(Re-landing http://codereview.chromium.org/5991003 after Chromium OS

build fix to browser_render_process_host.cc)

Added group policy for disabling all client-side 3D APIs in Chromium
(in particular, WebGL and Pepper 3D). This has been hooked up through
a new command-line argument (--disable-3d-apis) orthogonal to the
existing ones, so that further changes to those command line arguments
will not accidentally regress the group policy support.

Tested in the following ways:
- Verified that --disable-3d-apis disables WebGL and Pepper 3D
  support on Mac OS X.
- Verified that specifying the Disable3DAPIs policy via a JSON file
  disables WebGL on Linux.
- Ran unit_tests and verified that there were no failures introduced.

BUG=64806
TEST=ConfigurationPolicyPrefStoreBooleanTest

Review URL: http://codereview.chromium.org/6045003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@69791 0039d316-1c4b-4281-b951-d872f2087c98

19 files changed, 66 insertions, 7 deletions

diff --git a/chrome/app/policy/policy_templates.grd b/chrome/app/policy/policy_templates.grd
index 39d0545..341c57d 100644
--- a/chrome/app/policy/policy_templates.grd
+++ b/chrome/app/policy/policy_templates.grd
@@ -726,6 +726,16 @@ templates and will be translated for each locale. -->
     <message name="IDS_POLICY_DEFAULTSEARCHPROVIDERENCODINGS_DESC" desc="Caption of the 'Encodings' text field in the 'Default Search Provider' policy settings page.">
       Specifies the character encodings supported by the search provider. Encodings are code page names like UTF-8, GB2312, and ISO-8859-1. They are tried in the order provided. The default is UTF-8.
     </message>
+    <message name="IDS_POLICY_DISABLE3DAPIS_CAPTION" desc="Label of the Disable3DAPIs policy text field.">
+      Disable support for 3D graphics APIs
+    </message>
+    <message name="IDS_POLICY_DISABLE3DAPIS_DESC" desc="Caption of the Disable3DAPIs policy text field.">
+      Disable support for 3D graphics APIs.
+
+      Enabling this setting prevents web pages from accessing the graphics processing unit (GPU). Specifically, web pages can not access the WebGL API and plugins can not use the Pepper 3D API.
+
+      Disabling this setting potentially allows web pages to use the WebGL API and plugins to use the Pepper 3D API. The default settings of the browser may still require command line arguments to be passed in order to use these APIs.
+    </message>
     <!-- Begin Chrome Frame messages -->
     <message name="IDS_POLICY_CHROMEFRAMERENDERERSETTINGS_CAPTION"
              desc="Caption of Chrome Frame renderer policy group">
diff --git a/chrome/app/policy/policy_templates.json b/chrome/app/policy/policy_templates.json
index 59a4e15..7b352aa 100644
--- a/chrome/app/policy/policy_templates.json
+++ b/chrome/app/policy/policy_templates.json
@@ -605,6 +605,16 @@
       ]
     },
     {
+      'name': 'Disable3DAPIs',
+      'type': 'main',
+      'supported_on': ['chrome.*:9-'],
+      'annotations': {
+        # It'll be difficult to support dynamically disabling access to these APIs.
+        'features': {'dynamic_refresh': 0},
+        'example_value': False,
+      }
+    },
+    {
       'name': 'ChromeFrameRendererSettings',
       'type': 'group',
       'policies': [{
diff --git a/chrome/browser/policy/configuration_policy_pref_store.cc b/chrome/browser/policy/configuration_policy_pref_store.cc
index 813eecc..3971980 100644
--- a/chrome/browser/policy/configuration_policy_pref_store.cc
+++ b/chrome/browser/policy/configuration_policy_pref_store.cc
@@ -190,6 +190,8 @@ const ConfigurationPolicyPrefStore::PolicyToPreferenceMapEntry
     prefs::kAuthNegotiateDelegateWhitelist },
   { Value::TYPE_STRING, kPolicyGSSAPILibraryName,
     prefs::kGSSAPILibraryName },
+  { Value::TYPE_BOOLEAN, kPolicyDisable3DAPIs,
+    prefs::kDisable3DAPIs },
 
 #if defined(OS_CHROMEOS)
   { Value::TYPE_BOOLEAN, kPolicyChromeOsLockOnIdleSuspend,
@@ -310,6 +312,8 @@ ConfigurationPolicyPrefStore::GetChromePolicyDefinitionList() {
       key::kAuthNegotiateDelegateWhitelist },
     { kPolicyGSSAPILibraryName, Value::TYPE_STRING,
       key::kGSSAPILibraryName },
+    { kPolicyDisable3DAPIs, Value::TYPE_BOOLEAN,
+      key::kDisable3DAPIs },
 
 #if defined(OS_CHROMEOS)
     { kPolicyChromeOsLockOnIdleSuspend, Value::TYPE_BOOLEAN,
diff --git a/chrome/browser/policy/configuration_policy_pref_store_unittest.cc b/chrome/browser/policy/configuration_policy_pref_store_unittest.cc
index 80c69e4..43e1295 100644
--- a/chrome/browser/policy/configuration_policy_pref_store_unittest.cc
+++ b/chrome/browser/policy/configuration_policy_pref_store_unittest.cc
@@ -185,7 +185,9 @@ INSTANTIATE_TEST_CASE_P(
         TypeAndName(kPolicyDisableAuthNegotiateCnameLookup,
                     prefs::kDisableAuthNegotiateCnameLookup),
         TypeAndName(kPolicyEnableAuthNegotiatePort,
-                    prefs::kEnableAuthNegotiatePort)));
+                    prefs::kEnableAuthNegotiatePort),
+        TypeAndName(kPolicyDisable3DAPIs,
+                    prefs::kDisable3DAPIs)));
 
 #if defined(OS_CHROMEOS)
 INSTANTIATE_TEST_CASE_P(
diff --git a/chrome/browser/policy/configuration_policy_store_interface.h b/chrome/browser/policy/configuration_policy_store_interface.h
index 860f3a4..00ebf30 100644
--- a/chrome/browser/policy/configuration_policy_store_interface.h
+++ b/chrome/browser/policy/configuration_policy_store_interface.h
@@ -66,6 +66,7 @@ enum ConfigurationPolicyType {
   kPolicyAuthServerWhitelist,
   kPolicyAuthNegotiateDelegateWhitelist,
   kPolicyGSSAPILibraryName,
+  kPolicyDisable3DAPIs
 };
 
 static const int kPolicyNoProxyServerMode = 0;
diff --git a/chrome/browser/prefs/command_line_pref_store.cc b/chrome/browser/prefs/command_line_pref_store.cc
index 8fffb9c..ae70d97 100644
--- a/chrome/browser/prefs/command_line_pref_store.cc
+++ b/chrome/browser/prefs/command_line_pref_store.cc
@@ -31,6 +31,7 @@ const CommandLinePrefStore::BooleanSwitchToPreferenceMapEntry
           prefs::kDisableAuthNegotiateCnameLookup, true },
       { switches::kEnableAuthNegotiatePort, prefs::kEnableAuthNegotiatePort,
           true },
+      { switches::kDisable3DAPIs, prefs::kDisable3DAPIs, true },
 };
 
 CommandLinePrefStore::CommandLinePrefStore(const CommandLine* command_line)
diff --git a/chrome/browser/renderer_host/browser_render_process_host.cc b/chrome/browser/renderer_host/browser_render_process_host.cc
index 677bb94..c9e63385 100644
--- a/chrome/browser/renderer_host/browser_render_process_host.cc
+++ b/chrome/browser/renderer_host/browser_render_process_host.cc
@@ -591,11 +591,19 @@ void BrowserRenderProcessHost::AppendRendererCommandLine(
   if (!user_data_dir.empty())
     command_line->AppendSwitchPath(switches::kUserDataDir, user_data_dir);
 #if defined(OS_CHROMEOS)
-  const std::string& profile =
+  const std::string& login_profile =
       browser_command_line.GetSwitchValueASCII(switches::kLoginProfile);
-  if (!profile.empty())
-    command_line->AppendSwitchASCII(switches::kLoginProfile, profile);
+  if (!login_profile.empty())
+    command_line->AppendSwitchASCII(switches::kLoginProfile, login_profile);
 #endif
+
+  PrefService* prefs = profile()->GetPrefs();
+  // Currently this pref is only registered if applied via a policy.
+  if (prefs->HasPrefPath(prefs::kDisable3DAPIs) &&
+      prefs->GetBoolean(prefs::kDisable3DAPIs)) {
+    // Turn this policy into a command line switch.
+    command_line->AppendSwitch(switches::kDisable3DAPIs);
+  }
 }
 
 void BrowserRenderProcessHost::PropagateBrowserCommandLineToRenderer(
@@ -698,7 +706,8 @@ void BrowserRenderProcessHost::PropagateBrowserCommandLineToRenderer(
     switches::kDisableFileSystem,
     switches::kPpapiOutOfProcess,
     switches::kEnablePrintPreview,
-    switches::kEnableCrxlessWebApps
+    switches::kEnableCrxlessWebApps,
+    switches::kDisable3DAPIs
   };
   renderer_cmd->CopySwitchesFrom(browser_cmd, kSwitchNames,
                                  arraysize(kSwitchNames));
diff --git a/chrome/browser/tab_contents/render_view_host_delegate_helper.cc b/chrome/browser/tab_contents/render_view_host_delegate_helper.cc
index 5e3c899..491e7f6 100644
--- a/chrome/browser/tab_contents/render_view_host_delegate_helper.cc
+++ b/chrome/browser/tab_contents/render_view_host_delegate_helper.cc
@@ -275,6 +275,7 @@ WebPreferences RenderViewHostDelegateHelper::GetWebkitPrefs(
         !command_line.HasSwitch(switches::kDisableDatabases);
     web_prefs.experimental_webgl_enabled =
         gpu_enabled() &&
+        !command_line.HasSwitch(switches::kDisable3DAPIs) &&
         !command_line.HasSwitch(switches::kDisableExperimentalWebGL);
     web_prefs.site_specific_quirks_enabled =
         !command_line.HasSwitch(switches::kDisableSiteSpecificQuirks);
diff --git a/chrome/browser/ui/browser.cc b/chrome/browser/ui/browser.cc
index 94f87c5..c3604db 100644
--- a/chrome/browser/ui/browser.cc
+++ b/chrome/browser/ui/browser.cc
@@ -2038,6 +2038,9 @@ void Browser::RegisterUserPrefs(PrefService* prefs) {
   prefs->RegisterBooleanPref(prefs::kDevToolsDisabled, false);
   prefs->RegisterRealPref(prefs::kDefaultZoomLevel, 0.0);
   prefs->RegisterIntegerPref(prefs::kMultipleProfilePrefMigration, 0);
+  // We need to register the type of this preference in order to query
+  // it even though it's only typically controlled via policy.
+  prefs->RegisterBooleanPref(prefs::kDisable3DAPIs, false);
 }
 
 // static
diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc
index 84236bb..7a64479 100644
--- a/chrome/common/chrome_switches.cc
+++ b/chrome/common/chrome_switches.cc
@@ -139,6 +139,12 @@ const char kDeviceManagementUrl[]           = "device-management-url";
 // Triggers a pletora of diagnostic modes.
 const char kDiagnostics[]                   = "diagnostics";
 
+// Disables client-visible 3D APIs, in particular WebGL and Pepper 3D.
+// This is controlled by policy and is kept separate from the other
+// enable/disable switches to avoid accidentally regressing the policy
+// support for controlling access to these APIs.
+const char kDisable3DAPIs[]                 = "disable-3d-apis";
+
 // Disables accelerated compositing.
 const char kDisableAcceleratedCompositing[] =
     "disable-accelerated-compositing";
diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h
index 2a3f11d35..1ddf692 100644
--- a/chrome/common/chrome_switches.h
+++ b/chrome/common/chrome_switches.h
@@ -52,6 +52,7 @@ extern const char kCountry[];
 extern const char kDebugPrint[];
 extern const char kDeviceManagementUrl[];
 extern const char kDiagnostics[];
+extern const char kDisable3DAPIs[];
 extern const char kDisableAcceleratedCompositing[];
 extern const char kDisableAltWinstation[];
 extern const char kDisableApplicationCache[];
diff --git a/chrome/common/policy_constants.cc b/chrome/common/policy_constants.cc
index 8fcad63..300b450 100644
--- a/chrome/common/policy_constants.cc
+++ b/chrome/common/policy_constants.cc
@@ -71,6 +71,7 @@ const char kEnableAuthNegotiatePort[] = "EnableAuthNegotiatePort";
 const char kAuthServerWhitelist[] = "AuthServerWhitelist";
 const char kAuthNegotiateDelegateWhitelist[] = "AuthNegotiateDelegateWhitelist";
 const char kGSSAPILibraryName[] = "GSSAPILibraryName";
+const char kDisable3DAPIs[] = "Disable3DAPIs";
 
 // Chrome Frame specific policy constants
 const char kChromeFrameRendererSettings[] = "ChromeFrameRendererSettings";
diff --git a/chrome/common/policy_constants.h b/chrome/common/policy_constants.h
index 318e27c..a1e2a83 100644
--- a/chrome/common/policy_constants.h
+++ b/chrome/common/policy_constants.h
@@ -67,6 +67,7 @@ extern const char kEnableAuthNegotiatePort[];
 extern const char kAuthServerWhitelist[];
 extern const char kAuthNegotiateDelegateWhitelist[];
 extern const char kGSSAPILibraryName[];
+extern const char kDisable3DAPIs[];
 
 // Chrome Frame specific policy constants
 extern const char kChromeFrameRendererSettings[];
diff --git a/chrome/common/pref_names.cc b/chrome/common/pref_names.cc
index 11203d8..c4af1e1 100644
--- a/chrome/common/pref_names.cc
+++ b/chrome/common/pref_names.cc
@@ -631,6 +631,9 @@ const char kGeolocationDefaultContentSetting[] =
 // Dictionary that maps [frame, toplevel] to their Geolocation content setting.
 const char kGeolocationContentSettings[] = "geolocation.content_settings";
 
+// Preference to disable 3D APIs (WebGL, Pepper 3D).
+const char kDisable3DAPIs[] = "disable_3d_apis";
+
 // *************** LOCAL STATE ***************
 // These are attached to the machine/installation
 
diff --git a/chrome/common/pref_names.h b/chrome/common/pref_names.h
index 4dcaad5..6e4a47d 100644
--- a/chrome/common/pref_names.h
+++ b/chrome/common/pref_names.h
@@ -438,6 +438,8 @@ extern const char kGSSAPILibraryName[];
 
 extern const char kKnownBackgroundPages[];
 
+extern const char kDisable3DAPIs[];
+
 }  // namespace prefs
 
 #endif  // CHROME_COMMON_PREF_NAMES_H_
diff --git a/chrome/common/sandbox_init_wrapper_mac.cc b/chrome/common/sandbox_init_wrapper_mac.cc
index 540b6da..b9cfa50 100644
--- a/chrome/common/sandbox_init_wrapper_mac.cc
+++ b/chrome/common/sandbox_init_wrapper_mac.cc
@@ -24,7 +24,8 @@ bool SandboxInitWrapper::InitializeSandbox(const CommandLine& command_line,
     // Browser process isn't sandboxed.
     return true;
   } else if (process_type == switches::kRendererProcess) {
-    if (!command_line.HasSwitch(switches::kDisableExperimentalWebGL) &&
+    if (!command_line.HasSwitch(switches::kDisable3DAPIs) &&
+        !command_line.HasSwitch(switches::kDisableExperimentalWebGL) &&
         command_line.HasSwitch(switches::kInProcessWebGL)) {
       // TODO(kbr): this check seems to be necessary only on this
       // platform because the sandbox is initialized later. Remove
diff --git a/chrome/common/sandbox_policy.cc b/chrome/common/sandbox_policy.cc
index 2b932d0..2667cf9 100644
--- a/chrome/common/sandbox_policy.cc
+++ b/chrome/common/sandbox_policy.cc
@@ -546,7 +546,8 @@ base::ProcessHandle StartProcessWithAccess(CommandLine* cmd_line,
     in_sandbox = false;
   }
 #endif
-  if (!browser_command_line.HasSwitch(switches::kDisableExperimentalWebGL) &&
+  if (!browser_command_line.HasSwitch(switches::kDisable3DAPIs) &&
+      !browser_command_line.HasSwitch(switches::kDisableExperimentalWebGL) &&
       browser_command_line.HasSwitch(switches::kInProcessWebGL)) {
     // In process WebGL won't work if the sandbox is enabled.
     in_sandbox = false;
diff --git a/chrome/renderer/render_thread.cc b/chrome/renderer/render_thread.cc
index a7f2495..901445a 100644
--- a/chrome/renderer/render_thread.cc
+++ b/chrome/renderer/render_thread.cc
@@ -952,6 +952,7 @@ void RenderThread::EnsureWebKitInitialized() {
       !command_line.HasSwitch(switches::kDisableGeolocation));
 
   WebRuntimeFeatures::enableWebGL(
+      !command_line.HasSwitch(switches::kDisable3DAPIs) &&
       !command_line.HasSwitch(switches::kDisableExperimentalWebGL));
 
   WebRuntimeFeatures::enablePushState(true);
diff --git a/chrome/worker/worker_thread.cc b/chrome/worker/worker_thread.cc
index 1f5bccd..cafd482 100644
--- a/chrome/worker/worker_thread.cc
+++ b/chrome/worker/worker_thread.cc
@@ -60,6 +60,7 @@ WorkerThread::WorkerThread() {
       !command_line.HasSwitch(switches::kDisableFileSystem));
 
   WebRuntimeFeatures::enableWebGL(
+      !command_line.HasSwitch(switches::kDisable3DAPIs) &&
       !command_line.HasSwitch(switches::kDisableExperimentalWebGL));
 }