAME">$3<ex>Google Chrome Frame</ex></ph> user data directory''',
-      'desc': '''Configures the directory that <ph name="PRODUCT_NAME">$3<ex>Google Chrome Frame</ex></ph> will use for storing user data.
+      'caption': '''Set <ph name="PRODUCT_FRAME_NAME">$3<ex>Google Chrome Frame</ex></ph> user data directory''',
+      'desc': '''Configures the directory that <ph name="PRODUCT_FRAME_NAME">$3<ex>Google Chrome Frame</ex></ph> will use for storing user data.
 
-      If you set this policy, <ph name="PRODUCT_NAME">$3<ex>Google Chrome Frame</ex></ph> will use the provided directory.
+      If you set this policy, <ph name="PRODUCT_FRAME_NAME">$3<ex>Google Chrome Frame</ex></ph> will use the provided directory.
 
       If this setting is left not set the default profile directory will be used.''',
       'label': '''Set user data directory''',
@@ -1980,7 +1980,7 @@
 
       Setting this policy overrides the default value of 3 hours. Valid values for this policy are in the range from 1800000 (30 minutes) to 86400000 (1 day). Any values not in this range will be clamped to the respective boundary.
 
-      Leaving this policy not set will make <ph name="PRODUCT_FRAME_NAME">$3<ex>Google Chrome Frame</ex></ph> use the default value of 3 hours.''',
+      Leaving this policy not set will make <ph name="PRODUCT_OS_NAME">$2<ex>Google Chrome OS</ex></ph> use the default value of 3 hours.''',
     },
     {
       'name': 'ChromeOsReleaseChannel',
@@ -2180,7 +2180,7 @@
       'example_value': '{ "NetworkConfigurations": [ { "GUID": "{4b224dfd-6849-7a63-5e394343244ae9c9}", "Name": "my WiFi", "Type": "WiFi", "WiFi": { "SSID": "my WiFi", "HiddenSSID": false, "Security": "None", "AutoConnect": true } } ] }',
       'id': 107,
       'caption': '''User-level network configuration''',
-      'desc': '''Allows pushing network configuration to be applied per-user to a <ph name="PRODUCT_OS_NAME">$2<ex>Chromium OS</ex></ph> device. The network configuration is a JSON-formatted string as defined by the Open Network Configuration format described at https://sites.google.com/a/chromium.org/dev/chromium-os/chromiumos-design-docs/open-network-configuration''',
+      'desc': '''Allows pushing network configuration to be applied per-user to a <ph name="PRODUCT_OS_NAME">$2<ex>Chromium OS</ex></ph> device. The network configuration is a JSON-formatted string as defined by the Open Network Configuration format described at <ph name="ONC_SPEC_URL">https://sites.google.com/a/chromium.org/dev/chromium-os/chromiumos-design-docs/open-network-configuration</ph>''',
     },
     {
       'name': 'DeviceOpenNetworkConfiguration',
@@ -2192,7 +2192,7 @@
       'example_value': '{ "NetworkConfigurations": [ { "GUID": "{4b224dfd-6849-7a63-5e394343244ae9c9}", "Name": "my WiFi", "Type": "WiFi", "WiFi": { "SSID": "my WiFi", "HiddenSSID": false, "Security": "None", "AutoConnect": true } } ] }',
       'id': 108,
       'caption': '''Device-level network configuration''',
-      'desc': '''Allows pushing network configuration to be applied for all useers of a <ph name="PRODUCT_OS_NAME">$2<ex>Chromium OS</ex></ph> device. The network configuration is a JSON-formatted string as defined by the Open Network Configuration format described at https://sites.google.com/a/chromium.org/dev/chromium-os/chromiumos-design-docs/open-network-configuration''',
+      'desc': '''Allows pushing network configuration to be applied for all useers of a <ph name="PRODUCT_OS_NAME">$2<ex>Chromium OS</ex></ph> device. The network configuration is a JSON-formatted string as defined by the Open Network Configuration format described at <ph name="ONC_SPEC_URL">https://sites.google.com/a/chromium.org/dev/chromium-os/chromiumos-design-docs/open-network-configuration</ph>''',
     },
     {
       'name': 'CloudPrintSubmitEnabled',
@@ -2321,6 +2321,89 @@
 
       If the policy is not set, or set to false, the state of the dev switch will not be reported.''',
     },
+    {
+      'name': 'DeviceUserWhitelist',
+      'type': 'list',
+      'supported_on': ['chrome_os:12-'],
+      'device_only': True,
+      'features': {'dynamic_refresh': True},
+      'example_value': [ 'madmax@managedchrome.com' ],
+      'id': 122,
+      'caption': '''Login user white list''',
+      'desc': '''Defines the list of users that are allowed to login to the device. Entries are of the form <ph name="USER_WHITELIST_ENTRY_FORMAT">user@domain</ph>, such as <ph name="USER_WHITELIST_ENTRY_EXAMPLE">madmax@managedchrome.com</ph>. To allow arbitrary users on a domain, use entries of the form <ph name="USER_WHITELIST_ENTRY_WILDCARD">*@domain</ph>.
+
+      If this policy is not configured, there are no restrictions on the what users are allowed to sign in. Note that creating new users still requires the <ph name="DEVICEALLOWNEWUSERS_POLICY_NAME">DeviceAllowNewUsers</ph> policy to be configured appropriately.''',
+    },
+    {
+      'name': 'DeviceAllowNewUsers',
+      'type': 'main',
+      'supported_on': ['chrome_os:12-'],
+      'device_only': True,
+      'features': {'dynamic_refresh': True},
+      'example_value': True,
+      'id': 123,
+      'caption': '''Allow creation of new user accounts''',
+      'desc': '''Controls whether <ph name="PRODUCT_OS_NAME">$2<ex>Google Chrome OS</ex></ph> allows new user accounts to be created. If this policy is set to false, users that do not have an account already will not be able to login.
+
+      If this policy is set to true or not configured, new user accounts will be allowed to be created provided that <ph name="DEVICEUSERWHITELISTPROTO_POLICY_NAME">DeviceUserWhitelist</ph> does not prevent the user from logging in.''',
+    },
+    {
+      'name': 'DeviceGuestModeEnabled',
+      'type': 'main',
+      'supported_on': ['chrome_os:12-'],
+      'device_only': True,
+      'features': {'dynamic_refresh': True},
+      'example_value': True,
+      'id': 124,
+      'caption': '''Enable guest mode''',
+      'desc': '''If this policy is set to true or not configured, <ph name="PRODUCT_OS_NAME">$2<ex>Google Chrome OS</ex></ph> will enable guest logins. Guest logins are anonymous user sessions and do not require a password.
+
+      If this policy is set to false, <ph name="PRODUCT_OS_NAME">$2<ex>Google Chrome OS</ex></ph> will not allow guest sessions to be started.''',
+    },
+    {
+      'name': 'DeviceShowUserNamesOnSignin',
+      'type': 'main',
+      'supported_on': ['chrome_os:12-'],
+      'device_only': True,
+      'features': {'dynamic_refresh': True},
+      'example_value': True,
+      'id': 125,
+      'caption': '''Show usernames on login screen''',
+      'desc': '''If this policy is set to true or not configured, <ph name="PRODUCT_OS_NAME">$2<ex>Google Chrome OS</ex></ph> will show existing users on the login screen and allow to pick one. If this policy is set to false, <ph name="PRODUCT_OS_NAME">$2<ex>Google Chrome OS</ex></ph> will use the username/password prompt for login.''',
+    },
+    {
+      'name': 'DeviceDataRoamingEnabled',
+      'type': 'main',
+      'supported_on': ['chrome_os:12-'],
+      'device_only': True,
+      'features': {'dynamic_refresh': True},
+      'example_value': True,
+      'id': 126,
+      'caption': '''Enable data roaming''',
+      'desc': '''Determines whether data roaming should be enabled for the device. If set to true, data roaming is allowed. If left unconfigured or set to false, data roaming will be not available.''',
+    },
+    {
+      'name': 'DeviceMetricsReportingEnabled',
+      'type': 'main',
+      'supported_on': ['chrome_os:14-'],
+      'device_only': True,
+      'features': {'dynamic_refresh': True},
+      'example_value': True,
+      'id': 127,
+      'caption': '''Enable metrics reporting''',
+      'desc': '''Controls whether usage metrics are reported back to Google. If set to true, <ph name="PRODUCT_OS_NAME">$2<ex>Google Chrome OS</ex></ph> will report usage metrics. If not configured or set to false, metrics reporting will be disabled.''',
+    },
+    {
+      'name': 'DeviceEphemeralUsersEnabled',
+      'type': 'main',
+      'supported_on': ['chrome_os:19-'],
+      'device_only': True,
+      'features': {'dynamic_refresh': True},
+      'example_value': True,
+      'id': 128,
+      'caption': '''Wipe user data on sign-out''',
+      'desc': '''Determines whether Chrome OS keeps local account data after logout. If set to true, no persistent accounts are kept by <ph name="PRODUCT_OS_NAME">$2<ex>Google Chrome OS</ex></ph> and all data from the user session will be discarded after logout. If this policy is set to false or not configured, the device may keep (encrypted) local user data.''',
+    },
   ],
   'messages': {
     # Messages that are not associated to any policies.
diff --git a/chrome/browser/policy/device_policy_cache.cc b/chrome/browser/policy/device_policy_cache.cc
index 1a4ea93..8c4f296 100644
--- a/chrome/browser/policy/device_policy_cache.cc
+++ b/chrome/browser/policy/device_policy_cache.cc
@@ -28,6 +28,8 @@
 #include "chrome/browser/policy/proto/device_management_local.pb.h"
 #include "policy/policy_constants.h"
 
+using google::protobuf::RepeatedPtrField;
+
 namespace em = enterprise_management;
 
 namespace {
@@ -313,19 +315,42 @@ void DevicePolicyCache::DecodeDevicePolicy(
     const em::ChromeDeviceSettingsProto& policy,
     PolicyMap* policies) {
   if (policy.has_device_policy_refresh_rate()) {
-    const em::DevicePolicyRefreshRateProto container =
-        policy.device_policy_refresh_rate();
+    const em::DevicePolicyRefreshRateProto& container(
+        policy.device_policy_refresh_rate());
     if (container.has_device_policy_refresh_rate()) {
-      policies->Set(key::kDevicePolicyRefreshRate,
-                    POLICY_LEVEL_MANDATORY,
+      policies->Set(key::kDevicePolicyRefreshRate, POLICY_LEVEL_MANDATORY,
                     POLICY_SCOPE_MACHINE,
                     DecodeIntegerValue(container.device_policy_refresh_rate()));
     }
   }
 
+  if (policy.has_user_whitelist()) {
+    const em::UserWhitelistProto& container(policy.user_whitelist());
+    if (container.user_whitelist_size()) {
+      ListValue* whitelist = new ListValue();
+      RepeatedPtrField<std::string>::const_iterator entry;
+      for (entry = container.user_whitelist().begin();
+           entry != container.user_whitelist().end();
+           ++entry) {
+        whitelist->Append(Value::CreateStringValue(*entry));
+      }
+      policies->Set(key::kDeviceUserWhitelist, POLICY_LEVEL_MANDATORY,
+                    POLICY_SCOPE_MACHINE, whitelist);
+    }
+  }
+
+  if (policy.has_guest_mode_enabled()) {
+    const em::GuestModeEnabledProto& container(policy.guest_mode_enabled());
+    if (container.has_guest_mode_enabled()) {
+      policies->Set(key::kDeviceGuestModeEnabled, POLICY_LEVEL_MANDATORY,
+                    POLICY_SCOPE_MACHINE,
+                    Value::CreateBooleanValue(container.guest_mode_enabled()));
+    }
+  }
+
   if (policy.has_device_proxy_settings()) {
-    const em::DeviceProxySettingsProto container =
-        policy.device_proxy_settings();
+    const em::DeviceProxySettingsProto& container(
+        policy.device_proxy_settings());
     scoped_ptr<DictionaryValue> proxy_settings(new DictionaryValue);
     if (container.has_proxy_mode())
       proxy_settings->SetString(key::kProxyMode, container.proxy_mode());
@@ -338,20 +363,53 @@ void DevicePolicyCache::DecodeDevicePolicy(
                                 container.proxy_bypass_list());
     }
     if (!proxy_settings->empty()) {
-      policies->Set(key::kProxySettings,
-                    POLICY_LEVEL_RECOMMENDED,
+      policies->Set(key::kProxySettings, POLICY_LEVEL_RECOMMENDED,
+                    POLICY_SCOPE_MACHINE, proxy_settings.release());
+    }
+  }
+
+  if (policy.has_show_user_names()) {
+    const em::ShowUserNamesOnSigninProto& container(policy.show_user_names());
+    if (container.has_show_user_names()) {
+      policies->Set(key::kDeviceShowUserNamesOnSignin, POLICY_LEVEL_MANDATORY,
+                    POLICY_SCOPE_MACHINE,
+                    Value::CreateBooleanValue(container.show_user_names()));
+    }
+  }
+
+  if (policy.has_data_roaming_enabled()) {
+    const em::DataRoamingEnabledProto& container(policy.data_roaming_enabled());
+    if (container.has_data_roaming_enabled()) {
+      policies->Set(key::kDeviceDataRoamingEnabled, POLICY_LEVEL_MANDATORY,
+                    POLICY_SCOPE_MACHINE,
+                    Value::CreateBooleanValue(
+                        container.data_roaming_enabled()));
+    }
+  }
+
+  if (policy.has_allow_new_users()) {
+    const em::AllowNewUsersProto& container(policy.allow_new_users());
+    if (container.has_allow_new_users()) {
+      policies->Set(key::kDeviceAllowNewUsers, POLICY_LEVEL_MANDATORY,
                     POLICY_SCOPE_MACHINE,
-                    proxy_settings.release());
+                    Value::CreateBooleanValue(container.allow_new_users()));
+    }
+  }
+
+  if (policy.has_metrics_enabled()) {
+    const em::MetricsEnabledProto& container(policy.metrics_enabled());
+    if (container.has_metrics_enabled()) {
+      policies->Set(key::kDeviceMetricsReportingEnabled, POLICY_LEVEL_MANDATORY,
+                    POLICY_SCOPE_MACHINE,
+                    Value::CreateBooleanValue(container.metrics_enabled()));
     }
   }
 
   if (policy.has_release_channel() &&
       policy.release_channel().has_release_channel()) {
     std::string channel(policy.release_channel().release_channel());
-    policies->Set(key::kChromeOsReleaseChannel,
-                  POLICY_LEVEL_MANDATORY,
-                  POLICY_SCOPE_MACHINE,
-                  Value::CreateStringValue(channel));
+    policies->Set(key::kChromeOsReleaseChannel, POLICY_LEVEL_MANDATORY,
+                  POLICY_SCOPE_MACHINE, Value::CreateStringValue(channel));
     // TODO(dubroy): Once http://crosbug.com/17015 is implemented, we won't
     // have to pass the channel in here, only ping the update engine to tell
     // it to fetch the channel from the policy.
@@ -363,10 +421,39 @@ void DevicePolicyCache::DecodeDevicePolicy(
       policy.open_network_configuration().has_open_network_configuration()) {
     std::string config(
         policy.open_network_configuration().open_network_configuration());
-    policies->Set(key::kDeviceOpenNetworkConfiguration,
-                  POLICY_LEVEL_MANDATORY,
-                  POLICY_SCOPE_MACHINE,
-                  Value::CreateStringValue(config));
+    policies->Set(key::kDeviceOpenNetworkConfiguration, POLICY_LEVEL_MANDATORY,
+                  POLICY_SCOPE_MACHINE, Value::CreateStringValue(config));
+  }
+
+  if (policy.has_device_reporting()) {
+    const em::DeviceReportingProto& container(policy.device_reporting());
+    if (container.has_report_version_info()) {
+      policies->Set(key::kReportDeviceVersionInfo, POLICY_LEVEL_MANDATORY,
+                    POLICY_SCOPE_MACHINE,
+                    Value::CreateBooleanValue(container.report_version_info()));
+    }
+    if (container.has_report_activity_times()) {
+      policies->Set(key::kReportDeviceActivityTimes, POLICY_LEVEL_MANDATORY,
+                    POLICY_SCOPE_MACHINE,
+                    Value::CreateBooleanValue(
+                        container.report_activity_times()));
+    }
+    if (container.has_report_boot_mode()) {
+      policies->Set(key::kReportDeviceBootMode, POLICY_LEVEL_MANDATORY,
+                    POLICY_SCOPE_MACHINE,
+                    Value::CreateBooleanValue(container.report_boot_mode()));
+    }
+  }
+
+  if (policy.has_ephemeral_users_enabled()) {
+    const em::EphemeralUsersEnabledProto& container(
+        policy.ephemeral_users_enabled());
+    if (container.has_ephemeral_users_enabled()) {
+      policies->Set(key::kDeviceEphemeralUsersEnabled, POLICY_LEVEL_MANDATORY,
+                    POLICY_SCOPE_MACHINE,
+                    Value::CreateBooleanValue(
+                        container.ephemeral_users_enabled()));
+    }
   }
 }