[ChromeOS Flex] Add device policy for sending hw data

This adds a new device policy for managed ChromeOS Flex devices to control whether detailed hardware component data can collected for product improvement purposes. We'd like the administrator to be very clear on what the data will be used for, and not piggy-back on other policies that allow data collection intended for customer use. This is Flex-only, sending hardware data, for product improvement. Device policies should start with "Device", according to a comment in src/chromium/src/components/policy/tools/syntax_check_policy_template_json.py Boolean policies end with "Enabled" by convention? So our policy name: `DeviceFlexHwDataForProductImprovementEnabled`. Although docs/enterprise/add_new_policy.md says we need to add a preference and register it in Local State, etc. that doesn't appear to be necessary for Device policies. Tested by copying the chrome_device_policy.proto to a cros_sdk, and building libbrillo (with added accessors) against it, then using the new accessors to check value. Change-Id: I49282724a216cf36a09b784f174d0f4c9d589c43 Bug: b:299148409 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4908296 Reviewed-by: Roland Bock <rbock@google.com> Reviewed-by: Maksim Ivanov <emaxx@chromium.org> Commit-Queue: Ted Brandston <tbrandston@google.com> Auto-Submit: Ted Brandston <tbrandston@google.com> Cr-Commit-Position: refs/heads/main@{#1211486}
chromium · Oct 18, 2023 · 18cd84f · 18cd84f
1 parent 3fe2752
commit 18cd84f
Show file tree

Hide file tree

Showing 8 changed files with 58 additions and 0 deletions.
diff --git a/chrome/browser/ash/policy/core/device_policy_decoder.cc b/chrome/browser/ash/policy/core/device_policy_decoder.cc
@@ -2335,6 +2335,17 @@ void DecodeGenericPolicies(const em::ChromeDeviceSettingsProto& policy,
                     nullptr);
     }
   }
+
+  if (policy.has_device_flex_hw_data_for_product_improvement_enabled()) {
+    const em::DeviceFlexHwDataForProductImprovementEnabledProto& container(
+        policy.device_flex_hw_data_for_product_improvement_enabled());
+    if (container.has_enabled()) {
+      policies->Set(key::kDeviceFlexHwDataForProductImprovementEnabled,
+                    POLICY_LEVEL_MANDATORY, POLICY_SCOPE_MACHINE,
+                    POLICY_SOURCE_CLOUD, base::Value(container.enabled()),
+                    nullptr);
+    }
+  }
 }
 
 }  // namespace

diff --git a/components/policy/proto/chrome_device_policy.proto b/components/policy/proto/chrome_device_policy.proto
@@ -1823,6 +1823,12 @@ message DeviceSwitchFunctionKeysBehaviorEnabledProto {
   optional bool enabled = 1;
 }
 
+message DeviceFlexHwDataForProductImprovementEnabledProto {
+  // Enable sending hardware data specifically for product improvement on
+  // managed ChromeOS Flex devices.
+  optional bool enabled = 1 [default = true];
+}
+
 // Mirrors ExtendedFkeysModifier from the extended_fkeys_modifier.mojom
 message ExtendedFkeysModifierProto {
   enum ExtendedFkeysModifier {
@@ -2044,4 +2050,6 @@ message ChromeDeviceSettingsProto {
   optional StringListPolicyProto device_dlc_predownload_list = 154;
   optional BooleanPolicyProto device_ephemeral_network_policies_enabled = 155;
   optional ExtendedFkeysModifierProto extended_fkeys_modifier = 156;
+  optional DeviceFlexHwDataForProductImprovementEnabledProto
+      device_flex_hw_data_for_product_improvement_enabled = 157;
 }
diff --git a/components/policy/resources/templates/device_policy_proto_map.yaml b/components/policy/resources/templates/device_policy_proto_map.yaml
@@ -44,6 +44,7 @@ DeviceExtendedFkeysModifier: extended_fkeys_modifier.modifier
 DeviceExternalPrintServers: external_print_servers.external_policy
 DeviceExternalPrintServersAllowlist: external_print_servers_allowlist.allowlist
 DeviceFamilyLinkAccountsAllowed: family_link_accounts_allowed.family_link_accounts_allowed
+DeviceFlexHwDataForProductImprovementEnabledProto: device_flex_hw_data_for_product_improvement_enabled.enabled
 DeviceLoginScreenGeolocationAccessLevel: device_login_screen_geolocation_access_level.geolocation_access_level
 DeviceGpoCacheLifetime: device_gpo_cache_lifetime.lifetime_hours
 DeviceGuestModeEnabled: guest_mode_enabled.guest_mode_enabled

diff --git a/components/policy/resources/templates/policies.yaml b/components/policy/resources/templates/policies.yaml
@@ -1172,6 +1172,7 @@ policies:
   1171: ZstdContentEncodingEnabled
   1172: IPv6ReachabilityOverrideEnabled
   1173: UserFeedbackWithLowLevelDebugDataAllowed
+  1174: DeviceFlexHwDataForProductImprovementEnabled
 atomic_groups:
   1: Homepage
   2: RemoteAccess

diff --git a/...licy_definitions/UserAndDeviceReporting/DeviceFlexHwDataForProductImprovementEnabled.yaml b/...licy_definitions/UserAndDeviceReporting/DeviceFlexHwDataForProductImprovementEnabled.yaml
@@ -0,0 +1,32 @@
+owners:
+- tbrandston@google.com
+- chromeos-flex-eng@google.com
+caption: Send hardware data to Google to support improvements to ChromeOS Flex
+desc: |-
+  Allows some services on <ph name="PRODUCT_OS_FLEX_NAME">Google ChromeOS Flex</ph> to send additional hardware data.
+
+  This hardware data is used for overall improvements to <ph name="PRODUCT_OS_FLEX_NAME">Google ChromeOS Flex</ph>.
+  For example, we might analyze the impact of a crash based on CPU,
+  or prioritize a bugfix based on how many devices share a component.
+
+  If the policy is Enabled or left unset, additional hardware details
+  will be sent from <ph name="PRODUCT_OS_FLEX_NAME">Google ChromeOS Flex</ph>
+  devices.
+  If Disabled, only standard hardware data will be sent.
+supported_on:
+- chrome_os:120-
+device_only: true
+features:
+  dynamic_refresh: true
+  per_profile: false
+type: main
+schema:
+  type: boolean
+items:
+- caption: Send additional hardware data on ChromeOS Flex
+  value: true
+- caption: Do not send additional hardware data on ChromeOS Flex
+  value: false
+default: true
+example_value: true
+tags: ['google-sharing']
diff --git a/components/policy/test/data/policy_test_cases.json b/components/policy/test/data/policy_test_cases.json
@@ -25607,5 +25607,8 @@
         }
       }
     ]
+  },
+  "DeviceFlexHwDataForProductImprovementEnabled": {
+    "reason_for_missing_test": "ChromeOS Flex device policy only read by services, not used in Chrome."
   }
 }
diff --git a/docs/enterprise/description_guidelines.md b/docs/enterprise/description_guidelines.md
@@ -13,6 +13,7 @@ tags must be opened and closed on the same line to avoid validation errors.
 
 * Chrome: `<ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph>`
 * ChromeOS: `<ph name="PRODUCT_OS_NAME">$2<ex>Google ChromeOS</ex></ph>`
+* ChromeOS Flex: `<ph name="PRODUCT_OS_FLEX_NAME">Google ChromeOS Flex</ph>`
 * Chrome Browser Cloud Management: `<ph name="CHROME_BROWSER_CLOUD_MANAGEMENT_NAME">Chrome Browser Cloud Management</ph>`
 * Chrome Cleanup: `<ph name="CHROME_CLEANUP_NAME">Chrome Cleanup</ph>`
 * Chrome Sync: `<ph name="CHROME_SYNC_NAME">Chrome Sync</ph>`

diff --git a/tools/metrics/histograms/enums.xml b/tools/metrics/histograms/enums.xml
@@ -34011,6 +34011,7 @@ Called by update_document_policy_enum.py.-->
   <int value="1171" label="ZstdContentEncodingEnabled"/>
   <int value="1172" label="IPv6ReachabilityOverrideEnabled"/>
   <int value="1173" label="UserFeedbackWithLowLevelDebugDataAllowed"/>
+  <int value="1174" label="DeviceFlexHwDataForProductImprovementEnabled"/>
 </enum>
 
 <enum name="EnterprisePoliciesSources">