| // |
| // DO NOT MODIFY THIS FILE DIRECTLY! |
| // IT IS GENERATED BY generate_policy_source.py |
| // FROM ../../components/policy/resources/policy_templates.json |
| // |
| |
| |
| syntax = "proto2"; |
| |
| //option optimize_for = LITE_RUNTIME; |
| |
| package enterprise_management; |
| |
| // For StringList and PolicyOptions. |
| import "cloud_policy_full_runtime.proto"; |
| |
| // PBs for individual settings. |
| |
| // Configure the home page URL |
| // |
| // Configures the default home page URL in Google Chrome and prevents users from |
| // changing it. |
| // |
| // The home page is the page opened by the Home button. The pages that open on |
| // startup are controlled by the RestoreOnStartup policies. |
| // |
| // The home page type can either be set to a URL you specify here or set to the |
| // New Tab Page. If you select the New Tab Page, then this policy does not take |
| // effect. |
| // |
| // If you enable this setting, users cannot change their home page URL in Google |
| // Chrome, but they can still choose the New Tab Page as their home page. |
| // |
| // Leaving this policy not set will allow the user to choose their home page on |
| // their own if HomepageIsNewTabPage is not set too. |
| // |
| // The URL must have a standard scheme, e.g. "http://example.com" or |
| // "https://example.com". |
| // |
| // This policy is available only on Windows instances that are joined to a |
| // Microsoft® Active Directory® domain. or Windows 10 Pro or Enterprise |
| // instances that enrolled for device management. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message HomepageLocationProto { |
| optional PolicyOptions policy_options = 1; |
| optional string HomepageLocation = 2; |
| } |
| |
| // Use New Tab Page as homepage |
| // |
| // Configures the type of the default home page in Google Chrome and prevents |
| // users from changing home page preferences. The home page can either be set to |
| // a URL you specify or set to the New Tab Page. |
| // |
| // If you enable this setting, the New Tab Page is always used for the home |
| // page, and the home page URL location is ignored. |
| // |
| // If you disable this setting, the user's homepage will never be the New Tab |
| // Page, unless its URL is set to 'chrome://newtab'. |
| // |
| // If you enable or disable this setting, users cannot change their homepage |
| // type in Google Chrome. |
| // |
| // Leaving this policy not set will allow the user to choose whether the new tab |
| // page is their home page on their own. |
| // |
| // This policy is available only on Windows instances that are joined to a |
| // Microsoft® Active Directory® domain. or Windows 10 Pro or Enterprise |
| // instances that enrolled for device management. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message HomepageIsNewTabPageProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool HomepageIsNewTabPage = 2; |
| } |
| |
| // Configure the New Tab page URL |
| // |
| // Configures the default New Tab page URL and prevents users from changing it. |
| // |
| // The New Tab page is the page opened when new tabs are created (including the |
| // one opened in new windows). |
| // |
| // This policy does not decide which pages are to be opened on start up. Those |
| // are controlled by the RestoreOnStartup policies. Yet this policy does affect |
| // the Home Page if that is set to open the New Tab page, as well as the startup |
| // page if that is set to open the New Tab page. |
| // |
| // If the policy is not set or left empty the default new tab page is used. |
| // |
| // This policy is available only on Windows instances that are joined to a |
| // Microsoft® Active Directory® domain. or Windows 10 Pro or Enterprise |
| // instances that enrolled for device management. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message NewTabPageLocationProto { |
| optional PolicyOptions policy_options = 1; |
| optional string NewTabPageLocation = 2; |
| } |
| |
| // Set Google Chrome as Default Browser |
| // |
| // Configures the default browser checks in Google Chrome and prevents users |
| // from changing them. |
| // |
| // If you enable this setting, Google Chrome will always check on startup |
| // whether it is the default browser and automatically register itself if |
| // possible. |
| // |
| // If this setting is disabled, Google Chrome will never check if it is the |
| // default browser and will disable user controls for setting this option. |
| // |
| // If this setting is not set, Google Chrome will allow the user to control |
| // whether it is the default browser and whether user notifications should be |
| // shown when it isn't. |
| // |
| // Note for administrators of Microsoft® Windows: Enabling this setting will |
| // only work for machines running Windows 7. For versions of Windows starting |
| // with Windows 8, you must deploy a "default application associations" file |
| // that makes Google Chrome the handler for the https and http protocols (and, |
| // optionally, the ftp protocol and file formats such as .html, .htm, .pdf, |
| // .svg, .webp, etc...). See |
| // https://support.google.com/chrome?p=make_chrome_default_win for more |
| // information. |
| // |
| // Supported on: linux, mac, win |
| message DefaultBrowserSettingEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool DefaultBrowserSettingEnabled = 2; |
| } |
| |
| // Application locale |
| // |
| // Configures the application locale in Google Chrome and prevents users from |
| // changing the locale. |
| // |
| // If you enable this setting, Google Chrome uses the specified locale. If the |
| // configured locale is not supported, 'en-US' is used instead. |
| // |
| // If this setting is disabled or not set, Google Chrome uses either the user- |
| // specified preferred locale (if configured), the system locale or the fallback |
| // locale 'en-US'. |
| // |
| // Supported on: win |
| message ApplicationLocaleValueProto { |
| optional PolicyOptions policy_options = 1; |
| optional string ApplicationLocaleValue = 2; |
| } |
| |
| // Enable alternate error pages |
| // |
| // Enables the use of alternate error pages that are built into Google Chrome |
| // (such as 'page not found') and prevents users from changing this setting. |
| // |
| // If you enable this setting, alternate error pages are used. |
| // |
| // If you disable this setting, alternate error pages are never used. |
| // |
| // If you enable or disable this setting, users cannot change or override this |
| // setting in Google Chrome. |
| // |
| // If this policy is left not set, this will be enabled but the user will be |
| // able to change it. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message AlternateErrorPagesEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool AlternateErrorPagesEnabled = 2; |
| } |
| |
| // Enable search suggestions |
| // |
| // Enables search suggestions in Google Chrome's omnibox and prevents users from |
| // changing this setting. |
| // |
| // If you enable this setting, search suggestions are used. |
| // |
| // If you disable this setting, search suggestions are never used. |
| // |
| // If you enable or disable this setting, users cannot change or override this |
| // setting in Google Chrome. |
| // |
| // If this policy is left not set, this will be enabled but the user will be |
| // able to change it. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message SearchSuggestEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool SearchSuggestEnabled = 2; |
| } |
| |
| // Enable network prediction |
| // |
| // This policy is deprecated in M48 in favor of NetworkPredictionOptions, and |
| // removed in M54. |
| // |
| // Enables network prediction in Google Chrome and prevents users from changing |
| // this setting. |
| // |
| // This controls not only DNS prefetching but also TCP and SSL preconnection and |
| // prerendering of web pages. The policy name refers to DNS prefetching for |
| // historical reasons. |
| // |
| // If you enable or disable this setting, users cannot change or override this |
| // setting in Google Chrome. |
| // |
| // If this policy is left not set, this will be enabled but the user will be |
| // able to change it. |
| // |
| // Supported on: |
| message DnsPrefetchingEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool DnsPrefetchingEnabled = 2; |
| } |
| |
| // Enable network prediction |
| // |
| // Enables network prediction in Google Chrome and prevents users from changing |
| // this setting. |
| // |
| // This controls DNS prefetching, TCP and SSL preconnection and prerendering of |
| // web pages. |
| // |
| // If you set this policy, users cannot change or override this setting in |
| // Google Chrome. |
| // |
| // If this policy is left not set, network prediction will be enabled but the |
| // user will be able to change it. |
| // |
| // Valid values: |
| // 0: Predict network actions on any network connection |
| // 1: Predict network actions on any network that is not cellular. |
| // (Deprecated in 50, removed in 52. After 52, if value 1 is set, it |
| // will be treated as 0 - predict network actions on any network connection.) |
| // 2: Do not predict network actions on any network connection |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message NetworkPredictionOptionsProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 NetworkPredictionOptions = 2; |
| } |
| |
| // Enable WPAD optimization |
| // |
| // Allows to turn off WPAD (Web Proxy Auto-Discovery) optimization in Google |
| // Chrome. |
| // |
| // If this policy is set to false, WPAD optimization is disabled causing Google |
| // Chrome to wait longer for DNS-based WPAD servers. If the policy is not set |
| // or is enabled, WPAD optimization is enabled. |
| // |
| // Independent of whether or how this policy is set, the WPAD optimization |
| // setting cannot be changed by users. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message WPADQuickCheckEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool WPADQuickCheckEnabled = 2; |
| } |
| |
| // Disable SPDY protocol |
| // |
| // This policy is deprecated in M53 and removed in M54, because SPDY/3.1 support |
| // is removed. |
| // |
| // Disables use of the SPDY protocol in Google Chrome. |
| // |
| // If this policy is enabled the SPDY protocol will not be available in Google |
| // Chrome. |
| // |
| // Setting this policy to disabled will allow the usage of SPDY. |
| // |
| // If this policy is left not set, SPDY will be available. |
| // |
| // Supported on: |
| message DisableSpdyProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool DisableSpdy = 2; |
| } |
| |
| // Disable URL protocol schemes |
| // |
| // This policy is deprecated, please use URLBlacklist instead. |
| // |
| // Disables the listed protocol schemes in Google Chrome. |
| // |
| // URLs using a scheme from this list will not load and can not be navigated to. |
| // |
| // If this policy is left not set or the list is empty all schemes will be |
| // accessible in Google Chrome. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message DisabledSchemesProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList DisabledSchemes = 2; |
| } |
| |
| // Enable HTTP/0.9 support on non-default ports |
| // |
| // This policy is deprecated, and slated for removal in Chrome 78, with no |
| // replacement. |
| // |
| // This policy enables HTTP/0.9 on ports other than 80 for HTTP and 443 for |
| // HTTPS. |
| // |
| // This policy is disabled by default, and if enabled, leaves users open to the |
| // security issue https://crbug.com/600352. |
| // |
| // This policy is intended to give enterprises a chance to migrate exising |
| // servers off of HTTP/0.9, and will be removed in the future. |
| // |
| // If this policy is not set, HTTP/0.9 will be disabled on non-default ports. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message Http09OnNonDefaultPortsEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool Http09OnNonDefaultPortsEnabled = 2; |
| } |
| |
| // Enable JavaScript |
| // |
| // This policy is deprecated, please use DefaultJavaScriptSetting instead. |
| // |
| // Can be used to disabled JavaScript in Google Chrome. |
| // |
| // If this setting is disabled, web pages cannot use JavaScript and the user |
| // cannot change that setting. |
| // |
| // If this setting is enabled or not set, web pages can use JavaScript but the |
| // user can change that setting. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message JavascriptEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool JavascriptEnabled = 2; |
| } |
| |
| // Enable Incognito mode |
| // |
| // This policy is deprecated. Please, use IncognitoModeAvailability instead. |
| // Enables Incognito mode in Google Chrome. |
| // |
| // If this setting is enabled or not configured, users can open web pages in |
| // incognito mode. |
| // |
| // If this setting is disabled, users cannot open web pages in incognito mode. |
| // |
| // If this policy is left not set, this will be enabled and the user will be |
| // able to use incognito mode. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message IncognitoEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool IncognitoEnabled = 2; |
| } |
| |
| // Incognito mode availability |
| // |
| // Specifies whether the user may open pages in Incognito mode in Google Chrome. |
| // |
| // If 'Enabled' is selected or the policy is left unset, pages may be opened in |
| // Incognito mode. |
| // |
| // If 'Disabled' is selected, pages may not be opened in Incognito mode. |
| // |
| // If 'Forced' is selected, pages may be opened ONLY in Incognito mode. |
| // |
| // Valid values: |
| // 0: Incognito mode available |
| // 1: Incognito mode disabled |
| // 2: Incognito mode forced |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message IncognitoModeAvailabilityProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 IncognitoModeAvailability = 2; |
| } |
| |
| // Disable saving browser history |
| // |
| // Disables saving browser history in Google Chrome and prevents users from |
| // changing this setting. |
| // |
| // If this setting is enabled, browsing history is not saved. This setting also |
| // disables tab syncing. |
| // |
| // If this setting is disabled or not set, browsing history is saved. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message SavingBrowserHistoryDisabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool SavingBrowserHistoryDisabled = 2; |
| } |
| |
| // Enable deleting browser and download history |
| // |
| // Enables deleting browser history and download history in Google Chrome and |
| // prevents users from changing this setting. |
| // |
| // Note that even with this policy disabled, the browsing and download history |
| // are not guaranteed to be retained: users may be able to edit or delete the |
| // history database files directly, and the browser itself may expire or archive |
| // any or all history items at any time. |
| // |
| // If this setting is enabled or not set, browsing and download history can be |
| // deleted. |
| // |
| // If this setting is disabled, browsing and download history cannot be deleted. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message AllowDeletingBrowserHistoryProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool AllowDeletingBrowserHistory = 2; |
| } |
| |
| // Allow Dinosaur Easter Egg Game |
| // |
| // Allow users to play dinosaur easter egg game when device is offline. |
| // |
| // If this policy is set to False, users will not be able to play the dinosaur |
| // easter egg game when device is offline. If this setting is set to True, users |
| // are allowed to play the dinosaur game. If this policy is not set, users are |
| // not allowed to play the dinosaur easter egg game on enrolled Chrome OS, but |
| // are allowed to play it under other circumstances. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message AllowDinosaurEasterEggProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool AllowDinosaurEasterEgg = 2; |
| } |
| |
| // Enable firewall traversal from remote access client |
| // |
| // This policy is no longer supported. |
| // Enables usage of STUN and relay servers when connecting to a remote client. |
| // |
| // If this setting is enabled, then this machine can discover and connect to |
| // remote host machines even if they are separated by a firewall. |
| // |
| // If this setting is disabled and outgoing UDP connections are filtered by the |
| // firewall, then this machine can only connect to host machines within the |
| // local network. |
| // |
| // Supported on: |
| message RemoteAccessClientFirewallTraversalProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool RemoteAccessClientFirewallTraversal = 2; |
| } |
| |
| // Configure the required domain name for remote access clients |
| // |
| // This policy is deprecated. Please use RemoteAccessHostClientDomainList |
| // instead. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message RemoteAccessHostClientDomainProto { |
| optional PolicyOptions policy_options = 1; |
| optional string RemoteAccessHostClientDomain = 2; |
| } |
| |
| // Configure the required domain names for remote access clients |
| // |
| // Configures the required client domain names that will be imposed on remote |
| // access clients and prevents users from changing it. |
| // |
| // If this setting is enabled, then only clients from one of the specified |
| // domains can connect to the host. |
| // |
| // If this setting is disabled or not set, then the default policy for the |
| // connection type is applied. For remote assistance, this allows clients from |
| // any domain to connect to the host; for anytime remote access, only the host |
| // owner can connect. |
| // |
| // This setting will override RemoteAccessHostClientDomain, if present. |
| // |
| // See also RemoteAccessHostDomainList. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message RemoteAccessHostClientDomainListProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList RemoteAccessHostClientDomainList = 2; |
| } |
| |
| // Enable firewall traversal from remote access host |
| // |
| // Enables usage of STUN servers when remote clients are trying to establish a |
| // connection to this machine. |
| // |
| // If this setting is enabled, then remote clients can discover and connect to |
| // this machines even if they are separated by a firewall. |
| // |
| // If this setting is disabled and outgoing UDP connections are filtered by the |
| // firewall, then this machine will only allow connections from client machines |
| // within the local network. |
| // |
| // If this policy is left not set the setting will be enabled. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message RemoteAccessHostFirewallTraversalProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool RemoteAccessHostFirewallTraversal = 2; |
| } |
| |
| // Configure the required domain name for remote access hosts |
| // |
| // This policy is deprecated. Please use RemoteAccessHostDomainList instead. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message RemoteAccessHostDomainProto { |
| optional PolicyOptions policy_options = 1; |
| optional string RemoteAccessHostDomain = 2; |
| } |
| |
| // Configure the required domain names for remote access hosts |
| // |
| // Configures the required host domain names that will be imposed on remote |
| // access hosts and prevents users from changing it. |
| // |
| // If this setting is enabled, then hosts can be shared only using accounts |
| // registered on one of the specified domain names. |
| // |
| // If this setting is disabled or not set, then hosts can be shared using any |
| // account. |
| // |
| // This setting will override RemoteAccessHostDomain, if present. |
| // |
| // See also RemoteAccessHostClientDomainList. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message RemoteAccessHostDomainListProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList RemoteAccessHostDomainList = 2; |
| } |
| |
| // Enable two-factor authentication for remote access hosts |
| // |
| // Enables two-factor authentication for remote access hosts instead of a user- |
| // specified PIN. |
| // |
| // If this setting is enabled, then users must provide a valid two-factor code |
| // when accessing a host. |
| // |
| // If this setting is disabled or not set, then two-factor will not be enabled |
| // and the default behavior of having a user-defined PIN will be used. |
| // |
| // Supported on: |
| message RemoteAccessHostRequireTwoFactorProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool RemoteAccessHostRequireTwoFactor = 2; |
| } |
| |
| // Configure the TalkGadget prefix for remote access hosts |
| // |
| // Configures the TalkGadget prefix that will be used by remote access hosts and |
| // prevents users from changing it. |
| // |
| // If specified, this prefix is prepended to the base TalkGadget name to create |
| // a full domain name for the TalkGadget. The base TalkGadget domain name is |
| // '.talkgadget.google.com'. |
| // |
| // If this setting is enabled, then hosts will use the custom domain name when |
| // accessing the TalkGadget instead of the default domain name. |
| // |
| // If this setting is disabled or not set, then the default TalkGadget domain |
| // name ('chromoting-host.talkgadget.google.com') will be used for all hosts. |
| // |
| // Remote access clients are not affected by this policy setting. They will |
| // always use 'chromoting-client.talkgadget.google.com' to access the |
| // TalkGadget. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message RemoteAccessHostTalkGadgetPrefixProto { |
| optional PolicyOptions policy_options = 1; |
| optional string RemoteAccessHostTalkGadgetPrefix = 2; |
| } |
| |
| // Enable curtaining of remote access hosts |
| // |
| // Enables curtaining of remote access hosts while a connection is in progress. |
| // |
| // If this setting is enabled, then hosts' physical input and output devices are |
| // disabled while a remote connection is in progress. |
| // |
| // If this setting is disabled or not set, then both local and remote users can |
| // interact with the host when it is being shared. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message RemoteAccessHostRequireCurtainProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool RemoteAccessHostRequireCurtain = 2; |
| } |
| |
| // Enable or disable PIN-less authentication for remote access hosts |
| // |
| // If this setting is enabled or not configured, then users can opt to pair |
| // clients and hosts at connection time, eliminating the need to enter a PIN |
| // every time. |
| // |
| // If this setting is disabled, then this feature will not be available. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message RemoteAccessHostAllowClientPairingProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool RemoteAccessHostAllowClientPairing = 2; |
| } |
| |
| // Allow gnubby authentication for remote access hosts |
| // |
| // If this setting is enabled, then gnubby authentication requests will be |
| // proxied across a remote host connection. |
| // |
| // If this setting is disabled or not configured, gnubby authentication requests |
| // will not be proxied. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message RemoteAccessHostAllowGnubbyAuthProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool RemoteAccessHostAllowGnubbyAuth = 2; |
| } |
| |
| // Enable the use of relay servers by the remote access host |
| // |
| // Enables usage of relay servers when remote clients are trying to establish a |
| // connection to this machine. |
| // |
| // If this setting is enabled, then remote clients can use relay servers to |
| // connect to this machine when a direct connection is not available (e.g. due |
| // to firewall restrictions). |
| // |
| // Note that if the policy RemoteAccessHostFirewallTraversal is disabled, this |
| // policy will be ignored. |
| // |
| // If this policy is left not set the setting will be enabled. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message RemoteAccessHostAllowRelayedConnectionProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool RemoteAccessHostAllowRelayedConnection = 2; |
| } |
| |
| // Restrict the UDP port range used by the remote access host |
| // |
| // Restricts the UDP port range used by the remote access host in this machine. |
| // |
| // If this policy is left not set, or if it is set to an empty string, the |
| // remote access host will be allowed to use any available port, unless the |
| // policy RemoteAccessHostFirewallTraversal is disabled, in which case the |
| // remote access host will use UDP ports in the 12400-12409 range. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message RemoteAccessHostUdpPortRangeProto { |
| optional PolicyOptions policy_options = 1; |
| optional string RemoteAccessHostUdpPortRange = 2; |
| } |
| |
| // Require that the name of the local user and the remote access host owner |
| // match |
| // |
| // If this setting is enabled, then the remote access host compares the name of |
| // the local user (that the host is associated with) and the name of the Google |
| // account registered as the host owner (i.e. "johndoe" if the host is owned by |
| // "johndoe@example.com" Google account). The remote access host will not start |
| // if the name of the host owner is different from the name of the local user |
| // that the host is associated with. RemoteAccessHostMatchUsername policy |
| // should be used together with RemoteAccessHostDomain to also enforce that the |
| // Google account of the host owner is associated with a specific domain (i.e. |
| // "example.com"). |
| // |
| // If this setting is disabled or not set, then the remote access host can be |
| // associated with any local user. |
| // |
| // Supported on: chrome_os, linux, mac |
| message RemoteAccessHostMatchUsernameProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool RemoteAccessHostMatchUsername = 2; |
| } |
| |
| // URL where remote access clients should obtain their authentication token |
| // |
| // If this policy is set, the remote access host will require authenticating |
| // clients to obtain an authentication token from this URL in order to connect. |
| // Must be used in conjunction with RemoteAccessHostTokenValidationUrl. |
| // |
| // This feature is currently disabled server-side. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message RemoteAccessHostTokenUrlProto { |
| optional PolicyOptions policy_options = 1; |
| optional string RemoteAccessHostTokenUrl = 2; |
| } |
| |
| // URL for validating remote access client authentication token |
| // |
| // If this policy is set, the remote access host will use this URL to validate |
| // authentication tokens from remote access clients, in order to accept |
| // connections. Must be used in conjunction with RemoteAccessHostTokenUrl. |
| // |
| // This feature is currently disabled server-side. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message RemoteAccessHostTokenValidationUrlProto { |
| optional PolicyOptions policy_options = 1; |
| optional string RemoteAccessHostTokenValidationUrl = 2; |
| } |
| |
| // Client certificate for connecting to RemoteAccessHostTokenValidationUrl |
| // |
| // If this policy is set, the host will use a client certificate with the given |
| // issuer CN to authenticate to RemoteAccessHostTokenValidationUrl. Set it to |
| // "*" to use any available client certificate. |
| // |
| // This feature is currently disabled server-side. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message RemoteAccessHostTokenValidationCertificateIssuerProto { |
| optional PolicyOptions policy_options = 1; |
| optional string RemoteAccessHostTokenValidationCertificateIssuer = 2; |
| } |
| |
| // Policy overrides for Debug builds of the remote access host |
| // |
| // Overrides policies on Debug builds of the remote access host. |
| // |
| // The value is parsed as a JSON dictionary of policy name to policy value |
| // mappings. |
| // |
| // Supported on: |
| message RemoteAccessHostDebugOverridePoliciesProto { |
| optional PolicyOptions policy_options = 1; |
| optional string RemoteAccessHostDebugOverridePolicies = 2; |
| } |
| |
| // Allow remote users to interact with elevated windows in remote assistance |
| // sessions |
| // |
| // If this setting is enabled, the remote assistance host will be run in a |
| // process with uiAccess permissions. This will allow remote users to interact |
| // with elevated windows on the local user's desktop. |
| // |
| // If this setting is disabled or not configured, the remote assistance host |
| // will run in the user's context and remote users cannot interact with elevated |
| // windows on the desktop. |
| // |
| // Supported on: win |
| message RemoteAccessHostAllowUiAccessForRemoteAssistanceProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool RemoteAccessHostAllowUiAccessForRemoteAssistance = 2; |
| } |
| |
| // Allow remote access users to transfer files to/from the host |
| // |
| // Controls the ability of a user connected to a remote access host to transfer |
| // files between the client and the host. This does not apply to remote |
| // assistance connections, which do not support file transfer. |
| // |
| // If this setting is disabled, file transfer will not be allowed. If this |
| // setting is enabled or not set, file transfer will be allowed. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message RemoteAccessHostAllowFileTransferProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool RemoteAccessHostAllowFileTransfer = 2; |
| } |
| |
| // Enable printing |
| // |
| // Enables printing in Google Chrome and prevents users from changing this |
| // setting. |
| // |
| // If this setting is enabled or not configured, users can print. |
| // |
| // If this setting is disabled, users cannot print from Google Chrome. Printing |
| // is disabled in the wrench menu, extensions, JavaScript applications, etc. It |
| // is still possible to print from plugins that bypass Google Chrome while |
| // printing. For example, certain Flash applications have the print option in |
| // their context menu, which is not covered by this policy. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message PrintingEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool PrintingEnabled = 2; |
| } |
| |
| // Enable Google Cloud Print proxy |
| // |
| // Enables Google Chrome to act as a proxy between Google Cloud Print and legacy |
| // printers connected to the machine. |
| // |
| // If this setting is enabled or not configured, users can enable the cloud |
| // print proxy by authentication with their Google account. |
| // |
| // If this setting is disabled, users cannot enable the proxy, and the machine |
| // will not be allowed to share it's printers with Google Cloud Print. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message CloudPrintProxyEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool CloudPrintProxyEnabled = 2; |
| } |
| |
| // Restrict printing color mode |
| // |
| // Sets printing to color only, monochrome only or no color mode restriction. |
| // Unset policy is treated as no restriction. |
| // |
| // Valid values: |
| // any: Allow all color modes |
| // color: Color printing only |
| // monochrome: Monochrome printing only |
| // |
| // Supported on: chrome_os |
| message PrintingAllowedColorModesProto { |
| optional PolicyOptions policy_options = 1; |
| optional string PrintingAllowedColorModes = 2; |
| } |
| |
| // Restrict printing duplex mode |
| // |
| // Restricts printing duplex mode. Unset policy and empty set are treated as no |
| // restriction. |
| // |
| // Valid values: |
| // any: Allow all duplex modes |
| // simplex: Simplex printing only |
| // duplex: Duplex printing only |
| // |
| // Supported on: chrome_os |
| message PrintingAllowedDuplexModesProto { |
| optional PolicyOptions policy_options = 1; |
| optional string PrintingAllowedDuplexModes = 2; |
| } |
| |
| // Restrict PIN printing mode |
| // |
| // Restricts PIN printing mode. Unset policy is treated as no restriction. If |
| // the mode is unavailable this policy is ignored. Note that PIN printing |
| // feature is enabled only for printers that use one of IPPS, USB or IPP-over- |
| // USB protocols |
| // |
| // Valid values: |
| // any: Allow printing both with and without PIN |
| // pin: Allow printing only with PIN |
| // no_pin: Allow printing only without PIN |
| // |
| // Supported on: chrome_os |
| message PrintingAllowedPinModesProto { |
| optional PolicyOptions policy_options = 1; |
| optional string PrintingAllowedPinModes = 2; |
| } |
| |
| // Restrict printing page size |
| // |
| // Restricts printing page size. Unset policy and empty set are treated as no |
| // restriction. |
| // |
| // Value schema: |
| // { |
| // "items": { |
| // "properties": { |
| // "HeightUm": { |
| // "description": "Height of the page in micrometers", |
| // "type": "integer" |
| // }, |
| // "WidthUm": { |
| // "description": "Width of the page in micrometers", |
| // "type": "integer" |
| // } |
| // }, |
| // "required": [ |
| // "WidthUm", |
| // "HeightUm" |
| // ], |
| // "type": "object" |
| // }, |
| // "type": "array" |
| // } |
| // |
| // Supported on: chrome_os |
| message PrintingAllowedPageSizesProto { |
| optional PolicyOptions policy_options = 1; |
| optional string PrintingAllowedPageSizes = 2; |
| } |
| |
| // Default printing color mode |
| // |
| // Overrides default printing color mode. If the mode is unavailable this policy |
| // is ignored. |
| // |
| // Valid values: |
| // color: Enable color printing |
| // monochrome: Enable monochrome printing |
| // |
| // Supported on: chrome_os |
| message PrintingColorDefaultProto { |
| optional PolicyOptions policy_options = 1; |
| optional string PrintingColorDefault = 2; |
| } |
| |
| // Default printing duplex mode |
| // |
| // Overrides default printing duplex mode. If the mode is unavailable this |
| // policy is ignored. |
| // |
| // Valid values: |
| // simplex: Enable simplex printing |
| // short-edge: Enable short edge duplex printing |
| // long-edge: Enable long edge duplex printing |
| // |
| // Supported on: chrome_os |
| message PrintingDuplexDefaultProto { |
| optional PolicyOptions policy_options = 1; |
| optional string PrintingDuplexDefault = 2; |
| } |
| |
| // Default PIN printing mode |
| // |
| // Overrides default PIN printing mode. If the mode is unavailable this policy |
| // is ignored. |
| // |
| // Valid values: |
| // pin: Enable PIN printing by default |
| // no_pin: Disable PIN printing by default |
| // |
| // Supported on: chrome_os |
| message PrintingPinDefaultProto { |
| optional PolicyOptions policy_options = 1; |
| optional string PrintingPinDefault = 2; |
| } |
| |
| // Default printing page size |
| // |
| // Overrides default printing page size. If the page size is unavailable this |
| // policy is ignored. |
| // |
| // Value schema: |
| // { |
| // "properties": { |
| // "HeightUm": { |
| // "description": "Height of the page in micrometers", |
| // "type": "integer" |
| // }, |
| // "WidthUm": { |
| // "description": "Width of the page in micrometers", |
| // "type": "integer" |
| // } |
| // }, |
| // "required": [ |
| // "WidthUm", |
| // "HeightUm" |
| // ], |
| // "type": "object" |
| // } |
| // |
| // Supported on: chrome_os |
| message PrintingSizeDefaultProto { |
| optional PolicyOptions policy_options = 1; |
| optional string PrintingSizeDefault = 2; |
| } |
| |
| // Send username and filename to native printers |
| // |
| // Send username and filename to native printers server with every print job. |
| // The default is not to send. |
| // |
| // Setting this policy to true also disables printers that use protocols other |
| // than IPPS, USB, or IPP-over-USB since username and filename shouldn't be sent |
| // over the network openly. |
| // |
| // Supported on: chrome_os |
| message PrintingSendUsernameAndFilenameEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool PrintingSendUsernameAndFilenameEnabled = 2; |
| } |
| |
| // Force SafeSearch |
| // |
| // This policy is deprecated, please use ForceGoogleSafeSearch and |
| // ForceYouTubeRestrict instead. This policy is ignored if either the |
| // ForceGoogleSafeSearch, the ForceYouTubeRestrict or the (deprecated) |
| // ForceYouTubeSafetyMode policies are set. |
| // |
| // Forces queries in Google Web Search to be done with SafeSearch set to active |
| // and prevents users from changing this setting. This setting also forces |
| // Moderate Restricted Mode on YouTube. |
| // |
| // If you enable this setting, SafeSearch in Google Search and Moderate |
| // Restricted Mode YouTube is always active. |
| // |
| // If you disable this setting or do not set a value, SafeSearch in Google |
| // Search and Restricted Mode in YouTube is not enforced. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message ForceSafeSearchProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ForceSafeSearch = 2; |
| } |
| |
| // Force Google SafeSearch |
| // |
| // Forces queries in Google Web Search to be done with SafeSearch set to active |
| // and prevents users from changing this setting. |
| // |
| // If you enable this setting, SafeSearch in Google Search is always active. |
| // |
| // If you disable this setting or do not set a value, SafeSearch in Google |
| // Search is not enforced. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message ForceGoogleSafeSearchProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ForceGoogleSafeSearch = 2; |
| } |
| |
| // Force YouTube Safety Mode |
| // |
| // This policy is deprecated. Consider using ForceYouTubeRestrict, which |
| // overrides this policy and allows more fine-grained tuning. |
| // |
| // Forces YouTube Moderate Restricted Mode and prevents users from changing this |
| // setting. |
| // |
| // If this setting is enabled, Restricted Mode on YouTube is always enforced to |
| // be at least Moderate. |
| // |
| // If this setting is disabled or no value is set, Restricted Mode on YouTube is |
| // not enforced by Google Chrome. External policies such as YouTube policies |
| // might still enforce Restricted Mode, though. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message ForceYouTubeSafetyModeProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ForceYouTubeSafetyMode = 2; |
| } |
| |
| // Force minimum YouTube Restricted Mode |
| // |
| // Enforces a minimum Restricted Mode on YouTube and prevents users from |
| // picking a less restricted mode. |
| // |
| // If this setting is set to Strict, Strict Restricted Mode on YouTube is always |
| // active. |
| // |
| // If this setting is set to Moderate, the user may only pick Moderate |
| // Restricted Mode |
| // and Strict Restricted Mode on YouTube, but cannot disable Restricted Mode. |
| // |
| // If this setting is set to Off or no value is set, Restricted Mode on YouTube |
| // is not enforced by Google Chrome. External policies such as YouTube policies |
| // might still enforce Restricted Mode, though. |
| // |
| // Valid values: |
| // 0: Do not enforce Restricted Mode on YouTube |
| // 1: Enforce at least Moderate Restricted Mode on YouTube |
| // 2: Enforce Strict Restricted Mode for YouTube |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message ForceYouTubeRestrictProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 ForceYouTubeRestrict = 2; |
| } |
| |
| // Enable Safe Browsing |
| // |
| // Enables Google Chrome's Safe Browsing feature and prevents users from |
| // changing this setting. |
| // |
| // If you enable this setting, Safe Browsing is always active. |
| // |
| // If you disable this setting, Safe Browsing is never active. |
| // |
| // If you enable or disable this setting, users cannot change or override the |
| // "Enable phishing and malware protection" setting in Google Chrome. |
| // |
| // If this policy is left not set, this will be enabled but the user will be |
| // able to change it. |
| // |
| // See https://developers.google.com/safe-browsing for more info on Safe |
| // Browsing. |
| // |
| // This policy is available only on Windows instances that are joined to a |
| // Microsoft® Active Directory® domain. or Windows 10 Pro or Enterprise |
| // instances that enrolled for device management. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message SafeBrowsingEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool SafeBrowsingEnabled = 2; |
| } |
| |
| // Enable reporting of usage and crash-related data |
| // |
| // Enables anonymous reporting of usage and crash-related data about Google |
| // Chrome to Google and prevents users from changing this setting. |
| // |
| // If this setting is enabled, anonymous reporting of usage and crash-related |
| // data is sent to Google. If it is disabled, this information is not sent |
| // to Google. In both cases, users cannot change or override the setting. |
| // If this policy is left not set, the setting will be what the user chose |
| // upon installation / first run. |
| // |
| // This policy is available only on Windows instances that are joined to a |
| // Microsoft® Active Directory® domain. or Windows 10 Pro or Enterprise |
| // instances that enrolled for device management. |
| // (For Chrome OS, see DeviceMetricsReportingEnabled.) |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message MetricsReportingEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool MetricsReportingEnabled = 2; |
| } |
| |
| // Enable saving passwords to the password manager |
| // |
| // If this setting is enabled, users can have Google Chrome memorize passwords |
| // and provide them automatically the next time they log in to a site. |
| // |
| // If this settings is disabled, users cannot save new passwords but they |
| // may still use passwords that have been saved previously. |
| // |
| // If this policy is enabled or disabled, users cannot change or override it in |
| // Google Chrome. If this policy is unset, password saving is allowed (but can |
| // be turned off by the user). |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message PasswordManagerEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool PasswordManagerEnabled = 2; |
| } |
| |
| // Allow users to show passwords in Password Manager (deprecated) |
| // |
| // The associated setting was used before reauthentication on viewing passwords |
| // was introduced. Since then, the setting and hence this policy had no effect |
| // on the behavior of Chrome. The current behavior of Chrome is now the same as |
| // if the policy was set to disable showing passwords in clear text in the |
| // password manager settings page. That means that the settings page contains |
| // just a placeholder, and only upon the user clicking "Show" (and |
| // reauthenticating, if applicable) Chrome shows the password. Original |
| // description of the policy follows below. |
| // |
| // Controls whether the user may show passwords in clear text in the password |
| // manager. |
| // |
| // If you disable this setting, the password manager does not allow showing |
| // stored passwords in clear text in the password manager window. |
| // |
| // If you enable or do not set this policy, users can view their passwords in |
| // clear text in the password manager. |
| // |
| // Supported on: |
| message PasswordManagerAllowShowPasswordsProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool PasswordManagerAllowShowPasswords = 2; |
| } |
| |
| // Enable AutoFill |
| // |
| // This policy is deprecated in M70, please use AutofillAddressEnabled and |
| // AutofillCreditCardEnabled instead. |
| // |
| // Enables Google Chrome's AutoFill feature and allows users to auto complete |
| // web forms using previously stored information such as address or credit card |
| // information. |
| // |
| // If you disable this setting, AutoFill will be inaccessible to users. |
| // |
| // If you enable this setting or do not set a value, AutoFill will remain under |
| // the control of the user. This will allow them to configure AutoFill profiles |
| // and to switch AutoFill on or off at their own discretion. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message AutoFillEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool AutoFillEnabled = 2; |
| } |
| |
| // Enable AutoFill for addresses |
| // |
| // Enables Google Chrome's AutoFill feature and allows users to auto complete |
| // address information in web forms using previously stored information. |
| // |
| // If this setting is disabled, Autofill will never suggest, or fill address |
| // information, nor will it save additional address information that the user |
| // might submit while browsing the web. |
| // |
| // If this setting is enabled or has no value, the user will be able to control |
| // Autofill for addresses in the UI. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message AutofillAddressEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool AutofillAddressEnabled = 2; |
| } |
| |
| // Enable AutoFill for credit cards |
| // |
| // Enables Google Chrome's AutoFill feature and allows users to auto complete |
| // credit card information in web forms using previously stored information. |
| // |
| // If this setting is disabled, Autofill will never suggest, or fill credit card |
| // information, nor will it save additional credit card information that the |
| // user might submit while browsing the web. |
| // |
| // If this setting is enabled or has no value, the user will be able to control |
| // Autofill for credit cards in the UI. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message AutofillCreditCardEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool AutofillCreditCardEnabled = 2; |
| } |
| |
| // Specify a list of disabled plugins |
| // |
| // This policy is deprecated. Please use the DefaultPluginsSetting to control |
| // the avalability of the Flash plugin and AlwaysOpenPdfExternally to control |
| // whether the integrated PDF viewer should be used for opening PDF files. |
| // |
| // Specifies a list of plugins that are disabled in Google Chrome and prevents |
| // users from changing this setting. |
| // |
| // The wildcard characters '*' and '?' can be used to match sequences of |
| // arbitrary characters. '*' matches an arbitrary number of characters while '?' |
| // specifies an optional single character, i.e. matches zero or one characters. |
| // The escape character is '\', so to match actual '*', '?', or '\' characters, |
| // you can put a '\' in front of them. |
| // |
| // If you enable this setting, the specified list of plugins is never used in |
| // Google Chrome. The plugins are marked as disabled in 'about:plugins' and |
| // users cannot enable them. |
| // |
| // Note that this policy can be overridden by EnabledPlugins and |
| // DisabledPluginsExceptions. |
| // |
| // If this policy is left not set the user can use any plugin installed on the |
| // system except for hard-coded incompatible, outdated or dangerous plugins. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message DisabledPluginsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList DisabledPlugins = 2; |
| } |
| |
| // Specify a list of enabled plugins |
| // |
| // This policy is deprecated. Please use the DefaultPluginsSetting to control |
| // the avalability of the Flash plugin and AlwaysOpenPdfExternally to control |
| // whether the integrated PDF viewer should be used for opening PDF files. |
| // |
| // Specifies a list of plugins that are enabled in Google Chrome and prevents |
| // users from changing this setting. |
| // |
| // The wildcard characters '*' and '?' can be used to match sequences of |
| // arbitrary characters. '*' matches an arbitrary number of characters while '?' |
| // specifies an optional single character, i.e. matches zero or one characters. |
| // The escape character is '\', so to match actual '*', '?', or '\' characters, |
| // you can put a '\' in front of them. |
| // |
| // The specified list of plugins is always used in Google Chrome if they are |
| // installed. The plugins are marked as enabled in 'about:plugins' and users |
| // cannot disable them. |
| // |
| // Note that this policy overrides both DisabledPlugins and |
| // DisabledPluginsExceptions. |
| // |
| // If this policy is left not set the user can disable any plugin installed on |
| // the system. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message EnabledPluginsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList EnabledPlugins = 2; |
| } |
| |
| // Specify a list of plugins that the user can enable or disable |
| // |
| // This policy is deprecated. Please use the DefaultPluginsSetting to control |
| // the avalability of the Flash plugin and AlwaysOpenPdfExternally to control |
| // whether the integrated PDF viewer should be used for opening PDF files. |
| // |
| // Specifies a list of plugins that user can enable or disable in Google Chrome. |
| // |
| // The wildcard characters '*' and '?' can be used to match sequences of |
| // arbitrary characters. '*' matches an arbitrary number of characters while '?' |
| // specifies an optional single character, i.e. matches zero or one characters. |
| // The escape character is '\', so to match actual '*', '?', or '\' characters, |
| // you can put a '\' in front of them. |
| // |
| // If you enable this setting, the specified list of plugins can be used in |
| // Google Chrome. Users can enable or disable them in 'about:plugins', even if |
| // the plugin also matches a pattern in DisabledPlugins. Users can also enable |
| // and disable plugins that don't match any patterns in DisabledPlugins, |
| // DisabledPluginsExceptions and EnabledPlugins. |
| // |
| // This policy is meant to allow for strict plugin blacklisting where the |
| // 'DisabledPlugins' list contains wildcarded entries like disable all plugins |
| // '*' or disable all Java plugins '*Java*' but the administrator wishes to |
| // enable some particular version like 'IcedTea Java 2.3'. This particular |
| // versions can be specified in this policy. |
| // |
| // Note that both the plugin name and the plugin's group name have to be |
| // exempted. Each plugin group is shown in a separate section in about:plugins; |
| // each section may have one or more plugins. For example, the "Shockwave Flash" |
| // plugin belongs to the "Adobe Flash Player" group, and both names have to have |
| // a match in the exceptions list if that plugin is to be exempted from the |
| // blacklist. |
| // |
| // If this policy is left not set any plugin that matches the patterns in the |
| // 'DisabledPlugins' will be locked disabled and the user won't be able to |
| // enable them. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message DisabledPluginsExceptionsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList DisabledPluginsExceptions = 2; |
| } |
| |
| // Always Open PDF files externally |
| // |
| // Disables the internal PDF viewer in Google Chrome. Instead it treats it as |
| // download and allows the user to open PDF files with the default application. |
| // |
| // If this policy is left not set or disabled the PDF plugin will be used to |
| // open PDF files unless the user disables it. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message AlwaysOpenPdfExternallyProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool AlwaysOpenPdfExternally = 2; |
| } |
| |
| // Specify whether the plugin finder should be disabled (deprecated) |
| // |
| // This policy has been removed as of Google Chrome 64. |
| // |
| // Automatic search and installation of missing plugins is no longer supported. |
| // |
| // Supported on: |
| message DisablePluginFinderProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool DisablePluginFinder = 2; |
| } |
| |
| // Disable synchronization of data with Google |
| // |
| // Disables data synchronization in Google Chrome using Google-hosted |
| // synchronization services and prevents users from changing this setting. |
| // |
| // If you enable this setting, users cannot change or override this setting in |
| // Google Chrome. |
| // |
| // If this policy is left not set Google Sync will be available for the user to |
| // choose whether to use it or not. |
| // |
| // To fully disable Google Sync, it is recommended that you disable the Google |
| // Sync service in the Google Admin console. |
| // |
| // This policy should not be enabled when RoamingProfileSupportEnabled policy is |
| // set to enabled as that feature shares the same client side functionality. The |
| // Google-hosted synchronization is disabled in this case completely. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message SyncDisabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool SyncDisabled = 2; |
| } |
| |
| // Enable the creation of roaming copies for Google Chrome profile data |
| // |
| // If you enable this setting, the settings stored in Google Chrome profiles |
| // like bookmarks, autofill data, passwords, etc. will also be written to a file |
| // stored in the Roaming user profile folder or a location specified by the |
| // Administrator through the RoamingProfileLocation policy. Enabling this policy |
| // disables cloud sync. |
| // |
| // If this policy is disabled or left not set only the regular local profiles |
| // will be used. |
| // |
| // The SyncDisabled policy disables all data synchronization, overriding |
| // RoamingProfileSupportEnabled. |
| // |
| // Supported on: win |
| message RoamingProfileSupportEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool RoamingProfileSupportEnabled = 2; |
| } |
| |
| // Set the roaming profile directory |
| // |
| // Configures the directory that Google Chrome will use for storing the roaming |
| // copy of the profiles. |
| // |
| // If you set this policy, Google Chrome will use the provided directory to |
| // store the roaming copy of the profiles if the RoamingProfileSupportEnabled |
| // policy has been enabled. If the RoamingProfileSupportEnabled policy is |
| // disabled or left unset the value stored in this policy is not used. |
| // |
| // See https://www.chromium.org/administrators/policy-list-3/user-data- |
| // directory-variables for a list of variables that can be used. |
| // |
| // If this policy is left not set the default roaming profile path will be used. |
| // |
| // Supported on: win |
| message RoamingProfileLocationProto { |
| optional PolicyOptions policy_options = 1; |
| optional string RoamingProfileLocation = 2; |
| } |
| |
| // Allow sign in to Google Chrome |
| // |
| // This policy is deprecated, consider using BrowserSignin instead. |
| // |
| // Allows the user to sign in to Google Chrome. |
| // |
| // If you set this policy, you can configure whether a user is allowed to sign |
| // in to Google Chrome. Setting this policy to 'False' will prevent apps and |
| // extensions that use the chrome.identity API from functioning, so you may want |
| // to use SyncDisabled instead. |
| // |
| // Supported on: android, fuchsia, linux, mac, win |
| message SigninAllowedProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool SigninAllowed = 2; |
| } |
| |
| // Enable the old web-based signin flow |
| // |
| // This setting was named EnableWebBasedSignin prior to Chrome 42, and support |
| // for it will be removed entirely in Chrome 43. |
| // |
| // This setting is useful for enterprise customers who are using SSO solutions |
| // that are not compatible with the new inline signin flow yet. |
| // If you enable this setting, the old web-based signin flow would be used. |
| // If you disable this setting or leave it not set, the new inline signin flow |
| // would be used by default. Users may still enable the old web-based signin |
| // flow through the command line flag --enable-web-based-signin. |
| // |
| // The experimental setting will be removed in the future when the inline signin |
| // fully supports all SSO signin flows. |
| // |
| // Supported on: |
| message EnableDeprecatedWebBasedSigninProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool EnableDeprecatedWebBasedSignin = 2; |
| } |
| |
| // Set user data directory |
| // |
| // Configures the directory that Google Chrome will use for storing user data. |
| // |
| // If you set this policy, Google Chrome will use the provided directory |
| // regardless whether the user has specified the '--user-data-dir' flag or not. |
| // To avoid data loss or other unexpected errors this policy should not be set |
| // to a volume's root directory or to a directory used for other purposes, |
| // because Google Chrome manages its contents. |
| // |
| // See https://www.chromium.org/administrators/policy-list-3/user-data- |
| // directory-variables for a list of variables that can be used. |
| // |
| // If this policy is left not set the default profile path will be used and the |
| // user will be able to override it with the '--user-data-dir' command line |
| // flag. |
| // |
| // Supported on: mac, win |
| message UserDataDirProto { |
| optional PolicyOptions policy_options = 1; |
| optional string UserDataDir = 2; |
| } |
| |
| // Set disk cache directory |
| // |
| // Configures the directory that Google Chrome will use for storing cached files |
| // on the disk. |
| // |
| // If you set this policy, Google Chrome will use the provided directory |
| // regardless whether the user has specified the '--disk-cache-dir' flag or not. |
| // To avoid data loss or other unexpected errors this policy should not be set |
| // to a volume's root directory or to a directory used for other purposes, |
| // because Google Chrome manages its contents. |
| // |
| // See https://www.chromium.org/administrators/policy-list-3/user-data- |
| // directory-variables for a list of variables that can be used. |
| // |
| // If this policy is left not set the default cache directory will be used and |
| // the user will be able to override it with the '--disk-cache-dir' command line |
| // flag. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message DiskCacheDirProto { |
| optional PolicyOptions policy_options = 1; |
| optional string DiskCacheDir = 2; |
| } |
| |
| // Set disk cache size in bytes |
| // |
| // Configures the cache size that Google Chrome will use for storing cached |
| // files on the disk. |
| // |
| // If you set this policy, Google Chrome will use the provided cache size |
| // regardless whether the user has specified the '--disk-cache-size' flag or |
| // not. The value specified in this policy is not a hard boundary but rather a |
| // suggestion to the caching system, any value below a few megabytes is too |
| // small and will be rounded up to a sane minimum. |
| // |
| // If the value of this policy is 0, the default cache size will be used but the |
| // user will not be able to change it. |
| // |
| // If this policy is not set the default size will be used and the user will be |
| // able to override it with the --disk-cache-size flag. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message DiskCacheSizeProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 DiskCacheSize = 2; |
| } |
| |
| // Set media disk cache size in bytes |
| // |
| // Configures the cache size that Google Chrome will use for storing cached |
| // media files on the disk. |
| // |
| // If you set this policy, Google Chrome will use the provided cache size |
| // regardless whether the user has specified the '--media-cache-size' flag or |
| // not. The value specified in this policy is not a hard boundary but rather a |
| // suggestion to the caching system, any value below a few megabytes is too |
| // small and will be rounded up to a sane minimum. |
| // |
| // If the value of this policy is 0, the default cache size will be used but the |
| // user will not be able to change it. |
| // |
| // If this policy is not set the default size will be used and the user will be |
| // able to override it with the --media-cache-size flag. |
| // |
| // Supported on: |
| message MediaCacheSizeProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 MediaCacheSize = 2; |
| } |
| |
| // Allow download restrictions |
| // |
| // Configures the type of downloads that Google Chrome will completely block, |
| // without letting users override the security decision. |
| // |
| // If you set this policy, Google Chrome will prevent certain types of |
| // downloads, and won't let user bypass the security warnings. |
| // |
| // When the 'Block dangerous downloads' option is chosen, all downloads are |
| // allowed, except for those that carry Safe Browsing warnings. |
| // |
| // When the 'Block potentially dangerous downloads' option is chosen, all |
| // downloads allowed, except for those that carry Safe Browsing warnings of |
| // potentially dangerous downloads. |
| // |
| // When the 'Block all downloads' option is chosen, all downloads are blocked. |
| // |
| // When this policy is not set, (or the 'No special restrictions' option is |
| // chosen), the downloads will go through the usual security restrictions based |
| // on Safe Browsing analysis results. |
| // |
| // Note that these restrictions apply to downloads triggered from web page |
| // content, as well as the 'download link...' context menu option. These |
| // restrictions do not apply to the save / download of the currently displayed |
| // page, nor does it apply to saving as PDF from the printing options. |
| // |
| // See https://developers.google.com/safe-browsing for more info on Safe |
| // Browsing. |
| // |
| // Valid values: |
| // 0: No special restrictions |
| // 1: Block dangerous downloads |
| // 2: Block potentially dangerous downloads |
| // 3: Block all downloads |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message DownloadRestrictionsProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 DownloadRestrictions = 2; |
| } |
| |
| // Set download directory |
| // |
| // Configures the directory that Google Chrome will use for downloading files. |
| // |
| // If you set this policy, Google Chrome will use the provided directory |
| // regardless whether the user has specified one or enabled the flag to be |
| // prompted for download location every time. |
| // |
| // See https://www.chromium.org/administrators/policy-list-3/user-data- |
| // directory-variables for a list of variables that can be used. |
| // |
| // If this policy is left not set the default download directory will be used |
| // and the user will be able to change it. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message DownloadDirectoryProto { |
| optional PolicyOptions policy_options = 1; |
| optional string DownloadDirectory = 2; |
| } |
| |
| // Enable Safe Browsing for trusted sources |
| // |
| // Identify if Google Chrome can allow download without Safe Browsing checks |
| // when it's from a trusted source. |
| // |
| // When False, downloaded files will not be sent to be analyzed by Safe Browsing |
| // when it's from a trusted source. |
| // |
| // When not set (or set to True), downloaded files are sent to be analyzed by |
| // Safe Browsing, even when it's from a trusted source. |
| // |
| // Note that these restrictions apply to downloads triggered from web page |
| // content, as well as the 'download link...' context menu option. These |
| // restrictions do not apply to the save / download of the currently displayed |
| // page, nor does it apply to saving as PDF from the printing options. |
| // |
| // This policy is available only on Windows instances that are joined to a |
| // Microsoft® Active Directory® domain. or Windows 10 Pro or Enterprise |
| // instances that enrolled for device management. |
| // |
| // Supported on: win |
| message SafeBrowsingForTrustedSourcesEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool SafeBrowsingForTrustedSourcesEnabled = 2; |
| } |
| |
| // Clear site data on browser shutdown (deprecated) |
| // |
| // This policy has been retired as of Google Chrome version 29. |
| // |
| // Supported on: |
| message ClearSiteDataOnExitProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ClearSiteDataOnExit = 2; |
| } |
| |
| // Captive portal authentication ignores proxy |
| // |
| // This policy allows Google Chrome OS to bypass any proxy for captive portal |
| // authentication. |
| // |
| // This policy only takes effect if a proxy is configured (for example through |
| // policy, by the user in chrome://settings, or by extensions). |
| // |
| // If you enable this setting, any captive portal authentication pages (i.e. all |
| // web pages starting from captive portal signin page until Google Chrome |
| // detects successful internet connection) will be displayed in a separate |
| // window ignoring all policy settings and restrictions for the current user. |
| // |
| // If you disable this setting or leave it unset, any captive portal |
| // authentication pages will be shown in a (regular) new browser tab, using the |
| // current user's proxy settings. |
| // |
| // Supported on: chrome_os |
| message CaptivePortalAuthenticationIgnoresProxyProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool CaptivePortalAuthenticationIgnoresProxy = 2; |
| } |
| |
| // Choose how to specify proxy server settings |
| // |
| // Allows you to specify the proxy server used by Google Chrome and prevents |
| // users from changing proxy settings. |
| // |
| // This policy only takes effect if the ProxySettings policy has not been |
| // specified. |
| // |
| // If you choose to never use a proxy server and always connect directly, all |
| // other options are ignored. |
| // |
| // If you choose to use system proxy settings, all other options are ignored. |
| // |
| // If you choose to auto detect the proxy server, all other options are ignored. |
| // |
| // If you choose fixed server proxy mode, you can specify further options in |
| // 'Address or URL of proxy server' and 'Comma-separated list of proxy bypass |
| // rules'. Only the HTTP proxy server with the highest priority is available for |
| // ARC-apps. |
| // |
| // If you choose to use a .pac proxy script, you must specify the URL to the |
| // script in 'URL to a proxy .pac file'. |
| // |
| // For detailed examples, visit: |
| // https://www.chromium.org/developers/design-documents/network-settings#TOC- |
| // Command-line-options-for-proxy-sett. |
| // |
| // If you enable this setting, Google Chrome and ARC-apps ignore all proxy- |
| // related options specified from the command line. |
| // |
| // Leaving this policy not set will allow the users to choose the proxy settings |
| // on their own. |
| // |
| // Valid values: |
| // direct: Never use a proxy |
| // auto_detect: Auto detect proxy settings |
| // pac_script: Use a .pac proxy script |
| // fixed_servers: Use fixed proxy servers |
| // system: Use system proxy settings |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message ProxyModeProto { |
| optional PolicyOptions policy_options = 1; |
| optional string ProxyMode = 2; |
| } |
| |
| // Choose how to specify proxy server settings |
| // |
| // This policy is deprecated, use ProxyMode instead. |
| // |
| // Allows you to specify the proxy server used by Google Chrome and prevents |
| // users from changing proxy settings. |
| // |
| // This policy only takes effect if the ProxySettings policy has not been |
| // specified. |
| // |
| // If you choose to never use a proxy server and always connect directly, all |
| // other options are ignored. |
| // |
| // If you choose to use system proxy settings or auto detect the proxy server, |
| // all other options are ignored. |
| // |
| // If you choose manual proxy settings, you can specify further options in |
| // 'Address or URL of proxy server', 'URL to a proxy .pac file' and 'Comma- |
| // separated list of proxy bypass rules'. Only the HTTP proxy server with the |
| // highest priority is available for ARC-apps. |
| // |
| // For detailed examples, visit: |
| // https://www.chromium.org/developers/design-documents/network-settings#TOC- |
| // Command-line-options-for-proxy-sett. |
| // |
| // If you enable this setting, Google Chrome ignores all proxy-related options |
| // specified from the command line. |
| // |
| // Leaving this policy not set will allow the users to choose the proxy settings |
| // on their own. |
| // |
| // Valid values: |
| // 0: Never use a proxy |
| // 1: Auto detect proxy settings |
| // 2: Manually specify proxy settings |
| // 3: Use system proxy settings |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message ProxyServerModeProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 ProxyServerMode = 2; |
| } |
| |
| // Address or URL of proxy server |
| // |
| // You can specify the URL of the proxy server here. |
| // |
| // This policy only takes effect if you have selected manual proxy settings at |
| // 'Choose how to specify proxy server settings' and if the ProxySettings policy |
| // has not been specified. |
| // |
| // You should leave this policy not set if you have selected any other mode for |
| // setting proxy policies. |
| // |
| // For more options and detailed examples, visit: |
| // https://www.chromium.org/developers/design-documents/network-settings#TOC- |
| // Command-line-options-for-proxy-sett. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message ProxyServerProto { |
| optional PolicyOptions policy_options = 1; |
| optional string ProxyServer = 2; |
| } |
| |
| // URL to a proxy .pac file |
| // |
| // You can specify a URL to a proxy .pac file here. |
| // |
| // This policy only takes effect if you have selected manual proxy settings at |
| // 'Choose how to specify proxy server settings' and if the ProxySettings policy |
| // has not been specified. |
| // |
| // You should leave this policy not set if you have selected any other mode for |
| // setting proxy policies. |
| // |
| // For detailed examples, visit: |
| // https://www.chromium.org/developers/design-documents/network-settings#TOC- |
| // Command-line-options-for-proxy-sett. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message ProxyPacUrlProto { |
| optional PolicyOptions policy_options = 1; |
| optional string ProxyPacUrl = 2; |
| } |
| |
| // Proxy bypass rules |
| // |
| // Google Chrome will bypass any proxy for the list of hosts given here. |
| // |
| // This policy only takes effect if you have selected manual proxy settings at |
| // 'Choose how to specify proxy server settings' and if the ProxySettings policy |
| // has not been specified. |
| // |
| // You should leave this policy not set if you have selected any other mode for |
| // setting proxy policies. |
| // |
| // For more detailed examples, visit: |
| // https://www.chromium.org/developers/design-documents/network-settings#TOC- |
| // Command-line-options-for-proxy-sett. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message ProxyBypassListProto { |
| optional PolicyOptions policy_options = 1; |
| optional string ProxyBypassList = 2; |
| } |
| |
| // Proxy settings |
| // |
| // Configures the proxy settings for Google Chrome. These proxy settings will be |
| // available for ARC-apps too. |
| // |
| // If you enable this setting, Google Chrome and ARC-apps ignore all proxy- |
| // related options specified from the command line. |
| // |
| // Leaving this policy not set will allow the users to choose the proxy settings |
| // on their own. |
| // |
| // If the ProxySettings policy is set, it will override any of the individual |
| // policies ProxyMode, ProxyPacUrl, ProxyServer, ProxyBypassList and |
| // ProxyServerMode. |
| // |
| // The ProxyMode field allows you to specify the proxy server used by Google |
| // Chrome and prevents users from changing proxy settings. |
| // |
| // The ProxyPacUrl field is a URL to a proxy .pac file. |
| // |
| // The ProxyServer field is a URL of the proxy server. |
| // |
| // The ProxyBypassList field is a list of proxy hosts that Google Chrome will |
| // bypass. |
| // |
| // The ProxyServerMode field is deprecated in favor of the field 'ProxyMode'. It |
| // allows you to specify the proxy server used by Google Chrome and prevents |
| // users from changing proxy settings. |
| // |
| // If you choose the value 'direct' as 'ProxyMode', a proxy will never be used |
| // and all other fields will be ignored. |
| // |
| // If you choose the value 'system' as 'ProxyMode', the systems's proxy will be |
| // used and all other fields will be ignored. |
| // |
| // If you choose the value 'auto_detect' as 'ProxyMode', all other fields will |
| // be ignored. |
| // |
| // If you choose the value 'fixed_server' as 'ProxyMode', the 'ProxyServer' and |
| // 'ProxyBypassList' fields will be used. |
| // |
| // If you choose the value 'pac_script' as 'ProxyMode', the 'ProxyPacUrl' and |
| // 'ProxyBypassList' fields will be used. |
| // |
| // Value schema: |
| // { |
| // "properties": { |
| // "ProxyBypassList": { |
| // "type": "string" |
| // }, |
| // "ProxyMode": { |
| // "enum": [ |
| // "direct", |
| // "auto_detect", |
| // "pac_script", |
| // "fixed_servers", |
| // "system" |
| // ], |
| // "type": "string" |
| // }, |
| // "ProxyPacUrl": { |
| // "type": "string" |
| // }, |
| // "ProxyServer": { |
| // "type": "string" |
| // }, |
| // "ProxyServerMode": { |
| // "$ref": "ProxyServerMode" |
| // } |
| // }, |
| // "type": "object" |
| // } |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message ProxySettingsProto { |
| optional PolicyOptions policy_options = 1; |
| optional string ProxySettings = 2; |
| } |
| |
| // Supported authentication schemes |
| // |
| // Specifies which HTTP authentication schemes are supported by Google Chrome. |
| // |
| // Possible values are 'basic', 'digest', 'ntlm' and 'negotiate'. Separate |
| // multiple values with commas. |
| // |
| // If this policy is left not set, all four schemes will be used. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message AuthSchemesProto { |
| optional PolicyOptions policy_options = 1; |
| optional string AuthSchemes = 2; |
| } |
| |
| // Disable CNAME lookup when negotiating Kerberos authentication |
| // |
| // Specifies whether the generated Kerberos SPN is based on the canonical DNS |
| // name or the original name entered. |
| // |
| // If you enable this setting, CNAME lookup will be skipped and the server name |
| // will be used as entered. |
| // |
| // If you disable this setting or leave it not set, the canonical name of the |
| // server will be determined via CNAME lookup. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message DisableAuthNegotiateCnameLookupProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool DisableAuthNegotiateCnameLookup = 2; |
| } |
| |
| // Include non-standard port in Kerberos SPN |
| // |
| // Specifies whether the generated Kerberos SPN should include a non-standard |
| // port. |
| // |
| // If you enable this setting, and a non-standard port (i.e., a port other than |
| // 80 or 443) is entered, it will be included in the generated Kerberos SPN. |
| // |
| // If you disable this setting or leave it not set, the generated Kerberos SPN |
| // will not include a port in any case. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message EnableAuthNegotiatePortProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool EnableAuthNegotiatePort = 2; |
| } |
| |
| // Authentication server whitelist |
| // |
| // Specifies which servers should be whitelisted for integrated authentication. |
| // Integrated authentication is only enabled when Google Chrome receives an |
| // authentication challenge from a proxy or from a server which is in this |
| // permitted list. |
| // |
| // Separate multiple server names with commas. Wildcards (*) are allowed. |
| // |
| // If you leave this policy not set Google Chrome will try to detect if a server |
| // is on the Intranet and only then will it respond to IWA requests. If a |
| // server is detected as Internet then IWA requests from it will be ignored by |
| // Google Chrome. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, webview_android, win |
| message AuthServerWhitelistProto { |
| optional PolicyOptions policy_options = 1; |
| optional string AuthServerWhitelist = 2; |
| } |
| |
| // Kerberos delegation server whitelist |
| // |
| // Servers that Google Chrome may delegate to. |
| // |
| // Separate multiple server names with commas. Wildcards (*) are allowed. |
| // |
| // If you leave this policy not set Google Chrome will not delegate user |
| // credentials even if a server is detected as Intranet. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message AuthNegotiateDelegateWhitelistProto { |
| optional PolicyOptions policy_options = 1; |
| optional string AuthNegotiateDelegateWhitelist = 2; |
| } |
| |
| // Use KDC policy to delegate credentials. |
| // |
| // Controls whether approval by KDC policy is respected to decide whether to |
| // delegate Kerberos tickets. |
| // |
| // If this policy is true, HTTP authentication respects approval by KDC policy, |
| // i.e. Chrome only delegates credentials if the KDC sets OK-AS-DELEGATE on a |
| // service ticket. Please see https://tools.ietf.org/html/rfc5896.html for more |
| // information. Service should also match 'AuthNegotiateDelegateWhitelist' |
| // policy. |
| // |
| // If this policy is not set or set to false, KDC policy is ignored on supported |
| // platforms and 'AuthNegotiateDelegateWhitelist' policy only is respected. |
| // |
| // On Windows KDC policy is always respected. |
| // |
| // Supported on: chrome_os, linux, mac |
| message AuthNegotiateDelegateByKdcPolicyProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool AuthNegotiateDelegateByKdcPolicy = 2; |
| } |
| |
| // GSSAPI library name |
| // |
| // Specifies which GSSAPI library to use for HTTP authentication. You can set |
| // either just a library name, or a full path. |
| // |
| // If no setting is provided, Google Chrome will fall back to using a default |
| // library name. |
| // |
| // Supported on: linux |
| message GSSAPILibraryNameProto { |
| optional PolicyOptions policy_options = 1; |
| optional string GSSAPILibraryName = 2; |
| } |
| |
| // Account type for HTTP Negotiate authentication |
| // |
| // Specifies the account type of the accounts provided by the Android |
| // authentication app that supports HTTP Negotiate authentication (e.g. Kerberos |
| // authentication). This information should be available from the supplier of |
| // the authentication app. For more details see https://goo.gl/hajyfN. |
| // |
| // If no setting is provided, HTTP Negotiate authentication is disabled on |
| // Android. |
| // |
| // Supported on: android, webview_android |
| message AuthAndroidNegotiateAccountTypeProto { |
| optional PolicyOptions policy_options = 1; |
| optional string AuthAndroidNegotiateAccountType = 2; |
| } |
| |
| // Cross-origin HTTP Basic Auth prompts |
| // |
| // Controls whether third-party sub-content on a page is allowed to pop-up an |
| // HTTP Basic Auth dialog box. |
| // |
| // Typically this is disabled as a phishing defense. If this policy is not set, |
| // this is disabled and third-party sub-content will not be allowed to pop up a |
| // HTTP Basic Auth dialog box. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message AllowCrossOriginAuthPromptProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool AllowCrossOriginAuthPrompt = 2; |
| } |
| |
| // Enable NTLMv2 authentication. |
| // |
| // Controls whether NTLMv2 is enabled. |
| // |
| // All recent versions of Samba and Windows servers support NTLMv2. This should |
| // only be disabled for backwards compatibility and reduces the security of |
| // authentication. |
| // |
| // If this policy is not set, the default is true and NTLMv2 is enabled. |
| // |
| // Supported on: android, chrome_os, linux, mac, webview_android |
| message NtlmV2EnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool NtlmV2Enabled = 2; |
| } |
| |
| // Configure extension installation blacklist |
| // |
| // Allows you to specify which extensions the users can NOT install. Extensions |
| // already installed will be disabled if blacklisted, without a way for the user |
| // to enable them. Once an extension disabled due to the blacklist is removed |
| // from it, it will automatically get re-enabled. |
| // |
| // A blacklist value of '*' means all extensions are blacklisted unless they are |
| // explicitly listed in the whitelist. |
| // |
| // If this policy is left not set the user can install any extension in Google |
| // Chrome. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message ExtensionInstallBlacklistProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList ExtensionInstallBlacklist = 2; |
| } |
| |
| // Configure extension installation whitelist |
| // |
| // Allows you to specify which extensions are not subject to the blacklist. |
| // |
| // A blacklist value of * means all extensions are blacklisted and users can |
| // only install extensions listed in the whitelist. |
| // |
| // By default, all extensions are whitelisted, but if all extensions have been |
| // blacklisted by policy, the whitelist can be used to override that policy. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message ExtensionInstallWhitelistProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList ExtensionInstallWhitelist = 2; |
| } |
| |
| // Configure the list of force-installed apps and extensions |
| // |
| // Specifies a list of apps and extensions that are installed silently, |
| // without user interaction, and which cannot be uninstalled nor |
| // disabled by the user. All permissions requested by the |
| // apps/extensions are granted implicitly, without user interaction, |
| // including any additional permissions requested by future versions of |
| // the app/extension. Furthermore, permissions are granted for the |
| // enterprise.deviceAttributes and enterprise.platformKeys extension |
| // APIs. (These two APIs are not available to apps/extensions that are |
| // not force-installed.) |
| // |
| // This policy takes precedence over a potentially conflicting |
| // ExtensionInstallBlacklist policy. If an app or extension that previously had |
| // been force-installed is removed from this list, it is automatically |
| // uninstalled by Google Chrome. |
| // |
| // For Windows instances that are not joined to a Microsoft® Active Directory® |
| // domain, forced installation is limited to apps and extensions listed in the |
| // Chrome Web Store. |
| // |
| // Note that the source code of any extension may be altered by users via |
| // Developer Tools (potentially rendering the extension dysfunctional). If this |
| // is a concern, the DeveloperToolsDisabled policy should be set. |
| // |
| // Each list item of the policy is a string that contains an extension ID and, |
| // optionally, an "update" URL separated by a semicolon (;). The extension ID is |
| // the 32-letter string found e.g. on chrome://extensions when in developer |
| // mode. The "update" URL, if specified, should point to an Update Manifest XML |
| // document as described at https://developer.chrome.com/extensions/autoupdate. |
| // By default, the Chrome Web Store's update URL is used (which currently is |
| // "https://clients2.google.com/service/update2/crx"). Note that the "update" |
| // URL set in this policy is only used for the initial installation; subsequent |
| // updates of the extension employ the update URL indicated in the extension's |
| // manifest. Note also that specifying the "update" URL explicitly was mandatory |
| // in Google Chrome versions up to and including 67. |
| // |
| // For example, aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa;https://clients2.google.com/ser |
| // vice/update2/crx installs the extension with id |
| // aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa from the standard Chrome Web Store "update" |
| // URL. For more information about hosting extensions, see: |
| // https://developer.chrome.com/extensions/hosting. |
| // |
| // If this policy is left not set, no apps or extensions are installed |
| // automatically and the user can uninstall any app or extension in Google |
| // Chrome. |
| // |
| // Note that this policy doesn't apply to incognito mode. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message ExtensionInstallForcelistProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList ExtensionInstallForcelist = 2; |
| } |
| |
| // Configure extension, app, and user script install sources |
| // |
| // Allows you to specify which URLs are allowed to install extensions, apps, and |
| // themes. |
| // |
| // Starting in Google Chrome 21, it is more difficult to install extensions, |
| // apps, and user scripts from outside the Chrome Web Store. Previously, users |
| // could click on a link to a *.crx file, and Google Chrome would offer to |
| // install the file after a few warnings. After Google Chrome 21, such files |
| // must be downloaded and dragged onto the Google Chrome settings page. This |
| // setting allows specific URLs to have the old, easier installation flow. |
| // |
| // Each item in this list is an extension-style match pattern (see |
| // https://developer.chrome.com/extensions/match_patterns). Users will be able |
| // to easily install items from any URL that matches an item in this list. Both |
| // the location of the *.crx file and the page where the download is started |
| // from (i.e. the referrer) must be allowed by these patterns. |
| // |
| // ExtensionInstallBlacklist takes precedence over this policy. That is, an |
| // extension on the blacklist won't be installed, even if it happens from a site |
| // on this list. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message ExtensionInstallSourcesProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList ExtensionInstallSources = 2; |
| } |
| |
| // Allow insecure algorithms in integrity checks on extension updates and |
| // installs |
| // |
| // Google Chrome provides for the secure update and installation of extensions. |
| // However, the content of some extensions hosted outside of the Chrome Web |
| // Store may only be protected by insecure signing or hashing algorithms such as |
| // SHA1. When this policy is disabled, fresh installation of and updates to such |
| // extensions will not be permitted by Chrome (until the extension developers |
| // rebuild the extension with stronger algorithms). When this policy is enabled, |
| // installation and updates for such extensions will be permitted. |
| // |
| // This will default to the enabled behavior when unset. |
| // Starting in Google Chrome 76, this will default to the disabled behavior when |
| // unset. |
| // |
| // Starting in Google Chrome 78, this policy will be ignored and treated as |
| // disabled. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message ExtensionAllowInsecureUpdatesProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ExtensionAllowInsecureUpdates = 2; |
| } |
| |
| // Configure allowed app/extension types |
| // |
| // Controls which app/extension types are allowed to be installed and limits |
| // runtime access. |
| // |
| // This setting white-lists the allowed types of extension/apps that can be |
| // installed in Google Chrome and which hosts they can interact with. The value |
| // is a list of strings, each of which should be one of the following: |
| // "extension", "theme", "user_script", "hosted_app", "legacy_packaged_app", |
| // "platform_app". See the Google Chrome extensions documentation for more |
| // information on these types. |
| // |
| // Note that this policy also affects extensions and apps to be force-installed |
| // via ExtensionInstallForcelist. |
| // |
| // If this setting is configured, extensions/apps which have a type that is not |
| // on the list will not be installed. |
| // |
| // If this settings is left not-configured, no restrictions on the acceptable |
| // extension/app types are enforced. |
| // |
| // Prior to version 75 using multiple comma separated extension IDs is not |
| // supported and will be skipped. The rest of the policy will continue to apply. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message ExtensionAllowedTypesProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList ExtensionAllowedTypes = 2; |
| } |
| |
| // Extension management settings |
| // |
| // Configures extension management settings for Google Chrome. |
| // |
| // This policy controls multiple settings, including settings controlled by any |
| // existing extension-related policies. This policy will override any legacy |
| // policies if both are set. |
| // |
| // This policy maps an extension ID or an update URL to its configuration. With |
| // an extension ID, configuration will be applied to the specified extension |
| // only. A default configuration can be set for the special ID "*", which will |
| // apply to all extensions that don't have a custom configuration set in this |
| // policy. With an update URL, configuration will be applied to all extensions |
| // with the exact update URL stated in manifest of this extension, as described |
| // at https://developer.chrome.com/extensions/autoupdate. |
| // |
| // For Windows instances that are not joined to a Microsoft® Active Directory® |
| // domain, forced installation is limited to apps and extensions listed in the |
| // Chrome Web Store. |
| // |
| // Value schema: |
| // { |
| // "patternProperties": { |
| // "^[a-p]{32}(?:,[a-p]{32})*,?$": { |
| // "properties": { |
| // "allowed_permissions": { |
| // "$ref": "ListOfPermissions" |
| // }, |
| // "blocked_install_message": { |
| // "description": "text that will be displayed to the user |
| // in the chrome webstore if installation is blocked.", |
| // "type": "string" |
| // }, |
| // "blocked_permissions": { |
| // "id": "ListOfPermissions", |
| // "items": { |
| // "pattern": "^[a-z][a-zA-Z.]*$", |
| // "type": "string" |
| // }, |
| // "type": "array" |
| // }, |
| // "installation_mode": { |
| // "enum": [ |
| // "blocked", |
| // "allowed", |
| // "force_installed", |
| // "normal_installed", |
| // "removed" |
| // ], |
| // "type": "string" |
| // }, |
| // "minimum_version_required": { |
| // "pattern": "^[0-9]+([.][0-9]+)*$", |
| // "type": "string" |
| // }, |
| // "runtime_allowed_hosts": { |
| // "$ref": "ListOfUrlPatterns" |
| // }, |
| // "runtime_blocked_hosts": { |
| // "id": "ListOfUrlPatterns", |
| // "items": { |
| // "type": "string" |
| // }, |
| // "type": "array" |
| // }, |
| // "update_url": { |
| // "type": "string" |
| // } |
| // }, |
| // "type": "object" |
| // }, |
| // "^update_url:": { |
| // "properties": { |
| // "allowed_permissions": { |
| // "$ref": "ListOfPermissions" |
| // }, |
| // "blocked_permissions": { |
| // "$ref": "ListOfPermissions" |
| // }, |
| // "installation_mode": { |
| // "enum": [ |
| // "blocked", |
| // "allowed", |
| // "removed" |
| // ], |
| // "type": "string" |
| // } |
| // }, |
| // "type": "object" |
| // } |
| // }, |
| // "properties": { |
| // "*": { |
| // "properties": { |
| // "allowed_types": { |
| // "$ref": "ExtensionAllowedTypes" |
| // }, |
| // "blocked_install_message": { |
| // "type": "string" |
| // }, |
| // "blocked_permissions": { |
| // "$ref": "ListOfPermissions" |
| // }, |
| // "install_sources": { |
| // "$ref": "ExtensionInstallSources" |
| // }, |
| // "installation_mode": { |
| // "enum": [ |
| // "blocked", |
| // "allowed", |
| // "removed" |
| // ], |
| // "type": "string" |
| // }, |
| // "runtime_allowed_hosts": { |
| // "$ref": "ListOfUrlPatterns" |
| // }, |
| // "runtime_blocked_hosts": { |
| // "$ref": "ListOfUrlPatterns" |
| // } |
| // }, |
| // "type": "object" |
| // } |
| // }, |
| // "type": "object" |
| // } |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message ExtensionSettingsProto { |
| optional PolicyOptions policy_options = 1; |
| optional string ExtensionSettings = 2; |
| } |
| |
| // Merge extension install list policies from multiple sources |
| // |
| // Enables merging of the extension install list policies |
| // ExtensionInstallBlacklist, ExtensionInstallWhitelist and |
| // ExtensionInstallForcelist. |
| // |
| // If you enable this setting, the values from machine platform policy, machine |
| // cloud policy and user platform policy are merged into a single list and used |
| // as a whole instead of only using the values from the single source with |
| // highest priority. |
| // |
| // If you disable this setting or leave it unset, only list entries from the |
| // highest priority source are taken and all other sources are shown as |
| // conflicts but ignored. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message ExtensionInstallListsMergeEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ExtensionInstallListsMergeEnabled = 2; |
| } |
| |
| // Show Home button on toolbar |
| // |
| // Shows the Home button on Google Chrome's toolbar. |
| // |
| // If you enable this setting, the Home button is always shown. |
| // |
| // If you disable this setting, the Home button is never shown. |
| // |
| // If you enable or disable this setting, users cannot change or override this |
| // setting in Google Chrome. |
| // |
| // Leaving this policy not set will allow the user to choose whether to show the |
| // home button. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message ShowHomeButtonProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ShowHomeButton = 2; |
| } |
| |
| // Disable Developer Tools |
| // |
| // This policy is deprecated in M68, please use DeveloperToolsAvailability |
| // instead. |
| // |
| // Disables the Developer Tools and the JavaScript console. |
| // |
| // If you enable this setting, the Developer Tools can not be accessed and web- |
| // site elements can not be inspected anymore. Any keyboard shortcuts and any |
| // menu or context menu entries to open the Developer Tools or the JavaScript |
| // Console will be disabled. |
| // |
| // Setting this option to disabled or leaving it not set allows the user to use |
| // the Developer Tools and the JavaScript console. |
| // |
| // If the policy DeveloperToolsAvailability is set, the value of the policy |
| // DeveloperToolsDisabled is ignored. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message DeveloperToolsDisabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool DeveloperToolsDisabled = 2; |
| } |
| |
| // Control where Developer Tools can be used |
| // |
| // Allows you to control where Developer Tools can be used. |
| // |
| // If this policy is set to |
| // 'DeveloperToolsDisallowedForForceInstalledExtensions' (value 0, which is the |
| // default value), the Developer Tools and the JavaScript console can be |
| // accessed in general, but they can not be accessed in the context of |
| // extensions installed by enterprise policy. |
| // If this policy is set to 'DeveloperToolsAllowed' (value 1), the Developer |
| // Tools and the JavaScript console can be accessed and used in all contexts, |
| // including the context of extensions installed by enterprise policy. |
| // If this policy is set to 'DeveloperToolsDisallowed' (value 2), the Developer |
| // Tools can not be accessed and web-site elements can not be inspected anymore. |
| // Any keyboard shortcuts and any menu or context menu entries to open the |
| // Developer Tools or the JavaScript Console will be disabled. |
| // |
| // Valid values: |
| // 0: Disallow usage of the Developer Tools on extensions installed by |
| // enterprise policy, allow usage of the Developer Tools in other contexts |
| // 1: Allow usage of the Developer Tools |
| // 2: Disallow usage of the Developer Tools |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message DeveloperToolsAvailabilityProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 DeveloperToolsAvailability = 2; |
| } |
| |
| // Action on startup |
| // |
| // Allows you to specify the behavior on startup. |
| // |
| // If you choose 'Open New Tab Page' the New Tab Page will always be opened when |
| // you start Google Chrome. |
| // |
| // If you choose 'Restore the last session', the URLs that were open last time |
| // Google Chrome was closed will be reopened and the browsing session will be |
| // restored as it was left. |
| // Choosing this option disables some settings that rely on sessions or that |
| // perform actions on exit (such as Clear browsing data on exit or session-only |
| // cookies). |
| // |
| // If you choose 'Open a list of URLs', the list of 'URLs to open on startup' |
| // will be opened when a user starts Google Chrome. |
| // |
| // If you enable this setting, users cannot change or override it in Google |
| // Chrome. |
| // |
| // Disabling this setting is equivalent to leaving it not configured. The user |
| // will still be able to change it in Google Chrome. |
| // |
| // This policy is available only on Windows instances that are joined to a |
| // Microsoft® Active Directory® domain. or Windows 10 Pro or Enterprise |
| // instances that enrolled for device management. |
| // |
| // Valid values: |
| // 5: Open New Tab Page |
| // 1: Restore the last session |
| // 4: Open a list of URLs |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message RestoreOnStartupProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 RestoreOnStartup = 2; |
| } |
| |
| // URLs to open on startup |
| // |
| // If 'Open a list of URLs' is selected as the startup action, this allows you |
| // to specify the list of URLs that are opened. If left not set no URL will be |
| // opened on start up. |
| // |
| // This policy only works if the 'RestoreOnStartup' policy is set to |
| // 'RestoreOnStartupIsURLs'. |
| // |
| // This policy is available only on Windows instances that are joined to a |
| // Microsoft® Active Directory® domain. or Windows 10 Pro or Enterprise |
| // instances that enrolled for device management. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message RestoreOnStartupURLsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList RestoreOnStartupURLs = 2; |
| } |
| |
| // Block third party cookies |
| // |
| // Enabling this setting prevents cookies from being set by web page elements |
| // that are not from the domain that is in the browser's address bar. |
| // |
| // Disabling this setting allows cookies to be set by web page elements that are |
| // not from the domain that is in the browser's address bar and prevents users |
| // from changing this setting. |
| // |
| // If this policy is left not set, third party cookies will be enabled but the |
| // user will be able to change that. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message BlockThirdPartyCookiesProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool BlockThirdPartyCookies = 2; |
| } |
| |
| // Enable the default search provider |
| // |
| // Enables the use of a default search provider. |
| // |
| // If you enable this setting, a default search is performed when the user types |
| // text in the omnibox that is not a URL. |
| // |
| // You can specify the default search provider to be used by setting the rest of |
| // the default search policies. If these are left empty, the user can choose the |
| // default provider. |
| // |
| // If you disable this setting, no search is performed when the user enters non- |
| // URL text in the omnibox. |
| // |
| // If you enable or disable this setting, users cannot change or override this |
| // setting in Google Chrome. |
| // |
| // If this policy is left not set, the default search provider is enabled, and |
| // the user will be able to set the search provider list. |
| // |
| // This policy is available only on Windows instances that are joined to a |
| // Microsoft® Active Directory® domain. or Windows 10 Pro or Enterprise |
| // instances that enrolled for device management. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message DefaultSearchProviderEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool DefaultSearchProviderEnabled = 2; |
| } |
| |
| // Default search provider name |
| // |
| // Specifies the name of the default search provider. If left empty or not set, |
| // the host name specified by the search URL will be used. |
| // |
| // This policy is only considered if the 'DefaultSearchProviderEnabled' policy |
| // is enabled. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message DefaultSearchProviderNameProto { |
| optional PolicyOptions policy_options = 1; |
| optional string DefaultSearchProviderName = 2; |
| } |
| |
| // Default search provider keyword |
| // |
| // Specifies the keyword, which is the shortcut used in the omnibox to trigger |
| // the search for this provider. |
| // |
| // This policy is optional. If not set, no keyword will activate the search |
| // provider. |
| // |
| // This policy is only considered if the 'DefaultSearchProviderEnabled' policy |
| // is enabled. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message DefaultSearchProviderKeywordProto { |
| optional PolicyOptions policy_options = 1; |
| optional string DefaultSearchProviderKeyword = 2; |
| } |
| |
| // Default search provider search URL |
| // |
| // Specifies the URL of the search engine used when doing a default search. The |
| // URL should contain the string '{searchTerms}', which will be replaced at |
| // query time by the terms the user is searching for. |
| // |
| // Google's search URL can be specified as: '{google:baseURL}search?q={searchTer |
| // ms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryS |
| // tats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId} |
| // ie={inputEncoding}'. |
| // |
| // This option must be set when the 'DefaultSearchProviderEnabled' policy is |
| // enabled and will only be respected if this is the case. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message DefaultSearchProviderSearchURLProto { |
| optional PolicyOptions policy_options = 1; |
| optional string DefaultSearchProviderSearchURL = 2; |
| } |
| |
| // Default search provider suggest URL |
| // |
| // Specifies the URL of the search engine used to provide search suggestions. |
| // The URL should contain the string '{searchTerms}', which will be replaced at |
| // query time by the text the user has entered so far. |
| // |
| // This policy is optional. If not set, no suggest URL will be used. |
| // |
| // Google's suggest URL can be specified as: |
| // '{google:baseURL}complete/search?output=chrome&q={searchTerms}'. |
| // |
| // This policy is only respected if the 'DefaultSearchProviderEnabled' policy is |
| // enabled. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message DefaultSearchProviderSuggestURLProto { |
| optional PolicyOptions policy_options = 1; |
| optional string DefaultSearchProviderSuggestURL = 2; |
| } |
| |
| // Default search provider instant URL |
| // |
| // Specifies the URL of the search engine used to provide instant results. The |
| // URL should contain the string '{searchTerms}', which will be replaced at |
| // query time by the text the user has entered so far. |
| // |
| // This policy is optional. If not set, no instant search results will be |
| // provided. |
| // |
| // Google's instant results URL can be specified as: |
| // '{google:baseURL}suggest?q={searchTerms}'. |
| // |
| // This policy is only respected if the 'DefaultSearchProviderEnabled' policy is |
| // enabled. |
| // |
| // Supported on: |
| message DefaultSearchProviderInstantURLProto { |
| optional PolicyOptions policy_options = 1; |
| optional string DefaultSearchProviderInstantURL = 2; |
| } |
| |
| // Default search provider icon |
| // |
| // Specifies the favorite icon URL of the default search provider. |
| // |
| // This policy is optional. If not set, no icon will be present for the search |
| // provider. |
| // |
| // This policy is only respected if the 'DefaultSearchProviderEnabled' policy is |
| // enabled. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message DefaultSearchProviderIconURLProto { |
| optional PolicyOptions policy_options = 1; |
| optional string DefaultSearchProviderIconURL = 2; |
| } |
| |
| // Default search provider encodings |
| // |
| // Specifies the character encodings supported by the search provider. Encodings |
| // are code page names like UTF-8, GB2312, and ISO-8859-1. They are tried in the |
| // order provided. |
| // |
| // This policy is optional. If not set, the default will be used which is UTF-8. |
| // |
| // This policy is only respected if the 'DefaultSearchProviderEnabled' policy is |
| // enabled. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message DefaultSearchProviderEncodingsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList DefaultSearchProviderEncodings = 2; |
| } |
| |
| // List of alternate URLs for the default search provider |
| // |
| // Specifies a list of alternate URLs that can be used to extract search terms |
| // from the search engine. The URLs should contain the string '{searchTerms}', |
| // which will be used to extract the search terms. |
| // |
| // This policy is optional. If not set, no alternate urls will be used to |
| // extract search terms. |
| // |
| // This policy is only respected if the 'DefaultSearchProviderEnabled' policy is |
| // enabled. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message DefaultSearchProviderAlternateURLsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList DefaultSearchProviderAlternateURLs = 2; |
| } |
| |
| // Parameter controlling search term placement for the default search provider |
| // |
| // If this policy is set and a search URL suggested from the omnibox contains |
| // this parameter in the query string or in the fragment identifier, then the |
| // suggestion will show the search terms and search provider instead of the raw |
| // search URL. |
| // |
| // This policy is optional. If not set, no search term replacement will be |
| // performed. |
| // |
| // This policy is only respected if the 'DefaultSearchProviderEnabled' policy is |
| // enabled. |
| // |
| // Supported on: |
| message DefaultSearchProviderSearchTermsReplacementKeyProto { |
| optional PolicyOptions policy_options = 1; |
| optional string DefaultSearchProviderSearchTermsReplacementKey = 2; |
| } |
| |
| // Parameter providing search-by-image feature for the default search provider |
| // |
| // Specifies the URL of the search engine used to provide image search. Search |
| // requests will be sent using the GET method. If the |
| // DefaultSearchProviderImageURLPostParams policy is set then image search |
| // requests will use the POST method instead. |
| // |
| // This policy is optional. If not set, no image search will be used. |
| // |
| // This policy is only respected if the 'DefaultSearchProviderEnabled' policy is |
| // enabled. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message DefaultSearchProviderImageURLProto { |
| optional PolicyOptions policy_options = 1; |
| optional string DefaultSearchProviderImageURL = 2; |
| } |
| |
| // Default search provider new tab page URL |
| // |
| // Specifies the URL that a search engine uses to provide a new tab page. |
| // |
| // This policy is optional. If not set, no new tab page will be provided. |
| // |
| // This policy is only respected if the 'DefaultSearchProviderEnabled' policy is |
| // enabled. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message DefaultSearchProviderNewTabURLProto { |
| optional PolicyOptions policy_options = 1; |
| optional string DefaultSearchProviderNewTabURL = 2; |
| } |
| |
| // Parameters for search URL which uses POST |
| // |
| // Specifies the parameters used when searching a URL with POST. It consists of |
| // comma-separated name/value pairs. If a value is a template parameter, like |
| // {searchTerms} in above example, it will be replaced with real search terms |
| // data. |
| // |
| // This policy is optional. If not set, search request will be sent using the |
| // GET method. |
| // |
| // This policy is only respected if the 'DefaultSearchProviderEnabled' policy is |
| // enabled. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message DefaultSearchProviderSearchURLPostParamsProto { |
| optional PolicyOptions policy_options = 1; |
| optional string DefaultSearchProviderSearchURLPostParams = 2; |
| } |
| |
| // Parameters for suggest URL which uses POST |
| // |
| // Specifies the parameters used when doing suggestion search with POST. It |
| // consists of comma-separated name/value pairs. If a value is a template |
| // parameter, like {searchTerms} in above example, it will be replaced with real |
| // search terms data. |
| // |
| // This policy is optional. If not set, suggest search request will be sent |
| // using the GET method. |
| // |
| // This policy is only respected if the 'DefaultSearchProviderEnabled' policy is |
| // enabled. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message DefaultSearchProviderSuggestURLPostParamsProto { |
| optional PolicyOptions policy_options = 1; |
| optional string DefaultSearchProviderSuggestURLPostParams = 2; |
| } |
| |
| // Parameters for instant URL which uses POST |
| // |
| // Specifies the parameters used when doing instant search with POST. It |
| // consists of comma-separated name/value pairs. If a value is a template |
| // parameter, like {searchTerms} in above example, it will be replaced with real |
| // search terms data. |
| // |
| // This policy is optional. If not set, instant search request will be sent |
| // using the GET method. |
| // |
| // This policy is only respected if the 'DefaultSearchProviderEnabled' policy is |
| // enabled. |
| // |
| // Supported on: |
| message DefaultSearchProviderInstantURLPostParamsProto { |
| optional PolicyOptions policy_options = 1; |
| optional string DefaultSearchProviderInstantURLPostParams = 2; |
| } |
| |
| // Parameters for image URL which uses POST |
| // |
| // Specifies the parameters used when doing image search with POST. It consists |
| // of comma-separated name/value pairs. If a value is a template parameter, like |
| // {imageThumbnail} in above example, it will be replaced with real image |
| // thumbnail data. |
| // |
| // This policy is optional. If not set, image search request will be sent using |
| // the GET method. |
| // |
| // This policy is only respected if the 'DefaultSearchProviderEnabled' policy is |
| // enabled. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message DefaultSearchProviderImageURLPostParamsProto { |
| optional PolicyOptions policy_options = 1; |
| optional string DefaultSearchProviderImageURLPostParams = 2; |
| } |
| |
| // Default cookies setting |
| // |
| // Allows you to set whether websites are allowed to set local data. Setting |
| // local data can be either allowed for all websites or denied for all websites. |
| // |
| // If this policy is set to 'Keep cookies for the duration of the session' then |
| // cookies will be cleared when the session closes. Note that if Google Chrome |
| // is running in 'background mode', the session may not close when the last |
| // window is closed. Please see the 'BackgroundModeEnabled' policy for more |
| // information about configuring this behavior. |
| // |
| // If this policy is left not set, 'AllowCookies' will be used and the user will |
| // be able to change it. |
| // |
| // Valid values: |
| // 1: Allow all sites to set local data |
| // 2: Do not allow any site to set local data |
| // 4: Keep cookies for the duration of the session |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message DefaultCookiesSettingProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 DefaultCookiesSetting = 2; |
| } |
| |
| // Default images setting |
| // |
| // Allows you to set whether websites are allowed to display images. Displaying |
| // images can be either allowed for all websites or denied for all websites. |
| // |
| // If this policy is left not set, 'AllowImages' will be used and the user will |
| // be able to change it. |
| // |
| // Note that previously this policy was erroneously enabled on Android, but this |
| // functionality has never been fully supported on Android. |
| // |
| // Valid values: |
| // 1: Allow all sites to show all images |
| // 2: Do not allow any site to show images |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message DefaultImagesSettingProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 DefaultImagesSetting = 2; |
| } |
| |
| // Default JavaScript setting |
| // |
| // Allows you to set whether websites are allowed to run JavaScript. Running |
| // JavaScript can be either allowed for all websites or denied for all websites. |
| // |
| // If this policy is left not set, 'AllowJavaScript' will be used and the user |
| // will be able to change it. |
| // |
| // Valid values: |
| // 1: Allow all sites to run JavaScript |
| // 2: Do not allow any site to run JavaScript |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message DefaultJavaScriptSettingProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 DefaultJavaScriptSetting = 2; |
| } |
| |
| // Default Flash setting |
| // |
| // Allows you to set whether websites are allowed to automatically run the Flash |
| // plugin. Automatically running the Flash plugin can be either allowed for all |
| // websites or denied for all websites. |
| // |
| // Click to play allows the Flash plugin to run but the user must click on the |
| // placeholder to start its execution. |
| // |
| // Automatic playback is only allowed for domains explictly listed in the |
| // PluginsAllowedForUrls policy. If you want to enabled automatic playback for |
| // all sites consider adding http://* and https://* to this list. |
| // |
| // If this policy is left not set, the user will be able to change this setting |
| // manually. |
| // |
| // Valid values: |
| // 1: Allow all sites to automatically run the Flash plugin |
| // 2: Block the Flash plugin |
| // 3: Click to play |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message DefaultPluginsSettingProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 DefaultPluginsSetting = 2; |
| } |
| |
| // Default popups setting |
| // |
| // Allows you to set whether websites are allowed to show pop-ups. Showing |
| // popups can be either allowed for all websites or denied for all websites. |
| // |
| // If this policy is left not set, 'BlockPopups' will be used and the user will |
| // be able to change it. |
| // |
| // Valid values: |
| // 1: Allow all sites to show pop-ups |
| // 2: Do not allow any site to show popups |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message DefaultPopupsSettingProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 DefaultPopupsSetting = 2; |
| } |
| |
| // Default notification setting |
| // |
| // Allows you to set whether websites are allowed to display desktop |
| // notifications. Displaying desktop notifications can be allowed by default, |
| // denied by default or the user can be asked every time a website wants to show |
| // desktop notifications. |
| // |
| // If this policy is left not set, 'AskNotifications' will be used and the user |
| // will be able to change it. |
| // |
| // Valid values: |
| // 1: Allow sites to show desktop notifications |
| // 2: Do not allow any site to show desktop notifications |
| // 3: Ask every time a site wants to show desktop notifications |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message DefaultNotificationsSettingProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 DefaultNotificationsSetting = 2; |
| } |
| |
| // Default geolocation setting |
| // |
| // Allows you to set whether websites are allowed to track the users' physical |
| // location. Tracking the users' physical location can be allowed by default, |
| // denied by default or the user can be asked every time a website requests the |
| // physical location. |
| // |
| // If this policy is left not set, 'AskGeolocation' will be used and the user |
| // will be able to change it. |
| // |
| // Valid values: |
| // 1: Allow sites to track the users' physical location |
| // 2: Do not allow any site to track the users' physical location |
| // 3: Ask whenever a site wants to track the users' physical location |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message DefaultGeolocationSettingProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 DefaultGeolocationSetting = 2; |
| } |
| |
| // Default mediastream setting |
| // |
| // Allows you to set whether websites are allowed to get access to media capture |
| // devices. Access to media capture devices can be allowed by default, or the |
| // user can be asked every time a website wants to get access to media capture |
| // devices. |
| // |
| // If this policy is left not set, 'PromptOnAccess' will be used and the user |
| // will be able to change it. |
| // |
| // Valid values: |
| // 2: Do not allow any site to access the camera and microphone |
| // 3: Ask every time a site wants to access the camera and/or microphone |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message DefaultMediaStreamSettingProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 DefaultMediaStreamSetting = 2; |
| } |
| |
| // Control use of the Web Bluetooth API |
| // |
| // Allows you to set whether websites are allowed to get access to nearby |
| // Bluetooth devices. Access can be completely blocked, or the user can be asked |
| // every time a website wants to get access to nearby Bluetooth devices. |
| // |
| // If this policy is left not set, '3' will be used, and the user will be able |
| // to change it. |
| // |
| // Valid values: |
| // 2: Do not allow any site to request access to Bluetooth devices via the Web |
| // Bluetooth API |
| // 3: Allow sites to ask the user to grant access to a nearby Bluetooth device |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message DefaultWebBluetoothGuardSettingProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 DefaultWebBluetoothGuardSetting = 2; |
| } |
| |
| // Default key generation setting |
| // |
| // Allows you to set whether websites are allowed to use key generation. Using |
| // key generation can be either allowed for all websites or denied for all |
| // websites. |
| // |
| // If this policy is left not set, 'BlockKeygen' will be used and the user will |
| // be able to change it. |
| // |
| // Valid values: |
| // 1: Allow all sites to use key generation |
| // 2: Do not allow any site to use key generation |
| // |
| // Supported on: |
| message DefaultKeygenSettingProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 DefaultKeygenSetting = 2; |
| } |
| |
| // Control use of the WebUSB API |
| // |
| // Allows you to set whether websites are allowed to get access to connected USB |
| // devices. Access can be completely blocked, or the user can be asked every |
| // time a website wants to get access to connected USB devices. |
| // |
| // This policy can be overridden for specific URL patterns using the |
| // 'WebUsbAskForUrls' and 'WebUsbBlockedForUrls' policies. |
| // |
| // If this policy is left not set, '3' will be used, and the user will be able |
| // to change it. |
| // |
| // Valid values: |
| // 2: Do not allow any site to request access to USB devices via the WebUSB |
| // API |
| // 3: Allow sites to ask the user to grant access to a connected USB device |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message DefaultWebUsbGuardSettingProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 DefaultWebUsbGuardSetting = 2; |
| } |
| |
| // Automatically grant permission to these sites to connect to USB devices with |
| // the given vendor and product IDs. |
| // |
| // Allows you to set a list of urls that specify which sites will automatically |
| // be granted permission to access a USB device with the given vendor and |
| // product IDs. Each item in the list must contain both devices and urls in |
| // order for the policy to be valid. Each item in devices can contain a vendor |
| // ID and product ID field. Any ID that is omitted is treated as a wildcard with |
| // one exception, and that exception is that a product ID cannot be specified |
| // without a vendor ID also being specified. Otherwise, the policy will not be |
| // valid and will be ignored. |
| // |
| // The USB permission model uses the URL of the requesting site ("requesting |
| // URL") and the URL of the top-level frame site ("embedding URL") to grant |
| // permission to the requesting URL to access the USB device. The requesting URL |
| // may be different than the embedding URL when the requesting site is loaded in |
| // an iframe. Therefore, the "urls" field can contain up to two URL strings |
| // delimited by a comma to specify the requesting and embedding URL |
| // respectively. If only one URL is specified, then access to the corresponding |
| // USB devices will be granted when the requesting site's URL matches this URL |
| // regardless of embedding status. The URLs in "urls" must be valid URLs, |
| // otherwise the policy will be ignored. |
| // |
| // If this policy is left not set, the global default value will be used for all |
| // sites either from the 'DefaultWebUsbGuardSetting' policy if it is set, or the |
| // user's personal configuration otherwise. |
| // |
| // URL patterns in this policy should not clash with the ones configured via |
| // WebUsbBlockedForUrls. If there is a clash, this policy will take precedence |
| // over WebUsbBlockedForUrls and WebUsbAskForUrls. |
| // |
| // Values for this policy and the DeviceWebUsbAllowDevicesForUrls policy are |
| // merged together. |
| // |
| // Value schema: |
| // { |
| // "items": { |
| // "properties": { |
| // "devices": { |
| // "items": { |
| // "properties": { |
| // "product_id": { |
| // "type": "integer" |
| // }, |
| // "vendor_id": { |
| // "type": "integer" |
| // } |
| // }, |
| // "type": "object" |
| // }, |
| // "type": "array" |
| // }, |
| // "urls": { |
| // "items": { |
| // "type": "string" |
| // }, |
| // "type": "array" |
| // } |
| // }, |
| // "required": [ |
| // "devices", |
| // "urls" |
| // ], |
| // "type": "object" |
| // }, |
| // "type": "array" |
| // } |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message WebUsbAllowDevicesForUrlsProto { |
| optional PolicyOptions policy_options = 1; |
| optional string WebUsbAllowDevicesForUrls = 2; |
| } |
| |
| // Allow WebUSB on these sites |
| // |
| // Allows you to set a list of url patterns that specify sites which are allowed |
| // to ask the user to grant them access to a USB device. |
| // |
| // If this policy is left not set the global default value will be used for all |
| // sites either from the 'DefaultWebUsbGuardSetting' policy if it is set, or the |
| // user's personal configuration otherwise. |
| // |
| // URL patterns in this policy should not clash with ones configured via |
| // WebUsbBlockedForUrls. It is unspecified which of the two policies takes |
| // precedence if a URL matches with both. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message WebUsbAskForUrlsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList WebUsbAskForUrls = 2; |
| } |
| |
| // Block WebUSB on these sites |
| // |
| // Allows you to set a list of url patterns that specify sites which are |
| // prevented from asking the user to grant them access to a USB device. |
| // |
| // If this policy is left not set the global default value will be used for all |
| // sites either from the 'DefaultWebUsbGuardSetting' policy if it is set, or the |
| // user's personal configuration otherwise. |
| // |
| // URL patterns in this policy should not clash with ones configured via |
| // WebUsbAskForUrls. It is unspecified which of the two policies takes |
| // precedence if a URL matches with both. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message WebUsbBlockedForUrlsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList WebUsbBlockedForUrls = 2; |
| } |
| |
| // Automatically select client certificates for these sites |
| // |
| // Allows you to specify a list of url patterns that specify sites for which |
| // Google Chrome should automatically select a client certificate, if the site |
| // requests a certificate. |
| // |
| // The value must be an array of stringified JSON dictionaries. Each dictionary |
| // must have the form { "pattern": "$URL_PATTERN", "filter" : $FILTER }, where |
| // $URL_PATTERN is a content setting pattern. $FILTER restricts from which |
| // client certificates the browser will automatically select. Independent of the |
| // filter, only certificates will be selected that match the server's |
| // certificate request. For example, if $FILTER has the form { "ISSUER": { "CN": |
| // "$ISSUER_CN" } }, additionally only client certificates are selected that are |
| // issued by a certificate with the CommonName $ISSUER_CN. If $FILTER contains |
| // an "ISSUER" and a "SUBJECT" section, a client certificate must satisfy both |
| // conditions to be selected. If $FILTER specifies an organization ("O"), a |
| // certificate must have at least one organization which matches the specified |
| // value to be selected. If $FILTER specifies an organization unit ("OU"), a |
| // certificate must have at least one organization unit which matches the |
| // specified value to be selected. If $FILTER is the empty dictionary {}, the |
| // selection of client certificates is not additionally restricted. |
| // |
| // If this policy is left not set, no auto-selection will be done for any site. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message AutoSelectCertificateForUrlsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList AutoSelectCertificateForUrls = 2; |
| } |
| |
| // Allow cookies on these sites |
| // |
| // Allows you to set a list of url patterns that specify sites which are allowed |
| // to set cookies. |
| // |
| // If this policy is left not set the global default value will be used for all |
| // sites either from the 'DefaultCookiesSetting' policy if it is set, or the |
| // user's personal configuration otherwise. |
| // |
| // See also policies 'CookiesBlockedForUrls' and 'CookiesSessionOnlyForUrls'. |
| // Note that there must be no conflicting URL patterns between these three |
| // policies - it is unspecified which policy takes precedence. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message CookiesAllowedForUrlsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList CookiesAllowedForUrls = 2; |
| } |
| |
| // Block cookies on these sites |
| // |
| // Allows you to set a list of url patterns that specify sites which are not |
| // allowed to set cookies. |
| // |
| // If this policy is left not set the global default value will be used for all |
| // sites either from the 'DefaultCookiesSetting' policy if it is set, or the |
| // user's personal configuration otherwise. |
| // |
| // See also policies 'CookiesAllowedForUrls' and 'CookiesSessionOnlyForUrls'. |
| // Note that there must be no conflicting URL patterns between these three |
| // policies - it is unspecified which policy takes precedence. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message CookiesBlockedForUrlsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList CookiesBlockedForUrls = 2; |
| } |
| |
| // Limit cookies from matching URLs to the current session |
| // |
| // Cookies set by pages matching these URL patterns will be limited to the |
| // current session, i.e. they will be deleted when the browser exits. |
| // |
| // For URLs not covered by the patterns specified here, or for all URLs if this |
| // policy is not set, the global default value will be used either from the |
| // 'DefaultCookiesSetting' policy, if it is set, or the user's personal |
| // configuration otherwise. |
| // |
| // Note that if Google Chrome is running in 'background mode', the session may |
| // not be closed when the last browser window is closed, but will instead stay |
| // active until the browser exits. Please see the 'BackgroundModeEnabled' policy |
| // for more information about configuring this behavior. |
| // |
| // See also policies 'CookiesAllowedForUrls' and 'CookiesBlockedForUrls'. Note |
| // that there must be no conflicting URL patterns between these three policies - |
| // it is unspecified which policy takes precedence. |
| // |
| // If the "RestoreOnStartup" policy is set to restore URLs from previous |
| // sessions this policy will not be respected and cookies will be stored |
| // permanently for those sites. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message CookiesSessionOnlyForUrlsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList CookiesSessionOnlyForUrls = 2; |
| } |
| |
| // Allow images on these sites |
| // |
| // Allows you to set a list of url patterns that specify sites which are allowed |
| // to display images. |
| // |
| // If this policy is left not set the global default value will be used for all |
| // sites either from the 'DefaultImagesSetting' policy if it is set, or the |
| // user's personal configuration otherwise. |
| // |
| // Note that previously this policy was erroneously enabled on Android, but this |
| // functionality has never been fully supported on Android. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message ImagesAllowedForUrlsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList ImagesAllowedForUrls = 2; |
| } |
| |
| // Block images on these sites |
| // |
| // Allows you to set a list of url patterns that specify sites which are not |
| // allowed to display images. |
| // |
| // If this policy is left not set the global default value will be used for all |
| // sites either from the 'DefaultImagesSetting' policy if it is set, or the |
| // user's personal configuration otherwise. |
| // |
| // Note that previously this policy was erroneously enabled on Android, but this |
| // functionality has never been fully supported on Android. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message ImagesBlockedForUrlsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList ImagesBlockedForUrls = 2; |
| } |
| |
| // Allow JavaScript on these sites |
| // |
| // Allows you to set a list of url patterns that specify sites which are allowed |
| // to run JavaScript. |
| // |
| // If this policy is left not set the global default value will be used for all |
| // sites either from the 'DefaultJavaScriptSetting' policy if it is set, or the |
| // user's personal configuration otherwise. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message JavaScriptAllowedForUrlsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList JavaScriptAllowedForUrls = 2; |
| } |
| |
| // Block JavaScript on these sites |
| // |
| // Allows you to set a list of url patterns that specify sites which are not |
| // allowed to run JavaScript. |
| // |
| // If this policy is left not set the global default value will be used for all |
| // sites either from the 'DefaultJavaScriptSetting' policy if it is set, or the |
| // user's personal configuration otherwise. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message JavaScriptBlockedForUrlsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList JavaScriptBlockedForUrls = 2; |
| } |
| |
| // Allow key generation on these sites |
| // |
| // Allows you to set a list of url patterns that specify sites which are allowed |
| // to use key generation. If a url pattern is in 'KeygenBlockedForUrls', that |
| // overrides these exceptions. |
| // |
| // If this policy is left not set the global default value will be used for all |
| // sites either from the 'DefaultKeygenSetting' policy if it is set, or the |
| // user's personal configuration otherwise. |
| // |
| // Supported on: |
| message KeygenAllowedForUrlsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList KeygenAllowedForUrls = 2; |
| } |
| |
| // Block key generation on these sites |
| // |
| // Allows you to set a list of url patterns that specify sites which are not |
| // allowed to use key generation. If a url pattern is in 'KeygenAllowedForUrls', |
| // this policy overrides these exceptions. |
| // |
| // If this policy is left not set the global default value will be used for all |
| // sites either from the 'DefaultKeygenSetting' policy if it is set, or the |
| // user's personal configuration otherwise. |
| // |
| // Supported on: |
| message KeygenBlockedForUrlsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList KeygenBlockedForUrls = 2; |
| } |
| |
| // Allow the Flash plugin on these sites |
| // |
| // Allows you to set a list of url patterns that specify sites which are allowed |
| // to run the Flash plugin. |
| // |
| // If this policy is left not set the global default value will be used for all |
| // sites either from the 'DefaultPluginsSetting' policy if it is set, or the |
| // user's personal configuration otherwise. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message PluginsAllowedForUrlsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList PluginsAllowedForUrls = 2; |
| } |
| |
| // Block the Flash plugin on these sites |
| // |
| // Allows you to set a list of url patterns that specify sites which are not |
| // allowed to run the Flash plugin. |
| // |
| // If this policy is left not set the global default value will be used for all |
| // sites either from the 'DefaultPluginsSetting' policy if it is set, or the |
| // user's personal configuration otherwise. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message PluginsBlockedForUrlsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList PluginsBlockedForUrls = 2; |
| } |
| |
| // Allow popups on these sites |
| // |
| // Allows you to set a list of url patterns that specify sites which are allowed |
| // to open popups. |
| // |
| // If this policy is left not set the global default value will be used for all |
| // sites either from the 'DefaultPopupsSetting' policy if it is set, or the |
| // user's personal configuration otherwise. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message PopupsAllowedForUrlsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList PopupsAllowedForUrls = 2; |
| } |
| |
| // Register protocol handlers |
| // |
| // Allows you to register a list of protocol handlers. This can only be a |
| // recommended policy. The property |protocol| should be set to the scheme such |
| // as 'mailto' and the property |url| should be set to the URL pattern of the |
| // application that handles the scheme. The pattern can include a '%s', which if |
| // present will be replaced by the handled URL. |
| // |
| // The protocol handlers registered by policy are merged with the ones |
| // registered by the user and both are available for use. The user can override |
| // the protocol handlers installed by policy by installing a new default |
| // handler, but cannot remove a protocol handler registered by policy. |
| // |
| // Value schema: |
| // { |
| // "items": { |
| // "properties": { |
| // "default": { |
| // "description": "A boolean flag indicating if the protocol |
| // handler should be set as the default.", |
| // "type": "boolean" |
| // }, |
| // "protocol": { |
| // "description": "The protocol for the protocol handler.", |
| // "type": "string" |
| // }, |
| // "url": { |
| // "description": "The URL of the protocol handler.", |
| // "type": "string" |
| // } |
| // }, |
| // "required": [ |
| // "protocol", |
| // "url" |
| // ], |
| // "type": "object" |
| // }, |
| // "type": "array" |
| // } |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| // |
| // Note: this policy must have a RECOMMENDED PolicyMode set in PolicyOptions. |
| message RegisteredProtocolHandlersProto { |
| optional PolicyOptions policy_options = 1; |
| optional string RegisteredProtocolHandlers = 2; |
| } |
| |
| // Block popups on these sites |
| // |
| // Allows you to set a list of url patterns that specify sites which are not |
| // allowed to open popups. |
| // |
| // If this policy is left not set the global default value will be used for all |
| // sites either from the 'DefaultPopupsSetting' policy if it is set, or the |
| // user's personal configuration otherwise. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message PopupsBlockedForUrlsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList PopupsBlockedForUrls = 2; |
| } |
| |
| // Allow notifications on these sites |
| // |
| // Allows you to set a list of url patterns that specify sites which are allowed |
| // to display notifications. |
| // |
| // If this policy is left not set the global default value will be used for all |
| // sites either from the 'DefaultNotificationsSetting' policy if it is set, or |
| // the user's personal configuration otherwise. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message NotificationsAllowedForUrlsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList NotificationsAllowedForUrls = 2; |
| } |
| |
| // Block notifications on these sites |
| // |
| // Allows you to set a list of url patterns that specify sites which are not |
| // allowed to display notifications. |
| // |
| // If this policy is left not set the global default value will be used for all |
| // sites either from the 'DefaultNotificationsSetting' policy if it is set, or |
| // the user's personal configuration otherwise. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message NotificationsBlockedForUrlsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList NotificationsBlockedForUrls = 2; |
| } |
| |
| // Configure native messaging blacklist |
| // |
| // Allows you to specify which native messaging hosts that should not be loaded. |
| // |
| // A blacklist value of '*' means all native messaging hosts are blacklisted |
| // unless they are explicitly listed in the whitelist. |
| // |
| // If this policy is left not set Google Chrome will load all installed native |
| // messaging hosts. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message NativeMessagingBlacklistProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList NativeMessagingBlacklist = 2; |
| } |
| |
| // Configure native messaging whitelist |
| // |
| // Allows you to specify which native messaging hosts are not subject to the |
| // blacklist. |
| // |
| // A blacklist value of * means all native messaging hosts are blacklisted and |
| // only native messaging hosts listed in the whitelist will be loaded. |
| // |
| // By default, all native messaging hosts are whitelisted, but if all native |
| // messaging hosts have been blacklisted by policy, the whitelist can be used to |
| // override that policy. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message NativeMessagingWhitelistProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList NativeMessagingWhitelist = 2; |
| } |
| |
| // Allow user-level Native Messaging hosts (installed without admin permissions) |
| // |
| // Enables user-level installation of Native Messaging hosts. |
| // |
| // If this setting is enabled then Google Chrome allows usage of Native |
| // Messaging hosts installed on user level. |
| // |
| // If this setting is disabled then Google Chrome will only use Native Messaging |
| // hosts installed on system level. |
| // |
| // If this setting is left not set Google Chrome will allow usage of user-level |
| // Native Messaging hosts. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message NativeMessagingUserLevelHostsProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool NativeMessagingUserLevelHosts = 2; |
| } |
| |
| // Disable support for 3D graphics APIs |
| // |
| // Enabling this setting prevents web pages from accessing the graphics |
| // processing unit (GPU). Specifically, web pages can not access the WebGL API |
| // and plugins can not use the Pepper 3D API. |
| // |
| // Disabling this setting or leaving it not set potentially allows web pages to |
| // use the WebGL API and plugins to use the Pepper 3D API. The default settings |
| // of the browser may still require command line arguments to be passed in order |
| // to use these APIs. |
| // |
| // If HardwareAccelerationModeEnabled is set to false, Disable3DAPIs is ignored |
| // and it is equivalent to Disable3DAPIs being set to true. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message Disable3DAPIsProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool Disable3DAPIs = 2; |
| } |
| |
| // Refresh rate for user policy |
| // |
| // Specifies the period in milliseconds at which the device management service |
| // is queried for user policy information. |
| // |
| // Setting this policy overrides the default value of 3 hours. Valid values for |
| // this policy are in the range from 1800000 (30 minutes) to 86400000 (1 day). |
| // Any values not in this range will be clamped to the respective boundary. If |
| // the platform supports policy notifications, the refresh delay will be set to |
| // 24 hours because it is expected that policy notifications will force a |
| // refresh automatically whenever policy changes. |
| // |
| // Leaving this policy not set will make Google Chrome use the default value of |
| // 3 hours. |
| // |
| // Note that if the platform supports policy notifications, the refresh delay |
| // will be set to 24 hours (ignoring all defaults and the value of this policy) |
| // because it is expected that policy notifications will force a refresh |
| // automatically whenever policy changes, making more frequent refreshes |
| // unnecessary. |
| // |
| // Supported on: chrome_os |
| message PolicyRefreshRateProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 PolicyRefreshRate = 2; |
| } |
| |
| // Maximum fetch delay after a policy invalidation |
| // |
| // Specifies the maximum delay in milliseconds between receiving a policy |
| // invalidation and fetching the new policy from the device management service. |
| // |
| // Setting this policy overrides the default value of 5000 milliseconds. Valid |
| // values for this policy are in the range from 1000 (1 second) to 300000 (5 |
| // minutes). Any values not in this range will be clamped to the respective |
| // boundary. |
| // |
| // Leaving this policy not set will make Google Chrome use the default value of |
| // 5000 milliseconds. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message MaxInvalidationFetchDelayProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 MaxInvalidationFetchDelay = 2; |
| } |
| |
| // Default HTML renderer for Google Chrome Frame |
| // |
| // Allows you to configure the default HTML renderer when Google Chrome Frame is |
| // installed. |
| // The default setting used when this policy is left not set is to allow the |
| // host browser do the rendering, but you can optionally override this and have |
| // Google Chrome Frame render HTML pages by default. |
| // |
| // Valid values: |
| // 0: Use the host browser by default |
| // 1: Use Google Chrome Frame by default |
| // |
| // Supported on: |
| message ChromeFrameRendererSettingsProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 ChromeFrameRendererSettings = 2; |
| } |
| |
| // Always render the following URL patterns in Google Chrome Frame |
| // |
| // Customize the list of URL patterns that should always be rendered by Google |
| // Chrome Frame. |
| // |
| // If this policy is not set the default renderer will be used for all sites as |
| // specified by the 'ChromeFrameRendererSettings' policy. |
| // |
| // For example patterns see https://www.chromium.org/developers/how-tos/chrome- |
| // frame-getting-started. |
| // |
| // Supported on: |
| message RenderInChromeFrameListProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList RenderInChromeFrameList = 2; |
| } |
| |
| // Always render the following URL patterns in the host browser |
| // |
| // Customize the list of URL patterns that should always be rendered by the host |
| // browser. |
| // |
| // If this policy is not set the default renderer will be used for all sites as |
| // specified by the 'ChromeFrameRendererSettings' policy. |
| // |
| // For example patterns see https://www.chromium.org/developers/how-tos/chrome- |
| // frame-getting-started. |
| // |
| // Supported on: |
| message RenderInHostListProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList RenderInHostList = 2; |
| } |
| |
| // Additional command line parameters for Google Chrome |
| // |
| // Allows you to specify additional parameters that are used when Google Chrome |
| // Frame launches Google Chrome. |
| // |
| // If this policy is not set the default command line will be used. |
| // |
| // Supported on: |
| message AdditionalLaunchParametersProto { |
| optional PolicyOptions policy_options = 1; |
| optional string AdditionalLaunchParameters = 2; |
| } |
| |
| // Skip the meta tag check in Google Chrome Frame |
| // |
| // Normally pages with X-UA-Compatible set to chrome=1 will be rendered in |
| // Google Chrome Frame regardless of the 'ChromeFrameRendererSettings' policy. |
| // |
| // If you enable this setting, pages will not be scanned for meta tags. |
| // |
| // If you disable this setting, pages will be scanned for meta tags. |
| // |
| // If this policy is not set, pages will be scanned for meta tags. |
| // |
| // Supported on: |
| message SkipMetadataCheckProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool SkipMetadataCheck = 2; |
| } |
| |
| // Allow Google Chrome Frame to handle the listed content types |
| // |
| // If this policy is set, the specified content types are handled by Google |
| // Chrome Frame. |
| // |
| // If this policy is not set, the default renderer is used for all sites. (The |
| // ChromeFrameRendererSettings policy may be used to configure the default |
| // renderer.) |
| // |
| // Supported on: |
| message ChromeFrameContentTypesProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList ChromeFrameContentTypes = 2; |
| } |
| |
| // Enable lock when the device become idle or suspended |
| // |
| // Enable lock when Google Chrome OS devices become idle or suspended. |
| // |
| // If you enable this setting, users will be asked for a password to unlock the |
| // device from sleep. |
| // |
| // If you disable this setting, users will not be asked for a password to unlock |
| // the device from sleep. |
| // |
| // If you enable or disable this setting, users cannot change or override it. |
| // |
| // If the policy is left not set the user can choose whether they want to be |
| // asked for password to unlock the device or not. |
| // |
| // Supported on: chrome_os |
| message ChromeOsLockOnIdleSuspendProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ChromeOsLockOnIdleSuspend = 2; |
| } |
| |
| // Control the user behavior in a multiprofile session |
| // |
| // Control the user behavior in a multiprofile session on Google Chrome OS |
| // devices. |
| // |
| // If this policy is set to 'MultiProfileUserBehaviorUnrestricted', the user can |
| // be either primary or secondary user in a multiprofile session. |
| // |
| // If this policy is set to 'MultiProfileUserBehaviorMustBePrimary', the user |
| // can only be the primary user in a multiprofile session. |
| // |
| // If this policy is set to 'MultiProfileUserBehaviorNotAllowed', the user |
| // cannot be part of a multiprofile session. |
| // |
| // If you set this setting, users cannot change or override it. |
| // |
| // If the setting is changed while the user is signed into a multiprofile |
| // session, all users in the session will be checked against their corresponding |
| // settings. The session will be closed if any one of the users is no longer |
| // allowed to be in the session. |
| // |
| // If the policy is left not set, the default value |
| // 'MultiProfileUserBehaviorMustBePrimary' applies for enterprise-managed users |
| // and 'MultiProfileUserBehaviorUnrestricted' will be used for non-managed |
| // users. |
| // |
| // Valid values: |
| // unrestricted: Allow enterprise user to be both primary and secondary |
| // (Default behavior for non-managed users) |
| // primary-only: Allow enterprise user to be primary multiprofile user only |
| // (Default behavior for enterprise-managed users) |
| // not-allowed: Do not allow enterprise user to be part of multiprofile |
| // (primary or secondary) |
| // |
| // Supported on: chrome_os |
| message ChromeOsMultiProfileUserBehaviorProto { |
| optional PolicyOptions policy_options = 1; |
| optional string ChromeOsMultiProfileUserBehavior = 2; |
| } |
| |
| // Allow Multiple Sign-in Within the Browser |
| // |
| // This setting allows users to switch between Google accounts within the |
| // content area of their browser window after they sign into their Google Chrome |
| // OS device. |
| // |
| // If this policy is set to false, signing in to a different account from non- |
| // Incognito browser content area will not be allowed. |
| // |
| // If this policy is unset or set to true, the default behavior will be used: |
| // signing in to a different account from the browser content area will be |
| // allowed, except for child accounts where it will be blocked for non-Incognito |
| // content area. |
| // |
| // In case signing in to a different account shouldn't be allowed via the |
| // Incognito mode, consider blocking that mode using the |
| // IncognitoModeAvailability policy. |
| // |
| // Note that users will be able to access Google services in an unauthenticated |
| // state by blocking their cookies. |
| // |
| // Supported on: chrome_os |
| message SecondaryGoogleAccountSigninAllowedProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool SecondaryGoogleAccountSigninAllowed = 2; |
| } |
| |
| // Enable Instant |
| // |
| // Enables Google Chrome's Instant feature and prevents users from changing this |
| // setting. |
| // |
| // If you enable this setting, Google Chrome Instant is enabled. |
| // |
| // If you disable this setting, Google Chrome Instant is disabled. |
| // |
| // If you enable or disable this setting, users cannot change or override this |
| // setting. |
| // |
| // If this setting is left not set the user can decide to use this function or |
| // not. |
| // |
| // This setting has been removed from Google Chrome 29 and higher versions. |
| // |
| // Supported on: |
| message InstantEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool InstantEnabled = 2; |
| } |
| |
| // Enable App Recommendations in Zero State of Search Box |
| // |
| // Enable App Recommendation in Zero State of search box in launcher. |
| // |
| // If this policy is set to true, App recommendations may appear in the zero |
| // state search. |
| // |
| // If this policy is set to false, App recommendations will not appear in the |
| // zero state search. |
| // |
| // If you set this policy, users cannot change or override it. |
| // |
| // If this policy is left unset, the default is False for managed devices. |
| // |
| // Supported on: chrome_os |
| message AppRecommendationZeroStateEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool AppRecommendationZeroStateEnabled = 2; |
| } |
| |
| // Enable Translate |
| // |
| // Enables the integrated Google Translate service on Google Chrome. |
| // |
| // If you enable this setting, Google Chrome will offer translation |
| // functionality to the user by showing an integrated translate toolbar (when |
| // appropriate) and a translate option on the right-click context menu. |
| // |
| // If you disable this setting, all built-in translate features will be |
| // disabled. |
| // |
| // If you enable or disable this setting, users cannot change or override this |
| // setting in Google Chrome. |
| // |
| // If this setting is left not set the user can decide to use this function or |
| // not. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message TranslateEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool TranslateEnabled = 2; |
| } |
| |
| // Allow running plugins that are outdated |
| // |
| // If you enable this setting, outdated plugins are used as normal plugins. |
| // |
| // If you disable this setting, outdated plugins will not be used and users will |
| // not be asked for permission to run them. |
| // |
| // If this setting is not set, users will be asked for permission to run |
| // outdated plugins. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message AllowOutdatedPluginsProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool AllowOutdatedPlugins = 2; |
| } |
| |
| // Always runs plugins that require authorization (deprecated) |
| // |
| // If you enable this setting, plugins that are not outdated always run. |
| // |
| // If this setting is disabled or not set, users will be asked for permission to |
| // run plugins that require authorization. These are plugins that can compromise |
| // security. |
| // |
| // Supported on: |
| message AlwaysAuthorizePluginsProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool AlwaysAuthorizePlugins = 2; |
| } |
| |
| // Extend Flash content setting to all content |
| // |
| // If you enable this setting, all Flash content embedded on websites that have |
| // been set to allow Flash in content settings -- either by the user or by |
| // enterprise policy -- will be run, including content from other origins or |
| // small content. |
| // |
| // To control which websites are allowed to run Flash, see the |
| // "DefaultPluginsSetting", "PluginsAllowedForUrls", and "PluginsBlockedForUrls" |
| // policies. |
| // |
| // If this setting is disabled or not set, Flash content from other origins or |
| // small content might be blocked. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message RunAllFlashInAllowModeProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool RunAllFlashInAllowMode = 2; |
| } |
| |
| // Enable Bookmark Bar |
| // |
| // If you enable this setting, Google Chrome will show a bookmark bar. |
| // |
| // If you disable this setting, users will never see the bookmark bar. |
| // |
| // If you enable or disable this setting, users cannot change or override it in |
| // Google Chrome. |
| // |
| // If this setting is left not set the user can decide to use this function or |
| // not. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message BookmarkBarEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool BookmarkBarEnabled = 2; |
| } |
| |
| // Enable or disable bookmark editing |
| // |
| // If you enable this setting, bookmarks can be added, removed or modified. This |
| // is the default also when this policy is not set. |
| // |
| // If you disable this setting, bookmarks can not be added, removed or modified. |
| // Existing bookmarks are still available. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message EditBookmarksEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool EditBookmarksEnabled = 2; |
| } |
| |
| // Show the apps shortcut in the bookmark bar |
| // |
| // Enables or disables the apps shortcut in the bookmark bar. |
| // |
| // If this policy is not set then the user can choose to show or hide the apps |
| // shortcut from the bookmark bar context menu. |
| // |
| // If this policy is configured then the user can't change it, and the apps |
| // shortcut is always shown or never shown. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message ShowAppsShortcutInBookmarkBarProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ShowAppsShortcutInBookmarkBar = 2; |
| } |
| |
| // Allow invocation of file selection dialogs |
| // |
| // Allows access to local files on the machine by allowing Google Chrome to |
| // display file selection dialogs. |
| // |
| // If you enable this setting, users can open file selection dialogs as normal. |
| // |
| // If you disable this setting, whenever the user performs an action which would |
| // provoke a file selection dialog (like importing bookmarks, uploading files, |
| // saving links, etc.) a message is displayed instead and the user is assumed to |
| // have clicked Cancel on the file selection dialog. |
| // |
| // If this setting is not set, users can open file selection dialogs as normal. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message AllowFileSelectionDialogsProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool AllowFileSelectionDialogs = 2; |
| } |
| |
| // URLs/domains automatically permitted direct Security Key attestation |
| // |
| // Specifies URLs and domains for which no prompt will be shown when attestation |
| // certificates from Security Keys are requested. Additionally, a signal will be |
| // sent to the Security Key indicating that individual attestation may be used. |
| // Without this, users will be prompted in Chrome 65+ when sites request |
| // attestation of Security Keys. |
| // |
| // URLs (like https://example.com/some/path) will only match as U2F appIDs. |
| // Domains (like example.com) only match as webauthn RP IDs. Thus, to cover both |
| // U2F and webauthn APIs for a given site, both the appID URL and domain would |
| // need to be listed. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message SecurityKeyPermitAttestationProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList SecurityKeyPermitAttestation = 2; |
| } |
| |
| // Set Google Chrome Frame user data directory |
| // |
| // Configures the directory that Google Chrome Frame will use for storing user |
| // data. |
| // |
| // If you set this policy, Google Chrome Frame will use the provided directory. |
| // |
| // See https://www.chromium.org/administrators/policy-list-3/user-data- |
| // directory-variables for a list of variables that can be used. |
| // |
| // If this setting is left not set the default profile directory will be used. |
| // |
| // Supported on: |
| message GCFUserDataDirProto { |
| optional PolicyOptions policy_options = 1; |
| optional string GCFUserDataDir = 2; |
| } |
| |
| // Import bookmarks from default browser on first run |
| // |
| // This policy forces bookmarks to be imported from the current default browser |
| // if enabled. If enabled, this policy also affects the import dialog. |
| // |
| // If disabled, no bookmarks are imported. |
| // |
| // If it is not set, the user may be asked whether to import, or importing may |
| // happen automatically. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message ImportBookmarksProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ImportBookmarks = 2; |
| } |
| |
| // Import browsing history from default browser on first run |
| // |
| // This policy forces the browsing history to be imported from the current |
| // default browser if enabled. If enabled, this policy also affects the import |
| // dialog. |
| // |
| // If disabled, no browsing history is imported. |
| // |
| // If it is not set, the user may be asked whether to import, or importing may |
| // happen automatically. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message ImportHistoryProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ImportHistory = 2; |
| } |
| |
| // Import of homepage from default browser on first run |
| // |
| // This policy forces the home page to be imported from the current default |
| // browser if enabled. |
| // |
| // If disabled, the home page is not imported. |
| // |
| // If it is not set, the user may be asked whether to import, or importing may |
| // happen automatically. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message ImportHomepageProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ImportHomepage = 2; |
| } |
| |
| // Import search engines from default browser on first run |
| // |
| // This policy forces search engines to be imported from the current default |
| // browser if enabled. If enabled, this policy also affects the import dialog. |
| // |
| // If disabled, the default search engine is not imported. |
| // |
| // If it is not set, the user may be asked whether to import, or importing may |
| // happen automatically. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message ImportSearchEngineProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ImportSearchEngine = 2; |
| } |
| |
| // Import saved passwords from default browser on first run |
| // |
| // This policy forces the saved passwords to be imported from the previous |
| // default browser if enabled. If enabled, this policy also affects the import |
| // dialog. |
| // |
| // If disabled, the saved passwords are not imported. |
| // |
| // If it is not set, the user may be asked whether to import, or importing may |
| // happen automatically. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message ImportSavedPasswordsProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ImportSavedPasswords = 2; |
| } |
| |
| // Import autofill form data from default browser on first run |
| // |
| // This policy forces the autofill form data to be imported from the previous |
| // default browser if enabled. If enabled, this policy also affects the import |
| // dialog. |
| // |
| // If disabled, the autofill form data is not imported. |
| // |
| // If it is not set, the user may be asked whether to import, or importing may |
| // happen automatically. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message ImportAutofillFormDataProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ImportAutofillFormData = 2; |
| } |
| |
| // Maximal number of concurrent connections to the proxy server |
| // |
| // Specifies the maximal number of simultaneous connections to the proxy server. |
| // |
| // Some proxy servers can not handle high number of concurrent connections per |
| // client and this can be solved by setting this policy to a lower value. |
| // |
| // The value of this policy should be lower than 100 and higher than 6 and the |
| // default value is 32. |
| // |
| // Some web apps are known to consume many connections with hanging GETs, so |
| // lowering below 32 may lead to browser networking hangs if too many such web |
| // apps are open. Lower below the default at your own risk. |
| // |
| // If this policy is left not set the default value will be used which is 32. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message MaxConnectionsPerProxyProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 MaxConnectionsPerProxy = 2; |
| } |
| |
| // Prevent app promotions from appearing on the new tab page |
| // |
| // When set to True, promotions for Chrome Web Store apps will not appear on the |
| // new tab page. |
| // |
| // Setting this option to False or leaving it not set will make the promotions |
| // for Chrome Web Store apps appear on the new tab page |
| // |
| // Supported on: |
| message HideWebStorePromoProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool HideWebStorePromo = 2; |
| } |
| |
| // Block access to a list of URLs |
| // |
| // This policy prevents the user from loading web pages from blacklisted URLs. |
| // The blacklist provides a list of URL patterns that specify which URLs will be |
| // blacklisted. |
| // |
| // A URL pattern has to be formatted according to |
| // https://www.chromium.org/administrators/url-blacklist-filter-format. |
| // |
| // Exceptions can be defined in the URL whitelist policy. These policies are |
| // limited to 1000 entries; subsequent entries will be ignored. |
| // |
| // Note that it is not recommended to block internal 'chrome://*' URLs since |
| // this may lead to unexpected errors. |
| // |
| // From M73 you can block 'javascript://*' URLs. However, it affects only |
| // JavaScript typed in address bar (or, for example, bookmarklets). Note that |
| // in-page JavaScript URLs, as long as dynamically loaded data, are not subject |
| // to this policy. For example, if you block 'example.com/abc', page |
| // 'example.com' will still be able to load 'example.com/abc' via |
| // XMLHTTPRequest. |
| // |
| // If this policy is not set no URL will be blacklisted in the browser. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, webview_android, win |
| message URLBlacklistProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList URLBlacklist = 2; |
| } |
| |
| // Allow access to a list of URLs |
| // |
| // Allows access to the listed URLs, as exceptions to the URL blacklist. |
| // |
| // See the description of the URL blacklist policy for the format of entries of |
| // this list. |
| // |
| // This policy can be used to open exceptions to restrictive blacklists. For |
| // example, '*' can be blacklisted to block all requests, and this policy can be |
| // used to allow access to a limited list of URLs. It can be used to open |
| // exceptions to certain schemes, subdomains of other domains, ports, or |
| // specific paths. |
| // |
| // The most specific filter will determine if a URL is blocked or allowed. The |
| // whitelist takes precedence over the blacklist. |
| // |
| // This policy is limited to 1000 entries; subsequent entries will be ignored. |
| // |
| // If this policy is not set there will be no exceptions to the blacklist from |
| // the 'URLBlacklist' policy. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, webview_android, win |
| message URLWhitelistProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList URLWhitelist = 2; |
| } |
| |
| // Allow merging list policies from different sources |
| // |
| // Allows the selected policies to be merged when they come from different |
| // sources, with the same scopes and level. |
| // |
| // If a policy is in the list, in case there is conflict between two sources, |
| // given that they have the same scopes and level, the values will be merged |
| // into a new policy list. |
| // |
| // If a policy is in the list, in case there is conflict between two sources but |
| // also between different scopes and/or level, the policy with the highest |
| // priority will be applied. |
| // |
| // If a policy is not in the list, in case there is any conflict between |
| // sources, scopes and/or level, the policy with the highest priority will be |
| // applied. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message PolicyListMultipleSourceMergeListProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList PolicyListMultipleSourceMergeList = 2; |
| } |
| |
| // Allow merging dictionary policies from different sources |
| // |
| // Allows the selected policies to be merged when they come from different |
| // sources, with the same scopes and level. |
| // |
| // The merging consists in merging the first level keys of the dictionary from |
| // each source. In case of conflict between keys, the key coming from the |
| // highest priority source will be applied. |
| // |
| // If a policy is in the list, in case there is conflict between two sources, |
| // given that they have the same scopes and level, the values will be merged |
| // into a new policy dictionary. |
| // |
| // If a policy is in the list, in case there is conflict between two sources but |
| // also between different scopes and/or level, the policy with the highest |
| // priority will be applied. |
| // |
| // If a policy is not in the list, in case there is any conflict between |
| // sources, scopes and/or level, the policy with the highest priority will be |
| // applied. |
| // |
| // Valid values: |
| // ContentPackManualBehaviorURLs: Managed user manual exception URLs |
| // DeviceLoginScreenPowerManagement: Power management on the login screen |
| // ExtensionSettings: Extension management settings |
| // KeyPermissions: Key Permissions |
| // PowerManagementIdleSettings: Power management settings when the user |
| // becomes idle |
| // ScreenBrightnessPercent: Screen brightness percent |
| // ScreenLockDelays: Screen lock delays |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message PolicyDictionaryMultipleSourceMergeListProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList PolicyDictionaryMultipleSourceMergeList = 2; |
| } |
| |
| // User-level network configuration |
| // |
| // Allows pushing network configuration to be applied per-user to a Chromium OS |
| // device. The network configuration is a JSON-formatted string as defined by |
| // the Open Network Configuration format. |
| // |
| // Supported on: chrome_os |
| message OpenNetworkConfigurationProto { |
| optional PolicyOptions policy_options = 1; |
| optional string OpenNetworkConfiguration = 2; |
| } |
| |
| // Enable submission of documents to Google Cloud Print |
| // |
| // Enables Google Chrome to submit documents to Google Cloud Print for printing. |
| // NOTE: This only affects Google Cloud Print support in Google Chrome. It does |
| // not prevent users from submitting print jobs on web sites. |
| // |
| // If this setting is enabled or not configured, users can print to Google Cloud |
| // Print from the Google Chrome print dialog. |
| // |
| // If this setting is disabled, users cannot print to Google Cloud Print from |
| // the Google Chrome print dialog |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message CloudPrintSubmitEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool CloudPrintSubmitEnabled = 2; |
| } |
| |
| // Enterprise web store URL (deprecated) |
| // |
| // This setting has been retired as of Google Chrome version 29. The recommended |
| // way to set up organization-hosted extension/app collections is to include the |
| // site hosting the CRX packages in ExtensionInstallSources and put direct |
| // download links to the packages on a web page. A launcher for that web page |
| // can be created using the ExtensionInstallForcelist policy. |
| // |
| // Supported on: |
| message EnterpriseWebStoreURLProto { |
| optional PolicyOptions policy_options = 1; |
| optional string EnterpriseWebStoreURL = 2; |
| } |
| |
| // Enterprise web store name (deprecated) |
| // |
| // This setting has been retired as of Google Chrome version 29. The recommended |
| // way to set up organization-hosted extension/app collections is to include the |
| // site hosting the CRX packages in ExtensionInstallSources and put direct |
| // download links to the packages on a web page. A launcher for that web page |
| // can be created using the ExtensionInstallForcelist policy. |
| // |
| // Supported on: |
| message EnterpriseWebStoreNameProto { |
| optional PolicyOptions policy_options = 1; |
| optional string EnterpriseWebStoreName = 2; |
| } |
| |
| // Enable TLS domain-bound certificates extension (deprecated) |
| // |
| // This policy has been retired as of Google Chrome version 36. |
| // |
| // Specifies whether the TLS domain-bound certificates extension should be |
| // enabled. |
| // |
| // This setting is used to enable the TLS domain-bound certificates extension |
| // for testing. This experimental setting will be removed in the future. |
| // |
| // Supported on: |
| message EnableOriginBoundCertsProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool EnableOriginBoundCerts = 2; |
| } |
| |
| // Enable reporting memory info (JS heap size) to page (deprecated) |
| // |
| // This policy has been retired as of Google Chrome version 35. |
| // |
| // Memory info is anyway reported to page, regardless of the option value, but |
| // the sizes reported are |
| // quantized and the rate of updates is limited for security reasons. To obtain |
| // real-time precise data, |
| // please use tools like Telemetry. |
| // |
| // Supported on: |
| message EnableMemoryInfoProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool EnableMemoryInfo = 2; |
| } |
| |
| // Disable Print Preview |
| // |
| // Show the system print dialog instead of print preview. |
| // |
| // When this setting is enabled, Google Chrome will open the system print dialog |
| // instead of the built-in print preview when a user requests a page to be |
| // printed. |
| // |
| // If this policy is not set or is set to false, print commands trigger the |
| // print preview screen. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message DisablePrintPreviewProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool DisablePrintPreview = 2; |
| } |
| |
| // Print Headers and Footers |
| // |
| // Force 'headers and footers' to be on or off in the printing dialog. |
| // |
| // If the policy is unset, the user can decide whether to print headers and |
| // footers. |
| // |
| // If the policy is set to false, 'Headers and footers' is not selected in the |
| // print preview dialog, and the user cannot change it. |
| // |
| // If the policy is set to true, 'Headers and footers' is selected in the print |
| // preview dialog, and the user cannot change it. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message PrintHeaderFooterProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool PrintHeaderFooter = 2; |
| } |
| |
| // Default printer selection rules |
| // |
| // Overrides Google Chrome default printer selection rules. |
| // |
| // This policy determines the rules for selecting the default printer in Google |
| // Chrome which happens the first time the print function is used with a |
| // profile. |
| // |
| // When this policy is set, Google Chrome will attempt to find a printer |
| // matching all of the specified attributes, and select it as default printer. |
| // The first printer found matching the policy is selected, in case of non- |
| // unique match any matching printer can be selected, depending on the order |
| // printers are discovered. |
| // |
| // If this policy is not set or matching printer is not found within the |
| // timeout, the printer defaults to built-in PDF printer or no printer selected, |
| // when PDF printer is not available. |
| // |
| // Printers connected to Google Cloud Print are considered "cloud", the rest of |
| // the printers are classified as "local". |
| // Omitting a field means all values match, for example, not specifying |
| // connectivity will cause Print Preview to initiate the discovery of all kinds |
| // of printers, local and cloud. |
| // Regular expression patterns must follow the JavaScript RegExp syntax and |
| // matches are case sensistive. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message DefaultPrinterSelectionProto { |
| optional PolicyOptions policy_options = 1; |
| optional string DefaultPrinterSelection = 2; |
| } |
| |
| // Disable TLS False Start |
| // |
| // Specifies whether the TLS False Start optimization should be disabled. For |
| // historical reasons, this policy is named DisableSSLRecordSplitting. |
| // |
| // If the policy is not set, or is set to false, then TLS False Start will be |
| // enabled. If it is set to true, TLS False Start will be disabled. |
| // |
| // Supported on: |
| message DisableSSLRecordSplittingProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool DisableSSLRecordSplitting = 2; |
| } |
| |
| // Enable online OCSP/CRL checks |
| // |
| // In light of the fact that soft-fail, online revocation checks provide no |
| // effective security benefit, they are disabled by default in Google Chrome |
| // version 19 and later. By setting this policy to true, the previous behavior |
| // is restored and online OCSP/CRL checks will be performed. |
| // |
| // If the policy is not set, or is set to false, then Google Chrome will not |
| // perform online revocation checks in Google Chrome 19 and later. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message EnableOnlineRevocationChecksProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool EnableOnlineRevocationChecks = 2; |
| } |
| |
| // Require online OCSP/CRL checks for local trust anchors |
| // |
| // When this setting is enabled, Google Chrome will always perform revocation |
| // checking for server certificates that successfully validate and are signed by |
| // locally-installed CA certificates. |
| // |
| // If Google Chrome is unable to obtain revocation status information, such |
| // certificates will be treated as revoked ('hard-fail'). |
| // |
| // If this policy is not set, or it is set to false, then Google Chrome will use |
| // the existing online revocation checking settings. |
| // |
| // Supported on: chrome_os, linux, win |
| message RequireOnlineRevocationChecksForLocalAnchorsProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool RequireOnlineRevocationChecksForLocalAnchors = 2; |
| } |
| |
| // Allow SHA-1 signed certificates issued by local trust anchors |
| // |
| // When this setting is enabled, Google Chrome allows SHA-1 signed certificates |
| // as long as they successfully validate and chain to a locally-installed CA |
| // certificates. |
| // |
| // Note that this policy depends on the operating system certificate |
| // verification stack allowing SHA-1 signatures. If an OS update changes the OS |
| // handling of SHA-1 certificates, this policy may no longer have effect. |
| // Further, this policy is intended as a temporary workaround to give |
| // enterprises more time to move away from SHA-1. This policy will be removed |
| // on or around January 1st 2019. |
| // |
| // If this policy is not set, or it is set to false, then Google Chrome follows |
| // the publicly announced SHA-1 deprecation schedule. |
| // |
| // Supported on: |
| message EnableSha1ForLocalAnchorsProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool EnableSha1ForLocalAnchors = 2; |
| } |
| |
| // Allow certificates issued by local trust anchors without |
| // subjectAlternativeName extension |
| // |
| // When this setting is enabled, Google Chrome will use the commonName of a |
| // server certificate to match a hostname if the certificate is missing a |
| // subjectAlternativeName extension, as long as it successfully validates and |
| // chains to a locally-installed CA certificates. |
| // |
| // Note that this is not recommended, as this may allow bypassing the |
| // nameConstraints extension that restricts the hostnames that a given |
| // certificate can be authorized for. |
| // |
| // If this policy is not set, or is set to false, server certificates that lack |
| // a subjectAlternativeName extension containing either a DNS name or IP address |
| // will not be trusted. |
| // |
| // Supported on: |
| message EnableCommonNameFallbackForLocalAnchorsProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool EnableCommonNameFallbackForLocalAnchors = 2; |
| } |
| |
| // Enable trust in Symantec Corporation's Legacy PKI Infrastructure |
| // |
| // When this setting is enabled, Google Chrome allows certificates issued by |
| // Symantec Corporation's Legacy PKI operations to be trusted if they otherwise |
| // successfully validate and chain to a recognized CA certificate. |
| // |
| // Note that this policy depends on the operating system still recognizing |
| // certificates from Symantec's legacy infrastructure. If an OS update changes |
| // the OS handling of such certificates, this policy no longer has effect. |
| // Further, this policy is intended as a temporary workaround to give |
| // enterprises more time to transition away from legacy Symantec certificates. |
| // This policy will be removed on or around January 1st 2019. |
| // |
| // If this policy is not set, or it is set to false, then Google Chrome follows |
| // the publicly announced deprecation schedule. |
| // |
| // See https://g.co/chrome/symantecpkicerts for more details on this |
| // deprecation. |
| // |
| // Supported on: |
| message EnableSymantecLegacyInfrastructureProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool EnableSymantecLegacyInfrastructure = 2; |
| } |
| |
| // Determines whether the built-in certificate verifier will be used to verify |
| // server certificates |
| // |
| // When this setting is enabled, Google Chrome OS will perform verification of |
| // server certificates using the built-in certificate verifier. |
| // When this setting is disabled, Google Chrome OS will perform verification of |
| // server certificates using the legacy certificate verifier provided by the |
| // platform. |
| // When this setting is not set, Google Chrome OS the built-in or the legacy |
| // certificate verifier may be used. |
| // |
| // This policy is planned to be removed in Google Chrome OS version 81, when |
| // support for the legacy certificate verifier on Google Chrome OS is planned to |
| // be removed. |
| // |
| // Supported on: chrome_os |
| message BuiltinCertificateVerifierEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool BuiltinCertificateVerifierEnabled = 2; |
| } |
| |
| // Ephemeral profile |
| // |
| // If set to enabled this policy forces the profile to be switched to ephemeral |
| // mode. If this policy is specified as an OS policy (e.g. GPO on Windows) it |
| // will apply to every profile on the system; if the policy is set as a Cloud |
| // policy it will apply only to a profile signed in with a managed account. |
| // |
| // In this mode the profile data is persisted on disk only for the length of the |
| // user session. Features like browser history, extensions and their data, web |
| // data like cookies and web databases are not preserved after the browser is |
| // closed. However this does not prevent the user from downloading any data to |
| // disk manually, save pages or print them. |
| // |
| // If the user has enabled sync all this data is preserved in their sync profile |
| // just like with regular profiles. Incognito mode is also available if not |
| // explicitly disabled by policy. |
| // |
| // If the policy is set to disabled or left not set signing in leads to regular |
| // profiles. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message ForceEphemeralProfilesProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ForceEphemeralProfiles = 2; |
| } |
| |
| // Limit the time for which a user authenticated via SAML can log in offline |
| // |
| // During login, Google Chrome OS can authenticate against a server (online) or |
| // using a cached password (offline). |
| // |
| // When this policy is set to a value of -1, the user can authenticate offline |
| // indefinitely. When this policy is set to any other value, it specifies the |
| // length of time since the last online authentication after which the user must |
| // use online authentication again. |
| // |
| // Leaving this policy not set will make Google Chrome OS use a default time |
| // limit of 14 days after which the user must use online authentication again. |
| // |
| // This policy affects only users who authenticated using SAML. |
| // |
| // The policy value should be specified in seconds. |
| // |
| // Supported on: chrome_os |
| message SAMLOfflineSigninTimeLimitProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 SAMLOfflineSigninTimeLimit = 2; |
| } |
| |
| // Report information about status of Android |
| // |
| // Information about the status of Android is sent back to the |
| // server. |
| // |
| // If the policy is set to false or left unset, no status information is |
| // reported. |
| // If set to true, status information is reported. |
| // |
| // This policy only applies if Android apps are enabled. |
| // |
| // Supported on: chrome_os |
| message ReportArcStatusEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ReportArcStatusEnabled = 2; |
| } |
| |
| // Report information about usage of Linux apps |
| // |
| // Information about the usage of Linux apps is sent back to the |
| // server. |
| // |
| // If the policy is set to false or left unset, no usage information is |
| // reported. If set to true, usage information is reported. |
| // |
| // This policy only applies if Linux app support is enabled. |
| // |
| // Supported on: chrome_os |
| message ReportCrostiniUsageEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ReportCrostiniUsageEnabled = 2; |
| } |
| |
| // Allow managed session on device |
| // |
| // If this policy is set to false, managed guest session will behave as |
| // documented in https://support.google.com/chrome/a/answer/3017014 - the |
| // standard "Public Session". |
| // |
| // If this policy is set to true or left unset, managed guest session will take |
| // on "Managed Session" behaviour which lifts many of the restrictions that are |
| // in place for regular "Public Sessions". |
| // |
| // If this policy is set, the user cannot change or override it. |
| // |
| // Supported on: chrome_os |
| message DeviceLocalAccountManagedSessionEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool DeviceLocalAccountManagedSessionEnabled = 2; |
| } |
| |
| // Continue running background apps when Google Chrome is closed |
| // |
| // Determines whether a Google Chrome process is started on OS login and keeps |
| // running when the last browser window is closed, allowing background apps and |
| // the current browsing session to remain active, including any session cookies. |
| // The background process displays an icon in the system tray and can always be |
| // closed from there. |
| // |
| // If this policy is set to True, background mode is enabled and cannot be |
| // controlled by the user in the browser settings. |
| // |
| // If this policy is set to False, background mode is disabled and cannot be |
| // controlled by the user in the browser settings. |
| // |
| // If this policy is left unset, background mode is initially disabled and can |
| // be controlled by the user in the browser settings. |
| // |
| // Supported on: linux, win |
| message BackgroundModeEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool BackgroundModeEnabled = 2; |
| } |
| |
| // Disable Drive in the Google Chrome OS Files app |
| // |
| // Disables Google Drive syncing in the Google Chrome OS Files app when set to |
| // True. In that case, no data is uploaded to Google Drive. |
| // |
| // If not set or set to False, then users will be able to transfer files to |
| // Google Drive. |
| // |
| // Supported on: chrome_os |
| message DriveDisabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool DriveDisabled = 2; |
| } |
| |
| // Disable Google Drive over cellular connections in the Google Chrome OS Files |
| // app |
| // |
| // Disables Google Drive syncing in the Google Chrome OS Files app when using a |
| // cellular connection when set to True. In that case, data is only synced to |
| // Google Drive when connected via WiFi or Ethernet. |
| // |
| // If not set or set to False, then users will be able to transfer files to |
| // Google Drive via cellular connections. |
| // |
| // Supported on: chrome_os |
| message DriveDisabledOverCellularProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool DriveDisabledOverCellular = 2; |
| } |
| |
| // List of pinned apps to show in the launcher |
| // |
| // Lists the application identifiers Google Chrome OS shows as pinned apps in |
| // the launcher bar. |
| // |
| // Chrome Apps are specified by their Id, e.g. |
| // "pjkljhegncpnkpknbcohdijeoejaedia", Android Apps by their package name, e.g. |
| // "com.google.android.gm", and Web Apps are specified by the URL used in |
| // WebAppInstallForceList e.g. "https://google.com/maps". |
| // |
| // If this policy is configured, the set of applications is fixed and can't be |
| // changed by the user. |
| // |
| // If this policy is left unset, the user may change the list of pinned apps in |
| // the launcher. |
| // |
| // Supported on: chrome_os |
| message PinnedLauncherAppsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList PinnedLauncherApps = 2; |
| } |
| |
| // Restrict which Google accounts are allowed to be set as browser primary |
| // accounts in Google Chrome |
| // |
| // Contains a regular expression which is used to determine which Google |
| // accounts can be set as browser primary accounts in Google Chrome (i.e. the |
| // account that is chosen during the Sync opt-in flow). |
| // |
| // An appropriate error is displayed if a user tries to set a browser primary |
| // account with a username that does not match this pattern. |
| // |
| // If this policy is left not set or blank, then the user can set any Google |
| // account as a browser primary account in Google Chrome. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message RestrictSigninToPatternProto { |
| optional PolicyOptions policy_options = 1; |
| optional string RestrictSigninToPattern = 2; |
| } |
| |
| // Disable proceeding from the Safe Browsing warning page |
| // |
| // The Safe Browsing service shows a warning page when users navigate to sites |
| // that are flagged as potentially malicious. Enabling this setting prevents |
| // users from proceeding anyway from the warning page to the malicious site. |
| // |
| // This policy only prevents users from proceeding on Safe Browsing warnings |
| // (e.g. malware and phishing) not for SSL certificate related issues like |
| // invalid or expired certificates. |
| // |
| // If this setting is disabled or not configured then users can choose to |
| // proceed to the flagged site after being shown the warning. |
| // |
| // See https://developers.google.com/safe-browsing for more info on Safe |
| // Browsing. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message DisableSafeBrowsingProceedAnywayProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool DisableSafeBrowsingProceedAnyway = 2; |
| } |
| |
| // Allow users to opt in to Safe Browsing extended reporting |
| // |
| // This setting is deprecated, use SafeBrowsingExtendedReportingEnabled instead. |
| // Enabling or disabling SafeBrowsingExtendedReportingEnabled is equivalent to |
| // setting SafeBrowsingExtendedReportingOptInAllowed to False. |
| // |
| // Setting this policy to false stops users from choosing to send some system |
| // information and page content to Google servers. If this setting is true or |
| // not configured, then users will be allowed to send some system information |
| // and page content to Safe Browsing to help detect dangerous apps and sites. |
| // |
| // See https://developers.google.com/safe-browsing for more info on Safe |
| // Browsing. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message SafeBrowsingExtendedReportingOptInAllowedProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool SafeBrowsingExtendedReportingOptInAllowed = 2; |
| } |
| |
| // Enable or disable spell checking web service |
| // |
| // Google Chrome can use a Google web service to help resolve spelling errors. |
| // If this setting is enabled, then this service is always used. If this setting |
| // is disabled, then this service is never used. |
| // |
| // Spell checking can still be performed using a downloaded dictionary; this |
| // policy only controls the usage of the online service. |
| // |
| // If this setting is not configured then users can choose whether the spell |
| // checking service should be used or not. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message SpellCheckServiceEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool SpellCheckServiceEnabled = 2; |
| } |
| |
| // Disable mounting of external storage |
| // |
| // When this policy is set to true, external storage will not be available in |
| // the file browser. |
| // |
| // This policy affects all types of storage media. For example: USB flash |
| // drives, external hard drives, SD and other memory cards, optical storage etc. |
| // Internal storage is not affected, therefore files saved in the Download |
| // folder can still be accessed. Google Drive is also not affected by this |
| // policy. |
| // |
| // If this setting is disabled or not configured then users can use all |
| // supported types of external storage on their device. |
| // |
| // Supported on: chrome_os |
| message ExternalStorageDisabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ExternalStorageDisabled = 2; |
| } |
| |
| // Treat external storage devices as read-only |
| // |
| // When this policy is set to true, users cannot write anything to external |
| // storage devices. |
| // |
| // If this setting is set to false or not configured, then users can create and |
| // modify files of external storage devices which are physically writable. |
| // |
| // The ExternalStorageDisabled policy takes precedence over this policy - if |
| // ExternalStorageDisabled is set to true, then all access to external storage |
| // is disabled and this policy is consequently ignored. |
| // |
| // Dynamic refresh of this policy is supported in M56 and later. |
| // |
| // Supported on: chrome_os |
| message ExternalStorageReadOnlyProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ExternalStorageReadOnly = 2; |
| } |
| |
| // Allow playing audio |
| // |
| // When this policy is set to false, audio output will not be available on the |
| // device while the user is logged in. |
| // |
| // This policy affects all types of audio output and not only the built-in |
| // speakers. Audio accessibility features are also inhibited by this policy. Do |
| // not enable this policy if a screen reader is required for the user. |
| // |
| // If this setting is set to true or not configured then users can use all |
| // supported audio outputs on their device. |
| // |
| // Supported on: chrome_os |
| message AudioOutputAllowedProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool AudioOutputAllowed = 2; |
| } |
| |
| // Allow or deny audio capture |
| // |
| // If enabled or not configured (default), the user will be prompted for |
| // audio capture access except for URLs configured in the |
| // AudioCaptureAllowedUrls list which will be granted access without prompting. |
| // |
| // When this policy is disabled, the user will never be prompted and audio |
| // capture only be available to URLs configured in AudioCaptureAllowedUrls. |
| // |
| // This policy affects all types of audio inputs and not only the built-in |
| // microphone. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message AudioCaptureAllowedProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool AudioCaptureAllowed = 2; |
| } |
| |
| // URLs that will be granted access to audio capture devices without prompt |
| // |
| // Patterns in this list will be matched against the security |
| // origin of the requesting URL. If a match is found, access to audio |
| // capture devices will be granted without prompt. |
| // |
| // NOTE: Until version 45, this policy was only supported in Kiosk mode. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message AudioCaptureAllowedUrlsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList AudioCaptureAllowedUrls = 2; |
| } |
| |
| // Allow or deny video capture |
| // |
| // If enabled or not configured (default), the user will be prompted for |
| // video capture access except for URLs configured in the |
| // VideoCaptureAllowedUrls list which will be granted access without prompting. |
| // |
| // When this policy is disabled, the user will never be prompted and video |
| // capture only be available to URLs configured in VideoCaptureAllowedUrls. |
| // |
| // This policy affects all types of video inputs and not only the built-in |
| // camera. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message VideoCaptureAllowedProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool VideoCaptureAllowed = 2; |
| } |
| |
| // URLs that will be granted access to video capture devices without prompt |
| // |
| // Patterns in this list will be matched against the security |
| // origin of the requesting URL. If a match is found, access to video |
| // capture devices will be granted without prompt. |
| // |
| // NOTE: Until version 45, this policy was only supported in Kiosk mode. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message VideoCaptureAllowedUrlsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList VideoCaptureAllowedUrls = 2; |
| } |
| |
| // Disable taking screenshots |
| // |
| // If enabled, screenshots cannot be taken using keyboard shortcuts or extension |
| // APIs. |
| // |
| // If disabled or not specified, taking screenshots is allowed. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message DisableScreenshotsProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool DisableScreenshots = 2; |
| } |
| |
| // Enable virtual keyboard |
| // |
| // This policy configures enabling the virtual keyboard as an input device on |
| // ChromeOS. Users cannot override this policy. |
| // |
| // If the policy is set to true, the on-screen virtual keyboard will always be |
| // enabled. |
| // |
| // If set to false, the on-screen virtual keyboard will always be disabled. |
| // |
| // If you set this policy, users cannot change or override it. However, users |
| // will still be able to enable/disable an accessibility on-screen keyboard |
| // which takes precedence over the virtual keyboard controlled by this policy. |
| // See the |VirtualKeyboardEnabled| policy for controlling the accessibility on- |
| // screen keyboard. |
| // |
| // If this policy is left unset, the on-screen keyboard is disabled initially |
| // but can be enabled by the user anytime. Heuristic rules may also be used to |
| // decide when to display the keyboard. |
| // |
| // Supported on: chrome_os |
| message TouchVirtualKeyboardEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool TouchVirtualKeyboardEnabled = 2; |
| } |
| |
| // Add a logout button to the system tray |
| // |
| // If enabled, a big, red logout button is shown in the system tray while a |
| // session is active and the screen is not locked. |
| // |
| // If disabled or not specified, no big, red logout button is shown in the |
| // system tray. |
| // |
| // Supported on: chrome_os |
| message ShowLogoutButtonInTrayProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ShowLogoutButtonInTray = 2; |
| } |
| |
| // Use built-in DNS client |
| // |
| // Controls whether the built-in DNS client is used in Google Chrome. |
| // |
| // If this policy is set to true, the built-in DNS client will be used, if |
| // available. |
| // |
| // If this policy is set to false, the built-in DNS client will never be used. |
| // |
| // If this policy is left not set, the built-in DNS client will be enabled by |
| // default on MacOS, Android (when neither Private DNS nor VPN are enabled) and |
| // ChromeOS, and the users will be able to change whether the built-in DNS |
| // client is used by editing chrome://flags or specifying a command-line flag. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message BuiltInDnsClientEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool BuiltInDnsClientEnabled = 2; |
| } |
| |
| // Control shelf auto-hiding |
| // |
| // Control auto-hiding of the Google Chrome OS shelf. |
| // |
| // If this policy is set to 'AlwaysAutoHideShelf', the shelf will always auto- |
| // hide. |
| // |
| // If this policy is set to 'NeverAutoHideShelf', the shelf never auto-hide. |
| // |
| // If you set this policy, users cannot change or override it. |
| // |
| // If the policy is left not set, users can choose whether the shelf should |
| // auto-hide. |
| // |
| // Valid values: |
| // Always: Always auto-hide the shelf |
| // Never: Never auto-hide the shelf |
| // |
| // Supported on: chrome_os |
| message ShelfAutoHideBehaviorProto { |
| optional PolicyOptions policy_options = 1; |
| optional string ShelfAutoHideBehavior = 2; |
| } |
| |
| // Set the display name for device-local accounts |
| // |
| // Controls the account name Google Chrome OS shows on the login screen for the |
| // corresponding device-local account. |
| // |
| // If this policy is set, the login screen will use the specified string in the |
| // picture-based login chooser for the corresponding device-local account. |
| // |
| // If the policy is left not set, Google Chrome OS will use the device-local |
| // account's email account ID as the display name on the login screen. |
| // |
| // This policy is ignored for regular user accounts. |
| // |
| // Supported on: chrome_os |
| message UserDisplayNameProto { |
| optional PolicyOptions policy_options = 1; |
| optional string UserDisplayName = 2; |
| } |
| |
| // Limit the length of a user session |
| // |
| // When this policy is set, it specifies the length of time after which a user |
| // is automatically logged out, terminating the session. The user is informed |
| // about the remaining time by a countdown timer shown in the system tray. |
| // |
| // When this policy is not set, the session length is not limited. |
| // |
| // If you set this policy, users cannot change or override it. |
| // |
| // The policy value should be specified in milliseconds. Values are clamped to a |
| // range of 30 seconds to 24 hours. |
| // |
| // Supported on: chrome_os |
| message SessionLengthLimitProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 SessionLengthLimit = 2; |
| } |
| |
| // Allow fullscreen mode |
| // |
| // This policy controls the availability of fullscreen mode in which all Google |
| // Chrome UI is hidden and only web content is visible. |
| // |
| // If this policy is set to true or not not configured, the user, apps and |
| // extensions with appropriate permissions can enter fullscreen mode. |
| // |
| // If this policy is set to false, neither the user nor any apps or extensions |
| // can enter fullscreen mode. |
| // |
| // On all platforms except Google Chrome OS, kiosk mode is unavailable when |
| // fullscreen mode is disabled. |
| // |
| // Supported on: chrome_os, linux, win |
| message FullscreenAllowedProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool FullscreenAllowed = 2; |
| } |
| |
| // Screen dim delay when running on AC power |
| // |
| // Specifies the length of time without user input after which the screen is |
| // dimmed when running on AC power. |
| // |
| // When this policy is set to a value greater than zero, it specifies the length |
| // of time that the user must remain idle before Google Chrome OS dims the |
| // screen. |
| // |
| // When this policy is set to zero, Google Chrome OS does not dim the screen |
| // when the user becomes idle. |
| // |
| // When this policy is unset, a default length of time is used. |
| // |
| // The policy value should be specified in milliseconds. Values are clamped to |
| // be less than or equal the screen off delay (if set) and the idle delay. |
| // |
| // Supported on: chrome_os |
| message ScreenDimDelayACProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 ScreenDimDelayAC = 2; |
| } |
| |
| // Screen off delay when running on AC power |
| // |
| // Specifies the length of time without user input after which the screen is |
| // turned off when running on AC power. |
| // |
| // When this policy is set to a value greater than zero, it specifies the length |
| // of time that the user must remain idle before Google Chrome OS turns off the |
| // screen. |
| // |
| // When this policy is set to zero, Google Chrome OS does not turn off the |
| // screen when the user becomes idle. |
| // |
| // When this policy is unset, a default length of time is used. |
| // |
| // The policy value should be specified in milliseconds. Values are clamped to |
| // be less than or equal the idle delay. |
| // |
| // Supported on: chrome_os |
| message ScreenOffDelayACProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 ScreenOffDelayAC = 2; |
| } |
| |
| // Screen lock delay when running on AC power |
| // |
| // Specifies the length of time without user input after which the screen is |
| // locked when running on AC power. |
| // |
| // When this policy is set to a value greater than zero, it specifies the length |
| // of time that the user must remain idle before Google Chrome OS locks the |
| // screen. |
| // |
| // When this policy is set to zero, Google Chrome OS does not lock the screen |
| // when the user becomes idle. |
| // |
| // When this policy is unset, a default length of time is used. |
| // |
| // The recommended way to lock the screen on idle is to enable screen locking on |
| // suspend and have Google Chrome OS suspend after the idle delay. This policy |
| // should only be used when screen locking should occur a significant amount of |
| // time sooner than suspend or when suspend on idle is not desired at all. |
| // |
| // The policy value should be specified in milliseconds. Values are clamped to |
| // be less than the idle delay. |
| // |
| // Supported on: chrome_os |
| message ScreenLockDelayACProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 ScreenLockDelayAC = 2; |
| } |
| |
| // Idle warning delay when running on AC power |
| // |
| // Specifies the length of time without user input after which a warning dialog |
| // is shown when running on AC power. |
| // |
| // When this policy is set, it specifies the length of time that the user must |
| // remain idle before Google Chrome OS shows a warning dialog telling the user |
| // that the idle action is about to be taken. |
| // |
| // When this policy is unset, no warning dialog is shown. |
| // |
| // The policy value should be specified in milliseconds. Values are clamped to |
| // be less than or equal the idle delay. |
| // |
| // The warning message is only shown if the idle action is to logout or shut |
| // down. |
| // |
| // Supported on: chrome_os |
| message IdleWarningDelayACProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 IdleWarningDelayAC = 2; |
| } |
| |
| // Idle delay when running on AC power |
| // |
| // Specifies the length of time without user input after which the idle action |
| // is taken when running on AC power. |
| // |
| // When this policy is set, it specifies the length of time that the user must |
| // remain idle before Google Chrome OS takes the idle action, which can be |
| // configured separately. |
| // |
| // When this policy is unset, a default length of time is used. |
| // |
| // The policy value should be specified in milliseconds. |
| // |
| // Supported on: chrome_os |
| message IdleDelayACProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 IdleDelayAC = 2; |
| } |
| |
| // Screen dim delay when running on battery power |
| // |
| // Specifies the length of time without user input after which the screen is |
| // dimmed when running on battery power. |
| // |
| // When this policy is set to a value greater than zero, it specifies the length |
| // of time that the user must remain idle before Google Chrome OS dims the |
| // screen. |
| // |
| // When this policy is set to zero, Google Chrome OS does not dim the screen |
| // when the user becomes idle. |
| // |
| // When this policy is unset, a default length of time is used. |
| // |
| // The policy value should be specified in milliseconds. Values are clamped to |
| // be less than or equal the screen off delay (if set) and the idle delay. |
| // |
| // Supported on: chrome_os |
| message ScreenDimDelayBatteryProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 ScreenDimDelayBattery = 2; |
| } |
| |
| // Screen off delay when running on battery power |
| // |
| // Specifies the length of time without user input after which the screen is |
| // turned off when running on battery power. |
| // |
| // When this policy is set to a value greater than zero, it specifies the length |
| // of time that the user must remain idle before Google Chrome OS turns off the |
| // screen. |
| // |
| // When this policy is set to zero, Google Chrome OS does not turn off the |
| // screen when the user becomes idle. |
| // |
| // When this policy is unset, a default length of time is used. |
| // |
| // The policy value should be specified in milliseconds. Values are clamped to |
| // be less than or equal the idle delay. |
| // |
| // Supported on: chrome_os |
| message ScreenOffDelayBatteryProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 ScreenOffDelayBattery = 2; |
| } |
| |
| // Screen lock delay when running on battery power |
| // |
| // Specifies the length of time without user input after which the screen is |
| // locked when running on battery power. |
| // |
| // When this policy is set to a value greater than zero, it specifies the length |
| // of time that the user must remain idle before Google Chrome OS locks the |
| // screen. |
| // |
| // When this policy is set to zero, Google Chrome OS does not lock the screen |
| // when the user becomes idle. |
| // |
| // When this policy is unset, a default length of time is used. |
| // |
| // The recommended way to lock the screen on idle is to enable screen locking on |
| // suspend and have Google Chrome OS suspend after the idle delay. This policy |
| // should only be used when screen locking should occur a significant amount of |
| // time sooner than suspend or when suspend on idle is not desired at all. |
| // |
| // The policy value should be specified in milliseconds. Values are clamped to |
| // be less than the idle delay. |
| // |
| // Supported on: chrome_os |
| message ScreenLockDelayBatteryProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 ScreenLockDelayBattery = 2; |
| } |
| |
| // Idle warning delay when running on battery power |
| // |
| // Specifies the length of time without user input after which a warning dialog |
| // is shown when running on battery power. |
| // |
| // When this policy is set, it specifies the length of time that the user must |
| // remain idle before Google Chrome OS shows a warning dialog telling the user |
| // that the idle action is about to be taken. |
| // |
| // When this policy is unset, no warning dialog is shown. |
| // |
| // The policy value should be specified in milliseconds. Values are clamped to |
| // be less than or equal the idle delay. |
| // |
| // The warning message is only shown if the idle action is to logout or shut |
| // down. |
| // |
| // Supported on: chrome_os |
| message IdleWarningDelayBatteryProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 IdleWarningDelayBattery = 2; |
| } |
| |
| // Idle delay when running on battery power |
| // |
| // Specifies the length of time without user input after which the idle action |
| // is taken when running on battery power. |
| // |
| // When this policy is set, it specifies the length of time that the user must |
| // remain idle before Google Chrome OS takes the idle action, which can be |
| // configured separately. |
| // |
| // When this policy is unset, a default length of time is used. |
| // |
| // The policy value should be specified in milliseconds. |
| // |
| // Supported on: chrome_os |
| message IdleDelayBatteryProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 IdleDelayBattery = 2; |
| } |
| |
| // Action to take when the idle delay is reached |
| // |
| // Note that this policy is deprecated and will be removed in the future. |
| // |
| // This policy provides a fallback value for the more-specific IdleActionAC and |
| // IdleActionBattery policies. If this policy is set, its value gets used if the |
| // respective more-specific policy is not set. |
| // |
| // When this policy is unset, behavior of the more-specific policies remains |
| // unaffected. |
| // |
| // Valid values: |
| // 0: Suspend |
| // 1: Log the user out |
| // 2: Shut down |
| // 3: Do nothing |
| // |
| // Supported on: chrome_os |
| message IdleActionProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 IdleAction = 2; |
| } |
| |
| // Action to take when the idle delay is reached while running on AC power |
| // |
| // When this policy is set, it specifies the action that Google Chrome OS takes |
| // when the user remains idle for the length of time given by the idle delay, |
| // which can be configured separately. |
| // |
| // When this policy is unset, the default action is taken, which is suspend. |
| // |
| // If the action is suspend, Google Chrome OS can separately be configured to |
| // either lock or not lock the screen before suspending. |
| // |
| // Valid values: |
| // 0: Suspend |
| // 1: Log the user out |
| // 2: Shut down |
| // 3: Do nothing |
| // |
| // Supported on: chrome_os |
| message IdleActionACProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 IdleActionAC = 2; |
| } |
| |
| // Action to take when the idle delay is reached while running on battery power |
| // |
| // When this policy is set, it specifies the action that Google Chrome OS takes |
| // when the user remains idle for the length of time given by the idle delay, |
| // which can be configured separately. |
| // |
| // When this policy is unset, the default action is taken, which is suspend. |
| // |
| // If the action is suspend, Google Chrome OS can separately be configured to |
| // either lock or not lock the screen before suspending. |
| // |
| // Valid values: |
| // 0: Suspend |
| // 1: Log the user out |
| // 2: Shut down |
| // 3: Do nothing |
| // |
| // Supported on: chrome_os |
| message IdleActionBatteryProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 IdleActionBattery = 2; |
| } |
| |
| // Action to take when the user closes the lid |
| // |
| // When this policy is set, it specifies the action that Google Chrome OS takes |
| // when the user closes the device's lid. |
| // |
| // When this policy is unset, the default action is taken, which is suspend. |
| // |
| // If the action is suspend, Google Chrome OS can separately be configured to |
| // either lock or not lock the screen before suspending. |
| // |
| // Valid values: |
| // 0: Suspend |
| // 1: Log the user out |
| // 2: Shut down |
| // 3: Do nothing |
| // |
| // Supported on: chrome_os |
| message LidCloseActionProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 LidCloseAction = 2; |
| } |
| |
| // Specify whether audio activity affects power management |
| // |
| // If this policy is set to True or is unset, the user is not considered to be |
| // idle while audio is playing. This prevents the idle timeout from being |
| // reached and the idle action from being taken. However, screen dimming, screen |
| // off and screen lock will be performed after the configured timeouts, |
| // irrespective of audio activity. |
| // |
| // If this policy is set to False, audio activity does not prevent the user from |
| // being considered idle. |
| // |
| // Supported on: chrome_os |
| message PowerManagementUsesAudioActivityProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool PowerManagementUsesAudioActivity = 2; |
| } |
| |
| // Specify whether video activity affects power management |
| // |
| // If this policy is set to True or is unset, the user is not considered to be |
| // idle while video is playing. This prevents the idle delay, screen dim delay, |
| // screen off delay and screen lock delay from being reached and the |
| // corresponding actions from being taken. |
| // |
| // If this policy is set to False, video activity does not prevent the user from |
| // being considered idle. |
| // |
| // Supported on: chrome_os |
| message PowerManagementUsesVideoActivityProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool PowerManagementUsesVideoActivity = 2; |
| } |
| |
| // Percentage by which to scale the idle delay in presentation mode (deprecated) |
| // |
| // This policy has been retired as of Google Chrome OS version 29. Please use |
| // the PresentationScreenDimDelayScale policy instead. |
| // |
| // Supported on: |
| message PresentationIdleDelayScaleProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 PresentationIdleDelayScale = 2; |
| } |
| |
| // Percentage by which to scale the screen dim delay in presentation mode |
| // |
| // Specifies the percentage by which the screen dim delay is scaled when the |
| // device is in presentation mode. |
| // |
| // If this policy is set, it specifies the percentage by which the screen dim |
| // delay is scaled when the device is in presentation mode. When the screen dim |
| // delay is scaled, the screen off, screen lock and idle delays get adjusted to |
| // maintain the same distances from the screen dim delay as originally |
| // configured. |
| // |
| // If this policy is unset, a default scale factor is used. |
| // |
| // This policy only takes effect if the PowerSmartDimEnabled is disabled. |
| // Otherwise, this policy is ignored because the screen dim delay is deteremined |
| // by a machine-learning model. |
| // |
| // The scale factor must be 100% or more. Values that would make the screen dim |
| // delay in presentation mode shorter than the regular screen dim delay are not |
| // allowed. |
| // |
| // Supported on: chrome_os |
| message PresentationScreenDimDelayScaleProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 PresentationScreenDimDelayScale = 2; |
| } |
| |
| // Allow wake locks |
| // |
| // Specifies whether wake locks are allowed. Wake locks can be requested by |
| // extensions via the power management extension API and by ARC apps. |
| // |
| // If this policy is set to true or left not set, wake locks will be honored for |
| // power management. |
| // |
| // If this policy is set to false, wake lock requests will get ignored. |
| // |
| // Supported on: chrome_os |
| message AllowWakeLocksProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool AllowWakeLocks = 2; |
| } |
| |
| // Allow screen wake locks |
| // |
| // Specifies whether screen wake locks are allowed. Screen wake locks can be |
| // requested by extensions via the power management extension API and by ARC |
| // apps. |
| // |
| // If this policy is set to true or left not set, screen wake locks will be |
| // honored for power management, unless AllowWakeLocks is set to false. |
| // |
| // If this policy is set to false, screen wake lock requests will be demoted to |
| // system wake lock requests. |
| // |
| // Supported on: chrome_os |
| message AllowScreenWakeLocksProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool AllowScreenWakeLocks = 2; |
| } |
| |
| // Percentage by which to scale the screen dim delay if the user becomes active |
| // after dimming |
| // |
| // Specifies the percentage by which the screen dim delay is scaled when user |
| // activity is observed while the screen is dimmed or soon after the screen has |
| // been turned off. |
| // |
| // If this policy is set, it specifies the percentage by which the screen dim |
| // delay is scaled when user activity is observed while the screen is dimmed or |
| // soon after the screen has been turned off. When the dim delay is scaled, the |
| // screen off, screen lock and idle delays get adjusted to maintain the same |
| // distances from the screen dim delay as originally configured. |
| // |
| // If this policy is unset, a default scale factor is used. |
| // |
| // This policy only takes effect if the PowerSmartDimEnabled policy is disabled. |
| // Otherwise, this policy is ignored because the screen dim delay is deteremined |
| // by a machine-learning model. |
| // |
| // The scale factor must be 100% or more. |
| // |
| // Supported on: chrome_os |
| message UserActivityScreenDimDelayScaleProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 UserActivityScreenDimDelayScale = 2; |
| } |
| |
| // Wait for initial user activity |
| // |
| // Specifies whether power management delays and the session length limit should |
| // only start running after the first user activity has been observed in a |
| // session. |
| // |
| // If this policy is set to True, power management delays and the session length |
| // limit do not start running until after the first user activity has been |
| // observed in a session. |
| // |
| // If this policy is set to False or left unset, power management delays and the |
| // session length limit start running immediately on session start. |
| // |
| // Supported on: chrome_os |
| message WaitForInitialUserActivityProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool WaitForInitialUserActivity = 2; |
| } |
| |
| // Power management settings when the user becomes idle |
| // |
| // This policy controls multiple settings for the power management strategy when |
| // the user becomes idle. |
| // |
| // There are four types of action: |
| // * The screen will be dimmed if the user remains idle for the time specified |
| // by |ScreenDim|. |
| // * The screen will be turned off if the user remains idle for the time |
| // specified by |ScreenOff|. |
| // * A warning dialog will be shown if the user remains idle for the time |
| // specified by |IdleWarning|, telling the user that the idle action is about to |
| // be taken. The warning message is only shown if the idle action is to logout |
| // or shut down. |
| // * The action specified by |IdleAction| will be taken if the user remains idle |
| // for the time specified by |Idle|. |
| // |
| // For each of above actions, the delay should be specified in milliseconds, and |
| // needs to be set to a value greater than zero to trigger the corresponding |
| // action. In case the delay is set to zero, Google Chrome OS will not take the |
| // corresponding action. |
| // |
| // For each of the above delays, when the length of time is unset, a default |
| // value will be used. |
| // |
| // Note that |ScreenDim| values will be clamped to be less than or equal to |
| // |ScreenOff|, |ScreenOff| and |IdleWarning| will be clamped to be less than or |
| // equal to |Idle|. |
| // |
| // |IdleAction| can be one of four possible actions: |
| // * |Suspend| |
| // * |Logout| |
| // * |Shutdown| |
| // * |DoNothing| |
| // |
| // When the |IdleAction| is unset, the default action is taken, which is |
| // suspend. |
| // |
| // There are also separate settings for AC power and battery. |
| // |
| // Value schema: |
| // { |
| // "properties": { |
| // "AC": { |
| // "description": "Delays and actions to take when the device is |
| // idle and running on AC power", |
| // "id": "PowerManagementDelays", |
| // "properties": { |
| // "Delays": { |
| // "properties": { |
| // "Idle": { |
| // "description": "The length of time without user |
| // input after which the idle action is taken, in milliseconds", |
| // "minimum": 0, |
| // "type": "integer" |
| // }, |
| // "IdleWarning": { |
| // "description": "The length of time without user |
| // input after which a warning dialog is shown, in milliseconds", |
| // "minimum": 0, |
| // "type": "integer" |
| // }, |
| // "ScreenDim": { |
| // "description": "The length of time without user |
| // input after which the screen is dimmed, in milliseconds", |
| // "minimum": 0, |
| // "type": "integer" |
| // }, |
| // "ScreenOff": { |
| // "description": "The length of time without user |
| // input after which the screen is turned off, in milliseconds", |
| // "minimum": 0, |
| // "type": "integer" |
| // } |
| // }, |
| // "type": "object" |
| // }, |
| // "IdleAction": { |
| // "description": "Action to take when the idle delay is |
| // reached", |
| // "enum": [ |
| // "Suspend", |
| // "Logout", |
| // "Shutdown", |
| // "DoNothing" |
| // ], |
| // "type": "string" |
| // } |
| // }, |
| // "type": "object" |
| // }, |
| // "Battery": { |
| // "$ref": "PowerManagementDelays", |
| // "description": "Delays and actions to take when the device is |
| // idle and running on battery" |
| // } |
| // }, |
| // "type": "object" |
| // } |
| // |
| // Supported on: chrome_os |
| message PowerManagementIdleSettingsProto { |
| optional PolicyOptions policy_options = 1; |
| optional string PowerManagementIdleSettings = 2; |
| } |
| |
| // Screen lock delays |
| // |
| // Specifies the length of time without user input after which the screen is |
| // locked when running on AC power or battery. |
| // |
| // When the length of time is set to a value greater than zero, it represents |
| // the length of time that the user must remain idle before Google Chrome OS |
| // locks the screen. |
| // |
| // When the length of time is set to zero, Google Chrome OS does not lock the |
| // screen when the user becomes idle. |
| // |
| // When the length of time is unset, a default length of time is used. |
| // |
| // The recommended way to lock the screen on idle is to enable screen locking on |
| // suspend and have Google Chrome OS suspend after the idle delay. This policy |
| // should only be used when screen locking should occur a significant amount of |
| // time sooner than suspend or when suspend on idle is not desired at all. |
| // |
| // The policy value should be specified in milliseconds. Values are clamped to |
| // be less than the idle delay. |
| // |
| // Value schema: |
| // { |
| // "properties": { |
| // "AC": { |
| // "description": "The length of time without user input after which |
| // the screen is locked when running on AC power, in milliseconds", |
| // "minimum": 0, |
| // "type": "integer" |
| // }, |
| // "Battery": { |
| // "description": "The length of time without user input after which |
| // the screen is locked when running on battery, in milliseconds", |
| // "minimum": 0, |
| // "type": "integer" |
| // } |
| // }, |
| // "type": "object" |
| // } |
| // |
| // Supported on: chrome_os |
| message ScreenLockDelaysProto { |
| optional PolicyOptions policy_options = 1; |
| optional string ScreenLockDelays = 2; |
| } |
| |
| // Set the Terms of Service for a device-local account |
| // |
| // Sets the Terms of Service that the user must accept before starting a device- |
| // local account session. |
| // |
| // If this policy is set, Google Chrome OS will download the Terms of Service |
| // and present them to the user whenever a device-local account session is |
| // starting. The user will only be allowed into the session after accepting the |
| // Terms of Service. |
| // |
| // If this policy is not set, no Terms of Service are shown. |
| // |
| // The policy should be set to a URL from which Google Chrome OS can download |
| // the Terms of Service. The Terms of Service must be plain text, served as MIME |
| // type text/plain. No markup is allowed. |
| // |
| // Supported on: chrome_os |
| message TermsOfServiceURLProto { |
| optional PolicyOptions policy_options = 1; |
| optional string TermsOfServiceURL = 2; |
| } |
| |
| // Show accessibility options in system tray menu |
| // |
| // If this policy is set to true, Accessibility options always appear in system |
| // tray menu. |
| // |
| // If this policy is set to false, Accessibility options never appear in system |
| // tray menu. |
| // |
| // If you set this policy, users cannot change or override it. |
| // |
| // If this policy is left unset, Accessibility options will not appear in the |
| // system tray menu, but the user can cause the Accessibility options to appear |
| // via the Settings page. |
| // |
| // When accessiblity features are enabled by other means (e.g by a key |
| // combination), Accessibility options will always appear in system tray menu. |
| // |
| // Supported on: chrome_os |
| message ShowAccessibilityOptionsInSystemTrayMenuProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ShowAccessibilityOptionsInSystemTrayMenu = 2; |
| } |
| |
| // Enable large cursor |
| // |
| // Enable the large cursor accessibility feature. |
| // |
| // If this policy is set to true, the large cursor will always be enabled. |
| // |
| // If this policy is set to false, the large cursor will always be disabled. |
| // |
| // If you set this policy, users cannot change or override it. |
| // |
| // If this policy is left unset, the large cursor is disabled initially but can |
| // be enabled by the user anytime. |
| // |
| // Supported on: chrome_os |
| message LargeCursorEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool LargeCursorEnabled = 2; |
| } |
| |
| // Enable spoken feedback |
| // |
| // Enable the spoken feedback accessibility feature. |
| // |
| // If this policy is set to true, spoken feedback will always be enabled. |
| // |
| // If this policy is set to false, spoken feedback will always be disabled. |
| // |
| // If you set this policy, users cannot change or override it. |
| // |
| // If this policy is left unset, spoken feedback is disabled initially but can |
| // be enabled by the user anytime. |
| // |
| // Supported on: chrome_os |
| message SpokenFeedbackEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool SpokenFeedbackEnabled = 2; |
| } |
| |
| // Enable high contrast mode |
| // |
| // Enable the high contrast mode accessibility feature. |
| // |
| // If this policy is set to true, high contrast mode will always be enabled. |
| // |
| // If this policy is set to false, high contrast mode will always be disabled. |
| // |
| // If you set this policy, users cannot change or override it. |
| // |
| // If this policy is left unset, high contrast mode is disabled initially but |
| // can be enabled by the user anytime. |
| // |
| // Supported on: chrome_os |
| message HighContrastEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool HighContrastEnabled = 2; |
| } |
| |
| // Enable on-screen keyboard |
| // |
| // Enable the on-screen keyboard accessibility feature. |
| // |
| // If this policy is set to true, the on-screen keyboard will always be enabled. |
| // |
| // If this policy is set to false, the on-screen keyboard will always be |
| // disabled. |
| // |
| // If you set this policy, users cannot change or override it. |
| // |
| // If this policy is left unset, the on-screen keyboard is disabled initially |
| // but can be enabled by the user anytime. |
| // |
| // Supported on: chrome_os |
| message VirtualKeyboardEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool VirtualKeyboardEnabled = 2; |
| } |
| |
| // Enable sticky keys |
| // |
| // Enable the sticky keys accessibility feature. |
| // |
| // If this policy is set to true, the sticky keys will always be enabled. |
| // |
| // If this policy is set to false, the sticky keys will always be disabled. |
| // |
| // If you set this policy, users cannot change or override it. |
| // |
| // If this policy is left unset, the sticky keys is disabled initially but can |
| // be enabled by the user anytime. |
| // |
| // Supported on: chrome_os |
| message StickyKeysEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool StickyKeysEnabled = 2; |
| } |
| |
| // Enable select to speak |
| // |
| // Enable the select to speak accessibility feature. |
| // |
| // If this policy is set to true, the select to speak will always be enabled. |
| // |
| // If this policy is set to false, the select to speak will always be disabled. |
| // |
| // If you set this policy, users cannot change or override it. |
| // |
| // If this policy is left unset, the select to speak is disabled initially but |
| // can be enabled by the user anytime. |
| // |
| // Supported on: chrome_os |
| message SelectToSpeakEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool SelectToSpeakEnabled = 2; |
| } |
| |
| // Media keys default to function keys |
| // |
| // Changes the default behaviour of the top row keys to function keys. |
| // |
| // If this policy is set to true, the keyboard's top row of keys will produce |
| // function key commands per default. The search key has to be pressed to revert |
| // their behavior back to media keys. |
| // |
| // If this policy is set to false or left unset, the keyboard will produce media |
| // key commands per default and function key commands when the search key is |
| // held. |
| // |
| // Supported on: chrome_os |
| message KeyboardDefaultToFunctionKeysProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool KeyboardDefaultToFunctionKeys = 2; |
| } |
| |
| // Set screen magnifier type |
| // |
| // If this policy is set, it controls the type of screen magnifier that is |
| // enabled. Setting the policy to "None" disables the screen magnifier. |
| // |
| // If you set this policy, users cannot change or override it. |
| // |
| // If this policy is left unset, the screen magnifier is disabled initially but |
| // can be enabled by the user anytime. |
| // |
| // Valid values: |
| // 0: Screen magnifier disabled |
| // 1: Full-screen magnifier enabled |
| // 2: Docked magnifier enabled |
| // |
| // Supported on: chrome_os |
| message ScreenMagnifierTypeProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 ScreenMagnifierType = 2; |
| } |
| |
| // Hide the web store from the New Tab Page and app launcher |
| // |
| // Hide the Chrome Web Store app and footer link from the New Tab Page and |
| // Google Chrome OS app launcher. |
| // |
| // When this policy is set to true, the icons are hidden. |
| // |
| // When this policy is set to false or is not configured, the icons are visible. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message HideWebStoreIconProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool HideWebStoreIcon = 2; |
| } |
| |
| // Set the restriction on the fetching of the Variations seed |
| // |
| // Add a parameter to the fetching of the Variations seed in Google Chrome. |
| // |
| // If specified, will add a query parameter called 'restrict' to the URL used to |
| // fetch the Variations seed. The value of the parameter will be the value |
| // specified in this policy. |
| // |
| // If not specified, will not modify the Variations seed URL. |
| // |
| // Supported on: android, fuchsia, linux, mac, win |
| message VariationsRestrictParameterProto { |
| optional PolicyOptions policy_options = 1; |
| optional string VariationsRestrictParameter = 2; |
| } |
| |
| // Enable remote attestation for the user |
| // |
| // If true, the user can use the hardware on Chrome devices to remote attest its |
| // identity to the privacy CA via the Enterprise Platform Keys API using |
| // chrome.enterprise.platformKeys.challengeUserKey(). |
| // |
| // If it is set to false, or if it is not set, calls to the API will fail with |
| // an error code. |
| // |
| // Supported on: chrome_os |
| message AttestationEnabledForUserProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool AttestationEnabledForUser = 2; |
| } |
| |
| // Extensions allowed to to use the remote attestation API |
| // |
| // This policy specifies the allowed extensions to use the Enterprise Platform |
| // Keys API function chrome.enterprise.platformKeys.challengeUserKey() for |
| // remote attestation. Extensions must be added to this list to use the API. |
| // |
| // If an extension is not in the list, or the list is not set, the call to the |
| // API will fail with an error code. |
| // |
| // Supported on: chrome_os |
| message AttestationExtensionWhitelistProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList AttestationExtensionWhitelist = 2; |
| } |
| |
| // Suppress the Google Chrome Frame turndown prompt |
| // |
| // Suppresses the turndown prompt that appears when a site is rendered by Google |
| // Chrome Frame. |
| // |
| // Supported on: |
| message SuppressChromeFrameTurndownPromptProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool SuppressChromeFrameTurndownPrompt = 2; |
| } |
| |
| // Default behavior for sites not in any content pack |
| // |
| // This policy is for internal use by Google Chrome itself. |
| // |
| // Valid values: |
| // 0: Allow access to sites outside of content packs |
| // 1: Warn when visiting sites outside of content packs |
| // 2: Block access to sites outside of content packs |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message ContentPackDefaultFilteringBehaviorProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 ContentPackDefaultFilteringBehavior = 2; |
| } |
| |
| // Managed user manual exception hosts |
| // |
| // A dictionary mapping hostnames to a boolean flag specifying whether access to |
| // the host should be allowed (true) or blocked (false). |
| // |
| // This policy is for internal use by Google Chrome itself. |
| // |
| // Value schema: |
| // { |
| // "additionalProperties": { |
| // "type": "boolean" |
| // }, |
| // "type": "object" |
| // } |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message ContentPackManualBehaviorHostsProto { |
| optional PolicyOptions policy_options = 1; |
| optional string ContentPackManualBehaviorHosts = 2; |
| } |
| |
| // Managed user manual exception URLs |
| // |
| // A dictionary mapping URLs to a boolean flag specifying whether access to the |
| // host should be allowed (true) or blocked (false). |
| // |
| // This policy is for internal use by Google Chrome itself. |
| // |
| // Value schema: |
| // { |
| // "additionalProperties": { |
| // "type": "boolean" |
| // }, |
| // "type": "object" |
| // } |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message ContentPackManualBehaviorURLsProto { |
| optional PolicyOptions policy_options = 1; |
| optional string ContentPackManualBehaviorURLs = 2; |
| } |
| |
| // Enable creation of supervised users |
| // |
| // If set to false, supervised-user creation by this user will be disabled. Any |
| // existing supervised users will still be available. |
| // |
| // If set to true or not configured, supervised users can be created and managed |
| // by this user. |
| // |
| // Supported on: |
| message SupervisedUserCreationEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool SupervisedUserCreationEnabled = 2; |
| } |
| |
| // Enable the supervised user content provider |
| // |
| // If true and the user is a supervised user then other Android apps can query |
| // the user's web restrictions through a content provider. |
| // |
| // If false or unset then the content provider returns no information. |
| // |
| // Supported on: |
| message SupervisedUserContentProviderEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool SupervisedUserContentProviderEnabled = 2; |
| } |
| |
| // Managed Bookmarks |
| // |
| // Configures a list of managed bookmarks. |
| // |
| // The policy consists of a list of bookmarks whereas each bookmark is a |
| // dictionary containing the keys "name" and "url" which hold the bookmark's |
| // name and its target. A subfolder may be configured by defining a bookmark |
| // without an "url" key but with an additional "children" key which itself |
| // contains a list of bookmarks as defined above (some of which may be folders |
| // again). Google Chrome amends incomplete URLs as if they were submitted via |
| // the Omnibox, for example "google.com" becomes "https://google.com/". |
| // |
| // These bookmarks are placed in a folder that can't be modified by the user |
| // (but the user can choose to hide it from the bookmark bar). By default the |
| // folder name is "Managed bookmarks" but it can be customized by adding to the |
| // list of bookmarks a dictionary containing the key "toplevel_name" with the |
| // desired folder name as the value. |
| // |
| // Managed bookmarks are not synced to the user account and can't be modified by |
| // extensions. |
| // |
| // Value schema: |
| // { |
| // "items": { |
| // "id": "BookmarkType", |
| // "properties": { |
| // "children": { |
| // "items": { |
| // "$ref": "BookmarkType" |
| // }, |
| // "type": "array" |
| // }, |
| // "name": { |
| // "type": "string" |
| // }, |
| // "toplevel_name": { |
| // "type": "string" |
| // }, |
| // "url": { |
| // "type": "string" |
| // } |
| // }, |
| // "type": "object" |
| // }, |
| // "type": "array" |
| // } |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message ManagedBookmarksProto { |
| optional PolicyOptions policy_options = 1; |
| optional string ManagedBookmarks = 2; |
| } |
| |
| // Enable the data compression proxy feature |
| // |
| // Enable or disable the data compression proxy and prevents users from changing |
| // this setting. |
| // |
| // If you enable or disable this setting, users cannot change or override this |
| // setting. |
| // |
| // If this policy is left not set, the data compression proxy feature will be |
| // available for the user to choose whether to use it or not. |
| // |
| // Supported on: android |
| message DataCompressionProxyEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool DataCompressionProxyEnabled = 2; |
| } |
| |
| // User avatar image |
| // |
| // This policy allows you to configure the avatar image representing the user on |
| // the login screen. The policy is set by specifying the URL from which Google |
| // Chrome OS can download the avatar image and a cryptographic hash used to |
| // verify the integrity of the download. The image must be in JPEG format, its |
| // size must not exceed 512kB. The URL must be accessible without any |
| // authentication. |
| // |
| // The avatar image is downloaded and cached. It will be re-downloaded whenever |
| // the URL or the hash changes. |
| // |
| // If this policy is set, Google Chrome OS will download and use the avatar |
| // image. |
| // |
| // If you set this policy, users cannot change or override it. |
| // |
| // If the policy is left not set, the user can choose the avatar image |
| // representing them on the login screen. |
| // |
| // Supported on: chrome_os |
| message UserAvatarImageProto { |
| optional PolicyOptions policy_options = 1; |
| optional string UserAvatarImage = 2; |
| } |
| |
| // Wallpaper image |
| // |
| // This policy allows you to configure the wallpaper image that is shown on the |
| // desktop and on the login screen background for the user. The policy is set by |
| // specifying the URL from which Google Chrome OS can download the wallpaper |
| // image and a cryptographic hash used to verify the integrity of the download. |
| // The image must be in JPEG format, its file size must not exceed 16MB. The URL |
| // must be accessible without any authentication. |
| // |
| // The wallpaper image is downloaded and cached. It will be re-downloaded |
| // whenever the URL or the hash changes. |
| // |
| // If this policy is set, Google Chrome OS will download and use the wallpaper |
| // image. |
| // |
| // If you set this policy, users cannot change or override it. |
| // |
| // If the policy is left not set, the user can choose an image to be shown on |
| // the desktop and on the login screen background. |
| // |
| // Supported on: chrome_os |
| message WallpaperImageProto { |
| optional PolicyOptions policy_options = 1; |
| optional string WallpaperImage = 2; |
| } |
| |
| // Enable deprecated web platform features for a limited time |
| // |
| // Specify a list of deprecated web platform features to re-enable temporarily. |
| // |
| // This policy gives administrators the ability to re-enable deprecated web |
| // platform features for a limited time. Features are identified by a string tag |
| // and the features corresponding to the tags included in the list specified by |
| // this policy will get re-enabled. |
| // |
| // If this policy is left not set, or the list is empty or does not match one of |
| // the supported string tags, all deprecated web platform features will remain |
| // disabled. |
| // |
| // While the policy itself is supported on the above platforms, the feature it |
| // is enabling may be available on fewer platforms. Not all deprecated Web |
| // Platform features can be re-enabled. Only the ones explicitly listed below |
| // can be for a limited period of time, which is different per feature. The |
| // general format of the string tag will be |
| // [DeprecatedFeatureName]_EffectiveUntil[yyyymmdd]. As reference, you can find |
| // the intent behind the Web Platform feature changes at |
| // https://bit.ly/blinkintents. |
| // |
| // Valid values: |
| // ExampleDeprecatedFeature_EffectiveUntil20080902: Enable |
| // ExampleDeprecatedFeature API through 2008/09/02 |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message EnableDeprecatedWebPlatformFeaturesProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList EnableDeprecatedWebPlatformFeatures = 2; |
| } |
| |
| // Allow Smart Lock to be used |
| // |
| // If you enable this setting, users will be allowed to use Smart Lock if the |
| // requirements for the feature are satisfied. |
| // |
| // If you disable this setting, users will not be allowed to use Smart Lock. |
| // |
| // If this policy is left not set, the default is not allowed for enterprise- |
| // managed users and allowed for non-managed users. |
| // |
| // Supported on: chrome_os |
| message EasyUnlockAllowedProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool EasyUnlockAllowed = 2; |
| } |
| |
| // Set the recommended locales for a managed session |
| // |
| // Sets one or more recommended locales for a managed session, allowing users to |
| // easily choose one of these locales. |
| // |
| // The user can choose a locale and a keyboard layout before starting a managed |
| // session. By default, all locales supported by Google Chrome OS are listed in |
| // alphabetic order. You can use this policy to move a set of recommended |
| // locales to the top of the list. |
| // |
| // If this policy is not set, the current UI locale will be pre-selected. |
| // |
| // If this policy is set, the recommended locales will be moved to the top of |
| // the list and will be visually separated from all other locales. The |
| // recommended locales will be listed in the order in which they appear in the |
| // policy. The first recommended locale will be pre-selected. |
| // |
| // If there is more than one recommended locale, it is assumed that users will |
| // want to select among these locales. Locale and keyboard layout selection will |
| // be prominently offered when starting a managed session. Otherwise, it is |
| // assumed that most users will want to use the pre-selected locale. Locale and |
| // keyboard layout selection will be less prominently offered when starting a |
| // managed session. |
| // |
| // When this policy is set and automatic login is enabled (see the |
| // |DeviceLocalAccountAutoLoginId| and |DeviceLocalAccountAutoLoginDelay| |
| // policies), the automatically started managed session will use the first |
| // recommended locale and the most popular keyboard layout matching this locale. |
| // |
| // The pre-selected keyboard layout will always be the most popular layout |
| // matching the pre-selected locale. |
| // |
| // This policy can only be set as recommended. You can use this policy to move a |
| // set of recommended locales to the top but users are always allowed to choose |
| // any locale supported by Google Chrome OS for their session. |
| // |
| // Supported on: chrome_os |
| message SessionLocalesProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList SessionLocales = 2; |
| } |
| |
| // Enable guest mode in browser |
| // |
| // If this policy is set to true or not configured, Google Chrome will enable |
| // guest logins. Guest logins are Google Chrome profiles where all windows are |
| // in incognito mode. |
| // |
| // If this policy is set to false, Google Chrome will not allow guest profiles |
| // to be started. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message BrowserGuestModeEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool BrowserGuestModeEnabled = 2; |
| } |
| |
| // Enforce browser guest mode |
| // |
| // If this policy is set to enabled, Google Chrome will enforce guest sessions |
| // and prevents profile logins. Guest logins are Google Chrome profiles where |
| // all windows are in incognito mode. |
| // |
| // If this policy is set to disabled or not set or browser guest mode is |
| // disabled by BrowserGuestModeEnabled policy, Google Chrome will allow using |
| // new and existing profiles. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message BrowserGuestModeEnforcedProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool BrowserGuestModeEnforced = 2; |
| } |
| |
| // Enable add person in user manager |
| // |
| // If this policy is set to true or not configured, Google Chrome will allow Add |
| // Person from the user manager. |
| // |
| // If this policy is set to false, Google Chrome will not allow creation of new |
| // profiles from the user manager. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message BrowserAddPersonEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool BrowserAddPersonEnabled = 2; |
| } |
| |
| // Enable force sign in for Google Chrome |
| // |
| // This policy is deprecated, consider using BrowserSignin instead. |
| // |
| // If this policy is set to true, user has to sign in to Google Chrome with |
| // their profile before using the browser. And the default value of |
| // BrowserGuestModeEnabled will be set to false. Note that existing unsigned |
| // profiles will be locked and inaccessible after enabling this policy. For more |
| // information, see help center article. |
| // |
| // If this policy is set to false or not configured, user can use the browser |
| // without sign in to Google Chrome. |
| // |
| // Supported on: android, mac, win |
| message ForceBrowserSigninProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ForceBrowserSignin = 2; |
| } |
| |
| // Browser sign in settings |
| // |
| // This policy controls the sign-in behavior of the browser. It allows you to |
| // specify if the user can sign in to Google Chrome with their account and use |
| // account related services like Chrome sync. |
| // |
| // If the policy is set to "Disable browser sign-in" then the user can not sign |
| // in to the browser and use account based services. In this case browser level |
| // features like Chrome sync can not be used and will be unavailable. If the |
| // user was signed in and the policy is set "Disabled" they will be signed out |
| // the next time they run Chrome but their local profile data like bookmarks, |
| // passwords etc. will stay preserved. The user will still be able to sign into |
| // and use Google web services like Gmail. |
| // |
| // If the policy is set to "Enable browser sign-in," then the user is allowed to |
| // sign in to the browser and is automatically signed in to the browser when |
| // signed in to Google web services like Gmail. Being signed in to the browser |
| // means the user's account information will be kept by the browser. However, it |
| // does not mean that Chrome sync will be turned on per default; the user must |
| // separately opt-in to use this feature. Enabling this policy will prevent the |
| // user from turning off the setting that allows browser sign-in. To control the |
| // availability of Chrome sync, use the "SyncDisabled" policy. |
| // |
| // If the policy is set to "Force browser sign-in" the user is presented with an |
| // account selection dialog and has to choose and sign in to an account to use |
| // the browser. This ensures that for managed accounts the policies associated |
| // with the account are applied and enforced. By default this turns on Chrome |
| // sync for the account, except for the case when sync was disabled by the |
| // domain admin or via the "SyncDisabled" policy. The default value of |
| // BrowserGuestModeEnabled will be set to false. Note that existing unsigned |
| // profiles will be locked and inaccessible after enabling this policy. For more |
| // information, see help center article: |
| // https://support.google.com/chrome/a/answer/7572556. This option does not |
| // support Linux and will fallback to "Enable browser sign-in" if used. |
| // |
| // If this policy is not set then the user can decide if they want to enable the |
| // browser sign in option and use it as they see fit. |
| // |
| // Valid values: |
| // 0: Disable browser sign-in |
| // 1: Enable browser sign-in |
| // 2: Force users to sign-in to use the browser |
| // |
| // Supported on: android, fuchsia, linux, mac, win |
| message BrowserSigninProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 BrowserSignin = 2; |
| } |
| |
| // Minimum SSL version enabled |
| // |
| // If this policy is not configured then Google Chrome uses a default minimum |
| // version which is TLS 1.0. |
| // |
| // Otherwise it may be set to one of the following values: "tls1", "tls1.1" or |
| // "tls1.2". When set, Google Chrome will not use SSL/TLS versions less than the |
| // specified version. An unrecognized value will be ignored. |
| // |
| // Valid values: |
| // tls1: TLS 1.0 |
| // tls1.1: TLS 1.1 |
| // tls1.2: TLS 1.2 |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message SSLVersionMinProto { |
| optional PolicyOptions policy_options = 1; |
| optional string SSLVersionMin = 2; |
| } |
| |
| // Minimum TLS version to fallback to |
| // |
| // Warning: The TLS version fallback will be removed from Google Chrome after |
| // version 52 (around September 2016) and this policy will stop working then. |
| // |
| // When a TLS handshake fails, Google Chrome would previously retry the |
| // connection with a lesser version of TLS in order to work around bugs in HTTPS |
| // servers. This setting configures the version at which this fallback process |
| // will stop. If a server performs version negotiation correctly (i.e. without |
| // breaking the connection) then this setting doesn't apply. Regardless, the |
| // resulting connection must still comply with SSLVersionMin. |
| // |
| // If this policy is not configured or if it is set to "tls1.2" then Google |
| // Chrome no longer performs this fallback. Note this does not disable support |
| // for older TLS versions, only whether Google Chrome will work around buggy |
| // servers which cannot negotiate versions correctly. |
| // |
| // Otherwise, if compatibility with a buggy server must be maintained, this |
| // policy may be set to "tls1.1". This is a stopgap measure and the server |
| // should be rapidly fixed. |
| // |
| // Valid values: |
| // tls1.1: TLS 1.1 |
| // tls1.2: TLS 1.2 |
| // |
| // Supported on: |
| message SSLVersionFallbackMinProto { |
| optional PolicyOptions policy_options = 1; |
| optional string SSLVersionFallbackMin = 2; |
| } |
| |
| // Maximum SSL version enabled |
| // |
| // Warning: The max TLS version policy will be entirely removed from Google |
| // Chrome around version 75 (around June 2019). |
| // |
| // If this policy is not configured then Google Chrome uses the default maximum |
| // version. |
| // |
| // Otherwise it may be set to one of the following values: "tls1.2" or "tls1.3". |
| // When set, Google Chrome will not use SSL/TLS versions greater than the |
| // specified version. An unrecognized value will be ignored. |
| // |
| // Valid values: |
| // tls1.2: TLS 1.2 |
| // tls1.3: TLS 1.3 |
| // |
| // Supported on: |
| message SSLVersionMaxProto { |
| optional PolicyOptions policy_options = 1; |
| optional string SSLVersionMax = 2; |
| } |
| |
| // Disable Certificate Transparency enforcement for a list of URLs |
| // |
| // Disables enforcing Certificate Transparency requirements to the listed URLs. |
| // |
| // This policy allows certificates for the hostnames in the specified URLs to |
| // not be disclosed via Certificate Transparency. This allows certificates that |
| // would otherwise be untrusted, because they were not properly publicly |
| // disclosed, to continue to be used, but makes it harder to detect misissued |
| // certificates for those hosts. |
| // |
| // A URL pattern is formatted according to |
| // https://www.chromium.org/administrators/url-blacklist-filter-format. However, |
| // because certificates are valid for a given hostname independent of the |
| // scheme, port, or path, only the hostname portion of the URL is considered. |
| // Wildcard hosts are not supported. |
| // |
| // If this policy is not set, any certificate that is required to be disclosed |
| // via Certificate Transparency will be treated as untrusted if it is not |
| // disclosed according to the Certificate Transparency policy. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message CertificateTransparencyEnforcementDisabledForUrlsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList CertificateTransparencyEnforcementDisabledForUrls = 2; |
| } |
| |
| // Disable Certificate Transparency enforcement for a list of |
| // subjectPublicKeyInfo hashes |
| // |
| // Disables enforcing Certificate Transparency requirements for a list of |
| // subjectPublicKeyInfo hashes. |
| // |
| // This policy allows disabling Certificate Transparency disclosure requirements |
| // for certificate chains that contain certificates with one of the specified |
| // subjectPublicKeyInfo hashes. This allows certificates that would otherwise be |
| // untrusted, because they were not properly publicly disclosed, to continue to |
| // be used for Enterprise hosts. |
| // |
| // In order for Certificate Transparency enforcement to be disabled when this |
| // policy is set, one of the following conditions must be met: |
| // 1. The hash is of the server certificate's subjectPublicKeyInfo. |
| // 2. The hash is of a subjectPublicKeyInfo that appears in a CA certificate in |
| // the certificate chain, that CA certificate is constrained via the X.509v3 |
| // nameConstraints extension, one or more directoryName nameConstraints are |
| // present in the permittedSubtrees, and the directoryName contains an |
| // organizationName attribute. |
| // 3. The hash is of a subjectPublicKeyInfo that appears in a CA certificate in |
| // the certificate chain, the CA certificate has one or more organizationName |
| // attributes in the certificate Subject, and the server's certificate contains |
| // the same number of organizationName attributes, in the same order, and with |
| // byte-for-byte identical values. |
| // |
| // A subjectPublicKeyInfo hash is specified by concatenating the hash algorithm |
| // name, the "/" character, and the Base64 encoding of that hash algorithm |
| // applied to the DER-encoded subjectPublicKeyInfo of the specified certificate. |
| // This Base64 encoding is the same format as an SPKI Fingerprint, as defined in |
| // RFC 7469, Section 2.4. Unrecognized hash algorithms are ignored. The only |
| // supported hash algorithm at this time is "sha256". |
| // |
| // If this policy is not set, any certificate that is required to be disclosed |
| // via Certificate Transparency will be treated as untrusted if it is not |
| // disclosed according to the Certificate Transparency policy. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message CertificateTransparencyEnforcementDisabledForCasProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList CertificateTransparencyEnforcementDisabledForCas = 2; |
| } |
| |
| // Disable Certificate Transparency enforcement for a list of Legacy Certificate |
| // Authorities |
| // |
| // Disables enforcing Certificate Transparency requirements for a list of Legacy |
| // Certificate Authorities. |
| // |
| // This policy allows disabling Certificate Transparency disclosure requirements |
| // for certificate chains that contain certificates with one of the specified |
| // subjectPublicKeyInfo hashes. This allows certificates that would otherwise be |
| // untrusted, because they were not properly publicly disclosed, to continue to |
| // be used for Enterprise hosts. |
| // |
| // In order for Certificate Transparency enforcement to be disabled when this |
| // policy is set, the hash must be of a subjectPublicKeyInfo appearing in a CA |
| // certificate that is recognized as a Legacy Certificate Authority (CA). A |
| // Legacy CA is a CA that has been publicly trusted by default one or more |
| // operating systems supported by Google Chrome, but is not trusted by the |
| // Android Open Source Project or Google Chrome OS. |
| // |
| // A subjectPublicKeyInfo hash is specified by concatenating the hash algorithm |
| // name, the "/" character, and the Base64 encoding of that hash algorithm |
| // applied to the DER-encoded subjectPublicKeyInfo of the specified certificate. |
| // This Base64 encoding is the same format as an SPKI Fingerprint, as defined in |
| // RFC 7469, Section 2.4. Unrecognized hash algorithms are ignored. The only |
| // supported hash algorithm at this time is "sha256". |
| // |
| // If this policy is not set, any certificate that is required to be disclosed |
| // via Certificate Transparency will be treated as untrusted if it is not |
| // disclosed according to the Certificate Transparency policy. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message CertificateTransparencyEnforcementDisabledForLegacyCasProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList CertificateTransparencyEnforcementDisabledForLegacyCas = 2; |
| } |
| |
| // Enable RC4 cipher suites in TLS |
| // |
| // Warning: RC4 will be completely removed from Google Chrome after version 52 |
| // (around September 2016) and this policy will stop working then. |
| // |
| // If the policy is not set, or is set to false, then RC4 cipher suites in TLS |
| // will not be enabled. Otherwise it may be set to true to retain compatibility |
| // with an outdated server. This is a stopgap measure and the server should be |
| // reconfigured. |
| // |
| // Supported on: |
| message RC4EnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool RC4Enabled = 2; |
| } |
| |
| // Enable DHE cipher suites in TLS |
| // |
| // Warning: DHE will be completely removed from Google Chrome after version 57 |
| // (around March 2017) and this policy will stop working then. |
| // |
| // If the policy is not set, or is set to false, then DHE cipher suites in TLS |
| // will not be enabled. Otherwise it may be set to true to enable DHE cipher |
| // suites and retain compatibility with an outdated server. This is a stopgap |
| // measure and the server should be reconfigured. |
| // |
| // Servers are encouraged to migrated to ECDHE cipher suites. If these are |
| // unavailable, ensure a cipher suite using RSA key exchange is enabled. |
| // |
| // Supported on: |
| message DHEEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool DHEEnabled = 2; |
| } |
| |
| // Enable Tap to Search |
| // |
| // Enables the availability of Tap to Search in Google Chrome's content view. |
| // |
| // If you enable this setting, Tap to Search will be available to the user and |
| // they can choose to turn the feature on or off. |
| // |
| // If you disable this setting, Tap to Search will be disabled completely. |
| // |
| // If this policy is left not set, it is equivalent to being enabled, see |
| // description above. |
| // |
| // Supported on: android |
| message ContextualSearchEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ContextualSearchEnabled = 2; |
| } |
| |
| // Maximize the first browser window on first run |
| // |
| // If this policy is set to true, Google Chrome will unconditionally maximize |
| // the first window shown on first run. |
| // If this policy is set to false or not configured, the decision whether to |
| // maximize the first window shown will be based on the screen size. |
| // |
| // Supported on: chrome_os |
| message ForceMaximizeOnFirstRunProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ForceMaximizeOnFirstRun = 2; |
| } |
| |
| // Allow proceeding from the SSL warning page |
| // |
| // Chrome shows a warning page when users navigate to sites that have SSL |
| // errors. By default or when this policy is set to true, users are allowed to |
| // click through these warning pages. |
| // Setting this policy to false disallows users to click through any warning |
| // page. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message SSLErrorOverrideAllowedProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool SSLErrorOverrideAllowed = 2; |
| } |
| |
| // Allow QUIC protocol |
| // |
| // If this policy is set to true or not set usage of QUIC protocol in Google |
| // Chrome is allowed. |
| // If this policy is set to false usage of QUIC protocol is disallowed. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message QuicAllowedProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool QuicAllowed = 2; |
| } |
| |
| // Key Permissions |
| // |
| // Grants access to corporate keys to extensions. |
| // |
| // Keys are designated for corporate usage if they're generated using the |
| // chrome.enterprise.platformKeys API on a managed account. Keys imported or |
| // generated in another way are not designated for corporate usage. |
| // |
| // Access to keys designated for corporate usage is solely controlled by this |
| // policy. The user can neither grant nor withdraw access to corporate keys to |
| // or from extensions. |
| // |
| // By default an extension cannot use a key designated for corporate usage, |
| // which is equivalent to setting allowCorporateKeyUsage to false for that |
| // extension. |
| // |
| // Only if allowCorporateKeyUsage is set to true for an extension, it can use |
| // any platform key marked for corporate usage to sign arbitrary data. This |
| // permission should only be granted if the extension is trusted to secure |
| // access to the key against attackers. |
| // |
| // Value schema: |
| // { |
| // "additionalProperties": { |
| // "properties": { |
| // "allowCorporateKeyUsage": { |
| // "description": "If set to true, this extension can use all |
| // keys that are designated for corporate usage to sign arbitrary data. If set |
| // to false, it cannot access any such keys and the user cannot grant such |
| // permission either.", |
| // "type": "boolean" |
| // } |
| // }, |
| // "type": "object" |
| // }, |
| // "type": "object" |
| // } |
| // |
| // Supported on: chrome_os |
| message KeyPermissionsProto { |
| optional PolicyOptions policy_options = 1; |
| optional string KeyPermissions = 2; |
| } |
| |
| // Enable showing the welcome page on the first browser launch following OS |
| // upgrade |
| // |
| // If this policy is set to true or not configured, the browser will re-show the |
| // welcome page on the first launch following an OS upgrade. |
| // |
| // If this policy is set to false, the browser will not re-show the welcome page |
| // on the first launch following an OS upgrade. |
| // |
| // Supported on: |
| message WelcomePageOnOSUpgradeEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool WelcomePageOnOSUpgradeEnabled = 2; |
| } |
| |
| // Use hardware acceleration when available |
| // |
| // If this policy is set to true or left unset, hardware acceleration will be |
| // enabled unless a certain GPU feature is blacklisted. |
| // |
| // If this policy is set to false, hardware acceleration will be disabled. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message HardwareAccelerationModeEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool HardwareAccelerationModeEnabled = 2; |
| } |
| |
| // Make Unified Desktop available and turn on by default |
| // |
| // If this policy is set to true, Unified Desktop is allowed and |
| // enabled by default, which allows applications to span multiple displays. |
| // The user may disable Unified Desktop for individual displays by unchecking |
| // it in the display settings. |
| // |
| // If this policy is set to false or unset, Unified Desktop will be |
| // disabled. In this case, the user cannot enable the feature. |
| // |
| // Supported on: chrome_os |
| message UnifiedDesktopEnabledByDefaultProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool UnifiedDesktopEnabledByDefault = 2; |
| } |
| |
| // Enable ARC |
| // |
| // When this policy is set to true, ARC will be enabled for the user |
| // (subject to additional policy settings checks - ARC will still be |
| // unavailable if either ephemeral mode or multiple sign-in is enabled |
| // in the current user session). |
| // |
| // If this setting is disabled or not configured then enterprise users are |
| // unable to use ARC. |
| // |
| // Supported on: chrome_os |
| message ArcEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ArcEnabled = 2; |
| } |
| |
| // Configure ARC |
| // |
| // Specifies a set of policies that will be handed over to the ARC runtime. The |
| // value must be valid JSON. |
| // |
| // This policy can be used to configure which Android apps are automatically |
| // installed on the device. |
| // |
| // To pin apps to the launcher, see PinnedLauncherApps. |
| // |
| // Supported on: chrome_os |
| message ArcPolicyProto { |
| optional PolicyOptions policy_options = 1; |
| optional string ArcPolicy = 2; |
| } |
| |
| // Suppress the unsupported OS warning |
| // |
| // Suppresses the warning that appears when Google Chrome is running on a |
| // computer or operating system that is no longer supported. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message SuppressUnsupportedOSWarningProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool SuppressUnsupportedOSWarning = 2; |
| } |
| |
| // Enable ending processes in Task Manager |
| // |
| // If set to false, the 'End process' button is disabled in the Task Manager. |
| // |
| // If set to true or not configured, the user can end processes in the Task |
| // Manager. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message TaskManagerEndProcessEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool TaskManagerEndProcessEnabled = 2; |
| } |
| |
| // Permit locking the screen |
| // |
| // If this policy is set to false, users will not be able to lock the screen |
| // (only signing out from the user session will be possible). If this setting is |
| // set to true or not set, users who authenticated with a password can lock the |
| // screen. |
| // |
| // Supported on: chrome_os |
| message AllowScreenLockProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool AllowScreenLock = 2; |
| } |
| |
| // Set certificate availability for ARC-apps |
| // |
| // If set to SyncDisabled or not configured, Google Chrome OS certificates are |
| // not available for ARC-apps. |
| // |
| // If set to CopyCaCerts, all ONC-installed CA certificates with Web TrustBit |
| // are available for ARC-apps. |
| // |
| // Valid values: |
| // 0: Disable usage of Google Chrome OS certificates to ARC-apps |
| // 1: Enable Google Chrome OS CA certificates to ARC-apps |
| // |
| // Supported on: chrome_os |
| message ArcCertificatesSyncModeProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 ArcCertificatesSyncMode = 2; |
| } |
| |
| // Define domains allowed to access G Suite |
| // |
| // Enables Google Chrome's restricted log in feature in G Suite and prevents |
| // users from changing this setting. |
| // |
| // If you define this setting, the user will only be able to access Google |
| // Apps using accounts from the specified domains (note that to allow |
| // gmail.com/googlemail.com accounts, you should add "consumer_accounts" |
| // (without quotes) to the list of domains). |
| // |
| // This setting will prevent the user from logging in, and adding a Secondary |
| // Account, on a managed device that requires Google authentication, if that |
| // account does not belong to the aforementioned list of allowed domains. |
| // |
| // If you leave this setting empty/not-configured, the user will be able to |
| // access G Suite with any account. |
| // |
| // This policy causes the X-GoogApps-Allowed-Domains header to be appended to |
| // all HTTP and HTTPS requests to all google.com domains, as described in |
| // https://support.google.com/a/answer/1668854. |
| // |
| // Users cannot change or override this setting. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message AllowedDomainsForAppsProto { |
| optional PolicyOptions policy_options = 1; |
| optional string AllowedDomainsForApps = 2; |
| } |
| |
| // Enable PAC URL stripping (for https://) |
| // |
| // Strips privacy and security sensitive parts of https:// URLs before passing |
| // them on to PAC scripts (Proxy Auto Config) used by Google Chrome during proxy |
| // resolution. |
| // |
| // When True, the security feature is enabled, and https:// URLs are |
| // stripped before submitting them to a PAC script. In this manner the PAC |
| // script is not able to view data that is ordinarily protected by an |
| // encrypted channel (such as the URL's path and query). |
| // |
| // When False, the security feature is disabled, and PAC scripts are |
| // implicitly granted the ability to view all components of an https:// |
| // URL. This applies to all PAC scripts regardless of origin (including |
| // those fetched over an insecure transport, or discovered insecurely |
| // through WPAD). |
| // |
| // This defaults to True (security feature enabled). |
| // |
| // It is recommended that this be set to True. The only reason to set it to |
| // False is if it causes a compatibility problem with existing PAC scripts. |
| // |
| // The policy will be removed in M75. |
| // |
| // Supported on: |
| message PacHttpsUrlStrippingEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool PacHttpsUrlStrippingEnabled = 2; |
| } |
| |
| // Enable Google Cast |
| // |
| // If this policy is set to true or is not set, Google Cast will be enabled, and |
| // users will be able to launch it from the app menu, page context menus, media |
| // controls on Cast-enabled websites, and (if shown) the Cast toolbar icon. |
| // |
| // If this policy set to false, Google Cast will be disabled. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message EnableMediaRouterProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool EnableMediaRouter = 2; |
| } |
| |
| // Show the Google Cast toolbar icon |
| // |
| // If this policy is set to true, the Cast toolbar icon will always be shown on |
| // the toolbar or the overflow menu, and users will not be able to remove it. |
| // |
| // If this policy is set to false or is not set, users will be able to pin or |
| // remove the icon via its contextual menu. |
| // |
| // If the policy "EnableMediaRouter" is set to false, then this policy's value |
| // would have no effect, and the toolbar icon would not be shown. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message ShowCastIconInToolbarProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ShowCastIconInToolbar = 2; |
| } |
| |
| // Allow Google Cast to connect to Cast devices on all IP addresses. |
| // |
| // If this policy is set to true, Google Cast will connect to Cast devices on |
| // all IP addresses, not just RFC1918/RFC4193 private addresses. |
| // |
| // If this policy is set to false, Google Cast will connect to Cast devices on |
| // RFC1918/RFC4193 private addresses only. |
| // |
| // If this policy is not set, Google Cast will connect to Cast devices on |
| // RFC1918/RFC4193 private addresses only, unless the CastAllowAllIPs feature is |
| // enabled. |
| // |
| // If the policy "EnableMediaRouter" is set to false, then this policy's value |
| // would have no effect. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message MediaRouterCastAllowAllIPsProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool MediaRouterCastAllowAllIPs = 2; |
| } |
| |
| // Enable Android Backup Service |
| // |
| // This policy was removed in Google Chrome OS 68 and replaced by |
| // ArcBackupRestoreServiceEnabled. |
| // |
| // Supported on: |
| message ArcBackupRestoreEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ArcBackupRestoreEnabled = 2; |
| } |
| |
| // Enable Android Google Location Service |
| // |
| // This policy was removed in Google Chrome OS 68 and replaced by |
| // ArcGoogleLocationServicesEnabled. |
| // |
| // Supported on: |
| message ArcLocationServiceEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ArcLocationServiceEnabled = 2; |
| } |
| |
| // Show content suggestions on the New Tab page |
| // |
| // If this is set to true or not set, the New Tab page may show content |
| // suggestions based on the user's browsing history, interests, or location. |
| // |
| // If this is set to false, automatically-generated content suggestions are not |
| // shown on the New Tab page. |
| // |
| // Supported on: android |
| message NTPContentSuggestionsEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool NTPContentSuggestionsEnabled = 2; |
| } |
| |
| // Restrict the range of local UDP ports used by WebRTC |
| // |
| // If the policy is set, the UDP port range used by WebRTC is restricted to the |
| // specified port interval (endpoints included). |
| // |
| // If the policy is not set, or if it is set to the empty string or an invalid |
| // port range, WebRTC is allowed to use any available local UDP port. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message WebRtcUdpPortRangeProto { |
| optional PolicyOptions policy_options = 1; |
| optional string WebRtcUdpPortRange = 2; |
| } |
| |
| // Set an external source of URL restrictions |
| // |
| // When this policy is set to a non-empty string the WebView will read URL |
| // restrictions from the content provider with the given authority name. |
| // |
| // Supported on: webview_android |
| message WebRestrictionsAuthorityProto { |
| optional PolicyOptions policy_options = 1; |
| optional string WebRestrictionsAuthority = 2; |
| } |
| |
| // Enable component updates in Google Chrome |
| // |
| // Enables component updates for all components in Google Chrome when not set or |
| // set to True. |
| // |
| // If set to False, updates to components are disabled. However, some components |
| // are exempt from this policy: updates to any component that does not contain |
| // executable code, or does not significantly alter the behavior of the browser, |
| // or is critical for its security will not be disabled. |
| // Examples of such components include the certificate revocation lists and Safe |
| // Browsing data. |
| // See https://developers.google.com/safe-browsing for more info on Safe |
| // Browsing. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message ComponentUpdatesEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ComponentUpdatesEnabled = 2; |
| } |
| |
| // Native Printing |
| // |
| // Configures a list of printers. |
| // |
| // This policy allows administrators to provide printer configurations for |
| // their users. |
| // |
| // display_name and description are free-form strings that can be customized for |
| // ease of printer selection. manufacturer and model serve to ease printer |
| // identification by end users. They represent the manufacturer and model of the |
| // printer. uri should be an address reachable from a client computer including |
| // the scheme, port, and queue. uuid is optional. If provided, it is used to |
| // help deduplicate zeroconf printers. |
| // |
| // Either effective_model should contain the name of the printer or autoconf |
| // should be set to true. The printers with both or without any properties will |
| // be ignored. |
| // |
| // Printer setup is completed upon the first use of a printer. PPDs are not |
| // downloaded until the printer is used. After that time, frequently used PPDs |
| // are cached. |
| // |
| // This policy has no effect on whether users can configure printers on |
| // individual devices. It is intended to be supplementary to the configuration |
| // of printers by individual users. |
| // |
| // For Active Directory managed devices this policy supports expansion of |
| // ${MACHINE_NAME[,pos[,count]]} to the Active Directory machine name or a |
| // substring of it. For example, if the machine name is CHROMEBOOK, then |
| // ${MACHINE_NAME,6,4} would be replaced by the 4 characters starting after the |
| // 6th position, i.e. BOOK. Note that the position is zero-based. |
| // |
| // Supported on: chrome_os |
| message NativePrintersProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList NativePrinters = 2; |
| } |
| |
| // Enterprise printer configuration file |
| // |
| // Provides configurations for enterprise printers. |
| // |
| // This policy allows you to provide printer configurations to Google Chrome OS |
| // devices. The format is the same as the NativePrinters dictionary, with an |
| // additional required "id" or "guid" field per printer for whitelisting or |
| // blacklisting. |
| // |
| // The size of the file must not exceed 5MB and must be encoded in JSON. It is |
| // estimated that a file containing approximately 21,000 printers will encode as |
| // a 5MB file. The cryptographic hash is used to verify the integrity of the |
| // download. |
| // |
| // The file is downloaded and cached. It will be re-downloaded whenever the URL |
| // or the hash changes. |
| // |
| // If this policy is set, Google Chrome OS will download the file for printer |
| // configurations and make printers available in accordance with |
| // NativePrintersBulkAccessMode, NativePrintersBulkWhitelist, and |
| // NativePrintersBulkBlacklist. |
| // |
| // If you set this policy, users cannot change or override it. |
| // |
| // This policy has no effect on whether users can configure printers on |
| // individual devices. It is intended to be supplementary to the configuration |
| // of printers by individual users. |
| // |
| // Supported on: chrome_os |
| message NativePrintersBulkConfigurationProto { |
| optional PolicyOptions policy_options = 1; |
| optional string NativePrintersBulkConfiguration = 2; |
| } |
| |
| // Printer configuration access policy. |
| // |
| // Controls which printers from the NativePrintersBulkConfiguration are |
| // available to users. |
| // |
| // Designates which access policy is used for bulk printer configuration. If |
| // AllowAll is selected, all printers are shown. If BlacklistRestriction is |
| // selected, NativePrintersBulkBlacklist is used to restrict access to the |
| // specified printers. If WhitelistPrintersOnly is selected, |
| // NativePrintersBulkWhitelist designates only those printers which are |
| // selectable. |
| // |
| // If this policy is not set, AllowAll is assumed. |
| // |
| // Valid values: |
| // 0: All printers are shown except those in the blacklist. |
| // 1: Only printers in the whitelist are shown to users |
| // 2: Allow all printers from the configuration file. |
| // |
| // Supported on: chrome_os |
| message NativePrintersBulkAccessModeProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 NativePrintersBulkAccessMode = 2; |
| } |
| |
| // Disabled enterprise printers |
| // |
| // Specifies the printers which a user cannot use. |
| // |
| // This policy is only used if BlacklistRestriction is chosen for |
| // NativePrintersBulkAccessMode. |
| // |
| // If this policy is used, all printers are provided to the user except for the |
| // ids listed in this policy. The ids must correspond to the "id" or "guid" |
| // fields in the file specified in NativePrintersBulkConfiguration. |
| // |
| // Supported on: chrome_os |
| message NativePrintersBulkBlacklistProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList NativePrintersBulkBlacklist = 2; |
| } |
| |
| // Enabled enterprise printers |
| // |
| // Specifies the printers which a user can use. |
| // |
| // This policy is only used if WhitelistPrintersOnly is chosen for |
| // NativePrintersBulkAccessMode. |
| // |
| // If this policy is used, only the printers with ids matching the values in |
| // this policy are available to the user. The ids must correspond to the "id" or |
| // "guid" fields in the file specified in NativePrintersBulkConfiguration. |
| // |
| // Supported on: chrome_os |
| message NativePrintersBulkWhitelistProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList NativePrintersBulkWhitelist = 2; |
| } |
| |
| // Configure allowed quick unlock modes |
| // |
| // A whitelist controlling which quick unlock modes the user can configure and |
| // use to unlock the lock screen. |
| // |
| // This value is a list of strings; valid list entries are: "all", "PIN", |
| // "FINGERPRINT". Adding "all" to the list means that every quick unlock mode is |
| // available to the user, including ones implemented in the future. Otherwise, |
| // only the quick unlock modes present in the list will be available. |
| // |
| // For example, to allow every quick unlock mode, use ["all"]. To allow only PIN |
| // unlock, use ["PIN"]. To allow PIN and fingerprint, use ["PIN", |
| // "FINGERPRINT"]. To disable all quick unlock modes, use []. |
| // |
| // By default, no quick unlock modes are available for managed devices. |
| // |
| // Supported on: chrome_os |
| message QuickUnlockModeWhitelistProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList QuickUnlockModeWhitelist = 2; |
| } |
| |
| // Set how often user has to enter password to use quick unlock |
| // |
| // This setting controls how often the lock screen will request the password to |
| // be entered in order to continue using quick unlock. Each time the lock screen |
| // is entered, if the last password entry was more than this setting, the quick |
| // unlock will not be available on entering the lock screen. Should the user |
| // stay on the lock screen past this period of time, a password will be |
| // requested next time the user enters the wrong code, or re-enters the lock |
| // screen, whichever comes first. |
| // |
| // If this setting is configured, users using quick unlock will be requested to |
| // enter their passwords on the lock screen depending on this setting. |
| // |
| // If this setting is not configured, users using quick unlock will be requested |
| // to enter their password on the lock screen every day. |
| // |
| // Valid values: |
| // 0: Password entry is required every six hours |
| // 1: Password entry is required every twelve hours |
| // 2: Password entry is required every two days (48 hours) |
| // 3: Password entry is required every week (168 hours) |
| // |
| // Supported on: chrome_os |
| message QuickUnlockTimeoutProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 QuickUnlockTimeout = 2; |
| } |
| |
| // Set the minimum length of the lock screen PIN |
| // |
| // If the policy is set, the configured minimal PIN length is |
| // enforced. (The absolute minimum PIN length is 1; values less than 1 |
| // are treated as 1.) |
| // |
| // If the policy is not set, a minimal PIN length of 6 digits is |
| // enforced. This is the recommended minimum. |
| // |
| // Supported on: chrome_os |
| message PinUnlockMinimumLengthProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 PinUnlockMinimumLength = 2; |
| } |
| |
| // Set the maximum length of the lock screen PIN |
| // |
| // If the policy is set, the configured maximal PIN length is enforced. A value |
| // of 0 or less means no maximum length; in that case the user may set a PIN as |
| // long as they want. If this setting is less than PinUnlockMinimumLength but |
| // greater than 0, the maximum length is the same as the minimum length. |
| // |
| // If the policy is not set, no maximum length is enforced. |
| // |
| // Supported on: chrome_os |
| message PinUnlockMaximumLengthProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 PinUnlockMaximumLength = 2; |
| } |
| |
| // Enable users to set weak PINs for the lock screen PIN |
| // |
| // If false, users will be unable to set PINs which are weak and easy to guess. |
| // |
| // Some example weak PINs: PINs containing only one digit (1111), PINs whose |
| // digits are increasing by 1 (1234), PINs whose digits are decreasing by 1 |
| // (4321), and PINs which are commonly used. |
| // |
| // By default, users will get a warning, not error, if the PIN is considered |
| // weak. |
| // |
| // Supported on: chrome_os |
| message PinUnlockWeakPinsAllowedProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool PinUnlockWeakPinsAllowed = 2; |
| } |
| |
| // Allow SMS Messages to be synced from phone to Chromebook. |
| // |
| // If this setting is enabled, users will be allowed to set up their devices to |
| // sync SMS messages between their phones and Chromebooks. Note that if this |
| // policy is allowed, users must explicitly opt into this feature by completing |
| // a setup flow. Once the setup flow is complete, users will be able to send and |
| // receive SMS messages on their Chromebooks. |
| // |
| // If this setting is disabled, users will not be allowed to set up SMS syncing. |
| // |
| // If this policy is left not set, the default is not allowed for managed users |
| // and allowed for non-managed users. |
| // |
| // Supported on: chrome_os |
| message SmsMessagesAllowedProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool SmsMessagesAllowed = 2; |
| } |
| |
| // Allow Smart Lock Signin to be used. |
| // |
| // If this setting is enabled, users will be allowed to sign into their account |
| // with Smart Lock. This is more permissive than usual Smart Lock behavior which |
| // only allows users to unlock their screen. |
| // |
| // If this setting is disabled, users will not be allowed to use Smart Lock |
| // Signin. |
| // |
| // If this policy is left not set, the default is not allowed for enterprise- |
| // managed users and allowed for non-managed users. |
| // |
| // Supported on: chrome_os |
| message SmartLockSigninAllowedProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool SmartLockSigninAllowed = 2; |
| } |
| |
| // Allow Instant Tethering to be used. |
| // |
| // If this setting is enabled, users will be allowed to use Instant Tethering, |
| // which allows their Google phone to share its mobile data with their device. |
| // |
| // If this setting is disabled, users will not be allowed to use Instant |
| // Tethering. |
| // |
| // If this policy is left not set, the default is not allowed for enterprise- |
| // managed users and allowed for non-managed users. |
| // |
| // Supported on: chrome_os |
| message InstantTetheringAllowedProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool InstantTetheringAllowed = 2; |
| } |
| |
| // Allow queries to a Google time service |
| // |
| // Setting this policy to false stops Google Chrome from occasionally sending |
| // queries to a Google server to retrieve an accurate timestamp. These queries |
| // will be enabled if this policy is set to True or is not set. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message BrowserNetworkTimeQueriesEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool BrowserNetworkTimeQueriesEnabled = 2; |
| } |
| |
| // Use System Default Printer as Default |
| // |
| // Causes Google Chrome to use the system default printer as the default choice |
| // in Print Preview instead of the most recently used printer. |
| // |
| // If you disable this setting or do not set a value, Print Preview will use the |
| // most recently used printer as the default destination choice. |
| // |
| // If you enable this setting, Print Preview will use the OS system default |
| // printer as the default destination choice. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message PrintPreviewUseSystemDefaultPrinterProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool PrintPreviewUseSystemDefaultPrinter = 2; |
| } |
| |
| // Migration strategy for ecryptfs |
| // |
| // Specifies the action that should be taken when the user's home directory was |
| // created with ecryptfs encryption. |
| // |
| // If you set this policy to 'DisallowArc', Android apps will be disabled for |
| // the user and no migration from ecryptfs to ext4 encryption will be performed. |
| // Android apps will not be prevented from running when the home directory is |
| // already ext4-encrypted. |
| // |
| // If you set this policy to 'Migrate', ecryptfs-encrypted home directories will |
| // be automatically migrated to ext4 encryption on sign-in without asking for |
| // user consent. |
| // |
| // If you set this policy to 'Wipe', ecryptfs-encrypted home directories will be |
| // deleted on sign-in and new ext4-encrypted home directories will be created |
| // instead. Warning: This removes the user's local data. |
| // |
| // If you set this policy to 'MinimalMigrate', ecryptfs-encrypted home |
| // directories will be deleted on sign-in and new ext4-encrypted home |
| // directories will be created instead. However, it will be attempted to |
| // preserve login tokens so that the user does not have to sign in again. |
| // Warning: This removes the user's local data. |
| // |
| // If you set this policy to an option that is no longer supported ('AskUser' or |
| // 'AskForEcryptfsArcUsers'), it will be treated as if you had selected |
| // 'Migrate' instead. |
| // |
| // This policy does not apply to kiosk users. If this policy is left not set, |
| // the device will behave as if 'DisallowArc' was chosen. |
| // |
| // Valid values: |
| // 0: Disallow data migration and ARC. |
| // 1: Migrate automatically, don’t ask for user consent. |
| // 2: Wipe the user’s ecryptfs home directory and start with a fresh |
| // ext4-encrypted home directory. |
| // 4: Similar to Wipe (value 2), but tries to preserve login tokens so the |
| // user does not have to sign in again. |
| // |
| // Supported on: chrome_os |
| message EcryptfsMigrationStrategyProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 EcryptfsMigrationStrategy = 2; |
| } |
| |
| // Select task scheduler configuration |
| // |
| // Instructs Google Chrome OS to use the task scheduler configuration identified |
| // by the specified name. |
| // |
| // This policy can be set to "conservative" and "performance", which select task |
| // scheduler configurations that are tuned for stability vs. maximum |
| // performance, respectively. |
| // |
| // If the policy is left unset, the user can make their own choice. |
| // |
| // Valid values: |
| // conservative: Optimize for stability. |
| // performance: Optimize for performance. |
| // |
| // Supported on: chrome_os |
| message SchedulerConfigurationProto { |
| optional PolicyOptions policy_options = 1; |
| optional string SchedulerConfiguration = 2; |
| } |
| |
| // Whitelist note-taking apps allowed on the Google Chrome OS lock screen |
| // |
| // Specifies list of apps that can be enabled as a note-taking app on the Google |
| // Chrome OS lock screen. |
| // |
| // If the preferred note-taking app is enabled on the lock screen, the lock |
| // screen will contain UI element for launching the preferred note taking app. |
| // When launched, the app will be able to create an app window on top of the |
| // lock screen, and create data items (notes) in the lock screen context. The |
| // app will be able to import created notes to the primary user session, when |
| // the session is unlocked. Currently, only Chrome note-taking apps are |
| // supported on the lock screen. |
| // |
| // If the policy is set, the user will be allowed to enable an app on the lock |
| // screen only if the app's extension ID is contained in the policy list value. |
| // As a consequence, setting this policy to an empty list will disable note- |
| // taking on the lock screen entirely. |
| // Note that the policy containing an app ID does not necessarily mean that the |
| // user will be able to enable the app as a note-taking app on the lock screen - |
| // for example, on Chrome 61, the set of available apps is additionally |
| // restricted by the platform. |
| // |
| // If the policy is left unset, there will be no restrictions on the set of apps |
| // the user can enable on the lock screen imposed by the policy. |
| // |
| // Supported on: chrome_os |
| message NoteTakingAppsLockScreenWhitelistProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList NoteTakingAppsLockScreenWhitelist = 2; |
| } |
| |
| // Enable casting content to the device |
| // |
| // Allow content to be cast to the device using Google Cast. |
| // |
| // If this policy is set to False, users will not be able to cast content to |
| // their device. If this policy is set to True, users are allowed to cast |
| // content. If this policy is not set, users are not allowed to cast content to |
| // enrolled Chrome OS devices, but can cast to non enrolled devices. |
| // |
| // Supported on: chrome_os |
| message CastReceiverEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool CastReceiverEnabled = 2; |
| } |
| |
| // Google Chrome cloud policy overrides Platform policy. |
| // |
| // |
| // If the policy is set to true, cloud policy takes precedence if it conflicts |
| // with platform policy. |
| // If the policy is set to false or not configured, platform policy takes |
| // precedence if it conflicts with cloud policy. |
| // |
| // This policy is only available as a mandatory machine platform policy and it |
| // only affects machine scope cloud policies. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message CloudPolicyOverridesPlatformPolicyProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool CloudPolicyOverridesPlatformPolicy = 2; |
| } |
| |
| // Ask where to save each file before downloading |
| // |
| // |
| // If the policy is enabled, the user will be asked where to save each file |
| // before downloading. |
| // If the policy is disabled, downloads will start immediately, and the user |
| // will not be asked where to save the file. |
| // If the policy is not configured, the user will be able to change this |
| // setting. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message PromptForDownloadLocationProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool PromptForDownloadLocation = 2; |
| } |
| |
| // Enable Site Isolation for specified origins |
| // |
| // |
| // If the policy is enabled, each of the named origins in a |
| // comma-separated list will run in its own process. This will also isolate |
| // origins named by subdomains; e.g. specifying https://example.com/ will |
| // also cause https://foo.example.com/ to be isolated as part of the |
| // https://example.com/ site. |
| // If the policy is not configured or disabled, the user will be able to change |
| // this setting. |
| // |
| // NOTE: This policy does not apply on Android. To enable IsolateOrigins on |
| // Android, use the IsolateOriginsAndroid policy setting. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message IsolateOriginsProto { |
| optional PolicyOptions policy_options = 1; |
| optional string IsolateOrigins = 2; |
| } |
| |
| // Enable Site Isolation for every site |
| // |
| // |
| // This setting, SitePerProcess, may be used to disallow users from opting out |
| // of the default behavior of isolating all sites. Note that the IsolateOrigins |
| // policy may also be useful for isolating additional, finer-grained origins. |
| // If the policy is enabled, users will be unable to opt out of the default |
| // behavior where each site runs in its own process. |
| // If the policy is not configured or disabled, the user will be able to opt out |
| // of site isolation |
| // (e.g. using "Disable site isolation" entry in chrome://flags). Setting the |
| // policy to disabled and/or not configuring the policy does not turn off Site |
| // Isolation. |
| // On Google Chrome OS version 76 and earlier, it is recommended to also set the |
| // DeviceLoginScreenSitePerProcess device policy to the same value. If the |
| // values specified by the two policies don't match, a delay may be incurred |
| // when entering a user session while the value specified by user policy is |
| // being applied. |
| // |
| // NOTE: This policy does not apply on Android. To enable SitePerProcess on |
| // Android, use the SitePerProcessAndroid policy setting. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message SitePerProcessProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool SitePerProcess = 2; |
| } |
| |
| // Enable Site Isolation for specified origins on Android devices |
| // |
| // |
| // If the policy is enabled, each of the named origins in a |
| // comma-separated list will run in its own process. This will also isolate |
| // origins named by subdomains; e.g. specifying https://example.com/ will |
| // also cause https://foo.example.com/ to be isolated as part of the |
| // https://example.com/ site. |
| // If the policy is disabled, no explicit Site Isolation will happen and field |
| // trials of IsolateOriginsAndroid and SitePerProcessAndroid will be disabled. |
| // Users will still be able to enable IsolateOrigins manually, via command line |
| // flag. |
| // If the policy is not configured, the user will be able to change this |
| // setting. |
| // |
| // NOTE: On Android, Site Isolation is experimental. Support will improve over |
| // time, but currently it may cause performance problems. |
| // |
| // NOTE: This policy applies only to Chrome on Android running on devices with |
| // strictly more than 1GB of RAM. To apply the policy on non-Android platforms, |
| // use IsolateOrigins. |
| // |
| // Supported on: android |
| message IsolateOriginsAndroidProto { |
| optional PolicyOptions policy_options = 1; |
| optional string IsolateOriginsAndroid = 2; |
| } |
| |
| // Enable Site Isolation for every site |
| // |
| // |
| // You might want to look at the IsolateOriginsAndroid policy setting to get the |
| // best of both worlds, isolation and limited impact for users, by using |
| // IsolateOriginsAndroid with a list of the sites you want to isolate. This |
| // setting, SitePerProcessAndroid, isolates all sites. |
| // If the policy is enabled, each site will run in its own process. |
| // If the policy is disabled, no explicit Site Isolation will happen and field |
| // trials of IsolateOriginsAndroid and SitePerProcessAndroid will be disabled. |
| // Users will still be able to enable SitePerProcess manually. |
| // If the policy is not configured, the user will be able to change this |
| // setting. |
| // |
| // NOTE: On Android, Site Isolation is experimental. Support will improve over |
| // time, but currently it may cause performance problems. |
| // |
| // NOTE: This policy applies only to Chrome on Android running on devices with |
| // strictly more than 1GB of RAM. To apply the policy on non-Android platforms, |
| // use SitePerProcess. |
| // |
| // Supported on: android |
| message SitePerProcessAndroidProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool SitePerProcessAndroid = 2; |
| } |
| |
| // Allow WebDriver to Override Incompatible Policies |
| // |
| // This policy allows users of the WebDriver feature to override |
| // policies which can interfere with its operation. |
| // |
| // Currently this policy disables SitePerProcess and IsolateOrigins policies. |
| // |
| // If the policy is enabled, WebDriver will be able to override incomaptible |
| // policies. |
| // If the policy is disabled or not configured, WebDriver will not be allowed |
| // to override incompatible policies. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message WebDriverOverridesIncompatiblePoliciesProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool WebDriverOverridesIncompatiblePolicies = 2; |
| } |
| |
| // Origins or hostname patterns for which restrictions on |
| // insecure origins should not apply |
| // |
| // Deprecated in M69. Use |
| // OverrideSecurityRestrictionsOnInsecureOrigin instead. |
| // |
| // The policy specifies a list of origins (URLs) or hostname patterns (such |
| // as "*.example.com") for which security restrictions on insecure origins |
| // will not apply. |
| // |
| // The intent is to allow organizations to whitelist origins for legacy |
| // applications that cannot deploy TLS, or to set up a staging server for |
| // internal web development so that their developers can test out features |
| // requiring secure contexts without having to deploy TLS on the staging |
| // server. This policy will also prevent the origin from being labeled |
| // "Not Secure" in the omnibox. |
| // |
| // Setting a list of URLs in this policy has the same effect as setting the |
| // command-line flag '--unsafely-treat-insecure-origin-as-secure' to a |
| // comma-separated list of the same URLs. If the policy is set, it will |
| // override the command-line flag. |
| // |
| // This policy is deprecated in M69 in favor of |
| // OverrideSecurityRestrictionsOnInsecureOrigin. If both policies are |
| // present, OverrideSecurityRestrictionsOnInsecureOrigin will override this |
| // policy. |
| // |
| // For more information on secure contexts, see |
| // https://www.w3.org/TR/secure-contexts/ |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message UnsafelyTreatInsecureOriginAsSecureProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList UnsafelyTreatInsecureOriginAsSecure = 2; |
| } |
| |
| // Set default download directory |
| // |
| // Configures the default directory that Google Chrome will use for downloading |
| // files. |
| // |
| // If you set this policy, it will change the default directory that Google |
| // Chrome downloads files to. This policy is not mandatory, so the user will be |
| // able to change the directory. |
| // |
| // If you do not set this policy, Google Chrome will use its usual default |
| // directory (platform-specific). |
| // |
| // See https://www.chromium.org/administrators/policy-list-3/user-data- |
| // directory-variables for a list of variables that can be used. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| // |
| // Note: this policy must have a RECOMMENDED PolicyMode set in PolicyOptions. |
| message DefaultDownloadDirectoryProto { |
| optional PolicyOptions policy_options = 1; |
| optional string DefaultDownloadDirectory = 2; |
| } |
| |
| // Abusive Experience Intervention Enforce |
| // |
| // Allows you to set whether sites with abusive experiences should be prevented |
| // from opening new windows or tabs. |
| // |
| // If this policy is set to True, sites with abusive experiences will be |
| // prevented from opening new windows or tabs. |
| // However this behavior will not trigger if SafeBrowsingEnabled policy is set |
| // to False. |
| // If this policy is set to False, sites with abusive experiences will be |
| // allowed to open new windows or tabs. |
| // If this policy is left not set, True will be used. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message AbusiveExperienceInterventionEnforceProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool AbusiveExperienceInterventionEnforce = 2; |
| } |
| |
| // Force enable spellcheck languages |
| // |
| // Force-enables spellcheck languages. Unrecognized languages in the list will |
| // be ignored. |
| // |
| // If you enable this policy, spellcheck will be enabled for the languages |
| // specified, in addition to the languages for which the user has enabled |
| // spellcheck. |
| // |
| // If you do not set this policy, or disable it, there will be no change to the |
| // user's spellcheck preferences. |
| // |
| // If the SpellcheckEnabled policy is set to false, this policy will have no |
| // effect. |
| // |
| // If a language is included in both this policy and the |
| // SpellcheckLanguageBlacklist policy, this policy is prioritized and the |
| // spellcheck language is enabled. |
| // |
| // The currently supported languages are: af, bg, ca, cs, da, de, el, en-AU, en- |
| // CA, en-GB, en-US, es, es-419, es-AR, es-ES, es-MX, es-US, et, fa, fo, fr, he, |
| // hi, hr, hu, id, it, ko, lt, lv, nb, nl, pl, pt-BR, pt-PT, ro, ru, sh, sk, sl, |
| // sq, sr, sv, ta, tg, tr, uk, vi. |
| // |
| // Supported on: chrome_os, linux, win |
| message SpellcheckLanguageProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList SpellcheckLanguage = 2; |
| } |
| |
| // Force disable spellcheck languages |
| // |
| // Force-disables spellcheck languages. Unrecognized languages in that list will |
| // be ignored. |
| // |
| // If you enable this policy, spellcheck will be disabled for the languages |
| // specified. The user can still enable or disable spellcheck for languages not |
| // in the list. |
| // |
| // If you do not set this policy, or disable it, there will be no change to the |
| // user's spellcheck preferences. |
| // |
| // If the SpellcheckEnabled policy is set to false, this policy will have no |
| // effect. |
| // |
| // If a language is included in both this policy and the SpellcheckLanguage |
| // policy, the latter is prioritized and the spellcheck language will be |
| // enabled. |
| // |
| // The currently supported languages are: af, bg, ca, cs, da, de, el, en-AU, en- |
| // CA, en-GB, en-US, es, es-419, es-AR, es-ES, es-MX, es-US, et, fa, fo, fr, he, |
| // hi, hr, hu, id, it, ko, lt, lv, nb, nl, pl, pt-BR, pt-PT, ro, ru, sh, sk, sl, |
| // sq, sr, sv, ta, tg, tr, uk, vi. |
| // |
| // Supported on: chrome_os, linux, win |
| message SpellcheckLanguageBlacklistProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList SpellcheckLanguageBlacklist = 2; |
| } |
| |
| // Enable third party software injection blocking |
| // |
| // If the policy is set to false then third party software will be allowed to |
| // inject executable code into Chrome's processes. If the policy is unset or set |
| // to true then third party software will be prevented from injecting executable |
| // code into Chrome's processes. |
| // |
| // Regardless of the value of this policy, the browser will not currently block |
| // third party software from injecting executable code into its processes on a |
| // machine that is joined to a Microsoft® Active Directory® domain. |
| // |
| // Supported on: win |
| message ThirdPartyBlockingEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ThirdPartyBlockingEnabled = 2; |
| } |
| |
| // Enable spellcheck |
| // |
| // If this policy is not set, the user can enable or disable spellcheck in the |
| // language settings. |
| // |
| // If this policy is set to true, spellcheck is enabled and the user cannot |
| // disable it. On Microsoft® Windows, Google Chrome OS and Linux, spellcheck |
| // languages can be individually toggled on or off, so the user can still |
| // effectively disable spellcheck by toggling off every spellcheck language. To |
| // avoid that, the SpellcheckLanguage policy can be used to force specific |
| // spellcheck languages to be enabled. |
| // |
| // If this policy is set to false, spellcheck is disabled and the user cannot |
| // enable it. The SpellcheckLanguage and SpellcheckLanguageBlacklist policies |
| // have no effect when this policy is set to false. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message SpellcheckEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool SpellcheckEnabled = 2; |
| } |
| |
| // Ads setting for sites with intrusive ads |
| // |
| // Allows you to set whether ads should be blocked on sites with intrusive ads. |
| // |
| // If this policy is set to 2, ads will be blocked on sites with intrusive ads. |
| // However this behavior will not trigger if SafeBrowsingEnabled policy is set |
| // to False. |
| // If this policy is set to 1, ads will not be blocked on sites with intrusive |
| // ads. |
| // If this policy is left not set, 2 will be used. |
| // |
| // Valid values: |
| // 1: Allow ads on all sites |
| // 2: Do not allow ads on sites with intrusive ads |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message AdsSettingForIntrusiveAdsSitesProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 AdsSettingForIntrusiveAdsSites = 2; |
| } |
| |
| // Restrict accounts that are visible in Google Chrome |
| // |
| // Contains a list of patterns which are used to control the visiblity of |
| // accounts in Google Chrome. |
| // |
| // Each Google account on the device will be compared to patterns stored in this |
| // policy to determine the account visibility in Google Chrome. The account will |
| // be visible if its name matches any pattern on the list. Otherwise, the |
| // account will be hidden. |
| // |
| // Use the wildcard character '*' to match zero or more arbitrary characters. |
| // The escape character is '\', so to match actual '*' or '\' characters, put a |
| // '\' in front of them. |
| // |
| // If this policy is not set, all Google accounts on the device will be visible |
| // in Google Chrome. |
| // |
| // Supported on: android |
| message RestrictAccountsToPatternsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList RestrictAccountsToPatterns = 2; |
| } |
| |
| // Password protection warning trigger |
| // |
| // Allows you to control the triggering of password protection warning. Password |
| // protection alerts users when they reuse their protected password on |
| // potentially suspicious sites. |
| // |
| // You can use 'PasswordProtectionLoginURLs' and |
| // 'PasswordProtectionChangePasswordURL' policies to configure which password to |
| // protect. |
| // |
| // If this policy is set to 'PasswordProtectionWarningOff', no password |
| // protection warning will be shown. |
| // If this policy is set to 'PasswordProtectionWarningOnPasswordReuse', password |
| // protection warning will be shown when the user reuses their protected |
| // password on a non-whitelisted site. |
| // If this policy is set to 'PasswordProtectionWarningOnPhishingReuse', password |
| // protection warning will be shown when the user reuses their protected |
| // password on a phishing site. |
| // If this policy is left unset, password protection service will only protect |
| // Google passwords but the user will be able to change this setting. |
| // |
| // Valid values: |
| // 0: Password protection warning is off |
| // 1: Password protection warning is triggered by password reuse |
| // 2: Password protection warning is triggered by password reuse on phishing |
| // page |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message PasswordProtectionWarningTriggerProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 PasswordProtectionWarningTrigger = 2; |
| } |
| |
| // Notify a user that a browser relaunch or device restart is recommended or |
| // required |
| // |
| // Notify users that Google Chrome must be relaunched or Google Chrome OS must |
| // be restarted to apply a pending update. |
| // |
| // This policy setting enables notifications to inform the user that a browser |
| // relaunch or device restart is recommended or required. If not set, Google |
| // Chrome indicates to the user that a relaunch is needed via subtle changes to |
| // its menu, while Google Chrome OS indicates such via a notification in the |
| // system tray. If set to 'Recommended', a recurring warning will be shown to |
| // the user that a relaunch is recommended. The user can dismiss this warning to |
| // defer the relaunch. If set to 'Required', a recurring warning will be shown |
| // to the user indicating that a browser relaunch will be forced once the |
| // notification period passes. The default period is seven days for Google |
| // Chrome and four days for Google Chrome OS, and may be configured via the |
| // RelaunchNotificationPeriod policy setting. |
| // |
| // The user's session is restored following the relaunch/restart. |
| // |
| // Valid values: |
| // 1: Show a recurring prompt to the user indicating that a relaunch is |
| // recommended |
| // 2: Show a recurring prompt to the user indicating that a relaunch is |
| // required |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message RelaunchNotificationProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 RelaunchNotification = 2; |
| } |
| |
| // Set the time period for update notifications |
| // |
| // Allows you to set the time period, in milliseconds, over which users are |
| // notified that Google Chrome must be relaunched or that a Google Chrome OS |
| // device must be restarted to apply a pending update. |
| // |
| // Over this time period, the user will be repeatedly informed of the need for |
| // an update. For Google Chrome OS devices, a restart notification appears in |
| // the system tray according to the RelaunchHeadsUpPeriod policy. For Google |
| // Chrome browsers, the app menu changes to indicate that a relaunch is needed |
| // once one third of the notification period passes. This notification changes |
| // color once two thirds of the notification period passes, and again once the |
| // full notification period has passed. The additional notifications enabled by |
| // the RelaunchNotification policy follow this same schedule. |
| // |
| // If not set, the default period of 345600000 milliseconds (four days) is used |
| // for Google Chrome OS devices and 604800000 milliseconds (one week) for Google |
| // Chrome. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message RelaunchNotificationPeriodProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 RelaunchNotificationPeriod = 2; |
| } |
| |
| // Set the time of the first user relaunch notification |
| // |
| // Allows you to set the time period, in milliseconds, between the first |
| // notification that a Google Chrome OS device must be restarted to apply a |
| // pending update and the end of the time period specified by the |
| // RelaunchNotificationPeriod policy. |
| // |
| // If not set, the default period of 86400000 milliseconds (one day) is used for |
| // Google Chrome OS devices. |
| // |
| // Supported on: chrome_os |
| message RelaunchHeadsUpPeriodProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 RelaunchHeadsUpPeriod = 2; |
| } |
| |
| // User is enabled to run Crostini |
| // |
| // Enable this user to run Crostini. |
| // |
| // If the policy is set to false, Crostini is not enabled for the user. |
| // If set to true or left unset, Crostini is enabled for the user as long as |
| // other settings also allow it. |
| // All three policies, VirtualMachinesAllowed, CrostiniAllowed, and |
| // DeviceUnaffiliatedCrostiniAllowed need to be true when they apply for |
| // Crostini to be allowed to run. |
| // When this policy is changed to false, it applies to starting new Crostini |
| // containers but does not shut down containers which are already running. |
| // |
| // Supported on: chrome_os |
| message CrostiniAllowedProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool CrostiniAllowed = 2; |
| } |
| |
| // User is enabled to export / import Crostini containers via the UI |
| // |
| // If the policy is set to false, the export / import UI will not be available |
| // to users, however it is still possible to use 'lxc' commands directly in the |
| // virtual machine to export and import container images. |
| // |
| // Supported on: chrome_os |
| message CrostiniExportImportUIAllowedProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool CrostiniExportImportUIAllowed = 2; |
| } |
| |
| // Configure the list of domains on which Safe Browsing will not trigger |
| // warnings. |
| // |
| // Configure the list of domains which Safe Browsing will trust. This means: |
| // Safe Browsing will not check for dangerous resources (e.g. phishing, malware, |
| // or unwanted software) if their URLs match these domains. |
| // Safe Browsing's download protection service will not check downloads hosted |
| // on these domains. |
| // Safe Browsing's password protection service will not check for password reuse |
| // if the page URL matches these domains. |
| // |
| // If this setting is enabled, then Safe Browsing will trust these domains. |
| // If this setting is disabled or not set, then default Safe Browsing protection |
| // is applied to all resources. |
| // This policy is available only on Windows instances that are joined to a |
| // Microsoft® Active Directory® domain. or Windows 10 Pro or Enterprise |
| // instances that enrolled for device management. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message SafeBrowsingWhitelistDomainsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList SafeBrowsingWhitelistDomains = 2; |
| } |
| |
| // Configure the list of enterprise login URLs where password protection service |
| // should capture fingerprint of password. |
| // |
| // Configure the list of enterprise login URLs (HTTP and HTTPS schemes only). |
| // Fingerprint of password will be captured on these URLs and used for password |
| // reuse detection. |
| // In order for Google Chrome to correctly capture password fingerprints, please |
| // make sure your login pages follow the guidelines on |
| // https://www.chromium.org/developers/design-documents/create-amazing-password- |
| // forms. |
| // |
| // If this setting is enabled, then password protection service will capture |
| // fingerprint of password on these URLs for password reuse detection purpose. |
| // If this setting is disabled or not set, then password protection service will |
| // only capture password fingerprint on https://accounts.google.com. |
| // This policy is available only on Windows instances that are joined to a |
| // Microsoft® Active Directory® domain. or Windows 10 Pro or Enterprise |
| // instances that enrolled for device management. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message PasswordProtectionLoginURLsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList PasswordProtectionLoginURLs = 2; |
| } |
| |
| // Configure the change password URL. |
| // |
| // Configure the change password URL (HTTP and HTTPS schemes only). Password |
| // protection service will send users to this URL to change their password after |
| // seeing a warning in the browser. |
| // In order for Google Chrome to correctly capture the new password fingerprint |
| // on this change password page, please make sure your change password page |
| // follows the guidelines on https://www.chromium.org/developers/design- |
| // documents/create-amazing-password-forms. |
| // |
| // If this setting is enabled, then password protection service will send users |
| // to this URL to change their password after seeing a warning in the browser. |
| // If this setting is disabled or not set, then password protection service will |
| // send users to https://myaccount.google.com to change their password. |
| // This policy is available only on Windows instances that are joined to a |
| // Microsoft® Active Directory® domain. or Windows 10 Pro or Enterprise |
| // instances that enrolled for device management. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message PasswordProtectionChangePasswordURLProto { |
| optional PolicyOptions policy_options = 1; |
| optional string PasswordProtectionChangePasswordURL = 2; |
| } |
| |
| // Enable Safe Browsing Extended Reporting |
| // |
| // Enables Google Chrome's Safe Browsing Extended Reporting and prevents users |
| // from changing this setting. |
| // |
| // Extended Reporting sends some system information and page content to Google |
| // servers to help detect dangerous apps and sites. |
| // |
| // If the setting is set to true, then reports will be created and sent whenever |
| // necessary (such as when a security interstitial is shown). |
| // |
| // If the setting is set to false, reports will never be sent. |
| // |
| // If this policy is set to true or false, the user will not be able to modify |
| // the setting. |
| // |
| // If this policy is left unset, the user will be able to change the setting and |
| // decide whether to send reports or not. |
| // |
| // See https://developers.google.com/safe-browsing for more info on Safe |
| // Browsing. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message SafeBrowsingExtendedReportingEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool SafeBrowsingExtendedReportingEnabled = 2; |
| } |
| |
| // The enrollment token of cloud policy on desktop |
| // |
| // |
| // This policy is deprecated in M72. Please use CloudManagementEnrollmentToken |
| // instead. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message MachineLevelUserCloudPolicyEnrollmentTokenProto { |
| optional PolicyOptions policy_options = 1; |
| optional string MachineLevelUserCloudPolicyEnrollmentToken = 2; |
| } |
| |
| // The enrollment token of cloud policy on desktop |
| // |
| // |
| // If this policy is set, Google Chrome will try to register itself and apply |
| // associated cloud policy for all profiles. |
| // |
| // The value of this policy is an Enrollment token that can be retrieved from |
| // the Google Admin console. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message CloudManagementEnrollmentTokenProto { |
| optional PolicyOptions policy_options = 1; |
| optional string CloudManagementEnrollmentToken = 2; |
| } |
| |
| // Enable mandatory cloud management enrollment |
| // |
| // |
| // If this policy is set to True, cloud management enrollment is mandatory and |
| // blocks Chrome launch process if failed. |
| // |
| // If this policy is left unset or set to False, cloud management enrollment is |
| // optional and does not blocks Chrome launch process if failed. |
| // |
| // This policy is used by machine scope cloud policy enrollment on desktop and |
| // can be set by Registry or GPO on Windows, plist on Mac and JSON policy file |
| // on Linux. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message CloudManagementEnrollmentMandatoryProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool CloudManagementEnrollmentMandatory = 2; |
| } |
| |
| // Allow media autoplay |
| // |
| // Allows you to control if videos can play automatically (without user consent) |
| // with audio content in Google Chrome. |
| // |
| // If the policy is set to True, Google Chrome is allowed to autoplay media. |
| // If the policy is set to False, Google Chrome is not allowed to autoplay |
| // media. The AutoplayWhitelist policy can be used to override this for certain |
| // URL patterns. |
| // By default, Google Chrome is not allowed to autoplay media. The |
| // AutoplayWhitelist policy can be used to override this for certain URL |
| // patterns. |
| // |
| // Note that if Google Chrome is running and this policy changes, it will be |
| // applied only to new opened tabs. Therefore some tabs might still observe the |
| // previous behavior. |
| // |
| // Supported on: chrome_os, linux, mac, win |
| message AutoplayAllowedProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool AutoplayAllowed = 2; |
| } |
| |
| // Allow media autoplay on a whitelist of URL patterns |
| // |
| // Controls the whitelist of URL patterns that autoplay will always be enabled |
| // on. |
| // |
| // If autoplay is enabled then videos can play automatically (without user |
| // consent) with audio content in Google Chrome. |
| // |
| // A valid URL patterns specifications are: |
| // |
| // - [*.]domain.tld (matches domain.tld and all sub-domains) |
| // |
| // - host (matches an exact hostname) |
| // |
| // - scheme://host:port (supported schemes: http,https) |
| // |
| // - scheme://[*.]domain.tld:port (supported schemes: http,https) |
| // |
| // - file://path (The path has to be an absolute path and start with a '/') |
| // |
| // - a.b.c.d (matches an exact IPv4 ip) |
| // |
| // - [a:b:c:d:e:f:g:h] (matches an exact IPv6 ip) |
| // |
| // If the AutoplayAllowed policy is set to True then this policy will have no |
| // effect. |
| // |
| // If the AutoplayAllowed policy is set to False then any URL patterns set in |
| // this policy will still be allowed to play. |
| // |
| // Note that if Google Chrome is running and this policy changes, it will be |
| // applied only to new opened tabs. Therefore some tabs might still observe the |
| // previous behavior. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message AutoplayWhitelistProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList AutoplayWhitelist = 2; |
| } |
| |
| // Allow sites to simultaneously navigate and open pop-ups |
| // |
| // Deprecated in M68. Use DefaultPopupsSetting instead. |
| // |
| // For a full explanation, see |
| // https://www.chromestatus.com/features/5675755719622656. |
| // If this policy is enabled, sites will be allowed to simultaneously navigate |
| // and open new windows/tabs. |
| // If this policy is disabled or not set, sites will be disallowed from |
| // simultaneously navigating and opening a new window/tab. |
| // |
| // Supported on: |
| message TabUnderAllowedProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool TabUnderAllowed = 2; |
| } |
| |
| // Allow access to native CUPS printers |
| // |
| // Allows you to control if users can access non-enterprise printers |
| // |
| // If the policy is set to True, or not set at all, users will be able to add, |
| // configure, and print using their own native printers. |
| // |
| // If the policy is set to False, users will not be able to add and configure |
| // their own native printers. They will also not be able to print using any |
| // previously configured native printers. |
| // |
| // Supported on: chrome_os |
| message UserNativePrintersAllowedProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool UserNativePrintersAllowed = 2; |
| } |
| |
| // Enable Chrome Cleanup on Windows |
| // |
| // If disabled, prevents Chrome Cleanup from scanning the system for unwanted |
| // software and performing cleanups. Manually triggering Chrome Cleanup from |
| // chrome://settings/cleanup is disabled. |
| // |
| // If enabled or unset, Chrome Cleanup periodically scans the system for |
| // unwanted software and should any be found, will ask the user if they wish to |
| // remove it. Manually triggering Chrome Cleanup from chrome://settings is |
| // enabled. |
| // |
| // This policy is available only on Windows instances that are joined to a |
| // Microsoft® Active Directory® domain. or Windows 10 Pro or Enterprise |
| // instances that enrolled for device management. |
| // |
| // Supported on: win |
| message ChromeCleanupEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ChromeCleanupEnabled = 2; |
| } |
| |
| // Control how Chrome Cleanup reports data to Google |
| // |
| // If unset, should Chrome Cleanup detect unwanted software, it may report |
| // metadata about the scan to Google in accordance with policy set by |
| // SafeBrowsingExtendedReportingEnabled. Chrome Cleanup will then ask the user |
| // if they wish to clean up the unwanted software. The user can choose to share |
| // results of the cleanup with Google to assist with future unwanted software |
| // detection. These results contain file metadata, automatically installed |
| // extensions and registry keys as described by the Chrome Privacy Whitepaper. |
| // |
| // If disabled, should Chrome Cleanup detect unwanted software, it will not |
| // report metadata about the scan to Google, overriding any policy set by |
| // SafeBrowsingExtendedReportingEnabled. Chrome Cleanup will ask the user if |
| // they wish to clean up the unwanted software. Results of the cleanup will not |
| // be reported to Google and the user will not have the option to do so. |
| // |
| // If enabled, should Chrome Cleanup detect unwanted software, it may report |
| // metadata about the scan to Google in accordance with policy set by |
| // SafeBrowsingExtendedReportingEnabled. Chrome Cleanup will ask the user if |
| // they wish to clean up the unwanted software. Results of the cleanup will be |
| // reported to Google and the user will not have the option to prevent it. |
| // |
| // This policy is available only on Windows instances that are joined to a |
| // Microsoft® Active Directory® domain. or Windows 10 Pro or Enterprise |
| // instances that enrolled for device management. |
| // |
| // Supported on: win |
| message ChromeCleanupReportingEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ChromeCleanupReportingEnabled = 2; |
| } |
| |
| // Configure the allowed languages in a user session |
| // |
| // Configures the languages that can be used as the preferred languages by |
| // Google Chrome OS. |
| // |
| // If this policy is set, the user can only add one of the languages listed in |
| // this policy to the list of preferred languages. If this policy is not set or |
| // set to an empty list, user can specify any languages as preferred. If this |
| // policy is set to a list with invalid values, all invalid values will be |
| // ignored. If a user previously added some languages that are not allowed by |
| // this policy to the list of preferred languages they will be removed. If the |
| // user had previously configured Google Chrome OS to be displayed in one of the |
| // languages not allowed by this policy, the display language will be switched |
| // to an allowed UI language next time user signs in. Otherwise, Google Chrome |
| // OS will switch to the first valid value specified by this policy, or to a |
| // fallback locale (currently en-US), if this policy only contains invalid |
| // entries. |
| // |
| // Supported on: chrome_os |
| message AllowedLanguagesProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList AllowedLanguages = 2; |
| } |
| |
| // Configure the allowed input methods in a user session |
| // |
| // Configures which keyboard layouts are allowed for Google Chrome OS user |
| // sessions. |
| // |
| // If this policy is set, the user can only select one of the input methods |
| // specified by this policy. If this policy is not set or set to an empty list, |
| // the user can select all supported input methods. If the current input method |
| // is not allowed by this policy, the input method will be switched to the |
| // hardware keyboard layout (if allowed) or the first valid entry in this list. |
| // All invalid or unsupported input methods in this list will be ignored. |
| // |
| // Supported on: chrome_os |
| message AllowedInputMethodsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList AllowedInputMethods = 2; |
| } |
| |
| // Log events for Android app installs |
| // |
| // Enables reporting of key events during Android app installation to Google. |
| // Events are captured only for apps whose installation was triggered via |
| // policy. |
| // |
| // If the policy is set to true, events will be logged. |
| // If the policy is set to false or unset, events will not be logged. |
| // |
| // Supported on: chrome_os |
| message ArcAppInstallEventLoggingEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ArcAppInstallEventLoggingEnabled = 2; |
| } |
| |
| // Time Limit |
| // |
| // Allows you to lock the user's session based on the client time or the usage |
| // quota of the day. |
| // |
| // The |time_window_limit| specifies a daily window in which the user's session |
| // should be locked. We only support one rule for each day of the week, |
| // therefore the |entries| array may vary from 0-7 in size. |starts_at| and |
| // |ends_at| are the beginning and the end of the window limit, when |ends_at| |
| // is smaller than |starts_at| it means that the |time_limit_window| ends on the |
| // following day. |last_updated_millis| is the UTC timestamp for the last time |
| // this entry was updated, it is sent as a string because the timestamp wouldn't |
| // fit in an integer. |
| // |
| // The |time_usage_limit| specifies a daily screen quota, so when the user |
| // reaches it, the user's session is locked. There is a property for each day of |
| // the week, and it should be set only if there is an active quota for that day. |
| // |usage_quota_mins| is the amount of time that the managed device can be use |
| // in a day and |reset_at| is the time when the usage quota is renewed. The |
| // default value for |reset_at| is midnight ({'hour': 0, 'minute': 0}). |
| // |last_updated_millis| is the UTC timestamp for the last time this entry was |
| // updated, it is sent as a string because the timestamp wouldn't fit in an |
| // integer. |
| // |
| // |overrides| is provided to invalidate temporarily one or more of the previous |
| // rules. |
| // * If neither time_window_limit nor time_usage_limit is active |LOCK| can be |
| // used to lock the device. |
| // * |LOCK| temporarily locks a user session until the next time_window_limit or |
| // time_usage_limit starts. |
| // * |UNLOCK| unlocks a user's session locked by time_window_limit or |
| // time_usage_limit. |
| // |created_time_millis| is the UTC timestamp for the override creation, it is |
| // sent as a String because the timestamp wouldn't fit in an integer It is used |
| // to determine whether this override should still be applied. If the current |
| // active time limit feature (time usage limit or time window limit) started |
| // after the override was created, it should not take action. Also if the |
| // override was created before the last change of the active time_window_limit |
| // or time_usage_window it should not be applied. |
| // |
| // Multiple overrides may be sent, the newest valid entry is the one that is |
| // going to be applied. |
| // |
| // Value schema: |
| // { |
| // "properties": { |
| // "overrides": { |
| // "items": { |
| // "properties": { |
| // "action": { |
| // "enum": [ |
| // "LOCK", |
| // "UNLOCK" |
| // ], |
| // "type": "string" |
| // }, |
| // "action_specific_data": { |
| // "properties": { |
| // "duration_mins": { |
| // "minimum": 0, |
| // "type": "integer" |
| // } |
| // }, |
| // "type": "object" |
| // }, |
| // "created_at_millis": { |
| // "type": "string" |
| // } |
| // }, |
| // "type": "object" |
| // }, |
| // "type": "array" |
| // }, |
| // "time_usage_limit": { |
| // "properties": { |
| // "friday": { |
| // "$ref": "TimeUsageLimitEntry" |
| // }, |
| // "monday": { |
| // "id": "TimeUsageLimitEntry", |
| // "properties": { |
| // "last_updated_millis": { |
| // "type": "string" |
| // }, |
| // "usage_quota_mins": { |
| // "minimum": 0, |
| // "type": "integer" |
| // } |
| // }, |
| // "type": "object" |
| // }, |
| // "reset_at": { |
| // "$ref": "Time" |
| // }, |
| // "saturday": { |
| // "$ref": "TimeUsageLimitEntry" |
| // }, |
| // "sunday": { |
| // "$ref": "TimeUsageLimitEntry" |
| // }, |
| // "thursday": { |
| // "$ref": "TimeUsageLimitEntry" |
| // }, |
| // "tuesday": { |
| // "$ref": "TimeUsageLimitEntry" |
| // }, |
| // "wednesday": { |
| // "$ref": "TimeUsageLimitEntry" |
| // } |
| // }, |
| // "type": "object" |
| // }, |
| // "time_window_limit": { |
| // "properties": { |
| // "entries": { |
| // "items": { |
| // "properties": { |
| // "effective_day": { |
| // "$ref": "WeekDay" |
| // }, |
| // "ends_at": { |
| // "$ref": "Time" |
| // }, |
| // "last_updated_millis": { |
| // "type": "string" |
| // }, |
| // "starts_at": { |
| // "id": "Time", |
| // "properties": { |
| // "hour": { |
| // "maximum": 23, |
| // "minimum": 0, |
| // "type": "integer" |
| // }, |
| // "minute": { |
| // "maximum": 59, |
| // "minimum": 0, |
| // "type": "integer" |
| // } |
| // }, |
| // "type": "object" |
| // } |
| // }, |
| // "type": "object" |
| // }, |
| // "type": "array" |
| // } |
| // }, |
| // "type": "object" |
| // } |
| // }, |
| // "type": "object" |
| // } |
| // |
| // Supported on: chrome_os |
| message UsageTimeLimitProto { |
| optional PolicyOptions policy_options = 1; |
| optional string UsageTimeLimit = 2; |
| } |
| |
| // Control Android backup and restore service |
| // |
| // This policy controls the initial state of Android backup and restore. |
| // |
| // When this policy is not configured or set to BackupAndRestoreDisabled, |
| // Android backup and restore is initially disabled. |
| // |
| // When this policy is set to BackupAndRestoreEnabled, Android backup and |
| // restore is initially enabled. |
| // |
| // When this policy is set to BackupAndRestoreUnderUserControl, the user is |
| // asked to choose whether to use Android backup and restore. If the user |
| // enables backup and restore, Android app data is uploaded to Android backup |
| // servers and restored from them upon app re-installations for compatible apps. |
| // |
| // Note that this policy controls the state of Android backup and restore during |
| // initial setup only. The user can open Android settings afterward and turn |
| // Android backup and restore on/off. |
| // |
| // Valid values: |
| // 0: Backup and restore disabled |
| // 1: User decides whether to enable backup and restore |
| // 2: Backup and restore enabled |
| // |
| // Supported on: chrome_os |
| message ArcBackupRestoreServiceEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 ArcBackupRestoreServiceEnabled = 2; |
| } |
| |
| // Control Android Google location services |
| // |
| // This policy controls the initial state of Google location services. |
| // |
| // When this policy is not configured or set to GoogleLocationServicesDisabled, |
| // Google location services are initially disabled. |
| // |
| // When this policy is set to GoogleLocationServicesEnabled, Google location |
| // services are initially enabled. |
| // |
| // When this policy is set to GoogleLocationServicesUnderUserControl, the user |
| // is asked to choose whether to use Google location services. This will allow |
| // Android apps to use the services to query the device location, and also will |
| // enable submitting of anonymous location data to Google. |
| // |
| // Note that this policy controls the state of Google location services during |
| // initial setup only. The user can open Android settings afterward and turn |
| // Google location services on/off. |
| // |
| // Note that this policy is ignored and Google location services are always |
| // disabled when the DefaultGeolocationSetting policy is set to |
| // BlockGeolocation. |
| // |
| // Valid values: |
| // 0: Google location services disabled |
| // 1: User decides whether to enable Google location services |
| // 2: Google location services enabled |
| // |
| // Supported on: chrome_os |
| message ArcGoogleLocationServicesEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 ArcGoogleLocationServicesEnabled = 2; |
| } |
| |
| // Enable displaying Sync Consent during sign-in |
| // |
| // This policy controls if Sync Consent can be shown to the user during first |
| // sign-in. It should be set to false if Sync Consent is never needed for the |
| // user. |
| // If set to false, Sync Consent will not be displayed. |
| // If set to true or unset, Sync Consent can be displayed. |
| // |
| // Supported on: chrome_os |
| message EnableSyncConsentProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool EnableSyncConsent = 2; |
| } |
| |
| // Enable contextual suggestions of related web pages |
| // |
| // This feature never launched, therefore the policy is deprecated. If this is |
| // set to true or unset, Google Chrome will suggest pages related to the current |
| // page. |
| // These suggestions are fetched remotely from Google servers. |
| // |
| // If this setting is set to false, suggestions will not be fetched or |
| // displayed. |
| // |
| // Supported on: |
| message ContextualSuggestionsEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ContextualSuggestionsEnabled = 2; |
| } |
| |
| // Enable showing full-tab promotional content |
| // |
| // Allows you to control the presentation of full-tab promotional and/or |
| // educational content in Google Chrome. |
| // |
| // If not configured or enabled (set to true), Google Chrome may show full-tab |
| // content to users to provide product information. |
| // |
| // If disabled (set to false), Google Chrome will not show full-tab content to |
| // users to provide product information. |
| // |
| // This setting controls the presentation of the welcome pages that help users |
| // sign into Google Chrome, choose it as their default browser, or otherwise |
| // inform them of product features. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message PromotionalTabsEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool PromotionalTabsEnabled = 2; |
| } |
| |
| // Control SafeSites adult content filtering. |
| // |
| // This policy controls the application of the SafeSites URL filter. |
| // This filter uses the Google Safe Search API to classify URLs as pornographic |
| // or not. |
| // |
| // When this policy is not configured or set to "Do not filter sites for adult |
| // content", sites will not be filtered. |
| // |
| // When this policy is set to "Filter top level sites for adult content", sites |
| // classified as pornographic will be filtered. |
| // |
| // Valid values: |
| // 0: Do not filter sites for adult content |
| // 1: Filter top level sites (but not embedded iframes) for adult content |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message SafeSitesFilterBehaviorProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 SafeSitesFilterBehavior = 2; |
| } |
| |
| // Origins or hostname patterns for which restrictions on |
| // insecure origins should not apply |
| // |
| // |
| // The policy specifies a list of origins (URLs) or hostname patterns (such |
| // as "*.example.com") for which security restrictions on insecure origins |
| // will not apply. |
| // |
| // The intent is to allow organizations to set whitelist origins for legacy |
| // applications that cannot deploy TLS, or to set up a staging server for |
| // internal web development so that their developers can test out features |
| // requiring secure contexts without having to deploy TLS on the staging |
| // server. This policy will also prevent the origin from being labeled |
| // "Not Secure" in the omnibox. |
| // |
| // Setting a list of URLs in this policy has the same effect as setting the |
| // command-line flag '--unsafely-treat-insecure-origin-as-secure' to a |
| // comma-separated list of the same URLs. If the policy is set, it will |
| // override the command-line flag. |
| // |
| // This policy will override UnsafelyTreatInsecureOriginAsSecure, if present. |
| // |
| // For more information on secure contexts, see |
| // https://www.w3.org/TR/secure-contexts/. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message OverrideSecurityRestrictionsOnInsecureOriginProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList OverrideSecurityRestrictionsOnInsecureOrigin = 2; |
| } |
| |
| // Enables or disables tab lifecycles |
| // |
| // The tab lifecyles feature reclaims CPU and eventually memory associated with |
| // running tabs that have not been used in a long period of time, by first |
| // throttling them, then freezing them and finally discarding them. |
| // |
| // If the policy is set to false then tab lifecycles are disabled, and all tabs |
| // will be left running normally. |
| // |
| // If the policy is set to true or left unspecified then tab lifecycles are |
| // enabled. |
| // |
| // Supported on: win |
| message TabLifecyclesEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool TabLifecyclesEnabled = 2; |
| } |
| |
| // Enable URL-keyed anonymized data collection |
| // |
| // Enable URL-keyed anonymized data collection in Google Chrome and prevents |
| // users from changing this setting. |
| // |
| // URL-keyed anonymized data collection sends URLs of pages the user visits to |
| // Google to make searches and browsing better. |
| // |
| // If you enable this policy, URL-keyed anonymized data collection is always |
| // active. |
| // |
| // If you disable this policy, URL-keyed anonymized data collection is never |
| // active. |
| // |
| // If this policy is left not set, URL-keyed anonymized data collection will be |
| // enabled but the user will be able to change it. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message UrlKeyedAnonymizedDataCollectionEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool UrlKeyedAnonymizedDataCollectionEnabled = 2; |
| } |
| |
| // Contorls Network File Shares for ChromeOS availability |
| // |
| // This policy controls whether the Network File Shares feature for Google |
| // Chrome OS is allowed for a user. |
| // |
| // When this policy is not configured or set to True, users will be able to use |
| // Network File Shares. |
| // |
| // When this policy is set to False, users will be unable to use Network File |
| // Shares. |
| // |
| // Supported on: chrome_os |
| message NetworkFileSharesAllowedProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool NetworkFileSharesAllowed = 2; |
| } |
| |
| // Allow collection of WebRTC event logs from Google services |
| // |
| // |
| // If the policy is set to true, Google Chrome is allowed to collect WebRTC |
| // event logs from Google services (e.g. Google Meet), and upload those logs to |
| // Google. |
| // |
| // If the policy is set to false, or is unset, Google Chrome may not collect nor |
| // upload such logs. |
| // |
| // These logs contain diagnostic information helpful when debugging issues with |
| // audio or video calls in Chrome, such as the time and size of sent and |
| // received RTP packets, feedback about congestion on the network, and metadata |
| // about time and quality of audio and video frames. These logs do not contain |
| // audio or video contents from the call. |
| // |
| // This data collection by Chrome can only be triggered by Google's web |
| // services, such as Google Hangouts or Google Meet. |
| // |
| // Google may associate these logs, by means of a session ID, with other logs |
| // collected by the Google service itself; this is intended to make debugging |
| // easier. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message WebRtcEventLogCollectionAllowedProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool WebRtcEventLogCollectionAllowed = 2; |
| } |
| |
| // Enable smart dim model to extend the time until the screen is dimmed |
| // |
| // Specifies whether a smart dim model is allowed to extend the time until the |
| // screen is dimmed. |
| // |
| // When the screen is about to be dimmed, the smart dim model evaluates if |
| // dimming the screen should be deferred. If the smart dim model defers dimming |
| // the screen, it effectively extends the time until the screen is dimmed. In |
| // this case, the screen off, screen lock and idle delays get adjusted to |
| // maintain the same distances from the screen dim delay as originally |
| // configured. |
| // If this policy is set to True or left not set, the smart dim model will be |
| // enabled and allowed to extend the time until the screen is dimmed. If this |
| // policy is set to False, the smart dim model will not influence screen |
| // dimming. |
| // |
| // Supported on: chrome_os |
| message PowerSmartDimEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool PowerSmartDimEnabled = 2; |
| } |
| |
| // Allow coalescing of HTTP/2 connections for these hosts even when client |
| // certificates are used |
| // |
| // This policy allows HTTP/2 connection coalescing when client certificates are |
| // in use. In order to coalesce, both the hostname of the potential new |
| // connection and the hostname of an existing connection must match one or more |
| // patterns described by this policy. The policy is a list of hosts using the |
| // URLBlacklist filter format: "example.com" matches "example.com" and all |
| // subdomains (e.g. "sub.example.com"), while ".example.net" matches exactly |
| // "example.net". |
| // |
| // Coalescing requests to different hosts over connections that use client |
| // certificates can create security and privacy issues, as the ambient authority |
| // will be conveyed to all requests, even if the user did not explicitly |
| // authorize this. This policy is temporary and will be removed in a future |
| // release. See https://crbug.com/855690. |
| // |
| // If this policy is left unset, then the default behavior of not allowing any |
| // HTTP/2 connection coalescing on connections using client certificates will be |
| // used. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message CoalesceH2ConnectionsWithClientCertificatesForHostsProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList CoalesceH2ConnectionsWithClientCertificatesForHosts = 2; |
| } |
| |
| // Controls Network File Share discovery via NetBIOS |
| // |
| // This policy controls whether the Network File Shares feature for Google |
| // Chrome OS should use the NetBIOS Name Query Request protocol to discover |
| // shares on the network. |
| // When this policy is set to True, share discovery will use the NetBIOS Name |
| // Query Request protocol protocol to discover shares on the network. |
| // When this policy is set to False, share discovery will not use the NetBIOS |
| // Name Query Request protocol protocol to discover shares. |
| // If the policy is left not set, the default is disabled for enterprise-managed |
| // users and enabled for non-managed users. |
| // |
| // Supported on: chrome_os |
| message NetBiosShareDiscoveryEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool NetBiosShareDiscoveryEnabled = 2; |
| } |
| |
| // Configure list of force-installed Web Apps |
| // |
| // Specifies a list of websites that are installed silently, without user |
| // interaction, and which cannot be uninstalled nor disabled by the user. |
| // |
| // Each list item of the policy is an object with a mandatory member: "url" and |
| // two optional members: "default_launch_container" and |
| // "create_desktop_shortcut". "url" should be the URL of the web app to install, |
| // "launch_container" should be either "window" or "tab" to indicate how the Web |
| // App will be opened once installed, and "create_desktop_shortcut" should be |
| // true if a desktop shortcut should be created on Linux and Windows. If |
| // "default_launch_container" is omitted, the app will open in a tab by default. |
| // Regardless of the value of "default_launch_container", users are able to |
| // change which container the app will open in. If "create_desktop_shortcuts" is |
| // omitted, no desktop shortcuts will be created. See PinnedLauncherApps policy |
| // for pinning apps to the ChromeOS shelf. |
| // |
| // Value schema: |
| // { |
| // "items": { |
| // "properties": { |
| // "create_desktop_shortcut": { |
| // "type": "boolean" |
| // }, |
| // "default_launch_container": { |
| // "enum": [ |
| // "tab", |
| // "window" |
| // ], |
| // "type": "string" |
| // }, |
| // "url": { |
| // "type": "string" |
| // } |
| // }, |
| // "required": [ |
| // "url" |
| // ], |
| // "type": "object" |
| // }, |
| // "type": "array" |
| // } |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message WebAppInstallForceListProto { |
| optional PolicyOptions policy_options = 1; |
| optional string WebAppInstallForceList = 2; |
| } |
| |
| // Report OS and Google Chrome Version Information |
| // |
| // This policy controls whether to report version information, such as OS |
| // version, OS platform, OS architecture, Google Chrome version and Google |
| // Chrome channel. |
| // |
| // When this policy is left unset or set to True, version information is |
| // gathered. |
| // When this policy is set to False, version information is not gathered. |
| // |
| // This policy is only effective when the Chrome Reporting Extension is enabled, |
| // and the machine is enrolled with MachineLevelUserCloudPolicyEnrollmentToken. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message ReportVersionDataProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ReportVersionData = 2; |
| } |
| |
| // Report Google Chrome Policy Information |
| // |
| // This policy controls whether to report policy data and time of policy fetch. |
| // |
| // When this policy is left unset or set to True, policy data and time of policy |
| // fetch are gathered. |
| // When this policy is set to False, policy data and time of policy fetch are |
| // not gathered. |
| // |
| // This policy is only effective when the Chrome Reporting Extension is enabled, |
| // and the machine is enrolled with MachineLevelUserCloudPolicyEnrollmentToken. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message ReportPolicyDataProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ReportPolicyData = 2; |
| } |
| |
| // Report Machine Identification information |
| // |
| // This policy controls whether to report information that can be used to |
| // identify machines, such as machine name and network addresses. |
| // |
| // When this policy is left unset or set to True, information that can be used |
| // to identify machines is gathered. |
| // When this policy is set to False, information that can be used to identify |
| // machines is not gathered. |
| // |
| // This policy is only effective when the Chrome Reporting Extension is enabled, |
| // and the machine is enrolled with MachineLevelUserCloudPolicyEnrollmentToken. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message ReportMachineIDDataProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ReportMachineIDData = 2; |
| } |
| |
| // Report User Identification information |
| // |
| // This policy controls whether to report information that can be used to |
| // identify users, such as OS login, Google Chrome Profile login, Google Chrome |
| // Profile name, Google Chrome Profile path and Google Chrome executable path. |
| // |
| // When this policy is left unset or set to True, information that can be used |
| // to identify users is gathered. |
| // When this policy is set to False, information that can be used to identify |
| // users is not gathered. |
| // |
| // This policy is only effective when the Chrome Reporting Extension is enabled, |
| // and the machine is enrolled with MachineLevelUserCloudPolicyEnrollmentToken. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message ReportUserIDDataProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ReportUserIDData = 2; |
| } |
| |
| // Report Extensions and Plugins information |
| // |
| // This policy controls whether to report extensions and plugins information. |
| // |
| // When this policy is left unset or set to True, extension and plugins data are |
| // gathered. |
| // When this policy is set to False, extensions and plugins data are not |
| // gathered. |
| // |
| // This policy is only effective when the Chrome Reporting Extension is enabled, |
| // and the machine is enrolled with MachineLevelUserCloudPolicyEnrollmentToken. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message ReportExtensionsAndPluginsDataProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ReportExtensionsAndPluginsData = 2; |
| } |
| |
| // Report Safe Browsing information |
| // |
| // This policy controls whether to report Safe Browsing information including |
| // the number of Safe Browsing warning and the number of safe browsering warning |
| // click through. |
| // |
| // When this policy is left unset or set to True, Safe Browsing data are |
| // gathered. |
| // When this policy is set to False, Safe Browsing data are not gathered. |
| // |
| // This policy is only effective when the Chrome Reporting Extension is enabled, |
| // and the machine is enrolled with MachineLevelUserCloudPolicyEnrollmentToken. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message ReportSafeBrowsingDataProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ReportSafeBrowsingData = 2; |
| } |
| |
| // Enables Google Chrome cloud reporting |
| // |
| // This policy controls Google Chrome cloud reporting which uploads information |
| // about the browser operation to Google Admin console. |
| // |
| // When this policy is left unset or set to False, there is no data collected or |
| // uploaded. |
| // When this policy is set to True, the data is collected and uploaded to Google |
| // Admin console. |
| // To control what data is uploaded, please use policies in the group Chrome |
| // Reporting Extension. |
| // |
| // This policy is only effective when the machine is enrolled with |
| // MachineLevelUserCloudPolicyEnrollmentToken. |
| // |
| // This policy force installs Chrome Reporting Extension for the reporting and |
| // overrides any extension policies related to that extension. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message CloudReportingEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool CloudReportingEnabled = 2; |
| } |
| |
| // Enables managed extensions to use the Enterprise Hardware Platform API |
| // |
| // When this policy is set to enabled, extensions installed by enterprise policy |
| // are allowed to use the Enterprise Hardware Platform API. |
| // When this policy is set to disabled or not set, no extensions are allowed to |
| // use the Enterprise Hardware Platform API. |
| // This policy also applies to component extensions such as the Hangout Services |
| // extension. |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message EnterpriseHardwarePlatformAPIEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool EnterpriseHardwarePlatformAPIEnabled = 2; |
| } |
| |
| // Allow the user to manage VPN connections |
| // |
| // Allow the user to manage VPN connections. |
| // |
| // If this policy is set to false, all Google Chrome OS user interfaces that |
| // would allow the user to disconnect or modify VPN connections are disabled. |
| // |
| // If this policy is unset or set to true, users can disconnect or modify VPN |
| // connections as usual. |
| // |
| // If the VPN connection is created via a VPN app, the UI inside the app remains |
| // unaffected by this policy. Therefore, the user might still be able to use the |
| // app to modify the VPN connection. |
| // |
| // This policy is meant to be used together with the "Always on VPN" feature, |
| // that lets the admin decide to establish a VPN connection on boot. |
| // |
| // Supported on: chrome_os |
| message VpnConfigAllowedProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool VpnConfigAllowed = 2; |
| } |
| |
| // Controls enabling NTLM as an authentication protocol for SMB mounts |
| // |
| // This policy controls whether the Network File Shares feature for Google |
| // Chrome OS will use NTLM for authentication. |
| // |
| // When this policy is set to True, NTLM will be used for authentication to SMB |
| // shares if necessary. |
| // When this policy is set to False, NTLM authentication to SMB shares will be |
| // disabled. |
| // |
| // If the policy is left not set, the default is disabled for enterprise-managed |
| // users and enabled for non-managed users. |
| // |
| // Supported on: chrome_os |
| message NTLMShareAuthenticationEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool NTLMShareAuthenticationEnabled = 2; |
| } |
| |
| // List of preconfigured network file shares. |
| // |
| // Specifies a list of preconfigued network file shares. |
| // |
| // Each list item of the policy is an object with two members: "share_url" and |
| // "mode". "share_url" should be the URL of the share and "mode" should be |
| // either "drop_down" or "pre_mount". "drop_down" mode indicates that |
| // "share_url" will be added to the share discovery drop down. "pre_mount" mode |
| // indicates that "share_url" will be mounted. |
| // |
| // Value schema: |
| // { |
| // "items": { |
| // "properties": { |
| // "mode": { |
| // "enum": [ |
| // "drop_down", |
| // "pre_mount" |
| // ], |
| // "type": "string" |
| // }, |
| // "share_url": { |
| // "type": "string" |
| // } |
| // }, |
| // "required": [ |
| // "share_url", |
| // "mode" |
| // ], |
| // "type": "object" |
| // }, |
| // "type": "array" |
| // } |
| // |
| // Supported on: chrome_os |
| message NetworkFileSharesPreconfiguredSharesProto { |
| optional PolicyOptions policy_options = 1; |
| optional string NetworkFileSharesPreconfiguredShares = 2; |
| } |
| |
| // Screen brightness percent |
| // |
| // Specifies screen brightness percent. |
| // When this policy is set initial screen brightness is adjusted to the policy |
| // value, but the user can change it later on. Auto-brightness features are |
| // disabled. |
| // When this policy is unset user screen controls and auto-brightness features |
| // are not affected. |
| // The policy values should be specified in percents in range 0-100. |
| // |
| // Value schema: |
| // { |
| // "properties": { |
| // "BrightnessAC": { |
| // "description": "Screen brightness percent when running on AC |
| // power", |
| // "maximum": 100, |
| // "minimum": 0, |
| // "type": "integer" |
| // }, |
| // "BrightnessBattery": { |
| // "description": "Screen brightness percent when running on battery |
| // power", |
| // "maximum": 100, |
| // "minimum": 0, |
| // "type": "integer" |
| // } |
| // }, |
| // "type": "object" |
| // } |
| // |
| // Supported on: chrome_os |
| message ScreenBrightnessPercentProto { |
| optional PolicyOptions policy_options = 1; |
| optional string ScreenBrightnessPercent = 2; |
| } |
| |
| // Alternative browser to launch for configured websites. |
| // |
| // This policy controls which command to use to open URLs in an alternative |
| // browser. |
| // |
| // When this policy is left unset, a platform-specific default is used: Internet |
| // Explorer for Windows, or Safari for Mac OS X. On Linux, launching an |
| // alternative browser will fail when this is unset. |
| // |
| // When this policy is set to one of ${ie}, ${firefox}, ${safari} or |
| // ${opera}, that browser will launch if it is installed. ${ie} is only |
| // available on Windows, and ${safari} is only available on Windows and Mac |
| // OS X. |
| // |
| // When this policy is set to a file path, that file is used as an executable |
| // file. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message AlternativeBrowserPathProto { |
| optional PolicyOptions policy_options = 1; |
| optional string AlternativeBrowserPath = 2; |
| } |
| |
| // Command-line parameters for the alternative browser. |
| // |
| // This policy controls command-line parameters to launch to the alternative |
| // browser. |
| // |
| // When this policy is left unset, only the URL is passed as a command-line |
| // parameters. |
| // |
| // When this policy is set to a list of strings, each string is passed to the |
| // alternative browser as a separate command-line parameters. On Windows, the |
| // parameters are joined with spaces. On Mac OS X and Linux, a parameter may |
| // contain spaces, and still be treated as a single parameter. |
| // |
| // If an element contains ${url}, it gets replaced with the URL of the page to |
| // open. |
| // |
| // If no element contains ${url}, the URL is appended at the end of the command |
| // line. |
| // |
| // Environment variables are expanded. On Windows, %ABC% is replaced with the |
| // value of the ABC environment variable. On Mac OS X and Linux, ${ABC} is |
| // replaced with the value of the ABC environment variable. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message AlternativeBrowserParametersProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList AlternativeBrowserParameters = 2; |
| } |
| |
| // Path to Chrome for switching from the alternative browser. |
| // |
| // This policy controls the command to use to open URLs in Google Chrome when |
| // switching from Internet Explorer. |
| // |
| // If the 'Legacy Browser Support' add-in for Internet Explorer is not |
| // installed, this policy has no effect. |
| // |
| // When this policy is left unset, Internet Explorer will auto-detect Google |
| // Chrome's own executable path when launching Google Chrome from Internet |
| // Explorer. |
| // |
| // When this policy is set, it will be used to launch Google Chrome when |
| // launching Google Chrome from Internet Explorer. |
| // |
| // This policy can be set to an executable file path, or ${chrome} to auto- |
| // detect Chrome's install location. |
| // |
| // Supported on: win |
| message BrowserSwitcherChromePathProto { |
| optional PolicyOptions policy_options = 1; |
| optional string BrowserSwitcherChromePath = 2; |
| } |
| |
| // Command-line parameters for switching from the alternative browser. |
| // |
| // This policy controls command-line parameters for Chrome from Internet |
| // Explorer. |
| // |
| // If the 'Legacy Browser Support' add-in for Internet Explorer is not |
| // installed, this policy has no effect. |
| // |
| // When this policy is left unset, Internet Explorer only passes the URL to |
| // Chrome as a command-line parameter. |
| // |
| // When this policy is set to a list of strings, the strings are joined with |
| // spaces and passed to Chrome as command-line parameters. |
| // |
| // If an element contains ${url}, it gets replaced with the URL of the page to |
| // open. |
| // |
| // If no element contains ${url}, the URL is appended at the end of the command |
| // line. |
| // |
| // Environment variables are expanded. On Windows, %ABC% is replaced with the |
| // value of the ABC environment variable. |
| // |
| // Supported on: win |
| message BrowserSwitcherChromeParametersProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList BrowserSwitcherChromeParameters = 2; |
| } |
| |
| // Websites to open in alternative browser |
| // |
| // This policy controls the list of websites to open in an alternative browser. |
| // |
| // Note that elements can also be added to this list through the |
| // BrowserSwitcherUseIeSitelist and BrowserSwitcherExternalSitelistUrl policies. |
| // |
| // When this policy is left unset, no websites are added to the list. |
| // |
| // When this policy is set, each item is treated as a rule for something to open |
| // in an alternative browser. Google Chrome uses those rules when choosing if a |
| // URL should open in an alternative browser. |
| // |
| // When the Internet Explorer add-in is present and enabled, Internet Explorer |
| // switches back to Google Chrome when the rules do not match. |
| // |
| // If rules contradict eachother, Google Chrome uses the most specific rule. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message BrowserSwitcherUrlListProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList BrowserSwitcherUrlList = 2; |
| } |
| |
| // Websites that should never trigger a browser switch. |
| // |
| // This policy controls the list of websites that will never cause a browser |
| // switch. |
| // |
| // Note that elements can also be added to this list through the |
| // BrowserSwitcherExternalGreylistUrl policy. |
| // |
| // When this policy is left unset, no websites are added to the list. |
| // |
| // When this policy is set, each item is treated as a rule, similar to the |
| // BrowserSwitcherUrlList policy. However, the logic is reversed: rules that |
| // match will not open an alternative browser. |
| // |
| // Unlike BrowserSwitcherUrlList, rules apply to both directions. That is, when |
| // the Internet Explorer add-in is present and enabled, it also controls whether |
| // Internet Explorer should open these URLs in Google Chrome. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message BrowserSwitcherUrlGreylistProto { |
| optional PolicyOptions policy_options = 1; |
| optional StringList BrowserSwitcherUrlGreylist = 2; |
| } |
| |
| // Use Internet Explorer's SiteList policy for Legacy Browser Support. |
| // |
| // This policy controls whether to load rules from Internet Explorer's SiteList |
| // policy. |
| // |
| // When this policy is left unset, or set to false, Google Chrome does not use |
| // Internet Explorer's SiteList policy as a source of rules for switching |
| // browsers. |
| // |
| // When this policy is set to true, Google Chrome reads Internet Explorer's |
| // SiteList to obtain the site list's URL. Google Chrome then downloads the site |
| // list from that URL, and applies the rules as if they had been configured with |
| // the BrowserSwitcherUrlList policy. |
| // |
| // For more information on Internet Explorer's SiteList policy: |
| // https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/what-is- |
| // enterprise-mode |
| // |
| // Supported on: win |
| message BrowserSwitcherUseIeSitelistProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool BrowserSwitcherUseIeSitelist = 2; |
| } |
| |
| // URL of an XML file that contains URLs to load in an alternative browser. |
| // |
| // This policy is a URL, that points to an XML file in the same format as |
| // Internet Explorer's SiteList policy. This loads rules from an XML file, |
| // without sharing those rules with Internet Explorer. |
| // |
| // When this policy is left unset, or not set to a valid URL, Google Chrome does |
| // not use it as a source of rules for switching browsers. |
| // |
| // When this policy is set to a valid URL, Google Chrome downloads the site list |
| // from that URL, and applies the rules as if they had been configured with the |
| // BrowserSwitcherUrlList policy. |
| // |
| // For more information on Internet Explorer's SiteList policy: |
| // https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/what-is- |
| // enterprise-mode |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message BrowserSwitcherExternalSitelistUrlProto { |
| optional PolicyOptions policy_options = 1; |
| optional string BrowserSwitcherExternalSitelistUrl = 2; |
| } |
| |
| // URL of an XML file that contains URLs that should never trigger a browser |
| // switch. |
| // |
| // This policy is a URL, that points to an XML file in the same format as |
| // Internet Explorer's SiteList policy. This loads rules from an XML file, |
| // without sharing those rules with Internet Explorer. |
| // |
| // The rules in this XML file apply in the same way as |
| // BrowserSwitcherUrlGreylist. That is, these rules prevent Google Chrome from |
| // opening the alternative browser, and also prevent the alternative browser |
| // from opening Google Chrome. |
| // |
| // When this policy is left unset, or not set to a valid URL, Google Chrome does |
| // not use it as a source of rules that don't trigger a browser switch. |
| // |
| // When this policy is set to a valid URL, Google Chrome downloads the site list |
| // from that URL, and applies the rules as if they had been configured with the |
| // BrowserSwitcherUrlGreylist policy. |
| // |
| // For more information on Internet Explorer's SiteList policy: |
| // https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/what-is- |
| // enterprise-mode |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message BrowserSwitcherExternalGreylistUrlProto { |
| optional PolicyOptions policy_options = 1; |
| optional string BrowserSwitcherExternalGreylistUrl = 2; |
| } |
| |
| // Delay before launching alternative browser (milliseconds) |
| // |
| // This policy controls how long to wait before launching an alternative |
| // browser, in milliseconds. |
| // |
| // When this policy is left unset, or set to 0, navigating to a designated URL |
| // immediately opens it in an alternative browser. |
| // |
| // When this policy is set to a number, Chrome shows a message for that many |
| // milliseconds, and then opens the alternative browser. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message BrowserSwitcherDelayProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 BrowserSwitcherDelay = 2; |
| } |
| |
| // Enable the Legacy Browser Support feature. |
| // |
| // This policy controls whether to enable Legacy Browser Support. |
| // |
| // When this policy is left unset, or is set to false, Chrome will not attempt |
| // to launch designated URLs in an alternate browser. |
| // |
| // When this policy is set to true, Chrome will attempt to launch some URLs in |
| // an alternate browser (such as Internet Explorer). This feature is configured |
| // using the policies in the Legacy Browser support group. |
| // |
| // This feature is a replacement for the 'Legacy Browser Support' extension. |
| // Configuration from the extension will carry over to this feature, but it is |
| // strongly advised to use the Chrome policies instead. This ensures better |
| // compatibility in the future. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message BrowserSwitcherEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool BrowserSwitcherEnabled = 2; |
| } |
| |
| // Keep last tab open in Chrome. |
| // |
| // This policy controls whether to close Chrome completely when the last tab |
| // would switch to another browser. |
| // |
| // When this policy is left unset, or is set to true, Chrome will keep at least |
| // one tab open, after switching to an alternate browser. |
| // |
| // When this policy is set to false, Chrome will close the tab after switching |
| // to an alternate browser, even if it was the last tab. This will cause Chrome |
| // to exit completely. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message BrowserSwitcherKeepLastChromeTabProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool BrowserSwitcherKeepLastChromeTab = 2; |
| } |
| |
| // PluginVm image |
| // |
| // This policy specifies the PluginVm image for a user. The policy is set by |
| // specifying the URL from which the device can download the image and a SHA-256 |
| // hash used to verify the integrity of the download. |
| // |
| // The policy should be specified as a string that expresses the URL and hash in |
| // the JSON format. |
| // |
| // Value schema: |
| // { |
| // "properties": { |
| // "hash": { |
| // "description": "The SHA-256 hash of the <ph |
| // name=\"PLUGIN_VM_NAME\">PluginVm</ph> image.", |
| // "type": "string" |
| // }, |
| // "url": { |
| // "description": "The URL from which the <ph |
| // name=\"PLUGIN_VM_NAME\">PluginVm</ph> image can be downloaded.", |
| // "type": "string" |
| // } |
| // }, |
| // "type": "object" |
| // } |
| // |
| // Supported on: chrome_os |
| message PluginVmImageProto { |
| optional PolicyOptions policy_options = 1; |
| optional string PluginVmImage = 2; |
| } |
| |
| // Parent Access Code Configuration |
| // |
| // This policy specifies configuration that is used to generate and verify |
| // Parent Access Code. |
| // |
| // |current_config| is always used for generating access code and should be used |
| // for validating access code only when it cannot be validated with |
| // |future_config|. |
| // |future_config| is the primary config used for validating access code. |
| // |old_configs| should be used for validating access code only when it cannot |
| // be validated with |future_config| nor |current_config|. |
| // |
| // The expected way of using this policy is to gradually rotate access code |
| // configuration. New configuration is always put into |future_config| and at |
| // the same |
| // time the existing value is moved into |current_config|. |current_config|'s |
| // previous values are moved into |old_configs| and removed after rotation cycle |
| // is finished. |
| // |
| // This policy applies only to child user. |
| // When this policy is set Parent Access Code can be verified on child user's |
| // device. |
| // When this policy is unset it is not possible to verify Parent Access Code on |
| // child user's device. |
| // |
| // Value schema: |
| // { |
| // "properties": { |
| // "current_config": { |
| // "description": "Configuration used to generate and verify Parent |
| // Access Code.", |
| // "id": "Config", |
| // "properties": { |
| // "access_code_ttl": { |
| // "description": "Time that access code is valid for (in |
| // seconds).", |
| // "maximum": 3600, |
| // "minimum": 60, |
| // "type": "integer" |
| // }, |
| // "clock_drift_tolerance": { |
| // "description": "The allowed difference between the clock |
| // on child and parent devices (in seconds).", |
| // "maximum": 1800, |
| // "minimum": 0, |
| // "type": "integer" |
| // }, |
| // "shared_secret": { |
| // "description": "Secret shared between child and parent |
| // devices.", |
| // "type": "string" |
| // } |
| // }, |
| // "type": "object" |
| // }, |
| // "future_config": { |
| // "$ref": "Config" |
| // }, |
| // "old_configs": { |
| // "items": { |
| // "$ref": "Config" |
| // }, |
| // "type": "array" |
| // } |
| // }, |
| // "sensitiveValue": true, |
| // "type": "object" |
| // } |
| // |
| // Supported on: chrome_os |
| message ParentAccessCodeConfigProto { |
| optional PolicyOptions policy_options = 1; |
| optional string ParentAccessCodeConfig = 2; |
| } |
| |
| // Allow users to manage installed client certificates. |
| // |
| // This policy controls whether user are able to import and remove client |
| // certificates via Certificate Manager. |
| // |
| // If this policy is set to ''Allow users to manage all certificates'' or left |
| // not set, users will be able to manage certificates. |
| // |
| // If this policy is set to ''Allow users to manage user certificates'', users |
| // will be able to manage user certificates, but not device-wide certificates. |
| // |
| // If this policy is set to ''Disallow users to manage certificates'', users |
| // will not be able to manage certificates, they can only view certificates. |
| // |
| // Valid values: |
| // 0: Allow users to manage all certificates |
| // 1: Allow users to manage user certificates |
| // 2: Disallow users from managing certificates |
| // |
| // Supported on: chrome_os |
| message ClientCertificateManagementAllowedProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 ClientCertificateManagementAllowed = 2; |
| } |
| |
| // Force networking code to run in the browser process |
| // |
| // This policy forces networking code to run in the browser process. |
| // |
| // This policy is disabled by default, and if enabled, leaves users open to the |
| // security issues once the networking process is sandboxed. |
| // |
| // This policy is intended to give enterprises a chance to migrate to 3rd party |
| // software that does not depend on hooking the networking APIs. Proxy servers |
| // are recommended over LSPs and Win32 API patching. |
| // |
| // If this policy is not set, networking code may run out of the browser process |
| // depending on field trials of the NetworkService experiment. |
| // |
| // Supported on: win |
| message ForceNetworkInProcessProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool ForceNetworkInProcess = 2; |
| } |
| |
| // "Allow Google Assistant to access screen context" |
| // |
| // This policy gives Google Assistant permission to access screen context and |
| // send the info to server. |
| // If the policy is enabled, Google Assistant will be allowed to access screen |
| // context. |
| // If the policy is disabled, Google Assistant will not be allowed to access |
| // screen context. |
| // If not set, users can decide whether to allow Google Assistant to access |
| // screen context or not |
| // |
| // Supported on: chrome_os |
| message VoiceInteractionContextEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool VoiceInteractionContextEnabled = 2; |
| } |
| |
| // Allow Google Assistant to listen for the voice activation phrase |
| // |
| // This policy gives Google Assistant permission to listen for the voice |
| // activation phrase. |
| // |
| // If the policy is enabled, Google Assistant would listen for the voice |
| // activation phrase. |
| // If the policy is disabled, Google Assistant would not listen for the voice |
| // activation phrase. |
| // If the policy is not set, users can decide whether to allow Google Assistant |
| // to listen for the voice activation phrase. |
| // |
| // Supported on: chrome_os |
| message VoiceInteractionHotwordEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool VoiceInteractionHotwordEnabled = 2; |
| } |
| |
| // Allows a page to show popups during its unloading |
| // |
| // This policy allows an admin to specify that a page may show popups during its |
| // unloading. |
| // |
| // When the policy is set to enabled, pages are allowed to show popups while |
| // they are being unloaded. |
| // |
| // When the policy is set to disabled or not set, pages are not allowed to show |
| // popups while they are being unloaded, as per the spec |
| // (https://html.spec.whatwg.org/#apis-for-creating-and-navigating-browsing- |
| // contexts-by-name). |
| // |
| // This policy will be removed in Chrome 82. |
| // |
| // See https://www.chromestatus.com/feature/5989473649164288 . |
| // |
| // Supported on: android, chrome_os, fuchsia, linux, mac, win |
| message AllowPopupsDuringPageUnloadProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool AllowPopupsDuringPageUnload = 2; |
| } |
| |
| // Enable Signed HTTP Exchange (SXG) support |
| // |
| // Enable support for Signed HTTP Exchange (SXG). |
| // |
| // If this policy is unset or set to Enabled, Google Chrome will accept web |
| // contents served as Signed HTTP Exchanges. |
| // |
| // If this policy is set to Disabled, Signed HTTP Exchanges cannot be loaded. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message SignedHTTPExchangeEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool SignedHTTPExchangeEnabled = 2; |
| } |
| |
| // Enables a page for in-session change of password for SAML users |
| // |
| // Enables a page at chrome://password-change that lets SAML users change their |
| // SAML passwords while in-session, which ensures that the SAML password and the |
| // device lockscreen password are kept in-sync. |
| // |
| // This policy also enables notifications that warn SAML users if their SAML |
| // passwords are soon to expire so that they can deal with this immediately by |
| // doing an in-session password change. |
| // But, these notifications will only be shown if password expiry information is |
| // sent to the device by the SAML identity provider during the SAML login flow. |
| // |
| // If this policy is set, the user cannot change or override it. |
| // |
| // Supported on: chrome_os |
| message SamlInSessionPasswordChangeEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool SamlInSessionPasswordChangeEnabled = 2; |
| } |
| |
| // Allow user feedback |
| // |
| // Allow user feedback. |
| // If the policy is set to false, users can not send feedback to Google. |
| // |
| // If the policy is unset or set to true, users can send feedback to Google via |
| // Menu->Help->Report an Issue or key combination. |
| // |
| // Supported on: chrome_os, fuchsia, linux, mac, win |
| message UserFeedbackAllowedProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool UserFeedbackAllowed = 2; |
| } |
| |
| // How many days in advance to notify SAML users when their password is due to |
| // expire |
| // |
| // This policy has no effect unless SamlInSessionPasswordChangeEnabled is true. |
| // If that policy is true, and this policy is set to (for example) 14, that |
| // means SAML users will be notified 14 days in advance that their password is |
| // due to expire on a certain date. |
| // Then they can deal with this immediately by doing an in-session password |
| // change and updating their password before it expires. |
| // But, these notifications will only be shown if password expiry information is |
| // sent to the device by the SAML identity provider during the SAML login flow. |
| // Setting this policy to zero means the users will not be notified in advance - |
| // they will only be notified once the password has already expired. |
| // |
| // If this policy is set, the user cannot change or override it. |
| // |
| // Supported on: chrome_os |
| message SamlPasswordExpirationAdvanceWarningDaysProto { |
| optional PolicyOptions policy_options = 1; |
| optional int64 SamlPasswordExpirationAdvanceWarningDays = 2; |
| } |
| |
| // Enable Kerberos functionality |
| // |
| // Controls whether the Kerberos functionality is enabled. Kerberos is an |
| // authentication protocol that can be used to authenticate to web apps and file |
| // shares. |
| // |
| // If this policy is enabled, Kerberos functionality is enabled. Kerberos |
| // accounts can be added either through the 'Configure Kerberos accounts' policy |
| // or through the Kerberos Accounts settings in the People settings page. |
| // |
| // If this policy disabled or not set, the Kerberos Accounts settings are |
| // disabled. No Kerberos accounts can be added and Kerberos authentication |
| // cannot be used. All existing Kerberos accounts are deleted, all stored |
| // passwords are deleted. |
| // |
| // Supported on: chrome_os |
| message KerberosEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool KerberosEnabled = 2; |
| } |
| |
| // Enable 'Remember password' feature |
| // |
| // Controls whether the 'Remember password' feature is enabled in the Kerberos |
| // authentication dialog. Passwords are stored encryped on disk, only accessible |
| // to the Kerberos system daemon and during a user session. |
| // |
| // If this policy is enabled or not set, users can decide whether Kerberos |
| // passwords are remembered, so that they do not have to be entered again. |
| // Kerberos tickets are automatically fetched unless additional authentication |
| // is required (two-factor authentication). |
| // |
| // If this policy is disabled, passwords are never remembered and all previously |
| // stored passwords are removed. Users have to enter their password every time |
| // they need to authenticate with the Kerberos system. Depending on server |
| // settings, this usually happens between every 8 hours to several months. |
| // |
| // Supported on: chrome_os |
| message KerberosRememberPasswordEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool KerberosRememberPasswordEnabled = 2; |
| } |
| |
| // Users can add Kerberos accounts |
| // |
| // Controls whether users may add Kerberos accounts. |
| // |
| // If this policy is enabled or not set, users may add Kerberos accounts via the |
| // Kerberos Accounts settings in the People settings page. Users have full |
| // control over accounts they added and may modify or remove them. |
| // |
| // If this policy is disabled, users may not add Kerberos accounts. Accounts can |
| // only be added via the 'Configure Kerberos accounts' policy. This is an |
| // effective way to lock down accounts. |
| // |
| // Supported on: chrome_os |
| message KerberosAddAccountsAllowedProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool KerberosAddAccountsAllowed = 2; |
| } |
| |
| // Configure Kerberos accounts |
| // |
| // Adds prefilled Kerberos accounts. If the Kerberos credentials match the login |
| // credentials, an account can be configured to reuse the login credentials by |
| // specifying '${{LOGIN_EMAIL}}' and '${{PASSWORD}}' for principal and password, |
| // respectively, so that the Kerberos ticket can be retrieved automatically |
| // unless two-factor authentication is configured. Users cannot modify accounts |
| // added via this policy. |
| // |
| // If this policy is enabled, the list of accounts defined by the policy is |
| // added to the Kerberos Accounts settings. |
| // |
| // If this policy is disabled or not set, no accounts are added to the Kerberos |
| // Accounts settings and all accounts previously added with this policy are |
| // removed. Users may still add accounts manually if the 'Users can add Kerberos |
| // accounts' policy is enabled. |
| // |
| // Value schema: |
| // { |
| // "items": { |
| // "properties": { |
| // "krb5conf": { |
| // "description": "Kerberos configuration (one line per array |
| // item), see |
| // https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html.", |
| // "items": { |
| // "type": "string" |
| // }, |
| // "type": "array" |
| // }, |
| // "password": { |
| // "description": "Kerberos password. The placeholder |
| // ${{PASSWORD}} is replaced by the login password.", |
| // "sensitiveValue": true, |
| // "type": "string" |
| // }, |
| // "principal": { |
| // "description": "User principal 'user@realm'. The placeholder |
| // ${{LOGIN_ID}} is replaced by the username 'user'. The placeholder |
| // ${{LOGIN_EMAIL}} is replaced by the full principal 'user@realm'.", |
| // "pattern": |
| // "^(?:[^@]+@[^@]+)|(?:\\${LOGIN_ID})|(?:\\${LOGIN_EMAIL})$", |
| // "type": "string" |
| // }, |
| // "remember_password": { |
| // "description": "Whether to remember the Kerberos password. If |
| // not set or set to false, the password is not remembered. Ignored if the |
| // password is not specified.", |
| // "type": "boolean" |
| // } |
| // }, |
| // "required": [ |
| // "principal" |
| // ], |
| // "type": "object" |
| // }, |
| // "type": "array" |
| // } |
| // |
| // Supported on: chrome_os |
| message KerberosAccountsProto { |
| optional PolicyOptions policy_options = 1; |
| optional string KerberosAccounts = 2; |
| } |
| |
| // Enable security warnings for command-line flags |
| // |
| // If disabled, prevents security warnings from appearing when Chrome is |
| // launched with some potentially dangerous command-line flags. |
| // |
| // If enabled or unset, security warnings are displayed when some command-line |
| // flags are used to launch Chrome. |
| // |
| // On Windows, this policy is only available on instances that are joined to a |
| // Microsoft® Active Directory® domain or Windows 10 Pro or Enterprise |
| // instances that are enrolled for device management. |
| // |
| // Supported on: fuchsia, linux, mac, win |
| message CommandLineFlagSecurityWarningsEnabledProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool CommandLineFlagSecurityWarningsEnabled = 2; |
| } |
| |
| // Suppress launching of browser window |
| // |
| // This policy controls whether the browser window should be launched at the |
| // start of the session. |
| // |
| // If this policy is enabled, the browser window will not be launched. |
| // |
| // If this policy is disabled or not set, the browser window is allowed to |
| // launch. Note that the browser window might not launch due to other policies |
| // or command-line flags. |
| // |
| // Supported on: chrome_os |
| message StartupBrowserWindowLaunchSuppressedProto { |
| optional PolicyOptions policy_options = 1; |
| optional bool StartupBrowserWindowLaunchSuppressed = 2; |
| } |
| |
| // External print servers |
| // |
| // Provides configurations of available print servers. |
| // |
| // This policy allows you to provide configuration of external print servers to |
| // Google Chrome OS devices as JSON file. |
| // |
| // The size of the file must not exceed 1MB and must contain an array of records |
| // (JSON objects). Each record must contain fields "url" and "display_name". |
| // |
| // The file is downloaded and cached. The cryptographic hash is used to verify |
| // the integrity of the download. The file will be re-downloaded whenever the |
| // URL or the hash changes. |
| // |
| // When this policy is set to correct value, devices will try to query specified |
| // print servers for available printers using IPP protocol. |
| // |
| // If this policy is unset or set to incorrect value, no server printers are |
| // visible by users. |
| // |
| // Currently, the number of print servers is limited to 16. Only the first 16 |
| // print servers from the list will be queried. |
| // |
| // Value schema: |
| // { |
| // "properties": { |
| // "hash": { |
| // "description": "The SHA-256 hash of the file.", |
| // "type": "string" |
| // }, |
| // "url": { |
| // "description": "URL to a JSON file with a list of print |
| // servers.", |
| // "type": "string" |
| // } |
| // }, |
| // "type": "object" |
| // } |
| // |
| // Supported on: chrome_os |
| message ExternalPrintServersProto { |
| optional PolicyOptions policy_options = 1; |
| optional string ExternalPrintServers = 2; |
| } |
| |
| // -------------------------------------------------- |
| // Big wrapper PB containing the above groups. |
| |
| message ChromeSettingsProto { |
| optional HomepageLocationProto HomepageLocation = 3; |
| optional HomepageIsNewTabPageProto HomepageIsNewTabPage = 4; |
| optional NewTabPageLocationProto NewTabPageLocation = 362; |
| optional DefaultBrowserSettingEnabledProto DefaultBrowserSettingEnabled = 5; |
| optional ApplicationLocaleValueProto ApplicationLocaleValue = 6; |
| optional AlternateErrorPagesEnabledProto AlternateErrorPagesEnabled = 7; |
| optional SearchSuggestEnabledProto SearchSuggestEnabled = 8; |
| optional DnsPrefetchingEnabledProto DnsPrefetchingEnabled = 9; |
| optional NetworkPredictionOptionsProto NetworkPredictionOptions = 275; |
| optional WPADQuickCheckEnabledProto WPADQuickCheckEnabled = 263; |
| optional DisableSpdyProto DisableSpdy = 10; |
| optional DisabledSchemesProto DisabledSchemes = 87; |
| optional Http09OnNonDefaultPortsEnabledProto Http09OnNonDefaultPortsEnabled = 347; |
| optional JavascriptEnabledProto JavascriptEnabled = 11; |
| optional IncognitoEnabledProto IncognitoEnabled = 12; |
| optional IncognitoModeAvailabilityProto IncognitoModeAvailability = 95; |
| optional SavingBrowserHistoryDisabledProto SavingBrowserHistoryDisabled = 13; |
| optional AllowDeletingBrowserHistoryProto AllowDeletingBrowserHistory = 189; |
| optional AllowDinosaurEasterEggProto AllowDinosaurEasterEgg = 311; |
| optional RemoteAccessClientFirewallTraversalProto RemoteAccessClientFirewallTraversal = 96; |
| optional RemoteAccessHostClientDomainProto RemoteAccessHostClientDomain = 318; |
| optional RemoteAccessHostClientDomainListProto RemoteAccessHostClientDomainList = 371; |
| optional RemoteAccessHostFirewallTraversalProto RemoteAccessHostFirewallTraversal = 97; |
| optional RemoteAccessHostDomainProto RemoteAccessHostDomain = 156; |
| optional RemoteAccessHostDomainListProto RemoteAccessHostDomainList = 370; |
| optional RemoteAccessHostRequireTwoFactorProto RemoteAccessHostRequireTwoFactor = 157; |
| optional RemoteAccessHostTalkGadgetPrefixProto RemoteAccessHostTalkGadgetPrefix = 158; |
| optional RemoteAccessHostRequireCurtainProto RemoteAccessHostRequireCurtain = 159; |
| optional RemoteAccessHostAllowClientPairingProto RemoteAccessHostAllowClientPairing = 236; |
| optional RemoteAccessHostAllowGnubbyAuthProto RemoteAccessHostAllowGnubbyAuth = 259; |
| optional RemoteAccessHostAllowRelayedConnectionProto RemoteAccessHostAllowRelayedConnection = 265; |
| optional RemoteAccessHostUdpPortRangeProto RemoteAccessHostUdpPortRange = 266; |
| optional RemoteAccessHostMatchUsernameProto RemoteAccessHostMatchUsername = 287; |
| optional RemoteAccessHostTokenUrlProto RemoteAccessHostTokenUrl = 288; |
| optional RemoteAccessHostTokenValidationUrlProto RemoteAccessHostTokenValidationUrl = 289; |
| optional RemoteAccessHostTokenValidationCertificateIssuerProto RemoteAccessHostTokenValidationCertificateIssuer = 290; |
| optional RemoteAccessHostDebugOverridePoliciesProto RemoteAccessHostDebugOverridePolicies = 291; |
| optional RemoteAccessHostAllowUiAccessForRemoteAssistanceProto RemoteAccessHostAllowUiAccessForRemoteAssistance = 346; |
| optional RemoteAccessHostAllowFileTransferProto RemoteAccessHostAllowFileTransfer = 536; |
| optional PrintingEnabledProto PrintingEnabled = 14; |
| optional CloudPrintProxyEnabledProto CloudPrintProxyEnabled = 15; |
| optional PrintingAllowedColorModesProto PrintingAllowedColorModes = 476; |
| optional PrintingAllowedDuplexModesProto PrintingAllowedDuplexModes = 477; |
| optional PrintingAllowedPinModesProto PrintingAllowedPinModes = 527; |
| optional PrintingAllowedPageSizesProto PrintingAllowedPageSizes = 478; |
| optional PrintingColorDefaultProto PrintingColorDefault = 479; |
| optional PrintingDuplexDefaultProto PrintingDuplexDefault = 480; |
| optional PrintingPinDefaultProto PrintingPinDefault = 528; |
| optional PrintingSizeDefaultProto PrintingSizeDefault = 481; |
| optional PrintingSendUsernameAndFilenameEnabledProto PrintingSendUsernameAndFilenameEnabled = 508; |
| optional ForceSafeSearchProto ForceSafeSearch = 164; |
| optional ForceGoogleSafeSearchProto ForceGoogleSafeSearch = 284; |
| optional ForceYouTubeSafetyModeProto ForceYouTubeSafetyMode = 285; |
| optional ForceYouTubeRestrictProto ForceYouTubeRestrict = 350; |
| optional SafeBrowsingEnabledProto SafeBrowsingEnabled = 16; |
| optional MetricsReportingEnabledProto MetricsReportingEnabled = 17; |
| optional PasswordManagerEnabledProto PasswordManagerEnabled = 18; |
| optional PasswordManagerAllowShowPasswordsProto PasswordManagerAllowShowPasswords = 19; |
| optional AutoFillEnabledProto AutoFillEnabled = 20; |
| optional AutofillAddressEnabledProto AutofillAddressEnabled = 461; |
| optional AutofillCreditCardEnabledProto AutofillCreditCardEnabled = 394; |
| optional DisabledPluginsProto DisabledPlugins = 21; |
| optional EnabledPluginsProto EnabledPlugins = 80; |
| optional DisabledPluginsExceptionsProto DisabledPluginsExceptions = 81; |
| optional AlwaysOpenPdfExternallyProto AlwaysOpenPdfExternally = 349; |
| optional DisablePluginFinderProto DisablePluginFinder = 68; |
| optional SyncDisabledProto SyncDisabled = 22; |
| optional RoamingProfileSupportEnabledProto RoamingProfileSupportEnabled = 360; |
| optional RoamingProfileLocationProto RoamingProfileLocation = 361; |
| optional SigninAllowedProto SigninAllowed = 192; |
| optional EnableDeprecatedWebBasedSigninProto EnableDeprecatedWebBasedSignin = 267; |
| optional UserDataDirProto UserDataDir = 65; |
| optional DiskCacheDirProto DiskCacheDir = 90; |
| optional DiskCacheSizeProto DiskCacheSize = 112; |
| optional MediaCacheSizeProto MediaCacheSize = 113; |
| optional DownloadRestrictionsProto DownloadRestrictions = 373; |
| optional DownloadDirectoryProto DownloadDirectory = 66; |
| optional SafeBrowsingForTrustedSourcesEnabledProto SafeBrowsingForTrustedSourcesEnabled = 377; |
| optional ClearSiteDataOnExitProto ClearSiteDataOnExit = 67; |
| optional CaptivePortalAuthenticationIgnoresProxyProto CaptivePortalAuthenticationIgnoresProxy = 297; |
| optional ProxyModeProto ProxyMode = 23; |
| optional ProxyServerModeProto ProxyServerMode = 24; |
| optional ProxyServerProto ProxyServer = 25; |
| optional ProxyPacUrlProto ProxyPacUrl = 26; |
| optional ProxyBypassListProto ProxyBypassList = 27; |
| optional ProxySettingsProto ProxySettings = 118; |
| optional AuthSchemesProto AuthSchemes = 28; |
| optional DisableAuthNegotiateCnameLookupProto DisableAuthNegotiateCnameLookup = 29; |
| optional EnableAuthNegotiatePortProto EnableAuthNegotiatePort = 30; |
| optional AuthServerWhitelistProto AuthServerWhitelist = 31; |
| optional AuthNegotiateDelegateWhitelistProto AuthNegotiateDelegateWhitelist = 32; |
| optional AuthNegotiateDelegateByKdcPolicyProto AuthNegotiateDelegateByKdcPolicy = 530; |
| optional GSSAPILibraryNameProto GSSAPILibraryName = 33; |
| optional AuthAndroidNegotiateAccountTypeProto AuthAndroidNegotiateAccountType = 307; |
| optional AllowCrossOriginAuthPromptProto AllowCrossOriginAuthPrompt = 91; |
| optional NtlmV2EnabledProto NtlmV2Enabled = 395; |
| optional ExtensionInstallBlacklistProto ExtensionInstallBlacklist = 34; |
| optional ExtensionInstallWhitelistProto ExtensionInstallWhitelist = 35; |
| optional ExtensionInstallForcelistProto ExtensionInstallForcelist = 36; |
| optional ExtensionInstallSourcesProto ExtensionInstallSources = 150; |
| optional ExtensionAllowInsecureUpdatesProto ExtensionAllowInsecureUpdates = 518; |
| optional ExtensionAllowedTypesProto ExtensionAllowedTypes = 170; |
| optional ExtensionSettingsProto ExtensionSettings = 280; |
| optional ExtensionInstallListsMergeEnabledProto ExtensionInstallListsMergeEnabled = 546; |
| optional ShowHomeButtonProto ShowHomeButton = 37; |
| optional DeveloperToolsDisabledProto DeveloperToolsDisabled = 38; |
| optional DeveloperToolsAvailabilityProto DeveloperToolsAvailability = 445; |
| optional RestoreOnStartupProto RestoreOnStartup = 39; |
| optional RestoreOnStartupURLsProto RestoreOnStartupURLs = 40; |
| optional BlockThirdPartyCookiesProto BlockThirdPartyCookies = 41; |
| optional DefaultSearchProviderEnabledProto DefaultSearchProviderEnabled = 42; |
| optional DefaultSearchProviderNameProto DefaultSearchProviderName = 43; |
| optional DefaultSearchProviderKeywordProto DefaultSearchProviderKeyword = 44; |
| optional DefaultSearchProviderSearchURLProto DefaultSearchProviderSearchURL = 45; |
| optional DefaultSearchProviderSuggestURLProto DefaultSearchProviderSuggestURL = 46; |
| optional DefaultSearchProviderInstantURLProto DefaultSearchProviderInstantURL = 47; |
| optional DefaultSearchProviderIconURLProto DefaultSearchProviderIconURL = 48; |
| optional DefaultSearchProviderEncodingsProto DefaultSearchProviderEncodings = 49; |
| optional DefaultSearchProviderAlternateURLsProto DefaultSearchProviderAlternateURLs = 163; |
| optional DefaultSearchProviderSearchTermsReplacementKeyProto DefaultSearchProviderSearchTermsReplacementKey = 173; |
| optional DefaultSearchProviderImageURLProto DefaultSearchProviderImageURL = 231; |
| optional DefaultSearchProviderNewTabURLProto DefaultSearchProviderNewTabURL = 239; |
| optional DefaultSearchProviderSearchURLPostParamsProto DefaultSearchProviderSearchURLPostParams = 232; |
| optional DefaultSearchProviderSuggestURLPostParamsProto DefaultSearchProviderSuggestURLPostParams = 233; |
| optional DefaultSearchProviderInstantURLPostParamsProto DefaultSearchProviderInstantURLPostParams = 234; |
| optional DefaultSearchProviderImageURLPostParamsProto DefaultSearchProviderImageURLPostParams = 235; |
| optional DefaultCookiesSettingProto DefaultCookiesSetting = 50; |
| optional DefaultImagesSettingProto DefaultImagesSetting = 51; |
| optional DefaultJavaScriptSettingProto DefaultJavaScriptSetting = 52; |
| optional DefaultPluginsSettingProto DefaultPluginsSetting = 53; |
| optional DefaultPopupsSettingProto DefaultPopupsSetting = 54; |
| optional DefaultNotificationsSettingProto DefaultNotificationsSetting = 55; |
| optional DefaultGeolocationSettingProto DefaultGeolocationSetting = 56; |
| optional DefaultMediaStreamSettingProto DefaultMediaStreamSetting = 151; |
| optional DefaultWebBluetoothGuardSettingProto DefaultWebBluetoothGuardSetting = 322; |
| optional DefaultKeygenSettingProto DefaultKeygenSetting = 315; |
| optional DefaultWebUsbGuardSettingProto DefaultWebUsbGuardSetting = 436; |
| optional WebUsbAllowDevicesForUrlsProto WebUsbAllowDevicesForUrls = 488; |
| optional WebUsbAskForUrlsProto WebUsbAskForUrls = 441; |
| optional WebUsbBlockedForUrlsProto WebUsbBlockedForUrls = 442; |
| optional AutoSelectCertificateForUrlsProto AutoSelectCertificateForUrls = 104; |
| optional CookiesAllowedForUrlsProto CookiesAllowedForUrls = 79; |
| optional CookiesBlockedForUrlsProto CookiesBlockedForUrls = 69; |
| optional CookiesSessionOnlyForUrlsProto CookiesSessionOnlyForUrls = 70; |
| optional ImagesAllowedForUrlsProto ImagesAllowedForUrls = 71; |
| optional ImagesBlockedForUrlsProto ImagesBlockedForUrls = 72; |
| optional JavaScriptAllowedForUrlsProto JavaScriptAllowedForUrls = 73; |
| optional JavaScriptBlockedForUrlsProto JavaScriptBlockedForUrls = 74; |
| optional KeygenAllowedForUrlsProto KeygenAllowedForUrls = 316; |
| optional KeygenBlockedForUrlsProto KeygenBlockedForUrls = 317; |
| optional PluginsAllowedForUrlsProto PluginsAllowedForUrls = 75; |
| optional PluginsBlockedForUrlsProto PluginsBlockedForUrls = 76; |
| optional PopupsAllowedForUrlsProto PopupsAllowedForUrls = 77; |
| optional RegisteredProtocolHandlersProto RegisteredProtocolHandlers = 270; |
| optional PopupsBlockedForUrlsProto PopupsBlockedForUrls = 78; |
| optional NotificationsAllowedForUrlsProto NotificationsAllowedForUrls = 107; |
| optional NotificationsBlockedForUrlsProto NotificationsBlockedForUrls = 108; |
| optional NativeMessagingBlacklistProto NativeMessagingBlacklist = 253; |
| optional NativeMessagingWhitelistProto NativeMessagingWhitelist = 254; |
| optional NativeMessagingUserLevelHostsProto NativeMessagingUserLevelHosts = 255; |
| optional Disable3DAPIsProto Disable3DAPIs = 57; |
| optional PolicyRefreshRateProto PolicyRefreshRate = 58; |
| optional MaxInvalidationFetchDelayProto MaxInvalidationFetchDelay = 230; |
| optional ChromeFrameRendererSettingsProto ChromeFrameRendererSettings = 59; |
| optional RenderInChromeFrameListProto RenderInChromeFrameList = 60; |
| optional RenderInHostListProto RenderInHostList = 61; |
| optional AdditionalLaunchParametersProto AdditionalLaunchParameters = 143; |
| optional SkipMetadataCheckProto SkipMetadataCheck = 240; |
| optional ChromeFrameContentTypesProto ChromeFrameContentTypes = 62; |
| optional ChromeOsLockOnIdleSuspendProto ChromeOsLockOnIdleSuspend = 63; |
| optional ChromeOsMultiProfileUserBehaviorProto ChromeOsMultiProfileUserBehavior = 246; |
| optional SecondaryGoogleAccountSigninAllowedProto SecondaryGoogleAccountSigninAllowed = 408; |
| optional InstantEnabledProto InstantEnabled = 64; |
| optional AppRecommendationZeroStateEnabledProto AppRecommendationZeroStateEnabled = 565; |
| optional TranslateEnabledProto TranslateEnabled = 82; |
| optional AllowOutdatedPluginsProto AllowOutdatedPlugins = 83; |
| optional AlwaysAuthorizePluginsProto AlwaysAuthorizePlugins = 88; |
| optional RunAllFlashInAllowModeProto RunAllFlashInAllowMode = 393; |
| optional BookmarkBarEnabledProto BookmarkBarEnabled = 84; |
| optional EditBookmarksEnabledProto EditBookmarksEnabled = 85; |
| optional ShowAppsShortcutInBookmarkBarProto ShowAppsShortcutInBookmarkBar = 269; |
| optional AllowFileSelectionDialogsProto AllowFileSelectionDialogs = 86; |
| optional SecurityKeyPermitAttestationProto SecurityKeyPermitAttestation = 404; |
| optional GCFUserDataDirProto GCFUserDataDir = 89; |
| optional ImportBookmarksProto ImportBookmarks = 99; |
| optional ImportHistoryProto ImportHistory = 100; |
| optional ImportHomepageProto ImportHomepage = 101; |
| optional ImportSearchEngineProto ImportSearchEngine = 102; |
| optional ImportSavedPasswordsProto ImportSavedPasswords = 103; |
| optional ImportAutofillFormDataProto ImportAutofillFormData = 279; |
| optional MaxConnectionsPerProxyProto MaxConnectionsPerProxy = 94; |
| optional HideWebStorePromoProto HideWebStorePromo = 98; |
| optional URLBlacklistProto URLBlacklist = 105; |
| optional URLWhitelistProto URLWhitelist = 106; |
| optional PolicyListMultipleSourceMergeListProto PolicyListMultipleSourceMergeList = 556; |
| optional PolicyDictionaryMultipleSourceMergeListProto PolicyDictionaryMultipleSourceMergeList = 567; |
| optional OpenNetworkConfigurationProto OpenNetworkConfiguration = 109; |
| optional CloudPrintSubmitEnabledProto CloudPrintSubmitEnabled = 111; |
| optional EnterpriseWebStoreURLProto EnterpriseWebStoreURL = 114; |
| optional EnterpriseWebStoreNameProto EnterpriseWebStoreName = 115; |
| optional EnableOriginBoundCertsProto EnableOriginBoundCerts = 116; |
| optional EnableMemoryInfoProto EnableMemoryInfo = 117; |
| optional DisablePrintPreviewProto DisablePrintPreview = 119; |
| optional PrintHeaderFooterProto PrintHeaderFooter = 482; |
| optional DefaultPrinterSelectionProto DefaultPrinterSelection = 310; |
| optional DisableSSLRecordSplittingProto DisableSSLRecordSplitting = 120; |
| optional EnableOnlineRevocationChecksProto EnableOnlineRevocationChecks = 131; |
| optional RequireOnlineRevocationChecksForLocalAnchorsProto RequireOnlineRevocationChecksForLocalAnchors = 237; |
| optional EnableSha1ForLocalAnchorsProto EnableSha1ForLocalAnchors = 342; |
| optional EnableCommonNameFallbackForLocalAnchorsProto EnableCommonNameFallbackForLocalAnchors = 368; |
| optional EnableSymantecLegacyInfrastructureProto EnableSymantecLegacyInfrastructure = 415; |
| optional BuiltinCertificateVerifierEnabledProto BuiltinCertificateVerifierEnabled = 577; |
| optional ForceEphemeralProfilesProto ForceEphemeralProfiles = 247; |
| optional SAMLOfflineSigninTimeLimitProto SAMLOfflineSigninTimeLimit = 256; |
| optional ReportArcStatusEnabledProto ReportArcStatusEnabled = 351; |
| optional ReportCrostiniUsageEnabledProto ReportCrostiniUsageEnabled = 486; |
| optional DeviceLocalAccountManagedSessionEnabledProto DeviceLocalAccountManagedSessionEnabled = 465; |
| optional BackgroundModeEnabledProto BackgroundModeEnabled = 140; |
| optional DriveDisabledProto DriveDisabled = 141; |
| optional DriveDisabledOverCellularProto DriveDisabledOverCellular = 142; |
| optional PinnedLauncherAppsProto PinnedLauncherApps = 146; |
| optional RestrictSigninToPatternProto RestrictSigninToPattern = 149; |
| optional DisableSafeBrowsingProceedAnywayProto DisableSafeBrowsingProceedAnyway = 152; |
| optional SafeBrowsingExtendedReportingOptInAllowedProto SafeBrowsingExtendedReportingOptInAllowed = 301; |
| optional SpellCheckServiceEnabledProto SpellCheckServiceEnabled = 153; |
| optional ExternalStorageDisabledProto ExternalStorageDisabled = 154; |
| optional ExternalStorageReadOnlyProto ExternalStorageReadOnly = 345; |
| optional AudioOutputAllowedProto AudioOutputAllowed = 161; |
| optional AudioCaptureAllowedProto AudioCaptureAllowed = 162; |
| optional AudioCaptureAllowedUrlsProto AudioCaptureAllowedUrls = 210; |
| optional VideoCaptureAllowedProto VideoCaptureAllowed = 169; |
| optional VideoCaptureAllowedUrlsProto VideoCaptureAllowedUrls = 211; |
| optional DisableScreenshotsProto DisableScreenshots = 155; |
| optional TouchVirtualKeyboardEnabledProto TouchVirtualKeyboardEnabled = 271; |
| optional ShowLogoutButtonInTrayProto ShowLogoutButtonInTray = 166; |
| optional BuiltInDnsClientEnabledProto BuiltInDnsClientEnabled = 167; |
| optional ShelfAutoHideBehaviorProto ShelfAutoHideBehavior = 168; |
| optional UserDisplayNameProto UserDisplayName = 171; |
| optional SessionLengthLimitProto SessionLengthLimit = 172; |
| optional FullscreenAllowedProto FullscreenAllowed = 242; |
| optional ScreenDimDelayACProto ScreenDimDelayAC = 174; |
| optional ScreenOffDelayACProto ScreenOffDelayAC = 175; |
| optional ScreenLockDelayACProto ScreenLockDelayAC = 176; |
| optional IdleWarningDelayACProto IdleWarningDelayAC = 199; |
| optional IdleDelayACProto IdleDelayAC = 177; |
| optional ScreenDimDelayBatteryProto ScreenDimDelayBattery = 178; |
| optional ScreenOffDelayBatteryProto ScreenOffDelayBattery = 179; |
| optional ScreenLockDelayBatteryProto ScreenLockDelayBattery = 180; |
| optional IdleWarningDelayBatteryProto IdleWarningDelayBattery = 200; |
| optional IdleDelayBatteryProto IdleDelayBattery = 181; |
| optional IdleActionProto IdleAction = 182; |
| optional IdleActionACProto IdleActionAC = 228; |
| optional IdleActionBatteryProto IdleActionBattery = 224; |
| optional LidCloseActionProto LidCloseAction = 183; |
| optional PowerManagementUsesAudioActivityProto PowerManagementUsesAudioActivity = 184; |
| optional PowerManagementUsesVideoActivityProto PowerManagementUsesVideoActivity = 185; |
| optional PresentationIdleDelayScaleProto PresentationIdleDelayScale = 186; |
| optional PresentationScreenDimDelayScaleProto PresentationScreenDimDelayScale = 222; |
| optional AllowWakeLocksProto AllowWakeLocks = 493; |
| optional AllowScreenWakeLocksProto AllowScreenWakeLocks = 205; |
| optional UserActivityScreenDimDelayScaleProto UserActivityScreenDimDelayScale = 212; |
| optional WaitForInitialUserActivityProto WaitForInitialUserActivity = 249; |
| optional PowerManagementIdleSettingsProto PowerManagementIdleSettings = 260; |
| optional ScreenLockDelaysProto ScreenLockDelays = 261; |
| optional TermsOfServiceURLProto TermsOfServiceURL = 188; |
| optional ShowAccessibilityOptionsInSystemTrayMenuProto ShowAccessibilityOptionsInSystemTrayMenu = 190; |
| optional LargeCursorEnabledProto LargeCursorEnabled = 213; |
| optional SpokenFeedbackEnabledProto SpokenFeedbackEnabled = 214; |
| optional HighContrastEnabledProto HighContrastEnabled = 215; |
| optional VirtualKeyboardEnabledProto VirtualKeyboardEnabled = 257; |
| optional StickyKeysEnabledProto StickyKeysEnabled = 563; |
| optional SelectToSpeakEnabledProto SelectToSpeakEnabled = 575; |
| optional KeyboardDefaultToFunctionKeysProto KeyboardDefaultToFunctionKeys = 262; |
| optional ScreenMagnifierTypeProto ScreenMagnifierType = 216; |
| optional HideWebStoreIconProto HideWebStoreIcon = 191; |
| optional VariationsRestrictParameterProto VariationsRestrictParameter = 198; |
| optional AttestationEnabledForUserProto AttestationEnabledForUser = 202; |
| optional AttestationExtensionWhitelistProto AttestationExtensionWhitelist = 203; |
| optional SuppressChromeFrameTurndownPromptProto SuppressChromeFrameTurndownPrompt = 223; |
| optional ContentPackDefaultFilteringBehaviorProto ContentPackDefaultFilteringBehavior = 206; |
| optional ContentPackManualBehaviorHostsProto ContentPackManualBehaviorHosts = 207; |
| optional ContentPackManualBehaviorURLsProto ContentPackManualBehaviorURLs = 208; |
| optional SupervisedUserCreationEnabledProto SupervisedUserCreationEnabled = 225; |
| optional SupervisedUserContentProviderEnabledProto SupervisedUserContentProviderEnabled = 314; |
| optional ManagedBookmarksProto ManagedBookmarks = 229; |
| optional DataCompressionProxyEnabledProto DataCompressionProxyEnabled = 243; |
| optional UserAvatarImageProto UserAvatarImage = 251; |
| optional WallpaperImageProto WallpaperImage = 264; |
| optional EnableDeprecatedWebPlatformFeaturesProto EnableDeprecatedWebPlatformFeatures = 272; |
| optional EasyUnlockAllowedProto EasyUnlockAllowed = 274; |
| optional SessionLocalesProto SessionLocales = 276; |
| optional BrowserGuestModeEnabledProto BrowserGuestModeEnabled = 277; |
| optional BrowserGuestModeEnforcedProto BrowserGuestModeEnforced = 576; |
| optional BrowserAddPersonEnabledProto BrowserAddPersonEnabled = 278; |
| optional ForceBrowserSigninProto ForceBrowserSignin = 348; |
| optional BrowserSigninProto BrowserSignin = 489; |
| optional SSLVersionMinProto SSLVersionMin = 281; |
| optional SSLVersionFallbackMinProto SSLVersionFallbackMin = 282; |
| optional SSLVersionMaxProto SSLVersionMax = 363; |
| optional CertificateTransparencyEnforcementDisabledForUrlsProto CertificateTransparencyEnforcementDisabledForUrls = 337; |
| optional CertificateTransparencyEnforcementDisabledForCasProto CertificateTransparencyEnforcementDisabledForCas = 437; |
| optional CertificateTransparencyEnforcementDisabledForLegacyCasProto CertificateTransparencyEnforcementDisabledForLegacyCas = 438; |
| optional RC4EnabledProto RC4Enabled = 312; |
| optional DHEEnabledProto DHEEnabled = 336; |
| optional ContextualSearchEnabledProto ContextualSearchEnabled = 283; |
| optional ForceMaximizeOnFirstRunProto ForceMaximizeOnFirstRun = 300; |
| optional SSLErrorOverrideAllowedProto SSLErrorOverrideAllowed = 302; |
| optional QuicAllowedProto QuicAllowed = 303; |
| optional KeyPermissionsProto KeyPermissions = 304; |
| optional WelcomePageOnOSUpgradeEnabledProto WelcomePageOnOSUpgradeEnabled = 305; |
| optional HardwareAccelerationModeEnabledProto HardwareAccelerationModeEnabled = 306; |
| optional UnifiedDesktopEnabledByDefaultProto UnifiedDesktopEnabledByDefault = 309; |
| optional ArcEnabledProto ArcEnabled = 319; |
| optional ArcPolicyProto ArcPolicy = 320; |
| optional SuppressUnsupportedOSWarningProto SuppressUnsupportedOSWarning = 326; |
| optional TaskManagerEndProcessEnabledProto TaskManagerEndProcessEnabled = 329; |
| optional AllowScreenLockProto AllowScreenLock = 331; |
| optional ArcCertificatesSyncModeProto ArcCertificatesSyncMode = 332; |
| optional AllowedDomainsForAppsProto AllowedDomainsForApps = 333; |
| optional PacHttpsUrlStrippingEnabledProto PacHttpsUrlStrippingEnabled = 334; |
| optional EnableMediaRouterProto EnableMediaRouter = 335; |
| optional ShowCastIconInToolbarProto ShowCastIconInToolbar = 364; |
| optional MediaRouterCastAllowAllIPsProto MediaRouterCastAllowAllIPs = 439; |
| optional ArcBackupRestoreEnabledProto ArcBackupRestoreEnabled = 339; |
| optional ArcLocationServiceEnabledProto ArcLocationServiceEnabled = 365; |
| optional NTPContentSuggestionsEnabledProto NTPContentSuggestionsEnabled = 340; |
| optional WebRtcUdpPortRangeProto WebRtcUdpPortRange = 341; |
| optional WebRestrictionsAuthorityProto WebRestrictionsAuthority = 343; |
| optional ComponentUpdatesEnabledProto ComponentUpdatesEnabled = 344; |
| optional NativePrintersProto NativePrinters = 352; |
| optional NativePrintersBulkConfigurationProto NativePrintersBulkConfiguration = 384; |
| optional NativePrintersBulkAccessModeProto NativePrintersBulkAccessMode = 385; |
| optional NativePrintersBulkBlacklistProto NativePrintersBulkBlacklist = 386; |
| optional NativePrintersBulkWhitelistProto NativePrintersBulkWhitelist = 387; |
| optional QuickUnlockModeWhitelistProto QuickUnlockModeWhitelist = 354; |
| optional QuickUnlockTimeoutProto QuickUnlockTimeout = 355; |
| optional PinUnlockMinimumLengthProto PinUnlockMinimumLength = 356; |
| optional PinUnlockMaximumLengthProto PinUnlockMaximumLength = 357; |
| optional PinUnlockWeakPinsAllowedProto PinUnlockWeakPinsAllowed = 358; |
| optional SmsMessagesAllowedProto SmsMessagesAllowed = 471; |
| optional SmartLockSigninAllowedProto SmartLockSigninAllowed = 490; |
| optional InstantTetheringAllowedProto InstantTetheringAllowed = 369; |
| optional BrowserNetworkTimeQueriesEnabledProto BrowserNetworkTimeQueriesEnabled = 372; |
| optional PrintPreviewUseSystemDefaultPrinterProto PrintPreviewUseSystemDefaultPrinter = 375; |
| optional EcryptfsMigrationStrategyProto EcryptfsMigrationStrategy = 378; |
| optional SchedulerConfigurationProto SchedulerConfiguration = 524; |
| optional NoteTakingAppsLockScreenWhitelistProto NoteTakingAppsLockScreenWhitelist = 379; |
| optional CastReceiverEnabledProto CastReceiverEnabled = 380; |
| optional CloudPolicyOverridesPlatformPolicyProto CloudPolicyOverridesPlatformPolicy = 383; |
| optional PromptForDownloadLocationProto PromptForDownloadLocation = 397; |
| optional IsolateOriginsProto IsolateOrigins = 400; |
| optional SitePerProcessProto SitePerProcess = 401; |
| optional IsolateOriginsAndroidProto IsolateOriginsAndroid = 447; |
| optional SitePerProcessAndroidProto SitePerProcessAndroid = 448; |
| optional WebDriverOverridesIncompatiblePoliciesProto WebDriverOverridesIncompatiblePolicies = 416; |
| optional UnsafelyTreatInsecureOriginAsSecureProto UnsafelyTreatInsecureOriginAsSecure = 402; |
| optional DefaultDownloadDirectoryProto DefaultDownloadDirectory = 403; |
| optional AbusiveExperienceInterventionEnforceProto AbusiveExperienceInterventionEnforce = 406; |
| optional SpellcheckLanguageProto SpellcheckLanguage = 407; |
| optional SpellcheckLanguageBlacklistProto SpellcheckLanguageBlacklist = 538; |
| optional ThirdPartyBlockingEnabledProto ThirdPartyBlockingEnabled = 409; |
| optional SpellcheckEnabledProto SpellcheckEnabled = 410; |
| optional AdsSettingForIntrusiveAdsSitesProto AdsSettingForIntrusiveAdsSites = 411; |
| optional RestrictAccountsToPatternsProto RestrictAccountsToPatterns = 412; |
| optional PasswordProtectionWarningTriggerProto PasswordProtectionWarningTrigger = 413; |
| optional RelaunchNotificationProto RelaunchNotification = 421; |
| optional RelaunchNotificationPeriodProto RelaunchNotificationPeriod = 422; |
| optional RelaunchHeadsUpPeriodProto RelaunchHeadsUpPeriod = 569; |
| optional CrostiniAllowedProto CrostiniAllowed = 483; |
| optional CrostiniExportImportUIAllowedProto CrostiniExportImportUIAllowed = 525; |
| optional SafeBrowsingWhitelistDomainsProto SafeBrowsingWhitelistDomains = 424; |
| optional PasswordProtectionLoginURLsProto PasswordProtectionLoginURLs = 425; |
| optional PasswordProtectionChangePasswordURLProto PasswordProtectionChangePasswordURL = 426; |
| optional SafeBrowsingExtendedReportingEnabledProto SafeBrowsingExtendedReportingEnabled = 431; |
| optional MachineLevelUserCloudPolicyEnrollmentTokenProto MachineLevelUserCloudPolicyEnrollmentToken = 430; |
| optional CloudManagementEnrollmentTokenProto CloudManagementEnrollmentToken = 512; |
| optional CloudManagementEnrollmentMandatoryProto CloudManagementEnrollmentMandatory = 507; |
| optional AutoplayAllowedProto AutoplayAllowed = 432; |
| optional AutoplayWhitelistProto AutoplayWhitelist = 433; |
| optional TabUnderAllowedProto TabUnderAllowed = 434; |
| optional UserNativePrintersAllowedProto UserNativePrintersAllowed = 435; |
| optional ChromeCleanupEnabledProto ChromeCleanupEnabled = 443; |
| optional ChromeCleanupReportingEnabledProto ChromeCleanupReportingEnabled = 444; |
| optional AllowedLanguagesProto AllowedLanguages = 446; |
| optional AllowedInputMethodsProto AllowedInputMethods = 458; |
| optional ArcAppInstallEventLoggingEnabledProto ArcAppInstallEventLoggingEnabled = 449; |
| optional UsageTimeLimitProto UsageTimeLimit = 450; |
| optional ArcBackupRestoreServiceEnabledProto ArcBackupRestoreServiceEnabled = 451; |
| optional ArcGoogleLocationServicesEnabledProto ArcGoogleLocationServicesEnabled = 452; |
| optional EnableSyncConsentProto EnableSyncConsent = 453; |
| optional ContextualSuggestionsEnabledProto ContextualSuggestionsEnabled = 454; |
| optional PromotionalTabsEnabledProto PromotionalTabsEnabled = 456; |
| optional SafeSitesFilterBehaviorProto SafeSitesFilterBehavior = 457; |
| optional OverrideSecurityRestrictionsOnInsecureOriginProto OverrideSecurityRestrictionsOnInsecureOrigin = 459; |
| optional TabLifecyclesEnabledProto TabLifecyclesEnabled = 462; |
| optional UrlKeyedAnonymizedDataCollectionEnabledProto UrlKeyedAnonymizedDataCollectionEnabled = 463; |
| optional NetworkFileSharesAllowedProto NetworkFileSharesAllowed = 464; |
| optional WebRtcEventLogCollectionAllowedProto WebRtcEventLogCollectionAllowed = 466; |
| optional PowerSmartDimEnabledProto PowerSmartDimEnabled = 467; |
| optional CoalesceH2ConnectionsWithClientCertificatesForHostsProto CoalesceH2ConnectionsWithClientCertificatesForHosts = 468; |
| optional NetBiosShareDiscoveryEnabledProto NetBiosShareDiscoveryEnabled = 469; |
| optional WebAppInstallForceListProto WebAppInstallForceList = 470; |
| optional ReportVersionDataProto ReportVersionData = 472; |
| optional ReportPolicyDataProto ReportPolicyData = 473; |
| optional ReportMachineIDDataProto ReportMachineIDData = 474; |
| optional ReportUserIDDataProto ReportUserIDData = 475; |
| optional ReportExtensionsAndPluginsDataProto ReportExtensionsAndPluginsData = 501; |
| optional ReportSafeBrowsingDataProto ReportSafeBrowsingData = 502; |
| optional CloudReportingEnabledProto CloudReportingEnabled = 495; |
| optional EnterpriseHardwarePlatformAPIEnabledProto EnterpriseHardwarePlatformAPIEnabled = 485; |
| optional VpnConfigAllowedProto VpnConfigAllowed = 487; |
| optional NTLMShareAuthenticationEnabledProto NTLMShareAuthenticationEnabled = 491; |
| optional NetworkFileSharesPreconfiguredSharesProto NetworkFileSharesPreconfiguredShares = 492; |
| optional ScreenBrightnessPercentProto ScreenBrightnessPercent = 494; |
| optional AlternativeBrowserPathProto AlternativeBrowserPath = 496; |
| optional AlternativeBrowserParametersProto AlternativeBrowserParameters = 497; |
| optional BrowserSwitcherChromePathProto BrowserSwitcherChromePath = 532; |
| optional BrowserSwitcherChromeParametersProto BrowserSwitcherChromeParameters = 533; |
| optional BrowserSwitcherUrlListProto BrowserSwitcherUrlList = 498; |
| optional BrowserSwitcherUrlGreylistProto BrowserSwitcherUrlGreylist = 499; |
| optional BrowserSwitcherUseIeSitelistProto BrowserSwitcherUseIeSitelist = 500; |
| optional BrowserSwitcherExternalSitelistUrlProto BrowserSwitcherExternalSitelistUrl = 513; |
| optional BrowserSwitcherExternalGreylistUrlProto BrowserSwitcherExternalGreylistUrl = 566; |
| optional BrowserSwitcherDelayProto BrowserSwitcherDelay = 526; |
| optional BrowserSwitcherEnabledProto BrowserSwitcherEnabled = 519; |
| optional BrowserSwitcherKeepLastChromeTabProto BrowserSwitcherKeepLastChromeTab = 521; |
| optional PluginVmImageProto PluginVmImage = 506; |
| optional ParentAccessCodeConfigProto ParentAccessCodeConfig = 509; |
| optional ClientCertificateManagementAllowedProto ClientCertificateManagementAllowed = 520; |
| optional ForceNetworkInProcessProto ForceNetworkInProcess = 523; |
| optional VoiceInteractionContextEnabledProto VoiceInteractionContextEnabled = 529; |
| optional VoiceInteractionHotwordEnabledProto VoiceInteractionHotwordEnabled = 531; |
| optional AllowPopupsDuringPageUnloadProto AllowPopupsDuringPageUnload = 535; |
| optional SignedHTTPExchangeEnabledProto SignedHTTPExchangeEnabled = 544; |
| optional SamlInSessionPasswordChangeEnabledProto SamlInSessionPasswordChangeEnabled = 547; |
| optional UserFeedbackAllowedProto UserFeedbackAllowed = 572; |
| optional SamlPasswordExpirationAdvanceWarningDaysProto SamlPasswordExpirationAdvanceWarningDays = 557; |
| optional KerberosEnabledProto KerberosEnabled = 559; |
| optional KerberosRememberPasswordEnabledProto KerberosRememberPasswordEnabled = 560; |
| optional KerberosAddAccountsAllowedProto KerberosAddAccountsAllowed = 561; |
| optional KerberosAccountsProto KerberosAccounts = 562; |
| optional CommandLineFlagSecurityWarningsEnabledProto CommandLineFlagSecurityWarningsEnabled = 568; |
| optional StartupBrowserWindowLaunchSuppressedProto StartupBrowserWindowLaunchSuppressed = 570; |
| optional ExternalPrintServersProto ExternalPrintServers = 574; |
| } |
| |