Added BraveShieldsDisabledForUrls and BraveShieldsEnabledForUrls policies

browser/ui/brave_shields_data_controller.cc

@@ -340,6 +340,16 @@ void BraveShieldsDataController::SetIsHTTPSEverywhereEnabled(bool is_enabled) {
   ReloadWebContents();
 }
 
+bool BraveShieldsDataController::IsBraveShieldsManaged() {
+  PrefService* profile_prefs =
+      Profile::FromBrowserContext(web_contents()->GetBrowserContext())
+          ->GetPrefs();
+
+  return brave_shields::IsBraveShieldsManaged(
+      profile_prefs, GetHostContentSettingsMap(web_contents()),
+      GetCurrentSiteURL());
+}
+
 void BraveShieldsDataController::HandleItemBlocked(
     const std::string& block_type,
     const std::string& subresource) {

browser/ui/brave_shields_data_controller.h

@@ -63,6 +63,7 @@ class BraveShieldsDataController
   AdBlockMode GetAdBlockMode();
   FingerprintMode GetFingerprintMode();
   CookieBlockMode GetCookieBlockMode();
+  bool IsBraveShieldsManaged();
   bool GetHTTPSEverywhereEnabled();
   bool GetNoScriptEnabled();
   void SetAdBlockMode(AdBlockMode mode);

browser/ui/webui/brave_shields/shields_panel_data_handler.cc

@@ -155,8 +155,10 @@ void ShieldsPanelDataHandler::UpdateSiteBlockInfo() {
       active_shields_data_controller_->GetFingerprintsList();
   site_block_info_.http_redirects_list =
       active_shields_data_controller_->GetHttpRedirectsList();
-  site_block_info_.is_shields_enabled =
+  site_block_info_.is_brave_shields_enabled =
       active_shields_data_controller_->GetBraveShieldsEnabled();
+  site_block_info_.is_brave_shields_managed =
+      active_shields_data_controller_->IsBraveShieldsManaged();
 
   // This method gets called from various callsites. Constantly updating favicon
   // url will replace the hashed version too. So, we update this once only

chromium_src/chrome/browser/policy/configuration_policy_handler_list_factory.cc

@@ -5,6 +5,7 @@
 
 #include "chrome/browser/policy/configuration_policy_handler_list_factory.h"
 
+#include "brave/components/constants/pref_names.h"
 #include "brave/components/ipfs/buildflags/buildflags.h"
 #include "brave/components/tor/buildflags/buildflags.h"
 #include "build/build_config.h"
@@ -32,6 +33,10 @@ const policy::PolicyToPreferenceMapEntry kBraveSimplePolicyMap[] = {
      brave_rewards::prefs::kDisabledByPolicy, base::Value::Type::BOOLEAN},
     {policy::key::kBraveWalletDisabled, brave_wallet::prefs::kDisabledByPolicy,
      base::Value::Type::BOOLEAN},
+    {policy::key::kBraveShieldsDisabledForUrls,
+     kManagedBraveShieldsDisabledForUrls, base::Value::Type::LIST},
+    {policy::key::kBraveShieldsEnabledForUrls,
+     kManagedBraveShieldsEnabledForUrls, base::Value::Type::LIST},
 #endif
 #if BUILDFLAG(ENABLE_TOR)
     {policy::key::kTorDisabled, tor::prefs::kTorDisabled,

chromium_src/components/content_settings/core/browser/DEPS

@@ -1,4 +1,5 @@
 include_rules = [
   "+brave/components/content_settings/core/browser",
   "+brave/components/brave_shields/common",
+  "+brave/components/constants",
 ]

chromium_src/components/content_settings/core/browser/content_settings_policy_provider.cc

@@ -0,0 +1,18 @@
+/* Copyright (c) 2022 The Brave Authors. All rights reserved.
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+#include "brave/components/constants/pref_names.h"
+
+#define BRAVE_MANAGED_CONTENT_SETTINGS                                         \
+  {kManagedBraveShieldsDisabledForUrls, ContentSettingsType::BRAVE_SHIELDS,    \
+   CONTENT_SETTING_BLOCK},                                                     \
+      {kManagedBraveShieldsEnabledForUrls, ContentSettingsType::BRAVE_SHIELDS, \
+       CONTENT_SETTING_ALLOW},
+
+#define BRAVE_MANAGED_PREFS \
+  kManagedBraveShieldsDisabledForUrls, kManagedBraveShieldsEnabledForUrls,
+
+#include "src/components/content_settings/core/browser/content_settings_policy_provider.cc"
+#undef BRAVE_MANAGED_PREFS
+#undef BRAVE_MANAGED_CONTENT_SETTINGS

chromium_src/components/content_settings/core/browser/host_content_settings_map.cc

@@ -54,4 +54,5 @@ bool IsMorePermissive_BraveImpl(ContentSettingsType content_type,
 
 #if !BUILDFLAG(IS_IOS)
 #undef PrefProvider
+#undef PolicyProvider
 #endif

components/brave_shields/browser/BUILD.gn

@@ -65,6 +65,7 @@ if (!is_ios) {
       "//brave/components/brave_component_updater/browser",
       "//brave/components/brave_shields/common",
       "//brave/components/brave_shields/common:mojom",
+      "//brave/components/constants",
       "//brave/components/content_settings/core/common",
       "//brave/components/debounce/common",
       "//brave/components/ephemeral_storage",

components/brave_shields/browser/brave_shields_util.cc

@@ -17,6 +17,7 @@
 #include "brave/components/brave_shields/common/brave_shield_utils.h"
 #include "brave/components/brave_shields/common/features.h"
 #include "brave/components/brave_shields/common/pref_names.h"
+#include "brave/components/constants/pref_names.h"
 #include "brave/components/content_settings/core/common/content_settings_util.h"
 #include "brave/components/debounce/common/features.h"
 #include "components/content_settings/core/browser/cookie_settings.h"
@@ -572,6 +573,18 @@ ControlType GetFingerprintingControlType(HostContentSettingsMap* map,
                                              : ControlType::BLOCK;
 }
 
+bool IsBraveShieldsManaged(PrefService* prefs,
+                           HostContentSettingsMap* map,
+                           GURL url) {
+  DCHECK(prefs);
+  DCHECK(map);
+  content_settings::SettingInfo info;
+  map->GetWebsiteSetting(url, url, ContentSettingsType::BRAVE_SHIELDS, &info);
+  return (prefs->IsManagedPreference(kManagedBraveShieldsDisabledForUrls) ||
+          prefs->IsManagedPreference(kManagedBraveShieldsEnabledForUrls)) &&
+         info.source == content_settings::SettingSource::SETTING_SOURCE_POLICY;
+}
+
 void SetHTTPSEverywhereEnabled(HostContentSettingsMap* map,
                                bool enable,
                                const GURL& url,

components/brave_shields/browser/brave_shields_util.h

@@ -100,7 +100,9 @@ void SetFingerprintingControlType(HostContentSettingsMap* map,
                                   PrefService* profile_state = nullptr);
 ControlType GetFingerprintingControlType(HostContentSettingsMap* map,
                                          const GURL& url);
-
+bool IsBraveShieldsManaged(PrefService* prefs,
+                           HostContentSettingsMap* map,
+                           GURL url);
 void SetHTTPSEverywhereEnabled(HostContentSettingsMap* map,
                                bool enable,
                                const GURL& url,

components/brave_shields/browser/brave_shields_util_unittest.cc

@@ -4,13 +4,15 @@
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include <memory>
+#include <utility>
 
 #include "base/files/scoped_temp_dir.h"
 #include "brave/browser/profiles/brave_profile_manager.h"
 #include "brave/components/brave_shields/browser/brave_shields_p3a.h"
 #include "brave/components/brave_shields/browser/brave_shields_util.h"
 #include "brave/components/brave_shields/common/brave_shield_constants.h"
 #include "brave/components/brave_shields/common/features.h"
+#include "brave/components/constants/pref_names.h"
 #include "build/build_config.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/content_settings/cookie_settings_factory.h"
@@ -23,6 +25,7 @@
 #include "components/content_settings/core/common/content_settings_types.h"
 #include "components/content_settings/core/common/pref_names.h"
 #include "components/prefs/pref_service.h"
+#include "components/sync_preferences/testing_pref_service_syncable.h"
 #include "content/public/test/browser_task_environment.h"
 #include "content/public/test/test_utils.h"
 #include "net/base/features.h"
@@ -168,6 +171,90 @@ TEST_F(BraveShieldsUtilTest, SetBraveShieldsEnabled_ForOrigin) {
   setting = map->GetContentSetting(GURL(), GURL(),
                                    ContentSettingsType::BRAVE_SHIELDS);
   EXPECT_EQ(CONTENT_SETTING_ALLOW, setting);
+
+  GURL host2("http://host2.com");
+  GURL host1("http://host1.com");
+  // Set shields as disabled for initial value.
+  brave_shields::SetBraveShieldsEnabled(map, false, host1);
+  // host2.com is enabled by default
+  setting =
+      map->GetContentSetting(host2, GURL(), ContentSettingsType::BRAVE_SHIELDS);
+  EXPECT_EQ(CONTENT_SETTING_ALLOW, setting);
+
+  // Set policy to disable shields for specific domain.
+  auto disabled_list = base::Value(base::Value::Type::LIST);
+  disabled_list.Append("[*.]host2.com");
+  disabled_list.Append("*.*");
+  profile()->GetTestingPrefService()->SetManagedPref(
+      kManagedBraveShieldsDisabledForUrls,
+      base::Value::ToUniquePtrValue(std::move(disabled_list)));
+
+  auto enabled_list = base::Value(base::Value::Type::LIST);
+  enabled_list.Append("[*.]host1.com");
+  profile()->GetTestingPrefService()->SetManagedPref(
+      kManagedBraveShieldsEnabledForUrls,
+      base::Value::ToUniquePtrValue(std::move(enabled_list)));
+
+  // setting should apply block to origin.
+  setting =
+      map->GetContentSetting(host2, GURL(), ContentSettingsType::BRAVE_SHIELDS);
+  EXPECT_EQ(CONTENT_SETTING_BLOCK, setting);
+  brave_shields::SetBraveShieldsEnabled(map, true, host2);
+
+  // setting should not be changed.
+  EXPECT_FALSE(brave_shields::GetBraveShieldsEnabled(map, host2));
+
+  // setting should apply enabled to origin.
+  EXPECT_TRUE(brave_shields::GetBraveShieldsEnabled(map, host1));
+  brave_shields::SetBraveShieldsEnabled(map, false, host1);
+  // setting should not be changed.
+  EXPECT_TRUE(brave_shields::GetBraveShieldsEnabled(map, host1));
+
+  // setting should not apply to default
+  EXPECT_TRUE(brave_shields::GetBraveShieldsEnabled(map, GURL()));
+}
+
+TEST_F(BraveShieldsUtilTest, IsBraveShieldsManaged) {
+  auto* map = HostContentSettingsMapFactory::GetForProfile(profile());
+  GURL host2("http://host2.com");
+  GURL host1("http://host1.com");
+  EXPECT_FALSE(brave_shields::IsBraveShieldsManaged(
+      profile()->GetTestingPrefService(), map, host2));
+
+  auto disabled_list = base::Value(base::Value::Type::LIST);
+  disabled_list.Append("[*.]host2.com");
+  profile()->GetTestingPrefService()->SetManagedPref(
+      kManagedBraveShieldsDisabledForUrls,
+      base::Value::ToUniquePtrValue(std::move(disabled_list)));
+  // only disabled pref set
+  EXPECT_TRUE(brave_shields::IsBraveShieldsManaged(
+      profile()->GetTestingPrefService(), map, host2));
+
+  EXPECT_FALSE(brave_shields::IsBraveShieldsManaged(
+      profile()->GetTestingPrefService(), map, GURL("http://host1.com")));
+
+  auto enabled_list = base::Value(base::Value::Type::LIST);
+  enabled_list.Append("[*.]host1.com");
+  profile()->GetTestingPrefService()->SetManagedPref(
+      kManagedBraveShieldsEnabledForUrls,
+      base::Value::ToUniquePtrValue(std::move(enabled_list)));
+
+  // both disabled/enabled prefs set
+  EXPECT_TRUE(brave_shields::IsBraveShieldsManaged(
+      profile()->GetTestingPrefService(), map, host2));
+
+  EXPECT_TRUE(brave_shields::IsBraveShieldsManaged(
+      profile()->GetTestingPrefService(), map, host1));
+
+  profile()->GetTestingPrefService()->RemoveManagedPref(
+      kManagedBraveShieldsDisabledForUrls);
+
+  // only enabled prefs set
+  EXPECT_FALSE(brave_shields::IsBraveShieldsManaged(
+      profile()->GetTestingPrefService(), map, host2));
+
+  EXPECT_TRUE(brave_shields::IsBraveShieldsManaged(
+      profile()->GetTestingPrefService(), map, host1));
 }
 
 TEST_F(BraveShieldsUtilTest, SetBraveShieldsEnabled_IsNotHttpHttps) {

components/brave_shields/common/brave_shield_constants.h

@@ -86,6 +86,7 @@ constexpr webui::LocalizedString kLocalizedStrings[] = {
     {"braveShieldsDownDesc", IDS_BRAVE_SHIELDS_DOWN_DESC},
     {"braveShieldsBlockedScriptsLabel",
      IDS_BRAVE_SHIELDS_BLOCKED_SCRIPTS_LABEL},
+    {"braveShieldsManaged", IDS_BRAVE_SHIELDS_MANAGED},
 };
 
 const char kCookieListEnabledHistogram[] = "Brave.Shields.CookieListEnabled";

components/brave_shields/common/brave_shields_panel.mojom

@@ -50,7 +50,8 @@ interface DataHandler {
 struct SiteBlockInfo {
   string host;
   int32 total_blocked_resources;
-  bool is_shields_enabled;
+  bool is_brave_shields_enabled;
+  bool is_brave_shields_managed;
   url.mojom.Url favicon_url;
   array<url.mojom.Url> ads_list;
   array<url.mojom.Url> http_redirects_list;

components/brave_shields/resources/panel/components/advanced-controls-content/index.tsx

@@ -102,6 +102,7 @@ function AdvancedControlsContent () {
               value={siteSettings?.adBlockMode}
               ariaLabel={getLocale('braveShieldsTrackersAndAds')}
               onChange={handleAdBlockModeChange}
+              disabled={siteBlockInfo?.isBraveShieldsManaged}
             >
               {adBlockModeOptions.map(entry => {
                 return (
@@ -129,6 +130,7 @@ function AdvancedControlsContent () {
               isOn={siteSettings?.isHttpsEverywhereEnabled}
               size='sm'
               accessibleLabel='Enable HTTPS'
+              disabled={siteBlockInfo?.isBraveShieldsManaged}
             />
           </label>
           <S.CountButton
@@ -148,6 +150,7 @@ function AdvancedControlsContent () {
               isOn={siteSettings?.isNoscriptEnabled}
               size='sm'
               accessibleLabel={getLocale('braveShieldsScriptsBlockedEnable')}
+              disabled={siteBlockInfo?.isBraveShieldsManaged}
             />
           </label>
           <S.CountButton
@@ -165,6 +168,7 @@ function AdvancedControlsContent () {
               value={siteSettings?.fingerprintMode}
               ariaLabel={getLocale('braveShieldsFingerprintingBlocked')}
               onChange={handleFingerprintModeChange}
+              disabled={siteBlockInfo?.isBraveShieldsManaged}
             >
             {fingerprintModeOptions.map(entry => {
                 return (
@@ -180,6 +184,7 @@ function AdvancedControlsContent () {
               value={siteSettings?.cookieBlockMode}
               ariaLabel={getLocale('braveShieldsCookiesBlockAll')}
               onChange={handleCookieBlockModeChange}
+              disabled={siteBlockInfo?.isBraveShieldsManaged}
             >
               {cookieBlockModeOptions.map(entry => {
                 return (

components/brave_shields/resources/panel/components/main-panel/index.tsx

@@ -14,9 +14,9 @@ function MainPanel () {
   const { isExpanded, toggleIsExpanded } = useIsExpanded()
   const { siteBlockInfo, getSiteSettings } = React.useContext(DataContext)
 
-  const braveShieldsStatusText = splitStringForTag(siteBlockInfo?.isShieldsEnabled ? getLocale('braveShieldsUp') : getLocale('braveShieldsDown'))
+  const braveShieldsStatusText = splitStringForTag(siteBlockInfo?.isBraveShieldsEnabled ? getLocale('braveShieldsUp') : getLocale('braveShieldsDown'))
   const braveShieldsBrokenText = splitStringForTag(getLocale('braveShieldsBroken'))
-  const braveShieldsNote = splitStringForTag(siteBlockInfo?.isShieldsEnabled
+  const braveShieldsNote = splitStringForTag(siteBlockInfo?.isBraveShieldsEnabled
     ? getLocale('braveShieldsBlockedNote')
     : getLocale('braveShieldsNOTBlockedNote'))
 
@@ -46,7 +46,14 @@ function MainPanel () {
       {braveShieldsBrokenText.afterTag}
     </S.Footnote>
   )
-
+  let managedFootnoteElement = (
+    <S.Footnote>
+      <S.ControlBox>
+        <S.ManagedIcon />
+        <S.ManagedText>{getLocale('braveShieldsManaged')}</S.ManagedText>
+      </S.ControlBox>
+    </S.Footnote>
+  )
   let advancedControlButtonElement = (isExpanded != null) && (
     <S.AdvancedControlsButton
       type="button"
@@ -68,7 +75,7 @@ function MainPanel () {
     </S.BlockCount>
   )
 
-  if (!siteBlockInfo?.isShieldsEnabled) {
+  if (!siteBlockInfo?.isBraveShieldsEnabled) {
     totalCountElement = (<S.BlockCount>{'\u2014'}</S.BlockCount>)
 
     advancedControlButtonElement = (
@@ -118,7 +125,7 @@ function MainPanel () {
       </S.HeaderBox>
       <S.StatusBox>
         <S.ControlBox>
-          <S.ShieldsIcon isActive={siteBlockInfo?.isShieldsEnabled ?? false}>
+          <S.ShieldsIcon isActive={siteBlockInfo?.isBraveShieldsEnabled ?? false}>
             <svg width="24" height="28" fill="currentColor" xmlns="http://www.w3.org/2000/svg"><path fillRule="evenodd" clipRule="evenodd" d="M23.654 11.667c-.002.122-.258 12.26-11.255 16.263-.008.002-.017 0-.024.003A1.16 1.16 0 0 1 12 28c-.13 0-.256-.026-.376-.067l-.023-.003C.604 23.927.347 11.789.346 11.667.339 11.02.333 9.965.333 9.32V5.817a2.338 2.338 0 0 1 2.333-2.335h1.167c4.9 0 7.106-2.9 7.197-3.023.222-.298.558-.443.902-.455.394-.032.794.117 1.04.46.088.118 2.294 3.018 7.194 3.018h1.167a2.338 2.338 0 0 1 2.333 2.335V9.32c0 .645-.006 1.701-.012 2.347Zm-2.321-5.85h-1.167c-4.263 0-6.895-1.827-8.166-3.009-1.272 1.182-3.904 3.01-8.167 3.01H2.666V9.32c0 .639.006 1.684.013 2.322.006.425.272 10.332 9.32 13.92 9.085-3.609 9.32-13.815 9.321-13.92.007-.638.013-1.683.013-2.322V5.817Zm-8.882 12.368a1.167 1.167 0 0 1-1.688.203l-4.177-3.503a1.169 1.169 0 0 1-.145-1.646 1.165 1.165 0 0 1 1.643-.144L11.31 15.8l4.42-6.004a1.166 1.166 0 1 1 1.879 1.385l-5.157 7.005Z" />
             </svg>
           </S.ShieldsIcon>
@@ -132,19 +139,27 @@ function MainPanel () {
           <S.StatusToggle>
             <Toggle
               brand="shields"
-              isOn={siteBlockInfo?.isShieldsEnabled}
+              isOn={siteBlockInfo?.isBraveShieldsEnabled}
               onChange={handleToggleChange}
               accessibleLabel={getLocale('braveShieldsEnable')}
+              disabled={siteBlockInfo?.isBraveShieldsManaged}
             />
           </S.StatusToggle>
         </S.ControlBox>
+        {!siteBlockInfo?.isBraveShieldsManaged &&
         <S.StatusFootnoteBox>
           {reportSiteOrFootnoteElement}
         </S.StatusFootnoteBox>
+        }
+        {siteBlockInfo?.isBraveShieldsManaged &&
+        <S.StatusFootnoteBox>
+          {managedFootnoteElement}
+        </S.StatusFootnoteBox>
+        }
       </S.StatusBox>
       {advancedControlButtonElement}
       { isExpanded &&
-        siteBlockInfo?.isShieldsEnabled &&
+        siteBlockInfo?.isBraveShieldsEnabled &&
         <AdvancedControlsContentScroller
           isExpanded={isExpanded}
         >