policy: Create managed screensaver device policies

Whereas consumer users can configure the screensaver, the managed screensaver will retrieve the images to display, and configurable settings from policy values. This change adds the user-policy set to configure the managed screensaver in the device sign-in screen. Bug: b:175142676,b:265112751 Change-Id: I2badec3cc5e2defad9816036ecabf0fb7cf984f1 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4161692 Reviewed-by: Jana Grill <janagrill@google.com> Reviewed-by: Maksim Ivanov <emaxx@chromium.org> Commit-Queue: Emmanuel Arias Soto <eariassoto@google.com> Cr-Commit-Position: refs/heads/main@{#1096169}
chromium · Jan 24, 2023 · 4d8b6c6 · 4d8b6c6
1 parent 9523544
commit 4d8b6c6
Show file tree

Hide file tree

Showing 10 changed files with 196 additions and 1 deletion.
diff --git a/chrome/test/data/policy/policy_test_cases.json b/chrome/test/data/policy/policy_test_cases.json
@@ -21872,5 +21872,17 @@
   },
   "ScreensaverImages" : {
     "reason_for_missing_test": "TODO(b/175142676): Feature not yet implemented"
+  },
+  "DeviceScreensaverEnabled" : {
+    "reason_for_missing_test": "TODO(b/175142676): Feature not yet implemented"
+  },
+  "DeviceScreensaverIdleTimeoutSeconds" : {
+    "reason_for_missing_test": "TODO(b/175142676): Feature not yet implemented"
+  },
+  "DeviceScreensaverImageDisplayIntervalSeconds" : {
+    "reason_for_missing_test": "TODO(b/175142676): Feature not yet implemented"
+  },
+  "DeviceScreensaverImages" : {
+    "reason_for_missing_test": "TODO(b/175142676): Feature not yet implemented"
   }
 }
diff --git a/components/policy/proto/chrome_device_policy.proto b/components/policy/proto/chrome_device_policy.proto
@@ -1139,6 +1139,38 @@ message DeviceWallpaperImageProto {
   optional string device_wallpaper_image = 1;
 }
 
+message DeviceScreensaverIdleTimeoutSecondsProto {
+  optional int64 device_screensaver_idle_timeout_seconds = 1;
+};
+
+message DeviceScreensaverImageDisplayIntervalSecondsProto {
+  optional int64 device_screensaver_image_display_interval_seconds = 1;
+};
+
+// Specifies the images to be displayed in the device-level screensaver.
+// Represented as a JSON string that must follow the following schema:
+// {
+//   "items": {
+//     "properties": {
+//       "hash": {
+//         "type": "string"
+//       },
+//       "url": {
+//         "type": "string"
+//       }
+//     },
+//     "type": "object"
+//   },
+//   "type": "array"
+// }
+message DeviceScreensaverImagesProto {
+  optional string device_screensaver_images = 1;
+};
+
+message DeviceScreensaverEnabledProto {
+  optional bool device_screensaver_enabled = 1;
+};
+
 // Migration strategy for the case when ARC(N+) needs the ext4 encryption while
 // the device used ecryptfs in the past.
 message DeviceEcryptfsMigrationStrategyProto {
@@ -1927,4 +1959,10 @@ message ChromeDeviceSettingsProto {
       device_hindi_inscript_layout_enabled = 140;
   optional LoginScreenExtensionManifestV2AvailabilityProto
       login_screen_extension_manifest_v2_availability = 141;
+  optional DeviceScreensaverEnabledProto device_screensaver_enabled = 142;
+  optional DeviceScreensaverIdleTimeoutSecondsProto
+      device_screensaver_idle_timeout_seconds = 143;
+  optional DeviceScreensaverImageDisplayIntervalSecondsProto
+      device_screensaver_image_display_interval_seconds = 144;
+  optional DeviceScreensaverImagesProto device_screensaver_images = 145;
 }
diff --git a/components/policy/resources/templates/device_policy_proto_map.yaml b/components/policy/resources/templates/device_policy_proto_map.yaml
@@ -204,3 +204,7 @@ SystemUse24HourClock: use_24hour_clock.use_24hour_clock
 UnaffiliatedArcAllowed: unaffiliated_arc_allowed.unaffiliated_arc_allowed
 UptimeLimit: uptime_limit.uptime_limit
 VirtualMachinesAllowed: virtual_machines_allowed.virtual_machines_allowed
+DeviceScreensaverEnabled: device_screensaver_enabled.device_screensaver_enabled
+DeviceScreensaverIdleTimeoutSeconds: device_screensaver_idle_timeout_seconds.device_screensaver_idle_timeout_seconds
+DeviceScreensaverImageDisplayIntervalSeconds: device_screensaver_image_display_interval_seconds.device_screensaver_image_display_interval_seconds
+DeviceScreensaverImages: device_screensaver_images.device_screensaver_images
diff --git a/components/policy/resources/templates/policies.yaml b/components/policy/resources/templates/policies.yaml
@@ -1061,6 +1061,10 @@ policies:
   1060: ScreensaverIdleTimeoutSeconds
   1061: ScreensaverImageDisplayIntervalSeconds
   1062: ScreensaverImages
+  1063: DeviceScreensaverEnabled
+  1064: DeviceScreensaverIdleTimeoutSeconds
+  1065: DeviceScreensaverImageDisplayIntervalSeconds
+  1066: DeviceScreensaverImages
 atomic_groups:
   1: Homepage
   2: RemoteAccess

diff --git a/components/policy/resources/templates/policy_definitions/Screensaver/.group.details.yaml b/components/policy/resources/templates/policy_definitions/Screensaver/.group.details.yaml
@@ -1,2 +1,2 @@
 caption: Screensaver Settings
-desc: Controls the screensaver settings for the device sign-in screen, and user lock screen.
+desc: Controls the screensaver settings for the device sign-in screen, and user lock screen.
diff --git a/...s/policy/resources/templates/policy_definitions/Screensaver/DeviceScreensaverEnabled.yaml b/...s/policy/resources/templates/policy_definitions/Screensaver/DeviceScreensaverEnabled.yaml
@@ -0,0 +1,34 @@
+caption: Device screensaver enabled.
+default: false
+desc: |-
+  Configures the device-level screensaver for the sign-in screen.
+
+  If this policy is set to true, the <ph name="PRODUCT_OS_NAME">$2<ex>Google ChromeOS</ex></ph> device will show a screensaver when it is idle in the sign-in screen.
+
+  If this policy is set to false, or unset, the screensaver will not be displayed in the sign-in screen.
+
+  The device screensaver displays the images referenced by the <ph name="DEVICE_SCREENSAVER_IMAGES_POLICY_NAME">DeviceScreensaverImages</ph> policy. If <ph name="DEVICE_SCREENSAVER_IMAGES_POLICY_NAME">DeviceScreensaverImages</ph> is unset, or it is set to an empty list, or to a list without any valid images, the screensaver for the sign-in screen will not be displayed.
+
+  The idle timeout to start the screensaver, and the interval that an image is displayed can be modified with the <ph name="DEVICE_SCREENSAVER_IDLE_TIMEOUT_SECONDS_POLICY_NAME">DeviceScreensaverIdleTimeoutSeconds</ph>, and the <ph name="DEVICE_SCREENSAVER_DISPLAY_INTERVAL_SECONDS_POLICY_NAME">DeviceScreensaverDisplayIntervalSeconds</ph> policies respectively. If any of these policies are unset, their default values will be use instead.
+
+device_only: true
+example_value: true
+features:
+  can_be_recommended: false
+  dynamic_refresh: true
+  per_profile: false
+items:
+- caption: Enable the screensaver in the sign-in screen.
+  value: true
+- caption: Do not enable the screensaver in the sign-in screen.
+  value: false
+owners:
+- mpetrisor@google.com
+- eariassoto@google.com
+- imprivata-eng@google.com
+schema:
+  type: boolean
+future_on:
+- chrome_os
+tags: []
+type: main
diff --git a/...sources/templates/policy_definitions/Screensaver/DeviceScreensaverIdleTimeoutSeconds.yaml b/...sources/templates/policy_definitions/Screensaver/DeviceScreensaverIdleTimeoutSeconds.yaml
@@ -0,0 +1,27 @@
+caption: Device screensaver idle timeout.
+desc: |-
+  Configures the time in seconds that the device will wait idle before showing the screensaver for the sign-in screen.
+
+  Valid values range from 1 second to 9999 seconds. Leaving the policy unset means <ph name="PRODUCT_OS_NAME">$2<ex>Google ChromeOS</ex></ph> uses the default value of 7 seconds.
+
+  This policy will not have any effect when the <ph name="DEVICE_SCREENSAVER_ENABLED_POLICY_NAME">DeviceScreensaverEnabled</ph> policy is set to false.
+
+device_only: true
+default: 7
+example_value: 7
+features:
+  can_be_recommended: false
+  dynamic_refresh: true
+  per_profile: false
+owners:
+- mpetrisor@google.com
+- eariassoto@google.com
+- imprivata-eng@google.com
+schema:
+  minimum: 1
+  maximum: 9999
+  type: integer
+future_on:
+- chrome_os
+tags: []
+type: int
diff --git a/...emplates/policy_definitions/Screensaver/DeviceScreensaverImageDisplayIntervalSeconds.yaml b/...emplates/policy_definitions/Screensaver/DeviceScreensaverImageDisplayIntervalSeconds.yaml
@@ -0,0 +1,27 @@
+caption: Device screensaver image display interval.
+desc: |-
+  Configures the interval in seconds to display an image when the screensaver for the sign-in screen has multiple images to display.
+
+  Valid values range from 1 second to 9999 seconds. Leaving the policy unset means <ph name="PRODUCT_OS_NAME">$2<ex>Google ChromeOS</ex></ph> uses the default value of 60 seconds.
+
+  This policy will not have any effect when the <ph name="DEVICE_SCREENSAVER_ENABLED_POLICY_NAME">DeviceScreensaverEnabled</ph> policy is set to false.
+
+device_only: true
+default: 60
+example_value: 60
+features:
+  can_be_recommended: false
+  dynamic_refresh: true
+  per_profile: false
+owners:
+- mpetrisor@google.com
+- eariassoto@google.com
+- imprivata-eng@google.com
+schema:
+  minimum: 1
+  maximum: 9999
+  type: integer
+future_on:
+- chrome_os
+tags: []
+type: int
diff --git a/...ts/policy/resources/templates/policy_definitions/Screensaver/DeviceScreensaverImages.yaml b/...ts/policy/resources/templates/policy_definitions/Screensaver/DeviceScreensaverImages.yaml
@@ -0,0 +1,45 @@
+caption: Device screensaver image source.
+desc: |-
+  Configures the list of images to display in the screensaver for the sign-in screen.
+
+  Each list item references an image to be displayed in the screensaver. The item must have as members a URL to the image, and the SHA-256 hash value of the image file for verification. The image format must be JPEG. The <ph name="PRODUCT_OS_NAME">$2<ex>Google ChromeOS</ex></ph> device will download these images, and maintain a local cache of these references.
+
+  This policy will not have any effect if the <ph name="DEVICE_SCREENSAVER_ENABLED_POLICY_NAME">DeviceScreensaverEnabled</ph> policy is set to false.
+
+  If this policy is unset, or the list does not contain any valid image references, the screensaver for the sign-in screen will not be displayed, regardless of the value set in the <ph name="DEVICE_SCREENSAVER_ENABLED_POLICY_NAME">DeviceScreensaverEnabled</ph> policy.
+
+device_only: true
+default: []
+example_value:
+- url: https://www.example.com/img_1.jpg
+  hash: 38aae2b1647f1f37729c4f3632c297ceb901a130bf5881d72c3a19e16ff97e7a
+- url: https://www.example.com/img_2.jpg
+  hash: 439189aabe4fb024450ca7f0f5a7bc06841200e14b286db87e820d8674e316cd
+- url: https://www.example.com/img_3.jpg
+  hash: b6d9d35eb4d2957dbb78ba82f47c94727b8563ee7e3030c3c56be227c4ef4f78
+features:
+  can_be_recommended: false
+  dynamic_refresh: true
+  per_profile: false
+owners:
+- mpetrisor@google.com
+- eariassoto@google.com
+- imprivata-eng@google.com
+schema:
+  items:
+    properties:
+      hash:
+        description: The SHA-256 hash of the image.
+        type: string
+      url:
+        description: The URL from which the screensaver image can be downloaded.
+        type: string
+    required:
+    - url
+    - hash
+    type: object
+  type: array
+future_on:
+- chrome_os
+tags: []
+type: dict
diff --git a/tools/metrics/histograms/enums.xml b/tools/metrics/histograms/enums.xml
@@ -32487,6 +32487,10 @@ Called by update_document_policy_enum.py.-->
   <int value="1060" label="ScreensaverIdleTimeoutSeconds"/>
   <int value="1061" label="ScreensaverImageDisplayIntervalSeconds"/>
   <int value="1062" label="ScreensaverImages"/>
+  <int value="1063" label="DeviceScreensaverEnabled"/>
+  <int value="1064" label="DeviceScreensaverIdleTimeoutSeconds"/>
+  <int value="1065" label="DeviceScreensaverImageDisplayIntervalSeconds"/>
+  <int value="1066" label="DeviceScreensaverImages"/>
 </enum>
 
 <enum name="EnterprisePoliciesSources">