From 0ad28afe47d93d3502cfd816aae3ab9cc0493e59 Mon Sep 17 00:00:00 2001
From: Aminda Suomalainen <suomalainen+git@mikaela.info>
Date: Sat, 11 May 2024 19:44:16 +0300
Subject: [PATCH] chromium: allow manifestv2, enable chromecast, safebrowsing,
 passwordleakdetection, efficiencymode, suggest disabling bookmarks bar and
 document previously forgotten policies

---
 etc/opt/chromium/policies/managed/README.md   | 45 ++++++++++++++++++-
 .../policies/managed/disable-floc.json        |  1 +
 .../policies/managed/enable-chromecast.json   |  7 +++
 .../managed/enable-google-safebrowsing.json   |  4 ++
 .../managed/enable-passwordleakdetection.json |  3 ++
 .../policies/managed/enable-tab-suspend.json  |  3 ++
 .../chromium/policies/recommended/README.md   |  5 +++
 .../recommended/no-bookmarks-bar.json         |  3 ++
 etc/opt/edge/policies/recommended/.gitignore  |  1 +
 .../recommended/no-bookmarks-bar.json         |  1 +
 10 files changed, 72 insertions(+), 1 deletion(-)
 create mode 100644 etc/opt/chromium/policies/managed/enable-chromecast.json
 create mode 100644 etc/opt/chromium/policies/managed/enable-google-safebrowsing.json
 create mode 100644 etc/opt/chromium/policies/managed/enable-passwordleakdetection.json
 create mode 100644 etc/opt/chromium/policies/managed/enable-tab-suspend.json
 create mode 100644 etc/opt/chromium/policies/recommended/no-bookmarks-bar.json
 create mode 120000 etc/opt/edge/policies/recommended/no-bookmarks-bar.json

diff --git a/etc/opt/chromium/policies/managed/README.md b/etc/opt/chromium/policies/managed/README.md
index 66085b75..159dcdd4 100644
--- a/etc/opt/chromium/policies/managed/README.md
+++ b/etc/opt/chromium/policies/managed/README.md
@@ -33,8 +33,16 @@
 - [`doh-quad9-insecure-ecs.json.badidea`](#doh-quad9-insecure-ecsjsonbadidea)
 - [`doh-quad9-insecure.json.badidea`](#doh-quad9-insecurejsonbadidea)
 - [`doh-quad9.json`](#doh-quad9json)
+- [`doh-unlocked-unset.json`](#doh-unlocked-unsetjson-1)
+- [`edge-appsfavorites.json`](#edge-appsfavoritesjson)
+- [`edge-newtabapps.json`](#edge-newtabappsjson)
+- [`edge-screenshots.json`](#edge-screenshotsjson)
+- [`enable-chromecast.json`](#enable-chromecastjson)
 - [`enable-ech-ocsp.json`](#enable-ech-ocspjson)
+- [`enable-google-safebrowsing.json`](#enable-google-safebrowsingjson)
 - [`enable-labs.json`](#enable-labsjson)
+- [`enable-passwordleakdetection.json`](#enable-passwordleakdetectionjson)
+- [`enable-tab-suspend.json`](#enable-tab-suspendjson)
 - [`fix-edge-search.json`](#fix-edge-searchjson)
 - [`force-incognito.json.badidea`](#force-incognitojsonbadidea)
 - [`https-everywhere.json`](#https-everywherejson)
@@ -151,7 +159,8 @@ that I can see.
 
 ## `disable-floc.json`
 
-Disables floc or ad topics that are against privacy.
+Disables floc or ad topics that are against privacy. Additionally allows
+Manifest v2 extensions (as v3 is kind of floc too).
 
 - https://start.duckduckgo.com/?q=google+floc+privacy+topics
 
@@ -203,6 +212,26 @@ their alternative port. **No DNSSEC either.**
 Forces DNS over HTTPS with Quad9 threat-blocking server and also contains
 their alternative port.
 
+## `doh-unlocked-unset.json`
+
+Allows configuring DoH even with managed policies present (unless another DoH rule is in force) since enabling any managed policy will otherwise gray out the option.
+
+## `edge-appsfavorites.json`
+
+Edge apps in favorites bar.
+
+## `edge-newtabapps.json`
+
+Should enable apps in new tab page, although I am not seeing it.
+
+## `edge-screenshots.json`
+
+Explicitly enables screenshotting-
+
+## `enable-chromecast.json`
+
+Explicitly enables Chromecast support.
+
 ## `enable-ech-ocsp.json`
 
 Enables encrypted client hello (ECH) and Online Certificate Status Protocol
@@ -213,10 +242,24 @@ However ECH requires `"DnsOverHttpsMode": "secure"` which will break things
 or it will occassionally get disabled (I hope they implement it with system
 resolver soon).
 
+## `enable-google-safebrowsing.json`
+
+Enforces Google Safe Browsing in standard mode. For advanced mode and sending data to Google, increase to 2.
+
+I just don't trust my family to not find and disable the feature, especially if there was an unfiltered DNS server.
+
 ## `enable-labs.json`
 
 Enables the beaker button "Experiments" for easier management than `about:flags`.
 
+## `enable-passwordleakdetection.json`
+
+Warns about password reuse, although that may only be with Google account.
+
+## `enable-tab-suspend.json`
+
+Enables the efficiency mode which suspends background tabs.
+
 ## `fix-edge-search.json`
 
 Tells Microsoft Edge to redirect queries from new tab search box to URL bar
diff --git a/etc/opt/chromium/policies/managed/disable-floc.json b/etc/opt/chromium/policies/managed/disable-floc.json
index 59b816c0..8bbf8fc3 100644
--- a/etc/opt/chromium/policies/managed/disable-floc.json
+++ b/etc/opt/chromium/policies/managed/disable-floc.json
@@ -1,4 +1,5 @@
 {
+  "ExtensionManifestV2Availability": true,
   "PrivacySandboxAdMeasurementEnabled": false,
   "PrivacySandboxAdTopicsEnabled": false,
   "PrivacySandboxPromptEnabled": false,
diff --git a/etc/opt/chromium/policies/managed/enable-chromecast.json b/etc/opt/chromium/policies/managed/enable-chromecast.json
new file mode 100644
index 00000000..74258146
--- /dev/null
+++ b/etc/opt/chromium/policies/managed/enable-chromecast.json
@@ -0,0 +1,7 @@
+{
+  "AccessCodeCastDeviceDuration": 86400,
+  "AccessCodeCastEnabled": true,
+  "EnableMediaRouter": true,
+  "ShowCastIconInToolbar": true,
+  "ShowCastSessionsStartedByOtherDevices": true
+}
diff --git a/etc/opt/chromium/policies/managed/enable-google-safebrowsing.json b/etc/opt/chromium/policies/managed/enable-google-safebrowsing.json
new file mode 100644
index 00000000..350f030a
--- /dev/null
+++ b/etc/opt/chromium/policies/managed/enable-google-safebrowsing.json
@@ -0,0 +1,4 @@
+{
+  "SafeBrowsingProtectionLevel": 1,
+  "SafeBrowsingProxiedRealTimeChecksAllowed": true
+}
diff --git a/etc/opt/chromium/policies/managed/enable-passwordleakdetection.json b/etc/opt/chromium/policies/managed/enable-passwordleakdetection.json
new file mode 100644
index 00000000..b77f00b1
--- /dev/null
+++ b/etc/opt/chromium/policies/managed/enable-passwordleakdetection.json
@@ -0,0 +1,3 @@
+{
+  "PasswordLeakDetectionEnabled": true
+}
diff --git a/etc/opt/chromium/policies/managed/enable-tab-suspend.json b/etc/opt/chromium/policies/managed/enable-tab-suspend.json
new file mode 100644
index 00000000..c993af8c
--- /dev/null
+++ b/etc/opt/chromium/policies/managed/enable-tab-suspend.json
@@ -0,0 +1,3 @@
+{
+  "HighEfficiencyModeEnabled": true
+}
diff --git a/etc/opt/chromium/policies/recommended/README.md b/etc/opt/chromium/policies/recommended/README.md
index d41d80dc..e1df665b 100644
--- a/etc/opt/chromium/policies/recommended/README.md
+++ b/etc/opt/chromium/policies/recommended/README.md
@@ -14,6 +14,7 @@
 - [`duckduckgo.json`](#duckduckgojson)
 - [`ecosia.json`](#ecosiajson)
 - [`enable-home.json`](#enable-homejson)
+- [`no-bookmarks-bar.json`](#no-bookmarks-barjson)
 - [`README.md`](#readmemd)
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
@@ -48,6 +49,10 @@ Sets and displays recommendation on the use of Ecosia as a search engine by defa
 
 Enables home button by default.
 
+## `no-bookmarks-bar.json`
+
+Hides bookmarks bar by default. I just dislike it greatly.
+
 ## `README.md`
 
 You are reading this file, are you not?
diff --git a/etc/opt/chromium/policies/recommended/no-bookmarks-bar.json b/etc/opt/chromium/policies/recommended/no-bookmarks-bar.json
new file mode 100644
index 00000000..0f750b1e
--- /dev/null
+++ b/etc/opt/chromium/policies/recommended/no-bookmarks-bar.json
@@ -0,0 +1,3 @@
+{
+  "BookmarkBarEnabled": false
+}
diff --git a/etc/opt/edge/policies/recommended/.gitignore b/etc/opt/edge/policies/recommended/.gitignore
index 0c62ae41..c291c8b7 100644
--- a/etc/opt/edge/policies/recommended/.gitignore
+++ b/etc/opt/edge/policies/recommended/.gitignore
@@ -3,3 +3,4 @@ disable-default-browser-check.json
 duckduckgo.json
 ecosia.json
 enable-home.json
+no-bookmarks-bar.json
diff --git a/etc/opt/edge/policies/recommended/no-bookmarks-bar.json b/etc/opt/edge/policies/recommended/no-bookmarks-bar.json
new file mode 120000
index 00000000..481fd8f7
--- /dev/null
+++ b/etc/opt/edge/policies/recommended/no-bookmarks-bar.json
@@ -0,0 +1 @@
+../../../chromium/policies/recommended/no-bookmarks-bar.json
\ No newline at end of file