| This patch contains the device settings proto changes that were introduced in |
| the chromium repo per crrev.com/c/3074788. We unfortunately can't roll |
| protofiles right now because of CQ failures (see crbug.com/1254434). This patch |
| is a temporary stop gap solution to allow work that depends on the proto changes |
| to land. Once protofiles can be properly upreved again, the patch is no longer |
| needed and should be dropped. |
| |
| diff --git a/cloud/policy/proto/chrome_device_policy.proto b/cloud/policy/proto/chrome_device_policy.proto |
| index 48281ad3..f88b8ae9 100644 |
| --- a/cloud/policy/proto/chrome_device_policy.proto |
| +++ b/cloud/policy/proto/chrome_device_policy.proto |
| @@ -348,6 +348,11 @@ message AutoUpdateSettingsProto { |
| // Specifies what should happen if the device channel is downgraded. |
| optional ChannelDowngradeBehavior channel_downgrade_behavior = 16 |
| [default = WAIT_FOR_VERSION_CATCH_UP]; |
| + |
| + // |target_version_selector| is forwarded as the "targetversionselector" |
| + // attribute to Omaha and is used by it if for minor version pinning. The |
| + // field is not and shall not be processed by the client. |
| + optional string target_version_selector = 17; |
| } |
| |
| message OBSOLETE_StartUpUrlsProto { |
| diff --git a/cloud/policy/resources/policy_templates.json b/cloud/policy/resources/policy_templates.json |
| index fe1c2c4e..cc13cbd8 100644 |
| --- a/cloud/policy/resources/policy_templates.json |
| +++ b/cloud/policy/resources/policy_templates.json |
| @@ -964,6 +964,7 @@ |
| 'DeviceAutoUpdateP2PEnabled', |
| 'DeviceAutoUpdateTimeRestrictions', |
| 'DeviceTargetVersionPrefix', |
| + 'DeviceTargetVersionSelector', |
| 'DeviceUpdateStagingSchedule', |
| 'DeviceUpdateScatterFactor', |
| 'DeviceUpdateAllowedConnectionTypes', |
| @@ -10599,6 +10600,35 @@ |
| |
| Warning: It is not recommended to configure version restrictions as they may prevent users from receiving software updates and critical security fixes. Restricting updates to a specific version prefix might leave users at risk.''', |
| }, |
| + { |
| + 'name': 'DeviceTargetVersionSelector', |
| + 'owners': ['vsavu@google.com', 'asumaneev@google.com', 'file://components/policy/resources/OWNERS'], |
| + 'type': 'string', |
| + 'schema': { 'type': 'string' }, |
| + 'supported_on': ['chrome_os:95-'], |
| + 'device_only': True, |
| + 'features': { |
| + 'dynamic_refresh': True, |
| + }, |
| + 'example_value': '0,1626155736-', |
| + 'id': 862, |
| + 'caption': '''Allow devices to select a specific version to update to''', |
| + 'tags': ['system-security'], |
| + 'desc': '''This setting allows devices to select a specific target version of <ph name="PRODUCT_OS_NAME">$2<ex>Google Chrome OS</ex></ph> they will update to. |
| + |
| + If not set, devices will update according to other settings or to the latest available version. |
| + |
| + If set, devices will update up to a selected version. |
| + |
| + The exact format of this policy value is an impelmentation details of the update service and may change. The policy value is not processed on the device. |
| + |
| + If used together with <ph name="DEVICE_TARGET_VERSION_PREFIX_POLICY_NAME">DeviceTargetVersionPrefix</ph>, this policy will be checked first by update service. |
| + Unlike <ph name="DEVICE_TARGET_VERSION_PREFIX_POLICY_NAME">DeviceTargetVersionPrefix</ph> (which may allow minor updates), devices will stay on the selected version until the value of this policy is changed. |
| + |
| + If used together with <ph name="DEVICE_ROLLBACK_TO_TARGET_VERSION_POLICY_NAME">DeviceRollbackToTargetVersion</ph>, device version can be reverted to a specific previous version. |
| + |
| + Warning: It is not recommended to configure version restrictions as they may prevent users from receiving software updates and critical security fixes. Restricting updates to a specific version might leave users at risk.''', |
| + }, |
| { |
| 'name': 'DeviceUpdateScatterFactor', |
| 'owners': ['file://components/policy/resources/OWNERS', 'emaxx@chromium.org'], |
| @@ -26346,6 +26376,7 @@ The recommended way to configure policy on Windows is via GPO, although provisio |
| 'DeviceChannelDowngradeBehavior': 'auto_update_settings.channel_downgrade_behavior', |
| 'DeviceAutoUpdateDisabled': 'auto_update_settings.update_disabled', |
| 'DeviceTargetVersionPrefix': 'auto_update_settings.target_version_prefix', |
| + 'DeviceTargetVersionSelector': 'auto_update_settings.target_version_selector', |
| 'DeviceRollbackToTargetVersion': 'auto_update_settings.rollback_to_target_version', |
| 'DeviceRollbackAllowedMilestones': 'auto_update_settings.rollback_allowed_milestones', |
| 'DeviceUpdateScatterFactor': 'auto_update_settings.scatter_factor_in_seconds', |
| @@ -26946,6 +26977,6 @@ The recommended way to configure policy on Windows is via GPO, although provisio |
| 'placeholders': [], |
| 'deleted_policy_ids': [114, 115, 204, 205, 206, 412, 476, 544, 546, 562, 569, 578, 583, 585, 586, 587, 588, 589, 590, 591, 600, 668, 669], |
| 'deleted_atomic_policy_group_ids': [19], |
| - 'highest_id_currently_used': 861, |
| + 'highest_id_currently_used': 862, |
| 'highest_atomic_group_id_currently_used': 40 |
| } |
| -- |
| 2.33.0.685.g46640cef36-goog |