1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
|
// Copyright 2018 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/browser_features.h"
#include "base/feature_list.h"
#include "build/branding_buildflags.h"
#include "build/build_config.h"
#if BUILDFLAG(IS_WIN)
#include "chrome/browser/net/system_network_context_manager.h"
#endif
namespace features {
#if BUILDFLAG(IS_ANDROID)
// Kill switch for allowing TWAs to autoplay with sound without requiring a user
// gesture to unlock, for parity with PWAs.
BASE_FEATURE(kAllowUnmutedAutoplayForTWA,
"AllowUnmutedAutoplayForTWA",
base::FEATURE_ENABLED_BY_DEFAULT);
#endif // BUILDFLAG(IS_ANDROID)
// This is used to enable an experiment for modifying confidence cutoff of
// prerender and preconnect for autocomplete action predictor.
BASE_FEATURE(kAutocompleteActionPredictorConfidenceCutoff,
"AutocompleteActionPredictorConfidenceCutoff",
base::FEATURE_DISABLED_BY_DEFAULT);
// This is used to enable an experiment for the bookmarks tree view in the
// side panel, providing users with a hierarchical view of their bookmarks.
BASE_FEATURE(kBookmarksTreeView,
"BookmarksTreeView",
base::FEATURE_DISABLED_BY_DEFAULT);
// This flag is used for enabling Bookmark triggered prerendering. See
// crbug.com/1422819 for more details of Bookmark triggered prerendering.
BASE_FEATURE(kBookmarkTriggerForPrerender2,
"BookmarkTriggerForPrerender2",
base::FEATURE_ENABLED_BY_DEFAULT);
// Enables Certificate Transparency on Desktop and Android Browser (CT is
// disabled in Android Webview, see aw_browser_context.cc).
// Enabling CT enforcement requires maintaining a log policy, and the ability to
// update the list of accepted logs. Embedders who are planning to enable this
// should first reach out to chrome-certificate-transparency@google.com.
// On builds where CT is enabled, this flag is also used as an emergency kill
// switch.
BASE_FEATURE(kCertificateTransparencyAskBeforeEnabling,
"CertificateTransparencyAskBeforeEnabling",
#if BUILDFLAG(GOOGLE_CHROME_BRANDING)
base::FEATURE_ENABLED_BY_DEFAULT);
#else
base::FEATURE_DISABLED_BY_DEFAULT);
#endif // BUILDFLAG(GOOGLE_CHROME_BRANDING)
// Enables using network time for certificate verification. If enabled, network
// time will be used to verify certificate validity, however certificates that
// fail to validate with network time will fall back to the system time.
// This has no effect if the network_time::kNetworkTimeServiceQuerying flag is
// disabled, or the BrowserNetworkTimeQueriesEnabled policy is set to false.
#if !BUILDFLAG(IS_CHROMEOS)
BASE_FEATURE(kCertVerificationNetworkTime,
"CertVerificationNetworkTime",
base::FEATURE_ENABLED_BY_DEFAULT);
#else
BASE_FEATURE(kCertVerificationNetworkTime,
"CertVerificationNetworkTime",
base::FEATURE_DISABLED_BY_DEFAULT);
#endif // !BUILDFLAG(IS_CHROMEOS)
// Killswitch that guards clearing all user data in the ProfileImpl destructor.
BASE_FEATURE(kClearUserDataUponProfileDestruction,
"ClearUserDataUponProfileDestruction",
base::FEATURE_ENABLED_BY_DEFAULT);
#if BUILDFLAG(IS_LINUX)
// Enables usage of os_crypt_async::SecretPortalKeyProvider. Once
// `kSecretPortalKeyProviderUseForEncryption` is enabled, this flag cannot be
// disabled without losing data.
BASE_FEATURE(kDbusSecretPortal,
"DbusSecretPortal",
base::FEATURE_ENABLED_BY_DEFAULT);
// Enables usage of os_crypt_async::FreedesktopSecretKeyProvider, which is
// compatible with the synchronous backend.
BASE_FEATURE(kUseFreedesktopSecretKeyProvider,
"UseFreedesktopSecretKeyProvider",
base::FEATURE_DISABLED_BY_DEFAULT);
#endif // BUILDFLAG(IS_LINUX)
// Destroy profiles when their last browser window is closed, instead of when
// the browser exits.
BASE_FEATURE(kDestroyProfileOnBrowserClose,
"DestroyProfileOnBrowserClose",
#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_MAC) || BUILDFLAG(IS_WIN)
base::FEATURE_ENABLED_BY_DEFAULT);
#else
base::FEATURE_DISABLED_BY_DEFAULT);
#endif
// DestroyProfileOnBrowserClose only covers deleting regular (non-System)
// Profiles. This flags lets us destroy the System Profile, as well.
BASE_FEATURE(kDestroySystemProfiles,
"DestroySystemProfiles",
base::FEATURE_DISABLED_BY_DEFAULT);
#if BUILDFLAG(IS_CHROMEOS)
// Enables being able to zoom a web page by double tapping in Chrome OS tablet
// mode.
BASE_FEATURE(kDoubleTapToZoomInTabletMode,
"DoubleTapToZoomInTabletMode",
base::FEATURE_DISABLED_BY_DEFAULT);
#endif
// Enables showing the email of the flex org admin that setup CBCM in the
// management disclosures.
BASE_FEATURE(kFlexOrgManagementDisclosure,
"FlexOrgManagementDisclosure",
#if BUILDFLAG(IS_CHROMEOS)
base::FEATURE_DISABLED_BY_DEFAULT);
#else
base::FEATURE_ENABLED_BY_DEFAULT);
#endif // BUILDFLAG(IS_CHROMEOS)
// Enables the Incoming Call Notifications scenario. When created by an
// installed origin, an incoming call notification should have increased
// priority, colored buttons, a ringtone, and a default "close" button.
// Otherwise, if the origin is not installed, it should behave like the default
// notifications, but with the added "Close" button. See
// https://github.com/MicrosoftEdge/MSEdgeExplainers/blob/main/Notifications/notifications_actions_customization.md
BASE_FEATURE(kIncomingCallNotifications,
"IncomingCallNotifications",
base::FEATURE_DISABLED_BY_DEFAULT);
#if !BUILDFLAG(IS_ANDROID)
// Adds a "Snooze" action to mute notifications during screen sharing sessions.
BASE_FEATURE(kMuteNotificationSnoozeAction,
"MuteNotificationSnoozeAction",
base::FEATURE_DISABLED_BY_DEFAULT);
#endif
// This feature enables monitoring of first-party network requests in order to
// find possible violations. Example: A Chrome policy is set to disabled but the
// network request controlled by that policy is observed.
BASE_FEATURE(kNetworkAnnotationMonitoring,
"NetworkAnnotationMonitoring",
base::FEATURE_DISABLED_BY_DEFAULT);
// This flag is used for enabling New Tab Page triggered prerendering. See
// crbug.com/1462832 for more details of New Tab Page triggered prerendering.
BASE_FEATURE(kNewTabPageTriggerForPrerender2,
"NewTabPageTriggerForPrerender2",
base::FEATURE_ENABLED_BY_DEFAULT);
#if BUILDFLAG(IS_ANDROID)
// Adds an "Unsubscribe" action to web push notifications that allows stopping
// notifications from a given origin with a single tap (with an option to undo).
BASE_FEATURE(kNotificationOneTapUnsubscribe,
"NotificationOneTapUnsubscribe",
base::FEATURE_ENABLED_BY_DEFAULT);
base::FeatureParam<bool> kNotificationOneTapUnsubscribeUseServiceIntentParam{
&kNotificationOneTapUnsubscribe, "use_service_intent", false};
#endif
// Enables executing the browser commands sent by the NTP promos.
BASE_FEATURE(kPromoBrowserCommands,
"PromoBrowserCommands",
base::FEATURE_ENABLED_BY_DEFAULT);
// Parameter name for the promo browser command ID provided along with
// kPromoBrowserCommands.
// The value of this parameter should be parsable as an unsigned integer and
// should map to one of the browser commands specified in:
// ui/webui/resources/js/browser_command/browser_command.mojom
const char kBrowserCommandIdParam[] = "BrowserCommandIdParam";
#if !BUILDFLAG(IS_ANDROID)
// Keeps accessibility enabled for WebContents as ReadAnything observes changes
// to the active WebContents. This is a holdback study to evaluate the impact of
// the new behavior, whereby the accessibility modes required by ReadyAnything
// are cleared on a WebContents when ReadAnything loses interest in it.
BASE_FEATURE(kReadAnythingPermanentAccessibility,
"ReadAnythingPermanentAccessibility",
base::FEATURE_DISABLED_BY_DEFAULT);
#endif
#if BUILDFLAG(IS_WIN) && BUILDFLAG(GOOGLE_CHROME_BRANDING)
// When this feature is enabled, Chrome will register os_update_handler with
// Omaha, to be run on OS upgrade.
BASE_FEATURE(kRegisterOsUpdateHandlerWin,
"RegisterOsUpdateHandlerWin",
base::FEATURE_ENABLED_BY_DEFAULT);
// When this feature is enabled, Chrome will install the
// platform_experience_helper.
BASE_FEATURE(kInstallPlatformExperienceHelperWin,
"InstallPlatformExperienceHelperWin",
base::FEATURE_DISABLED_BY_DEFAULT);
#endif // BUILDFLAG(IS_WIN) && BUILDFLAG(GOOGLE_CHROME_BRANDING)
// When this feature is enabled, the network service will restart unsandboxed if
// a previous attempt to launch it sandboxed failed.
BASE_FEATURE(kRestartNetworkServiceUnsandboxedForFailedLaunch,
"RestartNetworkServiceUnsandboxedForFailedLaunch",
base::FEATURE_ENABLED_BY_DEFAULT);
// Gates sandboxed iframe navigation toward external protocol behind any of:
// - allow-top-navigation
// - allow-top-navigation-to-custom-protocols
// - allow-top-navigation-with-user-gesture (+ user gesture)
// - allow-popups
//
// Motivation:
// Developers are surprised that a sandboxed iframe can navigate and/or
// redirect the user toward an external application.
// General iframe navigation in sandboxed iframe are not blocked normally,
// because they stay within the iframe. However they can be seen as a popup or
// a top-level navigation when it leads to opening an external application. In
// this case, it makes sense to extend the scope of sandbox flags, to block
// malvertising.
//
// Implementation bug: https://crbug.com/1253379
// I2S: https://groups.google.com/a/chromium.org/g/blink-dev/c/-t-f7I6VvOI
//
// Enabled in M103. Flag to be removed in M106
BASE_FEATURE(kSandboxExternalProtocolBlocked,
"SandboxExternalProtocolBlocked",
base::FEATURE_ENABLED_BY_DEFAULT);
// Enabled in M100. Flag to be removed in M106
BASE_FEATURE(kSandboxExternalProtocolBlockedWarning,
"SandboxExternalProtocolBlockedWarning",
base::FEATURE_ENABLED_BY_DEFAULT);
#if BUILDFLAG(IS_LINUX)
// If true, encrypt new data with the key provided by SecretPortalKeyProvider.
// Otherwise, it will only decrypt existing data.
BASE_FEATURE(kSecretPortalKeyProviderUseForEncryption,
"SecretPortalKeyProviderUseForEncryption",
base::FEATURE_DISABLED_BY_DEFAULT);
// If true, encrypt new data with the key provided by
// FreedesktopSecretKeyProvider. Otherwise, it will only decrypt existing data.
BASE_FEATURE(kUseFreedesktopSecretKeyProviderForEncryption,
"UseFreedesktopSecretKeyProviderForEncryption",
base::FEATURE_DISABLED_BY_DEFAULT);
#endif // BUILDFLAG(IS_LINUX)
// Enables migration of the network context data from `unsandboxed_data_path` to
// `data_path`. See the explanation in network_context.mojom.
BASE_FEATURE(kTriggerNetworkDataMigration,
"TriggerNetworkDataMigration",
#if BUILDFLAG(IS_WIN)
base::FEATURE_ENABLED_BY_DEFAULT
#else
base::FEATURE_DISABLED_BY_DEFAULT
#endif
);
#if BUILDFLAG(IS_CHROMEOS)
// If enabled, a blue border is drawn around shared tabs on ChromeOS.
// If disabled, the blue border is not used on ChromeOS.
//
// Motivation:
// The blue border behavior used to (still does, see below) cause problems on
// ChromeOS - see crbug.com/1320262 (fixed). This flag is introduced as means
// of disabling this feature in case of possible future regressions.
//
// TODO(crbug.com/40198577): Remove this flag once we confirm that blue border
// works fine on ChromeOS.
//
// b/279051234: We suspect the tab sharing blue border may cause a bad issue
// on ChromeOS where a window can not be interacted at all. Disable the feature
// on ChromeOS.
BASE_FEATURE(kTabCaptureBlueBorderCrOS,
"TabCaptureBlueBorderCrOS",
base::FEATURE_DISABLED_BY_DEFAULT);
#endif
// Enables runtime detection of USB devices which provide a WebUSB landing page
// descriptor.
BASE_FEATURE(kWebUsbDeviceDetection,
"WebUsbDeviceDetection",
base::FEATURE_ENABLED_BY_DEFAULT);
#if BUILDFLAG(IS_WIN)
// Disable dynamic code using ACG. Prevents the browser process from generating
// dynamic code or modifying executable code. See comments in
// sandbox/win/src/security_level.h. Only available on Windows 10 RS1 (1607,
// Build 14393) onwards.
BASE_FEATURE(kBrowserDynamicCodeDisabled,
"BrowserDynamicCodeDisabled",
base::FEATURE_DISABLED_BY_DEFAULT);
// The Chrome DLL can be pre-read with ::PrefetchVirtualMemory() from the
// browser or a child process. Pre-reading is supposed to bring the whole DLL in
// physical memory more efficiently than a series of hard faults. However,
// pre-reading consumes a non-trivial amount of CPU even when the DLL is already
// in physical memory and it may not be necessary to have the full DLL in
// physical memory (space taken by unused parts of the DLL could potentially be
// used for more important stuff). This file has multiple features to experiment
// with policies for pre-reading the Chrome DLL in child processes. The
// `kPrefetchVirtualMemoryPolicy` feature defined elsewhere controls pre-reading
// the Chrome DLL from the browser process.
// When enabled, child processes never pre-read the Chrome DLL.
BASE_FEATURE(kNoPreReadMainDll,
"NoPreReadMainDll",
base::FEATURE_DISABLED_BY_DEFAULT);
// When enabled, child processes don't pre-read the Chrome DLL if we believe the
// Chrome DLL is on an SSD (i.e. pre-read only on spinning disk).
BASE_FEATURE(kNoPreReadMainDllIfSsd,
"NoPreReadMainDllIfSsd",
base::FEATURE_ENABLED_BY_DEFAULT);
// When enabled, the browser process suppresses pre-read in child processes
// shortly after browser startup, where "shortly after" is dictated by the
// feature param below. This is thought to be a productive strategy since the
// browser process will have recently pre-read the DLL during browser
// startup. In that case, the browser process has recently pre-read the DLL so
// pre-reading again is thought to be counter-productive (CPU consumption for no
// gains).
BASE_FEATURE(kNoPreReadMainDllStartup,
"NoPreReadMainDllStartup",
base::FEATURE_DISABLED_BY_DEFAULT);
// Time after browser startup during which child processes don't pre-read the
// Chrome DLL when `kNoPreReadMainDllStartup` is enabled.
const base::FeatureParam<base::TimeDelta>
kNoPreReadMainDllStartup_StartupDuration{&kNoPreReadMainDllStartup,
"no-preread-dll-startup-time",
base::Minutes(2)};
// When enabled, the browser process will re-launch itself when launched with
// an elevated linked token. The re-launched browser will use the token from
// the Windows Shell (explorer.exe), which is typically non-elevated.
BASE_FEATURE(kAutoDeElevate, "AutoDeElevate", base::FEATURE_ENABLED_BY_DEFAULT);
#endif // BUILDFLAG(IS_WIN)
#if !BUILDFLAG(IS_ANDROID)
// This flag controls whether to perform Pak integrity check on startup to
// report statistics for on-disk corruption.
// Disabled on ChromeOS, as dm-verity enforces integrity and the check would
// be redundant.
BASE_FEATURE(kReportPakFileIntegrity,
"ReportPakFileIntegrity",
#if !BUILDFLAG(IS_CHROMEOS)
base::FEATURE_ENABLED_BY_DEFAULT);
#else
base::FEATURE_DISABLED_BY_DEFAULT);
#endif // BUILDFLAG(IS_CHROMEOS)
#endif // BUILDFLAG(IS_ANDROID)
// This flag enables the removal of IWAs surface captures from Chrome Tabs
// category in getDisplayMedia() API. When disabled, IWAs surface captures
// show both in Chrome Tabs and Windows.
BASE_FEATURE(kRemovalOfIWAsFromTabCapture,
"RemovalOfIWAsFromTabCapture",
base::FEATURE_ENABLED_BY_DEFAULT);
} // namespace features
|
