From 46ceaa53b2eee0264d5afb995859c5ce2060731b Mon Sep 17 00:00:00 2001 From: Rafael Garcia Date: Sat, 21 Feb 2026 10:14:39 -0500 Subject: [PATCH 1/4] feat: add PATCH /chromium/policies endpoint for custom enterprise policy overrides Allow users to override Chromium enterprise policies (e.g. DefaultCookiesSetting, BlockThirdPartyCookies) via a new API endpoint. Overrides are validated against a registry of known policy types, with a blocklist preventing changes to policies managed by kernel infrastructure (extensions, proxy, CDP/automation). Also refactors policy.go to use a single Policy.Modify(fn) entry point for all locked read-modify-write cycles, replacing the previous pattern where AddExtension and ApplyOverrides each had their own locking logic. Co-authored-by: Cursor --- server/cmd/api/api/chromium.go | 34 ++ server/lib/oapi/oapi.go | 528 ++++++++++++++++++++-------- server/lib/policy/overrides.go | 346 ++++++++++++++++++ server/lib/policy/overrides_test.go | 206 +++++++++++ server/lib/policy/policy.go | 131 +++---- server/openapi.yaml | 37 ++ 6 files changed, 1070 insertions(+), 212 deletions(-) create mode 100644 server/lib/policy/overrides.go create mode 100644 server/lib/policy/overrides_test.go diff --git a/server/cmd/api/api/chromium.go b/server/cmd/api/api/chromium.go index 4b095fd6..73b0c1ed 100644 --- a/server/cmd/api/api/chromium.go +++ b/server/cmd/api/api/chromium.go @@ -370,6 +370,40 @@ func (s *ApiService) restartChromiumAndWait(ctx context.Context, operation strin } } +// PatchChromiumPolicies applies user-provided Chromium enterprise policy overrides +// to policy.json, restarts Chromium, and waits for DevTools to be ready. +func (s *ApiService) PatchChromiumPolicies(ctx context.Context, request oapi.PatchChromiumPoliciesRequestObject) (oapi.PatchChromiumPoliciesResponseObject, error) { + log := logger.FromContext(ctx) + start := time.Now() + log.Info("patch chromium policies: begin") + + if request.Body == nil || len(*request.Body) == 0 { + return oapi.PatchChromiumPolicies400JSONResponse{BadRequestErrorJSONResponse: oapi.BadRequestErrorJSONResponse{Message: "request body required with at least one policy"}}, nil + } + + overrides, err := policy.NewChromiumPolicyOverrides(map[string]interface{}(*request.Body)) + if err != nil { + return oapi.PatchChromiumPolicies400JSONResponse{BadRequestErrorJSONResponse: oapi.BadRequestErrorJSONResponse{Message: err.Error()}}, nil + } + + if err := s.policy.ApplyOverrides(overrides); err != nil { + if strings.Contains(err.Error(), "invalid chromium policy overrides") || strings.Contains(err.Error(), "cannot be overridden") { + return oapi.PatchChromiumPolicies400JSONResponse{BadRequestErrorJSONResponse: oapi.BadRequestErrorJSONResponse{Message: err.Error()}}, nil + } + log.Error("failed to apply policy overrides", "error", err) + return oapi.PatchChromiumPolicies500JSONResponse{InternalErrorJSONResponse: oapi.InternalErrorJSONResponse{Message: err.Error()}}, nil + } + + log.Info("policy overrides applied, restarting chromium") + + if err := s.restartChromiumAndWait(ctx, "policy update"); err != nil { + return oapi.PatchChromiumPolicies500JSONResponse{InternalErrorJSONResponse: oapi.InternalErrorJSONResponse{Message: err.Error()}}, nil + } + + log.Info("devtools ready after policy update", "elapsed", time.Since(start).String()) + return oapi.PatchChromiumPolicies200Response{}, nil +} + // PatchChromiumFlags handles updating Chromium launch flags at runtime. // It merges the provided flags with existing flags in /chromium/flags, writes the updated // flags file, restarts Chromium via supervisord, and waits until DevTools is ready. diff --git a/server/lib/oapi/oapi.go b/server/lib/oapi/oapi.go index d4d2712b..a48a3757 100644 --- a/server/lib/oapi/oapi.go +++ b/server/lib/oapi/oapi.go @@ -671,6 +671,9 @@ type PatchChromiumFlagsJSONBody struct { Flags []string `json:"flags"` } +// PatchChromiumPoliciesJSONBody defines parameters for PatchChromiumPolicies. +type PatchChromiumPoliciesJSONBody map[string]interface{} + // UploadExtensionsAndRestartMultipartBody defines parameters for UploadExtensionsAndRestart. type UploadExtensionsAndRestartMultipartBody struct { // Extensions List of extensions to upload and activate @@ -784,6 +787,9 @@ type DownloadRecordingParams struct { // PatchChromiumFlagsJSONRequestBody defines body for PatchChromiumFlags for application/json ContentType. type PatchChromiumFlagsJSONRequestBody PatchChromiumFlagsJSONBody +// PatchChromiumPoliciesJSONRequestBody defines body for PatchChromiumPolicies for application/json ContentType. +type PatchChromiumPoliciesJSONRequestBody PatchChromiumPoliciesJSONBody + // UploadExtensionsAndRestartMultipartRequestBody defines body for UploadExtensionsAndRestart for multipart/form-data ContentType. type UploadExtensionsAndRestartMultipartRequestBody UploadExtensionsAndRestartMultipartBody @@ -949,6 +955,11 @@ type ClientInterface interface { PatchChromiumFlags(ctx context.Context, body PatchChromiumFlagsJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) + // PatchChromiumPoliciesWithBody request with any body + PatchChromiumPoliciesWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) + + PatchChromiumPolicies(ctx context.Context, body PatchChromiumPoliciesJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) + // UploadExtensionsAndRestartWithBody request with any body UploadExtensionsAndRestartWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) @@ -1153,6 +1164,30 @@ func (c *Client) PatchChromiumFlags(ctx context.Context, body PatchChromiumFlags return c.Client.Do(req) } +func (c *Client) PatchChromiumPoliciesWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewPatchChromiumPoliciesRequestWithBody(c.Server, contentType, body) + if err != nil { + return nil, err + } + req = req.WithContext(ctx) + if err := c.applyEditors(ctx, req, reqEditors); err != nil { + return nil, err + } + return c.Client.Do(req) +} + +func (c *Client) PatchChromiumPolicies(ctx context.Context, body PatchChromiumPoliciesJSONRequestBody, reqEditors ...RequestEditorFn) (*http.Response, error) { + req, err := NewPatchChromiumPoliciesRequest(c.Server, body) + if err != nil { + return nil, err + } + req = req.WithContext(ctx) + if err := c.applyEditors(ctx, req, reqEditors); err != nil { + return nil, err + } + return c.Client.Do(req) +} + func (c *Client) UploadExtensionsAndRestartWithBody(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*http.Response, error) { req, err := NewUploadExtensionsAndRestartRequestWithBody(c.Server, contentType, body) if err != nil { @@ -2009,6 +2044,46 @@ func NewPatchChromiumFlagsRequestWithBody(server string, contentType string, bod return req, nil } +// NewPatchChromiumPoliciesRequest calls the generic PatchChromiumPolicies builder with application/json body +func NewPatchChromiumPoliciesRequest(server string, body PatchChromiumPoliciesJSONRequestBody) (*http.Request, error) { + var bodyReader io.Reader + buf, err := json.Marshal(body) + if err != nil { + return nil, err + } + bodyReader = bytes.NewReader(buf) + return NewPatchChromiumPoliciesRequestWithBody(server, "application/json", bodyReader) +} + +// NewPatchChromiumPoliciesRequestWithBody generates requests for PatchChromiumPolicies with any type of body +func NewPatchChromiumPoliciesRequestWithBody(server string, contentType string, body io.Reader) (*http.Request, error) { + var err error + + serverURL, err := url.Parse(server) + if err != nil { + return nil, err + } + + operationPath := fmt.Sprintf("/chromium/policies") + if operationPath[0] == '/' { + operationPath = "." + operationPath + } + + queryURL, err := serverURL.Parse(operationPath) + if err != nil { + return nil, err + } + + req, err := http.NewRequest("PATCH", queryURL.String(), body) + if err != nil { + return nil, err + } + + req.Header.Add("Content-Type", contentType) + + return req, nil +} + // NewUploadExtensionsAndRestartRequestWithBody generates requests for UploadExtensionsAndRestart with any type of body func NewUploadExtensionsAndRestartRequestWithBody(server string, contentType string, body io.Reader) (*http.Request, error) { var err error @@ -3830,6 +3905,11 @@ type ClientWithResponsesInterface interface { PatchChromiumFlagsWithResponse(ctx context.Context, body PatchChromiumFlagsJSONRequestBody, reqEditors ...RequestEditorFn) (*PatchChromiumFlagsResponse, error) + // PatchChromiumPoliciesWithBodyWithResponse request with any body + PatchChromiumPoliciesWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*PatchChromiumPoliciesResponse, error) + + PatchChromiumPoliciesWithResponse(ctx context.Context, body PatchChromiumPoliciesJSONRequestBody, reqEditors ...RequestEditorFn) (*PatchChromiumPoliciesResponse, error) + // UploadExtensionsAndRestartWithBodyWithResponse request with any body UploadExtensionsAndRestartWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*UploadExtensionsAndRestartResponse, error) @@ -4033,6 +4113,29 @@ func (r PatchChromiumFlagsResponse) StatusCode() int { return 0 } +type PatchChromiumPoliciesResponse struct { + Body []byte + HTTPResponse *http.Response + JSON400 *BadRequestError + JSON500 *InternalError +} + +// Status returns HTTPResponse.Status +func (r PatchChromiumPoliciesResponse) Status() string { + if r.HTTPResponse != nil { + return r.HTTPResponse.Status + } + return http.StatusText(0) +} + +// StatusCode returns HTTPResponse.StatusCode +func (r PatchChromiumPoliciesResponse) StatusCode() int { + if r.HTTPResponse != nil { + return r.HTTPResponse.StatusCode + } + return 0 +} + type UploadExtensionsAndRestartResponse struct { Body []byte HTTPResponse *http.Response @@ -5078,6 +5181,23 @@ func (c *ClientWithResponses) PatchChromiumFlagsWithResponse(ctx context.Context return ParsePatchChromiumFlagsResponse(rsp) } +// PatchChromiumPoliciesWithBodyWithResponse request with arbitrary body returning *PatchChromiumPoliciesResponse +func (c *ClientWithResponses) PatchChromiumPoliciesWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*PatchChromiumPoliciesResponse, error) { + rsp, err := c.PatchChromiumPoliciesWithBody(ctx, contentType, body, reqEditors...) + if err != nil { + return nil, err + } + return ParsePatchChromiumPoliciesResponse(rsp) +} + +func (c *ClientWithResponses) PatchChromiumPoliciesWithResponse(ctx context.Context, body PatchChromiumPoliciesJSONRequestBody, reqEditors ...RequestEditorFn) (*PatchChromiumPoliciesResponse, error) { + rsp, err := c.PatchChromiumPolicies(ctx, body, reqEditors...) + if err != nil { + return nil, err + } + return ParsePatchChromiumPoliciesResponse(rsp) +} + // UploadExtensionsAndRestartWithBodyWithResponse request with arbitrary body returning *UploadExtensionsAndRestartResponse func (c *ClientWithResponses) UploadExtensionsAndRestartWithBodyWithResponse(ctx context.Context, contentType string, body io.Reader, reqEditors ...RequestEditorFn) (*UploadExtensionsAndRestartResponse, error) { rsp, err := c.UploadExtensionsAndRestartWithBody(ctx, contentType, body, reqEditors...) @@ -5698,6 +5818,39 @@ func ParsePatchChromiumFlagsResponse(rsp *http.Response) (*PatchChromiumFlagsRes return response, nil } +// ParsePatchChromiumPoliciesResponse parses an HTTP response from a PatchChromiumPoliciesWithResponse call +func ParsePatchChromiumPoliciesResponse(rsp *http.Response) (*PatchChromiumPoliciesResponse, error) { + bodyBytes, err := io.ReadAll(rsp.Body) + defer func() { _ = rsp.Body.Close() }() + if err != nil { + return nil, err + } + + response := &PatchChromiumPoliciesResponse{ + Body: bodyBytes, + HTTPResponse: rsp, + } + + switch { + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 400: + var dest BadRequestError + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON400 = &dest + + case strings.Contains(rsp.Header.Get("Content-Type"), "json") && rsp.StatusCode == 500: + var dest InternalError + if err := json.Unmarshal(bodyBytes, &dest); err != nil { + return nil, err + } + response.JSON500 = &dest + + } + + return response, nil +} + // ParseUploadExtensionsAndRestartResponse parses an HTTP response from a UploadExtensionsAndRestartWithResponse call func ParseUploadExtensionsAndRestartResponse(rsp *http.Response) (*UploadExtensionsAndRestartResponse, error) { bodyBytes, err := io.ReadAll(rsp.Body) @@ -7374,6 +7527,9 @@ type ServerInterface interface { // Update Chromium launch flags and restart // (PATCH /chromium/flags) PatchChromiumFlags(w http.ResponseWriter, r *http.Request) + // Update Chromium enterprise policies and restart + // (PATCH /chromium/policies) + PatchChromiumPolicies(w http.ResponseWriter, r *http.Request) // Upload one or more unpacked extensions (as zips) and restart Chromium // (POST /chromium/upload-extensions-and-restart) UploadExtensionsAndRestart(w http.ResponseWriter, r *http.Request) @@ -7515,6 +7671,12 @@ func (_ Unimplemented) PatchChromiumFlags(w http.ResponseWriter, r *http.Request w.WriteHeader(http.StatusNotImplemented) } +// Update Chromium enterprise policies and restart +// (PATCH /chromium/policies) +func (_ Unimplemented) PatchChromiumPolicies(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(http.StatusNotImplemented) +} + // Upload one or more unpacked extensions (as zips) and restart Chromium // (POST /chromium/upload-extensions-and-restart) func (_ Unimplemented) UploadExtensionsAndRestart(w http.ResponseWriter, r *http.Request) { @@ -7796,6 +7958,20 @@ func (siw *ServerInterfaceWrapper) PatchChromiumFlags(w http.ResponseWriter, r * handler.ServeHTTP(w, r) } +// PatchChromiumPolicies operation middleware +func (siw *ServerInterfaceWrapper) PatchChromiumPolicies(w http.ResponseWriter, r *http.Request) { + + handler := http.Handler(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + siw.Handler.PatchChromiumPolicies(w, r) + })) + + for _, middleware := range siw.HandlerMiddlewares { + handler = middleware(handler) + } + + handler.ServeHTTP(w, r) +} + // UploadExtensionsAndRestart operation middleware func (siw *ServerInterfaceWrapper) UploadExtensionsAndRestart(w http.ResponseWriter, r *http.Request) { @@ -8784,6 +8960,9 @@ func HandlerWithOptions(si ServerInterface, options ChiServerOptions) http.Handl r.Group(func(r chi.Router) { r.Patch(options.BaseURL+"/chromium/flags", wrapper.PatchChromiumFlags) }) + r.Group(func(r chi.Router) { + r.Patch(options.BaseURL+"/chromium/policies", wrapper.PatchChromiumPolicies) + }) r.Group(func(r chi.Router) { r.Post(options.BaseURL+"/chromium/upload-extensions-and-restart", wrapper.UploadExtensionsAndRestart) }) @@ -8959,6 +9138,40 @@ func (response PatchChromiumFlags500JSONResponse) VisitPatchChromiumFlagsRespons return json.NewEncoder(w).Encode(response) } +type PatchChromiumPoliciesRequestObject struct { + Body *PatchChromiumPoliciesJSONRequestBody +} + +type PatchChromiumPoliciesResponseObject interface { + VisitPatchChromiumPoliciesResponse(w http.ResponseWriter) error +} + +type PatchChromiumPolicies200Response struct { +} + +func (response PatchChromiumPolicies200Response) VisitPatchChromiumPoliciesResponse(w http.ResponseWriter) error { + w.WriteHeader(200) + return nil +} + +type PatchChromiumPolicies400JSONResponse struct{ BadRequestErrorJSONResponse } + +func (response PatchChromiumPolicies400JSONResponse) VisitPatchChromiumPoliciesResponse(w http.ResponseWriter) error { + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(400) + + return json.NewEncoder(w).Encode(response) +} + +type PatchChromiumPolicies500JSONResponse struct{ InternalErrorJSONResponse } + +func (response PatchChromiumPolicies500JSONResponse) VisitPatchChromiumPoliciesResponse(w http.ResponseWriter) error { + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(500) + + return json.NewEncoder(w).Encode(response) +} + type UploadExtensionsAndRestartRequestObject struct { Body *multipart.Reader } @@ -10837,6 +11050,9 @@ type StrictServerInterface interface { // Update Chromium launch flags and restart // (PATCH /chromium/flags) PatchChromiumFlags(ctx context.Context, request PatchChromiumFlagsRequestObject) (PatchChromiumFlagsResponseObject, error) + // Update Chromium enterprise policies and restart + // (PATCH /chromium/policies) + PatchChromiumPolicies(ctx context.Context, request PatchChromiumPoliciesRequestObject) (PatchChromiumPoliciesResponseObject, error) // Upload one or more unpacked extensions (as zips) and restart Chromium // (POST /chromium/upload-extensions-and-restart) UploadExtensionsAndRestart(ctx context.Context, request UploadExtensionsAndRestartRequestObject) (UploadExtensionsAndRestartResponseObject, error) @@ -11028,6 +11244,37 @@ func (sh *strictHandler) PatchChromiumFlags(w http.ResponseWriter, r *http.Reque } } +// PatchChromiumPolicies operation middleware +func (sh *strictHandler) PatchChromiumPolicies(w http.ResponseWriter, r *http.Request) { + var request PatchChromiumPoliciesRequestObject + + var body PatchChromiumPoliciesJSONRequestBody + if err := json.NewDecoder(r.Body).Decode(&body); err != nil { + sh.options.RequestErrorHandlerFunc(w, r, fmt.Errorf("can't decode JSON body: %w", err)) + return + } + request.Body = &body + + handler := func(ctx context.Context, w http.ResponseWriter, r *http.Request, request interface{}) (interface{}, error) { + return sh.ssi.PatchChromiumPolicies(ctx, request.(PatchChromiumPoliciesRequestObject)) + } + for _, middleware := range sh.middlewares { + handler = middleware(handler, "PatchChromiumPolicies") + } + + response, err := handler(r.Context(), w, r, request) + + if err != nil { + sh.options.ResponseErrorHandlerFunc(w, r, err) + } else if validResponse, ok := response.(PatchChromiumPoliciesResponseObject); ok { + if err := validResponse.VisitPatchChromiumPoliciesResponse(w); err != nil { + sh.options.ResponseErrorHandlerFunc(w, r, err) + } + } else if response != nil { + sh.options.ResponseErrorHandlerFunc(w, r, fmt.Errorf("unexpected response type: %T", response)) + } +} + // UploadExtensionsAndRestart operation middleware func (sh *strictHandler) UploadExtensionsAndRestart(w http.ResponseWriter, r *http.Request) { var request UploadExtensionsAndRestartRequestObject @@ -12298,144 +12545,149 @@ func (sh *strictHandler) StopRecording(w http.ResponseWriter, r *http.Request) { // Base64 encoded, gzipped, json marshaled Swagger object var swaggerSpec = []string{ - "H4sIAAAAAAAC/+x9eXMbN/bgV0H1TpWtHV7ykdl4/lJsOdEmTlSWsplJ6OWA3Y8kfuoGegA0Jdrl+exb", - "eEDfaDZJSZaV/VWlYorE/Q68G5+CUCSp4MC1Cl59CiSoVHAF+Md3NHoP/85A6VMphTRfhYJr4Np8pGka", - "s5BqJvj4v5Tg5jsVriCh5tNfJCyCV8H/GJfjj+2vamxH+/z58yCIQIWSpWaQ4JWZkLgZg8+D4LXgi5iF", - "X2r2fDoz9RnXIDmNv9DU+XTkAuQaJHENB8HPQr8VGY++0Dp+FprgfIH5zTW3qKDD1WuRpJkGeRKa5jmg", - "zEqiiJmvaHwuRQpSM4NACxoraM5wQuZmKCIWJHTDEYrjKaIFgRsIMw1EmcG5ZjSON6NgEKSVcT8FroP5", - "WB/9FxmBhIjETGkzRXvkETnFD0xworRIFRGc6BWQBZNKEzAnYyZkGhLVd471AzHwShg/sz2PB4HepBC8", - "CqiUdIMHKuHfGZMQBa/+KPbwoWgn5v8FFvtexyy8eicyBbsecv185pnWFh/qx4NDEvurORNm0I6Gmlwz", - "vQoGAfAsMWuLYaGDQSDZcmX+TVgUxRAMgjkNr4JBsBDymsqosnSlJeNLs/TQLH1mv25Of7lJAQFv2jjY", - "VGaNxLX5M0sDN4x3gpWIo9kVbJRvexFbMJDE/Gz2Z9qSKDNdEcZ21ApwW6PXQTYIeJbMsJebbkGzWCNw", - "G4STJXOQZnOaJYCTS0iB6tq8bnRz7EtA+r5p7+IfJBRCRoxTjadVDEBSoZg7s/ZIm/ZI/zxkpAaa3gRm", - "aC+S1pF/XzagGF/G0GQCVR5AFUmptHRsucaIXK6A/Mss5V9kwSCOiIIYQq3I9YqFqykvR0lBLoRMBoTy", - "yO5cSHu7RQYdbG/DTSkzDGIF+QpSKmkCGqQaTfnpDQ11vCGCF7/bnolZT45XZkEkyZQmcyCpFGsWQTSa", - "8hbjstSRGDLs5S0tHmC4taTL3bq/kXTZ7J2INezW+51YQ7N3KkEpQ3l9nc9Nwx9hU+mrQiniuK/jBbaq", - "dgM9CzOp7NW3tSvo19iw2jsGSHs7mkYl/+5gXDmMiyulgmGjCgurwrd23nbkmYYbHVSPsjiaGmxrO883", - "4mOG5aA92zSs9xJudHE8DTLHkb1ULoFqeMMkhFrIzWH3USIiz6n+ktruJMpHJ6YheSpCTWNidzkgMFqO", - "yN9evjwakTeW/yJ7/dvLlygYUG1Ep+BV8H//mAz/9uHT88GLz38JPGeVUr1qL+JkrkRsuE25CNPQzBDi", - "1huTjEf/sz144zBxJt9hvoEYNJxTvTrsHHu2kC88wmnufuHvIcTrZHnY6lnUXvtZZKQ8vLTdBSXzSSo7", - "ISdxuqI8S0CykAhJVpt0BbwJfzr8eDL8fTL8dvjhr3/xbra9MabSmG6M6M+We+5nBSgftfb0OpMSuCaR", - "HZvYdoRxkrIbiJX3+pawkKBWM0k19A/pWhPT2gz8w0fyNKEbc/3wLI4JWxAuNIlAQ6jpPIYj76TXLPIh", - "VHM2bLZ1/d6jbd5A9yPDGrbZIb8WcqsVZH0MNIKYbmqi3aQpqrwxTczuExbHTEEoeKTIHPQ1AM8XYmRX", - "lDSUplI77DX8n9BYOCnBUNcIl8VZYhY68cHkNvKtOYu9xFs/Q2lqUX/cDMjmQ1WYTCmTqtiiXkmRLVdG", - "BovtIpaML0fknZGInIhFqCYxUKXJM5IKxrWqaVnNJVcOJKE3TqV6VtWvnrV3s/VHpSGdIbhnSV2Yf7kn", - "yCXEVLM1EDOkauyaPDWEZ4DBODP6K8E5j/oBj6PNUpAzBcvE6filxjHpVjmKBSE07KpSkMSNYzZS4B95", - "ZxdBjmsrOu5VBDrvhsI00bjzQSm6BA8aNgbOG3rHtqrAeUw310jEhxkdXK+qclEOSUIjnbQkda/IYsSo", - "C/x7/L/pmtqPOEDNxHCJ6kYEZEUVoWEIConlSUqX8GRAnqAR50Y/scrJk7kU1wrkE7Kmkhlu7TSPJI3h", - "FZkG9JoyTUzn0VJo8fTJSutUvRqPwbYZhSJ5cvR3IkFnkpNKc810DE+P/j4NptwnExllVWR6piCsYds3", - "LWx7R28QbaCwnpi+BrUceRTSGWGKfDNB7LJ9glfPJ5O9cA0Pf0d8ULjgPdHBdDKU08CCcnctfIAcy+tD", - "IfITh8Lm2i3PZ0FZDJHv1GWx6LaasaZxBg6SEJH5xumuRi5mC0L55sgyiwikZz0XmvKIysgasshCigQH", - "qG6stR6lI5HpLYOJTKeZ3nW0DBG+PdxvK9ArkOWGHL1ExHVZZHG8KYecCxED5S3syCfwIchbFsMZX4g2", - "P2JqFjG5fVUoQDNFaKkNjDzrMZpdNDP43x7uJ3PFJXhRW9Ms0snIWs0SqoNXQUQ1DLG35/T8qpLZllWO", - "5kwr8tToRAMyDSJ5fSOH5r9pYOTiaTCU10M5NP9Ng6ORbwZOfev+jiog5qdcDl+YKYX0nsTOSlUu8rSR", - "hH2E2XyjwYMnF+wjMhb8eUQmZFFZBgM16rda4R7d6mqTDXI8qMDQHXoXOl1slIbkdF3cyE3AKGxAwhXl", - "SyBgGrZN1rugH10sIDT0sDMeHgrLYqpDgboflvitKnikaFepmlBevz89uTwNBsFv78/w3zenP53ih/en", - "P5+8O/WI8T5bxqBbYPmJKY1w8+zRSItmb+0TY9wSsCFp4DpHxJ38BAVX8ojgP4llB26dkFgsca5NyXor", - "Tp82klVkrgZXEsvikjKSx6hLGFCaJqnnZjJ3vZm+XNE1VSSVIspCi0W7sLcOya86tQ9gqPKdO5P1e+eh", - "bHP4XW3puVntcBt61wg7285b9tU9LQ+30BGNjrCXjth3rKUWmJ8M0eKg4911pL2O+XBrWwRKz/qshqC0", - "Wbx1HNjLrs/oNgiUDPsGViKTIew8ZlNEyicYVHbhO6Ffrqr0tIcM/T1wNMb98iPJYwba/Ehc1bQKLTNo", - "e74jw85A5ULgqF8AFFfevZxTHa6cQe9Auuqw6L3ptuQVWs2zF5P97XpvOu15I3K2ICJhWkM0IJkC66Na", - "seXKaLJ0TVlsVEXbxUhI1niK6OMuB3elfjMZPJ8Mnr0cHE8++JeIRztjUQz98FoQ/NosOVNgHZ1GwCLX", - "K+AkZmsgawbX5vIsTLljCbhNI9KEmq3BL81IQOvZLFxJkTCz9k/ds2NT8to1JXShQVb2n4tjRi3nKpNA", - "mCY0oqn1HnC4JmbVNa0VcQLPcgU0WmTxAGcrvok70LPTkPqm04BaoM3zZ5PdzKlNr9qevCyTNHfTbjF1", - "ulbFvWFwCi8StG82DGJVFDXgngxsWyqBaJqmVi442NpZuIeSvivtCjYEXWoubCSE0V43nH/+n5z104yu", - "NslcxDg5TjQipzRcETMFUSuRxRGZA6GVtkRlaSqktjr8TSS0EPGUP1UA5B/Hx7iXTUIiWKCdUHB1NCLO", - "5qMI42GcRUCmwXu0BEwDo+1drNhC24+vtYztp5PYffX25TQYTa0F1Jr8mLIm3BAXSGMlzCpDkczdlaWc", - "d82O91edK5H4F87210s6x2H3ONAGt8bT9fJrKQzDP72B8M7MetRsL0FD/IYbPsJFprwhRHJZtwL/8aEd", - "D2ZHonKZJdC0WPdiFVUzKUTdiuvfRubss/Y80JlBTFeSSrZmMSyhg+1QNcsUeLTK5pBUWXQwrc1QPIvx", - "9sh5fDuMx+7do7ThQePNIyRRK4jj4sjNXZBxr24RXnvG+k3IK0PDpZL1lFaVzCM3orMY2UkY922gX+YC", - "vu5Gr08+z5CD2adWlNwpXzMpONrWC5OtWasCXVzF7ugrp1Fifsvsup+ltRuA3QZVC85eMryVNZVWia4A", - "WLGPNhHmt1LhkWljmtl/3qx1AXm1DLhheuY337utEtMETZD+EaxxdTb/5oXftvLNiyFw0z0itimZZ4uF", - "pawO4+qug4lMdw/2uRt6P7IycGY/8F2wpblkEXstDTewtw4yhc1rTC24PH3/Ltg+btXC45r/ePbTT8Eg", - "OPv5MhgEP/x63m/YcXNvQeL3KIoeepugGEvJ+eU/h3MaXkHUfQyhiD0o+zNcEw0yYWbnoYizhKs+N9sg", - "kOK6byzTZE9/HY46sAvdcmIXKb2uhfLG8S+L4NUffSFerav786Bpj6FxLIxqN9N6038LnrjWhJJUQRaJ", - "YbH7p+eX/zxqMlYr2eNFlIexok/W3Egd16UfaGfOT9sEnFVoqpswOoJht4eCtDWTaXb4NG128KEF1wP4", - "+VnF0EnnhiFRosxo2+gh9QX3/HJRAOvsjZ/Vut9nvu42Fn5IlaF7iAgrY4U8l2xhf8wyFvkZMTXi+Ixq", - "v30T7Y8WGlU0c932MHF2kpqmOlN7QiOPxVHY2d6y3VwpzWZp6NnfqdIsoUYZeX3+K8nQDpyCDIFruqze", - "ghyDCnqu0dP8+iRsUTurFbV3qz2uPhllECSQdDmByhVLUAh5kkBiZES7+sI/1HGDe80t5yVMdc3pIDPO", - "DfjstiHy30XdgI3YgekQb6imhpNdS2YNoA3Us/5XxtPM41OKqKY7CRZRdZZRr/WwGPdD755vJS+a5bhQ", - "KWWGa+/QtNDAu5CkDIHBBsQ1HwW7mlTcViTQ0sG3j+x0cUpSuokFNWiaSlCGQ/FlAUHnOBeSxGwB4SaM", - "nYNQ3RaahUOoRBazC68ICn7/0k/1JbU8cYYUvEFzO7GGgpHawZkiU+w4DbpI1qzfcwtYQ7j9OffA4BGE", - "q4xfVRfs4hiK6IjdiNhGtYL0hw0sGGdqtdu1UYau5r26Lo1e/dveh+2vVRGDW/m9IuLsccmVq3WdDlxs", - "g3ng5Vtdp4+JXIQSgKuV0O9huUv2yG52+h+sfb6IJF46pXFL3G2H5fY3tNjuM9CO3kc71hMjvqbDGBaG", - "WiSHW/kj9xjT6zrLT2GQH2wfyA6xQMsC0D0pIHXE8JJsPVFkX69erOnsZrsh/Ach2UfBMQ0B5yI0ERnX", - "I2Ld0EbRwO8VweixAeGwpLXvDRz8nM6uoCfq+P+YFYc7zB+Ja+6ZPkv9k9/GdVykqtyd85hqm7lVyaep", - "T7U/Uew95M7u5FaS0Z5ci0UR8J64OOv2Ln0KrlOvT9S161j2WxbDudE6lWKCq8PWv5QiS/2GCvzJhRxJ", - "8n1N29s3ts2T/fPNixdH+yX7iGvus4ubteJPaAnP1/trx3p3iYO6XgmFulR+ttb9ZT0t6IKMDk3E2RKX", - "Vs1a209kPaeZgmqUqpCo30NoaD8qbK17GmurnkNMV/PZaqvxwLWI4EkvUVYn9x6IEWHeqt+oDu80t6pI", - "fEP1CXNQ/RG9hnDZGvrtXAW1u/FI0Tfe7BD70BnJgSdwywythaQJ+CMV3peybd7IgHiRGopdg5QsAkWU", - "LV/gTuCoCvNnkz6jmdeElDuBPcafigALSHt3lCeGi84R+oxfWATudtSU66g6KvKske2ns/VAEnqDAajs", - "I5zxd991rwCjFZULm3333Y4QOW5Q4fGOkQgXWqS3RTQhQzDj9NPLWZJAxKiGeIMFG9A9KjJNlpKGsMhi", - "olaZNlLQiFyumCIJxtOgjYFxdAhLmaUaIrJmEQg8LL99eJ8ERUvBZkH3mJ3YzNrdW9K9XW6bkQO1FFeg", - "euM48hzkhsYJN+idt7nT1hywEhiRYLP+ey9CHLfN7kwz5vR1zHEJXgU/guQQk7OELkGRk/OzYBCsQSq7", - "lMnoeDRBySAFTlMWvAqejyaj5y5QGA9snAcejRcxXea3Qui5Ft6BXAIGEWFL67KHG6bQ+iM4qAHJUqNE", - "k8agntClNaNEZSnINVNCRoMppzwimMSTcc1iPLai9RtYXwoRKzINYqY0cMaX0wADc2PGgTBFxByp3siP", - "CyHzbBJklC7GDuM5DK5YHhehYKDDVT7LW9y/BQUo/Z2INnsVn2lQe36aDdN2viV7hlqQBI/VZTf8MQ2G", - "wysm1JWNbxkOI6boPIbhMs2mwYejw0NS7IL8aFW20zIDG5VWlkR6Npl4JFhcv4V3hCldxdYcsJs5Lp8H", - "wQs7kk8ZLmYcNyswfR4EL3fpVy9fhLV8siShchO8Cn61eFksMaYZD1cOCGbxbs3YrcTeLI0FjYZwo4Gj", - "oDukPBrmbQ3MhfKwgF+xG9bPEJIkBh2LIchHlhIqwxVbG4KBG43FaPQKEpJxw2LHK5HA+Aope1xOPZ5m", - "k8nz0Mjv+AkGU65AE2noJanOYHfF+AFkSHIqnPIvSIb2vE6LrZ7w6L07423kmGSxZimVemz03WFENd1G", - "keVRdse9lW0MaVrw45mgp9UIiRX6qw/vT0t5K2IDU9S6jG4e0xBcOlkOrv2g3rhgT4a/0+HHyfDb0Wz4", - "4dPx4NnLl37l8CNLZ0YKaC/x9xIh88RlAy9qVpbakIACA8pVP8XSL3nMXkI5W4DSI8MWj6pG1TnjhgT7", - "7rxieS6/xyftb2VvFegexuOOfYb9AhssKkA08LA5SzUFcTBFJNDooRleiwUV0Kwg+VOqDENSR1UmWGzR", - "cUMnt4znuVzg53qneTgiJ6KRTN+qeoZCqquGdHJ+RkIaxyNy4n6lEnIrFkSGy5V10Vzm+UrEkUNSuAnj", - "zKiSJBbh1YAoQbggAvVN9CGSgtkoElJuIydioGvAjOO+wmhFLaX84AkrwvetzS2vkYS5r6MpR4ncBh4a", - "Ud2obuHKUVUENhDCSE1hEbqLPm4sg4OzXcFmLqiM8uOa8lz+T+nGjMJBXwt5RaTIeDTUkqUkphp4uMHZ", - "AON0ecTWLMpo7IbxcV5PibtbSEDbjNxbiukdKoKcxHGBUP602oekwIIcthT/q2J2g9gaVbNykquDr6yX", - "dU9Q8xTkOhBYtoRJXm4sJ+4HhdAFS7LYRl9Z2qvW6POrbg0YFWW6/OApbOf3BJ12AbCdgXMn81cSqXyl", - "Ra1Zf80Um7OY6U2hLXw1NPoDi1xIt7iuZjnWwVwvQOe//DBTBZk3OpByjLKVcgZEOJOeucCMjuss0Csh", - "ta2VMjDT82b1nCVbg82xc/dzDFQBXjHVxP2emjU+xl8UKron1GyX4juQb5iBvhJ+gUux6aTIyxBMFOHQ", - "wJglaIsws6LoZCeT+B50Ldc3uEeC9ScV+2kXI/DsTotN3MUpfg86J7XKFM4HmM+0C/etV3b0H26Rc3xP", - "aN6uGXmr69GdgtnZw6L6uzwluQYdF6pXOs5KTqN2gVitmuYWPuryPst50DmPPJMXrLT02pEfzc+l+7iS", - "vDblvpS0EXmL/NcsTMLKKENGfWjnvg2IAphysxh//hqhmuSFicIl06OFBIhAXWmRjoRcjm/M/1IptBjf", - "HB/bD2lMGR/bwSJYjFaWnzuvxUpwIVXVOD2MYQ3lfo1i4XxSoTsK9D4qZ0mwUBCR1+DpEirviRxaVVAP", - "pAYEKGLL1yQt2Du+qlIjXu6A+KqI8OlmVZf0CspIoPuSGFsBTZ8djLbeOCyhSxinNgCvnKnfyNO6WMoF", - "EBz0QQH6mqY6k0b+LwGUe7x6wOkq+/qZmA3VImsXzhRvjPQ2Foa28xAr852uyHgVTlqXFmvmjlpWsBMD", - "a7FS1nbCOInFEiOpNAuvlK3PZ+P4rKWngkFkDiu6Zgal6Yasqdz8negMjRWuumZOwKMp/80IqXOhV5Wt", - "4ID5XgkGejkTjisKPbDc3LI3nNky+KSm/5KnxRgoCpcTHFnnEKrRaHQBiF1EsWOF/3KM3Wlww6GrQ/4z", - "GQ5RvCYTYg2pViC3ptR/+TjkRR4xdU/kVy32fCB3dOj1lSjRdjGlrGDBQ7WRjPeQ5vJySR3M0TmF7wku", - "7UrRh0HG+n436dd0a+EDBNosrBsKruhtzfnr8ZS60g73JTx4Spl8YYNGvTKy5/r61Vkw8irBIbbM60zc", - "AswvJt/296u/DXOHftGO7RjUWKixrQk+KzLWEU0ynzmyXjf9vmyS/urshzp5ymg3u8+viHTtTgnFoIvy", - "+HO42ELhO8DFVjK/b7i0C70fbPMpQGK3GN2Osl7096s/OXQnxiJcebWaYRNuuTd2C8jeWo/o1w0tjGX+", - "EwAK4VHASFzzWNDIUNfsI8OYvSVoX4yoziRXhJLfz85tUGLFiW6LeCC4VK5ZVOKOqwUkG/B3879h8neW", - "otM/f6EFE9V3ftAh9+wbCTrfFNZ0Mf3+nQGyAxu7kEdg13FgUA2o6Ivo/rDX5ezO9VYKpTn1fI9FsCIi", - "VvWAHyNeOmBVWQihOaK5LXfgq9LRDgirqRx9VJo81VRWIkCS3PCCAX5mrKOteD3lWxCb/K50RMRiAVIR", - "xZYcawRzHW/IgioNspgQU+95NOURVL8yn6kELNLxkaVOIabhisHarGQOujkKkpHf61GhKnNGj4WsBp/a", - "ZZqK7aJ1cER+YMsVSPtXUaWUqITGMRTgVWSeaaLpFZBY8CXI0ZQPLSSUfkX+Y6BthyDHA+Kipg1gISJP", - "//N8Mhm+nEzIu+/G6sh0dEG29Y7PB2ROY8pDI0qZnmOEAHn6n+OXlb4WcPWufxvk8My7vJwM/1etU2uZ", - "xwP8tujxbDJ8UfTogEgFW2Y4TFAFR1nkJf9Uptu6owoGld/skvGD8iUP78sVHfXeii1eOtr+/4w16vq2", - "C/Zo+NcsD552bLHOGopyxbvyhN6K0F/DDbufTFiWbG4jFEp5lXrQjxBtvgddq2idF3ppQa9Am5gpjXK6", - "6sSbsrD2YZfJ48SUctceVCnVt9gmBzxCXMGAYIS8jVVs4wbWlO5S3/IizPfodr4L1Q3dvKW54xHCCXeA", - "ZXcxxHobMUugUaF0e2n5PdDIqdy7kTJOlouEZvyvhZpFqEEPy/Iit5IlkPWb3d2ZZeyBkMXAt1Rl8Pnv", - "HDkUWEY/q2Q1d1J3O7n8/gL8OrLYD6X4ylB5ON4jBOQFaM9rFRXQjTHhXa1YWkDYRvB3O21P4lhc54H+", - "mLBiw9OFJDbRJAZ3IbgwGAmJcDzAvoYy6khsycWDO8tkKSSSjlSUQ4r4VwpyOYF2t7L+OUPdN+HDJXts", - "r9S/PaENT+HOkj0QSkWex2NndZ78j4WT16rkkJs2t+axUTS8IL3Z2rY2ZY1pVdo2W6FhvkcifMRhrZt3", - "Rhr7on5UrXVQScYrFGctdqODan7VLZKfttHDgYj9O0tLtK4A8E+D5LSaU9lA0Ra+O+NKD8Lvaxrtoosp", - "7yeMfhNpzSI65Q2TaHdGpbNx3hlx5VYV/1vhDYtTfoX0EsPg4YjWfEpnJd5tLxxQVl6MwYoIeHGW3W11", - "BMnSvICUWxvmS8bsCg+JDIfYZlj2630otcEvcjjcC7s4cWf4J2cZTXTtYBvXzZzHhiZQKcFzXzqAp8rP", - "7rA9sHoBbttboPhXzv6dga80TUmV1+44eqt9tHVN3Ca56/oBD4RsdjNVI7XLBeXLiiSGpzX+lB/5Z1fG", - "BGxFoia+ibREt4aRAg0PztLg7A4FHLfZHvpNDZ76rDmgRJo+fkBdYI0dsyNMKvYYj5pAGtv4005Tkq2v", - "+1ad2mZfEFZNs5CGG21X67UH9fkDqi+B+uK5L04rZWpLXdjF52J5TRrhrj8F/xheXJwOX9u1DS+9D2S+", - "g4hRVzxnQczwWPfWhfs+bTKxo5rnLvfStVidxyn3+TGiKR5065RdOqFluwXGGmV+e5DRb6bJLgbPNxXh", - "i7aMn1/Q712URlsUBRQ7ayfmr5yhWPbNixddy0zsU+jeZW2tuGiJb5cb/5bm2AOtGXlp8Ed/jaJZytyc", - "eTxkGaoVi6Ualwfrd9GJpat33sGHGwhhn6Hcirk5o8kfWy5K6Hjrb/unWYg4Ftf+yINa0elKWcQmmAWP", - "N0V+BmGL/AlNpohb2hbC7L5V9pmnsnf/bGWDmavbHjzYjVY8PNx7lRnE+qpvL9/NYBZNxBqkmdoSSFq8", - "9j92NTJ2qOAi50xLKjfkvOjt3r7ghvrw2c6ynCqC5kYTuqSMK6uJz6W4ViCJe2RiygUnsQhpvBJKv/r2", - "2bNnI3KZv4m/oorQMH/g5klKl/BkQJ64cZ/Y+jpP3JBPyufHXAaULB5XaLyyj1UplatBZfCW1wq5+Awn", - "7gjKfb+2t8N9aHatuR4o68GzDnziwpcXXh7u11hrpdwCpvRc4MotRniQ0xGI5UlIHd2KfuXxp3vLnW0/", - "L/Vl8aD9KJ4HA8qCSdK1+Spq7HhfwKwDGN9z6oUwviF1vyCuPT/2MDCuvpTluwrt01dfGWzpFuB+Kh/V", - "+jy+YvXsXC+gf2SY5tmvl1ee69omEva8xbW7snAQQKtvIX5VVYB++fFRxhcYVlI85piLrd0YZ58D78U5", - "+9zinwfr6k9P/jfe3T5AqfM5zi3Ip4o39rzqb/0lvi+Ne/d8j9lN+a4w98ujjFKuPIZnt9cN+ojtINNg", - "qz8N16k9PfhA8lPlJUAP8n1XfZnv0VrcypvPPlW4HQ9FpvsMceXhiUxvtcg9ED+6hWXJ865ir42p8WKi", - "kXGbTyb+twPlHhwoFawWmW4YzIqXTcalE9bPXW3mcPno330marfeHumu29T1hs2DpWg/UG2LIrE7lbBm", - "qDPm75hUn0VpQd0ll3VysTz7rAr4rd6zwmlVvKJSRk+MCJZUEom5KuqVkrK8Dp7zChTduxxZyPT8bqy+", - "d1j6WSMe2DhJX9w6naDyqpJ1PdYYXPHr8K17T3R4svVdT7Eon11tP0Y6It9nVFKuwcbLzYG8f/v6+fPn", - "3462e0BqS7mw8SgHrSR/S/vAhZilPJs820bYzHAyFsf4WKcUSwlKDUiKtWKJlhtr+8QK4bJ+3O9By83w", - "ZKF978ZdZMulzRXFkrX4yETljafygQe5sURQbmLrC+6fH3HCqS1zpZAWAUM0d+AoMbO3R2f+YP4ar7pt", - "7dciH2DbhVJ7+7cdZN+i1/xtDFms8s4S7GgcV4etH1vrkRVP6N19X77+B+a8d+/xNhLNXxt+fBWi8ASK", - "CoklXxuRX3i8wQSDktelIMnZG3xlYW6f6FUaH4LAcnCGg4zaUBbpNiBXnl27Nxh7nnbbX7xyoXAPW4xP", - "i7R+/eBG/l8AAAD//yIMPJrxsgAA", + "H4sIAAAAAAAC/+x9eXMbN/bgV0H1TpWtHV6+MhvNX4osJ9rEscqyNzMJvRyw+5HET91AD4CmRLs8n30L", + "D+gbzSYpybayv6pUTJE4HvAOPLwLn4JQJKngwLUKjj8FElQquAL84wcavYV/Z6D0mZRCmq9CwTVwbT7S", + "NI1ZSDUTfPxfSnDznQpXkFDz6S8SFsFx8D/G5fhj+6sa29E+f/48CCJQoWSpGSQ4NhMSN2PweRCcCr6I", + "WfilZs+nM1Ofcw2S0/gLTZ1PRy5BrkES13AQ/Cr0K5Hx6AvB8avQBOcLzG+uuSUFHa5ORZJmGuRJaJrn", + "iDKQRBEzX9H4QooUpGaGgBY0VtCc4YTMzVBELEjohiMUx1NECwI3EGYaiDKDc81oHG9GwSBIK+N+ClwH", + "87E++hsZgYSIxExpM0V75BE5ww9McKK0SBURnOgVkAWTShMwO2MmZBoS1beP9Q0x+EoYP7c9nwwCvUkh", + "OA6olHSDGyrh3xmTEAXHfxRr+FC0E/P/Akt9pzELr16LTMGum1zfn3mmtaWH+vbgkMT+avaEGbKjoSbX", + "TK+CQQA8SwxsMSx0MAgkW67MvwmLohiCQTCn4VUwCBZCXlMZVUBXWjK+NKCHBvSZ/bo5/btNCoh408bh", + "pjJrJK7Nn1kauGG8E6xEHM2uYKN8y4vYgoEk5mezPtOWRJnpiji2o1aQ2xq9jrJBwLNkhr3cdAuaxRqR", + "22CcLJmDNIvTLAGcXEIKVNfmdaObbV8C8vdNexX/IKEQMmKcatytYgCSCsXcnrVH2rRH+uchIzXI9CYw", + "Q3uJtE78+4oBxfgyhqYQqMoAqkhKpeVjKzVG5N0KyL8MKP8iCwZxRBTEEGpFrlcsXE15OUoKciFkMiCU", + "R3blQtrTLTLkYHsbaUqZERAryCFIqaQJaJBqNOVnNzTU8YYIXvxueyYGnpyuDEAkyZQmcyCpFGsWQTSa", + "8pbgstyRGDbslS0tGWCktaTL3bq/lHTZ7J2INezW+7VYQ7N3KkEpw3l9nS9Mw59hU+mrQiniuK/jJbaq", + "dgM9CzOp7NG3tSvoU2xY7R0DpL0dTaNSfncIrhzHxZFSobBRRYRV8VvbbzvyTMONDqpbWWxNDbe1lecL", + "8QnDctCeZRrR+w5udLE9DTbHkb1cLoFqeMkkhFrIzWHnUSIiz66+SW13EuWjE9OQPBahpjGxqxwQGC1H", + "5G8vXhyNyEsrf1G8/u3FC1QMqDaqU3Ac/N8/JsO/ffj0bPD8818Cz16lVK/aQJzMlYiNtCmBMA3NDCEu", + "vTHJePQ/24M3NhNn8m3mS4hBwwXVq8P2sWcJOeARTnP3gL+FEI+T5WHQs6gN+3lktDw8tN0BJfNJKish", + "J3G6ojxLQLKQCElWm3QFvIl/Ovx4Mvx9Mvx++OGvf/Eutr0wptKYbozqz5Z7rmcFqB+11nSaSQlck8iO", + "TWw7wjhJ2Q3Eynt8S1hIUKuZpBr6h3StiWltBv7pI3mc0I05fngWx4QtCBeaRKAh1HQew5F30msW+Qiq", + "ORs22wq/d2ubJ9D96LBGbHbor4XeahVZnwCNIKabmmo3aaoqL00Ts/qExTFTEAoeKTIHfQ3Ac0CM7oqa", + "htJUake9Rv4TGgunJRjuGiFYnCUG0IkPJ7fRb81e7KXe+gVK8xb1x82AbD5UlcmUMqmKJeqVFNlyZXSw", + "2AKxZHw5Iq+NRuRULEI1iYEqTZ6SVDCuVe2W1QS5siEJvXFXqqfV+9XT9mq2/qg0pDNE9yypK/Mv9kS5", + "hJhqtgZihlSNVZPHhvEMMhhn5v5KcM6jfsTjaLMU5EzBMnF3/PLGMem+chQAITYsVClI4sYxCynoj7y2", + "QJAnNYie9F4EOs+GwjTROPNBKboEDxk2Bs4bese2V4GLmG6ukYkPMzq4XtXLRTkkCY120tLUvSqLUaMu", + "8e/x/6Zraj/iADUTwzu8bkRAVlQRGoagkFkepXQJjwbkERpxbvQjezl5NJfiWoF8RNZUMiOt3c0jSWM4", + "JtOAXlOmiek8WgotHj9aaZ2q4/EYbJtRKJJHR38nEnQmOak010zH8Pjo79Ngyn06kbmsikzPFIQ1avuu", + "RW2v6Q2SDRTWE9PXkJZjj0I7I0yR7yZIXbZPcPxsMtmL1nDzd6QHhQDvSQ6mk+GcBhWUq2vRA+RUXh8K", + "iZ84EjbHbrk/C8piiHy7Lgug29eMNY0zcJiEiMw37u5q9GK2IJRvjqywiEB64LnUlEdURtaQRRZSJDhA", + "dWEteJSORKa3DCYynWZ619EyJPj2cL+tQK9Algty/BIR12WRxfGmHHIuRAyUt6gjn8BHIK9YDOd8Idry", + "iKlZxOR2qFCBZorQ8jYw8sBjbnbRzNB/e7hfzBGX4EFtTbPIJyNrNUuoDo6DiGoYYm/P7vmvSmZZ9nI0", + "Z1qRx+ZONCDTIJLXN3Jo/psGRi+eBkN5PZRD8980OBr5ZuDUB/cPVAExP+V6+MJMKaR3J3a+VOUqT5tI", + "2EeYzTcaPHRyyT6iYMGfR2RCFhUwGKhRv9UK1+igq002yOmggkO36V3kdLlRGpKzdXEiNxGjsAEJV5Qv", + "gYBp2DZZ70J+dLGA0PDDznR4KC6LqQ5F6n5U4req4JaiXaVqQjl9e3by7iwYBL+9Pcd/X579coYf3p79", + "evL6zKPG+2wZg26F5RemNOLNs0ajLZq1tXeMccvAhqWB65wQd/ITFFLJo4L/IpYdtHVCYrHEuTal6K04", + "fdpEVtG5GlJJLItDymgeoy5lQGmapJ6TyZz1ZvoSomuqSCpFlIWWinYRbx2aX3VqH8LwynfhTNZvnYey", + "LeF3taXnZrXDbehdI+xsO2/ZV/e0PNzijmjuCHvdEfu2tbwF5jtDtDhoe3cdaa9tPtzaFoHSsz6rISht", + "gLeOA3vY9RndBoGSYd/ASmQyhJ3HbKpI+QSDyip8O/TmqspPe+jQPwJHY9ybn0keM9CWR+KqdqvQMoO2", + "5zsy4gxUrgSO+hVAceVdywXV4coZ9A7kqw6L3stuS15xq3n6fLK/Xe9lpz1vRM4XRCRMa4gGJFNgfVQr", + "tlyZmyxdUxabq6LtYjQkazxF8nGHgztSv5sMnk0GT18Mnkw++EHErZ2xKIZ+fC0Ifm1AzhRYR6dRsMj1", + "CjiJ2RrImsG1OTwLU+5YAi7TqDShZmvwazMS0Ho2C1dSJMzA/ql7dmxKTl1TQhcaZGX9uTpmruVcZRII", + "04RGNLXeAw7XxEBdu7UiTeBeroBGiywe4GzFN3EHeXYaUl92GlALsnn2dLKbObXpVdtTlmWS5m7aLaZO", + "16o4NwxN4UGC9s2GQaxKogbdk4FtSyUQTdPU6gUHWzsL91DSd6RdwYagS82FjYQw2uuE88//i7N+mtHV", + "JpmLGCfHiUbkjIYrYqYgaiWyOCJzILTSlqgsTYXU9g5/EwktRDzljxUA+ceTJ7iWTUIiWKCdUHB1NCLO", + "5qMI42GcRUCmwVu0BEwDc9u7XLGFth9PtYztp5PYffXqxTQYTa0F1Jr8mLIm3BABpLESBspQJHN3ZCnn", + "XbPj/VXnl0j8C2f76zs6x2H32NCGtMbd9cprKYzAP7uB8M7MetQsL0FD/IYbOcJFprwhRHJZtwL/8aEd", + "D2ZHonKZJdC0WPdSFVUzKUTdiutfRubss3Y/0JlBTFeSSrZmMSyhQ+xQNcsUeG6VzSGpsuRgWpuheBbj", + "6ZHL+HYYj12759KGG40nj5BErSCOiy03Z0HGvXeL8Noz1m9CXhkeLi9Zj2n1knnkRnQWIzsJ474F9Otc", + "wNfd5PXJ5xlyOPvUipI742smBUfbemGyNbAq0MVR7La+shsl5bfMrvtZWrsR2G1QtejsZcNbWVNplekK", + "hBXraDNhfioVHpk2pZn1581aB5D3lgE3TM/85nu3VGKaoAnSP4I1rs7m3z3321a+ez4EbrpHxDYl82yx", + "sJzVYVzddTCR6e7BPndj72dWBs7sh75LtjSHLFKv5eEG9dZRprB5TagF787evg62j1u18LjmP5//8ksw", + "CM5/fRcMgp/eX/QbdtzcW4j4Laqih54mqMZScvHun8M5Da8g6t6GUMQekv0VrokGmTCz8lDEWcJVn5tt", + "EEhx3TeWabKnvw5HHVhAt+zYZUqva6G8cfxmERz/0Rfi1Tq6Pw+a9hgax8Jc7WZab/pPwRPXmlCSKsgi", + "MSxW//ji3T+PmoLVavZ4EOVhrOiTNSdSx3HpR9q589M2EWcvNNVFmDuCEbeHorQ1k2l2+DRtcfChhdcD", + "5Pl5xdBJ50YgUaLMaNv4IfUF97y5LJB1/tIvat3vM193Gws/pMrwPUSElbFCnkO2sD9mGYv8gpgadXxG", + "td++ifZHi40qmblue5g4O1lNU52pPbGRx+Io7GxP2W6plGazNPSs70xpllBzGTm9eE8ytAOnIEPgmi6r", + "pyDHoIKeY/QsPz4JW9T2akXt2Wq3q09HGQQJJF1OoBJiCQoxTxJIjI5ooS/8Qx0nuNfcclHiVNecDjLj", + "3KDPLhsi/1nUjdiIHZgO8ZJqaiTZtWTWANogPet/ZTzNPD6liGq6k2IRVWcZ9VoPi3E/9K75VvqiAceF", + "SikzXHuFpoUG3kUkZQgMNiCu+SjY1aTiliKBlg6+fXSnyzOS0k0sqCHTVIIyEoovCww6x7mQJGYLCDdh", + "7ByE6rbYLBxCJbGYVXhVUPD7l36pg9TyxBlW8AbN7SQaCkFqB2eKTLHjNOhiWQO/5xSwhnD7c+6BwS0I", + "Vxm/qgLs4hiK6IjdmNhGtYL0hw0sGGdqtduxUYau5r26Do3e+7c9D9tfqyIGt/J7RcXZ45AroXWdDgS2", + "ITzw8K3C6RMil6EE4Gol9FtY7pI9spud/idrny8iiZfu0rgl7rbDcvsbWmz3GWhH76Md65FRX9NhDAvD", + "LZLDrfyRe4zpdZ3luzDIN7YPZYdYoGWB6J4UkDpheFm2niiyr1cv1nR2s90Q/pOQ7KPgmIaAcxGaiIzr", + "EbFuaHPRwO8VweixAeGwpLXvDR78ks5C0BN1/H8MxOEO80fimnumz1L/5LdxHRepKnfnPKbaZm5V8mnq", + "U+3PFHsPubM7uZVktKfUYlEEvCcuzrq9S5+C69TrE3XtOsB+xWK4MLdOpZjg6jD4l1Jkqd9QgT+5kCNJ", + "fqzd9vaNbfNk/3z3/PnRfsk+4pr77OIGVvwJLeE5vO874N0lDup6JRTepfK9te4v62lBF2R0aCLOlri0", + "atbafirrBc0UVKNUhcT7PYSG96PC1rqnsbbqOcR0NZ+tthoPXIsInvQyZXVy74YYFeaV+o3q8E5zq4rE", + "N7w+YQ6qP6LXMC5bQ7+dq+B2Nx4p+sabHWIfOiM5cAdumaG1kDQBf6TC21K3zRsZFC9Sw7FrkJJFoIiy", + "5QvcDhxVcf500mc085qQciewx/hTUWABee+O8sQQ6Jygz/mlJeBuR00JR9VRkWeNbN+drRuS0BsMQGUf", + "4Zy//qEbAoxWVC5s9vUPO2LkSYMLn+wYiXCpRXpbQhMyBDNOP7+cJwlEjGqIN1iwAd2jItNkKWkIiywm", + "apVpowWNyLsVUyTBeBq0MTCODmEps1RDRNYsAoGb5bcP75OgaDnYAHSP2YnNrN29Nd3b5bYZPVBLcQWq", + "N44jz0Fu3DjhBr3zNnfamgNWAiMSbNZ/70GI47bFnWnG3H0dc1yC4+BnkBxicp7QJShycnEeDII1SGVB", + "mYyejCaoGaTAacqC4+DZaDJ65gKFccPGeeDReBHTZX4qhJ5j4TXIJWAQEba0Lnu4YQqtP4KDGpAsNZdo", + "0hjUE7q0ZpSoLAW5ZkrIaDDllEcEk3gyrlmM21a0fgnrd0LEikyDmCkNnPHlNMDA3JhxIEwRMUeuN/rj", + "Qsg8mwQFpYuxw3gOQytWxkWoGOhwlc/yCtdvUQFK/yCizV7FZxrcnu9mw7SdL8nuoRYkwW112Q1/TIPh", + "8IoJdWXjW4bDiCk6j2G4TLNp8OHo8JAUC5CfrMp2WmZgo9LKkkhPJxOPBovwW3xHmNJVLM0hu5nj8nkQ", + "PLcj+S7DxYzjZgWmz4PgxS796uWLsJZPliRUboLj4L2lywLEmGY8XDkkGOAdzNitpN5UxCwsdaVurjCa", + "9TAvglFOAwakVDKjLZuhNqQ8pBh3lu85LX4eGaoaTHkvu5D9uWXK92WXU5CYxZrvAkkop0sb3HVlBQ/j", + "C0mVllmoM+momJzdaOBGBF2CNrJBDaY8leJmM8SkTYiKEe06ivFzMkRt5/TlxZhmWliv3BFeMeaxCK8g", + "mnK0BOd72cvZFzkaD2du/xHkCxbdBfkj8nMeNOh+MtcyNeWPXWiaC9A8FeKKgXL7OA2OcL8wXc7duVbF", + "CPbb0ZRfApA8WRIpGUpIRkshljEUhD22d6EisDb/3m6pS7W0tbAUC08yvXqzBvmT1ukZuqGjfA+8AKOK", + "Zxqr9+lS0ghU0csd3q/pzangHGxdqAuQF4ZOguNnTwfBhUizVJ3EsbiG6JWQ72Ws8NbfTgQNPny+K7mW", + "08qDFW1NsjNr6ZZwWRoLGg0hZ1k1pDwa5m2N2BPKo+S8x25YIUhIkhgJUgxBPrKUUBmu2NpwONxoLLel", + "V5CQjBslcrwSCYytCBmXU4+n2WTyLDSsgJ9gMOUKNJFGxiXVGazcZvwARaOQnFP+BRUNu1+FYFQnPHrr", + "9nibTEqyWLOUSj1eCJkMI6rpNp2j3MruyN6yjVE+LPpxTzCWxFyDKxpGfXh/4t0rERucol1JC5LGNASX", + "MJujaz+sN64QJ8Pf6fDjZPj9aDb88OnJ4OmLF37z10eWzsw9pw3i7yVB5qUZDL6ogSy1QU8l+xRQP8bi", + "VnlUckI5W4DSeEQfVd1Gc8YNJ/Zp9QV4LoPRZ8/YqsBVsHuYFvfE57osqMGSAkQDj7SzXFMwBzNHNY2+", + "ttxriaACmxUif0yVEUjqqCoEiyU6aehuZuN5ruP5pd5ZHnDNiWiUC2nVdcRruKv3dnJxTkIaxyNy4n7F", + "k9/a6Y06U6386GprrEQcOSKFmzDOlCFeo/4MiBKECyLQooZREqQQNoqElNvYsBjoGrCmQl/px6JaXL7x", + "hBUJStarkFeBw+z+0ZSjzcGGVi+yGHWIcOW4KgIb6mXuhWGRnIBRPFjoC2e7gs1cUBnl2zXluYUjpRsz", + "Cgd9LeQVkSLj0VBLlhKjOvJwg7MBZiLwiK1ZlNHYDeOTvJ4inrdQA7e58baUCz1UGTmJ44Kg/IUDviYH", + "FuywpbxplbIbzNaoC5izXB19ZUXAe8Kap+TggciyRZrygoo5c39VDF2yJIttfKnlvWoVUr9xqoGjohCh", + "Hz2Fd/CesNMucbgzcu5k/kqqqK94snVcrplicxYzvSkuDd8Mj/7EIpe0Iq6redx1NNdLbPoPP8zFQ+GN", + "LvKcomwtsAERzmlhDjDKdO5jWwmpbTWogZmeN+uDLdkabBaxO59joArwiKmWJumpyuUT/EUptnsizXax", + "0QPlhhnoG5EXCIpNmEdZhmiiiIcGxSxBW4KZFWV1O4XEj6Br1QyCe2RYf9kEP+9ijLFdabGIu9jFH0Hn", + "rFaZwkU55DPtIn3rtWv9m1tUVbgnMm9Xxb3V8eh2wazs65L667zoQg07ziRbhgaUkkbtgrFaveAtctRl", + "tpfzYPgRykxeiNIyLsGaC8sAmUp67pT7km5H5BXKXwOYhJW5DJnrQzu7d0AUwJQbYPwZuoTq0pq4ZHq0", + "kAARqCst0pGQy/GN+V8qhRbjmydP7Ic0poyP7WARLEYrK8+dX3YluJCq6n4bxrCGcr3mYuG87qHbCoyv", + "UM6SYLEgIq/h16WM3xM7tOo8H8gNiFCklm9JW7BnfPVKjXS5A+GrIoaxW1S9o1dQxjrel8bYCtn87HC0", + "9cRhCV3COLUhxuVM/Uae1sFSAkBw0K+K0FOaomOGkhJBuU+/B52udrlfiNlgVLJ2AZvxxmhvY2F4Ow8i", + "Nd/pio5XkaR1bbFm7qjVPXBqYC0a1NpOGCexWGKsqGbhlbIVSG2ksrX0VCiIzGFF18yQNN2QNZWbvxOd", + "obHC1Q/OGXg05b8ZJXUu9KqyFOt1yYNTMZTVmXCcx29gpbkVbzizFfBJ7f5LHhdjoCpcTnBk3d94jUaj", + "C0DsciacKPyXE+zuBjccupcWfiXDIarXZEKsIdUq5NaU+i+fhLzMY0Lvif2q5ewPlI6OvL6RS7QFptQV", + "LHqoNprxHtpcXhCuQzi6sJd7wku7Fv5hmLHRLZv0Wzq18IkVbQDrxoIr611z5Hs8xq54zX0pD55iTV/Y", + "oFGv/e45vt47C0ZeBz3ElnklnVug+fnk+/5+9dev7tA92rEcQxoLNbavHsyKmhxIJpnPHFl/GeK+bJL+", + "9ycOdfKU8bx2nd8Q69qVEophZeX253ixTyHsgBf7VsN946X9lMXBNp8CJXaJ0e0463l/v/qjandiLELI", + "q/Vam3jLvbFbUPbKekS/bWxhtsafAFGIjwJH4prHgkaGu2YfGUYlL0H7ouB1JrkilPx+fmHDritOdFum", + "CNGl8ptFJbOiWiK3gX83/0smf2cpOv3zN6iwFMfOT9bknn2jQeeLwqpVpt+/M0BxYGMX8hyTOg0MqgEV", + "fTkrH/Y6nN2+3upCaXY9X2MRjo2EVd3gh0iXDllVEUJoTmhuyR30qnS0A8FqKkcflSaPNZWVCJAkN7xg", + "CLMZ62grXU/5FsImvysdEbFYgFREsSXHKuhcxxuyoEqDLCbE4iI8mvIIql+Zz1QCliH6yFJ3IabhisHa", + "QDIH3RwF2cjv9ahwldmjh8JWg0/tQnTFctE6OCI/seUKpP2rqMNMVELjGAr0KjLPNNH0Ckgs+BLkaMqH", + "FhNKH5P/GGzbIciTAXF5IQaxEJHH/3k2mQxfTCbk9Q9jdWQ6ujSCesdnAzKnMeWhUaVMzzFigDz+z5MX", + "lb4WcfWufxvk+My7vJgM/1etUwvMJwP8tujxdDJ8XvTowEiFWmY4TFBFR1nGKv9UFhRwWxUMKr9ZkPGD", + "8pVH2FcqOu69lVh853j7/zPRqOvLLsSjkV+zPD3EicW6aCgKsu8qE3pr3n8LJ+x+OmFZlL5NUKjlVSre", + "P0Cy+RF0rWZ/Xsqqhb2CbGKmNOrpqpNuyqcDDjtMHiallKv2kEp5fYtt+tMDpBUMCEbM21jFNm1g1fyu", + "61teZv4e3c53cXVDN29p7niAeMIVYGFxDLHexswSaFRcur28/BZo5K7cu7EyTparhGb8b4WbRahBD8sC", + "SrfSJVD0m9XdmWXsKxGLwW95lTEdC+JQYAX9rFK3oZO72+Uz7i/Ar6NOx8EJPJWyFC4c7wEi8hK05z2e", + "CurGWNJDrVhaYNhG8Hc7bTGVKg/0x4QVG54uJLGJJjG4A8GFwUhIhJMB9r2nUUdiS64e3FkmS6GRdKSi", + "HPJMSaXkoFNod3u4JBeo+yZ8uGSP7W+RbE/ZxV24s2QPxFKR5/HQRZ0n/2Ph9LUqO+Smza15bBQNL8hv", + "tnq3TVljWpW2zVZomO8ZHB9zWOvmnbHGvqQfVau5VJLxiouzFrvxQTW/6hbJT9v44UDC/p2lJVlXEPin", + "IXJazalskGiL3p1xpYfg9zWNdvHFlPczRr+JtGYRnfKGSbQ7o9LZOO+MuXKriveZ0obppThCeplh8PWY", + "1nxKZyXdbS+NUtaWjcGqCHhwlt1t/RfJ0rxEnoMN8yVjdoWbRIZDbDMs+/U+Bd2QFzke7kVcnLg9/JOL", + "jCa5doiN62bOY+MmUCkydl93AE8ds91xe2B9Fly2twT7e87+nYGv+FbJldduO3rrGbXvmrhMctdlBL4S", + "sdnFVI3ULheULyuaGO7W+FO+5Z9doSawNdea9CbSktwaRgo0PDhLg7M7FHjcZnvoNzV4KlDniBJp+vAR", + "dYlVxMyKMKnYYzxqImls4087TUm2gvgrdWabfUFcNc1CGm60hdZrD+rzB1TfOvbFc1+eVQpxl3dhF5+L", + "BYRphKv+FPxjeHl5Njy1sA3feZ8Afg0Ro6482IKY4bGytwv3fdwUYkc1z13upWuJOo9T7vNDJFPc6NYu", + "u3RCK3YLijWX+e1BRr+ZJrsYPF9WlC/aMn5+Qb93UfxxUZSI7awOm7/jiGrZd8+fd4GJJVU7wNpaU9Yy", + "3y4n/i3NsQdaM/LHDx78MYpmKXNy5vGQZahWLJZqXG6s30Unlu5Fhw453CAI+9DuVsrNBU3+nHxRQsf7", + "woB/moWIY3HtjzyoldWvFH5tolnweFMWBmOL/JFgpogDbQtjdp8q+8xTWbt/trLBzL1MEXy1E614Wr33", + "KDOE9U2fXr6TwQCNddTM1JZB0phurrEi/djVyNihgoucMy2p3JCLord73Ycb7sOHicuC0YiaG03okjKu", + "7E18LsW1AkncMzpTLjiJRUjjlVD6+PunT5+OyDsMIosAHwmiYf6E16OULuHRgDxy4z6y9XUeuSEflQ8s", + "ugwoWTwfo/MRS+CwGo/OJD4XxWuFXHyGE7cF5bpP7elwHze71lxfKevBAwc+4uPLCy8391ustVIuAVN6", + "LhFySxEe4nQMYmUSckf3Rb/yvN295c62H9D7snTQfvbTQwFlwSTp2nwTNXa8b/zWEYwv1vViGF/Ju18U", + "1x5Y/Do4rr4F6DsK7eN+3xhu6RbkfiqfDfw8vmL17Fwvon9mmObZfy+vPEi4TSXseW1w98vCQQitvvb6", + "TVUBevPzg4wvMKKkeK42V1u7KU7iS7G9NGcflP3zUF39cd3/prvbByh1Pji8hfhU8Yqo9/pbf2v0S9Pe", + "PZ9jdlG+I8z98iCjlCvPfdrldaM+YjvoNNjqTyN1ao+rfiX9qfLWqYf4fqi+PfpgLW7lyWcfY91OhyLT", + "fYa4cvNEprda5L6SPLqFZcnzcmyvjanxJqzRcZuPwv63A+UeHCgVqhaZbhjMirebxqUT1i9dbeZw+azp", + "fSZqt15X6q7b1PVK11dL0f5KtS2KxO5UwprhnTF/qan68FML6y65rFOK5dlnVcRv9Z4VTqvinagyemJE", + "sKSSSMxRUa+UlOV18JxXoOje5chCoed3Y/W9NNUvGnHDxkn6/NbpBJV346zrsSbgil+Hr9yLycOTrS8X", + "i0X5sHT7ueUR+TGjknINNl5uDuTtq9Nnz559P9ruAamBcmnjUQ6CxMWyHAqIAeXp5Ok2xmZGkrE4xueI", + "pVhKUGpAUqwVS7TcWNsnVgiX9e1+C1puhicL7XsZ8zJbLm2uKJasxUcmKq/YlQ88yI1lgnIR2x6xe4jn", + "RpFwastcKeRFwBDNHSRKzOzp0Zk/mL83rm5b+7XIB9h2oNReN28H2bf4NX8bQxZQ3lmCHY3j6rD1bWs9", + "suIJvbvvw9f/hKb37H2yjUXz99QfXoUo3IGiQmIp10bkDY83mGBQyroUJDl/ia8szO0j5ErjQxBYDs5I", + "kFEbyyLdhuTKw5L3hmPP45X7q1cuFO7rFuPTIq0fP7iQ/xcAAP//cg4YztO3AAA=", } // GetSwagger returns the content of the embedded swagger specification file diff --git a/server/lib/policy/overrides.go b/server/lib/policy/overrides.go new file mode 100644 index 00000000..9204a3ea --- /dev/null +++ b/server/lib/policy/overrides.go @@ -0,0 +1,346 @@ +package policy + +import ( + "encoding/json" + "fmt" + "strings" +) + +// PolicyValueType describes the expected JSON type for a Chromium enterprise policy. +type PolicyValueType int + +const ( + PolicyTypeBool PolicyValueType = iota // "main" in Chromium YAML + PolicyTypeInt // "int" and "int-enum" + PolicyTypeString // "string", "string-enum" + PolicyTypeListString // "list", "string-enum-list" + PolicyTypeDict // "dict" — arbitrary JSON object/array +) + +func (t PolicyValueType) String() string { + switch t { + case PolicyTypeBool: + return "boolean" + case PolicyTypeInt: + return "integer" + case PolicyTypeString: + return "string" + case PolicyTypeListString: + return "list of strings" + case PolicyTypeDict: + return "object" + default: + return "unknown" + } +} + +// ChromiumPolicyOverrides represents user-provided Chromium enterprise policy +// overrides. These are merged on top of the base policy.json during browser +// creation. The map keys are Chromium policy names (e.g. "DefaultCookiesSetting") +// and values are the policy values in their native JSON types. +type ChromiumPolicyOverrides map[string]json.RawMessage + +// blockedPolicies are policies that users must not override because they are +// managed by kernel infrastructure or are security-critical for the platform. +var blockedPolicies = map[string]string{ + // Managed by kernel's extension upload system + "ExtensionSettings": "managed by kernel extension system", + "ExtensionInstallForcelist": "managed by kernel extension system", + + // Could disable kernel's own extensions + "ExtensionInstallBlocklist": "could interfere with kernel extensions", + "ExtensionInstallBlacklist": "could interfere with kernel extensions", + "ExtensionInstallAllowlist": "could interfere with kernel extensions", + "ExtensionInstallWhitelist": "could interfere with kernel extensions", + "BlockExternalExtensions": "could interfere with kernel extensions", + "ExtensionAllowedTypes": "could interfere with kernel extensions", + "ExtensionInstallSources": "could interfere with kernel extensions", + "ExtensionManifestV2Availability": "could interfere with kernel extensions", + + // Required for CDP / automation + "RemoteDebuggingAllowed": "required for CDP connectivity", + "DeveloperToolsAvailability": "required for CDP connectivity", + "DeveloperToolsDisabled": "required for CDP connectivity", + "DeveloperToolsAvailabilityAllowlist": "required for CDP connectivity", + "DeveloperToolsAvailabilityBlocklist": "required for CDP connectivity", + "ChromeForTestingAllowed": "required for automation", + "WebDriverOverridesIncompatiblePolicies": "required for automation", + + // Proxy is managed via kernel's proxy feature + "ProxySettings": "use kernel's proxy API instead", + "ProxyMode": "use kernel's proxy API instead", + "ProxyServer": "use kernel's proxy API instead", + "ProxyBypassList": "use kernel's proxy API instead", + "ProxyPacUrl": "use kernel's proxy API instead", +} + +// policyRegistry maps every Chromium enterprise policy supported on Linux +// (chrome.* or chrome.linux) to its expected value type. +// Generated from chromium/src/components/policy/resources/templates/policy_definitions/ +// at Chromium version 133.x. +// +// For the full list of 693 policies, see the policy_registry_gen.go file. +// This subset covers the policies most commonly requested by kernel users. +var policyRegistry = map[string]PolicyValueType{ + // Content settings + "DefaultCookiesSetting": PolicyTypeInt, + "DefaultImagesSetting": PolicyTypeInt, + "DefaultJavaScriptSetting": PolicyTypeInt, + "DefaultNotificationsSetting": PolicyTypeInt, + "DefaultPopupsSetting": PolicyTypeInt, + "DefaultGeolocationSetting": PolicyTypeInt, + "DefaultClipboardSetting": PolicyTypeInt, + + // Cookie controls + "CookiesAllowedForUrls": PolicyTypeListString, + "CookiesBlockedForUrls": PolicyTypeListString, + "CookiesSessionOnlyForUrls": PolicyTypeListString, + "BlockThirdPartyCookies": PolicyTypeBool, + + // Popup controls + "PopupsAllowedForUrls": PolicyTypeListString, + "PopupsBlockedForUrls": PolicyTypeListString, + + // URL filtering + "URLAllowlist": PolicyTypeListString, + "URLBlocklist": PolicyTypeListString, + + // Network / connection + "MaxConnectionsPerProxy": PolicyTypeInt, + "BasicAuthOverHttpEnabled": PolicyTypeBool, + "HttpsUpgradesEnabled": PolicyTypeBool, + "HttpsOnlyMode": PolicyTypeString, + "QuicAllowed": PolicyTypeBool, + "HttpAllowlist": PolicyTypeListString, + + // Authentication + "AuthServerAllowlist": PolicyTypeString, + "AuthNegotiateDelegateAllowlist": PolicyTypeString, + "AuthSchemes": PolicyTypeString, + "AllHttpAuthSchemesAllowedForOrigins": PolicyTypeListString, + + // Password / autofill + "PasswordManagerEnabled": PolicyTypeBool, + "AutofillAddressEnabled": PolicyTypeBool, + "AutofillCreditCardEnabled": PolicyTypeBool, + + // Search provider + "DefaultSearchProviderEnabled": PolicyTypeBool, + "DefaultSearchProviderName": PolicyTypeString, + "DefaultSearchProviderSearchURL": PolicyTypeString, + "DefaultSearchProviderSuggestURL": PolicyTypeString, + + // Startup / new tab + "NewTabPageLocation": PolicyTypeString, + "HomepageLocation": PolicyTypeString, + "HomepageIsNewTabPage": PolicyTypeBool, + "RestoreOnStartup": PolicyTypeInt, + "RestoreOnStartupURLs": PolicyTypeListString, + + // Translation / UI + "TranslateEnabled": PolicyTypeBool, + "BookmarkBarEnabled": PolicyTypeBool, + "ShowHomeButton": PolicyTypeBool, + "ShowFullUrlsInAddressBar": PolicyTypeBool, + + // Downloads + "DownloadRestrictions": PolicyTypeInt, + "DownloadDirectory": PolicyTypeString, + "DefaultDownloadDirectory": PolicyTypeString, + + // Safety / browsing + "SafeBrowsingEnabled": PolicyTypeBool, + "SafeBrowsingProtectionLevel": PolicyTypeInt, + "SSLErrorOverrideAllowed": PolicyTypeBool, + + // Media + "AudioCaptureAllowed": PolicyTypeBool, + "VideoCaptureAllowed": PolicyTypeBool, + "ScreenCaptureAllowed": PolicyTypeBool, + "AudioCaptureAllowedUrls": PolicyTypeListString, + "VideoCaptureAllowedUrls": PolicyTypeListString, + + // Misc + "IncognitoModeAvailability": PolicyTypeInt, + "BrowserSignin": PolicyTypeInt, + "SyncDisabled": PolicyTypeBool, + "MetricsReportingEnabled": PolicyTypeBool, + "SavingBrowserHistoryDisabled": PolicyTypeBool, + "DiskCacheSize": PolicyTypeInt, + "DiskCacheDir": PolicyTypeString, + "HeadlessMode": PolicyTypeInt, + "SitePerProcess": PolicyTypeBool, + + // DNS + "DnsOverHttpsMode": PolicyTypeString, + "DnsOverHttpsTemplates": PolicyTypeString, + "BuiltInDnsClientEnabled": PolicyTypeBool, + + // WebRTC + "WebRtcIPHandling": PolicyTypeString, + "WebRtcUdpPortRange": PolicyTypeString, + "WebRtcLocalIpsAllowedUrls": PolicyTypeListString, + + // JavaScript + "JavaScriptAllowedForUrls": PolicyTypeListString, + "JavaScriptBlockedForUrls": PolicyTypeListString, + + // Images + "ImagesAllowedForUrls": PolicyTypeListString, + "ImagesBlockedForUrls": PolicyTypeListString, + + // Insecure content + "InsecureContentAllowedForUrls": PolicyTypeListString, + "InsecureContentBlockedForUrls": PolicyTypeListString, + "InsecurePrivateNetworkRequestsAllowed": PolicyTypeBool, + "InsecurePrivateNetworkRequestsAllowedForUrls": PolicyTypeListString, + + // Local network access + "LocalNetworkAccessAllowedForUrls": PolicyTypeListString, + "LocalNetworkAccessBlockedForUrls": PolicyTypeListString, + + // Certificates + "CACertificates": PolicyTypeListString, + "CADistrustedCertificates": PolicyTypeListString, + "CAHintCertificates": PolicyTypeListString, + + // Enterprise branding + "EnterpriseCustomLabel": PolicyTypeString, + "EnterpriseLogoUrl": PolicyTypeString, + + // Managed bookmarks / configuration + "ManagedBookmarks": PolicyTypeDict, + "ManagedConfigurationPerOrigin": PolicyTypeDict, + "AutoSelectCertificateForUrls": PolicyTypeListString, + + // Printing + "PrintingEnabled": PolicyTypeBool, + "SilentPrintingEnabled": PolicyTypeBool, + + // Idle + "IdleTimeout": PolicyTypeInt, + "IdleTimeoutActions": PolicyTypeListString, +} + +// Validate checks that the overrides contain valid Chromium policy names with +// correct value types, and that no blocked policies are being overridden. +func (o ChromiumPolicyOverrides) Validate() error { + var errs []string + for name, raw := range o { + if reason, blocked := blockedPolicies[name]; blocked { + errs = append(errs, fmt.Sprintf("policy %q cannot be overridden: %s", name, reason)) + continue + } + + expectedType, known := policyRegistry[name] + if !known { + // Allow unknown policies so new Chrome versions don't require + // immediate code updates, but still validate JSON is well-formed. + var v interface{} + if err := json.Unmarshal(raw, &v); err != nil { + errs = append(errs, fmt.Sprintf("policy %q: invalid JSON value", name)) + } + continue + } + + if err := validatePolicyValue(name, raw, expectedType); err != nil { + errs = append(errs, err.Error()) + } + } + + if len(errs) > 0 { + return fmt.Errorf("invalid chromium policy overrides:\n %s", strings.Join(errs, "\n ")) + } + return nil +} + +// validatePolicyValue checks that a raw JSON value matches the expected type. +func validatePolicyValue(name string, raw json.RawMessage, expected PolicyValueType) error { + var v interface{} + if err := json.Unmarshal(raw, &v); err != nil { + return fmt.Errorf("policy %q: invalid JSON value", name) + } + + switch expected { + case PolicyTypeBool: + if _, ok := v.(bool); !ok { + return fmt.Errorf("policy %q: expected %s, got %T", name, expected, v) + } + case PolicyTypeInt: + f, ok := v.(float64) + if !ok { + return fmt.Errorf("policy %q: expected %s, got %T", name, expected, v) + } + if f != float64(int(f)) { + return fmt.Errorf("policy %q: expected integer, got float", name) + } + case PolicyTypeString: + if _, ok := v.(string); !ok { + return fmt.Errorf("policy %q: expected %s, got %T", name, expected, v) + } + case PolicyTypeListString: + arr, ok := v.([]interface{}) + if !ok { + return fmt.Errorf("policy %q: expected %s, got %T", name, expected, v) + } + for i, item := range arr { + if _, ok := item.(string); !ok { + return fmt.Errorf("policy %q[%d]: expected string, got %T", name, i, item) + } + } + case PolicyTypeDict: + switch v.(type) { + case map[string]interface{}, []interface{}: + // dict policies can be objects or arrays of objects + default: + return fmt.Errorf("policy %q: expected %s, got %T", name, expected, v) + } + } + + return nil +} + +// NewChromiumPolicyOverrides converts a map[string]interface{} (as produced by +// JSON decoding with oapi-codegen) into ChromiumPolicyOverrides by re-marshaling +// each value to json.RawMessage. +func NewChromiumPolicyOverrides(m map[string]interface{}) (ChromiumPolicyOverrides, error) { + if m == nil { + return nil, nil + } + o := make(ChromiumPolicyOverrides, len(m)) + for k, v := range m { + raw, err := json.Marshal(v) + if err != nil { + return nil, fmt.Errorf("policy %q: failed to marshal value: %w", k, err) + } + o[k] = json.RawMessage(raw) + } + return o, nil +} + +// MergeIntoPolicy applies user overrides on top of an existing Policy. +// Overrides are stored into the Policy's unknownFields so they are preserved +// during the normal read-modify-write cycle. This must be called AFTER +// Validate(). +func (o ChromiumPolicyOverrides) MergeIntoPolicy(p *Policy) { + if p.unknownFields == nil { + p.unknownFields = make(map[string]json.RawMessage) + } + for name, raw := range o { + p.unknownFields[name] = raw + } +} + +// ApplyOverrides validates user-provided overrides, reads the current policy +// from disk, merges the overrides in, and writes the result back. +// This is the main entry point for the PATCH /chromium/policies endpoint. +func (p *Policy) ApplyOverrides(overrides ChromiumPolicyOverrides) error { + if err := overrides.Validate(); err != nil { + return err + } + + return p.Modify(func(current *Policy) error { + overrides.MergeIntoPolicy(current) + return nil + }) +} diff --git a/server/lib/policy/overrides_test.go b/server/lib/policy/overrides_test.go new file mode 100644 index 00000000..a23466f0 --- /dev/null +++ b/server/lib/policy/overrides_test.go @@ -0,0 +1,206 @@ +package policy + +import ( + "encoding/json" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestChromiumPolicyOverrides_Validate_ValidPolicies(t *testing.T) { + overrides := ChromiumPolicyOverrides{ + "DefaultCookiesSetting": json.RawMessage(`1`), + "BasicAuthOverHttpEnabled": json.RawMessage(`true`), + "HttpsUpgradesEnabled": json.RawMessage(`false`), + "NewTabPageLocation": json.RawMessage(`"https://example.com"`), + "PopupsAllowedForUrls": json.RawMessage(`["https://example.com", "https://test.com"]`), + "MaxConnectionsPerProxy": json.RawMessage(`32`), + } + + err := overrides.Validate() + assert.NoError(t, err) +} + +func TestChromiumPolicyOverrides_Validate_BlockedPolicies(t *testing.T) { + tests := []struct { + name string + policy string + value string + }{ + {"ExtensionSettings", "ExtensionSettings", `{}`}, + {"ExtensionInstallForcelist", "ExtensionInstallForcelist", `[]`}, + {"RemoteDebuggingAllowed", "RemoteDebuggingAllowed", `false`}, + {"DeveloperToolsAvailability", "DeveloperToolsAvailability", `2`}, + {"ProxySettings", "ProxySettings", `{}`}, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + overrides := ChromiumPolicyOverrides{ + tt.policy: json.RawMessage(tt.value), + } + err := overrides.Validate() + require.Error(t, err) + assert.Contains(t, err.Error(), "cannot be overridden") + }) + } +} + +func TestChromiumPolicyOverrides_Validate_WrongTypes(t *testing.T) { + tests := []struct { + name string + policy string + value string + wantErr string + }{ + { + name: "bool expected, got string", + policy: "PasswordManagerEnabled", + value: `"true"`, + wantErr: "expected boolean", + }, + { + name: "int expected, got string", + policy: "DefaultCookiesSetting", + value: `"1"`, + wantErr: "expected integer", + }, + { + name: "int expected, got float", + policy: "DefaultCookiesSetting", + value: `1.5`, + wantErr: "expected integer", + }, + { + name: "string expected, got int", + policy: "NewTabPageLocation", + value: `123`, + wantErr: "expected string", + }, + { + name: "list expected, got string", + policy: "URLAllowlist", + value: `"https://example.com"`, + wantErr: "expected list of strings", + }, + { + name: "list of strings, got list of ints", + policy: "URLAllowlist", + value: `[1, 2, 3]`, + wantErr: "expected string", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + overrides := ChromiumPolicyOverrides{ + tt.policy: json.RawMessage(tt.value), + } + err := overrides.Validate() + require.Error(t, err) + assert.Contains(t, err.Error(), tt.wantErr) + }) + } +} + +func TestChromiumPolicyOverrides_Validate_UnknownPoliciesAllowed(t *testing.T) { + overrides := ChromiumPolicyOverrides{ + "SomeFutureChromePolicy": json.RawMessage(`true`), + } + + err := overrides.Validate() + assert.NoError(t, err) +} + +func TestChromiumPolicyOverrides_Validate_UnknownPolicyInvalidJSON(t *testing.T) { + overrides := ChromiumPolicyOverrides{ + "SomeFutureChromePolicy": json.RawMessage(`not-valid-json`), + } + + err := overrides.Validate() + require.Error(t, err) + assert.Contains(t, err.Error(), "invalid JSON") +} + +func TestChromiumPolicyOverrides_MergeIntoPolicy(t *testing.T) { + input := `{ + "PasswordManagerEnabled": false, + "DefaultGeolocationSetting": 2, + "ExtensionSettings": { + "*": { + "allowed_types": ["extension"], + "install_sources": ["*"] + } + } + }` + + var p Policy + err := json.Unmarshal([]byte(input), &p) + require.NoError(t, err) + + overrides := ChromiumPolicyOverrides{ + "DefaultCookiesSetting": json.RawMessage(`1`), + "BasicAuthOverHttpEnabled": json.RawMessage(`true`), + "HttpsUpgradesEnabled": json.RawMessage(`false`), + "PasswordManagerEnabled": json.RawMessage(`true`), // override existing + } + + overrides.MergeIntoPolicy(&p) + + data, err := json.Marshal(&p) + require.NoError(t, err) + + var result map[string]interface{} + err = json.Unmarshal(data, &result) + require.NoError(t, err) + + // New overrides are present + assert.Equal(t, float64(1), result["DefaultCookiesSetting"]) + assert.Equal(t, true, result["BasicAuthOverHttpEnabled"]) + assert.Equal(t, false, result["HttpsUpgradesEnabled"]) + + // Overridden existing value + assert.Equal(t, true, result["PasswordManagerEnabled"]) + + // Untouched existing values preserved + assert.Equal(t, float64(2), result["DefaultGeolocationSetting"]) + + // Kernel-managed fields still present + assert.NotNil(t, result["ExtensionSettings"]) +} + +func TestChromiumPolicyOverrides_Validate_DictPolicy(t *testing.T) { + overrides := ChromiumPolicyOverrides{ + "ManagedBookmarks": json.RawMessage(`[{"name": "Google", "url": "https://google.com"}]`), + } + + err := overrides.Validate() + assert.NoError(t, err) +} + +func TestChromiumPolicyOverrides_Validate_MultipleErrors(t *testing.T) { + overrides := ChromiumPolicyOverrides{ + "ExtensionSettings": json.RawMessage(`{}`), + "DefaultCookiesSetting": json.RawMessage(`"wrong"`), + "PasswordManagerEnabled": json.RawMessage(`1`), + } + + err := overrides.Validate() + require.Error(t, err) + assert.Contains(t, err.Error(), "cannot be overridden") + assert.Contains(t, err.Error(), "expected integer") + assert.Contains(t, err.Error(), "expected boolean") +} + +func TestChromiumPolicyOverrides_EmptyIsValid(t *testing.T) { + overrides := ChromiumPolicyOverrides{} + err := overrides.Validate() + assert.NoError(t, err) +} + +func TestChromiumPolicyOverrides_NilIsValid(t *testing.T) { + var overrides ChromiumPolicyOverrides + err := overrides.Validate() + assert.NoError(t, err) +} diff --git a/server/lib/policy/policy.go b/server/lib/policy/policy.go index d77d6814..036cb222 100644 --- a/server/lib/policy/policy.go +++ b/server/lib/policy/policy.go @@ -121,14 +121,11 @@ type ExtensionSetting struct { RuntimeAllowedHosts []string `json:"runtime_allowed_hosts,omitempty"` } -// readPolicyUnlocked reads the current enterprise policy from disk without locking -// This is an internal helper for use within already-locked operations -func (p *Policy) readPolicyUnlocked() (*Policy, error) { +// readFromDisk reads the current enterprise policy from disk. +func readFromDisk() (*Policy, error) { data, err := os.ReadFile(PolicyPath) if err != nil { if os.IsNotExist(err) { - // Return minimal policy if file doesn't exist. - // In practice, policy.json ships with the container image. return &Policy{ ExtensionInstallForcelist: []string{}, ExtensionSettings: make(map[string]ExtensionSetting), @@ -142,12 +139,9 @@ func (p *Policy) readPolicyUnlocked() (*Policy, error) { return nil, fmt.Errorf("failed to parse policy file: %w", err) } - // Initialize ExtensionSettings map if it's nil to prevent panic on write if policy.ExtensionSettings == nil { policy.ExtensionSettings = make(map[string]ExtensionSetting) } - - // Initialize ExtensionInstallForcelist if it's nil if policy.ExtensionInstallForcelist == nil { policy.ExtensionInstallForcelist = []string{} } @@ -155,17 +149,8 @@ func (p *Policy) readPolicyUnlocked() (*Policy, error) { return &policy, nil } -// ReadPolicy reads the current enterprise policy from disk -func (p *Policy) ReadPolicy() (*Policy, error) { - p.mu.Lock() - defer p.mu.Unlock() - - return p.readPolicyUnlocked() -} - -// writePolicyUnlocked writes the policy to disk without locking -// This is an internal helper for use within already-locked operations -func (p *Policy) writePolicyUnlocked(policy *Policy) error { +// writeToDisk writes the policy to disk. +func writeToDisk(policy *Policy) error { data, err := json.MarshalIndent(policy, "", " ") if err != nil { return fmt.Errorf("failed to marshal policy: %w", err) @@ -178,77 +163,75 @@ func (p *Policy) writePolicyUnlocked(policy *Policy) error { return nil } -// WritePolicy writes the policy to disk -func (p *Policy) WritePolicy(policy *Policy) error { +// Modify is the single entry point for all policy mutations. It acquires the +// lock, reads the current policy from disk, passes it to fn for modification, +// and writes the result back. All callers that need to change policy.json +// should go through this method. +func (p *Policy) Modify(fn func(current *Policy) error) error { p.mu.Lock() defer p.mu.Unlock() - return p.writePolicyUnlocked(policy) + current, err := readFromDisk() + if err != nil { + return err + } + + if err := fn(current); err != nil { + return err + } + + return writeToDisk(current) } -// AddExtension adds or updates an extension in the policy -// extensionName is the user-provided name used for the directory and URL paths -// chromeExtensionID is the actual Chrome extension ID (from update.xml appid) used in policy entries -// extensionPath is the full path to the unpacked extension directory -func (p *Policy) AddExtension(extensionName, chromeExtensionID, extensionPath string, requiresEnterprisePolicy bool) error { - // Lock for the entire read-modify-write cycle to prevent race conditions +// ReadPolicy reads the current enterprise policy from disk. +func (p *Policy) ReadPolicy() (*Policy, error) { p.mu.Lock() defer p.mu.Unlock() - policy, err := p.readPolicyUnlocked() - if err != nil { - return err - } + return readFromDisk() +} - // Ensure the wildcard policy exists - if _, exists := policy.ExtensionSettings["*"]; !exists { - policy.ExtensionSettings["*"] = ExtensionSetting{ - AllowedTypes: []string{"extension"}, - InstallSources: []string{"*"}, +// AddExtension adds or updates an extension in the policy. +// extensionName is the user-provided name used for the directory and URL paths. +// chromeExtensionID is the actual Chrome extension ID (from update.xml appid) used in policy entries. +// extensionPath is the full path to the unpacked extension directory. +func (p *Policy) AddExtension(extensionName, chromeExtensionID, extensionPath string, requiresEnterprisePolicy bool) error { + return p.Modify(func(current *Policy) error { + if _, exists := current.ExtensionSettings["*"]; !exists { + current.ExtensionSettings["*"] = ExtensionSetting{ + AllowedTypes: []string{"extension"}, + InstallSources: []string{"*"}, + } } - } - // Add the specific extension - // Use extension name for the URL path (where files are served) - // Use Chrome extension ID for the policy key (what Chrome expects) - setting := ExtensionSetting{ - UpdateUrl: fmt.Sprintf("http://127.0.0.1:10001/extensions/%s/update.xml", extensionName), - } - - // If the extension requires enterprise policy (like webRequestBlocking), - // we need special handling for unpacked extensions loaded via --load-extension - // https://github.com/cloudflare/web-bot-auth/blob/main/examples/browser-extension/policy/policy.json.templ - if requiresEnterprisePolicy { - // For unpacked extensions with webRequestBlocking: - // Chrome requires the extension to be in ExtensionInstallForcelist - // Format: "extension_id;update_url" per https://chromeenterprise.google/intl/en_ca/policies/#ExtensionInstallForcelist - setting.InstallationMode = "force_installed" - - // Add to ExtensionInstallForcelist using the Chrome extension ID and update URL - forcelistEntry := fmt.Sprintf("%s;%s", chromeExtensionID, setting.UpdateUrl) - - // Remove any existing entries with the same extension ID (different URLs) - if policy.ExtensionInstallForcelist == nil { - policy.ExtensionInstallForcelist = []string{} + setting := ExtensionSetting{ + UpdateUrl: fmt.Sprintf("http://127.0.0.1:10001/extensions/%s/update.xml", extensionName), } - // Filter out entries that start with the same extension ID - extensionIDPrefix := chromeExtensionID + ";" - policy.ExtensionInstallForcelist = slices.DeleteFunc(policy.ExtensionInstallForcelist, func(entry string) bool { - return strings.HasPrefix(entry, extensionIDPrefix) - }) + if requiresEnterprisePolicy { + // Chrome requires the extension to be in ExtensionInstallForcelist. + // Format: "extension_id;update_url" per https://chromeenterprise.google/intl/en_ca/policies/#ExtensionInstallForcelist + setting.InstallationMode = "force_installed" - // Add the new entry - policy.ExtensionInstallForcelist = append(policy.ExtensionInstallForcelist, forcelistEntry) + forcelistEntry := fmt.Sprintf("%s;%s", chromeExtensionID, setting.UpdateUrl) - // Use Chrome extension ID as the key in ExtensionSettings - policy.ExtensionSettings[chromeExtensionID] = setting - } else { - // For normal extensions, use the extension name as the key - policy.ExtensionSettings[extensionName] = setting - } + if current.ExtensionInstallForcelist == nil { + current.ExtensionInstallForcelist = []string{} + } + + extensionIDPrefix := chromeExtensionID + ";" + current.ExtensionInstallForcelist = slices.DeleteFunc(current.ExtensionInstallForcelist, func(entry string) bool { + return strings.HasPrefix(entry, extensionIDPrefix) + }) + current.ExtensionInstallForcelist = append(current.ExtensionInstallForcelist, forcelistEntry) + + current.ExtensionSettings[chromeExtensionID] = setting + } else { + current.ExtensionSettings[extensionName] = setting + } - return p.writePolicyUnlocked(policy) + return nil + }) } // GenerateExtensionID returns a stable identifier for the extension policy. diff --git a/server/openapi.yaml b/server/openapi.yaml index b0bc70d9..6e69cab2 100644 --- a/server/openapi.yaml +++ b/server/openapi.yaml @@ -1075,6 +1075,43 @@ paths: "500": $ref: "#/components/responses/InternalError" + /chromium/policies: + patch: + summary: Update Chromium enterprise policies and restart + description: | + Merge user-provided Chromium enterprise policy overrides into the base policy.json, + restart Chromium via supervisord, and wait until the Chromium DevTools "listening" + log line is observed before returning success. + Certain policies managed by kernel infrastructure (e.g. ExtensionSettings, + proxy-related policies, and policies required for CDP/automation) are blocked + from override. + operationId: patchChromiumPolicies + requestBody: + required: true + content: + application/json: + schema: + type: object + description: | + Chromium enterprise policy overrides. Keys are policy names + (e.g. "DefaultCookiesSetting") and values are the policy values. + See https://chromeenterprise.google/policies/ for available policies. + additionalProperties: true + example: + DefaultCookiesSetting: 1 + BasicAuthOverHttpEnabled: true + HttpsUpgradesEnabled: false + MaxConnectionsPerProxy: 32 + PopupsAllowedForUrls: + - "https://example.com" + responses: + "200": + description: Policies updated and Chromium restarted successfully + "400": + $ref: "#/components/responses/BadRequestError" + "500": + $ref: "#/components/responses/InternalError" + /chromium/flags: patch: summary: Update Chromium launch flags and restart From 5a00feef696ba917c5e2c8666daf7c943f6ffb06 Mon Sep 17 00:00:00 2001 From: Rafael Garcia Date: Sat, 21 Feb 2026 10:28:42 -0500 Subject: [PATCH 2/4] fix: remove reference to nonexistent policy_registry_gen.go Co-authored-by: Cursor --- server/lib/policy/overrides.go | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/server/lib/policy/overrides.go b/server/lib/policy/overrides.go index 9204a3ea..ec6bb3f0 100644 --- a/server/lib/policy/overrides.go +++ b/server/lib/policy/overrides.go @@ -74,13 +74,11 @@ var blockedPolicies = map[string]string{ "ProxyPacUrl": "use kernel's proxy API instead", } -// policyRegistry maps every Chromium enterprise policy supported on Linux -// (chrome.* or chrome.linux) to its expected value type. -// Generated from chromium/src/components/policy/resources/templates/policy_definitions/ -// at Chromium version 133.x. -// -// For the full list of 693 policies, see the policy_registry_gen.go file. -// This subset covers the policies most commonly requested by kernel users. +// policyRegistry maps commonly requested Chromium enterprise policies supported +// on Linux (chrome.* or chrome.linux) to their expected value types. +// Derived from chromium/src/components/policy/resources/templates/policy_definitions/ +// at Chromium version 133.x. Policies not in this registry are still accepted +// with basic JSON validation (see Validate). var policyRegistry = map[string]PolicyValueType{ // Content settings "DefaultCookiesSetting": PolicyTypeInt, From e427e2712d5763f79d2b6cde887e0bf5bd97ed75 Mon Sep 17 00:00:00 2001 From: Rafael Garcia Date: Sat, 21 Feb 2026 10:36:13 -0500 Subject: [PATCH 3/4] feat: include full Chromium policy registry (655 policies) instead of curated subset Generated from chromium/src/components/policy/resources/templates/policy_definitions/ at Chromium 133.x. All Linux-supported policies are now type-checked. Unknown policies are still accepted with basic JSON validation for forward compatibility. Co-authored-by: Cursor --- server/lib/policy/overrides.go | 153 +------ server/lib/policy/policy_registry.go | 663 +++++++++++++++++++++++++++ 2 files changed, 671 insertions(+), 145 deletions(-) create mode 100644 server/lib/policy/policy_registry.go diff --git a/server/lib/policy/overrides.go b/server/lib/policy/overrides.go index ec6bb3f0..71df7307 100644 --- a/server/lib/policy/overrides.go +++ b/server/lib/policy/overrides.go @@ -74,151 +74,14 @@ var blockedPolicies = map[string]string{ "ProxyPacUrl": "use kernel's proxy API instead", } -// policyRegistry maps commonly requested Chromium enterprise policies supported -// on Linux (chrome.* or chrome.linux) to their expected value types. -// Derived from chromium/src/components/policy/resources/templates/policy_definitions/ -// at Chromium version 133.x. Policies not in this registry are still accepted -// with basic JSON validation (see Validate). -var policyRegistry = map[string]PolicyValueType{ - // Content settings - "DefaultCookiesSetting": PolicyTypeInt, - "DefaultImagesSetting": PolicyTypeInt, - "DefaultJavaScriptSetting": PolicyTypeInt, - "DefaultNotificationsSetting": PolicyTypeInt, - "DefaultPopupsSetting": PolicyTypeInt, - "DefaultGeolocationSetting": PolicyTypeInt, - "DefaultClipboardSetting": PolicyTypeInt, - - // Cookie controls - "CookiesAllowedForUrls": PolicyTypeListString, - "CookiesBlockedForUrls": PolicyTypeListString, - "CookiesSessionOnlyForUrls": PolicyTypeListString, - "BlockThirdPartyCookies": PolicyTypeBool, - - // Popup controls - "PopupsAllowedForUrls": PolicyTypeListString, - "PopupsBlockedForUrls": PolicyTypeListString, - - // URL filtering - "URLAllowlist": PolicyTypeListString, - "URLBlocklist": PolicyTypeListString, - - // Network / connection - "MaxConnectionsPerProxy": PolicyTypeInt, - "BasicAuthOverHttpEnabled": PolicyTypeBool, - "HttpsUpgradesEnabled": PolicyTypeBool, - "HttpsOnlyMode": PolicyTypeString, - "QuicAllowed": PolicyTypeBool, - "HttpAllowlist": PolicyTypeListString, - - // Authentication - "AuthServerAllowlist": PolicyTypeString, - "AuthNegotiateDelegateAllowlist": PolicyTypeString, - "AuthSchemes": PolicyTypeString, - "AllHttpAuthSchemesAllowedForOrigins": PolicyTypeListString, - - // Password / autofill - "PasswordManagerEnabled": PolicyTypeBool, - "AutofillAddressEnabled": PolicyTypeBool, - "AutofillCreditCardEnabled": PolicyTypeBool, - - // Search provider - "DefaultSearchProviderEnabled": PolicyTypeBool, - "DefaultSearchProviderName": PolicyTypeString, - "DefaultSearchProviderSearchURL": PolicyTypeString, - "DefaultSearchProviderSuggestURL": PolicyTypeString, - - // Startup / new tab - "NewTabPageLocation": PolicyTypeString, - "HomepageLocation": PolicyTypeString, - "HomepageIsNewTabPage": PolicyTypeBool, - "RestoreOnStartup": PolicyTypeInt, - "RestoreOnStartupURLs": PolicyTypeListString, - - // Translation / UI - "TranslateEnabled": PolicyTypeBool, - "BookmarkBarEnabled": PolicyTypeBool, - "ShowHomeButton": PolicyTypeBool, - "ShowFullUrlsInAddressBar": PolicyTypeBool, - - // Downloads - "DownloadRestrictions": PolicyTypeInt, - "DownloadDirectory": PolicyTypeString, - "DefaultDownloadDirectory": PolicyTypeString, - - // Safety / browsing - "SafeBrowsingEnabled": PolicyTypeBool, - "SafeBrowsingProtectionLevel": PolicyTypeInt, - "SSLErrorOverrideAllowed": PolicyTypeBool, - - // Media - "AudioCaptureAllowed": PolicyTypeBool, - "VideoCaptureAllowed": PolicyTypeBool, - "ScreenCaptureAllowed": PolicyTypeBool, - "AudioCaptureAllowedUrls": PolicyTypeListString, - "VideoCaptureAllowedUrls": PolicyTypeListString, - - // Misc - "IncognitoModeAvailability": PolicyTypeInt, - "BrowserSignin": PolicyTypeInt, - "SyncDisabled": PolicyTypeBool, - "MetricsReportingEnabled": PolicyTypeBool, - "SavingBrowserHistoryDisabled": PolicyTypeBool, - "DiskCacheSize": PolicyTypeInt, - "DiskCacheDir": PolicyTypeString, - "HeadlessMode": PolicyTypeInt, - "SitePerProcess": PolicyTypeBool, - - // DNS - "DnsOverHttpsMode": PolicyTypeString, - "DnsOverHttpsTemplates": PolicyTypeString, - "BuiltInDnsClientEnabled": PolicyTypeBool, - - // WebRTC - "WebRtcIPHandling": PolicyTypeString, - "WebRtcUdpPortRange": PolicyTypeString, - "WebRtcLocalIpsAllowedUrls": PolicyTypeListString, - - // JavaScript - "JavaScriptAllowedForUrls": PolicyTypeListString, - "JavaScriptBlockedForUrls": PolicyTypeListString, - - // Images - "ImagesAllowedForUrls": PolicyTypeListString, - "ImagesBlockedForUrls": PolicyTypeListString, - - // Insecure content - "InsecureContentAllowedForUrls": PolicyTypeListString, - "InsecureContentBlockedForUrls": PolicyTypeListString, - "InsecurePrivateNetworkRequestsAllowed": PolicyTypeBool, - "InsecurePrivateNetworkRequestsAllowedForUrls": PolicyTypeListString, - - // Local network access - "LocalNetworkAccessAllowedForUrls": PolicyTypeListString, - "LocalNetworkAccessBlockedForUrls": PolicyTypeListString, - - // Certificates - "CACertificates": PolicyTypeListString, - "CADistrustedCertificates": PolicyTypeListString, - "CAHintCertificates": PolicyTypeListString, - - // Enterprise branding - "EnterpriseCustomLabel": PolicyTypeString, - "EnterpriseLogoUrl": PolicyTypeString, - - // Managed bookmarks / configuration - "ManagedBookmarks": PolicyTypeDict, - "ManagedConfigurationPerOrigin": PolicyTypeDict, - "AutoSelectCertificateForUrls": PolicyTypeListString, - - // Printing - "PrintingEnabled": PolicyTypeBool, - "SilentPrintingEnabled": PolicyTypeBool, - - // Idle - "IdleTimeout": PolicyTypeInt, - "IdleTimeoutActions": PolicyTypeListString, -} +// policyRegistry maps all Chromium enterprise policies supported on Linux +// (chrome.* or chrome.linux) to their expected value types. Generated from +// chromium/src/components/policy/resources/templates/policy_definitions/ +// at Chromium version 133.x (655 policies). Policies not in this registry +// are still accepted with basic JSON validation (see Validate). +// +//nolint:dupword +var policyRegistry map[string]PolicyValueType // Validate checks that the overrides contain valid Chromium policy names with // correct value types, and that no blocked policies are being overridden. diff --git a/server/lib/policy/policy_registry.go b/server/lib/policy/policy_registry.go new file mode 100644 index 00000000..5cb835bd --- /dev/null +++ b/server/lib/policy/policy_registry.go @@ -0,0 +1,663 @@ +// Code generated from Chromium policy definitions (version 133.x). DO NOT EDIT. + +package policy + +func init() { + policyRegistry = map[string]PolicyValueType{ + "AIModeSettings": PolicyTypeInt, + "AbusiveExperienceInterventionEnforce": PolicyTypeBool, + "AccessCodeCastDeviceDuration": PolicyTypeInt, + "AccessCodeCastEnabled": PolicyTypeBool, + "AccessControlAllowMethodsInCORSPreflightSpecConformant": PolicyTypeBool, + "AccessibilityImageLabelsEnabled": PolicyTypeBool, + "AdditionalDnsQueryTypesEnabled": PolicyTypeBool, + "AdsSettingForIntrusiveAdsSites": PolicyTypeInt, + "AdvancedProtectionAllowed": PolicyTypeBool, + "AdvancedProtectionDeepScanningEnabled": PolicyTypeBool, + "AllHttpAuthSchemesAllowedForOrigins": PolicyTypeListString, + "AllowBackForwardCacheForCacheControlNoStorePageEnabled": PolicyTypeBool, + "AllowCrossOriginAuthPrompt": PolicyTypeBool, + "AllowDeletingBrowserHistory": PolicyTypeBool, + "AllowDinosaurEasterEgg": PolicyTypeBool, + "AllowFileSelectionDialogs": PolicyTypeBool, + "AllowNativeNotifications": PolicyTypeBool, + "AllowOutdatedPlugins": PolicyTypeBool, + "AllowPopupsDuringPageUnload": PolicyTypeBool, + "AllowSyncXHRInPageDismissal": PolicyTypeBool, + "AllowSystemNotifications": PolicyTypeBool, + "AllowWebAuthnWithBrokenTlsCerts": PolicyTypeBool, + "AllowedDomainsForApps": PolicyTypeString, + "AlternateErrorPagesEnabled": PolicyTypeBool, + "AlternativeBrowserParameters": PolicyTypeListString, + "AlternativeBrowserPath": PolicyTypeString, + "AlwaysAuthorizePlugins": PolicyTypeBool, + "AlwaysOpenPdfExternally": PolicyTypeBool, + "AmbientAuthenticationInPrivateModesEnabled": PolicyTypeInt, + "AppCacheForceEnabled": PolicyTypeBool, + "AssistantWebEnabled": PolicyTypeBool, + "AudioCaptureAllowed": PolicyTypeBool, + "AudioCaptureAllowedUrls": PolicyTypeListString, + "AudioSandboxEnabled": PolicyTypeBool, + "AuthNegotiateDelegateAllowlist": PolicyTypeString, + "AuthNegotiateDelegateByKdcPolicy": PolicyTypeBool, + "AuthNegotiateDelegateWhitelist": PolicyTypeString, + "AuthSchemes": PolicyTypeString, + "AuthServerAllowlist": PolicyTypeString, + "AuthServerWhitelist": PolicyTypeString, + "AutoFillEnabled": PolicyTypeBool, + "AutoLaunchProtocolsFromOrigins": PolicyTypeDict, + "AutoOpenAllowedForURLs": PolicyTypeListString, + "AutoOpenFileTypes": PolicyTypeListString, + "AutoSelectCertificateForUrls": PolicyTypeListString, + "AutofillAddressEnabled": PolicyTypeBool, + "AutofillCreditCardEnabled": PolicyTypeBool, + "AutofillPredictionSettings": PolicyTypeInt, + "AutomatedPasswordChangeSettings": PolicyTypeInt, + "AutomaticFullscreenAllowedForUrls": PolicyTypeListString, + "AutomaticFullscreenBlockedForUrls": PolicyTypeListString, + "AutoplayAllowed": PolicyTypeBool, + "AutoplayAllowlist": PolicyTypeListString, + "AutoplayWhitelist": PolicyTypeListString, + "BackgroundModeEnabled": PolicyTypeBool, + "BasicAuthOverHttpEnabled": PolicyTypeBool, + "BatterySaverModeAvailability": PolicyTypeInt, + "BeforeunloadEventCancelByPreventDefaultEnabled": PolicyTypeBool, + "BlockExternalExtensions": PolicyTypeBool, + "BlockThirdPartyCookies": PolicyTypeBool, + "BlockTruncatedCookies": PolicyTypeBool, + "BookmarkBarEnabled": PolicyTypeBool, + "BrowserAddPersonEnabled": PolicyTypeBool, + "BrowserContextAwareAccessSignalsAllowlist": PolicyTypeListString, + "BrowserGuestModeEnabled": PolicyTypeBool, + "BrowserGuestModeEnforced": PolicyTypeBool, + "BrowserLabsEnabled": PolicyTypeBool, + "BrowserNetworkTimeQueriesEnabled": PolicyTypeBool, + "BrowserSignin": PolicyTypeInt, + "BrowserSwitcherDelay": PolicyTypeInt, + "BrowserSwitcherEnabled": PolicyTypeBool, + "BrowserSwitcherExternalGreylistUrl": PolicyTypeString, + "BrowserSwitcherExternalSitelistUrl": PolicyTypeString, + "BrowserSwitcherKeepLastChromeTab": PolicyTypeBool, + "BrowserSwitcherParsingMode": PolicyTypeInt, + "BrowserSwitcherUrlGreylist": PolicyTypeListString, + "BrowserSwitcherUrlList": PolicyTypeListString, + "BrowserThemeColor": PolicyTypeString, + "BrowsingDataLifetime": PolicyTypeDict, + "BuiltInAIAPIsEnabled": PolicyTypeBool, + "BuiltInDnsClientEnabled": PolicyTypeBool, + "BuiltinCertificateVerifierEnabled": PolicyTypeBool, + "CACertificateManagementAllowed": PolicyTypeInt, + "CACertificates": PolicyTypeListString, + "CACertificatesWithConstraints": PolicyTypeDict, + "CADistrustedCertificates": PolicyTypeListString, + "CAHintCertificates": PolicyTypeListString, + "CAPlatformIntegrationEnabled": PolicyTypeBool, + "CECPQ2Enabled": PolicyTypeBool, + "CORSNonWildcardRequestHeadersSupport": PolicyTypeBool, + "CSSCustomStateDeprecatedSyntaxEnabled": PolicyTypeBool, + "CertificateTransparencyEnforcementDisabledForCas": PolicyTypeListString, + "CertificateTransparencyEnforcementDisabledForLegacyCas": PolicyTypeListString, + "CertificateTransparencyEnforcementDisabledForUrls": PolicyTypeListString, + "ChromeAppsEnabled": PolicyTypeBool, + "ChromeAppsWebViewPermissiveBehaviorAllowed": PolicyTypeBool, + "ChromeDataRegionSetting": PolicyTypeInt, + "ChromeForTestingAllowed": PolicyTypeBool, + "ChromeRootStoreEnabled": PolicyTypeBool, + "ChromeVariations": PolicyTypeInt, + "ClearBrowsingDataOnExitList": PolicyTypeListString, + "ClearSiteDataOnExit": PolicyTypeBool, + "ClickToCallEnabled": PolicyTypeBool, + "ClipboardAllowedForUrls": PolicyTypeListString, + "ClipboardBlockedForUrls": PolicyTypeListString, + "CloudExtensionRequestEnabled": PolicyTypeBool, + "CloudManagementEnrollmentMandatory": PolicyTypeBool, + "CloudManagementEnrollmentToken": PolicyTypeString, + "CloudPolicyOverridesPlatformPolicy": PolicyTypeBool, + "CloudPrintProxyEnabled": PolicyTypeBool, + "CloudPrintSubmitEnabled": PolicyTypeBool, + "CloudPrintWarningsSuppressed": PolicyTypeBool, + "CloudProfileReportingEnabled": PolicyTypeBool, + "CloudReportingEnabled": PolicyTypeBool, + "CloudReportingUploadFrequency": PolicyTypeInt, + "CloudUserPolicyMerge": PolicyTypeBool, + "CloudUserPolicyOverridesCloudMachinePolicy": PolicyTypeBool, + "CoalesceH2ConnectionsWithClientCertificatesForHosts": PolicyTypeListString, + "CommandLineFlagSecurityWarningsEnabled": PolicyTypeBool, + "ComponentUpdatesEnabled": PolicyTypeBool, + "CompressionDictionaryTransportEnabled": PolicyTypeBool, + "ContextAwareAccessSignalsAllowlist": PolicyTypeListString, + "CookiesAllowedForUrls": PolicyTypeListString, + "CookiesBlockedForUrls": PolicyTypeListString, + "CookiesSessionOnlyForUrls": PolicyTypeListString, + "CopyPreventionSettings": PolicyTypeDict, + "CorsLegacyModeEnabled": PolicyTypeBool, + "CorsMitigationList": PolicyTypeListString, + "CreateThemesSettings": PolicyTypeInt, + "CrossOriginWebAssemblyModuleSharingEnabled": PolicyTypeBool, + "DHEEnabled": PolicyTypeBool, + "DNSInterceptionChecksEnabled": PolicyTypeBool, + "DataControlsRules": PolicyTypeDict, + "DataURLWhitespacePreservationEnabled": PolicyTypeBool, + "DataUrlInSvgUseEnabled": PolicyTypeBool, + "DefaultBrowserSettingEnabled": PolicyTypeBool, + "DefaultClipboardSetting": PolicyTypeInt, + "DefaultCookiesSetting": PolicyTypeInt, + "DefaultDownloadDirectory": PolicyTypeString, + "DefaultFileHandlingGuardSetting": PolicyTypeInt, + "DefaultFileSystemReadGuardSetting": PolicyTypeInt, + "DefaultFileSystemWriteGuardSetting": PolicyTypeInt, + "DefaultGeolocationSetting": PolicyTypeInt, + "DefaultImagesSetting": PolicyTypeInt, + "DefaultInsecureContentSetting": PolicyTypeInt, + "DefaultJavaScriptJitSetting": PolicyTypeInt, + "DefaultJavaScriptOptimizerSetting": PolicyTypeInt, + "DefaultJavaScriptSetting": PolicyTypeInt, + "DefaultKeygenSetting": PolicyTypeInt, + "DefaultLocalFontsSetting": PolicyTypeInt, + "DefaultMediaStreamSetting": PolicyTypeInt, + "DefaultNotificationsSetting": PolicyTypeInt, + "DefaultPluginsSetting": PolicyTypeInt, + "DefaultPopupsSetting": PolicyTypeInt, + "DefaultPrinterSelection": PolicyTypeString, + "DefaultSearchProviderAlternateURLs": PolicyTypeListString, + "DefaultSearchProviderContextMenuAccessAllowed": PolicyTypeBool, + "DefaultSearchProviderEnabled": PolicyTypeBool, + "DefaultSearchProviderEncodings": PolicyTypeListString, + "DefaultSearchProviderIconURL": PolicyTypeString, + "DefaultSearchProviderImageURL": PolicyTypeString, + "DefaultSearchProviderImageURLPostParams": PolicyTypeString, + "DefaultSearchProviderInstantURL": PolicyTypeString, + "DefaultSearchProviderInstantURLPostParams": PolicyTypeString, + "DefaultSearchProviderKeyword": PolicyTypeString, + "DefaultSearchProviderName": PolicyTypeString, + "DefaultSearchProviderNewTabURL": PolicyTypeString, + "DefaultSearchProviderSearchTermsReplacementKey": PolicyTypeString, + "DefaultSearchProviderSearchURL": PolicyTypeString, + "DefaultSearchProviderSearchURLPostParams": PolicyTypeString, + "DefaultSearchProviderSuggestURL": PolicyTypeString, + "DefaultSearchProviderSuggestURLPostParams": PolicyTypeString, + "DefaultSensorsSetting": PolicyTypeInt, + "DefaultSerialGuardSetting": PolicyTypeInt, + "DefaultThirdPartyStoragePartitioningSetting": PolicyTypeInt, + "DefaultWebBluetoothGuardSetting": PolicyTypeInt, + "DefaultWebHidGuardSetting": PolicyTypeInt, + "DefaultWebUsbGuardSetting": PolicyTypeInt, + "DefaultWindowManagementSetting": PolicyTypeInt, + "DefaultWindowPlacementSetting": PolicyTypeInt, + "DeletingUndecryptablePasswordsEnabled": PolicyTypeBool, + "DesktopSharingHubEnabled": PolicyTypeBool, + "DevToolsGenAiSettings": PolicyTypeInt, + "DevToolsGoogleDeveloperProgramProfileAvailability": PolicyTypeInt, + "DeveloperToolsAvailability": PolicyTypeInt, + "DeveloperToolsDisabled": PolicyTypeBool, + "Disable3DAPIs": PolicyTypeBool, + "DisableAuthNegotiateCnameLookup": PolicyTypeBool, + "DisablePluginFinder": PolicyTypeBool, + "DisablePrintPreview": PolicyTypeBool, + "DisableSSLRecordSplitting": PolicyTypeBool, + "DisableSafeBrowsingProceedAnyway": PolicyTypeBool, + "DisableScreenshots": PolicyTypeBool, + "DisableSpdy": PolicyTypeBool, + "DisabledPlugins": PolicyTypeListString, + "DisabledPluginsExceptions": PolicyTypeListString, + "DisabledSchemes": PolicyTypeListString, + "DiskCacheDir": PolicyTypeString, + "DiskCacheSize": PolicyTypeInt, + "DisplayCapturePermissionsPolicyEnabled": PolicyTypeBool, + "DnsOverHttpsMode": PolicyTypeString, + "DnsOverHttpsTemplates": PolicyTypeString, + "DnsPrefetchingEnabled": PolicyTypeBool, + "DomainReliabilityAllowed": PolicyTypeBool, + "DownloadBubbleEnabled": PolicyTypeBool, + "DownloadDirectory": PolicyTypeString, + "DownloadRestrictions": PolicyTypeInt, + "EditBookmarksEnabled": PolicyTypeBool, + "EnableAuthNegotiatePort": PolicyTypeBool, + "EnableCommonNameFallbackForLocalAnchors": PolicyTypeBool, + "EnableDeprecatedPrivetPrinting": PolicyTypeBool, + "EnableDeprecatedWebBasedSignin": PolicyTypeBool, + "EnableDeprecatedWebPlatformFeatures": PolicyTypeListString, + "EnableExperimentalPolicies": PolicyTypeListString, + "EnableMediaRouter": PolicyTypeBool, + "EnableOnlineRevocationChecks": PolicyTypeBool, + "EnableProxyOverrideRulesForAllUsers": PolicyTypeInt, + "EnableSha1ForLocalAnchors": PolicyTypeBool, + "EnableSymantecLegacyInfrastructure": PolicyTypeBool, + "EnableUnsafeSwiftShader": PolicyTypeBool, + "EnabledPlugins": PolicyTypeListString, + "EncryptedClientHelloEnabled": PolicyTypeBool, + "EnforceLocalAnchorConstraintsEnabled": PolicyTypeBool, + "EnterpriseBadgingTemporarySetting": PolicyTypeInt, + "EnterpriseCustomLabel": PolicyTypeString, + "EnterpriseCustomLabelForBrowser": PolicyTypeString, + "EnterpriseHardwarePlatformAPIEnabled": PolicyTypeBool, + "EnterpriseLogoUrl": PolicyTypeString, + "EnterpriseLogoUrlForBrowser": PolicyTypeString, + "EnterpriseProfileBadgeToolbarSettings": PolicyTypeInt, + "EnterpriseProfileCreationKeepBrowsingData": PolicyTypeBool, + "EnterpriseRealTimeUrlCheckMode": PolicyTypeInt, + "EnterpriseSearchAggregatorSettings": PolicyTypeDict, + "EnterpriseWebStoreName": PolicyTypeString, + "EnterpriseWebStoreURL": PolicyTypeString, + "EventPathEnabled": PolicyTypeBool, + "ExemptDomainFileTypePairsFromFileTypeDownloadWarnings": PolicyTypeDict, + "ExplicitlyAllowedNetworkPorts": PolicyTypeListString, + "ExtensionAllowInsecureUpdates": PolicyTypeBool, + "ExtensionAllowedTypes": PolicyTypeListString, + "ExtensionDeveloperModeSettings": PolicyTypeInt, + "ExtensionExtendedBackgroundLifetimeForPortConnectionsToUrls": PolicyTypeListString, + "ExtensionInstallAllowlist": PolicyTypeListString, + "ExtensionInstallBlacklist": PolicyTypeListString, + "ExtensionInstallBlocklist": PolicyTypeListString, + "ExtensionInstallCloudPolicyChecksEnabled": PolicyTypeBool, + "ExtensionInstallForcelist": PolicyTypeListString, + "ExtensionInstallSources": PolicyTypeListString, + "ExtensionInstallTypeBlocklist": PolicyTypeListString, + "ExtensionInstallWhitelist": PolicyTypeListString, + "ExtensionManifestV2Availability": PolicyTypeInt, + "ExtensionSettings": PolicyTypeDict, + "ExtensionUnpublishedAvailability": PolicyTypeInt, + "ExternalProtocolDialogShowAlwaysOpenCheckbox": PolicyTypeBool, + "FeedbackSurveysEnabled": PolicyTypeBool, + "FetchKeepaliveDurationSecondsOnShutdown": PolicyTypeInt, + "FileHandlingAllowedForUrls": PolicyTypeListString, + "FileHandlingBlockedForUrls": PolicyTypeListString, + "FileOrDirectoryPickerWithoutGestureAllowedForOrigins": PolicyTypeListString, + "FileSystemReadAskForUrls": PolicyTypeListString, + "FileSystemReadBlockedForUrls": PolicyTypeListString, + "FileSystemSyncAccessHandleAsyncInterfaceEnabled": PolicyTypeBool, + "FileSystemWriteAskForUrls": PolicyTypeListString, + "FileSystemWriteBlockedForUrls": PolicyTypeListString, + "FirstPartySetsEnabled": PolicyTypeBool, + "FirstPartySetsOverrides": PolicyTypeDict, + "ForceBrowserSignin": PolicyTypeBool, + "ForceEnablePepperVideoDecoderDevAPI": PolicyTypeBool, + "ForceEphemeralProfiles": PolicyTypeBool, + "ForceGoogleSafeSearch": PolicyTypeBool, + "ForceLegacyDefaultReferrerPolicy": PolicyTypeBool, + "ForceMajorVersionToMinorPositionInUserAgent": PolicyTypeInt, + "ForcePermissionPolicyUnloadDefaultEnabled": PolicyTypeBool, + "ForceSafeSearch": PolicyTypeBool, + "ForceYouTubeRestrict": PolicyTypeInt, + "ForceYouTubeSafetyMode": PolicyTypeBool, + "ForcedLanguages": PolicyTypeListString, + "FullscreenAllowed": PolicyTypeBool, + "GSSAPILibraryName": PolicyTypeString, + "GeminiActOnWebSettings": PolicyTypeInt, + "GenAILocalFoundationalModelSettings": PolicyTypeInt, + "GenAiDefaultSettings": PolicyTypeInt, + "GeolocationBlockedForUrls": PolicyTypeListString, + "GetDisplayMediaSetSelectAllScreensAllowedForUrls": PolicyTypeListString, + "GloballyScopeHTTPAuthCacheEnabled": PolicyTypeBool, + "GoogleSearchSidePanelEnabled": PolicyTypeBool, + "HSTSPolicyBypassList": PolicyTypeListString, + "HappyEyeballsV3Enabled": PolicyTypeBool, + "HardwareAccelerationModeEnabled": PolicyTypeBool, + "HeadlessMode": PolicyTypeInt, + "HelpMeWriteSettings": PolicyTypeInt, + "HideWebStoreIcon": PolicyTypeBool, + "HideWebStorePromo": PolicyTypeBool, + "HighEfficiencyModeEnabled": PolicyTypeBool, + "HistoryClustersVisible": PolicyTypeBool, + "HistorySearchSettings": PolicyTypeInt, + "HomepageIsNewTabPage": PolicyTypeBool, + "HomepageLocation": PolicyTypeString, + "Http09OnNonDefaultPortsEnabled": PolicyTypeBool, + "HttpAllowlist": PolicyTypeListString, + "HttpsOnlyMode": PolicyTypeString, + "HttpsUpgradesEnabled": PolicyTypeBool, + "IPv6ReachabilityOverrideEnabled": PolicyTypeBool, + "IdleTimeout": PolicyTypeInt, + "IdleTimeoutActions": PolicyTypeListString, + "ImagesAllowedForUrls": PolicyTypeListString, + "ImagesBlockedForUrls": PolicyTypeListString, + "ImportAutofillFormData": PolicyTypeBool, + "ImportBookmarks": PolicyTypeBool, + "ImportHistory": PolicyTypeBool, + "ImportHomepage": PolicyTypeBool, + "ImportSavedPasswords": PolicyTypeBool, + "ImportSearchEngine": PolicyTypeBool, + "IncognitoEnabled": PolicyTypeBool, + "IncognitoModeAvailability": PolicyTypeInt, + "InsecureContentAllowedForUrls": PolicyTypeListString, + "InsecureContentBlockedForUrls": PolicyTypeListString, + "InsecureFormsWarningsEnabled": PolicyTypeBool, + "InsecureHashesInTLSHandshakesEnabled": PolicyTypeBool, + "InsecurePrivateNetworkRequestsAllowed": PolicyTypeBool, + "InsecurePrivateNetworkRequestsAllowedForUrls": PolicyTypeListString, + "InstantEnabled": PolicyTypeBool, + "IntensiveWakeUpThrottlingEnabled": PolicyTypeBool, + "IntranetRedirectBehavior": PolicyTypeInt, + "IsolateOrigins": PolicyTypeString, + "JavaScriptAllowedForUrls": PolicyTypeListString, + "JavaScriptBlockedForUrls": PolicyTypeListString, + "JavaScriptJitAllowedForSites": PolicyTypeListString, + "JavaScriptJitBlockedForSites": PolicyTypeListString, + "JavaScriptOptimizerAllowedForSites": PolicyTypeListString, + "JavaScriptOptimizerBlockedForSites": PolicyTypeListString, + "JavascriptEnabled": PolicyTypeBool, + "KeyboardFocusableScrollersEnabled": PolicyTypeBool, + "KeygenAllowedForUrls": PolicyTypeListString, + "KeygenBlockedForUrls": PolicyTypeListString, + "LacrosSecondaryProfilesAllowed": PolicyTypeBool, + "LegacySameSiteCookieBehaviorEnabled": PolicyTypeInt, + "LegacySameSiteCookieBehaviorEnabledForDomainList": PolicyTypeListString, + "LegacyTechReportAllowlist": PolicyTypeListString, + "LensDesktopNTPSearchEnabled": PolicyTypeBool, + "LensOverlaySettings": PolicyTypeInt, + "LensRegionSearchEnabled": PolicyTypeBool, + "LiveCaptionEnabled": PolicyTypeBool, + "LiveTranslateEnabled": PolicyTypeBool, + "LoadCryptoTokenExtension": PolicyTypeBool, + "LocalDiscoveryEnabled": PolicyTypeBool, + "LocalFontsAllowedForUrls": PolicyTypeListString, + "LocalFontsBlockedForUrls": PolicyTypeListString, + "LocalNetworkAccessAllowedForUrls": PolicyTypeListString, + "LocalNetworkAccessBlockedForUrls": PolicyTypeListString, + "LocalNetworkAccessRestrictionsEnabled": PolicyTypeBool, + "LocalNetworkAccessRestrictionsTemporaryOptOut": PolicyTypeBool, + "LockIconInAddressBarEnabled": PolicyTypeBool, + "LookalikeWarningAllowlistDomains": PolicyTypeListString, + "MachineLevelUserCloudPolicyEnrollmentToken": PolicyTypeString, + "ManagedAccountsSigninRestriction": PolicyTypeString, + "ManagedBookmarks": PolicyTypeDict, + "ManagedConfigurationPerOrigin": PolicyTypeDict, + "MaxConnectionsPerProxy": PolicyTypeInt, + "MaxInvalidationFetchDelay": PolicyTypeInt, + "MediaCacheSize": PolicyTypeInt, + "MediaRecommendationsEnabled": PolicyTypeBool, + "MediaRouterCastAllowAllIPs": PolicyTypeBool, + "MemorySaverModeSavings": PolicyTypeInt, + "MetricsReportingEnabled": PolicyTypeBool, + "MutationEventsEnabled": PolicyTypeBool, + "NTPCardsVisible": PolicyTypeBool, + "NTPCustomBackgroundEnabled": PolicyTypeBool, + "NTPFooterExtensionAttributionEnabled": PolicyTypeBool, + "NTPFooterManagementNoticeEnabled": PolicyTypeBool, + "NTPMiddleSlotAnnouncementVisible": PolicyTypeBool, + "NTPOutlookCardVisible": PolicyTypeBool, + "NTPSharepointCardVisible": PolicyTypeBool, + "NTPShortcuts": PolicyTypeDict, + "NativeClientForceAllowed": PolicyTypeBool, + "NativeMessagingAllowlist": PolicyTypeListString, + "NativeMessagingBlacklist": PolicyTypeListString, + "NativeMessagingBlocklist": PolicyTypeListString, + "NativeMessagingUserLevelHosts": PolicyTypeBool, + "NativeMessagingWhitelist": PolicyTypeListString, + "NetworkPredictionOptions": PolicyTypeInt, + "NetworkServiceSandboxEnabled": PolicyTypeBool, + "NewBaseUrlInheritanceBehaviorAllowed": PolicyTypeBool, + "NewTabPageLocation": PolicyTypeString, + "NotificationsAllowedForUrls": PolicyTypeListString, + "NotificationsBlockedForUrls": PolicyTypeListString, + "NtlmV2Enabled": PolicyTypeBool, + "OffsetParentNewSpecBehaviorEnabled": PolicyTypeBool, + "OnBulkDataEntryEnterpriseConnector": PolicyTypeDict, + "OnFileAttachedEnterpriseConnector": PolicyTypeDict, + "OnFileDownloadedEnterpriseConnector": PolicyTypeDict, + "OnPrintEnterpriseConnector": PolicyTypeDict, + "OnSecurityEventEnterpriseConnector": PolicyTypeDict, + "OopPrintDriversAllowed": PolicyTypeBool, + "OptimizationGuideFetchingEnabled": PolicyTypeBool, + "OriginAgentClusterDefaultEnabled": PolicyTypeBool, + "OriginKeyedProcessesEnabled": PolicyTypeBool, + "OutOfProcessSystemDnsResolutionEnabled": PolicyTypeBool, + "OverrideSecurityRestrictionsOnInsecureOrigin": PolicyTypeListString, + "PPAPISharedImagesSwapChainAllowed": PolicyTypeBool, + "PacHttpsUrlStrippingEnabled": PolicyTypeBool, + "PartitionedBlobUrlUsage": PolicyTypeBool, + "PasswordDismissCompromisedAlertEnabled": PolicyTypeBool, + "PasswordLeakDetectionEnabled": PolicyTypeBool, + "PasswordManagerAllowShowPasswords": PolicyTypeBool, + "PasswordManagerBlocklist": PolicyTypeListString, + "PasswordManagerEnabled": PolicyTypeBool, + "PasswordManagerPasskeysEnabled": PolicyTypeBool, + "PasswordProtectionChangePasswordURL": PolicyTypeString, + "PasswordProtectionLoginURLs": PolicyTypeListString, + "PasswordProtectionWarningTrigger": PolicyTypeInt, + "PasswordSharingEnabled": PolicyTypeBool, + "PaymentMethodQueryEnabled": PolicyTypeBool, + "PdfAnnotationsEnabled": PolicyTypeBool, + "PdfLocalFileAccessAllowedForDomains": PolicyTypeListString, + "PdfUseSkiaRendererEnabled": PolicyTypeBool, + "PdfViewerOutOfProcessIframeEnabled": PolicyTypeBool, + "PersistentQuotaEnabled": PolicyTypeBool, + "PluginsAllowedForUrls": PolicyTypeListString, + "PluginsBlockedForUrls": PolicyTypeListString, + "PolicyAtomicGroupsEnabled": PolicyTypeBool, + "PolicyDictionaryMultipleSourceMergeList": PolicyTypeListString, + "PolicyListMultipleSourceMergeList": PolicyTypeListString, + "PolicyRefreshRate": PolicyTypeInt, + "PopupsAllowedForUrls": PolicyTypeListString, + "PopupsBlockedForUrls": PolicyTypeListString, + "PostQuantumKeyAgreementEnabled": PolicyTypeBool, + "PreciseGeolocationAllowedForUrls": PolicyTypeListString, + "PrefetchWithServiceWorkerEnabled": PolicyTypeBool, + "PrefixedStorageInfoEnabled": PolicyTypeBool, + "PrefixedVideoFullscreenApiAvailability": PolicyTypeString, + "PrintHeaderFooter": PolicyTypeBool, + "PrintPdfAsImageDefault": PolicyTypeBool, + "PrintPreviewUseSystemDefaultPrinter": PolicyTypeBool, + "PrintRasterizePdfDpi": PolicyTypeInt, + "PrinterTypeDenyList": PolicyTypeListString, + "PrintingAllowedBackgroundGraphicsModes": PolicyTypeString, + "PrintingBackgroundGraphicsDefault": PolicyTypeString, + "PrintingEnabled": PolicyTypeBool, + "PrintingPaperSizeDefault": PolicyTypeDict, + "PrivacySandboxAdMeasurementEnabled": PolicyTypeBool, + "PrivacySandboxAdTopicsEnabled": PolicyTypeBool, + "PrivacySandboxFingerprintingProtectionEnabled": PolicyTypeBool, + "PrivacySandboxIpProtectionEnabled": PolicyTypeBool, + "PrivacySandboxPromptEnabled": PolicyTypeBool, + "PrivacySandboxSiteEnabledAdsEnabled": PolicyTypeBool, + "PrivateNetworkAccessRestrictionsEnabled": PolicyTypeBool, + "ProfileLabel": PolicyTypeInt, + "ProfilePickerOnStartupAvailability": PolicyTypeInt, + "ProfileReauthPrompt": PolicyTypeInt, + "ProfileSeparationDataMigrationSettings": PolicyTypeInt, + "ProfileSeparationDomainExceptionList": PolicyTypeListString, + "ProfileSeparationSettings": PolicyTypeInt, + "PromotionalTabsEnabled": PolicyTypeBool, + "PromotionsEnabled": PolicyTypeBool, + "PromptForDownloadLocation": PolicyTypeBool, + "PromptOnMultipleMatchingCertificates": PolicyTypeBool, + "ProvisionManagedClientCertificateForBrowser": PolicyTypeInt, + "ProvisionManagedClientCertificateForUser": PolicyTypeInt, + "ProxyBypassList": PolicyTypeString, + "ProxyMode": PolicyTypeString, + "ProxyOverrideRules": PolicyTypeDict, + "ProxyPacUrl": PolicyTypeString, + "ProxyServer": PolicyTypeString, + "ProxyServerMode": PolicyTypeInt, + "ProxySettings": PolicyTypeDict, + "QRCodeGeneratorEnabled": PolicyTypeBool, + "QuicAllowed": PolicyTypeBool, + "RC4Enabled": PolicyTypeBool, + "RSAKeyUsageForLocalAnchorsEnabled": PolicyTypeBool, + "ReduceAcceptLanguageEnabled": PolicyTypeBool, + "RegisteredProtocolHandlers": PolicyTypeDict, + "RelatedWebsiteSetsEnabled": PolicyTypeBool, + "RelatedWebsiteSetsOverrides": PolicyTypeDict, + "RelaunchFastIfOutdated": PolicyTypeInt, + "RelaunchNotification": PolicyTypeInt, + "RelaunchNotificationPeriod": PolicyTypeInt, + "RelaunchWindow": PolicyTypeDict, + "RemoteAccessClientFirewallTraversal": PolicyTypeBool, + "RemoteAccessHostAllowClientPairing": PolicyTypeBool, + "RemoteAccessHostAllowFileTransfer": PolicyTypeBool, + "RemoteAccessHostAllowGnubbyAuth": PolicyTypeBool, + "RemoteAccessHostAllowPinAuthentication": PolicyTypeBool, + "RemoteAccessHostAllowRelayedConnection": PolicyTypeBool, + "RemoteAccessHostAllowRemoteAccessConnections": PolicyTypeBool, + "RemoteAccessHostAllowRemoteSupportConnections": PolicyTypeBool, + "RemoteAccessHostAllowUrlForwarding": PolicyTypeBool, + "RemoteAccessHostClientDomain": PolicyTypeString, + "RemoteAccessHostClientDomainList": PolicyTypeListString, + "RemoteAccessHostClipboardSizeBytes": PolicyTypeInt, + "RemoteAccessHostDebugOverridePolicies": PolicyTypeString, + "RemoteAccessHostDomain": PolicyTypeString, + "RemoteAccessHostDomainList": PolicyTypeListString, + "RemoteAccessHostEnableUserInterface": PolicyTypeBool, + "RemoteAccessHostFirewallTraversal": PolicyTypeBool, + "RemoteAccessHostMatchUsername": PolicyTypeBool, + "RemoteAccessHostMaximumSessionDurationMinutes": PolicyTypeInt, + "RemoteAccessHostRequireCurtain": PolicyTypeBool, + "RemoteAccessHostRequireTwoFactor": PolicyTypeBool, + "RemoteAccessHostTalkGadgetPrefix": PolicyTypeString, + "RemoteAccessHostTokenUrl": PolicyTypeString, + "RemoteAccessHostTokenValidationCertificateIssuer": PolicyTypeString, + "RemoteAccessHostTokenValidationUrl": PolicyTypeString, + "RemoteAccessHostUdpPortRange": PolicyTypeString, + "RemoteDebuggingAllowed": PolicyTypeBool, + "ReportSafeBrowsingData": PolicyTypeBool, + "RequireOnlineRevocationChecksForLocalAnchors": PolicyTypeBool, + "RestoreOnStartup": PolicyTypeInt, + "RestoreOnStartupURLs": PolicyTypeListString, + "RestrictPdfSaveToGoogleDriveAccountsToPattern": PolicyTypeString, + "RestrictSigninToPattern": PolicyTypeString, + "RoamingProfileLocation": PolicyTypeString, + "RoamingProfileSupportEnabled": PolicyTypeBool, + "RunAllFlashInAllowMode": PolicyTypeBool, + "SSLErrorOverrideAllowed": PolicyTypeBool, + "SSLErrorOverrideAllowedForOrigins": PolicyTypeListString, + "SSLVersionFallbackMin": PolicyTypeString, + "SSLVersionMax": PolicyTypeString, + "SSLVersionMin": PolicyTypeString, + "SafeBrowsingAllowlistDomains": PolicyTypeListString, + "SafeBrowsingDeepScanningEnabled": PolicyTypeBool, + "SafeBrowsingEnabled": PolicyTypeBool, + "SafeBrowsingExtendedReportingEnabled": PolicyTypeBool, + "SafeBrowsingExtendedReportingOptInAllowed": PolicyTypeBool, + "SafeBrowsingProtectionLevel": PolicyTypeInt, + "SafeBrowsingProxiedRealTimeChecksAllowed": PolicyTypeBool, + "SafeBrowsingSurveysEnabled": PolicyTypeBool, + "SafeBrowsingWhitelistDomains": PolicyTypeListString, + "SafeSitesFilterBehavior": PolicyTypeInt, + "SameOriginTabCaptureAllowedByOrigins": PolicyTypeListString, + "SandboxExternalProtocolBlocked": PolicyTypeBool, + "SavingBrowserHistoryDisabled": PolicyTypeBool, + "ScreenCaptureAllowed": PolicyTypeBool, + "ScreenCaptureAllowedByOrigins": PolicyTypeListString, + "ScreenCaptureWithoutGestureAllowedForOrigins": PolicyTypeListString, + "ScrollToTextFragmentEnabled": PolicyTypeBool, + "SearchContentSharingSettings": PolicyTypeInt, + "SearchSuggestEnabled": PolicyTypeBool, + "SecurityKeyPermitAttestation": PolicyTypeListString, + "SelectParserRelaxationEnabled": PolicyTypeBool, + "SendMouseEventsDisabledFormControlsEnabled": PolicyTypeBool, + "SensorsAllowedForUrls": PolicyTypeListString, + "SensorsBlockedForUrls": PolicyTypeListString, + "SerialAllowAllPortsForUrls": PolicyTypeListString, + "SerialAllowUsbDevicesForUrls": PolicyTypeDict, + "SerialAskForUrls": PolicyTypeListString, + "SerialBlockedForUrls": PolicyTypeListString, + "ServiceWorkerAutoPreloadEnabled": PolicyTypeBool, + "ServiceWorkerToControlSrcdocIframeEnabled": PolicyTypeBool, + "SetTimeoutWithout1MsClampEnabled": PolicyTypeBool, + "SharedArrayBufferUnrestrictedAccessAllowed": PolicyTypeBool, + "SharedClipboardEnabled": PolicyTypeBool, + "SharedWorkerBlobURLFixEnabled": PolicyTypeBool, + "ShoppingListEnabled": PolicyTypeBool, + "ShowAppsShortcutInBookmarkBar": PolicyTypeBool, + "ShowCastIconInToolbar": PolicyTypeBool, + "ShowCastSessionsStartedByOtherDevices": PolicyTypeBool, + "ShowFullUrlsInAddressBar": PolicyTypeBool, + "ShowHomeButton": PolicyTypeBool, + "SideSearchEnabled": PolicyTypeBool, + "SignedHTTPExchangeEnabled": PolicyTypeBool, + "SigninAllowed": PolicyTypeBool, + "SigninInterceptionEnabled": PolicyTypeBool, + "SilentPrintingEnabled": PolicyTypeBool, + "SitePerProcess": PolicyTypeBool, + "SiteSearchSettings": PolicyTypeDict, + "SpellCheckServiceEnabled": PolicyTypeBool, + "SpellcheckEnabled": PolicyTypeBool, + "SpellcheckLanguage": PolicyTypeListString, + "SpellcheckLanguageBlacklist": PolicyTypeListString, + "SpellcheckLanguageBlocklist": PolicyTypeListString, + "StandardizedBrowserZoomEnabled": PolicyTypeBool, + "StaticStorageQuotaEnabled": PolicyTypeBool, + "StrictMimetypeCheckForWorkerScriptsEnabled": PolicyTypeBool, + "StricterMixedContentTreatmentEnabled": PolicyTypeBool, + "SupervisedUserCreationEnabled": PolicyTypeBool, + "SuppressDifferentOriginSubframeDialogs": PolicyTypeBool, + "SuppressUnsupportedOSWarning": PolicyTypeBool, + "SyncDisabled": PolicyTypeBool, + "SyncTypesListDisabled": PolicyTypeListString, + "TLS13EarlyDataEnabled": PolicyTypeBool, + "TLS13HardeningForLocalAnchorsEnabled": PolicyTypeBool, + "TabCaptureAllowedByOrigins": PolicyTypeListString, + "TabCompareSettings": PolicyTypeInt, + "TabDiscardingExceptions": PolicyTypeListString, + "TabFreezingEnabled": PolicyTypeBool, + "TabGroupSharingSettings": PolicyTypeInt, + "TabOrganizerSettings": PolicyTypeInt, + "TabUnderAllowed": PolicyTypeBool, + "TargetBlankImpliesNoOpener": PolicyTypeBool, + "TaskManagerEndProcessEnabled": PolicyTypeBool, + "ThirdPartyStoragePartitioningBlockedForOrigins": PolicyTypeListString, + "ThrottleNonVisibleCrossOriginIframesAllowed": PolicyTypeBool, + "ToolbarAvatarLabelSettings": PolicyTypeInt, + "TranslateEnabled": PolicyTypeBool, + "TranslatorAPIAllowed": PolicyTypeBool, + "TripleDESEnabled": PolicyTypeBool, + "U2fSecurityKeyApiEnabled": PolicyTypeBool, + "URLAllowlist": PolicyTypeListString, + "URLBlacklist": PolicyTypeListString, + "URLBlocklist": PolicyTypeListString, + "URLWhitelist": PolicyTypeListString, + "UnmanagedDeviceSignalsConsentFlowEnabled": PolicyTypeBool, + "UnsafelyTreatInsecureOriginAsSecure": PolicyTypeListString, + "UnthrottledNestedTimeoutEnabled": PolicyTypeBool, + "UrlKeyedAnonymizedDataCollectionEnabled": PolicyTypeBool, + "UrlParamFilterEnabled": PolicyTypeBool, + "UseLegacyFormControls": PolicyTypeBool, + "UseMojoVideoDecoderForPepperAllowed": PolicyTypeBool, + "UserAgentClientHintsEnabled": PolicyTypeBool, + "UserAgentClientHintsGREASEUpdateEnabled": PolicyTypeBool, + "UserAgentReduction": PolicyTypeInt, + "UserContextAwareAccessSignalsAllowlist": PolicyTypeListString, + "UserDataSnapshotRetentionLimit": PolicyTypeInt, + "UserFeedbackAllowed": PolicyTypeBool, + "UserSecurityAuthenticatedReporting": PolicyTypeBool, + "UserSecuritySignalsReporting": PolicyTypeBool, + "VariationsRestrictParameter": PolicyTypeString, + "VideoCaptureAllowed": PolicyTypeBool, + "VideoCaptureAllowedUrls": PolicyTypeListString, + "WPADQuickCheckEnabled": PolicyTypeBool, + "WatermarkStyle": PolicyTypeDict, + "WebAppInstallByUserEnabled": PolicyTypeBool, + "WebAppInstallForceList": PolicyTypeDict, + "WebAppSettings": PolicyTypeDict, + "WebAudioOutputBufferingEnabled": PolicyTypeBool, + "WebAuthenticationRemoteDesktopAllowedOrigins": PolicyTypeListString, + "WebAuthenticationRemoteProxiedRequestsAllowed": PolicyTypeBool, + "WebComponentsV0Enabled": PolicyTypeBool, + "WebDriverOverridesIncompatiblePolicies": PolicyTypeBool, + "WebHidAllowAllDevicesForUrls": PolicyTypeListString, + "WebHidAllowDevicesForUrls": PolicyTypeDict, + "WebHidAllowDevicesWithHidUsagesForUrls": PolicyTypeDict, + "WebHidAskForUrls": PolicyTypeListString, + "WebHidBlockedForUrls": PolicyTypeListString, + "WebRtcAllowLegacyTLSProtocols": PolicyTypeBool, + "WebRtcEventLogCollectionAllowed": PolicyTypeBool, + "WebRtcIPHandling": PolicyTypeString, + "WebRtcIPHandlingUrl": PolicyTypeDict, + "WebRtcLocalIpsAllowedUrls": PolicyTypeListString, + "WebRtcPostQuantumKeyAgreement": PolicyTypeBool, + "WebRtcTextLogCollectionAllowed": PolicyTypeBool, + "WebRtcUdpPortRange": PolicyTypeString, + "WebSQLAccess": PolicyTypeBool, + "WebSQLInThirdPartyContextEnabled": PolicyTypeBool, + "WebSQLNonSecureContextEnabled": PolicyTypeBool, + "WebUsbAllowDevicesForUrls": PolicyTypeDict, + "WebUsbAskForUrls": PolicyTypeListString, + "WebUsbBlockedForUrls": PolicyTypeListString, + "WindowCaptureAllowedByOrigins": PolicyTypeListString, + "WindowManagementAllowedForUrls": PolicyTypeListString, + "WindowManagementBlockedForUrls": PolicyTypeListString, + "WindowPlacementAllowedForUrls": PolicyTypeListString, + "WindowPlacementBlockedForUrls": PolicyTypeListString, + "ZstdContentEncodingEnabled": PolicyTypeBool, + } +} From 68c52e6fa21eeff6fd193cd2c2652dd61fd61214 Mon Sep 17 00:00:00 2001 From: Rafael Garcia Date: Sat, 21 Feb 2026 10:39:11 -0500 Subject: [PATCH 4/4] add generate_registry.py to regenerate policy_registry.go from Chromium source Usage: python3 generate_registry.py Co-authored-by: Cursor --- server/lib/policy/generate_registry.py | 109 ++ server/lib/policy/policy_registry.go | 1312 ++++++++++++------------ 2 files changed, 765 insertions(+), 656 deletions(-) create mode 100644 server/lib/policy/generate_registry.py diff --git a/server/lib/policy/generate_registry.py b/server/lib/policy/generate_registry.py new file mode 100644 index 00000000..04f0250d --- /dev/null +++ b/server/lib/policy/generate_registry.py @@ -0,0 +1,109 @@ +#!/usr/bin/env python3 +"""Generate policy_registry.go from Chromium policy definition YAML files. + +Usage: + python3 generate_registry.py + +Where is the path to: + chromium/src/components/policy/resources/templates/policy_definitions/ + +Example: + python3 generate_registry.py /home/debianuser/chromium-cache/src/components/policy/resources/templates/policy_definitions +""" + +import os +import sys +import yaml + +CHROMIUM_TYPE_TO_GO = { + "main": ("PolicyTypeBool", "bool"), + "int": ("PolicyTypeInt", "int"), + "int-enum": ("PolicyTypeInt", "int"), + "string": ("PolicyTypeString", "string"), + "string-enum": ("PolicyTypeString", "string"), + "list": ("PolicyTypeListString", "list"), + "string-enum-list": ("PolicyTypeListString", "list"), + "dict": ("PolicyTypeDict", "dict"), + "external": ("PolicyTypeDict", "dict"), +} + + +def extract_policies(policy_dir: str) -> dict[str, str]: + results = {} + for root, _, files in os.walk(policy_dir): + for f in files: + if not f.endswith(".yaml"): + continue + path = os.path.join(root, f) + try: + with open(path) as fh: + data = yaml.safe_load(fh) + except Exception: + continue + if not isinstance(data, dict): + continue + + supported = data.get("supported_on", []) + if not isinstance(supported, list): + continue + if not any( + isinstance(s, str) + and (s.startswith("chrome.*") or s.startswith("chrome.linux")) + for s in supported + ): + continue + + name = data.get("name", f.removesuffix(".yaml")) + ptype = data.get("type", "") + mapping = CHROMIUM_TYPE_TO_GO.get(ptype) + if mapping is None: + print(f"WARNING: skipping {name}: unknown type {ptype!r}", file=sys.stderr) + continue + + results[name] = mapping[0] + + return results + + +def generate_go(policies: dict[str, str]) -> str: + lines = [ + "// Code generated by generate_registry.py from Chromium policy definitions. DO NOT EDIT.", + "", + "package policy", + "", + "func init() {", + "\tpolicyRegistry = map[string]PolicyValueType{", + ] + max_name_len = max(len(name) for name in policies) + 2 # +2 for quotes + for name in sorted(policies.keys()): + go_const = policies[name] + key = f'"{name}":' + lines.append(f"\t\t{key:<{max_name_len + 1}} {go_const},") + lines.append("\t}") + lines.append("}") + lines.append("") + return "\n".join(lines) + + +def main(): + if len(sys.argv) != 2: + print(__doc__, file=sys.stderr) + sys.exit(1) + + policy_dir = sys.argv[1] + if not os.path.isdir(policy_dir): + print(f"ERROR: {policy_dir} is not a directory", file=sys.stderr) + sys.exit(1) + + policies = extract_policies(policy_dir) + print(f"Extracted {len(policies)} Linux-supported policies", file=sys.stderr) + + go_code = generate_go(policies) + out_path = os.path.join(os.path.dirname(os.path.abspath(__file__)), "policy_registry.go") + with open(out_path, "w") as f: + f.write(go_code) + print(f"Wrote {out_path}", file=sys.stderr) + + +if __name__ == "__main__": + main() diff --git a/server/lib/policy/policy_registry.go b/server/lib/policy/policy_registry.go index 5cb835bd..b4576a9d 100644 --- a/server/lib/policy/policy_registry.go +++ b/server/lib/policy/policy_registry.go @@ -1,663 +1,663 @@ -// Code generated from Chromium policy definitions (version 133.x). DO NOT EDIT. +// Code generated by generate_registry.py from Chromium policy definitions. DO NOT EDIT. package policy func init() { policyRegistry = map[string]PolicyValueType{ - "AIModeSettings": PolicyTypeInt, - "AbusiveExperienceInterventionEnforce": PolicyTypeBool, - "AccessCodeCastDeviceDuration": PolicyTypeInt, - "AccessCodeCastEnabled": PolicyTypeBool, - "AccessControlAllowMethodsInCORSPreflightSpecConformant": PolicyTypeBool, - "AccessibilityImageLabelsEnabled": PolicyTypeBool, - "AdditionalDnsQueryTypesEnabled": PolicyTypeBool, - "AdsSettingForIntrusiveAdsSites": PolicyTypeInt, - "AdvancedProtectionAllowed": PolicyTypeBool, - "AdvancedProtectionDeepScanningEnabled": PolicyTypeBool, - "AllHttpAuthSchemesAllowedForOrigins": PolicyTypeListString, - "AllowBackForwardCacheForCacheControlNoStorePageEnabled": PolicyTypeBool, - "AllowCrossOriginAuthPrompt": PolicyTypeBool, - "AllowDeletingBrowserHistory": PolicyTypeBool, - "AllowDinosaurEasterEgg": PolicyTypeBool, - "AllowFileSelectionDialogs": PolicyTypeBool, - "AllowNativeNotifications": PolicyTypeBool, - "AllowOutdatedPlugins": PolicyTypeBool, - "AllowPopupsDuringPageUnload": PolicyTypeBool, - "AllowSyncXHRInPageDismissal": PolicyTypeBool, - "AllowSystemNotifications": PolicyTypeBool, - "AllowWebAuthnWithBrokenTlsCerts": PolicyTypeBool, - "AllowedDomainsForApps": PolicyTypeString, - "AlternateErrorPagesEnabled": PolicyTypeBool, - "AlternativeBrowserParameters": PolicyTypeListString, - "AlternativeBrowserPath": PolicyTypeString, - "AlwaysAuthorizePlugins": PolicyTypeBool, - "AlwaysOpenPdfExternally": PolicyTypeBool, - "AmbientAuthenticationInPrivateModesEnabled": PolicyTypeInt, - "AppCacheForceEnabled": PolicyTypeBool, - "AssistantWebEnabled": PolicyTypeBool, - "AudioCaptureAllowed": PolicyTypeBool, - "AudioCaptureAllowedUrls": PolicyTypeListString, - "AudioSandboxEnabled": PolicyTypeBool, - "AuthNegotiateDelegateAllowlist": PolicyTypeString, - "AuthNegotiateDelegateByKdcPolicy": PolicyTypeBool, - "AuthNegotiateDelegateWhitelist": PolicyTypeString, - "AuthSchemes": PolicyTypeString, - "AuthServerAllowlist": PolicyTypeString, - "AuthServerWhitelist": PolicyTypeString, - "AutoFillEnabled": PolicyTypeBool, - "AutoLaunchProtocolsFromOrigins": PolicyTypeDict, - "AutoOpenAllowedForURLs": PolicyTypeListString, - "AutoOpenFileTypes": PolicyTypeListString, - "AutoSelectCertificateForUrls": PolicyTypeListString, - "AutofillAddressEnabled": PolicyTypeBool, - "AutofillCreditCardEnabled": PolicyTypeBool, - "AutofillPredictionSettings": PolicyTypeInt, - "AutomatedPasswordChangeSettings": PolicyTypeInt, - "AutomaticFullscreenAllowedForUrls": PolicyTypeListString, - "AutomaticFullscreenBlockedForUrls": PolicyTypeListString, - "AutoplayAllowed": PolicyTypeBool, - "AutoplayAllowlist": PolicyTypeListString, - "AutoplayWhitelist": PolicyTypeListString, - "BackgroundModeEnabled": PolicyTypeBool, - "BasicAuthOverHttpEnabled": PolicyTypeBool, - "BatterySaverModeAvailability": PolicyTypeInt, - "BeforeunloadEventCancelByPreventDefaultEnabled": PolicyTypeBool, - "BlockExternalExtensions": PolicyTypeBool, - "BlockThirdPartyCookies": PolicyTypeBool, - "BlockTruncatedCookies": PolicyTypeBool, - "BookmarkBarEnabled": PolicyTypeBool, - "BrowserAddPersonEnabled": PolicyTypeBool, - "BrowserContextAwareAccessSignalsAllowlist": PolicyTypeListString, - "BrowserGuestModeEnabled": PolicyTypeBool, - "BrowserGuestModeEnforced": PolicyTypeBool, - "BrowserLabsEnabled": PolicyTypeBool, - "BrowserNetworkTimeQueriesEnabled": PolicyTypeBool, - "BrowserSignin": PolicyTypeInt, - "BrowserSwitcherDelay": PolicyTypeInt, - "BrowserSwitcherEnabled": PolicyTypeBool, - "BrowserSwitcherExternalGreylistUrl": PolicyTypeString, - "BrowserSwitcherExternalSitelistUrl": PolicyTypeString, - "BrowserSwitcherKeepLastChromeTab": PolicyTypeBool, - "BrowserSwitcherParsingMode": PolicyTypeInt, - "BrowserSwitcherUrlGreylist": PolicyTypeListString, - "BrowserSwitcherUrlList": PolicyTypeListString, - "BrowserThemeColor": PolicyTypeString, - "BrowsingDataLifetime": PolicyTypeDict, - "BuiltInAIAPIsEnabled": PolicyTypeBool, - "BuiltInDnsClientEnabled": PolicyTypeBool, - "BuiltinCertificateVerifierEnabled": PolicyTypeBool, - "CACertificateManagementAllowed": PolicyTypeInt, - "CACertificates": PolicyTypeListString, - "CACertificatesWithConstraints": PolicyTypeDict, - "CADistrustedCertificates": PolicyTypeListString, - "CAHintCertificates": PolicyTypeListString, - "CAPlatformIntegrationEnabled": PolicyTypeBool, - "CECPQ2Enabled": PolicyTypeBool, - "CORSNonWildcardRequestHeadersSupport": PolicyTypeBool, - "CSSCustomStateDeprecatedSyntaxEnabled": PolicyTypeBool, - "CertificateTransparencyEnforcementDisabledForCas": PolicyTypeListString, - "CertificateTransparencyEnforcementDisabledForLegacyCas": PolicyTypeListString, - "CertificateTransparencyEnforcementDisabledForUrls": PolicyTypeListString, - "ChromeAppsEnabled": PolicyTypeBool, - "ChromeAppsWebViewPermissiveBehaviorAllowed": PolicyTypeBool, - "ChromeDataRegionSetting": PolicyTypeInt, - "ChromeForTestingAllowed": PolicyTypeBool, - "ChromeRootStoreEnabled": PolicyTypeBool, - "ChromeVariations": PolicyTypeInt, - "ClearBrowsingDataOnExitList": PolicyTypeListString, - "ClearSiteDataOnExit": PolicyTypeBool, - "ClickToCallEnabled": PolicyTypeBool, - "ClipboardAllowedForUrls": PolicyTypeListString, - "ClipboardBlockedForUrls": PolicyTypeListString, - "CloudExtensionRequestEnabled": PolicyTypeBool, - "CloudManagementEnrollmentMandatory": PolicyTypeBool, - "CloudManagementEnrollmentToken": PolicyTypeString, - "CloudPolicyOverridesPlatformPolicy": PolicyTypeBool, - "CloudPrintProxyEnabled": PolicyTypeBool, - "CloudPrintSubmitEnabled": PolicyTypeBool, - "CloudPrintWarningsSuppressed": PolicyTypeBool, - "CloudProfileReportingEnabled": PolicyTypeBool, - "CloudReportingEnabled": PolicyTypeBool, - "CloudReportingUploadFrequency": PolicyTypeInt, - "CloudUserPolicyMerge": PolicyTypeBool, - "CloudUserPolicyOverridesCloudMachinePolicy": PolicyTypeBool, - "CoalesceH2ConnectionsWithClientCertificatesForHosts": PolicyTypeListString, - "CommandLineFlagSecurityWarningsEnabled": PolicyTypeBool, - "ComponentUpdatesEnabled": PolicyTypeBool, - "CompressionDictionaryTransportEnabled": PolicyTypeBool, - "ContextAwareAccessSignalsAllowlist": PolicyTypeListString, - "CookiesAllowedForUrls": PolicyTypeListString, - "CookiesBlockedForUrls": PolicyTypeListString, - "CookiesSessionOnlyForUrls": PolicyTypeListString, - "CopyPreventionSettings": PolicyTypeDict, - "CorsLegacyModeEnabled": PolicyTypeBool, - "CorsMitigationList": PolicyTypeListString, - "CreateThemesSettings": PolicyTypeInt, - "CrossOriginWebAssemblyModuleSharingEnabled": PolicyTypeBool, - "DHEEnabled": PolicyTypeBool, - "DNSInterceptionChecksEnabled": PolicyTypeBool, - "DataControlsRules": PolicyTypeDict, - "DataURLWhitespacePreservationEnabled": PolicyTypeBool, - "DataUrlInSvgUseEnabled": PolicyTypeBool, - "DefaultBrowserSettingEnabled": PolicyTypeBool, - "DefaultClipboardSetting": PolicyTypeInt, - "DefaultCookiesSetting": PolicyTypeInt, - "DefaultDownloadDirectory": PolicyTypeString, - "DefaultFileHandlingGuardSetting": PolicyTypeInt, - "DefaultFileSystemReadGuardSetting": PolicyTypeInt, - "DefaultFileSystemWriteGuardSetting": PolicyTypeInt, - "DefaultGeolocationSetting": PolicyTypeInt, - "DefaultImagesSetting": PolicyTypeInt, - "DefaultInsecureContentSetting": PolicyTypeInt, - "DefaultJavaScriptJitSetting": PolicyTypeInt, - "DefaultJavaScriptOptimizerSetting": PolicyTypeInt, - "DefaultJavaScriptSetting": PolicyTypeInt, - "DefaultKeygenSetting": PolicyTypeInt, - "DefaultLocalFontsSetting": PolicyTypeInt, - "DefaultMediaStreamSetting": PolicyTypeInt, - "DefaultNotificationsSetting": PolicyTypeInt, - "DefaultPluginsSetting": PolicyTypeInt, - "DefaultPopupsSetting": PolicyTypeInt, - "DefaultPrinterSelection": PolicyTypeString, - "DefaultSearchProviderAlternateURLs": PolicyTypeListString, - "DefaultSearchProviderContextMenuAccessAllowed": PolicyTypeBool, - "DefaultSearchProviderEnabled": PolicyTypeBool, - "DefaultSearchProviderEncodings": PolicyTypeListString, - "DefaultSearchProviderIconURL": PolicyTypeString, - "DefaultSearchProviderImageURL": PolicyTypeString, - "DefaultSearchProviderImageURLPostParams": PolicyTypeString, - "DefaultSearchProviderInstantURL": PolicyTypeString, - "DefaultSearchProviderInstantURLPostParams": PolicyTypeString, - "DefaultSearchProviderKeyword": PolicyTypeString, - "DefaultSearchProviderName": PolicyTypeString, - "DefaultSearchProviderNewTabURL": PolicyTypeString, - "DefaultSearchProviderSearchTermsReplacementKey": PolicyTypeString, - "DefaultSearchProviderSearchURL": PolicyTypeString, - "DefaultSearchProviderSearchURLPostParams": PolicyTypeString, - "DefaultSearchProviderSuggestURL": PolicyTypeString, - "DefaultSearchProviderSuggestURLPostParams": PolicyTypeString, - "DefaultSensorsSetting": PolicyTypeInt, - "DefaultSerialGuardSetting": PolicyTypeInt, - "DefaultThirdPartyStoragePartitioningSetting": PolicyTypeInt, - "DefaultWebBluetoothGuardSetting": PolicyTypeInt, - "DefaultWebHidGuardSetting": PolicyTypeInt, - "DefaultWebUsbGuardSetting": PolicyTypeInt, - "DefaultWindowManagementSetting": PolicyTypeInt, - "DefaultWindowPlacementSetting": PolicyTypeInt, - "DeletingUndecryptablePasswordsEnabled": PolicyTypeBool, - "DesktopSharingHubEnabled": PolicyTypeBool, - "DevToolsGenAiSettings": PolicyTypeInt, - "DevToolsGoogleDeveloperProgramProfileAvailability": PolicyTypeInt, - "DeveloperToolsAvailability": PolicyTypeInt, - "DeveloperToolsDisabled": PolicyTypeBool, - "Disable3DAPIs": PolicyTypeBool, - "DisableAuthNegotiateCnameLookup": PolicyTypeBool, - "DisablePluginFinder": PolicyTypeBool, - "DisablePrintPreview": PolicyTypeBool, - "DisableSSLRecordSplitting": PolicyTypeBool, - "DisableSafeBrowsingProceedAnyway": PolicyTypeBool, - "DisableScreenshots": PolicyTypeBool, - "DisableSpdy": PolicyTypeBool, - "DisabledPlugins": PolicyTypeListString, - "DisabledPluginsExceptions": PolicyTypeListString, - "DisabledSchemes": PolicyTypeListString, - "DiskCacheDir": PolicyTypeString, - "DiskCacheSize": PolicyTypeInt, - "DisplayCapturePermissionsPolicyEnabled": PolicyTypeBool, - "DnsOverHttpsMode": PolicyTypeString, - "DnsOverHttpsTemplates": PolicyTypeString, - "DnsPrefetchingEnabled": PolicyTypeBool, - "DomainReliabilityAllowed": PolicyTypeBool, - "DownloadBubbleEnabled": PolicyTypeBool, - "DownloadDirectory": PolicyTypeString, - "DownloadRestrictions": PolicyTypeInt, - "EditBookmarksEnabled": PolicyTypeBool, - "EnableAuthNegotiatePort": PolicyTypeBool, - "EnableCommonNameFallbackForLocalAnchors": PolicyTypeBool, - "EnableDeprecatedPrivetPrinting": PolicyTypeBool, - "EnableDeprecatedWebBasedSignin": PolicyTypeBool, - "EnableDeprecatedWebPlatformFeatures": PolicyTypeListString, - "EnableExperimentalPolicies": PolicyTypeListString, - "EnableMediaRouter": PolicyTypeBool, - "EnableOnlineRevocationChecks": PolicyTypeBool, - "EnableProxyOverrideRulesForAllUsers": PolicyTypeInt, - "EnableSha1ForLocalAnchors": PolicyTypeBool, - "EnableSymantecLegacyInfrastructure": PolicyTypeBool, - "EnableUnsafeSwiftShader": PolicyTypeBool, - "EnabledPlugins": PolicyTypeListString, - "EncryptedClientHelloEnabled": PolicyTypeBool, - "EnforceLocalAnchorConstraintsEnabled": PolicyTypeBool, - "EnterpriseBadgingTemporarySetting": PolicyTypeInt, - "EnterpriseCustomLabel": PolicyTypeString, - "EnterpriseCustomLabelForBrowser": PolicyTypeString, - "EnterpriseHardwarePlatformAPIEnabled": PolicyTypeBool, - "EnterpriseLogoUrl": PolicyTypeString, - "EnterpriseLogoUrlForBrowser": PolicyTypeString, - "EnterpriseProfileBadgeToolbarSettings": PolicyTypeInt, - "EnterpriseProfileCreationKeepBrowsingData": PolicyTypeBool, - "EnterpriseRealTimeUrlCheckMode": PolicyTypeInt, - "EnterpriseSearchAggregatorSettings": PolicyTypeDict, - "EnterpriseWebStoreName": PolicyTypeString, - "EnterpriseWebStoreURL": PolicyTypeString, - "EventPathEnabled": PolicyTypeBool, - "ExemptDomainFileTypePairsFromFileTypeDownloadWarnings": PolicyTypeDict, - "ExplicitlyAllowedNetworkPorts": PolicyTypeListString, - "ExtensionAllowInsecureUpdates": PolicyTypeBool, - "ExtensionAllowedTypes": PolicyTypeListString, - "ExtensionDeveloperModeSettings": PolicyTypeInt, - "ExtensionExtendedBackgroundLifetimeForPortConnectionsToUrls": PolicyTypeListString, - "ExtensionInstallAllowlist": PolicyTypeListString, - "ExtensionInstallBlacklist": PolicyTypeListString, - "ExtensionInstallBlocklist": PolicyTypeListString, - "ExtensionInstallCloudPolicyChecksEnabled": PolicyTypeBool, - "ExtensionInstallForcelist": PolicyTypeListString, - "ExtensionInstallSources": PolicyTypeListString, - "ExtensionInstallTypeBlocklist": PolicyTypeListString, - "ExtensionInstallWhitelist": PolicyTypeListString, - "ExtensionManifestV2Availability": PolicyTypeInt, - "ExtensionSettings": PolicyTypeDict, - "ExtensionUnpublishedAvailability": PolicyTypeInt, - "ExternalProtocolDialogShowAlwaysOpenCheckbox": PolicyTypeBool, - "FeedbackSurveysEnabled": PolicyTypeBool, - "FetchKeepaliveDurationSecondsOnShutdown": PolicyTypeInt, - "FileHandlingAllowedForUrls": PolicyTypeListString, - "FileHandlingBlockedForUrls": PolicyTypeListString, - "FileOrDirectoryPickerWithoutGestureAllowedForOrigins": PolicyTypeListString, - "FileSystemReadAskForUrls": PolicyTypeListString, - "FileSystemReadBlockedForUrls": PolicyTypeListString, - "FileSystemSyncAccessHandleAsyncInterfaceEnabled": PolicyTypeBool, - "FileSystemWriteAskForUrls": PolicyTypeListString, - "FileSystemWriteBlockedForUrls": PolicyTypeListString, - "FirstPartySetsEnabled": PolicyTypeBool, - "FirstPartySetsOverrides": PolicyTypeDict, - "ForceBrowserSignin": PolicyTypeBool, - "ForceEnablePepperVideoDecoderDevAPI": PolicyTypeBool, - "ForceEphemeralProfiles": PolicyTypeBool, - "ForceGoogleSafeSearch": PolicyTypeBool, - "ForceLegacyDefaultReferrerPolicy": PolicyTypeBool, - "ForceMajorVersionToMinorPositionInUserAgent": PolicyTypeInt, - "ForcePermissionPolicyUnloadDefaultEnabled": PolicyTypeBool, - "ForceSafeSearch": PolicyTypeBool, - "ForceYouTubeRestrict": PolicyTypeInt, - "ForceYouTubeSafetyMode": PolicyTypeBool, - "ForcedLanguages": PolicyTypeListString, - "FullscreenAllowed": PolicyTypeBool, - "GSSAPILibraryName": PolicyTypeString, - "GeminiActOnWebSettings": PolicyTypeInt, - "GenAILocalFoundationalModelSettings": PolicyTypeInt, - "GenAiDefaultSettings": PolicyTypeInt, - "GeolocationBlockedForUrls": PolicyTypeListString, - "GetDisplayMediaSetSelectAllScreensAllowedForUrls": PolicyTypeListString, - "GloballyScopeHTTPAuthCacheEnabled": PolicyTypeBool, - "GoogleSearchSidePanelEnabled": PolicyTypeBool, - "HSTSPolicyBypassList": PolicyTypeListString, - "HappyEyeballsV3Enabled": PolicyTypeBool, - "HardwareAccelerationModeEnabled": PolicyTypeBool, - "HeadlessMode": PolicyTypeInt, - "HelpMeWriteSettings": PolicyTypeInt, - "HideWebStoreIcon": PolicyTypeBool, - "HideWebStorePromo": PolicyTypeBool, - "HighEfficiencyModeEnabled": PolicyTypeBool, - "HistoryClustersVisible": PolicyTypeBool, - "HistorySearchSettings": PolicyTypeInt, - "HomepageIsNewTabPage": PolicyTypeBool, - "HomepageLocation": PolicyTypeString, - "Http09OnNonDefaultPortsEnabled": PolicyTypeBool, - "HttpAllowlist": PolicyTypeListString, - "HttpsOnlyMode": PolicyTypeString, - "HttpsUpgradesEnabled": PolicyTypeBool, - "IPv6ReachabilityOverrideEnabled": PolicyTypeBool, - "IdleTimeout": PolicyTypeInt, - "IdleTimeoutActions": PolicyTypeListString, - "ImagesAllowedForUrls": PolicyTypeListString, - "ImagesBlockedForUrls": PolicyTypeListString, - "ImportAutofillFormData": PolicyTypeBool, - "ImportBookmarks": PolicyTypeBool, - "ImportHistory": PolicyTypeBool, - "ImportHomepage": PolicyTypeBool, - "ImportSavedPasswords": PolicyTypeBool, - "ImportSearchEngine": PolicyTypeBool, - "IncognitoEnabled": PolicyTypeBool, - "IncognitoModeAvailability": PolicyTypeInt, - "InsecureContentAllowedForUrls": PolicyTypeListString, - "InsecureContentBlockedForUrls": PolicyTypeListString, - "InsecureFormsWarningsEnabled": PolicyTypeBool, - "InsecureHashesInTLSHandshakesEnabled": PolicyTypeBool, - "InsecurePrivateNetworkRequestsAllowed": PolicyTypeBool, - "InsecurePrivateNetworkRequestsAllowedForUrls": PolicyTypeListString, - "InstantEnabled": PolicyTypeBool, - "IntensiveWakeUpThrottlingEnabled": PolicyTypeBool, - "IntranetRedirectBehavior": PolicyTypeInt, - "IsolateOrigins": PolicyTypeString, - "JavaScriptAllowedForUrls": PolicyTypeListString, - "JavaScriptBlockedForUrls": PolicyTypeListString, - "JavaScriptJitAllowedForSites": PolicyTypeListString, - "JavaScriptJitBlockedForSites": PolicyTypeListString, - "JavaScriptOptimizerAllowedForSites": PolicyTypeListString, - "JavaScriptOptimizerBlockedForSites": PolicyTypeListString, - "JavascriptEnabled": PolicyTypeBool, - "KeyboardFocusableScrollersEnabled": PolicyTypeBool, - "KeygenAllowedForUrls": PolicyTypeListString, - "KeygenBlockedForUrls": PolicyTypeListString, - "LacrosSecondaryProfilesAllowed": PolicyTypeBool, - "LegacySameSiteCookieBehaviorEnabled": PolicyTypeInt, - "LegacySameSiteCookieBehaviorEnabledForDomainList": PolicyTypeListString, - "LegacyTechReportAllowlist": PolicyTypeListString, - "LensDesktopNTPSearchEnabled": PolicyTypeBool, - "LensOverlaySettings": PolicyTypeInt, - "LensRegionSearchEnabled": PolicyTypeBool, - "LiveCaptionEnabled": PolicyTypeBool, - "LiveTranslateEnabled": PolicyTypeBool, - "LoadCryptoTokenExtension": PolicyTypeBool, - "LocalDiscoveryEnabled": PolicyTypeBool, - "LocalFontsAllowedForUrls": PolicyTypeListString, - "LocalFontsBlockedForUrls": PolicyTypeListString, - "LocalNetworkAccessAllowedForUrls": PolicyTypeListString, - "LocalNetworkAccessBlockedForUrls": PolicyTypeListString, - "LocalNetworkAccessRestrictionsEnabled": PolicyTypeBool, - "LocalNetworkAccessRestrictionsTemporaryOptOut": PolicyTypeBool, - "LockIconInAddressBarEnabled": PolicyTypeBool, - "LookalikeWarningAllowlistDomains": PolicyTypeListString, - "MachineLevelUserCloudPolicyEnrollmentToken": PolicyTypeString, - "ManagedAccountsSigninRestriction": PolicyTypeString, - "ManagedBookmarks": PolicyTypeDict, - "ManagedConfigurationPerOrigin": PolicyTypeDict, - "MaxConnectionsPerProxy": PolicyTypeInt, - "MaxInvalidationFetchDelay": PolicyTypeInt, - "MediaCacheSize": PolicyTypeInt, - "MediaRecommendationsEnabled": PolicyTypeBool, - "MediaRouterCastAllowAllIPs": PolicyTypeBool, - "MemorySaverModeSavings": PolicyTypeInt, - "MetricsReportingEnabled": PolicyTypeBool, - "MutationEventsEnabled": PolicyTypeBool, - "NTPCardsVisible": PolicyTypeBool, - "NTPCustomBackgroundEnabled": PolicyTypeBool, - "NTPFooterExtensionAttributionEnabled": PolicyTypeBool, - "NTPFooterManagementNoticeEnabled": PolicyTypeBool, - "NTPMiddleSlotAnnouncementVisible": PolicyTypeBool, - "NTPOutlookCardVisible": PolicyTypeBool, - "NTPSharepointCardVisible": PolicyTypeBool, - "NTPShortcuts": PolicyTypeDict, - "NativeClientForceAllowed": PolicyTypeBool, - "NativeMessagingAllowlist": PolicyTypeListString, - "NativeMessagingBlacklist": PolicyTypeListString, - "NativeMessagingBlocklist": PolicyTypeListString, - "NativeMessagingUserLevelHosts": PolicyTypeBool, - "NativeMessagingWhitelist": PolicyTypeListString, - "NetworkPredictionOptions": PolicyTypeInt, - "NetworkServiceSandboxEnabled": PolicyTypeBool, - "NewBaseUrlInheritanceBehaviorAllowed": PolicyTypeBool, - "NewTabPageLocation": PolicyTypeString, - "NotificationsAllowedForUrls": PolicyTypeListString, - "NotificationsBlockedForUrls": PolicyTypeListString, - "NtlmV2Enabled": PolicyTypeBool, - "OffsetParentNewSpecBehaviorEnabled": PolicyTypeBool, - "OnBulkDataEntryEnterpriseConnector": PolicyTypeDict, - "OnFileAttachedEnterpriseConnector": PolicyTypeDict, - "OnFileDownloadedEnterpriseConnector": PolicyTypeDict, - "OnPrintEnterpriseConnector": PolicyTypeDict, - "OnSecurityEventEnterpriseConnector": PolicyTypeDict, - "OopPrintDriversAllowed": PolicyTypeBool, - "OptimizationGuideFetchingEnabled": PolicyTypeBool, - "OriginAgentClusterDefaultEnabled": PolicyTypeBool, - "OriginKeyedProcessesEnabled": PolicyTypeBool, - "OutOfProcessSystemDnsResolutionEnabled": PolicyTypeBool, - "OverrideSecurityRestrictionsOnInsecureOrigin": PolicyTypeListString, - "PPAPISharedImagesSwapChainAllowed": PolicyTypeBool, - "PacHttpsUrlStrippingEnabled": PolicyTypeBool, - "PartitionedBlobUrlUsage": PolicyTypeBool, - "PasswordDismissCompromisedAlertEnabled": PolicyTypeBool, - "PasswordLeakDetectionEnabled": PolicyTypeBool, - "PasswordManagerAllowShowPasswords": PolicyTypeBool, - "PasswordManagerBlocklist": PolicyTypeListString, - "PasswordManagerEnabled": PolicyTypeBool, - "PasswordManagerPasskeysEnabled": PolicyTypeBool, - "PasswordProtectionChangePasswordURL": PolicyTypeString, - "PasswordProtectionLoginURLs": PolicyTypeListString, - "PasswordProtectionWarningTrigger": PolicyTypeInt, - "PasswordSharingEnabled": PolicyTypeBool, - "PaymentMethodQueryEnabled": PolicyTypeBool, - "PdfAnnotationsEnabled": PolicyTypeBool, - "PdfLocalFileAccessAllowedForDomains": PolicyTypeListString, - "PdfUseSkiaRendererEnabled": PolicyTypeBool, - "PdfViewerOutOfProcessIframeEnabled": PolicyTypeBool, - "PersistentQuotaEnabled": PolicyTypeBool, - "PluginsAllowedForUrls": PolicyTypeListString, - "PluginsBlockedForUrls": PolicyTypeListString, - "PolicyAtomicGroupsEnabled": PolicyTypeBool, - "PolicyDictionaryMultipleSourceMergeList": PolicyTypeListString, - "PolicyListMultipleSourceMergeList": PolicyTypeListString, - "PolicyRefreshRate": PolicyTypeInt, - "PopupsAllowedForUrls": PolicyTypeListString, - "PopupsBlockedForUrls": PolicyTypeListString, - "PostQuantumKeyAgreementEnabled": PolicyTypeBool, - "PreciseGeolocationAllowedForUrls": PolicyTypeListString, - "PrefetchWithServiceWorkerEnabled": PolicyTypeBool, - "PrefixedStorageInfoEnabled": PolicyTypeBool, - "PrefixedVideoFullscreenApiAvailability": PolicyTypeString, - "PrintHeaderFooter": PolicyTypeBool, - "PrintPdfAsImageDefault": PolicyTypeBool, - "PrintPreviewUseSystemDefaultPrinter": PolicyTypeBool, - "PrintRasterizePdfDpi": PolicyTypeInt, - "PrinterTypeDenyList": PolicyTypeListString, - "PrintingAllowedBackgroundGraphicsModes": PolicyTypeString, - "PrintingBackgroundGraphicsDefault": PolicyTypeString, - "PrintingEnabled": PolicyTypeBool, - "PrintingPaperSizeDefault": PolicyTypeDict, - "PrivacySandboxAdMeasurementEnabled": PolicyTypeBool, - "PrivacySandboxAdTopicsEnabled": PolicyTypeBool, - "PrivacySandboxFingerprintingProtectionEnabled": PolicyTypeBool, - "PrivacySandboxIpProtectionEnabled": PolicyTypeBool, - "PrivacySandboxPromptEnabled": PolicyTypeBool, - "PrivacySandboxSiteEnabledAdsEnabled": PolicyTypeBool, - "PrivateNetworkAccessRestrictionsEnabled": PolicyTypeBool, - "ProfileLabel": PolicyTypeInt, - "ProfilePickerOnStartupAvailability": PolicyTypeInt, - "ProfileReauthPrompt": PolicyTypeInt, - "ProfileSeparationDataMigrationSettings": PolicyTypeInt, - "ProfileSeparationDomainExceptionList": PolicyTypeListString, - "ProfileSeparationSettings": PolicyTypeInt, - "PromotionalTabsEnabled": PolicyTypeBool, - "PromotionsEnabled": PolicyTypeBool, - "PromptForDownloadLocation": PolicyTypeBool, - "PromptOnMultipleMatchingCertificates": PolicyTypeBool, - "ProvisionManagedClientCertificateForBrowser": PolicyTypeInt, - "ProvisionManagedClientCertificateForUser": PolicyTypeInt, - "ProxyBypassList": PolicyTypeString, - "ProxyMode": PolicyTypeString, - "ProxyOverrideRules": PolicyTypeDict, - "ProxyPacUrl": PolicyTypeString, - "ProxyServer": PolicyTypeString, - "ProxyServerMode": PolicyTypeInt, - "ProxySettings": PolicyTypeDict, - "QRCodeGeneratorEnabled": PolicyTypeBool, - "QuicAllowed": PolicyTypeBool, - "RC4Enabled": PolicyTypeBool, - "RSAKeyUsageForLocalAnchorsEnabled": PolicyTypeBool, - "ReduceAcceptLanguageEnabled": PolicyTypeBool, - "RegisteredProtocolHandlers": PolicyTypeDict, - "RelatedWebsiteSetsEnabled": PolicyTypeBool, - "RelatedWebsiteSetsOverrides": PolicyTypeDict, - "RelaunchFastIfOutdated": PolicyTypeInt, - "RelaunchNotification": PolicyTypeInt, - "RelaunchNotificationPeriod": PolicyTypeInt, - "RelaunchWindow": PolicyTypeDict, - "RemoteAccessClientFirewallTraversal": PolicyTypeBool, - "RemoteAccessHostAllowClientPairing": PolicyTypeBool, - "RemoteAccessHostAllowFileTransfer": PolicyTypeBool, - "RemoteAccessHostAllowGnubbyAuth": PolicyTypeBool, - "RemoteAccessHostAllowPinAuthentication": PolicyTypeBool, - "RemoteAccessHostAllowRelayedConnection": PolicyTypeBool, - "RemoteAccessHostAllowRemoteAccessConnections": PolicyTypeBool, - "RemoteAccessHostAllowRemoteSupportConnections": PolicyTypeBool, - "RemoteAccessHostAllowUrlForwarding": PolicyTypeBool, - "RemoteAccessHostClientDomain": PolicyTypeString, - "RemoteAccessHostClientDomainList": PolicyTypeListString, - "RemoteAccessHostClipboardSizeBytes": PolicyTypeInt, - "RemoteAccessHostDebugOverridePolicies": PolicyTypeString, - "RemoteAccessHostDomain": PolicyTypeString, - "RemoteAccessHostDomainList": PolicyTypeListString, - "RemoteAccessHostEnableUserInterface": PolicyTypeBool, - "RemoteAccessHostFirewallTraversal": PolicyTypeBool, - "RemoteAccessHostMatchUsername": PolicyTypeBool, - "RemoteAccessHostMaximumSessionDurationMinutes": PolicyTypeInt, - "RemoteAccessHostRequireCurtain": PolicyTypeBool, - "RemoteAccessHostRequireTwoFactor": PolicyTypeBool, - "RemoteAccessHostTalkGadgetPrefix": PolicyTypeString, - "RemoteAccessHostTokenUrl": PolicyTypeString, - "RemoteAccessHostTokenValidationCertificateIssuer": PolicyTypeString, - "RemoteAccessHostTokenValidationUrl": PolicyTypeString, - "RemoteAccessHostUdpPortRange": PolicyTypeString, - "RemoteDebuggingAllowed": PolicyTypeBool, - "ReportSafeBrowsingData": PolicyTypeBool, - "RequireOnlineRevocationChecksForLocalAnchors": PolicyTypeBool, - "RestoreOnStartup": PolicyTypeInt, - "RestoreOnStartupURLs": PolicyTypeListString, - "RestrictPdfSaveToGoogleDriveAccountsToPattern": PolicyTypeString, - "RestrictSigninToPattern": PolicyTypeString, - "RoamingProfileLocation": PolicyTypeString, - "RoamingProfileSupportEnabled": PolicyTypeBool, - "RunAllFlashInAllowMode": PolicyTypeBool, - "SSLErrorOverrideAllowed": PolicyTypeBool, - "SSLErrorOverrideAllowedForOrigins": PolicyTypeListString, - "SSLVersionFallbackMin": PolicyTypeString, - "SSLVersionMax": PolicyTypeString, - "SSLVersionMin": PolicyTypeString, - "SafeBrowsingAllowlistDomains": PolicyTypeListString, - "SafeBrowsingDeepScanningEnabled": PolicyTypeBool, - "SafeBrowsingEnabled": PolicyTypeBool, - "SafeBrowsingExtendedReportingEnabled": PolicyTypeBool, - "SafeBrowsingExtendedReportingOptInAllowed": PolicyTypeBool, - "SafeBrowsingProtectionLevel": PolicyTypeInt, - "SafeBrowsingProxiedRealTimeChecksAllowed": PolicyTypeBool, - "SafeBrowsingSurveysEnabled": PolicyTypeBool, - "SafeBrowsingWhitelistDomains": PolicyTypeListString, - "SafeSitesFilterBehavior": PolicyTypeInt, - "SameOriginTabCaptureAllowedByOrigins": PolicyTypeListString, - "SandboxExternalProtocolBlocked": PolicyTypeBool, - "SavingBrowserHistoryDisabled": PolicyTypeBool, - "ScreenCaptureAllowed": PolicyTypeBool, - "ScreenCaptureAllowedByOrigins": PolicyTypeListString, - "ScreenCaptureWithoutGestureAllowedForOrigins": PolicyTypeListString, - "ScrollToTextFragmentEnabled": PolicyTypeBool, - "SearchContentSharingSettings": PolicyTypeInt, - "SearchSuggestEnabled": PolicyTypeBool, - "SecurityKeyPermitAttestation": PolicyTypeListString, - "SelectParserRelaxationEnabled": PolicyTypeBool, - "SendMouseEventsDisabledFormControlsEnabled": PolicyTypeBool, - "SensorsAllowedForUrls": PolicyTypeListString, - "SensorsBlockedForUrls": PolicyTypeListString, - "SerialAllowAllPortsForUrls": PolicyTypeListString, - "SerialAllowUsbDevicesForUrls": PolicyTypeDict, - "SerialAskForUrls": PolicyTypeListString, - "SerialBlockedForUrls": PolicyTypeListString, - "ServiceWorkerAutoPreloadEnabled": PolicyTypeBool, - "ServiceWorkerToControlSrcdocIframeEnabled": PolicyTypeBool, - "SetTimeoutWithout1MsClampEnabled": PolicyTypeBool, - "SharedArrayBufferUnrestrictedAccessAllowed": PolicyTypeBool, - "SharedClipboardEnabled": PolicyTypeBool, - "SharedWorkerBlobURLFixEnabled": PolicyTypeBool, - "ShoppingListEnabled": PolicyTypeBool, - "ShowAppsShortcutInBookmarkBar": PolicyTypeBool, - "ShowCastIconInToolbar": PolicyTypeBool, - "ShowCastSessionsStartedByOtherDevices": PolicyTypeBool, - "ShowFullUrlsInAddressBar": PolicyTypeBool, - "ShowHomeButton": PolicyTypeBool, - "SideSearchEnabled": PolicyTypeBool, - "SignedHTTPExchangeEnabled": PolicyTypeBool, - "SigninAllowed": PolicyTypeBool, - "SigninInterceptionEnabled": PolicyTypeBool, - "SilentPrintingEnabled": PolicyTypeBool, - "SitePerProcess": PolicyTypeBool, - "SiteSearchSettings": PolicyTypeDict, - "SpellCheckServiceEnabled": PolicyTypeBool, - "SpellcheckEnabled": PolicyTypeBool, - "SpellcheckLanguage": PolicyTypeListString, - "SpellcheckLanguageBlacklist": PolicyTypeListString, - "SpellcheckLanguageBlocklist": PolicyTypeListString, - "StandardizedBrowserZoomEnabled": PolicyTypeBool, - "StaticStorageQuotaEnabled": PolicyTypeBool, - "StrictMimetypeCheckForWorkerScriptsEnabled": PolicyTypeBool, - "StricterMixedContentTreatmentEnabled": PolicyTypeBool, - "SupervisedUserCreationEnabled": PolicyTypeBool, - "SuppressDifferentOriginSubframeDialogs": PolicyTypeBool, - "SuppressUnsupportedOSWarning": PolicyTypeBool, - "SyncDisabled": PolicyTypeBool, - "SyncTypesListDisabled": PolicyTypeListString, - "TLS13EarlyDataEnabled": PolicyTypeBool, - "TLS13HardeningForLocalAnchorsEnabled": PolicyTypeBool, - "TabCaptureAllowedByOrigins": PolicyTypeListString, - "TabCompareSettings": PolicyTypeInt, - "TabDiscardingExceptions": PolicyTypeListString, - "TabFreezingEnabled": PolicyTypeBool, - "TabGroupSharingSettings": PolicyTypeInt, - "TabOrganizerSettings": PolicyTypeInt, - "TabUnderAllowed": PolicyTypeBool, - "TargetBlankImpliesNoOpener": PolicyTypeBool, - "TaskManagerEndProcessEnabled": PolicyTypeBool, - "ThirdPartyStoragePartitioningBlockedForOrigins": PolicyTypeListString, - "ThrottleNonVisibleCrossOriginIframesAllowed": PolicyTypeBool, - "ToolbarAvatarLabelSettings": PolicyTypeInt, - "TranslateEnabled": PolicyTypeBool, - "TranslatorAPIAllowed": PolicyTypeBool, - "TripleDESEnabled": PolicyTypeBool, - "U2fSecurityKeyApiEnabled": PolicyTypeBool, - "URLAllowlist": PolicyTypeListString, - "URLBlacklist": PolicyTypeListString, - "URLBlocklist": PolicyTypeListString, - "URLWhitelist": PolicyTypeListString, - "UnmanagedDeviceSignalsConsentFlowEnabled": PolicyTypeBool, - "UnsafelyTreatInsecureOriginAsSecure": PolicyTypeListString, - "UnthrottledNestedTimeoutEnabled": PolicyTypeBool, - "UrlKeyedAnonymizedDataCollectionEnabled": PolicyTypeBool, - "UrlParamFilterEnabled": PolicyTypeBool, - "UseLegacyFormControls": PolicyTypeBool, - "UseMojoVideoDecoderForPepperAllowed": PolicyTypeBool, - "UserAgentClientHintsEnabled": PolicyTypeBool, - "UserAgentClientHintsGREASEUpdateEnabled": PolicyTypeBool, - "UserAgentReduction": PolicyTypeInt, - "UserContextAwareAccessSignalsAllowlist": PolicyTypeListString, - "UserDataSnapshotRetentionLimit": PolicyTypeInt, - "UserFeedbackAllowed": PolicyTypeBool, - "UserSecurityAuthenticatedReporting": PolicyTypeBool, - "UserSecuritySignalsReporting": PolicyTypeBool, - "VariationsRestrictParameter": PolicyTypeString, - "VideoCaptureAllowed": PolicyTypeBool, - "VideoCaptureAllowedUrls": PolicyTypeListString, - "WPADQuickCheckEnabled": PolicyTypeBool, - "WatermarkStyle": PolicyTypeDict, - "WebAppInstallByUserEnabled": PolicyTypeBool, - "WebAppInstallForceList": PolicyTypeDict, - "WebAppSettings": PolicyTypeDict, - "WebAudioOutputBufferingEnabled": PolicyTypeBool, - "WebAuthenticationRemoteDesktopAllowedOrigins": PolicyTypeListString, - "WebAuthenticationRemoteProxiedRequestsAllowed": PolicyTypeBool, - "WebComponentsV0Enabled": PolicyTypeBool, - "WebDriverOverridesIncompatiblePolicies": PolicyTypeBool, - "WebHidAllowAllDevicesForUrls": PolicyTypeListString, - "WebHidAllowDevicesForUrls": PolicyTypeDict, - "WebHidAllowDevicesWithHidUsagesForUrls": PolicyTypeDict, - "WebHidAskForUrls": PolicyTypeListString, - "WebHidBlockedForUrls": PolicyTypeListString, - "WebRtcAllowLegacyTLSProtocols": PolicyTypeBool, - "WebRtcEventLogCollectionAllowed": PolicyTypeBool, - "WebRtcIPHandling": PolicyTypeString, - "WebRtcIPHandlingUrl": PolicyTypeDict, - "WebRtcLocalIpsAllowedUrls": PolicyTypeListString, - "WebRtcPostQuantumKeyAgreement": PolicyTypeBool, - "WebRtcTextLogCollectionAllowed": PolicyTypeBool, - "WebRtcUdpPortRange": PolicyTypeString, - "WebSQLAccess": PolicyTypeBool, - "WebSQLInThirdPartyContextEnabled": PolicyTypeBool, - "WebSQLNonSecureContextEnabled": PolicyTypeBool, - "WebUsbAllowDevicesForUrls": PolicyTypeDict, - "WebUsbAskForUrls": PolicyTypeListString, - "WebUsbBlockedForUrls": PolicyTypeListString, - "WindowCaptureAllowedByOrigins": PolicyTypeListString, - "WindowManagementAllowedForUrls": PolicyTypeListString, - "WindowManagementBlockedForUrls": PolicyTypeListString, - "WindowPlacementAllowedForUrls": PolicyTypeListString, - "WindowPlacementBlockedForUrls": PolicyTypeListString, - "ZstdContentEncodingEnabled": PolicyTypeBool, + "AIModeSettings": PolicyTypeInt, + "AbusiveExperienceInterventionEnforce": PolicyTypeBool, + "AccessCodeCastDeviceDuration": PolicyTypeInt, + "AccessCodeCastEnabled": PolicyTypeBool, + "AccessControlAllowMethodsInCORSPreflightSpecConformant": PolicyTypeBool, + "AccessibilityImageLabelsEnabled": PolicyTypeBool, + "AdditionalDnsQueryTypesEnabled": PolicyTypeBool, + "AdsSettingForIntrusiveAdsSites": PolicyTypeInt, + "AdvancedProtectionAllowed": PolicyTypeBool, + "AdvancedProtectionDeepScanningEnabled": PolicyTypeBool, + "AllHttpAuthSchemesAllowedForOrigins": PolicyTypeListString, + "AllowBackForwardCacheForCacheControlNoStorePageEnabled": PolicyTypeBool, + "AllowCrossOriginAuthPrompt": PolicyTypeBool, + "AllowDeletingBrowserHistory": PolicyTypeBool, + "AllowDinosaurEasterEgg": PolicyTypeBool, + "AllowFileSelectionDialogs": PolicyTypeBool, + "AllowNativeNotifications": PolicyTypeBool, + "AllowOutdatedPlugins": PolicyTypeBool, + "AllowPopupsDuringPageUnload": PolicyTypeBool, + "AllowSyncXHRInPageDismissal": PolicyTypeBool, + "AllowSystemNotifications": PolicyTypeBool, + "AllowWebAuthnWithBrokenTlsCerts": PolicyTypeBool, + "AllowedDomainsForApps": PolicyTypeString, + "AlternateErrorPagesEnabled": PolicyTypeBool, + "AlternativeBrowserParameters": PolicyTypeListString, + "AlternativeBrowserPath": PolicyTypeString, + "AlwaysAuthorizePlugins": PolicyTypeBool, + "AlwaysOpenPdfExternally": PolicyTypeBool, + "AmbientAuthenticationInPrivateModesEnabled": PolicyTypeInt, + "AppCacheForceEnabled": PolicyTypeBool, + "AssistantWebEnabled": PolicyTypeBool, + "AudioCaptureAllowed": PolicyTypeBool, + "AudioCaptureAllowedUrls": PolicyTypeListString, + "AudioSandboxEnabled": PolicyTypeBool, + "AuthNegotiateDelegateAllowlist": PolicyTypeString, + "AuthNegotiateDelegateByKdcPolicy": PolicyTypeBool, + "AuthNegotiateDelegateWhitelist": PolicyTypeString, + "AuthSchemes": PolicyTypeString, + "AuthServerAllowlist": PolicyTypeString, + "AuthServerWhitelist": PolicyTypeString, + "AutoFillEnabled": PolicyTypeBool, + "AutoLaunchProtocolsFromOrigins": PolicyTypeDict, + "AutoOpenAllowedForURLs": PolicyTypeListString, + "AutoOpenFileTypes": PolicyTypeListString, + "AutoSelectCertificateForUrls": PolicyTypeListString, + "AutofillAddressEnabled": PolicyTypeBool, + "AutofillCreditCardEnabled": PolicyTypeBool, + "AutofillPredictionSettings": PolicyTypeInt, + "AutomatedPasswordChangeSettings": PolicyTypeInt, + "AutomaticFullscreenAllowedForUrls": PolicyTypeListString, + "AutomaticFullscreenBlockedForUrls": PolicyTypeListString, + "AutoplayAllowed": PolicyTypeBool, + "AutoplayAllowlist": PolicyTypeListString, + "AutoplayWhitelist": PolicyTypeListString, + "BackgroundModeEnabled": PolicyTypeBool, + "BasicAuthOverHttpEnabled": PolicyTypeBool, + "BatterySaverModeAvailability": PolicyTypeInt, + "BeforeunloadEventCancelByPreventDefaultEnabled": PolicyTypeBool, + "BlockExternalExtensions": PolicyTypeBool, + "BlockThirdPartyCookies": PolicyTypeBool, + "BlockTruncatedCookies": PolicyTypeBool, + "BookmarkBarEnabled": PolicyTypeBool, + "BrowserAddPersonEnabled": PolicyTypeBool, + "BrowserContextAwareAccessSignalsAllowlist": PolicyTypeListString, + "BrowserGuestModeEnabled": PolicyTypeBool, + "BrowserGuestModeEnforced": PolicyTypeBool, + "BrowserLabsEnabled": PolicyTypeBool, + "BrowserNetworkTimeQueriesEnabled": PolicyTypeBool, + "BrowserSignin": PolicyTypeInt, + "BrowserSwitcherDelay": PolicyTypeInt, + "BrowserSwitcherEnabled": PolicyTypeBool, + "BrowserSwitcherExternalGreylistUrl": PolicyTypeString, + "BrowserSwitcherExternalSitelistUrl": PolicyTypeString, + "BrowserSwitcherKeepLastChromeTab": PolicyTypeBool, + "BrowserSwitcherParsingMode": PolicyTypeInt, + "BrowserSwitcherUrlGreylist": PolicyTypeListString, + "BrowserSwitcherUrlList": PolicyTypeListString, + "BrowserThemeColor": PolicyTypeString, + "BrowsingDataLifetime": PolicyTypeDict, + "BuiltInAIAPIsEnabled": PolicyTypeBool, + "BuiltInDnsClientEnabled": PolicyTypeBool, + "BuiltinCertificateVerifierEnabled": PolicyTypeBool, + "CACertificateManagementAllowed": PolicyTypeInt, + "CACertificates": PolicyTypeListString, + "CACertificatesWithConstraints": PolicyTypeDict, + "CADistrustedCertificates": PolicyTypeListString, + "CAHintCertificates": PolicyTypeListString, + "CAPlatformIntegrationEnabled": PolicyTypeBool, + "CECPQ2Enabled": PolicyTypeBool, + "CORSNonWildcardRequestHeadersSupport": PolicyTypeBool, + "CSSCustomStateDeprecatedSyntaxEnabled": PolicyTypeBool, + "CertificateTransparencyEnforcementDisabledForCas": PolicyTypeListString, + "CertificateTransparencyEnforcementDisabledForLegacyCas": PolicyTypeListString, + "CertificateTransparencyEnforcementDisabledForUrls": PolicyTypeListString, + "ChromeAppsEnabled": PolicyTypeBool, + "ChromeAppsWebViewPermissiveBehaviorAllowed": PolicyTypeBool, + "ChromeDataRegionSetting": PolicyTypeInt, + "ChromeForTestingAllowed": PolicyTypeBool, + "ChromeRootStoreEnabled": PolicyTypeBool, + "ChromeVariations": PolicyTypeInt, + "ClearBrowsingDataOnExitList": PolicyTypeListString, + "ClearSiteDataOnExit": PolicyTypeBool, + "ClickToCallEnabled": PolicyTypeBool, + "ClipboardAllowedForUrls": PolicyTypeListString, + "ClipboardBlockedForUrls": PolicyTypeListString, + "CloudExtensionRequestEnabled": PolicyTypeBool, + "CloudManagementEnrollmentMandatory": PolicyTypeBool, + "CloudManagementEnrollmentToken": PolicyTypeString, + "CloudPolicyOverridesPlatformPolicy": PolicyTypeBool, + "CloudPrintProxyEnabled": PolicyTypeBool, + "CloudPrintSubmitEnabled": PolicyTypeBool, + "CloudPrintWarningsSuppressed": PolicyTypeBool, + "CloudProfileReportingEnabled": PolicyTypeBool, + "CloudReportingEnabled": PolicyTypeBool, + "CloudReportingUploadFrequency": PolicyTypeInt, + "CloudUserPolicyMerge": PolicyTypeBool, + "CloudUserPolicyOverridesCloudMachinePolicy": PolicyTypeBool, + "CoalesceH2ConnectionsWithClientCertificatesForHosts": PolicyTypeListString, + "CommandLineFlagSecurityWarningsEnabled": PolicyTypeBool, + "ComponentUpdatesEnabled": PolicyTypeBool, + "CompressionDictionaryTransportEnabled": PolicyTypeBool, + "ContextAwareAccessSignalsAllowlist": PolicyTypeListString, + "CookiesAllowedForUrls": PolicyTypeListString, + "CookiesBlockedForUrls": PolicyTypeListString, + "CookiesSessionOnlyForUrls": PolicyTypeListString, + "CopyPreventionSettings": PolicyTypeDict, + "CorsLegacyModeEnabled": PolicyTypeBool, + "CorsMitigationList": PolicyTypeListString, + "CreateThemesSettings": PolicyTypeInt, + "CrossOriginWebAssemblyModuleSharingEnabled": PolicyTypeBool, + "DHEEnabled": PolicyTypeBool, + "DNSInterceptionChecksEnabled": PolicyTypeBool, + "DataControlsRules": PolicyTypeDict, + "DataURLWhitespacePreservationEnabled": PolicyTypeBool, + "DataUrlInSvgUseEnabled": PolicyTypeBool, + "DefaultBrowserSettingEnabled": PolicyTypeBool, + "DefaultClipboardSetting": PolicyTypeInt, + "DefaultCookiesSetting": PolicyTypeInt, + "DefaultDownloadDirectory": PolicyTypeString, + "DefaultFileHandlingGuardSetting": PolicyTypeInt, + "DefaultFileSystemReadGuardSetting": PolicyTypeInt, + "DefaultFileSystemWriteGuardSetting": PolicyTypeInt, + "DefaultGeolocationSetting": PolicyTypeInt, + "DefaultImagesSetting": PolicyTypeInt, + "DefaultInsecureContentSetting": PolicyTypeInt, + "DefaultJavaScriptJitSetting": PolicyTypeInt, + "DefaultJavaScriptOptimizerSetting": PolicyTypeInt, + "DefaultJavaScriptSetting": PolicyTypeInt, + "DefaultKeygenSetting": PolicyTypeInt, + "DefaultLocalFontsSetting": PolicyTypeInt, + "DefaultMediaStreamSetting": PolicyTypeInt, + "DefaultNotificationsSetting": PolicyTypeInt, + "DefaultPluginsSetting": PolicyTypeInt, + "DefaultPopupsSetting": PolicyTypeInt, + "DefaultPrinterSelection": PolicyTypeString, + "DefaultSearchProviderAlternateURLs": PolicyTypeListString, + "DefaultSearchProviderContextMenuAccessAllowed": PolicyTypeBool, + "DefaultSearchProviderEnabled": PolicyTypeBool, + "DefaultSearchProviderEncodings": PolicyTypeListString, + "DefaultSearchProviderIconURL": PolicyTypeString, + "DefaultSearchProviderImageURL": PolicyTypeString, + "DefaultSearchProviderImageURLPostParams": PolicyTypeString, + "DefaultSearchProviderInstantURL": PolicyTypeString, + "DefaultSearchProviderInstantURLPostParams": PolicyTypeString, + "DefaultSearchProviderKeyword": PolicyTypeString, + "DefaultSearchProviderName": PolicyTypeString, + "DefaultSearchProviderNewTabURL": PolicyTypeString, + "DefaultSearchProviderSearchTermsReplacementKey": PolicyTypeString, + "DefaultSearchProviderSearchURL": PolicyTypeString, + "DefaultSearchProviderSearchURLPostParams": PolicyTypeString, + "DefaultSearchProviderSuggestURL": PolicyTypeString, + "DefaultSearchProviderSuggestURLPostParams": PolicyTypeString, + "DefaultSensorsSetting": PolicyTypeInt, + "DefaultSerialGuardSetting": PolicyTypeInt, + "DefaultThirdPartyStoragePartitioningSetting": PolicyTypeInt, + "DefaultWebBluetoothGuardSetting": PolicyTypeInt, + "DefaultWebHidGuardSetting": PolicyTypeInt, + "DefaultWebUsbGuardSetting": PolicyTypeInt, + "DefaultWindowManagementSetting": PolicyTypeInt, + "DefaultWindowPlacementSetting": PolicyTypeInt, + "DeletingUndecryptablePasswordsEnabled": PolicyTypeBool, + "DesktopSharingHubEnabled": PolicyTypeBool, + "DevToolsGenAiSettings": PolicyTypeInt, + "DevToolsGoogleDeveloperProgramProfileAvailability": PolicyTypeInt, + "DeveloperToolsAvailability": PolicyTypeInt, + "DeveloperToolsDisabled": PolicyTypeBool, + "Disable3DAPIs": PolicyTypeBool, + "DisableAuthNegotiateCnameLookup": PolicyTypeBool, + "DisablePluginFinder": PolicyTypeBool, + "DisablePrintPreview": PolicyTypeBool, + "DisableSSLRecordSplitting": PolicyTypeBool, + "DisableSafeBrowsingProceedAnyway": PolicyTypeBool, + "DisableScreenshots": PolicyTypeBool, + "DisableSpdy": PolicyTypeBool, + "DisabledPlugins": PolicyTypeListString, + "DisabledPluginsExceptions": PolicyTypeListString, + "DisabledSchemes": PolicyTypeListString, + "DiskCacheDir": PolicyTypeString, + "DiskCacheSize": PolicyTypeInt, + "DisplayCapturePermissionsPolicyEnabled": PolicyTypeBool, + "DnsOverHttpsMode": PolicyTypeString, + "DnsOverHttpsTemplates": PolicyTypeString, + "DnsPrefetchingEnabled": PolicyTypeBool, + "DomainReliabilityAllowed": PolicyTypeBool, + "DownloadBubbleEnabled": PolicyTypeBool, + "DownloadDirectory": PolicyTypeString, + "DownloadRestrictions": PolicyTypeInt, + "EditBookmarksEnabled": PolicyTypeBool, + "EnableAuthNegotiatePort": PolicyTypeBool, + "EnableCommonNameFallbackForLocalAnchors": PolicyTypeBool, + "EnableDeprecatedPrivetPrinting": PolicyTypeBool, + "EnableDeprecatedWebBasedSignin": PolicyTypeBool, + "EnableDeprecatedWebPlatformFeatures": PolicyTypeListString, + "EnableExperimentalPolicies": PolicyTypeListString, + "EnableMediaRouter": PolicyTypeBool, + "EnableOnlineRevocationChecks": PolicyTypeBool, + "EnableProxyOverrideRulesForAllUsers": PolicyTypeInt, + "EnableSha1ForLocalAnchors": PolicyTypeBool, + "EnableSymantecLegacyInfrastructure": PolicyTypeBool, + "EnableUnsafeSwiftShader": PolicyTypeBool, + "EnabledPlugins": PolicyTypeListString, + "EncryptedClientHelloEnabled": PolicyTypeBool, + "EnforceLocalAnchorConstraintsEnabled": PolicyTypeBool, + "EnterpriseBadgingTemporarySetting": PolicyTypeInt, + "EnterpriseCustomLabel": PolicyTypeString, + "EnterpriseCustomLabelForBrowser": PolicyTypeString, + "EnterpriseHardwarePlatformAPIEnabled": PolicyTypeBool, + "EnterpriseLogoUrl": PolicyTypeString, + "EnterpriseLogoUrlForBrowser": PolicyTypeString, + "EnterpriseProfileBadgeToolbarSettings": PolicyTypeInt, + "EnterpriseProfileCreationKeepBrowsingData": PolicyTypeBool, + "EnterpriseRealTimeUrlCheckMode": PolicyTypeInt, + "EnterpriseSearchAggregatorSettings": PolicyTypeDict, + "EnterpriseWebStoreName": PolicyTypeString, + "EnterpriseWebStoreURL": PolicyTypeString, + "EventPathEnabled": PolicyTypeBool, + "ExemptDomainFileTypePairsFromFileTypeDownloadWarnings": PolicyTypeDict, + "ExplicitlyAllowedNetworkPorts": PolicyTypeListString, + "ExtensionAllowInsecureUpdates": PolicyTypeBool, + "ExtensionAllowedTypes": PolicyTypeListString, + "ExtensionDeveloperModeSettings": PolicyTypeInt, + "ExtensionExtendedBackgroundLifetimeForPortConnectionsToUrls": PolicyTypeListString, + "ExtensionInstallAllowlist": PolicyTypeListString, + "ExtensionInstallBlacklist": PolicyTypeListString, + "ExtensionInstallBlocklist": PolicyTypeListString, + "ExtensionInstallCloudPolicyChecksEnabled": PolicyTypeBool, + "ExtensionInstallForcelist": PolicyTypeListString, + "ExtensionInstallSources": PolicyTypeListString, + "ExtensionInstallTypeBlocklist": PolicyTypeListString, + "ExtensionInstallWhitelist": PolicyTypeListString, + "ExtensionManifestV2Availability": PolicyTypeInt, + "ExtensionSettings": PolicyTypeDict, + "ExtensionUnpublishedAvailability": PolicyTypeInt, + "ExternalProtocolDialogShowAlwaysOpenCheckbox": PolicyTypeBool, + "FeedbackSurveysEnabled": PolicyTypeBool, + "FetchKeepaliveDurationSecondsOnShutdown": PolicyTypeInt, + "FileHandlingAllowedForUrls": PolicyTypeListString, + "FileHandlingBlockedForUrls": PolicyTypeListString, + "FileOrDirectoryPickerWithoutGestureAllowedForOrigins": PolicyTypeListString, + "FileSystemReadAskForUrls": PolicyTypeListString, + "FileSystemReadBlockedForUrls": PolicyTypeListString, + "FileSystemSyncAccessHandleAsyncInterfaceEnabled": PolicyTypeBool, + "FileSystemWriteAskForUrls": PolicyTypeListString, + "FileSystemWriteBlockedForUrls": PolicyTypeListString, + "FirstPartySetsEnabled": PolicyTypeBool, + "FirstPartySetsOverrides": PolicyTypeDict, + "ForceBrowserSignin": PolicyTypeBool, + "ForceEnablePepperVideoDecoderDevAPI": PolicyTypeBool, + "ForceEphemeralProfiles": PolicyTypeBool, + "ForceGoogleSafeSearch": PolicyTypeBool, + "ForceLegacyDefaultReferrerPolicy": PolicyTypeBool, + "ForceMajorVersionToMinorPositionInUserAgent": PolicyTypeInt, + "ForcePermissionPolicyUnloadDefaultEnabled": PolicyTypeBool, + "ForceSafeSearch": PolicyTypeBool, + "ForceYouTubeRestrict": PolicyTypeInt, + "ForceYouTubeSafetyMode": PolicyTypeBool, + "ForcedLanguages": PolicyTypeListString, + "FullscreenAllowed": PolicyTypeBool, + "GSSAPILibraryName": PolicyTypeString, + "GeminiActOnWebSettings": PolicyTypeInt, + "GenAILocalFoundationalModelSettings": PolicyTypeInt, + "GenAiDefaultSettings": PolicyTypeInt, + "GeolocationBlockedForUrls": PolicyTypeListString, + "GetDisplayMediaSetSelectAllScreensAllowedForUrls": PolicyTypeListString, + "GloballyScopeHTTPAuthCacheEnabled": PolicyTypeBool, + "GoogleSearchSidePanelEnabled": PolicyTypeBool, + "HSTSPolicyBypassList": PolicyTypeListString, + "HappyEyeballsV3Enabled": PolicyTypeBool, + "HardwareAccelerationModeEnabled": PolicyTypeBool, + "HeadlessMode": PolicyTypeInt, + "HelpMeWriteSettings": PolicyTypeInt, + "HideWebStoreIcon": PolicyTypeBool, + "HideWebStorePromo": PolicyTypeBool, + "HighEfficiencyModeEnabled": PolicyTypeBool, + "HistoryClustersVisible": PolicyTypeBool, + "HistorySearchSettings": PolicyTypeInt, + "HomepageIsNewTabPage": PolicyTypeBool, + "HomepageLocation": PolicyTypeString, + "Http09OnNonDefaultPortsEnabled": PolicyTypeBool, + "HttpAllowlist": PolicyTypeListString, + "HttpsOnlyMode": PolicyTypeString, + "HttpsUpgradesEnabled": PolicyTypeBool, + "IPv6ReachabilityOverrideEnabled": PolicyTypeBool, + "IdleTimeout": PolicyTypeInt, + "IdleTimeoutActions": PolicyTypeListString, + "ImagesAllowedForUrls": PolicyTypeListString, + "ImagesBlockedForUrls": PolicyTypeListString, + "ImportAutofillFormData": PolicyTypeBool, + "ImportBookmarks": PolicyTypeBool, + "ImportHistory": PolicyTypeBool, + "ImportHomepage": PolicyTypeBool, + "ImportSavedPasswords": PolicyTypeBool, + "ImportSearchEngine": PolicyTypeBool, + "IncognitoEnabled": PolicyTypeBool, + "IncognitoModeAvailability": PolicyTypeInt, + "InsecureContentAllowedForUrls": PolicyTypeListString, + "InsecureContentBlockedForUrls": PolicyTypeListString, + "InsecureFormsWarningsEnabled": PolicyTypeBool, + "InsecureHashesInTLSHandshakesEnabled": PolicyTypeBool, + "InsecurePrivateNetworkRequestsAllowed": PolicyTypeBool, + "InsecurePrivateNetworkRequestsAllowedForUrls": PolicyTypeListString, + "InstantEnabled": PolicyTypeBool, + "IntensiveWakeUpThrottlingEnabled": PolicyTypeBool, + "IntranetRedirectBehavior": PolicyTypeInt, + "IsolateOrigins": PolicyTypeString, + "JavaScriptAllowedForUrls": PolicyTypeListString, + "JavaScriptBlockedForUrls": PolicyTypeListString, + "JavaScriptJitAllowedForSites": PolicyTypeListString, + "JavaScriptJitBlockedForSites": PolicyTypeListString, + "JavaScriptOptimizerAllowedForSites": PolicyTypeListString, + "JavaScriptOptimizerBlockedForSites": PolicyTypeListString, + "JavascriptEnabled": PolicyTypeBool, + "KeyboardFocusableScrollersEnabled": PolicyTypeBool, + "KeygenAllowedForUrls": PolicyTypeListString, + "KeygenBlockedForUrls": PolicyTypeListString, + "LacrosSecondaryProfilesAllowed": PolicyTypeBool, + "LegacySameSiteCookieBehaviorEnabled": PolicyTypeInt, + "LegacySameSiteCookieBehaviorEnabledForDomainList": PolicyTypeListString, + "LegacyTechReportAllowlist": PolicyTypeListString, + "LensDesktopNTPSearchEnabled": PolicyTypeBool, + "LensOverlaySettings": PolicyTypeInt, + "LensRegionSearchEnabled": PolicyTypeBool, + "LiveCaptionEnabled": PolicyTypeBool, + "LiveTranslateEnabled": PolicyTypeBool, + "LoadCryptoTokenExtension": PolicyTypeBool, + "LocalDiscoveryEnabled": PolicyTypeBool, + "LocalFontsAllowedForUrls": PolicyTypeListString, + "LocalFontsBlockedForUrls": PolicyTypeListString, + "LocalNetworkAccessAllowedForUrls": PolicyTypeListString, + "LocalNetworkAccessBlockedForUrls": PolicyTypeListString, + "LocalNetworkAccessRestrictionsEnabled": PolicyTypeBool, + "LocalNetworkAccessRestrictionsTemporaryOptOut": PolicyTypeBool, + "LockIconInAddressBarEnabled": PolicyTypeBool, + "LookalikeWarningAllowlistDomains": PolicyTypeListString, + "MachineLevelUserCloudPolicyEnrollmentToken": PolicyTypeString, + "ManagedAccountsSigninRestriction": PolicyTypeString, + "ManagedBookmarks": PolicyTypeDict, + "ManagedConfigurationPerOrigin": PolicyTypeDict, + "MaxConnectionsPerProxy": PolicyTypeInt, + "MaxInvalidationFetchDelay": PolicyTypeInt, + "MediaCacheSize": PolicyTypeInt, + "MediaRecommendationsEnabled": PolicyTypeBool, + "MediaRouterCastAllowAllIPs": PolicyTypeBool, + "MemorySaverModeSavings": PolicyTypeInt, + "MetricsReportingEnabled": PolicyTypeBool, + "MutationEventsEnabled": PolicyTypeBool, + "NTPCardsVisible": PolicyTypeBool, + "NTPCustomBackgroundEnabled": PolicyTypeBool, + "NTPFooterExtensionAttributionEnabled": PolicyTypeBool, + "NTPFooterManagementNoticeEnabled": PolicyTypeBool, + "NTPMiddleSlotAnnouncementVisible": PolicyTypeBool, + "NTPOutlookCardVisible": PolicyTypeBool, + "NTPSharepointCardVisible": PolicyTypeBool, + "NTPShortcuts": PolicyTypeDict, + "NativeClientForceAllowed": PolicyTypeBool, + "NativeMessagingAllowlist": PolicyTypeListString, + "NativeMessagingBlacklist": PolicyTypeListString, + "NativeMessagingBlocklist": PolicyTypeListString, + "NativeMessagingUserLevelHosts": PolicyTypeBool, + "NativeMessagingWhitelist": PolicyTypeListString, + "NetworkPredictionOptions": PolicyTypeInt, + "NetworkServiceSandboxEnabled": PolicyTypeBool, + "NewBaseUrlInheritanceBehaviorAllowed": PolicyTypeBool, + "NewTabPageLocation": PolicyTypeString, + "NotificationsAllowedForUrls": PolicyTypeListString, + "NotificationsBlockedForUrls": PolicyTypeListString, + "NtlmV2Enabled": PolicyTypeBool, + "OffsetParentNewSpecBehaviorEnabled": PolicyTypeBool, + "OnBulkDataEntryEnterpriseConnector": PolicyTypeDict, + "OnFileAttachedEnterpriseConnector": PolicyTypeDict, + "OnFileDownloadedEnterpriseConnector": PolicyTypeDict, + "OnPrintEnterpriseConnector": PolicyTypeDict, + "OnSecurityEventEnterpriseConnector": PolicyTypeDict, + "OopPrintDriversAllowed": PolicyTypeBool, + "OptimizationGuideFetchingEnabled": PolicyTypeBool, + "OriginAgentClusterDefaultEnabled": PolicyTypeBool, + "OriginKeyedProcessesEnabled": PolicyTypeBool, + "OutOfProcessSystemDnsResolutionEnabled": PolicyTypeBool, + "OverrideSecurityRestrictionsOnInsecureOrigin": PolicyTypeListString, + "PPAPISharedImagesSwapChainAllowed": PolicyTypeBool, + "PacHttpsUrlStrippingEnabled": PolicyTypeBool, + "PartitionedBlobUrlUsage": PolicyTypeBool, + "PasswordDismissCompromisedAlertEnabled": PolicyTypeBool, + "PasswordLeakDetectionEnabled": PolicyTypeBool, + "PasswordManagerAllowShowPasswords": PolicyTypeBool, + "PasswordManagerBlocklist": PolicyTypeListString, + "PasswordManagerEnabled": PolicyTypeBool, + "PasswordManagerPasskeysEnabled": PolicyTypeBool, + "PasswordProtectionChangePasswordURL": PolicyTypeString, + "PasswordProtectionLoginURLs": PolicyTypeListString, + "PasswordProtectionWarningTrigger": PolicyTypeInt, + "PasswordSharingEnabled": PolicyTypeBool, + "PaymentMethodQueryEnabled": PolicyTypeBool, + "PdfAnnotationsEnabled": PolicyTypeBool, + "PdfLocalFileAccessAllowedForDomains": PolicyTypeListString, + "PdfUseSkiaRendererEnabled": PolicyTypeBool, + "PdfViewerOutOfProcessIframeEnabled": PolicyTypeBool, + "PersistentQuotaEnabled": PolicyTypeBool, + "PluginsAllowedForUrls": PolicyTypeListString, + "PluginsBlockedForUrls": PolicyTypeListString, + "PolicyAtomicGroupsEnabled": PolicyTypeBool, + "PolicyDictionaryMultipleSourceMergeList": PolicyTypeListString, + "PolicyListMultipleSourceMergeList": PolicyTypeListString, + "PolicyRefreshRate": PolicyTypeInt, + "PopupsAllowedForUrls": PolicyTypeListString, + "PopupsBlockedForUrls": PolicyTypeListString, + "PostQuantumKeyAgreementEnabled": PolicyTypeBool, + "PreciseGeolocationAllowedForUrls": PolicyTypeListString, + "PrefetchWithServiceWorkerEnabled": PolicyTypeBool, + "PrefixedStorageInfoEnabled": PolicyTypeBool, + "PrefixedVideoFullscreenApiAvailability": PolicyTypeString, + "PrintHeaderFooter": PolicyTypeBool, + "PrintPdfAsImageDefault": PolicyTypeBool, + "PrintPreviewUseSystemDefaultPrinter": PolicyTypeBool, + "PrintRasterizePdfDpi": PolicyTypeInt, + "PrinterTypeDenyList": PolicyTypeListString, + "PrintingAllowedBackgroundGraphicsModes": PolicyTypeString, + "PrintingBackgroundGraphicsDefault": PolicyTypeString, + "PrintingEnabled": PolicyTypeBool, + "PrintingPaperSizeDefault": PolicyTypeDict, + "PrivacySandboxAdMeasurementEnabled": PolicyTypeBool, + "PrivacySandboxAdTopicsEnabled": PolicyTypeBool, + "PrivacySandboxFingerprintingProtectionEnabled": PolicyTypeBool, + "PrivacySandboxIpProtectionEnabled": PolicyTypeBool, + "PrivacySandboxPromptEnabled": PolicyTypeBool, + "PrivacySandboxSiteEnabledAdsEnabled": PolicyTypeBool, + "PrivateNetworkAccessRestrictionsEnabled": PolicyTypeBool, + "ProfileLabel": PolicyTypeInt, + "ProfilePickerOnStartupAvailability": PolicyTypeInt, + "ProfileReauthPrompt": PolicyTypeInt, + "ProfileSeparationDataMigrationSettings": PolicyTypeInt, + "ProfileSeparationDomainExceptionList": PolicyTypeListString, + "ProfileSeparationSettings": PolicyTypeInt, + "PromotionalTabsEnabled": PolicyTypeBool, + "PromotionsEnabled": PolicyTypeBool, + "PromptForDownloadLocation": PolicyTypeBool, + "PromptOnMultipleMatchingCertificates": PolicyTypeBool, + "ProvisionManagedClientCertificateForBrowser": PolicyTypeInt, + "ProvisionManagedClientCertificateForUser": PolicyTypeInt, + "ProxyBypassList": PolicyTypeString, + "ProxyMode": PolicyTypeString, + "ProxyOverrideRules": PolicyTypeDict, + "ProxyPacUrl": PolicyTypeString, + "ProxyServer": PolicyTypeString, + "ProxyServerMode": PolicyTypeInt, + "ProxySettings": PolicyTypeDict, + "QRCodeGeneratorEnabled": PolicyTypeBool, + "QuicAllowed": PolicyTypeBool, + "RC4Enabled": PolicyTypeBool, + "RSAKeyUsageForLocalAnchorsEnabled": PolicyTypeBool, + "ReduceAcceptLanguageEnabled": PolicyTypeBool, + "RegisteredProtocolHandlers": PolicyTypeDict, + "RelatedWebsiteSetsEnabled": PolicyTypeBool, + "RelatedWebsiteSetsOverrides": PolicyTypeDict, + "RelaunchFastIfOutdated": PolicyTypeInt, + "RelaunchNotification": PolicyTypeInt, + "RelaunchNotificationPeriod": PolicyTypeInt, + "RelaunchWindow": PolicyTypeDict, + "RemoteAccessClientFirewallTraversal": PolicyTypeBool, + "RemoteAccessHostAllowClientPairing": PolicyTypeBool, + "RemoteAccessHostAllowFileTransfer": PolicyTypeBool, + "RemoteAccessHostAllowGnubbyAuth": PolicyTypeBool, + "RemoteAccessHostAllowPinAuthentication": PolicyTypeBool, + "RemoteAccessHostAllowRelayedConnection": PolicyTypeBool, + "RemoteAccessHostAllowRemoteAccessConnections": PolicyTypeBool, + "RemoteAccessHostAllowRemoteSupportConnections": PolicyTypeBool, + "RemoteAccessHostAllowUrlForwarding": PolicyTypeBool, + "RemoteAccessHostClientDomain": PolicyTypeString, + "RemoteAccessHostClientDomainList": PolicyTypeListString, + "RemoteAccessHostClipboardSizeBytes": PolicyTypeInt, + "RemoteAccessHostDebugOverridePolicies": PolicyTypeString, + "RemoteAccessHostDomain": PolicyTypeString, + "RemoteAccessHostDomainList": PolicyTypeListString, + "RemoteAccessHostEnableUserInterface": PolicyTypeBool, + "RemoteAccessHostFirewallTraversal": PolicyTypeBool, + "RemoteAccessHostMatchUsername": PolicyTypeBool, + "RemoteAccessHostMaximumSessionDurationMinutes": PolicyTypeInt, + "RemoteAccessHostRequireCurtain": PolicyTypeBool, + "RemoteAccessHostRequireTwoFactor": PolicyTypeBool, + "RemoteAccessHostTalkGadgetPrefix": PolicyTypeString, + "RemoteAccessHostTokenUrl": PolicyTypeString, + "RemoteAccessHostTokenValidationCertificateIssuer": PolicyTypeString, + "RemoteAccessHostTokenValidationUrl": PolicyTypeString, + "RemoteAccessHostUdpPortRange": PolicyTypeString, + "RemoteDebuggingAllowed": PolicyTypeBool, + "ReportSafeBrowsingData": PolicyTypeBool, + "RequireOnlineRevocationChecksForLocalAnchors": PolicyTypeBool, + "RestoreOnStartup": PolicyTypeInt, + "RestoreOnStartupURLs": PolicyTypeListString, + "RestrictPdfSaveToGoogleDriveAccountsToPattern": PolicyTypeString, + "RestrictSigninToPattern": PolicyTypeString, + "RoamingProfileLocation": PolicyTypeString, + "RoamingProfileSupportEnabled": PolicyTypeBool, + "RunAllFlashInAllowMode": PolicyTypeBool, + "SSLErrorOverrideAllowed": PolicyTypeBool, + "SSLErrorOverrideAllowedForOrigins": PolicyTypeListString, + "SSLVersionFallbackMin": PolicyTypeString, + "SSLVersionMax": PolicyTypeString, + "SSLVersionMin": PolicyTypeString, + "SafeBrowsingAllowlistDomains": PolicyTypeListString, + "SafeBrowsingDeepScanningEnabled": PolicyTypeBool, + "SafeBrowsingEnabled": PolicyTypeBool, + "SafeBrowsingExtendedReportingEnabled": PolicyTypeBool, + "SafeBrowsingExtendedReportingOptInAllowed": PolicyTypeBool, + "SafeBrowsingProtectionLevel": PolicyTypeInt, + "SafeBrowsingProxiedRealTimeChecksAllowed": PolicyTypeBool, + "SafeBrowsingSurveysEnabled": PolicyTypeBool, + "SafeBrowsingWhitelistDomains": PolicyTypeListString, + "SafeSitesFilterBehavior": PolicyTypeInt, + "SameOriginTabCaptureAllowedByOrigins": PolicyTypeListString, + "SandboxExternalProtocolBlocked": PolicyTypeBool, + "SavingBrowserHistoryDisabled": PolicyTypeBool, + "ScreenCaptureAllowed": PolicyTypeBool, + "ScreenCaptureAllowedByOrigins": PolicyTypeListString, + "ScreenCaptureWithoutGestureAllowedForOrigins": PolicyTypeListString, + "ScrollToTextFragmentEnabled": PolicyTypeBool, + "SearchContentSharingSettings": PolicyTypeInt, + "SearchSuggestEnabled": PolicyTypeBool, + "SecurityKeyPermitAttestation": PolicyTypeListString, + "SelectParserRelaxationEnabled": PolicyTypeBool, + "SendMouseEventsDisabledFormControlsEnabled": PolicyTypeBool, + "SensorsAllowedForUrls": PolicyTypeListString, + "SensorsBlockedForUrls": PolicyTypeListString, + "SerialAllowAllPortsForUrls": PolicyTypeListString, + "SerialAllowUsbDevicesForUrls": PolicyTypeDict, + "SerialAskForUrls": PolicyTypeListString, + "SerialBlockedForUrls": PolicyTypeListString, + "ServiceWorkerAutoPreloadEnabled": PolicyTypeBool, + "ServiceWorkerToControlSrcdocIframeEnabled": PolicyTypeBool, + "SetTimeoutWithout1MsClampEnabled": PolicyTypeBool, + "SharedArrayBufferUnrestrictedAccessAllowed": PolicyTypeBool, + "SharedClipboardEnabled": PolicyTypeBool, + "SharedWorkerBlobURLFixEnabled": PolicyTypeBool, + "ShoppingListEnabled": PolicyTypeBool, + "ShowAppsShortcutInBookmarkBar": PolicyTypeBool, + "ShowCastIconInToolbar": PolicyTypeBool, + "ShowCastSessionsStartedByOtherDevices": PolicyTypeBool, + "ShowFullUrlsInAddressBar": PolicyTypeBool, + "ShowHomeButton": PolicyTypeBool, + "SideSearchEnabled": PolicyTypeBool, + "SignedHTTPExchangeEnabled": PolicyTypeBool, + "SigninAllowed": PolicyTypeBool, + "SigninInterceptionEnabled": PolicyTypeBool, + "SilentPrintingEnabled": PolicyTypeBool, + "SitePerProcess": PolicyTypeBool, + "SiteSearchSettings": PolicyTypeDict, + "SpellCheckServiceEnabled": PolicyTypeBool, + "SpellcheckEnabled": PolicyTypeBool, + "SpellcheckLanguage": PolicyTypeListString, + "SpellcheckLanguageBlacklist": PolicyTypeListString, + "SpellcheckLanguageBlocklist": PolicyTypeListString, + "StandardizedBrowserZoomEnabled": PolicyTypeBool, + "StaticStorageQuotaEnabled": PolicyTypeBool, + "StrictMimetypeCheckForWorkerScriptsEnabled": PolicyTypeBool, + "StricterMixedContentTreatmentEnabled": PolicyTypeBool, + "SupervisedUserCreationEnabled": PolicyTypeBool, + "SuppressDifferentOriginSubframeDialogs": PolicyTypeBool, + "SuppressUnsupportedOSWarning": PolicyTypeBool, + "SyncDisabled": PolicyTypeBool, + "SyncTypesListDisabled": PolicyTypeListString, + "TLS13EarlyDataEnabled": PolicyTypeBool, + "TLS13HardeningForLocalAnchorsEnabled": PolicyTypeBool, + "TabCaptureAllowedByOrigins": PolicyTypeListString, + "TabCompareSettings": PolicyTypeInt, + "TabDiscardingExceptions": PolicyTypeListString, + "TabFreezingEnabled": PolicyTypeBool, + "TabGroupSharingSettings": PolicyTypeInt, + "TabOrganizerSettings": PolicyTypeInt, + "TabUnderAllowed": PolicyTypeBool, + "TargetBlankImpliesNoOpener": PolicyTypeBool, + "TaskManagerEndProcessEnabled": PolicyTypeBool, + "ThirdPartyStoragePartitioningBlockedForOrigins": PolicyTypeListString, + "ThrottleNonVisibleCrossOriginIframesAllowed": PolicyTypeBool, + "ToolbarAvatarLabelSettings": PolicyTypeInt, + "TranslateEnabled": PolicyTypeBool, + "TranslatorAPIAllowed": PolicyTypeBool, + "TripleDESEnabled": PolicyTypeBool, + "U2fSecurityKeyApiEnabled": PolicyTypeBool, + "URLAllowlist": PolicyTypeListString, + "URLBlacklist": PolicyTypeListString, + "URLBlocklist": PolicyTypeListString, + "URLWhitelist": PolicyTypeListString, + "UnmanagedDeviceSignalsConsentFlowEnabled": PolicyTypeBool, + "UnsafelyTreatInsecureOriginAsSecure": PolicyTypeListString, + "UnthrottledNestedTimeoutEnabled": PolicyTypeBool, + "UrlKeyedAnonymizedDataCollectionEnabled": PolicyTypeBool, + "UrlParamFilterEnabled": PolicyTypeBool, + "UseLegacyFormControls": PolicyTypeBool, + "UseMojoVideoDecoderForPepperAllowed": PolicyTypeBool, + "UserAgentClientHintsEnabled": PolicyTypeBool, + "UserAgentClientHintsGREASEUpdateEnabled": PolicyTypeBool, + "UserAgentReduction": PolicyTypeInt, + "UserContextAwareAccessSignalsAllowlist": PolicyTypeListString, + "UserDataSnapshotRetentionLimit": PolicyTypeInt, + "UserFeedbackAllowed": PolicyTypeBool, + "UserSecurityAuthenticatedReporting": PolicyTypeBool, + "UserSecuritySignalsReporting": PolicyTypeBool, + "VariationsRestrictParameter": PolicyTypeString, + "VideoCaptureAllowed": PolicyTypeBool, + "VideoCaptureAllowedUrls": PolicyTypeListString, + "WPADQuickCheckEnabled": PolicyTypeBool, + "WatermarkStyle": PolicyTypeDict, + "WebAppInstallByUserEnabled": PolicyTypeBool, + "WebAppInstallForceList": PolicyTypeDict, + "WebAppSettings": PolicyTypeDict, + "WebAudioOutputBufferingEnabled": PolicyTypeBool, + "WebAuthenticationRemoteDesktopAllowedOrigins": PolicyTypeListString, + "WebAuthenticationRemoteProxiedRequestsAllowed": PolicyTypeBool, + "WebComponentsV0Enabled": PolicyTypeBool, + "WebDriverOverridesIncompatiblePolicies": PolicyTypeBool, + "WebHidAllowAllDevicesForUrls": PolicyTypeListString, + "WebHidAllowDevicesForUrls": PolicyTypeDict, + "WebHidAllowDevicesWithHidUsagesForUrls": PolicyTypeDict, + "WebHidAskForUrls": PolicyTypeListString, + "WebHidBlockedForUrls": PolicyTypeListString, + "WebRtcAllowLegacyTLSProtocols": PolicyTypeBool, + "WebRtcEventLogCollectionAllowed": PolicyTypeBool, + "WebRtcIPHandling": PolicyTypeString, + "WebRtcIPHandlingUrl": PolicyTypeDict, + "WebRtcLocalIpsAllowedUrls": PolicyTypeListString, + "WebRtcPostQuantumKeyAgreement": PolicyTypeBool, + "WebRtcTextLogCollectionAllowed": PolicyTypeBool, + "WebRtcUdpPortRange": PolicyTypeString, + "WebSQLAccess": PolicyTypeBool, + "WebSQLInThirdPartyContextEnabled": PolicyTypeBool, + "WebSQLNonSecureContextEnabled": PolicyTypeBool, + "WebUsbAllowDevicesForUrls": PolicyTypeDict, + "WebUsbAskForUrls": PolicyTypeListString, + "WebUsbBlockedForUrls": PolicyTypeListString, + "WindowCaptureAllowedByOrigins": PolicyTypeListString, + "WindowManagementAllowedForUrls": PolicyTypeListString, + "WindowManagementBlockedForUrls": PolicyTypeListString, + "WindowPlacementAllowedForUrls": PolicyTypeListString, + "WindowPlacementBlockedForUrls": PolicyTypeListString, + "ZstdContentEncodingEnabled": PolicyTypeBool, } }