• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1// Copyright 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5syntax = "proto2";
6
7option optimize_for = LITE_RUNTIME;
8
9package enterprise_management;
10
11// Request from device to server to register device.
12message DeviceRegisterRequest {
13  // Reregister device without erasing server state.  It can be used
14  // to refresh dmtoken etc.  Client MUST set this value to true if it
15  // reuses an existing device id.
16  optional bool reregister = 1;
17
18  // Device register type.  This field does not exist for TT release.
19  // When a client requests for policies, server should verify the
20  // client has been registered properly.  For example, a client must
21  // register with type DEVICE in order to retrieve device policies.
22  enum Type {
23    TT   = 0;             // Register for TT release.
24    USER = 1;             // Register for Chrome OS user polices.
25    DEVICE = 2;           // Register for device policies.
26    BROWSER = 3;          // Register for Chrome user policies.
27    ANDROID_BROWSER = 4;  // Register for Android Chrome browser user policies.
28    IOS_BROWSER = 5;      // Register for iOS Chrome browser user policies.
29  }
30  // NOTE: we also use this field to detect client version.  If this
31  // field is missing, then the request comes from TT.  We will remove
32  // Chrome OS TT support once it is over.
33  optional Type type = 2 [default = TT];
34
35  // Machine hardware id, such as serial number.
36  // This field is required if register type == DEVICE.
37  optional string machine_id = 3;
38
39  // Machine model name, such as "ZGA", "Cr-48", "Nexus One".  If the
40  // model name is not available, client SHOULD send generic name like
41  // "Android", or "Chrome OS".
42  optional string machine_model = 4;
43
44  // When true, indicates that the |machine_id| has been identified as auto-
45  // enrollment candidate on the client and the server can use it to verify
46  // that the client is to be enrolled in the correct mode.
47  // Defaults to false when not present.
48  optional bool auto_enrolled = 5;
49
50  // Indicates a requisition of the registering entity that the server can act
51  // upon. This allows clients to pass hints e.g. at device enrollment time
52  // about the intended use of the device.
53  optional string requisition = 6;
54
55  // The current server-backed state key for the client, if applicable. This can
56  // be used by the server to link the registration request to an existing
57  // device record for re-enrollment.
58  optional bytes server_backed_state_key = 7;
59}
60
61// Response from server to device register request.
62message DeviceRegisterResponse {
63  // Device management token for this registration.  This token MUST be
64  // part of HTTP Authorization header for all future requests from
65  // device to server.
66  required string device_management_token = 1;
67
68  // Device display name.  By default, server generates the name in
69  // the format of "Machine Model - Machine Id".  However, domain
70  // admin can update it using CPanel, so do NOT treat it as constant.
71  optional string machine_name = 2;
72
73  // Enum listing the possible modes the device should be locked into when the
74  // registration is finished.
75  enum DeviceMode {
76    // In ENTERPRISE mode the device has no local owner and device settings are
77    // controlled through the cloud policy infrastructure. Auto-enrollment is
78    // supported in that mode.
79    ENTERPRISE = 0;
80    // Devices in RETAIL mode also have no local owner and get their device
81    // settings from the cloud, but additionally this mode enables the demo
82    // account on the device.
83    RETAIL = 1;
84  }
85  optional DeviceMode enrollment_type = 3 [default = ENTERPRISE];
86}
87
88// Request from device to server to unregister device.
89// GoogleDMToken MUST be in HTTP Authorization header.
90message DeviceUnregisterRequest {
91}
92
93// Response from server to device for unregister request.
94message DeviceUnregisterResponse {
95}
96
97// Request from device to server to upload device EMCert
98// (enterprise machine cert used for remote attestation).
99// GoogleDMToken MUST be in HTTP Authorization header.
100message DeviceCertUploadRequest {
101  // EMCert in X.509 format.
102  optional bytes device_certificate = 1;
103}
104
105// Response from server to device for cert upload request.
106message DeviceCertUploadResponse {
107}
108
109// Request to access a Google service with the given scope.
110message DeviceServiceApiAccessRequest {
111  // The list of auth scopes the device requests from DMServer.
112  repeated string auth_scope = 1;
113
114  // OAuth2 client ID to which the returned authorization code is bound.
115  optional string oauth2_client_id = 2;
116}
117
118message DeviceServiceApiAccessResponse {
119  // The OAuth2 authorization code for the requested scope(s).
120  // This can be exchanged for a refresh token.
121  optional string auth_code = 1;
122}
123
124message PolicyFetchRequest {
125  // This is the policy type, which maps to D3 policy type internally.
126  // By convention, we use "/" as separator to create policy namespace.
127  // The policy type names are case insensitive.
128  //
129  // Possible values for Chrome OS are:
130  //   google/chromeos/device => ChromeDeviceSettingsProto
131  //   google/chromeos/user => ChromeSettingsProto
132  //   google/chromeos/publicaccount => ChromeSettingsProto
133  //   google/chrome/extension => ExternalPolicyData
134  //   google/android/user => ChromeSettingsProto
135  //   google/ios/user => ChromeSettingsProto
136  optional string policy_type = 1;
137
138  // This is the last policy timestamp that client received from server.
139  optional int64 timestamp = 2;
140
141  // Tell server what kind of security signature is required.
142  enum SignatureType {
143    NONE = 0;
144    SHA1_RSA = 1;
145  }
146  optional SignatureType signature_type = 3 [default = NONE];
147
148  // The version number of the public key that is currently stored
149  // on the client. This should be the last number the server had
150  // supplied as new_public_key_version in PolicyData.
151  // This field is unspecified if the client does not yet have a
152  // public key.
153  optional int32 public_key_version = 4;
154
155  // Machine hardware id, such as serial number.
156  // This field is should be set only if the serial number for the device is
157  // missing from the server, as indicated by the valid_serial_number_missing
158  // field in the last policy fetch response.
159  optional string machine_id = 5;
160
161  // This field is used for devices to send the additional ID to fetch settings.
162  // Retrieving some settings requires more than just device or user ID.
163  // For example, to retrieve public account, devices need to pass in
164  // public account ID in addition to device ID. To retrieve extension or
165  // plug-in settings, devices need to pass in extension/plug-in ID in
166  // addition to user ID.
167  // policy_type represents the type of settings (e.g. public account,
168  // extension) devices request to fetch.
169  optional string settings_entity_id = 6;
170
171  // If this fetch is due to a policy invalidation, this field contains the
172  // version provided with the invalidation. The server interprets this value
173  // and the value of invalidation_payload to fetch the up-to-date policy.
174  optional int64 invalidation_version = 7;
175
176  // If this fetch is due to a policy invalidation, this field contains the
177  // payload delivered with the invalidation. The server interprets this value
178  // and the value of invalidation_version to fetch the up-to-date policy.
179  optional bytes invalidation_payload = 8;
180
181  // Hash string for the chrome policy verification public key which is embedded
182  // into Chrome binary. Matching private key will be used by the server
183  // to sign per-domain policy keys during key rotation. If server does not
184  // have the key which matches this hash string, that could indicate malicious
185  // or out-of-date Chrome client.
186  optional string verification_key_hash = 9;
187}
188
189// This message is included in serialized form in PolicyFetchResponse
190// below.  It may also be signed, with the signature being created for
191// the serialized form.
192message PolicyData {
193  // See PolicyFetchRequest.policy_type.
194  optional string policy_type = 1;
195
196  // [timestamp] is milliseconds since Epoch in UTC timezone. It is
197  // included here so that the time at which the server issued this
198  // response cannot be faked (as protection against replay attacks).
199  // It is the timestamp generated by DMServer, NOT the time admin
200  // last updated the policy or anything like that.
201  optional int64 timestamp = 2;
202
203  // The DM token that was used by the client in the HTTP POST header
204  // for authenticating the request. It is included here again so that
205  // the client can verify that the response is meant for him (and not
206  // issued by a replay or man-in-the-middle attack).
207  optional string request_token = 3;
208
209  // The serialized value of the actual policy protobuf.  This can be
210  // deserialized to an instance of, for example, ChromeSettingsProto,
211  // ChromeDeviceSettingsProto, or ExternalPolicyData.
212  optional bytes policy_value = 4;
213
214  // The device display name assigned by the server.  It is only
215  // filled if the display name is available.
216  //
217  // The display name of the machine as generated by the server or set
218  // by the Administrator in the CPanel GUI. This is the same thing as
219  // |machine_name| in DeviceRegisterResponse but it might have
220  // changed since then.
221  optional string machine_name = 5;
222
223  // Version number of the server's current public key. (The key that
224  // was used to sign this response. Numbering should start at 1 and be
225  // increased by 1 at each key rotation.)
226  optional int32 public_key_version = 6;
227
228  // The user this policy is intended for. In case of device policy, the name
229  // of the owner (who registered the device).
230  optional string username = 7;
231
232  // In this field the DMServer should echo back the "deviceid" HTTP parameter
233  // from the request.
234  optional string device_id = 8;
235
236  // Indicates which state this association with DMServer is in. This can be
237  // used to tell the client that it is not receiving policy even though the
238  // registration with the server is kept active.
239  enum AssociationState {
240    // Association is active and policy is pushed.
241    ACTIVE = 0;
242    // Association is alive, but the corresponding domain is not managed.
243    UNMANAGED = 1;
244    // Client got dropped on the server side.
245    DEPROVISIONED = 2;
246  }
247  optional AssociationState state = 9 [default = ACTIVE];
248
249  // Indicates if the the server cannot find a valid serial number for the
250  // device.  If this flag is set, the device should send the valid serial
251  // number with a device policy fetch request.  Note that this only
252  // applies to device policy.
253  optional bool valid_serial_number_missing = 10;
254
255  // Indicates which public account or extension/plug-in this policy data is
256  // for. See PolicyFetchRequest.settings_entity_id for more details.
257  optional string settings_entity_id = 11;
258
259  // Indicates the identity the device service account is associated with.
260  // This is only sent as part of device policy fetch.
261  optional string service_account_identity = 12;
262
263  // The object source which hosts policy objects within the invalidation
264  // service. This value is combined with invalidation_name to form the object
265  // id used to register for invalidations to this policy.
266  optional int32 invalidation_source = 13;
267
268  // The name which uniquely identifies this policy within the invalidation
269  // service object source. This value is combined with invalidation_source to
270  // form the object id used to register for invalidations to this policy.
271  optional bytes invalidation_name = 14;
272
273  // Server-provided identifier of the fetched policy. This is to be used
274  // by the client when requesting Policy Posture assertion through an API
275  // call or SAML flow.
276  optional string policy_token = 15;
277
278  // Indicates the management mode of the device. Note that old policies do not
279  // have this field.
280  enum ManagementMode {
281    // The device is not managed. The policies are set locally by the owner of
282    // the device.
283    NOT_MANAGED = 0;
284    // The device is enterprise-managed. The policies come from the enterprise
285    // server.
286    ENTERPRISE_MANAGED = 1;
287    // The device is consumer-managed. The policies currently can only be set
288    // locally by the owner of the device.
289    CONSUMER_MANAGED = 2;
290  }
291  optional ManagementMode management_mode = 16;
292}
293
294message PolicyFetchResponse {
295  // Since a single policy request may ask for multiple policies, we
296  // provide separate error code for each individual policy fetch.
297
298  // We will use standard HTTP Status Code as error code.
299  optional int32 error_code = 1;
300
301  // Human readable error message for customer support purpose.
302  optional string error_message = 2;
303
304  // This is a serialized |PolicyData| protobuf (defined above).
305  optional bytes policy_data = 3;
306
307  // Signature of the policy data above.
308  optional bytes policy_data_signature = 4;
309
310  // If the public key has been rotated on the server, the new public
311  // key is sent here. It is already used for |policy_data_signature|
312  // above, whereas |new_public_key_signature| is created using the
313  // old key (so the client can trust the new key). If this is the
314  // first time when the client requests policies (so it doesn't have
315  // on old public key), then |new_public_key_signature| is empty.
316  optional bytes new_public_key = 5;
317  optional bytes new_public_key_signature = 6;
318
319  // If new_public_key is specified, this field contains a signature
320  // of a PolicyPublicKeyAndDomain protobuf, signed using a key only
321  // available to DMServer. The public key portion of this well-known key is
322  // embedded into the Chrome binary. The hash of that embedded key is passed
323  // to DMServer as verification_key_hash field in PolicyFetchRequest. DMServer
324  // will pick a private key on the server which matches the hash (matches
325  // public key on the client). If DMServer is unable to find matching key, it
326  // will return an error instead of policy data.
327  // In case hash was not specified, DMServer will leave verification signature
328  // field empty (legacy behavior).
329  // In addition to the checks between new_public_key
330  // and new_public_key_signature described above, Chrome also verifies
331  // new_public_key with the embedded public key and
332  // new_public_key_verification_signature.
333  optional bytes new_public_key_verification_signature = 7;
334}
335
336// Protobuf used to generate the new_public_key_verification_signature field.
337message PolicyPublicKeyAndDomain {
338  // The public key to sign (taken from the |new_public_key| field in
339  // PolicyFetchResponse).
340  optional bytes new_public_key = 1;
341
342  // The domain associated with this key (should match the domain portion of
343  // the username field of the policy).
344  optional string domain = 2;
345}
346
347// Request from device to server for reading policies.
348message DevicePolicyRequest {
349  // The policy fetch request.  If this field exists, the request must
350  // comes from a non-TT client.  The repeated field allows client to
351  // request multiple policies for better performance.
352  repeated PolicyFetchRequest request = 3;
353}
354
355// Response from server to device for reading policies.
356message DevicePolicyResponse {
357  // The policy fetch response.
358  repeated PolicyFetchResponse response = 3;
359}
360
361message TimePeriod {
362  // [timestamp] is milli seconds since Epoch in UTC timezone.
363  optional int64 start_timestamp = 1;
364  optional int64 end_timestamp = 2;
365}
366
367message ActiveTimePeriod {
368  optional TimePeriod time_period = 1;
369
370  // The active duration during the above time period.
371  // The unit is milli-second.
372  optional int32 active_duration = 2;
373}
374
375// This captures launch events for one app/extension or other installments.
376message InstallableLaunch {
377  optional string install_id = 1;
378
379  // Time duration where this report covers. These are required
380  // and the record will be ignored if not set.
381  optional TimePeriod duration = 2;
382
383  // Client will send at most 50 timestamps to DM. All the rest
384  // launch activities will be summed into the total count.
385  // We will distribute the count evenly among the time span when
386  // doing time based aggregation.
387  repeated int64 timestamp = 3;
388  optional int64 total_count = 4;
389}
390
391// Used to report the device location.
392message DeviceLocation {
393  enum ErrorCode {
394    ERROR_CODE_NONE                 = 0;
395    ERROR_CODE_POSITION_UNAVAILABLE = 1;
396  }
397
398  // Latitude in decimal degrees north (WGS84 coordinate frame).
399  optional double latitude = 1;
400
401  // Longitude in decimal degrees west (WGS84 coordinate frame).
402  optional double longitude = 2;
403
404  // Altitude in meters (above WGS84 datum).
405  optional double altitude = 3;
406
407  // Accuracy of horizontal position in meters.
408  optional double accuracy = 4;
409
410  // Accuracy of altitude in meters.
411  optional double altitude_accuracy = 5;
412
413  // Heading in decimal degrees clockwise from true north.
414  optional double heading = 6;
415
416  // Horizontal component of device velocity in meters per second.
417  optional double speed = 7;
418
419  // Time of position measurement in milisecons since Epoch in UTC time.
420  optional int64 timestamp = 8;
421
422  // Error code, see enum above.
423  optional ErrorCode error_code = 9;
424
425  // Human-readable error message.
426  optional string error_message = 10;
427}
428
429// Details about a network interface.
430message NetworkInterface {
431  // Indicates the type of network device.
432  enum NetworkDeviceType {
433    TYPE_ETHERNET = 0;
434    TYPE_WIFI = 1;
435    TYPE_WIMAX = 2;
436    TYPE_BLUETOOTH = 3;
437    TYPE_CELLULAR = 4;
438  }
439
440  // Network device type.
441  optional NetworkDeviceType type = 1;
442
443  // MAC address (if applicable) of the corresponding network device. This is
444  // formatted as an ASCII string with 12 hex digits. Example: A0B1C2D3E4F5.
445  optional string mac_address = 2;
446
447  // MEID (if applicable) of the corresponding network device. Formatted as
448  // ASCII string composed of 14 hex digits. Example: A10000009296F2.
449  optional string meid = 3;
450
451  // IMEI (if applicable) of the corresponding network device. 15-16 decimal
452  // digits encoded as ASCII string. Example: 355402040158759.
453  optional string imei = 4;
454}
455
456// Details about a device user.
457message DeviceUser {
458  // Types of device users which can be reported.
459  enum UserType {
460    // A user managed by the same domain as the device.
461    USER_TYPE_MANAGED = 0;
462
463    // A user not managed by the same domain as the device.
464    USER_TYPE_UNMANAGED = 1;
465  }
466
467  // The type of the user.
468  required UserType type = 1;
469
470  // Email address of the user. Present only if the user type is managed.
471  optional string email = 2;
472}
473
474// Report device level status.
475message DeviceStatusReportRequest {
476  // The OS version reported by the device is a platform version
477  // e.g. 1435.0.2011_12_16_1635.
478  optional string os_version = 1;
479  optional string firmware_version = 2;
480
481  // "Verified", "Dev". Same as verified mode.
482  // If the mode is unknown, this field should not be set.
483  optional string boot_mode = 3;
484
485  // Device active times collection since last report rpc call.
486  // No longer used -- use active_period instead.
487  repeated TimePeriod active_time = 4 [deprecated = true];
488
489  // The browser version string as shown in the About dialog.
490  // e.g. 17.0.963.18.
491  optional string browser_version = 5;
492
493  // A list of periods when the device was active, aggregated by day.
494  repeated ActiveTimePeriod active_period = 6;
495
496  // The device location.
497  optional DeviceLocation device_location = 7;
498
499  // List of network interfaces.
500  repeated NetworkInterface network_interface = 8;
501
502  // List of recent device users, in descending order by last login time.
503  repeated DeviceUser user = 9;
504}
505
506// Report session (a user on one device) level status.
507message SessionStatusReportRequest {
508  // Installed apps for this user on this device.
509  repeated string installed_app_id = 1;
510
511  // Installed extensions for this user on this device.
512  repeated string installed_extension_id = 2;
513
514  // One stat per app for top 30 apps.
515  repeated InstallableLaunch app_launch_stat = 3;
516}
517
518// Response from DMServer to update devices' status.
519// It is possible that status report fails but policy request succeed.  In such
520// case, the DeviceStatusReportResponse will contain an error code and the
521// device should re-send status report data in the next policy request.  The
522// device should re-send report data if policy request fails, even if
523// DeviceStatusReportResponse contains no error code.
524message DeviceStatusReportResponse {
525  optional int32 error_code = 1;
526
527  // Human readable error message for customer support purpose.
528  optional string error_message = 2;
529}
530
531// Response from DMServer to update user devices' status.
532// It is possible that status report fails but policy request succeed.  In such
533// case, the SessionStatusReportResponse will contain an error code and the
534// device should re-send status report data in the next policy request.  The
535// device should re-send report data if policy request fails, even if
536// SessionStatusReportResponse contains no error code.
537message SessionStatusReportResponse {
538  optional int32 error_code = 1;
539
540  // Human readable error message for customer support purpose.
541  optional string error_message = 2;
542}
543
544// Request from device to server to determine whether the device should
545// go through enterprise enrollment. Unlike the other requests, this request is
546// not authenticated.
547message DeviceAutoEnrollmentRequest {
548  // SHA-256 hash of the device's serial number, mod |modulus|.
549  // Should always be present.
550  optional int64 remainder = 1;
551
552  // Modulus of the hash used by the client. Should always be present. This
553  // is the number of buckets the client thinks the server has. For now,
554  // it is a power of 2, but due to the strict constraint on how many serial
555  // numbers a bucket can contain, it may become non power of 2. If that
556  // happens, client-side needs to change its assumption.
557  optional int64 modulus = 2;
558}
559
560// Response from server to auto-enrollment detection request.
561message DeviceAutoEnrollmentResponse {
562  // If this field is present, the other fields are ignored and the client
563  // should send a new DeviceAutoEnrollmentRequest with a new |remainder|
564  // computed using this new |modulus|. If this field is empty, the client's
565  // request was accepted.
566  // DMServer guarantees that if the modulus sent by client in
567  // DeviceAutoEnrollmentRequest matches server's expectation, this field
568  // is unset.
569  optional int64 expected_modulus = 1;
570
571  // List of hashes in the client's hash bucket. If the client's hash matches
572  // any in this list, the client device should do enterprise enrollment.
573  // If it matches none, enrollment should be optional.
574  // Each entry has exactly 256 bits (32 bytes).
575  repeated bytes hash = 2;
576}
577
578// Sent by the client to the server. The device management server keeps a
579// mapping of device identifiers to device state. Devices query this table after
580// hard reset in order recover state. This request is keyed just by the opaque
581// server-backed state key; there is no further authentication.
582message DeviceStateRetrievalRequest {
583  // Opaque, client-determined, unpredictable, stable and unique device
584  // identifier to retrieve state for. This field contains 32 bytes of data that
585  // looks essentially random to the server. It may be generated e.g. by running
586  // a concatenation of suitable device identifiers through a cryptographic hash
587  // algorithm such as SHA-256.
588  optional bytes server_backed_state_key = 1;
589}
590
591// Sent by the client to the server when in registered state to update the
592// device-determined device state keys.
593message DeviceStateKeyUpdateRequest {
594  // The client-determined state keys. To the server, these look like 32 bytes
595  // of random data. The client should generate these keys using a deterministic
596  // algorithm that takes stable device identifiers as an input and produces a
597  // key as the output, possibly by running the identifiers through a
598  // cryptographic hash function such as SHA-256.
599  repeated bytes server_backed_state_key = 1;
600}
601
602// Server to client message carrying the device state response. Because the
603// request is not authenticated, the only protection against state extraction
604// from server is the unpredictability of the server-backed state ID. Thus, the
605// response should not contain any sensitive data. If the server doesn't know
606// the requested identifier, it just return a message with restore_mode set to
607// RESTORE_MODE_NONE.
608message DeviceStateRetrievalResponse {
609  // Restorative action to take after device reset.
610  enum RestoreMode {
611    // No state restoration.
612    RESTORE_MODE_NONE = 0;
613    // Enterprise enrollment requested, but user may skip.
614    RESTORE_MODE_REENROLLMENT_REQUESTED = 1;
615    // Enterprise enrollment is enforced and cannot be skipped.
616    RESTORE_MODE_REENROLLMENT_ENFORCED = 2;
617  };
618  // The server-indicated restore mode.
619  optional RestoreMode restore_mode = 1 [default = RESTORE_MODE_NONE];
620
621  // Primary domain the device is associated with.
622  optional string management_domain = 2;
623}
624
625// Sent by the client to the server to pair the Host device with the Controller
626// device. The HTTP request contains an end-user OAuth token and only succeeds
627// if both Host and Controller devices belong to the end-user domain.
628message DevicePairingRequest {
629
630  // The device ID of the Host device.
631  optional string host_device_id = 1;
632
633  // The device ID of the Controller device.
634  optional string controller_device_id = 2;
635}
636
637// Response from the server to the device pairing request.
638message DevicePairingResponse {
639
640  // The client should check HTTP status code first. If HTTP status code is not
641  // 200 (e.g. 500 internal error), then it means the pairing fails. If HTTP
642  // status code is 200, then the client should check the status code within the
643  // response.
644  enum StatusCode {
645    SUCCESS = 0;
646
647    // A generic failure code for pairing.
648    FAILED = 1;
649
650    // The Host device cannot be found in the user's domain.
651    HOST_DEVICE_NOT_FOUND = 2;
652
653    // The Controller device cannot be found in the user's domain.
654    CONTROLLER_DEVICE_NOT_FOUND  = 3;
655
656    // The Host device is deprovisioned.
657    HOST_DEVICE_DEPROVISIONED = 4;
658
659    // The Controller device is deprovisioned.
660    CONTROLLER_DEVICE_DEPROVISIONED = 5;
661  }
662
663  optional StatusCode status_code = 1 [default = FAILED];
664}
665
666// Sent by the client to the server to check if the devices are paired. The HTTP
667// request contains controller service account OAuth token as well as the
668// DMToken from the Host device.
669message CheckDevicePairingRequest {
670
671  // The device ID of the Host device.
672  optional string host_device_id = 1;
673
674  // The device ID of the Controller device.
675  optional string controller_device_id = 2;
676}
677
678// Response from the server to the check device pairing request.
679message CheckDevicePairingResponse {
680
681  // The client should check HTTP status code first. If HTTP status code is not
682  // 200 (e.g. 500 internal error), then it means the pairing status is unknown.
683  // If HTTP status code is 200, then the client should check the status code
684  // within the response.
685  enum StatusCode {
686    PAIRED = 0;
687
688    // The Host and Controller devices are not paired.
689    NOT_PAIRED = 1;
690
691    // The Host device cannot be found in the Host device domain.
692    HOST_DEVICE_NOT_FOUND = 2;
693
694    // The Controller device cannot be found in the Host device domain.
695    CONTROLLER_DEVICE_NOT_FOUND  = 3;
696
697    // The Host device is deprovisioned.
698    HOST_DEVICE_DEPROVISIONED = 4;
699
700    // The Controller device is deprovisioned.
701    CONTROLLER_DEVICE_DEPROVISIONED = 5;
702
703    // Invalid controller identity.
704    INVALID_CONTROLLER_DEVICE_IDENTITY = 6;
705  }
706
707  optional StatusCode status_code = 1 [default = NOT_PAIRED];
708}
709
710// Request from the DMAgent on the device to the DMServer.  This is
711// container for all requests from device to server.  The overall HTTP
712// request MUST be in the following format:
713//
714// * HTTP method is POST
715// * Data mime type is application/x-protobuffer
716// * HTTP parameters are (all required, all case sensitive):
717//   * request: MUST BE one of
718//     * api_authorization
719//     * cert_upload
720//     * check_device_pairing
721//     * device_pairing
722//     * device_state_retrieval
723//     * enterprise_check
724//     * ping
725//     * policy
726//     * register
727//     * status
728//     * unregister
729//
730//   * devicetype: MUST BE "1" for Android or "2" for Chrome OS.
731//   * apptype: MUST BE Android or Chrome.
732//   * deviceid: MUST BE no more than 64-char in [\x21-\x7E].
733//   * agent: MUST BE a string of characters.
734// * HTTP Authorization header MUST be in the following formats:
735//   * For register and ping requests
736//     Authorization: GoogleLogin auth=<auth cookie for Mobile Sync>
737//
738//   * For unregister, policy, status, and cert_upload requests
739//      Authorization: GoogleDMToken token=<dm token from register>
740//
741//   * The Authorization header isn't used for enterprise_check
742//     request, nor for register requests using OAuth. In the latter case,
743//     the OAuth token is passed in the "oauth" parameter.
744//
745// DeviceManagementRequest should only contain one request which matches the
746// HTTP query parameter - request, as listed below. Other requests within the
747// container will be ignored.
748//   cert_upload: cert_upload_request
749//   check_device_pairing: check_device_pairing_request
750//   device_pairing: device_pairing_request
751//   device_state_retrieval: device_state_retrieval_request
752//   enterprise_check: auto_enrollment_request
753//   ping: policy_request
754//   policy: policy_request
755//   register: register_request
756//   status: device_status_report_request or session_status_report_request
757//   unregister: unregister_request
758//
759//
760message DeviceManagementRequest {
761  // Register request.
762  optional DeviceRegisterRequest register_request = 1;
763
764  // Unregister request.
765  optional DeviceUnregisterRequest unregister_request = 2;
766
767  // Policy request.
768  optional DevicePolicyRequest policy_request = 3;
769
770  // Update status.
771  optional DeviceStatusReportRequest device_status_report_request = 4;
772  optional SessionStatusReportRequest session_status_report_request = 5;
773
774  // Auto-enrollment detection.
775  optional DeviceAutoEnrollmentRequest auto_enrollment_request = 6;
776
777  // EMCert upload (for remote attestation)
778  optional DeviceCertUploadRequest cert_upload_request = 7;
779
780  // Request for OAuth2 authorization codes to access Google services.
781  optional DeviceServiceApiAccessRequest service_api_access_request = 8;
782
783  // Device-state retrieval.
784  optional DeviceStateRetrievalRequest device_state_retrieval_request = 9;
785
786  // Device state key update.
787  optional DeviceStateKeyUpdateRequest device_state_key_update_request = 10;
788
789  // Pair two devices.
790  optional DevicePairingRequest device_pairing_request = 11;
791
792  // Check if two devices are paired.
793  optional CheckDevicePairingRequest check_device_pairing_request = 12;
794}
795
796// Response from server to device.
797//
798// The server uses the following numbers as HTTP status codes
799// to report top-level errors.
800//
801// 200 OK: valid response is returned to client.
802// 400 Bad Request: invalid argument.
803// 401 Unauthorized: invalid auth cookie or DM token.
804// 403 Forbidden: device management is not allowed.
805// 404 Not Found: the request URL is invalid.
806// 410 Device Not Found: the device id is not found.
807// 491 Request Pending: the request is pending approval.
808// 500 Internal Server Error: most likely a bug in DM server.
809// 503 Service Unavailable: most likely a backend error.
810// 901 Device Not Found: the device id is not found.
811// 902 Policy Not Found: the policy is not found.
812message DeviceManagementResponse {
813  // Error message.
814  optional string error_message = 2;
815
816  // Register response
817  optional DeviceRegisterResponse register_response = 3;
818
819  // Unregister response
820  optional DeviceUnregisterResponse unregister_response = 4;
821
822  // Policy response.
823  optional DevicePolicyResponse policy_response = 5;
824
825  // Device status report response.
826  optional DeviceStatusReportResponse device_status_report_response = 6;
827
828  // Session status report response.
829  optional SessionStatusReportResponse session_status_report_response = 7;
830
831  // Auto-enrollment detection response.
832  optional DeviceAutoEnrollmentResponse auto_enrollment_response = 8;
833
834  // EMCert upload response.
835  optional DeviceCertUploadResponse cert_upload_response = 9;
836
837  // Response to OAuth2 authorization code request.
838  optional DeviceServiceApiAccessResponse service_api_access_response = 10;
839
840  // Device-state retrieval.
841  optional DeviceStateRetrievalResponse device_state_retrieval_response = 11;
842
843  // Response to device pairing request.
844  optional DevicePairingResponse device_pairing_response = 12;
845
846  // Response to check device pairing request.
847  optional CheckDevicePairingResponse check_device_pairing_response = 13;
848}
849