Skip to content

Commit

Permalink
Rework our existing group policies and match the style that Chromium …
Browse files Browse the repository at this point in the history
…uses.

The assets generated now include all of the Brave group policies in a group
called "BraveSoftware".

Fixes brave/brave-browser#26502
  • Loading branch information
bsclifton committed Oct 3, 2024
1 parent 9727b80 commit c089e5a
Show file tree
Hide file tree
Showing 17 changed files with 520 additions and 222 deletions.
5 changes: 5 additions & 0 deletions DEPS
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,11 @@ hooks = [
"condition": 'checkout_mac and host_os != "mac" and checkout_dmg_tool',
'action': ['build/mac/cross-compile/build-libdmg-hfsplus.py', 'third_party/libdmg-hfsplus']
},
{
'name': 'update_group_policy',
'pattern': '.',
'action': ['python3', 'build/util/update_group_policy.py']
},
]

include_rules = [
Expand Down
62 changes: 62 additions & 0 deletions build/util/update_group_policy.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
#!/usr/bin/env python3
# Copyright (c) 2024 The Brave Authors. All rights reserved.
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this file,
# You can obtain one at https://mozilla.org/MPL/2.0/.

import os
import shutil
import hashlib

from brave_chromium_utils import wspath

# Chromium stores all group policy definitions under
# `//components/policy/resources/templates/policy_definitions/`
#
# The name of the file (minus the extension; ex: TorDisable.yaml => TorDisable)
# corresponds to an auto-generated entry in:
# `//out/<build_type_here>/gen/chrome/app/policy/policy_templates.json
#
# That auto-generated value (ex: `policy::key::kTorDisabled`) is referenced
# when we map to a preference in our policy map:
# `//brave/browser/policy/brave_simple_policy_map.h`
#
# When the code below is ran (trigger via hook; see //brave/DEPS) this will
# copy the group policy files from:
# `//brave/components/policy/resources/templates/policy_definitions/`
# to their expected place in Chromium:
# `//components/policy/resources/templates/policy_definitions/`
#


def update_policy_files():
policy_dir = wspath(
"//brave/components/policy/resources/templates/policy_definitions/")
with os.scandir(policy_dir) as entries:
for entry in entries:
if not entry.is_dir():
continue
src_dir = entry.path
src_dir_name = entry.name
dst_dir = wspath(
f"//components/policy/resources/templates/policy_definitions/{src_dir_name}" # pylint: disable=line-too-long
)
shutil.copytree(src_dir,
dst_dir,
dirs_exist_ok=True,
copy_function=copy_only_if_modified)


def copy_only_if_modified(src, dst):
"""Copy file if it doesn't exist or if its hash is different."""

def file_hash(file_path):
with open(file_path, "rb") as f:
return hashlib.file_digest(f, "sha256").digest()

if not os.path.exists(dst) or file_hash(src) != file_hash(dst):
shutil.copy2(src, dst)


if __name__ == "__main__":
update_policy_files()
68 changes: 68 additions & 0 deletions chromium_src/components/policy/resources/policy_templates.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
# Copyright (c) 2024 The Brave Authors. All rights reserved.
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this file,
# You can obtain one at https://mozilla.org/MPL/2.0/.

import override_utils
import json


@override_utils.override_function(globals())
def _LoadPolicies(orig_func):
policies = orig_func()

# `policies` will have the following notable keys:
#
# "policy_definitions"
# there will be one "group" for every folder found under
# `//components/policy/resources/templates/policy_definitions`
# Chromium considers the folder name the group name for the policy.
# Brave uses the group name "BraveSoftware". The child element for the
# group is the policy itself (those are the yaml files in the folder).
#
# Brave specific entries will get copied into place by the hooks that run
# via DEPS. We copy the files from:
# `//brave/components/policy/resources/templates/policy_definitions/BraveSoftware` # pylint: disable=line-too-long
# to:
# `//components/policy/resources/templates/policy_definitions`
#
#
# "policies"
# This has the contents of:
# `//components/policy/resources/templates/policies.yaml`
# This is where we need to inject the Brave specific names. The policies
# themselves are already defined (under `policy_definitions`), we just need
# to add a mapping for ID (integer; unique) and name (matches name under
# `policy_definitions`).
#
#
# There are some other fields which are not used by this script:
# - "common_schemas"
# - "legacy_device_policy_proto_map"
# - "manual_device_policy_proto_map"
# - "risk_tag_definitions"

policy_yaml = policies['policies']
policy_section = policy_yaml['policies']

# get the highest ID in the file
highest_number = 0
for key, _ in policy_section.items():
if int(key) > highest_number:
highest_number = int(key)

# append our entries to the ones from policies.yaml
# TODO(bsclifton): we can create this array dynamically by reading the file
# names from:
# `//brave/components/policy/resources/templates/policy_definitions/BraveSoftware` # pylint: disable=line-too-long
brave_policies = [
'TorDisabled', 'BraveRewardsDisabled', 'BraveWalletDisabled',
'BraveVPNDisabled', 'BraveAIChatEnabled', 'BraveSyncUrl',
'BraveShieldsDisabledForUrls', 'BraveShieldsEnabledForUrls'
]
for entry in brave_policies:
highest_number += 1
#policy_key = str(highest_number)
policy_section[highest_number] = entry

return policies
197 changes: 4 additions & 193 deletions chromium_src/components/policy/tools/generate_policy_source.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,198 +3,9 @@
# License, v. 2.0. If a copy of the MPL was not distributed with this file,
# You can obtain one at https://mozilla.org/MPL/2.0/.

import override_utils
assert ('CHROMIUM_POLICY_KEY' in globals())

# This override controls the constant written out to:
# `//out/<build_type_here>/gen/components/policy/policy_constants.cc`
# which is then used for the `policy_templates.zip`
CHROMIUM_POLICY_KEY = 'SOFTWARE\\\\Policies\\\\BraveSoftware\\\\Brave'

@override_utils.override_function(globals())
def _LoadJSONFile(orig_func, json_file):
json = orig_func(json_file)
AddBravePolicies(json)
return json

def AddBravePolicies(template_file_contents):
highest_id = template_file_contents['highest_id_currently_used']
policies = [
{
'name': 'TorDisabled',
'type': 'main',
'schema': {
'type': 'boolean'
},
'supported_on': [
'chrome.win:78-', 'chrome.mac:93-', 'chrome.linux:93-'
],
'features': {
'dynamic_refresh': False,
'per_profile': False,
'can_be_recommended': False,
'can_be_mandatory': True
},
'example_value': True,
'id': 0,
'caption': '''Disables the tor feature.''',
'tags': [],
'desc': ('''This policy allows an admin to specify that tor '''
'''must be disabled at startup.'''),
},
{
'name': 'BraveRewardsDisabled',
'type': 'main',
'schema': {
'type': 'boolean'
},
'supported_on': ['chrome.*:105-'],
'features': {
'dynamic_refresh': False,
'per_profile': True,
'can_be_recommended': False,
'can_be_mandatory': True
},
'example_value': True,
'id': 2,
'caption': '''Disable Brave Rewards feature.''',
'tags': [],
'desc': ('''This policy allows an admin to specify that Brave '''
'''Rewards feature will be disabled.'''),
},
{
'name': 'BraveWalletDisabled',
'type': 'main',
'schema': {
'type': 'boolean'
},
'supported_on': ['chrome.*:106-'],
'features': {
'dynamic_refresh': False,
'per_profile': True,
'can_be_recommended': False,
'can_be_mandatory': True
},
'example_value': True,
'id': 3,
'caption': '''Disable Brave Wallet feature.''',
'tags': [],
'desc': ('''This policy allows an admin to specify that Brave '''
'''Wallet feature will be disabled.'''),
},
{
'name': 'BraveShieldsDisabledForUrls',
'type': 'main',
'schema': {
'type': 'array',
'items': {
'type': 'string'
},
},
'supported_on': ['chrome.*:107-'],
'features': {
'dynamic_refresh': False,
'per_profile': True,
'can_be_recommended': False,
'can_be_mandatory': True
},
'example_value': ['https://brave.com'],
'id': 4,
'caption': '''Disables Brave Shields for urls.''',
'tags': [],
'desc': ('''This policy allows an admin to specify that Brave '''
'''Shields disabled.'''),
},
{
'name': 'BraveShieldsEnabledForUrls',
'type': 'main',
'schema': {
'type': 'array',
'items': {
'type': 'string'
},
},
'supported_on': ['chrome.*:107-'],
'features': {
'dynamic_refresh': False,
'per_profile': True,
'can_be_recommended': False,
'can_be_mandatory': True
},
'example_value': ['https://brave.com'],
'id': 5,
'caption': '''Enables Brave Shields for urls.''',
'tags': [],
'desc': ('''This policy allows an admin to specify that Brave '''
'''Shields enabled.'''),
},
{
'name': 'BraveVPNDisabled',
'type': 'main',
'schema': {
'type': 'boolean'
},
'supported_on': ['chrome.*:112-'],
'future_on': ['android'],
'features': {
'dynamic_refresh': False,
'per_profile': True,
'can_be_recommended': False,
'can_be_mandatory': True
},
'example_value': True,
'id': 6,
'caption': '''Disable Brave VPN feature.''',
'tags': [],
'desc': ('''This policy allows an admin to specify that Brave '''
'''VPN feature will be disabled.'''),
},
{
'name': 'BraveAIChatEnabled',
'type': 'main',
'schema': {
'type': 'boolean'
},
'supported_on': ['chrome.*:121-'],
'future_on': ['android'],
'features': {
'dynamic_refresh': False,
'per_profile': True,
'can_be_recommended': False,
'can_be_mandatory': True
},
'example_value': True,
'id': 7,
'caption': '''Enable Brave AI Chat feature.''',
'tags': [],
'desc': ('''This policy allows an admin to specify that Brave '''
'''AI Chat feature will be enabled.'''),
},
{
'name': 'BraveSyncUrl',
'type': 'main',
'schema': {
'type': 'string'
},
'supported_on': ['chrome.*:129-'],
'features': {
'dynamic_refresh': False,
'per_profile': True,
'can_be_recommended': False,
'can_be_mandatory': True
},
'example_value': ['https://sync-v2.brave.com/v2'],
'id': 8,
'caption': '''Custom sync server URL.''',
'tags': [],
'desc': ('''This policy allows an admin to specify a custom '''
'''sync server URL for Brave.'''),
},
]

# Our new polices are added with highest id
next_id = highest_id + 1
for policy in policies:
next_id += 1
policy['id'] = next_id
template_file_contents['policy_definitions'].append(policy)

# Update highest id
template_file_contents['highest_id_currently_used'] = highest_id + \
len(policies)
16 changes: 15 additions & 1 deletion components/policy/BUILD.gn
Original file line number Diff line number Diff line change
@@ -1,7 +1,21 @@
# Copyright (c) 2024 The Brave Authors. All rights reserved.
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this file,
# You can obtain one at https://mozilla.org/MPL/2.0/.

# See `//components/policy/BUILD.gn` for more info about how these files
# are generated. Also see:
# `//brave/chromium_src/components/policy/resources/policy_templates.py`
# for Brave specific group policy definitions.

if (is_win) {
action("pack_policy_templates") {
chrome_pack_policy_templates = "//components/policy:pack_policy_templates"
deps = [ chrome_pack_policy_templates ]
deps = [
"//components/policy:generate_policy_templates",
"//components/policy:policy_templates",
chrome_pack_policy_templates,
]
script = "pack_policy_templates.py"
chrome_policy_templates_zip =
get_label_info(chrome_pack_policy_templates, "root_out_dir") +
Expand Down
Loading

0 comments on commit c089e5a

Please sign in to comment.