From 5fe8d57ebabc76954b98b2404bcd88635936b9cd Mon Sep 17 00:00:00 2001
From: MunyDev <jeffplays1292@gmail.com>
Date: Tue, 13 Aug 2024 10:31:17 -0400
Subject: [PATCH] Initial commit
---
.gitignore | 3 +
device_management.proto | 5014 ++++++++++++++++++++++++++++++++
device_management_pb2.py | 637 ++++
private_membership.proto | 78 +
private_membership_pb2.py | 32 +
private_membership_rlwe.proto | 340 +++
private_membership_rlwe_pb2.py | 74 +
serialization.proto | 70 +
serialization_pb2.py | 32 +
server.py | 18 +
10 files changed, 6298 insertions(+)
create mode 100644 .gitignore
create mode 100644 device_management.proto
create mode 100644 device_management_pb2.py
create mode 100644 private_membership.proto
create mode 100644 private_membership_pb2.py
create mode 100644 private_membership_rlwe.proto
create mode 100644 private_membership_rlwe_pb2.py
create mode 100644 serialization.proto
create mode 100644 serialization_pb2.py
create mode 100644 server.py
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..33fec00
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,3 @@
+.venv
+out
+__pycache__
\ No newline at end of file
diff --git a/device_management.proto b/device_management.proto
new file mode 100644
index 0000000..716b9d5
--- /dev/null
+++ b/device_management.proto
@@ -0,0 +1,5014 @@
+// Copyright 2013 The Chromium Authors
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+syntax = "proto2";
+
+option optimize_for = LITE_RUNTIME;
+
+package enterprise_management;
+
+option go_package = "chromium/policy/enterprise_management_proto";
+
+import "private_membership_rlwe.proto";
+
+// Everything below this comment will be synchronized between client and server
+// repos ( go/cros-proto-sync ).
+
+// This enum needs to be shared between DeviceRegisterRequest and
+// LicenseAvailability protos. With java_api_version 1, this means that enum
+// needs to be wrapped into a message.
+message LicenseType {
+ // Enumerates different license types.
+ enum LicenseTypeEnum {
+ // Unknown/undefined
+ UNDEFINED = 0;
+ // Chrome Device Management Perpetual
+ CDM_PERPETUAL = 1;
+ // Chrome Device Management Annual
+ CDM_ANNUAL = 2;
+ // Chrome Kiosk
+ KIOSK = 3;
+ // Chrome Enterprise bundled license
+ CDM_PACKAGED = 4;
+ }
+
+ optional LicenseTypeEnum license_type = 1;
+}
+
+// The current active session type on the device, or `NO_SESSION` if no user
+// is currently logged in.
+// This enum is used in the response payload of the
+// `FETCH_CRD_AVAILABILITY_INFO` remote command.
+// NOTE: Please DO NOT rename enum entries as they are used by external APIs.
+enum UserSessionType {
+ USER_SESSION_TYPE_UNKNOWN = 0;
+ AUTO_LAUNCHED_KIOSK_SESSION = 1;
+ MANUALLY_LAUNCHED_KIOSK_SESSION = 2;
+ AFFILIATED_USER_SESSION = 3;
+ UNAFFILIATED_USER_SESSION = 4;
+ MANAGED_GUEST_SESSION = 5;
+ GUEST_SESSION = 6;
+ NO_SESSION = 7;
+}
+
+// The type of the CRD session. This enum is used in:
+// * the response payload of `FETCH_CRD_AVAILABILITY_INFO`.
+// * the request payload of `DEVICE_START_CRD_SESSION`.
+enum CrdSessionType {
+ CRD_SESSION_TYPE_UNKNOWN = 0;
+ // A session where the admin has exclusive control of the remote machine.
+ REMOTE_ACCESS_SESSION = 1;
+ // A session where the admin and the local user share control of the remote
+ // machine.
+ REMOTE_SUPPORT_SESSION = 2;
+}
+
+// Enum indicating why a CRD session is or is not available.
+// This enum is used in the response payload of the
+// `FETCH_CRD_AVAILABILITY_INFO` remote command.
+// NOTE: Please DO NOT rename enum entries as they are used by external APIs.
+enum CrdSessionAvailability {
+ CRD_SESSION_AVAILABILITY_UNKNOWN = 0;
+ // The CRD session is available and the admin can start a CRD session.
+ AVAILABLE = 1;
+ // The CRD session is not available for the current user session type.
+ UNAVAILABLE_UNSUPPORTED_USER_SESSION_TYPE = 2;
+ // The CRD session is not available since the device is in an unmanaged
+ // environment.
+ UNAVAILABLE_UNMANAGED_ENVIRONMENT = 3;
+ // The CRD session type is unsupported by device os version
+ UNAVAILABLE_UNSUPPORTED_DEVICE_OS_VERSION = 4;
+ // CRD is disabled on the device by the 'enterprise remote support connection'
+ // policy.
+ UNAVAILABLE_DISABLED_BY_POLICY = 5;
+}
+
+// Result code used in the response payload of the `START_CRD_SESSION` remote
+// command. This is used because it is more granular than the normal
+// `ResultType` enum used as the result code for a remote command.
+enum StartCrdSessionResultCode {
+ START_CRD_SESSION_RESULT_UNKNOWN = -1;
+ // Successfully obtained access code.
+ START_CRD_SESSION_SUCCESS = 0;
+ // Failed as required services are not launched on the device.
+ SERVICES_NOT_READY = 1;
+ // Failure as the current user type does not support remotely starting CRD.
+ FAILURE_UNSUPPORTED_USER_TYPE = 2;
+ // Failed as device is currently in use and no interruptUser flag is set.
+ FAILURE_NOT_IDLE = 3;
+ // Failed as we could not get OAuth token for whatever reason.
+ FAILURE_NO_OAUTH_TOKEN = 4;
+ // Failed as we could not get ICE configuration for whatever reason.
+ // deprecated
+ FAILURE_NO_ICE_CONFIG = 5;
+ // Failure during attempt to start CRD host and obtain CRD token.
+ FAILURE_CRD_HOST_ERROR = 6;
+ // Failure to start a curtained session as we're not in a managed environment.
+ FAILURE_UNMANAGED_ENVIRONMENT = 7;
+ // Failed because RemoteAccessHostAllowEnterpriseRemoteSupportConnections
+ // policy is disabled.
+ FAILURE_DISABLED_BY_POLICY = 8;
+}
+
+// Result code used in the response payload of the `FETCH_SUPPORT_PACKET` remote
+// command. The response payload will be a JSON string as follows:
+// {
+// "result": <FetchSupportPacketResultCode enum>,
+// (optional) "notes": [<FetchSupportPacketResultNote enums>]
+// }
+enum FetchSupportPacketResultCode {
+ // Unspecified result.
+ FETCH_SUPPORT_PACKET_RESULT_CODE_UNSPECIFIED = 0;
+ // Success.
+ FETCH_SUPPORT_PACKET_RESULT_SUCCESS = 1;
+ // Command is not enabled for the device or the user.
+ FAILURE_COMMAND_NOT_ENABLED = 2;
+ // Failed to create the file to upload.
+ FAILURE_EXPORTING_FILE = 3;
+ // Internal failure at reporting pipeline. LogUploadEvent can't be enqueued.
+ FAILURE_REPORTING_PIPELINE = 4;
+ // File upload to File Storage Server has failed.
+ FAILURE_LOG_UPLOAD = 5;
+}
+
+// Result payload field that will used for FETCH_SUPPORT_PACKET remote command.
+// This field represents the warnings or notes that the device sends along with
+// the command result. This enum will be used to attach optional notes to
+// successful execution. Failure details will be send to the server in
+// FetchSupportPacketResultCode enum.
+enum FetchSupportPacketResultNote {
+ FETCH_SUPPORT_PACKET_RESULT_PAYLOAD_UNSPECIFIED = 0;
+ // Warning that the requested PII is not allowed to be included in the
+ // collected logs due to privacy issues. This is not an error but a warning to
+ // the admin. The log file will be created and uploaded without PII.
+ WARNING_PII_NOT_ALLOWED = 1;
+}
+
+// Data along with a cryptographic signature verifying their authenticity.
+message SignedData {
+ // The data to be signed.
+ optional bytes data = 1;
+ // The signature of the data field.
+ optional bytes signature = 2;
+ // How many bytes were added to the end of original data before signature
+ // (e.g. a nonce to avoid proxy attacks of the signing service).
+ optional int32 extra_data_bytes = 3;
+}
+
+// Request from device to server to check user account type for enrollment.
+message CheckUserAccountRequest {
+ // Email address of a user.
+ // The user may not exist in GAIA.
+ optional string user_email = 1;
+ // If enrollment nudge policy is required.
+ optional bool enrollment_nudge_request = 2 [default = false];
+}
+
+// Request from device to server to register a device, user or browser.
+message DeviceRegisterRequest {
+ reserved 5, 10;
+
+ // Reregister device without erasing server state. It can be used
+ // to refresh dmtoken etc. Client MUST set this value to true if it
+ // reuses an existing device id.
+ optional bool reregister = 1;
+
+ // Register type. This field does not exist for TT release.
+ // When a client requests for policies, server should verify the
+ // client has been registered properly. For example, a client must
+ // register with type DEVICE in order to retrieve device policies.
+ enum Type {
+ reserved 5;
+
+ TT = 0; // Register for TT release.
+ USER = 1; // Register for Chrome OS user polices.
+ DEVICE = 2; // Register for Chrome OS device policies.
+ BROWSER = 3; // Register for desktop Chrome browser user policies.
+ ANDROID_BROWSER = 4; // Register for Android Chrome browser user policies.
+ IOS_BROWSER = 6; // Register for iOS Chrome browser user policies.
+ }
+ // NOTE: we also use this field to detect client version. If this
+ // field is missing, then the request comes from TT. We will remove
+ // Chrome OS TT support once it is over.
+ optional Type type = 2 [default = TT];
+
+ // Machine hardware id, such as serial number.
+ // This field is required if register type == DEVICE.
+ optional string machine_id = 3;
+
+ // Machine model name, such as "ZGA", "Cr-48", "Nexus One". If the
+ // model name is not available, client SHOULD send generic name like
+ // "Android", or "Chrome OS".
+ optional string machine_model = 4;
+
+ // Indicates a requisition of the registering entity that the server can act
+ // upon. This allows clients to pass hints e.g. at device enrollment time
+ // about the intended use of the device.
+ optional string requisition = 6;
+
+ // The current server-backed state key for the client, if applicable. This can
+ // be used by the server to link the registration request to an existing
+ // device record for re-enrollment.
+ optional bytes server_backed_state_key = 7;
+
+ // Enumerates different flavors of registration.
+ enum Flavor {
+ reserved 12;
+
+ // User manually enrolls a device for device management.
+ FLAVOR_ENROLLMENT_MANUAL = 0;
+ // User re-starts enrollment manually to recover from loss of policy.
+ FLAVOR_ENROLLMENT_MANUAL_RENEW = 1;
+ // Device enrollment forced by local device configuration, such as OEM
+ // partition flags to force enrollment.
+ FLAVOR_ENROLLMENT_LOCAL_FORCED = 2;
+ // Enrollment advertised by local device configuration, such as OEM
+ // partition flags indicating to prompt for enrollment, but allowing the
+ // user to skip.
+ FLAVOR_ENROLLMENT_LOCAL_ADVERTISED = 3;
+ // Device state downloaded from the server during OOBE indicates that
+ // re-enrollment is mandatory.
+ FLAVOR_ENROLLMENT_SERVER_FORCED = 4;
+ // Device state downloaded from the server during OOBE indicates that the
+ // device should prompt for (re-)enrollment, but the user is allowed to
+ // skip.
+ FLAVOR_ENROLLMENT_SERVER_ADVERTISED = 5;
+ // Device detected in steady state that it is supposed to be enrolled, but
+ // the policy is missing.
+ FLAVOR_ENROLLMENT_RECOVERY = 6;
+ // User policy registration for a logged-in user.
+ FLAVOR_USER_REGISTRATION = 7;
+ // Attestation-based with the option to use a different authentication
+ // mechanism.
+ FLAVOR_ENROLLMENT_ATTESTATION = 8;
+ // Forced attestation-based enrollment (cannot fallback to another flavor).
+ FLAVOR_ENROLLMENT_ATTESTATION_LOCAL_FORCED = 9;
+ // Device state downloaded from the server during OOBE indicates that
+ // re-enrollment is mandatory and should be attestation-based.
+ FLAVOR_ENROLLMENT_ATTESTATION_SERVER_FORCED = 10;
+ // Device state downloaded from the server indicated that re-enrollment is
+ // mandatory, but it failed and we are doing a fallback to manual
+ // enrollment.
+ FLAVOR_ENROLLMENT_ATTESTATION_MANUAL_FALLBACK = 11;
+ // Device state downloaded from the server during OOBE indicates that
+ // initial enrollment is mandatory.
+ FLAVOR_ENROLLMENT_INITIAL_SERVER_FORCED = 13;
+ // Device state downloaded from the server during OOBE indicates that
+ // initial enrollment is mandatory and should be attestation-based.
+ FLAVOR_ENROLLMENT_ATTESTATION_INITIAL_SERVER_FORCED = 14;
+ // Device state downloaded from the server indicated that initial enrollment
+ // is mandatory, but it failed and we are doing a fallback to manual
+ // enrollment.
+ FLAVOR_ENROLLMENT_ATTESTATION_INITIAL_MANUAL_FALLBACK = 15;
+ // An enterprise rollback just took place and the device was wiped.
+ // Attempt to re-enroll with attestation. This is forced from the
+ // client side.
+ FLAVOR_ENROLLMENT_ATTESTATION_ROLLBACK_FORCED = 16;
+ // An enterprise rollback just took place and the device was wiped.
+ // Attestation re-enrollment just failed, attempt manual enrollment as
+ // fallback.
+ FLAVOR_ENROLLMENT_ATTESTATION_ROLLBACK_MANUAL_FALLBACK = 17;
+ // Device state downloaded from the server indicated that initial enrollment
+ // is mandatory and should be token-based.
+ FLAVOR_ENROLLMENT_TOKEN_INITIAL_SERVER_FORCED = 18;
+ // Device state downloaded from the server indicated that initial
+ // token-based enrollment is mandatory, but it failed and we are doing
+ // fallback to manual enrollment.
+ FLAVOR_ENROLLMENT_TOKEN_INITIAL_MANUAL_FALLBACK = 19;
+ }
+
+ // Indicates the registration flavor. This is passed to the server FYI when
+ // registering for policy so the server can distinguish registration triggers.
+ optional Flavor flavor = 8;
+
+ // If specified, represents the license type selected by user on the device.
+ optional LicenseType license_type = 9;
+
+ // Enumerates different expected lifetimes of registration.
+ enum Lifetime {
+ // Default case.
+ LIFETIME_UNDEFINED = 0;
+ // No expiration, most of the registrations have this lifetime.
+ LIFETIME_INDEFINITE = 1;
+ // Lifetime for ephemeral user policy registration.
+ LIFETIME_EPHEMERAL_USER = 2;
+ }
+
+ // Indicates the expected lifetime of registration.
+ optional Lifetime lifetime = 11 [default = LIFETIME_INDEFINITE];
+
+ // The 4-character brand code of the device.
+ optional string brand_code = 12;
+
+ // Previous DMToken that should be reused for re-registration.
+ optional string reregistration_dm_token = 13;
+
+ // MAC address for onboard network (ethernet) interface.
+ // The format is twelve (12) hexadecimal digits without any delimiter
+ // (uppercase letters).
+ // This field might be set only if register type == DEVICE.
+ optional string ethernet_mac_address = 14;
+
+ // Built-in MAC address for the docking station that the device can be
+ // connected to.
+ // The format is twelve (12) hexadecimal digits without any delimiter
+ // (uppercase letters).
+ // This field might be set only if register type == DEVICE.
+ optional string dock_mac_address = 15;
+
+ // The date the device was manufactured in yyyy-mm-dd format.
+ // This field might be set only if register type == DEVICE.
+ optional string manufacture_date = 16;
+
+ // Currently using in token enrollment to ensure domain in request matches
+ // domain from token.
+ optional string expected_enrollment_domain = 17;
+
+ // Identification of the device that is not already available.
+ optional DeviceRegisterIdentification device_register_identification = 18;
+
+ // Indicates all possible PSM (Private Set Membership) protocol final results
+ // without specifying the root cause in case of an error.
+ enum PsmExecutionResult {
+ // PSM protocol started and it neither finished successfully nor
+ // terminated due to a protocol's error.
+ PSM_RESULT_UNKNOWN = 0;
+
+ // PSM finished successfully and there was server-backed state for the
+ // device.
+ PSM_RESULT_SUCCESSFUL_WITH_STATE = 1;
+
+ // PSM finished successfully and there was no server-backed state for the
+ // device.
+ PSM_RESULT_SUCCESSFUL_WITHOUT_STATE = 2;
+
+ // PSM terminated due to an error.
+ PSM_RESULT_ERROR = 3;
+
+ // PSM check was skipped, as the device is going through Flex Auto
+ // Enrollment after legacy state determination.
+ PSM_SKIPPED_FOR_FLEX_AUTO_ENROLLMENT = 4;
+ }
+ optional PsmExecutionResult psm_execution_result = 19;
+
+ // Timestamp of PSM retrieving the device's determination successfully in
+ // milliseconds since Epoch in UTC timezone (Java time).
+ optional int64 psm_determination_timestamp_ms = 20;
+
+ // Information specific to Demo Mode about the device and the demo context.
+ // Only set when the device is enrolling into Demo Mode, as defined by
+ // DeviceRegisterRequest.requisition == "cros-demo-mode".
+ optional DemoModeDimensions demo_mode_dimensions = 21;
+
+ // Contains encoded customer information relevant for the generic OIDC profile
+ // enrollment process.
+ optional string oidc_profile_enrollment_state = 22;
+
+ // Next id: 23.
+}
+
+// Identification of a device used during its registration.
+message DeviceRegisterIdentification {
+ // The attested device ID for devices using Zero-Touch (see go/zt-sn).
+ optional string attested_device_id = 1;
+}
+
+// Response from server to device
+message CheckUserAccountResponse {
+ // Enum listing the possible user account status.
+ enum UserAccountType {
+ UNKNOWN_USER_ACCOUNT_TYPE = 0;
+
+ // There is no GAIA user exist mapping to the specific user email.
+ NOT_EXIST = 1;
+
+ // The GAIA user mapping to the specific user email is not a dasher user.
+ CONSUMER = 2;
+ // The GAIA user is a dasher user. See http://go/is-dasher-user
+ DASHER = 3;
+ }
+
+ // The domain abstracted from the specific email has been verified by dasher.
+ optional bool domain_verified = 1;
+
+ // The account type mapping from the specific user email.
+ optional UserAccountType user_account_type = 2;
+
+ // Enum listing the possible enrollment nudge types.
+ enum EnrollmentNudgeType {
+ UNKNOWN_ENROLLMENT_NUDGE_TYPE = 0;
+ // Enrollment is not required.
+ NONE = 1;
+ // Requires the user to complete the enrollment process before they can
+ // login.
+ ENROLLMENT_REQUIRED = 2;
+ }
+
+ // Whether to nudge managed users to enroll unowned devices.
+ optional EnrollmentNudgeType enrollment_nudge_type = 3;
+}
+
+// Response from server to device register request.
+message DeviceRegisterResponse {
+ reserved 6;
+
+ // Device management token for this registration. This token MUST be
+ // part of HTTP Authorization header for all future requests from
+ // device to server.
+ required string device_management_token = 1;
+
+ // Device display name. By default, server generates the name in
+ // the format of "Machine Model - Machine Id". However, domain
+ // admin can update it using Admin console, so do NOT treat it as constant.
+ optional string machine_name = 2;
+
+ // Enum listing the possible modes the device should be locked into when the
+ // registration is finished.
+ enum DeviceMode {
+ // In ENTERPRISE mode the device has no local owner and device settings are
+ // controlled through the cloud policy infrastructure. Auto-enrollment is
+ // supported in that mode.
+ ENTERPRISE = 0;
+ // DEPRECATED: Devices in RETAIL mode also have no local owner and get their
+ // device settings from the cloud, but additionally this mode enables the
+ // demo account on the device.
+ RETAIL_DEPRECATED = 1;
+ // DEPRECATED: Devices in CHROME_AD mode are in enterprises with AD. Device
+ // settings are controlled through the AD policy infrastructure.
+ CHROME_AD_DEPRECATED = 2;
+ // Devices in DEMO mode have no local owner and get their device settings
+ // from the cloud. They are controlled by demo mode domain and provide
+ // customized demo experience to the users.
+ DEMO = 3;
+ }
+ optional DeviceMode enrollment_type = 3 [default = ENTERPRISE];
+
+ // An opaque configuration string for devices that require it. CHROME_AD
+ // devices, for example, may use this string for AD discovery. Must be at
+ // most a few kBytes.
+ optional string configuration_seed = 4;
+
+ // List of user affiliation IDs. The list is used to define if the user
+ // registering for policy is affiliated on the device.
+ // Only sent if DeviceRegisterRequest.Type == USER
+ repeated string user_affiliation_ids = 5;
+
+ // The display name Chrome should use when setting up the profile, used for
+ // OIDC managed profile only.
+ optional string user_display_name = 7;
+
+ // The email of the user who logged into this profile, used for OIDC managed
+ // profile only.
+ optional string user_email = 8;
+
+ // Enum listing the possible types of the third party identity used for OIDC
+ // managed profiles.
+ enum ThirdPartyIdentityType {
+ // The profile does not have third party identity.
+ NONE = 0;
+ // The third party identity is synced to Google (Dasher) and there is an
+ // associated GAIA ID for it.
+ DASHER_BASED = 1;
+ // The third party identity is not synced to Google and there is no
+ // associated GAIA ID for it.
+ DASHERLESS = 2;
+ }
+ optional ThirdPartyIdentityType third_party_identity_type = 9
+ [default = NONE];
+}
+
+// Request from device to server to unregister device.
+// GoogleDMToken MUST be in HTTP Authorization header.
+message DeviceUnregisterRequest {}
+
+// Response from server to device for unregister request.
+message DeviceUnregisterResponse {}
+
+// Request from device to server to upload a device certificate or an enrollment
+// identifier.
+// GoogleDMToken MUST be in HTTP Authorization header.
+message DeviceCertUploadRequest {
+ enum CertificateType {
+ // Default value for when a type is not specified.
+ CERTIFICATE_TYPE_UNSPECIFIED = 0;
+ // Enterprise machine certificate used for remote attestation.
+ ENTERPRISE_MACHINE_CERTIFICATE = 1;
+ // Enrollment certificate used to obtain an enrollment identifier.
+ ENTERPRISE_ENROLLMENT_CERTIFICATE = 2;
+ }
+
+ // Certificate in X.509 format.
+ optional bytes device_certificate = 1;
+ // Type of certificate. If omitted, will be guessed from the other fields.
+ optional CertificateType certificate_type = 2;
+ // Enrollment identifier if provided.
+ optional bytes enrollment_id = 3;
+}
+
+// Response from server to device for cert upload request.
+message DeviceCertUploadResponse {}
+
+// Request to access a Google service with the given scope.
+message DeviceServiceApiAccessRequest {
+ // The list of auth scopes the device requests from DMServer.
+ repeated string auth_scopes = 1;
+
+ // OAuth2 client ID to which the returned authorization code is bound.
+ optional string oauth2_client_id = 2;
+
+ // Enumerates different flavors of registration.
+ enum DeviceType {
+ // Authcode will be used by Chrome OS
+ // (this is typically requested during device enrollment)
+ CHROME_OS = 0;
+ // Authcode will be used by Android (ARC) subsystem
+ // (this is typically requested during ARC Kiosk session setup)
+ ANDROID_OS = 1;
+ // Authcode will be used by Chrome OS Demo Mode. This auth code can be used
+ // to access Google Docs.
+ // Please see go/cros-demo-mode and go/demo-mode-account-brainstorm.
+ CHROME_OS_DEMO_MODE = 2;
+ // Authcode will be used by the enterprise-managed Chrome Browser to
+ // register for policy invalidations. This is requested during enrollment.
+ CHROME_BROWSER = 3;
+ }
+
+ // Device type indicates the intended use of the auth code.
+ optional DeviceType device_type = 3;
+}
+
+// Response from server to API access request.
+message DeviceServiceApiAccessResponse {
+ // The OAuth2 authorization code for the requested scope(s).
+ // This can be exchanged for a refresh token.
+ optional string auth_code = 1;
+}
+
+// Device Identifier for non-Chrome OS platform.
+message BrowserDeviceIdentifier {
+ reserved 3;
+
+ // Name of the computer.
+ optional string computer_name = 1;
+ // Device serial number (definition depending on the platform).
+ optional string serial_number = 2;
+}
+
+message PolicyFetchRequest {
+ reserved 5;
+
+ // This is the policy type, which maps to D3 policy type internally.
+ // By convention, we use "/" as separator to create policy namespace.
+ // The policy type names are case insensitive.
+ //
+ // Possible values for Chrome OS are:
+ // google/chromeos/device => ChromeDeviceSettingsProto
+ // google/chromeos/publicaccount => ChromeSettingsProto
+ // google/chromeos/signinextension => ExternalPolicyData
+ // google/chromeos/remotecommand => RemoteCommand (*)
+ //
+ // For users signed in to Chrome,
+ // google/chromeos/user => ChromeSettingsProto
+ // google/android/user => ChromeSettingsProto
+ // google/chrome/user => ChromeSettingsProto
+ // google/ios/user => ChromeSettingsProto
+ // google/chrome/extension => ExternalPolicyData
+ //
+ // For Chrome Browser Cloud Management,
+ // google/chrome/machine-level-user => ChromeSettingsProto
+ // google/chrome/machine-level-user-android => ChromeSettingsProto
+ // google/chrome/machine-level-user-ios => ChromeSettingsProto
+ // google/chrome/machine-level-extension => ExternalPolicyData
+ // google/machine-level-apps =>
+ // Omaha policy fetch is translated into two policy types
+ // google/chrome/machine-level-user => ChromeSettingsProto
+ // google/machine-level-omaha => OmahaSettingsClientProto
+ //
+ // Types marked with an (*) are not policies, but data signed with the policy
+ // key. It is illegal to try to fetch policies with those types.
+ optional string policy_type = 1;
+
+ // This is the last policy timestamp that client received from server. The
+ // expectation is that this field is filled by the value of
+ // PolicyData.timestamp from the last policy received by the client.
+ optional int64 timestamp = 2;
+
+ // Tell server what kind of security signature is required.
+ // TODO(b/147782972): Move to toplevel in sync with Chrome OS client code.
+ enum SignatureType {
+ NONE = 0;
+ SHA1_RSA = 1;
+ SHA256_RSA = 2;
+ }
+ optional SignatureType signature_type = 3 [default = NONE];
+
+ // The version number of the public key that is currently stored
+ // on the client. This should be the last number the server had
+ // supplied as new_public_key_version in PolicyData.
+ // This field is unspecified if the client does not yet have a
+ // public key.
+ optional int32 public_key_version = 4;
+
+ // This field is used for devices to send the additional ID to fetch settings.
+ // Retrieving some settings requires more than just device or user ID.
+ // For example, to retrieve public account, devices need to pass in
+ // public account ID in addition to device ID. To retrieve extension or
+ // plug-in settings, devices need to pass in extension/plug-in ID in
+ // addition to user ID.
+ // policy_type represents the type of settings (e.g. public account,
+ // extension) devices request to fetch.
+ optional string settings_entity_id = 6;
+
+ // If this fetch is due to a policy invalidation, this field contains the
+ // version provided with the invalidation. The server interprets this value
+ // and the value of invalidation_payload to fetch the up-to-date policy.
+ optional int64 invalidation_version = 7;
+
+ // If this fetch is due to a policy invalidation, this field contains the
+ // payload delivered with the invalidation. The server interprets this value
+ // and the value of invalidation_version to fetch the up-to-date policy.
+ optional bytes invalidation_payload = 8;
+
+ // Hash string for the chrome policy verification public key which is embedded
+ // into Chrome binary. Matching private key will be used by the server
+ // to sign per-domain policy keys during key rotation. If server does not
+ // have the key which matches this hash string, that could indicate malicious
+ // or out-of-date Chrome client.
+ optional string verification_key_hash = 9;
+
+ // Encoded information from a policy invalidation notification. This is opaque
+ // to the client and should be forwarded from the invalidation notification.
+ optional string policy_invalidation_info = 10;
+
+ // Whether or not the client only supports the new PolicyData invalidation
+ // topics. If true, only the policy_invalidation_topic and
+ // command_invalidation_topic fields will be set in the PolicyData response.
+ optional bool invalidation_topics_only = 11;
+
+ // If this is an affiliated user, this is the device's DMToken.
+ optional string device_dm_token = 12;
+
+ // Device identifier for helping identify non-Chrome OS devices.
+ optional BrowserDeviceIdentifier browser_device_identifier = 13;
+}
+
+// This message customizes how the device behaves when it is disabled by its
+// owner. The message will be sent as part of the DeviceState fetched during
+// normal operation and as part of the DeviceStateRetrievalResponse fetched when
+// the device is wiped/reinstalled.
+message DisabledState {
+ // A message to the finder/thief that should be shown on the screen.
+ optional string message = 1;
+}
+
+message DeviceState {
+ // Modes of operation that the device can be in.
+ enum DeviceMode {
+ // The device is operating normally. Sessions can be started and the device
+ // can be used.
+ DEVICE_MODE_NORMAL = 0;
+ // The device has been disabled by its owner. The device will show a warning
+ // screen and will not allow any sessions to be started.
+ DEVICE_MODE_DISABLED = 1;
+ }
+ // The mode of operation that the device should be in.
+ optional DeviceMode device_mode = 1 [default = DEVICE_MODE_NORMAL];
+
+ // State that is relevant only when the |device_mode| is
+ // |DEVICE_MODE_DISABLED|.
+ optional DisabledState disabled_state = 2;
+}
+
+message CustomerLogo {
+ // The SCS url for the logo set by the admin for a particular OU.
+ // This is in the form https://admin.googleusercontent.com/<scs_url_key>.
+ optional string logo_url = 1;
+}
+
+// This message is included in serialized form in PolicyFetchResponse below. It
+// may also be signed, with the signature being created for the serialized form.
+message PolicyData {
+ reserved 10, 13, 14, 18, 19;
+ reserved "command_invalidation_name";
+ reserved "command_invalidation_source";
+ reserved "invalidation_name";
+ reserved "invalidation_source";
+ reserved "valid_serial_number_missing";
+
+ // See PolicyFetchRequest.policy_type.
+ optional string policy_type = 1;
+
+ // [timestamp] is milliseconds since Epoch in UTC timezone (Java time). It is
+ // included here so that the time at which the server issued this response
+ // cannot be faked (as protection against replay attacks). It is the timestamp
+ // generated by DMServer, NOT the time admin last updated the policy or
+ // anything like that.
+ optional int64 timestamp = 2;
+
+ // The DMToken that was used by the client in the HTTP POST header for
+ // authenticating the request. It is included here again so that the client
+ // can verify that the response is meant for them (and not issued by a replay
+ // or man-in-the-middle attack).
+ // Note that the existence or non-existence of the DMToken is not the correct
+ // way to determine whether the device is managed. Cf. |management_mode| below
+ // for details.
+ optional string request_token = 3;
+
+ // The serialized value of the actual policy protobuf. This can be
+ // deserialized to an instance of, for example, ChromeSettingsProto,
+ // ChromeDeviceSettingsProto, or ExternalPolicyData.
+ optional bytes policy_value = 4;
+
+ // The device display name assigned by the server. It is only
+ // filled if the display name is available.
+ //
+ // The display name of the machine as generated by the server or set
+ // by the Administrator in the Admin console GUI. This is the same thing as
+ // |machine_name| in DeviceRegisterResponse but it might have
+ // changed since then.
+ optional string machine_name = 5;
+
+ // Version number of the server's current public key. (The key that
+ // was used to sign this response. Numbering should start at 1 and be
+ // increased by 1 at each key rotation.)
+ optional int32 public_key_version = 6;
+
+ // The user this policy is intended for. In case of device policy, the name
+ // of the owner (who registered the device).
+ optional string username = 7;
+
+ // In this field the DMServer should echo back the "deviceid" HTTP parameter
+ // from the request. This is also used for user and device local accounts ids,
+ // see client_id in code.
+ optional string device_id = 8;
+
+ // Indicates which state this association with DMServer is in. This can be
+ // used to tell the client that it is not receiving policy even though the
+ // registration with the server is kept active.
+ enum AssociationState {
+ // Association is active and policy is pushed.
+ ACTIVE = 0;
+ // Association is alive, but the corresponding domain is not managed.
+ UNMANAGED = 1;
+ // The device has been deprovisioned by the administrator and is no longer
+ // managed.
+ DEPROVISIONED = 2;
+ }
+ optional AssociationState state = 9 [default = ACTIVE];
+
+ // Indicates which public account or extension/plug-in this policy data is
+ // for. See PolicyFetchRequest.settings_entity_id for more details.
+ optional string settings_entity_id = 11;
+
+ // Indicates the identity the device service account is associated with.
+ // This is only sent as part of device policy fetch.
+ optional string service_account_identity = 12;
+
+ // Server-provided identifier of the fetched policy. This is to be used
+ // by the client when requesting Policy Posture assertion through an API
+ // call or SAML flow. For details, see http://go/chrome-nac-server-design.
+ optional string policy_token = 15;
+
+ // Indicates the management mode of the device. Note that old policies do not
+ // have this field. If this field is not set but request_token is set, assume
+ // the management mode is ENTERPRISE_MANAGED. If both this field and
+ // request_token are not set, assume the management mode is LOCAL_OWNER.
+ enum ManagementMode {
+ // The device is owned locally. The policies are set by the local owner of
+ // the device.
+ LOCAL_OWNER = 0;
+ // The device is enterprise-managed (either via DM server or through Active
+ // Directory). See the comment above for backward compatibility.
+ ENTERPRISE_MANAGED = 1;
+ // Obsolete. Don't use.
+ OBSOLETE_CONSUMER_MANAGED = 2;
+ }
+ optional ManagementMode management_mode = 16;
+
+ // Indicates the state that the device should be in.
+ optional DeviceState device_state = 17;
+
+ // The free-text location info the admin enters to associate the device
+ // with a location.
+ optional string annotated_location = 20;
+
+ // The free-text asset identifier the admin enters to associate the device
+ // with a user-generated identifier.
+ optional string annotated_asset_id = 21;
+
+ // The unique directory api ID of the device which was generated on the
+ // server-side.
+ optional string directory_api_id = 22;
+
+ // List of device affiliation IDs. If there exists an overlap between user
+ // affiliation IDs and device affiliation IDs, we consider that the user is
+ // affiliated on the device. Otherwise the user is not affiliated on the
+ // device. Should be fetched with device policy. Ignored if fetched with
+ // other polices.
+ repeated string device_affiliation_ids = 23;
+
+ // List of user affiliation IDs. The list is used to define if current user
+ // is affiliated on the device. See device_affiliation_ids for details.
+ // Should be fetched with user policy. Ignored if fetched with other polices.
+ repeated string user_affiliation_ids = 24;
+
+ // Used as the display domain when the primary domain gets renamed. This field
+ // is present only for device policies.
+ optional string display_domain = 25;
+
+ // Invalidation topic for devices. Clients register for FCM messages using
+ // this topic in order to receive notifications for device policy changes.
+ optional string policy_invalidation_topic = 26;
+
+ // Invalidation topic for commands. Clients register for FCM messages using
+ // this topic in order to receive notifications that one or more commands are
+ // available for execution.
+ optional string command_invalidation_topic = 27;
+
+ // Whether the device needs to upload an enrollment identifier to the cloud.
+ // TODO(b/136188860) migrates to enrollment_certificate_needed under
+ // client_action_required.
+ optional bool enrollment_id_needed = 28;
+
+ // Gaia id of the user the policy is intended for.
+ // Should be fetched with user policy.
+ optional string gaia_id = 29;
+
+ // Indicate this device's market segment. The MarketSegment enum in
+ // cloud_policy_constants.h (http://shortn/_3iFWcdjy0P) must be kept in sync
+ // with this enum.
+ enum MarketSegment {
+ MARKET_SEGMENT_UNSPECIFIED = 0;
+ ENROLLED_EDUCATION = 1;
+ ENROLLED_ENTERPRISE = 2;
+ }
+
+ // This field should only be set for Device Policy response.
+ // See go/cros-rlz-segments
+ optional MarketSegment market_segment = 30;
+
+ // This field is currently only set for Device Policy response.
+ // This represents the logo set by the admin for the OU that the device
+ // belongs to. This is domain metadata included in a device policy response,
+ // but it is not an explicit device policy.
+ optional CustomerLogo customer_logo = 31;
+
+ // b/129771193
+ // This setting is from SingleSignOnSettingsProto#change_password_uri
+ // http://google3/ccc/hosted/policies/services/common/sso_settings.proto?l=48&rcl=241246111
+ // This field is currently only set for User Policy response.
+ optional string change_password_uri = 32;
+
+ // This field is used for asking client to perform some actions. For instance,
+ // server asks client to re-upload enrollment certificate. In long term, new
+ // added field which asks client to perform an action in policy data should be
+ // put in ClientActionRequired message.
+ optional ClientActionRequired client_action_required = 33;
+
+ // Obfuscated customerId the device is enrolled into.
+ // Only set for device policy.
+ optional string obfuscated_customer_id = 34;
+
+ // The different types of user segments for metrics logging. If any values are
+ // added to this enum, the corresponding enum in
+ // UserTypeByDeviceTypeMetricsProvider::UserSegment
+ // (http://shortn/_uK3ZM4pC0a) should be updated.
+ enum MetricsLogSegment {
+ UNSPECIFIED = 0;
+ K12 = 1;
+ UNIVERSITY = 2;
+ NONPROFIT = 3;
+ ENTERPRISE = 4;
+ }
+
+ // Indicates the segment the user's metrics should be logged under,
+ // UNSPECIFIED if not relevant.
+ // This field should only be set for User Policy response.
+ optional MetricsLogSegment metrics_log_segment = 35;
+
+ // This field will be populated with primary domain name for domain verified
+ // customer, and primary admin email for domainless customer. The client side
+ // will use this field to display who manages this device/browser/user.
+ optional string managed_by = 36;
+
+ // An identifier (e.g. "inboundSamlSsoProfiles/0abcdefg1234567") for the
+ // device's managing OU's SSO profile. Currently, this points to the OU's
+ // SAML settings. May support OIDC in the future.
+ optional string sso_profile = 37;
+
+ // Indicates which kind of licenses this device is using, so that chrome OS
+ // can check that. The value is from ChromeOsDeviceInfo
+ // http://google3/ccc/hosted/devices/services/chromeos/common.proto;rcl=436571779;l=549
+ optional string license_sku = 38;
+}
+
+message ClientActionRequired {
+ // Whether device needs to upload an enterprise enrollment certificate to
+ // cloud.
+ optional bool enrollment_certificate_needed = 1;
+}
+
+message PolicyFetchResponse {
+ // Since a single policy request may ask for multiple policies, DM server
+ // provides separate error codes (making use of standard HTTP Status Codes)
+ // for each individual policy fetch.
+ optional int32 error_code = 1;
+
+ // Human readable error message for customer support purpose.
+ optional string error_message = 2;
+
+ // This is a serialized |PolicyData| protobuf (defined above).
+ optional bytes policy_data = 3;
+
+ // Signature of the policy data above.
+ optional bytes policy_data_signature = 4;
+
+ // If the public key has been rotated on the server, the new public
+ // key is sent here. It is already used for |policy_data_signature|
+ // above, whereas |new_public_key_signature| is created using the
+ // old key (so the client can trust the new key). If this is the
+ // first time when the client requests policies (so it doesn't have
+ // on old public key), then |new_public_key_signature| is empty.
+ optional bytes new_public_key = 5;
+ optional bytes new_public_key_signature = 6;
+
+ // DEPRECATED: Exists only to support older clients. This signature is similar
+ // to new_public_key_verification_data_signature, but is computed over
+ // DEPRECATEDPolicyPublicKeyAndDomain (which is equivalent to
+ // PublicKeyVerificationData proto with version field unset).
+ //
+ // Do not remove this unless you know for sure that this is not required by
+ // managed devices any more, including devices that might be pinned to
+ // milestones older than current Stable.
+ // Note: As of February 2024, this is still strictly required by
+ // CloudPolicyValidator, see
+ // https://source.chromium.org/chromium/chromium/src/+/main:components/policy/core/common/cloud/cloud_policy_validator.cc;drc=08b91b49531894cbe9061a1148fd535155c2554b;l=407
+ optional bytes new_public_key_verification_signature_deprecated = 7
+ [deprecated = true];
+
+ // This is a serialized |PublicKeyVerificationData| protobuf (defined
+ // below). See comments for |new_public_key_verification_data_signature| field
+ // for details on how this data is signed.
+ // Please note that |new_public_key| is also included inside this data
+ // field. Thus we have new public key signed with old version of private key
+ // (if client indicated to us that it has old key version), and
+ // new public key data signed by primary verification key (if client told
+ // us that it has public verification key - see |verification_key_id| field
+ // of |PolicyFetchRequest|). In most cases, both signatures will be provided.
+ // However, client might not have old policy signing key - for example, when
+ // new profile is being set up. In this case, only verification signature
+ // is supplied.
+ // Or, client might not have verification public key (legacy Chrome build
+ // before verification key was introduced, or outdated build which has
+ // old/compromised verification key). In that case, verification signature
+ // cannot be provided.
+ // If client is missing both public keys (old signing key and verification
+ // key), then we are unable to produce any valid signature and client must
+ // drop such PolicyFetchResponse.
+ optional bytes new_public_key_verification_data = 8;
+
+ // If new_public_key is specified, this field contains the signature of a
+ // PublicKeyVerificationData protobuf, signed using a key only available to
+ // DMServer. The public key portion of this well-known key is embedded into
+ // the Chrome binary. The hash of that embedded key is passed to DMServer as
+ // verification_key_hash field in PolicyFetchRequest. DMServer picks a private
+ // key on the server which matches the hash (matches public key on the
+ // client). If DMServer is unable to find matching key, it returns an error
+ // instead of policy data. In case a hash was not specified, DMServer leaves
+ // the verification signature field empty (legacy behavior).
+ // This signature is provided to better protect first key delivery (since the
+ // browser does not possess the previous signing key, DMServer cannot compute
+ // new_public_key_signature).
+ // See http://go/chrome-nac-server-design for more information.
+ optional bytes new_public_key_verification_data_signature = 9;
+
+ // DEPRECATED! Client-side should verify and rely on the policy_type inside
+ // the signed policy_data.
+ optional string policy_type = 10 [deprecated = true];
+
+ // The type of signature used to generate policy_data_signature.
+ optional PolicyFetchRequest.SignatureType policy_data_signature_type = 11;
+}
+
+// DEPRECATED: Protobuf used to generate the deprecated
+// new_public_key_verification_signature field.
+message DEPRECATEDPolicyPublicKeyAndDomain {
+ // The public key to sign (taken from the |new_public_key| field in
+ // PolicyFetchResponse).
+ optional bytes new_public_key = 1;
+
+ // The domain associated with this key (should match the domain portion of the
+ // username field of the policy).
+ optional string domain = 2;
+}
+
+// This message contains the information which is signed by the verification key
+// during policy key rotation. It is included in serialized form in
+// PolicyFetchResponse above. A signature of the serialized form is included in
+// the new_public_key_verification_data_signature field.
+message PublicKeyVerificationData {
+ // The new public policy key after a key rotation.
+ optional bytes new_public_key = 1;
+
+ // The domain of the device/user.
+ optional string domain = 2;
+
+ // The version number of the new_public_key. This must be monotonically
+ // increasing (within a domain).
+ optional int32 new_public_key_version = 3;
+}
+
+// Request from device to server for reading policies.
+message DevicePolicyRequest {
+ // The policy fetch requests. If this field exists, the requests must come
+ // from a non-TT client. The repeated field allows clients to request
+ // multiple policies for better performance.
+ repeated PolicyFetchRequest requests = 3;
+
+ // Reason for the requesting policies, to help with monitoring and alerting
+ // (e.g. to detect an increase in fetch failures during enrollment).
+ enum Reason {
+ UNSPECIFIED = 0;
+ // Required policy fetch during device enrollment.
+ DEVICE_ENROLLMENT = 1;
+ // Policy fetch triggered by incoming FCM invalidation.
+ INVALIDATION = 2;
+ // CloudPolicyClient registration changed (e.g. during startup).
+ REGISTRATION_CHANGED = 3;
+ // Retry after previous policy fetch failure.
+ RETRY = 4;
+ // Various retry reasons based on DMServer status, see
+ // `CloudPolicyRefreshScheduler`.
+ RETRY_AFTER_STATUS_SERVICE_ACTIVATION_PENDING = 5;
+ RETRY_AFTER_STATUS_SERVICE_POLICY_NOT_FOUND = 6;
+ RETRY_AFTER_STATUS_SERVICE_TOO_MANY_REQUESTS = 7;
+ RETRY_AFTER_STATUS_REQUEST_FAILED = 8;
+ RETRY_AFTER_STATUS_TEMPORARY_UNAVAILABLE = 9;
+ RETRY_AFTER_STATUS_CANNOT_SIGN_REQUEST = 10;
+ RETRY_AFTER_STATUS_REQUEST_INVALID = 11;
+ RETRY_AFTER_STATUS_HTTP_STATUS_ERROR = 12;
+ RETRY_AFTER_STATUS_RESPONSE_DECODING_ERROR = 13;
+ RETRY_AFTER_STATUS_SERVICE_MANAGEMENT_NOT_SUPPORTED = 14;
+ RETRY_AFTER_STATUS_REQUEST_TOO_LARGE = 15;
+ // Scheduled policy refresh (e.g. once per day).
+ SCHEDULED = 16;
+ // Policy fetch triggered by sign-in.
+ SIGNIN = 17;
+ // A placeholder reason used for tests (should not occur in production).
+ TEST = 18;
+ // Policy fetched at browser start, e.g. device policies at Ash start.
+ BROWSER_START = 19;
+ // ChromeOS Policy fetch request from Lacros to Ash.
+ LACROS = 20;
+ // Policy fetched as requested by the user, e.g. through chrome://policy.
+ USER_REQUEST = 21;
+ // Policy fetches triggered by the Chrome Remote Desktop policy watcher.
+ CRD_HOST_POLICY_WATCHER = 22;
+ }
+ optional Reason reason = 4;
+}
+
+// Response from server to device for reading policies.
+message DevicePolicyResponse {
+ // The policy fetch responses.
+ repeated PolicyFetchResponse responses = 3;
+}
+
+message TimePeriod {
+ // [timestamp] is milliseconds since Epoch in UTC timezone (Java time).
+ optional int64 start_timestamp = 1;
+ optional int64 end_timestamp = 2;
+}
+
+message ActiveTimePeriod {
+ optional TimePeriod time_period = 1;
+
+ // The active duration during the above time period.
+ // The unit is milli-second.
+ optional int32 active_duration = 2;
+
+ // Email address of the active user. Present only if the user type is managed
+ // and affiliated.
+ optional string user_email = 3;
+
+ enum SessionType {
+ SESSION_UNKNOWN = 0;
+ SESSION_AFFILIATED_USER = 1;
+ SESSION_MANAGED_GUEST = 2;
+ SESSION_KIOSK = 3;
+ SESSION_ARC_KIOSK = 4;
+ SESSION_WEB_KIOSK = 5;
+ }
+
+ optional SessionType session_type = 4;
+}
+
+// Details about a network interface.
+message NetworkInterface {
+ // Indicates the type of network device.
+ enum NetworkDeviceType {
+ reserved 2;
+
+ TYPE_ETHERNET = 0;
+ TYPE_WIFI = 1;
+ TYPE_BLUETOOTH = 3;
+ TYPE_CELLULAR = 4;
+ }
+
+ // Network device type.
+ optional NetworkDeviceType type = 1;
+
+ // MAC address (if applicable) of the corresponding network device. This is
+ // formatted as an ASCII string with 12 hex digits. Example: A0B1C2D3E4F5.
+ optional string mac_address = 2;
+
+ // MEID (if applicable) of the corresponding network device. Formatted as
+ // ASCII string composed of 14 hex digits. Example: A10000009296F2.
+ optional string meid = 3;
+
+ // IMEI (if applicable) of the corresponding network device. 15-16 decimal
+ // digits encoded as ASCII string. Example: 355402040158759.
+ optional string imei = 4;
+
+ // The device path associated with this network interface.
+ optional string device_path = 5;
+
+ // The integrated circuit card ID associated with the device's sim card.
+ optional string iccid = 6;
+
+ // The mobile directory number associated with the device's sim card.
+ optional string mdn = 7;
+
+ // List of EID (EUICC Identifier) of all cellular EUICCs
+ // (Embedded Universal Integrated Circuit Cards) on the device.
+ // 32 decimal digits encoded as ASCII string. e.g.
+ repeated string eids = 8;
+}
+
+// Information about configured/visible networks - this is separate from
+// NetworkInterface because a configured network may not be associated with
+// any specific interface, or may be visible across multiple interfaces.
+message NetworkState {
+ // The current state of this network.
+ enum ConnectionState {
+ reserved 1; // CARRIER
+ reserved 6; // OFFLINE
+ reserved 10; // ACTIVATION_FAILURE
+
+ IDLE = 0;
+ ASSOCIATION = 2;
+ CONFIGURATION = 3;
+ READY = 4;
+ PORTAL = 5;
+ ONLINE = 7;
+ DISCONNECT = 8;
+ FAILURE = 9;
+ UNKNOWN = 11;
+ }
+
+ // For networks associated with a device, the path of the device.
+ optional string device_path = 1;
+
+ // Current state of this connection as reported by shill.
+ optional ConnectionState connection_state = 2;
+
+ // For wireless networks, the signal_strength in dBm.
+ optional int32 signal_strength = 3;
+
+ // The IP address this interface is bound to, if any.
+ optional string ip_address = 4;
+
+ // The gateway IP for this interface, if any.
+ optional string gateway = 5;
+}
+
+// Details about a device user.
+message DeviceUser {
+ // Types of device users which can be reported.
+ enum UserType {
+ // A user managed by the same domain as the device.
+ USER_TYPE_MANAGED = 0;
+
+ // A user not managed by the same domain as the device.
+ USER_TYPE_UNMANAGED = 1;
+ }
+
+ // The type of the user.
+ required UserType type = 1;
+
+ // Email address of the user. Present only if the user type is managed.
+ optional string email = 2;
+}
+
+// Information about a single disk volume.
+message VolumeInfo {
+ optional string volume_id = 1;
+
+ // The unit is bytes.
+ optional int64 storage_total = 2;
+ optional int64 storage_free = 3;
+}
+
+// Information about a single CPU utilization.
+message CpuUtilizationInfo {
+ // CPU utilization (0-100).
+ optional int32 cpu_utilization_pct = 1;
+ // The timestamp representing time at which the information was collected.
+ // [timestamp] is milliseconds since Epoch in UTC timezone (Java time).
+ optional int64 timestamp = 2;
+}
+
+// Information about a single free RAM.
+message SystemFreeRamInfo {
+ // Free RAM [in bytes] (unreliable due to GC).
+ optional int64 size_in_bytes = 1;
+ // The timestamp representing time at which the information was collected.
+ // [timestamp] is milliseconds since Epoch in UTC timezone (Java time).
+ optional int64 timestamp = 2;
+}
+
+// Information about a single CPU temperature channel.
+message CPUTempInfo {
+ // Temperature channel label.
+ optional string cpu_label = 1;
+ // CPU temperature in Celsius.
+ optional int32 cpu_temp = 2;
+ // Unix timestamp.
+ optional int64 timestamp = 3;
+}
+
+// Contains the Stateful Partition Information for user data storage in the
+// device.
+message StatefulPartitionInfo {
+ // Available space for user data storage in the device in bytes.
+ optional uint64 available_space = 1;
+ // Total space for user data storage in the device in bytes.
+ optional uint64 total_space = 2;
+ // File system on stateful partition. e.g. ext4.
+ optional string filesystem = 3;
+ // Source of stateful partition. e.g. /dev/mmcblk0p1.
+ optional string mount_source = 4;
+}
+
+// Chrome release channel, shared for different reports.
+enum Channel {
+ CHANNEL_UNKNOWN = 0;
+ CHANNEL_CANARY = 1;
+ CHANNEL_DEV = 2;
+ CHANNEL_BETA = 3;
+ CHANNEL_STABLE = 4;
+}
+
+// Frequently changing data for battery.
+message BatterySample {
+ optional int64 timestamp = 1;
+ // Battery voltage
+ optional int64 voltage = 2;
+ // Battery remaining capacity (mA-hours)
+ optional int64 remaining_capacity = 3;
+ // Temperature in Celsius.
+ optional int32 temperature = 4;
+ // The battery discharge rate measured in mW. Positive if the battery is being
+ // discharged, negative if it's being charged.
+ optional int32 discharge_rate = 5;
+ // Battery charge percentage
+ optional int32 charge_rate = 6;
+ // Battery current (mA)
+ optional int64 current = 7;
+ // Battery status read from sysfs
+ optional string status = 8;
+}
+
+// Status of the single battery
+message BatteryInfo {
+ optional string serial = 1;
+ optional string manufacturer = 2;
+ optional string battery_health = 3;
+ // Design capacity (mA-hours)
+ optional int64 design_capacity = 4;
+ // Full charge capacity (mA-hours)
+ optional int64 full_charge_capacity = 5;
+ optional int32 cycle_count = 6;
+ // Last sampling data.
+ repeated BatterySample samples = 7;
+ // Designed minimum output voltage (mV)
+ optional int32 design_min_voltage = 9;
+ // The date the battery was manufactured in yyyy-mm-dd format.
+ optional string manufacture_date = 10;
+ // Technology of the battery.
+ optional string technology = 11;
+}
+
+// Status of the power subsystem
+message PowerStatus {
+ enum PowerSource {
+ POWER_UNKNOWN = 0;
+ POWER_AC = 1;
+ POWER_BATTERY = 2;
+ }
+ optional PowerSource power_source = 1;
+ repeated BatteryInfo batteries = 2;
+}
+
+// LifeTime estimation for eMMC devices
+message DiskLifetimeEstimation {
+ // Lifetime estimations for SLC and MLC areas of eMMC.
+ // Values range from 00h to 0Bh -- indicating the percentage of device
+ // lifetime used.
+ optional int32 slc = 1;
+ optional int32 mlc = 2;
+}
+
+// Status of the single storage device
+// Next id: 29
+message DiskInfo {
+ optional string serial = 1;
+ optional string manufacturer = 2;
+ optional string model = 3;
+ // Size in bytes
+ optional int64 size = 4;
+ // eMMC / NVMe / ATA / SCSI.
+ optional string type = 5;
+ optional string health = 6;
+ // volume_id for volumes on this disk.
+ repeated string volumes = 7;
+ // Read/write statistics for this disk.
+ optional uint64 bytes_read_since_last_boot = 8;
+ optional uint64 bytes_written_since_last_boot = 9;
+ optional uint64 read_time_seconds_since_last_boot = 10;
+ optional uint64 write_time_seconds_since_last_boot = 11;
+ // Counts the time the disk and queue were busy, so unlike the fields above,
+ // parallel requests are not counted multiple times.
+ optional uint64 io_time_seconds_since_last_boot = 12;
+ // Time spent discarding since last boot. Discarding is writing to clear
+ // blocks which are no longer in use. Supported on kernels 4.18+.
+ optional uint64 discard_time_seconds_since_last_boot = 13;
+
+ // The manufacturer of the block device.
+ oneof vendor_id {
+ // NVME vendors:
+ // https://pcisig.com/membership/member-companies
+ uint32 nvme_subsystem_vendor = 14;
+ // EMMC oemids
+ // https://screenshot.googleplex.com/eZWNnV8qGnc
+ uint32 emmc_oemid = 15;
+ uint32 other_vendor = 16;
+ uint32 jedec_manfid = 27;
+ }
+
+ // The manufacturer-specific product identifier.
+ oneof product_id {
+ uint32 nvme_subsystem_device = 17;
+ uint32 emmc_pnm = 18;
+ uint32 other_product = 19;
+ }
+
+ // The revision of the device's hardware.
+ oneof hardware_revision {
+ uint32 nvme_hardware_rev = 20;
+ uint32 emmc_hardware_rev = 21;
+ uint32 other_hardware_rev = 22;
+ }
+
+ // The revision of the device's firmware.
+ oneof firmware_revision {
+ uint64 nvme_firmware_rev = 23;
+ uint64 emmc_firmware_rev = 24;
+ uint32 other_firmware_rev = 25;
+ uint32 ufs_firmware_rev = 28;
+ }
+
+ // The purpose of the device on the system.
+ enum DevicePurpose {
+ PURPOSE_UNKNOWN = 0;
+ PURPOSE_BOOT = 1;
+ PURPOSE_SWAP = 2;
+ }
+ optional DevicePurpose purpose = 26;
+}
+
+// Status of the storage subsystem.
+message StorageStatus {
+ repeated DiskInfo disks = 1;
+ optional DiskLifetimeEstimation lifetime_estimation = 2;
+}
+
+// Sampling for single temperature measurements
+message ThermalSample {
+ optional int64 timestamp = 1;
+ optional int32 temperature = 2;
+}
+
+// Temperature measurement series for thermal point.
+message ThermalInfo {
+ reserved 2;
+ optional string label = 1;
+ repeated ThermalSample samples = 3;
+}
+
+// Status for various on-board components
+message BoardStatus {
+ repeated ThermalInfo thermal_infos = 1;
+}
+
+// Status about a system's various elements.
+message SystemStatus {
+ // The product SKU (stock keeping unit) number.
+ optional string vpd_sku_number = 1;
+ // The date the device was first activated.
+ // Format: YYYY-WW.
+ optional string first_power_date = 2;
+ // The date the device was manufactured (finalized in factory).
+ // Format: YYYY-MM-DD.
+ optional string manufacture_date = 3;
+ // Contents of CrosConfig in /arc/build-properties/marketing-name. E.g. "HP
+ // Chromebook x360 14"
+ optional string marketing_name = 4;
+ // The BIOS version. E.g. "Google_Sarien.12200.58.0"
+ optional string bios_version = 5;
+ // The product name of the motherboard. E.g. "Sarien"
+ optional string board_name = 6;
+ // The version of the motherboard. E.g. "rev16"
+ optional string board_version = 7;
+ // The chassis type of the device. The values reported by chassis type are
+ // mapped in
+ // www.dmtf.org/sites/default/files/standards/documents/DSP0134_3.0.0.pdf.
+ // E.g. "9"
+ optional uint64 chassis_type = 8;
+ // The product name (model) of the system. E.g. "Sarien"
+ optional string product_name = 9;
+ // The product serial number.
+ optional string vpd_serial_number = 10;
+}
+
+// Status of a single C-state. C-states are various modes the CPU can transition
+// to in order to use more or less power.
+message CpuCStateInfo {
+ // Name of the state.
+ optional string name = 1;
+ // Time spent in the state since the last reboot, in microseconds.
+ optional uint64 time_in_state_since_last_boot_us = 2;
+}
+
+// Status of a single logical CPU.
+message LogicalCpuInfo {
+ // Maximum frequency the CPU is allowed to run at, by policy.
+ optional uint32 scaling_max_frequency_khz = 1;
+ // Current frequency the CPU is running at.
+ optional uint32 scaling_current_frequency_khz = 2;
+ // Idle time since last boot.
+ optional uint64 idle_time_seconds = 3;
+ // Information about the logical CPU's time in various C-states.
+ repeated CpuCStateInfo c_states = 4;
+}
+
+// Status of a single physical CPU on the device.
+message CpuInfo {
+ // The CPU model name.
+ optional string model_name = 1;
+
+ // The CPU architecture.
+ enum Architecture {
+ ARCHITECTURE_UNSPECIFIED = 0;
+ X86_64 = 1;
+ AARCH64 = 2;
+ ARMV7L = 3;
+ }
+ optional Architecture architecture = 2;
+
+ // The max CPU clock speed in kHz.
+ optional uint32 max_clock_speed_khz = 3;
+
+ repeated LogicalCpuInfo logical_cpus = 4;
+}
+
+// Overall CPU information for the device.
+message GlobalCpuInfo {
+ // Total number of threads on the device.
+ optional uint32 num_total_threads = 1;
+}
+
+// Status for a single display. A display screen with resolution 1920x1080
+// would have resolution_width: 1920 and resolution_height: 1080.
+message DisplayInfo {
+ // Resolution width
+ optional uint32 resolution_width = 1;
+ // Resolution height
+ optional uint32 resolution_height = 2;
+ // Refresh rate (Hz)
+ optional uint32 refresh_rate = 3;
+ // Set to true if display is internal, otherwise set to false.
+ optional bool is_internal = 4;
+}
+
+// Status of a single graphics adapter (GPU).
+message GraphicsAdapterInfo {
+ // Adapter name. Example: Mesa DRI Intel(R) UHD Graphics 620 (Kabylake GT2)
+ optional string name = 1;
+ // Driver version
+ optional string driver_version = 2;
+ // Represents the graphics card device id
+ optional uint64 device_id = 3;
+ // GPU consumption of system RAM (bytes)
+ optional uint64 system_ram_usage = 4;
+}
+
+// Status of the graphics subsystem.
+message GraphicsStatus {
+ optional GraphicsAdapterInfo adapter = 1;
+ repeated DisplayInfo displays = 2;
+}
+
+// Status of a crash report.
+message CrashReportInfo {
+ // The status options should align with crash_reporter::ReportUploadState.
+ enum CrashReportUploadStatus {
+ UPLOAD_STATUS_UNKNOWN = 0;
+ UPLOAD_STATUS_NOT_UPLOADED = 1;
+ UPLOAD_STATUS_PENDING = 2;
+ UPLOAD_STATUS_PENDING_USER_REQUESTED = 3;
+ UPLOAD_STATUS_UPLOADED = 4;
+ }
+
+ // ID as provided by chrome://crashes.
+ optional string remote_id = 1;
+
+ // The timestamp when the crash is captured.
+ // [timestamp] is milliseconds since Epoch in UTC timezone (Java time).
+ optional int64 capture_timestamp = 2;
+
+ // Human readable string that identifies what caused the crash.
+ optional string cause = 3;
+
+ // The upload status of crash report.
+ optional CrashReportUploadStatus upload_status = 4;
+}
+
+// Timezone information for the device. This reflects what set timezone of the
+// device, not necessarily the actual location of the device.
+message TimezoneInfo {
+ // The timezone of the device in POSIX standard. (MST7MDT,M3.2.0,M11.1.0)
+ optional string posix = 1;
+ // The timezone region of the device in the Olsen format (America/Denver).
+ optional string region = 2;
+}
+
+// Memory information for the device.
+message MemoryInfo {
+ // Total memory, in KiB.
+ optional uint32 total_memory_kib = 1;
+ // Free memory, in KiB.
+ optional uint32 free_memory_kib = 2;
+ // Available memory, in KiB.
+ optional uint32 available_memory_kib = 3;
+ // Number of page faults since the last boot.
+ optional uint64 page_faults_since_last_boot = 4;
+}
+
+// Information about the device's backlights.
+message BacklightInfo {
+ // Path to this backlight on the system. Useful if the caller needs to
+ // correlate with other information.
+ optional string path = 1;
+ // Maximum brightness for the backlight.
+ optional uint32 max_brightness = 2;
+ // Current brightness of the backlight, between 0 and max_brightness.
+ optional uint32 brightness = 3;
+}
+
+// Information about the device's fan.
+message FanInfo {
+ // Fan speed in RPM.
+ optional uint32 speed_rpm = 1;
+}
+
+// Information about a device's Bluetooth adapter, which is used to detect and
+// connect to Bluetooth devices.
+message BluetoothAdapterInfo {
+ // The name of the adapter.
+ optional string name = 1;
+ // The MAC address of the adapter.
+ optional string address = 2;
+ // Indicates whether the adapter is on or off.
+ optional bool powered = 3;
+ // The number of devices connected to this adapter.
+ optional uint32 num_connected_devices = 4;
+}
+
+// Information from the device's SMBIOS. This is used to determine
+// info such as the device's vendor and product name/version.
+message SmbiosInfo {
+ optional string sys_vendor = 1;
+ optional string product_name = 2;
+ optional string product_version = 3;
+ optional string bios_version = 4;
+}
+
+// Information about the parameters passed to the kernel.
+message KernelParameters {
+ // True if cros_efi was passed to the kernel.
+ // Used to know if the device was booted via EFI.
+ optional bool cros_efi = 1;
+}
+
+// Information about the device's EFI Variables from efivarfs.
+message EFIVars {
+ // True if Secure Boot is enabled on the device.
+ optional bool secure_boot = 1;
+}
+
+// Information about how the OS was booted. This is information
+// such as boot method and other bios settings
+message BootInfo {
+ enum BootMethod {
+ UNKNOWN = 0;
+ CROS_SECURE = 1;
+ // This field maps to kCrosEfi from cros_healthd.
+ CROS_UEFI = 2;
+ CROS_LEGACY = 3;
+ CROS_EFI_SECURE = 4;
+ }
+ optional BootMethod boot_method = 1;
+
+ // DEPRECATED: secure_boot is deprecated in favor of the
+ // CROS_EFI_SECURE BootMethod value.
+ optional bool secure_boot = 2 [deprecated = true];
+}
+
+// Hardware component bus device classes.
+// Maps to BusDeviceClass from cros_healthd.
+enum BusDeviceClass {
+ DEVICE_CLASS_UNSPECIFIED = 0;
+ DISPLAY_CONTROLLER = 1;
+ ETHERNET_CONTROLLER = 2;
+ WIRELESS_CONTROLLER = 3;
+ BLUETOOTH_ADAPTER = 4;
+ THUNDERBOLT_CONTROLLER = 5;
+}
+
+// Hardware component buses.
+// Maps to BusInfo types from cros_healthd.
+enum BusType {
+ BUS_TYPE_UNSPECIFIED = 0;
+ PCI_BUS = 1;
+ USB_BUS = 2;
+ THUNDERBOLT_BUS = 3;
+}
+
+// Information about a device's network hardware.
+message NetworkAdapterInfo {
+ optional BusDeviceClass device_class = 1;
+ optional BusType bus_type = 2;
+ optional int32 vendor_id = 3;
+ optional string vendor_name = 4;
+ optional int32 device_id = 5;
+ optional string device_name = 6;
+ repeated string driver = 7;
+}
+
+// Information about the list of browsers and profiles that are
+// running and installed on the device in the DeviceStatusReport
+message LaCrOsBrowserReport {
+ // Limited to one user since LaCrosBrowserReport is repeated based on each
+ // user. If multiple lacros user profiles exist, each LaCrOsBrowserReport
+ // message (one per lacros user profile) will contain the same |device_user|.
+ optional DeviceUser device_user = 1;
+ // Group of data regarding the browser and user profile.
+ optional BrowserReport browser_report = 2;
+}
+
+// Information specific to Demo Mode about the device and the demo context.
+message DemoModeDimensions {
+ // Two-letter country code.
+ optional string country = 1;
+ // Name of the retailer whose store the device is running in. Also called
+ // retailer_id elsewhere in some legacy field names.
+ optional string retailer_name = 2;
+ // Retailer-defined number to identify the store that a device is running in.
+ // Also called store_id elsewhere in some legacy field names.
+ optional string store_number = 3;
+ // Device attributes significant to Demo Mode for customization purposes.
+ enum CustomizationFacet {
+ UNDEFINED = 0;
+ CLOUD_GAMING_DEVICE = 1;
+ FEATURE_AWARE_DEVICE = 2;
+ }
+ repeated CustomizationFacet customization_facets = 4;
+}
+
+// Report device level status.
+message DeviceStatusReportRequest {
+ reserved 4, 7, 13, 20;
+
+ // The OS version reported by the device is a platform version
+ // e.g. 1435.0.2011_12_16_1635.
+ optional string os_version = 1;
+ optional string firmware_version = 2;
+
+ // "Verified", "Dev". Same as verified mode.
+ // If the mode is unknown, this field should not be set.
+ optional string boot_mode = 3;
+
+ // The browser version string as shown in the About dialog.
+ // e.g. 17.0.963.18.
+ optional string browser_version = 5;
+
+ // A list of periods when the device was active, aggregated by day by user.
+ repeated ActiveTimePeriod active_periods = 6;
+
+ // List of network interfaces.
+ repeated NetworkInterface network_interfaces = 8;
+
+ // List of recent device users, in descending order by last login time.
+ repeated DeviceUser users = 9;
+
+ // Disk space + other info about mounted/connected volumes.
+ repeated VolumeInfo volume_infos = 10;
+
+ // List of visible/configured networks
+ repeated NetworkState network_states = 11;
+
+ // Samples of CPU utilization (0-100), sampled once every 120 seconds.
+ // Deprecated: Use CpuUtilizationInfo instead.
+ repeated int32 cpu_utilization_pct_samples = 12 [deprecated = true];
+
+ // Total RAM on the device.
+ // To deprecate: Use SystemFreeRamInfo instead.
+ optional int64 system_ram_total = 14;
+
+ // Samples of free RAM [in bytes] (unreliable due to GC).
+ // Deprecated: Use SystemRamFreeInfo instead.
+ repeated int64 system_ram_free_samples = 15 [deprecated = true];
+
+ // Samples of CPU temperatures in Celsius, plus associated labels
+ // identifying which CPU produced the temperature measurement.
+ repeated CPUTempInfo cpu_temp_infos = 16;
+
+ // This field is set only when an OS update is needed because of the required
+ // platform version of an updated kiosk app is different from the current
+ // OS version.
+ optional OsUpdateStatus os_update_status = 17;
+
+ // Set only when there is an auto launched with zero delay Chrome or ARC kiosk
+ // app and it is currently running. Otherwise, this field is empty.
+ optional AppStatus running_kiosk_app = 18;
+
+ // Sound output volume level in range [0,100].
+ optional int32 sound_volume = 19;
+
+ // TPM version information.
+ optional TpmVersionInfo tpm_version_info = 21;
+
+ // Release channel (stable, beta, etc.).
+ optional Channel channel = 22;
+
+ // TPM status information.
+ optional TpmStatusInfo tpm_status_info = 23;
+
+ // Whether hardware write protect switch is on.
+ optional bool write_protect_switch = 24;
+
+ // Status of the power subsystem.
+ optional PowerStatus power_status = 25;
+
+ // Status of the storage subsystem.
+ optional StorageStatus storage_status = 26;
+
+ // Status of various main board components.
+ optional BoardStatus board_status = 27;
+
+ // Information about a system's various non-hardware elements. This includes
+ // information from cached VPD, CrosConfig, and DMI.
+ optional SystemStatus system_status = 28;
+
+ // Stateful Partition Information for user data.
+ optional StatefulPartitionInfo stateful_partition_info = 29;
+
+ // Samples of CPU utilization (0-100), sampled once every 120 seconds.
+ repeated CpuUtilizationInfo cpu_utilization_infos = 30;
+
+ // Samples of free RAM [in bytes] (unreliable due to GC).
+ repeated SystemFreeRamInfo system_ram_free_infos = 31;
+
+ // Information about a devices physical CPU(s).
+ repeated CpuInfo cpu_info = 32;
+
+ // Status of the graphics adapter(s) and display(s).
+ optional GraphicsStatus graphics_status = 33;
+
+ // Information about the crash report(s) generated from the local device.
+ repeated CrashReportInfo crash_report_infos = 34;
+
+ // Information of the device's current timezone.
+ optional TimezoneInfo timezone_info = 35;
+
+ // Information about the device's memory.
+ optional MemoryInfo memory_info = 36;
+
+ // Information about the device's backlights.
+ repeated BacklightInfo backlight_info = 37;
+
+ // Information about the device's fans.
+ repeated FanInfo fan_info = 38;
+
+ // Overall information about the device's CPUs.
+ optional GlobalCpuInfo global_cpu_info = 39;
+
+ // Information about the device's Bluetooth adapters.
+ repeated BluetoothAdapterInfo bluetooth_adapter_info = 40;
+
+ // Information from the device's SMBIOS.
+ optional SmbiosInfo smbios_info = 41;
+
+ // Information about the parameters passed to the kernel.
+ optional KernelParameters kernel_parameters = 42;
+
+ // Information about the device's EFI Variables from efivarfs.
+ optional EFIVars efi_vars = 43;
+
+ // KernelParameters(42) and EFIVars(43) are deprecated
+ // and rolled into BootInfo(44)
+
+ // Information about how the os was booted.
+ optional BootInfo boot_info = 44;
+
+ // Information about the device's network hardware.
+ repeated NetworkAdapterInfo network_adapter_info = 45;
+
+ // Information about LaCrOs
+ repeated LaCrOsBrowserReport lacros_browser_report = 46;
+
+ // Root device size as displayed in the device UI.
+ optional int64 root_device_total_storage_bytes = 47;
+
+ // Flag whether LaCros is the primary browser.
+ optional bool is_lacros_primary_browser = 48;
+
+ // Information specific to Demo Mode about the device and the demo context.
+ // Only included for devices in Demo Mode.
+ optional DemoModeDimensions demo_mode_dimensions = 49;
+}
+
+message OsUpdateStatus {
+ enum UpdateStatus {
+ OS_UP_TO_DATE = 0;
+ OS_IMAGE_DOWNLOAD_NOT_STARTED = 1;
+ OS_IMAGE_DOWNLOAD_IN_PROGRESS = 2;
+ OS_UPDATE_NEED_REBOOT = 3;
+ }
+
+ optional UpdateStatus update_status = 1;
+
+ // New platform version of the os image being downloaded and applied. It
+ // is only set when update status is OS_IMAGE_DOWNLOAD_IN_PROGRESS or
+ // OS_UPDATE_NEED_REBOOT. Note this could be a dummy "0.0.0.0" for
+ // OS_UPDATE_NEED_REBOOT status for some edge cases, e.g. update engine is
+ // restarted without a reboot.
+ optional string new_platform_version = 2;
+
+ // New required platform version from the pending updated kiosk app.
+ optional string new_required_platform_version = 3;
+
+ // The timestamp of the last update check.
+ // [timestamp] is milliseconds since Epoch in UTC timezone (Java time).
+ optional int64 last_checked_timestamp = 4;
+
+ // The timestamp of the last reboot.
+ // [timestamp] is milliseconds since Epoch in UTC timezone (Java time).
+ optional int64 last_reboot_timestamp = 5;
+}
+
+// Provides status information for an installed app/extension.
+message AppStatus {
+ // ID of the installed app/extension for a Chrome app.
+ // Package name for ARC kiosk app.
+ optional string app_id = 1;
+
+ // Currently installed version of the app for a Chrome app.
+ // Empty for ARC kiosk app.
+ optional string extension_version = 2;
+
+ // Self-reported status summary (via chrome.reporting APIs)
+ optional string status = 3;
+
+ // If true, the application is currently in a self-reported error state.
+ optional bool error = 4;
+
+ // App required Chrome version, specified in app’s manifest file.
+ // Empty for ARC kiosk app.
+ optional string required_platform_version = 5;
+}
+
+// Provides all application types information.
+message AppInfo {
+ enum AppType {
+ TYPE_UNKNOWN = 0;
+ TYPE_ARC = 1; // Android app.
+ TYPE_BUILTIN = 2; // Built-in app.
+ TYPE_CROSTINI = 3; // Linux (via Crostini) app.
+ TYPE_EXTENSION = 4; // Extension-backed app.
+ TYPE_WEB = 5; // Web app.
+ TYPE_PLUGINVM = 6; // Plugin VM app.
+ TYPE_BOREALIS = 7; // Borealis app.
+ TYPE_BRUSCHETTA = 8; // Bruschetta app.
+ }
+
+ enum Status {
+ STATUS_UNKNOWN = 0;
+ STATUS_INSTALLED = 1; // Installed and launachable.
+ STATUS_DISABLED = 2; // Disabled or terminated.
+ STATUS_UNINSTALLED = 3; // Uninstalled by user.
+ }
+
+ // ID of the application as defined by the OS, except for web apps, where it
+ // is the start url.
+ optional string app_id = 1;
+
+ // Type of application (Chrome native, extension, Crostini, web app).
+ optional AppType app_type = 2;
+
+ // Name of the application as defined by the OS.
+ optional string app_name = 3;
+
+ // Identify if the app is installed, disabled, or uninstalled.
+ optional Status status = 4;
+
+ // The time the app was installed, if available.
+ optional int64 install_time = 5;
+
+ // Version of the application, if applicable.
+ optional string version = 7;
+
+ // A list of time periods when the app was active. These times are aggregated
+ // per day, are pruned on the device after reporting successfully, and are
+ // stored only for 30 days in the past.
+ repeated TimePeriod active_time_periods = 8;
+}
+
+// LINT.IfChange
+// Provides Android application permission.
+message AndroidAppPermission {
+ // Name of application permission.
+ optional string name = 1;
+
+ // Identify whether the application permission is granted.
+ optional bool granted = 2;
+
+ // Identify whether the application permission is managed.
+ optional bool managed = 3;
+}
+
+// Provides Android application information.
+message AndroidAppInfo {
+ enum AndroidAppStatus {
+ STATUS_UNKNOWN = 0;
+ STATUS_ENABLED = 1;
+ STATUS_SUSPENDED = 2;
+ STATUS_DISABLED = 3;
+ }
+
+ enum InstalledSource {
+ SOURCE_UNKNOWN = 0;
+ SOURCE_BY_ADMIN = 1;
+ SOURCE_BY_USER = 2;
+ SOURCE_NOT_INSTALLED = 3;
+ }
+
+ // ID of the Android application.
+ optional string app_id = 1;
+
+ // Name of the Android application.
+ optional string app_name = 2;
+
+ // Name of the Android application package.
+ optional string package_name = 3;
+
+ // Status of the Android application. It is set as STATUS_SUSPENDED if the
+ // application is suspended by specific policies.
+ optional AndroidAppStatus status = 4;
+
+ // Identify how the Android application is installed.
+ optional InstalledSource installed_source = 5;
+
+ // Package version of the Android application.
+ optional int32 version = 6;
+
+ // Permissions of the Android application.
+ repeated AndroidAppPermission permissions = 7;
+}
+// LINT.ThenChange(//depot/google3/java/com/google/chrome/cros/spanner/devicemanagement/schema/chrome_os.proto)
+
+// Chrome user profile level status.
+// Deprecated : Use ChromeUserProfileInfo instead.
+message ChromeUserProfileReport {
+ // A string to uniquely identify this profile within the browser.
+ optional string id = 1;
+ // A JSON encoded string containing both the “email” and “id” (obfuscated
+ // GaiaID) of the user signed in to the Chrome browser, if any.
+ optional string chrome_signed_in_user = 2;
+ // The list of extensions installed in the browser. This string contains
+ // the json encoded data as returned by the chrome.management.getAll() API.
+ optional string extension_data = 3;
+ // The list of plugins installed in the browser, one plugin name per repeated
+ // string. This string contains the JSON encoded data as returned by
+ // the navigator.plugins .
+ optional string plugins = 4;
+ // The list of browser policies set for this user profile and their sources.
+ // This string contains the json encoded data as generated by the
+ // chrome://policy page “Export to JSON” button.
+ optional string policy_data = 5;
+ // The last time the user level policies where fetched.
+ // [policy_fetched_timestamp] is milliseconds since Epoch in UTC timezone
+ // (Java time). For V1, we may need to rely on the DM server for this info.
+ optional int64 policy_fetched_timestamp = 6;
+ // The number of safe browsing warning pages the user has seen since the last
+ // report was successfully uploaded.
+ optional uint64 safe_browsing_warnings = 7;
+ // The number of safe browsing warning pages the user has clicked through
+ // since the last report was successfully uploaded.
+ optional uint64 safe_browsing_warnings_click_through = 8;
+ // The name of the loaded profile, which was entered by the user when creating
+ // the profile. Empty when in incognito mode.
+ optional string name = 9;
+ // A list of extensions requested for installation.
+ repeated ExtensionRequest extension_requests = 10;
+}
+
+// Sign in information of Profile.
+message ChromeSignedInUser {
+ // The email of the signed in user.
+ optional string email = 1;
+ // The obfuscated GaiaID of the signed in user.
+ optional string obfuscated_gaia_id = 2;
+}
+
+// Extension request information.
+message ExtensionRequest {
+ // ID of the installed app/extension for a Chrome app or extension.
+ optional string id = 1;
+
+ // When the user commits to requesting the extension.
+ // [request_timestamp] is milliseconds since Epoch in UTC timezone
+ // (Java time).
+ optional int64 request_timestamp = 2;
+
+ // User justification describing why the extension is being requested.
+ optional string justification = 3;
+}
+
+// Extension information.
+message Extension {
+ reserved 7, 12;
+
+ // ID of the installed app/extension for a Chrome app or extension.
+ optional string id = 1;
+ // Currently installed version of the extension.
+ optional string version = 2;
+ // The name of the extension.
+ optional string name = 3;
+ // The description of the extension that is provided by extension author.
+ optional string description = 4;
+
+ // The type of extension.
+ enum ExtensionType {
+ TYPE_UNKNOWN = 0;
+ TYPE_EXTENSION = 1;
+ TYPE_HOSTED_APP = 2;
+ TYPE_PACKAGED_APP = 3;
+ TYPE_LEGACY_PACKAGED_APP = 4;
+ TYPE_THEME = 5;
+ TYPE_USER_SCRIPT = 6;
+ TYPE_PLATFORM_APP = 7;
+ TYPE_LOGIN_SCREEN_EXTENSION = 8;
+ TYPE_CHROMEOS_SYSTEM_EXTENSION = 9;
+ }
+ optional ExtensionType app_type = 5;
+
+ // URL of the homepage.
+ optional string homepage_url = 6;
+
+ // The installation source of the extension.
+ enum InstallType {
+ // An extension that is installed by user or installed by default but not
+ // component extension.
+ TYPE_NORMAL = 0;
+ // An extension that is loaded as unpacked extension from chrome extension
+ // page or --load-extension command line switch.
+ TYPE_DEVELOPMENT = 1;
+ // An extension that is loaded from the settings in Window Registry or
+ // a preferences JSON file on Mac and Linux.
+ TYPE_SIDELOAD = 2;
+ // An extension that is loaded from policy settings.
+ TYPE_ADMIN = 3;
+ // Chrome component extension and unknown sources.
+ TYPE_OTHER = 4;
+ }
+ optional InstallType install_type = 8;
+
+ // True if the extension is currently enabled.
+ optional bool enabled = 9;
+
+ // The list of api based permissions the extension requires.
+ repeated string permissions = 10;
+
+ // The list of host based permissions the extension requires.
+ repeated string host_permissions = 11;
+
+ // True if the extension comes from web store.
+ optional bool from_webstore = 13;
+
+ // Manifest version of the extension.
+ optional int32 manifest_version = 14;
+}
+
+// Policy information.
+message Policy {
+ // The name of the policy.
+ optional string name = 1;
+
+ // The level of a policy determines its enforceability and whether users can
+ // override it or not.
+ enum PolicyLevel {
+ LEVEL_UNKNOWN = 0;
+ // Recommended policies are a default value configured by admins and users
+ // can choose to override it.
+ LEVEL_RECOMMENDED = 1;
+
+ // Mandatory policies must be enforced and users can't circumvent them.
+ LEVEL_MANDATORY = 2;
+ }
+ optional PolicyLevel level = 2;
+
+ // The scope of a policy flags whether it's applied to the current user or to
+ // the machine.
+ enum PolicyScope {
+ SCOPE_UNKNOWN = 0;
+ // User policies apply to current Session/Profile if it's cloud policy.
+ // Or apply to current OS user on Windows.
+ SCOPE_USER = 1;
+
+ // Machine policies apply to any users of the current machine.
+ SCOPE_MACHINE = 2;
+ }
+ optional PolicyScope scope = 3;
+
+ // The source of a policy indicates where its value is originating from.
+ enum PolicySource {
+ SOURCE_UNKNOWN = 0;
+ // A policy is set by Chrome when it's running in an
+ // enterprise environment.
+ SOURCE_ENTERPRISE_DEFAULT = 1;
+
+ // A policy is set by Google's cloud management tool.
+ SOURCE_CLOUD = 2;
+
+ // A policy is set by active directory on ChromeOS.
+ SOURCE_ACTIVE_DIRECTORY = 3;
+
+ // A policy is overridden by ChromeOS if it's running in a public session or
+ // kiosk mode.
+ SOURCE_DEVICE_LOCAL_ACCOUNT_OVERRIDE_DEPRECATED = 4;
+
+ // A policy is set by OS built-in tool on desktop.
+ SOURCE_PLATFORM = 5;
+
+ // A policy is set by Google's cloud management tool but has higher
+ // priority.
+ SOURCE_PRIORITY_CLOUD_DEPRECATED = 6;
+
+ // A policy is set by multiple sources and value has been merged.
+ SOURCE_MERGED = 7;
+
+ // A policy is set by command line switch for testing purpose.
+ SOURCE_COMMAND_LINE = 8;
+
+ // A policy is set by Google's cloud management tool in Ash and piped to
+ // Lacros.
+ SOURCE_CLOUD_FROM_ASH = 9;
+
+ // A policy that is set by the restricted managed guest session override.
+ SOURCE_RESTRICTED_MANAGED_GUEST_SESSION_OVERRIDE = 10;
+ }
+ optional PolicySource source = 4;
+
+ // The value of policy.
+ optional string value = 5;
+
+ // The error message of policy.
+ optional string error = 6;
+}
+
+// Extension policy information.
+message ExtensionPolicy {
+ // The id of extension that policies apply to.
+ optional string extension_id = 1;
+
+ // The list of policies that extension currently uses.
+ repeated Policy policies = 2;
+}
+
+// Cloud policy last fetch time.
+message PolicyFetchTimestamp {
+ // The type of cloud policy.
+ // TODO(b/327655459): This field is deprecated, delete once server
+ // side references are all removed.
+ optional string type = 1;
+ // The last time the policies where fetched for the policy type.
+ // [timestamp] is milliseconds since Epoch in UTC timezone (Java time).
+ optional int64 timestamp = 2;
+}
+
+// Chrome user profile level status, used by activated Profiles. Profile name is
+// not listed here as they are in the ChromeUserProfileBasicInfo.
+message ChromeUserProfileInfo {
+ reserved 6;
+
+ // A string to uniquely identify this profile within the browser.
+ optional string id = 1;
+
+ // The name of the profile, which was entered by the user when creating
+ // the profile. Empty when in incognito mode
+ optional string name = 2;
+
+ // Indicates if the profile contains all details. Only active profiles can
+ // upload all needed details, idle profiles only upload |id| and |name|.
+ optional bool is_detail_available = 3;
+
+ // Gaia account information if the Profile is signed in.
+ optional ChromeSignedInUser chrome_signed_in_user = 4;
+
+ // A list of extensions installed in the browser.
+ repeated Extension extensions = 5;
+
+ // A list of extensions requested for installation.
+ repeated ExtensionRequest extension_requests = 10;
+
+ // A list of Chrome browser policies set for this user profile.
+ repeated Policy chrome_policies = 7;
+
+ // A list of extensions' policies set for this user profile. The policies is
+ // only added if the extension is installed.
+ repeated ExtensionPolicy extension_policies = 8;
+
+ // The last time the cloud policies where fetched for each policy type.
+ // Only one policy type which is google/chrome/machine-level-user uploads
+ // timestamp currently. More details in b/132973694
+ repeated PolicyFetchTimestamp policy_fetched_timestamps = 9;
+}
+
+// Report browser level status.
+message BrowserReport {
+ reserved 7;
+
+ // The Chrome browser version, as seen from within Chrome code as opposed to
+ // user agent.
+ optional string browser_version = 1;
+
+ // Release channel (stable, beta, etc.).
+ optional Channel channel = 2;
+
+ // Required. The path to the browser executable so that we can uniquely
+ // identify it.
+ optional string executable_path = 3;
+
+ // Profile specific reports, one per profile.
+ // Deprecated by ChromeUserProfileInfo and only used by old Chrome browser.
+ repeated ChromeUserProfileReport chrome_user_profile_reports = 4;
+
+ // A list of all Profiles that are created in the current browser instance.
+ // Only activated Profiles are able to upload full details while the idle ones
+ // contain id and name only. Please note that some activated Profiles may not
+ // upload full details due to the limitation of the report size.
+ // These details will be uploaded in the following reports.
+ repeated ChromeUserProfileInfo chrome_user_profile_infos = 6;
+
+ // The installed version of the browser if it differs from |browser_version|,
+ // or absent otherwise. When present, it indicates that an update (of a higher
+ // or lower version) has been installed and will be the active version
+ // following a browser restart.
+ optional string installed_browser_version = 8;
+
+ // True for an extended stable channel installation.
+ optional bool is_extended_stable_channel = 9 [default = false];
+}
+
+// Report Operating system related information.
+message OSReport {
+ // A string contains OS name.
+ optional string name = 1;
+
+ // A string contains OS architecture.
+ optional string arch = 2;
+
+ // A string contains OS version.
+ optional string version = 3;
+
+ enum VersionType {
+ UNKNOWN = 0;
+ HOME = 1;
+ PROFESSIONAL = 2;
+ SERVER = 3;
+ ENTERPRISE = 4;
+ EDUCATION = 5;
+ EDUCATION_PRO = 6;
+ }
+
+ optional VersionType version_type = 4;
+}
+
+// Report the status of a Chrome installation on non-Chrome OS platform.
+message ChromeDesktopReportRequest {
+ reserved 10;
+ // The name of the machine within its local network. The string is a JSON
+ // encoded structure with a single computername field.
+ // This field is replaced by computer_name and only used by old Chrome
+ // browser using the JSON legacy browser.
+ // TODO(b/189584065): Remove when usage goes to zero.
+ optional string machine_name = 1 [deprecated = true];
+ // OS info. The string is a an encoded JSON object as returned by
+ // chrome.runtime.getPlatformInfo.
+ // This field is replaced by OSReport and only used by old Chrome browser.
+ optional string os_info = 2;
+ // The user name from the OS point of view. The string is a JSON encoded
+ // structure with a single username field containing "DOMAIN\username".
+ // This field is replaced by os_user_name and only used by old Chrome browser.
+ optional string os_user = 3;
+ // Browser related info.
+ optional BrowserReport browser_report = 4;
+ // The device serial number (this might differ with the client ID, depending
+ // on the platform). Deprecated: Please use
+ // ChromeDesktopReportProtoProcessor.getBrowserDeviceIdentifier().getSerialNumber
+ // to extract the Serial Number from the Report Request.
+ optional string serial_number = 5 [deprecated = true];
+ // A string represents the name of computer. Deprecated: Please use
+ // ChromeDesktopReportProtoProcessor.getBrowserDeviceIdentifier().getSerialNumber
+ // to extract the Computer Name from the Report Request.
+ optional string computer_name = 6 [deprecated = true];
+ // Operating system related information.
+ optional OSReport os_report = 7;
+ // A string contains OS user name.
+ optional string os_user_name = 8;
+ // Device identifier for helping identify non-Chrome OS devices.
+ // TODO(crbug.com/40706071): This will also replace the computer_name and
+ // serial_number fields.
+ optional BrowserDeviceIdentifier browser_device_identifier = 9;
+ // Public key that can be used for attesting the machine.
+ optional string machine_attestation_key = 11;
+ // A string that represents the device model.
+ optional string device_model = 12;
+ // A string that represents the brand/manufacturer of a device.
+ optional string brand_name = 13;
+}
+
+// Report user level status on Chrome OS platform. Chrome OS equivalent of
+// ChromeDesktopReportRequest.
+message ChromeOsUserReportRequest {
+ reserved 3;
+ // Browser related info.
+ optional BrowserReport browser_report = 1;
+ // Android applications installed in primary profile.
+ repeated AndroidAppInfo android_app_infos = 2;
+}
+
+// Report user level status on all platforms. It includes the information of the
+// profile that user has signed in plus some basic browser and OS information.
+message ChromeProfileReportRequest {
+ // Browser related info
+ optional BrowserReport browser_report = 1;
+
+ // Basic OS information
+ optional OSReport os_report = 2;
+}
+
+// A validation issue from validating a policy value that was contained in
+// the payload of the policy fetch response.
+message PolicyValueValidationIssue {
+ // Policy name of the faulty value.
+ optional string policy_name = 1;
+
+ // LINT.IfChange
+ enum ValueValidationIssueSeverity {
+ // Default value for when a severity is not specified.
+ VALUE_VALIDATION_ISSUE_SEVERITY_UNSPECIFIED = 0;
+
+ // This result is a warning. The policy blob has not been rejected.
+ VALUE_VALIDATION_ISSUE_SEVERITY_WARNING = 1;
+
+ // This result is an error. The policy blob was rejected completely and not
+ // updated on the device.
+ VALUE_VALIDATION_ISSUE_SEVERITY_ERROR = 2;
+ }
+ // LINT.ThenChange(//depot/google3/chrome/cros/reporting/api/proto/policy_validation_report.proto)
+
+ // Severity of this policy value validation result.
+ optional ValueValidationIssueSeverity severity = 2;
+
+ // Message containing detailed information about the value validation warning
+ // or error (e.g. type and specific location). This message is intended as
+ // debug information for developers (not localized).
+ optional string debug_message = 3;
+}
+
+// This message is used to upload the result of cloud policy validation after a
+// PolicyFetchRequest.
+message PolicyValidationReportRequest {
+ // |policy_type| sent in PolicyFetchRequest on the request which
+ // returned policy with validation errors.
+ optional string policy_type = 1;
+
+ // |policy_token| from the PolicyFetchResponse. This is used to identify the
+ // specific policy fetch event that triggered this validation report.
+ optional string policy_token = 2;
+
+ // Specifies the result type of the validation.
+ // Each enum value can correspond to one of three client behaviors (noted as
+ // 'Client behavior' in the comment for each enum value):
+ // - Unknown:
+ // It is not known if the fetched policy blob was accepted or rejected.
+ // - Policy blob accepted:
+ // The client has accepted and applied the fetched policy blob.
+ // - Policy blob rejected:
+ // The client has completely rejected the fetched policy blob.
+ // LINT.IfChange
+ enum ValidationResultType {
+ // An enum value was received which is not known in this version of the
+ // proto.
+ // Client behavior: Unknown.
+ VALIDATION_RESULT_TYPE_ERROR_UNSPECIFIED = 0;
+ // Policy validated successfully.
+ // Client behavior: Policy blob accepted.
+ // Note: This result is here for completeness, the client will not send
+ // reports with this enum value.
+ VALIDATION_RESULT_TYPE_SUCCESS = 1;
+ // Bad signature on the initial key.
+ // Client behavior: Policy blob rejected.
+ VALIDATION_RESULT_TYPE_BAD_INITIAL_SIGNATURE = 2;
+ // Bad signature.
+ // Client behavior: Policy blob rejected.
+ VALIDATION_RESULT_TYPE_BAD_SIGNATURE = 3;
+ // Policy blob contains error code.
+ // Client behavior: Policy blob rejected.
+ VALIDATION_RESULT_TYPE_ERROR_CODE_PRESENT = 4;
+ // Policy payload failed to decode.
+ // Client behavior: Policy blob rejected.
+ VALIDATION_RESULT_TYPE_PAYLOAD_PARSE_ERROR = 5;
+ // Unexpected policy type.
+ // Client behavior: Policy blob rejected.
+ VALIDATION_RESULT_TYPE_WRONG_POLICY_TYPE = 6;
+ // Unexpected settings entity id.
+ // Client behavior: Policy blob rejected.
+ VALIDATION_RESULT_TYPE_WRONG_SETTINGS_ENTITY_ID = 7;
+ // Timestamp is missing or is older than the timestamp of the previous
+ // policy.
+ // Client behavior: Policy blob rejected.
+ VALIDATION_RESULT_TYPE_BAD_TIMESTAMP = 8;
+ // DMToken is empty or doesn't match.
+ // Client behavior: Policy blob rejected.
+ VALIDATION_RESULT_TYPE_BAD_DM_TOKEN = 9;
+ // Device id is empty or doesn't match.
+ // Client behavior: Policy blob rejected.
+ VALIDATION_RESULT_TYPE_BAD_DEVICE_ID = 10;
+ // Username doesn't match.
+ // Client behavior: Policy blob rejected.
+ VALIDATION_RESULT_TYPE_BAD_USER = 11;
+ // Policy payload protobuf parse error.
+ // Client behavior: Policy blob rejected.
+ VALIDATION_RESULT_TYPE_POLICY_PARSE_ERROR = 12;
+ // Policy key signature could not be verified using the hard-coded
+ // verification key.
+ // Client behavior: Policy blob rejected.
+ VALIDATION_RESULT_TYPE_BAD_KEY_VERIFICATION_SIGNATURE = 13;
+ // There were validation warnings during validation of policy values in the
+ // payload. See |policy_value_validation_results|.
+ // Client behavior: Policy blob accepted.
+ VALIDATION_RESULT_TYPE_VALUE_WARNING = 14;
+ // There were validation errors during validation of policy values in the
+ // payload. There may also have been warnings. See
+ // |policy_value_validation_results| - that list will contain at least one
+ // payload validation errors, and zero or more payload validation warnings.
+ // Client behavior: Policy blob rejected.
+ VALIDATION_RESULT_TYPE_VALUE_ERROR = 15;
+ }
+ // LINT.ThenChange(//depot/google3/chrome/cros/reporting/api/proto/policy_validation_report.proto)
+
+ // The validation result.
+ optional ValidationResultType validation_result_type = 3;
+
+ // Value validation issues in the policy payload. Will be filled if
+ // |validation_result_type| is VALIDATION_RESULT_TYPE_VALUE_WARNING
+ // or VALIDATION_RESULT_TYPE_VALUE_ERROR.
+ repeated PolicyValueValidationIssue policy_value_validation_issues = 4;
+}
+
+// Response from DMServer to a policy validation report.
+message PolicyValidationReportResponse {}
+
+message AndroidStatus {
+ // JSON string of ARC status report.
+ optional string status_payload = 1;
+ // DroidGuard response obtained from DroidGuard server.
+ optional string droid_guard_info = 2;
+}
+
+enum CrostiniAppType {
+ // The default terminal App.
+ CROSTINI_APP_TYPE_TERMINAL = 0;
+ // A registered interactive Crostini App which is
+ // not the default terminal app.
+ CROSTINI_APP_TYPE_INTERACTIVE = 1;
+ // Detected non-registered container applications.
+ CROSTINI_APP_TYPE_OTHER = 2;
+}
+
+message CrostiniApp {
+ // The default display name of the App.
+ optional string app_name = 1;
+ // The type of the App.
+ optional CrostiniAppType app_type = 2;
+
+ // Time stamp of last launch of the App with a three day granularity.
+ // The timestamp is milliseconds since Epoch in UTC timezone (Java time).
+ optional int64 last_launch_time_window_start_timestamp = 3;
+
+ // If available, the name of the Debian package belonging to this App.
+ optional string package_name = 4;
+ // If available, the version of the Debian package belonging to this App.
+ optional string package_version = 5;
+ // If available, a hash of the package belonging to this App.
+ optional string package_hash = 6;
+}
+
+message CrostiniStatus {
+ // Time stamp of last launch of a Crostini app with three day granularity,
+ // The timestamp is milliseconds since Epoch in UTC timezone (Java time).
+ optional int64 last_launch_time_window_start_timestamp = 1;
+
+ // The VM image version at the time of the last launch.
+ optional string last_launch_vm_image_version = 2;
+ // The VM kernel version at the time of the last launch.
+ optional string last_launch_vm_kernel_version = 3;
+
+ // Contains information about each installed app at the time of the
+ // report.
+ repeated CrostiniApp installed_apps = 4;
+}
+
+// Report current active session (a user on one device) level status.
+message SessionStatusReportRequest {
+ reserved 1, 2, 3, 6;
+
+ // If this is a kiosk session, this is the device local account ID.
+ optional string device_local_account_id = 4;
+
+ // Information about kiosk app for kiosk session.
+ repeated AppStatus installed_apps = 5;
+
+ // Information about ARC status.
+ optional AndroidStatus android_status = 7;
+
+ // If this is a regular user session, this is the user's DMToken.
+ optional string user_dm_token = 8;
+
+ // Time zone id of the active user. Not set for enterprise users.
+ // Format of the id is as specified in tz database e.g. Pacific/Honolulu. For
+ // more details check third_party/icu/source/i18n/unicode/timezone.h.
+ optional string time_zone = 9;
+
+ // Information about Crostini status.
+ optional CrostiniStatus crostini_status = 10;
+
+ // Information about all applications for this user on this device, including
+ // uninstalled and disabled apps.
+ repeated AppInfo app_infos = 11;
+}
+
+// Response from DMServer to update devices' status.
+// It is possible that status report fails but policy request succeed. In such
+// case, the DeviceStatusReportResponse will contain an error code and the
+// device should re-send status report data in the next policy request. The
+// device should re-send report data if policy request fails, even if
+// DeviceStatusReportResponse contains no error code.
+message DeviceStatusReportResponse {
+ optional int32 error_code = 1;
+
+ // Human readable error message for customer support purpose.
+ optional string error_message = 2;
+}
+
+// Response from DMServer to a Chrome desktop report request. The report
+// upload errors will be set in the containing DeviceManagementResponse or
+// eventually at the HTTP level.
+message ChromeDesktopReportResponse {}
+
+// Response from DMServer to a ChromeOS user report request. The report
+// upload errors will be set in the containing DeviceManagementResponse or
+// eventually at the HTTP level.
+message ChromeOsUserReportResponse {}
+
+// Response from DMServer to a profile report request. The report
+// upload errors will be set in the containing DeviceManagementResponse or
+// eventually at the HTTP level.
+message ChromeProfileReportResponse {}
+
+// Response from DMServer to update user devices' status.
+// It is possible that status report fails but policy request succeed. In such
+// case, the SessionStatusReportResponse will contain an error code and the
+// device should re-send status report data in the next policy request. The
+// device should re-send report data if policy request fails, even if
+// SessionStatusReportResponse contains no error code.
+message SessionStatusReportResponse {
+ optional int32 error_code = 1;
+
+ // Human readable error message for customer support purpose.
+ optional string error_message = 2;
+}
+
+// Request from client to query device state using Private Set Membership (PSM).
+// Please see go/cros-enterprise-psm and go/cros-client-psm for more details.
+message PrivateSetMembershipRequest {
+ // A request proto from the RLWE PSM protocol.
+ optional PrivateSetMembershipRlweRequest rlwe_request = 1;
+}
+
+message PrivateSetMembershipResponse {
+ // A response proto from the RLWE PSM protocol.
+ optional PrivateSetMembershipRlweResponse rlwe_response = 1;
+}
+
+message PrivateSetMembershipRlweRequest {
+ // First request sent by the client for checking membership.
+ optional private_membership.rlwe.PrivateMembershipRlweOprfRequest
+ oprf_request = 1;
+
+ // Second request sent by the client for checking membership.
+ optional private_membership.rlwe.PrivateMembershipRlweQueryRequest
+ query_request = 2;
+}
+
+message PrivateSetMembershipRlweResponse {
+ // First response sent by the server for checking membership.
+ optional private_membership.rlwe.PrivateMembershipRlweOprfResponse
+ oprf_response = 1;
+
+ // Second response sent by the server for checking membership.
+ optional private_membership.rlwe.PrivateMembershipRlweQueryResponse
+ query_response = 2;
+}
+
+// Request from device to server to determine whether the device should
+// go through enterprise enrollment. Unlike the other requests, this request is
+// not authenticated.
+message DeviceAutoEnrollmentRequest {
+ // Device identifier hash, mod |modulus|.
+ // The type of the device identifier hash depends on |enrollment_check_type|.
+ // If |modulus| is 1, |remainder| should be 0.
+ // |remainder| should always be present.
+ optional int64 remainder = 1;
+
+ // Modulus of the hash used by the client. For now, it is a power of 2, but
+ // due to the strict constraint on how many serial numbers a bucket can
+ // contain, it may become non power of 2. If that happens, client-side needs
+ // to change its assumption.
+ // |modulus| should always be present, but setting |modulus| to 1 means that
+ // no bits of the client's hash are uploaded. |remainder| should be 0 in this
+ // case.
+ optional int64 modulus = 2;
+
+ enum EnrollmentCheckType {
+ // Unspecified.
+ ENROLLMENT_CHECK_TYPE_UNSPECIFIED = 0;
+ // Forced Re-Enrollment check with full SHA-256 hashes of the
+ // server-backed state key.
+ ENROLLMENT_CHECK_TYPE_FRE = 1;
+ // Forced Enrollment check with SHA-256 hashes of (brand code + “_” + serial
+ // number), truncated to first 8 bytes each.
+ ENROLLMENT_CHECK_TYPE_FORCED_ENROLLMENT = 2;
+ }
+
+ // Specifies the type of auto enrollment check that is being made.
+ // This also defines the format of the device identifier hash used in this
+ // exchange.
+ optional EnrollmentCheckType enrollment_check_type = 3
+ [default = ENROLLMENT_CHECK_TYPE_FRE];
+}
+
+// Response from server to auto-enrollment detection request.
+message DeviceAutoEnrollmentResponse {
+ // If this field is present, the other fields are ignored and the client
+ // should send a new DeviceAutoEnrollmentRequest with a |remainder|
+ // computed using this new |expected_modulus|. If this field is empty, the
+ // client's request was accepted.
+ // DMServer guarantees that if the modulus sent by client in
+ // DeviceAutoEnrollmentRequest matches server's expectation, this field
+ // is unset.
+ optional int64 expected_modulus = 1;
+
+ // List of hashes. If the client's hash matches any in this list, the
+ // client device should do enterprise enrollment. If it matches none,
+ // enrollment should be optional.
+ // The format of each entry depends on the |enrollment_check_type| that was
+ // set in the DeviceAutoEnrollmentRequest.
+ repeated bytes hashes = 2;
+}
+
+// Sent by the client to the server. This request is keyed by the opaque
+// server-backed state key, (optionally) serial number and RLZ brand code; there
+// is no further authentication.
+//
+// This message can be used for secondary state determination by managed devices
+// after a hard reset to recover state. In this case, the client only sets the
+// `server_backed_state_key`. The device management server keeps a mapping of
+// this identifier to device state. In case device has been deprovisioned, the
+// server also performs initial enrollment check using the serial number and
+// brand code stored in device state from previous enrollment.
+//
+// It is also used for unified state determination, which replaces both initial
+// and secondary state enrollment. In this case, this request can also be sent
+// by brand new devices and the server would not know their serial number and
+// brand code, hence the values are supplied as part of the request.
+//
+// Another device state retrieval scenario is Flex Auto Enrollment initial
+// state determination, in which case the Flex enrollment token is included
+// (along with brand code and serial number) to retrieve token-keyed state
+// from the server.
+message DeviceStateRetrievalRequest {
+ // Opaque, client-determined, unpredictable, stable and unique device
+ // identifier to retrieve state for. This field contains 32 bytes of data that
+ // looks essentially random to the server. It may be generated e.g. by running
+ // a concatenation of suitable device identifiers through a cryptographic hash
+ // algorithm such as SHA-256.
+ optional bytes server_backed_state_key = 1;
+
+ // The serial number of the device.
+ optional string serial_number = 2;
+
+ // The 4-character brand code of the device.
+ optional string brand_code = 3;
+
+ // The enrollment token for Flex Auto Enrollment.
+ optional string enrollment_token = 4;
+}
+
+// Sent by the client to the server when in registered state to update the
+// device-determined device state keys.
+message DeviceStateKeyUpdateRequest {
+ // The client-determined state keys. To the server, these look like 32 bytes
+ // of random data. The client should generate these keys using a deterministic
+ // algorithm that takes stable device identifiers as an input and produces a
+ // key as the output, possibly by running the identifiers through a
+ // cryptographic hash function such as SHA-256.
+ repeated bytes server_backed_state_keys = 1;
+}
+
+// Server to client message carrying the device state response. Because the
+// request is not authenticated, the only protection against state extraction
+// from server is the unpredictability of the server-backed state ID. Thus, the
+// response should not contain any sensitive data. If the server doesn't know
+// the requested identifier, it just returns a message with restore_mode set to
+// RESTORE_MODE_NONE.
+message DeviceStateRetrievalResponse {
+ // Restorative action to take after device reset.
+ enum RestoreMode {
+ // No secondary state restoration.
+ RESTORE_MODE_NONE = 0;
+ // Enterprise enrollment requested, but user may skip.
+ RESTORE_MODE_REENROLLMENT_REQUESTED = 1;
+ // Enterprise enrollment is enforced and cannot be skipped.
+ RESTORE_MODE_REENROLLMENT_ENFORCED = 2;
+ // The device has been disabled by its owner. The device will show a warning
+ // screen and prevent the user from proceeding further.
+ RESTORE_MODE_DISABLED = 3;
+ // Enterprise enrollment is enforced using Zero-Touch and cannot be skipped.
+ RESTORE_MODE_REENROLLMENT_ZERO_TOUCH = 4;
+ }
+ // The server-indicated restore mode.
+ optional RestoreMode restore_mode = 1 [default = RESTORE_MODE_NONE];
+
+ // Primary domain the device is associated with.
+ optional string management_domain = 2;
+
+ // State that is relevant only when the |restore_mode| is
+ // |RESTORE_MODE_DISABLED|.
+ optional DisabledState disabled_state = 3;
+
+ // Initial device state if |restore_mode| is |RESTORE_MODE_NONE|.
+ optional DeviceInitialEnrollmentStateResponse initial_state_response = 4;
+
+ // license type the device used in last enrollment
+ optional LicenseType license_type = 5;
+}
+
+// Request from device to server to retrieve the enrollment mode and domain for
+// this device. The client will use this request when the
+// DeviceAutoEnrollmentRequest exchange with |enrollment_check_type| set to
+// |ENROLLMENT_CHECK_TYPE_FORCED_ENROLLMENT| indicated that it should be
+// enrolled. This request is not authenticated.
+message DeviceInitialEnrollmentStateRequest {
+ // The serial number of the device.
+ optional string serial_number = 1;
+
+ // The 4-character brand code of the device.
+ optional string brand_code = 2;
+
+ // The enrollment token for Flex Auto Enrollment.
+ optional string enrollment_token = 3;
+}
+
+// Response from server DeviceInitialEnrollmentStateRequest.
+message DeviceInitialEnrollmentStateResponse {
+ // Initial action to take after OOBE.
+ enum InitialEnrollmentMode {
+ // No initial enrollment.
+ INITIAL_ENROLLMENT_MODE_NONE = 0;
+ // Enterprise enrollment is enforced and cannot be skipped.
+ INITIAL_ENROLLMENT_MODE_ENROLLMENT_ENFORCED = 1;
+ // Zero-Touch (attestation-based) enrollment is enforced and cannot be
+ // skipped.
+ INITIAL_ENROLLMENT_MODE_ZERO_TOUCH_ENFORCED = 2;
+ // The device has been disabled by its owner. The device will show a warning
+ // screen and prevent the user from proceeding further.
+ INITIAL_ENROLLMENT_MODE_DISABLED = 3;
+ // Token-based enrollment is enforced and cannot be skipped.
+ INITIAL_ENROLLMENT_MODE_TOKEN_ENROLLMENT_ENFORCED = 4;
+ }
+
+ // The server-indicated initial enrollment mode.
+ optional InitialEnrollmentMode initial_enrollment_mode = 1
+ [default = INITIAL_ENROLLMENT_MODE_NONE];
+
+ // The domain the device should be enrolled into.
+ optional string management_domain = 2;
+
+ // Whether the device comes packaged with a license or not.
+ optional bool is_license_packaged_with_device = 3;
+
+ // State that is relevant only when the |initial_enrollment_mode| is
+ // |INITIAL_ENROLLMENT_MODE_DISABLED|.
+ optional DisabledState disabled_state = 4;
+
+ // License Packaging SKU type.
+ // LINT.IfChange
+ enum LicensePackagingSKU {
+ // Not a License Packaged Device.
+ NOT_EXIST = 0;
+ // Enterprise SKU.
+ CHROME_ENTERPRISE = 1;
+ // Education SKU.
+ CHROME_EDUCATION = 2;
+ // Terminal SKU
+ CHROME_TERMINAL = 3;
+ }
+ // LINT.ThenChange(//depot/google3/google/chrome/licensepackaging/v1/service.proto)
+
+ // SKU Type for License Packaged Device.
+ optional LicensePackagingSKU license_packaging_sku = 5;
+
+ // Assigned upgrade type. See: go/zte-sku-consumption and go/cros-kiosk-prd
+ // LINT.IfChange(AssignedUpgradeTypeChange)
+ enum AssignedUpgradeType {
+ // Unspecified
+ ASSIGNED_UPGRADE_TYPE_UNSPECIFIED = 0;
+ // Chrome Enterprise Upgrade (CEU)
+ ASSIGNED_UPGRADE_TYPE_CHROME_ENTERPRISE = 1;
+ // Kiosk & Signage Upgrade (KSU)
+ ASSIGNED_UPGRADE_TYPE_KIOSK_AND_SIGNAGE = 2;
+ }
+ // LINT.ThenChange(//depot/google3/java/com/google/chrome/cros/spanner/devicemanagement/schema/enrollment.proto:AssignedUpgradeTypeChange)
+
+ optional AssignedUpgradeType assigned_upgrade_type = 6;
+}
+
+// Sent by the client to the server to pair the Host device with the Controller
+// device. The HTTP request contains an end-user OAuth token and only succeeds
+// if both Host and Controller devices belong to the end-user domain.
+message DevicePairingRequest {
+ // The device ID of the Host device.
+ optional string host_device_id = 1;
+
+ // The device ID of the Controller device.
+ optional string controller_device_id = 2;
+}
+
+// Response from the server to the device pairing request.
+message DevicePairingResponse {
+ // The client should check HTTP status code first. If HTTP status code is not
+ // 200 (e.g. 500 internal error), then it means the pairing fails. If HTTP
+ // status code is 200, then the client should check the status code within the
+ // response.
+ enum StatusCode {
+ SUCCESS = 0;
+
+ // A generic failure code for pairing.
+ FAILED = 1;
+
+ // The Host device cannot be found in the user's domain.
+ HOST_DEVICE_NOT_FOUND = 2;
+
+ // The Controller device cannot be found in the user's domain.
+ CONTROLLER_DEVICE_NOT_FOUND = 3;
+
+ // The Host device is deprovisioned.
+ HOST_DEVICE_DEPROVISIONED = 4;
+
+ // The Controller device is deprovisioned.
+ CONTROLLER_DEVICE_DEPROVISIONED = 5;
+ }
+
+ optional StatusCode status_code = 1 [default = FAILED];
+}
+
+// Sent by the client to the server to check if the devices are paired. The HTTP
+// request contains controller service account OAuth token as well as the
+// DMToken from the Host device.
+message CheckDevicePairingRequest {
+ // The device ID of the Host device.
+ optional string host_device_id = 1;
+
+ // The device ID of the Controller device.
+ optional string controller_device_id = 2;
+}
+
+// Response from the server to the check device pairing request.
+message CheckDevicePairingResponse {
+ // The client should check HTTP status code first. If HTTP status code is not
+ // 200 (e.g. 500 internal error), then it means the pairing status is unknown.
+ // If HTTP status code is 200, then the client should check the status code
+ // within the response.
+ enum StatusCode {
+ PAIRED = 0;
+
+ // The Host and Controller devices are not paired.
+ NOT_PAIRED = 1;
+
+ // The Host device cannot be found in the Host device domain.
+ HOST_DEVICE_NOT_FOUND = 2;
+
+ // The Controller device cannot be found in the Host device domain.
+ CONTROLLER_DEVICE_NOT_FOUND = 3;
+
+ // The Host device is deprovisioned.
+ HOST_DEVICE_DEPROVISIONED = 4;
+
+ // The Controller device is deprovisioned.
+ CONTROLLER_DEVICE_DEPROVISIONED = 5;
+
+ // Invalid controller identity.
+ INVALID_CONTROLLER_DEVICE_IDENTITY = 6;
+ }
+
+ optional StatusCode status_code = 1 [default = NOT_PAIRED];
+}
+
+// This protobuf defines a single remote command from server to client for
+// execution.
+message RemoteCommand {
+ // The names are used as part of metric names. If enumeration is updated
+ // the names should also be updated:
+ // - components/policy/core/common/cloud/enterprise_metrics.cc;
+ // - components/policy/core/common/remote_commands/remote_commands_service.cc;
+ // - Enterprise.RemoteCommandType in
+ // tools/metrics/histograms/metadata/enterprise/histograms.xml;
+ enum Type {
+ // Simple echo command for testing, will be ignored in production code.
+ COMMAND_ECHO_TEST = -1;
+
+ // Reboot the device.
+ DEVICE_REBOOT = 0;
+
+ // Take a screenshot.
+ DEVICE_SCREENSHOT = 1;
+
+ // Set device volume.
+ DEVICE_SET_VOLUME = 2;
+
+ // Force a refresh of device status (attributes and logs).
+ DEVICE_FETCH_STATUS = 3;
+
+ // Forwards a user command received from the management server to the ARC++
+ // side. The payload is opaque to Chrome OS.
+ USER_ARC_COMMAND = 4;
+
+ // Wipe all the users off of the device.
+ DEVICE_WIPE_USERS = 5;
+
+ // Start Chrome Remote Desktop session.
+ DEVICE_START_CRD_SESSION = 6;
+
+ // Wipe the device (perform a powerwash).
+ DEVICE_REMOTE_POWERWASH = 7;
+
+ // Refresh the device machine certificate and re-upload it.
+ DEVICE_REFRESH_ENTERPRISE_MACHINE_CERTIFICATE = 8;
+
+ // Retrieve a list of available diagnostics routines.
+ DEVICE_GET_AVAILABLE_DIAGNOSTIC_ROUTINES = 9;
+
+ // Run a given diagnostics routine on the platform.
+ DEVICE_RUN_DIAGNOSTIC_ROUTINE = 10;
+
+ // Send a command or get an update from an existing diagnostics routine.
+ DEVICE_GET_DIAGNOSTIC_ROUTINE_UPDATE = 11;
+
+ // Clear the cache and cookies associated with a given profile.
+ BROWSER_CLEAR_BROWSING_DATA = 12;
+
+ // Reset the cellular EUICC (Embedded Universal Integrated Circuit Card) on
+ // the device.
+ DEVICE_RESET_EUICC = 13;
+
+ // Rotates the attestation credentials associated with a browser device.
+ BROWSER_ROTATE_ATTESTATION_CREDENTIAL = 14;
+
+ // Fetch information that determines the availability of CRD on the device.
+ FETCH_CRD_AVAILABILITY_INFO = 15;
+
+ // Fetch the logs from the Support Tool on managed ChromeOS devices.
+ FETCH_SUPPORT_PACKET = 16;
+
+ // Please update metrics after adding a new item - see the comment above.
+ }
+
+ // The command type.
+ optional Type type = 1;
+
+ // An opaque unique identifier for the command. The client processes
+ // the commands in the order of the command list it receives.
+ optional int64 command_id = 2;
+
+ // The age of the command (in milliseconds) when it is sent from server to
+ // client, defined as current_server_time - command_generated_time.
+ optional int64 age_of_command = 3;
+
+ // Extra parameters for this command, expected to be a JSON string. The exact
+ // format of the JSON payload depends on the command type specified by the
+ // |type| field:
+ // |DEVICE_SCREENSHOT|: {"fileUploadUrl" : url_string}.
+ // |DEVICE_SET_VOLUME|: {"volume": volume_value}, where volume_value must be
+ // an integer between 0 and 100.
+ // |DEVICE_RUN_DIAGNOSTIC_ROUTINE|: {"routine" : routine_enum, "params" :
+ // params_dict}, where params_dict varies by routine.
+ // |DEVICE_GET_DIAGNOSTIC_ROUTINE_UPDATE|: {"id" : id_integer, "command" :
+ // command, "includeOutput" : include_output_bool}, where command must be a
+ // valid `ash::cros_healthd::mojom::DiagnosticRoutineCommandEnum`.
+ // |DEVICE_REBOOT|: {"user_session_delay_s": delay_integer}, where delay value
+ // represents seconds until reboot in user session.
+ // |FETCH_SUPPORT_PACKET|:
+ // {"supportPacketDetails":{ "issueCaseId": optional_support_case_id_string,
+ // "issueDescription": optional_issue_description_string,
+ // "requestedDataCollectors": [<list of `support_tool::DataCollectorType`
+ // enums>], "requestedPiiTypes": [<list of `support_tool::PiiType` enums>]}}
+ optional string payload = 4;
+
+ // An identifier for the target this command is for. This is the same as
+ // the device_id in PolicyData. We rely on this identifier not being stable
+ // across powerwashes.
+ optional string target_device_id = 5;
+}
+
+// This protobuf defines the execution result of a single remote command
+// which will be sent back to the server.
+message RemoteCommandResult {
+ // If you change this, update policy.mojom/CommandResultType.
+ enum ResultType {
+ RESULT_IGNORED = 0; // The command was ignored as obsolete.
+ RESULT_FAILURE = 1; // The command could not be executed or parsed.
+ RESULT_SUCCESS = 2; // The command was successfully executed. Commands
+ // such as powerwash will return success before they
+ // are executed since state will be forgotten.
+ }
+
+ // The result of the command.
+ optional ResultType result = 1;
+
+ // The opaque unique identifier of the command. This value is copied from the
+ // RemoteCommand protobuf that contained the command.
+ optional int64 command_id = 2;
+
+ // The timestamp representing time at which the command was executed, if the
+ // result is RESULT_SUCCESS. The timestamp is milliseconds since Epoch in UTC
+ // timezone (Java time).
+ optional int64 timestamp = 3;
+
+ // Extra information sent to server as result of execution, expected to be a
+ // JSON string.
+ optional string payload = 4;
+}
+
+message DeviceRemoteCommandRequest {
+ // The command ID of the last command received from the server until
+ // now. Omitted if no commands have been received yet.
+ optional int64 last_command_unique_id = 1;
+
+ // The execution results of previously fetched commands.
+ // The client should send back a command result whenever possible.
+ repeated RemoteCommandResult command_results = 2;
+
+ // Whether the server should send secure commands or not.
+ optional bool send_secure_commands = 3;
+
+ // What type of signature to use. Only valid if send_secure_commmands is true.
+ // If NONE is passed, SHA1_RSA will be used instead for compatibility.
+ optional PolicyFetchRequest.SignatureType signature_type = 4;
+
+ // A string that represents the type of RemoteCommands that need to be
+ // fetched. This type helps the server redirect the request to different
+ // handlers.
+ optional string type = 5;
+}
+
+message DeviceRemoteCommandResponse {
+ // The queue of pending, non secure commands. If this is present then there
+ // shall be no secure commands in this response (and vice versa).
+ repeated RemoteCommand commands = 1;
+
+ // The queue of pending, secure commands. If this is present then there shall
+ // be no non secure commands in this response (and vice versa).
+ //
+ // The secure_commands.data field contains a serialized PolicyData with a
+ // “google/chromeos/remotecommand” policy_type. The secure_commands.signature
+ // field is a signature of the data field with the policy key for the domain
+ // the device belongs to.
+ repeated SignedData secure_commands = 2;
+}
+
+// Sent by the client to the server to check if the current user or device is
+// allowed to update attributes (asset id and location). The HTTP request
+// can contain an end-user OAuth token or a device DMToken.
+message DeviceAttributeUpdatePermissionRequest {}
+
+// Response from the server specifying whether the current user or device is
+// allowed to update attributes (asset id and location).
+message DeviceAttributeUpdatePermissionResponse {
+ enum ResultType {
+ ATTRIBUTE_UPDATE_DISALLOWED = 0;
+ ATTRIBUTE_UPDATE_ALLOWED = 1;
+ }
+
+ optional ResultType result = 1;
+}
+
+// Sent by the client to the server to update device attributes (asset id and
+// location). The HTTP request can contain an end-user OAuth token or a device
+// DMToken.
+message DeviceAttributeUpdateRequest {
+ // The user-generated asset identifier.
+ optional string asset_id = 1;
+
+ // The user input device location.
+ optional string location = 2;
+}
+
+// Response from the server to update device attributes (asset id and location).
+message DeviceAttributeUpdateResponse {
+ enum ResultType {
+ ATTRIBUTE_UPDATE_ERROR = 0;
+ ATTRIBUTE_UPDATE_SUCCESS = 1;
+ }
+
+ optional ResultType result = 1;
+}
+
+// Sent by the client to server to update the mapping from GCM id to device_id
+// on the server side.
+message GcmIdUpdateRequest {
+ optional string gcm_id = 1;
+}
+
+// Response for GcmIdUpdateRequest, an empty message for now.
+message GcmIdUpdateResponse {}
+
+// Request from device to server to check for Android-for-Work service with
+// DPC enforcement. Must be sent only for users who are not managed in Chrome
+// OS.
+// Provide user's OAuth token with your HTTP Request.
+message CheckAndroidManagementRequest {}
+
+// Response from server to device for check for Android-for-Work service with
+// DPC enforcement request.
+// SC_CONFLICT HTTP code is returned if DPC enforcement is required.
+message CheckAndroidManagementResponse {}
+
+// Request to register a new device (authenticated by enterprise enrollment
+// certificate). See http://go/zero-touch-chrome for details.
+// The response message will be the DeviceRegisterResponse.
+message CertificateBasedDeviceRegisterRequest {
+ // Signed request to register with a certificate. The signed_request.data
+ // field contains a CertificateBasedDeviceRegistrationData with a nonce
+ // (as added by the Chrome OS cryptohome client) appended. The
+ // signed_request.signature field is a signature of the data field signed
+ // with the enrollment certificate's private key.
+ optional SignedData signed_request = 1;
+}
+
+// Request from device to server to register a device (authenticated with an
+// enrollment token).
+message TokenBasedDeviceRegisterRequest {
+ optional DeviceRegisterRequest device_register_request = 1;
+}
+
+// Response to a token-based device registration request
+// (@code `TokenBasedDeviceRegisterRequest`).
+message TokenBasedDeviceRegisterResponse {
+ optional DeviceRegisterResponse device_register_response = 1;
+}
+
+// Requested configuration to be passed along a registration request.
+message DeviceRegisterConfiguration {
+ // The device owner's email address.
+ optional string device_owner = 1;
+}
+
+message CertificateBasedDeviceRegistrationData {
+ enum CertificateType {
+ UNKNOWN = 0;
+ ENTERPRISE_ENROLLMENT_CERTIFICATE = 1;
+ }
+
+ optional CertificateType certificate_type = 1;
+ // Device certificate in X.509 format.
+ // We use CertificateFactory.generateCertificate() call and
+ // the certificate provided must be DER-encoded and may be supplied in binary
+ // or printable (Base64) encoding. If the certificate is provided in Base64
+ // encoding, it must be bounded at the beginning by
+ // -----BEGIN CERTIFICATE-----, and must be bounded at the end by
+ // -----END CERTIFICATE-----.
+ optional bytes device_certificate = 2;
+ // regular device registration request
+ optional DeviceRegisterRequest device_register_request = 3;
+ // Additional configuration to register the device.
+ optional DeviceRegisterConfiguration device_register_configuration = 4;
+}
+
+// Request to enroll a Chrome browser. Fields match identically named fields
+// in ChromeBrowserDeviceInfo.
+message RegisterBrowserRequest {
+ // The name of the machine within its local network.
+ optional string machine_name = 1;
+ // Platform, e.g., Windows or Mac.
+ optional string os_platform = 2;
+ // Platform specific version number, e.g., 6.1.7601.0 or 10.12.6
+ optional string os_version = 3;
+ // Device identifier for helping identify non-Chrome OS devices.
+ // TODO(crbug.com/40706071): This will also replace the machine_name field.
+ optional BrowserDeviceIdentifier browser_device_identifier = 4;
+ // The device model, e.g., iPad6,11
+ optional string device_model = 5;
+ // A string that represents the brand/manufacturer of a device.
+ optional string brand_name = 6;
+}
+
+// Gets an enrollment token to a managed Google Play account for using it with
+// Active Directory. Sent when a new user logs in with Active Directory and
+// opens Play Store for the first time.
+message ActiveDirectoryEnrollPlayUserRequest {
+ // A server-provider identifier for the previously established SAML session.
+ // If left empty and SAML authentication is required,
+ // ActiveDirectoryEnrollPlayUserResponse.saml_parameters.auth_redirect_url
+ // will contain initial Redirect required to start the SAML flow.
+ optional string auth_session_id = 1;
+}
+
+// The result when a new user logs in to Play Store with Active Directory.
+// 904 Arc Disabled HTTP error code is returned if the reason of the failure is
+// that ARC is not enabled for the domain.
+// 403 Forbidden HTTP error code is returned if the device can't get Managed
+// Google Play accounts.
+message ActiveDirectoryEnrollPlayUserResponse {
+ // The enrollment token which can be used to fetch a Managed Google Play
+ // account.
+ optional string enrollment_token = 1;
+ // The user id which identifies the user enrolled by this token. This user id
+ // is opaque to the client and is only used in the ActiveDirectoryPlayActivity
+ // requests.
+ optional string user_id = 2;
+ // If SAML authentication is required, SAML flow parameters are specified in
+ // this proto and both enrollment_token and user_id fields are left unset.
+ optional SamlParametersProto saml_parameters = 3;
+}
+
+message SamlParametersProto {
+ // Initial Redirect URL to start the SAML flow.
+ optional string auth_redirect_url = 1;
+ // Auth Session ID which the client is supposed to use in the subsequent
+ // DMServer request (to be sent after SAML flow completes).
+ optional string auth_session_id = 2;
+}
+
+// Gets a URL to the SAML IdP authentication flow for using it with public
+// SAML session. Sent when a user logs in to a SAML public session account.
+message PublicSamlUserRequest {
+ // Identifier for the public saml account. Same as
+ // DeviceLocalAccountInfoProto.account_id.
+ optional string account_id = 1;
+}
+
+// The result when a user logs in to a SAML public session account.
+message PublicSamlUserResponse {
+ // SAML flow parameters are specified in this proto.
+ optional SamlParametersProto saml_parameters = 1;
+}
+
+// Reports that a managed Google Play account is used. This makes the garbage
+// collection of accounts possible by reporting the ones which are still in use.
+message ActiveDirectoryPlayActivityRequest {
+ // The user id received in ActiveDirectoryEnrollPlayUserResponse which
+ // identifies the user.
+ optional string user_id = 1;
+}
+
+// Response to the Play account activity request.
+message ActiveDirectoryPlayActivityResponse {}
+
+// DEPRECATED: Request to retrieve available device licenses. User auth token
+// or auth cookie must be provided with DeviceManagementRequest when
+// CheckDeviceLicenseRequest is being sent.
+// See go/cdm-mixed-license-pool for more info
+message CheckDeviceLicenseRequest {}
+
+// Represents availability of a single license type.
+message LicenseAvailability {
+ // License type.
+ optional LicenseType license_type_deprecated = 1 [deprecated = true];
+
+ // Remaining available licenses (can be 0).
+ optional int32 available_licenses_deprecated = 2 [deprecated = true];
+}
+
+// DEPRECATED: Response to a check device license request.
+message CheckDeviceLicenseResponse {
+ enum LicenseSelectionMode {
+ // Should not happen, included for compatibility.
+ UNDEFINED = 0;
+ // User is allowed to choose license.
+ USER_SELECTION = 1;
+ // Admin controls license selection preferences through management UI.
+ ADMIN_SELECTION = 2;
+ }
+
+ // Policy setting value for license selection mode.
+ optional LicenseSelectionMode license_selection_mode_deprecated = 1
+ [deprecated = true];
+
+ // Provides available license counts for each purchased license type.
+ // This field would list each subscription for the domain even if all licenses
+ // have been used up (in which case available_licenses field is set to zero).
+ //
+ // If license_selection_mode == USER_SELECTION and license_availability
+ // contains more than one entry then device should display a screen asking
+ // user to choose license type and send selected license type value in the
+ // DeviceRegisterRequest.license_type field.
+ repeated LicenseAvailability license_availabilities_deprecated = 2
+ [deprecated = true];
+}
+
+// Sign in an Active Directory user using SAML SSO. The device management server
+// redirects the client to the Active Directory server in order to authenticate
+// and identify the Active Directory user. Active Directory redirects the client
+// back to the device management server with an assertion of the Active
+// Directory user's identity. The device management server then redirects the
+// client to Google's authentication service in order to provision the user on
+// the device.
+message ActiveDirectoryUserSigninRequest {}
+
+message ActiveDirectoryUserSigninResponse {
+ // Initial Redirect URL to start the SAML flow.
+ optional string auth_redirect_url = 1;
+}
+
+// Contains information about the TPM used on the device.
+message TpmVersionInfo {
+ enum GscVersion {
+ GSC_VERSION_UNSPECIFIED = 0;
+ GSC_VERSION_NOT_GSC = 1;
+ GSC_VERSION_CR50 = 2;
+ GSC_VERSION_TI50 = 3;
+ }
+ optional uint32 family = 1;
+ optional uint64 spec_level = 2;
+ optional uint32 manufacturer = 3;
+ optional uint32 tpm_model = 4;
+ optional uint64 firmware_version = 5;
+ optional string vendor_specific = 6;
+ optional GscVersion gsc_version = 7;
+ // This field represents the tpm device id and vendor id
+ // which is a combined value as declared in the TPM spec.
+ optional string did_vid = 8;
+}
+
+// Contains status of the TPM unit.
+message TpmStatusInfo {
+ optional bool enabled = 1;
+ optional bool owned = 2;
+ // This field was previously named "initialized", but that's not a valid name
+ // for a proto field since it generates isInitialized method for the Java
+ // binding which collides with the isInitialized method that exists for all
+ // Java protos.
+ optional bool tpm_initialized = 3;
+ optional bool attestation_prepared = 4;
+ optional bool attestation_enrolled = 5;
+ optional int32 dictionary_attack_counter = 6;
+ optional int32 dictionary_attack_threshold = 7;
+ optional bool dictionary_attack_lockout_in_effect = 8;
+ optional int32 dictionary_attack_lockout_seconds_remaining = 9;
+ // DEPRECATED: Not filled by the client anymore (since b/172748724).
+ optional bool boot_lockbox_finalized = 10 [deprecated = true];
+ optional bool owner_password_is_present = 11;
+ optional TpmSupportedFeatures tpm_supported_features = 12;
+}
+
+// Contains information about specific features of the TPM unit.
+message TpmSupportedFeatures {
+ optional bool is_allowed = 1;
+ optional bool support_pinweaver = 2;
+ optional bool support_runtime_selection = 3;
+ optional bool support_u2f = 4;
+}
+
+// System state included with some log events.
+message SystemState {
+ // VolumeInfo is reused from existing Chrome reporting.
+ repeated VolumeInfo volume_infos = 1;
+}
+
+// A single entry in the install log for an extension.
+message ExtensionInstallReportLogEvent {
+ // Enumerates the possible event types.
+ enum EventType {
+ // Not used.
+ LOG_EVENT_TYPE_UNKNOWN = 0;
+ // Requested by policy to install the extension.
+ POLICY_REQUEST = 1;
+ // Install success.
+ SUCCESS = 2;
+ // Request canceled.
+ CANCELED = 3;
+ // Connectivity state changed.
+ CONNECTIVITY_CHANGE = 4;
+ // Session state changed.
+ SESSION_STATE_CHANGE = 5;
+ // Extension installation failed.
+ INSTALLATION_FAILED = 6;
+ }
+
+ // Enumerates the possible changes in session state.
+ enum SessionStateChangeType {
+ // Not used.
+ SESSION_STATE_CHANGE_TYPE_UNKNOWN = 0;
+ // Session starting.
+ LOGIN = 1;
+ // Session ending.
+ LOGOUT = 2;
+ // Suspending.
+ SUSPEND = 3;
+ // Resuming.
+ RESUME = 4;
+ }
+
+ // Possible failure reasons. See InstallStageTracker::FailureReason for more
+ // details. InstallStageTracker::FailureReason is the main enum and this is
+ // a copy used for reporting purposes.
+ enum FailureReason {
+ FAILURE_REASON_UNKNOWN = 0;
+ INVALID_ID = 1;
+ MALFORMED_EXTENSION_SETTINGS = 2;
+ REPLACED_BY_ARC_APP = 3;
+ MALFORMED_EXTENSION_DICT = 4;
+ NOT_SUPPORTED_EXTENSION_DICT = 5;
+ MALFORMED_EXTENSION_DICT_FILE_PATH = 6;
+ MALFORMED_EXTENSION_DICT_VERSION = 7;
+ MALFORMED_EXTENSION_DICT_UPDATE_URL = 8;
+ LOCALE_NOT_SUPPORTED = 9;
+ NOT_PERFORMING_NEW_INSTALL = 10;
+ TOO_OLD_PROFILE = 11;
+ DO_NOT_INSTALL_FOR_ENTERPRISE = 12;
+ ALREADY_INSTALLED = 13;
+ CRX_FETCH_FAILED = 14;
+ MANIFEST_FETCH_FAILED = 15;
+ MANIFEST_INVALID = 16;
+ NO_UPDATE = 17;
+ CRX_INSTALL_ERROR_DECLINED = 18;
+ CRX_INSTALL_ERROR_SANDBOXED_UNPACKER_FAILURE = 19;
+ CRX_INSTALL_ERROR_OTHER = 20;
+ NO_UPDATE_URL = 21;
+ PENDING_ADD_FAILED = 22;
+ DOWNLOADER_ADD_FAILED = 23;
+ IN_PROGRESS = 24;
+ CRX_FETCH_URL_EMPTY = 25;
+ CRX_FETCH_URL_INVALID = 26;
+ OVERRIDDEN_BY_SETTINGS = 27;
+ REPLACED_BY_SYSTEM_APP = 28;
+ }
+
+ // Stage of extension installing process. See InstallStageTracker::Stage for
+ // more details. InstallStageTracker::Stage is the main enum and this is
+ // a copy used for reporting purposes. The entries are in the order they occur
+ // in the installation process.
+ enum InstallationStage {
+ INSTALLATION_STAGE_UNKNOWN = 0;
+ CREATED = 1;
+ PENDING = 2;
+ DOWNLOADING = 3;
+ INSTALLING = 4;
+ COMPLETE = 5;
+ }
+
+ // Type of current user. See user_manager::UserType for more details.
+ // user_manager::UserType is the main enum and this is a copy used for
+ // reporting purposes.
+ enum UserType {
+ USER_TYPE_UNKNOWN = 0;
+ USER_TYPE_REGULAR = 1;
+ USER_TYPE_GUEST = 2;
+ USER_TYPE_PUBLIC_ACCOUNT = 3;
+ USER_TYPE_SUPERVISED_DEPRECATED = 4 [deprecated = true];
+ USER_TYPE_KIOSK_APP = 5;
+ USER_TYPE_CHILD = 6;
+ USER_TYPE_ARC_KIOSK_APP = 7;
+ USER_TYPE_ACTIVE_DIRECTORY = 8;
+ USER_TYPE_WEB_KIOSK_APP = 9;
+ }
+
+ // Current stage of the extension downloading process. See
+ // ExtensionDownloaderDelegate::Stage for more details.
+ // ExtensionDownloaderDelegate::Stage is the main enum and this is a copy used
+ // for reporting purposes.
+ enum DownloadingStage {
+ DOWNLOADING_STAGE_UNKNOWN = 0;
+ DOWNLOAD_PENDING = 1;
+ QUEUED_FOR_MANIFEST = 2;
+ DOWNLOADING_MANIFEST = 3;
+ DOWNLOADING_MANIFEST_RETRY = 4;
+ PARSING_MANIFEST = 5;
+ MANIFEST_LOADED = 6;
+ QUEUED_FOR_CRX = 7;
+ DOWNLOADING_CRX = 8;
+ DOWNLOADING_CRX_RETRY = 9;
+ FINISHED = 10;
+ }
+
+ // Current stage of the extension creation process. See
+ // InstallStageTracker::InstallCreationStage for more details.
+ // InstallStageTracker::InstallCreationStage is the main enum and this is a
+ // copy used for reporting purposes.
+ enum InstallCreationStage {
+ INSTALL_CREATION_STAGE_UNKNOWN = 0;
+ CREATION_INITIATED = 1;
+ NOTIFIED_FROM_MANAGEMENT_INITIAL_CREATION_FORCED = 2;
+ NOTIFIED_FROM_MANAGEMENT_INITIAL_CREATION_NOT_FORCED = 3;
+ NOTIFIED_FROM_MANAGEMENT = 4;
+ NOTIFIED_FROM_MANAGEMENT_NOT_FORCED = 5;
+ SEEN_BY_POLICY_LOADER = 6;
+ SEEN_BY_EXTERNAL_PROVIDER = 7;
+ }
+
+ // Status of cache when an attempt is made to fetch the extension from it
+ // during the downloading process. See
+ // ExtensionDownloaderDelegate::CacheStatus for more details.
+ // ExtensionDownloaderDelegate::CacheStatus is the main enum and this is a
+ // copy used for reporting purposes.
+ enum DownloadCacheStatus {
+ CACHE_UNKNOWN = 0;
+ CACHE_DISABLED = 1;
+ CACHE_MISS = 2;
+ CACHE_OUTDATED = 3;
+ CACHE_HIT = 4;
+ CACHE_HIT_ON_MANIFEST_FETCH_FAILURE = 5;
+ }
+
+ // All the ways SandboxedUnpacker can fail. See
+ // extensions::SandboxedUnpackerFailureReason for more details.
+ // extensions::SandboxedUnpackerFailureReason is the main enum and this is a
+ // copy used for reporting purposes.
+ enum SandboxedUnpackerFailureReason {
+ SANDBOXED_UNPACKER_FAILURE_REASON_UNKNOWN = 0;
+ COULD_NOT_GET_TEMP_DIRECTORY = 1;
+ COULD_NOT_CREATE_TEMP_DIRECTORY = 2;
+ FAILED_TO_COPY_EXTENSION_FILE_TO_TEMP_DIRECTORY = 3;
+ COULD_NOT_GET_SANDBOX_FRIENDLY_PATH = 4;
+ COULD_NOT_LOCALIZE_EXTENSION = 5;
+ INVALID_MANIFEST = 6;
+ UNPACKER_CLIENT_FAILED = 7;
+ UTILITY_PROCESS_CRASHED_WHILE_TRYING_TO_INSTALL = 8;
+ CRX_FILE_NOT_READABLE = 9;
+ CRX_HEADER_INVALID = 10;
+ CRX_MAGIC_NUMBER_INVALID = 11;
+ CRX_VERSION_NUMBER_INVALID = 12;
+ CRX_EXCESSIVELY_LARGE_KEY_OR_SIGNATURE = 13;
+ CRX_ZERO_KEY_LENGTH = 14;
+ CRX_ZERO_SIGNATURE_LENGTH = 15;
+ CRX_PUBLIC_KEY_INVALID = 16;
+ CRX_SIGNATURE_INVALID = 17;
+ CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED = 18;
+ CRX_SIGNATURE_VERIFICATION_FAILED = 19;
+ ERROR_SERIALIZING_MANIFEST_JSON = 20;
+ ERROR_SAVING_MANIFEST_JSON = 21;
+ COULD_NOT_READ_IMAGE_DATA_FROM_DISK_UNUSED = 22;
+ DECODED_IMAGES_DO_NOT_MATCH_THE_MANIFEST_UNUSED = 23;
+ INVALID_PATH_FOR_BROWSER_IMAGE = 24;
+ ERROR_REMOVING_OLD_IMAGE_FILE = 25;
+ INVALID_PATH_FOR_BITMAP_IMAGE = 26;
+ ERROR_RE_ENCODING_THEME_IMAGE = 27;
+ ERROR_SAVING_THEME_IMAGE = 28;
+ DEPRECATED_ABORTED_DUE_TO_SHUTDOWN = 29;
+ COULD_NOT_READ_CATALOG_DATA_FROM_DISK_UNUSED = 30;
+ INVALID_CATALOG_DATA = 31;
+ INVALID_PATH_FOR_CATALOG_UNUSED = 32;
+ ERROR_SERIALIZING_CATALOG = 33;
+ ERROR_SAVING_CATALOG = 34;
+ CRX_HASH_VERIFICATION_FAILED = 35;
+ UNZIP_FAILED = 36;
+ DIRECTORY_MOVE_FAILED = 37;
+ CRX_FILE_IS_DELTA_UPDATE = 38;
+ CRX_EXPECTED_HASH_INVALID = 39;
+ DEPRECATED_ERROR_PARSING_DNR_RULESET = 40;
+ ERROR_INDEXING_DNR_RULESET = 41;
+ CRX_REQUIRED_PROOF_MISSING = 42;
+ CRX_HEADER_VERIFIED_CONTENTS_UNCOMPRESSING_FAILURE = 43;
+ MALFORMED_VERIFIED_CONTENTS = 44;
+ COULD_NOT_CREATE_METADATA_DIRECTORY = 45;
+ COULD_NOT_WRITE_VERIFIED_CONTENTS_INTO_FILE = 46;
+ }
+
+ // Reason why extension failed due to failure reason MANIFEST_INVALID. See
+ // extensions::ManifestInvalidError for more details.
+ // extensions::ManifestInvalidError is the main enum and this is a
+ // copy used for reporting purposes.
+ enum ManifestInvalidError {
+ MANIFEST_INVALID_ERROR_UNKNOWN = 0;
+ XML_PARSING_FAILED = 1;
+ INVALID_XLMNS_ON_GUPDATE_TAG = 2;
+ MISSING_GUPDATE_TAG = 3;
+ INVALID_PROTOCOL_ON_GUPDATE_TAG = 4;
+ MISSING_APP_ID = 5;
+ MISSING_UPDATE_CHECK_TAGS = 6;
+ MULTIPLE_UPDATE_CHECK_TAGS = 7;
+ INVALID_PRODVERSION_MIN = 8;
+ EMPTY_CODEBASE_URL = 9;
+ INVALID_CODEBASE_URL = 10;
+ MISSING_VERSION_FOR_UPDATE_CHECK = 11;
+ INVALID_VERSION = 12;
+ BAD_UPDATE_SPECIFICATION = 13;
+ BAD_APP_STATUS = 14;
+ }
+
+ // Extended error code if the extension installation failed due to CRX install
+ // error. See extensions::CrxInstallErrorDetail for more details.
+ // extensions::CrxInstallErrorDetail is the main enum and this is a
+ // copy used for reporting purposes.
+ enum CrxInstallErrorDetail {
+ CRX_INSTALL_ERROR_DETAIL_UNKNOWN = 0;
+ CONVERT_USER_SCRIPT_TO_EXTENSION_FAILED = 1;
+ UNEXPECTED_ID = 2;
+ UNEXPECTED_VERSION = 3;
+ MISMATCHED_VERSION = 4;
+ CRX_ERROR_MANIFEST_INVALID = 5;
+ INSTALL_NOT_ENABLED = 6;
+ OFFSTORE_INSTALL_DISALLOWED = 7;
+ INCORRECT_APP_CONTENT_TYPE = 8;
+ NOT_INSTALLED_FROM_GALLERY = 9;
+ INCORRECT_INSTALL_HOST = 10;
+ DEPENDENCY_NOT_SHARED_MODULE = 11;
+ DEPENDENCY_OLD_VERSION = 12;
+ DEPENDENCY_NOT_ALLOWLISTED = 13;
+ UNSUPPORTED_REQUIREMENTS = 14;
+ EXTENSION_IS_BLOCKLISTED = 15;
+ DISALLOWED_BY_POLICY = 16;
+ KIOSK_MODE_ONLY = 17;
+ OVERLAPPING_WEB_EXTENT = 18;
+ CANT_DOWNGRADE_VERSION = 19;
+ MOVE_DIRECTORY_TO_PROFILE_FAILED = 20;
+ CANT_LOAD_EXTENSION = 21;
+ USER_CANCELED = 22;
+ USER_ABORTED = 23;
+ UPDATE_NON_EXISTING_EXTENSION = 24;
+ }
+
+ // Timestamp, in microseconds since epoch. Set for all log
+ // events.
+ optional int64 timestamp = 1;
+
+ // Event type. Set for all log events.
+ optional EventType event_type = 2;
+
+ // Total and available space on the stateful partition, in bytes. Set for
+ // event types INSTALLATION_FAILED and SUCCESS.
+ optional int64 stateful_total = 3;
+ optional int64 stateful_free = 4;
+
+ // Network state. Set for event type SESSION_STATE_CHANGE of type LOGIN and
+ // CONNECTIVITY_CHANGE.
+ optional bool online = 5;
+
+ // Type of session state change. Set for event type SESSION_STATE_CHANGE.
+ optional SessionStateChangeType session_state_change_type = 6;
+
+ // Type of failure reason. Set for event type INSTALLATION_FAILED.
+ optional FailureReason failure_reason = 7;
+
+ // Stage of installation process.
+ optional InstallationStage installation_stage = 8;
+
+ // Stage of downloading process.
+ optional DownloadingStage downloading_stage = 9;
+
+ // Type of the extension. Set for event type SUCCESS and sometimes (when
+ // possible) for INSTALLATION_FAILED.
+ optional Extension.ExtensionType extension_type = 10;
+
+ // Type of the current user.
+ optional UserType user_type = 11;
+
+ // Whether the current user is new.
+ optional bool is_new_user = 12;
+
+ // Whether the current failure is a admin side miconfiguration failure. Set
+ // for event type INSTALLATION_FAILED.
+ optional bool is_misconfiguration_failure = 13;
+
+ // Stage of install creation process.
+ optional InstallCreationStage install_creation_stage = 14;
+
+ // Status of cache during downloading process.
+ optional DownloadCacheStatus download_cache_status = 15;
+
+ // Detailed reason why unpacking of extension failed.
+ optional SandboxedUnpackerFailureReason unpacker_failure_reason = 16;
+
+ // Detailed reason why extension failed due to failure reason
+ // MANIFEST_INVALID.
+ optional ManifestInvalidError manifest_invalid_error = 17;
+
+ // Extended error code if the extension installation failed due to CRX install
+ // error.
+ optional CrxInstallErrorDetail crx_install_error_detail = 18;
+
+ // Fetch error code when failure_reason is CRX_FETCH_FAILED or
+ // MANIFEST_FETCH_FAILED.
+ optional int32 fetch_error_code = 19;
+
+ // Number of fetch tries made when failure reason is CRX_FETCH_FAILED or
+ // MANIFEST_FETCH_FAILED.
+ optional int32 fetch_tries = 20;
+}
+
+// A single entry in the push-install log for an app.
+message AppInstallReportLogEvent {
+ // Enumerates the possible event types.
+ enum EventType {
+ // Not used.
+ LOG_EVENT_TYPE_UNKNOWN = 0;
+ // Request received by device
+ SERVER_REQUEST = 1;
+ // Request forwarded to CloudDPC
+ CLOUDDPC_REQUEST = 2;
+ // Request forwarded to CloudDPS
+ CLOUDDPS_REQUEST = 3;
+ // Response received from CloudDPS
+ CLOUDDPS_RESPONSE = 4;
+ // Log line written by Phonesky
+ PHONESKY_LOG = 5;
+ // Install success
+ SUCCESS = 6;
+ // Request canceled
+ CANCELED = 7;
+ // Connectivity state changed
+ CONNECTIVITY_CHANGE = 8;
+ // Session state changed
+ SESSION_STATE_CHANGE = 9;
+ // Package installation started
+ INSTALLATION_STARTED = 10;
+ // Package installation finished
+ INSTALLATION_FINISHED = 11;
+ // Package installation failed
+ INSTALLATION_FAILED = 12;
+ // Direct install scheduled
+ DIRECT_INSTALL = 13;
+ // No more regular attempts to install
+ CLOUDDPC_MAIN_LOOP_FAILED = 14;
+ // PlayStore local policy was set
+ PLAYSTORE_LOCAL_POLICY_SET = 15;
+ }
+
+ // Enumerates the possible changes in session state.
+ enum SessionStateChangeType {
+ // Not used.
+ SESSION_STATE_CHANGE_TYPE_UNKNOWN = 0;
+ // Session starting
+ LOGIN = 1;
+ // Session ending
+ LOGOUT = 2;
+ // Suspending
+ SUSPEND = 3;
+ // Resuming
+ RESUME = 4;
+ }
+
+ // Timestamp, in microseconds since epoch. Set for all log
+ // events.
+ optional int64 timestamp = 1;
+
+ // Event type. Set for all log events.
+ optional EventType event_type = 2;
+
+ // Total and available space on the stateful partition, in bytes. Set for
+ // event types SERVER_REQUEST, CLOUDDPS_RESPONSE, INSTALLATION_STARTED,
+ // INSTALLATION_FINISHED, INSTALLATION_FAILED and SUCCESS.
+ optional int64 stateful_total = 3;
+ optional int64 stateful_free = 4;
+
+ // CloudDPS response. Set for event type CLOUDDPS_RESPONSE.
+ optional int32 clouddps_response = 5;
+
+ // Log line written by Phonesky. Set for event type PHONESKY_LOG.
+ optional string phonesky_log = 6;
+
+ // Network state. Set for event type SESSION_STATE_CHANGE of type LOGIN and
+ // CONNECTIVITY_CHANGE.
+ optional bool online = 7;
+
+ // Type of session state change. Set for event type SESSION_STATE_CHANGE.
+ optional SessionStateChangeType session_state_change_type = 8;
+
+ // ARC++ Android id.
+ optional int64 android_id = 9;
+}
+
+// Log bucket for an extension.
+message ExtensionInstallReport {
+ // Extension id for the extension.
+ optional string extension_id = 1;
+
+ // Whether the log is incomplete, e.g. due to the log ring buffer overflowing
+ // or disk corruption.
+ optional bool incomplete = 2;
+
+ // Log events for the extension.
+ repeated ExtensionInstallReportLogEvent logs = 3;
+}
+
+// Log bucket for an ARC++ app.
+message AppInstallReport {
+ // Package name of the app.
+ optional string package = 1;
+
+ // Whether the log is incomplete, e.g. due to the log ring buffer overflowing
+ // or disk corruption.
+ optional bool incomplete = 2;
+
+ // Log events for the app.
+ repeated AppInstallReportLogEvent logs = 3;
+}
+
+// Push-install logs for all ARC++ apps.
+message AppInstallReportRequest {
+ // Log buckets for each app.
+ repeated AppInstallReport app_install_reports = 1;
+}
+
+// Installation logs for all extensions.
+message ExtensionInstallReportRequest {
+ // Log buckets for each extension.
+ repeated ExtensionInstallReport extension_install_reports = 1;
+}
+
+// Response from server after receiving a report on the status of app
+// push-installs.
+message AppInstallReportResponse {}
+
+// Request from device to stop using a previously issued service account.
+// The identity of a freshly-issued service account will be returned by a
+// subsequent device policy fetch (see the |service_account_identity| field in
+// |PolicyData| and auth codes tied to the new service account can be retrieved
+// by subsequent |DeviceServiceApiAccessRequest| requests.
+message RefreshAccountRequest {
+ enum AccountType {
+ ACCOUNT_TYPE_UNSPECIFIED = 0;
+
+ // Refresh demo mode user account.
+ // See go/cros-demo-mode and go/demo-mode-account-brainstorm.
+ CHROME_OS_DEMO_MODE = 1;
+ }
+
+ optional AccountType account_type = 1;
+}
+
+// Response from server after receiving a request to refresh the service
+// account.
+message RefreshAccountResponse {}
+
+// Request from device to upload RSU lookup key.
+message RsuLookupKeyUploadRequest {
+ // Google brand code for the given device SKU.
+ optional bytes board_id = 1;
+
+ // Hashed Cr50 device ID.
+ optional bytes cr50_hashed_device_id = 2;
+}
+
+// Response to {@code RsuLookupKeyUploadRequest}.
+message RsuLookupKeyUploadResponse {
+ // Whether RSU lookup key was received.
+ optional bool rsu_lookup_key_updated = 1;
+}
+
+// Information about an eSIM profile installed on an EUICC (Embedded Universal
+// Integrated Circuit Card).
+message ESimProfileInfo {
+ // ICCID of the eSIM profile. Up to 22 decimal digits encoded as ASCII string.
+ // Example: 3554020401587593554020.
+ optional string iccid = 1;
+
+ // SM-DP+ (Subscription Manager - Data Preparation) activation code that was
+ // used to install this eSIM profile. The "address" terminology is historical
+ // since the string is not strictly just an address. This field should be
+ // considered mutually exclusive with |smds_address|. Up to 255 characters
+ // encoded as UTF8 string.
+ // Example: LPA:1$esim.example.com$matchingId
+ optional string smdp_address = 2;
+
+ // SM-DS (Subscription Manager - Discovery Service) activation code that was
+ // used to install this eSIM profile. The "address" terminology is historical
+ // since the string is not strictly just an address. This field should be
+ // considered mutually exclusive with |smdp_address|. Up to 255 characters
+ // encoded as UTF8 string.
+ // Example: LPA:1$esim.example.com$
+ optional string smds_address = 3;
+
+ // The name of the policy-defined network that resulted in the installation of
+ // this eSIM profile. This metadata is required to guarantee that multiple
+ // policy-defined networks that are configured with the same activation code
+ // are handled correctly, and will result in the appropriate number of eSIM
+ // profiles being installed.
+ optional string name = 4;
+}
+
+// Request from device to server to update information about EUICCs
+// on the device.
+message UploadEuiccInfoRequest {
+ // Number of EUICCs on the device.
+ optional uint32 euicc_count = 1;
+
+ // List of policy provisioned eSIM profiles on the device.
+ repeated ESimProfileInfo esim_profiles = 2;
+
+ // A boolean flag which indicates that the list of eSim profiles was cleared.
+ // We use this differentiate between intentionally empty profile list(after
+ // cleanup) or not yet provisioned one.
+ // On the server, we would ignore requests where |esim_profiles| is empty
+ // if |clear_profile_list| is not set to |true| to not accidentally clear the
+ // values previously stored for this device(which can happen in a case of
+ // device being in after-powerwash state, for example).
+ optional bool clear_profile_list = 3;
+}
+
+// Response from server to device for EUICC status update.
+message UploadEuiccInfoResponse {}
+
+// An event used for reporting when a new print job has completed.
+message PrintJobEvent {
+ message PrintJobConfiguration {
+ // The ID of the job. This and the device ID uniquely identify a print job
+ // in enterprise reporting.
+ optional string id = 1;
+
+ // The name of the document.
+ optional string title = 2;
+
+ // The final status of the job.
+ optional int32 status = 3;
+
+ // The time the print job was created in milliseconds since epoch.
+ optional int64 creation_timestamp_ms = 4;
+
+ // The time the print job was completed in milliseconds since epoch.
+ optional int64 completion_timestamp_ms = 5;
+
+ // The number of pages in the document.
+ optional int32 number_of_pages = 6;
+
+ // The settings of the print job.
+ optional PrintSettings settings = 7;
+ }
+
+ enum UserType {
+ UNKNOWN_USER_TYPE = 0;
+ REGULAR = 1;
+ GUEST = 2;
+ KIOSK = 3;
+ }
+
+ message Printer {
+ // Displayed name of the printer in the client.
+ optional string name = 1;
+
+ // URI of the printer, which serves as a unique identifier.
+ optional string uri = 2;
+
+ // Printer ID.
+ optional string id = 3;
+ }
+
+ // The finishing settings of the print job.
+ message PrintSettings {
+ enum ColorMode {
+ UNKNOWN_COLOR_MODE = 0;
+ BLACK_AND_WHITE = 1;
+ COLOR = 2;
+ }
+
+ enum DuplexMode {
+ UNKNOWN_DUPLEX_MODE = 0;
+ ONE_SIDED = 1;
+ TWO_SIDED_LONG_EDGE = 2;
+ TWO_SIDED_SHORT_EDGE = 3;
+ }
+
+ message MediaSize {
+ // Width (in micrometers)
+ optional int32 width = 1;
+
+ // Height (in micrometers)
+ optional int32 height = 2;
+
+ // Platform specific id to map it back to the particular media.
+ optional string vendor_id = 3;
+ }
+
+ optional ColorMode color = 1;
+
+ optional DuplexMode duplex = 2;
+
+ optional MediaSize media_size = 3;
+
+ optional int32 copies = 4;
+ }
+
+ optional PrintJobConfiguration job_configuration = 1;
+
+ optional UserType user_type = 2;
+
+ optional Printer printer = 3;
+}
+
+// Provides information about an installed app.
+message App {
+ // Enum listing the available types of the apps.
+ // Aligned with apps::mojom::AppType.
+ enum AppType {
+ // Unknown/undefined.
+ UNKNOWN = 0;
+ // ARC++/Android app.
+ ARC = 1;
+ // Built-in app.
+ BUILT_IN = 2;
+ // Linux/crostini app.
+ CROSTINI = 3;
+ // Chrome extension.
+ EXTENSION = 4;
+ // Progressive web app.
+ WEB = 5;
+ // Plugin VM app.
+ PLUGIN_VM = 6;
+ // Borealis VM app.
+ BOREALIS = 7;
+ // Bruschetta VM app.
+ BRUSCHETTA = 8;
+ }
+
+ // ID of the installed application. Package name for Android apps and 32
+ // character long app id for other applications (PWAs, Extensions, Built-in
+ // apps).
+ optional string app_id = 1;
+
+ // Type of the application.
+ optional AppType app_type = 2;
+
+ // Additional IDs of the installed application if exist.
+ // For example it will contain Chrome style 32 character long ids for Android
+ // apps, that use package name as their primary ID.
+ repeated string additional_app_id = 3;
+}
+
+// Information about app activity used for Per-App Time Limits feature.
+message AppActivity {
+ // Enumerates different states that the app can have.
+ enum AppState {
+ // State not known.
+ UNKNOWN = 0;
+ // Default state - no restrictions enforced.
+ DEFAULT = 1;
+ // Important app that cannot be blocked, because it is essential for the OS.
+ ALWAYS_AVAILABLE = 2;
+ // App blocked on the client.
+ BLOCKED = 3;
+ // App reached usage limit on the client.
+ LIMIT_REACHED = 4;
+ // App was uninstalled. It still might have some recent unreported activity.
+ UNINSTALLED = 5;
+ }
+
+ // App identifying information.
+ optional App app_info = 1;
+
+ // A list of time periods when the app was active.
+ repeated TimePeriod active_time_periods = 2;
+
+ // Timestamp when this activity data were populated.
+ // Specified in milliseconds since Epoch in UTC timezone (Java time).
+ optional int64 populated_at = 3;
+
+ // State of the app on client at the time of reporting. To maintain
+ // consistency and help debugging between client and Family Link.
+ optional AppState app_state = 4;
+}
+
+// Models a window for screen time.
+message ScreenTimeSpan {
+ optional TimePeriod time_period = 1;
+
+ // The actual activity duration during a particular time period window
+ // (in milliseconds).
+ optional int64 active_duration_ms = 2;
+}
+
+// Informs the server about the current state of a child user's session, to
+// allow parent supervision.
+message ChildStatusReportRequest {
+ // The user's DMToken.
+ optional string user_dm_token = 1;
+
+ // Timestamp of this status report in milliseconds since epoch.
+ optional int64 timestamp_ms = 2;
+
+ // Time zone id of the active user (e.g. America/Sao_Paulo).
+ // For more details check `third_party/icu/source/i18n/unicode/timezone.h`.
+ optional string time_zone = 3;
+
+ // A list of time spans when the screen was on during the user's session.
+ repeated ScreenTimeSpan screen_time_span = 4;
+
+ // Information about ARC status.
+ optional AndroidStatus android_status = 5;
+
+ // The OS version reported by the device is a platform version
+ // e.g. 1435.0.2011_12_16_1635.
+ optional string os_version = 6;
+
+ // "Verified", "Dev". Same as verified mode.
+ // If the mode is unknown, this field should not be set.
+ optional string boot_mode = 7;
+
+ // A list of per-app activity used for Per-App Time Limits feature.
+ // It might not be sent in every report.
+ repeated AppActivity app_activity = 8;
+
+ // A list of applications which are hidden from the user.
+ repeated App hidden_app = 9;
+
+ // Next id: 10.
+}
+
+// Response from DMServer to update user devices' status.
+// It is possible that status report fails but policy request succeed. In such
+// case, the ChildStatusReportResponse will contain an error code and the
+// device should re-send status report data in the next policy request. The
+// device should re-send report data if policy request fails, even if
+// ChildStatusReportResponse contains no error code.
+message ChildStatusReportResponse {
+ optional int32 error_code = 1;
+
+ // Human readable error message for customer support purpose.
+ optional string error_message = 2;
+}
+
+// Hashing Algorithm for Client Certificate Provisioning Flow.
+enum HashingAlgorithm {
+ // DO NOT USE
+ HASHING_ALGORITHM_UNSPECIFIED = 0;
+
+ SHA1 = 1;
+ SHA256 = 2;
+
+ // Do not hash the input data - assume it is input to the signature algorithm.
+ // The client supports this starting with M-89.
+ //
+ // For SigningAlgorithm RSA_PKCS1_V1_5, the client will perform PKCS#1 v1.5
+ // padding on `data_to_sign`. `data_to_sign` is expected to already contain a
+ // PKCS#1 DigestInfo prefix - the client will not attempt to add such a
+ // prefix. Also `data_to_sign` must be shorter than (key_size-11) bytes. If no
+ // other key size was specified in the
+ // RequiredClientCertificateFor{User,Device} policy, 2048 bits is assumed.
+ NO_HASH = 3;
+}
+
+// Signing Algorithm for Client Certificate Provisioning Flow.
+enum SigningAlgorithm {
+ // DO NOT USE
+ SIGNING_ALGORITHM_UNSPECIFIED = 0;
+
+ RSA_PKCS1_V1_5 = 1;
+}
+
+// Client Certificate Provisioning "Static" Flow, Stage 1: Start a CSR request.
+// No additional fields because cert_profile_id and public_key are passed in the
+// outer message.
+message StartCsrRequest {}
+
+message StartCsrResponse {
+ // The client should register for FCM messages using this topic in order to
+ // receive notifications for the certificate provisioning process.
+ optional string invalidation_topic = 1;
+
+ // The verified access challenge.
+ optional bytes va_challenge = 2;
+
+ // Algorithm to hash data with before signing.
+ optional HashingAlgorithm hashing_algorithm = 5;
+
+ // Algorithm to sign data with for CSR creation.
+ optional SigningAlgorithm signing_algorithm = 3;
+
+ // Data to sign for CSR creation.
+ optional bytes data_to_sign = 4;
+}
+
+// Client Certificate Provisioning "Static" Flow, Stage 2: Finish the CSR
+// request.
+message FinishCsrRequest {
+ // Verified access challenge response.
+ optional bytes va_challenge_response = 1;
+
+ // The signature generated using the private key.
+ optional bytes signature = 2;
+}
+
+message FinishCsrResponse {}
+
+// Client Certificate Provisioning "Static" Flow, Stage 3: Download the issued
+// certificate.
+message DownloadCertRequest {}
+
+message DownloadCertResponse {
+ // PEM-encoded issued certificate.
+ optional string pem_encoded_certificate = 1;
+}
+
+// "Dynamic" flow: Used to start a cerificate provisioning process.
+message CertProvStartRequest {}
+
+message CertProvStartResponse {
+ // The client should register for FCM messages using this topic in order to
+ // receive notifications for the certificate provisioning process.
+ optional string invalidation_topic = 1;
+}
+
+// "Dynamic" flow: Used to fetch the next instruction that the client should
+// process.
+message CertProvGetNextInstructionRequest {}
+
+message CertProvGetNextInstructionResponse {
+ // One of the instructions must be filled.
+ // If no instruction is available yet, the server should respond with a
+ // `CertProvBackendError` instead of a `CertProvGetNextInstructionResponse`.
+ oneof instruction {
+ CertProvAuthorizeInstruction authorize_instruction = 1;
+ CertProvProofOfPossessionInstruction proof_of_possession_instruction = 2;
+ CertProvImportCertificateInstruction import_certificate_instruction = 3;
+ }
+}
+
+// "Dynamic" flow: Used to authorize the client, currently using a Verified
+// Access challenge response.
+// The client should send this request after it received a
+// `CertProvAuthorizeInstruction`.
+message CertProvAuthorizeRequest {
+ // Verified access challenge response.
+ optional bytes va_challenge_response = 1;
+}
+
+message CertProvAuthorizeResponse {}
+
+// "Dynamic" flow: Upload the result of a `ProofOfPossessionInstruction`.
+message CertProvUploadProofOfPossessionRequest {
+ // A client-generated cryptographic signature proving the possession of the
+ // client's private key.
+ // The signing key is the client-owned private key corresponding to
+ // `ClientCertificateProvisioningRequest.public_key`.
+ // The signed data has been previously delivered by the server in
+ // `CertProvProofOfPossessionInstruction.data_to_sign`.
+ // The hashing and signing algorithms have been previously delivered by the
+ // server in the `hashing_algorithm` and `signing_algorithm` fields of
+ // `CertProvProofOfPossessionInstruction`.
+ optional bytes signature = 1;
+}
+
+message CertProvUploadProofOfPossessionResponse {}
+
+// The client should perform an authorization step.
+message CertProvAuthorizeInstruction {
+ // The verified access challenge.
+ optional bytes va_challenge = 1;
+}
+
+// The client should provide a proof-of-possession signature generated using
+// the private key.
+message CertProvProofOfPossessionInstruction {
+ // Data to sign for CSR creation.
+ // Depending on the `signature_algorithm` this may either contain the PKCS#1
+ // DigestInfo in DER format (note that it must be shorter than (key_size-11)
+ // bytes) or unhashed data. The client must process `data_to_sign` according
+ // to the specified `signature_algorithm`, see comments in the
+ // `CertProvSignatureAlgorithm` enum for more details.
+ optional bytes data_to_sign = 1;
+
+ // The signature algorithm that the client uses to process `data_to_sign`.
+ // This defines both the hashing and signing algorithm the client should use.
+ optional CertProvSignatureAlgorithm signature_algorithm = 2;
+}
+
+// The algorithm that the client should use / has used to sign data using its
+// private key for proof-of-posession.
+enum CertProvSignatureAlgorithm {
+ // Default value. This value is unused.
+ SIGNATURE_ALGORITHM_UNSPECIFIED = 0;
+
+ // The server-side builds the PKCS#1 DigestInfo, i.e., the SHA256 hash
+ // is constructed on the server-side. The client should sign using RSA
+ // with PKCS#1 v1.5 padding. If no other key size was specified in the
+ // RequiredClientCertificateFor{User,Device} policy, 2048 bits is assumed.
+ SIGNATURE_ALGORITHM_RSA_PKCS1_V1_5_NO_HASH = 1;
+}
+
+// The client should import an issued certificate.
+message CertProvImportCertificateInstruction {
+ // PEM-encoded issued certificate.
+ optional string pem_encoded_certificate = 1;
+}
+
+// Start / continue client certificate provisioning process for the profile
+// `cert_profile_id`.
+message ClientCertificateProvisioningRequest {
+ reserved 9 to 11;
+ // The id that uniquely identifies a certificate provisioning process.
+ optional string certificate_provisioning_process_id = 16;
+
+ // The scope of the certificate. Similar to policy_type in PolicyFetchRequest.
+ // google/chromeos/device => a certificate for a device is being requested.
+ // google/chromeos/user => a certificate for a user is being requested.
+ optional string certificate_scope = 1;
+
+ // The id of the client certificate profile, specified in the policy.
+ optional string cert_profile_id = 2;
+
+ // The public key for which the certificate should be issued. It's a
+ // DER-serialized X.509 SubjectPublicKeyInfo.
+ optional bytes public_key = 3;
+
+ // Only filled if this is a request for a certificate for a user
+ optional string device_dm_token = 4;
+
+ oneof request {
+ // "Static" flow
+ // (go/chromeos-mgmt-cert-provisioning#heading=h.mh0xyf2o1ums).
+ StartCsrRequest start_csr_request = 5;
+ FinishCsrRequest finish_csr_request = 6;
+ DownloadCertRequest download_cert_request = 7;
+
+ // "Dynamic" flow (go/cert-prov-api-dm-changes)
+ CertProvStartRequest start_request = 12;
+ CertProvGetNextInstructionRequest get_next_instruction_request = 13;
+ CertProvAuthorizeRequest authorize_request = 14;
+ CertProvUploadProofOfPossessionRequest upload_proof_of_possession_request =
+ 15;
+ }
+
+ // Received as part of policy for client certificate profiles. The client
+ // should not interpret this data and should forward it verbatim. DMServer
+ // uses `policy_version` as a hint to verify that the policy view of DMServer
+ // matches the view of Chrome OS device.
+ optional bytes policy_version = 8;
+}
+
+// This marks an error between ChromeOS client and backend, including those
+// involving the Certificate Authority or a Connector software.
+// These could be mapped to HTTP error codes, but reuse of HTTP error codes was
+// deemed confusing and difficult in the existing device management protocol
+// (see existing usage of HTTP error codes described in the
+// `DeviceManagementResponse` comment).
+message CertProvBackendError {
+ // If a new error code is added to the enum and used by the DM Server to
+ // propagate an error, ChromeOS clients running older versions
+ // will not be aware of the new error code. As proto2 is using closed enums,
+ // accessing such an unknown enum field returns the enum's default value
+ // which is the first defined enum value, i.e., `ERROR_UNSPECIFIED`. ChromeOS
+ // clients treat this error by marking the associated certificate provisioning
+ // process as failing.
+ enum Error {
+ ERROR_UNSPECIFIED = 0;
+ // The attempted request is invalid in the current state of the certificate
+ // provisioning process.
+ INVALID_OPERATION = 1;
+ // The client has sent inconsistent data. This can happen if the client has
+ // outdated policy.
+ INCONSISTENT_DATA = 2;
+ // The identity of the client could not be verified.
+ IDENTITY_VERIFICATION_ERROR = 3;
+ // The Certificate Provisioning Process (CPP) already exists and cannot be
+ // started again.
+ CPP_ALREADY_EXISTS = 4;
+ // The backend does not accept the public key sent by the client.
+ BAD_PUBLIC_KEY = 5;
+ // The signature provided by the client is invalid.
+ INVALID_SIGNATURE = 6;
+ // The next instruction on how to proceed in the certificate provisioning
+ // protocol is not yet available.
+ INSTRUCTION_NOT_YET_AVAILABLE = 7;
+ // The CA did not respond within the deadline.
+ CA_UNAVAILABLE = 8;
+ // The CA exhibited an internal server error.
+ CA_FAILURE = 9;
+ // The referenced certificate provisioning profile does not exist.
+ PROFILE_NOT_FOUND = 10;
+ // The user primary email cannot be found.
+ USER_PRIMARY_EMAIL_NOT_FOUND = 11;
+ // The certificate provisioning profile is referencing a non-existent CA
+ // connection.
+ CA_CONNECTION_NOT_FOUND = 12;
+ // The CA connection referenced by the certificate provisioning profile
+ // is referencing a non-existent PubSub topic, or the system does not have
+ // permission to publish to that PubSub topic.
+ PUBSUB_TOPIC_NOT_FOUND = 13;
+ // The Adapter uploaded a certificate that cannot be parsed or was issued
+ // for a wrong public key.
+ BAD_ADAPTER_CERTIFICATE_RECEIVED = 14;
+ // The requested certificate provisioning process cannot be found on
+ // Spanner.
+ CERTIFICATE_PROVISIONING_PROCESS_NOT_FOUND = 15;
+ }
+
+ // The specific error type.
+ optional Error error = 1;
+
+ // A debug message that could be useful for understanding the error.
+ optional string debug_message = 2;
+}
+
+// Response for ClientCertificateProvisioningRequest.
+message ClientCertificateProvisioningResponse {
+ reserved 6;
+
+ // Error conditions that the server side reports to the client that don't fit
+ // into the standard HTTP error schema.
+ // Note that HTTP errors can still be signaled for the client certificate
+ // provisioning requests, e.g. bad DMToken or internal errors will be
+ // propagated as HTTP errors.
+ enum Error {
+ UNDEFINED = 0;
+ // The backend has not received a certificate within the time limit.
+ TIMED_OUT = 1;
+ // The identity of the client could not be verified.
+ IDENTITY_VERIFICATION_ERROR = 2;
+ // The CA encountered an error when processing the certification request.
+ CA_ERROR = 3;
+ // The client has sent inconsistent data.
+ INCONSISTENT_DATA = 4;
+ // The backend does not accept the public key sent by the client.
+ BAD_PUBLIC_KEY = 5;
+ // The leaf CA certificate specified by the admin is invalid.
+ BAD_CA_CERTIFICATE_SPECIFIED = 6;
+ // The certificate received from the certificate enrollment agent cannot be
+ // parsed or is not issued by the leaf CA certificate specified by the
+ // admin.
+ BAD_CLIENT_CERTIFICATE_RECEIVED = 7;
+ // The CSR signature provided by the client is invalid.
+ INVALID_CSR_SIGNATURE = 8;
+ // A certificate signing request for the same public key has already been
+ // sent.
+ CSR_ALREADY_SENT = 9;
+ }
+
+ // If filled, the request can currently not be processed and the client
+ // is supposed to try again later using the same data.
+ // The value is the number of milliseconds when the client should
+ // automatically retry.
+ // Used in "Static" flow only.
+ optional int64 try_again_later = 1;
+
+ oneof response {
+ // Used in "Static" flow.
+ Error error = 2;
+ StartCsrResponse start_csr_response = 3;
+ FinishCsrResponse finish_csr_response = 4;
+ DownloadCertResponse download_cert_response = 5;
+
+ // Used in "Dynamic" flow.
+ CertProvStartResponse start_response = 7;
+ CertProvGetNextInstructionResponse get_next_instruction_response = 8;
+ CertProvAuthorizeResponse authorize_response = 9;
+ CertProvUploadProofOfPossessionResponse
+ upload_proof_of_possession_response = 10;
+ CertProvBackendError backend_error = 11;
+ }
+}
+
+// Request from browser to server to upload public key.
+// GoogleDMToken MUST be in HTTP Authorization header.
+message BrowserPublicKeyUploadRequest {
+ enum KeyTrustLevel {
+ // UNSPECIFIED.
+ KEY_TRUST_LEVEL_UNSPECIFIED = 0;
+ // Chrome Browser with the key stored in the device hardware.
+ CHROME_BROWSER_HW_KEY = 1;
+ // Chrome Browser with the key stored at OS level.
+ CHROME_BROWSER_OS_KEY = 2;
+ }
+
+ enum KeyType {
+ KEY_TYPE_UNSPECIFIED = 0;
+ RSA_KEY = 1;
+ EC_KEY = 2;
+ }
+
+ // Public key in EC_NID_X9_62_PRIME256V1_PUBLIC_DER format.
+ optional bytes public_key = 1;
+
+ // Signature of the new public key signed using the existing key, empty for
+ // initial upload.
+ optional bytes signature = 2;
+
+ // Trust Level of the key.
+ optional KeyTrustLevel key_trust_level = 3;
+
+ // Type of the key.
+ optional KeyType key_type = 4;
+
+ // Whether the server should create a client certificate for that public key
+ // and return it as part of the response or not.
+ optional bool provision_certificate = 5;
+}
+
+// Response from server to device for cert upload request.
+message BrowserPublicKeyUploadResponse {
+ enum ResponseCode {
+ UNDEFINED = 0;
+ // The new key is uploaded successfully.
+ SUCCESS = 1;
+ // The signature could not be verified.
+ INVALID_SIGNATURE = 2;
+ }
+ optional ResponseCode response_code = 1;
+
+ // If the request had `provision_certificate` as true, this property will
+ // contain the X.509 client certificate in PEM format.
+ optional string pem_encoded_certificate = 2;
+}
+
+// Upload request for Firebase Messaging token to communicate registration token
+// to the server. The response message will be
+// `FmRegistrationTokenUploadResponse`.
+// See go/cros-invalidation-with-direct-messaging.
+message FmRegistrationTokenUploadRequest {
+ // Scope of the uploaded token.
+ enum TokenType {
+ DEVICE = 0;
+ BROWSER = 1;
+ USER = 2;
+ }
+
+ optional string token = 1;
+ // Invalidation protocol version that uploader currently supports.
+ optional int64 protocol_version = 2;
+ // Scope of the uploaded token.
+ optional TokenType token_type = 3;
+ // Token's expiration timestamp in milliseconds since Epoch in UTC timezone
+ // (Java time).
+ optional int64 expiration_timestamp_ms = 4;
+}
+
+// Response to `FmRegistrationTokenUploadRequest`.
+message FmRegistrationTokenUploadResponse {}
+
+// Additional detail about the error which can be used to clarify user messaging
+// around the error or to influence Chrome's error-handling behavior.
+enum DeviceManagementErrorDetail {
+ NO_ERROR_DETAIL = 0;
+
+ // Only valid for CBCM browser DEVICE_NOT_FOUND errors. Indicates that the
+ // DMToken should be deleted entirely from its storage location.
+ CBCM_DELETION_POLICY_PREFERENCE_DELETE_TOKEN = 1;
+
+ // Only valid for CBCM browser DEVICE_NOT_FOUND errors. Indicates that the
+ // DMToken should be invalidated, preventing device re-enrollment.
+ CBCM_DELETION_POLICY_PREFERENCE_INVALIDATE_TOKEN = 2;
+}
+
+// Request from the DMAgent on the device to the DMServer. This is
+// container for all requests from device to server. The overall HTTP
+// request MUST be in the following format:
+//
+// * HTTP method is POST
+// * Data mime type is application/x-protobuffer
+// * See GoogleContentTypeEnum.java
+// * HTTP parameters are (all required, all case sensitive):
+// * request: MUST BE one of
+// * api_authorization
+// * cert_upload
+// * check_device_pairing
+// * device_pairing
+// * device_state_retrieval
+// * enterprise_check
+// * enterprise_psm_check
+// * chrome_desktop_report
+// * chrome_os_user_report
+// * policy
+// * register
+// * status_upload
+// * unregister
+// * remote_commands
+// * attribute_update_permission
+// * attribute_update
+// * gcm_id_update
+// * check_android_management
+// * certificate_based_register
+// * active_directory_enroll_play_user
+// * active_directory_play_activity
+// * active_directory_user_signin
+// * register_browser
+// * policy_validation_report
+// * device_initial_enrollment_state
+// * refresh_account
+// * client_cert_provisioning
+// * browser_public_key_upload
+// * upload_euicc_info
+// * devicetype: MUST BE "1" for Android, "2" for Chrome OS or "3" for Chrome
+// browser.
+// * apptype: MUST BE Android or Chrome.
+// * deviceid: MUST BE no more than 64-char in [\x21-\x7E].
+// * agent: MUST BE no more than 64-char long.
+// * HTTP Authorization header MUST be in the following formats:
+// * For register for Chrome browsers and token_based_register requests.
+// Authorization: GoogleEnrollmentToken token=<enrollment token>
+//
+// * For unregister, policy, status, cert_upload, remote_commands,
+// gcm_id_update, active_directory_enroll_play_user,
+// active_directory_play_activity, active_directory_user_signin,
+// policy_validation_report, chrome_desktop_report,
+// chrome_os_user_report, refresh_account, client_cert_provisioning,
+// api_authorization requests
+// Authorization: GoogleDMToken token=<DMToken from register>
+//
+// * The Authorization header isn't used for enterprise_check,
+// enterprise_psm_check, device_initial_enrollment_state or
+// certificate_based_register requests.
+// It is also not used for register requests and check_android_management
+// requests - for these requests, the OAuth token is passed in the "oauth"
+// HTTP query parameter.
+//
+// DeviceManagementRequest should only contain one request which matches the
+// HTTP query parameter - request, as mentioned in comments on the fields of the
+// message. Other requests within the container will be ignored.
+message DeviceManagementRequest {
+ reserved 24; // unused previous version of chrome_desktop_report_request.
+
+ // Register request.
+ // HTTP query parameter 'request': 'register'
+ optional DeviceRegisterRequest register_request = 1;
+
+ // Unregister request.
+ // HTTP query parameter 'request': 'unregister'
+ optional DeviceUnregisterRequest unregister_request = 2;
+
+ // Policy request.
+ // HTTP query parameter 'request': 'policy'
+ optional DevicePolicyRequest policy_request = 3;
+
+ // Update status.
+ // HTTP query parameter 'request': 'status'
+ // (this applies to all of the following three fields, and they can all be
+ // present in the same request).
+ optional DeviceStatusReportRequest device_status_report_request = 4;
+ optional SessionStatusReportRequest session_status_report_request = 5;
+ optional ChildStatusReportRequest child_status_report_request = 30;
+
+ // Auto-enrollment detection.
+ // HTTP query parameter 'request': 'enterprise_check'
+ optional DeviceAutoEnrollmentRequest auto_enrollment_request = 6;
+
+ // EMCert upload (for remote attestation)
+ // HTTP query parameter 'request': 'cert_upload'
+ optional DeviceCertUploadRequest cert_upload_request = 7;
+
+ // Request for OAuth2 authorization codes to access Google services.
+ // HTTP query parameter 'request': 'api_authorization'
+ optional DeviceServiceApiAccessRequest service_api_access_request = 8;
+
+ // Device-state retrieval.
+ // HTTP query parameter 'request': 'device_state_retrieval'
+ optional DeviceStateRetrievalRequest device_state_retrieval_request = 9;
+
+ // Device state key update.
+ // HTTP query parameter 'request': 'policy'
+ optional DeviceStateKeyUpdateRequest device_state_key_update_request = 10;
+
+ // Pair two devices.
+ // HTTP query parameter 'request': 'device_pairing'
+ optional DevicePairingRequest device_pairing_request = 11;
+
+ // Check if two devices are paired.
+ // HTTP query parameter 'request': 'check_device_pairing'
+ optional CheckDevicePairingRequest check_device_pairing_request = 12;
+
+ // Remote command fetching.
+ // HTTP query parameter 'request': 'remote_commands'
+ optional DeviceRemoteCommandRequest remote_command_request = 13;
+
+ // Check permission for updating device attribute.
+ // HTTP query parameter 'request': 'attribute_update_permission'
+ optional DeviceAttributeUpdatePermissionRequest
+ device_attribute_update_permission_request = 14;
+
+ // Update device attribute.
+ // HTTP query parameter 'request': 'attribute_update'
+ optional DeviceAttributeUpdateRequest device_attribute_update_request = 15;
+
+ // Update the GCM id to device_id mapping.
+ // HTTP query parameter 'request': 'gcm_id_update'
+ optional GcmIdUpdateRequest gcm_id_update_request = 16;
+
+ // Check if user is a managed Android-for-Work user with DPC enforcement.
+ // HTTP query parameter 'request': 'check_android_management'
+ optional CheckAndroidManagementRequest check_android_management_request = 17;
+
+ // Request to register with a registration certificate.
+ // HTTP query parameter 'request': 'certificate_based_register'
+ optional CertificateBasedDeviceRegisterRequest
+ certificate_based_register_request = 18;
+
+ // Gets an enrollment token to a Managed Google Play Account for using it with
+ // Active Directory.
+ // HTTP query parameter 'request': 'active_directory_enroll_play_user'
+ optional ActiveDirectoryEnrollPlayUserRequest
+ active_directory_enroll_play_user_request = 19;
+
+ // Reports that a Play account is used.
+ // HTTP query parameter 'request': 'active_directory_play_activity'
+ optional ActiveDirectoryPlayActivityRequest
+ active_directory_play_activity_request = 20;
+
+ // Request device license information.
+ optional CheckDeviceLicenseRequest check_device_license_request_deprecated =
+ 21 [deprecated = true];
+
+ // Initiate an Active Directory user signin.
+ // HTTP query parameter 'request': 'active_directory_user_signin'
+ optional ActiveDirectoryUserSigninRequest
+ active_directory_user_signin_request = 22;
+
+ // Request to register a browser independently of its users.
+ // HTTP query parameter 'request': 'register_browser'
+ optional RegisterBrowserRequest register_browser_request = 23;
+
+ // A report on the status of app push-installs.
+ // HTTP query parameter 'request': 'app_install_report'
+ optional AppInstallReportRequest app_install_report_request = 25;
+
+ // A Chrome desktop report request.
+ // HTTP query parameter 'request': 'chrome_desktop_report'
+ optional ChromeDesktopReportRequest chrome_desktop_report_request = 26;
+
+ // Result of validating fetched policy on the client.
+ // HTTP query parameter 'request': 'policy_validation_report'
+ optional PolicyValidationReportRequest policy_validation_report_request = 27;
+
+ // Query for initial enrollment details.
+ // HTTP query parameter 'request': 'device_initial_enrollment_state'
+ optional DeviceInitialEnrollmentStateRequest
+ device_initial_enrollment_state_request = 28;
+
+ // Request from device to wipe an old account and get a new account.
+ // HTTP query parameter 'request': 'refresh_account'
+ optional RefreshAccountRequest refresh_account_request = 29;
+
+ // Request from device to upload RSU lookup key.
+ // TODO(crbug.com/40210185): seems unused
+ optional RsuLookupKeyUploadRequest rsu_lookup_key_upload_request = 31;
+
+ // Request from device for SAML IdP URL address.
+ // HTTP query parameter 'request': 'public_saml_user_request'
+ optional PublicSamlUserRequest public_saml_user_request = 32;
+
+ // A ChromeOS user report request.
+ // HTTP query parameter 'request': 'chrome_os_user_report'
+ optional ChromeOsUserReportRequest chrome_os_user_report_request = 33;
+
+ // Request to start / continue client certificate provisioning process.
+ // HTTP query parameter 'request': 'client_cert_provisioning'
+ optional ClientCertificateProvisioningRequest
+ client_certificate_provisioning_request = 34;
+
+ // A report on the status of extension install process.
+ // TODO(crbug.com/40210185): seems unused.
+ optional ExtensionInstallReportRequest extension_install_report_request = 35;
+
+ // Request to check user account for smart enrollment.
+ // HTTP query parameter 'request': 'check_user_account'
+ optional CheckUserAccountRequest check_user_account_request = 36;
+
+ // Request from device to check the state stored in PSM. Currently, it is used
+ // for ZTE/LP device initial enrollment state check.
+ // HTTP query parameter 'request': 'enterprise_psm_check'
+ optional PrivateSetMembershipRequest private_set_membership_request = 37;
+
+ // Request from browser to upload public key.
+ // HTTP query parameter 'request': 'browser_public_key_upload'
+ optional BrowserPublicKeyUploadRequest browser_public_key_upload_request = 38;
+
+ // Request to upload info about eSIM provisioning.
+ // HTTP query parameter 'request': 'upload_euicc_info'
+ optional UploadEuiccInfoRequest upload_euicc_info_request = 39;
+
+ // Request to upload profile usage information.
+ // HTTP query parameter 'request': 'chrome_profile_report'
+ optional ChromeProfileReportRequest chrome_profile_report_request = 40;
+
+ // Request to register a device with an enrollment token.
+ // HTTP query parameter 'request': 'token_based_register'
+ optional TokenBasedDeviceRegisterRequest token_based_device_register_request =
+ 41;
+
+ optional FmRegistrationTokenUploadRequest
+ fm_registration_token_upload_request = 42;
+
+ // Next id: 43.
+}
+
+// Response from server to device.
+//
+// For release clients, DMServer returns errors using HTTP Status Code, so that
+// clients only need to check one place for all error codes. It is also easier
+// to perform log analysis and customer support since HTTP Status Code is easily
+// visible in the logs.
+//
+// Possible HTTP status codes:
+// 200 OK: valid response is returned to client.
+// 400 Bad Request: invalid argument or payload.
+// 401 Unauthorized: invalid auth cookie/OAuth token, DMToken or enrollment
+// token.
+// 402 Missing license.
+// 403 Forbidden: device management is not allowed (e.g. user may not enroll).
+// 404 Not Found: the request URL is invalid.
+// 405 Invalid serial number.
+// 406 Domain mismatch (e.g. device is enrolling into the wrong domain, should
+// force-re-enroll into another domain).
+// 409 Device id conflict.
+// 410 Device Not Found: the device id is not found.
+// 412 Pending approval. Used with ClientCertificateProvisioningRequest to
+// indicate that a certificate has not been issued yet.
+// 413 Request payload too large.
+// 417 Consumer (non-dasher) account can not enroll with packaged license.
+// 429 Too many requests.
+// 500 Internal Server Error: most likely a bug in DM server.
+// 503 Service Unavailable: most likely a backend error.
+// 902 Policy Not Found: the policy is not found.
+// 903 Deprovisioned: the device has been deprovisioned.
+// 904 Arc Disabled: ARC is not enabled on the domain.
+// 905 Can not enroll packaged license device to domainless customer.
+// 906 TOS has not been accepted by customer.
+// 907 Illegal account for packaged EDU license.
+message DeviceManagementResponse {
+ reserved 1, 24;
+
+ // Error message.
+ optional string error_message = 2;
+
+ // Additional details about the error message.
+ repeated DeviceManagementErrorDetail error_detail = 39;
+
+ // Register response
+ optional DeviceRegisterResponse register_response = 3;
+
+ // Unregister response
+ optional DeviceUnregisterResponse unregister_response = 4;
+
+ // Policy response.
+ optional DevicePolicyResponse policy_response = 5;
+
+ // Update status report response.
+ optional DeviceStatusReportResponse device_status_report_response = 6;
+ optional SessionStatusReportResponse session_status_report_response = 7;
+ optional ChildStatusReportResponse child_status_report_response = 29;
+
+ // Auto-enrollment detection response.
+ optional DeviceAutoEnrollmentResponse auto_enrollment_response = 8;
+
+ // EMCert upload response.
+ optional DeviceCertUploadResponse cert_upload_response = 9;
+
+ // Response to OAuth2 authorization code request.
+ optional DeviceServiceApiAccessResponse service_api_access_response = 10;
+
+ // Device-state retrieval.
+ optional DeviceStateRetrievalResponse device_state_retrieval_response = 11;
+
+ // Response to device pairing request.
+ optional DevicePairingResponse device_pairing_response = 12;
+
+ // Response to check device pairing request.
+ optional CheckDevicePairingResponse check_device_pairing_response = 13;
+
+ // Response to remote command request.
+ optional DeviceRemoteCommandResponse remote_command_response = 14;
+
+ // Response to check device attribute update permission.
+ optional DeviceAttributeUpdatePermissionResponse
+ device_attribute_update_permission_response = 15;
+
+ // Response to update device attribute.
+ optional DeviceAttributeUpdateResponse device_attribute_update_response = 16;
+
+ // Response to GCM id update request.
+ optional GcmIdUpdateResponse gcm_id_update_response = 17;
+
+ // Response to check Android management request.
+ optional CheckAndroidManagementResponse check_android_management_response =
+ 18;
+
+ // Response to an Active Directory Play user enrollment request.
+ optional ActiveDirectoryEnrollPlayUserResponse
+ active_directory_enroll_play_user_response = 19;
+
+ // Response to a Play activity request.
+ optional ActiveDirectoryPlayActivityResponse
+ active_directory_play_activity_response = 20;
+
+ // Response to a check device license request.
+ optional CheckDeviceLicenseResponse check_device_license_response_deprecated =
+ 21 [deprecated = true];
+
+ // Response to a request initiating an Active Directory user signin.
+ optional ActiveDirectoryUserSigninResponse
+ active_directory_user_signin_response = 22;
+
+ // Response to a Chrome desktop report request.
+ optional ChromeDesktopReportResponse chrome_desktop_report_response = 23;
+
+ // Response a report on the status of app push-installs
+ optional AppInstallReportResponse app_install_report_response = 25;
+
+ // Response to a policy validation report.
+ optional PolicyValidationReportResponse policy_validation_report_response =
+ 26;
+
+ // Response to initial enrollment details query.
+ optional DeviceInitialEnrollmentStateResponse
+ device_initial_enrollment_state_response = 27;
+
+ // Response to refresh account request.
+ optional RefreshAccountResponse refresh_account_response = 28;
+
+ // Response to RSU lookup key upload request.
+ optional RsuLookupKeyUploadResponse rsu_lookup_key_upload_response = 30;
+
+ // Response to public SAML session user request.
+ optional PublicSamlUserResponse public_saml_user_response = 31;
+
+ // Response to a ChromeOS user report request.
+ optional ChromeOsUserReportResponse chrome_os_user_report_response = 32;
+
+ // Response to a client certificate provisioning request.
+ optional ClientCertificateProvisioningResponse
+ client_certificate_provisioning_response = 33;
+
+ // Response to a checking user account type for smart enrollment.
+ optional CheckUserAccountResponse check_user_account_response = 34;
+
+ // Response to a client private set membership request.
+ optional PrivateSetMembershipResponse private_set_membership_response = 35;
+
+ // Response to browser public key upload request.
+ optional BrowserPublicKeyUploadResponse browser_public_key_upload_response =
+ 36;
+
+ // Response to EUICC info upload request.
+ optional UploadEuiccInfoResponse upload_euicc_info_response = 37;
+
+ // Response to a Chrome Profile report request.
+ optional ChromeProfileReportResponse chrome_profile_report_response = 38;
+
+ // Response to a token-based register request.
+ optional TokenBasedDeviceRegisterResponse
+ token_based_device_register_response = 40;
+
+ optional FmRegistrationTokenUploadResponse
+ fm_registration_token_upload_response = 41;
+
+ // Next id: 42.
+}
+
+// Device State Information stored in the server is retrieval at
+// enrollment process. Learn more at go/cros-enterprise-psm
+message DeviceStateRetrievalInfo {
+ // Whether the device should retrieve initial state or not.
+ optional bool has_initial_state = 1;
+}
\ No newline at end of file
diff --git a/device_management_pb2.py b/device_management_pb2.py
new file mode 100644
index 0000000..11c4db4
--- /dev/null
+++ b/device_management_pb2.py
@@ -0,0 +1,637 @@
+# -*- coding: utf-8 -*-
+# Generated by the protocol buffer compiler. DO NOT EDIT!
+# source: device_management.proto
+"""Generated protocol buffer code."""
+from google.protobuf.internal import builder as _builder
+from google.protobuf import descriptor as _descriptor
+from google.protobuf import descriptor_pool as _descriptor_pool
+from google.protobuf import symbol_database as _symbol_database
+# @@protoc_insertion_point(imports)
+
+_sym_db = _symbol_database.Default()
+
+
+import private_membership_rlwe_pb2 as private__membership__rlwe__pb2
+
+
+DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x17\x64\x65vice_management.proto\x12\x15\x65nterprise_management\x1a\x1dprivate_membership_rlwe.proto\"\xb9\x01\n\x0bLicenseType\x12H\n\x0clicense_type\x18\x01 \x01(\x0e\x32\x32.enterprise_management.LicenseType.LicenseTypeEnum\"`\n\x0fLicenseTypeEnum\x12\r\n\tUNDEFINED\x10\x00\x12\x11\n\rCDM_PERPETUAL\x10\x01\x12\x0e\n\nCDM_ANNUAL\x10\x02\x12\t\n\x05KIOSK\x10\x03\x12\x10\n\x0c\x43\x44M_PACKAGED\x10\x04\"G\n\nSignedData\x12\x0c\n\x04\x64\x61ta\x18\x01 \x01(\x0c\x12\x11\n\tsignature\x18\x02 \x01(\x0c\x12\x18\n\x10\x65xtra_data_bytes\x18\x03 \x01(\x05\"V\n\x17\x43heckUserAccountRequest\x12\x12\n\nuser_email\x18\x01 \x01(\t\x12\'\n\x18\x65nrollment_nudge_request\x18\x02 \x01(\x08:\x05\x66\x61lse\"\x8a\x11\n\x15\x44\x65viceRegisterRequest\x12\x12\n\nreregister\x18\x01 \x01(\x08\x12\x43\n\x04type\x18\x02 \x01(\x0e\x32\x31.enterprise_management.DeviceRegisterRequest.Type:\x02TT\x12\x12\n\nmachine_id\x18\x03 \x01(\t\x12\x15\n\rmachine_model\x18\x04 \x01(\t\x12\x13\n\x0brequisition\x18\x06 \x01(\t\x12\x1f\n\x17server_backed_state_key\x18\x07 \x01(\x0c\x12\x43\n\x06\x66lavor\x18\x08 \x01(\x0e\x32\x33.enterprise_management.DeviceRegisterRequest.Flavor\x12\x38\n\x0clicense_type\x18\t \x01(\x0b\x32\".enterprise_management.LicenseType\x12\\\n\x08lifetime\x18\x0b \x01(\x0e\x32\x35.enterprise_management.DeviceRegisterRequest.Lifetime:\x13LIFETIME_INDEFINITE\x12\x12\n\nbrand_code\x18\x0c \x01(\t\x12\x1f\n\x17reregistration_dm_token\x18\r \x01(\t\x12\x1c\n\x14\x65thernet_mac_address\x18\x0e \x01(\t\x12\x18\n\x10\x64ock_mac_address\x18\x0f \x01(\t\x12\x18\n\x10manufacture_date\x18\x10 \x01(\t\x12\"\n\x1a\x65xpected_enrollment_domain\x18\x11 \x01(\t\x12[\n\x1e\x64\x65vice_register_identification\x18\x12 \x01(\x0b\x32\x33.enterprise_management.DeviceRegisterIdentification\x12]\n\x14psm_execution_result\x18\x13 \x01(\x0e\x32?.enterprise_management.DeviceRegisterRequest.PsmExecutionResult\x12&\n\x1epsm_determination_timestamp_ms\x18\x14 \x01(\x03\x12G\n\x14\x64\x65mo_mode_dimensions\x18\x15 \x01(\x0b\x32).enterprise_management.DemoModeDimensions\x12%\n\x1doidc_profile_enrollment_state\x18\x16 \x01(\t\"]\n\x04Type\x12\x06\n\x02TT\x10\x00\x12\x08\n\x04USER\x10\x01\x12\n\n\x06\x44\x45VICE\x10\x02\x12\x0b\n\x07\x42ROWSER\x10\x03\x12\x13\n\x0f\x41NDROID_BROWSER\x10\x04\x12\x0f\n\x0bIOS_BROWSER\x10\x06\"\x04\x08\x05\x10\x05\"\xd7\x06\n\x06\x46lavor\x12\x1c\n\x18\x46LAVOR_ENROLLMENT_MANUAL\x10\x00\x12\"\n\x1e\x46LAVOR_ENROLLMENT_MANUAL_RENEW\x10\x01\x12\"\n\x1e\x46LAVOR_ENROLLMENT_LOCAL_FORCED\x10\x02\x12&\n\"FLAVOR_ENROLLMENT_LOCAL_ADVERTISED\x10\x03\x12#\n\x1f\x46LAVOR_ENROLLMENT_SERVER_FORCED\x10\x04\x12\'\n#FLAVOR_ENROLLMENT_SERVER_ADVERTISED\x10\x05\x12\x1e\n\x1a\x46LAVOR_ENROLLMENT_RECOVERY\x10\x06\x12\x1c\n\x18\x46LAVOR_USER_REGISTRATION\x10\x07\x12!\n\x1d\x46LAVOR_ENROLLMENT_ATTESTATION\x10\x08\x12.\n*FLAVOR_ENROLLMENT_ATTESTATION_LOCAL_FORCED\x10\t\x12/\n+FLAVOR_ENROLLMENT_ATTESTATION_SERVER_FORCED\x10\n\x12\x31\n-FLAVOR_ENROLLMENT_ATTESTATION_MANUAL_FALLBACK\x10\x0b\x12+\n\'FLAVOR_ENROLLMENT_INITIAL_SERVER_FORCED\x10\r\x12\x37\n3FLAVOR_ENROLLMENT_ATTESTATION_INITIAL_SERVER_FORCED\x10\x0e\x12\x39\n5FLAVOR_ENROLLMENT_ATTESTATION_INITIAL_MANUAL_FALLBACK\x10\x0f\x12\x31\n-FLAVOR_ENROLLMENT_ATTESTATION_ROLLBACK_FORCED\x10\x10\x12:\n6FLAVOR_ENROLLMENT_ATTESTATION_ROLLBACK_MANUAL_FALLBACK\x10\x11\x12\x31\n-FLAVOR_ENROLLMENT_TOKEN_INITIAL_SERVER_FORCED\x10\x12\x12\x33\n/FLAVOR_ENROLLMENT_TOKEN_INITIAL_MANUAL_FALLBACK\x10\x13\"\x04\x08\x0c\x10\x0c\"X\n\x08Lifetime\x12\x16\n\x12LIFETIME_UNDEFINED\x10\x00\x12\x17\n\x13LIFETIME_INDEFINITE\x10\x01\x12\x1b\n\x17LIFETIME_EPHEMERAL_USER\x10\x02\"\xbb\x01\n\x12PsmExecutionResult\x12\x16\n\x12PSM_RESULT_UNKNOWN\x10\x00\x12$\n PSM_RESULT_SUCCESSFUL_WITH_STATE\x10\x01\x12\'\n#PSM_RESULT_SUCCESSFUL_WITHOUT_STATE\x10\x02\x12\x14\n\x10PSM_RESULT_ERROR\x10\x03\x12(\n$PSM_SKIPPED_FOR_FLEX_AUTO_ENROLLMENT\x10\x04J\x04\x08\x05\x10\x06J\x04\x08\n\x10\x0b\":\n\x1c\x44\x65viceRegisterIdentification\x12\x1a\n\x12\x61ttested_device_id\x18\x01 \x01(\t\"\xab\x03\n\x18\x43heckUserAccountResponse\x12\x17\n\x0f\x64omain_verified\x18\x01 \x01(\x08\x12Z\n\x11user_account_type\x18\x02 \x01(\x0e\x32?.enterprise_management.CheckUserAccountResponse.UserAccountType\x12\x62\n\x15\x65nrollment_nudge_type\x18\x03 \x01(\x0e\x32\x43.enterprise_management.CheckUserAccountResponse.EnrollmentNudgeType\"Y\n\x0fUserAccountType\x12\x1d\n\x19UNKNOWN_USER_ACCOUNT_TYPE\x10\x00\x12\r\n\tNOT_EXIST\x10\x01\x12\x0c\n\x08\x43ONSUMER\x10\x02\x12\n\n\x06\x44\x41SHER\x10\x03\"[\n\x13\x45nrollmentNudgeType\x12!\n\x1dUNKNOWN_ENROLLMENT_NUDGE_TYPE\x10\x00\x12\x08\n\x04NONE\x10\x01\x12\x17\n\x13\x45NROLLMENT_REQUIRED\x10\x02\"\xab\x04\n\x16\x44\x65viceRegisterResponse\x12\x1f\n\x17\x64\x65vice_management_token\x18\x01 \x02(\t\x12\x14\n\x0cmachine_name\x18\x02 \x01(\t\x12]\n\x0f\x65nrollment_type\x18\x03 \x01(\x0e\x32\x38.enterprise_management.DeviceRegisterResponse.DeviceMode:\nENTERPRISE\x12\x1a\n\x12\x63onfiguration_seed\x18\x04 \x01(\t\x12\x1c\n\x14user_affiliation_ids\x18\x05 \x03(\t\x12\x19\n\x11user_display_name\x18\x07 \x01(\t\x12\x12\n\nuser_email\x18\x08 \x01(\t\x12m\n\x19third_party_identity_type\x18\t \x01(\x0e\x32\x44.enterprise_management.DeviceRegisterResponse.ThirdPartyIdentityType:\x04NONE\"W\n\nDeviceMode\x12\x0e\n\nENTERPRISE\x10\x00\x12\x15\n\x11RETAIL_DEPRECATED\x10\x01\x12\x18\n\x14\x43HROME_AD_DEPRECATED\x10\x02\x12\x08\n\x04\x44\x45MO\x10\x03\"D\n\x16ThirdPartyIdentityType\x12\x08\n\x04NONE\x10\x00\x12\x10\n\x0c\x44\x41SHER_BASED\x10\x01\x12\x0e\n\nDASHERLESS\x10\x02J\x04\x08\x06\x10\x07\"\x19\n\x17\x44\x65viceUnregisterRequest\"\x1a\n\x18\x44\x65viceUnregisterResponse\"\xa6\x02\n\x17\x44\x65viceCertUploadRequest\x12\x1a\n\x12\x64\x65vice_certificate\x18\x01 \x01(\x0c\x12X\n\x10\x63\x65rtificate_type\x18\x02 \x01(\x0e\x32>.enterprise_management.DeviceCertUploadRequest.CertificateType\x12\x15\n\renrollment_id\x18\x03 \x01(\x0c\"~\n\x0f\x43\x65rtificateType\x12 \n\x1c\x43\x45RTIFICATE_TYPE_UNSPECIFIED\x10\x00\x12\"\n\x1e\x45NTERPRISE_MACHINE_CERTIFICATE\x10\x01\x12%\n!ENTERPRISE_ENROLLMENT_CERTIFICATE\x10\x02\"\x1a\n\x18\x44\x65viceCertUploadResponse\"\xfe\x01\n\x1d\x44\x65viceServiceApiAccessRequest\x12\x13\n\x0b\x61uth_scopes\x18\x01 \x03(\t\x12\x18\n\x10oauth2_client_id\x18\x02 \x01(\t\x12T\n\x0b\x64\x65vice_type\x18\x03 \x01(\x0e\x32?.enterprise_management.DeviceServiceApiAccessRequest.DeviceType\"X\n\nDeviceType\x12\r\n\tCHROME_OS\x10\x00\x12\x0e\n\nANDROID_OS\x10\x01\x12\x17\n\x13\x43HROME_OS_DEMO_MODE\x10\x02\x12\x12\n\x0e\x43HROME_BROWSER\x10\x03\"3\n\x1e\x44\x65viceServiceApiAccessResponse\x12\x11\n\tauth_code\x18\x01 \x01(\t\"M\n\x17\x42rowserDeviceIdentifier\x12\x15\n\rcomputer_name\x18\x01 \x01(\t\x12\x15\n\rserial_number\x18\x02 \x01(\tJ\x04\x08\x03\x10\x04\"\x95\x04\n\x12PolicyFetchRequest\x12\x13\n\x0bpolicy_type\x18\x01 \x01(\t\x12\x11\n\ttimestamp\x18\x02 \x01(\x03\x12U\n\x0esignature_type\x18\x03 \x01(\x0e\x32\x37.enterprise_management.PolicyFetchRequest.SignatureType:\x04NONE\x12\x1a\n\x12public_key_version\x18\x04 \x01(\x05\x12\x1a\n\x12settings_entity_id\x18\x06 \x01(\t\x12\x1c\n\x14invalidation_version\x18\x07 \x01(\x03\x12\x1c\n\x14invalidation_payload\x18\x08 \x01(\x0c\x12\x1d\n\x15verification_key_hash\x18\t \x01(\t\x12 \n\x18policy_invalidation_info\x18\n \x01(\t\x12 \n\x18invalidation_topics_only\x18\x0b \x01(\x08\x12\x17\n\x0f\x64\x65vice_dm_token\x18\x0c \x01(\t\x12Q\n\x19\x62rowser_device_identifier\x18\r \x01(\x0b\x32..enterprise_management.BrowserDeviceIdentifier\"7\n\rSignatureType\x12\x08\n\x04NONE\x10\x00\x12\x0c\n\x08SHA1_RSA\x10\x01\x12\x0e\n\nSHA256_RSA\x10\x02J\x04\x08\x05\x10\x06\" \n\rDisabledState\x12\x0f\n\x07message\x18\x01 \x01(\t\"\xe3\x01\n\x0b\x44\x65viceState\x12V\n\x0b\x64\x65vice_mode\x18\x01 \x01(\x0e\x32-.enterprise_management.DeviceState.DeviceMode:\x12\x44\x45VICE_MODE_NORMAL\x12<\n\x0e\x64isabled_state\x18\x02 \x01(\x0b\x32$.enterprise_management.DisabledState\">\n\nDeviceMode\x12\x16\n\x12\x44\x45VICE_MODE_NORMAL\x10\x00\x12\x18\n\x14\x44\x45VICE_MODE_DISABLED\x10\x01\" \n\x0c\x43ustomerLogo\x12\x10\n\x08logo_url\x18\x01 \x01(\t\"\x90\r\n\nPolicyData\x12\x13\n\x0bpolicy_type\x18\x01 \x01(\t\x12\x11\n\ttimestamp\x18\x02 \x01(\x03\x12\x15\n\rrequest_token\x18\x03 \x01(\t\x12\x14\n\x0cpolicy_value\x18\x04 \x01(\x0c\x12\x14\n\x0cmachine_name\x18\x05 \x01(\t\x12\x1a\n\x12public_key_version\x18\x06 \x01(\x05\x12\x10\n\x08username\x18\x07 \x01(\t\x12\x11\n\tdevice_id\x18\x08 \x01(\t\x12I\n\x05state\x18\t \x01(\x0e\x32\x32.enterprise_management.PolicyData.AssociationState:\x06\x41\x43TIVE\x12\x1a\n\x12settings_entity_id\x18\x0b \x01(\t\x12 \n\x18service_account_identity\x18\x0c \x01(\t\x12\x14\n\x0cpolicy_token\x18\x0f \x01(\t\x12I\n\x0fmanagement_mode\x18\x10 \x01(\x0e\x32\x30.enterprise_management.PolicyData.ManagementMode\x12\x38\n\x0c\x64\x65vice_state\x18\x11 \x01(\x0b\x32\".enterprise_management.DeviceState\x12\x1a\n\x12\x61nnotated_location\x18\x14 \x01(\t\x12\x1a\n\x12\x61nnotated_asset_id\x18\x15 \x01(\t\x12\x18\n\x10\x64irectory_api_id\x18\x16 \x01(\t\x12\x1e\n\x16\x64\x65vice_affiliation_ids\x18\x17 \x03(\t\x12\x1c\n\x14user_affiliation_ids\x18\x18 \x03(\t\x12\x16\n\x0e\x64isplay_domain\x18\x19 \x01(\t\x12!\n\x19policy_invalidation_topic\x18\x1a \x01(\t\x12\"\n\x1a\x63ommand_invalidation_topic\x18\x1b \x01(\t\x12\x1c\n\x14\x65nrollment_id_needed\x18\x1c \x01(\x08\x12\x0f\n\x07gaia_id\x18\x1d \x01(\t\x12G\n\x0emarket_segment\x18\x1e \x01(\x0e\x32/.enterprise_management.PolicyData.MarketSegment\x12:\n\rcustomer_logo\x18\x1f \x01(\x0b\x32#.enterprise_management.CustomerLogo\x12\x1b\n\x13\x63hange_password_uri\x18 \x01(\t\x12K\n\x16\x63lient_action_required\x18! \x01(\x0b\x32+.enterprise_management.ClientActionRequired\x12\x1e\n\x16obfuscated_customer_id\x18\" \x01(\t\x12P\n\x13metrics_log_segment\x18# \x01(\x0e\x32\x33.enterprise_management.PolicyData.MetricsLogSegment\x12\x12\n\nmanaged_by\x18$ \x01(\t\x12\x13\n\x0bsso_profile\x18% \x01(\t\x12\x13\n\x0blicense_sku\x18& \x01(\t\"@\n\x10\x41ssociationState\x12\n\n\x06\x41\x43TIVE\x10\x00\x12\r\n\tUNMANAGED\x10\x01\x12\x11\n\rDEPROVISIONED\x10\x02\"X\n\x0eManagementMode\x12\x0f\n\x0bLOCAL_OWNER\x10\x00\x12\x16\n\x12\x45NTERPRISE_MANAGED\x10\x01\x12\x1d\n\x19OBSOLETE_CONSUMER_MANAGED\x10\x02\"`\n\rMarketSegment\x12\x1e\n\x1aMARKET_SEGMENT_UNSPECIFIED\x10\x00\x12\x16\n\x12\x45NROLLED_EDUCATION\x10\x01\x12\x17\n\x13\x45NROLLED_ENTERPRISE\x10\x02\"\\\n\x11MetricsLogSegment\x12\x0f\n\x0bUNSPECIFIED\x10\x00\x12\x07\n\x03K12\x10\x01\x12\x0e\n\nUNIVERSITY\x10\x02\x12\r\n\tNONPROFIT\x10\x03\x12\x0e\n\nENTERPRISE\x10\x04J\x04\x08\n\x10\x0bJ\x04\x08\r\x10\x0eJ\x04\x08\x0e\x10\x0fJ\x04\x08\x12\x10\x13J\x04\x08\x13\x10\x14R\x19\x63ommand_invalidation_nameR\x1b\x63ommand_invalidation_sourceR\x11invalidation_nameR\x13invalidation_sourceR\x1bvalid_serial_number_missing\"=\n\x14\x43lientActionRequired\x12%\n\x1d\x65nrollment_certificate_needed\x18\x01 \x01(\x08\"\xc0\x03\n\x13PolicyFetchResponse\x12\x12\n\nerror_code\x18\x01 \x01(\x05\x12\x15\n\rerror_message\x18\x02 \x01(\t\x12\x13\n\x0bpolicy_data\x18\x03 \x01(\x0c\x12\x1d\n\x15policy_data_signature\x18\x04 \x01(\x0c\x12\x16\n\x0enew_public_key\x18\x05 \x01(\x0c\x12 \n\x18new_public_key_signature\x18\x06 \x01(\x0c\x12<\n0new_public_key_verification_signature_deprecated\x18\x07 \x01(\x0c\x42\x02\x18\x01\x12(\n new_public_key_verification_data\x18\x08 \x01(\x0c\x12\x32\n*new_public_key_verification_data_signature\x18\t \x01(\x0c\x12\x17\n\x0bpolicy_type\x18\n \x01(\tB\x02\x18\x01\x12[\n\x1apolicy_data_signature_type\x18\x0b \x01(\x0e\x32\x37.enterprise_management.PolicyFetchRequest.SignatureType\"L\n\"DEPRECATEDPolicyPublicKeyAndDomain\x12\x16\n\x0enew_public_key\x18\x01 \x01(\x0c\x12\x0e\n\x06\x64omain\x18\x02 \x01(\t\"c\n\x19PublicKeyVerificationData\x12\x16\n\x0enew_public_key\x18\x01 \x01(\x0c\x12\x0e\n\x06\x64omain\x18\x02 \x01(\t\x12\x1e\n\x16new_public_key_version\x18\x03 \x01(\x05\"\xee\x06\n\x13\x44\x65vicePolicyRequest\x12;\n\x08requests\x18\x03 \x03(\x0b\x32).enterprise_management.PolicyFetchRequest\x12\x41\n\x06reason\x18\x04 \x01(\x0e\x32\x31.enterprise_management.DevicePolicyRequest.Reason\"\xd6\x05\n\x06Reason\x12\x0f\n\x0bUNSPECIFIED\x10\x00\x12\x15\n\x11\x44\x45VICE_ENROLLMENT\x10\x01\x12\x10\n\x0cINVALIDATION\x10\x02\x12\x18\n\x14REGISTRATION_CHANGED\x10\x03\x12\t\n\x05RETRY\x10\x04\x12\x31\n-RETRY_AFTER_STATUS_SERVICE_ACTIVATION_PENDING\x10\x05\x12/\n+RETRY_AFTER_STATUS_SERVICE_POLICY_NOT_FOUND\x10\x06\x12\x30\n,RETRY_AFTER_STATUS_SERVICE_TOO_MANY_REQUESTS\x10\x07\x12%\n!RETRY_AFTER_STATUS_REQUEST_FAILED\x10\x08\x12,\n(RETRY_AFTER_STATUS_TEMPORARY_UNAVAILABLE\x10\t\x12*\n&RETRY_AFTER_STATUS_CANNOT_SIGN_REQUEST\x10\n\x12&\n\"RETRY_AFTER_STATUS_REQUEST_INVALID\x10\x0b\x12(\n$RETRY_AFTER_STATUS_HTTP_STATUS_ERROR\x10\x0c\x12.\n*RETRY_AFTER_STATUS_RESPONSE_DECODING_ERROR\x10\r\x12\x37\n3RETRY_AFTER_STATUS_SERVICE_MANAGEMENT_NOT_SUPPORTED\x10\x0e\x12(\n$RETRY_AFTER_STATUS_REQUEST_TOO_LARGE\x10\x0f\x12\r\n\tSCHEDULED\x10\x10\x12\n\n\x06SIGNIN\x10\x11\x12\x08\n\x04TEST\x10\x12\x12\x11\n\rBROWSER_START\x10\x13\x12\n\n\x06LACROS\x10\x14\x12\x10\n\x0cUSER_REQUEST\x10\x15\x12\x1b\n\x17\x43RD_HOST_POLICY_WATCHER\x10\x16\"U\n\x14\x44\x65vicePolicyResponse\x12=\n\tresponses\x18\x03 \x03(\x0b\x32*.enterprise_management.PolicyFetchResponse\"<\n\nTimePeriod\x12\x17\n\x0fstart_timestamp\x18\x01 \x01(\x03\x12\x15\n\rend_timestamp\x18\x02 \x01(\x03\"\xe0\x02\n\x10\x41\x63tiveTimePeriod\x12\x36\n\x0btime_period\x18\x01 \x01(\x0b\x32!.enterprise_management.TimePeriod\x12\x17\n\x0f\x61\x63tive_duration\x18\x02 \x01(\x05\x12\x12\n\nuser_email\x18\x03 \x01(\t\x12I\n\x0csession_type\x18\x04 \x01(\x0e\x32\x33.enterprise_management.ActiveTimePeriod.SessionType\"\x9b\x01\n\x0bSessionType\x12\x13\n\x0fSESSION_UNKNOWN\x10\x00\x12\x1b\n\x17SESSION_AFFILIATED_USER\x10\x01\x12\x19\n\x15SESSION_MANAGED_GUEST\x10\x02\x12\x11\n\rSESSION_KIOSK\x10\x03\x12\x15\n\x11SESSION_ARC_KIOSK\x10\x04\x12\x15\n\x11SESSION_WEB_KIOSK\x10\x05\"\xaf\x02\n\x10NetworkInterface\x12G\n\x04type\x18\x01 \x01(\x0e\x32\x39.enterprise_management.NetworkInterface.NetworkDeviceType\x12\x13\n\x0bmac_address\x18\x02 \x01(\t\x12\x0c\n\x04meid\x18\x03 \x01(\t\x12\x0c\n\x04imei\x18\x04 \x01(\t\x12\x13\n\x0b\x64\x65vice_path\x18\x05 \x01(\t\x12\r\n\x05iccid\x18\x06 \x01(\t\x12\x0b\n\x03mdn\x18\x07 \x01(\t\x12\x0c\n\x04\x65ids\x18\x08 \x03(\t\"b\n\x11NetworkDeviceType\x12\x11\n\rTYPE_ETHERNET\x10\x00\x12\r\n\tTYPE_WIFI\x10\x01\x12\x12\n\x0eTYPE_BLUETOOTH\x10\x03\x12\x11\n\rTYPE_CELLULAR\x10\x04\"\x04\x08\x02\x10\x02\"\xd1\x02\n\x0cNetworkState\x12\x13\n\x0b\x64\x65vice_path\x18\x01 \x01(\t\x12M\n\x10\x63onnection_state\x18\x02 \x01(\x0e\x32\x33.enterprise_management.NetworkState.ConnectionState\x12\x17\n\x0fsignal_strength\x18\x03 \x01(\x05\x12\x12\n\nip_address\x18\x04 \x01(\t\x12\x0f\n\x07gateway\x18\x05 \x01(\t\"\x9e\x01\n\x0f\x43onnectionState\x12\x08\n\x04IDLE\x10\x00\x12\x0f\n\x0b\x41SSOCIATION\x10\x02\x12\x11\n\rCONFIGURATION\x10\x03\x12\t\n\x05READY\x10\x04\x12\n\n\x06PORTAL\x10\x05\x12\n\n\x06ONLINE\x10\x07\x12\x0e\n\nDISCONNECT\x10\x08\x12\x0b\n\x07\x46\x41ILURE\x10\t\x12\x0b\n\x07UNKNOWN\x10\x0b\"\x04\x08\x01\x10\x01\"\x04\x08\x06\x10\x06\"\x04\x08\n\x10\n\"\x91\x01\n\nDeviceUser\x12\x38\n\x04type\x18\x01 \x02(\x0e\x32*.enterprise_management.DeviceUser.UserType\x12\r\n\x05\x65mail\x18\x02 \x01(\t\":\n\x08UserType\x12\x15\n\x11USER_TYPE_MANAGED\x10\x00\x12\x17\n\x13USER_TYPE_UNMANAGED\x10\x01\"L\n\nVolumeInfo\x12\x11\n\tvolume_id\x18\x01 \x01(\t\x12\x15\n\rstorage_total\x18\x02 \x01(\x03\x12\x14\n\x0cstorage_free\x18\x03 \x01(\x03\"D\n\x12\x43puUtilizationInfo\x12\x1b\n\x13\x63pu_utilization_pct\x18\x01 \x01(\x05\x12\x11\n\ttimestamp\x18\x02 \x01(\x03\"=\n\x11SystemFreeRamInfo\x12\x15\n\rsize_in_bytes\x18\x01 \x01(\x03\x12\x11\n\ttimestamp\x18\x02 \x01(\x03\"E\n\x0b\x43PUTempInfo\x12\x11\n\tcpu_label\x18\x01 \x01(\t\x12\x10\n\x08\x63pu_temp\x18\x02 \x01(\x05\x12\x11\n\ttimestamp\x18\x03 \x01(\x03\"o\n\x15StatefulPartitionInfo\x12\x17\n\x0f\x61vailable_space\x18\x01 \x01(\x04\x12\x13\n\x0btotal_space\x18\x02 \x01(\x04\x12\x12\n\nfilesystem\x18\x03 \x01(\t\x12\x14\n\x0cmount_source\x18\x04 \x01(\t\"\xb2\x01\n\rBatterySample\x12\x11\n\ttimestamp\x18\x01 \x01(\x03\x12\x0f\n\x07voltage\x18\x02 \x01(\x03\x12\x1a\n\x12remaining_capacity\x18\x03 \x01(\x03\x12\x13\n\x0btemperature\x18\x04 \x01(\x05\x12\x16\n\x0e\x64ischarge_rate\x18\x05 \x01(\x05\x12\x13\n\x0b\x63harge_rate\x18\x06 \x01(\x05\x12\x0f\n\x07\x63urrent\x18\x07 \x01(\x03\x12\x0e\n\x06status\x18\x08 \x01(\t\"\x98\x02\n\x0b\x42\x61tteryInfo\x12\x0e\n\x06serial\x18\x01 \x01(\t\x12\x14\n\x0cmanufacturer\x18\x02 \x01(\t\x12\x16\n\x0e\x62\x61ttery_health\x18\x03 \x01(\t\x12\x17\n\x0f\x64\x65sign_capacity\x18\x04 \x01(\x03\x12\x1c\n\x14\x66ull_charge_capacity\x18\x05 \x01(\x03\x12\x13\n\x0b\x63ycle_count\x18\x06 \x01(\x05\x12\x35\n\x07samples\x18\x07 \x03(\x0b\x32$.enterprise_management.BatterySample\x12\x1a\n\x12\x64\x65sign_min_voltage\x18\t \x01(\x05\x12\x18\n\x10manufacture_date\x18\n \x01(\t\x12\x12\n\ntechnology\x18\x0b \x01(\t\"\xcd\x01\n\x0bPowerStatus\x12\x44\n\x0cpower_source\x18\x01 \x01(\x0e\x32..enterprise_management.PowerStatus.PowerSource\x12\x35\n\tbatteries\x18\x02 \x03(\x0b\x32\".enterprise_management.BatteryInfo\"A\n\x0bPowerSource\x12\x11\n\rPOWER_UNKNOWN\x10\x00\x12\x0c\n\x08POWER_AC\x10\x01\x12\x11\n\rPOWER_BATTERY\x10\x02\"2\n\x16\x44iskLifetimeEstimation\x12\x0b\n\x03slc\x18\x01 \x01(\x05\x12\x0b\n\x03mlc\x18\x02 \x01(\x05\"\xc5\x07\n\x08\x44iskInfo\x12\x0e\n\x06serial\x18\x01 \x01(\t\x12\x14\n\x0cmanufacturer\x18\x02 \x01(\t\x12\r\n\x05model\x18\x03 \x01(\t\x12\x0c\n\x04size\x18\x04 \x01(\x03\x12\x0c\n\x04type\x18\x05 \x01(\t\x12\x0e\n\x06health\x18\x06 \x01(\t\x12\x0f\n\x07volumes\x18\x07 \x03(\t\x12\"\n\x1a\x62ytes_read_since_last_boot\x18\x08 \x01(\x04\x12%\n\x1d\x62ytes_written_since_last_boot\x18\t \x01(\x04\x12)\n!read_time_seconds_since_last_boot\x18\n \x01(\x04\x12*\n\"write_time_seconds_since_last_boot\x18\x0b \x01(\x04\x12\'\n\x1fio_time_seconds_since_last_boot\x18\x0c \x01(\x04\x12,\n$discard_time_seconds_since_last_boot\x18\r \x01(\x04\x12\x1f\n\x15nvme_subsystem_vendor\x18\x0e \x01(\rH\x00\x12\x14\n\nemmc_oemid\x18\x0f \x01(\rH\x00\x12\x16\n\x0cother_vendor\x18\x10 \x01(\rH\x00\x12\x16\n\x0cjedec_manfid\x18\x1b \x01(\rH\x00\x12\x1f\n\x15nvme_subsystem_device\x18\x11 \x01(\rH\x01\x12\x12\n\x08\x65mmc_pnm\x18\x12 \x01(\rH\x01\x12\x17\n\rother_product\x18\x13 \x01(\rH\x01\x12\x1b\n\x11nvme_hardware_rev\x18\x14 \x01(\rH\x02\x12\x1b\n\x11\x65mmc_hardware_rev\x18\x15 \x01(\rH\x02\x12\x1c\n\x12other_hardware_rev\x18\x16 \x01(\rH\x02\x12\x1b\n\x11nvme_firmware_rev\x18\x17 \x01(\x04H\x03\x12\x1b\n\x11\x65mmc_firmware_rev\x18\x18 \x01(\x04H\x03\x12\x1c\n\x12other_firmware_rev\x18\x19 \x01(\rH\x03\x12\x1a\n\x10ufs_firmware_rev\x18\x1c \x01(\rH\x03\x12>\n\x07purpose\x18\x1a \x01(\x0e\x32-.enterprise_management.DiskInfo.DevicePurpose\"H\n\rDevicePurpose\x12\x13\n\x0fPURPOSE_UNKNOWN\x10\x00\x12\x10\n\x0cPURPOSE_BOOT\x10\x01\x12\x10\n\x0cPURPOSE_SWAP\x10\x02\x42\x0b\n\tvendor_idB\x0c\n\nproduct_idB\x13\n\x11hardware_revisionB\x13\n\x11\x66irmware_revision\"\x8b\x01\n\rStorageStatus\x12.\n\x05\x64isks\x18\x01 \x03(\x0b\x32\x1f.enterprise_management.DiskInfo\x12J\n\x13lifetime_estimation\x18\x02 \x01(\x0b\x32-.enterprise_management.DiskLifetimeEstimation\"7\n\rThermalSample\x12\x11\n\ttimestamp\x18\x01 \x01(\x03\x12\x13\n\x0btemperature\x18\x02 \x01(\x05\"Y\n\x0bThermalInfo\x12\r\n\x05label\x18\x01 \x01(\t\x12\x35\n\x07samples\x18\x03 \x03(\x0b\x32$.enterprise_management.ThermalSampleJ\x04\x08\x02\x10\x03\"H\n\x0b\x42oardStatus\x12\x39\n\rthermal_infos\x18\x01 \x03(\x0b\x32\".enterprise_management.ThermalInfo\"\xfa\x01\n\x0cSystemStatus\x12\x16\n\x0evpd_sku_number\x18\x01 \x01(\t\x12\x18\n\x10\x66irst_power_date\x18\x02 \x01(\t\x12\x18\n\x10manufacture_date\x18\x03 \x01(\t\x12\x16\n\x0emarketing_name\x18\x04 \x01(\t\x12\x14\n\x0c\x62ios_version\x18\x05 \x01(\t\x12\x12\n\nboard_name\x18\x06 \x01(\t\x12\x15\n\rboard_version\x18\x07 \x01(\t\x12\x14\n\x0c\x63hassis_type\x18\x08 \x01(\x04\x12\x14\n\x0cproduct_name\x18\t \x01(\t\x12\x19\n\x11vpd_serial_number\x18\n \x01(\t\"G\n\rCpuCStateInfo\x12\x0c\n\x04name\x18\x01 \x01(\t\x12(\n time_in_state_since_last_boot_us\x18\x02 \x01(\x04\"\xad\x01\n\x0eLogicalCpuInfo\x12!\n\x19scaling_max_frequency_khz\x18\x01 \x01(\r\x12%\n\x1dscaling_current_frequency_khz\x18\x02 \x01(\r\x12\x19\n\x11idle_time_seconds\x18\x03 \x01(\x04\x12\x36\n\x08\x63_states\x18\x04 \x03(\x0b\x32$.enterprise_management.CpuCStateInfo\"\x8d\x02\n\x07\x43puInfo\x12\x12\n\nmodel_name\x18\x01 \x01(\t\x12\x41\n\x0c\x61rchitecture\x18\x02 \x01(\x0e\x32+.enterprise_management.CpuInfo.Architecture\x12\x1b\n\x13max_clock_speed_khz\x18\x03 \x01(\r\x12;\n\x0clogical_cpus\x18\x04 \x03(\x0b\x32%.enterprise_management.LogicalCpuInfo\"Q\n\x0c\x41rchitecture\x12\x1c\n\x18\x41RCHITECTURE_UNSPECIFIED\x10\x00\x12\n\n\x06X86_64\x10\x01\x12\x0b\n\x07\x41\x41RCH64\x10\x02\x12\n\n\x06\x41RMV7L\x10\x03\"*\n\rGlobalCpuInfo\x12\x19\n\x11num_total_threads\x18\x01 \x01(\r\"m\n\x0b\x44isplayInfo\x12\x18\n\x10resolution_width\x18\x01 \x01(\r\x12\x19\n\x11resolution_height\x18\x02 \x01(\r\x12\x14\n\x0crefresh_rate\x18\x03 \x01(\r\x12\x13\n\x0bis_internal\x18\x04 \x01(\x08\"h\n\x13GraphicsAdapterInfo\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x16\n\x0e\x64river_version\x18\x02 \x01(\t\x12\x11\n\tdevice_id\x18\x03 \x01(\x04\x12\x18\n\x10system_ram_usage\x18\x04 \x01(\x04\"\x83\x01\n\x0eGraphicsStatus\x12;\n\x07\x61\x64\x61pter\x18\x01 \x01(\x0b\x32*.enterprise_management.GraphicsAdapterInfo\x12\x34\n\x08\x64isplays\x18\x02 \x03(\x0b\x32\".enterprise_management.DisplayInfo\"\xdd\x02\n\x0f\x43rashReportInfo\x12\x11\n\tremote_id\x18\x01 \x01(\t\x12\x19\n\x11\x63\x61pture_timestamp\x18\x02 \x01(\x03\x12\r\n\x05\x63\x61use\x18\x03 \x01(\t\x12U\n\rupload_status\x18\x04 \x01(\x0e\x32>.enterprise_management.CrashReportInfo.CrashReportUploadStatus\"\xb5\x01\n\x17\x43rashReportUploadStatus\x12\x19\n\x15UPLOAD_STATUS_UNKNOWN\x10\x00\x12\x1e\n\x1aUPLOAD_STATUS_NOT_UPLOADED\x10\x01\x12\x19\n\x15UPLOAD_STATUS_PENDING\x10\x02\x12(\n$UPLOAD_STATUS_PENDING_USER_REQUESTED\x10\x03\x12\x1a\n\x16UPLOAD_STATUS_UPLOADED\x10\x04\"-\n\x0cTimezoneInfo\x12\r\n\x05posix\x18\x01 \x01(\t\x12\x0e\n\x06region\x18\x02 \x01(\t\"\x82\x01\n\nMemoryInfo\x12\x18\n\x10total_memory_kib\x18\x01 \x01(\r\x12\x17\n\x0f\x66ree_memory_kib\x18\x02 \x01(\r\x12\x1c\n\x14\x61vailable_memory_kib\x18\x03 \x01(\r\x12#\n\x1bpage_faults_since_last_boot\x18\x04 \x01(\x04\"I\n\rBacklightInfo\x12\x0c\n\x04path\x18\x01 \x01(\t\x12\x16\n\x0emax_brightness\x18\x02 \x01(\r\x12\x12\n\nbrightness\x18\x03 \x01(\r\"\x1c\n\x07\x46\x61nInfo\x12\x11\n\tspeed_rpm\x18\x01 \x01(\r\"e\n\x14\x42luetoothAdapterInfo\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x0f\n\x07\x61\x64\x64ress\x18\x02 \x01(\t\x12\x0f\n\x07powered\x18\x03 \x01(\x08\x12\x1d\n\x15num_connected_devices\x18\x04 \x01(\r\"e\n\nSmbiosInfo\x12\x12\n\nsys_vendor\x18\x01 \x01(\t\x12\x14\n\x0cproduct_name\x18\x02 \x01(\t\x12\x17\n\x0fproduct_version\x18\x03 \x01(\t\x12\x14\n\x0c\x62ios_version\x18\x04 \x01(\t\"$\n\x10KernelParameters\x12\x10\n\x08\x63ros_efi\x18\x01 \x01(\x08\"\x1e\n\x07\x45\x46IVars\x12\x13\n\x0bsecure_boot\x18\x01 \x01(\x08\"\xc5\x01\n\x08\x42ootInfo\x12?\n\x0b\x62oot_method\x18\x01 \x01(\x0e\x32*.enterprise_management.BootInfo.BootMethod\x12\x17\n\x0bsecure_boot\x18\x02 \x01(\x08\x42\x02\x18\x01\"_\n\nBootMethod\x12\x0b\n\x07UNKNOWN\x10\x00\x12\x0f\n\x0b\x43ROS_SECURE\x10\x01\x12\r\n\tCROS_UEFI\x10\x02\x12\x0f\n\x0b\x43ROS_LEGACY\x10\x03\x12\x13\n\x0f\x43ROS_EFI_SECURE\x10\x04\"\xe3\x01\n\x12NetworkAdapterInfo\x12;\n\x0c\x64\x65vice_class\x18\x01 \x01(\x0e\x32%.enterprise_management.BusDeviceClass\x12\x30\n\x08\x62us_type\x18\x02 \x01(\x0e\x32\x1e.enterprise_management.BusType\x12\x11\n\tvendor_id\x18\x03 \x01(\x05\x12\x13\n\x0bvendor_name\x18\x04 \x01(\t\x12\x11\n\tdevice_id\x18\x05 \x01(\x05\x12\x13\n\x0b\x64\x65vice_name\x18\x06 \x01(\t\x12\x0e\n\x06\x64river\x18\x07 \x03(\t\"\x8b\x01\n\x13LaCrOsBrowserReport\x12\x36\n\x0b\x64\x65vice_user\x18\x01 \x01(\x0b\x32!.enterprise_management.DeviceUser\x12<\n\x0e\x62rowser_report\x18\x02 \x01(\x0b\x32$.enterprise_management.BrowserReport\"\x86\x02\n\x12\x44\x65moModeDimensions\x12\x0f\n\x07\x63ountry\x18\x01 \x01(\t\x12\x15\n\rretailer_name\x18\x02 \x01(\t\x12\x14\n\x0cstore_number\x18\x03 \x01(\t\x12Z\n\x14\x63ustomization_facets\x18\x04 \x03(\x0e\x32<.enterprise_management.DemoModeDimensions.CustomizationFacet\"V\n\x12\x43ustomizationFacet\x12\r\n\tUNDEFINED\x10\x00\x12\x17\n\x13\x43LOUD_GAMING_DEVICE\x10\x01\x12\x18\n\x14\x46\x45\x41TURE_AWARE_DEVICE\x10\x02\"\xc3\x13\n\x19\x44\x65viceStatusReportRequest\x12\x12\n\nos_version\x18\x01 \x01(\t\x12\x18\n\x10\x66irmware_version\x18\x02 \x01(\t\x12\x11\n\tboot_mode\x18\x03 \x01(\t\x12\x17\n\x0f\x62rowser_version\x18\x05 \x01(\t\x12?\n\x0e\x61\x63tive_periods\x18\x06 \x03(\x0b\x32\'.enterprise_management.ActiveTimePeriod\x12\x43\n\x12network_interfaces\x18\x08 \x03(\x0b\x32\'.enterprise_management.NetworkInterface\x12\x30\n\x05users\x18\t \x03(\x0b\x32!.enterprise_management.DeviceUser\x12\x37\n\x0cvolume_infos\x18\n \x03(\x0b\x32!.enterprise_management.VolumeInfo\x12;\n\x0enetwork_states\x18\x0b \x03(\x0b\x32#.enterprise_management.NetworkState\x12\'\n\x1b\x63pu_utilization_pct_samples\x18\x0c \x03(\x05\x42\x02\x18\x01\x12\x18\n\x10system_ram_total\x18\x0e \x01(\x03\x12#\n\x17system_ram_free_samples\x18\x0f \x03(\x03\x42\x02\x18\x01\x12:\n\x0e\x63pu_temp_infos\x18\x10 \x03(\x0b\x32\".enterprise_management.CPUTempInfo\x12?\n\x10os_update_status\x18\x11 \x01(\x0b\x32%.enterprise_management.OsUpdateStatus\x12;\n\x11running_kiosk_app\x18\x12 \x01(\x0b\x32 .enterprise_management.AppStatus\x12\x14\n\x0csound_volume\x18\x13 \x01(\x05\x12?\n\x10tpm_version_info\x18\x15 \x01(\x0b\x32%.enterprise_management.TpmVersionInfo\x12/\n\x07\x63hannel\x18\x16 \x01(\x0e\x32\x1e.enterprise_management.Channel\x12=\n\x0ftpm_status_info\x18\x17 \x01(\x0b\x32$.enterprise_management.TpmStatusInfo\x12\x1c\n\x14write_protect_switch\x18\x18 \x01(\x08\x12\x38\n\x0cpower_status\x18\x19 \x01(\x0b\x32\".enterprise_management.PowerStatus\x12<\n\x0estorage_status\x18\x1a \x01(\x0b\x32$.enterprise_management.StorageStatus\x12\x38\n\x0c\x62oard_status\x18\x1b \x01(\x0b\x32\".enterprise_management.BoardStatus\x12:\n\rsystem_status\x18\x1c \x01(\x0b\x32#.enterprise_management.SystemStatus\x12M\n\x17stateful_partition_info\x18\x1d \x01(\x0b\x32,.enterprise_management.StatefulPartitionInfo\x12H\n\x15\x63pu_utilization_infos\x18\x1e \x03(\x0b\x32).enterprise_management.CpuUtilizationInfo\x12G\n\x15system_ram_free_infos\x18\x1f \x03(\x0b\x32(.enterprise_management.SystemFreeRamInfo\x12\x30\n\x08\x63pu_info\x18 \x03(\x0b\x32\x1e.enterprise_management.CpuInfo\x12>\n\x0fgraphics_status\x18! \x01(\x0b\x32%.enterprise_management.GraphicsStatus\x12\x42\n\x12\x63rash_report_infos\x18\" \x03(\x0b\x32&.enterprise_management.CrashReportInfo\x12:\n\rtimezone_info\x18# \x01(\x0b\x32#.enterprise_management.TimezoneInfo\x12\x36\n\x0bmemory_info\x18$ \x01(\x0b\x32!.enterprise_management.MemoryInfo\x12<\n\x0e\x62\x61\x63klight_info\x18% \x03(\x0b\x32$.enterprise_management.BacklightInfo\x12\x30\n\x08\x66\x61n_info\x18& \x03(\x0b\x32\x1e.enterprise_management.FanInfo\x12=\n\x0fglobal_cpu_info\x18\' \x01(\x0b\x32$.enterprise_management.GlobalCpuInfo\x12K\n\x16\x62luetooth_adapter_info\x18( \x03(\x0b\x32+.enterprise_management.BluetoothAdapterInfo\x12\x36\n\x0bsmbios_info\x18) \x01(\x0b\x32!.enterprise_management.SmbiosInfo\x12\x42\n\x11kernel_parameters\x18* \x01(\x0b\x32\'.enterprise_management.KernelParameters\x12\x30\n\x08\x65\x66i_vars\x18+ \x01(\x0b\x32\x1e.enterprise_management.EFIVars\x12\x32\n\tboot_info\x18, \x01(\x0b\x32\x1f.enterprise_management.BootInfo\x12G\n\x14network_adapter_info\x18- \x03(\x0b\x32).enterprise_management.NetworkAdapterInfo\x12I\n\x15lacros_browser_report\x18. \x03(\x0b\x32*.enterprise_management.LaCrOsBrowserReport\x12\'\n\x1froot_device_total_storage_bytes\x18/ \x01(\x03\x12!\n\x19is_lacros_primary_browser\x18\x30 \x01(\x08\x12G\n\x14\x64\x65mo_mode_dimensions\x18\x31 \x01(\x0b\x32).enterprise_management.DemoModeDimensionsJ\x04\x08\x04\x10\x05J\x04\x08\x07\x10\x08J\x04\x08\r\x10\x0eJ\x04\x08\x14\x10\x15\"\xe4\x02\n\x0eOsUpdateStatus\x12I\n\rupdate_status\x18\x01 \x01(\x0e\x32\x32.enterprise_management.OsUpdateStatus.UpdateStatus\x12\x1c\n\x14new_platform_version\x18\x02 \x01(\t\x12%\n\x1dnew_required_platform_version\x18\x03 \x01(\t\x12\x1e\n\x16last_checked_timestamp\x18\x04 \x01(\x03\x12\x1d\n\x15last_reboot_timestamp\x18\x05 \x01(\x03\"\x82\x01\n\x0cUpdateStatus\x12\x11\n\rOS_UP_TO_DATE\x10\x00\x12!\n\x1dOS_IMAGE_DOWNLOAD_NOT_STARTED\x10\x01\x12!\n\x1dOS_IMAGE_DOWNLOAD_IN_PROGRESS\x10\x02\x12\x19\n\x15OS_UPDATE_NEED_REBOOT\x10\x03\"x\n\tAppStatus\x12\x0e\n\x06\x61pp_id\x18\x01 \x01(\t\x12\x19\n\x11\x65xtension_version\x18\x02 \x01(\t\x12\x0e\n\x06status\x18\x03 \x01(\t\x12\r\n\x05\x65rror\x18\x04 \x01(\x08\x12!\n\x19required_platform_version\x18\x05 \x01(\t\"\x92\x04\n\x07\x41ppInfo\x12\x0e\n\x06\x61pp_id\x18\x01 \x01(\t\x12\x38\n\x08\x61pp_type\x18\x02 \x01(\x0e\x32&.enterprise_management.AppInfo.AppType\x12\x10\n\x08\x61pp_name\x18\x03 \x01(\t\x12\x35\n\x06status\x18\x04 \x01(\x0e\x32%.enterprise_management.AppInfo.Status\x12\x14\n\x0cinstall_time\x18\x05 \x01(\x03\x12\x0f\n\x07version\x18\x07 \x01(\t\x12>\n\x13\x61\x63tive_time_periods\x18\x08 \x03(\x0b\x32!.enterprise_management.TimePeriod\"\xab\x01\n\x07\x41ppType\x12\x10\n\x0cTYPE_UNKNOWN\x10\x00\x12\x0c\n\x08TYPE_ARC\x10\x01\x12\x10\n\x0cTYPE_BUILTIN\x10\x02\x12\x11\n\rTYPE_CROSTINI\x10\x03\x12\x12\n\x0eTYPE_EXTENSION\x10\x04\x12\x0c\n\x08TYPE_WEB\x10\x05\x12\x11\n\rTYPE_PLUGINVM\x10\x06\x12\x11\n\rTYPE_BOREALIS\x10\x07\x12\x13\n\x0fTYPE_BRUSCHETTA\x10\x08\"_\n\x06Status\x12\x12\n\x0eSTATUS_UNKNOWN\x10\x00\x12\x14\n\x10STATUS_INSTALLED\x10\x01\x12\x13\n\x0fSTATUS_DISABLED\x10\x02\x12\x16\n\x12STATUS_UNINSTALLED\x10\x03\"F\n\x14\x41ndroidAppPermission\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x0f\n\x07granted\x18\x02 \x01(\x08\x12\x0f\n\x07managed\x18\x03 \x01(\x08\"\x85\x04\n\x0e\x41ndroidAppInfo\x12\x0e\n\x06\x61pp_id\x18\x01 \x01(\t\x12\x10\n\x08\x61pp_name\x18\x02 \x01(\t\x12\x14\n\x0cpackage_name\x18\x03 \x01(\t\x12\x46\n\x06status\x18\x04 \x01(\x0e\x32\x36.enterprise_management.AndroidAppInfo.AndroidAppStatus\x12O\n\x10installed_source\x18\x05 \x01(\x0e\x32\x35.enterprise_management.AndroidAppInfo.InstalledSource\x12\x0f\n\x07version\x18\x06 \x01(\x05\x12@\n\x0bpermissions\x18\x07 \x03(\x0b\x32+.enterprise_management.AndroidAppPermission\"e\n\x10\x41ndroidAppStatus\x12\x12\n\x0eSTATUS_UNKNOWN\x10\x00\x12\x12\n\x0eSTATUS_ENABLED\x10\x01\x12\x14\n\x10STATUS_SUSPENDED\x10\x02\x12\x13\n\x0fSTATUS_DISABLED\x10\x03\"h\n\x0fInstalledSource\x12\x12\n\x0eSOURCE_UNKNOWN\x10\x00\x12\x13\n\x0fSOURCE_BY_ADMIN\x10\x01\x12\x12\n\x0eSOURCE_BY_USER\x10\x02\x12\x18\n\x14SOURCE_NOT_INSTALLED\x10\x03\"\xc5\x02\n\x17\x43hromeUserProfileReport\x12\n\n\x02id\x18\x01 \x01(\t\x12\x1d\n\x15\x63hrome_signed_in_user\x18\x02 \x01(\t\x12\x16\n\x0e\x65xtension_data\x18\x03 \x01(\t\x12\x0f\n\x07plugins\x18\x04 \x01(\t\x12\x13\n\x0bpolicy_data\x18\x05 \x01(\t\x12 \n\x18policy_fetched_timestamp\x18\x06 \x01(\x03\x12\x1e\n\x16safe_browsing_warnings\x18\x07 \x01(\x04\x12,\n$safe_browsing_warnings_click_through\x18\x08 \x01(\x04\x12\x0c\n\x04name\x18\t \x01(\t\x12\x43\n\x12\x65xtension_requests\x18\n \x03(\x0b\x32\'.enterprise_management.ExtensionRequest\"?\n\x12\x43hromeSignedInUser\x12\r\n\x05\x65mail\x18\x01 \x01(\t\x12\x1a\n\x12obfuscated_gaia_id\x18\x02 \x01(\t\"P\n\x10\x45xtensionRequest\x12\n\n\x02id\x18\x01 \x01(\t\x12\x19\n\x11request_timestamp\x18\x02 \x01(\x03\x12\x15\n\rjustification\x18\x03 \x01(\t\"\xd1\x05\n\tExtension\x12\n\n\x02id\x18\x01 \x01(\t\x12\x0f\n\x07version\x18\x02 \x01(\t\x12\x0c\n\x04name\x18\x03 \x01(\t\x12\x13\n\x0b\x64\x65scription\x18\x04 \x01(\t\x12@\n\x08\x61pp_type\x18\x05 \x01(\x0e\x32..enterprise_management.Extension.ExtensionType\x12\x14\n\x0chomepage_url\x18\x06 \x01(\t\x12\x42\n\x0cinstall_type\x18\x08 \x01(\x0e\x32,.enterprise_management.Extension.InstallType\x12\x0f\n\x07\x65nabled\x18\t \x01(\x08\x12\x13\n\x0bpermissions\x18\n \x03(\t\x12\x18\n\x10host_permissions\x18\x0b \x03(\t\x12\x15\n\rfrom_webstore\x18\r \x01(\x08\x12\x18\n\x10manifest_version\x18\x0e \x01(\x05\"\x81\x02\n\rExtensionType\x12\x10\n\x0cTYPE_UNKNOWN\x10\x00\x12\x12\n\x0eTYPE_EXTENSION\x10\x01\x12\x13\n\x0fTYPE_HOSTED_APP\x10\x02\x12\x15\n\x11TYPE_PACKAGED_APP\x10\x03\x12\x1c\n\x18TYPE_LEGACY_PACKAGED_APP\x10\x04\x12\x0e\n\nTYPE_THEME\x10\x05\x12\x14\n\x10TYPE_USER_SCRIPT\x10\x06\x12\x15\n\x11TYPE_PLATFORM_APP\x10\x07\x12\x1f\n\x1bTYPE_LOGIN_SCREEN_EXTENSION\x10\x08\x12\"\n\x1eTYPE_CHROMEOS_SYSTEM_EXTENSION\x10\t\"g\n\x0bInstallType\x12\x0f\n\x0bTYPE_NORMAL\x10\x00\x12\x14\n\x10TYPE_DEVELOPMENT\x10\x01\x12\x11\n\rTYPE_SIDELOAD\x10\x02\x12\x0e\n\nTYPE_ADMIN\x10\x03\x12\x0e\n\nTYPE_OTHER\x10\x04J\x04\x08\x07\x10\x08J\x04\x08\x0c\x10\r\"\xd7\x05\n\x06Policy\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x38\n\x05level\x18\x02 \x01(\x0e\x32).enterprise_management.Policy.PolicyLevel\x12\x38\n\x05scope\x18\x03 \x01(\x0e\x32).enterprise_management.Policy.PolicyScope\x12:\n\x06source\x18\x04 \x01(\x0e\x32*.enterprise_management.Policy.PolicySource\x12\r\n\x05value\x18\x05 \x01(\t\x12\r\n\x05\x65rror\x18\x06 \x01(\t\"L\n\x0bPolicyLevel\x12\x11\n\rLEVEL_UNKNOWN\x10\x00\x12\x15\n\x11LEVEL_RECOMMENDED\x10\x01\x12\x13\n\x0fLEVEL_MANDATORY\x10\x02\"C\n\x0bPolicyScope\x12\x11\n\rSCOPE_UNKNOWN\x10\x00\x12\x0e\n\nSCOPE_USER\x10\x01\x12\x11\n\rSCOPE_MACHINE\x10\x02\"\xdd\x02\n\x0cPolicySource\x12\x12\n\x0eSOURCE_UNKNOWN\x10\x00\x12\x1d\n\x19SOURCE_ENTERPRISE_DEFAULT\x10\x01\x12\x10\n\x0cSOURCE_CLOUD\x10\x02\x12\x1b\n\x17SOURCE_ACTIVE_DIRECTORY\x10\x03\x12\x33\n/SOURCE_DEVICE_LOCAL_ACCOUNT_OVERRIDE_DEPRECATED\x10\x04\x12\x13\n\x0fSOURCE_PLATFORM\x10\x05\x12$\n SOURCE_PRIORITY_CLOUD_DEPRECATED\x10\x06\x12\x11\n\rSOURCE_MERGED\x10\x07\x12\x17\n\x13SOURCE_COMMAND_LINE\x10\x08\x12\x19\n\x15SOURCE_CLOUD_FROM_ASH\x10\t\x12\x34\n0SOURCE_RESTRICTED_MANAGED_GUEST_SESSION_OVERRIDE\x10\n\"X\n\x0f\x45xtensionPolicy\x12\x14\n\x0c\x65xtension_id\x18\x01 \x01(\t\x12/\n\x08policies\x18\x02 \x03(\x0b\x32\x1d.enterprise_management.Policy\"7\n\x14PolicyFetchTimestamp\x12\x0c\n\x04type\x18\x01 \x01(\t\x12\x11\n\ttimestamp\x18\x02 \x01(\x03\"\xe5\x03\n\x15\x43hromeUserProfileInfo\x12\n\n\x02id\x18\x01 \x01(\t\x12\x0c\n\x04name\x18\x02 \x01(\t\x12\x1b\n\x13is_detail_available\x18\x03 \x01(\x08\x12H\n\x15\x63hrome_signed_in_user\x18\x04 \x01(\x0b\x32).enterprise_management.ChromeSignedInUser\x12\x34\n\nextensions\x18\x05 \x03(\x0b\x32 .enterprise_management.Extension\x12\x43\n\x12\x65xtension_requests\x18\n \x03(\x0b\x32\'.enterprise_management.ExtensionRequest\x12\x36\n\x0f\x63hrome_policies\x18\x07 \x03(\x0b\x32\x1d.enterprise_management.Policy\x12\x42\n\x12\x65xtension_policies\x18\x08 \x03(\x0b\x32&.enterprise_management.ExtensionPolicy\x12N\n\x19policy_fetched_timestamps\x18\t \x03(\x0b\x32+.enterprise_management.PolicyFetchTimestampJ\x04\x08\x06\x10\x07\"\xec\x02\n\rBrowserReport\x12\x17\n\x0f\x62rowser_version\x18\x01 \x01(\t\x12/\n\x07\x63hannel\x18\x02 \x01(\x0e\x32\x1e.enterprise_management.Channel\x12\x17\n\x0f\x65xecutable_path\x18\x03 \x01(\t\x12S\n\x1b\x63hrome_user_profile_reports\x18\x04 \x03(\x0b\x32..enterprise_management.ChromeUserProfileReport\x12O\n\x19\x63hrome_user_profile_infos\x18\x06 \x03(\x0b\x32,.enterprise_management.ChromeUserProfileInfo\x12!\n\x19installed_browser_version\x18\x08 \x01(\t\x12)\n\x1ais_extended_stable_channel\x18\t \x01(\x08:\x05\x66\x61lseJ\x04\x08\x07\x10\x08\"\xf0\x01\n\x08OSReport\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x0c\n\x04\x61rch\x18\x02 \x01(\t\x12\x0f\n\x07version\x18\x03 \x01(\t\x12\x41\n\x0cversion_type\x18\x04 \x01(\x0e\x32+.enterprise_management.OSReport.VersionType\"t\n\x0bVersionType\x12\x0b\n\x07UNKNOWN\x10\x00\x12\x08\n\x04HOME\x10\x01\x12\x10\n\x0cPROFESSIONAL\x10\x02\x12\n\n\x06SERVER\x10\x03\x12\x0e\n\nENTERPRISE\x10\x04\x12\r\n\tEDUCATION\x10\x05\x12\x11\n\rEDUCATION_PRO\x10\x06\"\xba\x03\n\x1a\x43hromeDesktopReportRequest\x12\x18\n\x0cmachine_name\x18\x01 \x01(\tB\x02\x18\x01\x12\x0f\n\x07os_info\x18\x02 \x01(\t\x12\x0f\n\x07os_user\x18\x03 \x01(\t\x12<\n\x0e\x62rowser_report\x18\x04 \x01(\x0b\x32$.enterprise_management.BrowserReport\x12\x19\n\rserial_number\x18\x05 \x01(\tB\x02\x18\x01\x12\x19\n\rcomputer_name\x18\x06 \x01(\tB\x02\x18\x01\x12\x32\n\tos_report\x18\x07 \x01(\x0b\x32\x1f.enterprise_management.OSReport\x12\x14\n\x0cos_user_name\x18\x08 \x01(\t\x12Q\n\x19\x62rowser_device_identifier\x18\t \x01(\x0b\x32..enterprise_management.BrowserDeviceIdentifier\x12\x1f\n\x17machine_attestation_key\x18\x0b \x01(\t\x12\x14\n\x0c\x64\x65vice_model\x18\x0c \x01(\t\x12\x12\n\nbrand_name\x18\r \x01(\tJ\x04\x08\n\x10\x0b\"\xa1\x01\n\x19\x43hromeOsUserReportRequest\x12<\n\x0e\x62rowser_report\x18\x01 \x01(\x0b\x32$.enterprise_management.BrowserReport\x12@\n\x11\x61ndroid_app_infos\x18\x02 \x03(\x0b\x32%.enterprise_management.AndroidAppInfoJ\x04\x08\x03\x10\x04\"\x8e\x01\n\x1a\x43hromeProfileReportRequest\x12<\n\x0e\x62rowser_report\x18\x01 \x01(\x0b\x32$.enterprise_management.BrowserReport\x12\x32\n\tos_report\x18\x02 \x01(\x0b\x32\x1f.enterprise_management.OSReport\"\xd4\x02\n\x1aPolicyValueValidationIssue\x12\x13\n\x0bpolicy_name\x18\x01 \x01(\t\x12`\n\x08severity\x18\x02 \x01(\x0e\x32N.enterprise_management.PolicyValueValidationIssue.ValueValidationIssueSeverity\x12\x15\n\rdebug_message\x18\x03 \x01(\t\"\xa7\x01\n\x1cValueValidationIssueSeverity\x12/\n+VALUE_VALIDATION_ISSUE_SEVERITY_UNSPECIFIED\x10\x00\x12+\n\'VALUE_VALIDATION_ISSUE_SEVERITY_WARNING\x10\x01\x12)\n%VALUE_VALIDATION_ISSUE_SEVERITY_ERROR\x10\x02\"\xf7\x07\n\x1dPolicyValidationReportRequest\x12\x13\n\x0bpolicy_type\x18\x01 \x01(\t\x12\x14\n\x0cpolicy_token\x18\x02 \x01(\t\x12i\n\x16validation_result_type\x18\x03 \x01(\x0e\x32I.enterprise_management.PolicyValidationReportRequest.ValidationResultType\x12Y\n\x1epolicy_value_validation_issues\x18\x04 \x03(\x0b\x32\x31.enterprise_management.PolicyValueValidationIssue\"\xe4\x05\n\x14ValidationResultType\x12,\n(VALIDATION_RESULT_TYPE_ERROR_UNSPECIFIED\x10\x00\x12\"\n\x1eVALIDATION_RESULT_TYPE_SUCCESS\x10\x01\x12\x30\n,VALIDATION_RESULT_TYPE_BAD_INITIAL_SIGNATURE\x10\x02\x12(\n$VALIDATION_RESULT_TYPE_BAD_SIGNATURE\x10\x03\x12-\n)VALIDATION_RESULT_TYPE_ERROR_CODE_PRESENT\x10\x04\x12.\n*VALIDATION_RESULT_TYPE_PAYLOAD_PARSE_ERROR\x10\x05\x12,\n(VALIDATION_RESULT_TYPE_WRONG_POLICY_TYPE\x10\x06\x12\x33\n/VALIDATION_RESULT_TYPE_WRONG_SETTINGS_ENTITY_ID\x10\x07\x12(\n$VALIDATION_RESULT_TYPE_BAD_TIMESTAMP\x10\x08\x12\'\n#VALIDATION_RESULT_TYPE_BAD_DM_TOKEN\x10\t\x12(\n$VALIDATION_RESULT_TYPE_BAD_DEVICE_ID\x10\n\x12#\n\x1fVALIDATION_RESULT_TYPE_BAD_USER\x10\x0b\x12-\n)VALIDATION_RESULT_TYPE_POLICY_PARSE_ERROR\x10\x0c\x12\x39\n5VALIDATION_RESULT_TYPE_BAD_KEY_VERIFICATION_SIGNATURE\x10\r\x12(\n$VALIDATION_RESULT_TYPE_VALUE_WARNING\x10\x0e\x12&\n\"VALIDATION_RESULT_TYPE_VALUE_ERROR\x10\x0f\" \n\x1ePolicyValidationReportResponse\"A\n\rAndroidStatus\x12\x16\n\x0estatus_payload\x18\x01 \x01(\t\x12\x18\n\x10\x64roid_guard_info\x18\x02 \x01(\t\"\xcf\x01\n\x0b\x43rostiniApp\x12\x10\n\x08\x61pp_name\x18\x01 \x01(\t\x12\x38\n\x08\x61pp_type\x18\x02 \x01(\x0e\x32&.enterprise_management.CrostiniAppType\x12/\n\'last_launch_time_window_start_timestamp\x18\x03 \x01(\x03\x12\x14\n\x0cpackage_name\x18\x04 \x01(\t\x12\x17\n\x0fpackage_version\x18\x05 \x01(\t\x12\x14\n\x0cpackage_hash\x18\x06 \x01(\t\"\xca\x01\n\x0e\x43rostiniStatus\x12/\n\'last_launch_time_window_start_timestamp\x18\x01 \x01(\x03\x12$\n\x1clast_launch_vm_image_version\x18\x02 \x01(\t\x12%\n\x1dlast_launch_vm_kernel_version\x18\x03 \x01(\t\x12:\n\x0einstalled_apps\x18\x04 \x03(\x0b\x32\".enterprise_management.CrostiniApp\"\xea\x02\n\x1aSessionStatusReportRequest\x12\x1f\n\x17\x64\x65vice_local_account_id\x18\x04 \x01(\t\x12\x38\n\x0einstalled_apps\x18\x05 \x03(\x0b\x32 .enterprise_management.AppStatus\x12<\n\x0e\x61ndroid_status\x18\x07 \x01(\x0b\x32$.enterprise_management.AndroidStatus\x12\x15\n\ruser_dm_token\x18\x08 \x01(\t\x12\x11\n\ttime_zone\x18\t \x01(\t\x12>\n\x0f\x63rostini_status\x18\n \x01(\x0b\x32%.enterprise_management.CrostiniStatus\x12\x31\n\tapp_infos\x18\x0b \x03(\x0b\x32\x1e.enterprise_management.AppInfoJ\x04\x08\x01\x10\x02J\x04\x08\x02\x10\x03J\x04\x08\x03\x10\x04J\x04\x08\x06\x10\x07\"G\n\x1a\x44\x65viceStatusReportResponse\x12\x12\n\nerror_code\x18\x01 \x01(\x05\x12\x15\n\rerror_message\x18\x02 \x01(\t\"\x1d\n\x1b\x43hromeDesktopReportResponse\"\x1c\n\x1a\x43hromeOsUserReportResponse\"\x1d\n\x1b\x43hromeProfileReportResponse\"H\n\x1bSessionStatusReportResponse\x12\x12\n\nerror_code\x18\x01 \x01(\x05\x12\x15\n\rerror_message\x18\x02 \x01(\t\"k\n\x1bPrivateSetMembershipRequest\x12L\n\x0crlwe_request\x18\x01 \x01(\x0b\x32\x36.enterprise_management.PrivateSetMembershipRlweRequest\"n\n\x1cPrivateSetMembershipResponse\x12N\n\rrlwe_response\x18\x01 \x01(\x0b\x32\x37.enterprise_management.PrivateSetMembershipRlweResponse\"\xc5\x01\n\x1fPrivateSetMembershipRlweRequest\x12O\n\x0coprf_request\x18\x01 \x01(\x0b\x32\x39.private_membership.rlwe.PrivateMembershipRlweOprfRequest\x12Q\n\rquery_request\x18\x02 \x01(\x0b\x32:.private_membership.rlwe.PrivateMembershipRlweQueryRequest\"\xca\x01\n PrivateSetMembershipRlweResponse\x12Q\n\roprf_response\x18\x01 \x01(\x0b\x32:.private_membership.rlwe.PrivateMembershipRlweOprfResponse\x12S\n\x0equery_response\x18\x02 \x01(\x0b\x32;.private_membership.rlwe.PrivateMembershipRlweQueryResponse\"\xcf\x02\n\x1b\x44\x65viceAutoEnrollmentRequest\x12\x11\n\tremainder\x18\x01 \x01(\x03\x12\x0f\n\x07modulus\x18\x02 \x01(\x03\x12\x80\x01\n\x15\x65nrollment_check_type\x18\x03 \x01(\x0e\x32\x46.enterprise_management.DeviceAutoEnrollmentRequest.EnrollmentCheckType:\x19\x45NROLLMENT_CHECK_TYPE_FRE\"\x88\x01\n\x13\x45nrollmentCheckType\x12%\n!ENROLLMENT_CHECK_TYPE_UNSPECIFIED\x10\x00\x12\x1d\n\x19\x45NROLLMENT_CHECK_TYPE_FRE\x10\x01\x12+\n\'ENROLLMENT_CHECK_TYPE_FORCED_ENROLLMENT\x10\x02\"H\n\x1c\x44\x65viceAutoEnrollmentResponse\x12\x18\n\x10\x65xpected_modulus\x18\x01 \x01(\x03\x12\x0e\n\x06hashes\x18\x02 \x03(\x0c\"\x83\x01\n\x1b\x44\x65viceStateRetrievalRequest\x12\x1f\n\x17server_backed_state_key\x18\x01 \x01(\x0c\x12\x15\n\rserial_number\x18\x02 \x01(\t\x12\x12\n\nbrand_code\x18\x03 \x01(\t\x12\x18\n\x10\x65nrollment_token\x18\x04 \x01(\t\"?\n\x1b\x44\x65viceStateKeyUpdateRequest\x12 \n\x18server_backed_state_keys\x18\x01 \x03(\x0c\"\xb5\x04\n\x1c\x44\x65viceStateRetrievalResponse\x12h\n\x0crestore_mode\x18\x01 \x01(\x0e\x32?.enterprise_management.DeviceStateRetrievalResponse.RestoreMode:\x11RESTORE_MODE_NONE\x12\x19\n\x11management_domain\x18\x02 \x01(\t\x12<\n\x0e\x64isabled_state\x18\x03 \x01(\x0b\x32$.enterprise_management.DisabledState\x12[\n\x16initial_state_response\x18\x04 \x01(\x0b\x32;.enterprise_management.DeviceInitialEnrollmentStateResponse\x12\x38\n\x0clicense_type\x18\x05 \x01(\x0b\x32\".enterprise_management.LicenseType\"\xba\x01\n\x0bRestoreMode\x12\x15\n\x11RESTORE_MODE_NONE\x10\x00\x12\'\n#RESTORE_MODE_REENROLLMENT_REQUESTED\x10\x01\x12&\n\"RESTORE_MODE_REENROLLMENT_ENFORCED\x10\x02\x12\x19\n\x15RESTORE_MODE_DISABLED\x10\x03\x12(\n$RESTORE_MODE_REENROLLMENT_ZERO_TOUCH\x10\x04\"j\n#DeviceInitialEnrollmentStateRequest\x12\x15\n\rserial_number\x18\x01 \x01(\t\x12\x12\n\nbrand_code\x18\x02 \x01(\t\x12\x18\n\x10\x65nrollment_token\x18\x03 \x01(\t\"\x97\x08\n$DeviceInitialEnrollmentStateResponse\x12\x90\x01\n\x17initial_enrollment_mode\x18\x01 \x01(\x0e\x32Q.enterprise_management.DeviceInitialEnrollmentStateResponse.InitialEnrollmentMode:\x1cINITIAL_ENROLLMENT_MODE_NONE\x12\x19\n\x11management_domain\x18\x02 \x01(\t\x12\'\n\x1fis_license_packaged_with_device\x18\x03 \x01(\x08\x12<\n\x0e\x64isabled_state\x18\x04 \x01(\x0b\x32$.enterprise_management.DisabledState\x12n\n\x15license_packaging_sku\x18\x05 \x01(\x0e\x32O.enterprise_management.DeviceInitialEnrollmentStateResponse.LicensePackagingSKU\x12n\n\x15\x61ssigned_upgrade_type\x18\x06 \x01(\x0e\x32O.enterprise_management.DeviceInitialEnrollmentStateResponse.AssignedUpgradeType\"\xf8\x01\n\x15InitialEnrollmentMode\x12 \n\x1cINITIAL_ENROLLMENT_MODE_NONE\x10\x00\x12/\n+INITIAL_ENROLLMENT_MODE_ENROLLMENT_ENFORCED\x10\x01\x12/\n+INITIAL_ENROLLMENT_MODE_ZERO_TOUCH_ENFORCED\x10\x02\x12$\n INITIAL_ENROLLMENT_MODE_DISABLED\x10\x03\x12\x35\n1INITIAL_ENROLLMENT_MODE_TOKEN_ENROLLMENT_ENFORCED\x10\x04\"f\n\x13LicensePackagingSKU\x12\r\n\tNOT_EXIST\x10\x00\x12\x15\n\x11\x43HROME_ENTERPRISE\x10\x01\x12\x14\n\x10\x43HROME_EDUCATION\x10\x02\x12\x13\n\x0f\x43HROME_TERMINAL\x10\x03\"\x96\x01\n\x13\x41ssignedUpgradeType\x12%\n!ASSIGNED_UPGRADE_TYPE_UNSPECIFIED\x10\x00\x12+\n\'ASSIGNED_UPGRADE_TYPE_CHROME_ENTERPRISE\x10\x01\x12+\n\'ASSIGNED_UPGRADE_TYPE_KIOSK_AND_SIGNAGE\x10\x02\"L\n\x14\x44\x65vicePairingRequest\x12\x16\n\x0ehost_device_id\x18\x01 \x01(\t\x12\x1c\n\x14\x63ontroller_device_id\x18\x02 \x01(\t\"\x95\x02\n\x15\x44\x65vicePairingResponse\x12T\n\x0bstatus_code\x18\x01 \x01(\x0e\x32\x37.enterprise_management.DevicePairingResponse.StatusCode:\x06\x46\x41ILED\"\xa5\x01\n\nStatusCode\x12\x0b\n\x07SUCCESS\x10\x00\x12\n\n\x06\x46\x41ILED\x10\x01\x12\x19\n\x15HOST_DEVICE_NOT_FOUND\x10\x02\x12\x1f\n\x1b\x43ONTROLLER_DEVICE_NOT_FOUND\x10\x03\x12\x1d\n\x19HOST_DEVICE_DEPROVISIONED\x10\x04\x12#\n\x1f\x43ONTROLLER_DEVICE_DEPROVISIONED\x10\x05\"Q\n\x19\x43heckDevicePairingRequest\x12\x16\n\x0ehost_device_id\x18\x01 \x01(\t\x12\x1c\n\x14\x63ontroller_device_id\x18\x02 \x01(\t\"\xce\x02\n\x1a\x43heckDevicePairingResponse\x12]\n\x0bstatus_code\x18\x01 \x01(\x0e\x32<.enterprise_management.CheckDevicePairingResponse.StatusCode:\nNOT_PAIRED\"\xd0\x01\n\nStatusCode\x12\n\n\x06PAIRED\x10\x00\x12\x0e\n\nNOT_PAIRED\x10\x01\x12\x19\n\x15HOST_DEVICE_NOT_FOUND\x10\x02\x12\x1f\n\x1b\x43ONTROLLER_DEVICE_NOT_FOUND\x10\x03\x12\x1d\n\x19HOST_DEVICE_DEPROVISIONED\x10\x04\x12#\n\x1f\x43ONTROLLER_DEVICE_DEPROVISIONED\x10\x05\x12&\n\"INVALID_CONTROLLER_DEVICE_IDENTITY\x10\x06\"\xd7\x05\n\rRemoteCommand\x12\x37\n\x04type\x18\x01 \x01(\x0e\x32).enterprise_management.RemoteCommand.Type\x12\x12\n\ncommand_id\x18\x02 \x01(\x03\x12\x16\n\x0e\x61ge_of_command\x18\x03 \x01(\x03\x12\x0f\n\x07payload\x18\x04 \x01(\t\x12\x18\n\x10target_device_id\x18\x05 \x01(\t\"\xb5\x04\n\x04Type\x12\x1e\n\x11\x43OMMAND_ECHO_TEST\x10\xff\xff\xff\xff\xff\xff\xff\xff\xff\x01\x12\x11\n\rDEVICE_REBOOT\x10\x00\x12\x15\n\x11\x44\x45VICE_SCREENSHOT\x10\x01\x12\x15\n\x11\x44\x45VICE_SET_VOLUME\x10\x02\x12\x17\n\x13\x44\x45VICE_FETCH_STATUS\x10\x03\x12\x14\n\x10USER_ARC_COMMAND\x10\x04\x12\x15\n\x11\x44\x45VICE_WIPE_USERS\x10\x05\x12\x1c\n\x18\x44\x45VICE_START_CRD_SESSION\x10\x06\x12\x1b\n\x17\x44\x45VICE_REMOTE_POWERWASH\x10\x07\x12\x31\n-DEVICE_REFRESH_ENTERPRISE_MACHINE_CERTIFICATE\x10\x08\x12,\n(DEVICE_GET_AVAILABLE_DIAGNOSTIC_ROUTINES\x10\t\x12!\n\x1d\x44\x45VICE_RUN_DIAGNOSTIC_ROUTINE\x10\n\x12(\n$DEVICE_GET_DIAGNOSTIC_ROUTINE_UPDATE\x10\x0b\x12\x1f\n\x1b\x42ROWSER_CLEAR_BROWSING_DATA\x10\x0c\x12\x16\n\x12\x44\x45VICE_RESET_EUICC\x10\r\x12)\n%BROWSER_ROTATE_ATTESTATION_CREDENTIAL\x10\x0e\x12\x1f\n\x1b\x46\x45TCH_CRD_AVAILABILITY_INFO\x10\x0f\x12\x18\n\x14\x46\x45TCH_SUPPORT_PACKET\x10\x10\"\xde\x01\n\x13RemoteCommandResult\x12\x45\n\x06result\x18\x01 \x01(\x0e\x32\x35.enterprise_management.RemoteCommandResult.ResultType\x12\x12\n\ncommand_id\x18\x02 \x01(\x03\x12\x11\n\ttimestamp\x18\x03 \x01(\x03\x12\x0f\n\x07payload\x18\x04 \x01(\t\"H\n\nResultType\x12\x12\n\x0eRESULT_IGNORED\x10\x00\x12\x12\n\x0eRESULT_FAILURE\x10\x01\x12\x12\n\x0eRESULT_SUCCESS\x10\x02\"\xfe\x01\n\x1a\x44\x65viceRemoteCommandRequest\x12\x1e\n\x16last_command_unique_id\x18\x01 \x01(\x03\x12\x43\n\x0f\x63ommand_results\x18\x02 \x03(\x0b\x32*.enterprise_management.RemoteCommandResult\x12\x1c\n\x14send_secure_commands\x18\x03 \x01(\x08\x12O\n\x0esignature_type\x18\x04 \x01(\x0e\x32\x37.enterprise_management.PolicyFetchRequest.SignatureType\x12\x0c\n\x04type\x18\x05 \x01(\t\"\x91\x01\n\x1b\x44\x65viceRemoteCommandResponse\x12\x36\n\x08\x63ommands\x18\x01 \x03(\x0b\x32$.enterprise_management.RemoteCommand\x12:\n\x0fsecure_commands\x18\x02 \x03(\x0b\x32!.enterprise_management.SignedData\"(\n&DeviceAttributeUpdatePermissionRequest\"\xd1\x01\n\'DeviceAttributeUpdatePermissionResponse\x12Y\n\x06result\x18\x01 \x01(\x0e\x32I.enterprise_management.DeviceAttributeUpdatePermissionResponse.ResultType\"K\n\nResultType\x12\x1f\n\x1b\x41TTRIBUTE_UPDATE_DISALLOWED\x10\x00\x12\x1c\n\x18\x41TTRIBUTE_UPDATE_ALLOWED\x10\x01\"B\n\x1c\x44\x65viceAttributeUpdateRequest\x12\x10\n\x08\x61sset_id\x18\x01 \x01(\t\x12\x10\n\x08location\x18\x02 \x01(\t\"\xb8\x01\n\x1d\x44\x65viceAttributeUpdateResponse\x12O\n\x06result\x18\x01 \x01(\x0e\x32?.enterprise_management.DeviceAttributeUpdateResponse.ResultType\"F\n\nResultType\x12\x1a\n\x16\x41TTRIBUTE_UPDATE_ERROR\x10\x00\x12\x1c\n\x18\x41TTRIBUTE_UPDATE_SUCCESS\x10\x01\"$\n\x12GcmIdUpdateRequest\x12\x0e\n\x06gcm_id\x18\x01 \x01(\t\"\x15\n\x13GcmIdUpdateResponse\"\x1f\n\x1d\x43heckAndroidManagementRequest\" \n\x1e\x43heckAndroidManagementResponse\"b\n%CertificateBasedDeviceRegisterRequest\x12\x39\n\x0esigned_request\x18\x01 \x01(\x0b\x32!.enterprise_management.SignedData\"p\n\x1fTokenBasedDeviceRegisterRequest\x12M\n\x17\x64\x65vice_register_request\x18\x01 \x01(\x0b\x32,.enterprise_management.DeviceRegisterRequest\"s\n TokenBasedDeviceRegisterResponse\x12O\n\x18\x64\x65vice_register_response\x18\x01 \x01(\x0b\x32-.enterprise_management.DeviceRegisterResponse\"3\n\x1b\x44\x65viceRegisterConfiguration\x12\x14\n\x0c\x64\x65vice_owner\x18\x01 \x01(\t\"\x9e\x03\n&CertificateBasedDeviceRegistrationData\x12g\n\x10\x63\x65rtificate_type\x18\x01 \x01(\x0e\x32M.enterprise_management.CertificateBasedDeviceRegistrationData.CertificateType\x12\x1a\n\x12\x64\x65vice_certificate\x18\x02 \x01(\x0c\x12M\n\x17\x64\x65vice_register_request\x18\x03 \x01(\x0b\x32,.enterprise_management.DeviceRegisterRequest\x12Y\n\x1d\x64\x65vice_register_configuration\x18\x04 \x01(\x0b\x32\x32.enterprise_management.DeviceRegisterConfiguration\"E\n\x0f\x43\x65rtificateType\x12\x0b\n\x07UNKNOWN\x10\x00\x12%\n!ENTERPRISE_ENROLLMENT_CERTIFICATE\x10\x01\"\xd4\x01\n\x16RegisterBrowserRequest\x12\x14\n\x0cmachine_name\x18\x01 \x01(\t\x12\x13\n\x0bos_platform\x18\x02 \x01(\t\x12\x12\n\nos_version\x18\x03 \x01(\t\x12Q\n\x19\x62rowser_device_identifier\x18\x04 \x01(\x0b\x32..enterprise_management.BrowserDeviceIdentifier\x12\x14\n\x0c\x64\x65vice_model\x18\x05 \x01(\t\x12\x12\n\nbrand_name\x18\x06 \x01(\t\"?\n$ActiveDirectoryEnrollPlayUserRequest\x12\x17\n\x0f\x61uth_session_id\x18\x01 \x01(\t\"\x97\x01\n%ActiveDirectoryEnrollPlayUserResponse\x12\x18\n\x10\x65nrollment_token\x18\x01 \x01(\t\x12\x0f\n\x07user_id\x18\x02 \x01(\t\x12\x43\n\x0fsaml_parameters\x18\x03 \x01(\x0b\x32*.enterprise_management.SamlParametersProto\"I\n\x13SamlParametersProto\x12\x19\n\x11\x61uth_redirect_url\x18\x01 \x01(\t\x12\x17\n\x0f\x61uth_session_id\x18\x02 \x01(\t\"+\n\x15PublicSamlUserRequest\x12\x12\n\naccount_id\x18\x01 \x01(\t\"]\n\x16PublicSamlUserResponse\x12\x43\n\x0fsaml_parameters\x18\x01 \x01(\x0b\x32*.enterprise_management.SamlParametersProto\"5\n\"ActiveDirectoryPlayActivityRequest\x12\x0f\n\x07user_id\x18\x01 \x01(\t\"%\n#ActiveDirectoryPlayActivityResponse\"\x1b\n\x19\x43heckDeviceLicenseRequest\"\x89\x01\n\x13LicenseAvailability\x12G\n\x17license_type_deprecated\x18\x01 \x01(\x0b\x32\".enterprise_management.LicenseTypeB\x02\x18\x01\x12)\n\x1d\x61vailable_licenses_deprecated\x18\x02 \x01(\x05\x42\x02\x18\x01\"\xbe\x02\n\x1a\x43heckDeviceLicenseResponse\x12u\n!license_selection_mode_deprecated\x18\x01 \x01(\x0e\x32\x46.enterprise_management.CheckDeviceLicenseResponse.LicenseSelectionModeB\x02\x18\x01\x12Y\n!license_availabilities_deprecated\x18\x02 \x03(\x0b\x32*.enterprise_management.LicenseAvailabilityB\x02\x18\x01\"N\n\x14LicenseSelectionMode\x12\r\n\tUNDEFINED\x10\x00\x12\x12\n\x0eUSER_SELECTION\x10\x01\x12\x13\n\x0f\x41\x44MIN_SELECTION\x10\x02\"\"\n ActiveDirectoryUserSigninRequest\">\n!ActiveDirectoryUserSigninResponse\x12\x19\n\x11\x61uth_redirect_url\x18\x01 \x01(\t\"\xd8\x02\n\x0eTpmVersionInfo\x12\x0e\n\x06\x66\x61mily\x18\x01 \x01(\r\x12\x12\n\nspec_level\x18\x02 \x01(\x04\x12\x14\n\x0cmanufacturer\x18\x03 \x01(\r\x12\x11\n\ttpm_model\x18\x04 \x01(\r\x12\x18\n\x10\x66irmware_version\x18\x05 \x01(\x04\x12\x17\n\x0fvendor_specific\x18\x06 \x01(\t\x12\x45\n\x0bgsc_version\x18\x07 \x01(\x0e\x32\x30.enterprise_management.TpmVersionInfo.GscVersion\x12\x0f\n\x07\x64id_vid\x18\x08 \x01(\t\"n\n\nGscVersion\x12\x1b\n\x17GSC_VERSION_UNSPECIFIED\x10\x00\x12\x17\n\x13GSC_VERSION_NOT_GSC\x10\x01\x12\x14\n\x10GSC_VERSION_CR50\x10\x02\x12\x14\n\x10GSC_VERSION_TI50\x10\x03\"\xc2\x03\n\rTpmStatusInfo\x12\x0f\n\x07\x65nabled\x18\x01 \x01(\x08\x12\r\n\x05owned\x18\x02 \x01(\x08\x12\x17\n\x0ftpm_initialized\x18\x03 \x01(\x08\x12\x1c\n\x14\x61ttestation_prepared\x18\x04 \x01(\x08\x12\x1c\n\x14\x61ttestation_enrolled\x18\x05 \x01(\x08\x12!\n\x19\x64ictionary_attack_counter\x18\x06 \x01(\x05\x12#\n\x1b\x64ictionary_attack_threshold\x18\x07 \x01(\x05\x12+\n#dictionary_attack_lockout_in_effect\x18\x08 \x01(\x08\x12\x33\n+dictionary_attack_lockout_seconds_remaining\x18\t \x01(\x05\x12\"\n\x16\x62oot_lockbox_finalized\x18\n \x01(\x08\x42\x02\x18\x01\x12!\n\x19owner_password_is_present\x18\x0b \x01(\x08\x12K\n\x16tpm_supported_features\x18\x0c \x01(\x0b\x32+.enterprise_management.TpmSupportedFeatures\"}\n\x14TpmSupportedFeatures\x12\x12\n\nis_allowed\x18\x01 \x01(\x08\x12\x19\n\x11support_pinweaver\x18\x02 \x01(\x08\x12!\n\x19support_runtime_selection\x18\x03 \x01(\x08\x12\x13\n\x0bsupport_u2f\x18\x04 \x01(\x08\"F\n\x0bSystemState\x12\x37\n\x0cvolume_infos\x18\x01 \x03(\x0b\x32!.enterprise_management.VolumeInfo\"\xe3\x33\n\x1e\x45xtensionInstallReportLogEvent\x12\x11\n\ttimestamp\x18\x01 \x01(\x03\x12S\n\nevent_type\x18\x02 \x01(\x0e\x32?.enterprise_management.ExtensionInstallReportLogEvent.EventType\x12\x16\n\x0estateful_total\x18\x03 \x01(\x03\x12\x15\n\rstateful_free\x18\x04 \x01(\x03\x12\x0e\n\x06online\x18\x05 \x01(\x08\x12o\n\x19session_state_change_type\x18\x06 \x01(\x0e\x32L.enterprise_management.ExtensionInstallReportLogEvent.SessionStateChangeType\x12[\n\x0e\x66\x61ilure_reason\x18\x07 \x01(\x0e\x32\x43.enterprise_management.ExtensionInstallReportLogEvent.FailureReason\x12\x63\n\x12installation_stage\x18\x08 \x01(\x0e\x32G.enterprise_management.ExtensionInstallReportLogEvent.InstallationStage\x12\x61\n\x11\x64ownloading_stage\x18\t \x01(\x0e\x32\x46.enterprise_management.ExtensionInstallReportLogEvent.DownloadingStage\x12\x46\n\x0e\x65xtension_type\x18\n \x01(\x0e\x32..enterprise_management.Extension.ExtensionType\x12Q\n\tuser_type\x18\x0b \x01(\x0e\x32>.enterprise_management.ExtensionInstallReportLogEvent.UserType\x12\x13\n\x0bis_new_user\x18\x0c \x01(\x08\x12#\n\x1bis_misconfiguration_failure\x18\r \x01(\x08\x12j\n\x16install_creation_stage\x18\x0e \x01(\x0e\x32J.enterprise_management.ExtensionInstallReportLogEvent.InstallCreationStage\x12h\n\x15\x64ownload_cache_status\x18\x0f \x01(\x0e\x32I.enterprise_management.ExtensionInstallReportLogEvent.DownloadCacheStatus\x12u\n\x17unpacker_failure_reason\x18\x10 \x01(\x0e\x32T.enterprise_management.ExtensionInstallReportLogEvent.SandboxedUnpackerFailureReason\x12j\n\x16manifest_invalid_error\x18\x11 \x01(\x0e\x32J.enterprise_management.ExtensionInstallReportLogEvent.ManifestInvalidError\x12m\n\x18\x63rx_install_error_detail\x18\x12 \x01(\x0e\x32K.enterprise_management.ExtensionInstallReportLogEvent.CrxInstallErrorDetail\x12\x18\n\x10\x66\x65tch_error_code\x18\x13 \x01(\x05\x12\x13\n\x0b\x66\x65tch_tries\x18\x14 \x01(\x05\"\xa2\x01\n\tEventType\x12\x1a\n\x16LOG_EVENT_TYPE_UNKNOWN\x10\x00\x12\x12\n\x0ePOLICY_REQUEST\x10\x01\x12\x0b\n\x07SUCCESS\x10\x02\x12\x0c\n\x08\x43\x41NCELED\x10\x03\x12\x17\n\x13\x43ONNECTIVITY_CHANGE\x10\x04\x12\x18\n\x14SESSION_STATE_CHANGE\x10\x05\x12\x17\n\x13INSTALLATION_FAILED\x10\x06\"o\n\x16SessionStateChangeType\x12%\n!SESSION_STATE_CHANGE_TYPE_UNKNOWN\x10\x00\x12\t\n\x05LOGIN\x10\x01\x12\n\n\x06LOGOUT\x10\x02\x12\x0b\n\x07SUSPEND\x10\x03\x12\n\n\x06RESUME\x10\x04\"\xbe\x06\n\rFailureReason\x12\x1a\n\x16\x46\x41ILURE_REASON_UNKNOWN\x10\x00\x12\x0e\n\nINVALID_ID\x10\x01\x12 \n\x1cMALFORMED_EXTENSION_SETTINGS\x10\x02\x12\x17\n\x13REPLACED_BY_ARC_APP\x10\x03\x12\x1c\n\x18MALFORMED_EXTENSION_DICT\x10\x04\x12 \n\x1cNOT_SUPPORTED_EXTENSION_DICT\x10\x05\x12&\n\"MALFORMED_EXTENSION_DICT_FILE_PATH\x10\x06\x12$\n MALFORMED_EXTENSION_DICT_VERSION\x10\x07\x12\'\n#MALFORMED_EXTENSION_DICT_UPDATE_URL\x10\x08\x12\x18\n\x14LOCALE_NOT_SUPPORTED\x10\t\x12\x1e\n\x1aNOT_PERFORMING_NEW_INSTALL\x10\n\x12\x13\n\x0fTOO_OLD_PROFILE\x10\x0b\x12!\n\x1d\x44O_NOT_INSTALL_FOR_ENTERPRISE\x10\x0c\x12\x15\n\x11\x41LREADY_INSTALLED\x10\r\x12\x14\n\x10\x43RX_FETCH_FAILED\x10\x0e\x12\x19\n\x15MANIFEST_FETCH_FAILED\x10\x0f\x12\x14\n\x10MANIFEST_INVALID\x10\x10\x12\r\n\tNO_UPDATE\x10\x11\x12\x1e\n\x1a\x43RX_INSTALL_ERROR_DECLINED\x10\x12\x12\x30\n,CRX_INSTALL_ERROR_SANDBOXED_UNPACKER_FAILURE\x10\x13\x12\x1b\n\x17\x43RX_INSTALL_ERROR_OTHER\x10\x14\x12\x11\n\rNO_UPDATE_URL\x10\x15\x12\x16\n\x12PENDING_ADD_FAILED\x10\x16\x12\x19\n\x15\x44OWNLOADER_ADD_FAILED\x10\x17\x12\x0f\n\x0bIN_PROGRESS\x10\x18\x12\x17\n\x13\x43RX_FETCH_URL_EMPTY\x10\x19\x12\x19\n\x15\x43RX_FETCH_URL_INVALID\x10\x1a\x12\x1a\n\x16OVERRIDDEN_BY_SETTINGS\x10\x1b\x12\x1a\n\x16REPLACED_BY_SYSTEM_APP\x10\x1c\"|\n\x11InstallationStage\x12\x1e\n\x1aINSTALLATION_STAGE_UNKNOWN\x10\x00\x12\x0b\n\x07\x43REATED\x10\x01\x12\x0b\n\x07PENDING\x10\x02\x12\x0f\n\x0b\x44OWNLOADING\x10\x03\x12\x0e\n\nINSTALLING\x10\x04\x12\x0c\n\x08\x43OMPLETE\x10\x05\"\x9c\x02\n\x08UserType\x12\x15\n\x11USER_TYPE_UNKNOWN\x10\x00\x12\x15\n\x11USER_TYPE_REGULAR\x10\x01\x12\x13\n\x0fUSER_TYPE_GUEST\x10\x02\x12\x1c\n\x18USER_TYPE_PUBLIC_ACCOUNT\x10\x03\x12\'\n\x1fUSER_TYPE_SUPERVISED_DEPRECATED\x10\x04\x1a\x02\x08\x01\x12\x17\n\x13USER_TYPE_KIOSK_APP\x10\x05\x12\x13\n\x0fUSER_TYPE_CHILD\x10\x06\x12\x1b\n\x17USER_TYPE_ARC_KIOSK_APP\x10\x07\x12\x1e\n\x1aUSER_TYPE_ACTIVE_DIRECTORY\x10\x08\x12\x1b\n\x17USER_TYPE_WEB_KIOSK_APP\x10\t\"\x97\x02\n\x10\x44ownloadingStage\x12\x1d\n\x19\x44OWNLOADING_STAGE_UNKNOWN\x10\x00\x12\x14\n\x10\x44OWNLOAD_PENDING\x10\x01\x12\x17\n\x13QUEUED_FOR_MANIFEST\x10\x02\x12\x18\n\x14\x44OWNLOADING_MANIFEST\x10\x03\x12\x1e\n\x1a\x44OWNLOADING_MANIFEST_RETRY\x10\x04\x12\x14\n\x10PARSING_MANIFEST\x10\x05\x12\x13\n\x0fMANIFEST_LOADED\x10\x06\x12\x12\n\x0eQUEUED_FOR_CRX\x10\x07\x12\x13\n\x0f\x44OWNLOADING_CRX\x10\x08\x12\x19\n\x15\x44OWNLOADING_CRX_RETRY\x10\t\x12\x0c\n\x08\x46INISHED\x10\n\"\xc3\x02\n\x14InstallCreationStage\x12\"\n\x1eINSTALL_CREATION_STAGE_UNKNOWN\x10\x00\x12\x16\n\x12\x43REATION_INITIATED\x10\x01\x12\x34\n0NOTIFIED_FROM_MANAGEMENT_INITIAL_CREATION_FORCED\x10\x02\x12\x38\n4NOTIFIED_FROM_MANAGEMENT_INITIAL_CREATION_NOT_FORCED\x10\x03\x12\x1c\n\x18NOTIFIED_FROM_MANAGEMENT\x10\x04\x12\'\n#NOTIFIED_FROM_MANAGEMENT_NOT_FORCED\x10\x05\x12\x19\n\x15SEEN_BY_POLICY_LOADER\x10\x06\x12\x1d\n\x19SEEN_BY_EXTERNAL_PROVIDER\x10\x07\"\x98\x01\n\x13\x44ownloadCacheStatus\x12\x11\n\rCACHE_UNKNOWN\x10\x00\x12\x12\n\x0e\x43\x41\x43HE_DISABLED\x10\x01\x12\x0e\n\nCACHE_MISS\x10\x02\x12\x12\n\x0e\x43\x41\x43HE_OUTDATED\x10\x03\x12\r\n\tCACHE_HIT\x10\x04\x12\'\n#CACHE_HIT_ON_MANIFEST_FETCH_FAILURE\x10\x05\"\xb6\r\n\x1eSandboxedUnpackerFailureReason\x12-\n)SANDBOXED_UNPACKER_FAILURE_REASON_UNKNOWN\x10\x00\x12 \n\x1c\x43OULD_NOT_GET_TEMP_DIRECTORY\x10\x01\x12#\n\x1f\x43OULD_NOT_CREATE_TEMP_DIRECTORY\x10\x02\x12\x33\n/FAILED_TO_COPY_EXTENSION_FILE_TO_TEMP_DIRECTORY\x10\x03\x12\'\n#COULD_NOT_GET_SANDBOX_FRIENDLY_PATH\x10\x04\x12 \n\x1c\x43OULD_NOT_LOCALIZE_EXTENSION\x10\x05\x12\x14\n\x10INVALID_MANIFEST\x10\x06\x12\x1a\n\x16UNPACKER_CLIENT_FAILED\x10\x07\x12\x33\n/UTILITY_PROCESS_CRASHED_WHILE_TRYING_TO_INSTALL\x10\x08\x12\x19\n\x15\x43RX_FILE_NOT_READABLE\x10\t\x12\x16\n\x12\x43RX_HEADER_INVALID\x10\n\x12\x1c\n\x18\x43RX_MAGIC_NUMBER_INVALID\x10\x0b\x12\x1e\n\x1a\x43RX_VERSION_NUMBER_INVALID\x10\x0c\x12*\n&CRX_EXCESSIVELY_LARGE_KEY_OR_SIGNATURE\x10\r\x12\x17\n\x13\x43RX_ZERO_KEY_LENGTH\x10\x0e\x12\x1d\n\x19\x43RX_ZERO_SIGNATURE_LENGTH\x10\x0f\x12\x1a\n\x16\x43RX_PUBLIC_KEY_INVALID\x10\x10\x12\x19\n\x15\x43RX_SIGNATURE_INVALID\x10\x11\x12\x34\n0CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED\x10\x12\x12%\n!CRX_SIGNATURE_VERIFICATION_FAILED\x10\x13\x12#\n\x1f\x45RROR_SERIALIZING_MANIFEST_JSON\x10\x14\x12\x1e\n\x1a\x45RROR_SAVING_MANIFEST_JSON\x10\x15\x12.\n*COULD_NOT_READ_IMAGE_DATA_FROM_DISK_UNUSED\x10\x16\x12\x33\n/DECODED_IMAGES_DO_NOT_MATCH_THE_MANIFEST_UNUSED\x10\x17\x12\"\n\x1eINVALID_PATH_FOR_BROWSER_IMAGE\x10\x18\x12!\n\x1d\x45RROR_REMOVING_OLD_IMAGE_FILE\x10\x19\x12!\n\x1dINVALID_PATH_FOR_BITMAP_IMAGE\x10\x1a\x12!\n\x1d\x45RROR_RE_ENCODING_THEME_IMAGE\x10\x1b\x12\x1c\n\x18\x45RROR_SAVING_THEME_IMAGE\x10\x1c\x12&\n\"DEPRECATED_ABORTED_DUE_TO_SHUTDOWN\x10\x1d\x12\x30\n,COULD_NOT_READ_CATALOG_DATA_FROM_DISK_UNUSED\x10\x1e\x12\x18\n\x14INVALID_CATALOG_DATA\x10\x1f\x12#\n\x1fINVALID_PATH_FOR_CATALOG_UNUSED\x10 \x12\x1d\n\x19\x45RROR_SERIALIZING_CATALOG\x10!\x12\x18\n\x14\x45RROR_SAVING_CATALOG\x10\"\x12 \n\x1c\x43RX_HASH_VERIFICATION_FAILED\x10#\x12\x10\n\x0cUNZIP_FAILED\x10$\x12\x19\n\x15\x44IRECTORY_MOVE_FAILED\x10%\x12\x1c\n\x18\x43RX_FILE_IS_DELTA_UPDATE\x10&\x12\x1d\n\x19\x43RX_EXPECTED_HASH_INVALID\x10\'\x12(\n$DEPRECATED_ERROR_PARSING_DNR_RULESET\x10(\x12\x1e\n\x1a\x45RROR_INDEXING_DNR_RULESET\x10)\x12\x1e\n\x1a\x43RX_REQUIRED_PROOF_MISSING\x10*\x12\x36\n2CRX_HEADER_VERIFIED_CONTENTS_UNCOMPRESSING_FAILURE\x10+\x12\x1f\n\x1bMALFORMED_VERIFIED_CONTENTS\x10,\x12\'\n#COULD_NOT_CREATE_METADATA_DIRECTORY\x10-\x12/\n+COULD_NOT_WRITE_VERIFIED_CONTENTS_INTO_FILE\x10.\"\xc1\x03\n\x14ManifestInvalidError\x12\"\n\x1eMANIFEST_INVALID_ERROR_UNKNOWN\x10\x00\x12\x16\n\x12XML_PARSING_FAILED\x10\x01\x12 \n\x1cINVALID_XLMNS_ON_GUPDATE_TAG\x10\x02\x12\x17\n\x13MISSING_GUPDATE_TAG\x10\x03\x12#\n\x1fINVALID_PROTOCOL_ON_GUPDATE_TAG\x10\x04\x12\x12\n\x0eMISSING_APP_ID\x10\x05\x12\x1d\n\x19MISSING_UPDATE_CHECK_TAGS\x10\x06\x12\x1e\n\x1aMULTIPLE_UPDATE_CHECK_TAGS\x10\x07\x12\x1b\n\x17INVALID_PRODVERSION_MIN\x10\x08\x12\x16\n\x12\x45MPTY_CODEBASE_URL\x10\t\x12\x18\n\x14INVALID_CODEBASE_URL\x10\n\x12$\n MISSING_VERSION_FOR_UPDATE_CHECK\x10\x0b\x12\x13\n\x0fINVALID_VERSION\x10\x0c\x12\x1c\n\x18\x42\x41\x44_UPDATE_SPECIFICATION\x10\r\x12\x12\n\x0e\x42\x41\x44_APP_STATUS\x10\x0e\"\xeb\x05\n\x15\x43rxInstallErrorDetail\x12$\n CRX_INSTALL_ERROR_DETAIL_UNKNOWN\x10\x00\x12+\n\'CONVERT_USER_SCRIPT_TO_EXTENSION_FAILED\x10\x01\x12\x11\n\rUNEXPECTED_ID\x10\x02\x12\x16\n\x12UNEXPECTED_VERSION\x10\x03\x12\x16\n\x12MISMATCHED_VERSION\x10\x04\x12\x1e\n\x1a\x43RX_ERROR_MANIFEST_INVALID\x10\x05\x12\x17\n\x13INSTALL_NOT_ENABLED\x10\x06\x12\x1f\n\x1bOFFSTORE_INSTALL_DISALLOWED\x10\x07\x12\x1e\n\x1aINCORRECT_APP_CONTENT_TYPE\x10\x08\x12\x1e\n\x1aNOT_INSTALLED_FROM_GALLERY\x10\t\x12\x1a\n\x16INCORRECT_INSTALL_HOST\x10\n\x12 \n\x1c\x44\x45PENDENCY_NOT_SHARED_MODULE\x10\x0b\x12\x1a\n\x16\x44\x45PENDENCY_OLD_VERSION\x10\x0c\x12\x1e\n\x1a\x44\x45PENDENCY_NOT_ALLOWLISTED\x10\r\x12\x1c\n\x18UNSUPPORTED_REQUIREMENTS\x10\x0e\x12\x1c\n\x18\x45XTENSION_IS_BLOCKLISTED\x10\x0f\x12\x18\n\x14\x44ISALLOWED_BY_POLICY\x10\x10\x12\x13\n\x0fKIOSK_MODE_ONLY\x10\x11\x12\x1a\n\x16OVERLAPPING_WEB_EXTENT\x10\x12\x12\x1a\n\x16\x43\x41NT_DOWNGRADE_VERSION\x10\x13\x12$\n MOVE_DIRECTORY_TO_PROFILE_FAILED\x10\x14\x12\x17\n\x13\x43\x41NT_LOAD_EXTENSION\x10\x15\x12\x11\n\rUSER_CANCELED\x10\x16\x12\x10\n\x0cUSER_ABORTED\x10\x17\x12!\n\x1dUPDATE_NON_EXISTING_EXTENSION\x10\x18\"\xde\x06\n\x18\x41ppInstallReportLogEvent\x12\x11\n\ttimestamp\x18\x01 \x01(\x03\x12M\n\nevent_type\x18\x02 \x01(\x0e\x32\x39.enterprise_management.AppInstallReportLogEvent.EventType\x12\x16\n\x0estateful_total\x18\x03 \x01(\x03\x12\x15\n\rstateful_free\x18\x04 \x01(\x03\x12\x19\n\x11\x63louddps_response\x18\x05 \x01(\x05\x12\x14\n\x0cphonesky_log\x18\x06 \x01(\t\x12\x0e\n\x06online\x18\x07 \x01(\x08\x12i\n\x19session_state_change_type\x18\x08 \x01(\x0e\x32\x46.enterprise_management.AppInstallReportLogEvent.SessionStateChangeType\x12\x12\n\nandroid_id\x18\t \x01(\x03\"\xff\x02\n\tEventType\x12\x1a\n\x16LOG_EVENT_TYPE_UNKNOWN\x10\x00\x12\x12\n\x0eSERVER_REQUEST\x10\x01\x12\x14\n\x10\x43LOUDDPC_REQUEST\x10\x02\x12\x14\n\x10\x43LOUDDPS_REQUEST\x10\x03\x12\x15\n\x11\x43LOUDDPS_RESPONSE\x10\x04\x12\x10\n\x0cPHONESKY_LOG\x10\x05\x12\x0b\n\x07SUCCESS\x10\x06\x12\x0c\n\x08\x43\x41NCELED\x10\x07\x12\x17\n\x13\x43ONNECTIVITY_CHANGE\x10\x08\x12\x18\n\x14SESSION_STATE_CHANGE\x10\t\x12\x18\n\x14INSTALLATION_STARTED\x10\n\x12\x19\n\x15INSTALLATION_FINISHED\x10\x0b\x12\x17\n\x13INSTALLATION_FAILED\x10\x0c\x12\x12\n\x0e\x44IRECT_INSTALL\x10\r\x12\x1d\n\x19\x43LOUDDPC_MAIN_LOOP_FAILED\x10\x0e\x12\x1e\n\x1aPLAYSTORE_LOCAL_POLICY_SET\x10\x0f\"o\n\x16SessionStateChangeType\x12%\n!SESSION_STATE_CHANGE_TYPE_UNKNOWN\x10\x00\x12\t\n\x05LOGIN\x10\x01\x12\n\n\x06LOGOUT\x10\x02\x12\x0b\n\x07SUSPEND\x10\x03\x12\n\n\x06RESUME\x10\x04\"\x87\x01\n\x16\x45xtensionInstallReport\x12\x14\n\x0c\x65xtension_id\x18\x01 \x01(\t\x12\x12\n\nincomplete\x18\x02 \x01(\x08\x12\x43\n\x04logs\x18\x03 \x03(\x0b\x32\x35.enterprise_management.ExtensionInstallReportLogEvent\"v\n\x10\x41ppInstallReport\x12\x0f\n\x07package\x18\x01 \x01(\t\x12\x12\n\nincomplete\x18\x02 \x01(\x08\x12=\n\x04logs\x18\x03 \x03(\x0b\x32/.enterprise_management.AppInstallReportLogEvent\"_\n\x17\x41ppInstallReportRequest\x12\x44\n\x13\x61pp_install_reports\x18\x01 \x03(\x0b\x32\'.enterprise_management.AppInstallReport\"q\n\x1d\x45xtensionInstallReportRequest\x12P\n\x19\x65xtension_install_reports\x18\x01 \x03(\x0b\x32-.enterprise_management.ExtensionInstallReport\"\x1a\n\x18\x41ppInstallReportResponse\"\xad\x01\n\x15RefreshAccountRequest\x12N\n\x0c\x61\x63\x63ount_type\x18\x01 \x01(\x0e\x32\x38.enterprise_management.RefreshAccountRequest.AccountType\"D\n\x0b\x41\x63\x63ountType\x12\x1c\n\x18\x41\x43\x43OUNT_TYPE_UNSPECIFIED\x10\x00\x12\x17\n\x13\x43HROME_OS_DEMO_MODE\x10\x01\"\x18\n\x16RefreshAccountResponse\"L\n\x19RsuLookupKeyUploadRequest\x12\x10\n\x08\x62oard_id\x18\x01 \x01(\x0c\x12\x1d\n\x15\x63r50_hashed_device_id\x18\x02 \x01(\x0c\"<\n\x1aRsuLookupKeyUploadResponse\x12\x1e\n\x16rsu_lookup_key_updated\x18\x01 \x01(\x08\"Z\n\x0f\x45SimProfileInfo\x12\r\n\x05iccid\x18\x01 \x01(\t\x12\x14\n\x0csmdp_address\x18\x02 \x01(\t\x12\x14\n\x0csmds_address\x18\x03 \x01(\t\x12\x0c\n\x04name\x18\x04 \x01(\t\"\x88\x01\n\x16UploadEuiccInfoRequest\x12\x13\n\x0b\x65uicc_count\x18\x01 \x01(\r\x12=\n\resim_profiles\x18\x02 \x03(\x0b\x32&.enterprise_management.ESimProfileInfo\x12\x1a\n\x12\x63lear_profile_list\x18\x03 \x01(\x08\"\x19\n\x17UploadEuiccInfoResponse\"\xc0\x08\n\rPrintJobEvent\x12U\n\x11job_configuration\x18\x01 \x01(\x0b\x32:.enterprise_management.PrintJobEvent.PrintJobConfiguration\x12@\n\tuser_type\x18\x02 \x01(\x0e\x32-.enterprise_management.PrintJobEvent.UserType\x12=\n\x07printer\x18\x03 \x01(\x0b\x32,.enterprise_management.PrintJobEvent.Printer\x1a\xe1\x01\n\x15PrintJobConfiguration\x12\n\n\x02id\x18\x01 \x01(\t\x12\r\n\x05title\x18\x02 \x01(\t\x12\x0e\n\x06status\x18\x03 \x01(\x05\x12\x1d\n\x15\x63reation_timestamp_ms\x18\x04 \x01(\x03\x12\x1f\n\x17\x63ompletion_timestamp_ms\x18\x05 \x01(\x03\x12\x17\n\x0fnumber_of_pages\x18\x06 \x01(\x05\x12\x44\n\x08settings\x18\x07 \x01(\x0b\x32\x32.enterprise_management.PrintJobEvent.PrintSettings\x1a\x30\n\x07Printer\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x0b\n\x03uri\x18\x02 \x01(\t\x12\n\n\x02id\x18\x03 \x01(\t\x1a\xfa\x03\n\rPrintSettings\x12K\n\x05\x63olor\x18\x01 \x01(\x0e\x32<.enterprise_management.PrintJobEvent.PrintSettings.ColorMode\x12M\n\x06\x64uplex\x18\x02 \x01(\x0e\x32=.enterprise_management.PrintJobEvent.PrintSettings.DuplexMode\x12P\n\nmedia_size\x18\x03 \x01(\x0b\x32<.enterprise_management.PrintJobEvent.PrintSettings.MediaSize\x12\x0e\n\x06\x63opies\x18\x04 \x01(\x05\x1a=\n\tMediaSize\x12\r\n\x05width\x18\x01 \x01(\x05\x12\x0e\n\x06height\x18\x02 \x01(\x05\x12\x11\n\tvendor_id\x18\x03 \x01(\t\"C\n\tColorMode\x12\x16\n\x12UNKNOWN_COLOR_MODE\x10\x00\x12\x13\n\x0f\x42LACK_AND_WHITE\x10\x01\x12\t\n\x05\x43OLOR\x10\x02\"g\n\nDuplexMode\x12\x17\n\x13UNKNOWN_DUPLEX_MODE\x10\x00\x12\r\n\tONE_SIDED\x10\x01\x12\x17\n\x13TWO_SIDED_LONG_EDGE\x10\x02\x12\x18\n\x14TWO_SIDED_SHORT_EDGE\x10\x03\"D\n\x08UserType\x12\x15\n\x11UNKNOWN_USER_TYPE\x10\x00\x12\x0b\n\x07REGULAR\x10\x01\x12\t\n\x05GUEST\x10\x02\x12\t\n\x05KIOSK\x10\x03\"\xe9\x01\n\x03\x41pp\x12\x0e\n\x06\x61pp_id\x18\x01 \x01(\t\x12\x34\n\x08\x61pp_type\x18\x02 \x01(\x0e\x32\".enterprise_management.App.AppType\x12\x19\n\x11\x61\x64\x64itional_app_id\x18\x03 \x03(\t\"\x80\x01\n\x07\x41ppType\x12\x0b\n\x07UNKNOWN\x10\x00\x12\x07\n\x03\x41RC\x10\x01\x12\x0c\n\x08\x42UILT_IN\x10\x02\x12\x0c\n\x08\x43ROSTINI\x10\x03\x12\r\n\tEXTENSION\x10\x04\x12\x07\n\x03WEB\x10\x05\x12\r\n\tPLUGIN_VM\x10\x06\x12\x0c\n\x08\x42OREALIS\x10\x07\x12\x0e\n\nBRUSCHETTA\x10\x08\"\xbe\x02\n\x0b\x41ppActivity\x12,\n\x08\x61pp_info\x18\x01 \x01(\x0b\x32\x1a.enterprise_management.App\x12>\n\x13\x61\x63tive_time_periods\x18\x02 \x03(\x0b\x32!.enterprise_management.TimePeriod\x12\x14\n\x0cpopulated_at\x18\x03 \x01(\x03\x12>\n\tapp_state\x18\x04 \x01(\x0e\x32+.enterprise_management.AppActivity.AppState\"k\n\x08\x41ppState\x12\x0b\n\x07UNKNOWN\x10\x00\x12\x0b\n\x07\x44\x45\x46\x41ULT\x10\x01\x12\x14\n\x10\x41LWAYS_AVAILABLE\x10\x02\x12\x0b\n\x07\x42LOCKED\x10\x03\x12\x11\n\rLIMIT_REACHED\x10\x04\x12\x0f\n\x0bUNINSTALLED\x10\x05\"d\n\x0eScreenTimeSpan\x12\x36\n\x0btime_period\x18\x01 \x01(\x0b\x32!.enterprise_management.TimePeriod\x12\x1a\n\x12\x61\x63tive_duration_ms\x18\x02 \x01(\x03\"\xea\x02\n\x18\x43hildStatusReportRequest\x12\x15\n\ruser_dm_token\x18\x01 \x01(\t\x12\x14\n\x0ctimestamp_ms\x18\x02 \x01(\x03\x12\x11\n\ttime_zone\x18\x03 \x01(\t\x12?\n\x10screen_time_span\x18\x04 \x03(\x0b\x32%.enterprise_management.ScreenTimeSpan\x12<\n\x0e\x61ndroid_status\x18\x05 \x01(\x0b\x32$.enterprise_management.AndroidStatus\x12\x12\n\nos_version\x18\x06 \x01(\t\x12\x11\n\tboot_mode\x18\x07 \x01(\t\x12\x38\n\x0c\x61pp_activity\x18\x08 \x03(\x0b\x32\".enterprise_management.AppActivity\x12.\n\nhidden_app\x18\t \x03(\x0b\x32\x1a.enterprise_management.App\"F\n\x19\x43hildStatusReportResponse\x12\x12\n\nerror_code\x18\x01 \x01(\x05\x12\x15\n\rerror_message\x18\x02 \x01(\t\"\x11\n\x0fStartCsrRequest\"\xe2\x01\n\x10StartCsrResponse\x12\x1a\n\x12invalidation_topic\x18\x01 \x01(\t\x12\x14\n\x0cva_challenge\x18\x02 \x01(\x0c\x12\x42\n\x11hashing_algorithm\x18\x05 \x01(\x0e\x32\'.enterprise_management.HashingAlgorithm\x12\x42\n\x11signing_algorithm\x18\x03 \x01(\x0e\x32\'.enterprise_management.SigningAlgorithm\x12\x14\n\x0c\x64\x61ta_to_sign\x18\x04 \x01(\x0c\"D\n\x10\x46inishCsrRequest\x12\x1d\n\x15va_challenge_response\x18\x01 \x01(\x0c\x12\x11\n\tsignature\x18\x02 \x01(\x0c\"\x13\n\x11\x46inishCsrResponse\"\x15\n\x13\x44ownloadCertRequest\"7\n\x14\x44ownloadCertResponse\x12\x1f\n\x17pem_encoded_certificate\x18\x01 \x01(\t\"\x16\n\x14\x43\x65rtProvStartRequest\"3\n\x15\x43\x65rtProvStartResponse\x12\x1a\n\x12invalidation_topic\x18\x01 \x01(\t\"#\n!CertProvGetNextInstructionRequest\"\xd8\x02\n\"CertProvGetNextInstructionResponse\x12T\n\x15\x61uthorize_instruction\x18\x01 \x01(\x0b\x32\x33.enterprise_management.CertProvAuthorizeInstructionH\x00\x12\x66\n\x1fproof_of_possession_instruction\x18\x02 \x01(\x0b\x32;.enterprise_management.CertProvProofOfPossessionInstructionH\x00\x12\x65\n\x1eimport_certificate_instruction\x18\x03 \x01(\x0b\x32;.enterprise_management.CertProvImportCertificateInstructionH\x00\x42\r\n\x0binstruction\"9\n\x18\x43\x65rtProvAuthorizeRequest\x12\x1d\n\x15va_challenge_response\x18\x01 \x01(\x0c\"\x1b\n\x19\x43\x65rtProvAuthorizeResponse\";\n&CertProvUploadProofOfPossessionRequest\x12\x11\n\tsignature\x18\x01 \x01(\x0c\")\n\'CertProvUploadProofOfPossessionResponse\"4\n\x1c\x43\x65rtProvAuthorizeInstruction\x12\x14\n\x0cva_challenge\x18\x01 \x01(\x0c\"\x8c\x01\n$CertProvProofOfPossessionInstruction\x12\x14\n\x0c\x64\x61ta_to_sign\x18\x01 \x01(\x0c\x12N\n\x13signature_algorithm\x18\x02 \x01(\x0e\x32\x31.enterprise_management.CertProvSignatureAlgorithm\"G\n$CertProvImportCertificateInstruction\x12\x1f\n\x17pem_encoded_certificate\x18\x01 \x01(\t\"\x99\x06\n$ClientCertificateProvisioningRequest\x12+\n#certificate_provisioning_process_id\x18\x10 \x01(\t\x12\x19\n\x11\x63\x65rtificate_scope\x18\x01 \x01(\t\x12\x17\n\x0f\x63\x65rt_profile_id\x18\x02 \x01(\t\x12\x12\n\npublic_key\x18\x03 \x01(\x0c\x12\x17\n\x0f\x64\x65vice_dm_token\x18\x04 \x01(\t\x12\x43\n\x11start_csr_request\x18\x05 \x01(\x0b\x32&.enterprise_management.StartCsrRequestH\x00\x12\x45\n\x12\x66inish_csr_request\x18\x06 \x01(\x0b\x32\'.enterprise_management.FinishCsrRequestH\x00\x12K\n\x15\x64ownload_cert_request\x18\x07 \x01(\x0b\x32*.enterprise_management.DownloadCertRequestH\x00\x12\x44\n\rstart_request\x18\x0c \x01(\x0b\x32+.enterprise_management.CertProvStartRequestH\x00\x12`\n\x1cget_next_instruction_request\x18\r \x01(\x0b\x32\x38.enterprise_management.CertProvGetNextInstructionRequestH\x00\x12L\n\x11\x61uthorize_request\x18\x0e \x01(\x0b\x32/.enterprise_management.CertProvAuthorizeRequestH\x00\x12k\n\"upload_proof_of_possession_request\x18\x0f \x01(\x0b\x32=.enterprise_management.CertProvUploadProofOfPossessionRequestH\x00\x12\x16\n\x0epolicy_version\x18\x08 \x01(\x0c\x42\t\n\x07requestJ\x04\x08\t\x10\x0c\"\xb1\x04\n\x14\x43\x65rtProvBackendError\x12@\n\x05\x65rror\x18\x01 \x01(\x0e\x32\x31.enterprise_management.CertProvBackendError.Error\x12\x15\n\rdebug_message\x18\x02 \x01(\t\"\xbf\x03\n\x05\x45rror\x12\x15\n\x11\x45RROR_UNSPECIFIED\x10\x00\x12\x15\n\x11INVALID_OPERATION\x10\x01\x12\x15\n\x11INCONSISTENT_DATA\x10\x02\x12\x1f\n\x1bIDENTITY_VERIFICATION_ERROR\x10\x03\x12\x16\n\x12\x43PP_ALREADY_EXISTS\x10\x04\x12\x12\n\x0e\x42\x41\x44_PUBLIC_KEY\x10\x05\x12\x15\n\x11INVALID_SIGNATURE\x10\x06\x12!\n\x1dINSTRUCTION_NOT_YET_AVAILABLE\x10\x07\x12\x12\n\x0e\x43\x41_UNAVAILABLE\x10\x08\x12\x0e\n\nCA_FAILURE\x10\t\x12\x15\n\x11PROFILE_NOT_FOUND\x10\n\x12 \n\x1cUSER_PRIMARY_EMAIL_NOT_FOUND\x10\x0b\x12\x1b\n\x17\x43\x41_CONNECTION_NOT_FOUND\x10\x0c\x12\x1a\n\x16PUBSUB_TOPIC_NOT_FOUND\x10\r\x12$\n BAD_ADAPTER_CERTIFICATE_RECEIVED\x10\x0e\x12.\n*CERTIFICATE_PROVISIONING_PROCESS_NOT_FOUND\x10\x0f\"\xb1\x08\n%ClientCertificateProvisioningResponse\x12\x17\n\x0ftry_again_later\x18\x01 \x01(\x03\x12S\n\x05\x65rror\x18\x02 \x01(\x0e\x32\x42.enterprise_management.ClientCertificateProvisioningResponse.ErrorH\x00\x12\x45\n\x12start_csr_response\x18\x03 \x01(\x0b\x32\'.enterprise_management.StartCsrResponseH\x00\x12G\n\x13\x66inish_csr_response\x18\x04 \x01(\x0b\x32(.enterprise_management.FinishCsrResponseH\x00\x12M\n\x16\x64ownload_cert_response\x18\x05 \x01(\x0b\x32+.enterprise_management.DownloadCertResponseH\x00\x12\x46\n\x0estart_response\x18\x07 \x01(\x0b\x32,.enterprise_management.CertProvStartResponseH\x00\x12\x62\n\x1dget_next_instruction_response\x18\x08 \x01(\x0b\x32\x39.enterprise_management.CertProvGetNextInstructionResponseH\x00\x12N\n\x12\x61uthorize_response\x18\t \x01(\x0b\x32\x30.enterprise_management.CertProvAuthorizeResponseH\x00\x12m\n#upload_proof_of_possession_response\x18\n \x01(\x0b\x32>.enterprise_management.CertProvUploadProofOfPossessionResponseH\x00\x12\x44\n\rbackend_error\x18\x0b \x01(\x0b\x32+.enterprise_management.CertProvBackendErrorH\x00\"\xf7\x01\n\x05\x45rror\x12\r\n\tUNDEFINED\x10\x00\x12\r\n\tTIMED_OUT\x10\x01\x12\x1f\n\x1bIDENTITY_VERIFICATION_ERROR\x10\x02\x12\x0c\n\x08\x43\x41_ERROR\x10\x03\x12\x15\n\x11INCONSISTENT_DATA\x10\x04\x12\x12\n\x0e\x42\x41\x44_PUBLIC_KEY\x10\x05\x12 \n\x1c\x42\x41\x44_CA_CERTIFICATE_SPECIFIED\x10\x06\x12#\n\x1f\x42\x41\x44_CLIENT_CERTIFICATE_RECEIVED\x10\x07\x12\x19\n\x15INVALID_CSR_SIGNATURE\x10\x08\x12\x14\n\x10\x43SR_ALREADY_SENT\x10\tB\n\n\x08responseJ\x04\x08\x06\x10\x07\"\xb8\x03\n\x1d\x42rowserPublicKeyUploadRequest\x12\x12\n\npublic_key\x18\x01 \x01(\x0c\x12\x11\n\tsignature\x18\x02 \x01(\x0c\x12[\n\x0fkey_trust_level\x18\x03 \x01(\x0e\x32\x42.enterprise_management.BrowserPublicKeyUploadRequest.KeyTrustLevel\x12N\n\x08key_type\x18\x04 \x01(\x0e\x32<.enterprise_management.BrowserPublicKeyUploadRequest.KeyType\x12\x1d\n\x15provision_certificate\x18\x05 \x01(\x08\"f\n\rKeyTrustLevel\x12\x1f\n\x1bKEY_TRUST_LEVEL_UNSPECIFIED\x10\x00\x12\x19\n\x15\x43HROME_BROWSER_HW_KEY\x10\x01\x12\x19\n\x15\x43HROME_BROWSER_OS_KEY\x10\x02\"<\n\x07KeyType\x12\x18\n\x14KEY_TYPE_UNSPECIFIED\x10\x00\x12\x0b\n\x07RSA_KEY\x10\x01\x12\n\n\x06\x45\x43_KEY\x10\x02\"\xdf\x01\n\x1e\x42rowserPublicKeyUploadResponse\x12Y\n\rresponse_code\x18\x01 \x01(\x0e\x32\x42.enterprise_management.BrowserPublicKeyUploadResponse.ResponseCode\x12\x1f\n\x17pem_encoded_certificate\x18\x02 \x01(\t\"A\n\x0cResponseCode\x12\r\n\tUNDEFINED\x10\x00\x12\x0b\n\x07SUCCESS\x10\x01\x12\x15\n\x11INVALID_SIGNATURE\x10\x02\"\xf3\x01\n FmRegistrationTokenUploadRequest\x12\r\n\x05token\x18\x01 \x01(\t\x12\x18\n\x10protocol_version\x18\x02 \x01(\x03\x12U\n\ntoken_type\x18\x03 \x01(\x0e\x32\x41.enterprise_management.FmRegistrationTokenUploadRequest.TokenType\x12\x1f\n\x17\x65xpiration_timestamp_ms\x18\x04 \x01(\x03\".\n\tTokenType\x12\n\n\x06\x44\x45VICE\x10\x00\x12\x0b\n\x07\x42ROWSER\x10\x01\x12\x08\n\x04USER\x10\x02\"#\n!FmRegistrationTokenUploadResponse\"\xae\x1d\n\x17\x44\x65viceManagementRequest\x12\x46\n\x10register_request\x18\x01 \x01(\x0b\x32,.enterprise_management.DeviceRegisterRequest\x12J\n\x12unregister_request\x18\x02 \x01(\x0b\x32..enterprise_management.DeviceUnregisterRequest\x12\x42\n\x0epolicy_request\x18\x03 \x01(\x0b\x32*.enterprise_management.DevicePolicyRequest\x12V\n\x1c\x64\x65vice_status_report_request\x18\x04 \x01(\x0b\x32\x30.enterprise_management.DeviceStatusReportRequest\x12X\n\x1dsession_status_report_request\x18\x05 \x01(\x0b\x32\x31.enterprise_management.SessionStatusReportRequest\x12T\n\x1b\x63hild_status_report_request\x18\x1e \x01(\x0b\x32/.enterprise_management.ChildStatusReportRequest\x12S\n\x17\x61uto_enrollment_request\x18\x06 \x01(\x0b\x32\x32.enterprise_management.DeviceAutoEnrollmentRequest\x12K\n\x13\x63\x65rt_upload_request\x18\x07 \x01(\x0b\x32..enterprise_management.DeviceCertUploadRequest\x12X\n\x1aservice_api_access_request\x18\x08 \x01(\x0b\x32\x34.enterprise_management.DeviceServiceApiAccessRequest\x12Z\n\x1e\x64\x65vice_state_retrieval_request\x18\t \x01(\x0b\x32\x32.enterprise_management.DeviceStateRetrievalRequest\x12[\n\x1f\x64\x65vice_state_key_update_request\x18\n \x01(\x0b\x32\x32.enterprise_management.DeviceStateKeyUpdateRequest\x12K\n\x16\x64\x65vice_pairing_request\x18\x0b \x01(\x0b\x32+.enterprise_management.DevicePairingRequest\x12V\n\x1c\x63heck_device_pairing_request\x18\x0c \x01(\x0b\x32\x30.enterprise_management.CheckDevicePairingRequest\x12Q\n\x16remote_command_request\x18\r \x01(\x0b\x32\x31.enterprise_management.DeviceRemoteCommandRequest\x12q\n*device_attribute_update_permission_request\x18\x0e \x01(\x0b\x32=.enterprise_management.DeviceAttributeUpdatePermissionRequest\x12\\\n\x1f\x64\x65vice_attribute_update_request\x18\x0f \x01(\x0b\x32\x33.enterprise_management.DeviceAttributeUpdateRequest\x12H\n\x15gcm_id_update_request\x18\x10 \x01(\x0b\x32).enterprise_management.GcmIdUpdateRequest\x12^\n check_android_management_request\x18\x11 \x01(\x0b\x32\x34.enterprise_management.CheckAndroidManagementRequest\x12h\n\"certificate_based_register_request\x18\x12 \x01(\x0b\x32<.enterprise_management.CertificateBasedDeviceRegisterRequest\x12n\n)active_directory_enroll_play_user_request\x18\x13 \x01(\x0b\x32;.enterprise_management.ActiveDirectoryEnrollPlayUserRequest\x12i\n&active_directory_play_activity_request\x18\x14 \x01(\x0b\x32\x39.enterprise_management.ActiveDirectoryPlayActivityRequest\x12\x65\n\'check_device_license_request_deprecated\x18\x15 \x01(\x0b\x32\x30.enterprise_management.CheckDeviceLicenseRequestB\x02\x18\x01\x12\x65\n$active_directory_user_signin_request\x18\x16 \x01(\x0b\x32\x37.enterprise_management.ActiveDirectoryUserSigninRequest\x12O\n\x18register_browser_request\x18\x17 \x01(\x0b\x32-.enterprise_management.RegisterBrowserRequest\x12R\n\x1a\x61pp_install_report_request\x18\x19 \x01(\x0b\x32..enterprise_management.AppInstallReportRequest\x12X\n\x1d\x63hrome_desktop_report_request\x18\x1a \x01(\x0b\x32\x31.enterprise_management.ChromeDesktopReportRequest\x12^\n policy_validation_report_request\x18\x1b \x01(\x0b\x32\x34.enterprise_management.PolicyValidationReportRequest\x12k\n\'device_initial_enrollment_state_request\x18\x1c \x01(\x0b\x32:.enterprise_management.DeviceInitialEnrollmentStateRequest\x12M\n\x17refresh_account_request\x18\x1d \x01(\x0b\x32,.enterprise_management.RefreshAccountRequest\x12W\n\x1drsu_lookup_key_upload_request\x18\x1f \x01(\x0b\x32\x30.enterprise_management.RsuLookupKeyUploadRequest\x12N\n\x18public_saml_user_request\x18 \x01(\x0b\x32,.enterprise_management.PublicSamlUserRequest\x12W\n\x1d\x63hrome_os_user_report_request\x18! \x01(\x0b\x32\x30.enterprise_management.ChromeOsUserReportRequest\x12l\n\'client_certificate_provisioning_request\x18\" \x01(\x0b\x32;.enterprise_management.ClientCertificateProvisioningRequest\x12^\n extension_install_report_request\x18# \x01(\x0b\x32\x34.enterprise_management.ExtensionInstallReportRequest\x12R\n\x1a\x63heck_user_account_request\x18$ \x01(\x0b\x32..enterprise_management.CheckUserAccountRequest\x12Z\n\x1eprivate_set_membership_request\x18% \x01(\x0b\x32\x32.enterprise_management.PrivateSetMembershipRequest\x12_\n!browser_public_key_upload_request\x18& \x01(\x0b\x32\x34.enterprise_management.BrowserPublicKeyUploadRequest\x12P\n\x19upload_euicc_info_request\x18\' \x01(\x0b\x32-.enterprise_management.UploadEuiccInfoRequest\x12X\n\x1d\x63hrome_profile_report_request\x18( \x01(\x0b\x32\x31.enterprise_management.ChromeProfileReportRequest\x12\x63\n#token_based_device_register_request\x18) \x01(\x0b\x32\x36.enterprise_management.TokenBasedDeviceRegisterRequest\x12\x65\n$fm_registration_token_upload_request\x18* \x01(\x0b\x32\x37.enterprise_management.FmRegistrationTokenUploadRequestJ\x04\x08\x18\x10\x19\"\xe8\x1b\n\x18\x44\x65viceManagementResponse\x12\x15\n\rerror_message\x18\x02 \x01(\t\x12H\n\x0c\x65rror_detail\x18\' \x03(\x0e\x32\x32.enterprise_management.DeviceManagementErrorDetail\x12H\n\x11register_response\x18\x03 \x01(\x0b\x32-.enterprise_management.DeviceRegisterResponse\x12L\n\x13unregister_response\x18\x04 \x01(\x0b\x32/.enterprise_management.DeviceUnregisterResponse\x12\x44\n\x0fpolicy_response\x18\x05 \x01(\x0b\x32+.enterprise_management.DevicePolicyResponse\x12X\n\x1d\x64\x65vice_status_report_response\x18\x06 \x01(\x0b\x32\x31.enterprise_management.DeviceStatusReportResponse\x12Z\n\x1esession_status_report_response\x18\x07 \x01(\x0b\x32\x32.enterprise_management.SessionStatusReportResponse\x12V\n\x1c\x63hild_status_report_response\x18\x1d \x01(\x0b\x32\x30.enterprise_management.ChildStatusReportResponse\x12U\n\x18\x61uto_enrollment_response\x18\x08 \x01(\x0b\x32\x33.enterprise_management.DeviceAutoEnrollmentResponse\x12M\n\x14\x63\x65rt_upload_response\x18\t \x01(\x0b\x32/.enterprise_management.DeviceCertUploadResponse\x12Z\n\x1bservice_api_access_response\x18\n \x01(\x0b\x32\x35.enterprise_management.DeviceServiceApiAccessResponse\x12\\\n\x1f\x64\x65vice_state_retrieval_response\x18\x0b \x01(\x0b\x32\x33.enterprise_management.DeviceStateRetrievalResponse\x12M\n\x17\x64\x65vice_pairing_response\x18\x0c \x01(\x0b\x32,.enterprise_management.DevicePairingResponse\x12X\n\x1d\x63heck_device_pairing_response\x18\r \x01(\x0b\x32\x31.enterprise_management.CheckDevicePairingResponse\x12S\n\x17remote_command_response\x18\x0e \x01(\x0b\x32\x32.enterprise_management.DeviceRemoteCommandResponse\x12s\n+device_attribute_update_permission_response\x18\x0f \x01(\x0b\x32>.enterprise_management.DeviceAttributeUpdatePermissionResponse\x12^\n device_attribute_update_response\x18\x10 \x01(\x0b\x32\x34.enterprise_management.DeviceAttributeUpdateResponse\x12J\n\x16gcm_id_update_response\x18\x11 \x01(\x0b\x32*.enterprise_management.GcmIdUpdateResponse\x12`\n!check_android_management_response\x18\x12 \x01(\x0b\x32\x35.enterprise_management.CheckAndroidManagementResponse\x12p\n*active_directory_enroll_play_user_response\x18\x13 \x01(\x0b\x32<.enterprise_management.ActiveDirectoryEnrollPlayUserResponse\x12k\n\'active_directory_play_activity_response\x18\x14 \x01(\x0b\x32:.enterprise_management.ActiveDirectoryPlayActivityResponse\x12g\n(check_device_license_response_deprecated\x18\x15 \x01(\x0b\x32\x31.enterprise_management.CheckDeviceLicenseResponseB\x02\x18\x01\x12g\n%active_directory_user_signin_response\x18\x16 \x01(\x0b\x32\x38.enterprise_management.ActiveDirectoryUserSigninResponse\x12Z\n\x1e\x63hrome_desktop_report_response\x18\x17 \x01(\x0b\x32\x32.enterprise_management.ChromeDesktopReportResponse\x12T\n\x1b\x61pp_install_report_response\x18\x19 \x01(\x0b\x32/.enterprise_management.AppInstallReportResponse\x12`\n!policy_validation_report_response\x18\x1a \x01(\x0b\x32\x35.enterprise_management.PolicyValidationReportResponse\x12m\n(device_initial_enrollment_state_response\x18\x1b \x01(\x0b\x32;.enterprise_management.DeviceInitialEnrollmentStateResponse\x12O\n\x18refresh_account_response\x18\x1c \x01(\x0b\x32-.enterprise_management.RefreshAccountResponse\x12Y\n\x1ersu_lookup_key_upload_response\x18\x1e \x01(\x0b\x32\x31.enterprise_management.RsuLookupKeyUploadResponse\x12P\n\x19public_saml_user_response\x18\x1f \x01(\x0b\x32-.enterprise_management.PublicSamlUserResponse\x12Y\n\x1e\x63hrome_os_user_report_response\x18 \x01(\x0b\x32\x31.enterprise_management.ChromeOsUserReportResponse\x12n\n(client_certificate_provisioning_response\x18! \x01(\x0b\x32<.enterprise_management.ClientCertificateProvisioningResponse\x12T\n\x1b\x63heck_user_account_response\x18\" \x01(\x0b\x32/.enterprise_management.CheckUserAccountResponse\x12\\\n\x1fprivate_set_membership_response\x18# \x01(\x0b\x32\x33.enterprise_management.PrivateSetMembershipResponse\x12\x61\n\"browser_public_key_upload_response\x18$ \x01(\x0b\x32\x35.enterprise_management.BrowserPublicKeyUploadResponse\x12R\n\x1aupload_euicc_info_response\x18% \x01(\x0b\x32..enterprise_management.UploadEuiccInfoResponse\x12Z\n\x1e\x63hrome_profile_report_response\x18& \x01(\x0b\x32\x32.enterprise_management.ChromeProfileReportResponse\x12\x65\n$token_based_device_register_response\x18( \x01(\x0b\x32\x37.enterprise_management.TokenBasedDeviceRegisterResponse\x12g\n%fm_registration_token_upload_response\x18) \x01(\x0b\x32\x38.enterprise_management.FmRegistrationTokenUploadResponseJ\x04\x08\x01\x10\x02J\x04\x08\x18\x10\x19\"5\n\x18\x44\x65viceStateRetrievalInfo\x12\x19\n\x11has_initial_state\x18\x01 \x01(\x08*\xf0\x01\n\x0fUserSessionType\x12\x1d\n\x19USER_SESSION_TYPE_UNKNOWN\x10\x00\x12\x1f\n\x1b\x41UTO_LAUNCHED_KIOSK_SESSION\x10\x01\x12#\n\x1fMANUALLY_LAUNCHED_KIOSK_SESSION\x10\x02\x12\x1b\n\x17\x41\x46\x46ILIATED_USER_SESSION\x10\x03\x12\x1d\n\x19UNAFFILIATED_USER_SESSION\x10\x04\x12\x19\n\x15MANAGED_GUEST_SESSION\x10\x05\x12\x11\n\rGUEST_SESSION\x10\x06\x12\x0e\n\nNO_SESSION\x10\x07*e\n\x0e\x43rdSessionType\x12\x1c\n\x18\x43RD_SESSION_TYPE_UNKNOWN\x10\x00\x12\x19\n\x15REMOTE_ACCESS_SESSION\x10\x01\x12\x1a\n\x16REMOTE_SUPPORT_SESSION\x10\x02*\xf6\x01\n\x16\x43rdSessionAvailability\x12$\n CRD_SESSION_AVAILABILITY_UNKNOWN\x10\x00\x12\r\n\tAVAILABLE\x10\x01\x12-\n)UNAVAILABLE_UNSUPPORTED_USER_SESSION_TYPE\x10\x02\x12%\n!UNAVAILABLE_UNMANAGED_ENVIRONMENT\x10\x03\x12-\n)UNAVAILABLE_UNSUPPORTED_DEVICE_OS_VERSION\x10\x04\x12\"\n\x1eUNAVAILABLE_DISABLED_BY_POLICY\x10\x05*\xd0\x02\n\x19StartCrdSessionResultCode\x12-\n START_CRD_SESSION_RESULT_UNKNOWN\x10\xff\xff\xff\xff\xff\xff\xff\xff\xff\x01\x12\x1d\n\x19START_CRD_SESSION_SUCCESS\x10\x00\x12\x16\n\x12SERVICES_NOT_READY\x10\x01\x12!\n\x1d\x46\x41ILURE_UNSUPPORTED_USER_TYPE\x10\x02\x12\x14\n\x10\x46\x41ILURE_NOT_IDLE\x10\x03\x12\x1a\n\x16\x46\x41ILURE_NO_OAUTH_TOKEN\x10\x04\x12\x19\n\x15\x46\x41ILURE_NO_ICE_CONFIG\x10\x05\x12\x1a\n\x16\x46\x41ILURE_CRD_HOST_ERROR\x10\x06\x12!\n\x1d\x46\x41ILURE_UNMANAGED_ENVIRONMENT\x10\x07\x12\x1e\n\x1a\x46\x41ILURE_DISABLED_BY_POLICY\x10\x08*\xee\x01\n\x1c\x46\x65tchSupportPacketResultCode\x12\x30\n,FETCH_SUPPORT_PACKET_RESULT_CODE_UNSPECIFIED\x10\x00\x12\'\n#FETCH_SUPPORT_PACKET_RESULT_SUCCESS\x10\x01\x12\x1f\n\x1b\x46\x41ILURE_COMMAND_NOT_ENABLED\x10\x02\x12\x1a\n\x16\x46\x41ILURE_EXPORTING_FILE\x10\x03\x12\x1e\n\x1a\x46\x41ILURE_REPORTING_PIPELINE\x10\x04\x12\x16\n\x12\x46\x41ILURE_LOG_UPLOAD\x10\x05*p\n\x1c\x46\x65tchSupportPacketResultNote\x12\x33\n/FETCH_SUPPORT_PACKET_RESULT_PAYLOAD_UNSPECIFIED\x10\x00\x12\x1b\n\x17WARNING_PII_NOT_ALLOWED\x10\x01*i\n\x07\x43hannel\x12\x13\n\x0f\x43HANNEL_UNKNOWN\x10\x00\x12\x12\n\x0e\x43HANNEL_CANARY\x10\x01\x12\x0f\n\x0b\x43HANNEL_DEV\x10\x02\x12\x10\n\x0c\x43HANNEL_BETA\x10\x03\x12\x12\n\x0e\x43HANNEL_STABLE\x10\x04*\xab\x01\n\x0e\x42usDeviceClass\x12\x1c\n\x18\x44\x45VICE_CLASS_UNSPECIFIED\x10\x00\x12\x16\n\x12\x44ISPLAY_CONTROLLER\x10\x01\x12\x17\n\x13\x45THERNET_CONTROLLER\x10\x02\x12\x17\n\x13WIRELESS_CONTROLLER\x10\x03\x12\x15\n\x11\x42LUETOOTH_ADAPTER\x10\x04\x12\x1a\n\x16THUNDERBOLT_CONTROLLER\x10\x05*R\n\x07\x42usType\x12\x18\n\x14\x42US_TYPE_UNSPECIFIED\x10\x00\x12\x0b\n\x07PCI_BUS\x10\x01\x12\x0b\n\x07USB_BUS\x10\x02\x12\x13\n\x0fTHUNDERBOLT_BUS\x10\x03*q\n\x0f\x43rostiniAppType\x12\x1e\n\x1a\x43ROSTINI_APP_TYPE_TERMINAL\x10\x00\x12!\n\x1d\x43ROSTINI_APP_TYPE_INTERACTIVE\x10\x01\x12\x1b\n\x17\x43ROSTINI_APP_TYPE_OTHER\x10\x02*X\n\x10HashingAlgorithm\x12!\n\x1dHASHING_ALGORITHM_UNSPECIFIED\x10\x00\x12\x08\n\x04SHA1\x10\x01\x12\n\n\x06SHA256\x10\x02\x12\x0b\n\x07NO_HASH\x10\x03*I\n\x10SigningAlgorithm\x12!\n\x1dSIGNING_ALGORITHM_UNSPECIFIED\x10\x00\x12\x12\n\x0eRSA_PKCS1_V1_5\x10\x01*q\n\x1a\x43\x65rtProvSignatureAlgorithm\x12#\n\x1fSIGNATURE_ALGORITHM_UNSPECIFIED\x10\x00\x12.\n*SIGNATURE_ALGORITHM_RSA_PKCS1_V1_5_NO_HASH\x10\x01*\x9a\x01\n\x1b\x44\x65viceManagementErrorDetail\x12\x13\n\x0fNO_ERROR_DETAIL\x10\x00\x12\x30\n,CBCM_DELETION_POLICY_PREFERENCE_DELETE_TOKEN\x10\x01\x12\x34\n0CBCM_DELETION_POLICY_PREFERENCE_INVALIDATE_TOKEN\x10\x02\x42/H\x03Z+chromium/policy/enterprise_management_proto')
+
+_builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, globals())
+_builder.BuildTopDescriptorsAndMessages(DESCRIPTOR, 'device_management_pb2', globals())
+if _descriptor._USE_C_DESCRIPTORS == False:
+
+ DESCRIPTOR._options = None
+ DESCRIPTOR._serialized_options = b'H\003Z+chromium/policy/enterprise_management_proto'
+ _POLICYFETCHRESPONSE.fields_by_name['new_public_key_verification_signature_deprecated']._options = None
+ _POLICYFETCHRESPONSE.fields_by_name['new_public_key_verification_signature_deprecated']._serialized_options = b'\030\001'
+ _POLICYFETCHRESPONSE.fields_by_name['policy_type']._options = None
+ _POLICYFETCHRESPONSE.fields_by_name['policy_type']._serialized_options = b'\030\001'
+ _BOOTINFO.fields_by_name['secure_boot']._options = None
+ _BOOTINFO.fields_by_name['secure_boot']._serialized_options = b'\030\001'
+ _DEVICESTATUSREPORTREQUEST.fields_by_name['cpu_utilization_pct_samples']._options = None
+ _DEVICESTATUSREPORTREQUEST.fields_by_name['cpu_utilization_pct_samples']._serialized_options = b'\030\001'
+ _DEVICESTATUSREPORTREQUEST.fields_by_name['system_ram_free_samples']._options = None
+ _DEVICESTATUSREPORTREQUEST.fields_by_name['system_ram_free_samples']._serialized_options = b'\030\001'
+ _CHROMEDESKTOPREPORTREQUEST.fields_by_name['machine_name']._options = None
+ _CHROMEDESKTOPREPORTREQUEST.fields_by_name['machine_name']._serialized_options = b'\030\001'
+ _CHROMEDESKTOPREPORTREQUEST.fields_by_name['serial_number']._options = None
+ _CHROMEDESKTOPREPORTREQUEST.fields_by_name['serial_number']._serialized_options = b'\030\001'
+ _CHROMEDESKTOPREPORTREQUEST.fields_by_name['computer_name']._options = None
+ _CHROMEDESKTOPREPORTREQUEST.fields_by_name['computer_name']._serialized_options = b'\030\001'
+ _LICENSEAVAILABILITY.fields_by_name['license_type_deprecated']._options = None
+ _LICENSEAVAILABILITY.fields_by_name['license_type_deprecated']._serialized_options = b'\030\001'
+ _LICENSEAVAILABILITY.fields_by_name['available_licenses_deprecated']._options = None
+ _LICENSEAVAILABILITY.fields_by_name['available_licenses_deprecated']._serialized_options = b'\030\001'
+ _CHECKDEVICELICENSERESPONSE.fields_by_name['license_selection_mode_deprecated']._options = None
+ _CHECKDEVICELICENSERESPONSE.fields_by_name['license_selection_mode_deprecated']._serialized_options = b'\030\001'
+ _CHECKDEVICELICENSERESPONSE.fields_by_name['license_availabilities_deprecated']._options = None
+ _CHECKDEVICELICENSERESPONSE.fields_by_name['license_availabilities_deprecated']._serialized_options = b'\030\001'
+ _TPMSTATUSINFO.fields_by_name['boot_lockbox_finalized']._options = None
+ _TPMSTATUSINFO.fields_by_name['boot_lockbox_finalized']._serialized_options = b'\030\001'
+ _EXTENSIONINSTALLREPORTLOGEVENT_USERTYPE.values_by_name["USER_TYPE_SUPERVISED_DEPRECATED"]._options = None
+ _EXTENSIONINSTALLREPORTLOGEVENT_USERTYPE.values_by_name["USER_TYPE_SUPERVISED_DEPRECATED"]._serialized_options = b'\010\001'
+ _DEVICEMANAGEMENTREQUEST.fields_by_name['check_device_license_request_deprecated']._options = None
+ _DEVICEMANAGEMENTREQUEST.fields_by_name['check_device_license_request_deprecated']._serialized_options = b'\030\001'
+ _DEVICEMANAGEMENTRESPONSE.fields_by_name['check_device_license_response_deprecated']._options = None
+ _DEVICEMANAGEMENTRESPONSE.fields_by_name['check_device_license_response_deprecated']._serialized_options = b'\030\001'
+ _USERSESSIONTYPE._serialized_start=57473
+ _USERSESSIONTYPE._serialized_end=57713
+ _CRDSESSIONTYPE._serialized_start=57715
+ _CRDSESSIONTYPE._serialized_end=57816
+ _CRDSESSIONAVAILABILITY._serialized_start=57819
+ _CRDSESSIONAVAILABILITY._serialized_end=58065
+ _STARTCRDSESSIONRESULTCODE._serialized_start=58068
+ _STARTCRDSESSIONRESULTCODE._serialized_end=58404
+ _FETCHSUPPORTPACKETRESULTCODE._serialized_start=58407
+ _FETCHSUPPORTPACKETRESULTCODE._serialized_end=58645
+ _FETCHSUPPORTPACKETRESULTNOTE._serialized_start=58647
+ _FETCHSUPPORTPACKETRESULTNOTE._serialized_end=58759
+ _CHANNEL._serialized_start=58761
+ _CHANNEL._serialized_end=58866
+ _BUSDEVICECLASS._serialized_start=58869
+ _BUSDEVICECLASS._serialized_end=59040
+ _BUSTYPE._serialized_start=59042
+ _BUSTYPE._serialized_end=59124
+ _CROSTINIAPPTYPE._serialized_start=59126
+ _CROSTINIAPPTYPE._serialized_end=59239
+ _HASHINGALGORITHM._serialized_start=59241
+ _HASHINGALGORITHM._serialized_end=59329
+ _SIGNINGALGORITHM._serialized_start=59331
+ _SIGNINGALGORITHM._serialized_end=59404
+ _CERTPROVSIGNATUREALGORITHM._serialized_start=59406
+ _CERTPROVSIGNATUREALGORITHM._serialized_end=59519
+ _DEVICEMANAGEMENTERRORDETAIL._serialized_start=59522
+ _DEVICEMANAGEMENTERRORDETAIL._serialized_end=59676
+ _LICENSETYPE._serialized_start=82
+ _LICENSETYPE._serialized_end=267
+ _LICENSETYPE_LICENSETYPEENUM._serialized_start=171
+ _LICENSETYPE_LICENSETYPEENUM._serialized_end=267
+ _SIGNEDDATA._serialized_start=269
+ _SIGNEDDATA._serialized_end=340
+ _CHECKUSERACCOUNTREQUEST._serialized_start=342
+ _CHECKUSERACCOUNTREQUEST._serialized_end=428
+ _DEVICEREGISTERREQUEST._serialized_start=431
+ _DEVICEREGISTERREQUEST._serialized_end=2617
+ _DEVICEREGISTERREQUEST_TYPE._serialized_start=1374
+ _DEVICEREGISTERREQUEST_TYPE._serialized_end=1467
+ _DEVICEREGISTERREQUEST_FLAVOR._serialized_start=1470
+ _DEVICEREGISTERREQUEST_FLAVOR._serialized_end=2325
+ _DEVICEREGISTERREQUEST_LIFETIME._serialized_start=2327
+ _DEVICEREGISTERREQUEST_LIFETIME._serialized_end=2415
+ _DEVICEREGISTERREQUEST_PSMEXECUTIONRESULT._serialized_start=2418
+ _DEVICEREGISTERREQUEST_PSMEXECUTIONRESULT._serialized_end=2605
+ _DEVICEREGISTERIDENTIFICATION._serialized_start=2619
+ _DEVICEREGISTERIDENTIFICATION._serialized_end=2677
+ _CHECKUSERACCOUNTRESPONSE._serialized_start=2680
+ _CHECKUSERACCOUNTRESPONSE._serialized_end=3107
+ _CHECKUSERACCOUNTRESPONSE_USERACCOUNTTYPE._serialized_start=2925
+ _CHECKUSERACCOUNTRESPONSE_USERACCOUNTTYPE._serialized_end=3014
+ _CHECKUSERACCOUNTRESPONSE_ENROLLMENTNUDGETYPE._serialized_start=3016
+ _CHECKUSERACCOUNTRESPONSE_ENROLLMENTNUDGETYPE._serialized_end=3107
+ _DEVICEREGISTERRESPONSE._serialized_start=3110
+ _DEVICEREGISTERRESPONSE._serialized_end=3665
+ _DEVICEREGISTERRESPONSE_DEVICEMODE._serialized_start=3502
+ _DEVICEREGISTERRESPONSE_DEVICEMODE._serialized_end=3589
+ _DEVICEREGISTERRESPONSE_THIRDPARTYIDENTITYTYPE._serialized_start=3591
+ _DEVICEREGISTERRESPONSE_THIRDPARTYIDENTITYTYPE._serialized_end=3659
+ _DEVICEUNREGISTERREQUEST._serialized_start=3667
+ _DEVICEUNREGISTERREQUEST._serialized_end=3692
+ _DEVICEUNREGISTERRESPONSE._serialized_start=3694
+ _DEVICEUNREGISTERRESPONSE._serialized_end=3720
+ _DEVICECERTUPLOADREQUEST._serialized_start=3723
+ _DEVICECERTUPLOADREQUEST._serialized_end=4017
+ _DEVICECERTUPLOADREQUEST_CERTIFICATETYPE._serialized_start=3891
+ _DEVICECERTUPLOADREQUEST_CERTIFICATETYPE._serialized_end=4017
+ _DEVICECERTUPLOADRESPONSE._serialized_start=4019
+ _DEVICECERTUPLOADRESPONSE._serialized_end=4045
+ _DEVICESERVICEAPIACCESSREQUEST._serialized_start=4048
+ _DEVICESERVICEAPIACCESSREQUEST._serialized_end=4302
+ _DEVICESERVICEAPIACCESSREQUEST_DEVICETYPE._serialized_start=4214
+ _DEVICESERVICEAPIACCESSREQUEST_DEVICETYPE._serialized_end=4302
+ _DEVICESERVICEAPIACCESSRESPONSE._serialized_start=4304
+ _DEVICESERVICEAPIACCESSRESPONSE._serialized_end=4355
+ _BROWSERDEVICEIDENTIFIER._serialized_start=4357
+ _BROWSERDEVICEIDENTIFIER._serialized_end=4434
+ _POLICYFETCHREQUEST._serialized_start=4437
+ _POLICYFETCHREQUEST._serialized_end=4970
+ _POLICYFETCHREQUEST_SIGNATURETYPE._serialized_start=4909
+ _POLICYFETCHREQUEST_SIGNATURETYPE._serialized_end=4964
+ _DISABLEDSTATE._serialized_start=4972
+ _DISABLEDSTATE._serialized_end=5004
+ _DEVICESTATE._serialized_start=5007
+ _DEVICESTATE._serialized_end=5234
+ _DEVICESTATE_DEVICEMODE._serialized_start=5172
+ _DEVICESTATE_DEVICEMODE._serialized_end=5234
+ _CUSTOMERLOGO._serialized_start=5236
+ _CUSTOMERLOGO._serialized_end=5268
+ _POLICYDATA._serialized_start=5271
+ _POLICYDATA._serialized_end=6951
+ _POLICYDATA_ASSOCIATIONSTATE._serialized_start=6450
+ _POLICYDATA_ASSOCIATIONSTATE._serialized_end=6514
+ _POLICYDATA_MANAGEMENTMODE._serialized_start=6516
+ _POLICYDATA_MANAGEMENTMODE._serialized_end=6604
+ _POLICYDATA_MARKETSEGMENT._serialized_start=6606
+ _POLICYDATA_MARKETSEGMENT._serialized_end=6702
+ _POLICYDATA_METRICSLOGSEGMENT._serialized_start=6704
+ _POLICYDATA_METRICSLOGSEGMENT._serialized_end=6796
+ _CLIENTACTIONREQUIRED._serialized_start=6953
+ _CLIENTACTIONREQUIRED._serialized_end=7014
+ _POLICYFETCHRESPONSE._serialized_start=7017
+ _POLICYFETCHRESPONSE._serialized_end=7465
+ _DEPRECATEDPOLICYPUBLICKEYANDDOMAIN._serialized_start=7467
+ _DEPRECATEDPOLICYPUBLICKEYANDDOMAIN._serialized_end=7543
+ _PUBLICKEYVERIFICATIONDATA._serialized_start=7545
+ _PUBLICKEYVERIFICATIONDATA._serialized_end=7644
+ _DEVICEPOLICYREQUEST._serialized_start=7647
+ _DEVICEPOLICYREQUEST._serialized_end=8525
+ _DEVICEPOLICYREQUEST_REASON._serialized_start=7799
+ _DEVICEPOLICYREQUEST_REASON._serialized_end=8525
+ _DEVICEPOLICYRESPONSE._serialized_start=8527
+ _DEVICEPOLICYRESPONSE._serialized_end=8612
+ _TIMEPERIOD._serialized_start=8614
+ _TIMEPERIOD._serialized_end=8674
+ _ACTIVETIMEPERIOD._serialized_start=8677
+ _ACTIVETIMEPERIOD._serialized_end=9029
+ _ACTIVETIMEPERIOD_SESSIONTYPE._serialized_start=8874
+ _ACTIVETIMEPERIOD_SESSIONTYPE._serialized_end=9029
+ _NETWORKINTERFACE._serialized_start=9032
+ _NETWORKINTERFACE._serialized_end=9335
+ _NETWORKINTERFACE_NETWORKDEVICETYPE._serialized_start=9237
+ _NETWORKINTERFACE_NETWORKDEVICETYPE._serialized_end=9335
+ _NETWORKSTATE._serialized_start=9338
+ _NETWORKSTATE._serialized_end=9675
+ _NETWORKSTATE_CONNECTIONSTATE._serialized_start=9517
+ _NETWORKSTATE_CONNECTIONSTATE._serialized_end=9675
+ _DEVICEUSER._serialized_start=9678
+ _DEVICEUSER._serialized_end=9823
+ _DEVICEUSER_USERTYPE._serialized_start=9765
+ _DEVICEUSER_USERTYPE._serialized_end=9823
+ _VOLUMEINFO._serialized_start=9825
+ _VOLUMEINFO._serialized_end=9901
+ _CPUUTILIZATIONINFO._serialized_start=9903
+ _CPUUTILIZATIONINFO._serialized_end=9971
+ _SYSTEMFREERAMINFO._serialized_start=9973
+ _SYSTEMFREERAMINFO._serialized_end=10034
+ _CPUTEMPINFO._serialized_start=10036
+ _CPUTEMPINFO._serialized_end=10105
+ _STATEFULPARTITIONINFO._serialized_start=10107
+ _STATEFULPARTITIONINFO._serialized_end=10218
+ _BATTERYSAMPLE._serialized_start=10221
+ _BATTERYSAMPLE._serialized_end=10399
+ _BATTERYINFO._serialized_start=10402
+ _BATTERYINFO._serialized_end=10682
+ _POWERSTATUS._serialized_start=10685
+ _POWERSTATUS._serialized_end=10890
+ _POWERSTATUS_POWERSOURCE._serialized_start=10825
+ _POWERSTATUS_POWERSOURCE._serialized_end=10890
+ _DISKLIFETIMEESTIMATION._serialized_start=10892
+ _DISKLIFETIMEESTIMATION._serialized_end=10942
+ _DISKINFO._serialized_start=10945
+ _DISKINFO._serialized_end=11910
+ _DISKINFO_DEVICEPURPOSE._serialized_start=11769
+ _DISKINFO_DEVICEPURPOSE._serialized_end=11841
+ _STORAGESTATUS._serialized_start=11913
+ _STORAGESTATUS._serialized_end=12052
+ _THERMALSAMPLE._serialized_start=12054
+ _THERMALSAMPLE._serialized_end=12109
+ _THERMALINFO._serialized_start=12111
+ _THERMALINFO._serialized_end=12200
+ _BOARDSTATUS._serialized_start=12202
+ _BOARDSTATUS._serialized_end=12274
+ _SYSTEMSTATUS._serialized_start=12277
+ _SYSTEMSTATUS._serialized_end=12527
+ _CPUCSTATEINFO._serialized_start=12529
+ _CPUCSTATEINFO._serialized_end=12600
+ _LOGICALCPUINFO._serialized_start=12603
+ _LOGICALCPUINFO._serialized_end=12776
+ _CPUINFO._serialized_start=12779
+ _CPUINFO._serialized_end=13048
+ _CPUINFO_ARCHITECTURE._serialized_start=12967
+ _CPUINFO_ARCHITECTURE._serialized_end=13048
+ _GLOBALCPUINFO._serialized_start=13050
+ _GLOBALCPUINFO._serialized_end=13092
+ _DISPLAYINFO._serialized_start=13094
+ _DISPLAYINFO._serialized_end=13203
+ _GRAPHICSADAPTERINFO._serialized_start=13205
+ _GRAPHICSADAPTERINFO._serialized_end=13309
+ _GRAPHICSSTATUS._serialized_start=13312
+ _GRAPHICSSTATUS._serialized_end=13443
+ _CRASHREPORTINFO._serialized_start=13446
+ _CRASHREPORTINFO._serialized_end=13795
+ _CRASHREPORTINFO_CRASHREPORTUPLOADSTATUS._serialized_start=13614
+ _CRASHREPORTINFO_CRASHREPORTUPLOADSTATUS._serialized_end=13795
+ _TIMEZONEINFO._serialized_start=13797
+ _TIMEZONEINFO._serialized_end=13842
+ _MEMORYINFO._serialized_start=13845
+ _MEMORYINFO._serialized_end=13975
+ _BACKLIGHTINFO._serialized_start=13977
+ _BACKLIGHTINFO._serialized_end=14050
+ _FANINFO._serialized_start=14052
+ _FANINFO._serialized_end=14080
+ _BLUETOOTHADAPTERINFO._serialized_start=14082
+ _BLUETOOTHADAPTERINFO._serialized_end=14183
+ _SMBIOSINFO._serialized_start=14185
+ _SMBIOSINFO._serialized_end=14286
+ _KERNELPARAMETERS._serialized_start=14288
+ _KERNELPARAMETERS._serialized_end=14324
+ _EFIVARS._serialized_start=14326
+ _EFIVARS._serialized_end=14356
+ _BOOTINFO._serialized_start=14359
+ _BOOTINFO._serialized_end=14556
+ _BOOTINFO_BOOTMETHOD._serialized_start=14461
+ _BOOTINFO_BOOTMETHOD._serialized_end=14556
+ _NETWORKADAPTERINFO._serialized_start=14559
+ _NETWORKADAPTERINFO._serialized_end=14786
+ _LACROSBROWSERREPORT._serialized_start=14789
+ _LACROSBROWSERREPORT._serialized_end=14928
+ _DEMOMODEDIMENSIONS._serialized_start=14931
+ _DEMOMODEDIMENSIONS._serialized_end=15193
+ _DEMOMODEDIMENSIONS_CUSTOMIZATIONFACET._serialized_start=15107
+ _DEMOMODEDIMENSIONS_CUSTOMIZATIONFACET._serialized_end=15193
+ _DEVICESTATUSREPORTREQUEST._serialized_start=15196
+ _DEVICESTATUSREPORTREQUEST._serialized_end=17695
+ _OSUPDATESTATUS._serialized_start=17698
+ _OSUPDATESTATUS._serialized_end=18054
+ _OSUPDATESTATUS_UPDATESTATUS._serialized_start=17924
+ _OSUPDATESTATUS_UPDATESTATUS._serialized_end=18054
+ _APPSTATUS._serialized_start=18056
+ _APPSTATUS._serialized_end=18176
+ _APPINFO._serialized_start=18179
+ _APPINFO._serialized_end=18709
+ _APPINFO_APPTYPE._serialized_start=18441
+ _APPINFO_APPTYPE._serialized_end=18612
+ _APPINFO_STATUS._serialized_start=18614
+ _APPINFO_STATUS._serialized_end=18709
+ _ANDROIDAPPPERMISSION._serialized_start=18711
+ _ANDROIDAPPPERMISSION._serialized_end=18781
+ _ANDROIDAPPINFO._serialized_start=18784
+ _ANDROIDAPPINFO._serialized_end=19301
+ _ANDROIDAPPINFO_ANDROIDAPPSTATUS._serialized_start=19094
+ _ANDROIDAPPINFO_ANDROIDAPPSTATUS._serialized_end=19195
+ _ANDROIDAPPINFO_INSTALLEDSOURCE._serialized_start=19197
+ _ANDROIDAPPINFO_INSTALLEDSOURCE._serialized_end=19301
+ _CHROMEUSERPROFILEREPORT._serialized_start=19304
+ _CHROMEUSERPROFILEREPORT._serialized_end=19629
+ _CHROMESIGNEDINUSER._serialized_start=19631
+ _CHROMESIGNEDINUSER._serialized_end=19694
+ _EXTENSIONREQUEST._serialized_start=19696
+ _EXTENSIONREQUEST._serialized_end=19776
+ _EXTENSION._serialized_start=19779
+ _EXTENSION._serialized_end=20500
+ _EXTENSION_EXTENSIONTYPE._serialized_start=20126
+ _EXTENSION_EXTENSIONTYPE._serialized_end=20383
+ _EXTENSION_INSTALLTYPE._serialized_start=20385
+ _EXTENSION_INSTALLTYPE._serialized_end=20488
+ _POLICY._serialized_start=20503
+ _POLICY._serialized_end=21230
+ _POLICY_POLICYLEVEL._serialized_start=20733
+ _POLICY_POLICYLEVEL._serialized_end=20809
+ _POLICY_POLICYSCOPE._serialized_start=20811
+ _POLICY_POLICYSCOPE._serialized_end=20878
+ _POLICY_POLICYSOURCE._serialized_start=20881
+ _POLICY_POLICYSOURCE._serialized_end=21230
+ _EXTENSIONPOLICY._serialized_start=21232
+ _EXTENSIONPOLICY._serialized_end=21320
+ _POLICYFETCHTIMESTAMP._serialized_start=21322
+ _POLICYFETCHTIMESTAMP._serialized_end=21377
+ _CHROMEUSERPROFILEINFO._serialized_start=21380
+ _CHROMEUSERPROFILEINFO._serialized_end=21865
+ _BROWSERREPORT._serialized_start=21868
+ _BROWSERREPORT._serialized_end=22232
+ _OSREPORT._serialized_start=22235
+ _OSREPORT._serialized_end=22475
+ _OSREPORT_VERSIONTYPE._serialized_start=22359
+ _OSREPORT_VERSIONTYPE._serialized_end=22475
+ _CHROMEDESKTOPREPORTREQUEST._serialized_start=22478
+ _CHROMEDESKTOPREPORTREQUEST._serialized_end=22920
+ _CHROMEOSUSERREPORTREQUEST._serialized_start=22923
+ _CHROMEOSUSERREPORTREQUEST._serialized_end=23084
+ _CHROMEPROFILEREPORTREQUEST._serialized_start=23087
+ _CHROMEPROFILEREPORTREQUEST._serialized_end=23229
+ _POLICYVALUEVALIDATIONISSUE._serialized_start=23232
+ _POLICYVALUEVALIDATIONISSUE._serialized_end=23572
+ _POLICYVALUEVALIDATIONISSUE_VALUEVALIDATIONISSUESEVERITY._serialized_start=23405
+ _POLICYVALUEVALIDATIONISSUE_VALUEVALIDATIONISSUESEVERITY._serialized_end=23572
+ _POLICYVALIDATIONREPORTREQUEST._serialized_start=23575
+ _POLICYVALIDATIONREPORTREQUEST._serialized_end=24590
+ _POLICYVALIDATIONREPORTREQUEST_VALIDATIONRESULTTYPE._serialized_start=23850
+ _POLICYVALIDATIONREPORTREQUEST_VALIDATIONRESULTTYPE._serialized_end=24590
+ _POLICYVALIDATIONREPORTRESPONSE._serialized_start=24592
+ _POLICYVALIDATIONREPORTRESPONSE._serialized_end=24624
+ _ANDROIDSTATUS._serialized_start=24626
+ _ANDROIDSTATUS._serialized_end=24691
+ _CROSTINIAPP._serialized_start=24694
+ _CROSTINIAPP._serialized_end=24901
+ _CROSTINISTATUS._serialized_start=24904
+ _CROSTINISTATUS._serialized_end=25106
+ _SESSIONSTATUSREPORTREQUEST._serialized_start=25109
+ _SESSIONSTATUSREPORTREQUEST._serialized_end=25471
+ _DEVICESTATUSREPORTRESPONSE._serialized_start=25473
+ _DEVICESTATUSREPORTRESPONSE._serialized_end=25544
+ _CHROMEDESKTOPREPORTRESPONSE._serialized_start=25546
+ _CHROMEDESKTOPREPORTRESPONSE._serialized_end=25575
+ _CHROMEOSUSERREPORTRESPONSE._serialized_start=25577
+ _CHROMEOSUSERREPORTRESPONSE._serialized_end=25605
+ _CHROMEPROFILEREPORTRESPONSE._serialized_start=25607
+ _CHROMEPROFILEREPORTRESPONSE._serialized_end=25636
+ _SESSIONSTATUSREPORTRESPONSE._serialized_start=25638
+ _SESSIONSTATUSREPORTRESPONSE._serialized_end=25710
+ _PRIVATESETMEMBERSHIPREQUEST._serialized_start=25712
+ _PRIVATESETMEMBERSHIPREQUEST._serialized_end=25819
+ _PRIVATESETMEMBERSHIPRESPONSE._serialized_start=25821
+ _PRIVATESETMEMBERSHIPRESPONSE._serialized_end=25931
+ _PRIVATESETMEMBERSHIPRLWEREQUEST._serialized_start=25934
+ _PRIVATESETMEMBERSHIPRLWEREQUEST._serialized_end=26131
+ _PRIVATESETMEMBERSHIPRLWERESPONSE._serialized_start=26134
+ _PRIVATESETMEMBERSHIPRLWERESPONSE._serialized_end=26336
+ _DEVICEAUTOENROLLMENTREQUEST._serialized_start=26339
+ _DEVICEAUTOENROLLMENTREQUEST._serialized_end=26674
+ _DEVICEAUTOENROLLMENTREQUEST_ENROLLMENTCHECKTYPE._serialized_start=26538
+ _DEVICEAUTOENROLLMENTREQUEST_ENROLLMENTCHECKTYPE._serialized_end=26674
+ _DEVICEAUTOENROLLMENTRESPONSE._serialized_start=26676
+ _DEVICEAUTOENROLLMENTRESPONSE._serialized_end=26748
+ _DEVICESTATERETRIEVALREQUEST._serialized_start=26751
+ _DEVICESTATERETRIEVALREQUEST._serialized_end=26882
+ _DEVICESTATEKEYUPDATEREQUEST._serialized_start=26884
+ _DEVICESTATEKEYUPDATEREQUEST._serialized_end=26947
+ _DEVICESTATERETRIEVALRESPONSE._serialized_start=26950
+ _DEVICESTATERETRIEVALRESPONSE._serialized_end=27515
+ _DEVICESTATERETRIEVALRESPONSE_RESTOREMODE._serialized_start=27329
+ _DEVICESTATERETRIEVALRESPONSE_RESTOREMODE._serialized_end=27515
+ _DEVICEINITIALENROLLMENTSTATEREQUEST._serialized_start=27517
+ _DEVICEINITIALENROLLMENTSTATEREQUEST._serialized_end=27623
+ _DEVICEINITIALENROLLMENTSTATERESPONSE._serialized_start=27626
+ _DEVICEINITIALENROLLMENTSTATERESPONSE._serialized_end=28673
+ _DEVICEINITIALENROLLMENTSTATERESPONSE_INITIALENROLLMENTMODE._serialized_start=28168
+ _DEVICEINITIALENROLLMENTSTATERESPONSE_INITIALENROLLMENTMODE._serialized_end=28416
+ _DEVICEINITIALENROLLMENTSTATERESPONSE_LICENSEPACKAGINGSKU._serialized_start=28418
+ _DEVICEINITIALENROLLMENTSTATERESPONSE_LICENSEPACKAGINGSKU._serialized_end=28520
+ _DEVICEINITIALENROLLMENTSTATERESPONSE_ASSIGNEDUPGRADETYPE._serialized_start=28523
+ _DEVICEINITIALENROLLMENTSTATERESPONSE_ASSIGNEDUPGRADETYPE._serialized_end=28673
+ _DEVICEPAIRINGREQUEST._serialized_start=28675
+ _DEVICEPAIRINGREQUEST._serialized_end=28751
+ _DEVICEPAIRINGRESPONSE._serialized_start=28754
+ _DEVICEPAIRINGRESPONSE._serialized_end=29031
+ _DEVICEPAIRINGRESPONSE_STATUSCODE._serialized_start=28866
+ _DEVICEPAIRINGRESPONSE_STATUSCODE._serialized_end=29031
+ _CHECKDEVICEPAIRINGREQUEST._serialized_start=29033
+ _CHECKDEVICEPAIRINGREQUEST._serialized_end=29114
+ _CHECKDEVICEPAIRINGRESPONSE._serialized_start=29117
+ _CHECKDEVICEPAIRINGRESPONSE._serialized_end=29451
+ _CHECKDEVICEPAIRINGRESPONSE_STATUSCODE._serialized_start=29243
+ _CHECKDEVICEPAIRINGRESPONSE_STATUSCODE._serialized_end=29451
+ _REMOTECOMMAND._serialized_start=29454
+ _REMOTECOMMAND._serialized_end=30181
+ _REMOTECOMMAND_TYPE._serialized_start=29616
+ _REMOTECOMMAND_TYPE._serialized_end=30181
+ _REMOTECOMMANDRESULT._serialized_start=30184
+ _REMOTECOMMANDRESULT._serialized_end=30406
+ _REMOTECOMMANDRESULT_RESULTTYPE._serialized_start=30334
+ _REMOTECOMMANDRESULT_RESULTTYPE._serialized_end=30406
+ _DEVICEREMOTECOMMANDREQUEST._serialized_start=30409
+ _DEVICEREMOTECOMMANDREQUEST._serialized_end=30663
+ _DEVICEREMOTECOMMANDRESPONSE._serialized_start=30666
+ _DEVICEREMOTECOMMANDRESPONSE._serialized_end=30811
+ _DEVICEATTRIBUTEUPDATEPERMISSIONREQUEST._serialized_start=30813
+ _DEVICEATTRIBUTEUPDATEPERMISSIONREQUEST._serialized_end=30853
+ _DEVICEATTRIBUTEUPDATEPERMISSIONRESPONSE._serialized_start=30856
+ _DEVICEATTRIBUTEUPDATEPERMISSIONRESPONSE._serialized_end=31065
+ _DEVICEATTRIBUTEUPDATEPERMISSIONRESPONSE_RESULTTYPE._serialized_start=30990
+ _DEVICEATTRIBUTEUPDATEPERMISSIONRESPONSE_RESULTTYPE._serialized_end=31065
+ _DEVICEATTRIBUTEUPDATEREQUEST._serialized_start=31067
+ _DEVICEATTRIBUTEUPDATEREQUEST._serialized_end=31133
+ _DEVICEATTRIBUTEUPDATERESPONSE._serialized_start=31136
+ _DEVICEATTRIBUTEUPDATERESPONSE._serialized_end=31320
+ _DEVICEATTRIBUTEUPDATERESPONSE_RESULTTYPE._serialized_start=31250
+ _DEVICEATTRIBUTEUPDATERESPONSE_RESULTTYPE._serialized_end=31320
+ _GCMIDUPDATEREQUEST._serialized_start=31322
+ _GCMIDUPDATEREQUEST._serialized_end=31358
+ _GCMIDUPDATERESPONSE._serialized_start=31360
+ _GCMIDUPDATERESPONSE._serialized_end=31381
+ _CHECKANDROIDMANAGEMENTREQUEST._serialized_start=31383
+ _CHECKANDROIDMANAGEMENTREQUEST._serialized_end=31414
+ _CHECKANDROIDMANAGEMENTRESPONSE._serialized_start=31416
+ _CHECKANDROIDMANAGEMENTRESPONSE._serialized_end=31448
+ _CERTIFICATEBASEDDEVICEREGISTERREQUEST._serialized_start=31450
+ _CERTIFICATEBASEDDEVICEREGISTERREQUEST._serialized_end=31548
+ _TOKENBASEDDEVICEREGISTERREQUEST._serialized_start=31550
+ _TOKENBASEDDEVICEREGISTERREQUEST._serialized_end=31662
+ _TOKENBASEDDEVICEREGISTERRESPONSE._serialized_start=31664
+ _TOKENBASEDDEVICEREGISTERRESPONSE._serialized_end=31779
+ _DEVICEREGISTERCONFIGURATION._serialized_start=31781
+ _DEVICEREGISTERCONFIGURATION._serialized_end=31832
+ _CERTIFICATEBASEDDEVICEREGISTRATIONDATA._serialized_start=31835
+ _CERTIFICATEBASEDDEVICEREGISTRATIONDATA._serialized_end=32249
+ _CERTIFICATEBASEDDEVICEREGISTRATIONDATA_CERTIFICATETYPE._serialized_start=32180
+ _CERTIFICATEBASEDDEVICEREGISTRATIONDATA_CERTIFICATETYPE._serialized_end=32249
+ _REGISTERBROWSERREQUEST._serialized_start=32252
+ _REGISTERBROWSERREQUEST._serialized_end=32464
+ _ACTIVEDIRECTORYENROLLPLAYUSERREQUEST._serialized_start=32466
+ _ACTIVEDIRECTORYENROLLPLAYUSERREQUEST._serialized_end=32529
+ _ACTIVEDIRECTORYENROLLPLAYUSERRESPONSE._serialized_start=32532
+ _ACTIVEDIRECTORYENROLLPLAYUSERRESPONSE._serialized_end=32683
+ _SAMLPARAMETERSPROTO._serialized_start=32685
+ _SAMLPARAMETERSPROTO._serialized_end=32758
+ _PUBLICSAMLUSERREQUEST._serialized_start=32760
+ _PUBLICSAMLUSERREQUEST._serialized_end=32803
+ _PUBLICSAMLUSERRESPONSE._serialized_start=32805
+ _PUBLICSAMLUSERRESPONSE._serialized_end=32898
+ _ACTIVEDIRECTORYPLAYACTIVITYREQUEST._serialized_start=32900
+ _ACTIVEDIRECTORYPLAYACTIVITYREQUEST._serialized_end=32953
+ _ACTIVEDIRECTORYPLAYACTIVITYRESPONSE._serialized_start=32955
+ _ACTIVEDIRECTORYPLAYACTIVITYRESPONSE._serialized_end=32992
+ _CHECKDEVICELICENSEREQUEST._serialized_start=32994
+ _CHECKDEVICELICENSEREQUEST._serialized_end=33021
+ _LICENSEAVAILABILITY._serialized_start=33024
+ _LICENSEAVAILABILITY._serialized_end=33161
+ _CHECKDEVICELICENSERESPONSE._serialized_start=33164
+ _CHECKDEVICELICENSERESPONSE._serialized_end=33482
+ _CHECKDEVICELICENSERESPONSE_LICENSESELECTIONMODE._serialized_start=33404
+ _CHECKDEVICELICENSERESPONSE_LICENSESELECTIONMODE._serialized_end=33482
+ _ACTIVEDIRECTORYUSERSIGNINREQUEST._serialized_start=33484
+ _ACTIVEDIRECTORYUSERSIGNINREQUEST._serialized_end=33518
+ _ACTIVEDIRECTORYUSERSIGNINRESPONSE._serialized_start=33520
+ _ACTIVEDIRECTORYUSERSIGNINRESPONSE._serialized_end=33582
+ _TPMVERSIONINFO._serialized_start=33585
+ _TPMVERSIONINFO._serialized_end=33929
+ _TPMVERSIONINFO_GSCVERSION._serialized_start=33819
+ _TPMVERSIONINFO_GSCVERSION._serialized_end=33929
+ _TPMSTATUSINFO._serialized_start=33932
+ _TPMSTATUSINFO._serialized_end=34382
+ _TPMSUPPORTEDFEATURES._serialized_start=34384
+ _TPMSUPPORTEDFEATURES._serialized_end=34509
+ _SYSTEMSTATE._serialized_start=34511
+ _SYSTEMSTATE._serialized_end=34581
+ _EXTENSIONINSTALLREPORTLOGEVENT._serialized_start=34584
+ _EXTENSIONINSTALLREPORTLOGEVENT._serialized_end=41211
+ _EXTENSIONINSTALLREPORTLOGEVENT_EVENTTYPE._serialized_start=36004
+ _EXTENSIONINSTALLREPORTLOGEVENT_EVENTTYPE._serialized_end=36166
+ _EXTENSIONINSTALLREPORTLOGEVENT_SESSIONSTATECHANGETYPE._serialized_start=36168
+ _EXTENSIONINSTALLREPORTLOGEVENT_SESSIONSTATECHANGETYPE._serialized_end=36279
+ _EXTENSIONINSTALLREPORTLOGEVENT_FAILUREREASON._serialized_start=36282
+ _EXTENSIONINSTALLREPORTLOGEVENT_FAILUREREASON._serialized_end=37112
+ _EXTENSIONINSTALLREPORTLOGEVENT_INSTALLATIONSTAGE._serialized_start=37114
+ _EXTENSIONINSTALLREPORTLOGEVENT_INSTALLATIONSTAGE._serialized_end=37238
+ _EXTENSIONINSTALLREPORTLOGEVENT_USERTYPE._serialized_start=37241
+ _EXTENSIONINSTALLREPORTLOGEVENT_USERTYPE._serialized_end=37525
+ _EXTENSIONINSTALLREPORTLOGEVENT_DOWNLOADINGSTAGE._serialized_start=37528
+ _EXTENSIONINSTALLREPORTLOGEVENT_DOWNLOADINGSTAGE._serialized_end=37807
+ _EXTENSIONINSTALLREPORTLOGEVENT_INSTALLCREATIONSTAGE._serialized_start=37810
+ _EXTENSIONINSTALLREPORTLOGEVENT_INSTALLCREATIONSTAGE._serialized_end=38133
+ _EXTENSIONINSTALLREPORTLOGEVENT_DOWNLOADCACHESTATUS._serialized_start=38136
+ _EXTENSIONINSTALLREPORTLOGEVENT_DOWNLOADCACHESTATUS._serialized_end=38288
+ _EXTENSIONINSTALLREPORTLOGEVENT_SANDBOXEDUNPACKERFAILUREREASON._serialized_start=38291
+ _EXTENSIONINSTALLREPORTLOGEVENT_SANDBOXEDUNPACKERFAILUREREASON._serialized_end=40009
+ _EXTENSIONINSTALLREPORTLOGEVENT_MANIFESTINVALIDERROR._serialized_start=40012
+ _EXTENSIONINSTALLREPORTLOGEVENT_MANIFESTINVALIDERROR._serialized_end=40461
+ _EXTENSIONINSTALLREPORTLOGEVENT_CRXINSTALLERRORDETAIL._serialized_start=40464
+ _EXTENSIONINSTALLREPORTLOGEVENT_CRXINSTALLERRORDETAIL._serialized_end=41211
+ _APPINSTALLREPORTLOGEVENT._serialized_start=41214
+ _APPINSTALLREPORTLOGEVENT._serialized_end=42076
+ _APPINSTALLREPORTLOGEVENT_EVENTTYPE._serialized_start=41580
+ _APPINSTALLREPORTLOGEVENT_EVENTTYPE._serialized_end=41963
+ _APPINSTALLREPORTLOGEVENT_SESSIONSTATECHANGETYPE._serialized_start=36168
+ _APPINSTALLREPORTLOGEVENT_SESSIONSTATECHANGETYPE._serialized_end=36279
+ _EXTENSIONINSTALLREPORT._serialized_start=42079
+ _EXTENSIONINSTALLREPORT._serialized_end=42214
+ _APPINSTALLREPORT._serialized_start=42216
+ _APPINSTALLREPORT._serialized_end=42334
+ _APPINSTALLREPORTREQUEST._serialized_start=42336
+ _APPINSTALLREPORTREQUEST._serialized_end=42431
+ _EXTENSIONINSTALLREPORTREQUEST._serialized_start=42433
+ _EXTENSIONINSTALLREPORTREQUEST._serialized_end=42546
+ _APPINSTALLREPORTRESPONSE._serialized_start=42548
+ _APPINSTALLREPORTRESPONSE._serialized_end=42574
+ _REFRESHACCOUNTREQUEST._serialized_start=42577
+ _REFRESHACCOUNTREQUEST._serialized_end=42750
+ _REFRESHACCOUNTREQUEST_ACCOUNTTYPE._serialized_start=42682
+ _REFRESHACCOUNTREQUEST_ACCOUNTTYPE._serialized_end=42750
+ _REFRESHACCOUNTRESPONSE._serialized_start=42752
+ _REFRESHACCOUNTRESPONSE._serialized_end=42776
+ _RSULOOKUPKEYUPLOADREQUEST._serialized_start=42778
+ _RSULOOKUPKEYUPLOADREQUEST._serialized_end=42854
+ _RSULOOKUPKEYUPLOADRESPONSE._serialized_start=42856
+ _RSULOOKUPKEYUPLOADRESPONSE._serialized_end=42916
+ _ESIMPROFILEINFO._serialized_start=42918
+ _ESIMPROFILEINFO._serialized_end=43008
+ _UPLOADEUICCINFOREQUEST._serialized_start=43011
+ _UPLOADEUICCINFOREQUEST._serialized_end=43147
+ _UPLOADEUICCINFORESPONSE._serialized_start=43149
+ _UPLOADEUICCINFORESPONSE._serialized_end=43174
+ _PRINTJOBEVENT._serialized_start=43177
+ _PRINTJOBEVENT._serialized_end=44265
+ _PRINTJOBEVENT_PRINTJOBCONFIGURATION._serialized_start=43411
+ _PRINTJOBEVENT_PRINTJOBCONFIGURATION._serialized_end=43636
+ _PRINTJOBEVENT_PRINTER._serialized_start=43638
+ _PRINTJOBEVENT_PRINTER._serialized_end=43686
+ _PRINTJOBEVENT_PRINTSETTINGS._serialized_start=43689
+ _PRINTJOBEVENT_PRINTSETTINGS._serialized_end=44195
+ _PRINTJOBEVENT_PRINTSETTINGS_MEDIASIZE._serialized_start=43960
+ _PRINTJOBEVENT_PRINTSETTINGS_MEDIASIZE._serialized_end=44021
+ _PRINTJOBEVENT_PRINTSETTINGS_COLORMODE._serialized_start=44023
+ _PRINTJOBEVENT_PRINTSETTINGS_COLORMODE._serialized_end=44090
+ _PRINTJOBEVENT_PRINTSETTINGS_DUPLEXMODE._serialized_start=44092
+ _PRINTJOBEVENT_PRINTSETTINGS_DUPLEXMODE._serialized_end=44195
+ _PRINTJOBEVENT_USERTYPE._serialized_start=44197
+ _PRINTJOBEVENT_USERTYPE._serialized_end=44265
+ _APP._serialized_start=44268
+ _APP._serialized_end=44501
+ _APP_APPTYPE._serialized_start=44373
+ _APP_APPTYPE._serialized_end=44501
+ _APPACTIVITY._serialized_start=44504
+ _APPACTIVITY._serialized_end=44822
+ _APPACTIVITY_APPSTATE._serialized_start=44715
+ _APPACTIVITY_APPSTATE._serialized_end=44822
+ _SCREENTIMESPAN._serialized_start=44824
+ _SCREENTIMESPAN._serialized_end=44924
+ _CHILDSTATUSREPORTREQUEST._serialized_start=44927
+ _CHILDSTATUSREPORTREQUEST._serialized_end=45289
+ _CHILDSTATUSREPORTRESPONSE._serialized_start=45291
+ _CHILDSTATUSREPORTRESPONSE._serialized_end=45361
+ _STARTCSRREQUEST._serialized_start=45363
+ _STARTCSRREQUEST._serialized_end=45380
+ _STARTCSRRESPONSE._serialized_start=45383
+ _STARTCSRRESPONSE._serialized_end=45609
+ _FINISHCSRREQUEST._serialized_start=45611
+ _FINISHCSRREQUEST._serialized_end=45679
+ _FINISHCSRRESPONSE._serialized_start=45681
+ _FINISHCSRRESPONSE._serialized_end=45700
+ _DOWNLOADCERTREQUEST._serialized_start=45702
+ _DOWNLOADCERTREQUEST._serialized_end=45723
+ _DOWNLOADCERTRESPONSE._serialized_start=45725
+ _DOWNLOADCERTRESPONSE._serialized_end=45780
+ _CERTPROVSTARTREQUEST._serialized_start=45782
+ _CERTPROVSTARTREQUEST._serialized_end=45804
+ _CERTPROVSTARTRESPONSE._serialized_start=45806
+ _CERTPROVSTARTRESPONSE._serialized_end=45857
+ _CERTPROVGETNEXTINSTRUCTIONREQUEST._serialized_start=45859
+ _CERTPROVGETNEXTINSTRUCTIONREQUEST._serialized_end=45894
+ _CERTPROVGETNEXTINSTRUCTIONRESPONSE._serialized_start=45897
+ _CERTPROVGETNEXTINSTRUCTIONRESPONSE._serialized_end=46241
+ _CERTPROVAUTHORIZEREQUEST._serialized_start=46243
+ _CERTPROVAUTHORIZEREQUEST._serialized_end=46300
+ _CERTPROVAUTHORIZERESPONSE._serialized_start=46302
+ _CERTPROVAUTHORIZERESPONSE._serialized_end=46329
+ _CERTPROVUPLOADPROOFOFPOSSESSIONREQUEST._serialized_start=46331
+ _CERTPROVUPLOADPROOFOFPOSSESSIONREQUEST._serialized_end=46390
+ _CERTPROVUPLOADPROOFOFPOSSESSIONRESPONSE._serialized_start=46392
+ _CERTPROVUPLOADPROOFOFPOSSESSIONRESPONSE._serialized_end=46433
+ _CERTPROVAUTHORIZEINSTRUCTION._serialized_start=46435
+ _CERTPROVAUTHORIZEINSTRUCTION._serialized_end=46487
+ _CERTPROVPROOFOFPOSSESSIONINSTRUCTION._serialized_start=46490
+ _CERTPROVPROOFOFPOSSESSIONINSTRUCTION._serialized_end=46630
+ _CERTPROVIMPORTCERTIFICATEINSTRUCTION._serialized_start=46632
+ _CERTPROVIMPORTCERTIFICATEINSTRUCTION._serialized_end=46703
+ _CLIENTCERTIFICATEPROVISIONINGREQUEST._serialized_start=46706
+ _CLIENTCERTIFICATEPROVISIONINGREQUEST._serialized_end=47499
+ _CERTPROVBACKENDERROR._serialized_start=47502
+ _CERTPROVBACKENDERROR._serialized_end=48063
+ _CERTPROVBACKENDERROR_ERROR._serialized_start=47616
+ _CERTPROVBACKENDERROR_ERROR._serialized_end=48063
+ _CLIENTCERTIFICATEPROVISIONINGRESPONSE._serialized_start=48066
+ _CLIENTCERTIFICATEPROVISIONINGRESPONSE._serialized_end=49139
+ _CLIENTCERTIFICATEPROVISIONINGRESPONSE_ERROR._serialized_start=48874
+ _CLIENTCERTIFICATEPROVISIONINGRESPONSE_ERROR._serialized_end=49121
+ _BROWSERPUBLICKEYUPLOADREQUEST._serialized_start=49142
+ _BROWSERPUBLICKEYUPLOADREQUEST._serialized_end=49582
+ _BROWSERPUBLICKEYUPLOADREQUEST_KEYTRUSTLEVEL._serialized_start=49418
+ _BROWSERPUBLICKEYUPLOADREQUEST_KEYTRUSTLEVEL._serialized_end=49520
+ _BROWSERPUBLICKEYUPLOADREQUEST_KEYTYPE._serialized_start=49522
+ _BROWSERPUBLICKEYUPLOADREQUEST_KEYTYPE._serialized_end=49582
+ _BROWSERPUBLICKEYUPLOADRESPONSE._serialized_start=49585
+ _BROWSERPUBLICKEYUPLOADRESPONSE._serialized_end=49808
+ _BROWSERPUBLICKEYUPLOADRESPONSE_RESPONSECODE._serialized_start=49743
+ _BROWSERPUBLICKEYUPLOADRESPONSE_RESPONSECODE._serialized_end=49808
+ _FMREGISTRATIONTOKENUPLOADREQUEST._serialized_start=49811
+ _FMREGISTRATIONTOKENUPLOADREQUEST._serialized_end=50054
+ _FMREGISTRATIONTOKENUPLOADREQUEST_TOKENTYPE._serialized_start=50008
+ _FMREGISTRATIONTOKENUPLOADREQUEST_TOKENTYPE._serialized_end=50054
+ _FMREGISTRATIONTOKENUPLOADRESPONSE._serialized_start=50056
+ _FMREGISTRATIONTOKENUPLOADRESPONSE._serialized_end=50091
+ _DEVICEMANAGEMENTREQUEST._serialized_start=50094
+ _DEVICEMANAGEMENTREQUEST._serialized_end=53852
+ _DEVICEMANAGEMENTRESPONSE._serialized_start=53855
+ _DEVICEMANAGEMENTRESPONSE._serialized_end=57415
+ _DEVICESTATERETRIEVALINFO._serialized_start=57417
+ _DEVICESTATERETRIEVALINFO._serialized_end=57470
+# @@protoc_insertion_point(module_scope)
diff --git a/private_membership.proto b/private_membership.proto
new file mode 100644
index 0000000..4294f57
--- /dev/null
+++ b/private_membership.proto
@@ -0,0 +1,78 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+option optimize_for = LITE_RUNTIME;
+
+package private_membership;
+
+option go_package = "github.com/google/private-membership";
+
+// An enum describing different types of available hash functions.
+enum HashType {
+ HASH_TYPE_UNDEFINED = 0;
+ TEST_HASH_TYPE = 1;
+ SHA256 = 2;
+
+ reserved 3;
+
+ // Add more hash types if necessary.
+}
+
+// LINT.IfChange
+// An enum describing how to hash IDs to encrypted buckets.
+enum EncryptedBucketHashType {
+ ENCRYPTED_BUCKET_HASH_TYPE_UNDEFINED = 0;
+
+ ENCRYPTED_BUCKET_TEST_HASH_TYPE = 3;
+
+ // Use SHA256 of injective concatenation of non-sensitive and sensitive IDs.
+ // For backwards compatibility, this hash type should be used if this proto
+ // field is not specified.
+ SHA256_NON_SENSITIVE_AND_SENSITIVE_ID = 1;
+
+ reserved 2;
+}
+// LINT.ThenChange(//depot/google3/privacy/private_membership/rlwe/shared/rlwe_id_utils_test.cc:encrypted_bucket_hash_types)
+
+// A proto message that holds the doubly encrypted identifier.
+message DoublyEncryptedId {
+ // The identifier encrypted using the elliptic curve commutative
+ // cipher under an ephemeral key generated by the client that was sent in
+ // the request.
+ bytes queried_encrypted_id = 1;
+
+ // The double encryption of a client requested identifier. The encryption
+ // scheme used is the Elliptic Curve commutation cipher. The
+ // first encryption layer uses the client's ephemeral key while the second
+ // encryption layer uses the server's match key.
+ //
+ // The client will decrypt this field to get their queried identifier
+ // encrypted under only the server's key. The client will use this value to
+ // match with the contents of the encrypted bucket to determine if there is a
+ // match or not.
+ bytes doubly_encrypted_id = 2;
+}
+
+// A proto message used to store the plaintext response of a membership query of
+// a single identifier.
+message MembershipResponse {
+ // True if and only if the queried identifier was a member.
+ bool is_member = 1;
+
+ // The associated value if the queried identifier was a member. If the
+ // queried identifier is not a member, the value will be an empty string.
+ string value = 2;
+}
\ No newline at end of file
diff --git a/private_membership_pb2.py b/private_membership_pb2.py
new file mode 100644
index 0000000..27911c7
--- /dev/null
+++ b/private_membership_pb2.py
@@ -0,0 +1,32 @@
+# -*- coding: utf-8 -*-
+# Generated by the protocol buffer compiler. DO NOT EDIT!
+# source: private_membership.proto
+"""Generated protocol buffer code."""
+from google.protobuf.internal import builder as _builder
+from google.protobuf import descriptor as _descriptor
+from google.protobuf import descriptor_pool as _descriptor_pool
+from google.protobuf import symbol_database as _symbol_database
+# @@protoc_insertion_point(imports)
+
+_sym_db = _symbol_database.Default()
+
+
+
+
+DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x18private_membership.proto\x12\x12private_membership\"N\n\x11\x44oublyEncryptedId\x12\x1c\n\x14queried_encrypted_id\x18\x01 \x01(\x0c\x12\x1b\n\x13\x64oubly_encrypted_id\x18\x02 \x01(\x0c\"6\n\x12MembershipResponse\x12\x11\n\tis_member\x18\x01 \x01(\x08\x12\r\n\x05value\x18\x02 \x01(\t*I\n\x08HashType\x12\x17\n\x13HASH_TYPE_UNDEFINED\x10\x00\x12\x12\n\x0eTEST_HASH_TYPE\x10\x01\x12\n\n\x06SHA256\x10\x02\"\x04\x08\x03\x10\x03*\x99\x01\n\x17\x45ncryptedBucketHashType\x12(\n$ENCRYPTED_BUCKET_HASH_TYPE_UNDEFINED\x10\x00\x12#\n\x1f\x45NCRYPTED_BUCKET_TEST_HASH_TYPE\x10\x03\x12)\n%SHA256_NON_SENSITIVE_AND_SENSITIVE_ID\x10\x01\"\x04\x08\x02\x10\x02\x42(H\x03Z$github.com/google/private-membershipb\x06proto3')
+
+_builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, globals())
+_builder.BuildTopDescriptorsAndMessages(DESCRIPTOR, 'private_membership_pb2', globals())
+if _descriptor._USE_C_DESCRIPTORS == False:
+
+ DESCRIPTOR._options = None
+ DESCRIPTOR._serialized_options = b'H\003Z$github.com/google/private-membership'
+ _HASHTYPE._serialized_start=184
+ _HASHTYPE._serialized_end=257
+ _ENCRYPTEDBUCKETHASHTYPE._serialized_start=260
+ _ENCRYPTEDBUCKETHASHTYPE._serialized_end=413
+ _DOUBLYENCRYPTEDID._serialized_start=48
+ _DOUBLYENCRYPTEDID._serialized_end=126
+ _MEMBERSHIPRESPONSE._serialized_start=128
+ _MEMBERSHIPRESPONSE._serialized_end=182
+# @@protoc_insertion_point(module_scope)
diff --git a/private_membership_rlwe.proto b/private_membership_rlwe.proto
new file mode 100644
index 0000000..2df6556
--- /dev/null
+++ b/private_membership_rlwe.proto
@@ -0,0 +1,340 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+option optimize_for = LITE_RUNTIME;
+
+package private_membership.rlwe;
+
+option go_package = "github.com/google/private-membership";
+
+import "private_membership.proto";
+import "serialization.proto";
+
+// Request and Response protos
+//
+// The protocol consists of two roundtrips:
+// First Round: OprfRequest and OprfResponse
+// Second Round: QueryRequest and QueryResponse
+
+// First request sent by the client for checking membership.
+message PrivateMembershipRlweOprfRequest {
+ // The identifier encrypted using the elliptic curve commutative
+ // cipher under an ephemeral key generated by the client. Before encryption,
+ // the identifier is hashed using either SHA256 or a more computationally
+ // expensive hash such as Argon2.
+ repeated bytes encrypted_ids = 1;
+
+ // The name of the use case of this query.
+ RlweUseCase use_case = 2;
+}
+
+// First response sent by the server for checking membership.
+message PrivateMembershipRlweOprfResponse {
+ // The requested encrypted_id entries that are re-encrypted using the elliptic
+ // curve commutative cipher using the server’s key.
+ //
+ // The client will decrypt to simply get the identifier encrypted under the
+ // server’s key. The client will use this to match with the associated
+ // EncryptedBucket to see if there is a match or not. Additionally, the client
+ // will use it to decrypt the AES encrypted value.
+ repeated DoublyEncryptedId doubly_encrypted_ids = 1;
+
+ // Unset if the server doesn't support non-sensitive identifier bucketing for
+ // the requested use case.
+ HashedBucketsParameters hashed_buckets_parameters = 2;
+
+ // Parameters for the encrypted buckets (second level).
+ EncryptedBucketsParameters encrypted_buckets_parameters = 3;
+
+ // Parameters describing the Ring LWE group as well as the security parameter.
+ RlweParameters rlwe_parameters = 4;
+
+ // Version of key that encrypted the identifier-value pair.
+ //
+ // The client should provide this value in the second round of the protocol
+ // to ensure consistency.
+ int64 key_version = 5;
+}
+
+// Second request sent by the client for checking membership.
+message PrivateMembershipRlweQueryRequest {
+ // Upload a retrieval request consisting of RLWE ciphertexts.
+ repeated PrivateMembershipRlweQuery queries = 1;
+
+ // The name of the use case of this query.
+ RlweUseCase use_case = 2;
+
+ // Version of key that encrypted the identifier-value pair.
+ int64 key_version = 3;
+}
+
+// Second response sent by the server for checking membership.
+message PrivateMembershipRlweQueryResponse {
+ repeated PrivateMembershipRlwePirResponse pir_responses = 1;
+}
+
+// Proto containing plaintext IDs supplied to the client library.
+message RlwePlaintextId {
+ // Non-sensitive portion of the identifier.
+ string non_sensitive_id = 1;
+
+ // Sensitive portion of the identifier.
+ string sensitive_id = 2;
+}
+
+// Different use cases of the RLWE-based PSM protocol.
+//
+// NEXT ID: 25
+enum RlweUseCase {
+ RLWE_USE_CASE_UNDEFINED = 0;
+ TEST_USE_CASE = 1;
+ TEST_USE_CASE2 = 2;
+ TEST_USE_CASE3 = 3;
+
+ // Use case with empty database.
+ EMPTY_USE_CASE = 22;
+
+ // The device state of ChromeOS device, used for Zero Touch, License
+ // Packaging. This is zero-disclosure database, i.e. client does not reveal
+ // any bits to the server.
+ CROS_DEVICE_STATE = 5;
+
+ // The device state of ChromeOS device, used for all managed devices and
+ // License Packaging. This is partial-disclosure database, i.e. client will be
+ // asked to reveal some bits of the hash of non-sensitive identifier.
+ CROS_DEVICE_STATE_UNIFIED = 23;
+
+ // The device state of ChromeOS device.
+ CROS_DEVICE_SECONDARY_STATE = 12 [deprecated = true];
+ CROS_DEVICE_STATE_BACKUP = 21 [deprecated = true];
+
+ // Use-cases for ChromeOS Device Active Reporting to Fresnel.
+ CROS_FRESNEL_DAILY = 13;
+ CROS_FRESNEL_MONTHLY = 14;
+ CROS_FRESNEL_FIRST_ACTIVE = 15;
+ CROS_FRESNEL_7DAY_ACTIVE = 16;
+ CROS_FRESNEL_28DAY_ACTIVE = 17;
+ CROS_FRESNEL_CHURN_MONTHLY_COHORT = 19;
+ CROS_FRESNEL_CHURN_MONTHLY_OBSERVATION = 20;
+
+ // Use-cases for Cellular Carrier Lock (SimLock).
+ CROS_SIM_LOCK = 18;
+ CROS_SIM_LOCK_DEVMODE = 24;
+
+ reserved 4, 6, 7, 8, 9, 10, 11;
+}
+
+// Parameters for the hashed buckets (first level).
+//
+// Hashed bucket id is derived by taking the prefix of the hash of the non-
+// sensitive identifier.
+message HashedBucketsParameters {
+ // The bit length of the hashed bucket id.
+ int32 hashed_bucket_id_length = 1;
+
+ // The type of hash function to be used for the non-sensitive identifier
+ // part.
+ private_membership.HashType non_sensitive_id_hash_type = 2;
+}
+
+// Parameters for the encrypted buckets (second level).
+message EncryptedBucketsParameters {
+ // The bit length of the encrypted bucket ids.
+ //
+ // The total number of encrypted buckets can be derived from this field,
+ // i.e. 2^encrypted_bucket_id_length.
+ int32 encrypted_bucket_id_length = 1;
+
+ // The type of hash function to be used to generate the encrypted bucket ID.
+ private_membership.EncryptedBucketHashType sensitive_id_hash_type = 2;
+}
+
+// Public Ring-LWE encryption scheme parameters.
+message RlweParameters {
+ // Sequence of one modulus or two decreasing moduli.
+ repeated Uint128 modulus = 1;
+
+ // Log (base 2) of the polynomial degree N (dimension of the vectorspace).
+ int32 log_degree = 2;
+
+ // Plaintext modulus in bits log t.
+ int32 log_t = 3;
+
+ // Variance of Gaussian error in bits.
+ int32 variance = 4;
+
+ // Levels of recursion.
+ int32 levels_of_recursion = 5;
+}
+
+// Represents a unsigned 128-bit integer.
+message Uint128 {
+ // The lower 64 bits of the modulus.
+ uint64 lo = 1;
+
+ // The higher 64 bits of the modulus.
+ uint64 hi = 2;
+}
+
+// Single unit of RLWE query.
+message PrivateMembershipRlweQuery {
+ // Corresponds to the doubly_encrypted_id.queried_encrypted_id in the
+ // PrivateMembershipRlweOprfResponse.
+ //
+ // Should be set by the client.
+ bytes queried_encrypted_id = 1;
+
+ // Upload a retrieval request consisting of RLWE ciphertexts.
+ PirRequest pir_request = 2;
+
+ // Hashed bucket id at bit level granularity.
+ message HashedBucketId {
+ // Hashed bucket id, in bytes.
+ //
+ // All bits after bit_length's bit should be set to 0.
+ bytes hashed_bucket_id = 1;
+
+ // Bit length of the hashed bucket id.
+ //
+ // This value should be in
+ // ((hashed_bucket_id.size() - 1) * 8, hashed_bucket_id.size() * 8] range.
+ int32 bit_length = 2;
+ }
+ // Hashed bucket id.
+ //
+ // The hashed bucket id is computed by taking the prefix of the hashed
+ // non-sensitive id at the bit level.
+ // e.g. if the hashed non-sensitive id is 11010111 and the bucket id length is
+ // 6, this will be populated as 11010100.
+ //
+ // Should be unset if the server doesn't support non-sensitive identifier
+ // bucketing for the requested use case.
+ HashedBucketId hashed_bucket_id = 3;
+}
+
+// Response consisting of a unique query id and the associated PIR response.
+message PrivateMembershipRlwePirResponse {
+ // This corresponds to the queried_encrypted_id set by the client in the query
+ // request.
+ bytes queried_encrypted_id = 1;
+
+ // PIR response corresponding to the PIR request.
+ PirResponse pir_response = 2;
+}
+
+// Request for private bucket retrieval.
+message PirRequest {
+ // The request is an encoding of a flattened table of encrypted {1} and {0}
+ // messages as necessary for PIR. If the database has D items and we are using
+ // L levels of recursion, this table will contain L*(D^(1/L)) messages,
+ // representing a table with L rows and D^(1/L) items per row. Each row should
+ // contain exactly one {1} ciphertext, with the rest of the items containing
+ // {0} messages.
+ //
+ // The flattened table is laid out in the following order:
+ //
+ // level | ciphertexts
+ // -----------------------------
+ // 1 | {0} ... {1} ... {0}
+ // 2 | {0} ... {1} ... {0}
+ // ... | ...
+ //
+ // The ciphertexts are uploaded in a compressed format as NTT Polynomials
+ // using a PRNG seed to expand them into ciphertexts.
+ // If this field is set, none of the sharded_request_type should be set.
+ repeated .rlwe.SerializedNttPolynomial request = 1;
+
+ // ExpandedRequest can be useful if the querier would like to manipulate the
+ // PirRequest after it's been created by the client library. To modify it, the
+ // ciphertext must be expanded first; hence the name ExpandedRequest.
+ message ExpandedRequest {
+ // Wrapper around .rlwe.SerializedSymmetricRlweCiphertext so we can
+ // represent "empty" ciphertext without ambiguity. If `ciphertext` is not
+ // set, it is consiered "not requested" and the corresponding index will be
+ // ignored and excluded from the response. When used multiple levels of
+ // recursion, it is the querier's responsibility to leave the correct
+ // positions unset so the final query is valid.
+ message SerializedSymmetricRlweCiphertext {
+ optional .rlwe.SerializedSymmetricRlweCiphertext ciphertext = 1;
+ }
+ repeated SerializedSymmetricRlweCiphertext ciphertexts = 1;
+ }
+
+ // CompactRequest should be the same as the request field above, except it
+ // indicates sharding.
+ message CompactRequest {
+ repeated .rlwe.SerializedNttPolynomial ciphertexts = 1;
+ }
+
+ // If one of the sharded_request_type is set, the above `request` field should
+ // be set.
+ oneof sharded_request_type {
+ // Will be used by hashed bucket sharded request because we don't need to
+ // modify the ciphertext.
+ CompactRequest compact_request = 3;
+
+ // Will be used by encrypted bucket sharded request because we need to
+ // modify the ciphertext.
+ ExpandedRequest expanded_request = 4;
+ }
+
+ // The PRNG seed used to expand the compressed RLWE ciphertexts.
+ bytes prng_seed = 2;
+}
+
+// Response for private bucket retrieval.
+message PirResponse {
+ // Sequence of ciphertexts consisting of encrypted buckets.
+ repeated .rlwe.SerializedSymmetricRlweCiphertext response = 1;
+
+ // Size of the plaintext entry in bytes.
+ int32 plaintext_entry_size = 2;
+}
+
+// Bucket consisting of encrypted id and values.
+message EncryptedBucket {
+ // All encrypted pairs in the bucket.
+ repeated EncryptedIdValuePair encrypted_id_value_pairs = 1;
+
+ // Proto storing encrypted id-value pairs.
+ message EncryptedIdValuePair {
+ // Identifier that is encrypted using the Elliptic curve commutative cipher.
+ // Furthermore, the serialization of the encryption is hashed and only a
+ // prefix is used.
+ bytes encrypted_id = 1;
+
+ // Value that is encrypted using AES where the key is a serialization
+ // of the identifier encrypted using the Elliptic curve commutative cipher.
+ bytes encrypted_value = 2;
+
+ // Proto containing the sensitive and non-sensitive portion of the
+ // identifier in plaintext.
+ RlwePlaintextId id = 3;
+ }
+}
+
+// A collection of plaintext ids and associated membership responses.
+message RlweMembershipResponses {
+ // A pair of queried plaintext id and its associated membership response.
+ message MembershipResponseEntry {
+ // Plaintext id that was queried.
+ RlwePlaintextId plaintext_id = 1;
+
+ // Membership response of the queried plaintext id.
+ MembershipResponse membership_response = 2;
+ }
+ repeated MembershipResponseEntry membership_responses = 1;
+}
\ No newline at end of file
diff --git a/private_membership_rlwe_pb2.py b/private_membership_rlwe_pb2.py
new file mode 100644
index 0000000..3e3b290
--- /dev/null
+++ b/private_membership_rlwe_pb2.py
@@ -0,0 +1,74 @@
+# -*- coding: utf-8 -*-
+# Generated by the protocol buffer compiler. DO NOT EDIT!
+# source: private_membership_rlwe.proto
+"""Generated protocol buffer code."""
+from google.protobuf.internal import builder as _builder
+from google.protobuf import descriptor as _descriptor
+from google.protobuf import descriptor_pool as _descriptor_pool
+from google.protobuf import symbol_database as _symbol_database
+# @@protoc_insertion_point(imports)
+
+_sym_db = _symbol_database.Default()
+
+
+import private_membership_pb2 as private__membership__pb2
+import serialization_pb2 as serialization__pb2
+
+
+DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x1dprivate_membership_rlwe.proto\x12\x17private_membership.rlwe\x1a\x18private_membership.proto\x1a\x13serialization.proto\"q\n PrivateMembershipRlweOprfRequest\x12\x15\n\rencrypted_ids\x18\x01 \x03(\x0c\x12\x36\n\x08use_case\x18\x02 \x01(\x0e\x32$.private_membership.rlwe.RlweUseCase\"\xef\x02\n!PrivateMembershipRlweOprfResponse\x12\x43\n\x14\x64oubly_encrypted_ids\x18\x01 \x03(\x0b\x32%.private_membership.DoublyEncryptedId\x12S\n\x19hashed_buckets_parameters\x18\x02 \x01(\x0b\x32\x30.private_membership.rlwe.HashedBucketsParameters\x12Y\n\x1c\x65ncrypted_buckets_parameters\x18\x03 \x01(\x0b\x32\x33.private_membership.rlwe.EncryptedBucketsParameters\x12@\n\x0frlwe_parameters\x18\x04 \x01(\x0b\x32\'.private_membership.rlwe.RlweParameters\x12\x13\n\x0bkey_version\x18\x05 \x01(\x03\"\xb6\x01\n!PrivateMembershipRlweQueryRequest\x12\x44\n\x07queries\x18\x01 \x03(\x0b\x32\x33.private_membership.rlwe.PrivateMembershipRlweQuery\x12\x36\n\x08use_case\x18\x02 \x01(\x0e\x32$.private_membership.rlwe.RlweUseCase\x12\x13\n\x0bkey_version\x18\x03 \x01(\x03\"v\n\"PrivateMembershipRlweQueryResponse\x12P\n\rpir_responses\x18\x01 \x03(\x0b\x32\x39.private_membership.rlwe.PrivateMembershipRlwePirResponse\"A\n\x0fRlwePlaintextId\x12\x18\n\x10non_sensitive_id\x18\x01 \x01(\t\x12\x14\n\x0csensitive_id\x18\x02 \x01(\t\"|\n\x17HashedBucketsParameters\x12\x1f\n\x17hashed_bucket_id_length\x18\x01 \x01(\x05\x12@\n\x1anon_sensitive_id_hash_type\x18\x02 \x01(\x0e\x32\x1c.private_membership.HashType\"\x8d\x01\n\x1a\x45ncryptedBucketsParameters\x12\"\n\x1a\x65ncrypted_bucket_id_length\x18\x01 \x01(\x05\x12K\n\x16sensitive_id_hash_type\x18\x02 \x01(\x0e\x32+.private_membership.EncryptedBucketHashType\"\x95\x01\n\x0eRlweParameters\x12\x31\n\x07modulus\x18\x01 \x03(\x0b\x32 .private_membership.rlwe.Uint128\x12\x12\n\nlog_degree\x18\x02 \x01(\x05\x12\r\n\x05log_t\x18\x03 \x01(\x05\x12\x10\n\x08variance\x18\x04 \x01(\x05\x12\x1b\n\x13levels_of_recursion\x18\x05 \x01(\x05\"!\n\x07Uint128\x12\n\n\x02lo\x18\x01 \x01(\x04\x12\n\n\x02hi\x18\x02 \x01(\x04\"\x92\x02\n\x1aPrivateMembershipRlweQuery\x12\x1c\n\x14queried_encrypted_id\x18\x01 \x01(\x0c\x12\x38\n\x0bpir_request\x18\x02 \x01(\x0b\x32#.private_membership.rlwe.PirRequest\x12\\\n\x10hashed_bucket_id\x18\x03 \x01(\x0b\x32\x42.private_membership.rlwe.PrivateMembershipRlweQuery.HashedBucketId\x1a>\n\x0eHashedBucketId\x12\x18\n\x10hashed_bucket_id\x18\x01 \x01(\x0c\x12\x12\n\nbit_length\x18\x02 \x01(\x05\"|\n PrivateMembershipRlwePirResponse\x12\x1c\n\x14queried_encrypted_id\x18\x01 \x01(\x0c\x12:\n\x0cpir_response\x18\x02 \x01(\x0b\x32$.private_membership.rlwe.PirResponse\"\xc3\x04\n\nPirRequest\x12.\n\x07request\x18\x01 \x03(\x0b\x32\x1d.rlwe.SerializedNttPolynomial\x12M\n\x0f\x63ompact_request\x18\x03 \x01(\x0b\x32\x32.private_membership.rlwe.PirRequest.CompactRequestH\x00\x12O\n\x10\x65xpanded_request\x18\x04 \x01(\x0b\x32\x33.private_membership.rlwe.PirRequest.ExpandedRequestH\x00\x12\x11\n\tprng_seed\x18\x02 \x01(\x0c\x1a\xf3\x01\n\x0f\x45xpandedRequest\x12j\n\x0b\x63iphertexts\x18\x01 \x03(\x0b\x32U.private_membership.rlwe.PirRequest.ExpandedRequest.SerializedSymmetricRlweCiphertext\x1at\n!SerializedSymmetricRlweCiphertext\x12@\n\nciphertext\x18\x01 \x01(\x0b\x32\'.rlwe.SerializedSymmetricRlweCiphertextH\x00\x88\x01\x01\x42\r\n\x0b_ciphertext\x1a\x44\n\x0e\x43ompactRequest\x12\x32\n\x0b\x63iphertexts\x18\x01 \x03(\x0b\x32\x1d.rlwe.SerializedNttPolynomialB\x16\n\x14sharded_request_type\"f\n\x0bPirResponse\x12\x39\n\x08response\x18\x01 \x03(\x0b\x32\'.rlwe.SerializedSymmetricRlweCiphertext\x12\x1c\n\x14plaintext_entry_size\x18\x02 \x01(\x05\"\xef\x01\n\x0f\x45ncryptedBucket\x12_\n\x18\x65ncrypted_id_value_pairs\x18\x01 \x03(\x0b\x32=.private_membership.rlwe.EncryptedBucket.EncryptedIdValuePair\x1a{\n\x14\x45ncryptedIdValuePair\x12\x14\n\x0c\x65ncrypted_id\x18\x01 \x01(\x0c\x12\x17\n\x0f\x65ncrypted_value\x18\x02 \x01(\x0c\x12\x34\n\x02id\x18\x03 \x01(\x0b\x32(.private_membership.rlwe.RlwePlaintextId\"\xa2\x02\n\x17RlweMembershipResponses\x12\x66\n\x14membership_responses\x18\x01 \x03(\x0b\x32H.private_membership.rlwe.RlweMembershipResponses.MembershipResponseEntry\x1a\x9e\x01\n\x17MembershipResponseEntry\x12>\n\x0cplaintext_id\x18\x01 \x01(\x0b\x32(.private_membership.rlwe.RlwePlaintextId\x12\x43\n\x13membership_response\x18\x02 \x01(\x0b\x32&.private_membership.MembershipResponse*\xaf\x04\n\x0bRlweUseCase\x12\x1b\n\x17RLWE_USE_CASE_UNDEFINED\x10\x00\x12\x11\n\rTEST_USE_CASE\x10\x01\x12\x12\n\x0eTEST_USE_CASE2\x10\x02\x12\x12\n\x0eTEST_USE_CASE3\x10\x03\x12\x12\n\x0e\x45MPTY_USE_CASE\x10\x16\x12\x15\n\x11\x43ROS_DEVICE_STATE\x10\x05\x12\x1d\n\x19\x43ROS_DEVICE_STATE_UNIFIED\x10\x17\x12#\n\x1b\x43ROS_DEVICE_SECONDARY_STATE\x10\x0c\x1a\x02\x08\x01\x12 \n\x18\x43ROS_DEVICE_STATE_BACKUP\x10\x15\x1a\x02\x08\x01\x12\x16\n\x12\x43ROS_FRESNEL_DAILY\x10\r\x12\x18\n\x14\x43ROS_FRESNEL_MONTHLY\x10\x0e\x12\x1d\n\x19\x43ROS_FRESNEL_FIRST_ACTIVE\x10\x0f\x12\x1c\n\x18\x43ROS_FRESNEL_7DAY_ACTIVE\x10\x10\x12\x1d\n\x19\x43ROS_FRESNEL_28DAY_ACTIVE\x10\x11\x12%\n!CROS_FRESNEL_CHURN_MONTHLY_COHORT\x10\x13\x12*\n&CROS_FRESNEL_CHURN_MONTHLY_OBSERVATION\x10\x14\x12\x11\n\rCROS_SIM_LOCK\x10\x12\x12\x19\n\x15\x43ROS_SIM_LOCK_DEVMODE\x10\x18\"\x04\x08\x04\x10\x04\"\x04\x08\x06\x10\x06\"\x04\x08\x07\x10\x07\"\x04\x08\x08\x10\x08\"\x04\x08\t\x10\t\"\x04\x08\n\x10\n\"\x04\x08\x0b\x10\x0b\x42(H\x03Z$github.com/google/private-membershipb\x06proto3')
+
+_builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, globals())
+_builder.BuildTopDescriptorsAndMessages(DESCRIPTOR, 'private_membership_rlwe_pb2', globals())
+if _descriptor._USE_C_DESCRIPTORS == False:
+
+ DESCRIPTOR._options = None
+ DESCRIPTOR._serialized_options = b'H\003Z$github.com/google/private-membership'
+ _RLWEUSECASE.values_by_name["CROS_DEVICE_SECONDARY_STATE"]._options = None
+ _RLWEUSECASE.values_by_name["CROS_DEVICE_SECONDARY_STATE"]._serialized_options = b'\010\001'
+ _RLWEUSECASE.values_by_name["CROS_DEVICE_STATE_BACKUP"]._options = None
+ _RLWEUSECASE.values_by_name["CROS_DEVICE_STATE_BACKUP"]._serialized_options = b'\010\001'
+ _RLWEUSECASE._serialized_start=3044
+ _RLWEUSECASE._serialized_end=3603
+ _PRIVATEMEMBERSHIPRLWEOPRFREQUEST._serialized_start=105
+ _PRIVATEMEMBERSHIPRLWEOPRFREQUEST._serialized_end=218
+ _PRIVATEMEMBERSHIPRLWEOPRFRESPONSE._serialized_start=221
+ _PRIVATEMEMBERSHIPRLWEOPRFRESPONSE._serialized_end=588
+ _PRIVATEMEMBERSHIPRLWEQUERYREQUEST._serialized_start=591
+ _PRIVATEMEMBERSHIPRLWEQUERYREQUEST._serialized_end=773
+ _PRIVATEMEMBERSHIPRLWEQUERYRESPONSE._serialized_start=775
+ _PRIVATEMEMBERSHIPRLWEQUERYRESPONSE._serialized_end=893
+ _RLWEPLAINTEXTID._serialized_start=895
+ _RLWEPLAINTEXTID._serialized_end=960
+ _HASHEDBUCKETSPARAMETERS._serialized_start=962
+ _HASHEDBUCKETSPARAMETERS._serialized_end=1086
+ _ENCRYPTEDBUCKETSPARAMETERS._serialized_start=1089
+ _ENCRYPTEDBUCKETSPARAMETERS._serialized_end=1230
+ _RLWEPARAMETERS._serialized_start=1233
+ _RLWEPARAMETERS._serialized_end=1382
+ _UINT128._serialized_start=1384
+ _UINT128._serialized_end=1417
+ _PRIVATEMEMBERSHIPRLWEQUERY._serialized_start=1420
+ _PRIVATEMEMBERSHIPRLWEQUERY._serialized_end=1694
+ _PRIVATEMEMBERSHIPRLWEQUERY_HASHEDBUCKETID._serialized_start=1632
+ _PRIVATEMEMBERSHIPRLWEQUERY_HASHEDBUCKETID._serialized_end=1694
+ _PRIVATEMEMBERSHIPRLWEPIRRESPONSE._serialized_start=1696
+ _PRIVATEMEMBERSHIPRLWEPIRRESPONSE._serialized_end=1820
+ _PIRREQUEST._serialized_start=1823
+ _PIRREQUEST._serialized_end=2402
+ _PIRREQUEST_EXPANDEDREQUEST._serialized_start=2065
+ _PIRREQUEST_EXPANDEDREQUEST._serialized_end=2308
+ _PIRREQUEST_EXPANDEDREQUEST_SERIALIZEDSYMMETRICRLWECIPHERTEXT._serialized_start=2192
+ _PIRREQUEST_EXPANDEDREQUEST_SERIALIZEDSYMMETRICRLWECIPHERTEXT._serialized_end=2308
+ _PIRREQUEST_COMPACTREQUEST._serialized_start=2310
+ _PIRREQUEST_COMPACTREQUEST._serialized_end=2378
+ _PIRRESPONSE._serialized_start=2404
+ _PIRRESPONSE._serialized_end=2506
+ _ENCRYPTEDBUCKET._serialized_start=2509
+ _ENCRYPTEDBUCKET._serialized_end=2748
+ _ENCRYPTEDBUCKET_ENCRYPTEDIDVALUEPAIR._serialized_start=2625
+ _ENCRYPTEDBUCKET_ENCRYPTEDIDVALUEPAIR._serialized_end=2748
+ _RLWEMEMBERSHIPRESPONSES._serialized_start=2751
+ _RLWEMEMBERSHIPRESPONSES._serialized_end=3041
+ _RLWEMEMBERSHIPRESPONSES_MEMBERSHIPRESPONSEENTRY._serialized_start=2883
+ _RLWEMEMBERSHIPRESPONSES_MEMBERSHIPRESPONSEENTRY._serialized_end=3041
+# @@protoc_insertion_point(module_scope)
diff --git a/serialization.proto b/serialization.proto
new file mode 100644
index 0000000..5ed884a
--- /dev/null
+++ b/serialization.proto
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2017 Google Inc.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+ syntax = "proto2";
+
+ option optimize_for = LITE_RUNTIME;
+
+ package rlwe;
+
+ option go_package = "github.com/google/shell-encryption";
+
+ // NTT Polynomial
+ message SerializedNttPolynomial {
+ // Coefficients of the polynomial
+ optional bytes coeffs = 1;
+
+ // Number of coefficients of the polynomial.
+ optional int32 num_coeffs = 2;
+ }
+
+ // RLWE Ciphertext
+ message SerializedSymmetricRlweCiphertext {
+ // Polynomials composing the ciphertext
+ repeated SerializedNttPolynomial c = 1;
+
+ // The power of the secret key that the ciphertext is encrypted with.
+ optional int32 power_of_s = 2;
+
+ // A heuristic on the amount of error in the ciphertext.
+ optional double error = 3;
+ }
+
+ // RLWE RelinearizationKey
+ message SerializedRelinearizationKey {
+ // Polynomial composing the matrix
+ repeated SerializedNttPolynomial c = 1;
+
+ // The modulus used to decompose the coefficients of the polynomials. Ranges
+ // from 1 to the number of bits of the modulus.
+ optional int32 log_decomposition_modulus = 2;
+
+ // For n parts, the key can relinearize an n-component ciphertext to a
+ // 2-component ciphertext.
+ optional int32 num_parts = 3;
+
+ // Seed used to compress this key.
+ optional bytes prng_seed = 4; // Required
+
+ // The power of s that corresponds to the key. The field is 1 if the key is
+ // RelinearizationKey.
+ optional int32 power_of_s = 5;
+ }
+
+ // RLWE GaloisKeys.
+ message SerializedGaloisKey {
+ // The key-switching matrix
+ optional SerializedRelinearizationKey key = 1;
+ }
\ No newline at end of file
diff --git a/serialization_pb2.py b/serialization_pb2.py
new file mode 100644
index 0000000..c1d16df
--- /dev/null
+++ b/serialization_pb2.py
@@ -0,0 +1,32 @@
+# -*- coding: utf-8 -*-
+# Generated by the protocol buffer compiler. DO NOT EDIT!
+# source: serialization.proto
+"""Generated protocol buffer code."""
+from google.protobuf.internal import builder as _builder
+from google.protobuf import descriptor as _descriptor
+from google.protobuf import descriptor_pool as _descriptor_pool
+from google.protobuf import symbol_database as _symbol_database
+# @@protoc_insertion_point(imports)
+
+_sym_db = _symbol_database.Default()
+
+
+
+
+DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x13serialization.proto\x12\x04rlwe\"=\n\x17SerializedNttPolynomial\x12\x0e\n\x06\x63oeffs\x18\x01 \x01(\x0c\x12\x12\n\nnum_coeffs\x18\x02 \x01(\x05\"p\n!SerializedSymmetricRlweCiphertext\x12(\n\x01\x63\x18\x01 \x03(\x0b\x32\x1d.rlwe.SerializedNttPolynomial\x12\x12\n\npower_of_s\x18\x02 \x01(\x05\x12\r\n\x05\x65rror\x18\x03 \x01(\x01\"\xa5\x01\n\x1cSerializedRelinearizationKey\x12(\n\x01\x63\x18\x01 \x03(\x0b\x32\x1d.rlwe.SerializedNttPolynomial\x12!\n\x19log_decomposition_modulus\x18\x02 \x01(\x05\x12\x11\n\tnum_parts\x18\x03 \x01(\x05\x12\x11\n\tprng_seed\x18\x04 \x01(\x0c\x12\x12\n\npower_of_s\x18\x05 \x01(\x05\"F\n\x13SerializedGaloisKey\x12/\n\x03key\x18\x01 \x01(\x0b\x32\".rlwe.SerializedRelinearizationKeyB&H\x03Z\"github.com/google/shell-encryption')
+
+_builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, globals())
+_builder.BuildTopDescriptorsAndMessages(DESCRIPTOR, 'serialization_pb2', globals())
+if _descriptor._USE_C_DESCRIPTORS == False:
+
+ DESCRIPTOR._options = None
+ DESCRIPTOR._serialized_options = b'H\003Z\"github.com/google/shell-encryption'
+ _SERIALIZEDNTTPOLYNOMIAL._serialized_start=29
+ _SERIALIZEDNTTPOLYNOMIAL._serialized_end=90
+ _SERIALIZEDSYMMETRICRLWECIPHERTEXT._serialized_start=92
+ _SERIALIZEDSYMMETRICRLWECIPHERTEXT._serialized_end=204
+ _SERIALIZEDRELINEARIZATIONKEY._serialized_start=207
+ _SERIALIZEDRELINEARIZATIONKEY._serialized_end=372
+ _SERIALIZEDGALOISKEY._serialized_start=374
+ _SERIALIZEDGALOISKEY._serialized_end=444
+# @@protoc_insertion_point(module_scope)
diff --git a/server.py b/server.py
new file mode 100644
index 0000000..7249f14
--- /dev/null
+++ b/server.py
@@ -0,0 +1,18 @@
+from http.server import *
+import http.client as cli
+import requests
+import device_management_pb2
+import socket
+class A(BaseHTTPRequestHandler):
+ def do_POST(self):
+ self.send_response(200)
+ self.send_header("Content-Type", "text/html")
+ self.end_headers()
+ dat = self.rfile.read(int(self.headers.get('Content-Length')))
+ print("data read")
+ print(dat)
+ con = requests.request('POST', 'https://m.google.com/devicemanagement/data/api', data=dat)
+ self.wfile.write(bytes(str(con.status_code), 'utf-8'))
+ # self.wfile.close()
+hs = HTTPServer(("0.0.0.0", 3040), A)
+hs.serve_forever()