diff --git a/patches/chromium/.patches b/patches/chromium/.patches index e8f918d59f2b..0ce20865a326 100644 --- a/patches/chromium/.patches +++ b/patches/chromium/.patches @@ -131,4 +131,5 @@ fix_font_face_resolution_when_renderer_is_blocked.patch feat_enable_passing_exit_code_on_service_process_crash.patch x11_use_localized_display_label_only_for_browser_process.patch feat_enable_customizing_symbol_color_in_framecaptionbutton.patch +cherry-pick-99cafbf4b4b9.patch cherry-pick-44b7fbf35b10.patch diff --git a/patches/chromium/cherry-pick-99cafbf4b4b9.patch b/patches/chromium/cherry-pick-99cafbf4b4b9.patch new file mode 100644 index 000000000000..950d9d54a3ac --- /dev/null +++ b/patches/chromium/cherry-pick-99cafbf4b4b9.patch @@ -0,0 +1,166 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Yann Dago +Date: Mon, 8 Jul 2024 16:20:32 +0000 +Subject: Ensure chrome://policy/test messages ignored when not supported + +It was possible to go to chrome://policy and in the dev tools and send +the right message to set test policies even if the policy test page was disabled and/or unavailable because both pages share the same handler. + +Bug: 338248595 +Change-Id: If689325999cb108b2b71b2821d905e42efd3390d +Low-Coverage-Reason: TRIVIAL_CHANGE +Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5679162 +Auto-Submit: Yann Dago +Reviewed-by: Rohit Rao +Reviewed-by: Sergey Poromov +Commit-Queue: Rohit Rao +Cr-Commit-Position: refs/heads/main@{#1324277} + +diff --git a/chrome/browser/ui/webui/policy/policy_test_ui_browsertest.cc b/chrome/browser/ui/webui/policy/policy_test_ui_browsertest.cc +index f223be51c902b99fbb67f90b7edfa05e7ea77c37..60c3d2e133a1a811ff7b83c0d0b8cc4bdd44e23b 100644 +--- a/chrome/browser/ui/webui/policy/policy_test_ui_browsertest.cc ++++ b/chrome/browser/ui/webui/policy/policy_test_ui_browsertest.cc +@@ -10,6 +10,7 @@ + #include "base/test/scoped_feature_list.h" + #include "build/build_config.h" + #include "build/chromeos_buildflags.h" ++#include "chrome/browser/enterprise/browser_management/browser_management_service.h" + #include "chrome/browser/enterprise/browser_management/management_service_factory.h" + #include "chrome/browser/lifetime/application_lifetime.h" + #include "chrome/browser/policy/chrome_browser_policy_connector.h" +@@ -272,6 +273,57 @@ class PolicyTestHandlerTest : public PlatformBrowserTest { + #endif + }; + ++IN_PROC_BROWSER_TEST_F(PolicyTestHandlerTest, ++ HandleSetLocalTestPoliciesNotSupported) { ++ // Ensure chrome://policy/test not supported. ++ policy::ScopedManagementServiceOverrideForTesting profile_management( ++ policy::ManagementServiceFactory::GetForProfile(GetProfile()), ++ policy::EnterpriseManagementAuthority::CLOUD); ++ std::unique_ptr handler = SetUpHandler(); ++ const std::string jsonString = ++ R"([ ++ {"level": 0,"scope": 0,"source": 0, "namespace": "chrome", ++ "name": "AutofillAddressEnabled","value": false}, ++ {"level": 1,"scope": 1,"source": 2, "namespace": "chrome", ++ "name": "CloudReportingEnabled","value": true} ++ ])"; ++ const std::string revertAppliedPoliciesButtonDisabledJs = ++ R"( ++ document ++ .querySelector('#revert-applied-policies') ++ .disabled; ++ )"; ++ ++ base::Value::List list_args; ++ ++ list_args.Append("setLocalTestPolicies"); ++ list_args.Append(jsonString); ++ list_args.Append("{}"); ++ ++ // Open chrome://policy ++ ASSERT_TRUE( ++ content::NavigateToURL(web_contents(), GURL(chrome::kChromeUIPolicyURL))); ++ web_ui()->HandleReceivedMessage("setLocalTestPolicies", list_args); ++ ++ base::RunLoop().RunUntilIdle(); ++ ++ const policy::PolicyNamespace chrome_namespace(policy::POLICY_DOMAIN_CHROME, ++ std::string()); ++ policy::PolicyService* policy_service = ++ GetProfile()->GetProfilePolicyConnector()->policy_service(); ++ ++ // Check policies not applied ++ const policy::PolicyMap* policy_map = ++ &policy_service->GetPolicies(chrome_namespace); ++ ASSERT_TRUE(policy_map); ++ ++ { ++ const policy::PolicyMap::Entry* entry = ++ policy_map->Get(policy::key::kAutofillAddressEnabled); ++ ASSERT_FALSE(entry); ++ } ++} ++ + IN_PROC_BROWSER_TEST_F(PolicyTestHandlerTest, + HandleSetAndRevertLocalTestPolicies) { + if (!policy::utils::IsPolicyTestingEnabled(/*pref_service=*/nullptr, +diff --git a/chrome/browser/ui/webui/policy/policy_ui_handler.cc b/chrome/browser/ui/webui/policy/policy_ui_handler.cc +index a09cb79373f424010a1c02f0c1da5ae3e8c55389..bafa7adf244685fe9af7dd4358fb0ec77bb39fbf 100644 +--- a/chrome/browser/ui/webui/policy/policy_ui_handler.cc ++++ b/chrome/browser/ui/webui/policy/policy_ui_handler.cc +@@ -49,6 +49,7 @@ + #include "chrome/browser/ui/chrome_select_file_policy.h" + #include "chrome/browser/ui/webui/policy/policy_ui.h" + #include "chrome/browser/ui/webui/webui_util.h" ++#include "chrome/common/channel_info.h" + #include "chrome/grit/branded_strings.h" + #include "components/crx_file/id_util.h" + #include "components/enterprise/browser/controller/browser_dm_token_storage.h" +@@ -69,6 +70,7 @@ + #include "components/policy/core/common/policy_pref_names.h" + #include "components/policy/core/common/policy_scheduler.h" + #include "components/policy/core/common/policy_types.h" ++#include "components/policy/core/common/policy_utils.h" + #include "components/policy/core/common/remote_commands/remote_commands_service.h" + #include "components/policy/core/common/schema.h" + #include "components/policy/core/common/schema_map.h" +@@ -318,6 +320,12 @@ void PolicyUIHandler::HandleCopyPoliciesJson(const base::Value::List& args) { + void PolicyUIHandler::HandleSetLocalTestPolicies( + const base::Value::List& args) { + std::string policies = args[1].GetString(); ++ AllowJavascript(); ++ ++ if (!PolicyUI::ShouldLoadTestPage(Profile::FromWebUI(web_ui()))) { ++ ResolveJavascriptCallback(args[0], true); ++ return; ++ } + + policy::LocalTestPolicyProvider* local_test_provider = + static_cast( +@@ -340,12 +348,14 @@ void PolicyUIHandler::HandleSetLocalTestPolicies( + ->UseLocalTestPolicyProvider(); + + local_test_provider->LoadJsonPolicies(policies); +- AllowJavascript(); + ResolveJavascriptCallback(args[0], true); + } + + void PolicyUIHandler::HandleRevertLocalTestPolicies( + const base::Value::List& args) { ++ if (!PolicyUI::ShouldLoadTestPage(Profile::FromWebUI(web_ui()))) { ++ return; ++ } + #if !BUILDFLAG(IS_ANDROID) && !BUILDFLAG(IS_CHROMEOS) + Profile::FromWebUI(web_ui())->GetPrefs()->ClearPref( + prefs::kUserCloudSigninPolicyResponseFromPolicyTestPage); +diff --git a/ios/chrome/browser/webui/ui_bundled/policy/policy_ui_handler.mm b/ios/chrome/browser/webui/ui_bundled/policy/policy_ui_handler.mm +index fe5c3c43f36e5c13b75512572ffc7eea0f85be5b..5f30dcb42ad942499d31305a094f536e73fe5a1f 100644 +--- a/ios/chrome/browser/webui/ui_bundled/policy/policy_ui_handler.mm ++++ b/ios/chrome/browser/webui/ui_bundled/policy/policy_ui_handler.mm +@@ -226,6 +226,12 @@ + const base::Value::List& args) { + std::string json_policies_string = args[1].GetString(); + ++ if (!PolicyUI::ShouldLoadTestPage( ++ ChromeBrowserState::FromWebUIIOS(web_ui()))) { ++ web_ui()->ResolveJavascriptCallback(args[0], true); ++ return; ++ } ++ + policy::LocalTestPolicyProvider* local_test_provider = + static_cast( + GetApplicationContext() +@@ -244,6 +250,11 @@ + + void PolicyUIHandler::HandleRevertLocalTestPolicies( + const base::Value::List& args) { ++ if (!PolicyUI::ShouldLoadTestPage( ++ ChromeBrowserState::FromWebUIIOS(web_ui()))) { ++ return; ++ } ++ + ChromeBrowserState::FromWebUIIOS(web_ui()) + ->GetPolicyConnector() + ->RevertUseLocalTestPolicyProvider();