Move device_management_backend.proto closer to the server version.

components/policy/proto/device_management_backend.proto

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 syntax = "proto2";
 
 option optimize_for = LITE_RUNTIME;
 
 package enterprise_management;
 
@@ skipping 15 matching lines @@
   // reuses an existing device id.
   optional bool reregister = 1;
 
   // Device register type.  This field does not exist for TT release.
   // When a client requests for policies, server should verify the
   // client has been registered properly.  For example, a client must
   // register with type DEVICE in order to retrieve device policies.
   enum Type {
     TT   = 0;             // Register for TT release.
     USER = 1;             // Register for Chrome OS user polices.
-    DEVICE = 2;           // Register for device policies.
-    BROWSER = 3;          // Register for Chrome user policies.
+    DEVICE = 2;           // Register for Chrome OS device policies.
+    BROWSER = 3;          // Register for desktop Chrome browser user policies.
     ANDROID_BROWSER = 4;  // Register for Android Chrome browser user policies.
     IOS_BROWSER = 5;      // Register for iOS Chrome browser user policies.
   }
   // NOTE: we also use this field to detect client version.  If this
   // field is missing, then the request comes from TT.  We will remove
   // Chrome OS TT support once it is over.
   optional Type type = 2 [default = TT];
 
   // Machine hardware id, such as serial number.
   // This field is required if register type == DEVICE.
@@ skipping 38 matching lines @@
     // skip.
     FLAVOR_ENROLLMENT_SERVER_ADVERTISED = 5;
     // Device detected in steady state that it is supposed to be enrolled, but
     // the policy is missing.
     FLAVOR_ENROLLMENT_RECOVERY = 6;
     // User policy registration for a logged-in user.
     FLAVOR_USER_REGISTRATION = 7;
     // Attestation-based with the option to use a different authentication
     // mechanism.
     FLAVOR_ENROLLMENT_ATTESTATION = 8;
-    // Attestation-based enrollment.
+    // Forced attestation-based enrollment (cannot fallback to another flavor).
     FLAVOR_ENROLLMENT_ATTESTATION_FORCED = 9;
   };
 
   // Indicates the registration flavor. This is passed to the server FYI when
   // registering for policy so the server can distinguish registration triggers.
   optional Flavor flavor = 8;
 }
 
 // Response from server to device register request.
 message DeviceRegisterResponse {
@@ skipping 45 matching lines @@
 
 // Request to access a Google service with the given scope.
 message DeviceServiceApiAccessRequest {
   // The list of auth scopes the device requests from DMServer.
   repeated string auth_scope = 1;
 
   // OAuth2 client ID to which the returned authorization code is bound.
   optional string oauth2_client_id = 2;
 }
 
+// Response from server to API access request.
 message DeviceServiceApiAccessResponse {
   // The OAuth2 authorization code for the requested scope(s).
   // This can be exchanged for a refresh token.
   //
   // The server may send a successful response but not set this field or set an
   // empty string to reject the auth code request and instruct the client to
   // skip robot account auth setup.
   optional string auth_code = 1;
 }
 
@@ skipping 137 matching lines @@
   optional string device_id = 8;
 
   // Indicates which state this association with DMServer is in. This can be
   // used to tell the client that it is not receiving policy even though the
   // registration with the server is kept active.
   enum AssociationState {
     // Association is active and policy is pushed.
     ACTIVE = 0;
     // Association is alive, but the corresponding domain is not managed.
     UNMANAGED = 1;
-    // Client got dropped on the server side.
+    // The device has been deprovisioned by the administrator and is no longer
+    // managed.
     DEPROVISIONED = 2;
   }
   optional AssociationState state = 9 [default = ACTIVE];
 
   // Indicates if the the server cannot find a valid serial number for the
   // device.  If this flag is set, the device should send the valid serial
   // number with a device policy fetch request.  Note that this only
   // applies to device policy.
   optional bool valid_serial_number_missing = 10;
 
@@ skipping 57 matching lines @@
   optional string annotated_location = 20;
 
   // The free-text asset identifier the admin enters to associate the device
   // with a user-generated identifier.
   optional string annotated_asset_id = 21;
 
   // The unique directory api ID of the device which was generated on the
   // server-side.
   optional string directory_api_id = 22;
 
-  // List of device affiliation IDs. If exists overlap between user
+  // List of device affiliation IDs. If there exists an overlap between user
   // affiliation IDs and device affiliation IDs, we consider that the user is
   // affiliated on the device. Otherwise the user is not affiliated on the
   // device. Should be fetched with device policy. Ignored if fetched with
   // other polices.
   repeated string device_affiliation_ids = 23;
 
   // List of user affiliation IDs. The list is used to define if current user
   // is affiliated on the device. See device_affiliation_ids for details.
   // Should be fetched with user policy. Ignored if fetched with other polices.
   repeated string user_affiliation_ids = 24;
@@ skipping 45 matching lines @@
 message PolicyPublicKeyAndDomain {
   // The public key to sign (taken from the |new_public_key| field in
   // PolicyFetchResponse).
   optional bytes new_public_key = 1;
 
   // The domain associated with this key (should match the domain portion of
   // the username field of the policy).
   optional string domain = 2;
 }
 
-// This protobuf defines a single remote command from server to client for
-// execution.
-message RemoteCommand {
-  enum Type {
-    // Simple echo command for testing, will be ignored in production code.
-    COMMAND_ECHO_TEST = -1;
-
-    // Reboot the device.
-    DEVICE_REBOOT = 0;
-
-    // Take a screenshot.
-    DEVICE_SCREENSHOT = 1;
-  }
-
-  // The command type.
-  optional Type type = 1;
-
-  // An opaque unique identifier for the command.
-  optional int64 unique_id = 2;
-
-  // The age of the command (in milliseconds) when it is sent from server to
-  // client, defined as current_server_time - command_generated_time.
-  optional int64 age_of_command = 3;
-
-  // Extra parameters for this command, expected to be a JSON string.
-  optional string payload = 4;
-}
-
-// This protobuf defines the execution result of a single remote command
-// which will be sent back to the server.
-message RemoteCommandResult {
-  enum ResultType {
-    RESULT_IGNORED = 0;  // The command was ignored as obsolete.
-    RESULT_FAILURE = 1;  // The command could not be executed.
-    RESULT_SUCCESS = 2;  // The command was successfully executed.
-  }
-
-  // The result of the command.
-  optional ResultType result = 1;
-
-  // The opaque unique identifier of the command. This value is copied from the
-  // RemoteCommand protobuf that contained the command.
-  optional int64 unique_id = 2;
-
-  // The time at which the command was executed, if the the result is
-  // RESULT_SUCCESS.
-  optional int64 timestamp = 3;
-
-  // Extra information sent to server as result of execution, expected to be a
-  // JSON string.
-  optional string payload = 4;
-}
-
-message DeviceRemoteCommandRequest {
-  // The command ID of the last command received from the server until
-  // now.  Omitted if no commands have been received yet.
-  optional int64 last_command_unique_id = 1;
-
-  // The execution results of previously fetched commands.
-  // The client should send back a command result whenever possible.
-  repeated RemoteCommandResult command_results = 2;
-}
-
-message DeviceRemoteCommandResponse {
-  // The queue of pending commands.
-  repeated RemoteCommand commands = 1;
-}
-
 // Request from device to server for reading policies.
 message DevicePolicyRequest {
   // The policy fetch request.  If this field exists, the request must
   // comes from a non-TT client.  The repeated field allows client to
   // request multiple policies for better performance.
   repeated PolicyFetchRequest request = 3;
 }
 
 // Response from server to device for reading policies.
 message DevicePolicyResponse {
@@ skipping 92 matching lines @@
   optional string meid = 3;
 
   // IMEI (if applicable) of the corresponding network device. 15-16 decimal
   // digits encoded as ASCII string. Example: 355402040158759.
   optional string imei = 4;
 
   // The device path associated with this network interface.
   optional string device_path = 5;
 }
 
-
 // Information about configured/visible networks - this is separate from
 // NetworkInterface because a configured network may not be associated with
 // any specific interface, or may be visible across multiple interfaces.
 message NetworkState {
   // The current state of this network.
   enum ConnectionState {
     IDLE = 0;
     CARRIER = 1;
     ASSOCIATION = 2;
     CONFIGURATION = 3;
@@ skipping 37 matching lines @@
   // The type of the user.
   required UserType type = 1;
 
   // Email address of the user. Present only if the user type is managed.
   optional string email = 2;
 }
 
 // Information about a single disk volume.
 message VolumeInfo {
   optional string volume_id = 1;
+
+  // The unit is bytes.
   optional int64 storage_total = 2;
   optional int64 storage_free = 3;
 }
 
 // Information about a single CPU temperature channel.
 message CPUTempInfo {
   // Temperature channel label.
   optional string cpu_label = 1;
   // CPU temperature in Celsius.
   optional int32 cpu_temp = 2;
@@ skipping 41 matching lines @@
 
   // Free RAM (unreliable due to GC).
   optional int64 deprecated_system_ram_free = 13 [deprecated = true];
 
   // Total RAM on the device.
   optional int64 system_ram_total = 14;
 
   // Samples of free RAM [in bytes] (unreliable due to GC).
   repeated int64 system_ram_free = 15;
 
-  // CPU temp information.
+  // Samples of CPU temperatures in Celsius, plus associated labels
+  // identifying which CPU produced the temperature measurement.
   repeated CPUTempInfo cpu_temp_info = 16;
 
   // This field is set only when an OS update is needed because of the required
   // platform version of an updated kiosk app is different from the current
   // OS version.
   optional OsUpdateStatus os_update_status = 17;
 
   // Set only when there is an auto launched with zero delay kiosk app
   // and it is currently running. Otherwise, this field is empty.
   optional AppStatus running_kiosk_app = 18;
@@ skipping 31 matching lines @@
   // Self-reported status summary (via chrome.reporting APIs)
   optional string status = 3;
 
   // If true, the application is currently in a self-reported error state.
   optional bool error = 4;
 
   // App required Chrome version, specified in app’s manifest file.
   optional string required_platform_version = 5;
 }
 
-// Report session (a user on one device) level status.
+// Report current active session (a user on one device) level status.
 message SessionStatusReportRequest {
   // Installed apps for this user on this device.
   // No longer used -- use installed_apps instead.
   repeated string installed_app_id = 1 [deprecated = true];
 
   // Installed extensions for this user on this device.
   // No longer used -- use installed_extensions instead.
   repeated string installed_extension_id = 2 [deprecated = true];
 
   // One stat per app for top 30 apps.
@@ skipping 201 matching lines @@
     // The Controller device is deprovisioned.
     CONTROLLER_DEVICE_DEPROVISIONED = 5;
 
     // Invalid controller identity.
     INVALID_CONTROLLER_DEVICE_IDENTITY = 6;
   }
 
   optional StatusCode status_code = 1 [default = NOT_PAIRED];
 }
 
+// This protobuf defines a single remote command from server to client for
+// execution.
+message RemoteCommand {
+  enum Type {
+    // Simple echo command for testing, will be ignored in production code.
+    COMMAND_ECHO_TEST = -1;
+
+    // Reboot the device.
+    DEVICE_REBOOT = 0;
+
+    // Take a screenshot.
+    DEVICE_SCREENSHOT = 1;
+  }
+
+  // The command type.
+  optional Type type = 1;
+
+  // An opaque unique identifier for the command.
+  optional int64 unique_id = 2;
+
+  // The age of the command (in milliseconds) when it is sent from server to
+  // client, defined as current_server_time - command_generated_time.
+  optional int64 age_of_command = 3;
+
+  // Extra parameters for this command, expected to be a JSON string.
+  optional string payload = 4;
+}
+
+// This protobuf defines the execution result of a single remote command
+// which will be sent back to the server.
+message RemoteCommandResult {
+  enum ResultType {
+    RESULT_IGNORED = 0;  // The command was ignored as obsolete.
+    RESULT_FAILURE = 1;  // The command could not be executed.
+    RESULT_SUCCESS = 2;  // The command was successfully executed.
+  }
+
+  // The result of the command.
+  optional ResultType result = 1;
+
+  // The opaque unique identifier of the command. This value is copied from the
+  // RemoteCommand protobuf that contained the command.
+  optional int64 unique_id = 2;
+
+  // The time at which the command was executed, if the the result is
+  // RESULT_SUCCESS.
+  optional int64 timestamp = 3;
+
+  // Extra information sent to server as result of execution, expected to be a
+  // JSON string.
+  optional string payload = 4;
+}
+
+message DeviceRemoteCommandRequest {
+  // The command ID of the last command received from the server until
+  // now.  Omitted if no commands have been received yet.
+  optional int64 last_command_unique_id = 1;
+
+  // The execution results of previously fetched commands.
+  // The client should send back a command result whenever possible.
+  repeated RemoteCommandResult command_results = 2;
+}
+
+message DeviceRemoteCommandResponse {
+  // The queue of pending commands.
+  repeated RemoteCommand commands = 1;
+}
+
 // Sent by the client to the server to check if the current user is allowed
 // to update attributes (asset id and location).  The HTTP request contains an
 // end-user OAuth token.
 message DeviceAttributeUpdatePermissionRequest {
 }
 
 // Response from the server specifying whether the current user is allowed to
 // update attributes (asset id and location).
 message DeviceAttributeUpdatePermissionResponse {
   enum ResultType {
@@ skipping 56 matching lines @@
   optional SignedData signed_request = 1;
 }
 
 message CertificateBasedDeviceRegistrationData {
   enum CertificateType {
     UNKNOWN = 0;
     ENTERPRISE_ENROLLMENT_CERTIFICATE = 1;
   }
 
   optional CertificateType certificate_type = 1;
-  // device certificate in X.509 format.
+  // Device certificate in X.509 format.
   // We use CertificateFactory.generateCertificate() call and
   // the certificate provided must be DER-encoded and may be supplied in binary
   // or printable (Base64) encoding. If the certificate is provided in Base64
   // encoding, it must be bounded at the beginning by
   // -----BEGIN CERTIFICATE-----, and must be bounded at the end by
   // -----END CERTIFICATE-----.
   optional bytes device_certificate = 2;
   // regular device registration request
   optional DeviceRegisterRequest device_register_request = 3;
 }
 
 // Request from the DMAgent on the device to the DMServer.  This is
 // container for all requests from device to server.  The overall HTTP
 // request MUST be in the following format:
 //
 // * HTTP method is POST
 // * Data mime type is application/x-protobuffer
+//   * See GoogleContentTypeEnum.java
 // * HTTP parameters are (all required, all case sensitive):
 //   * request: MUST BE one of
 //     * api_authorization
 //     * cert_upload
 //     * check_device_pairing
 //     * device_pairing
 //     * device_state_retrieval
 //     * enterprise_check
 //     * ping
 //     * policy
@@ skipping 165 matching lines @@
   // Response to update device attribute.
   optional DeviceAttributeUpdateResponse device_attribute_update_response = 16;
 
   // Response to GCM id update request.
   optional GcmIdUpdateResponse gcm_id_update_response = 17;
 
   // Response to check Android management request.
   optional CheckAndroidManagementResponse
       check_android_management_response = 18;
 }