OLD | NEW |
| (Empty) |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 syntax = "proto2"; | |
6 | |
7 option optimize_for = LITE_RUNTIME; | |
8 | |
9 package enterprise_management; | |
10 | |
11 // Request from device to server to register device. | |
12 message DeviceRegisterRequest { | |
13 // Reregister device without erasing server state. It can be used | |
14 // to refresh dmtoken etc. Client MUST set this value to true if it | |
15 // reuses an existing device id. | |
16 optional bool reregister = 1; | |
17 | |
18 // Device register type. This field does not exist for TT release. | |
19 // When a client requests for policies, server should verify the | |
20 // client has been registered properly. For example, a client must | |
21 // register with type DEVICE in order to retrieve device policies. | |
22 enum Type { | |
23 TT = 0; // Register for TT release. | |
24 USER = 1; // Register for Chrome OS user polices. | |
25 DEVICE = 2; // Register for device policies. | |
26 BROWSER = 3; // Register for Chrome user policies. | |
27 } | |
28 // NOTE: we also use this field to detect client version. If this | |
29 // field is missing, then the request comes from TT. We will remove | |
30 // Chrome OS TT support once it is over. | |
31 optional Type type = 2 [default = TT]; | |
32 | |
33 // Machine hardware id, such as serial number. | |
34 // This field is required if register type == DEVICE. | |
35 optional string machine_id = 3; | |
36 | |
37 // Machine model name, such as "ZGA", "Cr-48", "Nexus One". If the | |
38 // model name is not available, client SHOULD send generic name like | |
39 // "Android", or "Chrome OS". | |
40 optional string machine_model = 4; | |
41 | |
42 // When true, indicates that the |machine_id| has been identified as auto- | |
43 // enrollment candidate on the client and the server can use it to verify | |
44 // that the client is to be enrolled in the correct mode. | |
45 // Defaults to false when not present. | |
46 optional bool auto_enrolled = 5; | |
47 } | |
48 | |
49 // Response from server to device register request. | |
50 message DeviceRegisterResponse { | |
51 // Device management token for this registration. This token MUST be | |
52 // part of HTTP Authorization header for all future requests from | |
53 // device to server. | |
54 required string device_management_token = 1; | |
55 | |
56 // Device display name. By default, server generates the name in | |
57 // the format of "Machine Model - Machine Id". However, domain | |
58 // admin can update it using CPanel, so do NOT treat it as constant. | |
59 optional string machine_name = 2; | |
60 | |
61 // Enum listing the possible modes the device should be locked into when the | |
62 // registration is finished. | |
63 enum DeviceMode { | |
64 // In ENTERPRISE mode the device has no local owner and device settings are | |
65 // controlled through the cloud policy infrastructure. Auto-enrollment is | |
66 // supported in that mode. | |
67 ENTERPRISE = 0; | |
68 // Devices in RETAIL mode also have no local owner and get their device | |
69 // settings from the cloud, but additionally this mode enables the demo | |
70 // account on the device. | |
71 RETAIL = 1; | |
72 } | |
73 optional DeviceMode enrollment_type = 3 [default = ENTERPRISE]; | |
74 } | |
75 | |
76 // Request from device to server to unregister device. | |
77 // GoogleDMToken MUST be in HTTP Authorization header. | |
78 message DeviceUnregisterRequest { | |
79 } | |
80 | |
81 // Response from server to device for unregister request. | |
82 message DeviceUnregisterResponse { | |
83 } | |
84 | |
85 // Request from device to server to upload device EMCert | |
86 // (enteprise machine cert used for remote attestation). | |
87 // GoogleDMToken MUST be in HTTP Authorization header. | |
88 message DeviceCertUploadRequest { | |
89 // EMCert in X.509 format. | |
90 optional bytes device_certificate = 1; | |
91 } | |
92 | |
93 // Response from server to device for cert upload request. | |
94 message DeviceCertUploadResponse { | |
95 } | |
96 | |
97 // Request for a setting or with optional watermark on client side. | |
98 // TODO(gfeher): remove this after Chrome OS TT is over. | |
99 message DevicePolicySettingRequest { | |
100 // setting key | |
101 required string key = 1; | |
102 // watermark last read from server if available. | |
103 optional string watermark = 2; | |
104 } | |
105 | |
106 message PolicyFetchRequest { | |
107 // This is the policy type, which maps to D3 policy type internally. | |
108 // By convention, we use "/" as separator to create policy namespace. | |
109 // The policy type names are case insensitive. | |
110 // | |
111 // Possible values for Chrome OS are: | |
112 // google/chromeos/device => ChromeDeviceSettingsProto | |
113 // google/chromeos/user => ChromeSettingsProto | |
114 // google/chromeos/publicaccount => ChromeSettingsProto | |
115 // google/chrome/extension => ExternalPolicyData | |
116 optional string policy_type = 1; | |
117 | |
118 // This is the last policy timestamp that client received from server. | |
119 optional int64 timestamp = 2; | |
120 | |
121 // Tell server what kind of security signature is required. | |
122 enum SignatureType { | |
123 NONE = 0; | |
124 SHA1_RSA = 1; | |
125 } | |
126 optional SignatureType signature_type = 3 [default = NONE]; | |
127 | |
128 // The version number of the public key that is currently stored | |
129 // on the client. This should be the last number the server had | |
130 // supplied as new_public_key_version in PolicyData. | |
131 // This field is unspecified if the client does not yet have a | |
132 // public key. | |
133 optional int32 public_key_version = 4; | |
134 | |
135 // Machine hardware id, such as serial number. | |
136 // This field is should be set only if the serial number for the device is | |
137 // missing from the server, as indicated by the valid_serial_number_missing | |
138 // field in the last policy fetch response. | |
139 optional string machine_id = 5; | |
140 | |
141 // This field is used for devices to send the additional ID to fetch settings. | |
142 // Retrieving some settings requires more than just device or user ID. | |
143 // For example, to retrieve public account, devices need to pass in | |
144 // public account ID in addition to device ID. To retrieve extension or | |
145 // plug-in settings, devices need to pass in extension/plug-in ID in | |
146 // addition to user ID. | |
147 // policy_type represents the type of settings (e.g. public account, | |
148 // extension) devices request to fetch. | |
149 optional string settings_entity_id = 6; | |
150 } | |
151 | |
152 // This message is included in serialized form in PolicyFetchResponse | |
153 // below. It may also be signed, with the signature being created for | |
154 // the serialized form. | |
155 message PolicyData { | |
156 // See PolicyFetchRequest.policy_type. | |
157 optional string policy_type = 1; | |
158 | |
159 // [timestamp] is milliseconds since Epoch in UTC timezone. It is | |
160 // included here so that the time at which the server issued this | |
161 // response cannot be faked (as protection against replay attacks). | |
162 // It is the timestamp generated by DMServer, NOT the time admin | |
163 // last updated the policy or anything like that. | |
164 optional int64 timestamp = 2; | |
165 | |
166 // The DM token that was used by the client in the HTTP POST header | |
167 // for authenticating the request. It is included here again so that | |
168 // the client can verify that the response is meant for him (and not | |
169 // issued by a replay or man-in-the-middle attack). | |
170 optional string request_token = 3; | |
171 | |
172 // The serialized value of the actual policy protobuf. This can be | |
173 // deserialized to an instance of, for example, ChromeSettingsProto, | |
174 // ChromeDeviceSettingsProto, or ExternalPolicyData. | |
175 optional bytes policy_value = 4; | |
176 | |
177 // The device display name assigned by the server. It is only | |
178 // filled if the display name is available. | |
179 // | |
180 // The display name of the machine as generated by the server or set | |
181 // by the Administrator in the CPanel GUI. This is the same thing as | |
182 // |machine_name| in DeviceRegisterResponse but it might have | |
183 // changed since then. | |
184 optional string machine_name = 5; | |
185 | |
186 // Version number of the server's current public key. (The key that | |
187 // was used to sign this response. Numbering should start at 1 and be | |
188 // increased by 1 at each key rotation.) | |
189 optional int32 public_key_version = 6; | |
190 | |
191 // The user this policy is intended for. In case of device policy, the name | |
192 // of the owner (who registered the device). | |
193 optional string username = 7; | |
194 | |
195 // In this field the DMServer should echo back the "deviceid" HTTP parameter | |
196 // from the request. | |
197 optional string device_id = 8; | |
198 | |
199 // Indicates which state this association with DMServer is in. This can be | |
200 // used to tell the client that it is not receiving policy even though the | |
201 // registration with the server is kept active. | |
202 enum AssociationState { | |
203 // Association is active and policy is pushed. | |
204 ACTIVE = 0; | |
205 // Association is alive, but the corresponding domain is not managed. | |
206 UNMANAGED = 1; | |
207 } | |
208 optional AssociationState state = 9 [default = ACTIVE]; | |
209 | |
210 // Indicates if the the server cannot find a valid serial number for the | |
211 // device. If this flag is set, the device should send the valid serial | |
212 // number with a device policy fetch request. Note that this only | |
213 // applies to device policy. | |
214 optional bool valid_serial_number_missing = 10; | |
215 | |
216 // Indicates which public account or extension/plug-in this policy data is | |
217 // for. See PolicyFetchRequest.settings_entity_id for more details. | |
218 optional string settings_entity_id = 11; | |
219 } | |
220 | |
221 message PolicyFetchResponse { | |
222 // Since a single policy request may ask for multiple policies, we | |
223 // provide separate error code for each individual policy fetch. | |
224 | |
225 // We will use standard HTTP Status Code as error code. | |
226 optional int32 error_code = 1; | |
227 | |
228 // Human readable error message for customer support purpose. | |
229 optional string error_message = 2; | |
230 | |
231 // This is a serialized |PolicyData| protobuf (defined above). | |
232 optional bytes policy_data = 3; | |
233 | |
234 // Signature of the policy data above. | |
235 optional bytes policy_data_signature = 4; | |
236 | |
237 // If the public key has been rotated on the server, the new public | |
238 // key is sent here. It is already used for |policy_data_signature| | |
239 // above, whereas |new_public_key_signature| is created using the | |
240 // old key (so the client can trust the new key). If this is the | |
241 // first time when the client requests policies (so it doesn't have | |
242 // on old public key), then |new_public_key_signature| is empty. | |
243 optional bytes new_public_key = 5; | |
244 optional bytes new_public_key_signature = 6; | |
245 } | |
246 | |
247 // Request from device to server for reading policies. | |
248 message DevicePolicyRequest { | |
249 // identify request scope: CrOS settings or other type of settings. | |
250 // TODO(gfeher): remove this after Chrome OS TT is over. | |
251 optional string policy_scope = 1; | |
252 // identify key to the settings: proxy etc. | |
253 // TODO(gfeher): remove this after Chrome OS TT is over. | |
254 repeated DevicePolicySettingRequest setting_request = 2; | |
255 | |
256 // The policy fetch request. If this field exists, the request must | |
257 // comes from a non-TT client. The repeated field allows client to | |
258 // request multiple policies for better performance. | |
259 repeated PolicyFetchRequest request = 3; | |
260 } | |
261 | |
262 // Response from server to device for reading policies. | |
263 message DevicePolicyResponse { | |
264 // The policy fetch response. | |
265 repeated PolicyFetchResponse response = 3; | |
266 } | |
267 | |
268 message TimePeriod { | |
269 // [timestamp] is milli seconds since Epoch in UTC timezone. | |
270 optional int64 start_timestamp = 1; | |
271 optional int64 end_timestamp = 2; | |
272 } | |
273 | |
274 message ActiveTimePeriod { | |
275 optional TimePeriod time_period = 1; | |
276 | |
277 // The active duration during the above time period. | |
278 // The unit is milli-second. | |
279 optional int32 active_duration = 2; | |
280 } | |
281 | |
282 // This captures launch events for one app/extension or other installments. | |
283 message InstallableLaunch { | |
284 optional string install_id = 1; | |
285 | |
286 // Time duration where this report covers. These are required | |
287 // and the record will be ignored if not set. | |
288 optional TimePeriod duration = 2; | |
289 | |
290 // Client will send at most 50 timestamps to DM. All the rest | |
291 // launch activities will be summed into the total count. | |
292 // We will distribute the count evenly among the time span when | |
293 // doing time based aggregation. | |
294 repeated int64 timestamp = 3; | |
295 optional int64 total_count = 4; | |
296 } | |
297 | |
298 // Used to report the device location. | |
299 message DeviceLocation { | |
300 enum ErrorCode { | |
301 ERROR_CODE_NONE = 0; | |
302 ERROR_CODE_POSITION_UNAVAILABLE = 1; | |
303 } | |
304 | |
305 // Latitude in decimal degrees north (WGS84 coordinate frame). | |
306 optional double latitude = 1; | |
307 | |
308 // Longitude in decimal degrees west (WGS84 coordinate frame). | |
309 optional double longitude = 2; | |
310 | |
311 // Altitude in meters (above WGS84 datum). | |
312 optional double altitude = 3; | |
313 | |
314 // Accuracy of horizontal position in meters. | |
315 optional double accuracy = 4; | |
316 | |
317 // Accuracy of altitude in meters. | |
318 optional double altitude_accuracy = 5; | |
319 | |
320 // Heading in decimal degrees clockwise from true north. | |
321 optional double heading = 6; | |
322 | |
323 // Horizontal component of device velocity in meters per second. | |
324 optional double speed = 7; | |
325 | |
326 // Time of position measurement in milisecons since Epoch in UTC time. | |
327 optional int64 timestamp = 8; | |
328 | |
329 // Error code, see enum above. | |
330 optional ErrorCode error_code = 9; | |
331 | |
332 // Human-readable error message. | |
333 optional string error_message = 10; | |
334 } | |
335 | |
336 // Report device level status. | |
337 message DeviceStatusReportRequest { | |
338 // The OS version reported by the device is a platform version | |
339 // e.g. 1435.0.2011_12_16_1635. | |
340 optional string os_version = 1; | |
341 optional string firmware_version = 2; | |
342 | |
343 // "Verified", "Dev". Same as verified mode. | |
344 // If the mode is unknown, this field should not be set. | |
345 optional string boot_mode = 3; | |
346 | |
347 // Device active times collection since last report rpc call. | |
348 // No longer used -- use active_period instead. | |
349 repeated TimePeriod active_time = 4 [deprecated = true]; | |
350 | |
351 // The browser version string as shown in the About dialog. | |
352 // e.g. 17.0.963.18. | |
353 optional string browser_version = 5; | |
354 | |
355 // A list of periods when the device was active, aggregated by day. | |
356 repeated ActiveTimePeriod active_period = 6; | |
357 | |
358 // The device location. | |
359 optional DeviceLocation device_location = 7; | |
360 } | |
361 | |
362 // Report session (a user on one device) level status. | |
363 message SessionStatusReportRequest { | |
364 // Installed apps for this user on this device. | |
365 repeated string installed_app_id = 1; | |
366 | |
367 // Installed extensions for this user on this device. | |
368 repeated string installed_extension_id = 2; | |
369 | |
370 // One stat per app for top 30 apps. | |
371 repeated InstallableLaunch app_launch_stat = 3; | |
372 } | |
373 | |
374 // Response from DMServer to update devices' status. | |
375 // It is possible that status report fails but policy request succeed. In such | |
376 // case, the DeviceStatusReportResponse will contain an error code and the | |
377 // device should re-send status report data in the next policy request. The | |
378 // device should re-send report data if policy request fails, even if | |
379 // DeviceStatusReportResponse contains no error code. | |
380 message DeviceStatusReportResponse { | |
381 optional int32 error_code = 1; | |
382 | |
383 // Human readable error message for customer support purpose. | |
384 optional string error_message = 2; | |
385 } | |
386 | |
387 // Response from DMServer to update user devices' status. | |
388 // It is possible that status report fails but policy request succeed. In such | |
389 // case, the SessionStatusReportResponse will contain an error code and the | |
390 // device should re-send status report data in the next policy request. The | |
391 // device should re-send report data if policy request fails, even if | |
392 // SessionStatusReportResponse contains no error code. | |
393 message SessionStatusReportResponse { | |
394 optional int32 error_code = 1; | |
395 | |
396 // Human readable error message for customer support purpose. | |
397 optional string error_message = 2; | |
398 } | |
399 | |
400 // Request from device to server to determine whether the device should | |
401 // go through enterprise enrollment. Unlike the other requests, this request is | |
402 // not authenticated. | |
403 message DeviceAutoEnrollmentRequest { | |
404 // SHA-256 hash of the device's serial number, mod |modulus|. | |
405 // Should always be present. | |
406 optional int64 remainder = 1; | |
407 | |
408 // Modulus of the hash used by the client. Should always be present. This | |
409 // is the number of buckets the client thinks the server has. For now, | |
410 // it is a power of 2, but due to the strict constraint on how many serial | |
411 // numbers a bucket can contain, it may become non power of 2. If that | |
412 // happens, client-side needs to change its assumption. | |
413 optional int64 modulus = 2; | |
414 } | |
415 | |
416 // Response from server to auto-enrollment detection request. | |
417 message DeviceAutoEnrollmentResponse { | |
418 // If this field is present, the other fields are ignored and the client | |
419 // should send a new DeviceAutoEnrollmentRequest with a new |remainder| | |
420 // computed using this new |modulus|. If this field is empty, the client's | |
421 // request was accepted. | |
422 // DMServer guarantees that if the modulus sent by client in | |
423 // DeviceAutoEnrollmentRequest matches server's expectation, this field | |
424 // is unset. | |
425 optional int64 expected_modulus = 1; | |
426 | |
427 // List of hashes in the client's hash bucket. If the client's hash matches | |
428 // any in this list, the client device should do enterprise enrollment. | |
429 // If it matches none, enrollment should be optional. | |
430 // Each entry has exactly 256 bits (32 bytes). | |
431 repeated bytes hash = 2; | |
432 } | |
433 | |
434 // Request from the DMAgent on the device to the DMServer. This is | |
435 // container for all requests from device to server. The overall HTTP | |
436 // request MUST be in the following format: | |
437 // | |
438 // * HTTP method is POST | |
439 // * Data mime type is application/x-protobuffer | |
440 // * HTTP parameters are (all required, all case sensitive): | |
441 // * request: MUST BE one of | |
442 // * cert_upload | |
443 // * enterprise_check | |
444 // * ping | |
445 // * policy | |
446 // * register | |
447 // * status | |
448 // * unregister | |
449 // | |
450 // * devicetype: MUST BE "1" for Android or "2" for Chrome OS. | |
451 // * apptype: MUST BE Android or Chrome. | |
452 // * deviceid: MUST BE no more than 64-char in [\x21-\x7E]. | |
453 // * agent: MUST BE no more than 64-char long. | |
454 // * HTTP Authorization header MUST be in the following formats: | |
455 // * For register and ping requests | |
456 // Authorization: GoogleLogin auth=<auth cookie for Mobile Sync> | |
457 // | |
458 // * For unregister, policy, status, and cert_upload requests | |
459 // Authorization: GoogleDMToken token=<dm token from register> | |
460 // | |
461 // * The Authorization header isn't used for enterprise_check | |
462 // request, nor for register requests using OAuth. In the latter case, | |
463 // the OAuth token is passed in the "oauth" parameter. | |
464 // | |
465 // DeviceManagementRequest should only contain one request which matches the | |
466 // HTTP query parameter - request, as listed below. Other requests within the | |
467 // container will be ignored. | |
468 // cert_upload: cert_upload_request | |
469 // enterprise_check: auto_enrollment_request | |
470 // ping: policy_request | |
471 // policy: policy_request | |
472 // register: register_request | |
473 // status: device_status_report_request or session_status_report_request | |
474 // unregister: unregister_request | |
475 // | |
476 // | |
477 message DeviceManagementRequest { | |
478 // Register request. | |
479 optional DeviceRegisterRequest register_request = 1; | |
480 | |
481 // Unregister request. | |
482 optional DeviceUnregisterRequest unregister_request = 2; | |
483 | |
484 // Policy request. | |
485 optional DevicePolicyRequest policy_request = 3; | |
486 | |
487 // Update status. | |
488 optional DeviceStatusReportRequest device_status_report_request = 4; | |
489 optional SessionStatusReportRequest session_status_report_request = 5; | |
490 | |
491 // Auto-enrollment detection. | |
492 optional DeviceAutoEnrollmentRequest auto_enrollment_request = 6; | |
493 | |
494 // EMCert upload (for remote attestation) | |
495 optional DeviceCertUploadRequest cert_upload_request = 7; | |
496 } | |
497 | |
498 // Response from server to device. | |
499 // | |
500 // The server uses the following numbers as HTTP status codes | |
501 // to report top-level errors. | |
502 // | |
503 // 200 OK: valid response is returned to client. | |
504 // 400 Bad Request: invalid argument. | |
505 // 401 Unauthorized: invalid auth cookie or DM token. | |
506 // 403 Forbidden: device management is not allowed. | |
507 // 404 Not Found: the request URL is invalid. | |
508 // 410 Device Not Found: the device id is not found. | |
509 // 491 Request Pending: the request is pending approval. | |
510 // 500 Internal Server Error: most likely a bug in DM server. | |
511 // 503 Service Unavailable: most likely a backend error. | |
512 // 901 Device Not Found: the device id is not found. | |
513 // 902 Policy Not Found: the policy is not found. | |
514 message DeviceManagementResponse { | |
515 // Error message. | |
516 optional string error_message = 2; | |
517 | |
518 // Register response | |
519 optional DeviceRegisterResponse register_response = 3; | |
520 | |
521 // Unregister response | |
522 optional DeviceUnregisterResponse unregister_response = 4; | |
523 | |
524 // Policy response. | |
525 optional DevicePolicyResponse policy_response = 5; | |
526 | |
527 // Device status report response. | |
528 optional DeviceStatusReportResponse device_status_report_response = 6; | |
529 | |
530 // Session status report response. | |
531 optional SessionStatusReportResponse session_status_report_response = 7; | |
532 | |
533 // Auto-enrollment detection response. | |
534 optional DeviceAutoEnrollmentResponse auto_enrollment_response = 8; | |
535 | |
536 // EMCert upload response. | |
537 optional DeviceCertUploadResponse cert_upload_response = 9; | |
538 } | |
OLD | NEW |