OLD | NEW |
1 { | 1 { |
2 # policy_templates.json - Metafile for policy templates | 2 # policy_templates.json - Metafile for policy templates |
3 # | 3 # |
4 # The content of this file is evaluated as a Python expression. | 4 # The content of this file is evaluated as a Python expression. |
5 # | 5 # |
6 # This file is used as input to generate the following policy templates: | 6 # This file is used as input to generate the following policy templates: |
7 # ADM, ADMX+ADML, MCX/plist and html documentation. | 7 # ADM, ADMX+ADML, MCX/plist and html documentation. |
8 # | 8 # |
9 # Policy templates are user interface definitions or documents about the | 9 # Policy templates are user interface definitions or documents about the |
10 # policies that can be used to configure Chrome. Each policy is a name-value | 10 # policies that can be used to configure Chrome. Each policy is a name-value |
(...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
132 # templates and documentation. The policy definition list that Chrome sees | 132 # templates and documentation. The policy definition list that Chrome sees |
133 # will include policies marked with 'future'. If a WIP policy isn't meant to | 133 # will include policies marked with 'future'. If a WIP policy isn't meant to |
134 # be seen by the policy providers either, the 'supported_on' key should be set | 134 # be seen by the policy providers either, the 'supported_on' key should be set |
135 # to an empty list. | 135 # to an empty list. |
136 # | 136 # |
137 # IDs: | 137 # IDs: |
138 # Since a Protocol Buffer definition is generated from this file, unique and | 138 # Since a Protocol Buffer definition is generated from this file, unique and |
139 # persistent IDs for all fields (but not for groups!) are needed. These are | 139 # persistent IDs for all fields (but not for groups!) are needed. These are |
140 # specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs, | 140 # specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs, |
141 # because doing so would break the deployed wire format! | 141 # because doing so would break the deployed wire format! |
142 # For your editing convenience: highest ID currently used: 365 | 142 # For your editing convenience: highest ID currently used: 366 |
143 # And don't forget to also update the EnterprisePolicies enum of | 143 # And don't forget to also update the EnterprisePolicies enum of |
144 # histograms.xml (run tools/metrics/histograms/update_policies.py). | 144 # histograms.xml (run tools/metrics/histograms/update_policies.py). |
145 # | 145 # |
146 # Placeholders: | 146 # Placeholders: |
147 # The following placeholder strings are automatically substituted: | 147 # The following placeholder strings are automatically substituted: |
148 # $1 -> Google Chrome / Chromium | 148 # $1 -> Google Chrome / Chromium |
149 # $2 -> Google Chrome OS / Chromium OS | 149 # $2 -> Google Chrome OS / Chromium OS |
150 # $3 -> Google Chrome Frame / Chromium Frame | 150 # $3 -> Google Chrome Frame / Chromium Frame |
151 # $6 is reserved for doc_writer | 151 # $6 is reserved for doc_writer |
152 # | 152 # |
(...skipping 4690 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
4843 'id': 340, | 4843 'id': 340, |
4844 'caption': '''Whether SHA-1 signed certificates issued by local trust anch
ors are allowed''', | 4844 'caption': '''Whether SHA-1 signed certificates issued by local trust anch
ors are allowed''', |
4845 'tags': ['system-security'], | 4845 'tags': ['system-security'], |
4846 'desc': '''When this setting is enabled, <ph name="PRODUCT_NAME">$1<ex>Goo
gle Chrome</ex></ph> allows SHA-1 signed certificates as long as they successful
ly validate and chain to a locally-installed CA certificates. | 4846 'desc': '''When this setting is enabled, <ph name="PRODUCT_NAME">$1<ex>Goo
gle Chrome</ex></ph> allows SHA-1 signed certificates as long as they successful
ly validate and chain to a locally-installed CA certificates. |
4847 | 4847 |
4848 Note that this policy depends on the operating system certificate verifica
tion stack allowing SHA-1 signatures. If an OS update changes the OS handling of
SHA-1 certificates, this policy may no longer have effect. Further, this polic
y is intended as a temporary workaround to give enterprises more time to move aw
ay from SHA-1. This policy will be removed on or around January 1st 2019. | 4848 Note that this policy depends on the operating system certificate verifica
tion stack allowing SHA-1 signatures. If an OS update changes the OS handling of
SHA-1 certificates, this policy may no longer have effect. Further, this polic
y is intended as a temporary workaround to give enterprises more time to move aw
ay from SHA-1. This policy will be removed on or around January 1st 2019. |
4849 | 4849 |
4850 If this policy is not set, or it is set to false, then <ph name="PRODUCT_N
AME">$1<ex>Google Chrome</ex></ph> follows the publicly announced SHA-1 deprecat
ion schedule.''', | 4850 If this policy is not set, or it is set to false, then <ph name="PRODUCT_N
AME">$1<ex>Google Chrome</ex></ph> follows the publicly announced SHA-1 deprecat
ion schedule.''', |
4851 }, | 4851 }, |
4852 { | 4852 { |
| 4853 'name': 'EnableCommonNameFallbackForLocalAnchors', |
| 4854 'type': 'main', |
| 4855 'schema': { 'type': 'boolean' }, |
| 4856 'supported_on': ['chrome.*:58-65', 'chrome_os:58-65', 'android:54-65'], |
| 4857 'features': { |
| 4858 'dynamic_refresh': True, |
| 4859 'per_profile': False, |
| 4860 }, |
| 4861 'example_value': False, |
| 4862 'id': 366, |
| 4863 'caption': '''Whether to allow certificates issued by local trust anchors
that are missing the subjectAlternativeName extension''', |
| 4864 'tags': ['system-security'], |
| 4865 'desc': '''When this setting is enabled, <ph name="PRODUCT_NAME">$1<ex>Goo
gle Chrome</ex></ph> will use the commonName of a server certificate to match a
hostname if the certificate is missing a subjectAlternativeName extension, as lo
ng as it successfully validates and chains to a locally-installed CA certificate
s. |
| 4866 |
| 4867 Note that this is not recommended, as this may allow bypassing the nameCon
straints extension that restricts the hostnames that a given certificate can be
authorized for. |
| 4868 |
| 4869 If this policy is not set, server certificates that lack a subjectAlternat
iveName extension containing either a DNS name or IP address will not be trusted
.''', |
| 4870 }, |
| 4871 { |
4853 'name': 'ForceEphemeralProfiles', | 4872 'name': 'ForceEphemeralProfiles', |
4854 'type': 'main', | 4873 'type': 'main', |
4855 'schema': { 'type': 'boolean' }, | 4874 'schema': { 'type': 'boolean' }, |
4856 'supported_on': ['chrome.*:32-'], | 4875 'supported_on': ['chrome.*:32-'], |
4857 'features': { | 4876 'features': { |
4858 'dynamic_refresh': False, | 4877 'dynamic_refresh': False, |
4859 'per_profile': True, | 4878 'per_profile': True, |
4860 }, | 4879 }, |
4861 'example_value': True, | 4880 'example_value': True, |
4862 'id': 245, | 4881 'id': 245, |
(...skipping 4861 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
9724 'desc': '''Text appended in parentheses next to the policies top-level con
tainer to indicate that those policies are of the Recommended level''', | 9743 'desc': '''Text appended in parentheses next to the policies top-level con
tainer to indicate that those policies are of the Recommended level''', |
9725 'text': 'Default Settings (users can override)', | 9744 'text': 'Default Settings (users can override)', |
9726 }, | 9745 }, |
9727 'doc_complex_policies_on_windows': { | 9746 'doc_complex_policies_on_windows': { |
9728 'desc': '''Text pointing the user to a help article for complex policies o
n Windows''', | 9747 'desc': '''Text pointing the user to a help article for complex policies o
n Windows''', |
9729 'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POL
ICIES_URL">https://www.chromium.org/administrators/complex-policies-on-windows<e
x>https://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>'
'', | 9748 'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POL
ICIES_URL">https://www.chromium.org/administrators/complex-policies-on-windows<e
x>https://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>'
'', |
9730 }, | 9749 }, |
9731 }, | 9750 }, |
9732 'placeholders': [], | 9751 'placeholders': [], |
9733 } | 9752 } |
OLD | NEW |