OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 syntax = "proto2"; | 5 syntax = "proto2"; |
6 | 6 |
7 option optimize_for = LITE_RUNTIME; | 7 option optimize_for = LITE_RUNTIME; |
8 | 8 |
9 package enterprise_management; | 9 package enterprise_management; |
10 | 10 |
(...skipping 11 matching lines...) Expand all Loading... |
22 enum Type { | 22 enum Type { |
23 TT = 0; // Register for TT release. | 23 TT = 0; // Register for TT release. |
24 USER = 1; // Register for user polices. | 24 USER = 1; // Register for user polices. |
25 DEVICE = 2; // Register for device policies. | 25 DEVICE = 2; // Register for device policies. |
26 } | 26 } |
27 // NOTE: we also use this field to detect client version. If this | 27 // NOTE: we also use this field to detect client version. If this |
28 // field is missing, then the request comes from TT. We will remove | 28 // field is missing, then the request comes from TT. We will remove |
29 // Chrome OS TT support once it is over. | 29 // Chrome OS TT support once it is over. |
30 optional Type type = 2 [default = TT]; | 30 optional Type type = 2 [default = TT]; |
31 | 31 |
32 // Machine hardware id, such as MEID, Mac adress. | 32 // Machine hardware id, such as serial number. |
33 // This field is required if register type == DEVICE. | 33 // This field is required if register type == DEVICE. |
34 optional string machine_id = 3; | 34 optional string machine_id = 3; |
35 | 35 |
36 // Machine model name, such as "ZGA", "Cr-48", "Nexus One". If the | 36 // Machine model name, such as "ZGA", "Cr-48", "Nexus One". If the |
37 // model name is not available, client SHOULD send generic name like | 37 // model name is not available, client SHOULD send generic name like |
38 // "Android", or "Chrome OS". | 38 // "Android", or "Chrome OS". |
39 optional string machine_model = 4; | 39 optional string machine_model = 4; |
40 } | 40 } |
41 | 41 |
42 // Response from server to device register request. | 42 // Response from server to device register request. |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
90 SHA1_RSA = 1; | 90 SHA1_RSA = 1; |
91 } | 91 } |
92 optional SignatureType signature_type = 3 [default = NONE]; | 92 optional SignatureType signature_type = 3 [default = NONE]; |
93 | 93 |
94 // The version number of the public key that is currently stored | 94 // The version number of the public key that is currently stored |
95 // on the client. This should be the last number the server had | 95 // on the client. This should be the last number the server had |
96 // supplied as new_public_key_version in PolicyData. | 96 // supplied as new_public_key_version in PolicyData. |
97 // This field is unspecified if the client does not yet have a | 97 // This field is unspecified if the client does not yet have a |
98 // public key. | 98 // public key. |
99 optional int32 public_key_version = 4; | 99 optional int32 public_key_version = 4; |
| 100 |
| 101 // Machine hardware id, such as serial number. |
| 102 // This field is should be set only if the serial number for the device is |
| 103 // missing from the server, as indicated by the valid_serial_number_missing |
| 104 // field in the last policy fetch response. |
| 105 optional string machine_id = 5; |
100 } | 106 } |
101 | 107 |
102 // This message is included in serialized form in PolicyFetchResponse | 108 // This message is included in serialized form in PolicyFetchResponse |
103 // below. It may also be signed, with the signature being created for | 109 // below. It may also be signed, with the signature being created for |
104 // the serialized form. | 110 // the serialized form. |
105 message PolicyData { | 111 message PolicyData { |
106 // See PolicyFetchRequest.policy_type. | 112 // See PolicyFetchRequest.policy_type. |
107 optional string policy_type = 1; | 113 optional string policy_type = 1; |
108 | 114 |
109 // [timestamp] is milli seconds since Epoch in UTC timezone. It is | 115 // [timestamp] is milliseconds since Epoch in UTC timezone. It is |
110 // included here so that the time at which the server issued this | 116 // included here so that the time at which the server issued this |
111 // response cannot be faked (as protection against replay attacks). | 117 // response cannot be faked (as protection against replay attacks). |
112 // It is the timestamp generated by DMServer, NOT the time admin | 118 // It is the timestamp generated by DMServer, NOT the time admin |
113 // last updated the policy or anything like that. | 119 // last updated the policy or anything like that. |
114 optional int64 timestamp = 2; | 120 optional int64 timestamp = 2; |
115 | 121 |
116 // The DM token that was used by the client in the HTTP POST header | 122 // The DM token that was used by the client in the HTTP POST header |
117 // for authenticating the request. It is included here again so that | 123 // for authenticating the request. It is included here again so that |
118 // the client can verify that the response is meant for him (and not | 124 // the client can verify that the response is meant for him (and not |
119 // issued by a replay or man-in-the-middle attack). | 125 // issued by a replay or man-in-the-middle attack). |
(...skipping 29 matching lines...) Expand all Loading... |
149 // Indicates which state this association with DMServer is in. This can be | 155 // Indicates which state this association with DMServer is in. This can be |
150 // used to tell the client that it is not receiving policy even though the | 156 // used to tell the client that it is not receiving policy even though the |
151 // registration with the server is kept active. | 157 // registration with the server is kept active. |
152 enum AssociationState { | 158 enum AssociationState { |
153 // Association is active and policy is pushed. | 159 // Association is active and policy is pushed. |
154 ACTIVE = 0; | 160 ACTIVE = 0; |
155 // Association is alive, but the corresponding domain is not managed. | 161 // Association is alive, but the corresponding domain is not managed. |
156 UNMANAGED = 1; | 162 UNMANAGED = 1; |
157 } | 163 } |
158 optional AssociationState state = 9 [default = ACTIVE]; | 164 optional AssociationState state = 9 [default = ACTIVE]; |
| 165 |
| 166 // Indicates if the the server cannot find a valid serial number for the |
| 167 // device. If this flag is set, the device should send the valid serial |
| 168 // number with a device policy fetch request. Note that this only |
| 169 // applies to device policy. |
| 170 optional bool valid_serial_number_missing = 10; |
159 } | 171 } |
160 | 172 |
161 message PolicyFetchResponse { | 173 message PolicyFetchResponse { |
162 // Since a single policy request may ask for multiple policies, we | 174 // Since a single policy request may ask for multiple policies, we |
163 // provide separate error code for each individual policy fetch. | 175 // provide separate error code for each individual policy fetch. |
164 | 176 |
165 // We will use standard HTTP Status Code as error code. | 177 // We will use standard HTTP Status Code as error code. |
166 optional int32 error_code = 1; | 178 optional int32 error_code = 1; |
167 | 179 |
168 // Human readable error message for customer support purpose. | 180 // Human readable error message for customer support purpose. |
169 optional string error_message = 2; | 181 optional string error_message = 2; |
170 | 182 |
171 // This is a serialized |PolicyData| protobuf (defined above). | 183 // This is a serialized |PolicyData| protobuf (defined above). |
172 optional bytes policy_data = 3; | 184 optional bytes policy_data = 3; |
173 | 185 |
174 // Signature of the policy data above. | 186 // Signature of the policy data above. |
175 optional bytes policy_data_signature = 4; | 187 optional bytes policy_data_signature = 4; |
176 | 188 |
(...skipping 21 matching lines...) Expand all Loading... |
198 // request multiple policies for better performance. | 210 // request multiple policies for better performance. |
199 repeated PolicyFetchRequest request = 3; | 211 repeated PolicyFetchRequest request = 3; |
200 } | 212 } |
201 | 213 |
202 // Response from server to device for reading policies. | 214 // Response from server to device for reading policies. |
203 message DevicePolicyResponse { | 215 message DevicePolicyResponse { |
204 // The policy fetch response. | 216 // The policy fetch response. |
205 repeated PolicyFetchResponse response = 3; | 217 repeated PolicyFetchResponse response = 3; |
206 } | 218 } |
207 | 219 |
| 220 message TimePeriod { |
| 221 // [timestamp] is milli seconds since Epoch in UTC timezone. |
| 222 optional int64 start_timestamp = 1; |
| 223 optional int64 end_timestamp = 2; |
| 224 } |
| 225 |
| 226 // This captures launch events for one app/extension or other installments. |
| 227 message InstallableLaunch { |
| 228 optional string install_id = 1; |
| 229 |
| 230 // Time duration where this report covers. These are required |
| 231 // and the record will be ignored if not set. |
| 232 optional TimePeriod duration = 2; |
| 233 |
| 234 // Client will send at most 50 timestamps to DM. All the rest |
| 235 // launch activities will be summed into the total count. |
| 236 // We will distribute the count evenly among the time span when |
| 237 // doing time based aggregation. |
| 238 repeated int64 timestamp = 3; |
| 239 optional int64 total_count = 4; |
| 240 } |
| 241 |
| 242 // Report device level status. |
| 243 message DeviceStatusReportRequest { |
| 244 optional string os_version = 1; |
| 245 optional string firmware_version = 2; |
| 246 |
| 247 // "Validated", "Dev". Same as verified mode. |
| 248 // If the mode is unknown, this field should not be set. |
| 249 optional string boot_mode = 3; |
| 250 |
| 251 // Device active times collection since last report rpc call. |
| 252 repeated TimePeriod active_time = 4; |
| 253 } |
| 254 |
| 255 // Report session (a user on one device) level status. |
| 256 message SessionStatusReportRequest { |
| 257 // Installed apps for this user on this device. |
| 258 repeated string installed_app_id = 1; |
| 259 |
| 260 // Installed extensions for this user on this device. |
| 261 repeated string installed_extension_id = 2; |
| 262 |
| 263 // One stat per app for top 30 apps. |
| 264 repeated InstallableLaunch app_launch_stat = 3; |
| 265 } |
| 266 |
| 267 // Response from DMServer to update devices' status. |
| 268 // It is possible that status report fails but policy request succeed. In such |
| 269 // case, the DeviceStatusReportResponse will contain an error code and the |
| 270 // device should re-send status report data in the next policy request. The |
| 271 // device should re-send report data if policy request fails, even if |
| 272 // DeviceStatusReportResponse contains no error code. |
| 273 message DeviceStatusReportResponse { |
| 274 optional int32 error_code = 1; |
| 275 |
| 276 // Human readable error message for customer support purpose. |
| 277 optional string error_message = 2; |
| 278 } |
| 279 |
| 280 // Response from DMServer to update user devices' status. |
| 281 // It is possible that status report fails but policy request succeed. In such |
| 282 // case, the SessionStatusReportResponse will contain an error code and the |
| 283 // device should re-send status report data in the next policy request. The |
| 284 // device should re-send report data if policy request fails, even if |
| 285 // SessionStatusReportResponse contains no error code. |
| 286 message SessionStatusReportResponse { |
| 287 optional int32 error_code = 1; |
| 288 |
| 289 // Human readable error message for customer support purpose. |
| 290 optional string error_message = 2; |
| 291 } |
| 292 |
208 // Request from the DMAgent on the device to the DMServer. This is | 293 // Request from the DMAgent on the device to the DMServer. This is |
209 // container for all requests from device to server. The overall HTTP | 294 // container for all requests from device to server. The overall HTTP |
210 // request MUST be in the following format: | 295 // request MUST be in the following format: |
211 // | 296 // |
212 // * HTTP method is POST | 297 // * HTTP method is POST |
213 // * Data mime type is application/x-protobuffer | 298 // * Data mime type is application/x-protobuffer |
214 // * HTTP parameters are (all required, all case sensitive): | 299 // * HTTP parameters are (all required, all case sensitive): |
215 // * request: MUST BE one of register/unregister/policy/ping | 300 // * request: MUST BE one of register/unregister/policy/ping/status |
216 // * devicetype: MUST BE "1" for Android or "2" for Chrome OS. | 301 // * devicetype: MUST BE "1" for Android or "2" for Chrome OS. |
217 // * apptype: MUST BE Android or Chrome. | 302 // * apptype: MUST BE Android or Chrome. |
218 // * deviceid: MUST BE no more than 64-char in [\x21-\x7E]. | 303 // * deviceid: MUST BE no more than 64-char in [\x21-\x7E]. |
219 // * agent: MUST BE no more than 64-char long. | 304 // * agent: MUST BE no more than 64-char long. |
220 // * HTTP Authorization header MUST be in the following formats: | 305 // * HTTP Authorization header MUST be in the following formats: |
221 // * For register and ping requests | 306 // * For register and ping requests |
222 // Authorization: GoogleLogin auth=<auth cookie for Mobile Sync> | 307 // Authorization: GoogleLogin auth=<auth cookie for Mobile Sync> |
223 // | 308 // |
224 // * For unregister and policy requests | 309 // * For unregister, policy and status requests |
225 // Authorization: GoogleDMToken token=<dm token from register> | 310 // Authorization: GoogleDMToken token=<dm token from register> |
226 // | 311 // |
227 // * OAuth is NOT supported yet. | 312 // * OAuth is NOT supported yet. |
| 313 // |
| 314 // DeviceManagementRequest should only contain one request which matches the |
| 315 // HTTP query parameter - request, as listed below. Other requests within the |
| 316 // container will be ignored. |
| 317 // ping: policy_request |
| 318 // register: register_request |
| 319 // unregister: unregister_request |
| 320 // policy: policy_request |
| 321 // status: status_report_request |
| 322 // |
| 323 // |
228 message DeviceManagementRequest { | 324 message DeviceManagementRequest { |
229 // Register request. | 325 // Register request. |
230 optional DeviceRegisterRequest register_request = 1; | 326 optional DeviceRegisterRequest register_request = 1; |
231 | 327 |
232 // Unregister request. | 328 // Unregister request. |
233 optional DeviceUnregisterRequest unregister_request = 2; | 329 optional DeviceUnregisterRequest unregister_request = 2; |
234 | 330 |
235 // Policy request. | 331 // Policy request. |
236 optional DevicePolicyRequest policy_request = 3; | 332 optional DevicePolicyRequest policy_request = 3; |
| 333 |
| 334 // Update status. |
| 335 optional DeviceStatusReportRequest device_status_report_request = 4; |
| 336 optional SessionStatusReportRequest session_status_report_request = 5; |
237 } | 337 } |
238 | 338 |
239 // Response from server to device. | 339 // Response from server to device. |
240 // | 340 // |
241 // The server uses the following numbers as HTTP status codes | 341 // The server uses the following numbers as HTTP status codes |
242 // to report top-level errors. | 342 // to report top-level errors. |
243 // | 343 // |
244 // 200 OK: valid response is returned to client. | 344 // 200 OK: valid response is returned to client. |
245 // 400 Bad Request: invalid argument. | 345 // 400 Bad Request: invalid argument. |
246 // 401 Unauthorized: invalid auth cookie or DM token. | 346 // 401 Unauthorized: invalid auth cookie or DM token. |
(...skipping 10 matching lines...) Expand all Loading... |
257 optional string error_message = 2; | 357 optional string error_message = 2; |
258 | 358 |
259 // Register response | 359 // Register response |
260 optional DeviceRegisterResponse register_response = 3; | 360 optional DeviceRegisterResponse register_response = 3; |
261 | 361 |
262 // Unregister response | 362 // Unregister response |
263 optional DeviceUnregisterResponse unregister_response = 4; | 363 optional DeviceUnregisterResponse unregister_response = 4; |
264 | 364 |
265 // Policy response. | 365 // Policy response. |
266 optional DevicePolicyResponse policy_response = 5; | 366 optional DevicePolicyResponse policy_response = 5; |
| 367 |
| 368 // Device status report response. |
| 369 optional DeviceStatusReportResponse device_status_report_response = 6; |
| 370 |
| 371 // Session status report response. |
| 372 optional SessionStatusReportResponse session_status_report_response = 7; |
267 } | 373 } |
OLD | NEW |