Ready for Developer Testing: Permissions Policy for Device Attributes API

109 views
Skip to first unread message

Chromestatus

unread,
Aug 8, 2025, 3:15:27 PMAug 8
to blin...@chromium.org, pch...@google.com, rei...@chromium.org

Contact emails

pch...@google.com

Explainer

https://github.com/WICG/WebApiDevice/blob/main/DeviceAttributesPermissionsPolicyExplainer.md

Specification

https://github.com/WICG/WebApiDevice/blob/main/DeviceAttributesPermissionsPolicyExplainer.md

Summary

The new Permissions Policy enables restricting access to the Device Attributes API, which is available only for policy-installed apps on managed ChromeOS devices. Additionally, the feature will be controlled by the Content Settings, and 2 new policies will be introduced: DeviceAttributesBlockedForOrigins and DefaultDeviceAttributesSetting, to complement the already existing DeviceAttributesAllowedForOrigins. The feature will be enabled by default.



Blink component

Blink>Managed

TAG review

None

TAG review status

Pending

Risks



Interoperability and Compatibility

None



Gecko: No signal

WebKit: No signal

Web developers: No signals

Other signals:

WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

None



Goals for experimentation



Ongoing technical constraints

None



Debuggability

None



Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?

No

Is this feature fully tested by web-platform-tests?

No

Flag name on about://flags

None

Finch feature name

DeviceAttributesPermissionPolicy

Requires code in //chrome?

False

Estimated milestones

Shipping on desktop 141
DevTrial on desktop 140


Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/4843520522977280

Links to previous Intent discussions

Intent to Prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/684c1f97.170a0220.aedbe.04cd.GAE%40google.com


This intent message was generated by Chrome Platform Status.

Reilly Grant

unread,
Aug 8, 2025, 3:34:25 PMAug 8
to Chromestatus, blin...@chromium.org, pch...@google.com
Patryk, can you reply to this with more detailed explanations for the places where the template was filled in with "None"? We discussed for example that a TAG review is unnecessary as this is an incremental change to a feature they have already declined to review. 
Reilly Grant | Software Engineer | rei...@chromium.org | Google Chrome

Patryk Chodur

unread,
Aug 8, 2025, 5:39:34 PMAug 8
to Reilly Grant, Chromestatus, blin...@chromium.org

Sorry, I edited the missing info. Please let me know if there are more questions I can anwer.


Contact emails

pch...@google.com

Explainer

https://github.com/WICG/WebApiDevice/blob/main/DeviceAttributesPermissionsPolicyExplainer.md

Specification

https://github.com/WICG/WebApiDevice/blob/main/DeviceAttributesPermissionsPolicyExplainer.md

Summary

The new Permissions Policy enables restricting access to the Device Attributes API, which is available only for policy-installed apps on managed ChromeOS devices. Additionally, the feature will be controlled by the Content Settings, and 2 new policies will be introduced: DeviceAttributesBlockedForOrigins and DefaultDeviceAttributesSetting, to complement the already existing DeviceAttributesAllowedForOrigins. The feature will be enabled by default.



Blink component

Blink>Managed

TAG review

TAG didn't review the original implementation of Device Attributes API and this is an incremental change to it.

TAG review status

Not applicable

Risks



Interoperability and Compatibility

The Isolated Web Apps that used the Device Attributes API will now need to declare the usage of the API in the permissions_policy section in the manifest. The API launched only in ChromeOS Kiosk mode and there are no known IWAs using the API though.



Gecko: No signal

WebKit: No signal

Web developers: No signals

Other signals:

WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

The API which the feature is related to is not available in WebView. It is available only for policy installed web applications on managed ChromeOS devices.



Goals for experimentation



Ongoing technical constraints

None



Debuggability

The Device Attributes API can be called from the DevTools console. This feature changes the availability of the API, so either a result of the call or an error can be seen from DevTools.



Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?

No

The Device Attributes API is available only on ChromeOS, so this feature is supported on ChromeOS only as well.



Is this feature fully tested by web-platform-tests?

No

Flag name on about://flags

None

Finch feature name

DeviceAttributesPermissionPolicy

Requires code in //chrome?

True


Estimated milestones

Shipping on desktop141
DevTrial on desktop140


Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/4843520522977280

Links to previous Intent discussions

Intent to Prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/684c1f97.170a0220.aedbe.04cd.GAE%40google.com


This intent message was generated by Chrome Platform Status.
Reply all
Reply to author
Forward
0 new messages