diff options
| author | pastarmovj@chromium.org <pastarmovj@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-03-14 14:16:54 +0000 |
|---|---|---|
| committer | pastarmovj@chromium.org <pastarmovj@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-03-14 14:16:54 +0000 |
| commit | b647ed2eaab8f34ba9ae19c6472fa5021b0913d4 (patch) | |
| tree | e1bf403f3d8aeb1b344581c02e29c7bdc0d4c588 | |
| parent | d6a5d747415a472f8755af23de94cd42fb20799a (diff) | |
| download | chromium_src-b647ed2eaab8f34ba9ae19c6472fa5021b0913d4.zip chromium_src-b647ed2eaab8f34ba9ae19c6472fa5021b0913d4.tar.gz chromium_src-b647ed2eaab8f34ba9ae19c6472fa5021b0913d4.tar.bz2 | |
Add most new policies to the about:policy list.
Also structured the decoding code a bit.
BUG=chromium-os:27582
TEST=none
Review URL: https://chromiumcodereview.appspot.com/9666003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@126636 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | chrome/app/policy/policy_templates.json | 76 | ||||
| -rw-r--r-- | chrome/browser/policy/device_policy_cache.cc | 220 | ||||
| -rw-r--r-- | chrome/browser/policy/device_policy_cache.h | 17 | ||||
| -rwxr-xr-x | chrome/test/functional/policy_test_cases.py | 4 |
4 files changed, 241 insertions, 76 deletions
diff --git a/chrome/app/policy/policy_templates.json b/chrome/app/policy/policy_templates.json index 5dbdb03..b4d12fb 100644 --- a/chrome/app/policy/policy_templates.json +++ b/chrome/app/policy/policy_templates.json @@ -112,7 +112,7 @@ # persistent IDs for all fields (but not for groups!) are needed. These are # specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs, # because doing so would break the deployed wire format! -# For your editing convenience: highest ID currently used: 129 +# For your editing convenience: highest ID currently used: 133 # # Placeholders: # The following placeholder strings are automatically substituted: @@ -2288,6 +2288,18 @@ If the policy is not set, or is set to false, then record splitting will be used on SSL/TLS connections which use CBC ciphersuites.''', }, { + 'name': 'EnableOnlineRevocationChecks', + 'type': 'main', + 'supported_on': ['chrome.*:19-', 'chrome_os:0.19-'], + 'features': {'dynamic_refresh': True}, + 'example_value': False, + 'id': 129, + 'caption': '''Whether online OCSP/CRL checks are performed''', + 'desc': '''In light of the fact that soft-fail, online revocation checks provide no effective security benefit, they are disabled by default in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> version 19 and later. By setting this policy to true, the previous behaviour is restored and online OCSP/CRL checks will be performed. + + If the policy is not set, or is set to false, then Chrome will not perform online revocation checks in Chrome 19 and later.''', + }, + { 'name': 'ReportDeviceVersionInfo', 'type': 'main', 'supported_on': ['chrome_os:0.18-'], @@ -2410,16 +2422,62 @@ 'desc': '''Determines whether Chrome OS keeps local account data after logout. If set to true, no persistent accounts are kept by <ph name="PRODUCT_OS_NAME">$2<ex>Google Chrome OS</ex></ph> and all data from the user session will be discarded after logout. If this policy is set to false or not configured, the device may keep (encrypted) local user data.''', }, { - 'name': 'EnableOnlineRevocationChecks', - 'type': 'main', - 'supported_on': ['chrome.*:19-', 'chrome_os:0.19-'], + 'name': 'DeviceIdleLogoutTimeout', + 'type': 'int', + 'supported_on': ['chrome_os:19-'], + 'device_only': True, 'features': {'dynamic_refresh': True}, - 'example_value': False, - 'id': 129, - 'caption': '''Whether online OCSP/CRL checks are performed''', - 'desc': '''In light of the fact that soft-fail, online revocation checks provide no effective security benefit, they are disabled by default in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> version 19 and later. By setting this policy to true, the previous behaviour is restored and online OCSP/CRL checks will be performed. + 'example_value': 60000, + 'id': 130, + 'caption': '''Timeout until idle user log-out is executed''', + 'desc': '''This policy is active in retail mode only. - If the policy is not set, or is set to false, then Chrome will not perform online revocation checks in Chrome 19 and later.''', + When the value of this policy is set and is not 0 the currently logged in demo user will be logged out automatically after the specified time. + + The policy value should be specified in milliseconds.''', + }, + { + 'name': 'DeviceIdleLogoutWarningDuration', + 'type': 'int', + 'supported_on': ['chrome_os:19-'], + 'device_only': True, + 'features': {'dynamic_refresh': True}, + 'example_value': 15000, + 'id': 131, + 'caption': '''Duration of the idle log-out warning message''', + 'desc': '''This policy is active in retail mode only. + + When DeviceIdleLogoutTimeout is specified this policy defines the duration of the warning box with a count down timer that is shown to the user before the logout is executed. + + The policy value should be specified in milliseconds.''', + }, + { + 'name': 'DeviceLoginScreenSaverId', + 'type': 'string', + 'supported_on': ['chrome_os:19-'], + 'device_only': True, + 'features': {'dynamic_refresh': True}, + 'example_value': 'fhblcfnmnbehmifidkddcenilbpddlfk', + 'id': 132, + 'caption': '''Screen saver to be used on the sign-in screen in retail mode''', + 'desc': '''This policy is active in retail mode only. + + Determines the id of the extension to be used as a screen saver on the sign-in screen. The extension must be part of the AppPack that is configured for this domain through the AppPacks policy.''', + }, + { + 'name': 'DeviceLoginScreenSaverTimeout', + 'type': 'int', + 'supported_on': ['chrome_os:19-'], + 'device_only': True, + 'features': {'dynamic_refresh': True}, + 'example_value': 120000, + 'id': 133, + 'caption': '''Duration of inactivity before the screen saver is shown on the sign-in screen in retail mode''', + 'desc': '''This policy is active in retail mode only. + + Determines the duration before the screen saver is shown on the sign-in screen for devices in retail mode. + + The policy value should be specified in milliseconds.''', }, ], 'messages': { diff --git a/chrome/browser/policy/device_policy_cache.cc b/chrome/browser/policy/device_policy_cache.cc index 922de4b..4099ccb 100644 --- a/chrome/browser/policy/device_policy_cache.cc +++ b/chrome/browser/policy/device_policy_cache.cc @@ -312,16 +312,36 @@ void DevicePolicyCache::InstallInitialPolicy( } // static -void DevicePolicyCache::DecodeDevicePolicy( +void DevicePolicyCache::DecodeLoginPolicies( const em::ChromeDeviceSettingsProto& policy, PolicyMap* policies) { - if (policy.has_device_policy_refresh_rate()) { - const em::DevicePolicyRefreshRateProto& container( - policy.device_policy_refresh_rate()); - if (container.has_device_policy_refresh_rate()) { - policies->Set(key::kDevicePolicyRefreshRate, POLICY_LEVEL_MANDATORY, + if (policy.has_guest_mode_enabled()) { + const em::GuestModeEnabledProto& container(policy.guest_mode_enabled()); + if (container.has_guest_mode_enabled()) { + policies->Set(key::kDeviceGuestModeEnabled, + POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE, - DecodeIntegerValue(container.device_policy_refresh_rate())); + Value::CreateBooleanValue(container.guest_mode_enabled())); + } + } + + if (policy.has_show_user_names()) { + const em::ShowUserNamesOnSigninProto& container(policy.show_user_names()); + if (container.has_show_user_names()) { + policies->Set(key::kDeviceShowUserNamesOnSignin, + POLICY_LEVEL_MANDATORY, + POLICY_SCOPE_MACHINE, + Value::CreateBooleanValue(container.show_user_names())); + } + } + + if (policy.has_allow_new_users()) { + const em::AllowNewUsersProto& container(policy.allow_new_users()); + if (container.has_allow_new_users()) { + policies->Set(key::kDeviceAllowNewUsers, + POLICY_LEVEL_MANDATORY, + POLICY_SCOPE_MACHINE, + Value::CreateBooleanValue(container.allow_new_users())); } } @@ -335,20 +355,71 @@ void DevicePolicyCache::DecodeDevicePolicy( ++entry) { whitelist->Append(Value::CreateStringValue(*entry)); } - policies->Set(key::kDeviceUserWhitelist, POLICY_LEVEL_MANDATORY, - POLICY_SCOPE_MACHINE, whitelist); + policies->Set(key::kDeviceUserWhitelist, + POLICY_LEVEL_MANDATORY, + POLICY_SCOPE_MACHINE, + whitelist); } } - if (policy.has_guest_mode_enabled()) { - const em::GuestModeEnabledProto& container(policy.guest_mode_enabled()); - if (container.has_guest_mode_enabled()) { - policies->Set(key::kDeviceGuestModeEnabled, POLICY_LEVEL_MANDATORY, + if (policy.has_ephemeral_users_enabled()) { + const em::EphemeralUsersEnabledProto& container( + policy.ephemeral_users_enabled()); + if (container.has_ephemeral_users_enabled()) { + policies->Set(key::kDeviceEphemeralUsersEnabled, + POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE, - Value::CreateBooleanValue(container.guest_mode_enabled())); + Value::CreateBooleanValue( + container.ephemeral_users_enabled())); + } + } +} + +// static +void DevicePolicyCache::DecodeKioskPolicies( + const em::ChromeDeviceSettingsProto& policy, + PolicyMap* policies) { + if (policy.has_forced_logout_timeouts()) { + const em::ForcedLogoutTimeoutsProto& container( + policy.forced_logout_timeouts()); + if (container.has_idle_logout_timeout()) { + policies->Set(key::kDeviceIdleLogoutTimeout, + POLICY_LEVEL_MANDATORY, + POLICY_SCOPE_MACHINE, + DecodeIntegerValue(container.idle_logout_timeout())); + } + if (container.has_idle_logout_warning_duration()) { + policies->Set(key::kDeviceIdleLogoutWarningDuration, + POLICY_LEVEL_MANDATORY, + POLICY_SCOPE_MACHINE, + DecodeIntegerValue( + container.idle_logout_warning_duration())); + } + } + + if (policy.has_login_screen_saver()) { + const em::ScreenSaverProto& container( + policy.login_screen_saver()); + if (container.has_screen_saver_extension_id()) { + policies->Set(key::kDeviceLoginScreenSaverId, + POLICY_LEVEL_MANDATORY, + POLICY_SCOPE_MACHINE, + Value::CreateStringValue( + container.screen_saver_extension_id())); + } + if (container.has_screen_saver_timeout()) { + policies->Set(key::kDeviceLoginScreenSaverTimeout, + POLICY_LEVEL_MANDATORY, + POLICY_SCOPE_MACHINE, + DecodeIntegerValue(container.screen_saver_timeout())); } } +} +// static +void DevicePolicyCache::DecodeNetworkPolicies( + const em::ChromeDeviceSettingsProto& policy, + PolicyMap* policies) { if (policy.has_device_proxy_settings()) { const em::DeviceProxySettingsProto& container( policy.device_proxy_settings()); @@ -364,98 +435,113 @@ void DevicePolicyCache::DecodeDevicePolicy( container.proxy_bypass_list()); } if (!proxy_settings->empty()) { - policies->Set(key::kProxySettings, POLICY_LEVEL_RECOMMENDED, - POLICY_SCOPE_MACHINE, proxy_settings.release()); - } - } - - if (policy.has_show_user_names()) { - const em::ShowUserNamesOnSigninProto& container(policy.show_user_names()); - if (container.has_show_user_names()) { - policies->Set(key::kDeviceShowUserNamesOnSignin, POLICY_LEVEL_MANDATORY, + policies->Set(key::kProxySettings, + POLICY_LEVEL_RECOMMENDED, POLICY_SCOPE_MACHINE, - Value::CreateBooleanValue(container.show_user_names())); + proxy_settings.release()); } } if (policy.has_data_roaming_enabled()) { const em::DataRoamingEnabledProto& container(policy.data_roaming_enabled()); if (container.has_data_roaming_enabled()) { - policies->Set(key::kDeviceDataRoamingEnabled, POLICY_LEVEL_MANDATORY, + policies->Set(key::kDeviceDataRoamingEnabled, + POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE, Value::CreateBooleanValue( container.data_roaming_enabled())); } } - if (policy.has_allow_new_users()) { - const em::AllowNewUsersProto& container(policy.allow_new_users()); - if (container.has_allow_new_users()) { - policies->Set(key::kDeviceAllowNewUsers, POLICY_LEVEL_MANDATORY, - POLICY_SCOPE_MACHINE, - Value::CreateBooleanValue(container.allow_new_users())); - } - } - - if (policy.has_metrics_enabled()) { - const em::MetricsEnabledProto& container(policy.metrics_enabled()); - if (container.has_metrics_enabled()) { - policies->Set(key::kDeviceMetricsReportingEnabled, POLICY_LEVEL_MANDATORY, - POLICY_SCOPE_MACHINE, - Value::CreateBooleanValue(container.metrics_enabled())); - } - } - - if (policy.has_release_channel() && - policy.release_channel().has_release_channel()) { - std::string channel(policy.release_channel().release_channel()); - policies->Set(key::kChromeOsReleaseChannel, POLICY_LEVEL_MANDATORY, - POLICY_SCOPE_MACHINE, Value::CreateStringValue(channel)); - // TODO(dubroy): Once http://crosbug.com/17015 is implemented, we won't - // have to pass the channel in here, only ping the update engine to tell - // it to fetch the channel from the policy. - chromeos::DBusThreadManager::Get()->GetUpdateEngineClient() - ->SetReleaseTrack(channel); - } - if (policy.has_open_network_configuration() && policy.open_network_configuration().has_open_network_configuration()) { std::string config( policy.open_network_configuration().open_network_configuration()); - policies->Set(key::kDeviceOpenNetworkConfiguration, POLICY_LEVEL_MANDATORY, - POLICY_SCOPE_MACHINE, Value::CreateStringValue(config)); + policies->Set(key::kDeviceOpenNetworkConfiguration, + POLICY_LEVEL_MANDATORY, + POLICY_SCOPE_MACHINE, + Value::CreateStringValue(config)); } +} +// static +void DevicePolicyCache::DecodeReportingPolicies( + const em::ChromeDeviceSettingsProto& policy, + PolicyMap* policies) { if (policy.has_device_reporting()) { const em::DeviceReportingProto& container(policy.device_reporting()); if (container.has_report_version_info()) { - policies->Set(key::kReportDeviceVersionInfo, POLICY_LEVEL_MANDATORY, + policies->Set(key::kReportDeviceVersionInfo, + POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE, Value::CreateBooleanValue(container.report_version_info())); } if (container.has_report_activity_times()) { - policies->Set(key::kReportDeviceActivityTimes, POLICY_LEVEL_MANDATORY, + policies->Set(key::kReportDeviceActivityTimes, + POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE, Value::CreateBooleanValue( container.report_activity_times())); } if (container.has_report_boot_mode()) { - policies->Set(key::kReportDeviceBootMode, POLICY_LEVEL_MANDATORY, + policies->Set(key::kReportDeviceBootMode, + POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE, Value::CreateBooleanValue(container.report_boot_mode())); } } +} - if (policy.has_ephemeral_users_enabled()) { - const em::EphemeralUsersEnabledProto& container( - policy.ephemeral_users_enabled()); - if (container.has_ephemeral_users_enabled()) { - policies->Set(key::kDeviceEphemeralUsersEnabled, POLICY_LEVEL_MANDATORY, +// static +void DevicePolicyCache::DecodeGenericPolicies( + const em::ChromeDeviceSettingsProto& policy, + PolicyMap* policies) { + if (policy.has_device_policy_refresh_rate()) { + const em::DevicePolicyRefreshRateProto& container( + policy.device_policy_refresh_rate()); + if (container.has_device_policy_refresh_rate()) { + policies->Set(key::kDevicePolicyRefreshRate, + POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE, - Value::CreateBooleanValue( - container.ephemeral_users_enabled())); + DecodeIntegerValue(container.device_policy_refresh_rate())); + } + } + + if (policy.has_metrics_enabled()) { + const em::MetricsEnabledProto& container(policy.metrics_enabled()); + if (container.has_metrics_enabled()) { + policies->Set(key::kDeviceMetricsReportingEnabled, + POLICY_LEVEL_MANDATORY, + POLICY_SCOPE_MACHINE, + Value::CreateBooleanValue(container.metrics_enabled())); } } + + if (policy.has_release_channel() && + policy.release_channel().has_release_channel()) { + std::string channel(policy.release_channel().release_channel()); + policies->Set(key::kChromeOsReleaseChannel, + POLICY_LEVEL_MANDATORY, + POLICY_SCOPE_MACHINE, + Value::CreateStringValue(channel)); + // TODO(dubroy): Once http://crosbug.com/17015 is implemented, we won't + // have to pass the channel in here, only ping the update engine to tell + // it to fetch the channel from the policy. + chromeos::DBusThreadManager::Get()->GetUpdateEngineClient()-> + SetReleaseTrack(channel); + } +} + +// static +void DevicePolicyCache::DecodeDevicePolicy( + const em::ChromeDeviceSettingsProto& policy, + PolicyMap* policies) { + // Decode the various groups of policies. + DecodeLoginPolicies(policy, policies); + DecodeKioskPolicies(policy, policies); + DecodeNetworkPolicies(policy, policies); + DecodeReportingPolicies(policy, policies); + DecodeGenericPolicies(policy, policies); } } // namespace policy diff --git a/chrome/browser/policy/device_policy_cache.h b/chrome/browser/policy/device_policy_cache.h index 09cebec..21ee8e4 100644 --- a/chrome/browser/policy/device_policy_cache.h +++ b/chrome/browser/policy/device_policy_cache.h @@ -68,6 +68,23 @@ class DevicePolicyCache : public CloudPolicyCacheBase { const enterprise_management::PolicyFetchResponse& policy, std::string* device_token); + // Decode the various groups of policies. + static void DecodeLoginPolicies( + const enterprise_management::ChromeDeviceSettingsProto& policy, + PolicyMap* policies); + static void DecodeKioskPolicies( + const enterprise_management::ChromeDeviceSettingsProto& policy, + PolicyMap* policies); + static void DecodeNetworkPolicies( + const enterprise_management::ChromeDeviceSettingsProto& policy, + PolicyMap* policies); + static void DecodeReportingPolicies( + const enterprise_management::ChromeDeviceSettingsProto& policy, + PolicyMap* policies); + static void DecodeGenericPolicies( + const enterprise_management::ChromeDeviceSettingsProto& policy, + PolicyMap* policies); + static void DecodeDevicePolicy( const enterprise_management::ChromeDeviceSettingsProto& policy, PolicyMap* policies); diff --git a/chrome/test/functional/policy_test_cases.py b/chrome/test/functional/policy_test_cases.py index ba9a06a..bc5eb3a 100755 --- a/chrome/test/functional/policy_test_cases.py +++ b/chrome/test/functional/policy_test_cases.py @@ -187,6 +187,10 @@ class PolicyPrefsTestCases(object): 'DeviceDataRoamingEnabled': (True, [], []), 'DeviceMetricsReportingEnabled': (True, [], []), 'DeviceEphemeralUsersEnabled': (True, [], []), + 'DeviceIdleLogoutTimeout': (60000, [], []), + 'DeviceIdleLogoutWarningDuration': (15000, [], []), + 'DeviceLoginScreenSaverId': ('lcncmkcnkcdbbanbjakcencbaoegdjlp', [], []), + 'DeviceLoginScreenSaverTimeout': (30000, [], []), # Chrome Frame policies: 'ChromeFrameRendererSettings': (0, [], []), |