Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add group policy for sync service URL #25498

Merged
merged 2 commits into from
Sep 14, 2024
Merged

Add group policy for sync service URL #25498

merged 2 commits into from
Sep 14, 2024

Conversation

bsclifton
Copy link
Member

@bsclifton bsclifton commented Sep 9, 2024
edited
Loading

Fixes brave/brave-browser#20431

Security review https://github.com/brave/reviews/issues/1744

Submitter Checklist:

  • I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
  • There is a ticket for my issue
  • Used GitHub auto-closing keywords in the PR description above
  • Wrote a good PR/commit description
  • Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
  • Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
  • Checked the PR locally:
    • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
    • npm run presubmit wiki, npm run gn_check, npm run tslint
  • Ran git rebase master (if needed)

Reviewer Checklist:

  • A security review is not needed, or a link to one is included in the PR description
  • New files have MPL-2.0 license header
  • Adequate test coverage exists to prevent regressions
  • Major classes, functions and non-trivial code blocks are well-commented
  • Changes in component dependencies are properly reflected in gn
  • Code follows the style guide
  • Test plan is specified in PR before merging

After-merge Checklist:

Test Plan:

Windows

Using regedit.exe

  1. Open regedit.exe
  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\
  3. Create the key (folders) BraveSoftware\Brave\ if they don't already exist
  4. Create a new string value (REG_SZ) with the name BraveSyncUrl and the value https://sync-v2.brave.com/v2.
  5. Load Brave; verify it shows under brave://policy/

Adding using a .reg file (also on Windows)

  1. Create a new empty file called sync-policy.reg
  2. Open it in Notepad and put this for the content:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\BraveSoftware\Brave]
"BraveSyncUrl"="https://sync-v2.brave.com/v2"
  1. Save the file and close it
  2. Double click the sync-policy.reg file to run it (you should get prompted)
  3. Load Brave; verify it shows under brave://policy/

macOS

You can set via the command line.

  • For Brave, you'd use a bundle ID of com.brave.Browser, com.brave.Browser.beta, or com.brave.Browser.nightly (depending on your channel.
  • The key name will be BraveSyncUrl
  • The value would be the sync server. For example, https://sync-v2.brave.com/v2

Steps for Release channel (change bundle ID for other channels)

  1. Run the following from command line:

    defaults write com.brave.Browser BraveSyncUrl -string https://sync-v2.brave.com/v2

  2. Load Brave; verify it shows under brave://policy/

Linux

You can set the options via /etc/brave/policies/managed

Basically, you will make a file with JSON matching the keys/values you'd like to set. Full overview here:
https://source.chromium.org/chromium/chromium/src/+/main:docs/website/site/administrators/linux-quick-start/index.md

Example of how to set the sync URL

  1. create a file

    vim /etc/brave/policies/managed/sync_url_policy.json

  2. paste in:

    {
    "BraveSyncUrl": "https://sync-v2.brave.com/v2"
}

  3. Save the file and exit (escape; :wq, enter)

  4. Load Brave; verify it shows under brave://policy/

  5. Delete the file after testing is complete

@bsclifton bsclifton self-assigned this Sep 9, 2024
@bsclifton bsclifton changed the title WIP: Add group policy for sync URL WIP: Add group policy for sync service URL Sep 9, 2024
@github-actions github-actions bot added the chromium-version-mismatch The Chromium version on the PR branch does not match the version on the target branch label Sep 12, 2024
fmarier
fmarier reviewed Sep 12, 2024
View reviewed changes
chromium_src/components/sync/service/sync_service_impl.cc Outdated
std::string value(prefs->GetString(brave_sync::kManagedBraveSyncUrl));
if (!value.empty()) {
GURL custom_sync_url(value);
if (custom_sync_url.is_valid()) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's make sure it's an HTTPS URL too.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed!

@github-actions github-actions bot removed the chromium-version-mismatch The Chromium version on the PR branch does not match the version on the target branch label Sep 13, 2024
@bsclifton bsclifton force-pushed the bsc-sync-gpo branch 4 times, most recently from 3cfde18 to e2594f7 Compare September 13, 2024 03:18
@bsclifton bsclifton changed the title WIP: Add group policy for sync service URL Add group policy for sync service URL Sep 13, 2024
@bsclifton bsclifton marked this pull request as ready for review September 13, 2024 08:05
@bsclifton bsclifton requested review from a team as code owners September 13, 2024 08:05
@bsclifton
Copy link
Member Author

bsclifton commented Sep 13, 2024
edited
Loading

OK pushed fixes - however, I am getting a presubmit error...

Update: SOLVED - was missing a , 😂

@github-actions GitHub Actions
Copy link
Contributor

The security team is monitoring all repositories for certain keywords. This PR includes the word(s) "policy" and so security team members have been added as reviewers to take a look.

No need to request a full security review at this stage, the security team will take a look shortly and either clear the label or request more information/changes.

Notifications have already been sent, but if this is blocking your merge feel free to reach out directly to the security team on Slack so that we can expedite this check.

goodov
goodov approved these changes Sep 13, 2024
View reviewed changes
chromium_src/components/sync/service/sync_service_impl.cc Outdated
// This has a higher priority than the --sync-url command-line param.
// https://github.com/brave/brave-browser/issues/20431
if (prefs) {
if (prefs->IsManagedPreference(brave_sync::kCustomSyncServiceUrl)) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

instead of 2 nested ifs:
if (prefs && prefs->IsManagedPreference(brave_sync::kCustomSyncServiceUrl) {

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed! 😄

@bsclifton bsclifton mentioned this pull request Sep 13, 2024
Closed
AlexeyBarabash
AlexeyBarabash reviewed Sep 13, 2024
View reviewed changes
chromium_src/components/sync/service/sync_service_impl.cc

#define SyncAuthManager BraveSyncAuthManager
#define SyncStoppedReporter BraveSyncStoppedReporter
#define GetSyncServiceURL(...) \
BraveGetSyncServiceURL(__VA_ARGS__, sync_client_->GetPrefService())
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks again for your help here! 😄

AlexeyBarabash
AlexeyBarabash approved these changes Sep 13, 2024
View reviewed changes
Copy link
Contributor

@AlexeyBarabash AlexeyBarabash left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good

@bsclifton
Copy link
Member Author

Updated to add test plan for Windows / macOS / Linux.

Trying to find an Android group policy example....

@bsclifton
Restricting group policy to Desktop
18cf485 
I can't find documentation about Android administration and the build
fails with sync url set. We need to find the Android equivalent of
`chromium_src/components/policy/tools/generate_policy_source.py`
@bsclifton bsclifton merged commit bbb1f49 into master Sep 14, 2024
17 checks passed
@bsclifton bsclifton deleted the bsc-sync-gpo branch September 14, 2024 00:25
@github-actions github-actions bot added this to the 1.72.x - Nightly milestone Sep 14, 2024
@bsclifton bsclifton mentioned this pull request Sep 25, 2024
Open
24 tasks
@bsclifton bsclifton mentioned this pull request Oct 14, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AlexeyBarabash AlexeyBarabash AlexeyBarabash approved these changes

@goodov goodov goodov approved these changes

@fmarier fmarier fmarier approved these changes

Assignees

@thypon thypon

@bsclifton bsclifton

Labels
needs-security-review
Projects
None yet
Milestone
1.73.x - Release
Development

Successfully merging this pull request may close these issues.

Group policy/settings: configuration for --sync-url= argument
5 participants
@bsclifton @fmarier @goodov @AlexeyBarabash @thypon