Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable tor by group policy on Windows. #3692

Merged
merged 17 commits into from
Nov 5, 2019
Merged

Disable tor by group policy on Windows. #3692

merged 17 commits into from
Nov 5, 2019

Conversation

simonhong
Copy link
Member

@simonhong simonhong commented Oct 14, 2019
edited by bsclifton
Loading

Introduce TorDisabled group policy for disabling tor feature.
also disable Tor.
This should be merged with brave/brave-browser#6475.

Fix brave/brave-browser#454
Fix brave/brave-browser#6044

When TorDisabled policy is set to registry (HKCU|HKLM\\Software\\Policies\\BraveSoftware\\Brave),
new menu item is visible in app menu like below.
Annotation 2019-10-15 180215

brave branding brave://management webui page that can be opened by above menu item.
Annotation 2019-10-15 193105

Submitter Checklist:

Test Plan:

Reviewer Checklist:

  • New files have MPL-2.0 license header.
  • Request a security/privacy review as needed.
  • Adequate test coverage exists to prevent regressions
  • Verify test plan is specified in PR before merging to source

After-merge Checklist:

  • The associated issue milestone is set to the smallest version that the
    changes has landed on.
  • All relevant documentation has been updated.

@simonhong simonhong self-assigned this Oct 14, 2019
@simonhong simonhong force-pushed the group_policy_for_tor branch from 644ddcd to 4dc5dac Compare October 15, 2019 05:02
@simonhong simonhong added this to the 0.72.x - Nightly milestone Oct 15, 2019
@simonhong simonhong marked this pull request as ready for review October 15, 2019 06:30
@simonhong simonhong requested a review from bridiver as a code owner October 15, 2019 06:30
@simonhong simonhong force-pushed the group_policy_for_tor branch from f30440d to 7cc4db3 Compare October 15, 2019 06:31
@simonhong simonhong requested review from yrliou and bsclifton October 15, 2019 06:31
@simonhong simonhong force-pushed the group_policy_for_tor branch 2 times, most recently from 3650fe2 to 27df30d Compare October 15, 2019 10:21
@simonhong simonhong added the CI/skip Do not run CI builds (except noplatform) label Oct 15, 2019
@simonhong simonhong changed the title Add group policy for tor on Windows Add group policy for tor on Windows and disable tor feature. Oct 15, 2019
@simonhong simonhong changed the title Add group policy for tor on Windows and disable tor feature. Disable tor by group policy on Windows. Oct 15, 2019
@simonhong simonhong requested a review from darkdh October 15, 2019 13:25
@simonhong
Copy link
Member Author

simonhong commented Oct 15, 2019
edited
Loading

I think all entry point for tor window are disabled and hidden. Also, tor component updater is not registered when tor is disabled by gpo.
According to the spec(https://docs.google.com/document/d/1xlfgDbk95aPmLNOQWwqIQtpvYuqACGVUgOg0nv4opZw), one last thing I should do is deleting tor binary if exists.
For this, I need help from tor expert. (I don't know what tor binary is)
cc @bsclifton @darkdh @yrliou

=> pushed commit that deletes tor binaries also.

@simonhong simonhong removed the CI/skip Do not run CI builds (except noplatform) label Oct 15, 2019
@simonhong simonhong mentioned this pull request Oct 15, 2019
Merged
28 tasks
@simonhong simonhong force-pushed the group_policy_for_tor branch 2 times, most recently from 3704b53 to 8aefc2c Compare October 16, 2019 03:50
simonhong
simonhong commented Oct 16, 2019
View reviewed changes
patches/components-policy-tools-generate_policy_source.py.patch Outdated

CHROME_POLICY_KEY = 'SOFTWARE\\\\Policies\\\\Google\\\\Chrome'
-CHROMIUM_POLICY_KEY = 'SOFTWARE\\\\Policies\\\\Chromium'
+CHROMIUM_POLICY_KEY = 'SOFTWARE\\\\Policies\\\\Brave'
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or this should be SOFTWARE\\\\Policies\\\\BraveSoftware\\\\Brave ?

Copy link
Member Author

@simonhong simonhong Oct 16, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed to use SOFTWARE\\\\Policies\\\\BraveSoftware\\\\Brave because omaha updater uses SOFTWARE\\\\Policies\\\\BraveSoftware\\\\Update for its policy.

@simonhong
Copy link
Member Author

This PR is ready to review.

@simonhong simonhong force-pushed the group_policy_for_tor branch from 38f534b to 9312473 Compare October 16, 2019 14:01
darkdh
darkdh reviewed Oct 16, 2019
View reviewed changes
common/pref_names.h Outdated Show resolved Hide resolved
@simonhong simonhong force-pushed the group_policy_for_tor branch from 9312473 to 638b1cd Compare October 17, 2019 14:18
@simonhong simonhong force-pushed the group_policy_for_tor branch from 1d89fb6 to 7b269c1 Compare October 28, 2019 02:47
@simonhong
Copy link
Member Author

Kindly ping to reviewers :)

@bsclifton bsclifton mentioned this pull request Oct 28, 2019
Closed
@simonhong
Add tests cases to app menu test for tor disabled
336fe9f
@simonhong
Change group policy registry path on Win
a04ca93 
SOFTWARE\\Policies\\BraveSoftware\Brave should be better because we
already use SOFTWARE\\Policies\\BraveSoftware\Update for update policy.
@simonhong
Delete tor binaries if tor is disabled by gpo
014d46f
@simonhong
Move kTorDisabled prefs to local state.
3c2d2b6
@simonhong
Move some more codes into ENABLE_TOR build flag
29c0084
@simonhong
Address review comments
58d429d 
* Fix trivial var naming and refactoring
* Delete un-related header including
* Add BraveTorClientUpdater::Cleanup() instead of deleting tor extension
  directly from BraveExtensionManagement.
@simonhong
Add brave policy definitions by scripts instead of modifying json
85bc3cb 
With this, we don't need to rebase policy_templates.json.
@simonhong
Fix python script lint error
8ff4423
@simonhong
Add some targets directly into deps list if it is used directly
aca4e5c 
Also, patching of CHROMIUM_POLICY_KEY is deleted.
We can override it by importing from other file.
@simonhong
Fix unitest failure due to access null browser_process object
054fd5a 
Also, tor-specific code for tor component is moved to tor client
updater.
@simonhong simonhong force-pushed the group_policy_for_tor branch from 81bae87 to 054fd5a Compare November 5, 2019 01:44
@simonhong simonhong requested review from bridiver and darkdh November 5, 2019 01:45
@simonhong
Copy link
Member Author

CI seems not success but some fails are not related with this PR(audit and ios failure).
ios failure occured at the early stage maybe some internal error and it was also success in previous ci build.

@simonhong simonhong merged commit b56e7c5 into master Nov 5, 2019
@simonhong simonhong deleted the group_policy_for_tor branch November 5, 2019 23:09
simonhong added a commit that referenced this pull request Nov 7, 2019
@simonhong
Merge pull request #3692 from brave/group_policy_for_tor
f73f085 
Disable tor by group policy on Windows.
@simonhong simonhong mentioned this pull request Nov 7, 2019
Closed
4 tasks
simonhong added a commit that referenced this pull request Nov 7, 2019
@simonhong
Merge pull request #3692 from brave/group_policy_for_tor
5a6f465 
Disable tor by group policy on Windows.
@simonhong simonhong mentioned this pull request Nov 7, 2019
Closed
4 tasks
simonhong added a commit that referenced this pull request Nov 11, 2019
@simonhong
Merge pull request #3692 from brave/group_policy_for_tor
a4dfd66 
Disable tor by group policy on Windows.
mkarolin added a commit that referenced this pull request Dec 3, 2019
@mkarolin
Fixes crash in BookmarksApiUnittest.Update unit test.
8fa87c7 
The crash happens due to dereferencing an unintialized pointer.
This is fixed on master as part of
#3692, specifically in
054fd5a
but I don't think we should be uplifting all that just for a unit test
crash. So, instead just added a pointer null check.
@tildelowengrimm
Copy link
Contributor

This should cover brave/brave-browser#6584 too.

@bsclifton bsclifton mentioned this pull request Dec 9, 2019
Closed
@jonathansampson jonathansampson mentioned this pull request Sep 21, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@darkdh darkdh darkdh approved these changes

@bsclifton bsclifton bsclifton approved these changes

@bridiver bridiver bridiver approved these changes

@yrliou yrliou Awaiting requested review from yrliou

@riastradh-brave riastradh-brave Awaiting requested review from riastradh-brave

Assignees

@simonhong simonhong

Labels
None yet
Projects
None yet
Milestone
1.3.x - Release
Development

Successfully merging this pull request may close these issues.

Make tor feature disable at runtime Add a way to disable Tor via admin policy
5 participants
@simonhong @bsclifton @tildelowengrimm @bridiver @darkdh