The new Permissions Policy enables restricting access to the Device Attributes API, which is available only for policy-installed kiosk web apps and policy-installed Isolated Web Apps, both only on managed ChromeOS devices. Additionally, the feature is controlled by content settings. 2 new policies are introduced: [DeviceAttributesBlockedForOrigins](https://chromeenterprise.google/policies/#DeviceAttributesBlockedForOrigins) and [DefaultDeviceAttributesSetting](https://chromeenterprise.google/policies/#DefaultDeviceAttributesSetting), to complement the introduced earlier [DeviceAttributesAllowedForOrigins](https://chromeenterprise.google/policies/#DeviceAttributesAllowedForOrigins). The feature is enabled by default for the supported scenarios described above.
The Device Attributes API allows web developers to query information about the device. This information can be used for context-based configuration or other device-aware use cases such as licensing. The goal of this change is to make the Device Attributes API usable with less configuration, while still maintaining administrators' control over what applications are allowed to access the API.
Explainers: https://github.com/WICG/WebApiDevice/blob/main/DeviceAttributesPermissionsPolicyExplainer.md