GitLab

Currently an attacker can obtain the System-proxy policy set credentials
by tricking the Chromebook to connect to a proxy with a less secure auth
scheme.

To protect against a downgrade attack, this CL adds
policy_credentials_auth_schemes to the SystemProxySettings policy which
will allow admins to specify for which proxy auth schemes the
credentials can be applied to.

If no value is set by policy, then all three username+password auth
schemes are allowed. This is to have backwards compatibility with the
current policy until AdminConsole is updated.

Bug: 1132247
Test: browser test
Change-Id: I67a21c88c411a4373159aaa5f8cadb948e5b9cc9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2484446
Commit-Queue: Andreea-Elena Costinas <acostinas@google.com>
Reviewed-by: Pavol Marko <pmarko@chromium.org>
Reviewed-by: Omar Morsi <omorsi@google.com>
Cr-Commit-Position: refs/heads/master@{#824019}