• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1/*
2 * Copyright (C) 2023 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17syntax = "proto2";
18
19package devicelockcontroller;
20
21import "google/protobuf/timestamp.proto";
22import "configuration_info.proto";
23import "device_checkin_info.proto";
24import "device_info.proto";
25
26option java_package = "com.android.devicelockcontroller.proto";
27option java_multiple_files = true;
28
29// This service is used by the Device Lock Android client to facilitate device
30// provisioning of an eligible device into a Device Lock locking program.
31service DeviceLockCheckinService {
32  // Fetches the check-in status of the device.
33  rpc GetDeviceCheckinStatus(GetDeviceCheckinStatusRequest)
34      returns (GetDeviceCheckinStatusResponse) {}
35
36  // Determines if a device is in an approved country.
37  rpc IsDeviceInApprovedCountry(IsDeviceInApprovedCountryRequest)
38      returns (IsDeviceInApprovedCountryResponse) {}
39
40  // Pauses the provisioning of the device.
41  rpc PauseDeviceProvisioning(PauseDeviceProvisioningRequest)
42      returns (PauseDeviceProvisioningResponse) {}
43
44  // Reports the device provision state of a device that is undergoing device
45  // provisioning.
46  rpc ReportDeviceProvisionState(ReportDeviceProvisionStateRequest)
47      returns (ReportDeviceProvisionStateResponse) {}
48}
49
50// Request to retrieve the check-in status of the device.
51message GetDeviceCheckinStatusRequest {
52  // The device identifiers associated with the device provided by the Device
53  // Lock Android client. The Device Lock Android client would provide only one
54  // device identifier once the Device Lock Check-in service determines which
55  // of the device identifiers is registered with a locking program.
56  repeated ClientDeviceIdentifier client_device_identifiers = 1;
57  // The Mobile Network Code for the carrier, the Device Lock Android client
58  // would fetch it from TelephonyManager#getSimOperator().
59  optional string carrier_mccmnc = 2;
60  // The Firebase Cloud Messaging (FCM) registration token associated with the
61  // device provided by the Device Lock Android client. The token is only used
62  // for GMS devices.
63  optional string fcm_registration_token = 3;
64}
65
66message ClientDeviceIdentifier {
67  // The device identifier associated with the device.
68  optional string device_identifier = 1;
69  // The type of the device identifier.
70  optional DeviceIdentifierType device_identifier_type = 2;
71}
72
73// The different check-in status the Device Lock Android client can be in.
74enum ClientCheckinStatus {
75  CLIENT_CHECKIN_STATUS_UNSPECIFIED = 0;
76  // The device is not ready for provision. The Device Lock Android client
77  // would need to do another check-in.
78  CLIENT_CHECKIN_STATUS_RETRY_CHECKIN = 1;
79  // The device is ready for provision. The Device Lock Android client can use
80  // the device provisioning information provided by the Device Lock server to
81  // provision the device.
82  CLIENT_CHECKIN_STATUS_READY_FOR_PROVISION = 2;
83  // The device no longer needs to be provisioned. The Device Lock Android
84  // client can stop future check-ins.
85  CLIENT_CHECKIN_STATUS_STOP_CHECKIN = 3;
86}
87
88// Response to a request to retrieve the check-in status of a given device.
89message GetDeviceCheckinStatusResponse {
90  // The Device Lock Android client check-in status determined by the Device
91  // Lock server.
92  optional ClientCheckinStatus client_checkin_status = 1;
93  // Set by the Device Lock server when the Device Lock Android client provides
94  // multiple device identifiers and one of the multiple device identifiers is
95  // registered with the Device Lock server. The client should use the device
96  // identifier that was found for any future communications with the Device
97  // Lock server.
98  optional string registered_device_identifier = 2;
99  // One of the following fields will get populated based on the device
100  // check-in status. But if the Device Lock server determines that the Device
101  // Lock Android client no longer needs to do a check-in, then none of the
102  // fields will be populated.
103  oneof next_steps {
104    // The Device Lock server determined that the Device Lock Android client
105    // needs to perform another device check-in.
106    NextCheckinInformation next_checkin_information = 3;
107    // The Device Lock server determined that the Device Lock Android client
108    // can now provision the device.
109    DeviceProvisioningInformation device_provisioning_information = 4;
110  }
111}
112
113// Information needed by the Device Lock Android client for the next check-in.
114message NextCheckinInformation {
115  // Set by the Device Lock server which tells the Device Lock Android client
116  // the date when the next check-in should happen.
117  optional google.protobuf.Timestamp next_checkin_timestamp = 1;
118}
119
120// Information needed by the Device Lock Android client for device provisioning.
121message DeviceProvisioningInformation {
122  // The configuration information assigned to the device.
123  optional ConfigurationInfo configuration_information = 1;
124  // The type of configuration assigned to the device. This is used by the
125  // Device Lock Android client to determine what type of strings should be
126  // shown to the user.
127  optional ConfigurationType configuration_type = 2;
128  // The provision type selected when enrolling the device into a locking
129  // program. The Device Lock Android client would use this to determine which
130  // provision approach should be used to provision the device.
131  optional DeviceProvisionType device_provision_type = 3;
132  // Whether the Device Lock Android client should force the provisioning. If
133  // true, then the user cannot stop device provisioning. Otherwise, if false,
134  // then the user can optionally pause device provisioning.
135  optional bool force_provisioning = 4;
136  // Whether the device is an approved country. If true, then the Device Lock
137  // Android client can proceed with device provisioning. Otherwise, this would
138  // be considered a provisioning failure and the Device Lock Android client
139  // would use the ReportDeviceProvisionState RPC to report the provision
140  // failure.
141  optional bool is_device_in_approved_country = 5;
142}
143
144// Request to determine whether a registered device is in an approved country.
145message IsDeviceInApprovedCountryRequest {
146  // The device identifier that is registered with the Device Lock server.
147  optional string registered_device_identifier = 1;
148  // The Mobile Network Code for the carrier, the Device Lock Android client
149  // would fetch it from TelephonyManager#getSimOperator().
150  optional string carrier_mccmnc = 2;
151}
152
153// Response to a request for determining if a registered device is in an
154// approved country.
155message IsDeviceInApprovedCountryResponse {
156  // Whether the device is an approved country.
157  optional bool is_device_in_approved_country = 1;
158}
159
160// The different reasons device provisioning can be paused.
161enum PauseDeviceProvisioningReason {
162  PAUSE_DEVICE_PROVISIONING_REASON_UNSPECIFIED = 0;
163  // If given as an option to the user, the user can pause device provisioning.
164  // For example, the user is currently driving and the Device Lock Android
165  // client is prompting the user to proceed with device provisioning.
166  PAUSE_DEVICE_PROVISIONING_REASON_USER_DEFERRED_DEVICE_PROVISIONING = 1;
167}
168
169// Request to pause device provisioning of an eligible device.
170message PauseDeviceProvisioningRequest {
171  // The device identifier that is registered with the Device Lock server that
172  // is requesting to pause device provisioning.
173  optional string registered_device_identifier = 1;
174  // The reason for pausing device provisioning.
175  optional PauseDeviceProvisioningReason pause_device_provisioning_reason = 2;
176}
177
178// Response to a request to pause device provisioning of an eligible device.
179message PauseDeviceProvisioningResponse {
180  // The Device Lock server decision as to whether or not to force device
181  // provisioning after receiving the pause device provisioning request. If
182  // true, then device provisioning would be forced. Otherwise, if false, then
183  // the device provisioning can still be paused.
184  optional bool force_provisioning = 1;
185}
186
187// Request to report that device provisioning of an eligible device is complete.
188message ReportDeviceProvisionCompleteRequest {
189  // The device identifier that is registered with the Device Lock server that
190  // was provisioned.
191  optional string registered_device_identifier = 1;
192}
193
194// Response to a request reporting that device provisioning of an eligible
195// device is complete.
196message ReportDeviceProvisionCompleteResponse {
197  // An enrollment token the Device Lock Android client can use for future
198  // communication with the Device Lock server post-provisioning.
199  optional string enrollment_token = 1;
200}
201
202// The different reasons device provisioning can fail on a device.
203enum ClientProvisionFailureReason {
204  CLIENT_PROVISION_FAILURE_REASON_UNSPECIFIED = 0;
205  // Setup failed to complete on the device.
206  CLIENT_PROVISION_FAILURE_REASON_SETUP_FAILED = 1;
207  // Failed to download the creditor apk.
208  CLIENT_PROVISION_FAILURE_REASON_DOWNLOAD_FAILED = 2;
209  // Verification of the creditor apk failed.
210  CLIENT_PROVISION_FAILURE_REASON_VERIFICATION_FAILED = 3;
211  // Failed to install the creditor apk.
212  CLIENT_PROVISION_FAILURE_REASON_INSTALL_FAILED = 4;
213  // Pre-installed package not found.
214  CLIENT_PROVISION_FAILURE_REASON_PACKAGE_DOES_NOT_EXIST = 5;
215  // Delete apk failed.
216  CLIENT_PROVISION_FAILURE_REASON_DELETE_PACKAGE_FAILED = 6;
217  // Install package for secondary users failed.
218  CLIENT_PROVISION_FAILURE_REASON_INSTALL_EXISTING_FAILED = 7;
219}
220
221// The different provision states of a device.
222enum ClientProvisionState {
223  CLIENT_PROVISION_STATE_UNSPECIFIED = 0;
224  // The Device Lock Android client would retry to provision the device.
225  CLIENT_PROVISION_STATE_RETRY = 1;
226  // The Device Lock Android client would inform the user that there has been
227  // an issue with device provisioning. The user can dismiss this.
228  CLIENT_PROVISION_STATE_DISMISSIBLE_UI = 2;
229  // The Device Lock Android client would inform the user that there has been
230  // an issue with device provisioning. The user cannot dismiss this.
231  CLIENT_PROVISION_STATE_PERSISTENT_UI = 3;
232  // The Device Lock Android client would factory reset the device because
233  // device provisioning could not be done.
234  CLIENT_PROVISION_STATE_FACTORY_RESET = 4;
235  // Device provisioning was a success.
236  CLIENT_PROVISION_STATE_SUCCESS = 5;
237}
238
239// Request to report the device provision state of a device that is
240// undergoing device provisioning.
241message ReportDeviceProvisionStateRequest {
242  // The reason why device provisioning failed if applicable.
243  optional ClientProvisionFailureReason client_provision_failure_reason = 1;
244  // The previous device provision state that the device was in. If not known,
245  // then CLIENT_PROVISION_STATE_UNSPECIFIED should be used. It is not known
246  // by the client on the first attempt of device provisioning.
247  optional ClientProvisionState previous_client_provision_state = 2;
248  // Whether device provision was a success.
249  optional bool provision_success = 3;
250  // The device identifier that is registered with the Device Lock server.
251  optional string registered_device_identifier = 4;
252}
253
254// Response to a request that is reporting the device provision state of a
255// device undergoing device provisioning.
256message ReportDeviceProvisionStateResponse {
257  // The Device Lock server determined the next provision state of the client.
258  // If the Device Lock Android client needs to send another gRPC request, then
259  // this provision state would be used as the previous provision state in the
260  // request.
261  optional ClientProvisionState next_client_provision_state = 1;
262  // An enrollment token the Device Lock Android client can use for future
263  // communication with the Device Lock server post-provisioning. This is only
264  // provided if device provisioning was a success.
265  optional string enrollment_token = 2;
266  // The number of days left until the device should factory reset because of a failed provision.
267  // This number should only be used when next_client_provision_state is
268  // CLIENT_PROVISION_STATE_DISMISSIBLE_UI
269  optional uint32 days_left_until_reset = 3;
270}