1// Copyright 2024 The Chromium Authors 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5syntax = "proto2"; 6 7package net.device_bound_sessions.proto; 8 9option optimize_for = LITE_RUNTIME; 10 11// Protobuf messages that represent a Device Bound Session Credentials 12// (DBSC) session's state that can be saved to disk. 13 14// Specifies whether a URL request should be deferred or not based 15// on matching a specific rule. 16// The numbering is different compared to the 17// `net::device_bound_sessions::SessionInclusionRules::InclusionResult` 18// enum since the style guide asks to use UNSPECIFIED for the zero value 19// enum (https://protobuf.dev/programming-guides/style/#enums). 20enum RuleType { 21 RULE_TYPE_UNSPECIFIED = 0; 22 EXCLUDE = 1; 23 INCLUDE = 2; 24} 25 26// A rule that determines whether a URL request should be deferred. 27// See declaration of `SessionInclusionRules::UrlRule` in 28// //net/device_bound_sessions/session_inclusion_rules.cc for more details. 29message UrlRule { 30 // Whether the request should be included/excluded if there is a match. 31 optional RuleType rule_type = 1; 32 // Domain or pattern the URL must match. 33 optional string host_matcher_rule = 2; 34 // Prefix consisting of path components that the URL must match. 35 optional string path_prefix = 3; 36} 37 38// Represents a set of rules that defines which URL requests may 39// potentially be deferred on account of an active DBSC session. 40// See //net/device_bound_sessions/session_inclusion_rules.h for 41// more details. 42message SessionInclusionRules { 43 // The origin that created/set the DBSC session. 44 optional string origin = 1; 45 // Whether the rules should apply to the whole site. 46 optional bool do_include_site = 2; 47 // A list of rules that add to the basic include rule 48 // (specified by the origin or site). These rules may specify 49 // inclusion or exclusion for URLs that match. 50 repeated UrlRule url_rules = 3; 51} 52 53// The numbering is different compared to the `net::CookieSameSite` enum since 54// the style guide asks to use UNSPECIFIED for the zero value enum 55// (https://protobuf.dev/programming-guides/style/#enums). 56enum CookieSameSite { 57 COOKIE_SAME_SITE_UNSPECIFIED = 0; 58 NO_RESTRICTION = 1; 59 LAX_MODE = 2; 60 STRICT_MODE = 3; 61} 62 63enum CookieSourceScheme { 64 UNSET = 0; 65 NON_SECURE = 1; 66 SECURE = 2; 67} 68 69// Serialized data for a partitioned cookie. 70message SerializedCookiePartitionKey { 71 optional string top_level_site = 1; 72 optional bool has_cross_site_ancestor = 2; 73} 74 75// Represents the need for a certain cookie to be present. 76// See //net/device_bound_sessions/cookie_craving.h for details. 77message CookieCraving { 78 optional string name = 1; 79 optional string domain = 2; 80 optional string path = 3; 81 optional bool secure = 4; 82 optional bool httponly = 5; 83 optional int32 source_port = 6; 84 optional int64 creation_time = 7; 85 optional CookieSameSite same_site = 8; 86 optional CookieSourceScheme source_scheme = 9; 87 optional SerializedCookiePartitionKey serialized_partition_key = 10; 88} 89 90// A Session represents persistent state scoped to a single DBSC session. 91// See //net/device_bound_sessions/session.h for details. 92message Session { 93 // The unique server-issued session identifier. 94 optional string id = 1; 95 // The URL to use for refresh requests on behalf of this session. 96 optional string refresh_url = 2; 97 // If this session should defer requests when cookies are not present. 98 optional bool should_defer_when_expired = 3; 99 // Expiry date for session (encoded as microseconds since the Windows epoch). 100 optional int64 expiry_time = 4; 101 // Wrapped binding key used for this session. 102 optional bytes wrapped_key = 5; 103 // Session inclusion rules. 104 optional SessionInclusionRules session_inclusion_rules = 6; 105 // Set of credentials required by this session. 106 repeated CookieCraving cookie_cravings = 7; 107 // Creation date for session (encoded as microseconds since the Windows 108 // epoch). 109 optional int64 creation_time = 8; 110} 111 112// All the sessions associated with a site (eTLD+1) and it's subdomains. 113message SiteSessions { 114 // The key is a session id string. 115 map<string, Session> sessions = 1; 116} 117