chromeos-base/protofiles/files/protofiles-add-device-target-version-selector-policy.patch - third_party/overlays/chromiumos-overlay - Git at Google

 This patch contains the device settings proto changes that were introduced in
 the chromium repo per crrev.com/c/3074788. We unfortunately can't roll
 protofiles right now because of CQ failures (see crbug.com/1254434). This patch
 is a temporary stop gap solution to allow work that depends on the proto changes
 to land. Once protofiles can be properly upreved again, the patch is no longer
 needed and should be dropped.

 diff --git a/cloud/policy/proto/chrome_device_policy.proto b/cloud/policy/proto/chrome_device_policy.proto
 index 48281ad3..f88b8ae9 100644
 --- a/cloud/policy/proto/chrome_device_policy.proto
 +++ b/cloud/policy/proto/chrome_device_policy.proto
 @@ -348,6 +348,11 @@ message AutoUpdateSettingsProto {
    // Specifies what should happen if the device channel is downgraded.
    optional ChannelDowngradeBehavior channel_downgrade_behavior = 16
        [default = WAIT_FOR_VERSION_CATCH_UP];
 +
 +  // |target_version_selector| is forwarded as the "targetversionselector"
 +  // attribute to Omaha and is used by it if for minor version pinning. The
 +  // field is not and shall not be processed by the client.
 +  optional string target_version_selector = 17;
  }

  message OBSOLETE_StartUpUrlsProto {
 diff --git a/cloud/policy/resources/policy_templates.json b/cloud/policy/resources/policy_templates.json
 index fe1c2c4e..cc13cbd8 100644
 --- a/cloud/policy/resources/policy_templates.json
 +++ b/cloud/policy/resources/policy_templates.json
 @@ -964,6 +964,7 @@
          'DeviceAutoUpdateP2PEnabled',
          'DeviceAutoUpdateTimeRestrictions',
          'DeviceTargetVersionPrefix',
 +        'DeviceTargetVersionSelector',
          'DeviceUpdateStagingSchedule',
          'DeviceUpdateScatterFactor',
          'DeviceUpdateAllowedConnectionTypes',
 @@ -10599,6 +10600,35 @@

        Warning: It is not recommended to configure version restrictions as they may prevent users from receiving software updates and critical security fixes. Restricting updates to a specific version prefix might leave users at risk.''',
      },
 +    {
 +      'name': 'DeviceTargetVersionSelector',
 +      'owners': ['vsavu@google.com', 'asumaneev@google.com', 'file://components/policy/resources/OWNERS'],
 +      'type': 'string',
 +      'schema': { 'type': 'string' },
 +      'supported_on': ['chrome_os:95-'],
 +      'device_only': True,
 +      'features': {
 +        'dynamic_refresh': True,
 +      },
 +      'example_value': '0,1626155736-',
 +      'id': 862,
 +      'caption': '''Allow devices to select a specific version to update to''',
 +      'tags': ['system-security'],
 +      'desc': '''This setting allows devices to select a specific target version of <ph name="PRODUCT_OS_NAME">$2<ex>Google Chrome OS</ex></ph> they will update to.
 +
 +      If not set, devices will update according to other settings or to the latest available version.
 +
 +      If set, devices will update up to a selected version.
 +
 +      The exact format of this policy value is an impelmentation details of the update service and may change. The policy value is not processed on the device.
 +
 +      If used together with <ph name="DEVICE_TARGET_VERSION_PREFIX_POLICY_NAME">DeviceTargetVersionPrefix</ph>, this policy will be checked first by update service.
 +      Unlike <ph name="DEVICE_TARGET_VERSION_PREFIX_POLICY_NAME">DeviceTargetVersionPrefix</ph> (which may allow minor updates), devices will stay on the selected version until the value of this policy is changed.
 +
 +      If used together with <ph name="DEVICE_ROLLBACK_TO_TARGET_VERSION_POLICY_NAME">DeviceRollbackToTargetVersion</ph>, device version can be reverted to a specific previous version.
 +
 +      Warning: It is not recommended to configure version restrictions as they may prevent users from receiving software updates and critical security fixes. Restricting updates to a specific version might leave users at risk.''',
 +    },
      {
        'name': 'DeviceUpdateScatterFactor',
        'owners': ['file://components/policy/resources/OWNERS', 'emaxx@chromium.org'],
 @@ -26346,6 +26376,7 @@ The recommended way to configure policy on Windows is via GPO, although provisio
      'DeviceChannelDowngradeBehavior': 'auto_update_settings.channel_downgrade_behavior',
      'DeviceAutoUpdateDisabled': 'auto_update_settings.update_disabled',
      'DeviceTargetVersionPrefix': 'auto_update_settings.target_version_prefix',
 +    'DeviceTargetVersionSelector': 'auto_update_settings.target_version_selector',
      'DeviceRollbackToTargetVersion': 'auto_update_settings.rollback_to_target_version',
      'DeviceRollbackAllowedMilestones': 'auto_update_settings.rollback_allowed_milestones',
      'DeviceUpdateScatterFactor': 'auto_update_settings.scatter_factor_in_seconds',
 @@ -26946,6 +26977,6 @@ The recommended way to configure policy on Windows is via GPO, although provisio
    'placeholders': [],
    'deleted_policy_ids': [114, 115, 204, 205, 206, 412, 476, 544, 546, 562, 569, 578, 583, 585, 586, 587, 588, 589, 590, 591, 600, 668, 669],
    'deleted_atomic_policy_group_ids': [19],
 -  'highest_id_currently_used': 861,
 +  'highest_id_currently_used': 862,
    'highest_atomic_group_id_currently_used': 40
  }
 --
 2.33.0.685.g46640cef36-goog
	This patch contains the device settings proto changes that were introduced in
	the chromium repo per crrev.com/c/3074788. We unfortunately can't roll
	protofiles right now because of CQ failures (see crbug.com/1254434). This patch
	is a temporary stop gap solution to allow work that depends on the proto changes
	to land. Once protofiles can be properly upreved again, the patch is no longer
	needed and should be dropped.

	diff --git a/cloud/policy/proto/chrome_device_policy.proto b/cloud/policy/proto/chrome_device_policy.proto
	index 48281ad3..f88b8ae9 100644
	--- a/cloud/policy/proto/chrome_device_policy.proto
	+++ b/cloud/policy/proto/chrome_device_policy.proto
	@@ -348,6 +348,11 @@ message AutoUpdateSettingsProto {
	// Specifies what should happen if the device channel is downgraded.
	optional ChannelDowngradeBehavior channel_downgrade_behavior = 16
	[default = WAIT_FOR_VERSION_CATCH_UP];
	+
	+ // \|target_version_selector\| is forwarded as the "targetversionselector"
	+ // attribute to Omaha and is used by it if for minor version pinning. The
	+ // field is not and shall not be processed by the client.
	+ optional string target_version_selector = 17;
	}

	message OBSOLETE_StartUpUrlsProto {
	diff --git a/cloud/policy/resources/policy_templates.json b/cloud/policy/resources/policy_templates.json
	index fe1c2c4e..cc13cbd8 100644
	--- a/cloud/policy/resources/policy_templates.json
	+++ b/cloud/policy/resources/policy_templates.json
	@@ -964,6 +964,7 @@
	'DeviceAutoUpdateP2PEnabled',
	'DeviceAutoUpdateTimeRestrictions',
	'DeviceTargetVersionPrefix',
	+ 'DeviceTargetVersionSelector',
	'DeviceUpdateStagingSchedule',
	'DeviceUpdateScatterFactor',
	'DeviceUpdateAllowedConnectionTypes',
	@@ -10599,6 +10600,35 @@

	Warning: It is not recommended to configure version restrictions as they may prevent users from receiving software updates and critical security fixes. Restricting updates to a specific version prefix might leave users at risk.''',
	},
	+ {
	+ 'name': 'DeviceTargetVersionSelector',
	+ 'owners': ['vsavu@google.com', 'asumaneev@google.com', 'file://components/policy/resources/OWNERS'],
	+ 'type': 'string',
	+ 'schema': { 'type': 'string' },
	+ 'supported_on': ['chrome_os:95-'],
	+ 'device_only': True,
	+ 'features': {
	+ 'dynamic_refresh': True,
	+ },
	+ 'example_value': '0,1626155736-',
	+ 'id': 862,
	+ 'caption': '''Allow devices to select a specific version to update to''',
	+ 'tags': ['system-security'],
	+ 'desc': '''This setting allows devices to select a specific target version of <ph name="PRODUCT_OS_NAME">$2<ex>Google Chrome OS</ex></ph> they will update to.
	+
	+ If not set, devices will update according to other settings or to the latest available version.
	+
	+ If set, devices will update up to a selected version.
	+
	+ The exact format of this policy value is an impelmentation details of the update service and may change. The policy value is not processed on the device.
	+
	+ If used together with <ph name="DEVICE_TARGET_VERSION_PREFIX_POLICY_NAME">DeviceTargetVersionPrefix</ph>, this policy will be checked first by update service.
	+ Unlike <ph name="DEVICE_TARGET_VERSION_PREFIX_POLICY_NAME">DeviceTargetVersionPrefix</ph> (which may allow minor updates), devices will stay on the selected version until the value of this policy is changed.
	+
	+ If used together with <ph name="DEVICE_ROLLBACK_TO_TARGET_VERSION_POLICY_NAME">DeviceRollbackToTargetVersion</ph>, device version can be reverted to a specific previous version.
	+
	+ Warning: It is not recommended to configure version restrictions as they may prevent users from receiving software updates and critical security fixes. Restricting updates to a specific version might leave users at risk.''',
	+ },
	{
	'name': 'DeviceUpdateScatterFactor',
	'owners': ['file://components/policy/resources/OWNERS', 'emaxx@chromium.org'],
	@@ -26346,6 +26376,7 @@ The recommended way to configure policy on Windows is via GPO, although provisio
	'DeviceChannelDowngradeBehavior': 'auto_update_settings.channel_downgrade_behavior',
	'DeviceAutoUpdateDisabled': 'auto_update_settings.update_disabled',
	'DeviceTargetVersionPrefix': 'auto_update_settings.target_version_prefix',
	+ 'DeviceTargetVersionSelector': 'auto_update_settings.target_version_selector',
	'DeviceRollbackToTargetVersion': 'auto_update_settings.rollback_to_target_version',
	'DeviceRollbackAllowedMilestones': 'auto_update_settings.rollback_allowed_milestones',
	'DeviceUpdateScatterFactor': 'auto_update_settings.scatter_factor_in_seconds',
	@@ -26946,6 +26977,6 @@ The recommended way to configure policy on Windows is via GPO, although provisio
	'placeholders': [],
	'deleted_policy_ids': [114, 115, 204, 205, 206, 412, 476, 544, 546, 562, 569, 578, 583, 585, 586, 587, 588, 589, 590, 591, 600, 668, 669],
	'deleted_atomic_policy_group_ids': [19],
	- 'highest_id_currently_used': 861,
	+ 'highest_id_currently_used': 862,
	'highest_atomic_group_id_currently_used': 40
	}
	--
	2.33.0.685.g46640cef36-goog