List group policies in GN explicitly (#27246)

List group policies in GN explicitly.
brave · Jan 15, 2025 · 3cdbfe1 · 3cdbfe1
1 parent 22c3bf4
commit 3cdbfe1
Show file tree

Hide file tree

Showing 4 changed files with 71 additions and 22 deletions.
diff --git a/chromium_src/components/policy/resources/policy_templates.py b/chromium_src/components/policy/resources/policy_templates.py
@@ -9,8 +9,6 @@
 import override_utils
 import shutil
 
-from brave_chromium_utils import wspath
-
 
 @override_utils.override_function(globals())
 def _LoadPolicies(orig_func):
@@ -61,7 +59,7 @@ def _LoadPolicies(orig_func):
     return policies
 
 
-def update_policy_files():
+def sync_policy_files():
     # Chromium stores all group policy definitions under
     # `//components/policy/resources/templates/policy_definitions/`
     #
@@ -73,23 +71,14 @@ def update_policy_files():
     # when we map to a preference in our policy map:
     # `//brave/browser/policy/brave_simple_policy_map.h`
     #
-    # When the code below is ran this will copy the group policy files from:
-    # `//brave/components/policy/resources/templates/policy_definitions/`
-    # to their expected place in Chromium:
-    # `//components/policy/resources/templates/policy_definitions/`
-    #
-    # NOTE: only the `BraveSoftware` folder is copied.
-    # If you want to create a policy in an existing Chromium group, this
-    # would need to be updated.
-    shutil.copytree(
-        wspath(
-            "//brave/components/policy/resources/templates/policy_definitions/BraveSoftware"  # pylint: disable=line-too-long
-        ),
-        wspath(
-            "//components/policy/resources/templates/policy_definitions/BraveSoftware"  # pylint: disable=line-too-long
-        ),
-        dirs_exist_ok=True,
-        copy_function=copy_only_if_modified)
+    # When the code below is ran this will copy the group policy files from
+    # Brave's policy definitions to Chromium's policy definitions.
+    with open("gen/brave_policies_sync_config.json", "r") as f:
+        brave_policies = json.load(f)
+
+        for policy in brave_policies["policies"]:
+            copy_only_if_modified(f'{brave_policies["copy_from"]}/{policy}',
+                                  f'{brave_policies["copy_to"]}/{policy}')
 
 
 def copy_only_if_modified(src, dst):
@@ -100,10 +89,13 @@ def file_hash(file_path):
             return hashlib.file_digest(f, "sha256").digest()
 
     if not os.path.exists(dst) or file_hash(src) != file_hash(dst):
+        dest_dir = os.path.dirname(dst)
+        if not os.path.exists(dest_dir):
+            os.makedirs(dest_dir)
         shutil.copy2(src, dst)
 
 
 @override_utils.override_function(globals())
 def main(orig_func):
-    update_policy_files()
+    sync_policy_files()
     orig_func()
diff --git a/components/policy/resources/templates/policy_definitions/README.md b/components/policy/resources/templates/policy_definitions/README.md
@@ -8,7 +8,7 @@ For information about adding a new policy, please see [this page](https://source
 
 In a nutshell, the steps for adding a new policy in Brave look like this:
 
-1. Create a new .yaml file under `//brave/components/policy/resources/templates/policy_definitions/BraveSoftware/`. The name of the file itself will be the policy name. Chromium uses capital casing. For example, we have a policy for disabling Brave Rewards called `BraveRewardsDisable.yaml`. The name used for matching is `BraveRewardsDisable`.
+1. Create a new .yaml file under `//brave/components/policy/resources/templates/policy_definitions/BraveSoftware/` and list it in `brave_policies.gni`. The name of the file itself will be the policy name. Chromium uses capital casing. For example, we have a policy for disabling Brave Rewards called `BraveRewardsDisable.yaml`. The name used for matching is `BraveRewardsDisable`.
 2. Update the properties in that file accordingly. You can look at some of the existing ones as an example OR you can [check out an example one that Chromium shares here](https://source.chromium.org/chromium/chromium/src/+/main:components/policy/resources/new_policy_templates/policy.yaml).
 3. Go into `//brave/browser/policy/brave_simple_policy_map.h` and add your entry here. It'll be auto-generated as `policy::key::k` and then the policy name. With the above example, that would be `policy::key::kBraveRewardsDisable`. You must map this to a profile preference (you must create a new one). That new preference is what you'll check in the code.
 4. In the code where you want to check the profile preference, you can tell if it's set via policy by checking `prefs->IsManagedPreference(<profile_preference_key_here>)`. If this is set to true, you might want to have the UI display something like `"This setting is managed by your organization"` and have it be read-only.

diff --git a/components/policy/resources/templates/policy_definitions/brave_policies.gni b/components/policy/resources/templates/policy_definitions/brave_policies.gni
@@ -0,0 +1,45 @@
+# Copyright (c) 2024 The Brave Authors. All rights reserved.
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this file,
+# You can obtain one at https://mozilla.org/MPL/2.0/.
+
+_brave_policies = [
+  "BraveSoftware/.group.details.yaml",
+  "BraveSoftware/BraveAIChatEnabled.yaml",
+  "BraveSoftware/BraveRewardsDisabled.yaml",
+  "BraveSoftware/BraveShieldsDisabledForUrls.yaml",
+  "BraveSoftware/BraveShieldsEnabledForUrls.yaml",
+  "BraveSoftware/BraveSyncUrl.yaml",
+  "BraveSoftware/BraveVPNDisabled.yaml",
+  "BraveSoftware/BraveWalletDisabled.yaml",
+  "BraveSoftware/IPFSEnabled.yaml",
+  "BraveSoftware/TorDisabled.yaml",
+]
+
+_brave_policies_sync_config_path =
+    "$root_build_dir/gen/brave_policies_sync_config.json"
+
+# List Brave's policy files as inputs for policy_templates.py to trigger a
+# rebuild if changes are detected.
+brave_generate_policy_templates_inputs =
+    get_path_info(_brave_policies, "abspath") +
+    [ _brave_policies_sync_config_path ]
+
+# Generate a policy list to copy into Chromium policy_definitions directory.
+# This is to be used by policy_templates.py override. Make sure to only generate
+# the file for the default toolchain as this gni can be used by multiple
+# toolchains.
+if (current_toolchain == default_toolchain) {
+  write_file(
+      _brave_policies_sync_config_path,
+      {
+        policies = _brave_policies
+        copy_from = rebase_path(
+                "//brave/components/policy/resources/templates/policy_definitions",
+                root_build_dir)
+        copy_to = rebase_path(
+                "//components/policy/resources/templates/policy_definitions",
+                root_build_dir)
+      },
+      "json")
+}
diff --git a/patches/components-policy-BUILD.gn.patch b/patches/components-policy-BUILD.gn.patch
@@ -0,0 +1,12 @@
+diff --git a/components/policy/BUILD.gn b/components/policy/BUILD.gn
+index ac21cc7238a1a4a9e819dc4dbefc13639597accf..5fd00e0e6b91584d0a7635d53794acd40d79b30a 100644
+--- a/components/policy/BUILD.gn
++++ b/components/policy/BUILD.gn
+@@ -103,6 +103,7 @@ action("generate_policy_templates") {
+     "--depfile",
+     rebase_path(policy_templates_deps_file, root_build_dir),
+   ]
++  import("//brave/components/policy/resources/templates/policy_definitions/brave_policies.gni") inputs = brave_generate_policy_templates_inputs
+ }
+
+ # Translates policy_templates.json into various languages.