Home | History | Annotate | Download | only in login_manager 
      1 // Copyright 2017 The Chromium OS Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 syntax = "proto2";
      6 
      7 option optimize_for = LITE_RUNTIME;
      8 
      9 package login_manager;
     10 
     11 // Specifies the account type that the |account_id| in PolicyDescriptor
     12 // references.
     13 enum PolicyAccountType {
     14   // |account_id| must be empty. Policy is stored in a device-wide root-owned
     15   // location.
     16   ACCOUNT_TYPE_DEVICE = 0;
     17 
     18   // |account_id| references a user account. Policy is stored on the user's
     19   // cryptohome.
     20   ACCOUNT_TYPE_USER = 1;
     21 
     22   // |account_id| references a user account where the user session hasn't been
     23   // added to Session Manager yet. Special case to retrieve user policy on the
     24   // login screen.
     25   ACCOUNT_TYPE_SESSIONLESS_USER = 2;
     26 
     27   // |account_id| references a device local account. Policy is stored in a
     28   // device-wide root-owned location in a folder that depends on |account_id|.
     29   ACCOUNT_TYPE_DEVICE_LOCAL_ACCOUNT = 3;
     30 
     31   // Next ID to use: 4
     32 };
     33 
     34 // Within a given account, policies are namespaced by a
     35 // (|domain|, |component_id|) pair in PolicyDescriptor.
     36 // The meaning of the |component_id| depends on the domain, see below.
     37 enum PolicyDomain {
     38   // Domain for Chrome policies. |component_id| must be empty.
     39   POLICY_DOMAIN_CHROME = 0;
     40 
     41   // Domain for policies for regular Chrome extensions. |component_id| must be
     42   // equal to the extension ID.
     43   POLICY_DOMAIN_EXTENSIONS = 1;
     44 
     45   // Domain for policies for Chrome extensions running under the Chrome OS
     46   // signin profile. |component_id| must be equal to the extension ID.
     47   POLICY_DOMAIN_SIGNIN_EXTENSIONS = 2;
     48 
     49   // Next ID to use: 3
     50 };
     51 
     52 // Descriptor for policy blobs to give SessionManager's StorePolicy*Ex and
     53 // RetrievePolicyEx enough context to decide how to store policy.
     54 message PolicyDescriptor {
     55   // The pair (|account_type|, |account_id|) determines the account for policy
     56   // storage.
     57   optional PolicyAccountType account_type = 1;
     58 
     59   // The meaning of |account_id| depends on |account_type|, see
     60   // PolicyAccountType.
     61   optional string account_id = 2;
     62 
     63   // The pair (|domain|, |component_id|) determines the namespace for policy
     64   // storage.
     65   optional PolicyDomain domain = 3;
     66 
     67   // The meaning of |component_id| depends on |domain|, see PolicyDomain.
     68   optional string component_id = 4;
     69 
     70   // Next ID to use: 5
     71 }
     72