From a2a1b66ea5a0e7942f36bf909fbc764c0fbc6f9b Mon Sep 17 00:00:00 2001 From: Marshall Greenblatt Date: Tue, 10 Oct 2023 19:26:37 -0400 Subject: [PATCH] chrome: Support configuration of Chrome policy management (fixes #3581) Disable Chrome policy management by default. Add CefSettings.chrome_policy_id which, when configured, enables Chrome policy management. See https://support.google.com/chrome/a/answer/9037717 for background. To test: - Start with a machine where Google Chrome is managed. - Run `cefclient --enable-chrome-runtime --url=chrome://policy/` There should be no configured policies. - Run `cefclient --enable-chrome-runtime --url=chrome://policy/ --enable-chrome-policy` Configured Platform properties should match Google Chrome. - Run `cefclient --enable-chrome-runtime --url=chrome://policy/ --enable-chrome-policy --enable-chrome-browser-cloud-management` Configured Platform and Cloud properties should match Google Chrome. --- include/cef_api_hash.h | 8 +- include/internal/cef_types.h | 15 + include/internal/cef_types_wrappers.h | 4 + .../common/chrome/chrome_main_delegate_cef.cc | 10 +- patch/patch.cfg | 5 + patch/patches/chrome_browser_policy.patch | 429 ++++++++++++++++++ tests/cefclient/browser/main_context_impl.cc | 17 + 7 files changed, 483 insertions(+), 5 deletions(-) create mode 100644 patch/patches/chrome_browser_policy.patch diff --git a/include/cef_api_hash.h b/include/cef_api_hash.h index 7f1dee384..90142ccb0 100644 --- a/include/cef_api_hash.h +++ b/include/cef_api_hash.h @@ -42,13 +42,13 @@ // way that may cause binary incompatibility with other builds. The universal // hash value will change if any platform is affected whereas the platform hash // values will change only if that particular platform is affected. -#define CEF_API_HASH_UNIVERSAL "e5e3eef669443880f747ebccf04ca470306acec9" +#define CEF_API_HASH_UNIVERSAL "4acea2e5c7a3e281d9652802ae1d24b25eef299b" #if defined(OS_WIN) -#define CEF_API_HASH_PLATFORM "2a84aaf4b26c613183b48b4aac39aa57045287af" +#define CEF_API_HASH_PLATFORM "3a181fdfaa42d2214c77cd83f76886b0657b0b53" #elif defined(OS_MAC) -#define CEF_API_HASH_PLATFORM "6e409fac3d2b069c084bc17a04196d4a93d5c028" +#define CEF_API_HASH_PLATFORM "06bfe874ee215bde0a415bac7ac37ecf4969d4ca" #elif defined(OS_LINUX) -#define CEF_API_HASH_PLATFORM "18d2e48f53384ccb092b7dd4f0ae5dceafdac1fa" +#define CEF_API_HASH_PLATFORM "1615f7e7079d89e2e81f683d4a8480455b5f2a60" #endif #ifdef __cplusplus diff --git a/include/internal/cef_types.h b/include/internal/cef_types.h index 71227a027..db0cf0928 100644 --- a/include/internal/cef_types.h +++ b/include/internal/cef_types.h @@ -469,6 +469,21 @@ typedef struct _cef_settings_t { /// cef_string_t cookieable_schemes_list; int cookieable_schemes_exclude_defaults; + + /// + /// Specify an ID to enable Chrome policy management via Platform and OS-user + /// policies. On Windows, this is a registry key like + /// "SOFTWARE\\Policies\\Google\\Chrome". On MacOS, this is a bundle ID like + /// "com.google.Chrome". On Linux, this is an absolute directory path like + /// "/etc/opt/chrome/policies". Only supported with the Chrome runtime. See + /// https://support.google.com/chrome/a/answer/9037717 for details. + /// + /// Chrome Browser Cloud Management integration, when enabled via the + /// "enable-chrome-browser-cloud-management" command-line flag, will also use + /// the specified ID. See https://support.google.com/chrome/a/answer/9116814 + /// for details. + /// + cef_string_t chrome_policy_id; } cef_settings_t; /// diff --git a/include/internal/cef_types_wrappers.h b/include/internal/cef_types_wrappers.h index 9d606b355..a6e99e39c 100644 --- a/include/internal/cef_types_wrappers.h +++ b/include/internal/cef_types_wrappers.h @@ -373,6 +373,7 @@ struct CefSettingsTraits { cef_string_clear(&s->locales_dir_path); cef_string_clear(&s->accept_language_list); cef_string_clear(&s->cookieable_schemes_list); + cef_string_clear(&s->chrome_policy_id); } static inline void set(const struct_type* src, @@ -430,6 +431,9 @@ struct CefSettingsTraits { &target->cookieable_schemes_list, copy); target->cookieable_schemes_exclude_defaults = src->cookieable_schemes_exclude_defaults; + + cef_string_set(src->chrome_policy_id.str, src->chrome_policy_id.length, + &target->chrome_policy_id, copy); } }; diff --git a/libcef/common/chrome/chrome_main_delegate_cef.cc b/libcef/common/chrome/chrome_main_delegate_cef.cc index de9dbf3e7..8a8f1bbdb 100644 --- a/libcef/common/chrome/chrome_main_delegate_cef.cc +++ b/libcef/common/chrome/chrome_main_delegate_cef.cc @@ -20,6 +20,7 @@ #include "base/lazy_instance.h" #include "base/threading/threading_features.h" #include "chrome/browser/metrics/chrome_feature_list_creator.h" +#include "chrome/browser/policy/chrome_browser_policy_connector.h" #include "chrome/common/chrome_switches.h" #include "chrome/common/pref_names.h" #include "components/embedder_support/switches.h" @@ -208,6 +209,13 @@ absl::optional ChromeMainDelegateCef::PreBrowserMain() { absl::optional ChromeMainDelegateCef::PostEarlyInitialization( InvokedIn invoked_in) { + // Configure this before ChromeMainDelegate::PostEarlyInitialization triggers + // ChromeBrowserPolicyConnector creation. + if (settings_ && settings_->chrome_policy_id.length > 0) { + policy::ChromeBrowserPolicyConnector::EnablePlatformPolicySupport( + CefString(&settings_->chrome_policy_id).ToString()); + } + const auto result = ChromeMainDelegate::PostEarlyInitialization(invoked_in); if (!result) { const auto* invoked_in_browser = @@ -343,4 +351,4 @@ ChromeContentRendererClientCef* ChromeMainDelegateCef::content_renderer_client() return nullptr; } return g_chrome_content_renderer_client.Pointer(); -} \ No newline at end of file +} diff --git a/patch/patch.cfg b/patch/patch.cfg index 0ff27f7a6..352dc3d0f 100644 --- a/patch/patch.cfg +++ b/patch/patch.cfg @@ -268,6 +268,11 @@ patches = [ # https://github.com/chromiumembedded/cef/issues/3352 'name': 'chrome_browser_permission_prompt', }, + { + # Support configuration of Chrome policy management. + # https://github.com/chromiumembedded/cef/issues/3581 + 'name': 'chrome_browser_policy', + }, { # alloy: Don't initialize ExtensionSystemFactory when extensions are # disabled. diff --git a/patch/patches/chrome_browser_policy.patch b/patch/patches/chrome_browser_policy.patch new file mode 100644 index 000000000..d1f6dcd03 --- /dev/null +++ b/patch/patches/chrome_browser_policy.patch @@ -0,0 +1,429 @@ +diff --git chrome/browser/policy/browser_dm_token_storage_linux.cc chrome/browser/policy/browser_dm_token_storage_linux.cc +index 10085136f52ce..ec1be9babecc2 100644 +--- chrome/browser/policy/browser_dm_token_storage_linux.cc ++++ chrome/browser/policy/browser_dm_token_storage_linux.cc +@@ -22,6 +22,7 @@ + #include "base/task/task_traits.h" + #include "base/task/thread_pool.h" + #include "base/threading/scoped_blocking_call.h" ++#include "chrome/browser/policy/chrome_browser_policy_connector.h" + #include "chrome/common/chrome_paths.h" + + namespace policy { +@@ -116,8 +117,8 @@ std::string BrowserDMTokenStorageLinux::InitEnrollmentToken() { + std::string enrollment_token; + base::FilePath dir_policy_files_path; + +- if (!base::PathService::Get(chrome::DIR_POLICY_FILES, +- &dir_policy_files_path)) { ++ if (!ChromeBrowserPolicyConnector::GetDirPolicyFilesPath( ++ &dir_policy_files_path)) { + return std::string(); + } + +@@ -147,8 +148,8 @@ bool BrowserDMTokenStorageLinux::InitEnrollmentErrorOption() { + std::string options; + base::FilePath dir_policy_files_path; + +- if (!base::PathService::Get(chrome::DIR_POLICY_FILES, +- &dir_policy_files_path)) { ++ if (!ChromeBrowserPolicyConnector::GetDirPolicyFilesPath( ++ &dir_policy_files_path)) { + return false; + } + +diff --git chrome/browser/policy/browser_dm_token_storage_mac.mm chrome/browser/policy/browser_dm_token_storage_mac.mm +index 22fdb0efb78c7..39adc3f192ba1 100644 +--- chrome/browser/policy/browser_dm_token_storage_mac.mm ++++ chrome/browser/policy/browser_dm_token_storage_mac.mm +@@ -26,6 +26,7 @@ + #include "base/syslog_logging.h" + #include "base/task/thread_pool.h" + #include "base/threading/scoped_blocking_call.h" ++#include "chrome/browser/policy/chrome_browser_policy_connector.h" + #include "chrome/common/chrome_paths.h" + #include "third_party/abseil-cpp/absl/types/optional.h" + +@@ -47,11 +48,6 @@ const char kEnrollmentOptionsFilePath[] = FILE_PATH_LITERAL( + "/Library/Google/Chrome/CloudManagementEnrollmentOptions"); + const char kEnrollmentMandatoryOption[] = "Mandatory"; + +-// Explicitly access the "com.google.Chrome" bundle ID, no matter what this +-// app's bundle ID actually is. All channels of Chrome should obey the same +-// policies. +-const CFStringRef kBundleId = CFSTR("com.google.Chrome"); +- + constexpr char kEnrollmentTokenMetricsName[] = + "Enterprise.CloudManagementEnrollmentTokenLocation.Mac"; + +@@ -104,16 +100,22 @@ bool DeleteDMTokenFromAppDataDir(const std::string& client_id) { + // Get the enrollment token from policy file: /Library/com.google.Chrome.plist. + // Return true if policy is set, otherwise false. + bool GetEnrollmentTokenFromPolicy(std::string* enrollment_token) { ++ base::apple::ScopedCFTypeRef bundle_id( ++ ChromeBrowserPolicyConnector::GetBundleId()); ++ if (!bundle_id) { ++ return false; ++ } ++ + // Since the configuration management infrastructure is not initialized when + // this code runs, read the policy preference directly. + base::apple::ScopedCFTypeRef value( +- CFPreferencesCopyAppValue(kEnrollmentTokenPolicyName, kBundleId)); ++ CFPreferencesCopyAppValue(kEnrollmentTokenPolicyName, bundle_id)); + + // Read the enrollment token from the new location. If that fails, try the old + // location (which will be deprecated soon). If that also fails, bail as there + // is no token set. + if (!value || +- !CFPreferencesAppValueIsForced(kEnrollmentTokenPolicyName, kBundleId)) { ++ !CFPreferencesAppValueIsForced(kEnrollmentTokenPolicyName, bundle_id)) { + return false; + } + CFStringRef value_string = base::apple::CFCast(value); +@@ -138,12 +140,18 @@ bool GetEnrollmentTokenFromFile(std::string* enrollment_token) { + } + + absl::optional IsEnrollmentMandatoryByPolicy() { ++ base::apple::ScopedCFTypeRef bundle_id( ++ ChromeBrowserPolicyConnector::GetBundleId()); ++ if (!bundle_id) { ++ return absl::nullopt; ++ } ++ + base::apple::ScopedCFTypeRef value( + CFPreferencesCopyAppValue(kEnrollmentMandatoryOptionPolicyName, +- kBundleId)); ++ bundle_id)); + + if (!value || !CFPreferencesAppValueIsForced( +- kEnrollmentMandatoryOptionPolicyName, kBundleId)) { ++ kEnrollmentMandatoryOptionPolicyName, bundle_id)) { + return absl::optional(); + } + +diff --git chrome/browser/policy/chrome_browser_policy_connector.cc chrome/browser/policy/chrome_browser_policy_connector.cc +index bf03f3d03991a..c36d26af6747c 100644 +--- chrome/browser/policy/chrome_browser_policy_connector.cc ++++ chrome/browser/policy/chrome_browser_policy_connector.cc +@@ -13,11 +13,14 @@ + #include "base/files/file_util.h" + #include "base/functional/bind.h" + #include "base/functional/callback.h" ++#include "base/no_destructor.h" + #include "base/path_service.h" ++#include "base/strings/utf_string_conversions.h" + #include "base/task/thread_pool.h" + #include "build/branding_buildflags.h" + #include "build/build_config.h" + #include "build/chromeos_buildflags.h" ++#include "cef/libcef/features/features.h" + #include "chrome/browser/browser_process.h" + #include "chrome/browser/enterprise/browser_management/management_service_factory.h" + #include "chrome/browser/policy/configuration_policy_handler_list_factory.h" +@@ -85,6 +88,11 @@ + namespace policy { + namespace { + bool command_line_enabled_for_testing = false; ++ ++std::string* PlatformPolicyId() { ++ static base::NoDestructor id; ++ return id.get(); ++} + } // namespace + + ChromeBrowserPolicyConnector::ChromeBrowserPolicyConnector() +@@ -239,6 +247,73 @@ void ChromeBrowserPolicyConnector::EnableCommandLineSupportForTesting() { + command_line_enabled_for_testing = true; + } + ++// static ++void ChromeBrowserPolicyConnector::EnablePlatformPolicySupport( ++ const std::string& id) { ++ *PlatformPolicyId() = id; ++} ++ ++#if BUILDFLAG(IS_WIN) ++ ++// static ++std::wstring ChromeBrowserPolicyConnector::GetPolicyKey() { ++#if BUILDFLAG(ENABLE_CEF) ++ const std::string& policy_id = *PlatformPolicyId(); ++ if (!policy_id.empty()) { ++ return base::UTF8ToWide(policy_id); ++ } ++ return std::wstring(); ++#else ++ return kRegistryChromePolicyKey; ++#endif ++} ++ ++#elif BUILDFLAG(IS_MAC) ++ ++// static ++base::apple::ScopedCFTypeRef ++ChromeBrowserPolicyConnector::GetBundleId() { ++#if BUILDFLAG(ENABLE_CEF) ++ const std::string& policy_id = *PlatformPolicyId(); ++ if (policy_id.empty()) { ++ return base::apple::ScopedCFTypeRef(); ++ } ++ ++ return base::SysUTF8ToCFStringRef(policy_id); ++#elif BUILDFLAG(GOOGLE_CHROME_BRANDING) ++ // Explicitly access the "com.google.Chrome" bundle ID, no matter what this ++ // app's bundle ID actually is. All channels of Chrome should obey the same ++ // policies. ++ return CFSTR("com.google.Chrome"); ++#else ++ return base::SysUTF8ToCFStringRef(base::apple::BaseBundleID()); ++#endif ++} ++ ++#elif BUILDFLAG(IS_POSIX) && !BUILDFLAG(IS_ANDROID) ++ ++// static ++bool ChromeBrowserPolicyConnector::GetDirPolicyFilesPath(base::FilePath* path) { ++#if BUILDFLAG(ENABLE_CEF) ++ const std::string& policy_id = *PlatformPolicyId(); ++ if (policy_id.empty()) { ++ return false; ++ } ++ ++ base::FilePath policy_path(policy_id); ++ if (!policy_path.IsAbsolute()) { ++ return false; ++ } ++ ++ *path = policy_path; ++ return true; ++#else ++ return base::PathService::Get(chrome::DIR_POLICY_FILES, path); ++#endif ++} ++ ++#endif // BUILDFLAG(IS_POSIX) && !BUILDFLAG(IS_ANDROID) ++ + base::flat_set + ChromeBrowserPolicyConnector::device_affiliation_ids() const { + #if !BUILDFLAG(IS_CHROMEOS_ASH) +@@ -310,22 +385,21 @@ ChromeBrowserPolicyConnector::CreatePolicyProviders() { + std::unique_ptr + ChromeBrowserPolicyConnector::CreatePlatformProvider() { + #if BUILDFLAG(IS_WIN) ++ const std::wstring policy_key = GetPolicyKey(); ++ if (policy_key.empty()) { ++ return nullptr; ++ } + std::unique_ptr loader(PolicyLoaderWin::Create( + base::ThreadPool::CreateSequencedTaskRunner( + {base::MayBlock(), base::TaskPriority::BEST_EFFORT}), +- ManagementServiceFactory::GetForPlatform(), kRegistryChromePolicyKey)); ++ ManagementServiceFactory::GetForPlatform(), policy_key)); + return std::make_unique(GetSchemaRegistry(), + std::move(loader)); + #elif BUILDFLAG(IS_MAC) +-#if BUILDFLAG(GOOGLE_CHROME_BRANDING) +- // Explicitly watch the "com.google.Chrome" bundle ID, no matter what this +- // app's bundle ID actually is. All channels of Chrome should obey the same +- // policies. +- CFStringRef bundle_id = CFSTR("com.google.Chrome"); +-#else +- base::apple::ScopedCFTypeRef bundle_id( +- base::SysUTF8ToCFStringRef(base::apple::BaseBundleID())); +-#endif ++ base::apple::ScopedCFTypeRef bundle_id(GetBundleId()); ++ if (!bundle_id) { ++ return nullptr; ++ } + auto loader = std::make_unique( + base::ThreadPool::CreateSequencedTaskRunner( + {base::MayBlock(), base::TaskPriority::BEST_EFFORT}), +@@ -335,7 +409,7 @@ ChromeBrowserPolicyConnector::CreatePlatformProvider() { + std::move(loader)); + #elif BUILDFLAG(IS_POSIX) && !BUILDFLAG(IS_ANDROID) + base::FilePath config_dir_path; +- if (base::PathService::Get(chrome::DIR_POLICY_FILES, &config_dir_path)) { ++ if (GetDirPolicyFilesPath(&config_dir_path)) { + #if BUILDFLAG(IS_CHROMEOS) + // If the folder containing the policy files doesn't exist, there's no need + // to have a provider for them. Note that in verified boot, the folder +diff --git chrome/browser/policy/chrome_browser_policy_connector.h chrome/browser/policy/chrome_browser_policy_connector.h +index 13b714bab7db5..f8eb85a586ce6 100644 +--- chrome/browser/policy/chrome_browser_policy_connector.h ++++ chrome/browser/policy/chrome_browser_policy_connector.h +@@ -28,6 +28,10 @@ + #include "components/policy/core/common/policy_loader_lacros.h" + #endif // BUILDFLAG(IS_CHROMEOS_LACROS) + ++#if BUILDFLAG(IS_MAC) ++#include "base/apple/scoped_cftyperef.h" ++#endif ++ + class PrefService; + + namespace policy { +@@ -120,6 +124,25 @@ class ChromeBrowserPolicyConnector : public BrowserPolicyConnector { + + static void EnableCommandLineSupportForTesting(); + ++ // Enable platform policy support with the specified retrieval |id|. Support ++ // is disabled by default, and if |id| is empty. ++ // On Windows, this is a registry key like "SOFTWARE\\Policies\\Google\\Chrome". ++ // On MacOS, this is a bundle ID like "com.google.Chrome". ++ // On Linux, this is a directory path like "/etc/opt/chrome/policies". ++ static void EnablePlatformPolicySupport(const std::string& id); ++ ++ // Platform-specific retrieval of the policy ID value. ++#if BUILDFLAG(IS_WIN) ++ // Replaces all direct usage of kRegistryChromePolicyKey. ++ static std::wstring GetPolicyKey(); ++#elif BUILDFLAG(IS_MAC) ++ // Replaces all direct usage of CFSTR("com.google.Chrome"). ++ static base::apple::ScopedCFTypeRef GetBundleId(); ++#elif BUILDFLAG(IS_POSIX) && !BUILDFLAG(IS_ANDROID) ++ // Replaces all direct usage of chrome::DIR_POLICY_FILES. ++ static bool GetDirPolicyFilesPath(base::FilePath* path); ++#endif ++ + virtual base::flat_set device_affiliation_ids() const; + + #if BUILDFLAG(IS_CHROMEOS_LACROS) +diff --git chrome/browser/policy/policy_path_parser_mac.mm chrome/browser/policy/policy_path_parser_mac.mm +index 44a46c9c37788..873a6469c7ab5 100644 +--- chrome/browser/policy/policy_path_parser_mac.mm ++++ chrome/browser/policy/policy_path_parser_mac.mm +@@ -16,6 +16,7 @@ + #include "base/logging.h" + #include "base/strings/sys_string_conversions.h" + #include "build/branding_buildflags.h" ++#include "chrome/browser/policy/chrome_browser_policy_connector.h" + #include "components/policy/policy_constants.h" + + namespace policy::path_parser { +@@ -97,15 +98,11 @@ base::FilePath::StringType ExpandPathVariables( + void CheckUserDataDirPolicy(base::FilePath* user_data_dir) { + // Since the configuration management infrastructure is not initialized when + // this code runs, read the policy preference directly. +-#if BUILDFLAG(GOOGLE_CHROME_BRANDING) +- // Explicitly access the "com.google.Chrome" bundle ID, no matter what this +- // app's bundle ID actually is. All channels of Chrome should obey the same +- // policies. +- CFStringRef bundle_id = CFSTR("com.google.Chrome"); +-#else + base::apple::ScopedCFTypeRef bundle_id( +- base::SysUTF8ToCFStringRef(base::apple::BaseBundleID())); +-#endif ++ policy::ChromeBrowserPolicyConnector::GetBundleId()); ++ if (!bundle_id) { ++ return; ++ } + + base::apple::ScopedCFTypeRef key( + base::SysUTF8ToCFStringRef(policy::key::kUserDataDir)); +diff --git chrome/browser/policy/policy_path_parser_win.cc chrome/browser/policy/policy_path_parser_win.cc +index 8dbf958c189dd..6eaccc6688eca 100644 +--- chrome/browser/policy/policy_path_parser_win.cc ++++ chrome/browser/policy/policy_path_parser_win.cc +@@ -12,6 +12,7 @@ + + #include "base/strings/utf_string_conversions.h" + #include "base/win/registry.h" ++#include "chrome/browser/policy/chrome_browser_policy_connector.h" + #include "chrome/common/chrome_switches.h" + #include "chrome/install_static/policy_path_parser.h" + #include "components/policy/policy_constants.h" +@@ -22,9 +23,15 @@ namespace { + bool LoadUserDataDirPolicyFromRegistry(HKEY hive, + const char* key_name_str, + base::FilePath* dir) { ++ const std::wstring policy_key = ++ policy::ChromeBrowserPolicyConnector::GetPolicyKey(); ++ if (policy_key.empty()) { ++ return false; ++ } ++ + std::wstring value; + std::wstring key_name(base::ASCIIToWide(key_name_str)); +- base::win::RegKey key(hive, policy::kRegistryChromePolicyKey, KEY_READ); ++ base::win::RegKey key(hive, policy_key.c_str(), KEY_READ); + if (key.ReadValue(key_name.c_str(), &value) == ERROR_SUCCESS) { + *dir = base::FilePath(policy::path_parser::ExpandPathVariables(value)); + return true; +diff --git chrome/common/chrome_paths.cc chrome/common/chrome_paths.cc +index 1d75edad24781..62dda7d933828 100644 +--- chrome/common/chrome_paths.cc ++++ chrome/common/chrome_paths.cc +@@ -504,7 +504,8 @@ bool PathProvider(int key, base::FilePath* result) { + return false; + } + break; +-#if BUILDFLAG(IS_POSIX) && !BUILDFLAG(IS_MAC) && !BUILDFLAG(IS_OPENBSD) ++#if BUILDFLAG(IS_POSIX) && !BUILDFLAG(IS_MAC) && !BUILDFLAG(IS_OPENBSD) && \ ++ !BUILDFLAG(ENABLE_CEF) + case chrome::DIR_POLICY_FILES: { + cur = base::FilePath(policy::kPolicyPath); + break; +diff --git chrome/common/chrome_paths.h chrome/common/chrome_paths.h +index ab0301b8eb26d..3ed179ccf84bf 100644 +--- chrome/common/chrome_paths.h ++++ chrome/common/chrome_paths.h +@@ -8,6 +8,7 @@ + #include "build/branding_buildflags.h" + #include "build/build_config.h" + #include "build/chromeos_buildflags.h" ++#include "cef/libcef/features/features.h" + #include "third_party/widevine/cdm/buildflags.h" + + namespace base { +@@ -46,7 +47,7 @@ enum { + DIR_INTERNAL_PLUGINS, // Directory where internal plugins reside. + DIR_COMPONENTS, // Directory where built-in implementations of + // component-updated libraries or data reside. +-#if BUILDFLAG(IS_POSIX) && !BUILDFLAG(IS_MAC) ++#if BUILDFLAG(IS_POSIX) && !BUILDFLAG(IS_MAC) && !BUILDFLAG(ENABLE_CEF) + DIR_POLICY_FILES, // Directory for system-wide read-only + // policy files that allow sys-admins + // to set policies for chrome. This directory +diff --git components/policy/tools/generate_policy_source.py components/policy/tools/generate_policy_source.py +index e9d31053cb2ea..793ceac3c7772 100755 +--- components/policy/tools/generate_policy_source.py ++++ components/policy/tools/generate_policy_source.py +@@ -500,6 +500,7 @@ def _WritePolicyConstantHeader(all_policies, policy_atomic_groups, + #include + #include + ++#include "cef/libcef/features/features.h" + #include "components/policy/core/common/policy_details.h" + #include "components/policy/core/common/policy_map.h" + +@@ -522,9 +523,11 @@ struct SchemaData; + ''') + + if target_platform == 'win': +- f.write('// The windows registry path where Chrome policy ' ++ f.write('#if !BUILDFLAG(ENABLE_CEF)\n' ++ '// The windows registry path where Chrome policy ' + 'configuration resides.\n' +- 'extern const wchar_t kRegistryChromePolicyKey[];\n') ++ 'extern const wchar_t kRegistryChromePolicyKey[];\n' ++ '#endif\n') + + f.write('''#if BUILDFLAG(IS_CHROMEOS) + // Sets default profile policies values for enterprise users. +@@ -1167,12 +1170,14 @@ namespace policy { + f.write('} // namespace\n\n') + + if target_platform == 'win': +- f.write('#if BUILDFLAG(GOOGLE_CHROME_BRANDING)\n' ++ f.write('#if !BUILDFLAG(ENABLE_CEF)\n' ++ '#if BUILDFLAG(GOOGLE_CHROME_BRANDING)\n' + 'const wchar_t kRegistryChromePolicyKey[] = ' + 'L"' + CHROME_POLICY_KEY + '";\n' + '#else\n' + 'const wchar_t kRegistryChromePolicyKey[] = ' + 'L"' + CHROMIUM_POLICY_KEY + '";\n' ++ '#endif\n' + '#endif\n\n') + + # Setting enterprise defaults code generation. diff --git a/tests/cefclient/browser/main_context_impl.cc b/tests/cefclient/browser/main_context_impl.cc index 30286c35e..4aed76ec4 100644 --- a/tests/cefclient/browser/main_context_impl.cc +++ b/tests/cefclient/browser/main_context_impl.cc @@ -214,6 +214,23 @@ void MainContextImpl::PopulateSettings(CefSettings* settings) { CefString(&settings->accept_language_list) = command_line_->GetSwitchValue("lang"); } + + if (command_line_->HasSwitch("enable-chrome-policy")) { + // Enable Chrome policy management via Platform and OS-user policies. + // Use the same configuration ID as Google Chrome for testing purposes. + // If Google Chrome is managed on this machine we'll show the same + // configured policies in chrome://policy/. + CefString(&settings->chrome_policy_id) = +#if defined(OS_WIN) + "SOFTWARE\\Policies\\Google\\Chrome"; +#elif defined(OS_MAC) + "com.google.Chrome"; +#elif defined(OS_LINUX) + "/etc/opt/chrome/policies"; +#else + ""; +#endif + } } void MainContextImpl::PopulateBrowserSettings(CefBrowserSettings* settings) {