Merge pull request #1143 from mozilla/DLP_Templates

Initial checkin of templates for DLP
mozilla · Jan 2, 2025 · 681d296 · 681d296
2 parents 9fda47b + e8b73ed
commit 681d296
Show file tree

Hide file tree

Showing 2 changed files with 168 additions and 2 deletions.
diff --git a/windows/en-US/firefox.adml b/windows/en-US/firefox.adml
@@ -74,6 +74,7 @@
       <string id="SUPPORTED_FF129">Firefox 129 or later, Firefox 115.14 ESR or later</string>
       <string id="SUPPORTED_FF130">Firefox 130 or later, Firefox 115.15 ESR or later</string>
       <string id="SUPPORTED_FF130_ONLY">Firefox 130 or later</string>
+      <string id="SUPPORTED_FF131">Firefox 131 or later, Firefox 115.16 ESR or later</string>
       <string id="firefox">Firefox</string>
       <string id="Permissions_group">Permissions</string>
       <string id="Camera_group">Camera</string>
@@ -101,6 +102,7 @@
       <string id="ProxySettings_group">Proxy Settings</string>
       <string id="SecurityDevices_group">Security Devices</string>
       <string id="FirefoxSuggest_group">Firefox Suggest (US only)</string>
+      <string id="ContentAnalysis_group">Content Analysis (DLP)</string>
       <string id="Allow">Allowed Sites</string>
       <string id="AllowSession">Allowed Sites (Session Only)</string>
       <string id="Block">Blocked Sites</string>
@@ -1132,6 +1134,55 @@ If this policy is disabled or not configured, Private Browsing Mode is available
       <string id="PrivateBrowsingModeAvailability_0">Allow Private Browsing Mode</string>
       <string id="PrivateBrowsingModeAvailability_1">Disable Private Browsing Mode</string>
       <string id="PrivateBrowsingModeAvailability_2">Force Private Browsing Mode</string>
+      <string id="ContentAnalysis_AgentName">Agent Name</string>
+      <string id="ContentAnalysis_AgentName_Explain">If this policy is enabled, you can specify the name of the DLP agent, used in dialogs and notifications about DLP operations.
+
+If this policy is disabled or not configured, the agent name "A DLP Agent" is used.</string>
+      <string id="ContentAnalysis_AgentTimeout">Agent Timeout</string>
+      <string id="ContentAnalysis_AgentTimeout_Explain">If this policy is enabled, you can specify the timeout in number of seconds after a DLP request is sent to the agent. After this timeout, the request will be denied unless 'Default Result' is set to 1 or 2.
+
+If this policy is disabled or not configured, the timeout is 30 seconds.</string>
+      <string id="ContentAnalysis_AllowUrlRegexList">Allow Url Regex List</string>
+      <string id="ContentAnalysis_AllowUrlRegexList_Explain">If this policy is enabled, you can specify a space-separated list of regular expressions that indicates URLs for which DLP operations will always be allowed without consulting the agent. The default is "^about:(?!blank|srcdoc).*", meaning that any pages that start with "about:" will be exempt from DLP except for "about:blank" and "about:srcdoc", as these can be controlled by web content.
+
+If this policy is disabled or not configured, the DLP agent will always be consulted.</string>
+      <string id="ContentAnalysis_BypassForSameTabOperations">Bypass For Same Tab Operations</string>
+      <string id="ContentAnalysis_BypassForSameTabOperations_Explain">If this policy is enabled, Firefox will automatically allow DLP requests whose data comes from the same tab and frame - for example, if data is copied to the clipboard and then pasted on the same page.
+
+If this policy is disabled or not configured, Firefox  Firefox will not pass DLP requests whose data comes from the same tab and frame to the DLP agent as normal.</string>
+      <string id="ContentAnalysis_ClientSignature">Client Signature</string>
+      <string id="ContentAnalysis_ClientSignature_Explain">If this policy is enabled, you can set the required signature of the DLP agent connected to the pipe. If this is a non-empty string and the DLP agent does not have a signature with a Subject Name that exactly matches this value, Firefox will not connect to the pipe.
+
+If this policy is disabled or not configured, the signature will not be verified.</string>
+      <string id="ContentAnalysis_DefaultResult">Default Result</string>
+      <string id="ContentAnalysis_DefaultResult_Explain">If this policy is enabled, you can indicate the desired behavior for DLP requests if there is a problem connecting to the DLP agent.
+
+If this policy is disabled or not configured, the DLP request will be denied if there is a problem connecting to the agent.</string>
+      <string id="ContentAnalysis_DefaultResult_0">Deny the request</string>
+      <string id="ContentAnalysis_DefaultResult_1">Warn the user and allow them to choose whether to allow or deny</string>
+      <string id="ContentAnalysis_DefaultResult_2">Allow the request</string>
+      <string id="ContentAnalysis_DenyUrlRegexList">Deny Url Regex List</string>
+      <string id="ContentAnalysis_DenyUrlRegexList_Explain">If this policy is enabled, you can specify a space-separated list of regular expressions that indicates URLs for which DLP operations will always be denied without consulting the agent.
+
+If this policy is disabled or not configured, the DLP agent will always be consulted.</string>
+      <string id="ContentAnalysis_Enabled">Enabled</string>
+      <string id="ContentAnalysis_Enabled_Explain">If this policy is enabled, Firefox will use DLP.
+
+If this policy is disabled or not configured, Firefox will not use DLP.
+
+Note: If this policy is enabled and no DLP agent is running, all DLP requests will be denied unless Default Result is set to 1 or 2.</string>
+      <string id="ContentAnalysis_IsPerUser">Is Per User</string>
+      <string id="ContentAnalysis_IsPerUser_Explain">If this policy is disabled, the pipe the DLP agent creates is per-system.
+
+If this policy is enabled or not configured, the pipe the DLP agent creates is per-user.</string>
+      <string id="ContentAnalysis_PipePathName">Pipe Path Name</string>
+      <string id="ContentAnalysis_PipePathName_Explain">If this policy is enabled, you can change the name of the pipe for the DLP agent.
+
+If this policy is disabled or not configured, the default pipe name of 'path_user' is used.</string>
+      <string id="ContentAnalysis_ShowBlockedResult">Show Blocked Result</string>
+      <string id="ContentAnalysis_ShowBlockedResult_Explain">If this policy is disabled, Firefox will not show a notification when a DLP request is denied.
+
+If this policy is enabled or not configured, Firefox will show a notification when a DLP request is denied.</string>
       <string id="Preferences_Boolean_Explain">If this policy is enabled, the preference is locked to true. If this policy is disabled, the preference is locked to false.
 
 For a description of the preference, see:
@@ -1504,6 +1555,12 @@ https://github.com/mozilla/policy-templates/blob/master/README.md#preferences.</
       <presentation id="PrivateBrowsingModeAvailability">
         <dropdownList refId="PrivateBrowsingModeAvailability"/>
       </presentation>
-    </presentationTable>
+      <presentation id="ContentAnalysis_DefaultResult">
+        <dropdownList refId="ContentAnalysis_DefaultResult"/>
+      </presentation>
+      <presentation id="Number">
+        <decimalTextBox refId="Number"/>
+      </presentation>
+   </presentationTable>
   </resources>
 </policyDefinitionResources>
diff --git a/windows/firefox.admx b/windows/firefox.admx
@@ -76,7 +76,8 @@
       <definition name="SUPPORTED_FF129" displayName="$(string.SUPPORTED_FF129)"/>
       <definition name="SUPPORTED_FF130" displayName="$(string.SUPPORTED_FF130)"/>
       <definition name="SUPPORTED_FF130_ONLY" displayName="$(string.SUPPORTED_FF130_ONLY)"/>
-    </definitions>
+      <definition name="SUPPORTED_FF131" displayName="$(string.SUPPORTED_FF131)"/>
+   </definitions>
   </supportedOn>
   <categories>
     <category displayName="$(string.firefox)" name="firefox">
@@ -169,6 +170,9 @@
     <category displayName="$(string.FirefoxSuggest_group)" name="FirefoxSuggest">
       <parentCategory ref="firefox"/>
     </category>
+    <category displayName="$(string.ContentAnalysis_group)" name="ContentAnalysis">
+      <parentCategory ref="firefox"/>
+    </category>
   </categories>
   <policies>
     <policy name="AppAutoUpdate" class="Both" displayName="$(string.AppAutoUpdate)" explainText="$(string.AppAutoUpdate_Explain)" key="Software\Policies\Mozilla\Firefox" valueName="AppAutoUpdate">
@@ -4304,5 +4308,110 @@
         </enum>
       </elements>
     </policy>
+    <policy name="ContentAnalysis_AgentName" class="Both" displayName="$(string.ContentAnalysis_AgentName)" explainText="$(string.ContentAnalysis_AgentName_Explain)" key="Software\Policies\Mozilla\Firefox\ContentAnalysis" presentation="$(presentation.String)">
+      <parentCategory ref="ContentAnalysis"/>
+      <supportedOn ref="SUPPORTED_FF131"/>
+      <elements>
+        <text id="String" valueName="AgentName"/>
+      </elements>
+    </policy>
+    <policy name="ContentAnalysis_AgentTimeout" class="Both" displayName="$(string.ContentAnalysis_AgentTimeout)" explainText="$(string.ContentAnalysis_AgentTimeout_Explain)" key="Software\Policies\Mozilla\Firefox\ContentAnalysis" presentation="$(presentation.Number)">
+      <parentCategory ref="ContentAnalysis"/>
+      <supportedOn ref="SUPPORTED_FF131"/>
+      <elements>
+        <decimal id="Number" valueName="AgentTimeout"/>
+      </elements>
+    </policy>
+    <policy name="ContentAnalysis_AllowUrlRegexList" class="Both" displayName="$(string.ContentAnalysis_AllowUrlRegexList)" explainText="$(string.ContentAnalysis_AllowUrlRegexList_Explain)" key="Software\Policies\Mozilla\Firefox\ContentAnalysis" presentation="$(presentation.String)">
+      <parentCategory ref="ContentAnalysis"/>
+      <supportedOn ref="SUPPORTED_FF131"/>
+      <elements>
+        <text id="String" valueName="AllowUrlRegexList"/>
+      </elements>
+    </policy>
+    <policy name="ContentAnalysis_BypassForSameTabOperations" class="Both" displayName="$(string.ContentAnalysis_BypassForSameTabOperations)" explainText="$(string.ContentAnalysis_BypassForSameTabOperations_Explain)" key="Software\Policies\Mozilla\Firefox\ContentAnalysis" valueName="BypassForSameTabOperations">
+      <parentCategory ref="ContentAnalysis"/>
+      <supportedOn ref="SUPPORTED_FF131"/>
+      <enabledValue>
+        <decimal value="1"/>
+      </enabledValue>
+      <disabledValue>
+        <decimal value="0"/>
+      </disabledValue>
+    </policy>
+    <policy name="ContentAnalysis_ClientSignature" class="Both" displayName="$(string.ContentAnalysis_ClientSignature)" explainText="$(string.ContentAnalysis_ClientSignature_Explain)" key="Software\Policies\Mozilla\Firefox\ContentAnalysis" presentation="$(presentation.String)">
+      <parentCategory ref="ContentAnalysis"/>
+      <supportedOn ref="SUPPORTED_FF131"/>
+      <elements>
+        <text id="String" valueName="ClientSignature"/>
+      </elements>
+    </policy>
+    <policy name="ContentAnalysis_DefaultResult" class="Both" displayName="$(string.ContentAnalysis_DefaultResult)" explainText="$(string.ContentAnalysis_DefaultResult_Explain)" key="Software\Policies\Mozilla\Firefox\ContentAnalysis" presentation="$(presentation.ContentAnalysis_DefaultResult)">
+      <parentCategory ref="ContentAnalysis"/>
+      <supportedOn ref="SUPPORTED_FF60"/>
+      <elements>
+        <enum id="ContentAnalysis_DefaultResult" valueName="DefaultResult">
+          <item displayName="$(string.ContentAnalysis_DefaultResult_0)">
+            <value>
+              <decimal value="0"/>
+            </value>
+          </item>
+          <item displayName="$(string.ContentAnalysis_DefaultResult_1)">
+            <value>
+              <decimal value="1"/>
+            </value>
+          </item>
+          <item displayName="$(string.ContentAnalysis_DefaultResult_2)">
+            <value>
+              <decimal value="2"/>
+            </value>
+          </item>
+        </enum>
+      </elements>
+    </policy>
+    <policy name="ContentAnalysis_DenyUrlRegexList" class="Both" displayName="$(string.ContentAnalysis_DenyUrlRegexList)" explainText="$(string.ContentAnalysis_DenyUrlRegexList_Explain)" key="Software\Policies\Mozilla\Firefox\ContentAnalysis" presentation="$(presentation.String)">
+      <parentCategory ref="ContentAnalysis"/>
+      <supportedOn ref="SUPPORTED_FF131"/>
+      <elements>
+        <text id="String" valueName="DenyUrlRegexList"/>
+      </elements>
+    </policy>
+    <policy name="ContentAnalysis_Enabled" class="Both" displayName="$(string.ContentAnalysis_Enabled)" explainText="$(string.ContentAnalysis_Enabled_Explain)" key="Software\Policies\Mozilla\Firefox\ContentAnalysis" valueName="Enabled">
+      <parentCategory ref="ContentAnalysis"/>
+      <supportedOn ref="SUPPORTED_FF131"/>
+      <enabledValue>
+        <decimal value="1"/>
+      </enabledValue>
+      <disabledValue>
+        <decimal value="0"/>
+      </disabledValue>
+    </policy>
+    <policy name="ContentAnalysis_IsPerUser" class="Both" displayName="$(string.ContentAnalysis_IsPerUser)" explainText="$(string.ContentAnalysis_IsPerUser_Explain)" key="Software\Policies\Mozilla\Firefox\ContentAnalysis" valueName="IsPerUser">
+      <parentCategory ref="ContentAnalysis"/>
+      <supportedOn ref="SUPPORTED_FF131"/>
+      <enabledValue>
+        <decimal value="1"/>
+      </enabledValue>
+      <disabledValue>
+        <decimal value="0"/>
+      </disabledValue>
+    </policy>
+    <policy name="ContentAnalysis_PipePathName" class="Both" displayName="$(string.ContentAnalysis_PipePathName)" explainText="$(string.ContentAnalysis_PipePathName_Explain)" key="Software\Policies\Mozilla\Firefox\ContentAnalysis" presentation="$(presentation.String)">
+      <parentCategory ref="ContentAnalysis"/>
+      <supportedOn ref="SUPPORTED_FF131"/>
+      <elements>
+        <text id="String" valueName="PipePathName"/>
+      </elements>
+    </policy>
+    <policy name="ContentAnalysis_ShowBlockedResult" class="Both" displayName="$(string.ContentAnalysis_ShowBlockedResult)" explainText="$(string.ContentAnalysis_ShowBlockedResult_Explain)" key="Software\Policies\Mozilla\Firefox\ContentAnalysis" valueName="ShowBlockedResult">
+      <parentCategory ref="ContentAnalysis"/>
+      <supportedOn ref="SUPPORTED_FF131"/>
+      <enabledValue>
+        <decimal value="1"/>
+      </enabledValue>
+      <disabledValue>
+        <decimal value="0"/>
+      </disabledValue>
+    </policy>
   </policies>
 </policyDefinitions>