Rework our existing group policies and match the style that Chromium …

…uses.

The assets generated now include all of the Brave group policies in a group
called "BraveSoftware".

Fixes brave/brave-browser#26502

DEPS

@@ -176,6 +176,11 @@ hooks = [
     "condition": 'checkout_mac and host_os != "mac" and checkout_dmg_tool',
     'action': ['build/mac/cross-compile/build-libdmg-hfsplus.py', 'third_party/libdmg-hfsplus']
   },
+  {
+    'name': 'update_group_policy',
+    'pattern': '.',
+    'action': ['python3', 'build/util/update_group_policy.py']
+  },
 ]
 
 include_rules = [

build/util/update_group_policy.py

@@ -0,0 +1,62 @@
+#!/usr/bin/env python3
+# Copyright (c) 2024 The Brave Authors. All rights reserved.
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this file,
+# You can obtain one at https://mozilla.org/MPL/2.0/.
+
+import os
+import shutil
+import hashlib
+
+from brave_chromium_utils import wspath
+
+# Chromium stores all group policy definitions under
+# `//components/policy/resources/templates/policy_definitions/`
+#
+# The name of the file (minus the extension; ex: TorDisable.yaml => TorDisable)
+# corresponds to an auto-generated entry in:
+# `//out/<build_type_here>/gen/chrome/app/policy/policy_templates.json
+#
+# That auto-generated value (ex: `policy::key::kTorDisabled`) is referenced
+# when we map to a preference in our policy map:
+# `//brave/browser/policy/brave_simple_policy_map.h`
+#
+# When the code below is ran (trigger via hook; see //brave/DEPS) this will
+# copy the group policy files from:
+# `//brave/components/policy/resources/templates/policy_definitions/`
+# to their expected place in Chromium:
+# `//components/policy/resources/templates/policy_definitions/`
+#
+
+
+def update_policy_files():
+    policy_dir = wspath(
+        "//brave/components/policy/resources/templates/policy_definitions/")
+    with os.scandir(policy_dir) as entries:
+        for entry in entries:
+            if not entry.is_dir():
+                continue
+            src_dir = entry.path
+            src_dir_name = entry.name
+            dst_dir = wspath(
+                f"//components/policy/resources/templates/policy_definitions/{src_dir_name}"  # pylint: disable=line-too-long
+            )
+            shutil.copytree(src_dir,
+                            dst_dir,
+                            dirs_exist_ok=True,
+                            copy_function=copy_only_if_modified)
+
+
+def copy_only_if_modified(src, dst):
+    """Copy file if it doesn't exist or if its hash is different."""
+
+    def file_hash(file_path):
+        with open(file_path, "rb") as f:
+            return hashlib.file_digest(f, "sha256").digest()
+
+    if not os.path.exists(dst) or file_hash(src) != file_hash(dst):
+        shutil.copy2(src, dst)
+
+
+if __name__ == "__main__":
+    update_policy_files()

chromium_src/components/policy/resources/policy_templates.py

@@ -0,0 +1,68 @@
+# Copyright (c) 2024 The Brave Authors. All rights reserved.
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this file,
+# You can obtain one at https://mozilla.org/MPL/2.0/.
+
+import override_utils
+import json
+
+
+@override_utils.override_function(globals())
+def _LoadPolicies(orig_func):
+    policies = orig_func()
+
+    # `policies` will have the following notable keys:
+    #
+    # "policy_definitions"
+    # there will be one "group" for every folder found under
+    # `//components/policy/resources/templates/policy_definitions`
+    # Chromium considers the folder name the group name for the policy.
+    # Brave uses the group name "BraveSoftware". The child element for the
+    # group is the policy itself (those are the yaml files in the folder).
+    #
+    # Brave specific entries will get copied into place by the hooks that run
+    # via DEPS. We copy the files from:
+    # `//brave/components/policy/resources/templates/policy_definitions/BraveSoftware` # pylint: disable=line-too-long
+    # to:
+    # `//components/policy/resources/templates/policy_definitions`
+    #
+    #
+    # "policies"
+    # This has the contents of:
+    # `//components/policy/resources/templates/policies.yaml`
+    # This is where we need to inject the Brave specific names. The policies
+    # themselves are already defined (under `policy_definitions`), we just need
+    # to add a mapping for ID (integer; unique) and name (matches name under
+    # `policy_definitions`).
+    #
+    #
+    # There are some other fields which are not used by this script:
+    # - "common_schemas"
+    # - "legacy_device_policy_proto_map"
+    # - "manual_device_policy_proto_map"
+    # - "risk_tag_definitions"
+
+    policy_yaml = policies['policies']
+    policy_section = policy_yaml['policies']
+
+    # get the highest ID in the file
+    highest_number = 0
+    for key, _ in policy_section.items():
+        if int(key) > highest_number:
+            highest_number = int(key)
+
+    # append our entries to the ones from policies.yaml
+    # TODO(bsclifton): we can create this array dynamically by reading the file
+    # names from:
+    # `//brave/components/policy/resources/templates/policy_definitions/BraveSoftware` # pylint: disable=line-too-long
+    brave_policies = [
+        'TorDisabled', 'BraveRewardsDisabled', 'BraveWalletDisabled',
+        'BraveVPNDisabled', 'BraveAIChatEnabled', 'BraveSyncUrl',
+        'BraveShieldsDisabledForUrls', 'BraveShieldsEnabledForUrls'
+    ]
+    for entry in brave_policies:
+        highest_number += 1
+        #policy_key = str(highest_number)
+        policy_section[highest_number] = entry
+
+    return policies

chromium_src/components/policy/tools/generate_policy_source.py

@@ -3,198 +3,9 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this file,
 # You can obtain one at https://mozilla.org/MPL/2.0/.
 
-import override_utils
+assert ('CHROMIUM_POLICY_KEY' in globals())
 
+# This override controls the constant written out to:
+# `//out/<build_type_here>/gen/components/policy/policy_constants.cc`
+# which is then used for the `policy_templates.zip`
 CHROMIUM_POLICY_KEY = 'SOFTWARE\\\\Policies\\\\BraveSoftware\\\\Brave'
-
-@override_utils.override_function(globals())
-def _LoadJSONFile(orig_func, json_file):
-    json = orig_func(json_file)
-    AddBravePolicies(json)
-    return json
-
-def AddBravePolicies(template_file_contents):
-    highest_id = template_file_contents['highest_id_currently_used']
-    policies = [
-        {
-            'name': 'TorDisabled',
-            'type': 'main',
-            'schema': {
-                'type': 'boolean'
-            },
-            'supported_on': [
-                'chrome.win:78-', 'chrome.mac:93-', 'chrome.linux:93-'
-            ],
-            'features': {
-                'dynamic_refresh': False,
-                'per_profile': False,
-                'can_be_recommended': False,
-                'can_be_mandatory': True
-            },
-            'example_value': True,
-            'id': 0,
-            'caption': '''Disables the tor feature.''',
-            'tags': [],
-            'desc': ('''This policy allows an admin to specify that tor '''
-                     '''must be disabled at startup.'''),
-        },
-        {
-            'name': 'BraveRewardsDisabled',
-            'type': 'main',
-            'schema': {
-                'type': 'boolean'
-            },
-            'supported_on': ['chrome.*:105-'],
-            'features': {
-                'dynamic_refresh': False,
-                'per_profile': True,
-                'can_be_recommended': False,
-                'can_be_mandatory': True
-            },
-            'example_value': True,
-            'id': 2,
-            'caption': '''Disable Brave Rewards feature.''',
-            'tags': [],
-            'desc': ('''This policy allows an admin to specify that Brave '''
-                     '''Rewards feature will be disabled.'''),
-        },
-        {
-            'name': 'BraveWalletDisabled',
-            'type': 'main',
-            'schema': {
-                'type': 'boolean'
-            },
-            'supported_on': ['chrome.*:106-'],
-            'features': {
-                'dynamic_refresh': False,
-                'per_profile': True,
-                'can_be_recommended': False,
-                'can_be_mandatory': True
-            },
-            'example_value': True,
-            'id': 3,
-            'caption': '''Disable Brave Wallet feature.''',
-            'tags': [],
-            'desc': ('''This policy allows an admin to specify that Brave '''
-                     '''Wallet feature will be disabled.'''),
-        },
-        {
-            'name': 'BraveShieldsDisabledForUrls',
-            'type': 'main',
-            'schema': {
-                'type': 'array',
-                'items': {
-                    'type': 'string'
-                },
-            },
-            'supported_on': ['chrome.*:107-'],
-            'features': {
-                'dynamic_refresh': False,
-                'per_profile': True,
-                'can_be_recommended': False,
-                'can_be_mandatory': True
-            },
-            'example_value': ['https://brave.com'],
-            'id': 4,
-            'caption': '''Disables Brave Shields for urls.''',
-            'tags': [],
-            'desc': ('''This policy allows an admin to specify that Brave '''
-                     '''Shields disabled.'''),
-        },
-        {
-            'name': 'BraveShieldsEnabledForUrls',
-            'type': 'main',
-            'schema': {
-                'type': 'array',
-                'items': {
-                    'type': 'string'
-                },
-            },
-            'supported_on': ['chrome.*:107-'],
-            'features': {
-                'dynamic_refresh': False,
-                'per_profile': True,
-                'can_be_recommended': False,
-                'can_be_mandatory': True
-            },
-            'example_value': ['https://brave.com'],
-            'id': 5,
-            'caption': '''Enables Brave Shields for urls.''',
-            'tags': [],
-            'desc': ('''This policy allows an admin to specify that Brave '''
-                     '''Shields enabled.'''),
-        },
-        {
-            'name': 'BraveVPNDisabled',
-            'type': 'main',
-            'schema': {
-                'type': 'boolean'
-            },
-            'supported_on': ['chrome.*:112-'],
-            'future_on': ['android'],
-            'features': {
-                'dynamic_refresh': False,
-                'per_profile': True,
-                'can_be_recommended': False,
-                'can_be_mandatory': True
-            },
-            'example_value': True,
-            'id': 6,
-            'caption': '''Disable Brave VPN feature.''',
-            'tags': [],
-            'desc': ('''This policy allows an admin to specify that Brave '''
-                     '''VPN feature will be disabled.'''),
-        },
-        {
-            'name': 'BraveAIChatEnabled',
-            'type': 'main',
-            'schema': {
-                'type': 'boolean'
-            },
-            'supported_on': ['chrome.*:121-'],
-            'future_on': ['android'],
-            'features': {
-                'dynamic_refresh': False,
-                'per_profile': True,
-                'can_be_recommended': False,
-                'can_be_mandatory': True
-            },
-            'example_value': True,
-            'id': 7,
-            'caption': '''Enable Brave AI Chat feature.''',
-            'tags': [],
-            'desc': ('''This policy allows an admin to specify that Brave '''
-                     '''AI Chat feature will be enabled.'''),
-        },
-        {
-            'name': 'BraveSyncUrl',
-            'type': 'main',
-            'schema': {
-                'type': 'string'
-            },
-            'supported_on': ['chrome.*:129-'],
-            'features': {
-                'dynamic_refresh': False,
-                'per_profile': True,
-                'can_be_recommended': False,
-                'can_be_mandatory': True
-            },
-            'example_value': ['https://sync-v2.brave.com/v2'],
-            'id': 8,
-            'caption': '''Custom sync server URL.''',
-            'tags': [],
-            'desc': ('''This policy allows an admin to specify a custom '''
-                     '''sync server URL for Brave.'''),
-        },
-    ]
-
-    # Our new polices are added with highest id
-    next_id = highest_id + 1
-    for policy in policies:
-        next_id += 1
-        policy['id'] = next_id
-        template_file_contents['policy_definitions'].append(policy)
-
-    # Update highest id
-    template_file_contents['highest_id_currently_used'] = highest_id + \
-        len(policies)

components/policy/BUILD.gn

@@ -1,7 +1,21 @@
+# Copyright (c) 2024 The Brave Authors. All rights reserved.
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this file,
+# You can obtain one at https://mozilla.org/MPL/2.0/.
+
+# See `//components/policy/BUILD.gn` for more info about how these files
+# are generated. Also see:
+# `//brave/chromium_src/components/policy/resources/policy_templates.py`
+# for Brave specific group policy definitions.
+
 if (is_win) {
   action("pack_policy_templates") {
     chrome_pack_policy_templates = "//components/policy:pack_policy_templates"
-    deps = [ chrome_pack_policy_templates ]
+    deps = [
+      "//components/policy:generate_policy_templates",
+      "//components/policy:policy_templates",
+      chrome_pack_policy_templates,
+    ]
     script = "pack_policy_templates.py"
     chrome_policy_templates_zip =
         get_label_info(chrome_pack_policy_templates, "root_out_dir") +