Commit e36366f6 authored by Owen Min's avatar Owen Min Committed by Commit Bot

Rename multiple policies in policy_templates.json

The following policies are renamed. The new names will be launched in
M87 and the old one will be deprecated at the same time.

DeviceNativePrintersBlacklist => DeviceNativePrintersBlacklist
DeviceNativePrintersWhitelist => DevicePrintersAllowlist
DeviceNativePrintersAccessMode => DevicePrintersAccessMode
DeviceNativePrinters => DevicePrinters
UsbDetachableWhitelist => UsbDetachableAllowlist
QuickUnlockModeWhitelist => QuickUnlockModeAllowlist
PrintingAPIExtensionsWhitelist => PrintingAPIExtensionsAllowlist
DeviceUserWhitelist => DeviceUserAllowlist

Bug: 1098051, 1098048, 1105183, 1105185, 1103813, 1103814, 1119444, 1103816
Change-Id: I7c224d64bb3e9434e87ab7528d4be06070f4c599
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2424656
Auto-Submit: Owen Min <zmin@chromium.org>
Reviewed-by: default avatarJulian Pastarmov <pastarmovj@chromium.org>
Commit-Queue: Owen Min <zmin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#809785}
parent 7ca60a44
...@@ -2815,7 +2815,7 @@ ...@@ -2815,7 +2815,7 @@
'type': 'array', 'type': 'array',
'items': { 'type': 'string' }, 'items': { 'type': 'string' },
}, },
'future_on': ['chrome_os'], 'supported_on': ['chrome_os:87-'],
'features': { 'features': {
'dynamic_refresh': True, 'dynamic_refresh': True,
'per_profile': True 'per_profile': True
...@@ -9239,13 +9239,17 @@ ...@@ -9239,13 +9239,17 @@
'features': { 'features': {
'dynamic_refresh': True, 'dynamic_refresh': True,
}, },
'deprecated': True,
'example_value': [ 'madmax@managedchrome.com' ], 'example_value': [ 'madmax@managedchrome.com' ],
'id': 122, 'id': 122,
'caption': '''Login user white list''', 'caption': '''Login user white list''',
'tags': [], 'tags': [],
'desc': '''Defines the list of users that are allowed to login to the device. Entries are of the form <ph name="USER_ALLOWLIST_ENTRY_FORMAT">user@domain</ph>, such as <ph name="USER_ALLOWLIST_ENTRY_EXAMPLE">madmax@managedchrome.com</ph>. To allow arbitrary users on a domain, use entries of the form <ph name="USER_ALLOWLIST_ENTRY_WILDCARD">*@domain</ph>. 'desc': '''Defines the list of users that are allowed to login to the device. Entries are of the form <ph name="USER_ALLOWLIST_ENTRY_FORMAT">user@domain</ph>, such as <ph name="USER_ALLOWLIST_ENTRY_EXAMPLE">madmax@managedchrome.com</ph>. To allow arbitrary users on a domain, use entries of the form <ph name="USER_ALLOWLIST_ENTRY_WILDCARD">*@domain</ph>.
If this policy is not configured, there are no restrictions on which users are allowed to sign in. Note that creating new users still requires the <ph name="DEVICE_ALLOW_NEW_USERS_POLICY_NAME">DeviceAllowNewUsers</ph> policy to be configured appropriately.''', If this policy is not configured, there are no restrictions on which users are allowed to sign in. Note that creating new users still requires the <ph name="DEVICE_ALLOW_NEW_USERS_POLICY_NAME">DeviceAllowNewUsers</ph> policy to be configured appropriately.
This policy is deprecated, please use <ph name="DEVICE_USER_ALLOWLIST_POLICY_NAME">DeviceUserAllowlist</ph> instead.
''',
'arc_support': 'This policy controls who may start a <ph name="PRODUCT_OS_NAME">$2<ex>Chromium OS</ex></ph> session. It does not prevent users from signing in to additional Google accounts within Android. If you want to prevent this, configure the Android-specific <ph name="ACCOUNT_TYPES_WITH_MANAGEMENT_DISABLED_CLOUDDPC_POLICY_NAME">accountTypesWithManagementDisabled</ph> policy as part of <ph name="ARC_POLICY_POLICY_NAME">ArcPolicy</ph>.', 'arc_support': 'This policy controls who may start a <ph name="PRODUCT_OS_NAME">$2<ex>Chromium OS</ex></ph> session. It does not prevent users from signing in to additional Google accounts within Android. If you want to prevent this, configure the Android-specific <ph name="ACCOUNT_TYPES_WITH_MANAGEMENT_DISABLED_CLOUDDPC_POLICY_NAME">accountTypesWithManagementDisabled</ph> policy as part of <ph name="ARC_POLICY_POLICY_NAME">ArcPolicy</ph>.',
}, },
...@@ -9258,7 +9262,7 @@ ...@@ -9258,7 +9262,7 @@
'items': { 'type': 'string' }, 'items': { 'type': 'string' },
'sensitiveValue': True, 'sensitiveValue': True,
}, },
'future_on': ['chrome_os'], 'supported_on': ['chrome_os:87-'],
'device_only': True, 'device_only': True,
'features': { 'features': {
'dynamic_refresh': True, 'dynamic_refresh': True,
...@@ -14303,6 +14307,7 @@ ...@@ -14303,6 +14307,7 @@
'features': { 'features': {
'dynamic_refresh': False, 'dynamic_refresh': False,
}, },
'deprecated': True,
'example_value': [ 'example_value': [
{ {
'vendor_id' : 1027, 'vendor_id' : 1027,
...@@ -14318,7 +14323,10 @@ ...@@ -14318,7 +14323,10 @@
'tags': ['system-security'], 'tags': ['system-security'],
'desc': '''Setting the policy defines the list of USB devices users can detach from their kernel driver to use through the chrome.usb API directly inside a web app. Entries are pairs of USB Vendor Identifier and Product Identifier to identify specific hardware. 'desc': '''Setting the policy defines the list of USB devices users can detach from their kernel driver to use through the chrome.usb API directly inside a web app. Entries are pairs of USB Vendor Identifier and Product Identifier to identify specific hardware.
If not set, the list of a detachable USB devices is empty.''', If not set, the list of a detachable USB devices is empty.
This policy is deprecated, please use <ph name="USB_DETACHABLE_ALLOWLIST_POLICY_NAME">UsbDetachableAllowlist</ph> instead.
''',
}, },
{ {
'name': 'UsbDetachableAllowlist', 'name': 'UsbDetachableAllowlist',
...@@ -14335,7 +14343,7 @@ ...@@ -14335,7 +14343,7 @@
}, },
}, },
}, },
'future_on': ['chrome_os'], 'supported_on': ['chrome_os:87-'],
'device_only': True, 'device_only': True,
'features': { 'features': {
'dynamic_refresh': False, 'dynamic_refresh': False,
...@@ -15453,6 +15461,7 @@ ...@@ -15453,6 +15461,7 @@
'dynamic_refresh': True, 'dynamic_refresh': True,
'per_profile': False, 'per_profile': False,
}, },
'deprecated': True,
'example_value': { 'example_value': {
"url": "https://example.com/printerpolicy", "url": "https://example.com/printerpolicy",
"hash": "deadbeefdeadbeefdeadbeefdeadbeefdeafdeadbeefdeadbeef" "hash": "deadbeefdeadbeefdeadbeefdeadbeefdeafdeadbeefdeadbeef"
...@@ -15468,13 +15477,15 @@ ...@@ -15468,13 +15477,15 @@
The file is downloaded and cached. It will be re-downloaded whenever the URL or the hash changes. The file is downloaded and cached. It will be re-downloaded whenever the URL or the hash changes.
If this policy is set, <ph name="PRODUCT_OS_NAME">$2<ex>Google Chrome OS</ex></ph> will download the file for printer configurations and make printers available in accordance with <ph name="DEVICE_NATIVE_PRINTERS_ACCESS_MODE">DeviceNativePrintersAccessMode</ph>, <ph name="DEVICE_NATIVE_PRINTERS_WHITELIST_POLICY_NAME">DeviceNativePrintersWhitelist</ph>, and <ph name="DEVICE_NATIVE_PRINTERS_BLACKLIST_POLICY_NAME">DeviceNativePrintersBlacklist</ph>. If this policy is set, <ph name="PRODUCT_OS_NAME">$2<ex>Google Chrome OS</ex></ph> will download the file for printer configurations and make printers available in accordance with <ph name="DEVICE_PRINTERS_ACCESS_MODE_POLICY_NAME">DevicePrintersAccessMode</ph>, <ph name="DEVICE_PRINTERS_ALLOWLIST_POLICY_NAME">DevicePrintersAllowlist</ph>, and <ph name="DEVICE_PRINTERS_BLOCKLIST_POLICY_NAME">DevicePrintersBlocklist</ph>.
This policy has no effect on whether users can configure printers on individual devices. It is intended to be supplementary to the configuration of printers by individual users. This policy has no effect on whether users can configure printers on individual devices. It is intended to be supplementary to the configuration of printers by individual users.
This policy is additive to the <ph name="BULK_PRINTERS_POLICY_NAME">NativePrintersBulkConfiguration</ph>. This policy is additive to the <ph name="BULK_PRINTERS_POLICY_NAME">NativePrintersBulkConfiguration</ph>.
If this policy is unset, there will be no device printers and the other <ph name="DEVICE_NATIVE_PRINTERS_POLICY_PATTERN">DeviceNativePrinter*</ph> policies will be ignored. If this policy is unset, there will be no device printers and the other <ph name="DEVICE_NATIVE_PRINTERS_POLICY_PATTERN">DeviceNativePrinter*</ph> policies will be ignored.
This policy is deprecated, please use <ph name="DEVICE_PRINTERS_POLICY_NAME">DevicePrinters</ph> instead.
''', ''',
}, },
{ {
...@@ -15509,14 +15520,17 @@ ...@@ -15509,14 +15520,17 @@
'dynamic_refresh': True, 'dynamic_refresh': True,
'per_profile': False, 'per_profile': False,
}, },
'deprecated': True,
'example_value': 1, 'example_value': 1,
'caption': '''Device printers configuration access policy.''', 'caption': '''Device printers configuration access policy.''',
'tags': [], 'tags': [],
'desc': '''Controls which printers from the <ph name="DEVICE_PRINTERS_POLICY">DeviceNativePrinters</ph> are available to users. 'desc': '''Controls which printers from the <ph name="DEVICE_PRINTERS_POLICY_NAME">DevicePrinters</ph> are available to users.
Designates which access policy is used for bulk printer configuration. If <ph name="PRINTERS_ALLOW_ALL">AllowAll</ph> is selected, all printers are shown. If <ph name="PRINTERS_BLACKLIST">BlacklistRestriction</ph> is selected, <ph name="DEVICE_NATIVE_PRINTERS_BLACKLIST">DeviceNativePrintersBlacklist</ph> is used to restrict access to the specified printers. If <ph name="PRINTERS_WHITELIST">WhitelistPrintersOnly</ph> is selected, <ph name="DEVICE_NATIVE_PRINTERS_WHITELIST">DevicePrintersWhitelist</ph> designates only those printers which are selectable. Designates which access policy is used for bulk printer configuration. If <ph name="PRINTERS_ALLOW_ALL">AllowAll</ph> is selected, all printers are shown. If <ph name="PRINTERS_BLACKLIST">BlacklistRestriction</ph> is selected, <ph name="DEVICE_PRINTERS_BLOCKLIST_POLICY_NAME">DevicePrintersBlocklist</ph> is used to restrict access to the specified printers. If <ph name="PRINTERS_WHITELIST">WhitelistPrintersOnly</ph> is selected, <ph name="DEVICE_PRINTERS_ALLOWLIST_POLCY_NAME">DevicePrintersAllowlist</ph> designates only those printers which are selectable.
If this policy is not set, <ph name="PRINTERS_ALLOW_ALL">AllowAll</ph> is assumed. If this policy is not set, <ph name="PRINTERS_ALLOW_ALL">AllowAll</ph> is assumed.
This policy is deprecated, please use <ph name="DEVICE_PRINTERS_ACCESS_MODE_POLICY_NAME">DevicePrintersAccessMode</ph> instead.
''', ''',
}, },
{ {
...@@ -15533,14 +15547,17 @@ ...@@ -15533,14 +15547,17 @@
'features': { 'features': {
'dynamic_refresh': True, 'dynamic_refresh': True,
}, },
'deprecated': True,
'example_value': ["id1", "id2", "id3"], 'example_value': ["id1", "id2", "id3"],
'caption': '''Disabled enterprise device printers''', 'caption': '''Disabled enterprise device printers''',
'tags': [], 'tags': [],
'desc': '''Specifies the printers which a user cannot use. 'desc': '''Specifies the printers which a user cannot use.
This policy is only used if <ph name="PRINTERS_BLACKLIST">BlacklistRestriction</ph> is chosen for <ph name="DEVICE_NATIVE_PRINTERS_ACCESS_MODE">DeviceNativePrintersAccessMode</ph>. This policy is only used if <ph name="PRINTERS_BLACKLIST">BlacklistRestriction</ph> is chosen for <ph name="DEVICE_PRINTERS_ACCESS_MODE_POLICY_NAME">DevicePrintersAccessMode</ph>.
If this policy is used, all printers are provided to the user except for the ids listed in this policy. The ids must correspond to the "id" or "guid" fields in the file specified in <ph name="DEVICE_PRINTERS_POLICY_NAME">DevicePrinters</ph>.
If this policy is used, all printers are provided to the user except for the ids listed in this policy. The ids must correspond to the "id" or "guid" fields in the file specified in <ph name="DEVICE_PRINTERS_POLICY">DeviceNativePrinters</ph>. This policy is deprecated, please use <ph name="DEVICE_PRINTERS_BLOCKLIST_POLICY_NAME">DevicePrintersBlocklist</ph> instead.
''', ''',
}, },
{ {
...@@ -15558,14 +15575,17 @@ ...@@ -15558,14 +15575,17 @@
'dynamic_refresh': True, 'dynamic_refresh': True,
'per_profile': False, 'per_profile': False,
}, },
'deprecated': True,
'example_value': ["id1", "id2", "id3"], 'example_value': ["id1", "id2", "id3"],
'caption': '''Enabled enterprise device printers''', 'caption': '''Enabled enterprise device printers''',
'tags': [], 'tags': [],
'desc': '''Specifies the printers which a user can use. 'desc': '''Specifies the printers which a user can use.
This policy is only used if <ph name="PRINTERS_WHITELIST">WhitelistPrintersOnly</ph> is chosen for <ph name="DEVICE_NATIVE_PRINTERS_ACCESS_MODE">DeviceNativePrintersAccessMode</ph> This policy is only used if <ph name="PRINTERS_WHITELIST">WhitelistPrintersOnly</ph> is chosen for <ph name="DEVICE_PRINTERS_ACCESS_MODE_POLICY_NAME">DevicePrintersAccessMode</ph>
If this policy is used, only the printers with ids matching the values in this policy are available to the user. The ids must correspond to the "id" or "guid" fields in the file specified in <ph name="DEVICE_PRINTERS_POLICY_NAME">DevicePrinters</ph>.
If this policy is used, only the printers with ids matching the values in this policy are available to the user. The ids must correspond to the "id" or "guid" fields in the file specified in <ph name="DEVICE_PRINTERS_POLICY">DeviceNativePrinters</ph>. This policy is deprecated, please use <ph name="DEVICE_PRINTERS_ALLOWLIST_POLICY_NAME">DevicePrintersAllowlist</ph> instead.
''', ''',
}, },
{ {
...@@ -15581,7 +15601,7 @@ ...@@ -15581,7 +15601,7 @@
'hash': { 'type': 'string' } 'hash': { 'type': 'string' }
}, },
}, },
'future_on': ['chrome_os'], 'supported_on': ['chrome_os:87-'],
'features': { 'features': {
'dynamic_refresh': True, 'dynamic_refresh': True,
'per_profile': False, 'per_profile': False,
...@@ -15615,7 +15635,7 @@ ...@@ -15615,7 +15635,7 @@
'owners': ['skau@chromium.org', 'nikitapodguzov@chromium.org'], 'owners': ['skau@chromium.org', 'nikitapodguzov@chromium.org'],
'id': 733, 'id': 733,
'device_only': True, 'device_only': True,
'future_on': ['chrome_os'], 'supported_on': ['chrome_os:87-'],
'type': 'int-enum', 'type': 'int-enum',
'schema': { 'schema': {
'type': 'integer', 'type': 'integer',
...@@ -15655,7 +15675,7 @@ ...@@ -15655,7 +15675,7 @@
{ {
'name': 'DevicePrintersBlocklist', 'name': 'DevicePrintersBlocklist',
'owners': ['skau@chromium.org', 'nikitapodguzov@chromium.org', 'bmalcolm@chromium.org'], 'owners': ['skau@chromium.org', 'nikitapodguzov@chromium.org', 'bmalcolm@chromium.org'],
'future_on': ['chrome_os'], 'supported_on': ['chrome_os:87-'],
'device_only': True, 'device_only': True,
'id': 734, 'id': 734,
'type': 'list', 'type': 'list',
...@@ -15679,7 +15699,7 @@ ...@@ -15679,7 +15699,7 @@
{ {
'name': 'DevicePrintersAllowlist', 'name': 'DevicePrintersAllowlist',
'owners': ['skau@chromium.org', 'nikitapodguzov@chromium.org', 'bmalcolm@chromium.org'], 'owners': ['skau@chromium.org', 'nikitapodguzov@chromium.org', 'bmalcolm@chromium.org'],
'future_on': ['chrome_os'], 'supported_on': ['chrome_os:87-'],
'device_only': True, 'device_only': True,
'id': 735, 'id': 735,
'type': 'list', 'type': 'list',
...@@ -15943,6 +15963,7 @@ ...@@ -15943,6 +15963,7 @@
'dynamic_refresh': True, 'dynamic_refresh': True,
'per_profile': True, 'per_profile': True,
}, },
'deprecated': True,
'example_value': ['PIN'], 'example_value': ['PIN'],
'default_for_enterprise_users': [], 'default_for_enterprise_users': [],
'id': 352, 'id': 352,
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment