components/policy/resources/policy_templates.json - Issue 1865803002: [Policy Experimental] Add policies to allow Cookies and Pop-ups exceptions.

Side by Side Diff: components/policy/resources/policy_templates.json

Issue 1865803002: [Policy Experimental] Add policies to allow Cookies and Pop-ups exceptions. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Add another test to exercise main logic; renames from review. Created 4 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« components/content_settings/core/test/content_settings_test_utils.cc ('K') | « components/content_settings/core/test/content_settings_test_utils.cc ('k') | tools/metrics/histograms/histograms.xml » ('j') | tools/metrics/histograms/histograms.xml » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 {	1 {

2 # policy_templates.json - Metafile for policy templates	2 # policy_templates.json - Metafile for policy templates

3 #	3 #

4 # The content of this file is evaluated as a Python expression.	4 # The content of this file is evaluated as a Python expression.

5 #	5 #

6 # This file is used as input to generate the following policy templates:	6 # This file is used as input to generate the following policy templates:

7 # ADM, ADMX+ADML, MCX/plist and html documentation.	7 # ADM, ADMX+ADML, MCX/plist and html documentation.

8 #	8 #

9 # Policy templates are user interface definitions or documents about the	9 # Policy templates are user interface definitions or documents about the

10 # policies that can be used to configure Chrome. Each policy is a name-value	10 # policies that can be used to configure Chrome. Each policy is a name-value

(...skipping 119 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
130 # templates and documentation. The policy definition list that Chrome sees	130 # templates and documentation. The policy definition list that Chrome sees

131 # will include policies marked with 'future'. If a WIP policy isn't meant to	131 # will include policies marked with 'future'. If a WIP policy isn't meant to

132 # be seen by the policy providers either, the 'supported_on' key should be set	132 # be seen by the policy providers either, the 'supported_on' key should be set

133 # to an empty list.	133 # to an empty list.

134 #	134 #

135 # IDs:	135 # IDs:

136 # Since a Protocol Buffer definition is generated from this file, unique and	136 # Since a Protocol Buffer definition is generated from this file, unique and

137 # persistent IDs for all fields (but not for groups!) are needed. These are	137 # persistent IDs for all fields (but not for groups!) are needed. These are

138 # specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs,	138 # specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs,

139 # because doing so would break the deployed wire format!	139 # because doing so would break the deployed wire format!

140 # For your editing convenience: highest ID currently used: 325	140 # For your editing convenience: highest ID currently used: 328

141 #	141 #

142 # Placeholders:	142 # Placeholders:

143 # The following placeholder strings are automatically substituted:	143 # The following placeholder strings are automatically substituted:

144 # $1 -> Google Chrome / Chromium	144 # $1 -> Google Chrome / Chromium

145 # $2 -> Google Chrome OS / Chromium OS	145 # $2 -> Google Chrome OS / Chromium OS

146 # $3 -> Google Chrome Frame / Chromium Frame	146 # $3 -> Google Chrome Frame / Chromium Frame

147 # $6 is reserved for doc_writer	147 # $6 is reserved for doc_writer

148 #	148 #

149 # Device Policy:	149 # Device Policy:

150 # An additional flag 'device_only' (optional, defaults to False) indicates	150 # An additional flag 'device_only' (optional, defaults to False) indicates

(...skipping 2986 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
3137 },	3137 },

3138 'example_value': 2,	3138 'example_value': 2,

3139 'id': 313,	3139 'id': 313,

3140 'caption': '''Default key generation setting''',	3140 'caption': '''Default key generation setting''',

3141 'tags': ['system-security', 'website-sharing', 'local-data-access'],	3141 'tags': ['system-security', 'website-sharing', 'local-data-access'],

3142 'desc': '''Allows you to set whether websites are allowed to use key g eneration. Using key generation can be either allowed for all websites or denied for all websites.	3142 'desc': '''Allows you to set whether websites are allowed to use key g eneration. Using key generation can be either allowed for all websites or denied for all websites.

3143	3143

3144 If this policy is left not set, 'BlockKeygen' will be used and the use r will be able to change it.''',	3144 If this policy is left not set, 'BlockKeygen' will be used and the use r will be able to change it.''',

3145 },	3145 },

3146 {	3146 {

	3147 'name': 'PrefExceptionsUsageCookies',
	bartfab (slow) 2016/04/07 14:39:29 Here and for the other policy: This name is very c Here and for the other policy: This name is very cryptic. How about something like "AllowCookiesSettingExceptions"? huangs 2016/04/07 21:44:07 "Pref" (or some synonym; "user"?) is essential bec "Pref" (or some synonym; "user"?) is essential because this switch controls the role of PREF_PROVIDER exceptions. "Allow" would be nice to use, but this can get entangled with CONTENT_SETTING_ALLOW. I put "Cookies" at an inconsistent place, so it should be moved. "Settings" is too generic, since exceptions list is also settings. I think "Usage" would be descriptive of what this is. So perhaps "UserCookiesExceptionsUsage"? I'm going to change throughout, but still open to suggestions. bartfab (slow) 2016/04/08 10:17:30 You can use "Permit" or "Honor" -> "HonorCookiesSe Show quoted text On 2016/04/07 21:44:07, huangs wrote: > "Pref" (or some synonym; "user"?) is essential because this switch controls the > role of PREF_PROVIDER exceptions. "Allow" would be nice to use, but this can > get entangled with CONTENT_SETTING_ALLOW. I put "Cookies" at an inconsistent > place, so it should be moved. "Settings" is too generic, since exceptions list > is also settings. I think "Usage" would be descriptive of what this is. > > So perhaps "UserCookiesExceptionsUsage"? I'm going to change throughout, but > still open to suggestions. You can use "Permit" or "Honor" -> "HonorCookiesSettingExceptions" huangs 2016/04/08 13:39:12 I like "Permit"; will do that in the next update. I like "Permit"; will do that in the next update. "Not Honor" sounds too negative (and Worf-esque :).
	3148 'type': 'int-enum',
	bartfab (slow) 2016/04/07 14:39:29 Here and for the other policy: Do we expect to eve Here and for the other policy: Do we expect to ever have more than these two options? If not, a Boolean will do. huangs 2016/04/07 21:44:07 This makes it easier to extend in future, e.g., al This makes it easier to extend in future, e.g., allow exceptions, but not wildcards.
	3149 'schema': {

	3150 'type': 'integer',

	3151 'enum': [ 1, 2 ],

	3152 },

	3153 'items': [

	3154 {

	3155 'name': 'AllowCookiesPrefExceptions',
	bartfab (slow) 2016/04/07 14:39:29 Here and for the other policy: Nit: Content polici Here and for the other policy: Nit: Content policies use the term "Setting," not "Pref." huangs 2016/04/07 21:44:07 Please see comment above? Please see comment above?
	3156 'value': 1,

	3157 'caption': '''Allow users to specify cookies exceptions''',

	3158 },

	3159 {

	3160 'name': 'BlockCookiesPrefExceptions',

	3161 'value': 2,

	3162 'caption': '''Do not allow users to specify cookies exceptions''',
	Bernhard Bauer 2016/04/07 15:30:13 So, this would apply even if no policy sets the de So, this would apply even if no policy sets the default cookies value? Because otherwise, this would be covered by the not-set case anyway. huangs 2016/04/07 21:44:07 In this case user defaults (DEFAULT_PROVIDER) will In this case user defaults (DEFAULT_PROVIDER) will be a catch-all; admin cannot disable that. Stepping back, BlockCookiesPrefExceptions might be a bizarre feature that nobody wants (I added it for symmetry when copying existing patterns). We can sort this out in design, now that we have more time. :) Bernhard Bauer 2016/04/08 14:44:35 Yes... I think this isn't very useful, because if Show quoted text On 2016/04/07 21:44:07, huangs wrote: > In this case user defaults (DEFAULT_PROVIDER) will be a catch-all; admin cannot > disable that. > > Stepping back, BlockCookiesPrefExceptions might be a bizarre feature that nobody > wants (I added it for symmetry when copying existing patterns). We can sort > this out in design, now that we have more time. :) Yes... I think this isn't very useful, because if the admin wants to apply the default setting with no way for the user to override it, they could just explicitly set the default setting and don't set this policy. I also think removing this option would allow more simplifications in the rest of the CL -- for example, we wouldn't need the tri-state return value in GetUserExceptionsUsageSettingForType() anymore. huangs 2016/04/11 19:01:03 Sounds good, I'll remove the option. We still hav Sounds good, I'll remove the option. We still have to hear back whether wildcards is a concern. If so then we would add "Allow non-wildcard only option". If not then we can change type from "int-enum" to "boolean" (assuming we won't need to handle "different types of permission" in the future and would need to migrate).
	3163 },

	3164 ],

	3165 'supported_on': [

	3166 'chrome.*:51-',

	3167 'chrome_os:51-',

	3168 ],

	3169 'features': {

	3170 'dynamic_refresh': True,

	3171 'per_profile': True,

	3172 },

	3173 'example_value': 1,

	3174 'id': 327,

	3175 'caption': '''Pref exceptions cookies setting''',

	3176 'tags': [],

	3177 'desc': '''Allows you to specify whether users can set exceptions to o verride default cookies policy.

	3178

	3179 If this policy is left not set, user's ability to set exceptions depen ds on the default cookies setting.''',
	bartfab (slow) 2016/04/07 14:39:29 Here and for the other policy: What are you referr Here and for the other policy: What are you referring to here? I cannot find anything in the documentation of the default cookies setting that would tell me when exceptions are/are not allowed. huangs 2016/04/07 21:44:07 Depends on DefaultCookiesSetting. For exceptions, Depends on DefaultCookiesSetting. For exceptions, there are "policy exceptions" and "user exceptions" (AKA "pref exceptions", owing to PREF_PROVIDER). We're want to choose to (1) keep old behavior, (2) elevate "user exceptions" over "policy default", (3) disable "user exceptions". bartfab (slow) 2016/04/08 10:17:30 But those policy exceptions come from a different Show quoted text On 2016/04/07 21:44:07, huangs wrote: > Depends on DefaultCookiesSetting. For exceptions, there are "policy exceptions" > and "user exceptions" (AKA "pref exceptions", owing to PREF_PROVIDER). We're > want to choose to (1) keep old behavior, (2) elevate "user exceptions" over > "policy default", (3) disable "user exceptions". But those policy exceptions come from a different policy, not from the "default cookies setting." huangs 2016/04/08 13:39:12 Yes, this is a "meta"-setting that makes Policy se Yes, this is a "meta"-setting that makes Policy settings aware of User settings (and the layered nature of the system) hence the extra complexity. Also, this is a knob that's Policy-only and not controllable by User. The consequence is (unless we do the hole-poking approach) need to abstract the current ProviderType-ordered approach. Are there other concerns that might arise from this? bartfab (slow) 2016/04/11 10:27:31 My concern is that I do not understand "user's abi Show quoted text On 2016/04/08 13:39:12, huangs wrote: > Yes, this is a "meta"-setting that makes Policy settings aware of User settings > (and the layered nature of the system) hence the extra complexity. Also, this > is a knob that's Policy-only and not controllable by User. The consequence is > (unless we do the hole-poking approach) need to abstract the current > ProviderType-ordered approach. Are there other concerns that might arise from > this? My concern is that I do not understand "user's ability to set exceptions depends on policy default cookies setting." Assume this policy is unset. The DefaultCookiesSetting policy could take on four different values (unset, AllowCookies, BlockCookies, SessionOnly). Which of those permit exceptions? Which do not? How would I know? There does not seem to be any documentation describing this case. huangs 2016/04/11 19:01:03 unset => Permit user exceptions by default. AllowC unset => Permit user exceptions by default. AllowCookies => Block user exceptions by default. New switch allows user exceptions. BlockCookies => Block user exceptions by default. New switch allows user exceptions. SessionOnly => Block user exceptions by default. New switch allows user exceptions. Will write the design doc. Part of this project also involves updating online documentation, but let's worry about that after the feature is in.
	3180 },

	3181 {

	3182 'name': 'PrefExceptionsUsagePopups',

	3183 'type': 'int-enum',

	3184 'schema': {

	3185 'type': 'integer',

	3186 'enum': [ 1, 2 ],

	3187 },

	3188 'items': [

	3189 {

	3190 'name': 'AllowPopupsPrefExceptions',

	3191 'value': 1,

	3192 'caption': '''Allow users to specify pop-ups exceptions''',

	3193 },

	3194 {

	3195 'name': 'BlockPopupsPrefExceptions',

	3196 'value': 2,

	3197 'caption': '''Do not allow users to specify pop-ups exceptions''',

	3198 },

	3199 ],

	3200 'supported_on': [

	3201 'chrome.*:51-',

	3202 'chrome_os:51-',

	3203 ],

	3204 'features': {

	3205 'dynamic_refresh': True,

	3206 'per_profile': True,

	3207 },

	3208 'example_value': 1,

	3209 'id': 328,

	3210 'caption': '''Pref exceptions pop-ups setting''',

	3211 'tags': [],

	3212 'desc': '''Allows you to specify whether users can set exceptions to o verride default pop-ups policy.

	3213

	3214 If this policy is left not set, user's ability to set exceptions depen ds on the default pop-ups setting.''',

	3215 },

	3216 {

3147 'name': 'AutoSelectCertificateForUrls',	3217 'name': 'AutoSelectCertificateForUrls',

3148 'type': 'list',	3218 'type': 'list',

3149 'schema': {	3219 'schema': {

3150 'type': 'array',	3220 'type': 'array',

3151 'items': { 'type': 'string' },	3221 'items': { 'type': 'string' },

3152 },	3222 },

3153 'supported_on': ['chrome.*:15-', 'chrome_os:15-'],	3223 'supported_on': ['chrome.*:15-', 'chrome_os:15-'],

3154 'features': {	3224 'features': {

3155 'dynamic_refresh': True,	3225 'dynamic_refresh': True,

3156 'per_profile': True,	3226 'per_profile': True,

(...skipping 5422 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
8579 'desc': '''Text appended in parentheses next to the policies top-level con tainer to indicate that those policies are of the Recommended level''',	8649 'desc': '''Text appended in parentheses next to the policies top-level con tainer to indicate that those policies are of the Recommended level''',

8580 'text': 'Default Settings (users can override)',	8650 'text': 'Default Settings (users can override)',

8581 },	8651 },

8582 'doc_complex_policies_on_windows': {	8652 'doc_complex_policies_on_windows': {

8583 'desc': '''Text pointing the user to a help article for complex policies o n Windows''',	8653 'desc': '''Text pointing the user to a help article for complex policies o n Windows''',

8584 'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POL ICIES_URL">https://www.chromium.org/administrators/complex-policies-on-windows<e x>https://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>' '',	8654 'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POL ICIES_URL">https://www.chromium.org/administrators/complex-policies-on-windows<e x>https://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>' '',

8585 },	8655 },

8586 },	8656 },

8587 'placeholders': [],	8657 'placeholders': [],

8588 }	8658 }

OLD	NEW