components/policy/resources/policy_templates.json - Issue 1150373002: platformKeys: Add policy and corporate key tagging.

Unified Diff: components/policy/resources/policy_templates.json

Issue 1150373002: platformKeys: Add policy and corporate key tagging. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@key_perm

Patch Set: Rebased. Created 5 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« chrome/test/data/policy/policy_test_cases.json ('K') | « chrome/test/data/policy/policy_test_cases.json ('k') | tools/metrics/histograms/histograms.xml » ('j') | tools/metrics/histograms/histograms.xml » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: components/policy/resources/policy_templates.json

diff --git a/components/policy/resources/policy_templates.json b/components/policy/resources/policy_templates.json

index cc26e75ca6777ad4a8cd073985c35a800855f6ec..730512975586b9fb7282f0387c060460cb3cc8e0 100644

--- a/components/policy/resources/policy_templates.json

+++ b/components/policy/resources/policy_templates.json

@@ -123,7 +123,7 @@

# persistent IDs for all fields (but not for groups!) are needed. These are

# specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs,

# because doing so would break the deployed wire format!

-# For your editing convenience: highest ID currently used: 301

+# For your editing convenience: highest ID currently used: 302

# Placeholders:

# The following placeholder strings are automatically substituted:

@@ -7365,7 +7365,42 @@

'desc': '''If this policy is set to true or not set usage of QUIC protocol in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> is allowed.

If this policy is set to false usage of QUIC protocol is disallowed.''',

+ {

+ 'name': 'KeyPermissions',

+ 'type': 'dict',

+ 'schema': {

+ 'type': 'object',

+ 'additionalProperties': {

+ 'type': 'object',

+ 'properties': {

+ 'allowCorporateKeyUsage': {

+ 'description': '''If set to true, this extension can use all corporate keys to sign arbitrary data. If set to false, it cannot access any corporate key and the user can not grant such permission either.''',

bartfab (slow) 2015/06/15 17:28:16 1: What is a corporate key? I never heard or saw t

pneubeck (no reviews) 2015/06/17 08:59:56 Changed it to "keys designated for corporate usage

bartfab (slow) 2015/06/17 09:57:40 1: I think a bit more explanation would be useful.

pneubeck (no reviews) 2015/06/17 13:00:36 i extended the description of the whole policy. O

+ 'type': 'boolean',

+ },

+ 'supported_on': ['chrome_os:45-'],

+ 'features': {

+ 'dynamic_refresh': True,

+ 'per_profile': True,

+ },

+ 'example_value': {

+ 'extension1': {

+ 'allowCorporateKeyUsage': 'true'

+ },

+ 'extension2': {

+ 'allowCorporateKeyUsage': 'false'

+ }

+ },

+ 'id': 302,

+ 'caption': 'Key Permissions',

+ 'desc': '''Grants usage of private keys by extensions.

+ By default an extension cannot use a private key for signing data, which is equivalent to setting allowCorporateKeyUsage to false for that extension. A user cannot workaround that restriction.

bartfab (slow) 2015/06/15 17:28:15 Nit 1: Of course you can use "private keys" in gen

pneubeck (no reviews) 2015/06/17 08:59:56 Done.

+ Only if allowCorporateKeyUsage is set to true for an extension, it can use any private key marked for corporate usage to sign arbitrary data. This permission should only be granted if the extension is trusted to secure access to the key against attackers.''',

+ },

'messages': {

# Messages that are not associated to any policies.