Show login screen extension policy on chrome://policy and policy export

This CL adds the extension policy for login screen extensions to the
visual output on chrome://policy. These extensions will be labeled with
"(login screen profile)" next to their name.
In the policy export, login screen extension policy will be located
under the "loginScreenExtensionPolicies" key, next to the
"extensionPolicies" key.

Bug: 1025760, b:145596153
Change-Id: I442753dbfe7c8d9df6c1b0993b69e19b14516dca
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1924573
Commit-Queue: Alexander Hendrich <hendrich@chromium.org>
Reviewed-by: Julian Pastarmov <pastarmovj@chromium.org>
Reviewed-by: Marc Treib <treib@chromium.org>
Reviewed-by: Maksim Ivanov <emaxx@chromium.org>
Auto-Submit: Alexander Hendrich <hendrich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#721493}

chrome/browser/enterprise_reporting/policy_info_unittest.cc

@@ -5,11 +5,16 @@
 #include "chrome/browser/enterprise_reporting/policy_info.h"
 
 #include "base/files/file_util.h"
+#include "base/strings/utf_string_conversions.h"
 #include "chrome/browser/policy/policy_conversions.h"
+#include "chrome/common/chrome_constants.h"
+#include "chrome/test/base/testing_browser_process.h"
 #include "chrome/test/base/testing_profile.h"
+#include "chrome/test/base/testing_profile_manager.h"
 #include "components/policy/core/common/mock_policy_service.h"
 #include "components/policy/core/common/policy_map.h"
 #include "components/policy/proto/device_management_backend.pb.h"
+#include "components/sync_preferences/pref_service_syncable.h"
 #include "content/public/test/browser_task_environment.h"
 #include "extensions/browser/extension_registry.h"
 #include "extensions/common/extension_builder.h"
@@ -33,9 +38,17 @@ using ::testing::Eq;
 class PolicyInfoTest : public ::testing::Test {
  public:
   void SetUp() override {
-    TestingProfile::Builder builder;
-    builder.SetPolicyService(GetPolicyService());
-    profile_ = builder.Build();
+    profile_manager_ = std::make_unique<TestingProfileManager>(
+        TestingBrowserProcess::GetGlobal());
+    ASSERT_TRUE(profile_manager_->SetUp());
+    std::string test_profile_name = "test_profile";
+    profile_ = profile_manager_->CreateTestingProfile(
+        test_profile_name,
+        std::unique_ptr<sync_preferences::PrefServiceSyncable>(),
+        base::UTF8ToUTF16(test_profile_name), 0, std::string(),
+        TestingProfile::TestingFactories(), base::Optional<bool>(),
+        GetPolicyService());
+    profile_manager_->CreateTestingProfile(chrome::kInitialProfile);
   }
 
   std::unique_ptr<policy::MockPolicyService> GetPolicyService() {
@@ -57,14 +70,15 @@ class PolicyInfoTest : public ::testing::Test {
     return policy_service;
   }
 
-  TestingProfile* profile() { return profile_.get(); }
+  TestingProfile* profile() { return profile_; }
   policy::PolicyMap* policy_map() { return &policy_map_; }
   policy::PolicyMap* extension_policy_map() { return &extension_policy_map_; }
   policy::MockPolicyService* policy_service() { return policy_service_; }
 
  private:
   content::BrowserTaskEnvironment task_environment_;
-  std::unique_ptr<TestingProfile> profile_;
+  std::unique_ptr<TestingProfileManager> profile_manager_;
+  TestingProfile* profile_ = nullptr;
   policy::PolicyMap policy_map_;
   policy::PolicyMap extension_policy_map_;
   policy::PolicyMap empty_policy_map_;

chrome/browser/policy/policy_conversions.cc

@@ -22,7 +22,6 @@
 #include "components/policy/core/browser/policy_error_map.h"
 #include "components/policy/core/common/policy_details.h"
 #include "components/policy/core/common/policy_merger.h"
-#include "components/policy/core/common/policy_namespace.h"
 #include "components/policy/core/common/policy_service.h"
 #include "components/policy/core/common/schema.h"
 #include "components/policy/core/common/schema_map.h"
@@ -46,6 +45,7 @@
 #include "chrome/browser/chromeos/policy/device_cloud_policy_store_chromeos.h"
 #include "chrome/browser/chromeos/policy/device_local_account.h"
 #include "chrome/browser/chromeos/policy/device_local_account_policy_service.h"
+#include "chrome/browser/chromeos/profiles/profile_helper.h"
 #include "chrome/browser/chromeos/settings/cros_settings.h"
 #include "components/user_manager/user_manager.h"
 #endif
@@ -186,25 +186,38 @@ Value PolicyConversions::GetChromePolicies() {
                          GetKnownPolicies(schema_map, policy_namespace));
 }
 
-Value PolicyConversions::GetExtensionsPolicies() {
+Value PolicyConversions::GetExtensionPolicies(PolicyDomain policy_domain) {
   Value policies(Value::Type::LIST);
 #if BUILDFLAG(ENABLE_EXTENSIONS)
-  // Add extension policy values.
-  extensions::ExtensionRegistry* registry =
-      extensions::ExtensionRegistry::Get(profile_);
+
+  const bool for_signin_screen =
+      policy_domain == POLICY_DOMAIN_SIGNIN_EXTENSIONS;
+#if defined(OS_CHROMEOS)
+  Profile* extension_profile = for_signin_screen
+                                   ? chromeos::ProfileHelper::GetSigninProfile()
+                                   : profile_;
+#else   // defined(OS_CHROMEOS)
+  Profile* extension_profile = profile_;
+#endif  // defined(OS_CHROMEOS)
+
+  const extensions::ExtensionRegistry* registry =
+      extensions::ExtensionRegistry::Get(extension_profile);
   if (!registry) {
     LOG(ERROR) << "Can not dump extension policies, no extension registry";
     return policies;
   }
-  auto* schema_registry_service = profile_->GetPolicySchemaRegistryService();
+  auto* schema_registry_service =
+      extension_profile->GetOriginalProfile()->GetPolicySchemaRegistryService();
   if (!schema_registry_service || !schema_registry_service->registry()) {
     LOG(ERROR) << "Can not dump extension policies, no schema registry service";
     return policies;
   }
   const scoped_refptr<SchemaMap> schema_map =
       schema_registry_service->registry()->schema_map();
+  std::unique_ptr<extensions::ExtensionSet> extension_set =
+      registry->GenerateInstalledExtensionsSet();
   for (const scoped_refptr<const extensions::Extension>& extension :
-       registry->enabled_extensions()) {
+       *extension_set) {
     // Skip this extension if it's not an enterprise extension.
     if (!extension->manifest()->HasPath(
             extensions::manifest_keys::kStorageManagedSchema)) {
@@ -212,14 +225,15 @@ Value PolicyConversions::GetExtensionsPolicies() {
     }
 
     PolicyNamespace policy_namespace =
-        PolicyNamespace(POLICY_DOMAIN_EXTENSIONS, extension->id());
+        PolicyNamespace(policy_domain, extension->id());
     PolicyErrorMap empty_error_map;
     Value extension_policies = GetPolicyValues(
-        GetPolicyService(profile_)->GetPolicies(policy_namespace),
+        GetPolicyService(extension_profile)->GetPolicies(policy_namespace),
         &empty_error_map, GetKnownPolicies(schema_map, policy_namespace));
     Value extension_policies_data(Value::Type::DICTIONARY);
     extension_policies_data.SetKey("name", Value(extension->name()));
     extension_policies_data.SetKey("id", Value(extension->id()));
+    extension_policies_data.SetKey("forSigninScreen", Value(for_signin_screen));
     extension_policies_data.SetKey("policies", std::move(extension_policies));
     policies.Append(std::move(extension_policies_data));
   }
@@ -523,8 +537,14 @@ Value DictionaryPolicyConversions::ToValue() {
     all_policies.SetKey("chromePolicies", GetChromePolicies());
 
 #if BUILDFLAG(ENABLE_EXTENSIONS)
-    all_policies.SetKey("extensionPolicies", GetExtensionsPolicies());
-#endif
+    all_policies.SetKey("extensionPolicies",
+                        GetExtensionPolicies(POLICY_DOMAIN_EXTENSIONS));
+#endif  // BUILDFLAG(ENABLE_EXTENSIONS)
+
+#if BUILDFLAG(ENABLE_EXTENSIONS) && defined(OS_CHROMEOS)
+    all_policies.SetKey("loginScreenExtensionPolicies",
+                        GetExtensionPolicies(POLICY_DOMAIN_SIGNIN_EXTENSIONS));
+#endif  //  BUILDFLAG(ENABLE_EXTENSIONS) && defined(OS_CHROMEOS)
   }
 
 #if defined(OS_CHROMEOS)
@@ -549,8 +569,9 @@ Value DictionaryPolicyConversions::GetDeviceLocalAccountPolicies() {
 }
 #endif
 
-Value DictionaryPolicyConversions::GetExtensionsPolicies() {
-  Value policies = PolicyConversions::GetExtensionsPolicies();
+Value DictionaryPolicyConversions::GetExtensionPolicies(
+    PolicyDomain policy_domain) {
+  Value policies = PolicyConversions::GetExtensionPolicies(policy_domain);
   Value extension_values(Value::Type::DICTIONARY);
   for (auto&& policy : policies.GetList()) {
     extension_values.SetKey(policy.FindKey("id")->GetString(),
@@ -573,12 +594,23 @@ Value ArrayPolicyConversions::ToValue() {
     all_policies.Append(GetChromePolicies());
 
 #if BUILDFLAG(ENABLE_EXTENSIONS)
-    Value extension_policies = GetExtensionsPolicies();
+    Value extension_policies = GetExtensionPolicies(POLICY_DOMAIN_EXTENSIONS);
     all_policies.GetList().insert(
         all_policies.GetList().end(),
         std::make_move_iterator(extension_policies.GetList().begin()),
         std::make_move_iterator(extension_policies.GetList().end()));
-#endif
+#endif  // BUILDFLAG(ENABLE_EXTENSIONS)
+
+#if BUILDFLAG(ENABLE_EXTENSIONS) && defined(OS_CHROMEOS)
+    Value login_screen_extension_policies =
+        GetExtensionPolicies(POLICY_DOMAIN_SIGNIN_EXTENSIONS);
+    all_policies.GetList().insert(
+        all_policies.GetList().end(),
+        std::make_move_iterator(
+            login_screen_extension_policies.GetList().begin()),
+        std::make_move_iterator(
+            login_screen_extension_policies.GetList().end()));
+#endif  // BUILDFLAG(ENABLE_EXTENSIONS) && defined(OS_CHROMEOS)
   }
 
 #if defined(OS_CHROMEOS)

chrome/browser/policy/policy_conversions.h

@@ -11,6 +11,7 @@
 #include "base/values.h"
 #include "chrome/browser/ui/webui/webui_util.h"
 #include "components/policy/core/common/policy_map.h"
+#include "components/policy/core/common/policy_namespace.h"
 #include "components/policy/core/common/policy_types.h"
 
 class Profile;
@@ -34,7 +35,7 @@ extern const webui::LocalizedString kPolicySources[POLICY_SOURCE_COUNT];
 class PolicyConversions {
  public:
   // Maps known policy names to their schema. If a policy is not present, it is
-  // not known (either through policy_templates.json or through an extenion's
+  // not known (either through policy_templates.json or through an extension's
   // managed storage schema).
   using PolicyToSchemaMap = base::flat_map<std::string, Schema>;
 
@@ -75,7 +76,7 @@ class PolicyConversions {
   // Returns policies for Chrome browser.
   virtual base::Value GetChromePolicies();
   // Returns policies for Chrome extensions.
-  virtual base::Value GetExtensionsPolicies();
+  virtual base::Value GetExtensionPolicies(PolicyDomain policy_domain);
 #if defined(OS_CHROMEOS)
   // Returns policies for ChromeOS device.
   virtual base::Value GetDeviceLocalAccountPolicies();
@@ -138,7 +139,7 @@ class DictionaryPolicyConversions : public PolicyConversions {
   base::Value ToValue() override;
 
  private:
-  base::Value GetExtensionsPolicies() override;
+  base::Value GetExtensionPolicies(PolicyDomain policy_domain) override;
 
 #if defined(OS_CHROMEOS)
   base::Value GetDeviceLocalAccountPolicies() override;

chrome/browser/ui/webui/policy_ui.cc

@@ -64,6 +64,7 @@ content::WebUIDataSource* CreatePolicyUIHtmlSource() {
       {"showLess", IDS_POLICY_SHOW_LESS},
       {"showMore", IDS_POLICY_SHOW_MORE},
       {"showUnset", IDS_POLICY_SHOW_UNSET},
+      {"signinProfile", IDS_POLICY_SIGNIN_PROFILE},
       {"status", IDS_POLICY_STATUS},
       {"statusDevice", IDS_POLICY_STATUS_DEVICE},
       {"statusMachine", IDS_POLICY_STATUS_MACHINE},

chrome/browser/ui/webui/policy_ui_browsertest.cc

@@ -19,6 +19,7 @@
 #include "base/values.h"
 #include "build/build_config.h"
 #include "chrome/browser/extensions/extension_service.h"
+#include "chrome/browser/extensions/install_verifier.h"
 #include "chrome/browser/extensions/test_extension_system.h"
 #include "chrome/browser/policy/profile_policy_connector_builder.h"
 #include "chrome/browser/policy/schema_registry_service.h"
@@ -40,6 +41,7 @@
 #include "content/public/browser/web_contents.h"
 #include "content/public/test/browser_test_utils.h"
 #include "extensions/common/extension_builder.h"
+#include "extensions/common/features/simple_feature.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "ui/base/l10n/l10n_util.h"
@@ -48,6 +50,10 @@
 #include "ui/shell_dialogs/select_file_policy.h"
 #include "url/gurl.h"
 
+#if defined(OS_CHROMEOS)
+#include "chrome/browser/chromeos/profiles/profile_helper.h"
+#endif  // defined(OS_CHROMEOS)
+
 using testing::_;
 using testing::Return;
 
@@ -281,7 +287,7 @@ void PolicyUITest::UpdateProviderPolicyForNamespace(
 
 void PolicyUITest::VerifyPolicies(
     const std::vector<std::vector<std::string>>& expected_policies) {
-  ui_test_utils::NavigateToURL(browser(), GURL("chrome://policy"));
+  ui_test_utils::NavigateToURL(browser(), GURL(chrome::kChromeUIPolicyURL));
 
   // Retrieve the text contents of the policy table cells for all policies.
   const std::string javascript =
@@ -333,7 +339,7 @@ void PolicyUITest::VerifyExportingPolicies(
   ui::SelectFileDialog::SetFactory(new TestSelectFileDialogFactory());
 
   // Navigate to the about:policy page.
-  ui_test_utils::NavigateToURL(browser(), GURL("chrome://policy"));
+  ui_test_utils::NavigateToURL(browser(), GURL(chrome::kChromeUIPolicyURL));
 
   // Click on 'save policies' button.
   const std::string javascript =
@@ -425,6 +431,8 @@ IN_PROC_BROWSER_TEST_F(PolicyUITest, WritePoliciesToJSONFile) {
   expected_values.SetDictionary("extensionPolicies",
                                 std::make_unique<base::DictionaryValue>());
 #if defined(OS_CHROMEOS)
+  expected_values.SetDictionary("loginScreenExtensionPolicies",
+                                std::make_unique<base::DictionaryValue>());
   expected_values.SetDictionary("deviceLocalAccountPolicies",
                                 std::make_unique<base::DictionaryValue>());
 #endif  // defined(OS_CHROMEOS)
@@ -571,6 +579,25 @@ IN_PROC_BROWSER_TEST_F(PolicyUITest, SendPolicyValues) {
   VerifyPolicies(expected_policies);
 }
 
+// TODO(https://crbug.com/1027135) Add tests to verify extension policies are
+// exported correctly.
+class ExtensionPolicyUITest : public PolicyUITest,
+                              public ::testing::WithParamInterface<bool> {
+ public:
+  ExtensionPolicyUITest() {}
+
+  bool UseSigninProfile() const { return GetParam(); }
+
+  Profile* extension_profile() const {
+#if defined(OS_CHROMEOS)
+    if (UseSigninProfile()) {
+      return chromeos::ProfileHelper::GetSigninProfile();
+    }
+#endif  // defined(OS_CHROMEOS)
+    return browser()->profile();
+  }
+};
+
 // TODO(https://crbug.com/911661) Flaky time outs on Linux Chromium OS ASan
 // LSan bot.
 #if defined(ADDRESS_SANITIZER)
@@ -578,8 +605,8 @@ IN_PROC_BROWSER_TEST_F(PolicyUITest, SendPolicyValues) {
 #else
 #define MAYBE_ExtensionLoadAndSendPolicy ExtensionLoadAndSendPolicy
 #endif
-IN_PROC_BROWSER_TEST_F(PolicyUITest, MAYBE_ExtensionLoadAndSendPolicy) {
-  ui_test_utils::NavigateToURL(browser(), GURL(chrome::kChromeUIPolicyURL));
+IN_PROC_BROWSER_TEST_P(ExtensionPolicyUITest,
+                       MAYBE_ExtensionLoadAndSendPolicy) {
   base::ScopedAllowBlockingForTesting allow_blocking;
   base::ScopedTempDir temp_dir_;
   ASSERT_TRUE(temp_dir_.CreateUniqueTempDir());
@@ -647,16 +674,29 @@ IN_PROC_BROWSER_TEST_F(PolicyUITest, MAYBE_ExtensionLoadAndSendPolicy) {
   extensions::ExtensionBuilder builder;
   builder.SetPath(temp_dir_.GetPath());
   builder.SetManifest(manifest.Build());
+  builder.SetLocation(extensions::Manifest::EXTERNAL_POLICY_DOWNLOAD);
 
   // Install extension.
   extensions::ExtensionService* service =
-      extensions::ExtensionSystem::Get(browser()->profile())
+      extensions::ExtensionSystem::Get(extension_profile())
           ->extension_service();
   scoped_refptr<const extensions::Extension> extension = builder.Build();
+
+  // Bypass "signin_screen" feature only enabled for whitelisted extensions.
+  extensions::SimpleFeature::ScopedThreadUnsafeAllowlistForTest allowlist(
+      extension->id());
+  // Disable extension install verification.
+  extensions::ScopedInstallVerifierBypassForTest ignore_install_verification_;
+
   service->OnExtensionInstalled(extension.get(), syncer::StringOrdinal(), 0);
-  const policy::PolicyNamespace extension_policy_namespace(
-      policy::POLICY_DOMAIN_EXTENSIONS, extension->id());
-  PolicySchemaAvailableWaiter(browser()->profile(), extension_policy_namespace)
+
+  policy::PolicyDomain policy_domain =
+      UseSigninProfile() ? policy::POLICY_DOMAIN_SIGNIN_EXTENSIONS
+                         : policy::POLICY_DOMAIN_EXTENSIONS;
+  const policy::PolicyNamespace extension_policy_namespace(policy_domain,
+                                                           extension->id());
+  PolicySchemaAvailableWaiter(extension_profile()->GetOriginalProfile(),
+                              extension_policy_namespace)
       .Wait();
 
   std::vector<std::vector<std::string>> expected_chrome_policies;
@@ -746,3 +786,13 @@ IN_PROC_BROWSER_TEST_F(PolicyUITest, MAYBE_ExtensionLoadAndSendPolicy) {
                              values.Get(kSensitiveStringPolicy), false));
   VerifyPolicies(expected_policies_with_values);
 }
+
+INSTANTIATE_TEST_SUITE_P(All,
+                         ExtensionPolicyUITest,
+#if defined(OS_CHROMEOS)
+                         ::testing::Values(false, true)
+#else   // defined(OS_CHROMEOS)
+                         ::testing::Values(false)
+#endif  // defined(OS_CHROMEOS)
+
+);

chrome/browser/ui/webui/policy_ui_handler.cc

@@ -50,6 +50,7 @@
 #include "components/policy/core/common/cloud/machine_level_user_cloud_policy_manager.h"
 #include "components/policy/core/common/cloud/machine_level_user_cloud_policy_store.h"
 #include "components/policy/core/common/policy_details.h"
+#include "components/policy/core/common/policy_namespace.h"
 #include "components/policy/core/common/policy_scheduler.h"
 #include "components/policy/core/common/policy_types.h"
 #include "components/policy/core/common/remote_commands/remote_commands_service.h"
@@ -895,17 +896,60 @@ base::Value PolicyUIHandler::GetPolicyNames() const {
 
 #if BUILDFLAG(ENABLE_EXTENSIONS)
   // Add extension policy names.
+  AddExtensionPolicyNames(&names, policy::POLICY_DOMAIN_EXTENSIONS);
+
+#if defined(OS_CHROMEOS)
+  AddExtensionPolicyNames(&names, policy::POLICY_DOMAIN_SIGNIN_EXTENSIONS);
+#endif  // defined(OS_CHROMEOS)
+
+#endif  // BUILDFLAG(ENABLE_EXTENSIONS)
+
+  return std::move(names);
+}
+
+base::Value PolicyUIHandler::GetPolicyValues() const {
+  return policy::ArrayPolicyConversions()
+      .WithBrowserContext(web_ui()->GetWebContents()->GetBrowserContext())
+      .EnableConvertValues(true)
+      .ToValue();
+}
+
+void PolicyUIHandler::AddExtensionPolicyNames(
+    base::DictionaryValue* names,
+    policy::PolicyDomain policy_domain) const {
+#if BUILDFLAG(ENABLE_EXTENSIONS)
+
+#if defined(OS_CHROMEOS)
+  Profile* extension_profile =
+      policy_domain == policy::POLICY_DOMAIN_SIGNIN_EXTENSIONS
+          ? chromeos::ProfileHelper::GetSigninProfile()
+          : Profile::FromWebUI(web_ui());
+#else   // defined(OS_CHROMEOS)
+  Profile* extension_profile = Profile::FromWebUI(web_ui());
+#endif  // defined(OS_CHROMEOS)
+
+  scoped_refptr<policy::SchemaMap> schema_map =
+      extension_profile->GetOriginalProfile()
+          ->GetPolicySchemaRegistryService()
+          ->registry()
+          ->schema_map();
+
+  const extensions::ExtensionRegistry* registry =
+      extensions::ExtensionRegistry::Get(extension_profile);
+  std::unique_ptr<extensions::ExtensionSet> extension_set =
+      registry->GenerateInstalledExtensionsSet();
+
   for (const scoped_refptr<const extensions::Extension>& extension :
-       extensions::ExtensionRegistry::Get(profile)->enabled_extensions()) {
+       *extension_set) {
     // Skip this extension if it's not an enterprise extension.
     if (!extension->manifest()->HasPath(
-            extensions::manifest_keys::kStorageManagedSchema))
+            extensions::manifest_keys::kStorageManagedSchema)) {
       continue;
+    }
     auto extension_value = std::make_unique<base::DictionaryValue>();
     extension_value->SetString("name", extension->name());
-    const policy::Schema* schema =
-        schema_map->GetSchema(policy::PolicyNamespace(
-            policy::POLICY_DOMAIN_EXTENSIONS, extension->id()));
+    const policy::Schema* schema = schema_map->GetSchema(
+        policy::PolicyNamespace(policy_domain, extension->id()));
     auto policy_names = std::make_unique<base::ListValue>();
     if (schema && schema->valid()) {
       // Get policy names from the extension's policy schema.
@@ -916,18 +960,9 @@ base::Value PolicyUIHandler::GetPolicyNames() const {
       }
     }
     extension_value->Set("policyNames", std::move(policy_names));
-    names.Set(extension->id(), std::move(extension_value));
+    names->Set(extension->id(), std::move(extension_value));
   }
 #endif  // BUILDFLAG(ENABLE_EXTENSIONS)
-
-  return std::move(names);
-}
-
-base::Value PolicyUIHandler::GetPolicyValues() const {
-  return policy::ArrayPolicyConversions()
-      .WithBrowserContext(web_ui()->GetWebContents()->GetBrowserContext())
-      .EnableConvertValues(true)
-      .ToValue();
 }
 
 void PolicyUIHandler::SendStatus() {

chrome/browser/ui/webui/policy_ui_handler.h

@@ -13,6 +13,7 @@
 
 #include "base/macros.h"
 #include "base/memory/weak_ptr.h"
+#include "base/values.h"
 #include "components/policy/core/browser/policy_error_map.h"
 #include "components/policy/core/common/policy_map.h"
 #include "components/policy/core/common/policy_namespace.h"
@@ -55,7 +56,7 @@ class PolicyUIHandler : public content::WebUIMessageHandler,
   void OnExtensionUnloaded(content::BrowserContext* browser_context,
                            const extensions::Extension* extension,
                            extensions::UnloadedExtensionReason reason) override;
-#endif
+#endif  // BUILDFLAG(ENABLE_EXTENSIONS)
 
   // policy::PolicyService::Observer implementation.
   void OnPolicyUpdated(const policy::PolicyNamespace& ns,
@@ -76,6 +77,9 @@ class PolicyUIHandler : public content::WebUIMessageHandler,
   base::Value GetPolicyNames() const;
   base::Value GetPolicyValues() const;
 
+  void AddExtensionPolicyNames(base::DictionaryValue* names,
+                               policy::PolicyDomain policy_domain) const;
+
   void HandleExportPoliciesJson(const base::ListValue* args);
   void HandleListenPoliciesUpdates(const base::ListValue* args);
   void HandleReloadPolicies(const base::ListValue* args);

chrome/test/base/testing_profile_manager.cc

@@ -78,7 +78,8 @@ TestingProfile* TestingProfileManager::CreateTestingProfile(
     int avatar_id,
     const std::string& supervised_user_id,
     TestingProfile::TestingFactories testing_factories,
-    base::Optional<bool> override_new_profile) {
+    base::Optional<bool> override_new_profile,
+    base::Optional<std::unique_ptr<policy::PolicyService>> policy_service) {
   DCHECK(called_set_up_);
 
   // Create a path for the profile based on the name.
@@ -105,6 +106,8 @@ TestingProfile* TestingProfileManager::CreateTestingProfile(
   builder.SetProfileName(profile_name);
   if (override_new_profile)
     builder.OverrideIsNewProfile(*override_new_profile);
+  if (policy_service)
+    builder.SetPolicyService(std::move(*policy_service));
 
   for (TestingProfile::TestingFactories::value_type& pair : testing_factories)
     builder.AddTestingFactory(pair.first, std::move(pair.second));

chrome/test/base/testing_profile_manager.h

@@ -17,6 +17,7 @@
 #include "base/test/scoped_path_override.h"
 #include "chrome/test/base/scoped_testing_local_state.h"
 #include "chrome/test/base/testing_profile.h"
+#include "components/policy/core/common/policy_service.h"
 
 class ProfileInfoCache;
 class ProfileAttributesStorage;
@@ -67,7 +68,9 @@ class TestingProfileManager {
       int avatar_id,
       const std::string& supervised_user_id,
       TestingProfile::TestingFactories testing_factories,
-      base::Optional<bool> override_new_profile = base::Optional<bool>());
+      base::Optional<bool> override_new_profile = base::nullopt,
+      base::Optional<std::unique_ptr<policy::PolicyService>> policy_service =
+          base::nullopt);
 
   // Small helper for creating testing profiles. Just forwards to above.
   TestingProfile* CreateTestingProfile(const std::string& name);

chrome/test/data/extensions/api_test/autotest_private/test.js

@@ -842,7 +842,8 @@ var policyTests = [
                  "value":true}
               },
             "deviceLocalAccountPolicies":{},
-            "extensionPolicies":{}
+            "extensionPolicies":{},
+            "loginScreenExtensionPolicies":{}
           }
         chrome.test.assertEq(expectedPolicy, policydata);
         chrome.test.succeed();

components/policy/resources/webui/policy_base.js

@@ -516,7 +516,13 @@ cr.define('policy', function() {
                 },
                 value.policies[name]));
 
-        return {name: value.name, id: value.id, policies};
+        return {
+          name: value.forSigninScreen ?
+              `${value.name} [${loadTimeData.getString('signinProfile')}]` :
+              value.name,
+          id: value.id,
+          policies
+        };
       });
 
       policyGroups.forEach(group => this.createOrUpdatePolicyTable(group));

components/policy_strings.grdp

@@ -525,4 +525,7 @@ Additional details:
   <message name="IDS_POLICY_OFFHOURS_NOT_ACTIVE" desc="Indicates the off-hours policy is not active.">
     Not active
   </message>
+  <message name="IDS_POLICY_SIGNIN_PROFILE" desc="Label to indicate that the policy is for the sign-in screen profile.">
+    sign-in screen profile
+  </message>
 </grit-part>

components/policy_strings_grdp/IDS_POLICY_SIGNIN_PROFILE.png.sha1

+25dcf56851844bbc09c97e3b68f2a3bb27b334ae
\ No newline at end of file