Closed Bug 1426362 Opened 2 years ago Closed 2 years ago

Display status of policy engine in about:support

Categories

(Firefox :: Enterprise Policies, enhancement)

enhancement
Not set

Tracking

()

RESOLVED FIXED
Firefox 60
Tracking Status
firefox60 --- fixed

People

(Reporter: philipp, Assigned: Felipe)

References

Details

Attachments

(1 file)

This is a user story/request from sumo:
capabilities like user.js, autoconfig & presumably the new policy engine are sometimes used by malware/greyware to override user preferences as well and not only legitimate use cases in a managed environment. so instead of applying a policy totally in the background, having some points in the product that surface if a policy is in use would be great.

I think it would be beneficial if there was a section added to about:support that indicates if enterprise policies are applied. 

If a policy alters preferences, in addition i think it would be great if there's a disclaimer on top of about:preferences stating something to the effect of "Some preferences are managed/altered/locked by your organisation" - similar to what windows system settings show if there is a group policy applied.
In order to provide an easy path for affected users to recover, I'd also suggest that the Firefox uninstaller (run with administrative rights) clears all enterprise policy files placed in the program folder by default.
Chrome has chrome://policy/ that shows a tab of policies with state and values when they've been modified.
I like this approach because everything is available in a single place and I'd argue it's not only useful if malwares are in use but also to make users aware that their company Firefox behaves differently from their normal Firefox for specific reasons.

Regarding the uninstaller comment - my understanding is that if anything we'll improve security through sandboxing of autoconfig but I agree we should provide an easy path out if a risk is introduced here. Felipe and Mike do you have thoughts here?
Flags: needinfo?(mozilla)
Flags: needinfo?(felipc)
At my company, we use CCK2 to put in a note on the About dialog indicating that enterprise policies are in place. That might be another good place to put it. 

Wherever it ends up going, having some sort of notification is a great idea, as it makes it easy to tell if a user has the policies needed to operate on our network. (It makes troubleshooting easier if we can quickly identify stock Firefox instances, which won't work properly.) Making it easy to find for the end-user is a major plus.
Thanks everyone for the suggestions. I think the approach should be to surface this in various places: at least in about:support and Preferences.

I originally agreed on the idea of having a separate about:policy page. However, I think it might be better to add this directly in about:support, because it would make it easier to debug and provide support for people who show up with bug reports and are asked to copy&paste about:support (instead of having to ask to copy&paste two different pages).

Or, at the very least, if the policy engine is active, show that in about:support with a link to about:policy detailing the policies.

I'll take this bug to be about implementing this, and file a separate bug about surfacing this in Preferences, where we can discuss more details.

The note about the uninstaller is a really good point too. I'll create another bug to track that.
Assignee: nobody → felipc
No longer blocks: 1419102
Status: NEW → ASSIGNED
Component: General → Enterprise Policies
Depends on: 1419102
Flags: needinfo?(mozilla)
Flags: needinfo?(felipc)
Bug 1432906 was filed to display a user-visible notice in about:preferences about the policy engine, so on this bug I'll cover adding an entry in about:support for troubleshooting purposes.

We also have plans & designs to surface per-policy notes in about:preferences when applicable, but that'll be too time-consuming for the first version, so we'll deal with that later.

(In reply to :Felipe Gomes (needinfo me!) from comment #4)
> The note about the uninstaller is a really good point too. I'll create
> another bug to track that.

This was covered by bug 1433168
Summary: Make it transparent to users when policy engine is in use → Display status of policy engine in about:support
Blocks: 1433173
Comment on attachment 8955005 [details]
Bug 1426362 - Display status of policy engine in about:support.

https://reviewboard.mozilla.org/r/224184/#review230352

::: toolkit/content/aboutSupport.js:106
(Diff revision 1)
>        `content = ${data.styloResult} (${styloReason}), ` +
>        `chrome = ${data.styloChromeResult} (${styloChromeReason})`;
>  
> +    // data.policiesStatus should never be UNINITIALIZED in real conditions,
> +    // so let's avoid making localizers translate that.
> +    let policiesText = "Unknown";

I believe this should be a localized string.
(In reply to Kirk Steuber [:bytesized] from comment #7)
> > +    // data.policiesStatus should never be UNINITIALIZED in real conditions,
> > +    // so let's avoid making localizers translate that.
> > +    let policiesText = "Unknown";
> 
> I believe this should be a localized string.

See the comment above it
I see the comment, but either:
a) There is a possibility that the un-localized string will be shown, in which case it should be localized, OR
b) There should be no possibility that the string will be shown. In this case, showing the string is an error (which should perhaps be logged?).

I guess I just don't understand why the code seems to be saying "This is the string that we show in X case", while the comment says "X case will never occur". Why provide a string at all if it will never be used?
Yeah, good point. I changed the structure a bit so that both the "initialization error" and the "parsing error" status end up using the "Error" string, which I think is a fair compromise.
Comment on attachment 8955005 [details]
Bug 1426362 - Display status of policy engine in about:support.

https://reviewboard.mozilla.org/r/224184/#review230730

Looks good!
Attachment #8955005 - Flags: review?(ksteuber) → review+
Pushed by felipc@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/476e0758eb1c
Display status of policy engine in about:support. r=bytesized
https://hg.mozilla.org/mozilla-central/rev/476e0758eb1c
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 60
Depends on: 1442866
We have tested this on latest nightly and about:support shows the status of a policy.

Test case and runs are here- https://testrail.stage.mozaws.net/index.php?/plans/view/7734
You need to log in before you can comment on or make changes to this bug.