diff --git a/browser/BUILD.gn b/browser/BUILD.gn index d62a83b2c2a5..8d660f4a3eaa 100644 --- a/browser/BUILD.gn +++ b/browser/BUILD.gn @@ -114,10 +114,11 @@ source_set("browser_process") { "renderer_host", "ui", "//base", - "//brave/browser/tor", + "//brave/browser/tor:buildflags", "//brave/browser/translate/buildflags", "//brave/browser/notifications", "//brave/common", + "//brave/common:pref_names", "//brave/components/brave_ads/browser", "//brave/components/brave_component_updater/browser", "//brave/components/brave_drm", @@ -143,6 +144,7 @@ source_set("browser_process") { "//components/gcm_driver:gcm_driver", "//components/gcm_driver:gcm_buildflags", "//components/password_manager/core/common", + "//components/policy/core/browser", "//components/prefs", "//components/safe_browsing/common:safe_browsing_prefs", "//components/search_engines", @@ -181,8 +183,6 @@ source_set("browser_process") { "//brave/app:brave_generated_resources_grit", ] } else { - - sources += [ "android/brave_relaunch_utils.cc", "android/brave_shields_content_settings.cc", @@ -218,8 +218,9 @@ source_set("browser_process") { if (enable_tor) { deps += [ + "//brave/browser/tor", "//brave/components/services/tor/public/cpp:manifest", - "tor", + "//brave/common/tor:pref_names", ] } diff --git a/browser/brave_browser_main_parts.h b/browser/brave_browser_main_parts.h index b3c1dbbe08f3..c3a39d3d9ff8 100644 --- a/browser/brave_browser_main_parts.h +++ b/browser/brave_browser_main_parts.h @@ -19,6 +19,8 @@ class BraveBrowserMainParts : public ChromeBrowserMainParts { void PostProfileInit() override; private: + friend class ChromeBrowserMainExtraPartsTor; + DISALLOW_COPY_AND_ASSIGN(BraveBrowserMainParts); }; diff --git a/browser/extensions/BUILD.gn b/browser/extensions/BUILD.gn index 0ef27c286b7d..bd17ad252a3c 100644 --- a/browser/extensions/BUILD.gn +++ b/browser/extensions/BUILD.gn @@ -1,3 +1,4 @@ +import("//brave/browser/tor/buildflags/buildflags.gni") import("//brave/components/brave_rewards/browser/buildflags/buildflags.gni") import("//brave/components/brave_sync/buildflags/buildflags.gni") import("//brave/components/brave_wallet/browser/buildflags/buildflags.gni") @@ -60,11 +61,13 @@ source_set("extensions") { deps = [ "//base", "//brave/app:brave_generated_resources_grit", + "//brave/common", "//brave/common:pref_names", "//brave/common/extensions/api", "//brave/components/brave_component_updater/browser", "//brave/components/brave_extension:generated_resources", "//brave/components/brave_extension:static_resources", + "//chrome/browser/extensions", "//components/gcm_driver:gcm_driver", "//components/gcm_driver:gcm_buildflags", "//components/prefs", @@ -110,6 +113,11 @@ source_set("extensions") { "brave_webtorrent_navigation_throttle.h", ] } + if (enable_tor) { + deps += [ + "//brave/browser/tor:buildflags", + ] + } } config("infura_config") { diff --git a/browser/extensions/brave_extension_management.cc b/browser/extensions/brave_extension_management.cc index b055bb3c9153..24f3e3ff714a 100644 --- a/browser/extensions/brave_extension_management.cc +++ b/browser/extensions/brave_extension_management.cc @@ -7,10 +7,8 @@ #include -#include "base/command_line.h" #include "brave/browser/brave_browser_process_impl.h" #include "brave/browser/tor/buildflags.h" -#include "brave/common/brave_switches.h" #include "brave/common/extensions/extension_constants.h" #include "brave/common/pref_names.h" #include "brave/browser/extensions/brave_extension_provider.h" @@ -35,6 +33,7 @@ BraveExtensionManagement::BraveExtensionManagement(Profile* profile) static_cast(profile))); providers_.push_back( std::make_unique()); + CleanupBraveExtensions(); RegisterBraveExtensions(); } @@ -43,14 +42,18 @@ BraveExtensionManagement::~BraveExtensionManagement() { void BraveExtensionManagement::RegisterBraveExtensions() { #if BUILDFLAG(ENABLE_TOR) - const base::CommandLine& command_line = - *base::CommandLine::ForCurrentProcess(); - if (!command_line.HasSwitch(switches::kDisableTorClientUpdaterExtension) && - !profile_->AsTestingProfile()) + if (!profile_->AsTestingProfile()) g_brave_browser_process->tor_client_updater()->Register(); #endif } +void BraveExtensionManagement::CleanupBraveExtensions() { +#if BUILDFLAG(ENABLE_TOR) + if (!profile_->AsTestingProfile()) + g_brave_browser_process->tor_client_updater()->Cleanup(); +#endif +} + void BraveExtensionManagement::OnExtensionLoaded( content::BrowserContext* browser_context, const Extension* extension) { diff --git a/browser/extensions/brave_extension_management.h b/browser/extensions/brave_extension_management.h index df73516ec92c..929e22341636 100644 --- a/browser/extensions/brave_extension_management.h +++ b/browser/extensions/brave_extension_management.h @@ -22,6 +22,7 @@ class BraveExtensionManagement : public ExtensionManagement, private: void RegisterBraveExtensions(); + void CleanupBraveExtensions(); // ExtensionRegistryObserver implementation. void OnExtensionLoaded( diff --git a/browser/extensions/brave_tor_client_updater.cc b/browser/extensions/brave_tor_client_updater.cc index 25a0e5c6ee66..8d97fe868b56 100644 --- a/browser/extensions/brave_tor_client_updater.cc +++ b/browser/extensions/brave_tor_client_updater.cc @@ -8,16 +8,27 @@ #include #include +#include "base/command_line.h" #include "base/files/file_enumerator.h" #include "base/files/file_path.h" #include "base/files/file_util.h" #include "base/task/post_task.h" #include "base/task_runner.h" #include "base/task_runner_util.h" +#include "brave/browser/tor/tor_profile_service.h" +#include "brave/common/brave_switches.h" +#include "chrome/browser/browser_process.h" +#include "chrome/browser/profiles/profile_manager.h" #include "third_party/re2/src/re2/re2.h" using brave_component_updater::BraveComponent; +namespace { +void DeleteDir(const base::FilePath& path) { + base::DeleteFile(path, true); +} +} // namespace + namespace extensions { namespace { @@ -110,15 +121,31 @@ BraveTorClientUpdater::~BraveTorClientUpdater() { } void BraveTorClientUpdater::Register() { - if (registered_) + const base::CommandLine& command_line = + *base::CommandLine::ForCurrentProcess(); + if (tor::TorProfileService::IsTorDisabled() || + command_line.HasSwitch(switches::kDisableTorClientUpdaterExtension) || + registered_) { return; + } BraveComponent::Register(kTorClientComponentName, - g_tor_client_component_id_, - g_tor_client_component_base64_public_key_); + g_tor_client_component_id_, + g_tor_client_component_base64_public_key_); registered_ = true; } +void BraveTorClientUpdater::Cleanup() { + // Delete tor binaries if tor is disabled by gpo. + if (tor::TorProfileService::IsTorDisabled()) { + ProfileManager* profile_manager = g_browser_process->profile_manager(); + base::FilePath tor_component_dir = + profile_manager->user_data_dir().AppendASCII(kTorClientComponentId); + GetTaskRunner()->PostTask(FROM_HERE, + base::BindOnce(&DeleteDir, tor_component_dir)); + } +} + void BraveTorClientUpdater::SetExecutablePath(const base::FilePath& path) { executable_path_ = path; for (Observer& observer : observers_) diff --git a/browser/extensions/brave_tor_client_updater.h b/browser/extensions/brave_tor_client_updater.h index e2ef2629676e..9be85ebc18fe 100644 --- a/browser/extensions/brave_tor_client_updater.h +++ b/browser/extensions/brave_tor_client_updater.h @@ -52,6 +52,7 @@ class BraveTorClientUpdater : public BraveComponent { ~BraveTorClientUpdater() override; void Register(); + void Cleanup(); base::FilePath GetExecutablePath() const; scoped_refptr GetTaskRunner() { return task_runner_; diff --git a/browser/policy/brave_policy_browsertest.cc b/browser/policy/brave_policy_browsertest.cc new file mode 100644 index 000000000000..44ba404f9927 --- /dev/null +++ b/browser/policy/brave_policy_browsertest.cc @@ -0,0 +1,93 @@ +/* Copyright (c) 2019 The Brave Authors. All rights reserved. + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "brave/browser/tor/buildflags.h" +#include "brave/common/pref_names.h" +#include "chrome/browser/profiles/profile.h" +#include "chrome/browser/ui/browser.h" +#include "chrome/test/base/in_process_browser_test.h" +#include "components/policy/core/browser/browser_policy_connector.h" +#include "components/policy/core/common/mock_configuration_policy_provider.h" +#include "components/policy/policy_constants.h" +#include "components/prefs/pref_service.h" + +#if BUILDFLAG(ENABLE_TOR) +#include "brave/browser/tor/tor_profile_service.h" +#include "brave/common/tor/pref_names.h" +#endif + +using testing::_; +using testing::Return; +using NoTorPolicyBrowserTest = InProcessBrowserTest; + +namespace policy { + +class BravePolicyTest : public InProcessBrowserTest { + protected: + BravePolicyTest() {} + ~BravePolicyTest() override {} + + void SetUpInProcessBrowserTestFixture() override { + EXPECT_CALL(provider_, IsInitializationComplete(_)) + .WillRepeatedly(Return(true)); + BrowserPolicyConnector::SetPolicyProviderForTesting(&provider_); + } + + MockConfigurationPolicyProvider provider_; +}; + +#if BUILDFLAG(ENABLE_TOR) +#if defined(OS_WIN) +// This policy only exists on Windows. +// Sets the tor policy before the browser is started. +class TorDisabledPolicyBrowserTest : public BravePolicyTest { + public: + TorDisabledPolicyBrowserTest() {} + ~TorDisabledPolicyBrowserTest() override {} + + void SetUpInProcessBrowserTestFixture() override { + BravePolicyTest::SetUpInProcessBrowserTestFixture(); + + PolicyMap policies; + policies.Set(key::kTorDisabled, POLICY_LEVEL_MANDATORY, + POLICY_SCOPE_MACHINE, POLICY_SOURCE_PLATFORM, + std::make_unique(true), nullptr); + provider_.UpdateChromePolicy(policies); + } +}; + +IN_PROC_BROWSER_TEST_F(TorDisabledPolicyBrowserTest, TorDisabledPrefValueTest) { + EXPECT_TRUE(tor::TorProfileService::IsTorDisabled()); +} + +class TorEnabledPolicyBrowserTest : public BravePolicyTest { + public: + TorEnabledPolicyBrowserTest() {} + ~TorEnabledPolicyBrowserTest() override {} + + void SetUpInProcessBrowserTestFixture() override { + BravePolicyTest::SetUpInProcessBrowserTestFixture(); + + PolicyMap policies; + policies.Set(key::kTorDisabled, POLICY_LEVEL_MANDATORY, + POLICY_SCOPE_MACHINE, POLICY_SOURCE_PLATFORM, + std::make_unique(false), nullptr); + provider_.UpdateChromePolicy(policies); + } +}; + +IN_PROC_BROWSER_TEST_F(TorEnabledPolicyBrowserTest, TorDisabledPrefValueTest) { + EXPECT_FALSE(tor::TorProfileService::IsTorDisabled()); +} + +// W/o TorDisabled group policy, kTorDisabled pref value should be false. +IN_PROC_BROWSER_TEST_F(NoTorPolicyBrowserTest, + DefaultTorDisabledPrefValueTest) { + EXPECT_FALSE(tor::TorProfileService::IsTorDisabled()); +} +#endif // OS_WIN +#endif // ENABLE_TOR + +} // namespace policy diff --git a/browser/tor/tor_profile_service.cc b/browser/tor/tor_profile_service.cc index db996a4723fe..56be59340af7 100644 --- a/browser/tor/tor_profile_service.cc +++ b/browser/tor/tor_profile_service.cc @@ -56,6 +56,13 @@ void TorProfileService::RegisterLocalStatePrefs(PrefRegistrySimple* registry) { const std::string tor_proxy_uri = std::string(kTorProxyScheme) + std::string(kTorProxyAddress) + ":" + port; registry->RegisterStringPref(prefs::kTorProxyString, tor_proxy_uri); + // Tor for group policy. Only can be true by group policy. + registry->RegisterBooleanPref(prefs::kTorDisabled, false); +} + +// static +bool TorProfileService::IsTorDisabled() { + return g_browser_process->local_state()->GetBoolean(prefs::kTorDisabled); } std::string TorProfileService::GetTorProxyURI() { diff --git a/browser/tor/tor_profile_service.h b/browser/tor/tor_profile_service.h index f6bacc5e500f..6b2dd955f5e5 100644 --- a/browser/tor/tor_profile_service.h +++ b/browser/tor/tor_profile_service.h @@ -39,6 +39,7 @@ class TorProfileService : public KeyedService { ~TorProfileService() override; static void RegisterLocalStatePrefs(PrefRegistrySimple* registry); + static bool IsTorDisabled(); virtual void SetNewTorCircuit(content::WebContents* web_contents) = 0; virtual std::unique_ptr diff --git a/browser/ui/BUILD.gn b/browser/ui/BUILD.gn index 85b2ae0eb1d5..e8ee1c69b975 100644 --- a/browser/ui/BUILD.gn +++ b/browser/ui/BUILD.gn @@ -155,16 +155,21 @@ source_set("ui") { "//brave/browser:sparkle_buildflags", "//brave/browser/devtools", "//brave/browser/gcm_driver", + "//brave/browser/profiles", "//brave/browser/resources/settings:resources", "//brave/browser/tor", "//brave/common", + "//brave/common:pref_names", "//brave/components/brave_adblock_ui:generated_resources", "//brave/components/brave_new_tab_ui:generated_resources", "//brave/components/brave_rewards/browser", "//brave/components/brave_rewards/resources", "//brave/components/brave_shields/browser", + "//brave/components/brave_sync/buildflags:buildflags", + "//brave/components/brave_wallet/browser/buildflags:buildflags", "//brave/components/brave_welcome_ui:generated_resources", "//chrome/app:command_ids", + "//chrome/app/vector_icons:vector_icons", "//chrome/common", "//components/gcm_driver:gcm_buildflags", "//components/prefs", @@ -182,6 +187,7 @@ source_set("ui") { "//brave/components/brave_sync", "//brave/components/brave_sync:generated_resources", "//brave/components/brave_sync:static_resources", + "//brave/components/brave_sync:switches", ] } diff --git a/browser/ui/brave_browser_command_controller.cc b/browser/ui/brave_browser_command_controller.cc index 36ea5c81a77b..b81c299c5952 100644 --- a/browser/ui/brave_browser_command_controller.cc +++ b/browser/ui/brave_browser_command_controller.cc @@ -12,6 +12,7 @@ #include "brave/browser/tor/buildflags.h" #include "brave/browser/ui/brave_pages.h" #include "brave/browser/ui/browser_commands.h" +#include "brave/common/pref_names.h" #include "brave/components/brave_rewards/browser/buildflags/buildflags.h" #include "brave/components/brave_sync/buildflags/buildflags.h" #include "brave/components/brave_wallet/browser/buildflags/buildflags.h" @@ -20,11 +21,16 @@ #include "chrome/browser/ui/browser.h" #include "chrome/browser/ui/browser_commands.h" #include "chrome/browser/ui/tabs/tab_strip_model.h" +#include "components/prefs/pref_service.h" #if BUILDFLAG(ENABLE_BRAVE_SYNC) #include "brave/components/brave_sync/switches.h" #endif +#if BUILDFLAG(ENABLE_TOR) +#include "brave/browser/tor/tor_profile_service.h" +#endif + namespace { bool IsBraveCommands(int id) { @@ -133,8 +139,11 @@ void BraveBrowserCommandController::UpdateCommandForBraveAdblock() { } void BraveBrowserCommandController::UpdateCommandForTor() { - UpdateCommandEnabled(IDC_NEW_TOR_CONNECTION_FOR_SITE, true); - UpdateCommandEnabled(IDC_NEW_OFFTHERECORD_WINDOW_TOR, true); +#if BUILDFLAG(ENABLE_TOR) + const bool is_tor_enabled = !tor::TorProfileService::IsTorDisabled(); + UpdateCommandEnabled(IDC_NEW_TOR_CONNECTION_FOR_SITE, is_tor_enabled); + UpdateCommandEnabled(IDC_NEW_OFFTHERECORD_WINDOW_TOR, is_tor_enabled); +#endif } void BraveBrowserCommandController::UpdateCommandForBraveSync() { diff --git a/browser/ui/toolbar/brave_app_menu_model.cc b/browser/ui/toolbar/brave_app_menu_model.cc index 5f64f285ae3d..90a437b10ad2 100644 --- a/browser/ui/toolbar/brave_app_menu_model.cc +++ b/browser/ui/toolbar/brave_app_menu_model.cc @@ -79,7 +79,9 @@ void BraveAppMenuModel::InsertBraveMenuItems() { IDS_NEW_TOR_CONNECTION_FOR_SITE); } - InsertItemWithStringIdAt(GetIndexOfCommandId(IDC_NEW_INCOGNITO_WINDOW) + 1, - IDC_NEW_OFFTHERECORD_WINDOW_TOR, - IDS_NEW_OFFTHERECORD_WINDOW_TOR); + if (IsCommandIdEnabled(IDC_NEW_OFFTHERECORD_WINDOW_TOR)) { + InsertItemWithStringIdAt(GetIndexOfCommandId(IDC_NEW_INCOGNITO_WINDOW) + 1, + IDC_NEW_OFFTHERECORD_WINDOW_TOR, + IDS_NEW_OFFTHERECORD_WINDOW_TOR); + } } diff --git a/browser/ui/toolbar/brave_app_menu_model_browsertest.cc b/browser/ui/toolbar/brave_app_menu_model_browsertest.cc index fd0a6b06bf5b..6159e48c591b 100644 --- a/browser/ui/toolbar/brave_app_menu_model_browsertest.cc +++ b/browser/ui/toolbar/brave_app_menu_model_browsertest.cc @@ -8,10 +8,16 @@ #include #include "brave/app/brave_command_ids.h" +#include "brave/browser/tor/buildflags.h" #include "brave/browser/ui/brave_browser_command_controller.h" +#include "brave/common/pref_names.h" +#include "brave/common/tor/pref_names.h" #include "brave/components/brave_rewards/browser/buildflags/buildflags.h" #include "brave/components/brave_sync/buildflags/buildflags.h" #include "brave/components/brave_wallet/browser/buildflags/buildflags.h" +#include "chrome/browser/browser_process.h" +#include "chrome/browser/chrome_browser_main.h" +#include "chrome/browser/chrome_browser_main_extra_parts.h" #include "chrome/browser/chrome_notification_types.h" #include "chrome/browser/profiles/profile.h" #include "chrome/browser/profiles/profile_window.h" @@ -19,6 +25,7 @@ #include "chrome/browser/ui/views/frame/browser_view.h" #include "chrome/browser/ui/views/toolbar/toolbar_view.h" #include "chrome/test/base/in_process_browser_test.h" +#include "components/prefs/pref_service.h" #include "content/public/browser/notification_service.h" #include "content/public/test/test_utils.h" @@ -40,6 +47,16 @@ IN_PROC_BROWSER_TEST_F(BraveAppMenuBrowserTest, BasicTest) { #endif auto* command_controller = browser()->command_controller(); +#if BUILDFLAG(ENABLE_TOR) + EXPECT_NE( + -1, normal_model.GetIndexOfCommandId(IDC_NEW_OFFTHERECORD_WINDOW_TOR)); + // Check tor browser commands are disabled. + EXPECT_TRUE( + command_controller->IsCommandEnabled(IDC_NEW_TOR_CONNECTION_FOR_SITE)); + EXPECT_TRUE( + command_controller->IsCommandEnabled(IDC_NEW_OFFTHERECORD_WINDOW_TOR)); +#endif + #if BUILDFLAG(BRAVE_REWARDS_ENABLED) EXPECT_TRUE(command_controller->IsCommandEnabled(IDC_SHOW_BRAVE_REWARDS)); #else @@ -116,3 +133,46 @@ IN_PROC_BROWSER_TEST_F(BraveAppMenuBrowserTest, BasicTest) { EXPECT_FALSE(command_controller->IsCommandEnabled(IDC_SHOW_BRAVE_SYNC)); EXPECT_FALSE(command_controller->IsCommandEnabled(IDC_SHOW_BRAVE_WALLET)); } + +#if BUILDFLAG(ENABLE_TOR) +class ChromeBrowserMainExtraPartsTor : public ChromeBrowserMainExtraParts { + public: + ChromeBrowserMainExtraPartsTor() = default; + + // ChromeBrowserMainExtraParts: + void PostProfileInit() override { + g_browser_process->local_state()->SetBoolean(tor::prefs::kTorDisabled, + true); + } + + private: + DISALLOW_COPY_AND_ASSIGN(ChromeBrowserMainExtraPartsTor); +}; + +class BraveAppMenuBrowserTestWithTorDisabledPolicy + : public InProcessBrowserTest { + public: + void CreatedBrowserMainParts(content::BrowserMainParts* parts) override { + static_cast(parts)->AddParts( + new ChromeBrowserMainExtraPartsTor); + } +}; + +// If tor is disabled, corresponding menu and commands should be also disabled. +IN_PROC_BROWSER_TEST_F(BraveAppMenuBrowserTestWithTorDisabledPolicy, + TorDisabledTest) { + auto* browser_view = BrowserView::GetBrowserViewForBrowser(browser()); + BraveAppMenuModel normal_model(browser_view->toolbar(), browser()); + normal_model.Init(); + + // -1 means |model| doesn't have passed command id. + EXPECT_EQ( + -1, normal_model.GetIndexOfCommandId(IDC_NEW_OFFTHERECORD_WINDOW_TOR)); + auto* command_controller = browser()->command_controller(); + // Check tor browser commands are disabled. + EXPECT_FALSE( + command_controller->IsCommandEnabled(IDC_NEW_TOR_CONNECTION_FOR_SITE)); + EXPECT_FALSE( + command_controller->IsCommandEnabled(IDC_NEW_OFFTHERECORD_WINDOW_TOR)); +} +#endif diff --git a/browser/ui/views/profiles/brave_profile_menu_view_helper.cc b/browser/ui/views/profiles/brave_profile_menu_view_helper.cc index 4d0d62934288..f7fd46c90fd2 100644 --- a/browser/ui/views/profiles/brave_profile_menu_view_helper.cc +++ b/browser/ui/views/profiles/brave_profile_menu_view_helper.cc @@ -16,6 +16,7 @@ #if BUILDFLAG(ENABLE_TOR) #include "brave/browser/extensions/brave_tor_client_updater.h" +#include "brave/browser/tor/tor_profile_service.h" #endif namespace { @@ -27,7 +28,8 @@ namespace brave { bool ShouldShowTorProfileButton(Profile* profile) { DCHECK(profile); #if BUILDFLAG(ENABLE_TOR) - return !brave::IsTorProfile(profile) && + return !tor::TorProfileService::IsTorDisabled() && + !brave::IsTorProfile(profile) && !g_brave_browser_process->tor_client_updater()->GetExecutablePath() .empty(); #else diff --git a/chromium_src/chrome/browser/policy/configuration_policy_handler_list_factory.cc b/chromium_src/chrome/browser/policy/configuration_policy_handler_list_factory.cc new file mode 100644 index 000000000000..d5745c1ce06c --- /dev/null +++ b/chromium_src/chrome/browser/policy/configuration_policy_handler_list_factory.cc @@ -0,0 +1,52 @@ +/* Copyright (c) 2019 The Brave Authors. All rights reserved. + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "base/stl_util.h" +#include "brave/browser/tor/buildflags.h" +#include "brave/common/pref_names.h" +#include "brave/common/tor/pref_names.h" +#include "chrome/browser/policy/configuration_policy_handler_list_factory.h" +#include "components/policy/core/browser/configuration_policy_handler.h" +#include "components/policy/policy_constants.h" + +namespace { + +// Wrap whole array definition in TOR to avoid unused varilable build error. +// It can happen if platform doesn't support tor. +#if BUILDFLAG(ENABLE_TOR) +const policy::PolicyToPreferenceMapEntry kBraveSimplePolicyMap[] = { + { policy::key::kTorDisabled, + tor::prefs::kTorDisabled, + base::Value::Type::BOOLEAN }, +}; +#endif + +} // namespace + +#define BuildHandlerList BuildHandlerList_ChromiumImpl +#include "../../../../../chrome/browser/policy/configuration_policy_handler_list_factory.cc" // NOLINT +#undef BuildHandlerList + +namespace policy { + +std::unique_ptr BuildHandlerList( + const Schema& chrome_schema) { + std::unique_ptr handlers = + BuildHandlerList_ChromiumImpl(chrome_schema); + + // TODO(simonhong): Remove this guard when array size is not empty w/o tor. + // base::size failed to instantiate with zero-size array. +#if BUILDFLAG(ENABLE_TOR) + for (size_t i = 0; i < base::size(kBraveSimplePolicyMap); ++i) { + handlers->AddHandler(std::make_unique( + kBraveSimplePolicyMap[i].policy_name, + kBraveSimplePolicyMap[i].preference_path, + kBraveSimplePolicyMap[i].value_type)); + } +#endif + return handlers; +} + +} // namespace policy diff --git a/chromium_src/chrome/browser/renderer_context_menu/render_view_context_menu.cc b/chromium_src/chrome/browser/renderer_context_menu/render_view_context_menu.cc index 9fbc0134f222..fb09592705f2 100644 --- a/chromium_src/chrome/browser/renderer_context_menu/render_view_context_menu.cc +++ b/chromium_src/chrome/browser/renderer_context_menu/render_view_context_menu.cc @@ -9,6 +9,10 @@ #include "brave/browser/translate/buildflags/buildflags.h" #include "brave/browser/renderer_context_menu/brave_spelling_options_submenu_observer.h" +#if BUILDFLAG(ENABLE_TOR) +#include "brave/browser/tor/tor_profile_service.h" +#endif + // Our .h file creates a masquerade for RenderViewContextMenu. Switch // back to the Chromium one for the Chromium implementation. #undef RenderViewContextMenu @@ -34,6 +38,8 @@ bool BraveRenderViewContextMenu::IsCommandIdEnabled(int id) const { switch (id) { case IDC_CONTENT_CONTEXT_OPENLINKTOR: #if BUILDFLAG(ENABLE_TOR) + if (tor::TorProfileService::IsTorDisabled()) + return false; return params_.link_url.is_valid() && IsURLAllowedInIncognito(params_.link_url, browser_context_) && !brave::IsTorProfile(GetProfile()); @@ -78,9 +84,11 @@ void BraveRenderViewContextMenu::AddSpellCheckServiceItem( void BraveRenderViewContextMenu::InitMenu() { RenderViewContextMenu_Chromium::InitMenu(); +#if BUILDFLAG(ENABLE_TOR) // Add Open Link with Tor int index = -1; - if (!params_.link_url.is_empty()) { + if (!tor::TorProfileService::IsTorDisabled() && + !params_.link_url.is_empty()) { const Browser* browser = GetBrowser(); const bool is_app = browser && browser->is_type_app(); @@ -94,6 +102,7 @@ void BraveRenderViewContextMenu::InitMenu() { is_app ? IDS_CONTENT_CONTEXT_OPENLINKTOR_INAPP : IDS_CONTENT_CONTEXT_OPENLINKTOR); } +#endif // Only show the translate item when go-translate is enabled. #if !BUILDFLAG(ENABLE_BRAVE_TRANSLATE_GO) diff --git a/chromium_src/chrome/common/url_constants.cc b/chromium_src/chrome/common/url_constants.cc index a30a2ca247e2..45f73a6eb447 100644 --- a/chromium_src/chrome/common/url_constants.cc +++ b/chromium_src/chrome/common/url_constants.cc @@ -183,9 +183,7 @@ const char kLegacySupervisedUserManagementDisplayURL[] = const char kLegacySupervisedUserManagementURL[] = "https://support.brave.com/"; -// TODO(nicolaso): Replace with a p-link once it's ready. b/117655761 -const char kManagedUiLearnMoreUrl[] = - "https://support.google.com/chromebook/answer/1331549"; +const char kManagedUiLearnMoreUrl[] = "https://support.brave.com/"; const char kMyActivityUrlInClearBrowsingData[] = "https://support.brave.com/"; diff --git a/chromium_src/components/management_strings.grdp b/chromium_src/components/management_strings.grdp new file mode 100644 index 000000000000..6caa715ec817 --- /dev/null +++ b/chromium_src/components/management_strings.grdp @@ -0,0 +1,188 @@ + + + + + + + Settings - Management + + + Settings + + + + + + Your $1Bravebook is managed + + + Your $1Bravebook is managed by $2example.com + + + Your $1Bravebook is not managed + + + + + + + Your browser is managed + + + Your browser is managed by $1example.com + + + Your browser is not managed + + + + + + + Your administrator can change your browser setup remotely. Activity on this device may also be managed outside of Brave. <a target="_blank" href="$1">Learn More</a> + + + This browser is not managed by a company or other organization. Activity on this device may be managed outside of Brave. <a target="_blank" href="$1">Learn More</a> + + + + + + + This device and account are not managed by a company or other organization. + + + Your device is managed by $1example.com and your account is managed by $2example.com. + + + Your device and account are managed by $1example.com. + + + Your account is managed by $1example.com. + + + + + + + Custom root certificates + + + Administrators of this device have set up security certificates that may allow them to see the content of websites you visit. + + + + Device + + + Your administrator can see: + + + Who has used the device recently + + + Who has used the device recently and when + + + Device statistics such as CPU/RAM usage + + + Detailed system logs + + + Network addresses + + + Names of files that you print + + + Linux apps installed and when they were last used + + + + + + Extensions + + + The administrator of this device has installed extensions for additional functions. Extensions have access to some of your data. + + + $1example.com has installed extensions for additional functions. Extensions have access to some of your data. + + + Name + + + Permissions + + + + + Browser + + + Your administrator can see: + + + Your device name + + + Your device name and network address + + + Your device username and Brave username + + + Version information about your device and browser + + + Information about installed extensions and plugins + + + <a target="_blank" href="$1"><a target="_blank" href="https://example.com">Safe Browsing</a></a> warnings + + + Websites you visit and time spent on them + + + Performance data and crash reports + + + + + Brave Enterprise Threat Protection + + + Your administrator has enabled Brave Enterprise Threat Protection on your browser. Brave Enterprise Threat Protection has access to some of your data. + + + $1example.com has enabled Brave Enterprise Threat Protection on your browser. Brave Enterprise Threat Protection has access to some of your data. + + + Data Loss Prevention + + + Scan the contents of the cache and files that you download or upload in Brave. + + + Malware Scanning + + + Scan files that you download or upload in Brave. + + + Enterprise Reporting + + + Share data about security events that have been flagged by Brave Enterprise Threat Protection with your Administrator. These may include page urls, file name and file metadata, your device username and Brave username. + + diff --git a/common/tor/pref_names.cc b/common/tor/pref_names.cc index 45792fddd1e5..55872cf2d744 100644 --- a/common/tor/pref_names.cc +++ b/common/tor/pref_names.cc @@ -8,7 +8,8 @@ namespace tor { namespace prefs { -extern const char kTorProxyString[] = "tor.tor_proxy_string"; +const char kTorProxyString[] = "tor.tor_proxy_string"; +const char kTorDisabled[] = "tor.tor_disabled"; } // namespace prefs } // namespace tor diff --git a/common/tor/pref_names.h b/common/tor/pref_names.h index 81a8c74e186a..571de27e0b43 100644 --- a/common/tor/pref_names.h +++ b/common/tor/pref_names.h @@ -10,6 +10,7 @@ namespace tor { namespace prefs { extern const char kTorProxyString[]; +extern const char kTorDisabled[]; } // namespace prefs } // namespace tor diff --git a/patches/components-policy-tools-generate_policy_source.py.patch b/patches/components-policy-tools-generate_policy_source.py.patch new file mode 100644 index 000000000000..11508013e4c2 --- /dev/null +++ b/patches/components-policy-tools-generate_policy_source.py.patch @@ -0,0 +1,20 @@ +diff --git a/components/policy/tools/generate_policy_source.py b/components/policy/tools/generate_policy_source.py +index 28db4dd238ad33e4a250d93c1ef90678e5c31ef8..6a308a65e6865f1d77e3761bf7e0661fb5b78130 100755 +--- a/components/policy/tools/generate_policy_source.py ++++ b/components/policy/tools/generate_policy_source.py +@@ -26,6 +26,7 @@ from xml.sax.saxutils import escape as xml_escape + CHROME_POLICY_KEY = 'SOFTWARE\\\\Policies\\\\Google\\\\Chrome' + CHROMIUM_POLICY_KEY = 'SOFTWARE\\\\Policies\\\\Chromium' + ++from policy_source_helper import AddBravePolicies, CHROMIUM_POLICY_KEY + + class PolicyDetails: + """Parses a policy template and caches all its details.""" +@@ -335,6 +336,7 @@ def main(): + chrome_major_version = ParseVersionFile(version_path) + + template_file_contents = _LoadJSONFile(template_file_name) ++ AddBravePolicies(template_file_contents) + risk_tags = RiskTags(template_file_contents) + policy_details = [ + PolicyDetails(policy, chrome_major_version, target_platform, diff --git a/script/policy_source_helper.py b/script/policy_source_helper.py new file mode 100644 index 000000000000..cbab4148a458 --- /dev/null +++ b/script/policy_source_helper.py @@ -0,0 +1,37 @@ +#!/usr/bin/env python + +# Copyright (c) 2019 The Brave Authors. All rights reserved. +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this file, +# You can obtain one at http://mozilla.org/MPL/2.0/. */ + + +CHROMIUM_POLICY_KEY = 'SOFTWARE\\\\Policies\\\\BraveSoftware\\\\Brave' + + +def AddBravePolicies(template_file_contents): + highest_id = template_file_contents['highest_id_currently_used'] + policies = [ + { + 'name': 'TorDisabled', + 'type': 'main', + 'schema': {'type': 'boolean'}, + 'supported_on': ['chrome.win:78-'], + 'features': {'dynamic_refresh': False, 'per_profile': False}, + 'example_value': True, + 'id': 0, + 'caption': '''Disables the tor feature.''', + 'tags': [], + 'desc': '''This policy allows an admin to specify that tor feature must be disabled at startup.''', + }, + ] + + """Our new polices are added with highest id""" + next_id = highest_id + for policy in policies: + next_id += 1 + policy['id'] = next_id + template_file_contents['policy_definitions'].append(policy) + + """Update highest id""" + template_file_contents['highest_id_currently_used'] = highest_id + len(policies) diff --git a/test/BUILD.gn b/test/BUILD.gn index d7d8b43ee517..631c7defab8b 100644 --- a/test/BUILD.gn +++ b/test/BUILD.gn @@ -495,6 +495,7 @@ test("brave_browser_tests") { "//brave/browser/net/brave_network_delegate_browsertest.cc", "//brave/browser/net/brave_network_delegate_hsts_fingerprinting_browsertest.cc", "//brave/browser/net/brave_system_request_handler_browsertest.cc", + "//brave/browser/policy/brave_policy_browsertest.cc", "//brave/browser/profiles/brave_profile_manager_browsertest.cc", "//brave/browser/renderer_context_menu/brave_mock_render_view_context_menu.cc", "//brave/browser/renderer_context_menu/brave_mock_render_view_context_menu.h", @@ -611,7 +612,17 @@ test("brave_browser_tests") { defines = [ "HAS_OUT_OF_PROC_TEST_RUNNER" ] deps += [ + "//brave/app:command_ids", + "//brave/browser/tor:buildflags", + "//brave/common:pref_names", + "//brave/common/tor:pref_names", + "//brave/components/brave_rewards/browser/buildflags:buildflags", + "//brave/components/brave_sync/buildflags:buildflags", + "//brave/components/brave_wallet/browser/buildflags:buildflags", "//chrome/browser/ui", + "//chrome/test:test_support_ui", + "//components/prefs", + "//content/test:test_support", "//ppapi/buildflags", ":brave_browser_tests_deps", ":browser_tests_runner",