Add support for multiple allowed domains

components/policy/resources/policy_templates.json

Index: components/policy/resources/policy_templates.json
diff --git a/components/policy/resources/policy_templates.json b/components/policy/resources/policy_templates.json
index dd542b6bf392f42547716b172d4fadd24128b2bf..57a558e917a0ccde2f1128031c1b5f172efc0493 100644
--- a/components/policy/resources/policy_templates.json
+++ b/components/policy/resources/policy_templates.json
@@ -143,7 +143,7 @@
 #   persistent IDs for all fields (but not for groups!) are needed. These are
 #   specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs,
 #   because doing so would break the deployed wire format!
-#   For your editing convenience: highest ID currently used: 367
+#   For your editing convenience: highest ID currently used: 369
 #   And don't forget to also update the EnterprisePolicies enum of
 #   histograms.xml (run 'python tools/metrics/histograms/update_policies.py').
 #
@@ -770,17 +770,38 @@
             'dynamic_refresh': True,
             'per_profile': False,
           },
+          'deprecated': True,
           'example_value': 'my-awesome-domain.com',
           'id': 316,
           'caption': '''Configure the required domain name for remote access clients''',
           'tags': [],
-          'desc': '''Configures the required client domain name that will be imposed on remote access clients and prevents users from changing it.
+          'desc': '''This policy is deprecated. Please use RemoteAccessHostClientDomainList instead.''',

[Thiemo Nagel, 2017/05/17 14:18:09]

(here and below)

Note that quoting a policy name requires it to be enclosed in <ph ...> to mark
it as untranslatable, cf. top of the file.

+        },
+        {
+          'name': 'RemoteAccessHostClientDomainList',
+          'type': 'list',
+          'schema': {
+            'type': 'array',
+            'items': { 'type': 'string' },
+          },
+          'supported_on': ['chrome.*:60-', 'chrome_os:60-'],
+          'features': {
+            'dynamic_refresh': True,
+            'per_profile': False,
+          },
+          'example_value': ['my-awesome-domain.com', 'my-auxiliary-domain.com'],
+          'id': 369,
+          'caption': '''Configure the required domain names for remote access clients''',
+          'tags': [],
+          'desc': '''Configures the required client domain names that will be imposed on remote access clients and prevents users from changing it.
+
+          If this setting is enabled, then only clients from one of the specified domains can connect to the host.
 
-          If this setting is enabled, then only clients from the specified domain can connect to the host.
+          If this setting is disabled or not set, then the default policy for the connection type is applied. For remote assistance, this allows clients from any domain to connect to the host; for anytime remote access, only the host owner can connect.
 
-          If this setting is disabled or not set, then the default policy for the connection type is applied. For remote assistance, this allows clients from any domain can connect to the host; for anytime remote access, only the host owner can connect.
+          This setting will override RemoteAccessHostClientDomain, if present.
 
-          See also RemoteAccessHostDomain.''',
+          See also RemoteAccessHostDomainList.''',
         },
         {
           'name': 'RemoteAccessHostFirewallTraversal',
@@ -812,17 +833,38 @@
             'dynamic_refresh': True,
             'per_profile': False,
           },
+          'deprecated': True,
           'example_value': 'my-awesome-domain.com',
           'id': 154,
           'caption': '''Configure the required domain name for remote access hosts''',
           'tags': [],
-          'desc': '''Configures the required host domain name that will be imposed on remote access hosts and prevents users from changing it.
+          'desc': '''This policy is deprecated. Please use RemoteAccessHostDomainList instead.''',
+        },
+        {
+          'name': 'RemoteAccessHostDomainList',
+          'type': 'list',
+          'schema': {
+            'type': 'array',
+            'items': {'type': 'string' },
+          },
+          'supported_on': ['chrome.*:60-', 'chrome_os:60-'],
+          'features': {
+            'dynamic_refresh': True,
+            'per_profile': False,
+          },
+          'example_value': ['my-awesome-domain.com', 'my-auxiliary-domain.com'],
+          'id': 368,
+          'caption': '''Configure the required domain names for remote access hosts''',
+          'tags': [],
+          'desc': '''Configures the required host domain names that will be imposed on remote access hosts and prevents users from changing it.
 
-          If this setting is enabled, then hosts can be shared only using accounts registered on the specified domain name.
+          If this setting is enabled, then hosts can be shared only using accounts registered on one of the specified domain names.
 
           If this setting is disabled or not set, then hosts can be shared using any account.
 
-          See also RemoteAccessHostClientDomain.''',
+          This setting will override RemoteAccessHostDomain, if present.
+
+          See also RemoteAccessHostClientDomainList.''',
         },
         {
           'name': 'RemoteAccessHostRequireTwoFactor',