Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(508)

Side by Side Diff: components/policy/resources/policy_templates.json

Issue 2087743002: Add Enterprise Policy for whitelisting hosts as exempt from CT (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@symantec_ct
Patch Set: Rebased Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/test/data/policy/policy_test_cases.json ('k') | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 { 1 {
2 # policy_templates.json - Metafile for policy templates 2 # policy_templates.json - Metafile for policy templates
3 # 3 #
4 # The content of this file is evaluated as a Python expression. 4 # The content of this file is evaluated as a Python expression.
5 # 5 #
6 # This file is used as input to generate the following policy templates: 6 # This file is used as input to generate the following policy templates:
7 # ADM, ADMX+ADML, MCX/plist and html documentation. 7 # ADM, ADMX+ADML, MCX/plist and html documentation.
8 # 8 #
9 # Policy templates are user interface definitions or documents about the 9 # Policy templates are user interface definitions or documents about the
10 # policies that can be used to configure Chrome. Each policy is a name-value 10 # policies that can be used to configure Chrome. Each policy is a name-value
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after
130 # templates and documentation. The policy definition list that Chrome sees 130 # templates and documentation. The policy definition list that Chrome sees
131 # will include policies marked with 'future'. If a WIP policy isn't meant to 131 # will include policies marked with 'future'. If a WIP policy isn't meant to
132 # be seen by the policy providers either, the 'supported_on' key should be set 132 # be seen by the policy providers either, the 'supported_on' key should be set
133 # to an empty list. 133 # to an empty list.
134 # 134 #
135 # IDs: 135 # IDs:
136 # Since a Protocol Buffer definition is generated from this file, unique and 136 # Since a Protocol Buffer definition is generated from this file, unique and
137 # persistent IDs for all fields (but not for groups!) are needed. These are 137 # persistent IDs for all fields (but not for groups!) are needed. These are
138 # specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs, 138 # specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs,
139 # because doing so would break the deployed wire format! 139 # because doing so would break the deployed wire format!
140 # For your editing convenience: highest ID currently used: 334 140 # For your editing convenience: highest ID currently used: 335
141 # 141 #
142 # Placeholders: 142 # Placeholders:
143 # The following placeholder strings are automatically substituted: 143 # The following placeholder strings are automatically substituted:
144 # $1 -> Google Chrome / Chromium 144 # $1 -> Google Chrome / Chromium
145 # $2 -> Google Chrome OS / Chromium OS 145 # $2 -> Google Chrome OS / Chromium OS
146 # $3 -> Google Chrome Frame / Chromium Frame 146 # $3 -> Google Chrome Frame / Chromium Frame
147 # $6 is reserved for doc_writer 147 # $6 is reserved for doc_writer
148 # 148 #
149 # Device Policy: 149 # Device Policy:
150 # An additional flag 'device_only' (optional, defaults to False) indicates 150 # An additional flag 'device_only' (optional, defaults to False) indicates
(...skipping 7764 matching lines...) Expand 10 before | Expand all | Expand 10 after
7915 'tags': ['system-security'], 7915 'tags': ['system-security'],
7916 'desc': '''Warning: The TLS version fallback will be removed from <ph name ="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> after version 52 (around September 2016) and this policy will stop working then. 7916 'desc': '''Warning: The TLS version fallback will be removed from <ph name ="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> after version 52 (around September 2016) and this policy will stop working then.
7917 7917
7918 When a TLS handshake fails, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</e x></ph> would previously retry the connection with a lesser version of TLS in or der to work around bugs in HTTPS servers. This setting configures the version at which this fallback process will stop. If a server performs version negotiation correctly (i.e. without breaking the connection) then this setting doesn't appl y. Regardless, the resulting connection must still comply with SSLVersionMin. 7918 When a TLS handshake fails, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</e x></ph> would previously retry the connection with a lesser version of TLS in or der to work around bugs in HTTPS servers. This setting configures the version at which this fallback process will stop. If a server performs version negotiation correctly (i.e. without breaking the connection) then this setting doesn't appl y. Regardless, the resulting connection must still comply with SSLVersionMin.
7919 7919
7920 If this policy is not configured or if it is set to "tls1.2" then <ph name ="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> no longer performs this fallback. Note this does not disable support for older TLS versions, only whether <ph name ="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will work around buggy servers whi ch cannot negotiate versions correctly. 7920 If this policy is not configured or if it is set to "tls1.2" then <ph name ="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> no longer performs this fallback. Note this does not disable support for older TLS versions, only whether <ph name ="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will work around buggy servers whi ch cannot negotiate versions correctly.
7921 7921
7922 Otherwise, if compatibility with a buggy server must be maintained, this p olicy may be set to "tls1.1". This is a stopgap measure and the server should be rapidly fixed.''', 7922 Otherwise, if compatibility with a buggy server must be maintained, this p olicy may be set to "tls1.1". This is a stopgap measure and the server should be rapidly fixed.''',
7923 }, 7923 },
7924 { 7924 {
7925 'name': 'CertificateTransparencyEnforcementDisabledForUrls',
7926 'type': 'list',
7927 'schema': {
7928 'type': 'array',
7929 'items': { 'type': 'string' },
7930 },
7931 'supported_on': [
7932 'chrome.*:53-',
7933 'chrome_os:53-',
7934 'android:53-',
7935 ],
7936 'features': {
7937 'dynamic_refresh': True,
7938 'per_profile': False,
7939 },
7940 'example_value': ['example.com', '.example.com'],
7941 'id': 335,
7942 'caption': '''Disable Certificate Transparency enforcement for a list of U RLs''',
7943 'tags': ['system-security'],
7944 'desc': '''Disables enforcing Certificate Transparency requirements to the listed URLs.
7945
7946 This policy allows certificates for the hostnames in the specified URLs to not be disclosed via Certificate Transparency. This allows certificates that wo uld otherwise be untrusted, because they were not properly publicly disclosed, t o continue to be used, but makes it harder to detect misissued certificates for those hosts.
7947
7948 A URL pattern is formatted according to https://www.chromium.org/administr ators/url-blacklist-filter-format, but because certificates are valid for any po rt and path on the server, only the hostname will be considered.
7949
7950 If this policy is not set, any certificate that is required to be disclose d via Certificate Transparency will be treated as untrusted if it is not disclos ed.''',
7951 },
7952 {
7925 'name': 'RC4Enabled', 7953 'name': 'RC4Enabled',
7926 'type': 'main', 7954 'type': 'main',
7927 'schema': { 7955 'schema': {
7928 'type': 'boolean', 7956 'type': 'boolean',
7929 }, 7957 },
7930 'supported_on': [ 7958 'supported_on': [
7931 'chrome.*:48-52', 7959 'chrome.*:48-52',
7932 'chrome_os:48-52', 7960 'chrome_os:48-52',
7933 'android:48-52', 7961 'android:48-52',
7934 'ios:48-52', 7962 'ios:48-52',
(...skipping 849 matching lines...) Expand 10 before | Expand all | Expand 10 after
8784 'desc': '''Text appended in parentheses next to the policies top-level con tainer to indicate that those policies are of the Recommended level''', 8812 'desc': '''Text appended in parentheses next to the policies top-level con tainer to indicate that those policies are of the Recommended level''',
8785 'text': 'Default Settings (users can override)', 8813 'text': 'Default Settings (users can override)',
8786 }, 8814 },
8787 'doc_complex_policies_on_windows': { 8815 'doc_complex_policies_on_windows': {
8788 'desc': '''Text pointing the user to a help article for complex policies o n Windows''', 8816 'desc': '''Text pointing the user to a help article for complex policies o n Windows''',
8789 'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POL ICIES_URL">https://www.chromium.org/administrators/complex-policies-on-windows<e x>https://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>' '', 8817 'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POL ICIES_URL">https://www.chromium.org/administrators/complex-policies-on-windows<e x>https://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>' '',
8790 }, 8818 },
8791 }, 8819 },
8792 'placeholders': [], 8820 'placeholders': [],
8793 } 8821 }
OLDNEW
« no previous file with comments | « chrome/test/data/policy/policy_test_cases.json ('k') | tools/metrics/histograms/histograms.xml » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698