OLD | NEW |
| (Empty) |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 syntax = "proto2"; | |
6 | |
7 option optimize_for = LITE_RUNTIME; | |
8 | |
9 package enterprise_management; | |
10 | |
11 message DevicePolicyRefreshRateProto { | |
12 // In milliseconds. | |
13 optional int64 device_policy_refresh_rate = 1; | |
14 } | |
15 | |
16 message UserWhitelistProto { | |
17 // If a UserWhitelistProto is included in the ChromeDeviceSettingsProto but | |
18 // the user_whitelist field is empty then no user can sign-in. | |
19 repeated string user_whitelist = 1; | |
20 } | |
21 | |
22 message AllowNewUsersProto { | |
23 // Determines whether we allow arbitrary users to log into the device. | |
24 // This interacts with the UserWhitelistProto as follows: | |
25 // allow_new_users | user_whitelist | anyone can log in | |
26 //-----------------+--------------------+------------------ | |
27 // present, true | not present | Yes | |
28 //-----------------+--------------------+------------------ | |
29 // present, true | present | Yes | |
30 //-----------------+--------------------+------------------ | |
31 // present, false | not present | (Broken) Yes | |
32 //-----------------+--------------------+------------------ | |
33 // present, false | present | No, W/L enforced | |
34 //-----------------+--------------------+------------------ | |
35 // not present | not present | Yes | |
36 //-----------------+--------------------+------------------ | |
37 // not present | present, empty | Yes | |
38 //-----------------+--------------------+------------------ | |
39 // not present | present, non-empty | No, W/L enforced | |
40 //-----------------+--------------------+------------------ | |
41 optional bool allow_new_users = 1 [default = true]; | |
42 } | |
43 | |
44 message GuestModeEnabledProto { | |
45 // Determines if guests are allowed to log in to the device. | |
46 optional bool guest_mode_enabled = 1 [default = true]; | |
47 } | |
48 | |
49 message ShowUserNamesOnSigninProto { | |
50 // Determines if we show pods for existing users on the sign in screen. | |
51 optional bool show_user_names = 1 [default = true]; | |
52 } | |
53 | |
54 message DataRoamingEnabledProto { | |
55 // Determines if cellular data roaming is enabled. | |
56 optional bool data_roaming_enabled = 1 [default = false]; | |
57 } | |
58 | |
59 message DeviceProxySettingsProto { | |
60 // One of "direct", "auto_detect", "pac_script", "fixed_servers", "system" | |
61 optional string proxy_mode = 1; | |
62 optional string proxy_server = 2; | |
63 optional string proxy_pac_url = 3; | |
64 optional string proxy_bypass_list = 4; | |
65 } | |
66 | |
67 message CameraEnabledProto { | |
68 optional bool camera_enabled = 1; | |
69 } | |
70 | |
71 message MetricsEnabledProto { | |
72 optional bool metrics_enabled = 1; | |
73 } | |
74 | |
75 message ReleaseChannelProto { | |
76 // One of "stable-channel", "beta-channel", or "dev-channel" | |
77 optional string release_channel = 1; | |
78 | |
79 // If |release_channel_delegated| is set to true and the |release_channel| | |
80 // field is not set or left empty, the user can select the channel. If the | |
81 // |release_channel| is specified it will always override users choice! | |
82 optional bool release_channel_delegated = 2; | |
83 } | |
84 | |
85 message DeviceOpenNetworkConfigurationProto { | |
86 // The network configuration blob. This is a JSON string as specified by ONC. | |
87 optional string open_network_configuration = 1; | |
88 } | |
89 | |
90 // Policies to turn on portions of the device status reports. | |
91 message DeviceReportingProto { | |
92 optional bool report_version_info = 1; | |
93 optional bool report_activity_times = 2; | |
94 optional bool report_boot_mode = 3; | |
95 optional bool report_location = 4; | |
96 } | |
97 | |
98 message EphemeralUsersEnabledProto { | |
99 // Determines whether users should be treated as ephemeral. In ephemeral users | |
100 // mode, no cryptohome is created for the user, but a tmpfs mount is used | |
101 // instead such that upon logout all user state is discarded. | |
102 optional bool ephemeral_users_enabled = 1; | |
103 } | |
104 | |
105 // Details of an extension to install as part of the AppPack. | |
106 message AppPackEntryProto { | |
107 optional string extension_id = 1; | |
108 optional string update_url = 2; | |
109 optional bool online_only = 3; | |
110 } | |
111 | |
112 message AppPackProto { | |
113 // List of extensions to install as part of the AppPack. | |
114 repeated AppPackEntryProto app_pack = 1; | |
115 } | |
116 | |
117 // This is a special policy for kiosk/retail mode that specifies what apps | |
118 // should be pinned to the launcher. For regular accounts, pinned apps are | |
119 // controlled through user policy. | |
120 message PinnedAppsProto { | |
121 // App IDs for the apps to pin. | |
122 repeated string app_id = 1; | |
123 } | |
124 | |
125 message ForcedLogoutTimeoutsProto { | |
126 // All timeouts are specified in milliseconds. | |
127 | |
128 // Specifies the timeout before an idle user session is terminated. | |
129 // If this field is omitted or set to 0, no logout on idle will be performed. | |
130 optional int64 idle_logout_timeout = 1; | |
131 | |
132 // Specifies the duration of a warning countdown before the user is logged out | |
133 // because of idleness as specified by the |idle_logout_timeout| value. | |
134 // This field is only used if |idle_logout_timeout| != 0 is specified. | |
135 optional int64 idle_logout_warning_duration = 2; | |
136 } | |
137 | |
138 message ScreenSaverProto { | |
139 // Specifies the extension ID which is to be used as a screen saver on the | |
140 // login screen if no user activity is present. Only respected if the device | |
141 // is in RETAIL mode. | |
142 optional string screen_saver_extension_id = 1; | |
143 | |
144 // Specifies the timeout before the screen saver is activated. If this field | |
145 // is omitted or set to 0, no screen-saver will be started. | |
146 // Measured in milliseconds. | |
147 optional int64 screen_saver_timeout = 2; | |
148 } | |
149 | |
150 // Enterprise controls for auto-update behavior of Chrome OS. | |
151 message AutoUpdateSettingsProto { | |
152 // True if we don't want the device to auto-update (target_version_prefix is | |
153 // ignored in this case). | |
154 optional bool update_disabled = 1; | |
155 | |
156 // Specifies the prefix of the target version we want the device to | |
157 // update to, if it's on a older version. If the device is already on | |
158 // a version with the given prefix, then there's no effect. If the device is | |
159 // on a higher version, it will remain on the higher version as we | |
160 // don't support rollback yet. The format of this version can be one | |
161 // of the following: | |
162 // --------------------------------------------------------------------- | |
163 // "" (or not set at all): update to latest version available. | |
164 // 1412.: update to any minor version of 1412 (e.g. 1412.24.34 or 1412.60.2) | |
165 // 1412.2.: update to any minor version of 1412.2 (e.g. 1412.2.34 or 1412.2.2) | |
166 // 1412.24.34: update to this specific version only | |
167 // --------------------------------------------------------------------- | |
168 optional string target_version_prefix = 2; | |
169 | |
170 // The Chrome browser version (e.g. "17.*") corresponding to the | |
171 // target_version_prefix above. The target_version_prefix is the internal OS | |
172 // version that external users normally are not aware of. This display_name | |
173 // can be used by the devices to display a message to end-users about the auto | |
174 // update setting. | |
175 optional string target_version_display_name = 3; | |
176 | |
177 // Specifies the number of seconds up to which a device may randomly | |
178 // delay its download of an update from the time the update was first pushed | |
179 // out to the server. The device may wait a portion of this time in terms | |
180 // of wall-clock-time and the remaining portion in terms of the number of | |
181 // update checks. In any case, the scatter is upper bounded by a constant | |
182 // amount of time so that a device does not ever get stuck waiting to download | |
183 // an update forever. | |
184 optional int64 scatter_factor_in_seconds = 4; | |
185 | |
186 // Enumerates network connection types. | |
187 enum ConnectionType { | |
188 CONNECTION_TYPE_ETHERNET = 0; | |
189 CONNECTION_TYPE_WIFI = 1; | |
190 CONNECTION_TYPE_WIMAX = 2; | |
191 CONNECTION_TYPE_BLUETOOTH = 3; | |
192 CONNECTION_TYPE_CELLULAR = 4; | |
193 } | |
194 | |
195 // The types of connections that are OK to use for OS updates. OS updates | |
196 // potentially put heavy strain on the connection due to their size and may | |
197 // incur additional cost. Therefore, they are by default not enabled for | |
198 // connection types that are considered expensive, which include WiMax, | |
199 // Bluetooth and Cellular at the moment. | |
200 repeated ConnectionType allowed_connection_types = 5; | |
201 | |
202 // True if the device should reboot automatically when an update has been | |
203 // applied and a reboot is required to complete the update process. | |
204 optional bool reboot_after_update = 6; | |
205 } | |
206 | |
207 message StartUpUrlsProto { | |
208 // Specifies the URLs to be loaded on login to the anonymous account used if | |
209 // the device is in RETAIL mode. | |
210 repeated string start_up_urls = 1; | |
211 } | |
212 | |
213 message SystemTimezoneProto { | |
214 // Specifies an owner-determined timezone that applies to the login screen and | |
215 // all users. Valid values are listed in "timezone_settings.cc". Additionally, | |
216 // timezones from the "IANA Time Zone Database" (e.g. listed on wikipedia) | |
217 // that are equivalent to one of the timezones in "timezone_settings.cc" are | |
218 // valid. In case of an invalid value, the setting is still activated with a | |
219 // fallback timezone (currently "GMT"). In case of an empty string or if no | |
220 // value is provided, the timezone device setting is inactive. In that case, | |
221 // the currently active timezone will remain in use however users can change | |
222 // the timezone and the change is persistent. Thus a change by one user | |
223 // affects the login-screen and all other users. | |
224 optional string timezone = 1; | |
225 } | |
226 | |
227 // Describes a single device-local account. | |
228 message DeviceLocalAccountInfoProto { | |
229 // Identifier for the device-local account. Account identifiers loosely follow | |
230 // the conventions for email addresses as specified by RFC 5322, e.g. local | |
231 // (user name) and domain parts, separated by the '@' character. | |
232 // Policy-configured device-local accounts are on the same domain that the | |
233 // device is enrolled to. In contrast to RFC 5322 (which is more restrictive), | |
234 // the local part may contain any characters other than '@'. | |
235 optional string id = 1; | |
236 } | |
237 | |
238 message DeviceLocalAccountsProto { | |
239 // The list of device-local accounts (i.e. accounts without an associated | |
240 // cloud-backed profile) that are available on the device. | |
241 repeated DeviceLocalAccountInfoProto account = 1; | |
242 | |
243 // The identifier of the device-local account to which the device | |
244 // should be logged in automatically. Should be equal to one of the | |
245 // ids in DeviceLocalAccountInfoProto. | |
246 optional string auto_login_id = 2; | |
247 | |
248 // The amount of time, in milliseconds, that should elapse at the signin | |
249 // screen without user interaction before automatically logging in. | |
250 optional int64 auto_login_delay = 3; | |
251 } | |
252 | |
253 message AllowRedeemChromeOsRegistrationOffersProto { | |
254 // Chrome OS Registration service provides way for chromeos device users | |
255 // to redeem electronic offers provided by service provider. | |
256 // This value determines if users are allowed to redeem offers through | |
257 // Chrome OS Registration service. | |
258 optional bool allow_redeem_offers = 1 [default = true]; | |
259 } | |
260 | |
261 message StartUpFlagsProto { | |
262 // The list of flags to be applied to chrome on start-up (back up store for | |
263 // owner set flags in about:flags). | |
264 repeated string flags = 1; | |
265 } | |
266 | |
267 message UptimeLimitProto { | |
268 // Sets the length of device uptime after which an automatic reboot is | |
269 // scheduled. An automatic reboot is scheduled at the selected time but may be | |
270 // delayed on the device by up to 24 hours, e.g. if a user is currently using | |
271 // the device or an app/extension has requested reboots to be inhibited | |
272 // temporarily. The policy value should be specified in seconds. | |
273 optional int64 uptime_limit = 1; | |
274 } | |
275 | |
276 message VariationsParameterProto { | |
277 // The string for the restrict parameter to be appended to the Variations URL | |
278 // when pinging the Variations server. | |
279 optional string parameter = 1; | |
280 } | |
281 | |
282 message AttestationSettingsProto { | |
283 // Attestation involves proving that a cryptographic key is protected by a | |
284 // legitimate Chrome OS TPM and reporting the operating mode of the platform. | |
285 // This setting enables attestation features at a device level. If this is | |
286 // enabled a machine key will be generated and certified by the Chrome OS | |
287 // CA. If this setting is disabled, the device will not communicate with the | |
288 // Chrome OS CA under any circumstances. Even users with attestation settings | |
289 // enabled will not be able to use those features on the device. | |
290 optional bool attestation_enabled = 1; | |
291 } | |
292 | |
293 message ChromeDeviceSettingsProto { | |
294 optional DevicePolicyRefreshRateProto device_policy_refresh_rate = 1; | |
295 optional UserWhitelistProto user_whitelist = 2; | |
296 optional GuestModeEnabledProto guest_mode_enabled = 3; | |
297 optional DeviceProxySettingsProto device_proxy_settings = 4; | |
298 optional CameraEnabledProto camera_enabled = 5; | |
299 optional ShowUserNamesOnSigninProto show_user_names = 6; | |
300 optional DataRoamingEnabledProto data_roaming_enabled = 7; | |
301 optional AllowNewUsersProto allow_new_users = 8; | |
302 optional MetricsEnabledProto metrics_enabled = 9; | |
303 optional ReleaseChannelProto release_channel = 10; | |
304 optional DeviceOpenNetworkConfigurationProto open_network_configuration = 11; | |
305 optional DeviceReportingProto device_reporting = 12; | |
306 optional EphemeralUsersEnabledProto ephemeral_users_enabled = 13; | |
307 optional AppPackProto app_pack = 14; | |
308 optional ForcedLogoutTimeoutsProto forced_logout_timeouts = 15; | |
309 optional ScreenSaverProto login_screen_saver = 16; | |
310 optional AutoUpdateSettingsProto auto_update_settings = 17; | |
311 optional StartUpUrlsProto start_up_urls = 18; | |
312 optional PinnedAppsProto pinned_apps = 19; | |
313 optional SystemTimezoneProto system_timezone = 20; | |
314 optional DeviceLocalAccountsProto device_local_accounts = 21; | |
315 optional AllowRedeemChromeOsRegistrationOffersProto allow_redeem_offers = 22; | |
316 optional StartUpFlagsProto start_up_flags = 23; | |
317 optional UptimeLimitProto uptime_limit = 24; | |
318 optional VariationsParameterProto variations_parameter = 25; | |
319 optional AttestationSettingsProto attestation_settings = 26; | |
320 } | |
OLD | NEW |