1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 syntax = "proto2"; 6 7 option optimize_for = LITE_RUNTIME; 8 9 package enterprise_management; 10 11 // Request from device to server to register device. 12 message DeviceRegisterRequest { 13 // Reregister device without erasing server state. It can be used 14 // to refresh dmtoken etc. Client MUST set this value to true if it 15 // reuses an existing device id. 16 optional bool reregister = 1; 17 18 // Device register type. This field does not exist for TT release. 19 // When a client requests for policies, server should verify the 20 // client has been registered properly. For example, a client must 21 // register with type DEVICE in order to retrieve device policies. 22 enum Type { 23 TT = 0; // Register for TT release. 24 USER = 1; // Register for Chrome OS user polices. 25 DEVICE = 2; // Register for device policies. 26 BROWSER = 3; // Register for Chrome user policies. 27 ANDROID_BROWSER = 4; // Register for Android Chrome browser user policies. 28 IOS_BROWSER = 5; // Register for iOS Chrome browser user policies. 29 } 30 // NOTE: we also use this field to detect client version. If this 31 // field is missing, then the request comes from TT. We will remove 32 // Chrome OS TT support once it is over. 33 optional Type type = 2 [default = TT]; 34 35 // Machine hardware id, such as serial number. 36 // This field is required if register type == DEVICE. 37 optional string machine_id = 3; 38 39 // Machine model name, such as "ZGA", "Cr-48", "Nexus One". If the 40 // model name is not available, client SHOULD send generic name like 41 // "Android", or "Chrome OS". 42 optional string machine_model = 4; 43 44 // When true, indicates that the |machine_id| has been identified as auto- 45 // enrollment candidate on the client and the server can use it to verify 46 // that the client is to be enrolled in the correct mode. 47 // Defaults to false when not present. 48 optional bool auto_enrolled = 5; 49 50 // Indicates a requisition of the registering entity that the server can act 51 // upon. This allows clients to pass hints e.g. at device enrollment time 52 // about the intended use of the device. 53 optional string requisition = 6; 54 } 55 56 // Response from server to device register request. 57 message DeviceRegisterResponse { 58 // Device management token for this registration. This token MUST be 59 // part of HTTP Authorization header for all future requests from 60 // device to server. 61 required string device_management_token = 1; 62 63 // Device display name. By default, server generates the name in 64 // the format of "Machine Model - Machine Id". However, domain 65 // admin can update it using CPanel, so do NOT treat it as constant. 66 optional string machine_name = 2; 67 68 // Enum listing the possible modes the device should be locked into when the 69 // registration is finished. 70 enum DeviceMode { 71 // In ENTERPRISE mode the device has no local owner and device settings are 72 // controlled through the cloud policy infrastructure. Auto-enrollment is 73 // supported in that mode. 74 ENTERPRISE = 0; 75 // Devices in RETAIL mode also have no local owner and get their device 76 // settings from the cloud, but additionally this mode enables the demo 77 // account on the device. 78 RETAIL = 1; 79 } 80 optional DeviceMode enrollment_type = 3 [default = ENTERPRISE]; 81 } 82 83 // Request from device to server to unregister device. 84 // GoogleDMToken MUST be in HTTP Authorization header. 85 message DeviceUnregisterRequest { 86 } 87 88 // Response from server to device for unregister request. 89 message DeviceUnregisterResponse { 90 } 91 92 // Request from device to server to upload device EMCert 93 // (enteprise machine cert used for remote attestation). 94 // GoogleDMToken MUST be in HTTP Authorization header. 95 message DeviceCertUploadRequest { 96 // EMCert in X.509 format. 97 optional bytes device_certificate = 1; 98 } 99 100 // Response from server to device for cert upload request. 101 message DeviceCertUploadResponse { 102 } 103 104 // Request to access a Google service with the given scope. 105 message DeviceServiceApiAccessRequest { 106 // The list of auth scopes the device requests from DMServer. 107 repeated string auth_scope = 1; 108 109 // OAuth2 client ID to which the returned authorization code is bound. 110 optional string oauth2_client_id = 2; 111 } 112 113 message DeviceServiceApiAccessResponse { 114 // The OAuth2 authorization code for the requested scope(s). 115 // This can be exchanged for a refresh token. 116 optional string auth_code = 1; 117 } 118 119 message PolicyFetchRequest { 120 // This is the policy type, which maps to D3 policy type internally. 121 // By convention, we use "/" as separator to create policy namespace. 122 // The policy type names are case insensitive. 123 // 124 // Possible values for Chrome OS are: 125 // google/chromeos/device => ChromeDeviceSettingsProto 126 // google/chromeos/user => ChromeSettingsProto 127 // google/chromeos/publicaccount => ChromeSettingsProto 128 // google/chrome/extension => ExternalPolicyData 129 // google/android/user => ChromeSettingsProto 130 // google/ios/user => ChromeSettingsProto 131 optional string policy_type = 1; 132 133 // This is the last policy timestamp that client received from server. 134 optional int64 timestamp = 2; 135 136 // Tell server what kind of security signature is required. 137 enum SignatureType { 138 NONE = 0; 139 SHA1_RSA = 1; 140 } 141 optional SignatureType signature_type = 3 [default = NONE]; 142 143 // The version number of the public key that is currently stored 144 // on the client. This should be the last number the server had 145 // supplied as new_public_key_version in PolicyData. 146 // This field is unspecified if the client does not yet have a 147 // public key. 148 optional int32 public_key_version = 4; 149 150 // Machine hardware id, such as serial number. 151 // This field is should be set only if the serial number for the device is 152 // missing from the server, as indicated by the valid_serial_number_missing 153 // field in the last policy fetch response. 154 optional string machine_id = 5; 155 156 // This field is used for devices to send the additional ID to fetch settings. 157 // Retrieving some settings requires more than just device or user ID. 158 // For example, to retrieve public account, devices need to pass in 159 // public account ID in addition to device ID. To retrieve extension or 160 // plug-in settings, devices need to pass in extension/plug-in ID in 161 // addition to user ID. 162 // policy_type represents the type of settings (e.g. public account, 163 // extension) devices request to fetch. 164 optional string settings_entity_id = 6; 165 166 // If this fetch is due to a policy invalidation, this field contains the 167 // version provided with the invalidation. The server interprets this value 168 // and the value of invalidation_payload to fetch the up-to-date policy. 169 optional int64 invalidation_version = 7; 170 171 // If this fetch is due to a policy invalidation, this field contains the 172 // payload delivered with the invalidation. The server interprets this value 173 // and the value of invalidation_version to fetch the up-to-date policy. 174 optional bytes invalidation_payload = 8; 175 } 176 177 // This message is included in serialized form in PolicyFetchResponse 178 // below. It may also be signed, with the signature being created for 179 // the serialized form. 180 message PolicyData { 181 // See PolicyFetchRequest.policy_type. 182 optional string policy_type = 1; 183 184 // [timestamp] is milliseconds since Epoch in UTC timezone. It is 185 // included here so that the time at which the server issued this 186 // response cannot be faked (as protection against replay attacks). 187 // It is the timestamp generated by DMServer, NOT the time admin 188 // last updated the policy or anything like that. 189 optional int64 timestamp = 2; 190 191 // The DM token that was used by the client in the HTTP POST header 192 // for authenticating the request. It is included here again so that 193 // the client can verify that the response is meant for him (and not 194 // issued by a replay or man-in-the-middle attack). 195 optional string request_token = 3; 196 197 // The serialized value of the actual policy protobuf. This can be 198 // deserialized to an instance of, for example, ChromeSettingsProto, 199 // ChromeDeviceSettingsProto, or ExternalPolicyData. 200 optional bytes policy_value = 4; 201 202 // The device display name assigned by the server. It is only 203 // filled if the display name is available. 204 // 205 // The display name of the machine as generated by the server or set 206 // by the Administrator in the CPanel GUI. This is the same thing as 207 // |machine_name| in DeviceRegisterResponse but it might have 208 // changed since then. 209 optional string machine_name = 5; 210 211 // Version number of the server's current public key. (The key that 212 // was used to sign this response. Numbering should start at 1 and be 213 // increased by 1 at each key rotation.) 214 optional int32 public_key_version = 6; 215 216 // The user this policy is intended for. In case of device policy, the name 217 // of the owner (who registered the device). 218 optional string username = 7; 219 220 // In this field the DMServer should echo back the "deviceid" HTTP parameter 221 // from the request. 222 optional string device_id = 8; 223 224 // Indicates which state this association with DMServer is in. This can be 225 // used to tell the client that it is not receiving policy even though the 226 // registration with the server is kept active. 227 enum AssociationState { 228 // Association is active and policy is pushed. 229 ACTIVE = 0; 230 // Association is alive, but the corresponding domain is not managed. 231 UNMANAGED = 1; 232 } 233 optional AssociationState state = 9 [default = ACTIVE]; 234 235 // Indicates if the the server cannot find a valid serial number for the 236 // device. If this flag is set, the device should send the valid serial 237 // number with a device policy fetch request. Note that this only 238 // applies to device policy. 239 optional bool valid_serial_number_missing = 10; 240 241 // Indicates which public account or extension/plug-in this policy data is 242 // for. See PolicyFetchRequest.settings_entity_id for more details. 243 optional string settings_entity_id = 11; 244 245 // Indicates the identity the device service account is associated with. 246 // This is only sent as part of device policy fetch. 247 optional string service_account_identity = 12; 248 249 // The object source which hosts policy objects within the invalidation 250 // service. This value is combined with invalidation_name to form the object 251 // id used to register for invalidations to this policy. 252 optional int32 invalidation_source = 13; 253 254 // The name which uniquely identifies this policy within the invalidation 255 // service object source. This value is combined with invalidation_source to 256 // form the object id used to register for invalidations to this policy. 257 optional bytes invalidation_name = 14; 258 } 259 260 message PolicyFetchResponse { 261 // Since a single policy request may ask for multiple policies, we 262 // provide separate error code for each individual policy fetch. 263 264 // We will use standard HTTP Status Code as error code. 265 optional int32 error_code = 1; 266 267 // Human readable error message for customer support purpose. 268 optional string error_message = 2; 269 270 // This is a serialized |PolicyData| protobuf (defined above). 271 optional bytes policy_data = 3; 272 273 // Signature of the policy data above. 274 optional bytes policy_data_signature = 4; 275 276 // If the public key has been rotated on the server, the new public 277 // key is sent here. It is already used for |policy_data_signature| 278 // above, whereas |new_public_key_signature| is created using the 279 // old key (so the client can trust the new key). If this is the 280 // first time when the client requests policies (so it doesn't have 281 // on old public key), then |new_public_key_signature| is empty. 282 optional bytes new_public_key = 5; 283 optional bytes new_public_key_signature = 6; 284 } 285 286 // Request from device to server for reading policies. 287 message DevicePolicyRequest { 288 // The policy fetch request. If this field exists, the request must 289 // comes from a non-TT client. The repeated field allows client to 290 // request multiple policies for better performance. 291 repeated PolicyFetchRequest request = 3; 292 } 293 294 // Response from server to device for reading policies. 295 message DevicePolicyResponse { 296 // The policy fetch response. 297 repeated PolicyFetchResponse response = 3; 298 } 299 300 message TimePeriod { 301 // [timestamp] is milli seconds since Epoch in UTC timezone. 302 optional int64 start_timestamp = 1; 303 optional int64 end_timestamp = 2; 304 } 305 306 message ActiveTimePeriod { 307 optional TimePeriod time_period = 1; 308 309 // The active duration during the above time period. 310 // The unit is milli-second. 311 optional int32 active_duration = 2; 312 } 313 314 // This captures launch events for one app/extension or other installments. 315 message InstallableLaunch { 316 optional string install_id = 1; 317 318 // Time duration where this report covers. These are required 319 // and the record will be ignored if not set. 320 optional TimePeriod duration = 2; 321 322 // Client will send at most 50 timestamps to DM. All the rest 323 // launch activities will be summed into the total count. 324 // We will distribute the count evenly among the time span when 325 // doing time based aggregation. 326 repeated int64 timestamp = 3; 327 optional int64 total_count = 4; 328 } 329 330 // Used to report the device location. 331 message DeviceLocation { 332 enum ErrorCode { 333 ERROR_CODE_NONE = 0; 334 ERROR_CODE_POSITION_UNAVAILABLE = 1; 335 } 336 337 // Latitude in decimal degrees north (WGS84 coordinate frame). 338 optional double latitude = 1; 339 340 // Longitude in decimal degrees west (WGS84 coordinate frame). 341 optional double longitude = 2; 342 343 // Altitude in meters (above WGS84 datum). 344 optional double altitude = 3; 345 346 // Accuracy of horizontal position in meters. 347 optional double accuracy = 4; 348 349 // Accuracy of altitude in meters. 350 optional double altitude_accuracy = 5; 351 352 // Heading in decimal degrees clockwise from true north. 353 optional double heading = 6; 354 355 // Horizontal component of device velocity in meters per second. 356 optional double speed = 7; 357 358 // Time of position measurement in milisecons since Epoch in UTC time. 359 optional int64 timestamp = 8; 360 361 // Error code, see enum above. 362 optional ErrorCode error_code = 9; 363 364 // Human-readable error message. 365 optional string error_message = 10; 366 } 367 368 // Details about a network interface. 369 message NetworkInterface { 370 // Indicates the type of network device. 371 enum NetworkDeviceType { 372 TYPE_ETHERNET = 0; 373 TYPE_WIFI = 1; 374 TYPE_WIMAX = 2; 375 TYPE_BLUETOOTH = 3; 376 TYPE_CELLULAR = 4; 377 } 378 379 // Network device type. 380 optional NetworkDeviceType type = 1; 381 382 // MAC address (if applicable) of the corresponding network device. This is 383 // formatted as an ASCII string with 12 hex digits. Example: A0B1C2D3E4F5. 384 optional string mac_address = 2; 385 386 // MEID (if applicable) of the corresponding network device. Formatted as 387 // ASCII string composed of 14 hex digits. Example: A10000009296F2. 388 optional string meid = 3; 389 390 // IMEI (if applicable) of the corresponding network device. 15-16 decimal 391 // digits encoded as ASCII string. Example: 355402040158759. 392 optional string imei = 4; 393 } 394 395 // Details about a device user. 396 message DeviceUser { 397 // Types of device users which can be reported. 398 enum UserType { 399 // A user managed by the same domain as the device. 400 USER_TYPE_MANAGED = 0; 401 402 // A user not managed by the same domain as the device. 403 USER_TYPE_UNMANAGED = 1; 404 } 405 406 // The type of the user. 407 required UserType type = 1; 408 409 // Email address of the user. Present only if the user type is managed. 410 optional string email = 2; 411 } 412 413 // Report device level status. 414 message DeviceStatusReportRequest { 415 // The OS version reported by the device is a platform version 416 // e.g. 1435.0.2011_12_16_1635. 417 optional string os_version = 1; 418 optional string firmware_version = 2; 419 420 // "Verified", "Dev". Same as verified mode. 421 // If the mode is unknown, this field should not be set. 422 optional string boot_mode = 3; 423 424 // Device active times collection since last report rpc call. 425 // No longer used -- use active_period instead. 426 repeated TimePeriod active_time = 4 [deprecated = true]; 427 428 // The browser version string as shown in the About dialog. 429 // e.g. 17.0.963.18. 430 optional string browser_version = 5; 431 432 // A list of periods when the device was active, aggregated by day. 433 repeated ActiveTimePeriod active_period = 6; 434 435 // The device location. 436 optional DeviceLocation device_location = 7; 437 438 // List of network interfaces. 439 repeated NetworkInterface network_interface = 8; 440 441 // List of recent device users, in descending order by last login time. 442 repeated DeviceUser user = 9; 443 } 444 445 // Report session (a user on one device) level status. 446 message SessionStatusReportRequest { 447 // Installed apps for this user on this device. 448 repeated string installed_app_id = 1; 449 450 // Installed extensions for this user on this device. 451 repeated string installed_extension_id = 2; 452 453 // One stat per app for top 30 apps. 454 repeated InstallableLaunch app_launch_stat = 3; 455 } 456 457 // Response from DMServer to update devices' status. 458 // It is possible that status report fails but policy request succeed. In such 459 // case, the DeviceStatusReportResponse will contain an error code and the 460 // device should re-send status report data in the next policy request. The 461 // device should re-send report data if policy request fails, even if 462 // DeviceStatusReportResponse contains no error code. 463 message DeviceStatusReportResponse { 464 optional int32 error_code = 1; 465 466 // Human readable error message for customer support purpose. 467 optional string error_message = 2; 468 } 469 470 // Response from DMServer to update user devices' status. 471 // It is possible that status report fails but policy request succeed. In such 472 // case, the SessionStatusReportResponse will contain an error code and the 473 // device should re-send status report data in the next policy request. The 474 // device should re-send report data if policy request fails, even if 475 // SessionStatusReportResponse contains no error code. 476 message SessionStatusReportResponse { 477 optional int32 error_code = 1; 478 479 // Human readable error message for customer support purpose. 480 optional string error_message = 2; 481 } 482 483 // Request from device to server to determine whether the device should 484 // go through enterprise enrollment. Unlike the other requests, this request is 485 // not authenticated. 486 message DeviceAutoEnrollmentRequest { 487 // SHA-256 hash of the device's serial number, mod |modulus|. 488 // Should always be present. 489 optional int64 remainder = 1; 490 491 // Modulus of the hash used by the client. Should always be present. This 492 // is the number of buckets the client thinks the server has. For now, 493 // it is a power of 2, but due to the strict constraint on how many serial 494 // numbers a bucket can contain, it may become non power of 2. If that 495 // happens, client-side needs to change its assumption. 496 optional int64 modulus = 2; 497 } 498 499 // Response from server to auto-enrollment detection request. 500 message DeviceAutoEnrollmentResponse { 501 // If this field is present, the other fields are ignored and the client 502 // should send a new DeviceAutoEnrollmentRequest with a new |remainder| 503 // computed using this new |modulus|. If this field is empty, the client's 504 // request was accepted. 505 // DMServer guarantees that if the modulus sent by client in 506 // DeviceAutoEnrollmentRequest matches server's expectation, this field 507 // is unset. 508 optional int64 expected_modulus = 1; 509 510 // List of hashes in the client's hash bucket. If the client's hash matches 511 // any in this list, the client device should do enterprise enrollment. 512 // If it matches none, enrollment should be optional. 513 // Each entry has exactly 256 bits (32 bytes). 514 repeated bytes hash = 2; 515 } 516 517 // Request from the DMAgent on the device to the DMServer. This is 518 // container for all requests from device to server. The overall HTTP 519 // request MUST be in the following format: 520 // 521 // * HTTP method is POST 522 // * Data mime type is application/x-protobuffer 523 // * HTTP parameters are (all required, all case sensitive): 524 // * request: MUST BE one of 525 // * cert_upload 526 // * enterprise_check 527 // * ping 528 // * policy 529 // * register 530 // * status 531 // * unregister 532 // * api_authorization 533 // 534 // * devicetype: MUST BE "1" for Android or "2" for Chrome OS. 535 // * apptype: MUST BE Android or Chrome. 536 // * deviceid: MUST BE no more than 64-char in [\x21-\x7E]. 537 // * agent: MUST BE no more than 64-char long. 538 // * HTTP Authorization header MUST be in the following formats: 539 // * For register and ping requests 540 // Authorization: GoogleLogin auth=<auth cookie for Mobile Sync> 541 // 542 // * For unregister, policy, status, and cert_upload requests 543 // Authorization: GoogleDMToken token=<dm token from register> 544 // 545 // * The Authorization header isn't used for enterprise_check 546 // request, nor for register requests using OAuth. In the latter case, 547 // the OAuth token is passed in the "oauth" parameter. 548 // 549 // DeviceManagementRequest should only contain one request which matches the 550 // HTTP query parameter - request, as listed below. Other requests within the 551 // container will be ignored. 552 // cert_upload: cert_upload_request 553 // enterprise_check: auto_enrollment_request 554 // ping: policy_request 555 // policy: policy_request 556 // register: register_request 557 // status: device_status_report_request or session_status_report_request 558 // unregister: unregister_request 559 // 560 // 561 message DeviceManagementRequest { 562 // Register request. 563 optional DeviceRegisterRequest register_request = 1; 564 565 // Unregister request. 566 optional DeviceUnregisterRequest unregister_request = 2; 567 568 // Policy request. 569 optional DevicePolicyRequest policy_request = 3; 570 571 // Update status. 572 optional DeviceStatusReportRequest device_status_report_request = 4; 573 optional SessionStatusReportRequest session_status_report_request = 5; 574 575 // Auto-enrollment detection. 576 optional DeviceAutoEnrollmentRequest auto_enrollment_request = 6; 577 578 // EMCert upload (for remote attestation) 579 optional DeviceCertUploadRequest cert_upload_request = 7; 580 581 // Request for OAuth2 authorization codes to access Google services. 582 optional DeviceServiceApiAccessRequest service_api_access_request = 8; 583 } 584 585 // Response from server to device. 586 // 587 // The server uses the following numbers as HTTP status codes 588 // to report top-level errors. 589 // 590 // 200 OK: valid response is returned to client. 591 // 400 Bad Request: invalid argument. 592 // 401 Unauthorized: invalid auth cookie or DM token. 593 // 403 Forbidden: device management is not allowed. 594 // 404 Not Found: the request URL is invalid. 595 // 410 Device Not Found: the device id is not found. 596 // 491 Request Pending: the request is pending approval. 597 // 500 Internal Server Error: most likely a bug in DM server. 598 // 503 Service Unavailable: most likely a backend error. 599 // 901 Device Not Found: the device id is not found. 600 // 902 Policy Not Found: the policy is not found. 601 message DeviceManagementResponse { 602 // Error message. 603 optional string error_message = 2; 604 605 // Register response 606 optional DeviceRegisterResponse register_response = 3; 607 608 // Unregister response 609 optional DeviceUnregisterResponse unregister_response = 4; 610 611 // Policy response. 612 optional DevicePolicyResponse policy_response = 5; 613 614 // Device status report response. 615 optional DeviceStatusReportResponse device_status_report_response = 6; 616 617 // Session status report response. 618 optional SessionStatusReportResponse session_status_report_response = 7; 619 620 // Auto-enrollment detection response. 621 optional DeviceAutoEnrollmentResponse auto_enrollment_response = 8; 622 623 // EMCert upload response. 624 optional DeviceCertUploadResponse cert_upload_response = 9; 625 626 // Response to OAuth2 authorization code request. 627 optional DeviceServiceApiAccessResponse service_api_access_response = 10; 628 } 629
