Set WebUsbAllowDevicesForUrls policy to future |
||||||||
Issue descriptionAdd the "future: True" property to the WebUsbAllowDevicesForUrls policy to prevent the policy from being included in the generated files found in //out/Debug/gen/chrome/app/policy/ (https://cs.chromium.org/chromium/src/out/Debug/gen/chrome/app/policy/). This directory contains the documentation for the policies and policy templates for the OSes. The tracking bug for the feature is the following: https://crbug.com/854329 The change that adds the future property is the following: https://chromium-review.googlesource.com/c/chromium/src/+/1262082 The change was merged last Friday, October 19. The change does not contain any unit tests because it simply prevents the WebUsbAllowDevicesForUrls policy from being included in the generated documentation and policy templates. The policy is able to be enforced as of change 1259289 (https://chromium-review.googlesource.com/c/chromium/src/+/1259289), however, the UI for chrome://settings/content/usbDevices, the Page Info dialog box, and Android Site Settings have not been updated to display the policy allowed USB devices yet. Therefore, the policy should not be visible in the documentation and policy template until the UI changes are implemented. The policy itself does contain unit tests in the following files: * chrome/browser/policy/webusb_allow_devices_for_urls_policy_handler_unittest.cc (https://cs.chromium.org/chromium/src/chrome/browser/policy/webusb_allow_devices_for_urls_policy_handler_unittest.cc) * chrome/browser/usb/usb_chooser_context_unittest.cc (https://cs.chromium.org/chromium/src/chrome/browser/usb/usb_chooser_context_unittest.cc?l=372) * chrome/browser/policy/policy_browsertest.cc (https://cs.chromium.org/chromium/src/chrome/browser/policy/policy_browsertest.cc?l=6295)
,
Oct 22
The change that I'm requesting the merge for is this one: https://chromium-review.googlesource.com/c/chromium/src/+/1262082 This change only affects the policy documentation and templates that are generated, so it should be very safe. However, I did ask pastarmovj@ to provide verification for this change, since he is an owner for the file that is changed. This change is moderately critical and should be included in M71 because it states that the policy is not ready for use yet. I would like to update the settings and page info UI to show the policy managed devices so that users can see that a site has permission to access a USB device due to the policy.
,
Oct 23
Agree that the change is safe and to my knowledge will not cause any changes in the compiled code only in the admin resources. It will cause the policy to be logically present in the code but not available to admins to set. We have a few more such in Chrome so this way of hiding not finished policies is already tested.
,
Oct 23
Your change meets the bar and is auto-approved for M71. Please go ahead and merge the CL to branch 3578 manually. Please contact milestone owner if you have questions. Owners: benmason@(Android), kariahda@(iOS), kbleicher@(ChromeOS), govind@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Oct 23
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/27c01de8527b0435e634fbbe413dc1187e31b39d commit 27c01de8527b0435e634fbbe413dc1187e31b39d Author: Ovidio Henriquez <odejesush@chromium.org> Date: Tue Oct 23 20:43:42 2018 Set WebUsbAllowDevicesForUrls policy to future This change updates the WebUsbAllowDevicesForUrls policy entry in policy_templates.json to have the future property set to true. This prevents the policy from being in documentation and the generated ADMX and linux.json file until the policy is visible in Site settings. Design document: https://docs.google.com/document/d/1MPvsrWiVD_jAC8ELyk8njFpy6j1thfVU5aWT3TCWE8w Bug: 854329, 897887 Change-Id: Ib2c9a04fd992d8c6c88a52ec9c954a48ff9a673d Reviewed-on: https://chromium-review.googlesource.com/c/1262082 Commit-Queue: Ovidio Henriquez <odejesush@chromium.org> Reviewed-by: Julian Pastarmov <pastarmovj@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#601277}(cherry picked from commit 2faba286f45587d104c80dceee4c2084e3eab5b3) Reviewed-on: https://chromium-review.googlesource.com/c/1297058 Reviewed-by: Ovidio Henriquez <odejesush@chromium.org> Cr-Commit-Position: refs/branch-heads/3578@{#272} Cr-Branched-From: 4226ddf99103e493d7afb23a4c7902ee496108b6-refs/heads/master@{#599034} [modify] https://crrev.com/27c01de8527b0435e634fbbe413dc1187e31b39d/components/policy/resources/policy_templates.json
,
Oct 23
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/27c01de8527b0435e634fbbe413dc1187e31b39d Commit: 27c01de8527b0435e634fbbe413dc1187e31b39d Author: odejesush@chromium.org Commiter: odejesush@chromium.org Date: 2018-10-23 20:43:42 +0000 UTC Set WebUsbAllowDevicesForUrls policy to future This change updates the WebUsbAllowDevicesForUrls policy entry in policy_templates.json to have the future property set to true. This prevents the policy from being in documentation and the generated ADMX and linux.json file until the policy is visible in Site settings. Design document: https://docs.google.com/document/d/1MPvsrWiVD_jAC8ELyk8njFpy6j1thfVU5aWT3TCWE8w Bug: 854329, 897887 Change-Id: Ib2c9a04fd992d8c6c88a52ec9c954a48ff9a673d Reviewed-on: https://chromium-review.googlesource.com/c/1262082 Commit-Queue: Ovidio Henriquez <odejesush@chromium.org> Reviewed-by: Julian Pastarmov <pastarmovj@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#601277}(cherry picked from commit 2faba286f45587d104c80dceee4c2084e3eab5b3) Reviewed-on: https://chromium-review.googlesource.com/c/1297058 Reviewed-by: Ovidio Henriquez <odejesush@chromium.org> Cr-Commit-Position: refs/branch-heads/3578@{#272} Cr-Branched-From: 4226ddf99103e493d7afb23a4c7902ee496108b6-refs/heads/master@{#599034}
,
Oct 31
Julian@/odejesush@ : Could you please help us with repro steps to verify this fix from TE-End.
,
Oct 31
Grab policy templates built from the 71 branch (tbh I don't know where but I guess where you get the chrome installers from might contain all build artifacts). Install it on windows and verify that the GPOs for Chrome do not contain the "Automatically grant permission to these sites to connect to USB devices with the given vendor and product IDs." policy in the "content settings" group.
,
Oct 31
The policy templates are found in //out/Debug/gen/chrome/app/policy/.
,
Oct 31
Got the latest Chrome "GoogleChromeEnterpriseBundle.zip" for Chrome version 71.0.3578.30 which contains Chrome.adm file and I am still able to see and set ""Automatically grant permission to these sites to connect to USB devices with the given vendor and product IDs." policy in the "content settings" group.
,
Jan 11
,
Jan 17
(6 days ago)
Our team has checked this on with GoogleChromeEnterpriseBundle.zip for Chrome versions 73.0.3664.3 & 72.0.3626.64 and haven't observed ""Automatically grant permission to these sites to connect to USB devices with the given vendor and product IDs." policy. Hence changing the status of the bug to Verified. |
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by gov...@chromium.org
, Oct 22