commit 5fe8d57ebabc76954b98b2404bcd88635936b9cd Author: MunyDev Date: Tue Aug 13 10:31:17 2024 -0400 Initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..33fec00 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +.venv +out +__pycache__ \ No newline at end of file diff --git a/device_management.proto b/device_management.proto new file mode 100644 index 0000000..716b9d5 --- /dev/null +++ b/device_management.proto @@ -0,0 +1,5014 @@ +// Copyright 2013 The Chromium Authors +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +syntax = "proto2"; + +option optimize_for = LITE_RUNTIME; + +package enterprise_management; + +option go_package = "chromium/policy/enterprise_management_proto"; + +import "private_membership_rlwe.proto"; + +// Everything below this comment will be synchronized between client and server +// repos ( go/cros-proto-sync ). + +// This enum needs to be shared between DeviceRegisterRequest and +// LicenseAvailability protos. With java_api_version 1, this means that enum +// needs to be wrapped into a message. +message LicenseType { + // Enumerates different license types. + enum LicenseTypeEnum { + // Unknown/undefined + UNDEFINED = 0; + // Chrome Device Management Perpetual + CDM_PERPETUAL = 1; + // Chrome Device Management Annual + CDM_ANNUAL = 2; + // Chrome Kiosk + KIOSK = 3; + // Chrome Enterprise bundled license + CDM_PACKAGED = 4; + } + + optional LicenseTypeEnum license_type = 1; +} + +// The current active session type on the device, or `NO_SESSION` if no user +// is currently logged in. +// This enum is used in the response payload of the +// `FETCH_CRD_AVAILABILITY_INFO` remote command. +// NOTE: Please DO NOT rename enum entries as they are used by external APIs. +enum UserSessionType { + USER_SESSION_TYPE_UNKNOWN = 0; + AUTO_LAUNCHED_KIOSK_SESSION = 1; + MANUALLY_LAUNCHED_KIOSK_SESSION = 2; + AFFILIATED_USER_SESSION = 3; + UNAFFILIATED_USER_SESSION = 4; + MANAGED_GUEST_SESSION = 5; + GUEST_SESSION = 6; + NO_SESSION = 7; +} + +// The type of the CRD session. This enum is used in: +// * the response payload of `FETCH_CRD_AVAILABILITY_INFO`. +// * the request payload of `DEVICE_START_CRD_SESSION`. +enum CrdSessionType { + CRD_SESSION_TYPE_UNKNOWN = 0; + // A session where the admin has exclusive control of the remote machine. + REMOTE_ACCESS_SESSION = 1; + // A session where the admin and the local user share control of the remote + // machine. + REMOTE_SUPPORT_SESSION = 2; +} + +// Enum indicating why a CRD session is or is not available. +// This enum is used in the response payload of the +// `FETCH_CRD_AVAILABILITY_INFO` remote command. +// NOTE: Please DO NOT rename enum entries as they are used by external APIs. +enum CrdSessionAvailability { + CRD_SESSION_AVAILABILITY_UNKNOWN = 0; + // The CRD session is available and the admin can start a CRD session. + AVAILABLE = 1; + // The CRD session is not available for the current user session type. + UNAVAILABLE_UNSUPPORTED_USER_SESSION_TYPE = 2; + // The CRD session is not available since the device is in an unmanaged + // environment. + UNAVAILABLE_UNMANAGED_ENVIRONMENT = 3; + // The CRD session type is unsupported by device os version + UNAVAILABLE_UNSUPPORTED_DEVICE_OS_VERSION = 4; + // CRD is disabled on the device by the 'enterprise remote support connection' + // policy. + UNAVAILABLE_DISABLED_BY_POLICY = 5; +} + +// Result code used in the response payload of the `START_CRD_SESSION` remote +// command. This is used because it is more granular than the normal +// `ResultType` enum used as the result code for a remote command. +enum StartCrdSessionResultCode { + START_CRD_SESSION_RESULT_UNKNOWN = -1; + // Successfully obtained access code. + START_CRD_SESSION_SUCCESS = 0; + // Failed as required services are not launched on the device. + SERVICES_NOT_READY = 1; + // Failure as the current user type does not support remotely starting CRD. + FAILURE_UNSUPPORTED_USER_TYPE = 2; + // Failed as device is currently in use and no interruptUser flag is set. + FAILURE_NOT_IDLE = 3; + // Failed as we could not get OAuth token for whatever reason. + FAILURE_NO_OAUTH_TOKEN = 4; + // Failed as we could not get ICE configuration for whatever reason. + // deprecated + FAILURE_NO_ICE_CONFIG = 5; + // Failure during attempt to start CRD host and obtain CRD token. + FAILURE_CRD_HOST_ERROR = 6; + // Failure to start a curtained session as we're not in a managed environment. + FAILURE_UNMANAGED_ENVIRONMENT = 7; + // Failed because RemoteAccessHostAllowEnterpriseRemoteSupportConnections + // policy is disabled. + FAILURE_DISABLED_BY_POLICY = 8; +} + +// Result code used in the response payload of the `FETCH_SUPPORT_PACKET` remote +// command. The response payload will be a JSON string as follows: +// { +// "result": , +// (optional) "notes": [] +// } +enum FetchSupportPacketResultCode { + // Unspecified result. + FETCH_SUPPORT_PACKET_RESULT_CODE_UNSPECIFIED = 0; + // Success. + FETCH_SUPPORT_PACKET_RESULT_SUCCESS = 1; + // Command is not enabled for the device or the user. + FAILURE_COMMAND_NOT_ENABLED = 2; + // Failed to create the file to upload. + FAILURE_EXPORTING_FILE = 3; + // Internal failure at reporting pipeline. LogUploadEvent can't be enqueued. + FAILURE_REPORTING_PIPELINE = 4; + // File upload to File Storage Server has failed. + FAILURE_LOG_UPLOAD = 5; +} + +// Result payload field that will used for FETCH_SUPPORT_PACKET remote command. +// This field represents the warnings or notes that the device sends along with +// the command result. This enum will be used to attach optional notes to +// successful execution. Failure details will be send to the server in +// FetchSupportPacketResultCode enum. +enum FetchSupportPacketResultNote { + FETCH_SUPPORT_PACKET_RESULT_PAYLOAD_UNSPECIFIED = 0; + // Warning that the requested PII is not allowed to be included in the + // collected logs due to privacy issues. This is not an error but a warning to + // the admin. The log file will be created and uploaded without PII. + WARNING_PII_NOT_ALLOWED = 1; +} + +// Data along with a cryptographic signature verifying their authenticity. +message SignedData { + // The data to be signed. + optional bytes data = 1; + // The signature of the data field. + optional bytes signature = 2; + // How many bytes were added to the end of original data before signature + // (e.g. a nonce to avoid proxy attacks of the signing service). + optional int32 extra_data_bytes = 3; +} + +// Request from device to server to check user account type for enrollment. +message CheckUserAccountRequest { + // Email address of a user. + // The user may not exist in GAIA. + optional string user_email = 1; + // If enrollment nudge policy is required. + optional bool enrollment_nudge_request = 2 [default = false]; +} + +// Request from device to server to register a device, user or browser. +message DeviceRegisterRequest { + reserved 5, 10; + + // Reregister device without erasing server state. It can be used + // to refresh dmtoken etc. Client MUST set this value to true if it + // reuses an existing device id. + optional bool reregister = 1; + + // Register type. This field does not exist for TT release. + // When a client requests for policies, server should verify the + // client has been registered properly. For example, a client must + // register with type DEVICE in order to retrieve device policies. + enum Type { + reserved 5; + + TT = 0; // Register for TT release. + USER = 1; // Register for Chrome OS user polices. + DEVICE = 2; // Register for Chrome OS device policies. + BROWSER = 3; // Register for desktop Chrome browser user policies. + ANDROID_BROWSER = 4; // Register for Android Chrome browser user policies. + IOS_BROWSER = 6; // Register for iOS Chrome browser user policies. + } + // NOTE: we also use this field to detect client version. If this + // field is missing, then the request comes from TT. We will remove + // Chrome OS TT support once it is over. + optional Type type = 2 [default = TT]; + + // Machine hardware id, such as serial number. + // This field is required if register type == DEVICE. + optional string machine_id = 3; + + // Machine model name, such as "ZGA", "Cr-48", "Nexus One". If the + // model name is not available, client SHOULD send generic name like + // "Android", or "Chrome OS". + optional string machine_model = 4; + + // Indicates a requisition of the registering entity that the server can act + // upon. This allows clients to pass hints e.g. at device enrollment time + // about the intended use of the device. + optional string requisition = 6; + + // The current server-backed state key for the client, if applicable. This can + // be used by the server to link the registration request to an existing + // device record for re-enrollment. + optional bytes server_backed_state_key = 7; + + // Enumerates different flavors of registration. + enum Flavor { + reserved 12; + + // User manually enrolls a device for device management. + FLAVOR_ENROLLMENT_MANUAL = 0; + // User re-starts enrollment manually to recover from loss of policy. + FLAVOR_ENROLLMENT_MANUAL_RENEW = 1; + // Device enrollment forced by local device configuration, such as OEM + // partition flags to force enrollment. + FLAVOR_ENROLLMENT_LOCAL_FORCED = 2; + // Enrollment advertised by local device configuration, such as OEM + // partition flags indicating to prompt for enrollment, but allowing the + // user to skip. + FLAVOR_ENROLLMENT_LOCAL_ADVERTISED = 3; + // Device state downloaded from the server during OOBE indicates that + // re-enrollment is mandatory. + FLAVOR_ENROLLMENT_SERVER_FORCED = 4; + // Device state downloaded from the server during OOBE indicates that the + // device should prompt for (re-)enrollment, but the user is allowed to + // skip. + FLAVOR_ENROLLMENT_SERVER_ADVERTISED = 5; + // Device detected in steady state that it is supposed to be enrolled, but + // the policy is missing. + FLAVOR_ENROLLMENT_RECOVERY = 6; + // User policy registration for a logged-in user. + FLAVOR_USER_REGISTRATION = 7; + // Attestation-based with the option to use a different authentication + // mechanism. + FLAVOR_ENROLLMENT_ATTESTATION = 8; + // Forced attestation-based enrollment (cannot fallback to another flavor). + FLAVOR_ENROLLMENT_ATTESTATION_LOCAL_FORCED = 9; + // Device state downloaded from the server during OOBE indicates that + // re-enrollment is mandatory and should be attestation-based. + FLAVOR_ENROLLMENT_ATTESTATION_SERVER_FORCED = 10; + // Device state downloaded from the server indicated that re-enrollment is + // mandatory, but it failed and we are doing a fallback to manual + // enrollment. + FLAVOR_ENROLLMENT_ATTESTATION_MANUAL_FALLBACK = 11; + // Device state downloaded from the server during OOBE indicates that + // initial enrollment is mandatory. + FLAVOR_ENROLLMENT_INITIAL_SERVER_FORCED = 13; + // Device state downloaded from the server during OOBE indicates that + // initial enrollment is mandatory and should be attestation-based. + FLAVOR_ENROLLMENT_ATTESTATION_INITIAL_SERVER_FORCED = 14; + // Device state downloaded from the server indicated that initial enrollment + // is mandatory, but it failed and we are doing a fallback to manual + // enrollment. + FLAVOR_ENROLLMENT_ATTESTATION_INITIAL_MANUAL_FALLBACK = 15; + // An enterprise rollback just took place and the device was wiped. + // Attempt to re-enroll with attestation. This is forced from the + // client side. + FLAVOR_ENROLLMENT_ATTESTATION_ROLLBACK_FORCED = 16; + // An enterprise rollback just took place and the device was wiped. + // Attestation re-enrollment just failed, attempt manual enrollment as + // fallback. + FLAVOR_ENROLLMENT_ATTESTATION_ROLLBACK_MANUAL_FALLBACK = 17; + // Device state downloaded from the server indicated that initial enrollment + // is mandatory and should be token-based. + FLAVOR_ENROLLMENT_TOKEN_INITIAL_SERVER_FORCED = 18; + // Device state downloaded from the server indicated that initial + // token-based enrollment is mandatory, but it failed and we are doing + // fallback to manual enrollment. + FLAVOR_ENROLLMENT_TOKEN_INITIAL_MANUAL_FALLBACK = 19; + } + + // Indicates the registration flavor. This is passed to the server FYI when + // registering for policy so the server can distinguish registration triggers. + optional Flavor flavor = 8; + + // If specified, represents the license type selected by user on the device. + optional LicenseType license_type = 9; + + // Enumerates different expected lifetimes of registration. + enum Lifetime { + // Default case. + LIFETIME_UNDEFINED = 0; + // No expiration, most of the registrations have this lifetime. + LIFETIME_INDEFINITE = 1; + // Lifetime for ephemeral user policy registration. + LIFETIME_EPHEMERAL_USER = 2; + } + + // Indicates the expected lifetime of registration. + optional Lifetime lifetime = 11 [default = LIFETIME_INDEFINITE]; + + // The 4-character brand code of the device. + optional string brand_code = 12; + + // Previous DMToken that should be reused for re-registration. + optional string reregistration_dm_token = 13; + + // MAC address for onboard network (ethernet) interface. + // The format is twelve (12) hexadecimal digits without any delimiter + // (uppercase letters). + // This field might be set only if register type == DEVICE. + optional string ethernet_mac_address = 14; + + // Built-in MAC address for the docking station that the device can be + // connected to. + // The format is twelve (12) hexadecimal digits without any delimiter + // (uppercase letters). + // This field might be set only if register type == DEVICE. + optional string dock_mac_address = 15; + + // The date the device was manufactured in yyyy-mm-dd format. + // This field might be set only if register type == DEVICE. + optional string manufacture_date = 16; + + // Currently using in token enrollment to ensure domain in request matches + // domain from token. + optional string expected_enrollment_domain = 17; + + // Identification of the device that is not already available. + optional DeviceRegisterIdentification device_register_identification = 18; + + // Indicates all possible PSM (Private Set Membership) protocol final results + // without specifying the root cause in case of an error. + enum PsmExecutionResult { + // PSM protocol started and it neither finished successfully nor + // terminated due to a protocol's error. + PSM_RESULT_UNKNOWN = 0; + + // PSM finished successfully and there was server-backed state for the + // device. + PSM_RESULT_SUCCESSFUL_WITH_STATE = 1; + + // PSM finished successfully and there was no server-backed state for the + // device. + PSM_RESULT_SUCCESSFUL_WITHOUT_STATE = 2; + + // PSM terminated due to an error. + PSM_RESULT_ERROR = 3; + + // PSM check was skipped, as the device is going through Flex Auto + // Enrollment after legacy state determination. + PSM_SKIPPED_FOR_FLEX_AUTO_ENROLLMENT = 4; + } + optional PsmExecutionResult psm_execution_result = 19; + + // Timestamp of PSM retrieving the device's determination successfully in + // milliseconds since Epoch in UTC timezone (Java time). + optional int64 psm_determination_timestamp_ms = 20; + + // Information specific to Demo Mode about the device and the demo context. + // Only set when the device is enrolling into Demo Mode, as defined by + // DeviceRegisterRequest.requisition == "cros-demo-mode". + optional DemoModeDimensions demo_mode_dimensions = 21; + + // Contains encoded customer information relevant for the generic OIDC profile + // enrollment process. + optional string oidc_profile_enrollment_state = 22; + + // Next id: 23. +} + +// Identification of a device used during its registration. +message DeviceRegisterIdentification { + // The attested device ID for devices using Zero-Touch (see go/zt-sn). + optional string attested_device_id = 1; +} + +// Response from server to device +message CheckUserAccountResponse { + // Enum listing the possible user account status. + enum UserAccountType { + UNKNOWN_USER_ACCOUNT_TYPE = 0; + + // There is no GAIA user exist mapping to the specific user email. + NOT_EXIST = 1; + + // The GAIA user mapping to the specific user email is not a dasher user. + CONSUMER = 2; + // The GAIA user is a dasher user. See http://go/is-dasher-user + DASHER = 3; + } + + // The domain abstracted from the specific email has been verified by dasher. + optional bool domain_verified = 1; + + // The account type mapping from the specific user email. + optional UserAccountType user_account_type = 2; + + // Enum listing the possible enrollment nudge types. + enum EnrollmentNudgeType { + UNKNOWN_ENROLLMENT_NUDGE_TYPE = 0; + // Enrollment is not required. + NONE = 1; + // Requires the user to complete the enrollment process before they can + // login. + ENROLLMENT_REQUIRED = 2; + } + + // Whether to nudge managed users to enroll unowned devices. + optional EnrollmentNudgeType enrollment_nudge_type = 3; +} + +// Response from server to device register request. +message DeviceRegisterResponse { + reserved 6; + + // Device management token for this registration. This token MUST be + // part of HTTP Authorization header for all future requests from + // device to server. + required string device_management_token = 1; + + // Device display name. By default, server generates the name in + // the format of "Machine Model - Machine Id". However, domain + // admin can update it using Admin console, so do NOT treat it as constant. + optional string machine_name = 2; + + // Enum listing the possible modes the device should be locked into when the + // registration is finished. + enum DeviceMode { + // In ENTERPRISE mode the device has no local owner and device settings are + // controlled through the cloud policy infrastructure. Auto-enrollment is + // supported in that mode. + ENTERPRISE = 0; + // DEPRECATED: Devices in RETAIL mode also have no local owner and get their + // device settings from the cloud, but additionally this mode enables the + // demo account on the device. + RETAIL_DEPRECATED = 1; + // DEPRECATED: Devices in CHROME_AD mode are in enterprises with AD. Device + // settings are controlled through the AD policy infrastructure. + CHROME_AD_DEPRECATED = 2; + // Devices in DEMO mode have no local owner and get their device settings + // from the cloud. They are controlled by demo mode domain and provide + // customized demo experience to the users. + DEMO = 3; + } + optional DeviceMode enrollment_type = 3 [default = ENTERPRISE]; + + // An opaque configuration string for devices that require it. CHROME_AD + // devices, for example, may use this string for AD discovery. Must be at + // most a few kBytes. + optional string configuration_seed = 4; + + // List of user affiliation IDs. The list is used to define if the user + // registering for policy is affiliated on the device. + // Only sent if DeviceRegisterRequest.Type == USER + repeated string user_affiliation_ids = 5; + + // The display name Chrome should use when setting up the profile, used for + // OIDC managed profile only. + optional string user_display_name = 7; + + // The email of the user who logged into this profile, used for OIDC managed + // profile only. + optional string user_email = 8; + + // Enum listing the possible types of the third party identity used for OIDC + // managed profiles. + enum ThirdPartyIdentityType { + // The profile does not have third party identity. + NONE = 0; + // The third party identity is synced to Google (Dasher) and there is an + // associated GAIA ID for it. + DASHER_BASED = 1; + // The third party identity is not synced to Google and there is no + // associated GAIA ID for it. + DASHERLESS = 2; + } + optional ThirdPartyIdentityType third_party_identity_type = 9 + [default = NONE]; +} + +// Request from device to server to unregister device. +// GoogleDMToken MUST be in HTTP Authorization header. +message DeviceUnregisterRequest {} + +// Response from server to device for unregister request. +message DeviceUnregisterResponse {} + +// Request from device to server to upload a device certificate or an enrollment +// identifier. +// GoogleDMToken MUST be in HTTP Authorization header. +message DeviceCertUploadRequest { + enum CertificateType { + // Default value for when a type is not specified. + CERTIFICATE_TYPE_UNSPECIFIED = 0; + // Enterprise machine certificate used for remote attestation. + ENTERPRISE_MACHINE_CERTIFICATE = 1; + // Enrollment certificate used to obtain an enrollment identifier. + ENTERPRISE_ENROLLMENT_CERTIFICATE = 2; + } + + // Certificate in X.509 format. + optional bytes device_certificate = 1; + // Type of certificate. If omitted, will be guessed from the other fields. + optional CertificateType certificate_type = 2; + // Enrollment identifier if provided. + optional bytes enrollment_id = 3; +} + +// Response from server to device for cert upload request. +message DeviceCertUploadResponse {} + +// Request to access a Google service with the given scope. +message DeviceServiceApiAccessRequest { + // The list of auth scopes the device requests from DMServer. + repeated string auth_scopes = 1; + + // OAuth2 client ID to which the returned authorization code is bound. + optional string oauth2_client_id = 2; + + // Enumerates different flavors of registration. + enum DeviceType { + // Authcode will be used by Chrome OS + // (this is typically requested during device enrollment) + CHROME_OS = 0; + // Authcode will be used by Android (ARC) subsystem + // (this is typically requested during ARC Kiosk session setup) + ANDROID_OS = 1; + // Authcode will be used by Chrome OS Demo Mode. This auth code can be used + // to access Google Docs. + // Please see go/cros-demo-mode and go/demo-mode-account-brainstorm. + CHROME_OS_DEMO_MODE = 2; + // Authcode will be used by the enterprise-managed Chrome Browser to + // register for policy invalidations. This is requested during enrollment. + CHROME_BROWSER = 3; + } + + // Device type indicates the intended use of the auth code. + optional DeviceType device_type = 3; +} + +// Response from server to API access request. +message DeviceServiceApiAccessResponse { + // The OAuth2 authorization code for the requested scope(s). + // This can be exchanged for a refresh token. + optional string auth_code = 1; +} + +// Device Identifier for non-Chrome OS platform. +message BrowserDeviceIdentifier { + reserved 3; + + // Name of the computer. + optional string computer_name = 1; + // Device serial number (definition depending on the platform). + optional string serial_number = 2; +} + +message PolicyFetchRequest { + reserved 5; + + // This is the policy type, which maps to D3 policy type internally. + // By convention, we use "/" as separator to create policy namespace. + // The policy type names are case insensitive. + // + // Possible values for Chrome OS are: + // google/chromeos/device => ChromeDeviceSettingsProto + // google/chromeos/publicaccount => ChromeSettingsProto + // google/chromeos/signinextension => ExternalPolicyData + // google/chromeos/remotecommand => RemoteCommand (*) + // + // For users signed in to Chrome, + // google/chromeos/user => ChromeSettingsProto + // google/android/user => ChromeSettingsProto + // google/chrome/user => ChromeSettingsProto + // google/ios/user => ChromeSettingsProto + // google/chrome/extension => ExternalPolicyData + // + // For Chrome Browser Cloud Management, + // google/chrome/machine-level-user => ChromeSettingsProto + // google/chrome/machine-level-user-android => ChromeSettingsProto + // google/chrome/machine-level-user-ios => ChromeSettingsProto + // google/chrome/machine-level-extension => ExternalPolicyData + // google/machine-level-apps => + // Omaha policy fetch is translated into two policy types + // google/chrome/machine-level-user => ChromeSettingsProto + // google/machine-level-omaha => OmahaSettingsClientProto + // + // Types marked with an (*) are not policies, but data signed with the policy + // key. It is illegal to try to fetch policies with those types. + optional string policy_type = 1; + + // This is the last policy timestamp that client received from server. The + // expectation is that this field is filled by the value of + // PolicyData.timestamp from the last policy received by the client. + optional int64 timestamp = 2; + + // Tell server what kind of security signature is required. + // TODO(b/147782972): Move to toplevel in sync with Chrome OS client code. + enum SignatureType { + NONE = 0; + SHA1_RSA = 1; + SHA256_RSA = 2; + } + optional SignatureType signature_type = 3 [default = NONE]; + + // The version number of the public key that is currently stored + // on the client. This should be the last number the server had + // supplied as new_public_key_version in PolicyData. + // This field is unspecified if the client does not yet have a + // public key. + optional int32 public_key_version = 4; + + // This field is used for devices to send the additional ID to fetch settings. + // Retrieving some settings requires more than just device or user ID. + // For example, to retrieve public account, devices need to pass in + // public account ID in addition to device ID. To retrieve extension or + // plug-in settings, devices need to pass in extension/plug-in ID in + // addition to user ID. + // policy_type represents the type of settings (e.g. public account, + // extension) devices request to fetch. + optional string settings_entity_id = 6; + + // If this fetch is due to a policy invalidation, this field contains the + // version provided with the invalidation. The server interprets this value + // and the value of invalidation_payload to fetch the up-to-date policy. + optional int64 invalidation_version = 7; + + // If this fetch is due to a policy invalidation, this field contains the + // payload delivered with the invalidation. The server interprets this value + // and the value of invalidation_version to fetch the up-to-date policy. + optional bytes invalidation_payload = 8; + + // Hash string for the chrome policy verification public key which is embedded + // into Chrome binary. Matching private key will be used by the server + // to sign per-domain policy keys during key rotation. If server does not + // have the key which matches this hash string, that could indicate malicious + // or out-of-date Chrome client. + optional string verification_key_hash = 9; + + // Encoded information from a policy invalidation notification. This is opaque + // to the client and should be forwarded from the invalidation notification. + optional string policy_invalidation_info = 10; + + // Whether or not the client only supports the new PolicyData invalidation + // topics. If true, only the policy_invalidation_topic and + // command_invalidation_topic fields will be set in the PolicyData response. + optional bool invalidation_topics_only = 11; + + // If this is an affiliated user, this is the device's DMToken. + optional string device_dm_token = 12; + + // Device identifier for helping identify non-Chrome OS devices. + optional BrowserDeviceIdentifier browser_device_identifier = 13; +} + +// This message customizes how the device behaves when it is disabled by its +// owner. The message will be sent as part of the DeviceState fetched during +// normal operation and as part of the DeviceStateRetrievalResponse fetched when +// the device is wiped/reinstalled. +message DisabledState { + // A message to the finder/thief that should be shown on the screen. + optional string message = 1; +} + +message DeviceState { + // Modes of operation that the device can be in. + enum DeviceMode { + // The device is operating normally. Sessions can be started and the device + // can be used. + DEVICE_MODE_NORMAL = 0; + // The device has been disabled by its owner. The device will show a warning + // screen and will not allow any sessions to be started. + DEVICE_MODE_DISABLED = 1; + } + // The mode of operation that the device should be in. + optional DeviceMode device_mode = 1 [default = DEVICE_MODE_NORMAL]; + + // State that is relevant only when the |device_mode| is + // |DEVICE_MODE_DISABLED|. + optional DisabledState disabled_state = 2; +} + +message CustomerLogo { + // The SCS url for the logo set by the admin for a particular OU. + // This is in the form https://admin.googleusercontent.com/. + optional string logo_url = 1; +} + +// This message is included in serialized form in PolicyFetchResponse below. It +// may also be signed, with the signature being created for the serialized form. +message PolicyData { + reserved 10, 13, 14, 18, 19; + reserved "command_invalidation_name"; + reserved "command_invalidation_source"; + reserved "invalidation_name"; + reserved "invalidation_source"; + reserved "valid_serial_number_missing"; + + // See PolicyFetchRequest.policy_type. + optional string policy_type = 1; + + // [timestamp] is milliseconds since Epoch in UTC timezone (Java time). It is + // included here so that the time at which the server issued this response + // cannot be faked (as protection against replay attacks). It is the timestamp + // generated by DMServer, NOT the time admin last updated the policy or + // anything like that. + optional int64 timestamp = 2; + + // The DMToken that was used by the client in the HTTP POST header for + // authenticating the request. It is included here again so that the client + // can verify that the response is meant for them (and not issued by a replay + // or man-in-the-middle attack). + // Note that the existence or non-existence of the DMToken is not the correct + // way to determine whether the device is managed. Cf. |management_mode| below + // for details. + optional string request_token = 3; + + // The serialized value of the actual policy protobuf. This can be + // deserialized to an instance of, for example, ChromeSettingsProto, + // ChromeDeviceSettingsProto, or ExternalPolicyData. + optional bytes policy_value = 4; + + // The device display name assigned by the server. It is only + // filled if the display name is available. + // + // The display name of the machine as generated by the server or set + // by the Administrator in the Admin console GUI. This is the same thing as + // |machine_name| in DeviceRegisterResponse but it might have + // changed since then. + optional string machine_name = 5; + + // Version number of the server's current public key. (The key that + // was used to sign this response. Numbering should start at 1 and be + // increased by 1 at each key rotation.) + optional int32 public_key_version = 6; + + // The user this policy is intended for. In case of device policy, the name + // of the owner (who registered the device). + optional string username = 7; + + // In this field the DMServer should echo back the "deviceid" HTTP parameter + // from the request. This is also used for user and device local accounts ids, + // see client_id in code. + optional string device_id = 8; + + // Indicates which state this association with DMServer is in. This can be + // used to tell the client that it is not receiving policy even though the + // registration with the server is kept active. + enum AssociationState { + // Association is active and policy is pushed. + ACTIVE = 0; + // Association is alive, but the corresponding domain is not managed. + UNMANAGED = 1; + // The device has been deprovisioned by the administrator and is no longer + // managed. + DEPROVISIONED = 2; + } + optional AssociationState state = 9 [default = ACTIVE]; + + // Indicates which public account or extension/plug-in this policy data is + // for. See PolicyFetchRequest.settings_entity_id for more details. + optional string settings_entity_id = 11; + + // Indicates the identity the device service account is associated with. + // This is only sent as part of device policy fetch. + optional string service_account_identity = 12; + + // Server-provided identifier of the fetched policy. This is to be used + // by the client when requesting Policy Posture assertion through an API + // call or SAML flow. For details, see http://go/chrome-nac-server-design. + optional string policy_token = 15; + + // Indicates the management mode of the device. Note that old policies do not + // have this field. If this field is not set but request_token is set, assume + // the management mode is ENTERPRISE_MANAGED. If both this field and + // request_token are not set, assume the management mode is LOCAL_OWNER. + enum ManagementMode { + // The device is owned locally. The policies are set by the local owner of + // the device. + LOCAL_OWNER = 0; + // The device is enterprise-managed (either via DM server or through Active + // Directory). See the comment above for backward compatibility. + ENTERPRISE_MANAGED = 1; + // Obsolete. Don't use. + OBSOLETE_CONSUMER_MANAGED = 2; + } + optional ManagementMode management_mode = 16; + + // Indicates the state that the device should be in. + optional DeviceState device_state = 17; + + // The free-text location info the admin enters to associate the device + // with a location. + optional string annotated_location = 20; + + // The free-text asset identifier the admin enters to associate the device + // with a user-generated identifier. + optional string annotated_asset_id = 21; + + // The unique directory api ID of the device which was generated on the + // server-side. + optional string directory_api_id = 22; + + // List of device affiliation IDs. If there exists an overlap between user + // affiliation IDs and device affiliation IDs, we consider that the user is + // affiliated on the device. Otherwise the user is not affiliated on the + // device. Should be fetched with device policy. Ignored if fetched with + // other polices. + repeated string device_affiliation_ids = 23; + + // List of user affiliation IDs. The list is used to define if current user + // is affiliated on the device. See device_affiliation_ids for details. + // Should be fetched with user policy. Ignored if fetched with other polices. + repeated string user_affiliation_ids = 24; + + // Used as the display domain when the primary domain gets renamed. This field + // is present only for device policies. + optional string display_domain = 25; + + // Invalidation topic for devices. Clients register for FCM messages using + // this topic in order to receive notifications for device policy changes. + optional string policy_invalidation_topic = 26; + + // Invalidation topic for commands. Clients register for FCM messages using + // this topic in order to receive notifications that one or more commands are + // available for execution. + optional string command_invalidation_topic = 27; + + // Whether the device needs to upload an enrollment identifier to the cloud. + // TODO(b/136188860) migrates to enrollment_certificate_needed under + // client_action_required. + optional bool enrollment_id_needed = 28; + + // Gaia id of the user the policy is intended for. + // Should be fetched with user policy. + optional string gaia_id = 29; + + // Indicate this device's market segment. The MarketSegment enum in + // cloud_policy_constants.h (http://shortn/_3iFWcdjy0P) must be kept in sync + // with this enum. + enum MarketSegment { + MARKET_SEGMENT_UNSPECIFIED = 0; + ENROLLED_EDUCATION = 1; + ENROLLED_ENTERPRISE = 2; + } + + // This field should only be set for Device Policy response. + // See go/cros-rlz-segments + optional MarketSegment market_segment = 30; + + // This field is currently only set for Device Policy response. + // This represents the logo set by the admin for the OU that the device + // belongs to. This is domain metadata included in a device policy response, + // but it is not an explicit device policy. + optional CustomerLogo customer_logo = 31; + + // b/129771193 + // This setting is from SingleSignOnSettingsProto#change_password_uri + // http://google3/ccc/hosted/policies/services/common/sso_settings.proto?l=48&rcl=241246111 + // This field is currently only set for User Policy response. + optional string change_password_uri = 32; + + // This field is used for asking client to perform some actions. For instance, + // server asks client to re-upload enrollment certificate. In long term, new + // added field which asks client to perform an action in policy data should be + // put in ClientActionRequired message. + optional ClientActionRequired client_action_required = 33; + + // Obfuscated customerId the device is enrolled into. + // Only set for device policy. + optional string obfuscated_customer_id = 34; + + // The different types of user segments for metrics logging. If any values are + // added to this enum, the corresponding enum in + // UserTypeByDeviceTypeMetricsProvider::UserSegment + // (http://shortn/_uK3ZM4pC0a) should be updated. + enum MetricsLogSegment { + UNSPECIFIED = 0; + K12 = 1; + UNIVERSITY = 2; + NONPROFIT = 3; + ENTERPRISE = 4; + } + + // Indicates the segment the user's metrics should be logged under, + // UNSPECIFIED if not relevant. + // This field should only be set for User Policy response. + optional MetricsLogSegment metrics_log_segment = 35; + + // This field will be populated with primary domain name for domain verified + // customer, and primary admin email for domainless customer. The client side + // will use this field to display who manages this device/browser/user. + optional string managed_by = 36; + + // An identifier (e.g. "inboundSamlSsoProfiles/0abcdefg1234567") for the + // device's managing OU's SSO profile. Currently, this points to the OU's + // SAML settings. May support OIDC in the future. + optional string sso_profile = 37; + + // Indicates which kind of licenses this device is using, so that chrome OS + // can check that. The value is from ChromeOsDeviceInfo + // http://google3/ccc/hosted/devices/services/chromeos/common.proto;rcl=436571779;l=549 + optional string license_sku = 38; +} + +message ClientActionRequired { + // Whether device needs to upload an enterprise enrollment certificate to + // cloud. + optional bool enrollment_certificate_needed = 1; +} + +message PolicyFetchResponse { + // Since a single policy request may ask for multiple policies, DM server + // provides separate error codes (making use of standard HTTP Status Codes) + // for each individual policy fetch. + optional int32 error_code = 1; + + // Human readable error message for customer support purpose. + optional string error_message = 2; + + // This is a serialized |PolicyData| protobuf (defined above). + optional bytes policy_data = 3; + + // Signature of the policy data above. + optional bytes policy_data_signature = 4; + + // If the public key has been rotated on the server, the new public + // key is sent here. It is already used for |policy_data_signature| + // above, whereas |new_public_key_signature| is created using the + // old key (so the client can trust the new key). If this is the + // first time when the client requests policies (so it doesn't have + // on old public key), then |new_public_key_signature| is empty. + optional bytes new_public_key = 5; + optional bytes new_public_key_signature = 6; + + // DEPRECATED: Exists only to support older clients. This signature is similar + // to new_public_key_verification_data_signature, but is computed over + // DEPRECATEDPolicyPublicKeyAndDomain (which is equivalent to + // PublicKeyVerificationData proto with version field unset). + // + // Do not remove this unless you know for sure that this is not required by + // managed devices any more, including devices that might be pinned to + // milestones older than current Stable. + // Note: As of February 2024, this is still strictly required by + // CloudPolicyValidator, see + // https://source.chromium.org/chromium/chromium/src/+/main:components/policy/core/common/cloud/cloud_policy_validator.cc;drc=08b91b49531894cbe9061a1148fd535155c2554b;l=407 + optional bytes new_public_key_verification_signature_deprecated = 7 + [deprecated = true]; + + // This is a serialized |PublicKeyVerificationData| protobuf (defined + // below). See comments for |new_public_key_verification_data_signature| field + // for details on how this data is signed. + // Please note that |new_public_key| is also included inside this data + // field. Thus we have new public key signed with old version of private key + // (if client indicated to us that it has old key version), and + // new public key data signed by primary verification key (if client told + // us that it has public verification key - see |verification_key_id| field + // of |PolicyFetchRequest|). In most cases, both signatures will be provided. + // However, client might not have old policy signing key - for example, when + // new profile is being set up. In this case, only verification signature + // is supplied. + // Or, client might not have verification public key (legacy Chrome build + // before verification key was introduced, or outdated build which has + // old/compromised verification key). In that case, verification signature + // cannot be provided. + // If client is missing both public keys (old signing key and verification + // key), then we are unable to produce any valid signature and client must + // drop such PolicyFetchResponse. + optional bytes new_public_key_verification_data = 8; + + // If new_public_key is specified, this field contains the signature of a + // PublicKeyVerificationData protobuf, signed using a key only available to + // DMServer. The public key portion of this well-known key is embedded into + // the Chrome binary. The hash of that embedded key is passed to DMServer as + // verification_key_hash field in PolicyFetchRequest. DMServer picks a private + // key on the server which matches the hash (matches public key on the + // client). If DMServer is unable to find matching key, it returns an error + // instead of policy data. In case a hash was not specified, DMServer leaves + // the verification signature field empty (legacy behavior). + // This signature is provided to better protect first key delivery (since the + // browser does not possess the previous signing key, DMServer cannot compute + // new_public_key_signature). + // See http://go/chrome-nac-server-design for more information. + optional bytes new_public_key_verification_data_signature = 9; + + // DEPRECATED! Client-side should verify and rely on the policy_type inside + // the signed policy_data. + optional string policy_type = 10 [deprecated = true]; + + // The type of signature used to generate policy_data_signature. + optional PolicyFetchRequest.SignatureType policy_data_signature_type = 11; +} + +// DEPRECATED: Protobuf used to generate the deprecated +// new_public_key_verification_signature field. +message DEPRECATEDPolicyPublicKeyAndDomain { + // The public key to sign (taken from the |new_public_key| field in + // PolicyFetchResponse). + optional bytes new_public_key = 1; + + // The domain associated with this key (should match the domain portion of the + // username field of the policy). + optional string domain = 2; +} + +// This message contains the information which is signed by the verification key +// during policy key rotation. It is included in serialized form in +// PolicyFetchResponse above. A signature of the serialized form is included in +// the new_public_key_verification_data_signature field. +message PublicKeyVerificationData { + // The new public policy key after a key rotation. + optional bytes new_public_key = 1; + + // The domain of the device/user. + optional string domain = 2; + + // The version number of the new_public_key. This must be monotonically + // increasing (within a domain). + optional int32 new_public_key_version = 3; +} + +// Request from device to server for reading policies. +message DevicePolicyRequest { + // The policy fetch requests. If this field exists, the requests must come + // from a non-TT client. The repeated field allows clients to request + // multiple policies for better performance. + repeated PolicyFetchRequest requests = 3; + + // Reason for the requesting policies, to help with monitoring and alerting + // (e.g. to detect an increase in fetch failures during enrollment). + enum Reason { + UNSPECIFIED = 0; + // Required policy fetch during device enrollment. + DEVICE_ENROLLMENT = 1; + // Policy fetch triggered by incoming FCM invalidation. + INVALIDATION = 2; + // CloudPolicyClient registration changed (e.g. during startup). + REGISTRATION_CHANGED = 3; + // Retry after previous policy fetch failure. + RETRY = 4; + // Various retry reasons based on DMServer status, see + // `CloudPolicyRefreshScheduler`. + RETRY_AFTER_STATUS_SERVICE_ACTIVATION_PENDING = 5; + RETRY_AFTER_STATUS_SERVICE_POLICY_NOT_FOUND = 6; + RETRY_AFTER_STATUS_SERVICE_TOO_MANY_REQUESTS = 7; + RETRY_AFTER_STATUS_REQUEST_FAILED = 8; + RETRY_AFTER_STATUS_TEMPORARY_UNAVAILABLE = 9; + RETRY_AFTER_STATUS_CANNOT_SIGN_REQUEST = 10; + RETRY_AFTER_STATUS_REQUEST_INVALID = 11; + RETRY_AFTER_STATUS_HTTP_STATUS_ERROR = 12; + RETRY_AFTER_STATUS_RESPONSE_DECODING_ERROR = 13; + RETRY_AFTER_STATUS_SERVICE_MANAGEMENT_NOT_SUPPORTED = 14; + RETRY_AFTER_STATUS_REQUEST_TOO_LARGE = 15; + // Scheduled policy refresh (e.g. once per day). + SCHEDULED = 16; + // Policy fetch triggered by sign-in. + SIGNIN = 17; + // A placeholder reason used for tests (should not occur in production). + TEST = 18; + // Policy fetched at browser start, e.g. device policies at Ash start. + BROWSER_START = 19; + // ChromeOS Policy fetch request from Lacros to Ash. + LACROS = 20; + // Policy fetched as requested by the user, e.g. through chrome://policy. + USER_REQUEST = 21; + // Policy fetches triggered by the Chrome Remote Desktop policy watcher. + CRD_HOST_POLICY_WATCHER = 22; + } + optional Reason reason = 4; +} + +// Response from server to device for reading policies. +message DevicePolicyResponse { + // The policy fetch responses. + repeated PolicyFetchResponse responses = 3; +} + +message TimePeriod { + // [timestamp] is milliseconds since Epoch in UTC timezone (Java time). + optional int64 start_timestamp = 1; + optional int64 end_timestamp = 2; +} + +message ActiveTimePeriod { + optional TimePeriod time_period = 1; + + // The active duration during the above time period. + // The unit is milli-second. + optional int32 active_duration = 2; + + // Email address of the active user. Present only if the user type is managed + // and affiliated. + optional string user_email = 3; + + enum SessionType { + SESSION_UNKNOWN = 0; + SESSION_AFFILIATED_USER = 1; + SESSION_MANAGED_GUEST = 2; + SESSION_KIOSK = 3; + SESSION_ARC_KIOSK = 4; + SESSION_WEB_KIOSK = 5; + } + + optional SessionType session_type = 4; +} + +// Details about a network interface. +message NetworkInterface { + // Indicates the type of network device. + enum NetworkDeviceType { + reserved 2; + + TYPE_ETHERNET = 0; + TYPE_WIFI = 1; + TYPE_BLUETOOTH = 3; + TYPE_CELLULAR = 4; + } + + // Network device type. + optional NetworkDeviceType type = 1; + + // MAC address (if applicable) of the corresponding network device. This is + // formatted as an ASCII string with 12 hex digits. Example: A0B1C2D3E4F5. + optional string mac_address = 2; + + // MEID (if applicable) of the corresponding network device. Formatted as + // ASCII string composed of 14 hex digits. Example: A10000009296F2. + optional string meid = 3; + + // IMEI (if applicable) of the corresponding network device. 15-16 decimal + // digits encoded as ASCII string. Example: 355402040158759. + optional string imei = 4; + + // The device path associated with this network interface. + optional string device_path = 5; + + // The integrated circuit card ID associated with the device's sim card. + optional string iccid = 6; + + // The mobile directory number associated with the device's sim card. + optional string mdn = 7; + + // List of EID (EUICC Identifier) of all cellular EUICCs + // (Embedded Universal Integrated Circuit Cards) on the device. + // 32 decimal digits encoded as ASCII string. e.g. + repeated string eids = 8; +} + +// Information about configured/visible networks - this is separate from +// NetworkInterface because a configured network may not be associated with +// any specific interface, or may be visible across multiple interfaces. +message NetworkState { + // The current state of this network. + enum ConnectionState { + reserved 1; // CARRIER + reserved 6; // OFFLINE + reserved 10; // ACTIVATION_FAILURE + + IDLE = 0; + ASSOCIATION = 2; + CONFIGURATION = 3; + READY = 4; + PORTAL = 5; + ONLINE = 7; + DISCONNECT = 8; + FAILURE = 9; + UNKNOWN = 11; + } + + // For networks associated with a device, the path of the device. + optional string device_path = 1; + + // Current state of this connection as reported by shill. + optional ConnectionState connection_state = 2; + + // For wireless networks, the signal_strength in dBm. + optional int32 signal_strength = 3; + + // The IP address this interface is bound to, if any. + optional string ip_address = 4; + + // The gateway IP for this interface, if any. + optional string gateway = 5; +} + +// Details about a device user. +message DeviceUser { + // Types of device users which can be reported. + enum UserType { + // A user managed by the same domain as the device. + USER_TYPE_MANAGED = 0; + + // A user not managed by the same domain as the device. + USER_TYPE_UNMANAGED = 1; + } + + // The type of the user. + required UserType type = 1; + + // Email address of the user. Present only if the user type is managed. + optional string email = 2; +} + +// Information about a single disk volume. +message VolumeInfo { + optional string volume_id = 1; + + // The unit is bytes. + optional int64 storage_total = 2; + optional int64 storage_free = 3; +} + +// Information about a single CPU utilization. +message CpuUtilizationInfo { + // CPU utilization (0-100). + optional int32 cpu_utilization_pct = 1; + // The timestamp representing time at which the information was collected. + // [timestamp] is milliseconds since Epoch in UTC timezone (Java time). + optional int64 timestamp = 2; +} + +// Information about a single free RAM. +message SystemFreeRamInfo { + // Free RAM [in bytes] (unreliable due to GC). + optional int64 size_in_bytes = 1; + // The timestamp representing time at which the information was collected. + // [timestamp] is milliseconds since Epoch in UTC timezone (Java time). + optional int64 timestamp = 2; +} + +// Information about a single CPU temperature channel. +message CPUTempInfo { + // Temperature channel label. + optional string cpu_label = 1; + // CPU temperature in Celsius. + optional int32 cpu_temp = 2; + // Unix timestamp. + optional int64 timestamp = 3; +} + +// Contains the Stateful Partition Information for user data storage in the +// device. +message StatefulPartitionInfo { + // Available space for user data storage in the device in bytes. + optional uint64 available_space = 1; + // Total space for user data storage in the device in bytes. + optional uint64 total_space = 2; + // File system on stateful partition. e.g. ext4. + optional string filesystem = 3; + // Source of stateful partition. e.g. /dev/mmcblk0p1. + optional string mount_source = 4; +} + +// Chrome release channel, shared for different reports. +enum Channel { + CHANNEL_UNKNOWN = 0; + CHANNEL_CANARY = 1; + CHANNEL_DEV = 2; + CHANNEL_BETA = 3; + CHANNEL_STABLE = 4; +} + +// Frequently changing data for battery. +message BatterySample { + optional int64 timestamp = 1; + // Battery voltage + optional int64 voltage = 2; + // Battery remaining capacity (mA-hours) + optional int64 remaining_capacity = 3; + // Temperature in Celsius. + optional int32 temperature = 4; + // The battery discharge rate measured in mW. Positive if the battery is being + // discharged, negative if it's being charged. + optional int32 discharge_rate = 5; + // Battery charge percentage + optional int32 charge_rate = 6; + // Battery current (mA) + optional int64 current = 7; + // Battery status read from sysfs + optional string status = 8; +} + +// Status of the single battery +message BatteryInfo { + optional string serial = 1; + optional string manufacturer = 2; + optional string battery_health = 3; + // Design capacity (mA-hours) + optional int64 design_capacity = 4; + // Full charge capacity (mA-hours) + optional int64 full_charge_capacity = 5; + optional int32 cycle_count = 6; + // Last sampling data. + repeated BatterySample samples = 7; + // Designed minimum output voltage (mV) + optional int32 design_min_voltage = 9; + // The date the battery was manufactured in yyyy-mm-dd format. + optional string manufacture_date = 10; + // Technology of the battery. + optional string technology = 11; +} + +// Status of the power subsystem +message PowerStatus { + enum PowerSource { + POWER_UNKNOWN = 0; + POWER_AC = 1; + POWER_BATTERY = 2; + } + optional PowerSource power_source = 1; + repeated BatteryInfo batteries = 2; +} + +// LifeTime estimation for eMMC devices +message DiskLifetimeEstimation { + // Lifetime estimations for SLC and MLC areas of eMMC. + // Values range from 00h to 0Bh -- indicating the percentage of device + // lifetime used. + optional int32 slc = 1; + optional int32 mlc = 2; +} + +// Status of the single storage device +// Next id: 29 +message DiskInfo { + optional string serial = 1; + optional string manufacturer = 2; + optional string model = 3; + // Size in bytes + optional int64 size = 4; + // eMMC / NVMe / ATA / SCSI. + optional string type = 5; + optional string health = 6; + // volume_id for volumes on this disk. + repeated string volumes = 7; + // Read/write statistics for this disk. + optional uint64 bytes_read_since_last_boot = 8; + optional uint64 bytes_written_since_last_boot = 9; + optional uint64 read_time_seconds_since_last_boot = 10; + optional uint64 write_time_seconds_since_last_boot = 11; + // Counts the time the disk and queue were busy, so unlike the fields above, + // parallel requests are not counted multiple times. + optional uint64 io_time_seconds_since_last_boot = 12; + // Time spent discarding since last boot. Discarding is writing to clear + // blocks which are no longer in use. Supported on kernels 4.18+. + optional uint64 discard_time_seconds_since_last_boot = 13; + + // The manufacturer of the block device. + oneof vendor_id { + // NVME vendors: + // https://pcisig.com/membership/member-companies + uint32 nvme_subsystem_vendor = 14; + // EMMC oemids + // https://screenshot.googleplex.com/eZWNnV8qGnc + uint32 emmc_oemid = 15; + uint32 other_vendor = 16; + uint32 jedec_manfid = 27; + } + + // The manufacturer-specific product identifier. + oneof product_id { + uint32 nvme_subsystem_device = 17; + uint32 emmc_pnm = 18; + uint32 other_product = 19; + } + + // The revision of the device's hardware. + oneof hardware_revision { + uint32 nvme_hardware_rev = 20; + uint32 emmc_hardware_rev = 21; + uint32 other_hardware_rev = 22; + } + + // The revision of the device's firmware. + oneof firmware_revision { + uint64 nvme_firmware_rev = 23; + uint64 emmc_firmware_rev = 24; + uint32 other_firmware_rev = 25; + uint32 ufs_firmware_rev = 28; + } + + // The purpose of the device on the system. + enum DevicePurpose { + PURPOSE_UNKNOWN = 0; + PURPOSE_BOOT = 1; + PURPOSE_SWAP = 2; + } + optional DevicePurpose purpose = 26; +} + +// Status of the storage subsystem. +message StorageStatus { + repeated DiskInfo disks = 1; + optional DiskLifetimeEstimation lifetime_estimation = 2; +} + +// Sampling for single temperature measurements +message ThermalSample { + optional int64 timestamp = 1; + optional int32 temperature = 2; +} + +// Temperature measurement series for thermal point. +message ThermalInfo { + reserved 2; + optional string label = 1; + repeated ThermalSample samples = 3; +} + +// Status for various on-board components +message BoardStatus { + repeated ThermalInfo thermal_infos = 1; +} + +// Status about a system's various elements. +message SystemStatus { + // The product SKU (stock keeping unit) number. + optional string vpd_sku_number = 1; + // The date the device was first activated. + // Format: YYYY-WW. + optional string first_power_date = 2; + // The date the device was manufactured (finalized in factory). + // Format: YYYY-MM-DD. + optional string manufacture_date = 3; + // Contents of CrosConfig in /arc/build-properties/marketing-name. E.g. "HP + // Chromebook x360 14" + optional string marketing_name = 4; + // The BIOS version. E.g. "Google_Sarien.12200.58.0" + optional string bios_version = 5; + // The product name of the motherboard. E.g. "Sarien" + optional string board_name = 6; + // The version of the motherboard. E.g. "rev16" + optional string board_version = 7; + // The chassis type of the device. The values reported by chassis type are + // mapped in + // www.dmtf.org/sites/default/files/standards/documents/DSP0134_3.0.0.pdf. + // E.g. "9" + optional uint64 chassis_type = 8; + // The product name (model) of the system. E.g. "Sarien" + optional string product_name = 9; + // The product serial number. + optional string vpd_serial_number = 10; +} + +// Status of a single C-state. C-states are various modes the CPU can transition +// to in order to use more or less power. +message CpuCStateInfo { + // Name of the state. + optional string name = 1; + // Time spent in the state since the last reboot, in microseconds. + optional uint64 time_in_state_since_last_boot_us = 2; +} + +// Status of a single logical CPU. +message LogicalCpuInfo { + // Maximum frequency the CPU is allowed to run at, by policy. + optional uint32 scaling_max_frequency_khz = 1; + // Current frequency the CPU is running at. + optional uint32 scaling_current_frequency_khz = 2; + // Idle time since last boot. + optional uint64 idle_time_seconds = 3; + // Information about the logical CPU's time in various C-states. + repeated CpuCStateInfo c_states = 4; +} + +// Status of a single physical CPU on the device. +message CpuInfo { + // The CPU model name. + optional string model_name = 1; + + // The CPU architecture. + enum Architecture { + ARCHITECTURE_UNSPECIFIED = 0; + X86_64 = 1; + AARCH64 = 2; + ARMV7L = 3; + } + optional Architecture architecture = 2; + + // The max CPU clock speed in kHz. + optional uint32 max_clock_speed_khz = 3; + + repeated LogicalCpuInfo logical_cpus = 4; +} + +// Overall CPU information for the device. +message GlobalCpuInfo { + // Total number of threads on the device. + optional uint32 num_total_threads = 1; +} + +// Status for a single display. A display screen with resolution 1920x1080 +// would have resolution_width: 1920 and resolution_height: 1080. +message DisplayInfo { + // Resolution width + optional uint32 resolution_width = 1; + // Resolution height + optional uint32 resolution_height = 2; + // Refresh rate (Hz) + optional uint32 refresh_rate = 3; + // Set to true if display is internal, otherwise set to false. + optional bool is_internal = 4; +} + +// Status of a single graphics adapter (GPU). +message GraphicsAdapterInfo { + // Adapter name. Example: Mesa DRI Intel(R) UHD Graphics 620 (Kabylake GT2) + optional string name = 1; + // Driver version + optional string driver_version = 2; + // Represents the graphics card device id + optional uint64 device_id = 3; + // GPU consumption of system RAM (bytes) + optional uint64 system_ram_usage = 4; +} + +// Status of the graphics subsystem. +message GraphicsStatus { + optional GraphicsAdapterInfo adapter = 1; + repeated DisplayInfo displays = 2; +} + +// Status of a crash report. +message CrashReportInfo { + // The status options should align with crash_reporter::ReportUploadState. + enum CrashReportUploadStatus { + UPLOAD_STATUS_UNKNOWN = 0; + UPLOAD_STATUS_NOT_UPLOADED = 1; + UPLOAD_STATUS_PENDING = 2; + UPLOAD_STATUS_PENDING_USER_REQUESTED = 3; + UPLOAD_STATUS_UPLOADED = 4; + } + + // ID as provided by chrome://crashes. + optional string remote_id = 1; + + // The timestamp when the crash is captured. + // [timestamp] is milliseconds since Epoch in UTC timezone (Java time). + optional int64 capture_timestamp = 2; + + // Human readable string that identifies what caused the crash. + optional string cause = 3; + + // The upload status of crash report. + optional CrashReportUploadStatus upload_status = 4; +} + +// Timezone information for the device. This reflects what set timezone of the +// device, not necessarily the actual location of the device. +message TimezoneInfo { + // The timezone of the device in POSIX standard. (MST7MDT,M3.2.0,M11.1.0) + optional string posix = 1; + // The timezone region of the device in the Olsen format (America/Denver). + optional string region = 2; +} + +// Memory information for the device. +message MemoryInfo { + // Total memory, in KiB. + optional uint32 total_memory_kib = 1; + // Free memory, in KiB. + optional uint32 free_memory_kib = 2; + // Available memory, in KiB. + optional uint32 available_memory_kib = 3; + // Number of page faults since the last boot. + optional uint64 page_faults_since_last_boot = 4; +} + +// Information about the device's backlights. +message BacklightInfo { + // Path to this backlight on the system. Useful if the caller needs to + // correlate with other information. + optional string path = 1; + // Maximum brightness for the backlight. + optional uint32 max_brightness = 2; + // Current brightness of the backlight, between 0 and max_brightness. + optional uint32 brightness = 3; +} + +// Information about the device's fan. +message FanInfo { + // Fan speed in RPM. + optional uint32 speed_rpm = 1; +} + +// Information about a device's Bluetooth adapter, which is used to detect and +// connect to Bluetooth devices. +message BluetoothAdapterInfo { + // The name of the adapter. + optional string name = 1; + // The MAC address of the adapter. + optional string address = 2; + // Indicates whether the adapter is on or off. + optional bool powered = 3; + // The number of devices connected to this adapter. + optional uint32 num_connected_devices = 4; +} + +// Information from the device's SMBIOS. This is used to determine +// info such as the device's vendor and product name/version. +message SmbiosInfo { + optional string sys_vendor = 1; + optional string product_name = 2; + optional string product_version = 3; + optional string bios_version = 4; +} + +// Information about the parameters passed to the kernel. +message KernelParameters { + // True if cros_efi was passed to the kernel. + // Used to know if the device was booted via EFI. + optional bool cros_efi = 1; +} + +// Information about the device's EFI Variables from efivarfs. +message EFIVars { + // True if Secure Boot is enabled on the device. + optional bool secure_boot = 1; +} + +// Information about how the OS was booted. This is information +// such as boot method and other bios settings +message BootInfo { + enum BootMethod { + UNKNOWN = 0; + CROS_SECURE = 1; + // This field maps to kCrosEfi from cros_healthd. + CROS_UEFI = 2; + CROS_LEGACY = 3; + CROS_EFI_SECURE = 4; + } + optional BootMethod boot_method = 1; + + // DEPRECATED: secure_boot is deprecated in favor of the + // CROS_EFI_SECURE BootMethod value. + optional bool secure_boot = 2 [deprecated = true]; +} + +// Hardware component bus device classes. +// Maps to BusDeviceClass from cros_healthd. +enum BusDeviceClass { + DEVICE_CLASS_UNSPECIFIED = 0; + DISPLAY_CONTROLLER = 1; + ETHERNET_CONTROLLER = 2; + WIRELESS_CONTROLLER = 3; + BLUETOOTH_ADAPTER = 4; + THUNDERBOLT_CONTROLLER = 5; +} + +// Hardware component buses. +// Maps to BusInfo types from cros_healthd. +enum BusType { + BUS_TYPE_UNSPECIFIED = 0; + PCI_BUS = 1; + USB_BUS = 2; + THUNDERBOLT_BUS = 3; +} + +// Information about a device's network hardware. +message NetworkAdapterInfo { + optional BusDeviceClass device_class = 1; + optional BusType bus_type = 2; + optional int32 vendor_id = 3; + optional string vendor_name = 4; + optional int32 device_id = 5; + optional string device_name = 6; + repeated string driver = 7; +} + +// Information about the list of browsers and profiles that are +// running and installed on the device in the DeviceStatusReport +message LaCrOsBrowserReport { + // Limited to one user since LaCrosBrowserReport is repeated based on each + // user. If multiple lacros user profiles exist, each LaCrOsBrowserReport + // message (one per lacros user profile) will contain the same |device_user|. + optional DeviceUser device_user = 1; + // Group of data regarding the browser and user profile. + optional BrowserReport browser_report = 2; +} + +// Information specific to Demo Mode about the device and the demo context. +message DemoModeDimensions { + // Two-letter country code. + optional string country = 1; + // Name of the retailer whose store the device is running in. Also called + // retailer_id elsewhere in some legacy field names. + optional string retailer_name = 2; + // Retailer-defined number to identify the store that a device is running in. + // Also called store_id elsewhere in some legacy field names. + optional string store_number = 3; + // Device attributes significant to Demo Mode for customization purposes. + enum CustomizationFacet { + UNDEFINED = 0; + CLOUD_GAMING_DEVICE = 1; + FEATURE_AWARE_DEVICE = 2; + } + repeated CustomizationFacet customization_facets = 4; +} + +// Report device level status. +message DeviceStatusReportRequest { + reserved 4, 7, 13, 20; + + // The OS version reported by the device is a platform version + // e.g. 1435.0.2011_12_16_1635. + optional string os_version = 1; + optional string firmware_version = 2; + + // "Verified", "Dev". Same as verified mode. + // If the mode is unknown, this field should not be set. + optional string boot_mode = 3; + + // The browser version string as shown in the About dialog. + // e.g. 17.0.963.18. + optional string browser_version = 5; + + // A list of periods when the device was active, aggregated by day by user. + repeated ActiveTimePeriod active_periods = 6; + + // List of network interfaces. + repeated NetworkInterface network_interfaces = 8; + + // List of recent device users, in descending order by last login time. + repeated DeviceUser users = 9; + + // Disk space + other info about mounted/connected volumes. + repeated VolumeInfo volume_infos = 10; + + // List of visible/configured networks + repeated NetworkState network_states = 11; + + // Samples of CPU utilization (0-100), sampled once every 120 seconds. + // Deprecated: Use CpuUtilizationInfo instead. + repeated int32 cpu_utilization_pct_samples = 12 [deprecated = true]; + + // Total RAM on the device. + // To deprecate: Use SystemFreeRamInfo instead. + optional int64 system_ram_total = 14; + + // Samples of free RAM [in bytes] (unreliable due to GC). + // Deprecated: Use SystemRamFreeInfo instead. + repeated int64 system_ram_free_samples = 15 [deprecated = true]; + + // Samples of CPU temperatures in Celsius, plus associated labels + // identifying which CPU produced the temperature measurement. + repeated CPUTempInfo cpu_temp_infos = 16; + + // This field is set only when an OS update is needed because of the required + // platform version of an updated kiosk app is different from the current + // OS version. + optional OsUpdateStatus os_update_status = 17; + + // Set only when there is an auto launched with zero delay Chrome or ARC kiosk + // app and it is currently running. Otherwise, this field is empty. + optional AppStatus running_kiosk_app = 18; + + // Sound output volume level in range [0,100]. + optional int32 sound_volume = 19; + + // TPM version information. + optional TpmVersionInfo tpm_version_info = 21; + + // Release channel (stable, beta, etc.). + optional Channel channel = 22; + + // TPM status information. + optional TpmStatusInfo tpm_status_info = 23; + + // Whether hardware write protect switch is on. + optional bool write_protect_switch = 24; + + // Status of the power subsystem. + optional PowerStatus power_status = 25; + + // Status of the storage subsystem. + optional StorageStatus storage_status = 26; + + // Status of various main board components. + optional BoardStatus board_status = 27; + + // Information about a system's various non-hardware elements. This includes + // information from cached VPD, CrosConfig, and DMI. + optional SystemStatus system_status = 28; + + // Stateful Partition Information for user data. + optional StatefulPartitionInfo stateful_partition_info = 29; + + // Samples of CPU utilization (0-100), sampled once every 120 seconds. + repeated CpuUtilizationInfo cpu_utilization_infos = 30; + + // Samples of free RAM [in bytes] (unreliable due to GC). + repeated SystemFreeRamInfo system_ram_free_infos = 31; + + // Information about a devices physical CPU(s). + repeated CpuInfo cpu_info = 32; + + // Status of the graphics adapter(s) and display(s). + optional GraphicsStatus graphics_status = 33; + + // Information about the crash report(s) generated from the local device. + repeated CrashReportInfo crash_report_infos = 34; + + // Information of the device's current timezone. + optional TimezoneInfo timezone_info = 35; + + // Information about the device's memory. + optional MemoryInfo memory_info = 36; + + // Information about the device's backlights. + repeated BacklightInfo backlight_info = 37; + + // Information about the device's fans. + repeated FanInfo fan_info = 38; + + // Overall information about the device's CPUs. + optional GlobalCpuInfo global_cpu_info = 39; + + // Information about the device's Bluetooth adapters. + repeated BluetoothAdapterInfo bluetooth_adapter_info = 40; + + // Information from the device's SMBIOS. + optional SmbiosInfo smbios_info = 41; + + // Information about the parameters passed to the kernel. + optional KernelParameters kernel_parameters = 42; + + // Information about the device's EFI Variables from efivarfs. + optional EFIVars efi_vars = 43; + + // KernelParameters(42) and EFIVars(43) are deprecated + // and rolled into BootInfo(44) + + // Information about how the os was booted. + optional BootInfo boot_info = 44; + + // Information about the device's network hardware. + repeated NetworkAdapterInfo network_adapter_info = 45; + + // Information about LaCrOs + repeated LaCrOsBrowserReport lacros_browser_report = 46; + + // Root device size as displayed in the device UI. + optional int64 root_device_total_storage_bytes = 47; + + // Flag whether LaCros is the primary browser. + optional bool is_lacros_primary_browser = 48; + + // Information specific to Demo Mode about the device and the demo context. + // Only included for devices in Demo Mode. + optional DemoModeDimensions demo_mode_dimensions = 49; +} + +message OsUpdateStatus { + enum UpdateStatus { + OS_UP_TO_DATE = 0; + OS_IMAGE_DOWNLOAD_NOT_STARTED = 1; + OS_IMAGE_DOWNLOAD_IN_PROGRESS = 2; + OS_UPDATE_NEED_REBOOT = 3; + } + + optional UpdateStatus update_status = 1; + + // New platform version of the os image being downloaded and applied. It + // is only set when update status is OS_IMAGE_DOWNLOAD_IN_PROGRESS or + // OS_UPDATE_NEED_REBOOT. Note this could be a dummy "0.0.0.0" for + // OS_UPDATE_NEED_REBOOT status for some edge cases, e.g. update engine is + // restarted without a reboot. + optional string new_platform_version = 2; + + // New required platform version from the pending updated kiosk app. + optional string new_required_platform_version = 3; + + // The timestamp of the last update check. + // [timestamp] is milliseconds since Epoch in UTC timezone (Java time). + optional int64 last_checked_timestamp = 4; + + // The timestamp of the last reboot. + // [timestamp] is milliseconds since Epoch in UTC timezone (Java time). + optional int64 last_reboot_timestamp = 5; +} + +// Provides status information for an installed app/extension. +message AppStatus { + // ID of the installed app/extension for a Chrome app. + // Package name for ARC kiosk app. + optional string app_id = 1; + + // Currently installed version of the app for a Chrome app. + // Empty for ARC kiosk app. + optional string extension_version = 2; + + // Self-reported status summary (via chrome.reporting APIs) + optional string status = 3; + + // If true, the application is currently in a self-reported error state. + optional bool error = 4; + + // App required Chrome version, specified in app’s manifest file. + // Empty for ARC kiosk app. + optional string required_platform_version = 5; +} + +// Provides all application types information. +message AppInfo { + enum AppType { + TYPE_UNKNOWN = 0; + TYPE_ARC = 1; // Android app. + TYPE_BUILTIN = 2; // Built-in app. + TYPE_CROSTINI = 3; // Linux (via Crostini) app. + TYPE_EXTENSION = 4; // Extension-backed app. + TYPE_WEB = 5; // Web app. + TYPE_PLUGINVM = 6; // Plugin VM app. + TYPE_BOREALIS = 7; // Borealis app. + TYPE_BRUSCHETTA = 8; // Bruschetta app. + } + + enum Status { + STATUS_UNKNOWN = 0; + STATUS_INSTALLED = 1; // Installed and launachable. + STATUS_DISABLED = 2; // Disabled or terminated. + STATUS_UNINSTALLED = 3; // Uninstalled by user. + } + + // ID of the application as defined by the OS, except for web apps, where it + // is the start url. + optional string app_id = 1; + + // Type of application (Chrome native, extension, Crostini, web app). + optional AppType app_type = 2; + + // Name of the application as defined by the OS. + optional string app_name = 3; + + // Identify if the app is installed, disabled, or uninstalled. + optional Status status = 4; + + // The time the app was installed, if available. + optional int64 install_time = 5; + + // Version of the application, if applicable. + optional string version = 7; + + // A list of time periods when the app was active. These times are aggregated + // per day, are pruned on the device after reporting successfully, and are + // stored only for 30 days in the past. + repeated TimePeriod active_time_periods = 8; +} + +// LINT.IfChange +// Provides Android application permission. +message AndroidAppPermission { + // Name of application permission. + optional string name = 1; + + // Identify whether the application permission is granted. + optional bool granted = 2; + + // Identify whether the application permission is managed. + optional bool managed = 3; +} + +// Provides Android application information. +message AndroidAppInfo { + enum AndroidAppStatus { + STATUS_UNKNOWN = 0; + STATUS_ENABLED = 1; + STATUS_SUSPENDED = 2; + STATUS_DISABLED = 3; + } + + enum InstalledSource { + SOURCE_UNKNOWN = 0; + SOURCE_BY_ADMIN = 1; + SOURCE_BY_USER = 2; + SOURCE_NOT_INSTALLED = 3; + } + + // ID of the Android application. + optional string app_id = 1; + + // Name of the Android application. + optional string app_name = 2; + + // Name of the Android application package. + optional string package_name = 3; + + // Status of the Android application. It is set as STATUS_SUSPENDED if the + // application is suspended by specific policies. + optional AndroidAppStatus status = 4; + + // Identify how the Android application is installed. + optional InstalledSource installed_source = 5; + + // Package version of the Android application. + optional int32 version = 6; + + // Permissions of the Android application. + repeated AndroidAppPermission permissions = 7; +} +// LINT.ThenChange(//depot/google3/java/com/google/chrome/cros/spanner/devicemanagement/schema/chrome_os.proto) + +// Chrome user profile level status. +// Deprecated : Use ChromeUserProfileInfo instead. +message ChromeUserProfileReport { + // A string to uniquely identify this profile within the browser. + optional string id = 1; + // A JSON encoded string containing both the “email” and “id” (obfuscated + // GaiaID) of the user signed in to the Chrome browser, if any. + optional string chrome_signed_in_user = 2; + // The list of extensions installed in the browser. This string contains + // the json encoded data as returned by the chrome.management.getAll() API. + optional string extension_data = 3; + // The list of plugins installed in the browser, one plugin name per repeated + // string. This string contains the JSON encoded data as returned by + // the navigator.plugins . + optional string plugins = 4; + // The list of browser policies set for this user profile and their sources. + // This string contains the json encoded data as generated by the + // chrome://policy page “Export to JSON” button. + optional string policy_data = 5; + // The last time the user level policies where fetched. + // [policy_fetched_timestamp] is milliseconds since Epoch in UTC timezone + // (Java time). For V1, we may need to rely on the DM server for this info. + optional int64 policy_fetched_timestamp = 6; + // The number of safe browsing warning pages the user has seen since the last + // report was successfully uploaded. + optional uint64 safe_browsing_warnings = 7; + // The number of safe browsing warning pages the user has clicked through + // since the last report was successfully uploaded. + optional uint64 safe_browsing_warnings_click_through = 8; + // The name of the loaded profile, which was entered by the user when creating + // the profile. Empty when in incognito mode. + optional string name = 9; + // A list of extensions requested for installation. + repeated ExtensionRequest extension_requests = 10; +} + +// Sign in information of Profile. +message ChromeSignedInUser { + // The email of the signed in user. + optional string email = 1; + // The obfuscated GaiaID of the signed in user. + optional string obfuscated_gaia_id = 2; +} + +// Extension request information. +message ExtensionRequest { + // ID of the installed app/extension for a Chrome app or extension. + optional string id = 1; + + // When the user commits to requesting the extension. + // [request_timestamp] is milliseconds since Epoch in UTC timezone + // (Java time). + optional int64 request_timestamp = 2; + + // User justification describing why the extension is being requested. + optional string justification = 3; +} + +// Extension information. +message Extension { + reserved 7, 12; + + // ID of the installed app/extension for a Chrome app or extension. + optional string id = 1; + // Currently installed version of the extension. + optional string version = 2; + // The name of the extension. + optional string name = 3; + // The description of the extension that is provided by extension author. + optional string description = 4; + + // The type of extension. + enum ExtensionType { + TYPE_UNKNOWN = 0; + TYPE_EXTENSION = 1; + TYPE_HOSTED_APP = 2; + TYPE_PACKAGED_APP = 3; + TYPE_LEGACY_PACKAGED_APP = 4; + TYPE_THEME = 5; + TYPE_USER_SCRIPT = 6; + TYPE_PLATFORM_APP = 7; + TYPE_LOGIN_SCREEN_EXTENSION = 8; + TYPE_CHROMEOS_SYSTEM_EXTENSION = 9; + } + optional ExtensionType app_type = 5; + + // URL of the homepage. + optional string homepage_url = 6; + + // The installation source of the extension. + enum InstallType { + // An extension that is installed by user or installed by default but not + // component extension. + TYPE_NORMAL = 0; + // An extension that is loaded as unpacked extension from chrome extension + // page or --load-extension command line switch. + TYPE_DEVELOPMENT = 1; + // An extension that is loaded from the settings in Window Registry or + // a preferences JSON file on Mac and Linux. + TYPE_SIDELOAD = 2; + // An extension that is loaded from policy settings. + TYPE_ADMIN = 3; + // Chrome component extension and unknown sources. + TYPE_OTHER = 4; + } + optional InstallType install_type = 8; + + // True if the extension is currently enabled. + optional bool enabled = 9; + + // The list of api based permissions the extension requires. + repeated string permissions = 10; + + // The list of host based permissions the extension requires. + repeated string host_permissions = 11; + + // True if the extension comes from web store. + optional bool from_webstore = 13; + + // Manifest version of the extension. + optional int32 manifest_version = 14; +} + +// Policy information. +message Policy { + // The name of the policy. + optional string name = 1; + + // The level of a policy determines its enforceability and whether users can + // override it or not. + enum PolicyLevel { + LEVEL_UNKNOWN = 0; + // Recommended policies are a default value configured by admins and users + // can choose to override it. + LEVEL_RECOMMENDED = 1; + + // Mandatory policies must be enforced and users can't circumvent them. + LEVEL_MANDATORY = 2; + } + optional PolicyLevel level = 2; + + // The scope of a policy flags whether it's applied to the current user or to + // the machine. + enum PolicyScope { + SCOPE_UNKNOWN = 0; + // User policies apply to current Session/Profile if it's cloud policy. + // Or apply to current OS user on Windows. + SCOPE_USER = 1; + + // Machine policies apply to any users of the current machine. + SCOPE_MACHINE = 2; + } + optional PolicyScope scope = 3; + + // The source of a policy indicates where its value is originating from. + enum PolicySource { + SOURCE_UNKNOWN = 0; + // A policy is set by Chrome when it's running in an + // enterprise environment. + SOURCE_ENTERPRISE_DEFAULT = 1; + + // A policy is set by Google's cloud management tool. + SOURCE_CLOUD = 2; + + // A policy is set by active directory on ChromeOS. + SOURCE_ACTIVE_DIRECTORY = 3; + + // A policy is overridden by ChromeOS if it's running in a public session or + // kiosk mode. + SOURCE_DEVICE_LOCAL_ACCOUNT_OVERRIDE_DEPRECATED = 4; + + // A policy is set by OS built-in tool on desktop. + SOURCE_PLATFORM = 5; + + // A policy is set by Google's cloud management tool but has higher + // priority. + SOURCE_PRIORITY_CLOUD_DEPRECATED = 6; + + // A policy is set by multiple sources and value has been merged. + SOURCE_MERGED = 7; + + // A policy is set by command line switch for testing purpose. + SOURCE_COMMAND_LINE = 8; + + // A policy is set by Google's cloud management tool in Ash and piped to + // Lacros. + SOURCE_CLOUD_FROM_ASH = 9; + + // A policy that is set by the restricted managed guest session override. + SOURCE_RESTRICTED_MANAGED_GUEST_SESSION_OVERRIDE = 10; + } + optional PolicySource source = 4; + + // The value of policy. + optional string value = 5; + + // The error message of policy. + optional string error = 6; +} + +// Extension policy information. +message ExtensionPolicy { + // The id of extension that policies apply to. + optional string extension_id = 1; + + // The list of policies that extension currently uses. + repeated Policy policies = 2; +} + +// Cloud policy last fetch time. +message PolicyFetchTimestamp { + // The type of cloud policy. + // TODO(b/327655459): This field is deprecated, delete once server + // side references are all removed. + optional string type = 1; + // The last time the policies where fetched for the policy type. + // [timestamp] is milliseconds since Epoch in UTC timezone (Java time). + optional int64 timestamp = 2; +} + +// Chrome user profile level status, used by activated Profiles. Profile name is +// not listed here as they are in the ChromeUserProfileBasicInfo. +message ChromeUserProfileInfo { + reserved 6; + + // A string to uniquely identify this profile within the browser. + optional string id = 1; + + // The name of the profile, which was entered by the user when creating + // the profile. Empty when in incognito mode + optional string name = 2; + + // Indicates if the profile contains all details. Only active profiles can + // upload all needed details, idle profiles only upload |id| and |name|. + optional bool is_detail_available = 3; + + // Gaia account information if the Profile is signed in. + optional ChromeSignedInUser chrome_signed_in_user = 4; + + // A list of extensions installed in the browser. + repeated Extension extensions = 5; + + // A list of extensions requested for installation. + repeated ExtensionRequest extension_requests = 10; + + // A list of Chrome browser policies set for this user profile. + repeated Policy chrome_policies = 7; + + // A list of extensions' policies set for this user profile. The policies is + // only added if the extension is installed. + repeated ExtensionPolicy extension_policies = 8; + + // The last time the cloud policies where fetched for each policy type. + // Only one policy type which is google/chrome/machine-level-user uploads + // timestamp currently. More details in b/132973694 + repeated PolicyFetchTimestamp policy_fetched_timestamps = 9; +} + +// Report browser level status. +message BrowserReport { + reserved 7; + + // The Chrome browser version, as seen from within Chrome code as opposed to + // user agent. + optional string browser_version = 1; + + // Release channel (stable, beta, etc.). + optional Channel channel = 2; + + // Required. The path to the browser executable so that we can uniquely + // identify it. + optional string executable_path = 3; + + // Profile specific reports, one per profile. + // Deprecated by ChromeUserProfileInfo and only used by old Chrome browser. + repeated ChromeUserProfileReport chrome_user_profile_reports = 4; + + // A list of all Profiles that are created in the current browser instance. + // Only activated Profiles are able to upload full details while the idle ones + // contain id and name only. Please note that some activated Profiles may not + // upload full details due to the limitation of the report size. + // These details will be uploaded in the following reports. + repeated ChromeUserProfileInfo chrome_user_profile_infos = 6; + + // The installed version of the browser if it differs from |browser_version|, + // or absent otherwise. When present, it indicates that an update (of a higher + // or lower version) has been installed and will be the active version + // following a browser restart. + optional string installed_browser_version = 8; + + // True for an extended stable channel installation. + optional bool is_extended_stable_channel = 9 [default = false]; +} + +// Report Operating system related information. +message OSReport { + // A string contains OS name. + optional string name = 1; + + // A string contains OS architecture. + optional string arch = 2; + + // A string contains OS version. + optional string version = 3; + + enum VersionType { + UNKNOWN = 0; + HOME = 1; + PROFESSIONAL = 2; + SERVER = 3; + ENTERPRISE = 4; + EDUCATION = 5; + EDUCATION_PRO = 6; + } + + optional VersionType version_type = 4; +} + +// Report the status of a Chrome installation on non-Chrome OS platform. +message ChromeDesktopReportRequest { + reserved 10; + // The name of the machine within its local network. The string is a JSON + // encoded structure with a single computername field. + // This field is replaced by computer_name and only used by old Chrome + // browser using the JSON legacy browser. + // TODO(b/189584065): Remove when usage goes to zero. + optional string machine_name = 1 [deprecated = true]; + // OS info. The string is a an encoded JSON object as returned by + // chrome.runtime.getPlatformInfo. + // This field is replaced by OSReport and only used by old Chrome browser. + optional string os_info = 2; + // The user name from the OS point of view. The string is a JSON encoded + // structure with a single username field containing "DOMAIN\username". + // This field is replaced by os_user_name and only used by old Chrome browser. + optional string os_user = 3; + // Browser related info. + optional BrowserReport browser_report = 4; + // The device serial number (this might differ with the client ID, depending + // on the platform). Deprecated: Please use + // ChromeDesktopReportProtoProcessor.getBrowserDeviceIdentifier().getSerialNumber + // to extract the Serial Number from the Report Request. + optional string serial_number = 5 [deprecated = true]; + // A string represents the name of computer. Deprecated: Please use + // ChromeDesktopReportProtoProcessor.getBrowserDeviceIdentifier().getSerialNumber + // to extract the Computer Name from the Report Request. + optional string computer_name = 6 [deprecated = true]; + // Operating system related information. + optional OSReport os_report = 7; + // A string contains OS user name. + optional string os_user_name = 8; + // Device identifier for helping identify non-Chrome OS devices. + // TODO(crbug.com/40706071): This will also replace the computer_name and + // serial_number fields. + optional BrowserDeviceIdentifier browser_device_identifier = 9; + // Public key that can be used for attesting the machine. + optional string machine_attestation_key = 11; + // A string that represents the device model. + optional string device_model = 12; + // A string that represents the brand/manufacturer of a device. + optional string brand_name = 13; +} + +// Report user level status on Chrome OS platform. Chrome OS equivalent of +// ChromeDesktopReportRequest. +message ChromeOsUserReportRequest { + reserved 3; + // Browser related info. + optional BrowserReport browser_report = 1; + // Android applications installed in primary profile. + repeated AndroidAppInfo android_app_infos = 2; +} + +// Report user level status on all platforms. It includes the information of the +// profile that user has signed in plus some basic browser and OS information. +message ChromeProfileReportRequest { + // Browser related info + optional BrowserReport browser_report = 1; + + // Basic OS information + optional OSReport os_report = 2; +} + +// A validation issue from validating a policy value that was contained in +// the payload of the policy fetch response. +message PolicyValueValidationIssue { + // Policy name of the faulty value. + optional string policy_name = 1; + + // LINT.IfChange + enum ValueValidationIssueSeverity { + // Default value for when a severity is not specified. + VALUE_VALIDATION_ISSUE_SEVERITY_UNSPECIFIED = 0; + + // This result is a warning. The policy blob has not been rejected. + VALUE_VALIDATION_ISSUE_SEVERITY_WARNING = 1; + + // This result is an error. The policy blob was rejected completely and not + // updated on the device. + VALUE_VALIDATION_ISSUE_SEVERITY_ERROR = 2; + } + // LINT.ThenChange(//depot/google3/chrome/cros/reporting/api/proto/policy_validation_report.proto) + + // Severity of this policy value validation result. + optional ValueValidationIssueSeverity severity = 2; + + // Message containing detailed information about the value validation warning + // or error (e.g. type and specific location). This message is intended as + // debug information for developers (not localized). + optional string debug_message = 3; +} + +// This message is used to upload the result of cloud policy validation after a +// PolicyFetchRequest. +message PolicyValidationReportRequest { + // |policy_type| sent in PolicyFetchRequest on the request which + // returned policy with validation errors. + optional string policy_type = 1; + + // |policy_token| from the PolicyFetchResponse. This is used to identify the + // specific policy fetch event that triggered this validation report. + optional string policy_token = 2; + + // Specifies the result type of the validation. + // Each enum value can correspond to one of three client behaviors (noted as + // 'Client behavior' in the comment for each enum value): + // - Unknown: + // It is not known if the fetched policy blob was accepted or rejected. + // - Policy blob accepted: + // The client has accepted and applied the fetched policy blob. + // - Policy blob rejected: + // The client has completely rejected the fetched policy blob. + // LINT.IfChange + enum ValidationResultType { + // An enum value was received which is not known in this version of the + // proto. + // Client behavior: Unknown. + VALIDATION_RESULT_TYPE_ERROR_UNSPECIFIED = 0; + // Policy validated successfully. + // Client behavior: Policy blob accepted. + // Note: This result is here for completeness, the client will not send + // reports with this enum value. + VALIDATION_RESULT_TYPE_SUCCESS = 1; + // Bad signature on the initial key. + // Client behavior: Policy blob rejected. + VALIDATION_RESULT_TYPE_BAD_INITIAL_SIGNATURE = 2; + // Bad signature. + // Client behavior: Policy blob rejected. + VALIDATION_RESULT_TYPE_BAD_SIGNATURE = 3; + // Policy blob contains error code. + // Client behavior: Policy blob rejected. + VALIDATION_RESULT_TYPE_ERROR_CODE_PRESENT = 4; + // Policy payload failed to decode. + // Client behavior: Policy blob rejected. + VALIDATION_RESULT_TYPE_PAYLOAD_PARSE_ERROR = 5; + // Unexpected policy type. + // Client behavior: Policy blob rejected. + VALIDATION_RESULT_TYPE_WRONG_POLICY_TYPE = 6; + // Unexpected settings entity id. + // Client behavior: Policy blob rejected. + VALIDATION_RESULT_TYPE_WRONG_SETTINGS_ENTITY_ID = 7; + // Timestamp is missing or is older than the timestamp of the previous + // policy. + // Client behavior: Policy blob rejected. + VALIDATION_RESULT_TYPE_BAD_TIMESTAMP = 8; + // DMToken is empty or doesn't match. + // Client behavior: Policy blob rejected. + VALIDATION_RESULT_TYPE_BAD_DM_TOKEN = 9; + // Device id is empty or doesn't match. + // Client behavior: Policy blob rejected. + VALIDATION_RESULT_TYPE_BAD_DEVICE_ID = 10; + // Username doesn't match. + // Client behavior: Policy blob rejected. + VALIDATION_RESULT_TYPE_BAD_USER = 11; + // Policy payload protobuf parse error. + // Client behavior: Policy blob rejected. + VALIDATION_RESULT_TYPE_POLICY_PARSE_ERROR = 12; + // Policy key signature could not be verified using the hard-coded + // verification key. + // Client behavior: Policy blob rejected. + VALIDATION_RESULT_TYPE_BAD_KEY_VERIFICATION_SIGNATURE = 13; + // There were validation warnings during validation of policy values in the + // payload. See |policy_value_validation_results|. + // Client behavior: Policy blob accepted. + VALIDATION_RESULT_TYPE_VALUE_WARNING = 14; + // There were validation errors during validation of policy values in the + // payload. There may also have been warnings. See + // |policy_value_validation_results| - that list will contain at least one + // payload validation errors, and zero or more payload validation warnings. + // Client behavior: Policy blob rejected. + VALIDATION_RESULT_TYPE_VALUE_ERROR = 15; + } + // LINT.ThenChange(//depot/google3/chrome/cros/reporting/api/proto/policy_validation_report.proto) + + // The validation result. + optional ValidationResultType validation_result_type = 3; + + // Value validation issues in the policy payload. Will be filled if + // |validation_result_type| is VALIDATION_RESULT_TYPE_VALUE_WARNING + // or VALIDATION_RESULT_TYPE_VALUE_ERROR. + repeated PolicyValueValidationIssue policy_value_validation_issues = 4; +} + +// Response from DMServer to a policy validation report. +message PolicyValidationReportResponse {} + +message AndroidStatus { + // JSON string of ARC status report. + optional string status_payload = 1; + // DroidGuard response obtained from DroidGuard server. + optional string droid_guard_info = 2; +} + +enum CrostiniAppType { + // The default terminal App. + CROSTINI_APP_TYPE_TERMINAL = 0; + // A registered interactive Crostini App which is + // not the default terminal app. + CROSTINI_APP_TYPE_INTERACTIVE = 1; + // Detected non-registered container applications. + CROSTINI_APP_TYPE_OTHER = 2; +} + +message CrostiniApp { + // The default display name of the App. + optional string app_name = 1; + // The type of the App. + optional CrostiniAppType app_type = 2; + + // Time stamp of last launch of the App with a three day granularity. + // The timestamp is milliseconds since Epoch in UTC timezone (Java time). + optional int64 last_launch_time_window_start_timestamp = 3; + + // If available, the name of the Debian package belonging to this App. + optional string package_name = 4; + // If available, the version of the Debian package belonging to this App. + optional string package_version = 5; + // If available, a hash of the package belonging to this App. + optional string package_hash = 6; +} + +message CrostiniStatus { + // Time stamp of last launch of a Crostini app with three day granularity, + // The timestamp is milliseconds since Epoch in UTC timezone (Java time). + optional int64 last_launch_time_window_start_timestamp = 1; + + // The VM image version at the time of the last launch. + optional string last_launch_vm_image_version = 2; + // The VM kernel version at the time of the last launch. + optional string last_launch_vm_kernel_version = 3; + + // Contains information about each installed app at the time of the + // report. + repeated CrostiniApp installed_apps = 4; +} + +// Report current active session (a user on one device) level status. +message SessionStatusReportRequest { + reserved 1, 2, 3, 6; + + // If this is a kiosk session, this is the device local account ID. + optional string device_local_account_id = 4; + + // Information about kiosk app for kiosk session. + repeated AppStatus installed_apps = 5; + + // Information about ARC status. + optional AndroidStatus android_status = 7; + + // If this is a regular user session, this is the user's DMToken. + optional string user_dm_token = 8; + + // Time zone id of the active user. Not set for enterprise users. + // Format of the id is as specified in tz database e.g. Pacific/Honolulu. For + // more details check third_party/icu/source/i18n/unicode/timezone.h. + optional string time_zone = 9; + + // Information about Crostini status. + optional CrostiniStatus crostini_status = 10; + + // Information about all applications for this user on this device, including + // uninstalled and disabled apps. + repeated AppInfo app_infos = 11; +} + +// Response from DMServer to update devices' status. +// It is possible that status report fails but policy request succeed. In such +// case, the DeviceStatusReportResponse will contain an error code and the +// device should re-send status report data in the next policy request. The +// device should re-send report data if policy request fails, even if +// DeviceStatusReportResponse contains no error code. +message DeviceStatusReportResponse { + optional int32 error_code = 1; + + // Human readable error message for customer support purpose. + optional string error_message = 2; +} + +// Response from DMServer to a Chrome desktop report request. The report +// upload errors will be set in the containing DeviceManagementResponse or +// eventually at the HTTP level. +message ChromeDesktopReportResponse {} + +// Response from DMServer to a ChromeOS user report request. The report +// upload errors will be set in the containing DeviceManagementResponse or +// eventually at the HTTP level. +message ChromeOsUserReportResponse {} + +// Response from DMServer to a profile report request. The report +// upload errors will be set in the containing DeviceManagementResponse or +// eventually at the HTTP level. +message ChromeProfileReportResponse {} + +// Response from DMServer to update user devices' status. +// It is possible that status report fails but policy request succeed. In such +// case, the SessionStatusReportResponse will contain an error code and the +// device should re-send status report data in the next policy request. The +// device should re-send report data if policy request fails, even if +// SessionStatusReportResponse contains no error code. +message SessionStatusReportResponse { + optional int32 error_code = 1; + + // Human readable error message for customer support purpose. + optional string error_message = 2; +} + +// Request from client to query device state using Private Set Membership (PSM). +// Please see go/cros-enterprise-psm and go/cros-client-psm for more details. +message PrivateSetMembershipRequest { + // A request proto from the RLWE PSM protocol. + optional PrivateSetMembershipRlweRequest rlwe_request = 1; +} + +message PrivateSetMembershipResponse { + // A response proto from the RLWE PSM protocol. + optional PrivateSetMembershipRlweResponse rlwe_response = 1; +} + +message PrivateSetMembershipRlweRequest { + // First request sent by the client for checking membership. + optional private_membership.rlwe.PrivateMembershipRlweOprfRequest + oprf_request = 1; + + // Second request sent by the client for checking membership. + optional private_membership.rlwe.PrivateMembershipRlweQueryRequest + query_request = 2; +} + +message PrivateSetMembershipRlweResponse { + // First response sent by the server for checking membership. + optional private_membership.rlwe.PrivateMembershipRlweOprfResponse + oprf_response = 1; + + // Second response sent by the server for checking membership. + optional private_membership.rlwe.PrivateMembershipRlweQueryResponse + query_response = 2; +} + +// Request from device to server to determine whether the device should +// go through enterprise enrollment. Unlike the other requests, this request is +// not authenticated. +message DeviceAutoEnrollmentRequest { + // Device identifier hash, mod |modulus|. + // The type of the device identifier hash depends on |enrollment_check_type|. + // If |modulus| is 1, |remainder| should be 0. + // |remainder| should always be present. + optional int64 remainder = 1; + + // Modulus of the hash used by the client. For now, it is a power of 2, but + // due to the strict constraint on how many serial numbers a bucket can + // contain, it may become non power of 2. If that happens, client-side needs + // to change its assumption. + // |modulus| should always be present, but setting |modulus| to 1 means that + // no bits of the client's hash are uploaded. |remainder| should be 0 in this + // case. + optional int64 modulus = 2; + + enum EnrollmentCheckType { + // Unspecified. + ENROLLMENT_CHECK_TYPE_UNSPECIFIED = 0; + // Forced Re-Enrollment check with full SHA-256 hashes of the + // server-backed state key. + ENROLLMENT_CHECK_TYPE_FRE = 1; + // Forced Enrollment check with SHA-256 hashes of (brand code + “_” + serial + // number), truncated to first 8 bytes each. + ENROLLMENT_CHECK_TYPE_FORCED_ENROLLMENT = 2; + } + + // Specifies the type of auto enrollment check that is being made. + // This also defines the format of the device identifier hash used in this + // exchange. + optional EnrollmentCheckType enrollment_check_type = 3 + [default = ENROLLMENT_CHECK_TYPE_FRE]; +} + +// Response from server to auto-enrollment detection request. +message DeviceAutoEnrollmentResponse { + // If this field is present, the other fields are ignored and the client + // should send a new DeviceAutoEnrollmentRequest with a |remainder| + // computed using this new |expected_modulus|. If this field is empty, the + // client's request was accepted. + // DMServer guarantees that if the modulus sent by client in + // DeviceAutoEnrollmentRequest matches server's expectation, this field + // is unset. + optional int64 expected_modulus = 1; + + // List of hashes. If the client's hash matches any in this list, the + // client device should do enterprise enrollment. If it matches none, + // enrollment should be optional. + // The format of each entry depends on the |enrollment_check_type| that was + // set in the DeviceAutoEnrollmentRequest. + repeated bytes hashes = 2; +} + +// Sent by the client to the server. This request is keyed by the opaque +// server-backed state key, (optionally) serial number and RLZ brand code; there +// is no further authentication. +// +// This message can be used for secondary state determination by managed devices +// after a hard reset to recover state. In this case, the client only sets the +// `server_backed_state_key`. The device management server keeps a mapping of +// this identifier to device state. In case device has been deprovisioned, the +// server also performs initial enrollment check using the serial number and +// brand code stored in device state from previous enrollment. +// +// It is also used for unified state determination, which replaces both initial +// and secondary state enrollment. In this case, this request can also be sent +// by brand new devices and the server would not know their serial number and +// brand code, hence the values are supplied as part of the request. +// +// Another device state retrieval scenario is Flex Auto Enrollment initial +// state determination, in which case the Flex enrollment token is included +// (along with brand code and serial number) to retrieve token-keyed state +// from the server. +message DeviceStateRetrievalRequest { + // Opaque, client-determined, unpredictable, stable and unique device + // identifier to retrieve state for. This field contains 32 bytes of data that + // looks essentially random to the server. It may be generated e.g. by running + // a concatenation of suitable device identifiers through a cryptographic hash + // algorithm such as SHA-256. + optional bytes server_backed_state_key = 1; + + // The serial number of the device. + optional string serial_number = 2; + + // The 4-character brand code of the device. + optional string brand_code = 3; + + // The enrollment token for Flex Auto Enrollment. + optional string enrollment_token = 4; +} + +// Sent by the client to the server when in registered state to update the +// device-determined device state keys. +message DeviceStateKeyUpdateRequest { + // The client-determined state keys. To the server, these look like 32 bytes + // of random data. The client should generate these keys using a deterministic + // algorithm that takes stable device identifiers as an input and produces a + // key as the output, possibly by running the identifiers through a + // cryptographic hash function such as SHA-256. + repeated bytes server_backed_state_keys = 1; +} + +// Server to client message carrying the device state response. Because the +// request is not authenticated, the only protection against state extraction +// from server is the unpredictability of the server-backed state ID. Thus, the +// response should not contain any sensitive data. If the server doesn't know +// the requested identifier, it just returns a message with restore_mode set to +// RESTORE_MODE_NONE. +message DeviceStateRetrievalResponse { + // Restorative action to take after device reset. + enum RestoreMode { + // No secondary state restoration. + RESTORE_MODE_NONE = 0; + // Enterprise enrollment requested, but user may skip. + RESTORE_MODE_REENROLLMENT_REQUESTED = 1; + // Enterprise enrollment is enforced and cannot be skipped. + RESTORE_MODE_REENROLLMENT_ENFORCED = 2; + // The device has been disabled by its owner. The device will show a warning + // screen and prevent the user from proceeding further. + RESTORE_MODE_DISABLED = 3; + // Enterprise enrollment is enforced using Zero-Touch and cannot be skipped. + RESTORE_MODE_REENROLLMENT_ZERO_TOUCH = 4; + } + // The server-indicated restore mode. + optional RestoreMode restore_mode = 1 [default = RESTORE_MODE_NONE]; + + // Primary domain the device is associated with. + optional string management_domain = 2; + + // State that is relevant only when the |restore_mode| is + // |RESTORE_MODE_DISABLED|. + optional DisabledState disabled_state = 3; + + // Initial device state if |restore_mode| is |RESTORE_MODE_NONE|. + optional DeviceInitialEnrollmentStateResponse initial_state_response = 4; + + // license type the device used in last enrollment + optional LicenseType license_type = 5; +} + +// Request from device to server to retrieve the enrollment mode and domain for +// this device. The client will use this request when the +// DeviceAutoEnrollmentRequest exchange with |enrollment_check_type| set to +// |ENROLLMENT_CHECK_TYPE_FORCED_ENROLLMENT| indicated that it should be +// enrolled. This request is not authenticated. +message DeviceInitialEnrollmentStateRequest { + // The serial number of the device. + optional string serial_number = 1; + + // The 4-character brand code of the device. + optional string brand_code = 2; + + // The enrollment token for Flex Auto Enrollment. + optional string enrollment_token = 3; +} + +// Response from server DeviceInitialEnrollmentStateRequest. +message DeviceInitialEnrollmentStateResponse { + // Initial action to take after OOBE. + enum InitialEnrollmentMode { + // No initial enrollment. + INITIAL_ENROLLMENT_MODE_NONE = 0; + // Enterprise enrollment is enforced and cannot be skipped. + INITIAL_ENROLLMENT_MODE_ENROLLMENT_ENFORCED = 1; + // Zero-Touch (attestation-based) enrollment is enforced and cannot be + // skipped. + INITIAL_ENROLLMENT_MODE_ZERO_TOUCH_ENFORCED = 2; + // The device has been disabled by its owner. The device will show a warning + // screen and prevent the user from proceeding further. + INITIAL_ENROLLMENT_MODE_DISABLED = 3; + // Token-based enrollment is enforced and cannot be skipped. + INITIAL_ENROLLMENT_MODE_TOKEN_ENROLLMENT_ENFORCED = 4; + } + + // The server-indicated initial enrollment mode. + optional InitialEnrollmentMode initial_enrollment_mode = 1 + [default = INITIAL_ENROLLMENT_MODE_NONE]; + + // The domain the device should be enrolled into. + optional string management_domain = 2; + + // Whether the device comes packaged with a license or not. + optional bool is_license_packaged_with_device = 3; + + // State that is relevant only when the |initial_enrollment_mode| is + // |INITIAL_ENROLLMENT_MODE_DISABLED|. + optional DisabledState disabled_state = 4; + + // License Packaging SKU type. + // LINT.IfChange + enum LicensePackagingSKU { + // Not a License Packaged Device. + NOT_EXIST = 0; + // Enterprise SKU. + CHROME_ENTERPRISE = 1; + // Education SKU. + CHROME_EDUCATION = 2; + // Terminal SKU + CHROME_TERMINAL = 3; + } + // LINT.ThenChange(//depot/google3/google/chrome/licensepackaging/v1/service.proto) + + // SKU Type for License Packaged Device. + optional LicensePackagingSKU license_packaging_sku = 5; + + // Assigned upgrade type. See: go/zte-sku-consumption and go/cros-kiosk-prd + // LINT.IfChange(AssignedUpgradeTypeChange) + enum AssignedUpgradeType { + // Unspecified + ASSIGNED_UPGRADE_TYPE_UNSPECIFIED = 0; + // Chrome Enterprise Upgrade (CEU) + ASSIGNED_UPGRADE_TYPE_CHROME_ENTERPRISE = 1; + // Kiosk & Signage Upgrade (KSU) + ASSIGNED_UPGRADE_TYPE_KIOSK_AND_SIGNAGE = 2; + } + // LINT.ThenChange(//depot/google3/java/com/google/chrome/cros/spanner/devicemanagement/schema/enrollment.proto:AssignedUpgradeTypeChange) + + optional AssignedUpgradeType assigned_upgrade_type = 6; +} + +// Sent by the client to the server to pair the Host device with the Controller +// device. The HTTP request contains an end-user OAuth token and only succeeds +// if both Host and Controller devices belong to the end-user domain. +message DevicePairingRequest { + // The device ID of the Host device. + optional string host_device_id = 1; + + // The device ID of the Controller device. + optional string controller_device_id = 2; +} + +// Response from the server to the device pairing request. +message DevicePairingResponse { + // The client should check HTTP status code first. If HTTP status code is not + // 200 (e.g. 500 internal error), then it means the pairing fails. If HTTP + // status code is 200, then the client should check the status code within the + // response. + enum StatusCode { + SUCCESS = 0; + + // A generic failure code for pairing. + FAILED = 1; + + // The Host device cannot be found in the user's domain. + HOST_DEVICE_NOT_FOUND = 2; + + // The Controller device cannot be found in the user's domain. + CONTROLLER_DEVICE_NOT_FOUND = 3; + + // The Host device is deprovisioned. + HOST_DEVICE_DEPROVISIONED = 4; + + // The Controller device is deprovisioned. + CONTROLLER_DEVICE_DEPROVISIONED = 5; + } + + optional StatusCode status_code = 1 [default = FAILED]; +} + +// Sent by the client to the server to check if the devices are paired. The HTTP +// request contains controller service account OAuth token as well as the +// DMToken from the Host device. +message CheckDevicePairingRequest { + // The device ID of the Host device. + optional string host_device_id = 1; + + // The device ID of the Controller device. + optional string controller_device_id = 2; +} + +// Response from the server to the check device pairing request. +message CheckDevicePairingResponse { + // The client should check HTTP status code first. If HTTP status code is not + // 200 (e.g. 500 internal error), then it means the pairing status is unknown. + // If HTTP status code is 200, then the client should check the status code + // within the response. + enum StatusCode { + PAIRED = 0; + + // The Host and Controller devices are not paired. + NOT_PAIRED = 1; + + // The Host device cannot be found in the Host device domain. + HOST_DEVICE_NOT_FOUND = 2; + + // The Controller device cannot be found in the Host device domain. + CONTROLLER_DEVICE_NOT_FOUND = 3; + + // The Host device is deprovisioned. + HOST_DEVICE_DEPROVISIONED = 4; + + // The Controller device is deprovisioned. + CONTROLLER_DEVICE_DEPROVISIONED = 5; + + // Invalid controller identity. + INVALID_CONTROLLER_DEVICE_IDENTITY = 6; + } + + optional StatusCode status_code = 1 [default = NOT_PAIRED]; +} + +// This protobuf defines a single remote command from server to client for +// execution. +message RemoteCommand { + // The names are used as part of metric names. If enumeration is updated + // the names should also be updated: + // - components/policy/core/common/cloud/enterprise_metrics.cc; + // - components/policy/core/common/remote_commands/remote_commands_service.cc; + // - Enterprise.RemoteCommandType in + // tools/metrics/histograms/metadata/enterprise/histograms.xml; + enum Type { + // Simple echo command for testing, will be ignored in production code. + COMMAND_ECHO_TEST = -1; + + // Reboot the device. + DEVICE_REBOOT = 0; + + // Take a screenshot. + DEVICE_SCREENSHOT = 1; + + // Set device volume. + DEVICE_SET_VOLUME = 2; + + // Force a refresh of device status (attributes and logs). + DEVICE_FETCH_STATUS = 3; + + // Forwards a user command received from the management server to the ARC++ + // side. The payload is opaque to Chrome OS. + USER_ARC_COMMAND = 4; + + // Wipe all the users off of the device. + DEVICE_WIPE_USERS = 5; + + // Start Chrome Remote Desktop session. + DEVICE_START_CRD_SESSION = 6; + + // Wipe the device (perform a powerwash). + DEVICE_REMOTE_POWERWASH = 7; + + // Refresh the device machine certificate and re-upload it. + DEVICE_REFRESH_ENTERPRISE_MACHINE_CERTIFICATE = 8; + + // Retrieve a list of available diagnostics routines. + DEVICE_GET_AVAILABLE_DIAGNOSTIC_ROUTINES = 9; + + // Run a given diagnostics routine on the platform. + DEVICE_RUN_DIAGNOSTIC_ROUTINE = 10; + + // Send a command or get an update from an existing diagnostics routine. + DEVICE_GET_DIAGNOSTIC_ROUTINE_UPDATE = 11; + + // Clear the cache and cookies associated with a given profile. + BROWSER_CLEAR_BROWSING_DATA = 12; + + // Reset the cellular EUICC (Embedded Universal Integrated Circuit Card) on + // the device. + DEVICE_RESET_EUICC = 13; + + // Rotates the attestation credentials associated with a browser device. + BROWSER_ROTATE_ATTESTATION_CREDENTIAL = 14; + + // Fetch information that determines the availability of CRD on the device. + FETCH_CRD_AVAILABILITY_INFO = 15; + + // Fetch the logs from the Support Tool on managed ChromeOS devices. + FETCH_SUPPORT_PACKET = 16; + + // Please update metrics after adding a new item - see the comment above. + } + + // The command type. + optional Type type = 1; + + // An opaque unique identifier for the command. The client processes + // the commands in the order of the command list it receives. + optional int64 command_id = 2; + + // The age of the command (in milliseconds) when it is sent from server to + // client, defined as current_server_time - command_generated_time. + optional int64 age_of_command = 3; + + // Extra parameters for this command, expected to be a JSON string. The exact + // format of the JSON payload depends on the command type specified by the + // |type| field: + // |DEVICE_SCREENSHOT|: {"fileUploadUrl" : url_string}. + // |DEVICE_SET_VOLUME|: {"volume": volume_value}, where volume_value must be + // an integer between 0 and 100. + // |DEVICE_RUN_DIAGNOSTIC_ROUTINE|: {"routine" : routine_enum, "params" : + // params_dict}, where params_dict varies by routine. + // |DEVICE_GET_DIAGNOSTIC_ROUTINE_UPDATE|: {"id" : id_integer, "command" : + // command, "includeOutput" : include_output_bool}, where command must be a + // valid `ash::cros_healthd::mojom::DiagnosticRoutineCommandEnum`. + // |DEVICE_REBOOT|: {"user_session_delay_s": delay_integer}, where delay value + // represents seconds until reboot in user session. + // |FETCH_SUPPORT_PACKET|: + // {"supportPacketDetails":{ "issueCaseId": optional_support_case_id_string, + // "issueDescription": optional_issue_description_string, + // "requestedDataCollectors": [], "requestedPiiTypes": []}} + optional string payload = 4; + + // An identifier for the target this command is for. This is the same as + // the device_id in PolicyData. We rely on this identifier not being stable + // across powerwashes. + optional string target_device_id = 5; +} + +// This protobuf defines the execution result of a single remote command +// which will be sent back to the server. +message RemoteCommandResult { + // If you change this, update policy.mojom/CommandResultType. + enum ResultType { + RESULT_IGNORED = 0; // The command was ignored as obsolete. + RESULT_FAILURE = 1; // The command could not be executed or parsed. + RESULT_SUCCESS = 2; // The command was successfully executed. Commands + // such as powerwash will return success before they + // are executed since state will be forgotten. + } + + // The result of the command. + optional ResultType result = 1; + + // The opaque unique identifier of the command. This value is copied from the + // RemoteCommand protobuf that contained the command. + optional int64 command_id = 2; + + // The timestamp representing time at which the command was executed, if the + // result is RESULT_SUCCESS. The timestamp is milliseconds since Epoch in UTC + // timezone (Java time). + optional int64 timestamp = 3; + + // Extra information sent to server as result of execution, expected to be a + // JSON string. + optional string payload = 4; +} + +message DeviceRemoteCommandRequest { + // The command ID of the last command received from the server until + // now. Omitted if no commands have been received yet. + optional int64 last_command_unique_id = 1; + + // The execution results of previously fetched commands. + // The client should send back a command result whenever possible. + repeated RemoteCommandResult command_results = 2; + + // Whether the server should send secure commands or not. + optional bool send_secure_commands = 3; + + // What type of signature to use. Only valid if send_secure_commmands is true. + // If NONE is passed, SHA1_RSA will be used instead for compatibility. + optional PolicyFetchRequest.SignatureType signature_type = 4; + + // A string that represents the type of RemoteCommands that need to be + // fetched. This type helps the server redirect the request to different + // handlers. + optional string type = 5; +} + +message DeviceRemoteCommandResponse { + // The queue of pending, non secure commands. If this is present then there + // shall be no secure commands in this response (and vice versa). + repeated RemoteCommand commands = 1; + + // The queue of pending, secure commands. If this is present then there shall + // be no non secure commands in this response (and vice versa). + // + // The secure_commands.data field contains a serialized PolicyData with a + // “google/chromeos/remotecommand” policy_type. The secure_commands.signature + // field is a signature of the data field with the policy key for the domain + // the device belongs to. + repeated SignedData secure_commands = 2; +} + +// Sent by the client to the server to check if the current user or device is +// allowed to update attributes (asset id and location). The HTTP request +// can contain an end-user OAuth token or a device DMToken. +message DeviceAttributeUpdatePermissionRequest {} + +// Response from the server specifying whether the current user or device is +// allowed to update attributes (asset id and location). +message DeviceAttributeUpdatePermissionResponse { + enum ResultType { + ATTRIBUTE_UPDATE_DISALLOWED = 0; + ATTRIBUTE_UPDATE_ALLOWED = 1; + } + + optional ResultType result = 1; +} + +// Sent by the client to the server to update device attributes (asset id and +// location). The HTTP request can contain an end-user OAuth token or a device +// DMToken. +message DeviceAttributeUpdateRequest { + // The user-generated asset identifier. + optional string asset_id = 1; + + // The user input device location. + optional string location = 2; +} + +// Response from the server to update device attributes (asset id and location). +message DeviceAttributeUpdateResponse { + enum ResultType { + ATTRIBUTE_UPDATE_ERROR = 0; + ATTRIBUTE_UPDATE_SUCCESS = 1; + } + + optional ResultType result = 1; +} + +// Sent by the client to server to update the mapping from GCM id to device_id +// on the server side. +message GcmIdUpdateRequest { + optional string gcm_id = 1; +} + +// Response for GcmIdUpdateRequest, an empty message for now. +message GcmIdUpdateResponse {} + +// Request from device to server to check for Android-for-Work service with +// DPC enforcement. Must be sent only for users who are not managed in Chrome +// OS. +// Provide user's OAuth token with your HTTP Request. +message CheckAndroidManagementRequest {} + +// Response from server to device for check for Android-for-Work service with +// DPC enforcement request. +// SC_CONFLICT HTTP code is returned if DPC enforcement is required. +message CheckAndroidManagementResponse {} + +// Request to register a new device (authenticated by enterprise enrollment +// certificate). See http://go/zero-touch-chrome for details. +// The response message will be the DeviceRegisterResponse. +message CertificateBasedDeviceRegisterRequest { + // Signed request to register with a certificate. The signed_request.data + // field contains a CertificateBasedDeviceRegistrationData with a nonce + // (as added by the Chrome OS cryptohome client) appended. The + // signed_request.signature field is a signature of the data field signed + // with the enrollment certificate's private key. + optional SignedData signed_request = 1; +} + +// Request from device to server to register a device (authenticated with an +// enrollment token). +message TokenBasedDeviceRegisterRequest { + optional DeviceRegisterRequest device_register_request = 1; +} + +// Response to a token-based device registration request +// (@code `TokenBasedDeviceRegisterRequest`). +message TokenBasedDeviceRegisterResponse { + optional DeviceRegisterResponse device_register_response = 1; +} + +// Requested configuration to be passed along a registration request. +message DeviceRegisterConfiguration { + // The device owner's email address. + optional string device_owner = 1; +} + +message CertificateBasedDeviceRegistrationData { + enum CertificateType { + UNKNOWN = 0; + ENTERPRISE_ENROLLMENT_CERTIFICATE = 1; + } + + optional CertificateType certificate_type = 1; + // Device certificate in X.509 format. + // We use CertificateFactory.generateCertificate() call and + // the certificate provided must be DER-encoded and may be supplied in binary + // or printable (Base64) encoding. If the certificate is provided in Base64 + // encoding, it must be bounded at the beginning by + // -----BEGIN CERTIFICATE-----, and must be bounded at the end by + // -----END CERTIFICATE-----. + optional bytes device_certificate = 2; + // regular device registration request + optional DeviceRegisterRequest device_register_request = 3; + // Additional configuration to register the device. + optional DeviceRegisterConfiguration device_register_configuration = 4; +} + +// Request to enroll a Chrome browser. Fields match identically named fields +// in ChromeBrowserDeviceInfo. +message RegisterBrowserRequest { + // The name of the machine within its local network. + optional string machine_name = 1; + // Platform, e.g., Windows or Mac. + optional string os_platform = 2; + // Platform specific version number, e.g., 6.1.7601.0 or 10.12.6 + optional string os_version = 3; + // Device identifier for helping identify non-Chrome OS devices. + // TODO(crbug.com/40706071): This will also replace the machine_name field. + optional BrowserDeviceIdentifier browser_device_identifier = 4; + // The device model, e.g., iPad6,11 + optional string device_model = 5; + // A string that represents the brand/manufacturer of a device. + optional string brand_name = 6; +} + +// Gets an enrollment token to a managed Google Play account for using it with +// Active Directory. Sent when a new user logs in with Active Directory and +// opens Play Store for the first time. +message ActiveDirectoryEnrollPlayUserRequest { + // A server-provider identifier for the previously established SAML session. + // If left empty and SAML authentication is required, + // ActiveDirectoryEnrollPlayUserResponse.saml_parameters.auth_redirect_url + // will contain initial Redirect required to start the SAML flow. + optional string auth_session_id = 1; +} + +// The result when a new user logs in to Play Store with Active Directory. +// 904 Arc Disabled HTTP error code is returned if the reason of the failure is +// that ARC is not enabled for the domain. +// 403 Forbidden HTTP error code is returned if the device can't get Managed +// Google Play accounts. +message ActiveDirectoryEnrollPlayUserResponse { + // The enrollment token which can be used to fetch a Managed Google Play + // account. + optional string enrollment_token = 1; + // The user id which identifies the user enrolled by this token. This user id + // is opaque to the client and is only used in the ActiveDirectoryPlayActivity + // requests. + optional string user_id = 2; + // If SAML authentication is required, SAML flow parameters are specified in + // this proto and both enrollment_token and user_id fields are left unset. + optional SamlParametersProto saml_parameters = 3; +} + +message SamlParametersProto { + // Initial Redirect URL to start the SAML flow. + optional string auth_redirect_url = 1; + // Auth Session ID which the client is supposed to use in the subsequent + // DMServer request (to be sent after SAML flow completes). + optional string auth_session_id = 2; +} + +// Gets a URL to the SAML IdP authentication flow for using it with public +// SAML session. Sent when a user logs in to a SAML public session account. +message PublicSamlUserRequest { + // Identifier for the public saml account. Same as + // DeviceLocalAccountInfoProto.account_id. + optional string account_id = 1; +} + +// The result when a user logs in to a SAML public session account. +message PublicSamlUserResponse { + // SAML flow parameters are specified in this proto. + optional SamlParametersProto saml_parameters = 1; +} + +// Reports that a managed Google Play account is used. This makes the garbage +// collection of accounts possible by reporting the ones which are still in use. +message ActiveDirectoryPlayActivityRequest { + // The user id received in ActiveDirectoryEnrollPlayUserResponse which + // identifies the user. + optional string user_id = 1; +} + +// Response to the Play account activity request. +message ActiveDirectoryPlayActivityResponse {} + +// DEPRECATED: Request to retrieve available device licenses. User auth token +// or auth cookie must be provided with DeviceManagementRequest when +// CheckDeviceLicenseRequest is being sent. +// See go/cdm-mixed-license-pool for more info +message CheckDeviceLicenseRequest {} + +// Represents availability of a single license type. +message LicenseAvailability { + // License type. + optional LicenseType license_type_deprecated = 1 [deprecated = true]; + + // Remaining available licenses (can be 0). + optional int32 available_licenses_deprecated = 2 [deprecated = true]; +} + +// DEPRECATED: Response to a check device license request. +message CheckDeviceLicenseResponse { + enum LicenseSelectionMode { + // Should not happen, included for compatibility. + UNDEFINED = 0; + // User is allowed to choose license. + USER_SELECTION = 1; + // Admin controls license selection preferences through management UI. + ADMIN_SELECTION = 2; + } + + // Policy setting value for license selection mode. + optional LicenseSelectionMode license_selection_mode_deprecated = 1 + [deprecated = true]; + + // Provides available license counts for each purchased license type. + // This field would list each subscription for the domain even if all licenses + // have been used up (in which case available_licenses field is set to zero). + // + // If license_selection_mode == USER_SELECTION and license_availability + // contains more than one entry then device should display a screen asking + // user to choose license type and send selected license type value in the + // DeviceRegisterRequest.license_type field. + repeated LicenseAvailability license_availabilities_deprecated = 2 + [deprecated = true]; +} + +// Sign in an Active Directory user using SAML SSO. The device management server +// redirects the client to the Active Directory server in order to authenticate +// and identify the Active Directory user. Active Directory redirects the client +// back to the device management server with an assertion of the Active +// Directory user's identity. The device management server then redirects the +// client to Google's authentication service in order to provision the user on +// the device. +message ActiveDirectoryUserSigninRequest {} + +message ActiveDirectoryUserSigninResponse { + // Initial Redirect URL to start the SAML flow. + optional string auth_redirect_url = 1; +} + +// Contains information about the TPM used on the device. +message TpmVersionInfo { + enum GscVersion { + GSC_VERSION_UNSPECIFIED = 0; + GSC_VERSION_NOT_GSC = 1; + GSC_VERSION_CR50 = 2; + GSC_VERSION_TI50 = 3; + } + optional uint32 family = 1; + optional uint64 spec_level = 2; + optional uint32 manufacturer = 3; + optional uint32 tpm_model = 4; + optional uint64 firmware_version = 5; + optional string vendor_specific = 6; + optional GscVersion gsc_version = 7; + // This field represents the tpm device id and vendor id + // which is a combined value as declared in the TPM spec. + optional string did_vid = 8; +} + +// Contains status of the TPM unit. +message TpmStatusInfo { + optional bool enabled = 1; + optional bool owned = 2; + // This field was previously named "initialized", but that's not a valid name + // for a proto field since it generates isInitialized method for the Java + // binding which collides with the isInitialized method that exists for all + // Java protos. + optional bool tpm_initialized = 3; + optional bool attestation_prepared = 4; + optional bool attestation_enrolled = 5; + optional int32 dictionary_attack_counter = 6; + optional int32 dictionary_attack_threshold = 7; + optional bool dictionary_attack_lockout_in_effect = 8; + optional int32 dictionary_attack_lockout_seconds_remaining = 9; + // DEPRECATED: Not filled by the client anymore (since b/172748724). + optional bool boot_lockbox_finalized = 10 [deprecated = true]; + optional bool owner_password_is_present = 11; + optional TpmSupportedFeatures tpm_supported_features = 12; +} + +// Contains information about specific features of the TPM unit. +message TpmSupportedFeatures { + optional bool is_allowed = 1; + optional bool support_pinweaver = 2; + optional bool support_runtime_selection = 3; + optional bool support_u2f = 4; +} + +// System state included with some log events. +message SystemState { + // VolumeInfo is reused from existing Chrome reporting. + repeated VolumeInfo volume_infos = 1; +} + +// A single entry in the install log for an extension. +message ExtensionInstallReportLogEvent { + // Enumerates the possible event types. + enum EventType { + // Not used. + LOG_EVENT_TYPE_UNKNOWN = 0; + // Requested by policy to install the extension. + POLICY_REQUEST = 1; + // Install success. + SUCCESS = 2; + // Request canceled. + CANCELED = 3; + // Connectivity state changed. + CONNECTIVITY_CHANGE = 4; + // Session state changed. + SESSION_STATE_CHANGE = 5; + // Extension installation failed. + INSTALLATION_FAILED = 6; + } + + // Enumerates the possible changes in session state. + enum SessionStateChangeType { + // Not used. + SESSION_STATE_CHANGE_TYPE_UNKNOWN = 0; + // Session starting. + LOGIN = 1; + // Session ending. + LOGOUT = 2; + // Suspending. + SUSPEND = 3; + // Resuming. + RESUME = 4; + } + + // Possible failure reasons. See InstallStageTracker::FailureReason for more + // details. InstallStageTracker::FailureReason is the main enum and this is + // a copy used for reporting purposes. + enum FailureReason { + FAILURE_REASON_UNKNOWN = 0; + INVALID_ID = 1; + MALFORMED_EXTENSION_SETTINGS = 2; + REPLACED_BY_ARC_APP = 3; + MALFORMED_EXTENSION_DICT = 4; + NOT_SUPPORTED_EXTENSION_DICT = 5; + MALFORMED_EXTENSION_DICT_FILE_PATH = 6; + MALFORMED_EXTENSION_DICT_VERSION = 7; + MALFORMED_EXTENSION_DICT_UPDATE_URL = 8; + LOCALE_NOT_SUPPORTED = 9; + NOT_PERFORMING_NEW_INSTALL = 10; + TOO_OLD_PROFILE = 11; + DO_NOT_INSTALL_FOR_ENTERPRISE = 12; + ALREADY_INSTALLED = 13; + CRX_FETCH_FAILED = 14; + MANIFEST_FETCH_FAILED = 15; + MANIFEST_INVALID = 16; + NO_UPDATE = 17; + CRX_INSTALL_ERROR_DECLINED = 18; + CRX_INSTALL_ERROR_SANDBOXED_UNPACKER_FAILURE = 19; + CRX_INSTALL_ERROR_OTHER = 20; + NO_UPDATE_URL = 21; + PENDING_ADD_FAILED = 22; + DOWNLOADER_ADD_FAILED = 23; + IN_PROGRESS = 24; + CRX_FETCH_URL_EMPTY = 25; + CRX_FETCH_URL_INVALID = 26; + OVERRIDDEN_BY_SETTINGS = 27; + REPLACED_BY_SYSTEM_APP = 28; + } + + // Stage of extension installing process. See InstallStageTracker::Stage for + // more details. InstallStageTracker::Stage is the main enum and this is + // a copy used for reporting purposes. The entries are in the order they occur + // in the installation process. + enum InstallationStage { + INSTALLATION_STAGE_UNKNOWN = 0; + CREATED = 1; + PENDING = 2; + DOWNLOADING = 3; + INSTALLING = 4; + COMPLETE = 5; + } + + // Type of current user. See user_manager::UserType for more details. + // user_manager::UserType is the main enum and this is a copy used for + // reporting purposes. + enum UserType { + USER_TYPE_UNKNOWN = 0; + USER_TYPE_REGULAR = 1; + USER_TYPE_GUEST = 2; + USER_TYPE_PUBLIC_ACCOUNT = 3; + USER_TYPE_SUPERVISED_DEPRECATED = 4 [deprecated = true]; + USER_TYPE_KIOSK_APP = 5; + USER_TYPE_CHILD = 6; + USER_TYPE_ARC_KIOSK_APP = 7; + USER_TYPE_ACTIVE_DIRECTORY = 8; + USER_TYPE_WEB_KIOSK_APP = 9; + } + + // Current stage of the extension downloading process. See + // ExtensionDownloaderDelegate::Stage for more details. + // ExtensionDownloaderDelegate::Stage is the main enum and this is a copy used + // for reporting purposes. + enum DownloadingStage { + DOWNLOADING_STAGE_UNKNOWN = 0; + DOWNLOAD_PENDING = 1; + QUEUED_FOR_MANIFEST = 2; + DOWNLOADING_MANIFEST = 3; + DOWNLOADING_MANIFEST_RETRY = 4; + PARSING_MANIFEST = 5; + MANIFEST_LOADED = 6; + QUEUED_FOR_CRX = 7; + DOWNLOADING_CRX = 8; + DOWNLOADING_CRX_RETRY = 9; + FINISHED = 10; + } + + // Current stage of the extension creation process. See + // InstallStageTracker::InstallCreationStage for more details. + // InstallStageTracker::InstallCreationStage is the main enum and this is a + // copy used for reporting purposes. + enum InstallCreationStage { + INSTALL_CREATION_STAGE_UNKNOWN = 0; + CREATION_INITIATED = 1; + NOTIFIED_FROM_MANAGEMENT_INITIAL_CREATION_FORCED = 2; + NOTIFIED_FROM_MANAGEMENT_INITIAL_CREATION_NOT_FORCED = 3; + NOTIFIED_FROM_MANAGEMENT = 4; + NOTIFIED_FROM_MANAGEMENT_NOT_FORCED = 5; + SEEN_BY_POLICY_LOADER = 6; + SEEN_BY_EXTERNAL_PROVIDER = 7; + } + + // Status of cache when an attempt is made to fetch the extension from it + // during the downloading process. See + // ExtensionDownloaderDelegate::CacheStatus for more details. + // ExtensionDownloaderDelegate::CacheStatus is the main enum and this is a + // copy used for reporting purposes. + enum DownloadCacheStatus { + CACHE_UNKNOWN = 0; + CACHE_DISABLED = 1; + CACHE_MISS = 2; + CACHE_OUTDATED = 3; + CACHE_HIT = 4; + CACHE_HIT_ON_MANIFEST_FETCH_FAILURE = 5; + } + + // All the ways SandboxedUnpacker can fail. See + // extensions::SandboxedUnpackerFailureReason for more details. + // extensions::SandboxedUnpackerFailureReason is the main enum and this is a + // copy used for reporting purposes. + enum SandboxedUnpackerFailureReason { + SANDBOXED_UNPACKER_FAILURE_REASON_UNKNOWN = 0; + COULD_NOT_GET_TEMP_DIRECTORY = 1; + COULD_NOT_CREATE_TEMP_DIRECTORY = 2; + FAILED_TO_COPY_EXTENSION_FILE_TO_TEMP_DIRECTORY = 3; + COULD_NOT_GET_SANDBOX_FRIENDLY_PATH = 4; + COULD_NOT_LOCALIZE_EXTENSION = 5; + INVALID_MANIFEST = 6; + UNPACKER_CLIENT_FAILED = 7; + UTILITY_PROCESS_CRASHED_WHILE_TRYING_TO_INSTALL = 8; + CRX_FILE_NOT_READABLE = 9; + CRX_HEADER_INVALID = 10; + CRX_MAGIC_NUMBER_INVALID = 11; + CRX_VERSION_NUMBER_INVALID = 12; + CRX_EXCESSIVELY_LARGE_KEY_OR_SIGNATURE = 13; + CRX_ZERO_KEY_LENGTH = 14; + CRX_ZERO_SIGNATURE_LENGTH = 15; + CRX_PUBLIC_KEY_INVALID = 16; + CRX_SIGNATURE_INVALID = 17; + CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED = 18; + CRX_SIGNATURE_VERIFICATION_FAILED = 19; + ERROR_SERIALIZING_MANIFEST_JSON = 20; + ERROR_SAVING_MANIFEST_JSON = 21; + COULD_NOT_READ_IMAGE_DATA_FROM_DISK_UNUSED = 22; + DECODED_IMAGES_DO_NOT_MATCH_THE_MANIFEST_UNUSED = 23; + INVALID_PATH_FOR_BROWSER_IMAGE = 24; + ERROR_REMOVING_OLD_IMAGE_FILE = 25; + INVALID_PATH_FOR_BITMAP_IMAGE = 26; + ERROR_RE_ENCODING_THEME_IMAGE = 27; + ERROR_SAVING_THEME_IMAGE = 28; + DEPRECATED_ABORTED_DUE_TO_SHUTDOWN = 29; + COULD_NOT_READ_CATALOG_DATA_FROM_DISK_UNUSED = 30; + INVALID_CATALOG_DATA = 31; + INVALID_PATH_FOR_CATALOG_UNUSED = 32; + ERROR_SERIALIZING_CATALOG = 33; + ERROR_SAVING_CATALOG = 34; + CRX_HASH_VERIFICATION_FAILED = 35; + UNZIP_FAILED = 36; + DIRECTORY_MOVE_FAILED = 37; + CRX_FILE_IS_DELTA_UPDATE = 38; + CRX_EXPECTED_HASH_INVALID = 39; + DEPRECATED_ERROR_PARSING_DNR_RULESET = 40; + ERROR_INDEXING_DNR_RULESET = 41; + CRX_REQUIRED_PROOF_MISSING = 42; + CRX_HEADER_VERIFIED_CONTENTS_UNCOMPRESSING_FAILURE = 43; + MALFORMED_VERIFIED_CONTENTS = 44; + COULD_NOT_CREATE_METADATA_DIRECTORY = 45; + COULD_NOT_WRITE_VERIFIED_CONTENTS_INTO_FILE = 46; + } + + // Reason why extension failed due to failure reason MANIFEST_INVALID. See + // extensions::ManifestInvalidError for more details. + // extensions::ManifestInvalidError is the main enum and this is a + // copy used for reporting purposes. + enum ManifestInvalidError { + MANIFEST_INVALID_ERROR_UNKNOWN = 0; + XML_PARSING_FAILED = 1; + INVALID_XLMNS_ON_GUPDATE_TAG = 2; + MISSING_GUPDATE_TAG = 3; + INVALID_PROTOCOL_ON_GUPDATE_TAG = 4; + MISSING_APP_ID = 5; + MISSING_UPDATE_CHECK_TAGS = 6; + MULTIPLE_UPDATE_CHECK_TAGS = 7; + INVALID_PRODVERSION_MIN = 8; + EMPTY_CODEBASE_URL = 9; + INVALID_CODEBASE_URL = 10; + MISSING_VERSION_FOR_UPDATE_CHECK = 11; + INVALID_VERSION = 12; + BAD_UPDATE_SPECIFICATION = 13; + BAD_APP_STATUS = 14; + } + + // Extended error code if the extension installation failed due to CRX install + // error. See extensions::CrxInstallErrorDetail for more details. + // extensions::CrxInstallErrorDetail is the main enum and this is a + // copy used for reporting purposes. + enum CrxInstallErrorDetail { + CRX_INSTALL_ERROR_DETAIL_UNKNOWN = 0; + CONVERT_USER_SCRIPT_TO_EXTENSION_FAILED = 1; + UNEXPECTED_ID = 2; + UNEXPECTED_VERSION = 3; + MISMATCHED_VERSION = 4; + CRX_ERROR_MANIFEST_INVALID = 5; + INSTALL_NOT_ENABLED = 6; + OFFSTORE_INSTALL_DISALLOWED = 7; + INCORRECT_APP_CONTENT_TYPE = 8; + NOT_INSTALLED_FROM_GALLERY = 9; + INCORRECT_INSTALL_HOST = 10; + DEPENDENCY_NOT_SHARED_MODULE = 11; + DEPENDENCY_OLD_VERSION = 12; + DEPENDENCY_NOT_ALLOWLISTED = 13; + UNSUPPORTED_REQUIREMENTS = 14; + EXTENSION_IS_BLOCKLISTED = 15; + DISALLOWED_BY_POLICY = 16; + KIOSK_MODE_ONLY = 17; + OVERLAPPING_WEB_EXTENT = 18; + CANT_DOWNGRADE_VERSION = 19; + MOVE_DIRECTORY_TO_PROFILE_FAILED = 20; + CANT_LOAD_EXTENSION = 21; + USER_CANCELED = 22; + USER_ABORTED = 23; + UPDATE_NON_EXISTING_EXTENSION = 24; + } + + // Timestamp, in microseconds since epoch. Set for all log + // events. + optional int64 timestamp = 1; + + // Event type. Set for all log events. + optional EventType event_type = 2; + + // Total and available space on the stateful partition, in bytes. Set for + // event types INSTALLATION_FAILED and SUCCESS. + optional int64 stateful_total = 3; + optional int64 stateful_free = 4; + + // Network state. Set for event type SESSION_STATE_CHANGE of type LOGIN and + // CONNECTIVITY_CHANGE. + optional bool online = 5; + + // Type of session state change. Set for event type SESSION_STATE_CHANGE. + optional SessionStateChangeType session_state_change_type = 6; + + // Type of failure reason. Set for event type INSTALLATION_FAILED. + optional FailureReason failure_reason = 7; + + // Stage of installation process. + optional InstallationStage installation_stage = 8; + + // Stage of downloading process. + optional DownloadingStage downloading_stage = 9; + + // Type of the extension. Set for event type SUCCESS and sometimes (when + // possible) for INSTALLATION_FAILED. + optional Extension.ExtensionType extension_type = 10; + + // Type of the current user. + optional UserType user_type = 11; + + // Whether the current user is new. + optional bool is_new_user = 12; + + // Whether the current failure is a admin side miconfiguration failure. Set + // for event type INSTALLATION_FAILED. + optional bool is_misconfiguration_failure = 13; + + // Stage of install creation process. + optional InstallCreationStage install_creation_stage = 14; + + // Status of cache during downloading process. + optional DownloadCacheStatus download_cache_status = 15; + + // Detailed reason why unpacking of extension failed. + optional SandboxedUnpackerFailureReason unpacker_failure_reason = 16; + + // Detailed reason why extension failed due to failure reason + // MANIFEST_INVALID. + optional ManifestInvalidError manifest_invalid_error = 17; + + // Extended error code if the extension installation failed due to CRX install + // error. + optional CrxInstallErrorDetail crx_install_error_detail = 18; + + // Fetch error code when failure_reason is CRX_FETCH_FAILED or + // MANIFEST_FETCH_FAILED. + optional int32 fetch_error_code = 19; + + // Number of fetch tries made when failure reason is CRX_FETCH_FAILED or + // MANIFEST_FETCH_FAILED. + optional int32 fetch_tries = 20; +} + +// A single entry in the push-install log for an app. +message AppInstallReportLogEvent { + // Enumerates the possible event types. + enum EventType { + // Not used. + LOG_EVENT_TYPE_UNKNOWN = 0; + // Request received by device + SERVER_REQUEST = 1; + // Request forwarded to CloudDPC + CLOUDDPC_REQUEST = 2; + // Request forwarded to CloudDPS + CLOUDDPS_REQUEST = 3; + // Response received from CloudDPS + CLOUDDPS_RESPONSE = 4; + // Log line written by Phonesky + PHONESKY_LOG = 5; + // Install success + SUCCESS = 6; + // Request canceled + CANCELED = 7; + // Connectivity state changed + CONNECTIVITY_CHANGE = 8; + // Session state changed + SESSION_STATE_CHANGE = 9; + // Package installation started + INSTALLATION_STARTED = 10; + // Package installation finished + INSTALLATION_FINISHED = 11; + // Package installation failed + INSTALLATION_FAILED = 12; + // Direct install scheduled + DIRECT_INSTALL = 13; + // No more regular attempts to install + CLOUDDPC_MAIN_LOOP_FAILED = 14; + // PlayStore local policy was set + PLAYSTORE_LOCAL_POLICY_SET = 15; + } + + // Enumerates the possible changes in session state. + enum SessionStateChangeType { + // Not used. + SESSION_STATE_CHANGE_TYPE_UNKNOWN = 0; + // Session starting + LOGIN = 1; + // Session ending + LOGOUT = 2; + // Suspending + SUSPEND = 3; + // Resuming + RESUME = 4; + } + + // Timestamp, in microseconds since epoch. Set for all log + // events. + optional int64 timestamp = 1; + + // Event type. Set for all log events. + optional EventType event_type = 2; + + // Total and available space on the stateful partition, in bytes. Set for + // event types SERVER_REQUEST, CLOUDDPS_RESPONSE, INSTALLATION_STARTED, + // INSTALLATION_FINISHED, INSTALLATION_FAILED and SUCCESS. + optional int64 stateful_total = 3; + optional int64 stateful_free = 4; + + // CloudDPS response. Set for event type CLOUDDPS_RESPONSE. + optional int32 clouddps_response = 5; + + // Log line written by Phonesky. Set for event type PHONESKY_LOG. + optional string phonesky_log = 6; + + // Network state. Set for event type SESSION_STATE_CHANGE of type LOGIN and + // CONNECTIVITY_CHANGE. + optional bool online = 7; + + // Type of session state change. Set for event type SESSION_STATE_CHANGE. + optional SessionStateChangeType session_state_change_type = 8; + + // ARC++ Android id. + optional int64 android_id = 9; +} + +// Log bucket for an extension. +message ExtensionInstallReport { + // Extension id for the extension. + optional string extension_id = 1; + + // Whether the log is incomplete, e.g. due to the log ring buffer overflowing + // or disk corruption. + optional bool incomplete = 2; + + // Log events for the extension. + repeated ExtensionInstallReportLogEvent logs = 3; +} + +// Log bucket for an ARC++ app. +message AppInstallReport { + // Package name of the app. + optional string package = 1; + + // Whether the log is incomplete, e.g. due to the log ring buffer overflowing + // or disk corruption. + optional bool incomplete = 2; + + // Log events for the app. + repeated AppInstallReportLogEvent logs = 3; +} + +// Push-install logs for all ARC++ apps. +message AppInstallReportRequest { + // Log buckets for each app. + repeated AppInstallReport app_install_reports = 1; +} + +// Installation logs for all extensions. +message ExtensionInstallReportRequest { + // Log buckets for each extension. + repeated ExtensionInstallReport extension_install_reports = 1; +} + +// Response from server after receiving a report on the status of app +// push-installs. +message AppInstallReportResponse {} + +// Request from device to stop using a previously issued service account. +// The identity of a freshly-issued service account will be returned by a +// subsequent device policy fetch (see the |service_account_identity| field in +// |PolicyData| and auth codes tied to the new service account can be retrieved +// by subsequent |DeviceServiceApiAccessRequest| requests. +message RefreshAccountRequest { + enum AccountType { + ACCOUNT_TYPE_UNSPECIFIED = 0; + + // Refresh demo mode user account. + // See go/cros-demo-mode and go/demo-mode-account-brainstorm. + CHROME_OS_DEMO_MODE = 1; + } + + optional AccountType account_type = 1; +} + +// Response from server after receiving a request to refresh the service +// account. +message RefreshAccountResponse {} + +// Request from device to upload RSU lookup key. +message RsuLookupKeyUploadRequest { + // Google brand code for the given device SKU. + optional bytes board_id = 1; + + // Hashed Cr50 device ID. + optional bytes cr50_hashed_device_id = 2; +} + +// Response to {@code RsuLookupKeyUploadRequest}. +message RsuLookupKeyUploadResponse { + // Whether RSU lookup key was received. + optional bool rsu_lookup_key_updated = 1; +} + +// Information about an eSIM profile installed on an EUICC (Embedded Universal +// Integrated Circuit Card). +message ESimProfileInfo { + // ICCID of the eSIM profile. Up to 22 decimal digits encoded as ASCII string. + // Example: 3554020401587593554020. + optional string iccid = 1; + + // SM-DP+ (Subscription Manager - Data Preparation) activation code that was + // used to install this eSIM profile. The "address" terminology is historical + // since the string is not strictly just an address. This field should be + // considered mutually exclusive with |smds_address|. Up to 255 characters + // encoded as UTF8 string. + // Example: LPA:1$esim.example.com$matchingId + optional string smdp_address = 2; + + // SM-DS (Subscription Manager - Discovery Service) activation code that was + // used to install this eSIM profile. The "address" terminology is historical + // since the string is not strictly just an address. This field should be + // considered mutually exclusive with |smdp_address|. Up to 255 characters + // encoded as UTF8 string. + // Example: LPA:1$esim.example.com$ + optional string smds_address = 3; + + // The name of the policy-defined network that resulted in the installation of + // this eSIM profile. This metadata is required to guarantee that multiple + // policy-defined networks that are configured with the same activation code + // are handled correctly, and will result in the appropriate number of eSIM + // profiles being installed. + optional string name = 4; +} + +// Request from device to server to update information about EUICCs +// on the device. +message UploadEuiccInfoRequest { + // Number of EUICCs on the device. + optional uint32 euicc_count = 1; + + // List of policy provisioned eSIM profiles on the device. + repeated ESimProfileInfo esim_profiles = 2; + + // A boolean flag which indicates that the list of eSim profiles was cleared. + // We use this differentiate between intentionally empty profile list(after + // cleanup) or not yet provisioned one. + // On the server, we would ignore requests where |esim_profiles| is empty + // if |clear_profile_list| is not set to |true| to not accidentally clear the + // values previously stored for this device(which can happen in a case of + // device being in after-powerwash state, for example). + optional bool clear_profile_list = 3; +} + +// Response from server to device for EUICC status update. +message UploadEuiccInfoResponse {} + +// An event used for reporting when a new print job has completed. +message PrintJobEvent { + message PrintJobConfiguration { + // The ID of the job. This and the device ID uniquely identify a print job + // in enterprise reporting. + optional string id = 1; + + // The name of the document. + optional string title = 2; + + // The final status of the job. + optional int32 status = 3; + + // The time the print job was created in milliseconds since epoch. + optional int64 creation_timestamp_ms = 4; + + // The time the print job was completed in milliseconds since epoch. + optional int64 completion_timestamp_ms = 5; + + // The number of pages in the document. + optional int32 number_of_pages = 6; + + // The settings of the print job. + optional PrintSettings settings = 7; + } + + enum UserType { + UNKNOWN_USER_TYPE = 0; + REGULAR = 1; + GUEST = 2; + KIOSK = 3; + } + + message Printer { + // Displayed name of the printer in the client. + optional string name = 1; + + // URI of the printer, which serves as a unique identifier. + optional string uri = 2; + + // Printer ID. + optional string id = 3; + } + + // The finishing settings of the print job. + message PrintSettings { + enum ColorMode { + UNKNOWN_COLOR_MODE = 0; + BLACK_AND_WHITE = 1; + COLOR = 2; + } + + enum DuplexMode { + UNKNOWN_DUPLEX_MODE = 0; + ONE_SIDED = 1; + TWO_SIDED_LONG_EDGE = 2; + TWO_SIDED_SHORT_EDGE = 3; + } + + message MediaSize { + // Width (in micrometers) + optional int32 width = 1; + + // Height (in micrometers) + optional int32 height = 2; + + // Platform specific id to map it back to the particular media. + optional string vendor_id = 3; + } + + optional ColorMode color = 1; + + optional DuplexMode duplex = 2; + + optional MediaSize media_size = 3; + + optional int32 copies = 4; + } + + optional PrintJobConfiguration job_configuration = 1; + + optional UserType user_type = 2; + + optional Printer printer = 3; +} + +// Provides information about an installed app. +message App { + // Enum listing the available types of the apps. + // Aligned with apps::mojom::AppType. + enum AppType { + // Unknown/undefined. + UNKNOWN = 0; + // ARC++/Android app. + ARC = 1; + // Built-in app. + BUILT_IN = 2; + // Linux/crostini app. + CROSTINI = 3; + // Chrome extension. + EXTENSION = 4; + // Progressive web app. + WEB = 5; + // Plugin VM app. + PLUGIN_VM = 6; + // Borealis VM app. + BOREALIS = 7; + // Bruschetta VM app. + BRUSCHETTA = 8; + } + + // ID of the installed application. Package name for Android apps and 32 + // character long app id for other applications (PWAs, Extensions, Built-in + // apps). + optional string app_id = 1; + + // Type of the application. + optional AppType app_type = 2; + + // Additional IDs of the installed application if exist. + // For example it will contain Chrome style 32 character long ids for Android + // apps, that use package name as their primary ID. + repeated string additional_app_id = 3; +} + +// Information about app activity used for Per-App Time Limits feature. +message AppActivity { + // Enumerates different states that the app can have. + enum AppState { + // State not known. + UNKNOWN = 0; + // Default state - no restrictions enforced. + DEFAULT = 1; + // Important app that cannot be blocked, because it is essential for the OS. + ALWAYS_AVAILABLE = 2; + // App blocked on the client. + BLOCKED = 3; + // App reached usage limit on the client. + LIMIT_REACHED = 4; + // App was uninstalled. It still might have some recent unreported activity. + UNINSTALLED = 5; + } + + // App identifying information. + optional App app_info = 1; + + // A list of time periods when the app was active. + repeated TimePeriod active_time_periods = 2; + + // Timestamp when this activity data were populated. + // Specified in milliseconds since Epoch in UTC timezone (Java time). + optional int64 populated_at = 3; + + // State of the app on client at the time of reporting. To maintain + // consistency and help debugging between client and Family Link. + optional AppState app_state = 4; +} + +// Models a window for screen time. +message ScreenTimeSpan { + optional TimePeriod time_period = 1; + + // The actual activity duration during a particular time period window + // (in milliseconds). + optional int64 active_duration_ms = 2; +} + +// Informs the server about the current state of a child user's session, to +// allow parent supervision. +message ChildStatusReportRequest { + // The user's DMToken. + optional string user_dm_token = 1; + + // Timestamp of this status report in milliseconds since epoch. + optional int64 timestamp_ms = 2; + + // Time zone id of the active user (e.g. America/Sao_Paulo). + // For more details check `third_party/icu/source/i18n/unicode/timezone.h`. + optional string time_zone = 3; + + // A list of time spans when the screen was on during the user's session. + repeated ScreenTimeSpan screen_time_span = 4; + + // Information about ARC status. + optional AndroidStatus android_status = 5; + + // The OS version reported by the device is a platform version + // e.g. 1435.0.2011_12_16_1635. + optional string os_version = 6; + + // "Verified", "Dev". Same as verified mode. + // If the mode is unknown, this field should not be set. + optional string boot_mode = 7; + + // A list of per-app activity used for Per-App Time Limits feature. + // It might not be sent in every report. + repeated AppActivity app_activity = 8; + + // A list of applications which are hidden from the user. + repeated App hidden_app = 9; + + // Next id: 10. +} + +// Response from DMServer to update user devices' status. +// It is possible that status report fails but policy request succeed. In such +// case, the ChildStatusReportResponse will contain an error code and the +// device should re-send status report data in the next policy request. The +// device should re-send report data if policy request fails, even if +// ChildStatusReportResponse contains no error code. +message ChildStatusReportResponse { + optional int32 error_code = 1; + + // Human readable error message for customer support purpose. + optional string error_message = 2; +} + +// Hashing Algorithm for Client Certificate Provisioning Flow. +enum HashingAlgorithm { + // DO NOT USE + HASHING_ALGORITHM_UNSPECIFIED = 0; + + SHA1 = 1; + SHA256 = 2; + + // Do not hash the input data - assume it is input to the signature algorithm. + // The client supports this starting with M-89. + // + // For SigningAlgorithm RSA_PKCS1_V1_5, the client will perform PKCS#1 v1.5 + // padding on `data_to_sign`. `data_to_sign` is expected to already contain a + // PKCS#1 DigestInfo prefix - the client will not attempt to add such a + // prefix. Also `data_to_sign` must be shorter than (key_size-11) bytes. If no + // other key size was specified in the + // RequiredClientCertificateFor{User,Device} policy, 2048 bits is assumed. + NO_HASH = 3; +} + +// Signing Algorithm for Client Certificate Provisioning Flow. +enum SigningAlgorithm { + // DO NOT USE + SIGNING_ALGORITHM_UNSPECIFIED = 0; + + RSA_PKCS1_V1_5 = 1; +} + +// Client Certificate Provisioning "Static" Flow, Stage 1: Start a CSR request. +// No additional fields because cert_profile_id and public_key are passed in the +// outer message. +message StartCsrRequest {} + +message StartCsrResponse { + // The client should register for FCM messages using this topic in order to + // receive notifications for the certificate provisioning process. + optional string invalidation_topic = 1; + + // The verified access challenge. + optional bytes va_challenge = 2; + + // Algorithm to hash data with before signing. + optional HashingAlgorithm hashing_algorithm = 5; + + // Algorithm to sign data with for CSR creation. + optional SigningAlgorithm signing_algorithm = 3; + + // Data to sign for CSR creation. + optional bytes data_to_sign = 4; +} + +// Client Certificate Provisioning "Static" Flow, Stage 2: Finish the CSR +// request. +message FinishCsrRequest { + // Verified access challenge response. + optional bytes va_challenge_response = 1; + + // The signature generated using the private key. + optional bytes signature = 2; +} + +message FinishCsrResponse {} + +// Client Certificate Provisioning "Static" Flow, Stage 3: Download the issued +// certificate. +message DownloadCertRequest {} + +message DownloadCertResponse { + // PEM-encoded issued certificate. + optional string pem_encoded_certificate = 1; +} + +// "Dynamic" flow: Used to start a cerificate provisioning process. +message CertProvStartRequest {} + +message CertProvStartResponse { + // The client should register for FCM messages using this topic in order to + // receive notifications for the certificate provisioning process. + optional string invalidation_topic = 1; +} + +// "Dynamic" flow: Used to fetch the next instruction that the client should +// process. +message CertProvGetNextInstructionRequest {} + +message CertProvGetNextInstructionResponse { + // One of the instructions must be filled. + // If no instruction is available yet, the server should respond with a + // `CertProvBackendError` instead of a `CertProvGetNextInstructionResponse`. + oneof instruction { + CertProvAuthorizeInstruction authorize_instruction = 1; + CertProvProofOfPossessionInstruction proof_of_possession_instruction = 2; + CertProvImportCertificateInstruction import_certificate_instruction = 3; + } +} + +// "Dynamic" flow: Used to authorize the client, currently using a Verified +// Access challenge response. +// The client should send this request after it received a +// `CertProvAuthorizeInstruction`. +message CertProvAuthorizeRequest { + // Verified access challenge response. + optional bytes va_challenge_response = 1; +} + +message CertProvAuthorizeResponse {} + +// "Dynamic" flow: Upload the result of a `ProofOfPossessionInstruction`. +message CertProvUploadProofOfPossessionRequest { + // A client-generated cryptographic signature proving the possession of the + // client's private key. + // The signing key is the client-owned private key corresponding to + // `ClientCertificateProvisioningRequest.public_key`. + // The signed data has been previously delivered by the server in + // `CertProvProofOfPossessionInstruction.data_to_sign`. + // The hashing and signing algorithms have been previously delivered by the + // server in the `hashing_algorithm` and `signing_algorithm` fields of + // `CertProvProofOfPossessionInstruction`. + optional bytes signature = 1; +} + +message CertProvUploadProofOfPossessionResponse {} + +// The client should perform an authorization step. +message CertProvAuthorizeInstruction { + // The verified access challenge. + optional bytes va_challenge = 1; +} + +// The client should provide a proof-of-possession signature generated using +// the private key. +message CertProvProofOfPossessionInstruction { + // Data to sign for CSR creation. + // Depending on the `signature_algorithm` this may either contain the PKCS#1 + // DigestInfo in DER format (note that it must be shorter than (key_size-11) + // bytes) or unhashed data. The client must process `data_to_sign` according + // to the specified `signature_algorithm`, see comments in the + // `CertProvSignatureAlgorithm` enum for more details. + optional bytes data_to_sign = 1; + + // The signature algorithm that the client uses to process `data_to_sign`. + // This defines both the hashing and signing algorithm the client should use. + optional CertProvSignatureAlgorithm signature_algorithm = 2; +} + +// The algorithm that the client should use / has used to sign data using its +// private key for proof-of-posession. +enum CertProvSignatureAlgorithm { + // Default value. This value is unused. + SIGNATURE_ALGORITHM_UNSPECIFIED = 0; + + // The server-side builds the PKCS#1 DigestInfo, i.e., the SHA256 hash + // is constructed on the server-side. The client should sign using RSA + // with PKCS#1 v1.5 padding. If no other key size was specified in the + // RequiredClientCertificateFor{User,Device} policy, 2048 bits is assumed. + SIGNATURE_ALGORITHM_RSA_PKCS1_V1_5_NO_HASH = 1; +} + +// The client should import an issued certificate. +message CertProvImportCertificateInstruction { + // PEM-encoded issued certificate. + optional string pem_encoded_certificate = 1; +} + +// Start / continue client certificate provisioning process for the profile +// `cert_profile_id`. +message ClientCertificateProvisioningRequest { + reserved 9 to 11; + // The id that uniquely identifies a certificate provisioning process. + optional string certificate_provisioning_process_id = 16; + + // The scope of the certificate. Similar to policy_type in PolicyFetchRequest. + // google/chromeos/device => a certificate for a device is being requested. + // google/chromeos/user => a certificate for a user is being requested. + optional string certificate_scope = 1; + + // The id of the client certificate profile, specified in the policy. + optional string cert_profile_id = 2; + + // The public key for which the certificate should be issued. It's a + // DER-serialized X.509 SubjectPublicKeyInfo. + optional bytes public_key = 3; + + // Only filled if this is a request for a certificate for a user + optional string device_dm_token = 4; + + oneof request { + // "Static" flow + // (go/chromeos-mgmt-cert-provisioning#heading=h.mh0xyf2o1ums). + StartCsrRequest start_csr_request = 5; + FinishCsrRequest finish_csr_request = 6; + DownloadCertRequest download_cert_request = 7; + + // "Dynamic" flow (go/cert-prov-api-dm-changes) + CertProvStartRequest start_request = 12; + CertProvGetNextInstructionRequest get_next_instruction_request = 13; + CertProvAuthorizeRequest authorize_request = 14; + CertProvUploadProofOfPossessionRequest upload_proof_of_possession_request = + 15; + } + + // Received as part of policy for client certificate profiles. The client + // should not interpret this data and should forward it verbatim. DMServer + // uses `policy_version` as a hint to verify that the policy view of DMServer + // matches the view of Chrome OS device. + optional bytes policy_version = 8; +} + +// This marks an error between ChromeOS client and backend, including those +// involving the Certificate Authority or a Connector software. +// These could be mapped to HTTP error codes, but reuse of HTTP error codes was +// deemed confusing and difficult in the existing device management protocol +// (see existing usage of HTTP error codes described in the +// `DeviceManagementResponse` comment). +message CertProvBackendError { + // If a new error code is added to the enum and used by the DM Server to + // propagate an error, ChromeOS clients running older versions + // will not be aware of the new error code. As proto2 is using closed enums, + // accessing such an unknown enum field returns the enum's default value + // which is the first defined enum value, i.e., `ERROR_UNSPECIFIED`. ChromeOS + // clients treat this error by marking the associated certificate provisioning + // process as failing. + enum Error { + ERROR_UNSPECIFIED = 0; + // The attempted request is invalid in the current state of the certificate + // provisioning process. + INVALID_OPERATION = 1; + // The client has sent inconsistent data. This can happen if the client has + // outdated policy. + INCONSISTENT_DATA = 2; + // The identity of the client could not be verified. + IDENTITY_VERIFICATION_ERROR = 3; + // The Certificate Provisioning Process (CPP) already exists and cannot be + // started again. + CPP_ALREADY_EXISTS = 4; + // The backend does not accept the public key sent by the client. + BAD_PUBLIC_KEY = 5; + // The signature provided by the client is invalid. + INVALID_SIGNATURE = 6; + // The next instruction on how to proceed in the certificate provisioning + // protocol is not yet available. + INSTRUCTION_NOT_YET_AVAILABLE = 7; + // The CA did not respond within the deadline. + CA_UNAVAILABLE = 8; + // The CA exhibited an internal server error. + CA_FAILURE = 9; + // The referenced certificate provisioning profile does not exist. + PROFILE_NOT_FOUND = 10; + // The user primary email cannot be found. + USER_PRIMARY_EMAIL_NOT_FOUND = 11; + // The certificate provisioning profile is referencing a non-existent CA + // connection. + CA_CONNECTION_NOT_FOUND = 12; + // The CA connection referenced by the certificate provisioning profile + // is referencing a non-existent PubSub topic, or the system does not have + // permission to publish to that PubSub topic. + PUBSUB_TOPIC_NOT_FOUND = 13; + // The Adapter uploaded a certificate that cannot be parsed or was issued + // for a wrong public key. + BAD_ADAPTER_CERTIFICATE_RECEIVED = 14; + // The requested certificate provisioning process cannot be found on + // Spanner. + CERTIFICATE_PROVISIONING_PROCESS_NOT_FOUND = 15; + } + + // The specific error type. + optional Error error = 1; + + // A debug message that could be useful for understanding the error. + optional string debug_message = 2; +} + +// Response for ClientCertificateProvisioningRequest. +message ClientCertificateProvisioningResponse { + reserved 6; + + // Error conditions that the server side reports to the client that don't fit + // into the standard HTTP error schema. + // Note that HTTP errors can still be signaled for the client certificate + // provisioning requests, e.g. bad DMToken or internal errors will be + // propagated as HTTP errors. + enum Error { + UNDEFINED = 0; + // The backend has not received a certificate within the time limit. + TIMED_OUT = 1; + // The identity of the client could not be verified. + IDENTITY_VERIFICATION_ERROR = 2; + // The CA encountered an error when processing the certification request. + CA_ERROR = 3; + // The client has sent inconsistent data. + INCONSISTENT_DATA = 4; + // The backend does not accept the public key sent by the client. + BAD_PUBLIC_KEY = 5; + // The leaf CA certificate specified by the admin is invalid. + BAD_CA_CERTIFICATE_SPECIFIED = 6; + // The certificate received from the certificate enrollment agent cannot be + // parsed or is not issued by the leaf CA certificate specified by the + // admin. + BAD_CLIENT_CERTIFICATE_RECEIVED = 7; + // The CSR signature provided by the client is invalid. + INVALID_CSR_SIGNATURE = 8; + // A certificate signing request for the same public key has already been + // sent. + CSR_ALREADY_SENT = 9; + } + + // If filled, the request can currently not be processed and the client + // is supposed to try again later using the same data. + // The value is the number of milliseconds when the client should + // automatically retry. + // Used in "Static" flow only. + optional int64 try_again_later = 1; + + oneof response { + // Used in "Static" flow. + Error error = 2; + StartCsrResponse start_csr_response = 3; + FinishCsrResponse finish_csr_response = 4; + DownloadCertResponse download_cert_response = 5; + + // Used in "Dynamic" flow. + CertProvStartResponse start_response = 7; + CertProvGetNextInstructionResponse get_next_instruction_response = 8; + CertProvAuthorizeResponse authorize_response = 9; + CertProvUploadProofOfPossessionResponse + upload_proof_of_possession_response = 10; + CertProvBackendError backend_error = 11; + } +} + +// Request from browser to server to upload public key. +// GoogleDMToken MUST be in HTTP Authorization header. +message BrowserPublicKeyUploadRequest { + enum KeyTrustLevel { + // UNSPECIFIED. + KEY_TRUST_LEVEL_UNSPECIFIED = 0; + // Chrome Browser with the key stored in the device hardware. + CHROME_BROWSER_HW_KEY = 1; + // Chrome Browser with the key stored at OS level. + CHROME_BROWSER_OS_KEY = 2; + } + + enum KeyType { + KEY_TYPE_UNSPECIFIED = 0; + RSA_KEY = 1; + EC_KEY = 2; + } + + // Public key in EC_NID_X9_62_PRIME256V1_PUBLIC_DER format. + optional bytes public_key = 1; + + // Signature of the new public key signed using the existing key, empty for + // initial upload. + optional bytes signature = 2; + + // Trust Level of the key. + optional KeyTrustLevel key_trust_level = 3; + + // Type of the key. + optional KeyType key_type = 4; + + // Whether the server should create a client certificate for that public key + // and return it as part of the response or not. + optional bool provision_certificate = 5; +} + +// Response from server to device for cert upload request. +message BrowserPublicKeyUploadResponse { + enum ResponseCode { + UNDEFINED = 0; + // The new key is uploaded successfully. + SUCCESS = 1; + // The signature could not be verified. + INVALID_SIGNATURE = 2; + } + optional ResponseCode response_code = 1; + + // If the request had `provision_certificate` as true, this property will + // contain the X.509 client certificate in PEM format. + optional string pem_encoded_certificate = 2; +} + +// Upload request for Firebase Messaging token to communicate registration token +// to the server. The response message will be +// `FmRegistrationTokenUploadResponse`. +// See go/cros-invalidation-with-direct-messaging. +message FmRegistrationTokenUploadRequest { + // Scope of the uploaded token. + enum TokenType { + DEVICE = 0; + BROWSER = 1; + USER = 2; + } + + optional string token = 1; + // Invalidation protocol version that uploader currently supports. + optional int64 protocol_version = 2; + // Scope of the uploaded token. + optional TokenType token_type = 3; + // Token's expiration timestamp in milliseconds since Epoch in UTC timezone + // (Java time). + optional int64 expiration_timestamp_ms = 4; +} + +// Response to `FmRegistrationTokenUploadRequest`. +message FmRegistrationTokenUploadResponse {} + +// Additional detail about the error which can be used to clarify user messaging +// around the error or to influence Chrome's error-handling behavior. +enum DeviceManagementErrorDetail { + NO_ERROR_DETAIL = 0; + + // Only valid for CBCM browser DEVICE_NOT_FOUND errors. Indicates that the + // DMToken should be deleted entirely from its storage location. + CBCM_DELETION_POLICY_PREFERENCE_DELETE_TOKEN = 1; + + // Only valid for CBCM browser DEVICE_NOT_FOUND errors. Indicates that the + // DMToken should be invalidated, preventing device re-enrollment. + CBCM_DELETION_POLICY_PREFERENCE_INVALIDATE_TOKEN = 2; +} + +// Request from the DMAgent on the device to the DMServer. This is +// container for all requests from device to server. The overall HTTP +// request MUST be in the following format: +// +// * HTTP method is POST +// * Data mime type is application/x-protobuffer +// * See GoogleContentTypeEnum.java +// * HTTP parameters are (all required, all case sensitive): +// * request: MUST BE one of +// * api_authorization +// * cert_upload +// * check_device_pairing +// * device_pairing +// * device_state_retrieval +// * enterprise_check +// * enterprise_psm_check +// * chrome_desktop_report +// * chrome_os_user_report +// * policy +// * register +// * status_upload +// * unregister +// * remote_commands +// * attribute_update_permission +// * attribute_update +// * gcm_id_update +// * check_android_management +// * certificate_based_register +// * active_directory_enroll_play_user +// * active_directory_play_activity +// * active_directory_user_signin +// * register_browser +// * policy_validation_report +// * device_initial_enrollment_state +// * refresh_account +// * client_cert_provisioning +// * browser_public_key_upload +// * upload_euicc_info +// * devicetype: MUST BE "1" for Android, "2" for Chrome OS or "3" for Chrome +// browser. +// * apptype: MUST BE Android or Chrome. +// * deviceid: MUST BE no more than 64-char in [\x21-\x7E]. +// * agent: MUST BE no more than 64-char long. +// * HTTP Authorization header MUST be in the following formats: +// * For register for Chrome browsers and token_based_register requests. +// Authorization: GoogleEnrollmentToken token= +// +// * For unregister, policy, status, cert_upload, remote_commands, +// gcm_id_update, active_directory_enroll_play_user, +// active_directory_play_activity, active_directory_user_signin, +// policy_validation_report, chrome_desktop_report, +// chrome_os_user_report, refresh_account, client_cert_provisioning, +// api_authorization requests +// Authorization: GoogleDMToken token= +// +// * The Authorization header isn't used for enterprise_check, +// enterprise_psm_check, device_initial_enrollment_state or +// certificate_based_register requests. +// It is also not used for register requests and check_android_management +// requests - for these requests, the OAuth token is passed in the "oauth" +// HTTP query parameter. +// +// DeviceManagementRequest should only contain one request which matches the +// HTTP query parameter - request, as mentioned in comments on the fields of the +// message. Other requests within the container will be ignored. +message DeviceManagementRequest { + reserved 24; // unused previous version of chrome_desktop_report_request. + + // Register request. + // HTTP query parameter 'request': 'register' + optional DeviceRegisterRequest register_request = 1; + + // Unregister request. + // HTTP query parameter 'request': 'unregister' + optional DeviceUnregisterRequest unregister_request = 2; + + // Policy request. + // HTTP query parameter 'request': 'policy' + optional DevicePolicyRequest policy_request = 3; + + // Update status. + // HTTP query parameter 'request': 'status' + // (this applies to all of the following three fields, and they can all be + // present in the same request). + optional DeviceStatusReportRequest device_status_report_request = 4; + optional SessionStatusReportRequest session_status_report_request = 5; + optional ChildStatusReportRequest child_status_report_request = 30; + + // Auto-enrollment detection. + // HTTP query parameter 'request': 'enterprise_check' + optional DeviceAutoEnrollmentRequest auto_enrollment_request = 6; + + // EMCert upload (for remote attestation) + // HTTP query parameter 'request': 'cert_upload' + optional DeviceCertUploadRequest cert_upload_request = 7; + + // Request for OAuth2 authorization codes to access Google services. + // HTTP query parameter 'request': 'api_authorization' + optional DeviceServiceApiAccessRequest service_api_access_request = 8; + + // Device-state retrieval. + // HTTP query parameter 'request': 'device_state_retrieval' + optional DeviceStateRetrievalRequest device_state_retrieval_request = 9; + + // Device state key update. + // HTTP query parameter 'request': 'policy' + optional DeviceStateKeyUpdateRequest device_state_key_update_request = 10; + + // Pair two devices. + // HTTP query parameter 'request': 'device_pairing' + optional DevicePairingRequest device_pairing_request = 11; + + // Check if two devices are paired. + // HTTP query parameter 'request': 'check_device_pairing' + optional CheckDevicePairingRequest check_device_pairing_request = 12; + + // Remote command fetching. + // HTTP query parameter 'request': 'remote_commands' + optional DeviceRemoteCommandRequest remote_command_request = 13; + + // Check permission for updating device attribute. + // HTTP query parameter 'request': 'attribute_update_permission' + optional DeviceAttributeUpdatePermissionRequest + device_attribute_update_permission_request = 14; + + // Update device attribute. + // HTTP query parameter 'request': 'attribute_update' + optional DeviceAttributeUpdateRequest device_attribute_update_request = 15; + + // Update the GCM id to device_id mapping. + // HTTP query parameter 'request': 'gcm_id_update' + optional GcmIdUpdateRequest gcm_id_update_request = 16; + + // Check if user is a managed Android-for-Work user with DPC enforcement. + // HTTP query parameter 'request': 'check_android_management' + optional CheckAndroidManagementRequest check_android_management_request = 17; + + // Request to register with a registration certificate. + // HTTP query parameter 'request': 'certificate_based_register' + optional CertificateBasedDeviceRegisterRequest + certificate_based_register_request = 18; + + // Gets an enrollment token to a Managed Google Play Account for using it with + // Active Directory. + // HTTP query parameter 'request': 'active_directory_enroll_play_user' + optional ActiveDirectoryEnrollPlayUserRequest + active_directory_enroll_play_user_request = 19; + + // Reports that a Play account is used. + // HTTP query parameter 'request': 'active_directory_play_activity' + optional ActiveDirectoryPlayActivityRequest + active_directory_play_activity_request = 20; + + // Request device license information. + optional CheckDeviceLicenseRequest check_device_license_request_deprecated = + 21 [deprecated = true]; + + // Initiate an Active Directory user signin. + // HTTP query parameter 'request': 'active_directory_user_signin' + optional ActiveDirectoryUserSigninRequest + active_directory_user_signin_request = 22; + + // Request to register a browser independently of its users. + // HTTP query parameter 'request': 'register_browser' + optional RegisterBrowserRequest register_browser_request = 23; + + // A report on the status of app push-installs. + // HTTP query parameter 'request': 'app_install_report' + optional AppInstallReportRequest app_install_report_request = 25; + + // A Chrome desktop report request. + // HTTP query parameter 'request': 'chrome_desktop_report' + optional ChromeDesktopReportRequest chrome_desktop_report_request = 26; + + // Result of validating fetched policy on the client. + // HTTP query parameter 'request': 'policy_validation_report' + optional PolicyValidationReportRequest policy_validation_report_request = 27; + + // Query for initial enrollment details. + // HTTP query parameter 'request': 'device_initial_enrollment_state' + optional DeviceInitialEnrollmentStateRequest + device_initial_enrollment_state_request = 28; + + // Request from device to wipe an old account and get a new account. + // HTTP query parameter 'request': 'refresh_account' + optional RefreshAccountRequest refresh_account_request = 29; + + // Request from device to upload RSU lookup key. + // TODO(crbug.com/40210185): seems unused + optional RsuLookupKeyUploadRequest rsu_lookup_key_upload_request = 31; + + // Request from device for SAML IdP URL address. + // HTTP query parameter 'request': 'public_saml_user_request' + optional PublicSamlUserRequest public_saml_user_request = 32; + + // A ChromeOS user report request. + // HTTP query parameter 'request': 'chrome_os_user_report' + optional ChromeOsUserReportRequest chrome_os_user_report_request = 33; + + // Request to start / continue client certificate provisioning process. + // HTTP query parameter 'request': 'client_cert_provisioning' + optional ClientCertificateProvisioningRequest + client_certificate_provisioning_request = 34; + + // A report on the status of extension install process. + // TODO(crbug.com/40210185): seems unused. + optional ExtensionInstallReportRequest extension_install_report_request = 35; + + // Request to check user account for smart enrollment. + // HTTP query parameter 'request': 'check_user_account' + optional CheckUserAccountRequest check_user_account_request = 36; + + // Request from device to check the state stored in PSM. Currently, it is used + // for ZTE/LP device initial enrollment state check. + // HTTP query parameter 'request': 'enterprise_psm_check' + optional PrivateSetMembershipRequest private_set_membership_request = 37; + + // Request from browser to upload public key. + // HTTP query parameter 'request': 'browser_public_key_upload' + optional BrowserPublicKeyUploadRequest browser_public_key_upload_request = 38; + + // Request to upload info about eSIM provisioning. + // HTTP query parameter 'request': 'upload_euicc_info' + optional UploadEuiccInfoRequest upload_euicc_info_request = 39; + + // Request to upload profile usage information. + // HTTP query parameter 'request': 'chrome_profile_report' + optional ChromeProfileReportRequest chrome_profile_report_request = 40; + + // Request to register a device with an enrollment token. + // HTTP query parameter 'request': 'token_based_register' + optional TokenBasedDeviceRegisterRequest token_based_device_register_request = + 41; + + optional FmRegistrationTokenUploadRequest + fm_registration_token_upload_request = 42; + + // Next id: 43. +} + +// Response from server to device. +// +// For release clients, DMServer returns errors using HTTP Status Code, so that +// clients only need to check one place for all error codes. It is also easier +// to perform log analysis and customer support since HTTP Status Code is easily +// visible in the logs. +// +// Possible HTTP status codes: +// 200 OK: valid response is returned to client. +// 400 Bad Request: invalid argument or payload. +// 401 Unauthorized: invalid auth cookie/OAuth token, DMToken or enrollment +// token. +// 402 Missing license. +// 403 Forbidden: device management is not allowed (e.g. user may not enroll). +// 404 Not Found: the request URL is invalid. +// 405 Invalid serial number. +// 406 Domain mismatch (e.g. device is enrolling into the wrong domain, should +// force-re-enroll into another domain). +// 409 Device id conflict. +// 410 Device Not Found: the device id is not found. +// 412 Pending approval. Used with ClientCertificateProvisioningRequest to +// indicate that a certificate has not been issued yet. +// 413 Request payload too large. +// 417 Consumer (non-dasher) account can not enroll with packaged license. +// 429 Too many requests. +// 500 Internal Server Error: most likely a bug in DM server. +// 503 Service Unavailable: most likely a backend error. +// 902 Policy Not Found: the policy is not found. +// 903 Deprovisioned: the device has been deprovisioned. +// 904 Arc Disabled: ARC is not enabled on the domain. +// 905 Can not enroll packaged license device to domainless customer. +// 906 TOS has not been accepted by customer. +// 907 Illegal account for packaged EDU license. +message DeviceManagementResponse { + reserved 1, 24; + + // Error message. + optional string error_message = 2; + + // Additional details about the error message. + repeated DeviceManagementErrorDetail error_detail = 39; + + // Register response + optional DeviceRegisterResponse register_response = 3; + + // Unregister response + optional DeviceUnregisterResponse unregister_response = 4; + + // Policy response. + optional DevicePolicyResponse policy_response = 5; + + // Update status report response. + optional DeviceStatusReportResponse device_status_report_response = 6; + optional SessionStatusReportResponse session_status_report_response = 7; + optional ChildStatusReportResponse child_status_report_response = 29; + + // Auto-enrollment detection response. + optional DeviceAutoEnrollmentResponse auto_enrollment_response = 8; + + // EMCert upload response. + optional DeviceCertUploadResponse cert_upload_response = 9; + + // Response to OAuth2 authorization code request. + optional DeviceServiceApiAccessResponse service_api_access_response = 10; + + // Device-state retrieval. + optional DeviceStateRetrievalResponse device_state_retrieval_response = 11; + + // Response to device pairing request. + optional DevicePairingResponse device_pairing_response = 12; + + // Response to check device pairing request. + optional CheckDevicePairingResponse check_device_pairing_response = 13; + + // Response to remote command request. + optional DeviceRemoteCommandResponse remote_command_response = 14; + + // Response to check device attribute update permission. + optional DeviceAttributeUpdatePermissionResponse + device_attribute_update_permission_response = 15; + + // Response to update device attribute. + optional DeviceAttributeUpdateResponse device_attribute_update_response = 16; + + // Response to GCM id update request. + optional GcmIdUpdateResponse gcm_id_update_response = 17; + + // Response to check Android management request. + optional CheckAndroidManagementResponse check_android_management_response = + 18; + + // Response to an Active Directory Play user enrollment request. + optional ActiveDirectoryEnrollPlayUserResponse + active_directory_enroll_play_user_response = 19; + + // Response to a Play activity request. + optional ActiveDirectoryPlayActivityResponse + active_directory_play_activity_response = 20; + + // Response to a check device license request. + optional CheckDeviceLicenseResponse check_device_license_response_deprecated = + 21 [deprecated = true]; + + // Response to a request initiating an Active Directory user signin. + optional ActiveDirectoryUserSigninResponse + active_directory_user_signin_response = 22; + + // Response to a Chrome desktop report request. + optional ChromeDesktopReportResponse chrome_desktop_report_response = 23; + + // Response a report on the status of app push-installs + optional AppInstallReportResponse app_install_report_response = 25; + + // Response to a policy validation report. + optional PolicyValidationReportResponse policy_validation_report_response = + 26; + + // Response to initial enrollment details query. + optional DeviceInitialEnrollmentStateResponse + device_initial_enrollment_state_response = 27; + + // Response to refresh account request. + optional RefreshAccountResponse refresh_account_response = 28; + + // Response to RSU lookup key upload request. + optional RsuLookupKeyUploadResponse rsu_lookup_key_upload_response = 30; + + // Response to public SAML session user request. + optional PublicSamlUserResponse public_saml_user_response = 31; + + // Response to a ChromeOS user report request. + optional ChromeOsUserReportResponse chrome_os_user_report_response = 32; + + // Response to a client certificate provisioning request. + optional ClientCertificateProvisioningResponse + client_certificate_provisioning_response = 33; + + // Response to a checking user account type for smart enrollment. + optional CheckUserAccountResponse check_user_account_response = 34; + + // Response to a client private set membership request. + optional PrivateSetMembershipResponse private_set_membership_response = 35; + + // Response to browser public key upload request. + optional BrowserPublicKeyUploadResponse browser_public_key_upload_response = + 36; + + // Response to EUICC info upload request. + optional UploadEuiccInfoResponse upload_euicc_info_response = 37; + + // Response to a Chrome Profile report request. + optional ChromeProfileReportResponse chrome_profile_report_response = 38; + + // Response to a token-based register request. + optional TokenBasedDeviceRegisterResponse + token_based_device_register_response = 40; + + optional FmRegistrationTokenUploadResponse + fm_registration_token_upload_response = 41; + + // Next id: 42. +} + +// Device State Information stored in the server is retrieval at +// enrollment process. Learn more at go/cros-enterprise-psm +message DeviceStateRetrievalInfo { + // Whether the device should retrieve initial state or not. + optional bool has_initial_state = 1; +} \ No newline at end of file diff --git a/device_management_pb2.py b/device_management_pb2.py new file mode 100644 index 0000000..11c4db4 --- /dev/null +++ b/device_management_pb2.py @@ -0,0 +1,637 @@ +# -*- coding: utf-8 -*- +# Generated by the protocol buffer compiler. DO NOT EDIT! +# source: device_management.proto +"""Generated protocol buffer code.""" +from google.protobuf.internal import builder as _builder +from google.protobuf import descriptor as _descriptor +from google.protobuf import descriptor_pool as _descriptor_pool +from google.protobuf import symbol_database as _symbol_database +# @@protoc_insertion_point(imports) + +_sym_db = _symbol_database.Default() + + +import private_membership_rlwe_pb2 as private__membership__rlwe__pb2 + + +DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x17\x64\x65vice_management.proto\x12\x15\x65nterprise_management\x1a\x1dprivate_membership_rlwe.proto\"\xb9\x01\n\x0bLicenseType\x12H\n\x0clicense_type\x18\x01 \x01(\x0e\x32\x32.enterprise_management.LicenseType.LicenseTypeEnum\"`\n\x0fLicenseTypeEnum\x12\r\n\tUNDEFINED\x10\x00\x12\x11\n\rCDM_PERPETUAL\x10\x01\x12\x0e\n\nCDM_ANNUAL\x10\x02\x12\t\n\x05KIOSK\x10\x03\x12\x10\n\x0c\x43\x44M_PACKAGED\x10\x04\"G\n\nSignedData\x12\x0c\n\x04\x64\x61ta\x18\x01 \x01(\x0c\x12\x11\n\tsignature\x18\x02 \x01(\x0c\x12\x18\n\x10\x65xtra_data_bytes\x18\x03 \x01(\x05\"V\n\x17\x43heckUserAccountRequest\x12\x12\n\nuser_email\x18\x01 \x01(\t\x12\'\n\x18\x65nrollment_nudge_request\x18\x02 \x01(\x08:\x05\x66\x61lse\"\x8a\x11\n\x15\x44\x65viceRegisterRequest\x12\x12\n\nreregister\x18\x01 \x01(\x08\x12\x43\n\x04type\x18\x02 \x01(\x0e\x32\x31.enterprise_management.DeviceRegisterRequest.Type:\x02TT\x12\x12\n\nmachine_id\x18\x03 \x01(\t\x12\x15\n\rmachine_model\x18\x04 \x01(\t\x12\x13\n\x0brequisition\x18\x06 \x01(\t\x12\x1f\n\x17server_backed_state_key\x18\x07 \x01(\x0c\x12\x43\n\x06\x66lavor\x18\x08 \x01(\x0e\x32\x33.enterprise_management.DeviceRegisterRequest.Flavor\x12\x38\n\x0clicense_type\x18\t \x01(\x0b\x32\".enterprise_management.LicenseType\x12\\\n\x08lifetime\x18\x0b \x01(\x0e\x32\x35.enterprise_management.DeviceRegisterRequest.Lifetime:\x13LIFETIME_INDEFINITE\x12\x12\n\nbrand_code\x18\x0c \x01(\t\x12\x1f\n\x17reregistration_dm_token\x18\r \x01(\t\x12\x1c\n\x14\x65thernet_mac_address\x18\x0e \x01(\t\x12\x18\n\x10\x64ock_mac_address\x18\x0f \x01(\t\x12\x18\n\x10manufacture_date\x18\x10 \x01(\t\x12\"\n\x1a\x65xpected_enrollment_domain\x18\x11 \x01(\t\x12[\n\x1e\x64\x65vice_register_identification\x18\x12 \x01(\x0b\x32\x33.enterprise_management.DeviceRegisterIdentification\x12]\n\x14psm_execution_result\x18\x13 \x01(\x0e\x32?.enterprise_management.DeviceRegisterRequest.PsmExecutionResult\x12&\n\x1epsm_determination_timestamp_ms\x18\x14 \x01(\x03\x12G\n\x14\x64\x65mo_mode_dimensions\x18\x15 \x01(\x0b\x32).enterprise_management.DemoModeDimensions\x12%\n\x1doidc_profile_enrollment_state\x18\x16 \x01(\t\"]\n\x04Type\x12\x06\n\x02TT\x10\x00\x12\x08\n\x04USER\x10\x01\x12\n\n\x06\x44\x45VICE\x10\x02\x12\x0b\n\x07\x42ROWSER\x10\x03\x12\x13\n\x0f\x41NDROID_BROWSER\x10\x04\x12\x0f\n\x0bIOS_BROWSER\x10\x06\"\x04\x08\x05\x10\x05\"\xd7\x06\n\x06\x46lavor\x12\x1c\n\x18\x46LAVOR_ENROLLMENT_MANUAL\x10\x00\x12\"\n\x1e\x46LAVOR_ENROLLMENT_MANUAL_RENEW\x10\x01\x12\"\n\x1e\x46LAVOR_ENROLLMENT_LOCAL_FORCED\x10\x02\x12&\n\"FLAVOR_ENROLLMENT_LOCAL_ADVERTISED\x10\x03\x12#\n\x1f\x46LAVOR_ENROLLMENT_SERVER_FORCED\x10\x04\x12\'\n#FLAVOR_ENROLLMENT_SERVER_ADVERTISED\x10\x05\x12\x1e\n\x1a\x46LAVOR_ENROLLMENT_RECOVERY\x10\x06\x12\x1c\n\x18\x46LAVOR_USER_REGISTRATION\x10\x07\x12!\n\x1d\x46LAVOR_ENROLLMENT_ATTESTATION\x10\x08\x12.\n*FLAVOR_ENROLLMENT_ATTESTATION_LOCAL_FORCED\x10\t\x12/\n+FLAVOR_ENROLLMENT_ATTESTATION_SERVER_FORCED\x10\n\x12\x31\n-FLAVOR_ENROLLMENT_ATTESTATION_MANUAL_FALLBACK\x10\x0b\x12+\n\'FLAVOR_ENROLLMENT_INITIAL_SERVER_FORCED\x10\r\x12\x37\n3FLAVOR_ENROLLMENT_ATTESTATION_INITIAL_SERVER_FORCED\x10\x0e\x12\x39\n5FLAVOR_ENROLLMENT_ATTESTATION_INITIAL_MANUAL_FALLBACK\x10\x0f\x12\x31\n-FLAVOR_ENROLLMENT_ATTESTATION_ROLLBACK_FORCED\x10\x10\x12:\n6FLAVOR_ENROLLMENT_ATTESTATION_ROLLBACK_MANUAL_FALLBACK\x10\x11\x12\x31\n-FLAVOR_ENROLLMENT_TOKEN_INITIAL_SERVER_FORCED\x10\x12\x12\x33\n/FLAVOR_ENROLLMENT_TOKEN_INITIAL_MANUAL_FALLBACK\x10\x13\"\x04\x08\x0c\x10\x0c\"X\n\x08Lifetime\x12\x16\n\x12LIFETIME_UNDEFINED\x10\x00\x12\x17\n\x13LIFETIME_INDEFINITE\x10\x01\x12\x1b\n\x17LIFETIME_EPHEMERAL_USER\x10\x02\"\xbb\x01\n\x12PsmExecutionResult\x12\x16\n\x12PSM_RESULT_UNKNOWN\x10\x00\x12$\n PSM_RESULT_SUCCESSFUL_WITH_STATE\x10\x01\x12\'\n#PSM_RESULT_SUCCESSFUL_WITHOUT_STATE\x10\x02\x12\x14\n\x10PSM_RESULT_ERROR\x10\x03\x12(\n$PSM_SKIPPED_FOR_FLEX_AUTO_ENROLLMENT\x10\x04J\x04\x08\x05\x10\x06J\x04\x08\n\x10\x0b\":\n\x1c\x44\x65viceRegisterIdentification\x12\x1a\n\x12\x61ttested_device_id\x18\x01 \x01(\t\"\xab\x03\n\x18\x43heckUserAccountResponse\x12\x17\n\x0f\x64omain_verified\x18\x01 \x01(\x08\x12Z\n\x11user_account_type\x18\x02 \x01(\x0e\x32?.enterprise_management.CheckUserAccountResponse.UserAccountType\x12\x62\n\x15\x65nrollment_nudge_type\x18\x03 \x01(\x0e\x32\x43.enterprise_management.CheckUserAccountResponse.EnrollmentNudgeType\"Y\n\x0fUserAccountType\x12\x1d\n\x19UNKNOWN_USER_ACCOUNT_TYPE\x10\x00\x12\r\n\tNOT_EXIST\x10\x01\x12\x0c\n\x08\x43ONSUMER\x10\x02\x12\n\n\x06\x44\x41SHER\x10\x03\"[\n\x13\x45nrollmentNudgeType\x12!\n\x1dUNKNOWN_ENROLLMENT_NUDGE_TYPE\x10\x00\x12\x08\n\x04NONE\x10\x01\x12\x17\n\x13\x45NROLLMENT_REQUIRED\x10\x02\"\xab\x04\n\x16\x44\x65viceRegisterResponse\x12\x1f\n\x17\x64\x65vice_management_token\x18\x01 \x02(\t\x12\x14\n\x0cmachine_name\x18\x02 \x01(\t\x12]\n\x0f\x65nrollment_type\x18\x03 \x01(\x0e\x32\x38.enterprise_management.DeviceRegisterResponse.DeviceMode:\nENTERPRISE\x12\x1a\n\x12\x63onfiguration_seed\x18\x04 \x01(\t\x12\x1c\n\x14user_affiliation_ids\x18\x05 \x03(\t\x12\x19\n\x11user_display_name\x18\x07 \x01(\t\x12\x12\n\nuser_email\x18\x08 \x01(\t\x12m\n\x19third_party_identity_type\x18\t \x01(\x0e\x32\x44.enterprise_management.DeviceRegisterResponse.ThirdPartyIdentityType:\x04NONE\"W\n\nDeviceMode\x12\x0e\n\nENTERPRISE\x10\x00\x12\x15\n\x11RETAIL_DEPRECATED\x10\x01\x12\x18\n\x14\x43HROME_AD_DEPRECATED\x10\x02\x12\x08\n\x04\x44\x45MO\x10\x03\"D\n\x16ThirdPartyIdentityType\x12\x08\n\x04NONE\x10\x00\x12\x10\n\x0c\x44\x41SHER_BASED\x10\x01\x12\x0e\n\nDASHERLESS\x10\x02J\x04\x08\x06\x10\x07\"\x19\n\x17\x44\x65viceUnregisterRequest\"\x1a\n\x18\x44\x65viceUnregisterResponse\"\xa6\x02\n\x17\x44\x65viceCertUploadRequest\x12\x1a\n\x12\x64\x65vice_certificate\x18\x01 \x01(\x0c\x12X\n\x10\x63\x65rtificate_type\x18\x02 \x01(\x0e\x32>.enterprise_management.DeviceCertUploadRequest.CertificateType\x12\x15\n\renrollment_id\x18\x03 \x01(\x0c\"~\n\x0f\x43\x65rtificateType\x12 \n\x1c\x43\x45RTIFICATE_TYPE_UNSPECIFIED\x10\x00\x12\"\n\x1e\x45NTERPRISE_MACHINE_CERTIFICATE\x10\x01\x12%\n!ENTERPRISE_ENROLLMENT_CERTIFICATE\x10\x02\"\x1a\n\x18\x44\x65viceCertUploadResponse\"\xfe\x01\n\x1d\x44\x65viceServiceApiAccessRequest\x12\x13\n\x0b\x61uth_scopes\x18\x01 \x03(\t\x12\x18\n\x10oauth2_client_id\x18\x02 \x01(\t\x12T\n\x0b\x64\x65vice_type\x18\x03 \x01(\x0e\x32?.enterprise_management.DeviceServiceApiAccessRequest.DeviceType\"X\n\nDeviceType\x12\r\n\tCHROME_OS\x10\x00\x12\x0e\n\nANDROID_OS\x10\x01\x12\x17\n\x13\x43HROME_OS_DEMO_MODE\x10\x02\x12\x12\n\x0e\x43HROME_BROWSER\x10\x03\"3\n\x1e\x44\x65viceServiceApiAccessResponse\x12\x11\n\tauth_code\x18\x01 \x01(\t\"M\n\x17\x42rowserDeviceIdentifier\x12\x15\n\rcomputer_name\x18\x01 \x01(\t\x12\x15\n\rserial_number\x18\x02 \x01(\tJ\x04\x08\x03\x10\x04\"\x95\x04\n\x12PolicyFetchRequest\x12\x13\n\x0bpolicy_type\x18\x01 \x01(\t\x12\x11\n\ttimestamp\x18\x02 \x01(\x03\x12U\n\x0esignature_type\x18\x03 \x01(\x0e\x32\x37.enterprise_management.PolicyFetchRequest.SignatureType:\x04NONE\x12\x1a\n\x12public_key_version\x18\x04 \x01(\x05\x12\x1a\n\x12settings_entity_id\x18\x06 \x01(\t\x12\x1c\n\x14invalidation_version\x18\x07 \x01(\x03\x12\x1c\n\x14invalidation_payload\x18\x08 \x01(\x0c\x12\x1d\n\x15verification_key_hash\x18\t \x01(\t\x12 \n\x18policy_invalidation_info\x18\n \x01(\t\x12 \n\x18invalidation_topics_only\x18\x0b \x01(\x08\x12\x17\n\x0f\x64\x65vice_dm_token\x18\x0c \x01(\t\x12Q\n\x19\x62rowser_device_identifier\x18\r \x01(\x0b\x32..enterprise_management.BrowserDeviceIdentifier\"7\n\rSignatureType\x12\x08\n\x04NONE\x10\x00\x12\x0c\n\x08SHA1_RSA\x10\x01\x12\x0e\n\nSHA256_RSA\x10\x02J\x04\x08\x05\x10\x06\" \n\rDisabledState\x12\x0f\n\x07message\x18\x01 \x01(\t\"\xe3\x01\n\x0b\x44\x65viceState\x12V\n\x0b\x64\x65vice_mode\x18\x01 \x01(\x0e\x32-.enterprise_management.DeviceState.DeviceMode:\x12\x44\x45VICE_MODE_NORMAL\x12<\n\x0e\x64isabled_state\x18\x02 \x01(\x0b\x32$.enterprise_management.DisabledState\">\n\nDeviceMode\x12\x16\n\x12\x44\x45VICE_MODE_NORMAL\x10\x00\x12\x18\n\x14\x44\x45VICE_MODE_DISABLED\x10\x01\" \n\x0c\x43ustomerLogo\x12\x10\n\x08logo_url\x18\x01 \x01(\t\"\x90\r\n\nPolicyData\x12\x13\n\x0bpolicy_type\x18\x01 \x01(\t\x12\x11\n\ttimestamp\x18\x02 \x01(\x03\x12\x15\n\rrequest_token\x18\x03 \x01(\t\x12\x14\n\x0cpolicy_value\x18\x04 \x01(\x0c\x12\x14\n\x0cmachine_name\x18\x05 \x01(\t\x12\x1a\n\x12public_key_version\x18\x06 \x01(\x05\x12\x10\n\x08username\x18\x07 \x01(\t\x12\x11\n\tdevice_id\x18\x08 \x01(\t\x12I\n\x05state\x18\t \x01(\x0e\x32\x32.enterprise_management.PolicyData.AssociationState:\x06\x41\x43TIVE\x12\x1a\n\x12settings_entity_id\x18\x0b \x01(\t\x12 \n\x18service_account_identity\x18\x0c \x01(\t\x12\x14\n\x0cpolicy_token\x18\x0f \x01(\t\x12I\n\x0fmanagement_mode\x18\x10 \x01(\x0e\x32\x30.enterprise_management.PolicyData.ManagementMode\x12\x38\n\x0c\x64\x65vice_state\x18\x11 \x01(\x0b\x32\".enterprise_management.DeviceState\x12\x1a\n\x12\x61nnotated_location\x18\x14 \x01(\t\x12\x1a\n\x12\x61nnotated_asset_id\x18\x15 \x01(\t\x12\x18\n\x10\x64irectory_api_id\x18\x16 \x01(\t\x12\x1e\n\x16\x64\x65vice_affiliation_ids\x18\x17 \x03(\t\x12\x1c\n\x14user_affiliation_ids\x18\x18 \x03(\t\x12\x16\n\x0e\x64isplay_domain\x18\x19 \x01(\t\x12!\n\x19policy_invalidation_topic\x18\x1a \x01(\t\x12\"\n\x1a\x63ommand_invalidation_topic\x18\x1b \x01(\t\x12\x1c\n\x14\x65nrollment_id_needed\x18\x1c \x01(\x08\x12\x0f\n\x07gaia_id\x18\x1d \x01(\t\x12G\n\x0emarket_segment\x18\x1e \x01(\x0e\x32/.enterprise_management.PolicyData.MarketSegment\x12:\n\rcustomer_logo\x18\x1f \x01(\x0b\x32#.enterprise_management.CustomerLogo\x12\x1b\n\x13\x63hange_password_uri\x18 \x01(\t\x12K\n\x16\x63lient_action_required\x18! \x01(\x0b\x32+.enterprise_management.ClientActionRequired\x12\x1e\n\x16obfuscated_customer_id\x18\" \x01(\t\x12P\n\x13metrics_log_segment\x18# \x01(\x0e\x32\x33.enterprise_management.PolicyData.MetricsLogSegment\x12\x12\n\nmanaged_by\x18$ \x01(\t\x12\x13\n\x0bsso_profile\x18% \x01(\t\x12\x13\n\x0blicense_sku\x18& \x01(\t\"@\n\x10\x41ssociationState\x12\n\n\x06\x41\x43TIVE\x10\x00\x12\r\n\tUNMANAGED\x10\x01\x12\x11\n\rDEPROVISIONED\x10\x02\"X\n\x0eManagementMode\x12\x0f\n\x0bLOCAL_OWNER\x10\x00\x12\x16\n\x12\x45NTERPRISE_MANAGED\x10\x01\x12\x1d\n\x19OBSOLETE_CONSUMER_MANAGED\x10\x02\"`\n\rMarketSegment\x12\x1e\n\x1aMARKET_SEGMENT_UNSPECIFIED\x10\x00\x12\x16\n\x12\x45NROLLED_EDUCATION\x10\x01\x12\x17\n\x13\x45NROLLED_ENTERPRISE\x10\x02\"\\\n\x11MetricsLogSegment\x12\x0f\n\x0bUNSPECIFIED\x10\x00\x12\x07\n\x03K12\x10\x01\x12\x0e\n\nUNIVERSITY\x10\x02\x12\r\n\tNONPROFIT\x10\x03\x12\x0e\n\nENTERPRISE\x10\x04J\x04\x08\n\x10\x0bJ\x04\x08\r\x10\x0eJ\x04\x08\x0e\x10\x0fJ\x04\x08\x12\x10\x13J\x04\x08\x13\x10\x14R\x19\x63ommand_invalidation_nameR\x1b\x63ommand_invalidation_sourceR\x11invalidation_nameR\x13invalidation_sourceR\x1bvalid_serial_number_missing\"=\n\x14\x43lientActionRequired\x12%\n\x1d\x65nrollment_certificate_needed\x18\x01 \x01(\x08\"\xc0\x03\n\x13PolicyFetchResponse\x12\x12\n\nerror_code\x18\x01 \x01(\x05\x12\x15\n\rerror_message\x18\x02 \x01(\t\x12\x13\n\x0bpolicy_data\x18\x03 \x01(\x0c\x12\x1d\n\x15policy_data_signature\x18\x04 \x01(\x0c\x12\x16\n\x0enew_public_key\x18\x05 \x01(\x0c\x12 \n\x18new_public_key_signature\x18\x06 \x01(\x0c\x12<\n0new_public_key_verification_signature_deprecated\x18\x07 \x01(\x0c\x42\x02\x18\x01\x12(\n new_public_key_verification_data\x18\x08 \x01(\x0c\x12\x32\n*new_public_key_verification_data_signature\x18\t \x01(\x0c\x12\x17\n\x0bpolicy_type\x18\n \x01(\tB\x02\x18\x01\x12[\n\x1apolicy_data_signature_type\x18\x0b \x01(\x0e\x32\x37.enterprise_management.PolicyFetchRequest.SignatureType\"L\n\"DEPRECATEDPolicyPublicKeyAndDomain\x12\x16\n\x0enew_public_key\x18\x01 \x01(\x0c\x12\x0e\n\x06\x64omain\x18\x02 \x01(\t\"c\n\x19PublicKeyVerificationData\x12\x16\n\x0enew_public_key\x18\x01 \x01(\x0c\x12\x0e\n\x06\x64omain\x18\x02 \x01(\t\x12\x1e\n\x16new_public_key_version\x18\x03 \x01(\x05\"\xee\x06\n\x13\x44\x65vicePolicyRequest\x12;\n\x08requests\x18\x03 \x03(\x0b\x32).enterprise_management.PolicyFetchRequest\x12\x41\n\x06reason\x18\x04 \x01(\x0e\x32\x31.enterprise_management.DevicePolicyRequest.Reason\"\xd6\x05\n\x06Reason\x12\x0f\n\x0bUNSPECIFIED\x10\x00\x12\x15\n\x11\x44\x45VICE_ENROLLMENT\x10\x01\x12\x10\n\x0cINVALIDATION\x10\x02\x12\x18\n\x14REGISTRATION_CHANGED\x10\x03\x12\t\n\x05RETRY\x10\x04\x12\x31\n-RETRY_AFTER_STATUS_SERVICE_ACTIVATION_PENDING\x10\x05\x12/\n+RETRY_AFTER_STATUS_SERVICE_POLICY_NOT_FOUND\x10\x06\x12\x30\n,RETRY_AFTER_STATUS_SERVICE_TOO_MANY_REQUESTS\x10\x07\x12%\n!RETRY_AFTER_STATUS_REQUEST_FAILED\x10\x08\x12,\n(RETRY_AFTER_STATUS_TEMPORARY_UNAVAILABLE\x10\t\x12*\n&RETRY_AFTER_STATUS_CANNOT_SIGN_REQUEST\x10\n\x12&\n\"RETRY_AFTER_STATUS_REQUEST_INVALID\x10\x0b\x12(\n$RETRY_AFTER_STATUS_HTTP_STATUS_ERROR\x10\x0c\x12.\n*RETRY_AFTER_STATUS_RESPONSE_DECODING_ERROR\x10\r\x12\x37\n3RETRY_AFTER_STATUS_SERVICE_MANAGEMENT_NOT_SUPPORTED\x10\x0e\x12(\n$RETRY_AFTER_STATUS_REQUEST_TOO_LARGE\x10\x0f\x12\r\n\tSCHEDULED\x10\x10\x12\n\n\x06SIGNIN\x10\x11\x12\x08\n\x04TEST\x10\x12\x12\x11\n\rBROWSER_START\x10\x13\x12\n\n\x06LACROS\x10\x14\x12\x10\n\x0cUSER_REQUEST\x10\x15\x12\x1b\n\x17\x43RD_HOST_POLICY_WATCHER\x10\x16\"U\n\x14\x44\x65vicePolicyResponse\x12=\n\tresponses\x18\x03 \x03(\x0b\x32*.enterprise_management.PolicyFetchResponse\"<\n\nTimePeriod\x12\x17\n\x0fstart_timestamp\x18\x01 \x01(\x03\x12\x15\n\rend_timestamp\x18\x02 \x01(\x03\"\xe0\x02\n\x10\x41\x63tiveTimePeriod\x12\x36\n\x0btime_period\x18\x01 \x01(\x0b\x32!.enterprise_management.TimePeriod\x12\x17\n\x0f\x61\x63tive_duration\x18\x02 \x01(\x05\x12\x12\n\nuser_email\x18\x03 \x01(\t\x12I\n\x0csession_type\x18\x04 \x01(\x0e\x32\x33.enterprise_management.ActiveTimePeriod.SessionType\"\x9b\x01\n\x0bSessionType\x12\x13\n\x0fSESSION_UNKNOWN\x10\x00\x12\x1b\n\x17SESSION_AFFILIATED_USER\x10\x01\x12\x19\n\x15SESSION_MANAGED_GUEST\x10\x02\x12\x11\n\rSESSION_KIOSK\x10\x03\x12\x15\n\x11SESSION_ARC_KIOSK\x10\x04\x12\x15\n\x11SESSION_WEB_KIOSK\x10\x05\"\xaf\x02\n\x10NetworkInterface\x12G\n\x04type\x18\x01 \x01(\x0e\x32\x39.enterprise_management.NetworkInterface.NetworkDeviceType\x12\x13\n\x0bmac_address\x18\x02 \x01(\t\x12\x0c\n\x04meid\x18\x03 \x01(\t\x12\x0c\n\x04imei\x18\x04 \x01(\t\x12\x13\n\x0b\x64\x65vice_path\x18\x05 \x01(\t\x12\r\n\x05iccid\x18\x06 \x01(\t\x12\x0b\n\x03mdn\x18\x07 \x01(\t\x12\x0c\n\x04\x65ids\x18\x08 \x03(\t\"b\n\x11NetworkDeviceType\x12\x11\n\rTYPE_ETHERNET\x10\x00\x12\r\n\tTYPE_WIFI\x10\x01\x12\x12\n\x0eTYPE_BLUETOOTH\x10\x03\x12\x11\n\rTYPE_CELLULAR\x10\x04\"\x04\x08\x02\x10\x02\"\xd1\x02\n\x0cNetworkState\x12\x13\n\x0b\x64\x65vice_path\x18\x01 \x01(\t\x12M\n\x10\x63onnection_state\x18\x02 \x01(\x0e\x32\x33.enterprise_management.NetworkState.ConnectionState\x12\x17\n\x0fsignal_strength\x18\x03 \x01(\x05\x12\x12\n\nip_address\x18\x04 \x01(\t\x12\x0f\n\x07gateway\x18\x05 \x01(\t\"\x9e\x01\n\x0f\x43onnectionState\x12\x08\n\x04IDLE\x10\x00\x12\x0f\n\x0b\x41SSOCIATION\x10\x02\x12\x11\n\rCONFIGURATION\x10\x03\x12\t\n\x05READY\x10\x04\x12\n\n\x06PORTAL\x10\x05\x12\n\n\x06ONLINE\x10\x07\x12\x0e\n\nDISCONNECT\x10\x08\x12\x0b\n\x07\x46\x41ILURE\x10\t\x12\x0b\n\x07UNKNOWN\x10\x0b\"\x04\x08\x01\x10\x01\"\x04\x08\x06\x10\x06\"\x04\x08\n\x10\n\"\x91\x01\n\nDeviceUser\x12\x38\n\x04type\x18\x01 \x02(\x0e\x32*.enterprise_management.DeviceUser.UserType\x12\r\n\x05\x65mail\x18\x02 \x01(\t\":\n\x08UserType\x12\x15\n\x11USER_TYPE_MANAGED\x10\x00\x12\x17\n\x13USER_TYPE_UNMANAGED\x10\x01\"L\n\nVolumeInfo\x12\x11\n\tvolume_id\x18\x01 \x01(\t\x12\x15\n\rstorage_total\x18\x02 \x01(\x03\x12\x14\n\x0cstorage_free\x18\x03 \x01(\x03\"D\n\x12\x43puUtilizationInfo\x12\x1b\n\x13\x63pu_utilization_pct\x18\x01 \x01(\x05\x12\x11\n\ttimestamp\x18\x02 \x01(\x03\"=\n\x11SystemFreeRamInfo\x12\x15\n\rsize_in_bytes\x18\x01 \x01(\x03\x12\x11\n\ttimestamp\x18\x02 \x01(\x03\"E\n\x0b\x43PUTempInfo\x12\x11\n\tcpu_label\x18\x01 \x01(\t\x12\x10\n\x08\x63pu_temp\x18\x02 \x01(\x05\x12\x11\n\ttimestamp\x18\x03 \x01(\x03\"o\n\x15StatefulPartitionInfo\x12\x17\n\x0f\x61vailable_space\x18\x01 \x01(\x04\x12\x13\n\x0btotal_space\x18\x02 \x01(\x04\x12\x12\n\nfilesystem\x18\x03 \x01(\t\x12\x14\n\x0cmount_source\x18\x04 \x01(\t\"\xb2\x01\n\rBatterySample\x12\x11\n\ttimestamp\x18\x01 \x01(\x03\x12\x0f\n\x07voltage\x18\x02 \x01(\x03\x12\x1a\n\x12remaining_capacity\x18\x03 \x01(\x03\x12\x13\n\x0btemperature\x18\x04 \x01(\x05\x12\x16\n\x0e\x64ischarge_rate\x18\x05 \x01(\x05\x12\x13\n\x0b\x63harge_rate\x18\x06 \x01(\x05\x12\x0f\n\x07\x63urrent\x18\x07 \x01(\x03\x12\x0e\n\x06status\x18\x08 \x01(\t\"\x98\x02\n\x0b\x42\x61tteryInfo\x12\x0e\n\x06serial\x18\x01 \x01(\t\x12\x14\n\x0cmanufacturer\x18\x02 \x01(\t\x12\x16\n\x0e\x62\x61ttery_health\x18\x03 \x01(\t\x12\x17\n\x0f\x64\x65sign_capacity\x18\x04 \x01(\x03\x12\x1c\n\x14\x66ull_charge_capacity\x18\x05 \x01(\x03\x12\x13\n\x0b\x63ycle_count\x18\x06 \x01(\x05\x12\x35\n\x07samples\x18\x07 \x03(\x0b\x32$.enterprise_management.BatterySample\x12\x1a\n\x12\x64\x65sign_min_voltage\x18\t \x01(\x05\x12\x18\n\x10manufacture_date\x18\n \x01(\t\x12\x12\n\ntechnology\x18\x0b \x01(\t\"\xcd\x01\n\x0bPowerStatus\x12\x44\n\x0cpower_source\x18\x01 \x01(\x0e\x32..enterprise_management.PowerStatus.PowerSource\x12\x35\n\tbatteries\x18\x02 \x03(\x0b\x32\".enterprise_management.BatteryInfo\"A\n\x0bPowerSource\x12\x11\n\rPOWER_UNKNOWN\x10\x00\x12\x0c\n\x08POWER_AC\x10\x01\x12\x11\n\rPOWER_BATTERY\x10\x02\"2\n\x16\x44iskLifetimeEstimation\x12\x0b\n\x03slc\x18\x01 \x01(\x05\x12\x0b\n\x03mlc\x18\x02 \x01(\x05\"\xc5\x07\n\x08\x44iskInfo\x12\x0e\n\x06serial\x18\x01 \x01(\t\x12\x14\n\x0cmanufacturer\x18\x02 \x01(\t\x12\r\n\x05model\x18\x03 \x01(\t\x12\x0c\n\x04size\x18\x04 \x01(\x03\x12\x0c\n\x04type\x18\x05 \x01(\t\x12\x0e\n\x06health\x18\x06 \x01(\t\x12\x0f\n\x07volumes\x18\x07 \x03(\t\x12\"\n\x1a\x62ytes_read_since_last_boot\x18\x08 \x01(\x04\x12%\n\x1d\x62ytes_written_since_last_boot\x18\t \x01(\x04\x12)\n!read_time_seconds_since_last_boot\x18\n \x01(\x04\x12*\n\"write_time_seconds_since_last_boot\x18\x0b \x01(\x04\x12\'\n\x1fio_time_seconds_since_last_boot\x18\x0c \x01(\x04\x12,\n$discard_time_seconds_since_last_boot\x18\r \x01(\x04\x12\x1f\n\x15nvme_subsystem_vendor\x18\x0e \x01(\rH\x00\x12\x14\n\nemmc_oemid\x18\x0f \x01(\rH\x00\x12\x16\n\x0cother_vendor\x18\x10 \x01(\rH\x00\x12\x16\n\x0cjedec_manfid\x18\x1b \x01(\rH\x00\x12\x1f\n\x15nvme_subsystem_device\x18\x11 \x01(\rH\x01\x12\x12\n\x08\x65mmc_pnm\x18\x12 \x01(\rH\x01\x12\x17\n\rother_product\x18\x13 \x01(\rH\x01\x12\x1b\n\x11nvme_hardware_rev\x18\x14 \x01(\rH\x02\x12\x1b\n\x11\x65mmc_hardware_rev\x18\x15 \x01(\rH\x02\x12\x1c\n\x12other_hardware_rev\x18\x16 \x01(\rH\x02\x12\x1b\n\x11nvme_firmware_rev\x18\x17 \x01(\x04H\x03\x12\x1b\n\x11\x65mmc_firmware_rev\x18\x18 \x01(\x04H\x03\x12\x1c\n\x12other_firmware_rev\x18\x19 \x01(\rH\x03\x12\x1a\n\x10ufs_firmware_rev\x18\x1c \x01(\rH\x03\x12>\n\x07purpose\x18\x1a \x01(\x0e\x32-.enterprise_management.DiskInfo.DevicePurpose\"H\n\rDevicePurpose\x12\x13\n\x0fPURPOSE_UNKNOWN\x10\x00\x12\x10\n\x0cPURPOSE_BOOT\x10\x01\x12\x10\n\x0cPURPOSE_SWAP\x10\x02\x42\x0b\n\tvendor_idB\x0c\n\nproduct_idB\x13\n\x11hardware_revisionB\x13\n\x11\x66irmware_revision\"\x8b\x01\n\rStorageStatus\x12.\n\x05\x64isks\x18\x01 \x03(\x0b\x32\x1f.enterprise_management.DiskInfo\x12J\n\x13lifetime_estimation\x18\x02 \x01(\x0b\x32-.enterprise_management.DiskLifetimeEstimation\"7\n\rThermalSample\x12\x11\n\ttimestamp\x18\x01 \x01(\x03\x12\x13\n\x0btemperature\x18\x02 \x01(\x05\"Y\n\x0bThermalInfo\x12\r\n\x05label\x18\x01 \x01(\t\x12\x35\n\x07samples\x18\x03 \x03(\x0b\x32$.enterprise_management.ThermalSampleJ\x04\x08\x02\x10\x03\"H\n\x0b\x42oardStatus\x12\x39\n\rthermal_infos\x18\x01 \x03(\x0b\x32\".enterprise_management.ThermalInfo\"\xfa\x01\n\x0cSystemStatus\x12\x16\n\x0evpd_sku_number\x18\x01 \x01(\t\x12\x18\n\x10\x66irst_power_date\x18\x02 \x01(\t\x12\x18\n\x10manufacture_date\x18\x03 \x01(\t\x12\x16\n\x0emarketing_name\x18\x04 \x01(\t\x12\x14\n\x0c\x62ios_version\x18\x05 \x01(\t\x12\x12\n\nboard_name\x18\x06 \x01(\t\x12\x15\n\rboard_version\x18\x07 \x01(\t\x12\x14\n\x0c\x63hassis_type\x18\x08 \x01(\x04\x12\x14\n\x0cproduct_name\x18\t \x01(\t\x12\x19\n\x11vpd_serial_number\x18\n \x01(\t\"G\n\rCpuCStateInfo\x12\x0c\n\x04name\x18\x01 \x01(\t\x12(\n time_in_state_since_last_boot_us\x18\x02 \x01(\x04\"\xad\x01\n\x0eLogicalCpuInfo\x12!\n\x19scaling_max_frequency_khz\x18\x01 \x01(\r\x12%\n\x1dscaling_current_frequency_khz\x18\x02 \x01(\r\x12\x19\n\x11idle_time_seconds\x18\x03 \x01(\x04\x12\x36\n\x08\x63_states\x18\x04 \x03(\x0b\x32$.enterprise_management.CpuCStateInfo\"\x8d\x02\n\x07\x43puInfo\x12\x12\n\nmodel_name\x18\x01 \x01(\t\x12\x41\n\x0c\x61rchitecture\x18\x02 \x01(\x0e\x32+.enterprise_management.CpuInfo.Architecture\x12\x1b\n\x13max_clock_speed_khz\x18\x03 \x01(\r\x12;\n\x0clogical_cpus\x18\x04 \x03(\x0b\x32%.enterprise_management.LogicalCpuInfo\"Q\n\x0c\x41rchitecture\x12\x1c\n\x18\x41RCHITECTURE_UNSPECIFIED\x10\x00\x12\n\n\x06X86_64\x10\x01\x12\x0b\n\x07\x41\x41RCH64\x10\x02\x12\n\n\x06\x41RMV7L\x10\x03\"*\n\rGlobalCpuInfo\x12\x19\n\x11num_total_threads\x18\x01 \x01(\r\"m\n\x0b\x44isplayInfo\x12\x18\n\x10resolution_width\x18\x01 \x01(\r\x12\x19\n\x11resolution_height\x18\x02 \x01(\r\x12\x14\n\x0crefresh_rate\x18\x03 \x01(\r\x12\x13\n\x0bis_internal\x18\x04 \x01(\x08\"h\n\x13GraphicsAdapterInfo\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x16\n\x0e\x64river_version\x18\x02 \x01(\t\x12\x11\n\tdevice_id\x18\x03 \x01(\x04\x12\x18\n\x10system_ram_usage\x18\x04 \x01(\x04\"\x83\x01\n\x0eGraphicsStatus\x12;\n\x07\x61\x64\x61pter\x18\x01 \x01(\x0b\x32*.enterprise_management.GraphicsAdapterInfo\x12\x34\n\x08\x64isplays\x18\x02 \x03(\x0b\x32\".enterprise_management.DisplayInfo\"\xdd\x02\n\x0f\x43rashReportInfo\x12\x11\n\tremote_id\x18\x01 \x01(\t\x12\x19\n\x11\x63\x61pture_timestamp\x18\x02 \x01(\x03\x12\r\n\x05\x63\x61use\x18\x03 \x01(\t\x12U\n\rupload_status\x18\x04 \x01(\x0e\x32>.enterprise_management.CrashReportInfo.CrashReportUploadStatus\"\xb5\x01\n\x17\x43rashReportUploadStatus\x12\x19\n\x15UPLOAD_STATUS_UNKNOWN\x10\x00\x12\x1e\n\x1aUPLOAD_STATUS_NOT_UPLOADED\x10\x01\x12\x19\n\x15UPLOAD_STATUS_PENDING\x10\x02\x12(\n$UPLOAD_STATUS_PENDING_USER_REQUESTED\x10\x03\x12\x1a\n\x16UPLOAD_STATUS_UPLOADED\x10\x04\"-\n\x0cTimezoneInfo\x12\r\n\x05posix\x18\x01 \x01(\t\x12\x0e\n\x06region\x18\x02 \x01(\t\"\x82\x01\n\nMemoryInfo\x12\x18\n\x10total_memory_kib\x18\x01 \x01(\r\x12\x17\n\x0f\x66ree_memory_kib\x18\x02 \x01(\r\x12\x1c\n\x14\x61vailable_memory_kib\x18\x03 \x01(\r\x12#\n\x1bpage_faults_since_last_boot\x18\x04 \x01(\x04\"I\n\rBacklightInfo\x12\x0c\n\x04path\x18\x01 \x01(\t\x12\x16\n\x0emax_brightness\x18\x02 \x01(\r\x12\x12\n\nbrightness\x18\x03 \x01(\r\"\x1c\n\x07\x46\x61nInfo\x12\x11\n\tspeed_rpm\x18\x01 \x01(\r\"e\n\x14\x42luetoothAdapterInfo\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x0f\n\x07\x61\x64\x64ress\x18\x02 \x01(\t\x12\x0f\n\x07powered\x18\x03 \x01(\x08\x12\x1d\n\x15num_connected_devices\x18\x04 \x01(\r\"e\n\nSmbiosInfo\x12\x12\n\nsys_vendor\x18\x01 \x01(\t\x12\x14\n\x0cproduct_name\x18\x02 \x01(\t\x12\x17\n\x0fproduct_version\x18\x03 \x01(\t\x12\x14\n\x0c\x62ios_version\x18\x04 \x01(\t\"$\n\x10KernelParameters\x12\x10\n\x08\x63ros_efi\x18\x01 \x01(\x08\"\x1e\n\x07\x45\x46IVars\x12\x13\n\x0bsecure_boot\x18\x01 \x01(\x08\"\xc5\x01\n\x08\x42ootInfo\x12?\n\x0b\x62oot_method\x18\x01 \x01(\x0e\x32*.enterprise_management.BootInfo.BootMethod\x12\x17\n\x0bsecure_boot\x18\x02 \x01(\x08\x42\x02\x18\x01\"_\n\nBootMethod\x12\x0b\n\x07UNKNOWN\x10\x00\x12\x0f\n\x0b\x43ROS_SECURE\x10\x01\x12\r\n\tCROS_UEFI\x10\x02\x12\x0f\n\x0b\x43ROS_LEGACY\x10\x03\x12\x13\n\x0f\x43ROS_EFI_SECURE\x10\x04\"\xe3\x01\n\x12NetworkAdapterInfo\x12;\n\x0c\x64\x65vice_class\x18\x01 \x01(\x0e\x32%.enterprise_management.BusDeviceClass\x12\x30\n\x08\x62us_type\x18\x02 \x01(\x0e\x32\x1e.enterprise_management.BusType\x12\x11\n\tvendor_id\x18\x03 \x01(\x05\x12\x13\n\x0bvendor_name\x18\x04 \x01(\t\x12\x11\n\tdevice_id\x18\x05 \x01(\x05\x12\x13\n\x0b\x64\x65vice_name\x18\x06 \x01(\t\x12\x0e\n\x06\x64river\x18\x07 \x03(\t\"\x8b\x01\n\x13LaCrOsBrowserReport\x12\x36\n\x0b\x64\x65vice_user\x18\x01 \x01(\x0b\x32!.enterprise_management.DeviceUser\x12<\n\x0e\x62rowser_report\x18\x02 \x01(\x0b\x32$.enterprise_management.BrowserReport\"\x86\x02\n\x12\x44\x65moModeDimensions\x12\x0f\n\x07\x63ountry\x18\x01 \x01(\t\x12\x15\n\rretailer_name\x18\x02 \x01(\t\x12\x14\n\x0cstore_number\x18\x03 \x01(\t\x12Z\n\x14\x63ustomization_facets\x18\x04 \x03(\x0e\x32<.enterprise_management.DemoModeDimensions.CustomizationFacet\"V\n\x12\x43ustomizationFacet\x12\r\n\tUNDEFINED\x10\x00\x12\x17\n\x13\x43LOUD_GAMING_DEVICE\x10\x01\x12\x18\n\x14\x46\x45\x41TURE_AWARE_DEVICE\x10\x02\"\xc3\x13\n\x19\x44\x65viceStatusReportRequest\x12\x12\n\nos_version\x18\x01 \x01(\t\x12\x18\n\x10\x66irmware_version\x18\x02 \x01(\t\x12\x11\n\tboot_mode\x18\x03 \x01(\t\x12\x17\n\x0f\x62rowser_version\x18\x05 \x01(\t\x12?\n\x0e\x61\x63tive_periods\x18\x06 \x03(\x0b\x32\'.enterprise_management.ActiveTimePeriod\x12\x43\n\x12network_interfaces\x18\x08 \x03(\x0b\x32\'.enterprise_management.NetworkInterface\x12\x30\n\x05users\x18\t \x03(\x0b\x32!.enterprise_management.DeviceUser\x12\x37\n\x0cvolume_infos\x18\n \x03(\x0b\x32!.enterprise_management.VolumeInfo\x12;\n\x0enetwork_states\x18\x0b \x03(\x0b\x32#.enterprise_management.NetworkState\x12\'\n\x1b\x63pu_utilization_pct_samples\x18\x0c \x03(\x05\x42\x02\x18\x01\x12\x18\n\x10system_ram_total\x18\x0e \x01(\x03\x12#\n\x17system_ram_free_samples\x18\x0f \x03(\x03\x42\x02\x18\x01\x12:\n\x0e\x63pu_temp_infos\x18\x10 \x03(\x0b\x32\".enterprise_management.CPUTempInfo\x12?\n\x10os_update_status\x18\x11 \x01(\x0b\x32%.enterprise_management.OsUpdateStatus\x12;\n\x11running_kiosk_app\x18\x12 \x01(\x0b\x32 .enterprise_management.AppStatus\x12\x14\n\x0csound_volume\x18\x13 \x01(\x05\x12?\n\x10tpm_version_info\x18\x15 \x01(\x0b\x32%.enterprise_management.TpmVersionInfo\x12/\n\x07\x63hannel\x18\x16 \x01(\x0e\x32\x1e.enterprise_management.Channel\x12=\n\x0ftpm_status_info\x18\x17 \x01(\x0b\x32$.enterprise_management.TpmStatusInfo\x12\x1c\n\x14write_protect_switch\x18\x18 \x01(\x08\x12\x38\n\x0cpower_status\x18\x19 \x01(\x0b\x32\".enterprise_management.PowerStatus\x12<\n\x0estorage_status\x18\x1a \x01(\x0b\x32$.enterprise_management.StorageStatus\x12\x38\n\x0c\x62oard_status\x18\x1b \x01(\x0b\x32\".enterprise_management.BoardStatus\x12:\n\rsystem_status\x18\x1c \x01(\x0b\x32#.enterprise_management.SystemStatus\x12M\n\x17stateful_partition_info\x18\x1d \x01(\x0b\x32,.enterprise_management.StatefulPartitionInfo\x12H\n\x15\x63pu_utilization_infos\x18\x1e \x03(\x0b\x32).enterprise_management.CpuUtilizationInfo\x12G\n\x15system_ram_free_infos\x18\x1f \x03(\x0b\x32(.enterprise_management.SystemFreeRamInfo\x12\x30\n\x08\x63pu_info\x18 \x03(\x0b\x32\x1e.enterprise_management.CpuInfo\x12>\n\x0fgraphics_status\x18! \x01(\x0b\x32%.enterprise_management.GraphicsStatus\x12\x42\n\x12\x63rash_report_infos\x18\" \x03(\x0b\x32&.enterprise_management.CrashReportInfo\x12:\n\rtimezone_info\x18# \x01(\x0b\x32#.enterprise_management.TimezoneInfo\x12\x36\n\x0bmemory_info\x18$ \x01(\x0b\x32!.enterprise_management.MemoryInfo\x12<\n\x0e\x62\x61\x63klight_info\x18% \x03(\x0b\x32$.enterprise_management.BacklightInfo\x12\x30\n\x08\x66\x61n_info\x18& \x03(\x0b\x32\x1e.enterprise_management.FanInfo\x12=\n\x0fglobal_cpu_info\x18\' \x01(\x0b\x32$.enterprise_management.GlobalCpuInfo\x12K\n\x16\x62luetooth_adapter_info\x18( \x03(\x0b\x32+.enterprise_management.BluetoothAdapterInfo\x12\x36\n\x0bsmbios_info\x18) \x01(\x0b\x32!.enterprise_management.SmbiosInfo\x12\x42\n\x11kernel_parameters\x18* \x01(\x0b\x32\'.enterprise_management.KernelParameters\x12\x30\n\x08\x65\x66i_vars\x18+ \x01(\x0b\x32\x1e.enterprise_management.EFIVars\x12\x32\n\tboot_info\x18, \x01(\x0b\x32\x1f.enterprise_management.BootInfo\x12G\n\x14network_adapter_info\x18- \x03(\x0b\x32).enterprise_management.NetworkAdapterInfo\x12I\n\x15lacros_browser_report\x18. \x03(\x0b\x32*.enterprise_management.LaCrOsBrowserReport\x12\'\n\x1froot_device_total_storage_bytes\x18/ \x01(\x03\x12!\n\x19is_lacros_primary_browser\x18\x30 \x01(\x08\x12G\n\x14\x64\x65mo_mode_dimensions\x18\x31 \x01(\x0b\x32).enterprise_management.DemoModeDimensionsJ\x04\x08\x04\x10\x05J\x04\x08\x07\x10\x08J\x04\x08\r\x10\x0eJ\x04\x08\x14\x10\x15\"\xe4\x02\n\x0eOsUpdateStatus\x12I\n\rupdate_status\x18\x01 \x01(\x0e\x32\x32.enterprise_management.OsUpdateStatus.UpdateStatus\x12\x1c\n\x14new_platform_version\x18\x02 \x01(\t\x12%\n\x1dnew_required_platform_version\x18\x03 \x01(\t\x12\x1e\n\x16last_checked_timestamp\x18\x04 \x01(\x03\x12\x1d\n\x15last_reboot_timestamp\x18\x05 \x01(\x03\"\x82\x01\n\x0cUpdateStatus\x12\x11\n\rOS_UP_TO_DATE\x10\x00\x12!\n\x1dOS_IMAGE_DOWNLOAD_NOT_STARTED\x10\x01\x12!\n\x1dOS_IMAGE_DOWNLOAD_IN_PROGRESS\x10\x02\x12\x19\n\x15OS_UPDATE_NEED_REBOOT\x10\x03\"x\n\tAppStatus\x12\x0e\n\x06\x61pp_id\x18\x01 \x01(\t\x12\x19\n\x11\x65xtension_version\x18\x02 \x01(\t\x12\x0e\n\x06status\x18\x03 \x01(\t\x12\r\n\x05\x65rror\x18\x04 \x01(\x08\x12!\n\x19required_platform_version\x18\x05 \x01(\t\"\x92\x04\n\x07\x41ppInfo\x12\x0e\n\x06\x61pp_id\x18\x01 \x01(\t\x12\x38\n\x08\x61pp_type\x18\x02 \x01(\x0e\x32&.enterprise_management.AppInfo.AppType\x12\x10\n\x08\x61pp_name\x18\x03 \x01(\t\x12\x35\n\x06status\x18\x04 \x01(\x0e\x32%.enterprise_management.AppInfo.Status\x12\x14\n\x0cinstall_time\x18\x05 \x01(\x03\x12\x0f\n\x07version\x18\x07 \x01(\t\x12>\n\x13\x61\x63tive_time_periods\x18\x08 \x03(\x0b\x32!.enterprise_management.TimePeriod\"\xab\x01\n\x07\x41ppType\x12\x10\n\x0cTYPE_UNKNOWN\x10\x00\x12\x0c\n\x08TYPE_ARC\x10\x01\x12\x10\n\x0cTYPE_BUILTIN\x10\x02\x12\x11\n\rTYPE_CROSTINI\x10\x03\x12\x12\n\x0eTYPE_EXTENSION\x10\x04\x12\x0c\n\x08TYPE_WEB\x10\x05\x12\x11\n\rTYPE_PLUGINVM\x10\x06\x12\x11\n\rTYPE_BOREALIS\x10\x07\x12\x13\n\x0fTYPE_BRUSCHETTA\x10\x08\"_\n\x06Status\x12\x12\n\x0eSTATUS_UNKNOWN\x10\x00\x12\x14\n\x10STATUS_INSTALLED\x10\x01\x12\x13\n\x0fSTATUS_DISABLED\x10\x02\x12\x16\n\x12STATUS_UNINSTALLED\x10\x03\"F\n\x14\x41ndroidAppPermission\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x0f\n\x07granted\x18\x02 \x01(\x08\x12\x0f\n\x07managed\x18\x03 \x01(\x08\"\x85\x04\n\x0e\x41ndroidAppInfo\x12\x0e\n\x06\x61pp_id\x18\x01 \x01(\t\x12\x10\n\x08\x61pp_name\x18\x02 \x01(\t\x12\x14\n\x0cpackage_name\x18\x03 \x01(\t\x12\x46\n\x06status\x18\x04 \x01(\x0e\x32\x36.enterprise_management.AndroidAppInfo.AndroidAppStatus\x12O\n\x10installed_source\x18\x05 \x01(\x0e\x32\x35.enterprise_management.AndroidAppInfo.InstalledSource\x12\x0f\n\x07version\x18\x06 \x01(\x05\x12@\n\x0bpermissions\x18\x07 \x03(\x0b\x32+.enterprise_management.AndroidAppPermission\"e\n\x10\x41ndroidAppStatus\x12\x12\n\x0eSTATUS_UNKNOWN\x10\x00\x12\x12\n\x0eSTATUS_ENABLED\x10\x01\x12\x14\n\x10STATUS_SUSPENDED\x10\x02\x12\x13\n\x0fSTATUS_DISABLED\x10\x03\"h\n\x0fInstalledSource\x12\x12\n\x0eSOURCE_UNKNOWN\x10\x00\x12\x13\n\x0fSOURCE_BY_ADMIN\x10\x01\x12\x12\n\x0eSOURCE_BY_USER\x10\x02\x12\x18\n\x14SOURCE_NOT_INSTALLED\x10\x03\"\xc5\x02\n\x17\x43hromeUserProfileReport\x12\n\n\x02id\x18\x01 \x01(\t\x12\x1d\n\x15\x63hrome_signed_in_user\x18\x02 \x01(\t\x12\x16\n\x0e\x65xtension_data\x18\x03 \x01(\t\x12\x0f\n\x07plugins\x18\x04 \x01(\t\x12\x13\n\x0bpolicy_data\x18\x05 \x01(\t\x12 \n\x18policy_fetched_timestamp\x18\x06 \x01(\x03\x12\x1e\n\x16safe_browsing_warnings\x18\x07 \x01(\x04\x12,\n$safe_browsing_warnings_click_through\x18\x08 \x01(\x04\x12\x0c\n\x04name\x18\t \x01(\t\x12\x43\n\x12\x65xtension_requests\x18\n \x03(\x0b\x32\'.enterprise_management.ExtensionRequest\"?\n\x12\x43hromeSignedInUser\x12\r\n\x05\x65mail\x18\x01 \x01(\t\x12\x1a\n\x12obfuscated_gaia_id\x18\x02 \x01(\t\"P\n\x10\x45xtensionRequest\x12\n\n\x02id\x18\x01 \x01(\t\x12\x19\n\x11request_timestamp\x18\x02 \x01(\x03\x12\x15\n\rjustification\x18\x03 \x01(\t\"\xd1\x05\n\tExtension\x12\n\n\x02id\x18\x01 \x01(\t\x12\x0f\n\x07version\x18\x02 \x01(\t\x12\x0c\n\x04name\x18\x03 \x01(\t\x12\x13\n\x0b\x64\x65scription\x18\x04 \x01(\t\x12@\n\x08\x61pp_type\x18\x05 \x01(\x0e\x32..enterprise_management.Extension.ExtensionType\x12\x14\n\x0chomepage_url\x18\x06 \x01(\t\x12\x42\n\x0cinstall_type\x18\x08 \x01(\x0e\x32,.enterprise_management.Extension.InstallType\x12\x0f\n\x07\x65nabled\x18\t \x01(\x08\x12\x13\n\x0bpermissions\x18\n \x03(\t\x12\x18\n\x10host_permissions\x18\x0b \x03(\t\x12\x15\n\rfrom_webstore\x18\r \x01(\x08\x12\x18\n\x10manifest_version\x18\x0e \x01(\x05\"\x81\x02\n\rExtensionType\x12\x10\n\x0cTYPE_UNKNOWN\x10\x00\x12\x12\n\x0eTYPE_EXTENSION\x10\x01\x12\x13\n\x0fTYPE_HOSTED_APP\x10\x02\x12\x15\n\x11TYPE_PACKAGED_APP\x10\x03\x12\x1c\n\x18TYPE_LEGACY_PACKAGED_APP\x10\x04\x12\x0e\n\nTYPE_THEME\x10\x05\x12\x14\n\x10TYPE_USER_SCRIPT\x10\x06\x12\x15\n\x11TYPE_PLATFORM_APP\x10\x07\x12\x1f\n\x1bTYPE_LOGIN_SCREEN_EXTENSION\x10\x08\x12\"\n\x1eTYPE_CHROMEOS_SYSTEM_EXTENSION\x10\t\"g\n\x0bInstallType\x12\x0f\n\x0bTYPE_NORMAL\x10\x00\x12\x14\n\x10TYPE_DEVELOPMENT\x10\x01\x12\x11\n\rTYPE_SIDELOAD\x10\x02\x12\x0e\n\nTYPE_ADMIN\x10\x03\x12\x0e\n\nTYPE_OTHER\x10\x04J\x04\x08\x07\x10\x08J\x04\x08\x0c\x10\r\"\xd7\x05\n\x06Policy\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x38\n\x05level\x18\x02 \x01(\x0e\x32).enterprise_management.Policy.PolicyLevel\x12\x38\n\x05scope\x18\x03 \x01(\x0e\x32).enterprise_management.Policy.PolicyScope\x12:\n\x06source\x18\x04 \x01(\x0e\x32*.enterprise_management.Policy.PolicySource\x12\r\n\x05value\x18\x05 \x01(\t\x12\r\n\x05\x65rror\x18\x06 \x01(\t\"L\n\x0bPolicyLevel\x12\x11\n\rLEVEL_UNKNOWN\x10\x00\x12\x15\n\x11LEVEL_RECOMMENDED\x10\x01\x12\x13\n\x0fLEVEL_MANDATORY\x10\x02\"C\n\x0bPolicyScope\x12\x11\n\rSCOPE_UNKNOWN\x10\x00\x12\x0e\n\nSCOPE_USER\x10\x01\x12\x11\n\rSCOPE_MACHINE\x10\x02\"\xdd\x02\n\x0cPolicySource\x12\x12\n\x0eSOURCE_UNKNOWN\x10\x00\x12\x1d\n\x19SOURCE_ENTERPRISE_DEFAULT\x10\x01\x12\x10\n\x0cSOURCE_CLOUD\x10\x02\x12\x1b\n\x17SOURCE_ACTIVE_DIRECTORY\x10\x03\x12\x33\n/SOURCE_DEVICE_LOCAL_ACCOUNT_OVERRIDE_DEPRECATED\x10\x04\x12\x13\n\x0fSOURCE_PLATFORM\x10\x05\x12$\n SOURCE_PRIORITY_CLOUD_DEPRECATED\x10\x06\x12\x11\n\rSOURCE_MERGED\x10\x07\x12\x17\n\x13SOURCE_COMMAND_LINE\x10\x08\x12\x19\n\x15SOURCE_CLOUD_FROM_ASH\x10\t\x12\x34\n0SOURCE_RESTRICTED_MANAGED_GUEST_SESSION_OVERRIDE\x10\n\"X\n\x0f\x45xtensionPolicy\x12\x14\n\x0c\x65xtension_id\x18\x01 \x01(\t\x12/\n\x08policies\x18\x02 \x03(\x0b\x32\x1d.enterprise_management.Policy\"7\n\x14PolicyFetchTimestamp\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x11\n\ttimestamp\x18\x02 \x01(\x03\"\xe5\x03\n\x15\x43hromeUserProfileInfo\x12\n\n\x02id\x18\x01 \x01(\t\x12\x0c\n\x04name\x18\x02 \x01(\t\x12\x1b\n\x13is_detail_available\x18\x03 \x01(\x08\x12H\n\x15\x63hrome_signed_in_user\x18\x04 \x01(\x0b\x32).enterprise_management.ChromeSignedInUser\x12\x34\n\nextensions\x18\x05 \x03(\x0b\x32 .enterprise_management.Extension\x12\x43\n\x12\x65xtension_requests\x18\n \x03(\x0b\x32\'.enterprise_management.ExtensionRequest\x12\x36\n\x0f\x63hrome_policies\x18\x07 \x03(\x0b\x32\x1d.enterprise_management.Policy\x12\x42\n\x12\x65xtension_policies\x18\x08 \x03(\x0b\x32&.enterprise_management.ExtensionPolicy\x12N\n\x19policy_fetched_timestamps\x18\t \x03(\x0b\x32+.enterprise_management.PolicyFetchTimestampJ\x04\x08\x06\x10\x07\"\xec\x02\n\rBrowserReport\x12\x17\n\x0f\x62rowser_version\x18\x01 \x01(\t\x12/\n\x07\x63hannel\x18\x02 \x01(\x0e\x32\x1e.enterprise_management.Channel\x12\x17\n\x0f\x65xecutable_path\x18\x03 \x01(\t\x12S\n\x1b\x63hrome_user_profile_reports\x18\x04 \x03(\x0b\x32..enterprise_management.ChromeUserProfileReport\x12O\n\x19\x63hrome_user_profile_infos\x18\x06 \x03(\x0b\x32,.enterprise_management.ChromeUserProfileInfo\x12!\n\x19installed_browser_version\x18\x08 \x01(\t\x12)\n\x1ais_extended_stable_channel\x18\t \x01(\x08:\x05\x66\x61lseJ\x04\x08\x07\x10\x08\"\xf0\x01\n\x08OSReport\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x0c\n\x04\x61rch\x18\x02 \x01(\t\x12\x0f\n\x07version\x18\x03 \x01(\t\x12\x41\n\x0cversion_type\x18\x04 \x01(\x0e\x32+.enterprise_management.OSReport.VersionType\"t\n\x0bVersionType\x12\x0b\n\x07UNKNOWN\x10\x00\x12\x08\n\x04HOME\x10\x01\x12\x10\n\x0cPROFESSIONAL\x10\x02\x12\n\n\x06SERVER\x10\x03\x12\x0e\n\nENTERPRISE\x10\x04\x12\r\n\tEDUCATION\x10\x05\x12\x11\n\rEDUCATION_PRO\x10\x06\"\xba\x03\n\x1a\x43hromeDesktopReportRequest\x12\x18\n\x0cmachine_name\x18\x01 \x01(\tB\x02\x18\x01\x12\x0f\n\x07os_info\x18\x02 \x01(\t\x12\x0f\n\x07os_user\x18\x03 \x01(\t\x12<\n\x0e\x62rowser_report\x18\x04 \x01(\x0b\x32$.enterprise_management.BrowserReport\x12\x19\n\rserial_number\x18\x05 \x01(\tB\x02\x18\x01\x12\x19\n\rcomputer_name\x18\x06 \x01(\tB\x02\x18\x01\x12\x32\n\tos_report\x18\x07 \x01(\x0b\x32\x1f.enterprise_management.OSReport\x12\x14\n\x0cos_user_name\x18\x08 \x01(\t\x12Q\n\x19\x62rowser_device_identifier\x18\t \x01(\x0b\x32..enterprise_management.BrowserDeviceIdentifier\x12\x1f\n\x17machine_attestation_key\x18\x0b \x01(\t\x12\x14\n\x0c\x64\x65vice_model\x18\x0c \x01(\t\x12\x12\n\nbrand_name\x18\r \x01(\tJ\x04\x08\n\x10\x0b\"\xa1\x01\n\x19\x43hromeOsUserReportRequest\x12<\n\x0e\x62rowser_report\x18\x01 \x01(\x0b\x32$.enterprise_management.BrowserReport\x12@\n\x11\x61ndroid_app_infos\x18\x02 \x03(\x0b\x32%.enterprise_management.AndroidAppInfoJ\x04\x08\x03\x10\x04\"\x8e\x01\n\x1a\x43hromeProfileReportRequest\x12<\n\x0e\x62rowser_report\x18\x01 \x01(\x0b\x32$.enterprise_management.BrowserReport\x12\x32\n\tos_report\x18\x02 \x01(\x0b\x32\x1f.enterprise_management.OSReport\"\xd4\x02\n\x1aPolicyValueValidationIssue\x12\x13\n\x0bpolicy_name\x18\x01 \x01(\t\x12`\n\x08severity\x18\x02 \x01(\x0e\x32N.enterprise_management.PolicyValueValidationIssue.ValueValidationIssueSeverity\x12\x15\n\rdebug_message\x18\x03 \x01(\t\"\xa7\x01\n\x1cValueValidationIssueSeverity\x12/\n+VALUE_VALIDATION_ISSUE_SEVERITY_UNSPECIFIED\x10\x00\x12+\n\'VALUE_VALIDATION_ISSUE_SEVERITY_WARNING\x10\x01\x12)\n%VALUE_VALIDATION_ISSUE_SEVERITY_ERROR\x10\x02\"\xf7\x07\n\x1dPolicyValidationReportRequest\x12\x13\n\x0bpolicy_type\x18\x01 \x01(\t\x12\x14\n\x0cpolicy_token\x18\x02 \x01(\t\x12i\n\x16validation_result_type\x18\x03 \x01(\x0e\x32I.enterprise_management.PolicyValidationReportRequest.ValidationResultType\x12Y\n\x1epolicy_value_validation_issues\x18\x04 \x03(\x0b\x32\x31.enterprise_management.PolicyValueValidationIssue\"\xe4\x05\n\x14ValidationResultType\x12,\n(VALIDATION_RESULT_TYPE_ERROR_UNSPECIFIED\x10\x00\x12\"\n\x1eVALIDATION_RESULT_TYPE_SUCCESS\x10\x01\x12\x30\n,VALIDATION_RESULT_TYPE_BAD_INITIAL_SIGNATURE\x10\x02\x12(\n$VALIDATION_RESULT_TYPE_BAD_SIGNATURE\x10\x03\x12-\n)VALIDATION_RESULT_TYPE_ERROR_CODE_PRESENT\x10\x04\x12.\n*VALIDATION_RESULT_TYPE_PAYLOAD_PARSE_ERROR\x10\x05\x12,\n(VALIDATION_RESULT_TYPE_WRONG_POLICY_TYPE\x10\x06\x12\x33\n/VALIDATION_RESULT_TYPE_WRONG_SETTINGS_ENTITY_ID\x10\x07\x12(\n$VALIDATION_RESULT_TYPE_BAD_TIMESTAMP\x10\x08\x12\'\n#VALIDATION_RESULT_TYPE_BAD_DM_TOKEN\x10\t\x12(\n$VALIDATION_RESULT_TYPE_BAD_DEVICE_ID\x10\n\x12#\n\x1fVALIDATION_RESULT_TYPE_BAD_USER\x10\x0b\x12-\n)VALIDATION_RESULT_TYPE_POLICY_PARSE_ERROR\x10\x0c\x12\x39\n5VALIDATION_RESULT_TYPE_BAD_KEY_VERIFICATION_SIGNATURE\x10\r\x12(\n$VALIDATION_RESULT_TYPE_VALUE_WARNING\x10\x0e\x12&\n\"VALIDATION_RESULT_TYPE_VALUE_ERROR\x10\x0f\" \n\x1ePolicyValidationReportResponse\"A\n\rAndroidStatus\x12\x16\n\x0estatus_payload\x18\x01 \x01(\t\x12\x18\n\x10\x64roid_guard_info\x18\x02 \x01(\t\"\xcf\x01\n\x0b\x43rostiniApp\x12\x10\n\x08\x61pp_name\x18\x01 \x01(\t\x12\x38\n\x08\x61pp_type\x18\x02 \x01(\x0e\x32&.enterprise_management.CrostiniAppType\x12/\n\'last_launch_time_window_start_timestamp\x18\x03 \x01(\x03\x12\x14\n\x0cpackage_name\x18\x04 \x01(\t\x12\x17\n\x0fpackage_version\x18\x05 \x01(\t\x12\x14\n\x0cpackage_hash\x18\x06 \x01(\t\"\xca\x01\n\x0e\x43rostiniStatus\x12/\n\'last_launch_time_window_start_timestamp\x18\x01 \x01(\x03\x12$\n\x1clast_launch_vm_image_version\x18\x02 \x01(\t\x12%\n\x1dlast_launch_vm_kernel_version\x18\x03 \x01(\t\x12:\n\x0einstalled_apps\x18\x04 \x03(\x0b\x32\".enterprise_management.CrostiniApp\"\xea\x02\n\x1aSessionStatusReportRequest\x12\x1f\n\x17\x64\x65vice_local_account_id\x18\x04 \x01(\t\x12\x38\n\x0einstalled_apps\x18\x05 \x03(\x0b\x32 .enterprise_management.AppStatus\x12<\n\x0e\x61ndroid_status\x18\x07 \x01(\x0b\x32$.enterprise_management.AndroidStatus\x12\x15\n\ruser_dm_token\x18\x08 \x01(\t\x12\x11\n\ttime_zone\x18\t \x01(\t\x12>\n\x0f\x63rostini_status\x18\n \x01(\x0b\x32%.enterprise_management.CrostiniStatus\x12\x31\n\tapp_infos\x18\x0b \x03(\x0b\x32\x1e.enterprise_management.AppInfoJ\x04\x08\x01\x10\x02J\x04\x08\x02\x10\x03J\x04\x08\x03\x10\x04J\x04\x08\x06\x10\x07\"G\n\x1a\x44\x65viceStatusReportResponse\x12\x12\n\nerror_code\x18\x01 \x01(\x05\x12\x15\n\rerror_message\x18\x02 \x01(\t\"\x1d\n\x1b\x43hromeDesktopReportResponse\"\x1c\n\x1a\x43hromeOsUserReportResponse\"\x1d\n\x1b\x43hromeProfileReportResponse\"H\n\x1bSessionStatusReportResponse\x12\x12\n\nerror_code\x18\x01 \x01(\x05\x12\x15\n\rerror_message\x18\x02 \x01(\t\"k\n\x1bPrivateSetMembershipRequest\x12L\n\x0crlwe_request\x18\x01 \x01(\x0b\x32\x36.enterprise_management.PrivateSetMembershipRlweRequest\"n\n\x1cPrivateSetMembershipResponse\x12N\n\rrlwe_response\x18\x01 \x01(\x0b\x32\x37.enterprise_management.PrivateSetMembershipRlweResponse\"\xc5\x01\n\x1fPrivateSetMembershipRlweRequest\x12O\n\x0coprf_request\x18\x01 \x01(\x0b\x32\x39.private_membership.rlwe.PrivateMembershipRlweOprfRequest\x12Q\n\rquery_request\x18\x02 \x01(\x0b\x32:.private_membership.rlwe.PrivateMembershipRlweQueryRequest\"\xca\x01\n PrivateSetMembershipRlweResponse\x12Q\n\roprf_response\x18\x01 \x01(\x0b\x32:.private_membership.rlwe.PrivateMembershipRlweOprfResponse\x12S\n\x0equery_response\x18\x02 \x01(\x0b\x32;.private_membership.rlwe.PrivateMembershipRlweQueryResponse\"\xcf\x02\n\x1b\x44\x65viceAutoEnrollmentRequest\x12\x11\n\tremainder\x18\x01 \x01(\x03\x12\x0f\n\x07modulus\x18\x02 \x01(\x03\x12\x80\x01\n\x15\x65nrollment_check_type\x18\x03 \x01(\x0e\x32\x46.enterprise_management.DeviceAutoEnrollmentRequest.EnrollmentCheckType:\x19\x45NROLLMENT_CHECK_TYPE_FRE\"\x88\x01\n\x13\x45nrollmentCheckType\x12%\n!ENROLLMENT_CHECK_TYPE_UNSPECIFIED\x10\x00\x12\x1d\n\x19\x45NROLLMENT_CHECK_TYPE_FRE\x10\x01\x12+\n\'ENROLLMENT_CHECK_TYPE_FORCED_ENROLLMENT\x10\x02\"H\n\x1c\x44\x65viceAutoEnrollmentResponse\x12\x18\n\x10\x65xpected_modulus\x18\x01 \x01(\x03\x12\x0e\n\x06hashes\x18\x02 \x03(\x0c\"\x83\x01\n\x1b\x44\x65viceStateRetrievalRequest\x12\x1f\n\x17server_backed_state_key\x18\x01 \x01(\x0c\x12\x15\n\rserial_number\x18\x02 \x01(\t\x12\x12\n\nbrand_code\x18\x03 \x01(\t\x12\x18\n\x10\x65nrollment_token\x18\x04 \x01(\t\"?\n\x1b\x44\x65viceStateKeyUpdateRequest\x12 \n\x18server_backed_state_keys\x18\x01 \x03(\x0c\"\xb5\x04\n\x1c\x44\x65viceStateRetrievalResponse\x12h\n\x0crestore_mode\x18\x01 \x01(\x0e\x32?.enterprise_management.DeviceStateRetrievalResponse.RestoreMode:\x11RESTORE_MODE_NONE\x12\x19\n\x11management_domain\x18\x02 \x01(\t\x12<\n\x0e\x64isabled_state\x18\x03 \x01(\x0b\x32$.enterprise_management.DisabledState\x12[\n\x16initial_state_response\x18\x04 \x01(\x0b\x32;.enterprise_management.DeviceInitialEnrollmentStateResponse\x12\x38\n\x0clicense_type\x18\x05 \x01(\x0b\x32\".enterprise_management.LicenseType\"\xba\x01\n\x0bRestoreMode\x12\x15\n\x11RESTORE_MODE_NONE\x10\x00\x12\'\n#RESTORE_MODE_REENROLLMENT_REQUESTED\x10\x01\x12&\n\"RESTORE_MODE_REENROLLMENT_ENFORCED\x10\x02\x12\x19\n\x15RESTORE_MODE_DISABLED\x10\x03\x12(\n$RESTORE_MODE_REENROLLMENT_ZERO_TOUCH\x10\x04\"j\n#DeviceInitialEnrollmentStateRequest\x12\x15\n\rserial_number\x18\x01 \x01(\t\x12\x12\n\nbrand_code\x18\x02 \x01(\t\x12\x18\n\x10\x65nrollment_token\x18\x03 \x01(\t\"\x97\x08\n$DeviceInitialEnrollmentStateResponse\x12\x90\x01\n\x17initial_enrollment_mode\x18\x01 \x01(\x0e\x32Q.enterprise_management.DeviceInitialEnrollmentStateResponse.InitialEnrollmentMode:\x1cINITIAL_ENROLLMENT_MODE_NONE\x12\x19\n\x11management_domain\x18\x02 \x01(\t\x12\'\n\x1fis_license_packaged_with_device\x18\x03 \x01(\x08\x12<\n\x0e\x64isabled_state\x18\x04 \x01(\x0b\x32$.enterprise_management.DisabledState\x12n\n\x15license_packaging_sku\x18\x05 \x01(\x0e\x32O.enterprise_management.DeviceInitialEnrollmentStateResponse.LicensePackagingSKU\x12n\n\x15\x61ssigned_upgrade_type\x18\x06 \x01(\x0e\x32O.enterprise_management.DeviceInitialEnrollmentStateResponse.AssignedUpgradeType\"\xf8\x01\n\x15InitialEnrollmentMode\x12 \n\x1cINITIAL_ENROLLMENT_MODE_NONE\x10\x00\x12/\n+INITIAL_ENROLLMENT_MODE_ENROLLMENT_ENFORCED\x10\x01\x12/\n+INITIAL_ENROLLMENT_MODE_ZERO_TOUCH_ENFORCED\x10\x02\x12$\n INITIAL_ENROLLMENT_MODE_DISABLED\x10\x03\x12\x35\n1INITIAL_ENROLLMENT_MODE_TOKEN_ENROLLMENT_ENFORCED\x10\x04\"f\n\x13LicensePackagingSKU\x12\r\n\tNOT_EXIST\x10\x00\x12\x15\n\x11\x43HROME_ENTERPRISE\x10\x01\x12\x14\n\x10\x43HROME_EDUCATION\x10\x02\x12\x13\n\x0f\x43HROME_TERMINAL\x10\x03\"\x96\x01\n\x13\x41ssignedUpgradeType\x12%\n!ASSIGNED_UPGRADE_TYPE_UNSPECIFIED\x10\x00\x12+\n\'ASSIGNED_UPGRADE_TYPE_CHROME_ENTERPRISE\x10\x01\x12+\n\'ASSIGNED_UPGRADE_TYPE_KIOSK_AND_SIGNAGE\x10\x02\"L\n\x14\x44\x65vicePairingRequest\x12\x16\n\x0ehost_device_id\x18\x01 \x01(\t\x12\x1c\n\x14\x63ontroller_device_id\x18\x02 \x01(\t\"\x95\x02\n\x15\x44\x65vicePairingResponse\x12T\n\x0bstatus_code\x18\x01 \x01(\x0e\x32\x37.enterprise_management.DevicePairingResponse.StatusCode:\x06\x46\x41ILED\"\xa5\x01\n\nStatusCode\x12\x0b\n\x07SUCCESS\x10\x00\x12\n\n\x06\x46\x41ILED\x10\x01\x12\x19\n\x15HOST_DEVICE_NOT_FOUND\x10\x02\x12\x1f\n\x1b\x43ONTROLLER_DEVICE_NOT_FOUND\x10\x03\x12\x1d\n\x19HOST_DEVICE_DEPROVISIONED\x10\x04\x12#\n\x1f\x43ONTROLLER_DEVICE_DEPROVISIONED\x10\x05\"Q\n\x19\x43heckDevicePairingRequest\x12\x16\n\x0ehost_device_id\x18\x01 \x01(\t\x12\x1c\n\x14\x63ontroller_device_id\x18\x02 \x01(\t\"\xce\x02\n\x1a\x43heckDevicePairingResponse\x12]\n\x0bstatus_code\x18\x01 \x01(\x0e\x32<.enterprise_management.CheckDevicePairingResponse.StatusCode:\nNOT_PAIRED\"\xd0\x01\n\nStatusCode\x12\n\n\x06PAIRED\x10\x00\x12\x0e\n\nNOT_PAIRED\x10\x01\x12\x19\n\x15HOST_DEVICE_NOT_FOUND\x10\x02\x12\x1f\n\x1b\x43ONTROLLER_DEVICE_NOT_FOUND\x10\x03\x12\x1d\n\x19HOST_DEVICE_DEPROVISIONED\x10\x04\x12#\n\x1f\x43ONTROLLER_DEVICE_DEPROVISIONED\x10\x05\x12&\n\"INVALID_CONTROLLER_DEVICE_IDENTITY\x10\x06\"\xd7\x05\n\rRemoteCommand\x12\x37\n\x04type\x18\x01 \x01(\x0e\x32).enterprise_management.RemoteCommand.Type\x12\x12\n\ncommand_id\x18\x02 \x01(\x03\x12\x16\n\x0e\x61ge_of_command\x18\x03 \x01(\x03\x12\x0f\n\x07payload\x18\x04 \x01(\t\x12\x18\n\x10target_device_id\x18\x05 \x01(\t\"\xb5\x04\n\x04Type\x12\x1e\n\x11\x43OMMAND_ECHO_TEST\x10\xff\xff\xff\xff\xff\xff\xff\xff\xff\x01\x12\x11\n\rDEVICE_REBOOT\x10\x00\x12\x15\n\x11\x44\x45VICE_SCREENSHOT\x10\x01\x12\x15\n\x11\x44\x45VICE_SET_VOLUME\x10\x02\x12\x17\n\x13\x44\x45VICE_FETCH_STATUS\x10\x03\x12\x14\n\x10USER_ARC_COMMAND\x10\x04\x12\x15\n\x11\x44\x45VICE_WIPE_USERS\x10\x05\x12\x1c\n\x18\x44\x45VICE_START_CRD_SESSION\x10\x06\x12\x1b\n\x17\x44\x45VICE_REMOTE_POWERWASH\x10\x07\x12\x31\n-DEVICE_REFRESH_ENTERPRISE_MACHINE_CERTIFICATE\x10\x08\x12,\n(DEVICE_GET_AVAILABLE_DIAGNOSTIC_ROUTINES\x10\t\x12!\n\x1d\x44\x45VICE_RUN_DIAGNOSTIC_ROUTINE\x10\n\x12(\n$DEVICE_GET_DIAGNOSTIC_ROUTINE_UPDATE\x10\x0b\x12\x1f\n\x1b\x42ROWSER_CLEAR_BROWSING_DATA\x10\x0c\x12\x16\n\x12\x44\x45VICE_RESET_EUICC\x10\r\x12)\n%BROWSER_ROTATE_ATTESTATION_CREDENTIAL\x10\x0e\x12\x1f\n\x1b\x46\x45TCH_CRD_AVAILABILITY_INFO\x10\x0f\x12\x18\n\x14\x46\x45TCH_SUPPORT_PACKET\x10\x10\"\xde\x01\n\x13RemoteCommandResult\x12\x45\n\x06result\x18\x01 \x01(\x0e\x32\x35.enterprise_management.RemoteCommandResult.ResultType\x12\x12\n\ncommand_id\x18\x02 \x01(\x03\x12\x11\n\ttimestamp\x18\x03 \x01(\x03\x12\x0f\n\x07payload\x18\x04 \x01(\t\"H\n\nResultType\x12\x12\n\x0eRESULT_IGNORED\x10\x00\x12\x12\n\x0eRESULT_FAILURE\x10\x01\x12\x12\n\x0eRESULT_SUCCESS\x10\x02\"\xfe\x01\n\x1a\x44\x65viceRemoteCommandRequest\x12\x1e\n\x16last_command_unique_id\x18\x01 \x01(\x03\x12\x43\n\x0f\x63ommand_results\x18\x02 \x03(\x0b\x32*.enterprise_management.RemoteCommandResult\x12\x1c\n\x14send_secure_commands\x18\x03 \x01(\x08\x12O\n\x0esignature_type\x18\x04 \x01(\x0e\x32\x37.enterprise_management.PolicyFetchRequest.SignatureType\x12\x0c\n\x04type\x18\x05 \x01(\t\"\x91\x01\n\x1b\x44\x65viceRemoteCommandResponse\x12\x36\n\x08\x63ommands\x18\x01 \x03(\x0b\x32$.enterprise_management.RemoteCommand\x12:\n\x0fsecure_commands\x18\x02 \x03(\x0b\x32!.enterprise_management.SignedData\"(\n&DeviceAttributeUpdatePermissionRequest\"\xd1\x01\n\'DeviceAttributeUpdatePermissionResponse\x12Y\n\x06result\x18\x01 \x01(\x0e\x32I.enterprise_management.DeviceAttributeUpdatePermissionResponse.ResultType\"K\n\nResultType\x12\x1f\n\x1b\x41TTRIBUTE_UPDATE_DISALLOWED\x10\x00\x12\x1c\n\x18\x41TTRIBUTE_UPDATE_ALLOWED\x10\x01\"B\n\x1c\x44\x65viceAttributeUpdateRequest\x12\x10\n\x08\x61sset_id\x18\x01 \x01(\t\x12\x10\n\x08location\x18\x02 \x01(\t\"\xb8\x01\n\x1d\x44\x65viceAttributeUpdateResponse\x12O\n\x06result\x18\x01 \x01(\x0e\x32?.enterprise_management.DeviceAttributeUpdateResponse.ResultType\"F\n\nResultType\x12\x1a\n\x16\x41TTRIBUTE_UPDATE_ERROR\x10\x00\x12\x1c\n\x18\x41TTRIBUTE_UPDATE_SUCCESS\x10\x01\"$\n\x12GcmIdUpdateRequest\x12\x0e\n\x06gcm_id\x18\x01 \x01(\t\"\x15\n\x13GcmIdUpdateResponse\"\x1f\n\x1d\x43heckAndroidManagementRequest\" \n\x1e\x43heckAndroidManagementResponse\"b\n%CertificateBasedDeviceRegisterRequest\x12\x39\n\x0esigned_request\x18\x01 \x01(\x0b\x32!.enterprise_management.SignedData\"p\n\x1fTokenBasedDeviceRegisterRequest\x12M\n\x17\x64\x65vice_register_request\x18\x01 \x01(\x0b\x32,.enterprise_management.DeviceRegisterRequest\"s\n TokenBasedDeviceRegisterResponse\x12O\n\x18\x64\x65vice_register_response\x18\x01 \x01(\x0b\x32-.enterprise_management.DeviceRegisterResponse\"3\n\x1b\x44\x65viceRegisterConfiguration\x12\x14\n\x0c\x64\x65vice_owner\x18\x01 \x01(\t\"\x9e\x03\n&CertificateBasedDeviceRegistrationData\x12g\n\x10\x63\x65rtificate_type\x18\x01 \x01(\x0e\x32M.enterprise_management.CertificateBasedDeviceRegistrationData.CertificateType\x12\x1a\n\x12\x64\x65vice_certificate\x18\x02 \x01(\x0c\x12M\n\x17\x64\x65vice_register_request\x18\x03 \x01(\x0b\x32,.enterprise_management.DeviceRegisterRequest\x12Y\n\x1d\x64\x65vice_register_configuration\x18\x04 \x01(\x0b\x32\x32.enterprise_management.DeviceRegisterConfiguration\"E\n\x0f\x43\x65rtificateType\x12\x0b\n\x07UNKNOWN\x10\x00\x12%\n!ENTERPRISE_ENROLLMENT_CERTIFICATE\x10\x01\"\xd4\x01\n\x16RegisterBrowserRequest\x12\x14\n\x0cmachine_name\x18\x01 \x01(\t\x12\x13\n\x0bos_platform\x18\x02 \x01(\t\x12\x12\n\nos_version\x18\x03 \x01(\t\x12Q\n\x19\x62rowser_device_identifier\x18\x04 \x01(\x0b\x32..enterprise_management.BrowserDeviceIdentifier\x12\x14\n\x0c\x64\x65vice_model\x18\x05 \x01(\t\x12\x12\n\nbrand_name\x18\x06 \x01(\t\"?\n$ActiveDirectoryEnrollPlayUserRequest\x12\x17\n\x0f\x61uth_session_id\x18\x01 \x01(\t\"\x97\x01\n%ActiveDirectoryEnrollPlayUserResponse\x12\x18\n\x10\x65nrollment_token\x18\x01 \x01(\t\x12\x0f\n\x07user_id\x18\x02 \x01(\t\x12\x43\n\x0fsaml_parameters\x18\x03 \x01(\x0b\x32*.enterprise_management.SamlParametersProto\"I\n\x13SamlParametersProto\x12\x19\n\x11\x61uth_redirect_url\x18\x01 \x01(\t\x12\x17\n\x0f\x61uth_session_id\x18\x02 \x01(\t\"+\n\x15PublicSamlUserRequest\x12\x12\n\naccount_id\x18\x01 \x01(\t\"]\n\x16PublicSamlUserResponse\x12\x43\n\x0fsaml_parameters\x18\x01 \x01(\x0b\x32*.enterprise_management.SamlParametersProto\"5\n\"ActiveDirectoryPlayActivityRequest\x12\x0f\n\x07user_id\x18\x01 \x01(\t\"%\n#ActiveDirectoryPlayActivityResponse\"\x1b\n\x19\x43heckDeviceLicenseRequest\"\x89\x01\n\x13LicenseAvailability\x12G\n\x17license_type_deprecated\x18\x01 \x01(\x0b\x32\".enterprise_management.LicenseTypeB\x02\x18\x01\x12)\n\x1d\x61vailable_licenses_deprecated\x18\x02 \x01(\x05\x42\x02\x18\x01\"\xbe\x02\n\x1a\x43heckDeviceLicenseResponse\x12u\n!license_selection_mode_deprecated\x18\x01 \x01(\x0e\x32\x46.enterprise_management.CheckDeviceLicenseResponse.LicenseSelectionModeB\x02\x18\x01\x12Y\n!license_availabilities_deprecated\x18\x02 \x03(\x0b\x32*.enterprise_management.LicenseAvailabilityB\x02\x18\x01\"N\n\x14LicenseSelectionMode\x12\r\n\tUNDEFINED\x10\x00\x12\x12\n\x0eUSER_SELECTION\x10\x01\x12\x13\n\x0f\x41\x44MIN_SELECTION\x10\x02\"\"\n ActiveDirectoryUserSigninRequest\">\n!ActiveDirectoryUserSigninResponse\x12\x19\n\x11\x61uth_redirect_url\x18\x01 \x01(\t\"\xd8\x02\n\x0eTpmVersionInfo\x12\x0e\n\x06\x66\x61mily\x18\x01 \x01(\r\x12\x12\n\nspec_level\x18\x02 \x01(\x04\x12\x14\n\x0cmanufacturer\x18\x03 \x01(\r\x12\x11\n\ttpm_model\x18\x04 \x01(\r\x12\x18\n\x10\x66irmware_version\x18\x05 \x01(\x04\x12\x17\n\x0fvendor_specific\x18\x06 \x01(\t\x12\x45\n\x0bgsc_version\x18\x07 \x01(\x0e\x32\x30.enterprise_management.TpmVersionInfo.GscVersion\x12\x0f\n\x07\x64id_vid\x18\x08 \x01(\t\"n\n\nGscVersion\x12\x1b\n\x17GSC_VERSION_UNSPECIFIED\x10\x00\x12\x17\n\x13GSC_VERSION_NOT_GSC\x10\x01\x12\x14\n\x10GSC_VERSION_CR50\x10\x02\x12\x14\n\x10GSC_VERSION_TI50\x10\x03\"\xc2\x03\n\rTpmStatusInfo\x12\x0f\n\x07\x65nabled\x18\x01 \x01(\x08\x12\r\n\x05owned\x18\x02 \x01(\x08\x12\x17\n\x0ftpm_initialized\x18\x03 \x01(\x08\x12\x1c\n\x14\x61ttestation_prepared\x18\x04 \x01(\x08\x12\x1c\n\x14\x61ttestation_enrolled\x18\x05 \x01(\x08\x12!\n\x19\x64ictionary_attack_counter\x18\x06 \x01(\x05\x12#\n\x1b\x64ictionary_attack_threshold\x18\x07 \x01(\x05\x12+\n#dictionary_attack_lockout_in_effect\x18\x08 \x01(\x08\x12\x33\n+dictionary_attack_lockout_seconds_remaining\x18\t \x01(\x05\x12\"\n\x16\x62oot_lockbox_finalized\x18\n \x01(\x08\x42\x02\x18\x01\x12!\n\x19owner_password_is_present\x18\x0b \x01(\x08\x12K\n\x16tpm_supported_features\x18\x0c \x01(\x0b\x32+.enterprise_management.TpmSupportedFeatures\"}\n\x14TpmSupportedFeatures\x12\x12\n\nis_allowed\x18\x01 \x01(\x08\x12\x19\n\x11support_pinweaver\x18\x02 \x01(\x08\x12!\n\x19support_runtime_selection\x18\x03 \x01(\x08\x12\x13\n\x0bsupport_u2f\x18\x04 \x01(\x08\"F\n\x0bSystemState\x12\x37\n\x0cvolume_infos\x18\x01 \x03(\x0b\x32!.enterprise_management.VolumeInfo\"\xe3\x33\n\x1e\x45xtensionInstallReportLogEvent\x12\x11\n\ttimestamp\x18\x01 \x01(\x03\x12S\n\nevent_type\x18\x02 \x01(\x0e\x32?.enterprise_management.ExtensionInstallReportLogEvent.EventType\x12\x16\n\x0estateful_total\x18\x03 \x01(\x03\x12\x15\n\rstateful_free\x18\x04 \x01(\x03\x12\x0e\n\x06online\x18\x05 \x01(\x08\x12o\n\x19session_state_change_type\x18\x06 \x01(\x0e\x32L.enterprise_management.ExtensionInstallReportLogEvent.SessionStateChangeType\x12[\n\x0e\x66\x61ilure_reason\x18\x07 \x01(\x0e\x32\x43.enterprise_management.ExtensionInstallReportLogEvent.FailureReason\x12\x63\n\x12installation_stage\x18\x08 \x01(\x0e\x32G.enterprise_management.ExtensionInstallReportLogEvent.InstallationStage\x12\x61\n\x11\x64ownloading_stage\x18\t \x01(\x0e\x32\x46.enterprise_management.ExtensionInstallReportLogEvent.DownloadingStage\x12\x46\n\x0e\x65xtension_type\x18\n \x01(\x0e\x32..enterprise_management.Extension.ExtensionType\x12Q\n\tuser_type\x18\x0b \x01(\x0e\x32>.enterprise_management.ExtensionInstallReportLogEvent.UserType\x12\x13\n\x0bis_new_user\x18\x0c \x01(\x08\x12#\n\x1bis_misconfiguration_failure\x18\r \x01(\x08\x12j\n\x16install_creation_stage\x18\x0e \x01(\x0e\x32J.enterprise_management.ExtensionInstallReportLogEvent.InstallCreationStage\x12h\n\x15\x64ownload_cache_status\x18\x0f \x01(\x0e\x32I.enterprise_management.ExtensionInstallReportLogEvent.DownloadCacheStatus\x12u\n\x17unpacker_failure_reason\x18\x10 \x01(\x0e\x32T.enterprise_management.ExtensionInstallReportLogEvent.SandboxedUnpackerFailureReason\x12j\n\x16manifest_invalid_error\x18\x11 \x01(\x0e\x32J.enterprise_management.ExtensionInstallReportLogEvent.ManifestInvalidError\x12m\n\x18\x63rx_install_error_detail\x18\x12 \x01(\x0e\x32K.enterprise_management.ExtensionInstallReportLogEvent.CrxInstallErrorDetail\x12\x18\n\x10\x66\x65tch_error_code\x18\x13 \x01(\x05\x12\x13\n\x0b\x66\x65tch_tries\x18\x14 \x01(\x05\"\xa2\x01\n\tEventType\x12\x1a\n\x16LOG_EVENT_TYPE_UNKNOWN\x10\x00\x12\x12\n\x0ePOLICY_REQUEST\x10\x01\x12\x0b\n\x07SUCCESS\x10\x02\x12\x0c\n\x08\x43\x41NCELED\x10\x03\x12\x17\n\x13\x43ONNECTIVITY_CHANGE\x10\x04\x12\x18\n\x14SESSION_STATE_CHANGE\x10\x05\x12\x17\n\x13INSTALLATION_FAILED\x10\x06\"o\n\x16SessionStateChangeType\x12%\n!SESSION_STATE_CHANGE_TYPE_UNKNOWN\x10\x00\x12\t\n\x05LOGIN\x10\x01\x12\n\n\x06LOGOUT\x10\x02\x12\x0b\n\x07SUSPEND\x10\x03\x12\n\n\x06RESUME\x10\x04\"\xbe\x06\n\rFailureReason\x12\x1a\n\x16\x46\x41ILURE_REASON_UNKNOWN\x10\x00\x12\x0e\n\nINVALID_ID\x10\x01\x12 \n\x1cMALFORMED_EXTENSION_SETTINGS\x10\x02\x12\x17\n\x13REPLACED_BY_ARC_APP\x10\x03\x12\x1c\n\x18MALFORMED_EXTENSION_DICT\x10\x04\x12 \n\x1cNOT_SUPPORTED_EXTENSION_DICT\x10\x05\x12&\n\"MALFORMED_EXTENSION_DICT_FILE_PATH\x10\x06\x12$\n MALFORMED_EXTENSION_DICT_VERSION\x10\x07\x12\'\n#MALFORMED_EXTENSION_DICT_UPDATE_URL\x10\x08\x12\x18\n\x14LOCALE_NOT_SUPPORTED\x10\t\x12\x1e\n\x1aNOT_PERFORMING_NEW_INSTALL\x10\n\x12\x13\n\x0fTOO_OLD_PROFILE\x10\x0b\x12!\n\x1d\x44O_NOT_INSTALL_FOR_ENTERPRISE\x10\x0c\x12\x15\n\x11\x41LREADY_INSTALLED\x10\r\x12\x14\n\x10\x43RX_FETCH_FAILED\x10\x0e\x12\x19\n\x15MANIFEST_FETCH_FAILED\x10\x0f\x12\x14\n\x10MANIFEST_INVALID\x10\x10\x12\r\n\tNO_UPDATE\x10\x11\x12\x1e\n\x1a\x43RX_INSTALL_ERROR_DECLINED\x10\x12\x12\x30\n,CRX_INSTALL_ERROR_SANDBOXED_UNPACKER_FAILURE\x10\x13\x12\x1b\n\x17\x43RX_INSTALL_ERROR_OTHER\x10\x14\x12\x11\n\rNO_UPDATE_URL\x10\x15\x12\x16\n\x12PENDING_ADD_FAILED\x10\x16\x12\x19\n\x15\x44OWNLOADER_ADD_FAILED\x10\x17\x12\x0f\n\x0bIN_PROGRESS\x10\x18\x12\x17\n\x13\x43RX_FETCH_URL_EMPTY\x10\x19\x12\x19\n\x15\x43RX_FETCH_URL_INVALID\x10\x1a\x12\x1a\n\x16OVERRIDDEN_BY_SETTINGS\x10\x1b\x12\x1a\n\x16REPLACED_BY_SYSTEM_APP\x10\x1c\"|\n\x11InstallationStage\x12\x1e\n\x1aINSTALLATION_STAGE_UNKNOWN\x10\x00\x12\x0b\n\x07\x43REATED\x10\x01\x12\x0b\n\x07PENDING\x10\x02\x12\x0f\n\x0b\x44OWNLOADING\x10\x03\x12\x0e\n\nINSTALLING\x10\x04\x12\x0c\n\x08\x43OMPLETE\x10\x05\"\x9c\x02\n\x08UserType\x12\x15\n\x11USER_TYPE_UNKNOWN\x10\x00\x12\x15\n\x11USER_TYPE_REGULAR\x10\x01\x12\x13\n\x0fUSER_TYPE_GUEST\x10\x02\x12\x1c\n\x18USER_TYPE_PUBLIC_ACCOUNT\x10\x03\x12\'\n\x1fUSER_TYPE_SUPERVISED_DEPRECATED\x10\x04\x1a\x02\x08\x01\x12\x17\n\x13USER_TYPE_KIOSK_APP\x10\x05\x12\x13\n\x0fUSER_TYPE_CHILD\x10\x06\x12\x1b\n\x17USER_TYPE_ARC_KIOSK_APP\x10\x07\x12\x1e\n\x1aUSER_TYPE_ACTIVE_DIRECTORY\x10\x08\x12\x1b\n\x17USER_TYPE_WEB_KIOSK_APP\x10\t\"\x97\x02\n\x10\x44ownloadingStage\x12\x1d\n\x19\x44OWNLOADING_STAGE_UNKNOWN\x10\x00\x12\x14\n\x10\x44OWNLOAD_PENDING\x10\x01\x12\x17\n\x13QUEUED_FOR_MANIFEST\x10\x02\x12\x18\n\x14\x44OWNLOADING_MANIFEST\x10\x03\x12\x1e\n\x1a\x44OWNLOADING_MANIFEST_RETRY\x10\x04\x12\x14\n\x10PARSING_MANIFEST\x10\x05\x12\x13\n\x0fMANIFEST_LOADED\x10\x06\x12\x12\n\x0eQUEUED_FOR_CRX\x10\x07\x12\x13\n\x0f\x44OWNLOADING_CRX\x10\x08\x12\x19\n\x15\x44OWNLOADING_CRX_RETRY\x10\t\x12\x0c\n\x08\x46INISHED\x10\n\"\xc3\x02\n\x14InstallCreationStage\x12\"\n\x1eINSTALL_CREATION_STAGE_UNKNOWN\x10\x00\x12\x16\n\x12\x43REATION_INITIATED\x10\x01\x12\x34\n0NOTIFIED_FROM_MANAGEMENT_INITIAL_CREATION_FORCED\x10\x02\x12\x38\n4NOTIFIED_FROM_MANAGEMENT_INITIAL_CREATION_NOT_FORCED\x10\x03\x12\x1c\n\x18NOTIFIED_FROM_MANAGEMENT\x10\x04\x12\'\n#NOTIFIED_FROM_MANAGEMENT_NOT_FORCED\x10\x05\x12\x19\n\x15SEEN_BY_POLICY_LOADER\x10\x06\x12\x1d\n\x19SEEN_BY_EXTERNAL_PROVIDER\x10\x07\"\x98\x01\n\x13\x44ownloadCacheStatus\x12\x11\n\rCACHE_UNKNOWN\x10\x00\x12\x12\n\x0e\x43\x41\x43HE_DISABLED\x10\x01\x12\x0e\n\nCACHE_MISS\x10\x02\x12\x12\n\x0e\x43\x41\x43HE_OUTDATED\x10\x03\x12\r\n\tCACHE_HIT\x10\x04\x12\'\n#CACHE_HIT_ON_MANIFEST_FETCH_FAILURE\x10\x05\"\xb6\r\n\x1eSandboxedUnpackerFailureReason\x12-\n)SANDBOXED_UNPACKER_FAILURE_REASON_UNKNOWN\x10\x00\x12 \n\x1c\x43OULD_NOT_GET_TEMP_DIRECTORY\x10\x01\x12#\n\x1f\x43OULD_NOT_CREATE_TEMP_DIRECTORY\x10\x02\x12\x33\n/FAILED_TO_COPY_EXTENSION_FILE_TO_TEMP_DIRECTORY\x10\x03\x12\'\n#COULD_NOT_GET_SANDBOX_FRIENDLY_PATH\x10\x04\x12 \n\x1c\x43OULD_NOT_LOCALIZE_EXTENSION\x10\x05\x12\x14\n\x10INVALID_MANIFEST\x10\x06\x12\x1a\n\x16UNPACKER_CLIENT_FAILED\x10\x07\x12\x33\n/UTILITY_PROCESS_CRASHED_WHILE_TRYING_TO_INSTALL\x10\x08\x12\x19\n\x15\x43RX_FILE_NOT_READABLE\x10\t\x12\x16\n\x12\x43RX_HEADER_INVALID\x10\n\x12\x1c\n\x18\x43RX_MAGIC_NUMBER_INVALID\x10\x0b\x12\x1e\n\x1a\x43RX_VERSION_NUMBER_INVALID\x10\x0c\x12*\n&CRX_EXCESSIVELY_LARGE_KEY_OR_SIGNATURE\x10\r\x12\x17\n\x13\x43RX_ZERO_KEY_LENGTH\x10\x0e\x12\x1d\n\x19\x43RX_ZERO_SIGNATURE_LENGTH\x10\x0f\x12\x1a\n\x16\x43RX_PUBLIC_KEY_INVALID\x10\x10\x12\x19\n\x15\x43RX_SIGNATURE_INVALID\x10\x11\x12\x34\n0CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED\x10\x12\x12%\n!CRX_SIGNATURE_VERIFICATION_FAILED\x10\x13\x12#\n\x1f\x45RROR_SERIALIZING_MANIFEST_JSON\x10\x14\x12\x1e\n\x1a\x45RROR_SAVING_MANIFEST_JSON\x10\x15\x12.\n*COULD_NOT_READ_IMAGE_DATA_FROM_DISK_UNUSED\x10\x16\x12\x33\n/DECODED_IMAGES_DO_NOT_MATCH_THE_MANIFEST_UNUSED\x10\x17\x12\"\n\x1eINVALID_PATH_FOR_BROWSER_IMAGE\x10\x18\x12!\n\x1d\x45RROR_REMOVING_OLD_IMAGE_FILE\x10\x19\x12!\n\x1dINVALID_PATH_FOR_BITMAP_IMAGE\x10\x1a\x12!\n\x1d\x45RROR_RE_ENCODING_THEME_IMAGE\x10\x1b\x12\x1c\n\x18\x45RROR_SAVING_THEME_IMAGE\x10\x1c\x12&\n\"DEPRECATED_ABORTED_DUE_TO_SHUTDOWN\x10\x1d\x12\x30\n,COULD_NOT_READ_CATALOG_DATA_FROM_DISK_UNUSED\x10\x1e\x12\x18\n\x14INVALID_CATALOG_DATA\x10\x1f\x12#\n\x1fINVALID_PATH_FOR_CATALOG_UNUSED\x10 \x12\x1d\n\x19\x45RROR_SERIALIZING_CATALOG\x10!\x12\x18\n\x14\x45RROR_SAVING_CATALOG\x10\"\x12 \n\x1c\x43RX_HASH_VERIFICATION_FAILED\x10#\x12\x10\n\x0cUNZIP_FAILED\x10$\x12\x19\n\x15\x44IRECTORY_MOVE_FAILED\x10%\x12\x1c\n\x18\x43RX_FILE_IS_DELTA_UPDATE\x10&\x12\x1d\n\x19\x43RX_EXPECTED_HASH_INVALID\x10\'\x12(\n$DEPRECATED_ERROR_PARSING_DNR_RULESET\x10(\x12\x1e\n\x1a\x45RROR_INDEXING_DNR_RULESET\x10)\x12\x1e\n\x1a\x43RX_REQUIRED_PROOF_MISSING\x10*\x12\x36\n2CRX_HEADER_VERIFIED_CONTENTS_UNCOMPRESSING_FAILURE\x10+\x12\x1f\n\x1bMALFORMED_VERIFIED_CONTENTS\x10,\x12\'\n#COULD_NOT_CREATE_METADATA_DIRECTORY\x10-\x12/\n+COULD_NOT_WRITE_VERIFIED_CONTENTS_INTO_FILE\x10.\"\xc1\x03\n\x14ManifestInvalidError\x12\"\n\x1eMANIFEST_INVALID_ERROR_UNKNOWN\x10\x00\x12\x16\n\x12XML_PARSING_FAILED\x10\x01\x12 \n\x1cINVALID_XLMNS_ON_GUPDATE_TAG\x10\x02\x12\x17\n\x13MISSING_GUPDATE_TAG\x10\x03\x12#\n\x1fINVALID_PROTOCOL_ON_GUPDATE_TAG\x10\x04\x12\x12\n\x0eMISSING_APP_ID\x10\x05\x12\x1d\n\x19MISSING_UPDATE_CHECK_TAGS\x10\x06\x12\x1e\n\x1aMULTIPLE_UPDATE_CHECK_TAGS\x10\x07\x12\x1b\n\x17INVALID_PRODVERSION_MIN\x10\x08\x12\x16\n\x12\x45MPTY_CODEBASE_URL\x10\t\x12\x18\n\x14INVALID_CODEBASE_URL\x10\n\x12$\n MISSING_VERSION_FOR_UPDATE_CHECK\x10\x0b\x12\x13\n\x0fINVALID_VERSION\x10\x0c\x12\x1c\n\x18\x42\x41\x44_UPDATE_SPECIFICATION\x10\r\x12\x12\n\x0e\x42\x41\x44_APP_STATUS\x10\x0e\"\xeb\x05\n\x15\x43rxInstallErrorDetail\x12$\n CRX_INSTALL_ERROR_DETAIL_UNKNOWN\x10\x00\x12+\n\'CONVERT_USER_SCRIPT_TO_EXTENSION_FAILED\x10\x01\x12\x11\n\rUNEXPECTED_ID\x10\x02\x12\x16\n\x12UNEXPECTED_VERSION\x10\x03\x12\x16\n\x12MISMATCHED_VERSION\x10\x04\x12\x1e\n\x1a\x43RX_ERROR_MANIFEST_INVALID\x10\x05\x12\x17\n\x13INSTALL_NOT_ENABLED\x10\x06\x12\x1f\n\x1bOFFSTORE_INSTALL_DISALLOWED\x10\x07\x12\x1e\n\x1aINCORRECT_APP_CONTENT_TYPE\x10\x08\x12\x1e\n\x1aNOT_INSTALLED_FROM_GALLERY\x10\t\x12\x1a\n\x16INCORRECT_INSTALL_HOST\x10\n\x12 \n\x1c\x44\x45PENDENCY_NOT_SHARED_MODULE\x10\x0b\x12\x1a\n\x16\x44\x45PENDENCY_OLD_VERSION\x10\x0c\x12\x1e\n\x1a\x44\x45PENDENCY_NOT_ALLOWLISTED\x10\r\x12\x1c\n\x18UNSUPPORTED_REQUIREMENTS\x10\x0e\x12\x1c\n\x18\x45XTENSION_IS_BLOCKLISTED\x10\x0f\x12\x18\n\x14\x44ISALLOWED_BY_POLICY\x10\x10\x12\x13\n\x0fKIOSK_MODE_ONLY\x10\x11\x12\x1a\n\x16OVERLAPPING_WEB_EXTENT\x10\x12\x12\x1a\n\x16\x43\x41NT_DOWNGRADE_VERSION\x10\x13\x12$\n MOVE_DIRECTORY_TO_PROFILE_FAILED\x10\x14\x12\x17\n\x13\x43\x41NT_LOAD_EXTENSION\x10\x15\x12\x11\n\rUSER_CANCELED\x10\x16\x12\x10\n\x0cUSER_ABORTED\x10\x17\x12!\n\x1dUPDATE_NON_EXISTING_EXTENSION\x10\x18\"\xde\x06\n\x18\x41ppInstallReportLogEvent\x12\x11\n\ttimestamp\x18\x01 \x01(\x03\x12M\n\nevent_type\x18\x02 \x01(\x0e\x32\x39.enterprise_management.AppInstallReportLogEvent.EventType\x12\x16\n\x0estateful_total\x18\x03 \x01(\x03\x12\x15\n\rstateful_free\x18\x04 \x01(\x03\x12\x19\n\x11\x63louddps_response\x18\x05 \x01(\x05\x12\x14\n\x0cphonesky_log\x18\x06 \x01(\t\x12\x0e\n\x06online\x18\x07 \x01(\x08\x12i\n\x19session_state_change_type\x18\x08 \x01(\x0e\x32\x46.enterprise_management.AppInstallReportLogEvent.SessionStateChangeType\x12\x12\n\nandroid_id\x18\t \x01(\x03\"\xff\x02\n\tEventType\x12\x1a\n\x16LOG_EVENT_TYPE_UNKNOWN\x10\x00\x12\x12\n\x0eSERVER_REQUEST\x10\x01\x12\x14\n\x10\x43LOUDDPC_REQUEST\x10\x02\x12\x14\n\x10\x43LOUDDPS_REQUEST\x10\x03\x12\x15\n\x11\x43LOUDDPS_RESPONSE\x10\x04\x12\x10\n\x0cPHONESKY_LOG\x10\x05\x12\x0b\n\x07SUCCESS\x10\x06\x12\x0c\n\x08\x43\x41NCELED\x10\x07\x12\x17\n\x13\x43ONNECTIVITY_CHANGE\x10\x08\x12\x18\n\x14SESSION_STATE_CHANGE\x10\t\x12\x18\n\x14INSTALLATION_STARTED\x10\n\x12\x19\n\x15INSTALLATION_FINISHED\x10\x0b\x12\x17\n\x13INSTALLATION_FAILED\x10\x0c\x12\x12\n\x0e\x44IRECT_INSTALL\x10\r\x12\x1d\n\x19\x43LOUDDPC_MAIN_LOOP_FAILED\x10\x0e\x12\x1e\n\x1aPLAYSTORE_LOCAL_POLICY_SET\x10\x0f\"o\n\x16SessionStateChangeType\x12%\n!SESSION_STATE_CHANGE_TYPE_UNKNOWN\x10\x00\x12\t\n\x05LOGIN\x10\x01\x12\n\n\x06LOGOUT\x10\x02\x12\x0b\n\x07SUSPEND\x10\x03\x12\n\n\x06RESUME\x10\x04\"\x87\x01\n\x16\x45xtensionInstallReport\x12\x14\n\x0c\x65xtension_id\x18\x01 \x01(\t\x12\x12\n\nincomplete\x18\x02 \x01(\x08\x12\x43\n\x04logs\x18\x03 \x03(\x0b\x32\x35.enterprise_management.ExtensionInstallReportLogEvent\"v\n\x10\x41ppInstallReport\x12\x0f\n\x07package\x18\x01 \x01(\t\x12\x12\n\nincomplete\x18\x02 \x01(\x08\x12=\n\x04logs\x18\x03 \x03(\x0b\x32/.enterprise_management.AppInstallReportLogEvent\"_\n\x17\x41ppInstallReportRequest\x12\x44\n\x13\x61pp_install_reports\x18\x01 \x03(\x0b\x32\'.enterprise_management.AppInstallReport\"q\n\x1d\x45xtensionInstallReportRequest\x12P\n\x19\x65xtension_install_reports\x18\x01 \x03(\x0b\x32-.enterprise_management.ExtensionInstallReport\"\x1a\n\x18\x41ppInstallReportResponse\"\xad\x01\n\x15RefreshAccountRequest\x12N\n\x0c\x61\x63\x63ount_type\x18\x01 \x01(\x0e\x32\x38.enterprise_management.RefreshAccountRequest.AccountType\"D\n\x0b\x41\x63\x63ountType\x12\x1c\n\x18\x41\x43\x43OUNT_TYPE_UNSPECIFIED\x10\x00\x12\x17\n\x13\x43HROME_OS_DEMO_MODE\x10\x01\"\x18\n\x16RefreshAccountResponse\"L\n\x19RsuLookupKeyUploadRequest\x12\x10\n\x08\x62oard_id\x18\x01 \x01(\x0c\x12\x1d\n\x15\x63r50_hashed_device_id\x18\x02 \x01(\x0c\"<\n\x1aRsuLookupKeyUploadResponse\x12\x1e\n\x16rsu_lookup_key_updated\x18\x01 \x01(\x08\"Z\n\x0f\x45SimProfileInfo\x12\r\n\x05iccid\x18\x01 \x01(\t\x12\x14\n\x0csmdp_address\x18\x02 \x01(\t\x12\x14\n\x0csmds_address\x18\x03 \x01(\t\x12\x0c\n\x04name\x18\x04 \x01(\t\"\x88\x01\n\x16UploadEuiccInfoRequest\x12\x13\n\x0b\x65uicc_count\x18\x01 \x01(\r\x12=\n\resim_profiles\x18\x02 \x03(\x0b\x32&.enterprise_management.ESimProfileInfo\x12\x1a\n\x12\x63lear_profile_list\x18\x03 \x01(\x08\"\x19\n\x17UploadEuiccInfoResponse\"\xc0\x08\n\rPrintJobEvent\x12U\n\x11job_configuration\x18\x01 \x01(\x0b\x32:.enterprise_management.PrintJobEvent.PrintJobConfiguration\x12@\n\tuser_type\x18\x02 \x01(\x0e\x32-.enterprise_management.PrintJobEvent.UserType\x12=\n\x07printer\x18\x03 \x01(\x0b\x32,.enterprise_management.PrintJobEvent.Printer\x1a\xe1\x01\n\x15PrintJobConfiguration\x12\n\n\x02id\x18\x01 \x01(\t\x12\r\n\x05title\x18\x02 \x01(\t\x12\x0e\n\x06status\x18\x03 \x01(\x05\x12\x1d\n\x15\x63reation_timestamp_ms\x18\x04 \x01(\x03\x12\x1f\n\x17\x63ompletion_timestamp_ms\x18\x05 \x01(\x03\x12\x17\n\x0fnumber_of_pages\x18\x06 \x01(\x05\x12\x44\n\x08settings\x18\x07 \x01(\x0b\x32\x32.enterprise_management.PrintJobEvent.PrintSettings\x1a\x30\n\x07Printer\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x0b\n\x03uri\x18\x02 \x01(\t\x12\n\n\x02id\x18\x03 \x01(\t\x1a\xfa\x03\n\rPrintSettings\x12K\n\x05\x63olor\x18\x01 \x01(\x0e\x32<.enterprise_management.PrintJobEvent.PrintSettings.ColorMode\x12M\n\x06\x64uplex\x18\x02 \x01(\x0e\x32=.enterprise_management.PrintJobEvent.PrintSettings.DuplexMode\x12P\n\nmedia_size\x18\x03 \x01(\x0b\x32<.enterprise_management.PrintJobEvent.PrintSettings.MediaSize\x12\x0e\n\x06\x63opies\x18\x04 \x01(\x05\x1a=\n\tMediaSize\x12\r\n\x05width\x18\x01 \x01(\x05\x12\x0e\n\x06height\x18\x02 \x01(\x05\x12\x11\n\tvendor_id\x18\x03 \x01(\t\"C\n\tColorMode\x12\x16\n\x12UNKNOWN_COLOR_MODE\x10\x00\x12\x13\n\x0f\x42LACK_AND_WHITE\x10\x01\x12\t\n\x05\x43OLOR\x10\x02\"g\n\nDuplexMode\x12\x17\n\x13UNKNOWN_DUPLEX_MODE\x10\x00\x12\r\n\tONE_SIDED\x10\x01\x12\x17\n\x13TWO_SIDED_LONG_EDGE\x10\x02\x12\x18\n\x14TWO_SIDED_SHORT_EDGE\x10\x03\"D\n\x08UserType\x12\x15\n\x11UNKNOWN_USER_TYPE\x10\x00\x12\x0b\n\x07REGULAR\x10\x01\x12\t\n\x05GUEST\x10\x02\x12\t\n\x05KIOSK\x10\x03\"\xe9\x01\n\x03\x41pp\x12\x0e\n\x06\x61pp_id\x18\x01 \x01(\t\x12\x34\n\x08\x61pp_type\x18\x02 \x01(\x0e\x32\".enterprise_management.App.AppType\x12\x19\n\x11\x61\x64\x64itional_app_id\x18\x03 \x03(\t\"\x80\x01\n\x07\x41ppType\x12\x0b\n\x07UNKNOWN\x10\x00\x12\x07\n\x03\x41RC\x10\x01\x12\x0c\n\x08\x42UILT_IN\x10\x02\x12\x0c\n\x08\x43ROSTINI\x10\x03\x12\r\n\tEXTENSION\x10\x04\x12\x07\n\x03WEB\x10\x05\x12\r\n\tPLUGIN_VM\x10\x06\x12\x0c\n\x08\x42OREALIS\x10\x07\x12\x0e\n\nBRUSCHETTA\x10\x08\"\xbe\x02\n\x0b\x41ppActivity\x12,\n\x08\x61pp_info\x18\x01 \x01(\x0b\x32\x1a.enterprise_management.App\x12>\n\x13\x61\x63tive_time_periods\x18\x02 \x03(\x0b\x32!.enterprise_management.TimePeriod\x12\x14\n\x0cpopulated_at\x18\x03 \x01(\x03\x12>\n\tapp_state\x18\x04 \x01(\x0e\x32+.enterprise_management.AppActivity.AppState\"k\n\x08\x41ppState\x12\x0b\n\x07UNKNOWN\x10\x00\x12\x0b\n\x07\x44\x45\x46\x41ULT\x10\x01\x12\x14\n\x10\x41LWAYS_AVAILABLE\x10\x02\x12\x0b\n\x07\x42LOCKED\x10\x03\x12\x11\n\rLIMIT_REACHED\x10\x04\x12\x0f\n\x0bUNINSTALLED\x10\x05\"d\n\x0eScreenTimeSpan\x12\x36\n\x0btime_period\x18\x01 \x01(\x0b\x32!.enterprise_management.TimePeriod\x12\x1a\n\x12\x61\x63tive_duration_ms\x18\x02 \x01(\x03\"\xea\x02\n\x18\x43hildStatusReportRequest\x12\x15\n\ruser_dm_token\x18\x01 \x01(\t\x12\x14\n\x0ctimestamp_ms\x18\x02 \x01(\x03\x12\x11\n\ttime_zone\x18\x03 \x01(\t\x12?\n\x10screen_time_span\x18\x04 \x03(\x0b\x32%.enterprise_management.ScreenTimeSpan\x12<\n\x0e\x61ndroid_status\x18\x05 \x01(\x0b\x32$.enterprise_management.AndroidStatus\x12\x12\n\nos_version\x18\x06 \x01(\t\x12\x11\n\tboot_mode\x18\x07 \x01(\t\x12\x38\n\x0c\x61pp_activity\x18\x08 \x03(\x0b\x32\".enterprise_management.AppActivity\x12.\n\nhidden_app\x18\t \x03(\x0b\x32\x1a.enterprise_management.App\"F\n\x19\x43hildStatusReportResponse\x12\x12\n\nerror_code\x18\x01 \x01(\x05\x12\x15\n\rerror_message\x18\x02 \x01(\t\"\x11\n\x0fStartCsrRequest\"\xe2\x01\n\x10StartCsrResponse\x12\x1a\n\x12invalidation_topic\x18\x01 \x01(\t\x12\x14\n\x0cva_challenge\x18\x02 \x01(\x0c\x12\x42\n\x11hashing_algorithm\x18\x05 \x01(\x0e\x32\'.enterprise_management.HashingAlgorithm\x12\x42\n\x11signing_algorithm\x18\x03 \x01(\x0e\x32\'.enterprise_management.SigningAlgorithm\x12\x14\n\x0c\x64\x61ta_to_sign\x18\x04 \x01(\x0c\"D\n\x10\x46inishCsrRequest\x12\x1d\n\x15va_challenge_response\x18\x01 \x01(\x0c\x12\x11\n\tsignature\x18\x02 \x01(\x0c\"\x13\n\x11\x46inishCsrResponse\"\x15\n\x13\x44ownloadCertRequest\"7\n\x14\x44ownloadCertResponse\x12\x1f\n\x17pem_encoded_certificate\x18\x01 \x01(\t\"\x16\n\x14\x43\x65rtProvStartRequest\"3\n\x15\x43\x65rtProvStartResponse\x12\x1a\n\x12invalidation_topic\x18\x01 \x01(\t\"#\n!CertProvGetNextInstructionRequest\"\xd8\x02\n\"CertProvGetNextInstructionResponse\x12T\n\x15\x61uthorize_instruction\x18\x01 \x01(\x0b\x32\x33.enterprise_management.CertProvAuthorizeInstructionH\x00\x12\x66\n\x1fproof_of_possession_instruction\x18\x02 \x01(\x0b\x32;.enterprise_management.CertProvProofOfPossessionInstructionH\x00\x12\x65\n\x1eimport_certificate_instruction\x18\x03 \x01(\x0b\x32;.enterprise_management.CertProvImportCertificateInstructionH\x00\x42\r\n\x0binstruction\"9\n\x18\x43\x65rtProvAuthorizeRequest\x12\x1d\n\x15va_challenge_response\x18\x01 \x01(\x0c\"\x1b\n\x19\x43\x65rtProvAuthorizeResponse\";\n&CertProvUploadProofOfPossessionRequest\x12\x11\n\tsignature\x18\x01 \x01(\x0c\")\n\'CertProvUploadProofOfPossessionResponse\"4\n\x1c\x43\x65rtProvAuthorizeInstruction\x12\x14\n\x0cva_challenge\x18\x01 \x01(\x0c\"\x8c\x01\n$CertProvProofOfPossessionInstruction\x12\x14\n\x0c\x64\x61ta_to_sign\x18\x01 \x01(\x0c\x12N\n\x13signature_algorithm\x18\x02 \x01(\x0e\x32\x31.enterprise_management.CertProvSignatureAlgorithm\"G\n$CertProvImportCertificateInstruction\x12\x1f\n\x17pem_encoded_certificate\x18\x01 \x01(\t\"\x99\x06\n$ClientCertificateProvisioningRequest\x12+\n#certificate_provisioning_process_id\x18\x10 \x01(\t\x12\x19\n\x11\x63\x65rtificate_scope\x18\x01 \x01(\t\x12\x17\n\x0f\x63\x65rt_profile_id\x18\x02 \x01(\t\x12\x12\n\npublic_key\x18\x03 \x01(\x0c\x12\x17\n\x0f\x64\x65vice_dm_token\x18\x04 \x01(\t\x12\x43\n\x11start_csr_request\x18\x05 \x01(\x0b\x32&.enterprise_management.StartCsrRequestH\x00\x12\x45\n\x12\x66inish_csr_request\x18\x06 \x01(\x0b\x32\'.enterprise_management.FinishCsrRequestH\x00\x12K\n\x15\x64ownload_cert_request\x18\x07 \x01(\x0b\x32*.enterprise_management.DownloadCertRequestH\x00\x12\x44\n\rstart_request\x18\x0c \x01(\x0b\x32+.enterprise_management.CertProvStartRequestH\x00\x12`\n\x1cget_next_instruction_request\x18\r \x01(\x0b\x32\x38.enterprise_management.CertProvGetNextInstructionRequestH\x00\x12L\n\x11\x61uthorize_request\x18\x0e \x01(\x0b\x32/.enterprise_management.CertProvAuthorizeRequestH\x00\x12k\n\"upload_proof_of_possession_request\x18\x0f \x01(\x0b\x32=.enterprise_management.CertProvUploadProofOfPossessionRequestH\x00\x12\x16\n\x0epolicy_version\x18\x08 \x01(\x0c\x42\t\n\x07requestJ\x04\x08\t\x10\x0c\"\xb1\x04\n\x14\x43\x65rtProvBackendError\x12@\n\x05\x65rror\x18\x01 \x01(\x0e\x32\x31.enterprise_management.CertProvBackendError.Error\x12\x15\n\rdebug_message\x18\x02 \x01(\t\"\xbf\x03\n\x05\x45rror\x12\x15\n\x11\x45RROR_UNSPECIFIED\x10\x00\x12\x15\n\x11INVALID_OPERATION\x10\x01\x12\x15\n\x11INCONSISTENT_DATA\x10\x02\x12\x1f\n\x1bIDENTITY_VERIFICATION_ERROR\x10\x03\x12\x16\n\x12\x43PP_ALREADY_EXISTS\x10\x04\x12\x12\n\x0e\x42\x41\x44_PUBLIC_KEY\x10\x05\x12\x15\n\x11INVALID_SIGNATURE\x10\x06\x12!\n\x1dINSTRUCTION_NOT_YET_AVAILABLE\x10\x07\x12\x12\n\x0e\x43\x41_UNAVAILABLE\x10\x08\x12\x0e\n\nCA_FAILURE\x10\t\x12\x15\n\x11PROFILE_NOT_FOUND\x10\n\x12 \n\x1cUSER_PRIMARY_EMAIL_NOT_FOUND\x10\x0b\x12\x1b\n\x17\x43\x41_CONNECTION_NOT_FOUND\x10\x0c\x12\x1a\n\x16PUBSUB_TOPIC_NOT_FOUND\x10\r\x12$\n BAD_ADAPTER_CERTIFICATE_RECEIVED\x10\x0e\x12.\n*CERTIFICATE_PROVISIONING_PROCESS_NOT_FOUND\x10\x0f\"\xb1\x08\n%ClientCertificateProvisioningResponse\x12\x17\n\x0ftry_again_later\x18\x01 \x01(\x03\x12S\n\x05\x65rror\x18\x02 \x01(\x0e\x32\x42.enterprise_management.ClientCertificateProvisioningResponse.ErrorH\x00\x12\x45\n\x12start_csr_response\x18\x03 \x01(\x0b\x32\'.enterprise_management.StartCsrResponseH\x00\x12G\n\x13\x66inish_csr_response\x18\x04 \x01(\x0b\x32(.enterprise_management.FinishCsrResponseH\x00\x12M\n\x16\x64ownload_cert_response\x18\x05 \x01(\x0b\x32+.enterprise_management.DownloadCertResponseH\x00\x12\x46\n\x0estart_response\x18\x07 \x01(\x0b\x32,.enterprise_management.CertProvStartResponseH\x00\x12\x62\n\x1dget_next_instruction_response\x18\x08 \x01(\x0b\x32\x39.enterprise_management.CertProvGetNextInstructionResponseH\x00\x12N\n\x12\x61uthorize_response\x18\t \x01(\x0b\x32\x30.enterprise_management.CertProvAuthorizeResponseH\x00\x12m\n#upload_proof_of_possession_response\x18\n \x01(\x0b\x32>.enterprise_management.CertProvUploadProofOfPossessionResponseH\x00\x12\x44\n\rbackend_error\x18\x0b \x01(\x0b\x32+.enterprise_management.CertProvBackendErrorH\x00\"\xf7\x01\n\x05\x45rror\x12\r\n\tUNDEFINED\x10\x00\x12\r\n\tTIMED_OUT\x10\x01\x12\x1f\n\x1bIDENTITY_VERIFICATION_ERROR\x10\x02\x12\x0c\n\x08\x43\x41_ERROR\x10\x03\x12\x15\n\x11INCONSISTENT_DATA\x10\x04\x12\x12\n\x0e\x42\x41\x44_PUBLIC_KEY\x10\x05\x12 \n\x1c\x42\x41\x44_CA_CERTIFICATE_SPECIFIED\x10\x06\x12#\n\x1f\x42\x41\x44_CLIENT_CERTIFICATE_RECEIVED\x10\x07\x12\x19\n\x15INVALID_CSR_SIGNATURE\x10\x08\x12\x14\n\x10\x43SR_ALREADY_SENT\x10\tB\n\n\x08responseJ\x04\x08\x06\x10\x07\"\xb8\x03\n\x1d\x42rowserPublicKeyUploadRequest\x12\x12\n\npublic_key\x18\x01 \x01(\x0c\x12\x11\n\tsignature\x18\x02 \x01(\x0c\x12[\n\x0fkey_trust_level\x18\x03 \x01(\x0e\x32\x42.enterprise_management.BrowserPublicKeyUploadRequest.KeyTrustLevel\x12N\n\x08key_type\x18\x04 \x01(\x0e\x32<.enterprise_management.BrowserPublicKeyUploadRequest.KeyType\x12\x1d\n\x15provision_certificate\x18\x05 \x01(\x08\"f\n\rKeyTrustLevel\x12\x1f\n\x1bKEY_TRUST_LEVEL_UNSPECIFIED\x10\x00\x12\x19\n\x15\x43HROME_BROWSER_HW_KEY\x10\x01\x12\x19\n\x15\x43HROME_BROWSER_OS_KEY\x10\x02\"<\n\x07KeyType\x12\x18\n\x14KEY_TYPE_UNSPECIFIED\x10\x00\x12\x0b\n\x07RSA_KEY\x10\x01\x12\n\n\x06\x45\x43_KEY\x10\x02\"\xdf\x01\n\x1e\x42rowserPublicKeyUploadResponse\x12Y\n\rresponse_code\x18\x01 \x01(\x0e\x32\x42.enterprise_management.BrowserPublicKeyUploadResponse.ResponseCode\x12\x1f\n\x17pem_encoded_certificate\x18\x02 \x01(\t\"A\n\x0cResponseCode\x12\r\n\tUNDEFINED\x10\x00\x12\x0b\n\x07SUCCESS\x10\x01\x12\x15\n\x11INVALID_SIGNATURE\x10\x02\"\xf3\x01\n FmRegistrationTokenUploadRequest\x12\r\n\x05token\x18\x01 \x01(\t\x12\x18\n\x10protocol_version\x18\x02 \x01(\x03\x12U\n\ntoken_type\x18\x03 \x01(\x0e\x32\x41.enterprise_management.FmRegistrationTokenUploadRequest.TokenType\x12\x1f\n\x17\x65xpiration_timestamp_ms\x18\x04 \x01(\x03\".\n\tTokenType\x12\n\n\x06\x44\x45VICE\x10\x00\x12\x0b\n\x07\x42ROWSER\x10\x01\x12\x08\n\x04USER\x10\x02\"#\n!FmRegistrationTokenUploadResponse\"\xae\x1d\n\x17\x44\x65viceManagementRequest\x12\x46\n\x10register_request\x18\x01 \x01(\x0b\x32,.enterprise_management.DeviceRegisterRequest\x12J\n\x12unregister_request\x18\x02 \x01(\x0b\x32..enterprise_management.DeviceUnregisterRequest\x12\x42\n\x0epolicy_request\x18\x03 \x01(\x0b\x32*.enterprise_management.DevicePolicyRequest\x12V\n\x1c\x64\x65vice_status_report_request\x18\x04 \x01(\x0b\x32\x30.enterprise_management.DeviceStatusReportRequest\x12X\n\x1dsession_status_report_request\x18\x05 \x01(\x0b\x32\x31.enterprise_management.SessionStatusReportRequest\x12T\n\x1b\x63hild_status_report_request\x18\x1e \x01(\x0b\x32/.enterprise_management.ChildStatusReportRequest\x12S\n\x17\x61uto_enrollment_request\x18\x06 \x01(\x0b\x32\x32.enterprise_management.DeviceAutoEnrollmentRequest\x12K\n\x13\x63\x65rt_upload_request\x18\x07 \x01(\x0b\x32..enterprise_management.DeviceCertUploadRequest\x12X\n\x1aservice_api_access_request\x18\x08 \x01(\x0b\x32\x34.enterprise_management.DeviceServiceApiAccessRequest\x12Z\n\x1e\x64\x65vice_state_retrieval_request\x18\t \x01(\x0b\x32\x32.enterprise_management.DeviceStateRetrievalRequest\x12[\n\x1f\x64\x65vice_state_key_update_request\x18\n \x01(\x0b\x32\x32.enterprise_management.DeviceStateKeyUpdateRequest\x12K\n\x16\x64\x65vice_pairing_request\x18\x0b \x01(\x0b\x32+.enterprise_management.DevicePairingRequest\x12V\n\x1c\x63heck_device_pairing_request\x18\x0c \x01(\x0b\x32\x30.enterprise_management.CheckDevicePairingRequest\x12Q\n\x16remote_command_request\x18\r \x01(\x0b\x32\x31.enterprise_management.DeviceRemoteCommandRequest\x12q\n*device_attribute_update_permission_request\x18\x0e \x01(\x0b\x32=.enterprise_management.DeviceAttributeUpdatePermissionRequest\x12\\\n\x1f\x64\x65vice_attribute_update_request\x18\x0f \x01(\x0b\x32\x33.enterprise_management.DeviceAttributeUpdateRequest\x12H\n\x15gcm_id_update_request\x18\x10 \x01(\x0b\x32).enterprise_management.GcmIdUpdateRequest\x12^\n check_android_management_request\x18\x11 \x01(\x0b\x32\x34.enterprise_management.CheckAndroidManagementRequest\x12h\n\"certificate_based_register_request\x18\x12 \x01(\x0b\x32<.enterprise_management.CertificateBasedDeviceRegisterRequest\x12n\n)active_directory_enroll_play_user_request\x18\x13 \x01(\x0b\x32;.enterprise_management.ActiveDirectoryEnrollPlayUserRequest\x12i\n&active_directory_play_activity_request\x18\x14 \x01(\x0b\x32\x39.enterprise_management.ActiveDirectoryPlayActivityRequest\x12\x65\n\'check_device_license_request_deprecated\x18\x15 \x01(\x0b\x32\x30.enterprise_management.CheckDeviceLicenseRequestB\x02\x18\x01\x12\x65\n$active_directory_user_signin_request\x18\x16 \x01(\x0b\x32\x37.enterprise_management.ActiveDirectoryUserSigninRequest\x12O\n\x18register_browser_request\x18\x17 \x01(\x0b\x32-.enterprise_management.RegisterBrowserRequest\x12R\n\x1a\x61pp_install_report_request\x18\x19 \x01(\x0b\x32..enterprise_management.AppInstallReportRequest\x12X\n\x1d\x63hrome_desktop_report_request\x18\x1a \x01(\x0b\x32\x31.enterprise_management.ChromeDesktopReportRequest\x12^\n policy_validation_report_request\x18\x1b \x01(\x0b\x32\x34.enterprise_management.PolicyValidationReportRequest\x12k\n\'device_initial_enrollment_state_request\x18\x1c \x01(\x0b\x32:.enterprise_management.DeviceInitialEnrollmentStateRequest\x12M\n\x17refresh_account_request\x18\x1d \x01(\x0b\x32,.enterprise_management.RefreshAccountRequest\x12W\n\x1drsu_lookup_key_upload_request\x18\x1f \x01(\x0b\x32\x30.enterprise_management.RsuLookupKeyUploadRequest\x12N\n\x18public_saml_user_request\x18 \x01(\x0b\x32,.enterprise_management.PublicSamlUserRequest\x12W\n\x1d\x63hrome_os_user_report_request\x18! \x01(\x0b\x32\x30.enterprise_management.ChromeOsUserReportRequest\x12l\n\'client_certificate_provisioning_request\x18\" \x01(\x0b\x32;.enterprise_management.ClientCertificateProvisioningRequest\x12^\n extension_install_report_request\x18# \x01(\x0b\x32\x34.enterprise_management.ExtensionInstallReportRequest\x12R\n\x1a\x63heck_user_account_request\x18$ \x01(\x0b\x32..enterprise_management.CheckUserAccountRequest\x12Z\n\x1eprivate_set_membership_request\x18% \x01(\x0b\x32\x32.enterprise_management.PrivateSetMembershipRequest\x12_\n!browser_public_key_upload_request\x18& \x01(\x0b\x32\x34.enterprise_management.BrowserPublicKeyUploadRequest\x12P\n\x19upload_euicc_info_request\x18\' \x01(\x0b\x32-.enterprise_management.UploadEuiccInfoRequest\x12X\n\x1d\x63hrome_profile_report_request\x18( \x01(\x0b\x32\x31.enterprise_management.ChromeProfileReportRequest\x12\x63\n#token_based_device_register_request\x18) \x01(\x0b\x32\x36.enterprise_management.TokenBasedDeviceRegisterRequest\x12\x65\n$fm_registration_token_upload_request\x18* \x01(\x0b\x32\x37.enterprise_management.FmRegistrationTokenUploadRequestJ\x04\x08\x18\x10\x19\"\xe8\x1b\n\x18\x44\x65viceManagementResponse\x12\x15\n\rerror_message\x18\x02 \x01(\t\x12H\n\x0c\x65rror_detail\x18\' \x03(\x0e\x32\x32.enterprise_management.DeviceManagementErrorDetail\x12H\n\x11register_response\x18\x03 \x01(\x0b\x32-.enterprise_management.DeviceRegisterResponse\x12L\n\x13unregister_response\x18\x04 \x01(\x0b\x32/.enterprise_management.DeviceUnregisterResponse\x12\x44\n\x0fpolicy_response\x18\x05 \x01(\x0b\x32+.enterprise_management.DevicePolicyResponse\x12X\n\x1d\x64\x65vice_status_report_response\x18\x06 \x01(\x0b\x32\x31.enterprise_management.DeviceStatusReportResponse\x12Z\n\x1esession_status_report_response\x18\x07 \x01(\x0b\x32\x32.enterprise_management.SessionStatusReportResponse\x12V\n\x1c\x63hild_status_report_response\x18\x1d \x01(\x0b\x32\x30.enterprise_management.ChildStatusReportResponse\x12U\n\x18\x61uto_enrollment_response\x18\x08 \x01(\x0b\x32\x33.enterprise_management.DeviceAutoEnrollmentResponse\x12M\n\x14\x63\x65rt_upload_response\x18\t \x01(\x0b\x32/.enterprise_management.DeviceCertUploadResponse\x12Z\n\x1bservice_api_access_response\x18\n \x01(\x0b\x32\x35.enterprise_management.DeviceServiceApiAccessResponse\x12\\\n\x1f\x64\x65vice_state_retrieval_response\x18\x0b \x01(\x0b\x32\x33.enterprise_management.DeviceStateRetrievalResponse\x12M\n\x17\x64\x65vice_pairing_response\x18\x0c \x01(\x0b\x32,.enterprise_management.DevicePairingResponse\x12X\n\x1d\x63heck_device_pairing_response\x18\r \x01(\x0b\x32\x31.enterprise_management.CheckDevicePairingResponse\x12S\n\x17remote_command_response\x18\x0e \x01(\x0b\x32\x32.enterprise_management.DeviceRemoteCommandResponse\x12s\n+device_attribute_update_permission_response\x18\x0f \x01(\x0b\x32>.enterprise_management.DeviceAttributeUpdatePermissionResponse\x12^\n device_attribute_update_response\x18\x10 \x01(\x0b\x32\x34.enterprise_management.DeviceAttributeUpdateResponse\x12J\n\x16gcm_id_update_response\x18\x11 \x01(\x0b\x32*.enterprise_management.GcmIdUpdateResponse\x12`\n!check_android_management_response\x18\x12 \x01(\x0b\x32\x35.enterprise_management.CheckAndroidManagementResponse\x12p\n*active_directory_enroll_play_user_response\x18\x13 \x01(\x0b\x32<.enterprise_management.ActiveDirectoryEnrollPlayUserResponse\x12k\n\'active_directory_play_activity_response\x18\x14 \x01(\x0b\x32:.enterprise_management.ActiveDirectoryPlayActivityResponse\x12g\n(check_device_license_response_deprecated\x18\x15 \x01(\x0b\x32\x31.enterprise_management.CheckDeviceLicenseResponseB\x02\x18\x01\x12g\n%active_directory_user_signin_response\x18\x16 \x01(\x0b\x32\x38.enterprise_management.ActiveDirectoryUserSigninResponse\x12Z\n\x1e\x63hrome_desktop_report_response\x18\x17 \x01(\x0b\x32\x32.enterprise_management.ChromeDesktopReportResponse\x12T\n\x1b\x61pp_install_report_response\x18\x19 \x01(\x0b\x32/.enterprise_management.AppInstallReportResponse\x12`\n!policy_validation_report_response\x18\x1a \x01(\x0b\x32\x35.enterprise_management.PolicyValidationReportResponse\x12m\n(device_initial_enrollment_state_response\x18\x1b \x01(\x0b\x32;.enterprise_management.DeviceInitialEnrollmentStateResponse\x12O\n\x18refresh_account_response\x18\x1c \x01(\x0b\x32-.enterprise_management.RefreshAccountResponse\x12Y\n\x1ersu_lookup_key_upload_response\x18\x1e \x01(\x0b\x32\x31.enterprise_management.RsuLookupKeyUploadResponse\x12P\n\x19public_saml_user_response\x18\x1f \x01(\x0b\x32-.enterprise_management.PublicSamlUserResponse\x12Y\n\x1e\x63hrome_os_user_report_response\x18 \x01(\x0b\x32\x31.enterprise_management.ChromeOsUserReportResponse\x12n\n(client_certificate_provisioning_response\x18! \x01(\x0b\x32<.enterprise_management.ClientCertificateProvisioningResponse\x12T\n\x1b\x63heck_user_account_response\x18\" \x01(\x0b\x32/.enterprise_management.CheckUserAccountResponse\x12\\\n\x1fprivate_set_membership_response\x18# \x01(\x0b\x32\x33.enterprise_management.PrivateSetMembershipResponse\x12\x61\n\"browser_public_key_upload_response\x18$ \x01(\x0b\x32\x35.enterprise_management.BrowserPublicKeyUploadResponse\x12R\n\x1aupload_euicc_info_response\x18% \x01(\x0b\x32..enterprise_management.UploadEuiccInfoResponse\x12Z\n\x1e\x63hrome_profile_report_response\x18& \x01(\x0b\x32\x32.enterprise_management.ChromeProfileReportResponse\x12\x65\n$token_based_device_register_response\x18( \x01(\x0b\x32\x37.enterprise_management.TokenBasedDeviceRegisterResponse\x12g\n%fm_registration_token_upload_response\x18) \x01(\x0b\x32\x38.enterprise_management.FmRegistrationTokenUploadResponseJ\x04\x08\x01\x10\x02J\x04\x08\x18\x10\x19\"5\n\x18\x44\x65viceStateRetrievalInfo\x12\x19\n\x11has_initial_state\x18\x01 \x01(\x08*\xf0\x01\n\x0fUserSessionType\x12\x1d\n\x19USER_SESSION_TYPE_UNKNOWN\x10\x00\x12\x1f\n\x1b\x41UTO_LAUNCHED_KIOSK_SESSION\x10\x01\x12#\n\x1fMANUALLY_LAUNCHED_KIOSK_SESSION\x10\x02\x12\x1b\n\x17\x41\x46\x46ILIATED_USER_SESSION\x10\x03\x12\x1d\n\x19UNAFFILIATED_USER_SESSION\x10\x04\x12\x19\n\x15MANAGED_GUEST_SESSION\x10\x05\x12\x11\n\rGUEST_SESSION\x10\x06\x12\x0e\n\nNO_SESSION\x10\x07*e\n\x0e\x43rdSessionType\x12\x1c\n\x18\x43RD_SESSION_TYPE_UNKNOWN\x10\x00\x12\x19\n\x15REMOTE_ACCESS_SESSION\x10\x01\x12\x1a\n\x16REMOTE_SUPPORT_SESSION\x10\x02*\xf6\x01\n\x16\x43rdSessionAvailability\x12$\n CRD_SESSION_AVAILABILITY_UNKNOWN\x10\x00\x12\r\n\tAVAILABLE\x10\x01\x12-\n)UNAVAILABLE_UNSUPPORTED_USER_SESSION_TYPE\x10\x02\x12%\n!UNAVAILABLE_UNMANAGED_ENVIRONMENT\x10\x03\x12-\n)UNAVAILABLE_UNSUPPORTED_DEVICE_OS_VERSION\x10\x04\x12\"\n\x1eUNAVAILABLE_DISABLED_BY_POLICY\x10\x05*\xd0\x02\n\x19StartCrdSessionResultCode\x12-\n START_CRD_SESSION_RESULT_UNKNOWN\x10\xff\xff\xff\xff\xff\xff\xff\xff\xff\x01\x12\x1d\n\x19START_CRD_SESSION_SUCCESS\x10\x00\x12\x16\n\x12SERVICES_NOT_READY\x10\x01\x12!\n\x1d\x46\x41ILURE_UNSUPPORTED_USER_TYPE\x10\x02\x12\x14\n\x10\x46\x41ILURE_NOT_IDLE\x10\x03\x12\x1a\n\x16\x46\x41ILURE_NO_OAUTH_TOKEN\x10\x04\x12\x19\n\x15\x46\x41ILURE_NO_ICE_CONFIG\x10\x05\x12\x1a\n\x16\x46\x41ILURE_CRD_HOST_ERROR\x10\x06\x12!\n\x1d\x46\x41ILURE_UNMANAGED_ENVIRONMENT\x10\x07\x12\x1e\n\x1a\x46\x41ILURE_DISABLED_BY_POLICY\x10\x08*\xee\x01\n\x1c\x46\x65tchSupportPacketResultCode\x12\x30\n,FETCH_SUPPORT_PACKET_RESULT_CODE_UNSPECIFIED\x10\x00\x12\'\n#FETCH_SUPPORT_PACKET_RESULT_SUCCESS\x10\x01\x12\x1f\n\x1b\x46\x41ILURE_COMMAND_NOT_ENABLED\x10\x02\x12\x1a\n\x16\x46\x41ILURE_EXPORTING_FILE\x10\x03\x12\x1e\n\x1a\x46\x41ILURE_REPORTING_PIPELINE\x10\x04\x12\x16\n\x12\x46\x41ILURE_LOG_UPLOAD\x10\x05*p\n\x1c\x46\x65tchSupportPacketResultNote\x12\x33\n/FETCH_SUPPORT_PACKET_RESULT_PAYLOAD_UNSPECIFIED\x10\x00\x12\x1b\n\x17WARNING_PII_NOT_ALLOWED\x10\x01*i\n\x07\x43hannel\x12\x13\n\x0f\x43HANNEL_UNKNOWN\x10\x00\x12\x12\n\x0e\x43HANNEL_CANARY\x10\x01\x12\x0f\n\x0b\x43HANNEL_DEV\x10\x02\x12\x10\n\x0c\x43HANNEL_BETA\x10\x03\x12\x12\n\x0e\x43HANNEL_STABLE\x10\x04*\xab\x01\n\x0e\x42usDeviceClass\x12\x1c\n\x18\x44\x45VICE_CLASS_UNSPECIFIED\x10\x00\x12\x16\n\x12\x44ISPLAY_CONTROLLER\x10\x01\x12\x17\n\x13\x45THERNET_CONTROLLER\x10\x02\x12\x17\n\x13WIRELESS_CONTROLLER\x10\x03\x12\x15\n\x11\x42LUETOOTH_ADAPTER\x10\x04\x12\x1a\n\x16THUNDERBOLT_CONTROLLER\x10\x05*R\n\x07\x42usType\x12\x18\n\x14\x42US_TYPE_UNSPECIFIED\x10\x00\x12\x0b\n\x07PCI_BUS\x10\x01\x12\x0b\n\x07USB_BUS\x10\x02\x12\x13\n\x0fTHUNDERBOLT_BUS\x10\x03*q\n\x0f\x43rostiniAppType\x12\x1e\n\x1a\x43ROSTINI_APP_TYPE_TERMINAL\x10\x00\x12!\n\x1d\x43ROSTINI_APP_TYPE_INTERACTIVE\x10\x01\x12\x1b\n\x17\x43ROSTINI_APP_TYPE_OTHER\x10\x02*X\n\x10HashingAlgorithm\x12!\n\x1dHASHING_ALGORITHM_UNSPECIFIED\x10\x00\x12\x08\n\x04SHA1\x10\x01\x12\n\n\x06SHA256\x10\x02\x12\x0b\n\x07NO_HASH\x10\x03*I\n\x10SigningAlgorithm\x12!\n\x1dSIGNING_ALGORITHM_UNSPECIFIED\x10\x00\x12\x12\n\x0eRSA_PKCS1_V1_5\x10\x01*q\n\x1a\x43\x65rtProvSignatureAlgorithm\x12#\n\x1fSIGNATURE_ALGORITHM_UNSPECIFIED\x10\x00\x12.\n*SIGNATURE_ALGORITHM_RSA_PKCS1_V1_5_NO_HASH\x10\x01*\x9a\x01\n\x1b\x44\x65viceManagementErrorDetail\x12\x13\n\x0fNO_ERROR_DETAIL\x10\x00\x12\x30\n,CBCM_DELETION_POLICY_PREFERENCE_DELETE_TOKEN\x10\x01\x12\x34\n0CBCM_DELETION_POLICY_PREFERENCE_INVALIDATE_TOKEN\x10\x02\x42/H\x03Z+chromium/policy/enterprise_management_proto') + +_builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, globals()) +_builder.BuildTopDescriptorsAndMessages(DESCRIPTOR, 'device_management_pb2', globals()) +if _descriptor._USE_C_DESCRIPTORS == False: + + DESCRIPTOR._options = None + DESCRIPTOR._serialized_options = b'H\003Z+chromium/policy/enterprise_management_proto' + _POLICYFETCHRESPONSE.fields_by_name['new_public_key_verification_signature_deprecated']._options = None + _POLICYFETCHRESPONSE.fields_by_name['new_public_key_verification_signature_deprecated']._serialized_options = b'\030\001' + _POLICYFETCHRESPONSE.fields_by_name['policy_type']._options = None + _POLICYFETCHRESPONSE.fields_by_name['policy_type']._serialized_options = b'\030\001' + _BOOTINFO.fields_by_name['secure_boot']._options = None + _BOOTINFO.fields_by_name['secure_boot']._serialized_options = b'\030\001' + _DEVICESTATUSREPORTREQUEST.fields_by_name['cpu_utilization_pct_samples']._options = None + _DEVICESTATUSREPORTREQUEST.fields_by_name['cpu_utilization_pct_samples']._serialized_options = b'\030\001' + _DEVICESTATUSREPORTREQUEST.fields_by_name['system_ram_free_samples']._options = None + _DEVICESTATUSREPORTREQUEST.fields_by_name['system_ram_free_samples']._serialized_options = b'\030\001' + _CHROMEDESKTOPREPORTREQUEST.fields_by_name['machine_name']._options = None + _CHROMEDESKTOPREPORTREQUEST.fields_by_name['machine_name']._serialized_options = b'\030\001' + _CHROMEDESKTOPREPORTREQUEST.fields_by_name['serial_number']._options = None + _CHROMEDESKTOPREPORTREQUEST.fields_by_name['serial_number']._serialized_options = b'\030\001' + _CHROMEDESKTOPREPORTREQUEST.fields_by_name['computer_name']._options = None + _CHROMEDESKTOPREPORTREQUEST.fields_by_name['computer_name']._serialized_options = b'\030\001' + _LICENSEAVAILABILITY.fields_by_name['license_type_deprecated']._options = None + _LICENSEAVAILABILITY.fields_by_name['license_type_deprecated']._serialized_options = b'\030\001' + _LICENSEAVAILABILITY.fields_by_name['available_licenses_deprecated']._options = None + _LICENSEAVAILABILITY.fields_by_name['available_licenses_deprecated']._serialized_options = b'\030\001' + _CHECKDEVICELICENSERESPONSE.fields_by_name['license_selection_mode_deprecated']._options = None + _CHECKDEVICELICENSERESPONSE.fields_by_name['license_selection_mode_deprecated']._serialized_options = b'\030\001' + _CHECKDEVICELICENSERESPONSE.fields_by_name['license_availabilities_deprecated']._options = None + _CHECKDEVICELICENSERESPONSE.fields_by_name['license_availabilities_deprecated']._serialized_options = b'\030\001' + _TPMSTATUSINFO.fields_by_name['boot_lockbox_finalized']._options = None + _TPMSTATUSINFO.fields_by_name['boot_lockbox_finalized']._serialized_options = b'\030\001' + _EXTENSIONINSTALLREPORTLOGEVENT_USERTYPE.values_by_name["USER_TYPE_SUPERVISED_DEPRECATED"]._options = None + _EXTENSIONINSTALLREPORTLOGEVENT_USERTYPE.values_by_name["USER_TYPE_SUPERVISED_DEPRECATED"]._serialized_options = b'\010\001' + _DEVICEMANAGEMENTREQUEST.fields_by_name['check_device_license_request_deprecated']._options = None + _DEVICEMANAGEMENTREQUEST.fields_by_name['check_device_license_request_deprecated']._serialized_options = b'\030\001' + _DEVICEMANAGEMENTRESPONSE.fields_by_name['check_device_license_response_deprecated']._options = None + _DEVICEMANAGEMENTRESPONSE.fields_by_name['check_device_license_response_deprecated']._serialized_options = b'\030\001' + _USERSESSIONTYPE._serialized_start=57473 + _USERSESSIONTYPE._serialized_end=57713 + _CRDSESSIONTYPE._serialized_start=57715 + _CRDSESSIONTYPE._serialized_end=57816 + _CRDSESSIONAVAILABILITY._serialized_start=57819 + _CRDSESSIONAVAILABILITY._serialized_end=58065 + _STARTCRDSESSIONRESULTCODE._serialized_start=58068 + _STARTCRDSESSIONRESULTCODE._serialized_end=58404 + _FETCHSUPPORTPACKETRESULTCODE._serialized_start=58407 + _FETCHSUPPORTPACKETRESULTCODE._serialized_end=58645 + _FETCHSUPPORTPACKETRESULTNOTE._serialized_start=58647 + _FETCHSUPPORTPACKETRESULTNOTE._serialized_end=58759 + _CHANNEL._serialized_start=58761 + _CHANNEL._serialized_end=58866 + _BUSDEVICECLASS._serialized_start=58869 + _BUSDEVICECLASS._serialized_end=59040 + _BUSTYPE._serialized_start=59042 + _BUSTYPE._serialized_end=59124 + _CROSTINIAPPTYPE._serialized_start=59126 + _CROSTINIAPPTYPE._serialized_end=59239 + _HASHINGALGORITHM._serialized_start=59241 + _HASHINGALGORITHM._serialized_end=59329 + _SIGNINGALGORITHM._serialized_start=59331 + _SIGNINGALGORITHM._serialized_end=59404 + _CERTPROVSIGNATUREALGORITHM._serialized_start=59406 + _CERTPROVSIGNATUREALGORITHM._serialized_end=59519 + _DEVICEMANAGEMENTERRORDETAIL._serialized_start=59522 + _DEVICEMANAGEMENTERRORDETAIL._serialized_end=59676 + _LICENSETYPE._serialized_start=82 + _LICENSETYPE._serialized_end=267 + _LICENSETYPE_LICENSETYPEENUM._serialized_start=171 + _LICENSETYPE_LICENSETYPEENUM._serialized_end=267 + _SIGNEDDATA._serialized_start=269 + _SIGNEDDATA._serialized_end=340 + _CHECKUSERACCOUNTREQUEST._serialized_start=342 + _CHECKUSERACCOUNTREQUEST._serialized_end=428 + _DEVICEREGISTERREQUEST._serialized_start=431 + _DEVICEREGISTERREQUEST._serialized_end=2617 + _DEVICEREGISTERREQUEST_TYPE._serialized_start=1374 + _DEVICEREGISTERREQUEST_TYPE._serialized_end=1467 + _DEVICEREGISTERREQUEST_FLAVOR._serialized_start=1470 + _DEVICEREGISTERREQUEST_FLAVOR._serialized_end=2325 + _DEVICEREGISTERREQUEST_LIFETIME._serialized_start=2327 + _DEVICEREGISTERREQUEST_LIFETIME._serialized_end=2415 + _DEVICEREGISTERREQUEST_PSMEXECUTIONRESULT._serialized_start=2418 + _DEVICEREGISTERREQUEST_PSMEXECUTIONRESULT._serialized_end=2605 + _DEVICEREGISTERIDENTIFICATION._serialized_start=2619 + _DEVICEREGISTERIDENTIFICATION._serialized_end=2677 + _CHECKUSERACCOUNTRESPONSE._serialized_start=2680 + _CHECKUSERACCOUNTRESPONSE._serialized_end=3107 + _CHECKUSERACCOUNTRESPONSE_USERACCOUNTTYPE._serialized_start=2925 + _CHECKUSERACCOUNTRESPONSE_USERACCOUNTTYPE._serialized_end=3014 + _CHECKUSERACCOUNTRESPONSE_ENROLLMENTNUDGETYPE._serialized_start=3016 + _CHECKUSERACCOUNTRESPONSE_ENROLLMENTNUDGETYPE._serialized_end=3107 + _DEVICEREGISTERRESPONSE._serialized_start=3110 + _DEVICEREGISTERRESPONSE._serialized_end=3665 + _DEVICEREGISTERRESPONSE_DEVICEMODE._serialized_start=3502 + _DEVICEREGISTERRESPONSE_DEVICEMODE._serialized_end=3589 + _DEVICEREGISTERRESPONSE_THIRDPARTYIDENTITYTYPE._serialized_start=3591 + _DEVICEREGISTERRESPONSE_THIRDPARTYIDENTITYTYPE._serialized_end=3659 + _DEVICEUNREGISTERREQUEST._serialized_start=3667 + _DEVICEUNREGISTERREQUEST._serialized_end=3692 + _DEVICEUNREGISTERRESPONSE._serialized_start=3694 + _DEVICEUNREGISTERRESPONSE._serialized_end=3720 + _DEVICECERTUPLOADREQUEST._serialized_start=3723 + _DEVICECERTUPLOADREQUEST._serialized_end=4017 + _DEVICECERTUPLOADREQUEST_CERTIFICATETYPE._serialized_start=3891 + _DEVICECERTUPLOADREQUEST_CERTIFICATETYPE._serialized_end=4017 + _DEVICECERTUPLOADRESPONSE._serialized_start=4019 + _DEVICECERTUPLOADRESPONSE._serialized_end=4045 + _DEVICESERVICEAPIACCESSREQUEST._serialized_start=4048 + _DEVICESERVICEAPIACCESSREQUEST._serialized_end=4302 + _DEVICESERVICEAPIACCESSREQUEST_DEVICETYPE._serialized_start=4214 + _DEVICESERVICEAPIACCESSREQUEST_DEVICETYPE._serialized_end=4302 + _DEVICESERVICEAPIACCESSRESPONSE._serialized_start=4304 + _DEVICESERVICEAPIACCESSRESPONSE._serialized_end=4355 + _BROWSERDEVICEIDENTIFIER._serialized_start=4357 + _BROWSERDEVICEIDENTIFIER._serialized_end=4434 + _POLICYFETCHREQUEST._serialized_start=4437 + _POLICYFETCHREQUEST._serialized_end=4970 + _POLICYFETCHREQUEST_SIGNATURETYPE._serialized_start=4909 + _POLICYFETCHREQUEST_SIGNATURETYPE._serialized_end=4964 + _DISABLEDSTATE._serialized_start=4972 + _DISABLEDSTATE._serialized_end=5004 + _DEVICESTATE._serialized_start=5007 + _DEVICESTATE._serialized_end=5234 + _DEVICESTATE_DEVICEMODE._serialized_start=5172 + _DEVICESTATE_DEVICEMODE._serialized_end=5234 + _CUSTOMERLOGO._serialized_start=5236 + _CUSTOMERLOGO._serialized_end=5268 + _POLICYDATA._serialized_start=5271 + _POLICYDATA._serialized_end=6951 + _POLICYDATA_ASSOCIATIONSTATE._serialized_start=6450 + _POLICYDATA_ASSOCIATIONSTATE._serialized_end=6514 + _POLICYDATA_MANAGEMENTMODE._serialized_start=6516 + _POLICYDATA_MANAGEMENTMODE._serialized_end=6604 + _POLICYDATA_MARKETSEGMENT._serialized_start=6606 + _POLICYDATA_MARKETSEGMENT._serialized_end=6702 + _POLICYDATA_METRICSLOGSEGMENT._serialized_start=6704 + _POLICYDATA_METRICSLOGSEGMENT._serialized_end=6796 + _CLIENTACTIONREQUIRED._serialized_start=6953 + _CLIENTACTIONREQUIRED._serialized_end=7014 + _POLICYFETCHRESPONSE._serialized_start=7017 + _POLICYFETCHRESPONSE._serialized_end=7465 + _DEPRECATEDPOLICYPUBLICKEYANDDOMAIN._serialized_start=7467 + _DEPRECATEDPOLICYPUBLICKEYANDDOMAIN._serialized_end=7543 + _PUBLICKEYVERIFICATIONDATA._serialized_start=7545 + _PUBLICKEYVERIFICATIONDATA._serialized_end=7644 + _DEVICEPOLICYREQUEST._serialized_start=7647 + _DEVICEPOLICYREQUEST._serialized_end=8525 + _DEVICEPOLICYREQUEST_REASON._serialized_start=7799 + _DEVICEPOLICYREQUEST_REASON._serialized_end=8525 + _DEVICEPOLICYRESPONSE._serialized_start=8527 + _DEVICEPOLICYRESPONSE._serialized_end=8612 + _TIMEPERIOD._serialized_start=8614 + _TIMEPERIOD._serialized_end=8674 + _ACTIVETIMEPERIOD._serialized_start=8677 + _ACTIVETIMEPERIOD._serialized_end=9029 + _ACTIVETIMEPERIOD_SESSIONTYPE._serialized_start=8874 + _ACTIVETIMEPERIOD_SESSIONTYPE._serialized_end=9029 + _NETWORKINTERFACE._serialized_start=9032 + _NETWORKINTERFACE._serialized_end=9335 + _NETWORKINTERFACE_NETWORKDEVICETYPE._serialized_start=9237 + _NETWORKINTERFACE_NETWORKDEVICETYPE._serialized_end=9335 + _NETWORKSTATE._serialized_start=9338 + _NETWORKSTATE._serialized_end=9675 + _NETWORKSTATE_CONNECTIONSTATE._serialized_start=9517 + _NETWORKSTATE_CONNECTIONSTATE._serialized_end=9675 + _DEVICEUSER._serialized_start=9678 + _DEVICEUSER._serialized_end=9823 + _DEVICEUSER_USERTYPE._serialized_start=9765 + _DEVICEUSER_USERTYPE._serialized_end=9823 + _VOLUMEINFO._serialized_start=9825 + _VOLUMEINFO._serialized_end=9901 + _CPUUTILIZATIONINFO._serialized_start=9903 + _CPUUTILIZATIONINFO._serialized_end=9971 + _SYSTEMFREERAMINFO._serialized_start=9973 + _SYSTEMFREERAMINFO._serialized_end=10034 + _CPUTEMPINFO._serialized_start=10036 + _CPUTEMPINFO._serialized_end=10105 + _STATEFULPARTITIONINFO._serialized_start=10107 + _STATEFULPARTITIONINFO._serialized_end=10218 + _BATTERYSAMPLE._serialized_start=10221 + _BATTERYSAMPLE._serialized_end=10399 + _BATTERYINFO._serialized_start=10402 + _BATTERYINFO._serialized_end=10682 + _POWERSTATUS._serialized_start=10685 + _POWERSTATUS._serialized_end=10890 + _POWERSTATUS_POWERSOURCE._serialized_start=10825 + _POWERSTATUS_POWERSOURCE._serialized_end=10890 + _DISKLIFETIMEESTIMATION._serialized_start=10892 + _DISKLIFETIMEESTIMATION._serialized_end=10942 + _DISKINFO._serialized_start=10945 + _DISKINFO._serialized_end=11910 + _DISKINFO_DEVICEPURPOSE._serialized_start=11769 + _DISKINFO_DEVICEPURPOSE._serialized_end=11841 + _STORAGESTATUS._serialized_start=11913 + _STORAGESTATUS._serialized_end=12052 + _THERMALSAMPLE._serialized_start=12054 + _THERMALSAMPLE._serialized_end=12109 + _THERMALINFO._serialized_start=12111 + _THERMALINFO._serialized_end=12200 + _BOARDSTATUS._serialized_start=12202 + _BOARDSTATUS._serialized_end=12274 + _SYSTEMSTATUS._serialized_start=12277 + _SYSTEMSTATUS._serialized_end=12527 + _CPUCSTATEINFO._serialized_start=12529 + _CPUCSTATEINFO._serialized_end=12600 + _LOGICALCPUINFO._serialized_start=12603 + _LOGICALCPUINFO._serialized_end=12776 + _CPUINFO._serialized_start=12779 + _CPUINFO._serialized_end=13048 + _CPUINFO_ARCHITECTURE._serialized_start=12967 + _CPUINFO_ARCHITECTURE._serialized_end=13048 + _GLOBALCPUINFO._serialized_start=13050 + _GLOBALCPUINFO._serialized_end=13092 + _DISPLAYINFO._serialized_start=13094 + _DISPLAYINFO._serialized_end=13203 + _GRAPHICSADAPTERINFO._serialized_start=13205 + _GRAPHICSADAPTERINFO._serialized_end=13309 + _GRAPHICSSTATUS._serialized_start=13312 + _GRAPHICSSTATUS._serialized_end=13443 + _CRASHREPORTINFO._serialized_start=13446 + _CRASHREPORTINFO._serialized_end=13795 + _CRASHREPORTINFO_CRASHREPORTUPLOADSTATUS._serialized_start=13614 + _CRASHREPORTINFO_CRASHREPORTUPLOADSTATUS._serialized_end=13795 + _TIMEZONEINFO._serialized_start=13797 + _TIMEZONEINFO._serialized_end=13842 + _MEMORYINFO._serialized_start=13845 + _MEMORYINFO._serialized_end=13975 + _BACKLIGHTINFO._serialized_start=13977 + _BACKLIGHTINFO._serialized_end=14050 + _FANINFO._serialized_start=14052 + _FANINFO._serialized_end=14080 + _BLUETOOTHADAPTERINFO._serialized_start=14082 + _BLUETOOTHADAPTERINFO._serialized_end=14183 + _SMBIOSINFO._serialized_start=14185 + _SMBIOSINFO._serialized_end=14286 + _KERNELPARAMETERS._serialized_start=14288 + _KERNELPARAMETERS._serialized_end=14324 + _EFIVARS._serialized_start=14326 + _EFIVARS._serialized_end=14356 + _BOOTINFO._serialized_start=14359 + _BOOTINFO._serialized_end=14556 + _BOOTINFO_BOOTMETHOD._serialized_start=14461 + _BOOTINFO_BOOTMETHOD._serialized_end=14556 + _NETWORKADAPTERINFO._serialized_start=14559 + _NETWORKADAPTERINFO._serialized_end=14786 + _LACROSBROWSERREPORT._serialized_start=14789 + _LACROSBROWSERREPORT._serialized_end=14928 + _DEMOMODEDIMENSIONS._serialized_start=14931 + _DEMOMODEDIMENSIONS._serialized_end=15193 + _DEMOMODEDIMENSIONS_CUSTOMIZATIONFACET._serialized_start=15107 + _DEMOMODEDIMENSIONS_CUSTOMIZATIONFACET._serialized_end=15193 + _DEVICESTATUSREPORTREQUEST._serialized_start=15196 + _DEVICESTATUSREPORTREQUEST._serialized_end=17695 + _OSUPDATESTATUS._serialized_start=17698 + _OSUPDATESTATUS._serialized_end=18054 + _OSUPDATESTATUS_UPDATESTATUS._serialized_start=17924 + _OSUPDATESTATUS_UPDATESTATUS._serialized_end=18054 + _APPSTATUS._serialized_start=18056 + _APPSTATUS._serialized_end=18176 + _APPINFO._serialized_start=18179 + _APPINFO._serialized_end=18709 + _APPINFO_APPTYPE._serialized_start=18441 + _APPINFO_APPTYPE._serialized_end=18612 + _APPINFO_STATUS._serialized_start=18614 + _APPINFO_STATUS._serialized_end=18709 + _ANDROIDAPPPERMISSION._serialized_start=18711 + _ANDROIDAPPPERMISSION._serialized_end=18781 + _ANDROIDAPPINFO._serialized_start=18784 + _ANDROIDAPPINFO._serialized_end=19301 + _ANDROIDAPPINFO_ANDROIDAPPSTATUS._serialized_start=19094 + _ANDROIDAPPINFO_ANDROIDAPPSTATUS._serialized_end=19195 + _ANDROIDAPPINFO_INSTALLEDSOURCE._serialized_start=19197 + _ANDROIDAPPINFO_INSTALLEDSOURCE._serialized_end=19301 + _CHROMEUSERPROFILEREPORT._serialized_start=19304 + _CHROMEUSERPROFILEREPORT._serialized_end=19629 + _CHROMESIGNEDINUSER._serialized_start=19631 + _CHROMESIGNEDINUSER._serialized_end=19694 + _EXTENSIONREQUEST._serialized_start=19696 + _EXTENSIONREQUEST._serialized_end=19776 + _EXTENSION._serialized_start=19779 + _EXTENSION._serialized_end=20500 + _EXTENSION_EXTENSIONTYPE._serialized_start=20126 + _EXTENSION_EXTENSIONTYPE._serialized_end=20383 + _EXTENSION_INSTALLTYPE._serialized_start=20385 + _EXTENSION_INSTALLTYPE._serialized_end=20488 + _POLICY._serialized_start=20503 + _POLICY._serialized_end=21230 + _POLICY_POLICYLEVEL._serialized_start=20733 + _POLICY_POLICYLEVEL._serialized_end=20809 + _POLICY_POLICYSCOPE._serialized_start=20811 + _POLICY_POLICYSCOPE._serialized_end=20878 + _POLICY_POLICYSOURCE._serialized_start=20881 + _POLICY_POLICYSOURCE._serialized_end=21230 + _EXTENSIONPOLICY._serialized_start=21232 + _EXTENSIONPOLICY._serialized_end=21320 + _POLICYFETCHTIMESTAMP._serialized_start=21322 + _POLICYFETCHTIMESTAMP._serialized_end=21377 + _CHROMEUSERPROFILEINFO._serialized_start=21380 + _CHROMEUSERPROFILEINFO._serialized_end=21865 + _BROWSERREPORT._serialized_start=21868 + _BROWSERREPORT._serialized_end=22232 + _OSREPORT._serialized_start=22235 + _OSREPORT._serialized_end=22475 + _OSREPORT_VERSIONTYPE._serialized_start=22359 + _OSREPORT_VERSIONTYPE._serialized_end=22475 + _CHROMEDESKTOPREPORTREQUEST._serialized_start=22478 + _CHROMEDESKTOPREPORTREQUEST._serialized_end=22920 + _CHROMEOSUSERREPORTREQUEST._serialized_start=22923 + _CHROMEOSUSERREPORTREQUEST._serialized_end=23084 + _CHROMEPROFILEREPORTREQUEST._serialized_start=23087 + _CHROMEPROFILEREPORTREQUEST._serialized_end=23229 + _POLICYVALUEVALIDATIONISSUE._serialized_start=23232 + _POLICYVALUEVALIDATIONISSUE._serialized_end=23572 + _POLICYVALUEVALIDATIONISSUE_VALUEVALIDATIONISSUESEVERITY._serialized_start=23405 + _POLICYVALUEVALIDATIONISSUE_VALUEVALIDATIONISSUESEVERITY._serialized_end=23572 + _POLICYVALIDATIONREPORTREQUEST._serialized_start=23575 + _POLICYVALIDATIONREPORTREQUEST._serialized_end=24590 + _POLICYVALIDATIONREPORTREQUEST_VALIDATIONRESULTTYPE._serialized_start=23850 + _POLICYVALIDATIONREPORTREQUEST_VALIDATIONRESULTTYPE._serialized_end=24590 + _POLICYVALIDATIONREPORTRESPONSE._serialized_start=24592 + _POLICYVALIDATIONREPORTRESPONSE._serialized_end=24624 + _ANDROIDSTATUS._serialized_start=24626 + _ANDROIDSTATUS._serialized_end=24691 + _CROSTINIAPP._serialized_start=24694 + _CROSTINIAPP._serialized_end=24901 + _CROSTINISTATUS._serialized_start=24904 + _CROSTINISTATUS._serialized_end=25106 + _SESSIONSTATUSREPORTREQUEST._serialized_start=25109 + _SESSIONSTATUSREPORTREQUEST._serialized_end=25471 + _DEVICESTATUSREPORTRESPONSE._serialized_start=25473 + _DEVICESTATUSREPORTRESPONSE._serialized_end=25544 + _CHROMEDESKTOPREPORTRESPONSE._serialized_start=25546 + _CHROMEDESKTOPREPORTRESPONSE._serialized_end=25575 + _CHROMEOSUSERREPORTRESPONSE._serialized_start=25577 + _CHROMEOSUSERREPORTRESPONSE._serialized_end=25605 + _CHROMEPROFILEREPORTRESPONSE._serialized_start=25607 + _CHROMEPROFILEREPORTRESPONSE._serialized_end=25636 + _SESSIONSTATUSREPORTRESPONSE._serialized_start=25638 + _SESSIONSTATUSREPORTRESPONSE._serialized_end=25710 + _PRIVATESETMEMBERSHIPREQUEST._serialized_start=25712 + _PRIVATESETMEMBERSHIPREQUEST._serialized_end=25819 + _PRIVATESETMEMBERSHIPRESPONSE._serialized_start=25821 + _PRIVATESETMEMBERSHIPRESPONSE._serialized_end=25931 + _PRIVATESETMEMBERSHIPRLWEREQUEST._serialized_start=25934 + _PRIVATESETMEMBERSHIPRLWEREQUEST._serialized_end=26131 + _PRIVATESETMEMBERSHIPRLWERESPONSE._serialized_start=26134 + _PRIVATESETMEMBERSHIPRLWERESPONSE._serialized_end=26336 + _DEVICEAUTOENROLLMENTREQUEST._serialized_start=26339 + _DEVICEAUTOENROLLMENTREQUEST._serialized_end=26674 + _DEVICEAUTOENROLLMENTREQUEST_ENROLLMENTCHECKTYPE._serialized_start=26538 + _DEVICEAUTOENROLLMENTREQUEST_ENROLLMENTCHECKTYPE._serialized_end=26674 + _DEVICEAUTOENROLLMENTRESPONSE._serialized_start=26676 + _DEVICEAUTOENROLLMENTRESPONSE._serialized_end=26748 + _DEVICESTATERETRIEVALREQUEST._serialized_start=26751 + _DEVICESTATERETRIEVALREQUEST._serialized_end=26882 + _DEVICESTATEKEYUPDATEREQUEST._serialized_start=26884 + _DEVICESTATEKEYUPDATEREQUEST._serialized_end=26947 + _DEVICESTATERETRIEVALRESPONSE._serialized_start=26950 + _DEVICESTATERETRIEVALRESPONSE._serialized_end=27515 + _DEVICESTATERETRIEVALRESPONSE_RESTOREMODE._serialized_start=27329 + _DEVICESTATERETRIEVALRESPONSE_RESTOREMODE._serialized_end=27515 + _DEVICEINITIALENROLLMENTSTATEREQUEST._serialized_start=27517 + _DEVICEINITIALENROLLMENTSTATEREQUEST._serialized_end=27623 + _DEVICEINITIALENROLLMENTSTATERESPONSE._serialized_start=27626 + _DEVICEINITIALENROLLMENTSTATERESPONSE._serialized_end=28673 + _DEVICEINITIALENROLLMENTSTATERESPONSE_INITIALENROLLMENTMODE._serialized_start=28168 + _DEVICEINITIALENROLLMENTSTATERESPONSE_INITIALENROLLMENTMODE._serialized_end=28416 + _DEVICEINITIALENROLLMENTSTATERESPONSE_LICENSEPACKAGINGSKU._serialized_start=28418 + _DEVICEINITIALENROLLMENTSTATERESPONSE_LICENSEPACKAGINGSKU._serialized_end=28520 + _DEVICEINITIALENROLLMENTSTATERESPONSE_ASSIGNEDUPGRADETYPE._serialized_start=28523 + _DEVICEINITIALENROLLMENTSTATERESPONSE_ASSIGNEDUPGRADETYPE._serialized_end=28673 + _DEVICEPAIRINGREQUEST._serialized_start=28675 + _DEVICEPAIRINGREQUEST._serialized_end=28751 + _DEVICEPAIRINGRESPONSE._serialized_start=28754 + _DEVICEPAIRINGRESPONSE._serialized_end=29031 + _DEVICEPAIRINGRESPONSE_STATUSCODE._serialized_start=28866 + _DEVICEPAIRINGRESPONSE_STATUSCODE._serialized_end=29031 + _CHECKDEVICEPAIRINGREQUEST._serialized_start=29033 + _CHECKDEVICEPAIRINGREQUEST._serialized_end=29114 + _CHECKDEVICEPAIRINGRESPONSE._serialized_start=29117 + _CHECKDEVICEPAIRINGRESPONSE._serialized_end=29451 + _CHECKDEVICEPAIRINGRESPONSE_STATUSCODE._serialized_start=29243 + _CHECKDEVICEPAIRINGRESPONSE_STATUSCODE._serialized_end=29451 + _REMOTECOMMAND._serialized_start=29454 + _REMOTECOMMAND._serialized_end=30181 + _REMOTECOMMAND_TYPE._serialized_start=29616 + _REMOTECOMMAND_TYPE._serialized_end=30181 + _REMOTECOMMANDRESULT._serialized_start=30184 + _REMOTECOMMANDRESULT._serialized_end=30406 + _REMOTECOMMANDRESULT_RESULTTYPE._serialized_start=30334 + _REMOTECOMMANDRESULT_RESULTTYPE._serialized_end=30406 + _DEVICEREMOTECOMMANDREQUEST._serialized_start=30409 + _DEVICEREMOTECOMMANDREQUEST._serialized_end=30663 + _DEVICEREMOTECOMMANDRESPONSE._serialized_start=30666 + _DEVICEREMOTECOMMANDRESPONSE._serialized_end=30811 + _DEVICEATTRIBUTEUPDATEPERMISSIONREQUEST._serialized_start=30813 + _DEVICEATTRIBUTEUPDATEPERMISSIONREQUEST._serialized_end=30853 + _DEVICEATTRIBUTEUPDATEPERMISSIONRESPONSE._serialized_start=30856 + _DEVICEATTRIBUTEUPDATEPERMISSIONRESPONSE._serialized_end=31065 + _DEVICEATTRIBUTEUPDATEPERMISSIONRESPONSE_RESULTTYPE._serialized_start=30990 + _DEVICEATTRIBUTEUPDATEPERMISSIONRESPONSE_RESULTTYPE._serialized_end=31065 + _DEVICEATTRIBUTEUPDATEREQUEST._serialized_start=31067 + _DEVICEATTRIBUTEUPDATEREQUEST._serialized_end=31133 + _DEVICEATTRIBUTEUPDATERESPONSE._serialized_start=31136 + _DEVICEATTRIBUTEUPDATERESPONSE._serialized_end=31320 + _DEVICEATTRIBUTEUPDATERESPONSE_RESULTTYPE._serialized_start=31250 + _DEVICEATTRIBUTEUPDATERESPONSE_RESULTTYPE._serialized_end=31320 + _GCMIDUPDATEREQUEST._serialized_start=31322 + _GCMIDUPDATEREQUEST._serialized_end=31358 + _GCMIDUPDATERESPONSE._serialized_start=31360 + _GCMIDUPDATERESPONSE._serialized_end=31381 + _CHECKANDROIDMANAGEMENTREQUEST._serialized_start=31383 + _CHECKANDROIDMANAGEMENTREQUEST._serialized_end=31414 + _CHECKANDROIDMANAGEMENTRESPONSE._serialized_start=31416 + _CHECKANDROIDMANAGEMENTRESPONSE._serialized_end=31448 + _CERTIFICATEBASEDDEVICEREGISTERREQUEST._serialized_start=31450 + _CERTIFICATEBASEDDEVICEREGISTERREQUEST._serialized_end=31548 + _TOKENBASEDDEVICEREGISTERREQUEST._serialized_start=31550 + _TOKENBASEDDEVICEREGISTERREQUEST._serialized_end=31662 + _TOKENBASEDDEVICEREGISTERRESPONSE._serialized_start=31664 + _TOKENBASEDDEVICEREGISTERRESPONSE._serialized_end=31779 + _DEVICEREGISTERCONFIGURATION._serialized_start=31781 + _DEVICEREGISTERCONFIGURATION._serialized_end=31832 + _CERTIFICATEBASEDDEVICEREGISTRATIONDATA._serialized_start=31835 + _CERTIFICATEBASEDDEVICEREGISTRATIONDATA._serialized_end=32249 + _CERTIFICATEBASEDDEVICEREGISTRATIONDATA_CERTIFICATETYPE._serialized_start=32180 + _CERTIFICATEBASEDDEVICEREGISTRATIONDATA_CERTIFICATETYPE._serialized_end=32249 + _REGISTERBROWSERREQUEST._serialized_start=32252 + _REGISTERBROWSERREQUEST._serialized_end=32464 + _ACTIVEDIRECTORYENROLLPLAYUSERREQUEST._serialized_start=32466 + _ACTIVEDIRECTORYENROLLPLAYUSERREQUEST._serialized_end=32529 + _ACTIVEDIRECTORYENROLLPLAYUSERRESPONSE._serialized_start=32532 + _ACTIVEDIRECTORYENROLLPLAYUSERRESPONSE._serialized_end=32683 + _SAMLPARAMETERSPROTO._serialized_start=32685 + _SAMLPARAMETERSPROTO._serialized_end=32758 + _PUBLICSAMLUSERREQUEST._serialized_start=32760 + _PUBLICSAMLUSERREQUEST._serialized_end=32803 + _PUBLICSAMLUSERRESPONSE._serialized_start=32805 + _PUBLICSAMLUSERRESPONSE._serialized_end=32898 + _ACTIVEDIRECTORYPLAYACTIVITYREQUEST._serialized_start=32900 + _ACTIVEDIRECTORYPLAYACTIVITYREQUEST._serialized_end=32953 + _ACTIVEDIRECTORYPLAYACTIVITYRESPONSE._serialized_start=32955 + _ACTIVEDIRECTORYPLAYACTIVITYRESPONSE._serialized_end=32992 + _CHECKDEVICELICENSEREQUEST._serialized_start=32994 + _CHECKDEVICELICENSEREQUEST._serialized_end=33021 + _LICENSEAVAILABILITY._serialized_start=33024 + _LICENSEAVAILABILITY._serialized_end=33161 + _CHECKDEVICELICENSERESPONSE._serialized_start=33164 + _CHECKDEVICELICENSERESPONSE._serialized_end=33482 + _CHECKDEVICELICENSERESPONSE_LICENSESELECTIONMODE._serialized_start=33404 + _CHECKDEVICELICENSERESPONSE_LICENSESELECTIONMODE._serialized_end=33482 + _ACTIVEDIRECTORYUSERSIGNINREQUEST._serialized_start=33484 + _ACTIVEDIRECTORYUSERSIGNINREQUEST._serialized_end=33518 + _ACTIVEDIRECTORYUSERSIGNINRESPONSE._serialized_start=33520 + _ACTIVEDIRECTORYUSERSIGNINRESPONSE._serialized_end=33582 + _TPMVERSIONINFO._serialized_start=33585 + _TPMVERSIONINFO._serialized_end=33929 + _TPMVERSIONINFO_GSCVERSION._serialized_start=33819 + _TPMVERSIONINFO_GSCVERSION._serialized_end=33929 + _TPMSTATUSINFO._serialized_start=33932 + _TPMSTATUSINFO._serialized_end=34382 + _TPMSUPPORTEDFEATURES._serialized_start=34384 + _TPMSUPPORTEDFEATURES._serialized_end=34509 + _SYSTEMSTATE._serialized_start=34511 + _SYSTEMSTATE._serialized_end=34581 + _EXTENSIONINSTALLREPORTLOGEVENT._serialized_start=34584 + _EXTENSIONINSTALLREPORTLOGEVENT._serialized_end=41211 + _EXTENSIONINSTALLREPORTLOGEVENT_EVENTTYPE._serialized_start=36004 + _EXTENSIONINSTALLREPORTLOGEVENT_EVENTTYPE._serialized_end=36166 + _EXTENSIONINSTALLREPORTLOGEVENT_SESSIONSTATECHANGETYPE._serialized_start=36168 + _EXTENSIONINSTALLREPORTLOGEVENT_SESSIONSTATECHANGETYPE._serialized_end=36279 + _EXTENSIONINSTALLREPORTLOGEVENT_FAILUREREASON._serialized_start=36282 + _EXTENSIONINSTALLREPORTLOGEVENT_FAILUREREASON._serialized_end=37112 + _EXTENSIONINSTALLREPORTLOGEVENT_INSTALLATIONSTAGE._serialized_start=37114 + _EXTENSIONINSTALLREPORTLOGEVENT_INSTALLATIONSTAGE._serialized_end=37238 + _EXTENSIONINSTALLREPORTLOGEVENT_USERTYPE._serialized_start=37241 + _EXTENSIONINSTALLREPORTLOGEVENT_USERTYPE._serialized_end=37525 + _EXTENSIONINSTALLREPORTLOGEVENT_DOWNLOADINGSTAGE._serialized_start=37528 + _EXTENSIONINSTALLREPORTLOGEVENT_DOWNLOADINGSTAGE._serialized_end=37807 + _EXTENSIONINSTALLREPORTLOGEVENT_INSTALLCREATIONSTAGE._serialized_start=37810 + _EXTENSIONINSTALLREPORTLOGEVENT_INSTALLCREATIONSTAGE._serialized_end=38133 + _EXTENSIONINSTALLREPORTLOGEVENT_DOWNLOADCACHESTATUS._serialized_start=38136 + _EXTENSIONINSTALLREPORTLOGEVENT_DOWNLOADCACHESTATUS._serialized_end=38288 + _EXTENSIONINSTALLREPORTLOGEVENT_SANDBOXEDUNPACKERFAILUREREASON._serialized_start=38291 + _EXTENSIONINSTALLREPORTLOGEVENT_SANDBOXEDUNPACKERFAILUREREASON._serialized_end=40009 + _EXTENSIONINSTALLREPORTLOGEVENT_MANIFESTINVALIDERROR._serialized_start=40012 + _EXTENSIONINSTALLREPORTLOGEVENT_MANIFESTINVALIDERROR._serialized_end=40461 + _EXTENSIONINSTALLREPORTLOGEVENT_CRXINSTALLERRORDETAIL._serialized_start=40464 + _EXTENSIONINSTALLREPORTLOGEVENT_CRXINSTALLERRORDETAIL._serialized_end=41211 + _APPINSTALLREPORTLOGEVENT._serialized_start=41214 + _APPINSTALLREPORTLOGEVENT._serialized_end=42076 + _APPINSTALLREPORTLOGEVENT_EVENTTYPE._serialized_start=41580 + _APPINSTALLREPORTLOGEVENT_EVENTTYPE._serialized_end=41963 + _APPINSTALLREPORTLOGEVENT_SESSIONSTATECHANGETYPE._serialized_start=36168 + _APPINSTALLREPORTLOGEVENT_SESSIONSTATECHANGETYPE._serialized_end=36279 + _EXTENSIONINSTALLREPORT._serialized_start=42079 + _EXTENSIONINSTALLREPORT._serialized_end=42214 + _APPINSTALLREPORT._serialized_start=42216 + _APPINSTALLREPORT._serialized_end=42334 + _APPINSTALLREPORTREQUEST._serialized_start=42336 + _APPINSTALLREPORTREQUEST._serialized_end=42431 + _EXTENSIONINSTALLREPORTREQUEST._serialized_start=42433 + _EXTENSIONINSTALLREPORTREQUEST._serialized_end=42546 + _APPINSTALLREPORTRESPONSE._serialized_start=42548 + _APPINSTALLREPORTRESPONSE._serialized_end=42574 + _REFRESHACCOUNTREQUEST._serialized_start=42577 + _REFRESHACCOUNTREQUEST._serialized_end=42750 + _REFRESHACCOUNTREQUEST_ACCOUNTTYPE._serialized_start=42682 + _REFRESHACCOUNTREQUEST_ACCOUNTTYPE._serialized_end=42750 + _REFRESHACCOUNTRESPONSE._serialized_start=42752 + _REFRESHACCOUNTRESPONSE._serialized_end=42776 + _RSULOOKUPKEYUPLOADREQUEST._serialized_start=42778 + _RSULOOKUPKEYUPLOADREQUEST._serialized_end=42854 + _RSULOOKUPKEYUPLOADRESPONSE._serialized_start=42856 + _RSULOOKUPKEYUPLOADRESPONSE._serialized_end=42916 + _ESIMPROFILEINFO._serialized_start=42918 + _ESIMPROFILEINFO._serialized_end=43008 + _UPLOADEUICCINFOREQUEST._serialized_start=43011 + _UPLOADEUICCINFOREQUEST._serialized_end=43147 + _UPLOADEUICCINFORESPONSE._serialized_start=43149 + _UPLOADEUICCINFORESPONSE._serialized_end=43174 + _PRINTJOBEVENT._serialized_start=43177 + _PRINTJOBEVENT._serialized_end=44265 + _PRINTJOBEVENT_PRINTJOBCONFIGURATION._serialized_start=43411 + _PRINTJOBEVENT_PRINTJOBCONFIGURATION._serialized_end=43636 + _PRINTJOBEVENT_PRINTER._serialized_start=43638 + _PRINTJOBEVENT_PRINTER._serialized_end=43686 + _PRINTJOBEVENT_PRINTSETTINGS._serialized_start=43689 + _PRINTJOBEVENT_PRINTSETTINGS._serialized_end=44195 + _PRINTJOBEVENT_PRINTSETTINGS_MEDIASIZE._serialized_start=43960 + _PRINTJOBEVENT_PRINTSETTINGS_MEDIASIZE._serialized_end=44021 + _PRINTJOBEVENT_PRINTSETTINGS_COLORMODE._serialized_start=44023 + _PRINTJOBEVENT_PRINTSETTINGS_COLORMODE._serialized_end=44090 + _PRINTJOBEVENT_PRINTSETTINGS_DUPLEXMODE._serialized_start=44092 + _PRINTJOBEVENT_PRINTSETTINGS_DUPLEXMODE._serialized_end=44195 + _PRINTJOBEVENT_USERTYPE._serialized_start=44197 + _PRINTJOBEVENT_USERTYPE._serialized_end=44265 + _APP._serialized_start=44268 + _APP._serialized_end=44501 + _APP_APPTYPE._serialized_start=44373 + _APP_APPTYPE._serialized_end=44501 + _APPACTIVITY._serialized_start=44504 + _APPACTIVITY._serialized_end=44822 + _APPACTIVITY_APPSTATE._serialized_start=44715 + _APPACTIVITY_APPSTATE._serialized_end=44822 + _SCREENTIMESPAN._serialized_start=44824 + _SCREENTIMESPAN._serialized_end=44924 + _CHILDSTATUSREPORTREQUEST._serialized_start=44927 + _CHILDSTATUSREPORTREQUEST._serialized_end=45289 + _CHILDSTATUSREPORTRESPONSE._serialized_start=45291 + _CHILDSTATUSREPORTRESPONSE._serialized_end=45361 + _STARTCSRREQUEST._serialized_start=45363 + _STARTCSRREQUEST._serialized_end=45380 + _STARTCSRRESPONSE._serialized_start=45383 + _STARTCSRRESPONSE._serialized_end=45609 + _FINISHCSRREQUEST._serialized_start=45611 + _FINISHCSRREQUEST._serialized_end=45679 + _FINISHCSRRESPONSE._serialized_start=45681 + _FINISHCSRRESPONSE._serialized_end=45700 + _DOWNLOADCERTREQUEST._serialized_start=45702 + _DOWNLOADCERTREQUEST._serialized_end=45723 + _DOWNLOADCERTRESPONSE._serialized_start=45725 + _DOWNLOADCERTRESPONSE._serialized_end=45780 + _CERTPROVSTARTREQUEST._serialized_start=45782 + _CERTPROVSTARTREQUEST._serialized_end=45804 + _CERTPROVSTARTRESPONSE._serialized_start=45806 + _CERTPROVSTARTRESPONSE._serialized_end=45857 + _CERTPROVGETNEXTINSTRUCTIONREQUEST._serialized_start=45859 + _CERTPROVGETNEXTINSTRUCTIONREQUEST._serialized_end=45894 + _CERTPROVGETNEXTINSTRUCTIONRESPONSE._serialized_start=45897 + _CERTPROVGETNEXTINSTRUCTIONRESPONSE._serialized_end=46241 + _CERTPROVAUTHORIZEREQUEST._serialized_start=46243 + _CERTPROVAUTHORIZEREQUEST._serialized_end=46300 + _CERTPROVAUTHORIZERESPONSE._serialized_start=46302 + _CERTPROVAUTHORIZERESPONSE._serialized_end=46329 + _CERTPROVUPLOADPROOFOFPOSSESSIONREQUEST._serialized_start=46331 + _CERTPROVUPLOADPROOFOFPOSSESSIONREQUEST._serialized_end=46390 + _CERTPROVUPLOADPROOFOFPOSSESSIONRESPONSE._serialized_start=46392 + _CERTPROVUPLOADPROOFOFPOSSESSIONRESPONSE._serialized_end=46433 + _CERTPROVAUTHORIZEINSTRUCTION._serialized_start=46435 + _CERTPROVAUTHORIZEINSTRUCTION._serialized_end=46487 + _CERTPROVPROOFOFPOSSESSIONINSTRUCTION._serialized_start=46490 + _CERTPROVPROOFOFPOSSESSIONINSTRUCTION._serialized_end=46630 + _CERTPROVIMPORTCERTIFICATEINSTRUCTION._serialized_start=46632 + _CERTPROVIMPORTCERTIFICATEINSTRUCTION._serialized_end=46703 + _CLIENTCERTIFICATEPROVISIONINGREQUEST._serialized_start=46706 + _CLIENTCERTIFICATEPROVISIONINGREQUEST._serialized_end=47499 + _CERTPROVBACKENDERROR._serialized_start=47502 + _CERTPROVBACKENDERROR._serialized_end=48063 + _CERTPROVBACKENDERROR_ERROR._serialized_start=47616 + _CERTPROVBACKENDERROR_ERROR._serialized_end=48063 + _CLIENTCERTIFICATEPROVISIONINGRESPONSE._serialized_start=48066 + _CLIENTCERTIFICATEPROVISIONINGRESPONSE._serialized_end=49139 + _CLIENTCERTIFICATEPROVISIONINGRESPONSE_ERROR._serialized_start=48874 + _CLIENTCERTIFICATEPROVISIONINGRESPONSE_ERROR._serialized_end=49121 + _BROWSERPUBLICKEYUPLOADREQUEST._serialized_start=49142 + _BROWSERPUBLICKEYUPLOADREQUEST._serialized_end=49582 + _BROWSERPUBLICKEYUPLOADREQUEST_KEYTRUSTLEVEL._serialized_start=49418 + _BROWSERPUBLICKEYUPLOADREQUEST_KEYTRUSTLEVEL._serialized_end=49520 + _BROWSERPUBLICKEYUPLOADREQUEST_KEYTYPE._serialized_start=49522 + _BROWSERPUBLICKEYUPLOADREQUEST_KEYTYPE._serialized_end=49582 + _BROWSERPUBLICKEYUPLOADRESPONSE._serialized_start=49585 + _BROWSERPUBLICKEYUPLOADRESPONSE._serialized_end=49808 + _BROWSERPUBLICKEYUPLOADRESPONSE_RESPONSECODE._serialized_start=49743 + _BROWSERPUBLICKEYUPLOADRESPONSE_RESPONSECODE._serialized_end=49808 + _FMREGISTRATIONTOKENUPLOADREQUEST._serialized_start=49811 + _FMREGISTRATIONTOKENUPLOADREQUEST._serialized_end=50054 + _FMREGISTRATIONTOKENUPLOADREQUEST_TOKENTYPE._serialized_start=50008 + _FMREGISTRATIONTOKENUPLOADREQUEST_TOKENTYPE._serialized_end=50054 + _FMREGISTRATIONTOKENUPLOADRESPONSE._serialized_start=50056 + _FMREGISTRATIONTOKENUPLOADRESPONSE._serialized_end=50091 + _DEVICEMANAGEMENTREQUEST._serialized_start=50094 + _DEVICEMANAGEMENTREQUEST._serialized_end=53852 + _DEVICEMANAGEMENTRESPONSE._serialized_start=53855 + _DEVICEMANAGEMENTRESPONSE._serialized_end=57415 + _DEVICESTATERETRIEVALINFO._serialized_start=57417 + _DEVICESTATERETRIEVALINFO._serialized_end=57470 +# @@protoc_insertion_point(module_scope) diff --git a/private_membership.proto b/private_membership.proto new file mode 100644 index 0000000..4294f57 --- /dev/null +++ b/private_membership.proto @@ -0,0 +1,78 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +option optimize_for = LITE_RUNTIME; + +package private_membership; + +option go_package = "github.com/google/private-membership"; + +// An enum describing different types of available hash functions. +enum HashType { + HASH_TYPE_UNDEFINED = 0; + TEST_HASH_TYPE = 1; + SHA256 = 2; + + reserved 3; + + // Add more hash types if necessary. +} + +// LINT.IfChange +// An enum describing how to hash IDs to encrypted buckets. +enum EncryptedBucketHashType { + ENCRYPTED_BUCKET_HASH_TYPE_UNDEFINED = 0; + + ENCRYPTED_BUCKET_TEST_HASH_TYPE = 3; + + // Use SHA256 of injective concatenation of non-sensitive and sensitive IDs. + // For backwards compatibility, this hash type should be used if this proto + // field is not specified. + SHA256_NON_SENSITIVE_AND_SENSITIVE_ID = 1; + + reserved 2; +} +// LINT.ThenChange(//depot/google3/privacy/private_membership/rlwe/shared/rlwe_id_utils_test.cc:encrypted_bucket_hash_types) + +// A proto message that holds the doubly encrypted identifier. +message DoublyEncryptedId { + // The identifier encrypted using the elliptic curve commutative + // cipher under an ephemeral key generated by the client that was sent in + // the request. + bytes queried_encrypted_id = 1; + + // The double encryption of a client requested identifier. The encryption + // scheme used is the Elliptic Curve commutation cipher. The + // first encryption layer uses the client's ephemeral key while the second + // encryption layer uses the server's match key. + // + // The client will decrypt this field to get their queried identifier + // encrypted under only the server's key. The client will use this value to + // match with the contents of the encrypted bucket to determine if there is a + // match or not. + bytes doubly_encrypted_id = 2; +} + +// A proto message used to store the plaintext response of a membership query of +// a single identifier. +message MembershipResponse { + // True if and only if the queried identifier was a member. + bool is_member = 1; + + // The associated value if the queried identifier was a member. If the + // queried identifier is not a member, the value will be an empty string. + string value = 2; +} \ No newline at end of file diff --git a/private_membership_pb2.py b/private_membership_pb2.py new file mode 100644 index 0000000..27911c7 --- /dev/null +++ b/private_membership_pb2.py @@ -0,0 +1,32 @@ +# -*- coding: utf-8 -*- +# Generated by the protocol buffer compiler. DO NOT EDIT! +# source: private_membership.proto +"""Generated protocol buffer code.""" +from google.protobuf.internal import builder as _builder +from google.protobuf import descriptor as _descriptor +from google.protobuf import descriptor_pool as _descriptor_pool +from google.protobuf import symbol_database as _symbol_database +# @@protoc_insertion_point(imports) + +_sym_db = _symbol_database.Default() + + + + +DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x18private_membership.proto\x12\x12private_membership\"N\n\x11\x44oublyEncryptedId\x12\x1c\n\x14queried_encrypted_id\x18\x01 \x01(\x0c\x12\x1b\n\x13\x64oubly_encrypted_id\x18\x02 \x01(\x0c\"6\n\x12MembershipResponse\x12\x11\n\tis_member\x18\x01 \x01(\x08\x12\r\n\x05value\x18\x02 \x01(\t*I\n\x08HashType\x12\x17\n\x13HASH_TYPE_UNDEFINED\x10\x00\x12\x12\n\x0eTEST_HASH_TYPE\x10\x01\x12\n\n\x06SHA256\x10\x02\"\x04\x08\x03\x10\x03*\x99\x01\n\x17\x45ncryptedBucketHashType\x12(\n$ENCRYPTED_BUCKET_HASH_TYPE_UNDEFINED\x10\x00\x12#\n\x1f\x45NCRYPTED_BUCKET_TEST_HASH_TYPE\x10\x03\x12)\n%SHA256_NON_SENSITIVE_AND_SENSITIVE_ID\x10\x01\"\x04\x08\x02\x10\x02\x42(H\x03Z$github.com/google/private-membershipb\x06proto3') + +_builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, globals()) +_builder.BuildTopDescriptorsAndMessages(DESCRIPTOR, 'private_membership_pb2', globals()) +if _descriptor._USE_C_DESCRIPTORS == False: + + DESCRIPTOR._options = None + DESCRIPTOR._serialized_options = b'H\003Z$github.com/google/private-membership' + _HASHTYPE._serialized_start=184 + _HASHTYPE._serialized_end=257 + _ENCRYPTEDBUCKETHASHTYPE._serialized_start=260 + _ENCRYPTEDBUCKETHASHTYPE._serialized_end=413 + _DOUBLYENCRYPTEDID._serialized_start=48 + _DOUBLYENCRYPTEDID._serialized_end=126 + _MEMBERSHIPRESPONSE._serialized_start=128 + _MEMBERSHIPRESPONSE._serialized_end=182 +# @@protoc_insertion_point(module_scope) diff --git a/private_membership_rlwe.proto b/private_membership_rlwe.proto new file mode 100644 index 0000000..2df6556 --- /dev/null +++ b/private_membership_rlwe.proto @@ -0,0 +1,340 @@ +// Copyright 2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +option optimize_for = LITE_RUNTIME; + +package private_membership.rlwe; + +option go_package = "github.com/google/private-membership"; + +import "private_membership.proto"; +import "serialization.proto"; + +// Request and Response protos +// +// The protocol consists of two roundtrips: +// First Round: OprfRequest and OprfResponse +// Second Round: QueryRequest and QueryResponse + +// First request sent by the client for checking membership. +message PrivateMembershipRlweOprfRequest { + // The identifier encrypted using the elliptic curve commutative + // cipher under an ephemeral key generated by the client. Before encryption, + // the identifier is hashed using either SHA256 or a more computationally + // expensive hash such as Argon2. + repeated bytes encrypted_ids = 1; + + // The name of the use case of this query. + RlweUseCase use_case = 2; +} + +// First response sent by the server for checking membership. +message PrivateMembershipRlweOprfResponse { + // The requested encrypted_id entries that are re-encrypted using the elliptic + // curve commutative cipher using the server’s key. + // + // The client will decrypt to simply get the identifier encrypted under the + // server’s key. The client will use this to match with the associated + // EncryptedBucket to see if there is a match or not. Additionally, the client + // will use it to decrypt the AES encrypted value. + repeated DoublyEncryptedId doubly_encrypted_ids = 1; + + // Unset if the server doesn't support non-sensitive identifier bucketing for + // the requested use case. + HashedBucketsParameters hashed_buckets_parameters = 2; + + // Parameters for the encrypted buckets (second level). + EncryptedBucketsParameters encrypted_buckets_parameters = 3; + + // Parameters describing the Ring LWE group as well as the security parameter. + RlweParameters rlwe_parameters = 4; + + // Version of key that encrypted the identifier-value pair. + // + // The client should provide this value in the second round of the protocol + // to ensure consistency. + int64 key_version = 5; +} + +// Second request sent by the client for checking membership. +message PrivateMembershipRlweQueryRequest { + // Upload a retrieval request consisting of RLWE ciphertexts. + repeated PrivateMembershipRlweQuery queries = 1; + + // The name of the use case of this query. + RlweUseCase use_case = 2; + + // Version of key that encrypted the identifier-value pair. + int64 key_version = 3; +} + +// Second response sent by the server for checking membership. +message PrivateMembershipRlweQueryResponse { + repeated PrivateMembershipRlwePirResponse pir_responses = 1; +} + +// Proto containing plaintext IDs supplied to the client library. +message RlwePlaintextId { + // Non-sensitive portion of the identifier. + string non_sensitive_id = 1; + + // Sensitive portion of the identifier. + string sensitive_id = 2; +} + +// Different use cases of the RLWE-based PSM protocol. +// +// NEXT ID: 25 +enum RlweUseCase { + RLWE_USE_CASE_UNDEFINED = 0; + TEST_USE_CASE = 1; + TEST_USE_CASE2 = 2; + TEST_USE_CASE3 = 3; + + // Use case with empty database. + EMPTY_USE_CASE = 22; + + // The device state of ChromeOS device, used for Zero Touch, License + // Packaging. This is zero-disclosure database, i.e. client does not reveal + // any bits to the server. + CROS_DEVICE_STATE = 5; + + // The device state of ChromeOS device, used for all managed devices and + // License Packaging. This is partial-disclosure database, i.e. client will be + // asked to reveal some bits of the hash of non-sensitive identifier. + CROS_DEVICE_STATE_UNIFIED = 23; + + // The device state of ChromeOS device. + CROS_DEVICE_SECONDARY_STATE = 12 [deprecated = true]; + CROS_DEVICE_STATE_BACKUP = 21 [deprecated = true]; + + // Use-cases for ChromeOS Device Active Reporting to Fresnel. + CROS_FRESNEL_DAILY = 13; + CROS_FRESNEL_MONTHLY = 14; + CROS_FRESNEL_FIRST_ACTIVE = 15; + CROS_FRESNEL_7DAY_ACTIVE = 16; + CROS_FRESNEL_28DAY_ACTIVE = 17; + CROS_FRESNEL_CHURN_MONTHLY_COHORT = 19; + CROS_FRESNEL_CHURN_MONTHLY_OBSERVATION = 20; + + // Use-cases for Cellular Carrier Lock (SimLock). + CROS_SIM_LOCK = 18; + CROS_SIM_LOCK_DEVMODE = 24; + + reserved 4, 6, 7, 8, 9, 10, 11; +} + +// Parameters for the hashed buckets (first level). +// +// Hashed bucket id is derived by taking the prefix of the hash of the non- +// sensitive identifier. +message HashedBucketsParameters { + // The bit length of the hashed bucket id. + int32 hashed_bucket_id_length = 1; + + // The type of hash function to be used for the non-sensitive identifier + // part. + private_membership.HashType non_sensitive_id_hash_type = 2; +} + +// Parameters for the encrypted buckets (second level). +message EncryptedBucketsParameters { + // The bit length of the encrypted bucket ids. + // + // The total number of encrypted buckets can be derived from this field, + // i.e. 2^encrypted_bucket_id_length. + int32 encrypted_bucket_id_length = 1; + + // The type of hash function to be used to generate the encrypted bucket ID. + private_membership.EncryptedBucketHashType sensitive_id_hash_type = 2; +} + +// Public Ring-LWE encryption scheme parameters. +message RlweParameters { + // Sequence of one modulus or two decreasing moduli. + repeated Uint128 modulus = 1; + + // Log (base 2) of the polynomial degree N (dimension of the vectorspace). + int32 log_degree = 2; + + // Plaintext modulus in bits log t. + int32 log_t = 3; + + // Variance of Gaussian error in bits. + int32 variance = 4; + + // Levels of recursion. + int32 levels_of_recursion = 5; +} + +// Represents a unsigned 128-bit integer. +message Uint128 { + // The lower 64 bits of the modulus. + uint64 lo = 1; + + // The higher 64 bits of the modulus. + uint64 hi = 2; +} + +// Single unit of RLWE query. +message PrivateMembershipRlweQuery { + // Corresponds to the doubly_encrypted_id.queried_encrypted_id in the + // PrivateMembershipRlweOprfResponse. + // + // Should be set by the client. + bytes queried_encrypted_id = 1; + + // Upload a retrieval request consisting of RLWE ciphertexts. + PirRequest pir_request = 2; + + // Hashed bucket id at bit level granularity. + message HashedBucketId { + // Hashed bucket id, in bytes. + // + // All bits after bit_length's bit should be set to 0. + bytes hashed_bucket_id = 1; + + // Bit length of the hashed bucket id. + // + // This value should be in + // ((hashed_bucket_id.size() - 1) * 8, hashed_bucket_id.size() * 8] range. + int32 bit_length = 2; + } + // Hashed bucket id. + // + // The hashed bucket id is computed by taking the prefix of the hashed + // non-sensitive id at the bit level. + // e.g. if the hashed non-sensitive id is 11010111 and the bucket id length is + // 6, this will be populated as 11010100. + // + // Should be unset if the server doesn't support non-sensitive identifier + // bucketing for the requested use case. + HashedBucketId hashed_bucket_id = 3; +} + +// Response consisting of a unique query id and the associated PIR response. +message PrivateMembershipRlwePirResponse { + // This corresponds to the queried_encrypted_id set by the client in the query + // request. + bytes queried_encrypted_id = 1; + + // PIR response corresponding to the PIR request. + PirResponse pir_response = 2; +} + +// Request for private bucket retrieval. +message PirRequest { + // The request is an encoding of a flattened table of encrypted {1} and {0} + // messages as necessary for PIR. If the database has D items and we are using + // L levels of recursion, this table will contain L*(D^(1/L)) messages, + // representing a table with L rows and D^(1/L) items per row. Each row should + // contain exactly one {1} ciphertext, with the rest of the items containing + // {0} messages. + // + // The flattened table is laid out in the following order: + // + // level | ciphertexts + // ----------------------------- + // 1 | {0} ... {1} ... {0} + // 2 | {0} ... {1} ... {0} + // ... | ... + // + // The ciphertexts are uploaded in a compressed format as NTT Polynomials + // using a PRNG seed to expand them into ciphertexts. + // If this field is set, none of the sharded_request_type should be set. + repeated .rlwe.SerializedNttPolynomial request = 1; + + // ExpandedRequest can be useful if the querier would like to manipulate the + // PirRequest after it's been created by the client library. To modify it, the + // ciphertext must be expanded first; hence the name ExpandedRequest. + message ExpandedRequest { + // Wrapper around .rlwe.SerializedSymmetricRlweCiphertext so we can + // represent "empty" ciphertext without ambiguity. If `ciphertext` is not + // set, it is consiered "not requested" and the corresponding index will be + // ignored and excluded from the response. When used multiple levels of + // recursion, it is the querier's responsibility to leave the correct + // positions unset so the final query is valid. + message SerializedSymmetricRlweCiphertext { + optional .rlwe.SerializedSymmetricRlweCiphertext ciphertext = 1; + } + repeated SerializedSymmetricRlweCiphertext ciphertexts = 1; + } + + // CompactRequest should be the same as the request field above, except it + // indicates sharding. + message CompactRequest { + repeated .rlwe.SerializedNttPolynomial ciphertexts = 1; + } + + // If one of the sharded_request_type is set, the above `request` field should + // be set. + oneof sharded_request_type { + // Will be used by hashed bucket sharded request because we don't need to + // modify the ciphertext. + CompactRequest compact_request = 3; + + // Will be used by encrypted bucket sharded request because we need to + // modify the ciphertext. + ExpandedRequest expanded_request = 4; + } + + // The PRNG seed used to expand the compressed RLWE ciphertexts. + bytes prng_seed = 2; +} + +// Response for private bucket retrieval. +message PirResponse { + // Sequence of ciphertexts consisting of encrypted buckets. + repeated .rlwe.SerializedSymmetricRlweCiphertext response = 1; + + // Size of the plaintext entry in bytes. + int32 plaintext_entry_size = 2; +} + +// Bucket consisting of encrypted id and values. +message EncryptedBucket { + // All encrypted pairs in the bucket. + repeated EncryptedIdValuePair encrypted_id_value_pairs = 1; + + // Proto storing encrypted id-value pairs. + message EncryptedIdValuePair { + // Identifier that is encrypted using the Elliptic curve commutative cipher. + // Furthermore, the serialization of the encryption is hashed and only a + // prefix is used. + bytes encrypted_id = 1; + + // Value that is encrypted using AES where the key is a serialization + // of the identifier encrypted using the Elliptic curve commutative cipher. + bytes encrypted_value = 2; + + // Proto containing the sensitive and non-sensitive portion of the + // identifier in plaintext. + RlwePlaintextId id = 3; + } +} + +// A collection of plaintext ids and associated membership responses. +message RlweMembershipResponses { + // A pair of queried plaintext id and its associated membership response. + message MembershipResponseEntry { + // Plaintext id that was queried. + RlwePlaintextId plaintext_id = 1; + + // Membership response of the queried plaintext id. + MembershipResponse membership_response = 2; + } + repeated MembershipResponseEntry membership_responses = 1; +} \ No newline at end of file diff --git a/private_membership_rlwe_pb2.py b/private_membership_rlwe_pb2.py new file mode 100644 index 0000000..3e3b290 --- /dev/null +++ b/private_membership_rlwe_pb2.py @@ -0,0 +1,74 @@ +# -*- coding: utf-8 -*- +# Generated by the protocol buffer compiler. DO NOT EDIT! +# source: private_membership_rlwe.proto +"""Generated protocol buffer code.""" +from google.protobuf.internal import builder as _builder +from google.protobuf import descriptor as _descriptor +from google.protobuf import descriptor_pool as _descriptor_pool +from google.protobuf import symbol_database as _symbol_database +# @@protoc_insertion_point(imports) + +_sym_db = _symbol_database.Default() + + +import private_membership_pb2 as private__membership__pb2 +import serialization_pb2 as serialization__pb2 + + +DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x1dprivate_membership_rlwe.proto\x12\x17private_membership.rlwe\x1a\x18private_membership.proto\x1a\x13serialization.proto\"q\n PrivateMembershipRlweOprfRequest\x12\x15\n\rencrypted_ids\x18\x01 \x03(\x0c\x12\x36\n\x08use_case\x18\x02 \x01(\x0e\x32$.private_membership.rlwe.RlweUseCase\"\xef\x02\n!PrivateMembershipRlweOprfResponse\x12\x43\n\x14\x64oubly_encrypted_ids\x18\x01 \x03(\x0b\x32%.private_membership.DoublyEncryptedId\x12S\n\x19hashed_buckets_parameters\x18\x02 \x01(\x0b\x32\x30.private_membership.rlwe.HashedBucketsParameters\x12Y\n\x1c\x65ncrypted_buckets_parameters\x18\x03 \x01(\x0b\x32\x33.private_membership.rlwe.EncryptedBucketsParameters\x12@\n\x0frlwe_parameters\x18\x04 \x01(\x0b\x32\'.private_membership.rlwe.RlweParameters\x12\x13\n\x0bkey_version\x18\x05 \x01(\x03\"\xb6\x01\n!PrivateMembershipRlweQueryRequest\x12\x44\n\x07queries\x18\x01 \x03(\x0b\x32\x33.private_membership.rlwe.PrivateMembershipRlweQuery\x12\x36\n\x08use_case\x18\x02 \x01(\x0e\x32$.private_membership.rlwe.RlweUseCase\x12\x13\n\x0bkey_version\x18\x03 \x01(\x03\"v\n\"PrivateMembershipRlweQueryResponse\x12P\n\rpir_responses\x18\x01 \x03(\x0b\x32\x39.private_membership.rlwe.PrivateMembershipRlwePirResponse\"A\n\x0fRlwePlaintextId\x12\x18\n\x10non_sensitive_id\x18\x01 \x01(\t\x12\x14\n\x0csensitive_id\x18\x02 \x01(\t\"|\n\x17HashedBucketsParameters\x12\x1f\n\x17hashed_bucket_id_length\x18\x01 \x01(\x05\x12@\n\x1anon_sensitive_id_hash_type\x18\x02 \x01(\x0e\x32\x1c.private_membership.HashType\"\x8d\x01\n\x1a\x45ncryptedBucketsParameters\x12\"\n\x1a\x65ncrypted_bucket_id_length\x18\x01 \x01(\x05\x12K\n\x16sensitive_id_hash_type\x18\x02 \x01(\x0e\x32+.private_membership.EncryptedBucketHashType\"\x95\x01\n\x0eRlweParameters\x12\x31\n\x07modulus\x18\x01 \x03(\x0b\x32 .private_membership.rlwe.Uint128\x12\x12\n\nlog_degree\x18\x02 \x01(\x05\x12\r\n\x05log_t\x18\x03 \x01(\x05\x12\x10\n\x08variance\x18\x04 \x01(\x05\x12\x1b\n\x13levels_of_recursion\x18\x05 \x01(\x05\"!\n\x07Uint128\x12\n\n\x02lo\x18\x01 \x01(\x04\x12\n\n\x02hi\x18\x02 \x01(\x04\"\x92\x02\n\x1aPrivateMembershipRlweQuery\x12\x1c\n\x14queried_encrypted_id\x18\x01 \x01(\x0c\x12\x38\n\x0bpir_request\x18\x02 \x01(\x0b\x32#.private_membership.rlwe.PirRequest\x12\\\n\x10hashed_bucket_id\x18\x03 \x01(\x0b\x32\x42.private_membership.rlwe.PrivateMembershipRlweQuery.HashedBucketId\x1a>\n\x0eHashedBucketId\x12\x18\n\x10hashed_bucket_id\x18\x01 \x01(\x0c\x12\x12\n\nbit_length\x18\x02 \x01(\x05\"|\n PrivateMembershipRlwePirResponse\x12\x1c\n\x14queried_encrypted_id\x18\x01 \x01(\x0c\x12:\n\x0cpir_response\x18\x02 \x01(\x0b\x32$.private_membership.rlwe.PirResponse\"\xc3\x04\n\nPirRequest\x12.\n\x07request\x18\x01 \x03(\x0b\x32\x1d.rlwe.SerializedNttPolynomial\x12M\n\x0f\x63ompact_request\x18\x03 \x01(\x0b\x32\x32.private_membership.rlwe.PirRequest.CompactRequestH\x00\x12O\n\x10\x65xpanded_request\x18\x04 \x01(\x0b\x32\x33.private_membership.rlwe.PirRequest.ExpandedRequestH\x00\x12\x11\n\tprng_seed\x18\x02 \x01(\x0c\x1a\xf3\x01\n\x0f\x45xpandedRequest\x12j\n\x0b\x63iphertexts\x18\x01 \x03(\x0b\x32U.private_membership.rlwe.PirRequest.ExpandedRequest.SerializedSymmetricRlweCiphertext\x1at\n!SerializedSymmetricRlweCiphertext\x12@\n\nciphertext\x18\x01 \x01(\x0b\x32\'.rlwe.SerializedSymmetricRlweCiphertextH\x00\x88\x01\x01\x42\r\n\x0b_ciphertext\x1a\x44\n\x0e\x43ompactRequest\x12\x32\n\x0b\x63iphertexts\x18\x01 \x03(\x0b\x32\x1d.rlwe.SerializedNttPolynomialB\x16\n\x14sharded_request_type\"f\n\x0bPirResponse\x12\x39\n\x08response\x18\x01 \x03(\x0b\x32\'.rlwe.SerializedSymmetricRlweCiphertext\x12\x1c\n\x14plaintext_entry_size\x18\x02 \x01(\x05\"\xef\x01\n\x0f\x45ncryptedBucket\x12_\n\x18\x65ncrypted_id_value_pairs\x18\x01 \x03(\x0b\x32=.private_membership.rlwe.EncryptedBucket.EncryptedIdValuePair\x1a{\n\x14\x45ncryptedIdValuePair\x12\x14\n\x0c\x65ncrypted_id\x18\x01 \x01(\x0c\x12\x17\n\x0f\x65ncrypted_value\x18\x02 \x01(\x0c\x12\x34\n\x02id\x18\x03 \x01(\x0b\x32(.private_membership.rlwe.RlwePlaintextId\"\xa2\x02\n\x17RlweMembershipResponses\x12\x66\n\x14membership_responses\x18\x01 \x03(\x0b\x32H.private_membership.rlwe.RlweMembershipResponses.MembershipResponseEntry\x1a\x9e\x01\n\x17MembershipResponseEntry\x12>\n\x0cplaintext_id\x18\x01 \x01(\x0b\x32(.private_membership.rlwe.RlwePlaintextId\x12\x43\n\x13membership_response\x18\x02 \x01(\x0b\x32&.private_membership.MembershipResponse*\xaf\x04\n\x0bRlweUseCase\x12\x1b\n\x17RLWE_USE_CASE_UNDEFINED\x10\x00\x12\x11\n\rTEST_USE_CASE\x10\x01\x12\x12\n\x0eTEST_USE_CASE2\x10\x02\x12\x12\n\x0eTEST_USE_CASE3\x10\x03\x12\x12\n\x0e\x45MPTY_USE_CASE\x10\x16\x12\x15\n\x11\x43ROS_DEVICE_STATE\x10\x05\x12\x1d\n\x19\x43ROS_DEVICE_STATE_UNIFIED\x10\x17\x12#\n\x1b\x43ROS_DEVICE_SECONDARY_STATE\x10\x0c\x1a\x02\x08\x01\x12 \n\x18\x43ROS_DEVICE_STATE_BACKUP\x10\x15\x1a\x02\x08\x01\x12\x16\n\x12\x43ROS_FRESNEL_DAILY\x10\r\x12\x18\n\x14\x43ROS_FRESNEL_MONTHLY\x10\x0e\x12\x1d\n\x19\x43ROS_FRESNEL_FIRST_ACTIVE\x10\x0f\x12\x1c\n\x18\x43ROS_FRESNEL_7DAY_ACTIVE\x10\x10\x12\x1d\n\x19\x43ROS_FRESNEL_28DAY_ACTIVE\x10\x11\x12%\n!CROS_FRESNEL_CHURN_MONTHLY_COHORT\x10\x13\x12*\n&CROS_FRESNEL_CHURN_MONTHLY_OBSERVATION\x10\x14\x12\x11\n\rCROS_SIM_LOCK\x10\x12\x12\x19\n\x15\x43ROS_SIM_LOCK_DEVMODE\x10\x18\"\x04\x08\x04\x10\x04\"\x04\x08\x06\x10\x06\"\x04\x08\x07\x10\x07\"\x04\x08\x08\x10\x08\"\x04\x08\t\x10\t\"\x04\x08\n\x10\n\"\x04\x08\x0b\x10\x0b\x42(H\x03Z$github.com/google/private-membershipb\x06proto3') + +_builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, globals()) +_builder.BuildTopDescriptorsAndMessages(DESCRIPTOR, 'private_membership_rlwe_pb2', globals()) +if _descriptor._USE_C_DESCRIPTORS == False: + + DESCRIPTOR._options = None + DESCRIPTOR._serialized_options = b'H\003Z$github.com/google/private-membership' + _RLWEUSECASE.values_by_name["CROS_DEVICE_SECONDARY_STATE"]._options = None + _RLWEUSECASE.values_by_name["CROS_DEVICE_SECONDARY_STATE"]._serialized_options = b'\010\001' + _RLWEUSECASE.values_by_name["CROS_DEVICE_STATE_BACKUP"]._options = None + _RLWEUSECASE.values_by_name["CROS_DEVICE_STATE_BACKUP"]._serialized_options = b'\010\001' + _RLWEUSECASE._serialized_start=3044 + _RLWEUSECASE._serialized_end=3603 + _PRIVATEMEMBERSHIPRLWEOPRFREQUEST._serialized_start=105 + _PRIVATEMEMBERSHIPRLWEOPRFREQUEST._serialized_end=218 + _PRIVATEMEMBERSHIPRLWEOPRFRESPONSE._serialized_start=221 + _PRIVATEMEMBERSHIPRLWEOPRFRESPONSE._serialized_end=588 + _PRIVATEMEMBERSHIPRLWEQUERYREQUEST._serialized_start=591 + _PRIVATEMEMBERSHIPRLWEQUERYREQUEST._serialized_end=773 + _PRIVATEMEMBERSHIPRLWEQUERYRESPONSE._serialized_start=775 + _PRIVATEMEMBERSHIPRLWEQUERYRESPONSE._serialized_end=893 + _RLWEPLAINTEXTID._serialized_start=895 + _RLWEPLAINTEXTID._serialized_end=960 + _HASHEDBUCKETSPARAMETERS._serialized_start=962 + _HASHEDBUCKETSPARAMETERS._serialized_end=1086 + _ENCRYPTEDBUCKETSPARAMETERS._serialized_start=1089 + _ENCRYPTEDBUCKETSPARAMETERS._serialized_end=1230 + _RLWEPARAMETERS._serialized_start=1233 + _RLWEPARAMETERS._serialized_end=1382 + _UINT128._serialized_start=1384 + _UINT128._serialized_end=1417 + _PRIVATEMEMBERSHIPRLWEQUERY._serialized_start=1420 + _PRIVATEMEMBERSHIPRLWEQUERY._serialized_end=1694 + _PRIVATEMEMBERSHIPRLWEQUERY_HASHEDBUCKETID._serialized_start=1632 + _PRIVATEMEMBERSHIPRLWEQUERY_HASHEDBUCKETID._serialized_end=1694 + _PRIVATEMEMBERSHIPRLWEPIRRESPONSE._serialized_start=1696 + _PRIVATEMEMBERSHIPRLWEPIRRESPONSE._serialized_end=1820 + _PIRREQUEST._serialized_start=1823 + _PIRREQUEST._serialized_end=2402 + _PIRREQUEST_EXPANDEDREQUEST._serialized_start=2065 + _PIRREQUEST_EXPANDEDREQUEST._serialized_end=2308 + _PIRREQUEST_EXPANDEDREQUEST_SERIALIZEDSYMMETRICRLWECIPHERTEXT._serialized_start=2192 + _PIRREQUEST_EXPANDEDREQUEST_SERIALIZEDSYMMETRICRLWECIPHERTEXT._serialized_end=2308 + _PIRREQUEST_COMPACTREQUEST._serialized_start=2310 + _PIRREQUEST_COMPACTREQUEST._serialized_end=2378 + _PIRRESPONSE._serialized_start=2404 + _PIRRESPONSE._serialized_end=2506 + _ENCRYPTEDBUCKET._serialized_start=2509 + _ENCRYPTEDBUCKET._serialized_end=2748 + _ENCRYPTEDBUCKET_ENCRYPTEDIDVALUEPAIR._serialized_start=2625 + _ENCRYPTEDBUCKET_ENCRYPTEDIDVALUEPAIR._serialized_end=2748 + _RLWEMEMBERSHIPRESPONSES._serialized_start=2751 + _RLWEMEMBERSHIPRESPONSES._serialized_end=3041 + _RLWEMEMBERSHIPRESPONSES_MEMBERSHIPRESPONSEENTRY._serialized_start=2883 + _RLWEMEMBERSHIPRESPONSES_MEMBERSHIPRESPONSEENTRY._serialized_end=3041 +# @@protoc_insertion_point(module_scope) diff --git a/serialization.proto b/serialization.proto new file mode 100644 index 0000000..5ed884a --- /dev/null +++ b/serialization.proto @@ -0,0 +1,70 @@ +/* + * Copyright 2017 Google Inc. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + syntax = "proto2"; + + option optimize_for = LITE_RUNTIME; + + package rlwe; + + option go_package = "github.com/google/shell-encryption"; + + // NTT Polynomial + message SerializedNttPolynomial { + // Coefficients of the polynomial + optional bytes coeffs = 1; + + // Number of coefficients of the polynomial. + optional int32 num_coeffs = 2; + } + + // RLWE Ciphertext + message SerializedSymmetricRlweCiphertext { + // Polynomials composing the ciphertext + repeated SerializedNttPolynomial c = 1; + + // The power of the secret key that the ciphertext is encrypted with. + optional int32 power_of_s = 2; + + // A heuristic on the amount of error in the ciphertext. + optional double error = 3; + } + + // RLWE RelinearizationKey + message SerializedRelinearizationKey { + // Polynomial composing the matrix + repeated SerializedNttPolynomial c = 1; + + // The modulus used to decompose the coefficients of the polynomials. Ranges + // from 1 to the number of bits of the modulus. + optional int32 log_decomposition_modulus = 2; + + // For n parts, the key can relinearize an n-component ciphertext to a + // 2-component ciphertext. + optional int32 num_parts = 3; + + // Seed used to compress this key. + optional bytes prng_seed = 4; // Required + + // The power of s that corresponds to the key. The field is 1 if the key is + // RelinearizationKey. + optional int32 power_of_s = 5; + } + + // RLWE GaloisKeys. + message SerializedGaloisKey { + // The key-switching matrix + optional SerializedRelinearizationKey key = 1; + } \ No newline at end of file diff --git a/serialization_pb2.py b/serialization_pb2.py new file mode 100644 index 0000000..c1d16df --- /dev/null +++ b/serialization_pb2.py @@ -0,0 +1,32 @@ +# -*- coding: utf-8 -*- +# Generated by the protocol buffer compiler. DO NOT EDIT! +# source: serialization.proto +"""Generated protocol buffer code.""" +from google.protobuf.internal import builder as _builder +from google.protobuf import descriptor as _descriptor +from google.protobuf import descriptor_pool as _descriptor_pool +from google.protobuf import symbol_database as _symbol_database +# @@protoc_insertion_point(imports) + +_sym_db = _symbol_database.Default() + + + + +DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x13serialization.proto\x12\x04rlwe\"=\n\x17SerializedNttPolynomial\x12\x0e\n\x06\x63oeffs\x18\x01 \x01(\x0c\x12\x12\n\nnum_coeffs\x18\x02 \x01(\x05\"p\n!SerializedSymmetricRlweCiphertext\x12(\n\x01\x63\x18\x01 \x03(\x0b\x32\x1d.rlwe.SerializedNttPolynomial\x12\x12\n\npower_of_s\x18\x02 \x01(\x05\x12\r\n\x05\x65rror\x18\x03 \x01(\x01\"\xa5\x01\n\x1cSerializedRelinearizationKey\x12(\n\x01\x63\x18\x01 \x03(\x0b\x32\x1d.rlwe.SerializedNttPolynomial\x12!\n\x19log_decomposition_modulus\x18\x02 \x01(\x05\x12\x11\n\tnum_parts\x18\x03 \x01(\x05\x12\x11\n\tprng_seed\x18\x04 \x01(\x0c\x12\x12\n\npower_of_s\x18\x05 \x01(\x05\"F\n\x13SerializedGaloisKey\x12/\n\x03key\x18\x01 \x01(\x0b\x32\".rlwe.SerializedRelinearizationKeyB&H\x03Z\"github.com/google/shell-encryption') + +_builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, globals()) +_builder.BuildTopDescriptorsAndMessages(DESCRIPTOR, 'serialization_pb2', globals()) +if _descriptor._USE_C_DESCRIPTORS == False: + + DESCRIPTOR._options = None + DESCRIPTOR._serialized_options = b'H\003Z\"github.com/google/shell-encryption' + _SERIALIZEDNTTPOLYNOMIAL._serialized_start=29 + _SERIALIZEDNTTPOLYNOMIAL._serialized_end=90 + _SERIALIZEDSYMMETRICRLWECIPHERTEXT._serialized_start=92 + _SERIALIZEDSYMMETRICRLWECIPHERTEXT._serialized_end=204 + _SERIALIZEDRELINEARIZATIONKEY._serialized_start=207 + _SERIALIZEDRELINEARIZATIONKEY._serialized_end=372 + _SERIALIZEDGALOISKEY._serialized_start=374 + _SERIALIZEDGALOISKEY._serialized_end=444 +# @@protoc_insertion_point(module_scope) diff --git a/server.py b/server.py new file mode 100644 index 0000000..7249f14 --- /dev/null +++ b/server.py @@ -0,0 +1,18 @@ +from http.server import * +import http.client as cli +import requests +import device_management_pb2 +import socket +class A(BaseHTTPRequestHandler): + def do_POST(self): + self.send_response(200) + self.send_header("Content-Type", "text/html") + self.end_headers() + dat = self.rfile.read(int(self.headers.get('Content-Length'))) + print("data read") + print(dat) + con = requests.request('POST', 'https://m.google.com/devicemanagement/data/api', data=dat) + self.wfile.write(bytes(str(con.status_code), 'utf-8')) + # self.wfile.close() +hs = HTTPServer(("0.0.0.0", 3040), A) +hs.serve_forever()