Update KeyPermissions policy description

With crbug.com/1113115 closed, ARC applications can be mentioned in KeyPermissions policy to enable ARC to access corporate keys. Bug: None Change-Id: I283c399b4d593f4b33910f2e8d160ab09be91e6b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2561841Reviewed-by: Pavol Marko <pmarko@chromium.org> Reviewed-by: Edman Anjos <edman@chromium.org> Commit-Queue: Edman Anjos <edman@chromium.org> Cr-Commit-Position: refs/heads/master@{#843370}

Update KeyPermissions policy description
With crbug.com/1113115 closed, ARC applications can be mentioned in KeyPermissions policy to enable ARC to access corporate keys. Bug: None Change-Id: I283c399b4d593f4b33910f2e8d160ab09be91e6b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2561841Reviewed-by: Pavol Marko <pmarko@chromium.org> Reviewed-by: Edman Anjos <edman@chromium.org> Commit-Queue: Edman Anjos <edman@chromium.org> Cr-Commit-Position: refs/heads/master@{#843370}
c2c619e2 · Omar Morsi · Chromium LUCI CQ · cbebd639 · c2c619e2
Commit c2c619e2 authored Jan 14, 2021 by Omar Morsi Committed by Chromium LUCI CQ Jan 14, 2021
Show whitespace changes
Inline Side-by-side

Showing with 9 additions and 3 deletions

components/policy/resources/policy_templates.json components/policy/resources/policy_templates.json +9 -3

No files found.
--- a/components/policy/resources/policy_templates.json
+++ b/components/policy/resources/policy_templates.json
@@ -14423,15 +14423,21 @@
        },
        'extension2': {
          'allowCorporateKeyUsage': False
+        },
+        'com.example.app': {
+          'allowCorporateKeyUsage': True
+        },
+        'com.example.app2': {
+          'allowCorporateKeyUsage': False
        }
      },
      'id': 302,
      'caption': 'Key Permissions',
      'tags': [],
-      'desc': '''Setting the policy grants access to corporate keys to extensions. Keys are designated for corporate usage only if they're generated using the chrome.enterprise.platformKeys API on a managed account. Users can't grant or withdraw access to corporate keys to or from extensions.
+      'desc': '''Setting the policy grants access to corporate keys to extensions or Android applications. Keys are designated for corporate usage only if they're generated using the chrome.enterprise.platformKeys API on a managed account. Users can't grant or withdraw access to corporate keys to or from extensions or Android applications.
-      By default, an extension can't use a key designated for corporate usage, which is equivalent to setting allowCorporateKeyUsage to False for that extension. Only if allowCorporateKeyUsage is set to True for an extension can it use any platform key marked for corporate usage to sign arbitrary data. Only grant this permission if the extension is trusted to secure access to the key against attackers.''',
+      By default, an extension or an Android applications can't use a key designated for corporate usage, which is equivalent to setting allowCorporateKeyUsage to False for it. Only if allowCorporateKeyUsage is set to True for an extension or an Android application can it use any platform key marked for corporate usage to sign arbitrary data. Only grant this permission if the extension or the Android application is trusted to secure access to the key against attackers.''',
-      'arc_support': 'Android apps cannot get access to corporate keys. This policy has no effect on them.',
+      'arc_support': 'Corporate keys can be used by Android applications that are installed and listed in this policy.',
    },
    {
      'name': 'WelcomePageOnOSUpgradeEnabled',