chrome/browser/policy/proto/chromeos/chrome_device_policy.proto

// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

syntax = "proto2";

option optimize_for = LITE_RUNTIME;

package enterprise_management;

message DevicePolicyRefreshRateProto {
  // In milliseconds.
  optional int64 device_policy_refresh_rate = 1;
}

message UserWhitelistProto {
  // If a UserWhitelistProto is included in the ChromeDeviceSettingsProto but
  // the user_whitelist field is empty then no user can sign-in.
  repeated string user_whitelist = 1;
}

message AllowNewUsersProto {
  // Determines whether we allow arbitrary users to log into the device.
  // This interacts with the UserWhitelistProto as follows:
  // allow_new_users | user_whitelist     | anyone can log in
  //-----------------+--------------------+------------------
  //  present, true  | not present        | Yes
  //-----------------+--------------------+------------------
  //  present, true  | present            | Yes
  //-----------------+--------------------+------------------
  //  present, false | not present        | (Broken) Yes
  //-----------------+--------------------+------------------
  //  present, false | present            | No, W/L enforced
  //-----------------+--------------------+------------------
  //  not present    | not present        | Yes
  //-----------------+--------------------+------------------
  //  not present    | present, empty     | Yes
  //-----------------+--------------------+------------------
  //  not present    | present, non-empty | No, W/L enforced
  //-----------------+--------------------+------------------
  optional bool allow_new_users = 1 [default = true];
}

message GuestModeEnabledProto {
  // Determines if guests are allowed to log in to the device.
  optional bool guest_mode_enabled = 1 [default = true];
}

message ShowUserNamesOnSigninProto {
  // Determines if we show pods for existing users on the sign in screen.
  optional bool show_user_names = 1 [default = true];
}

message DataRoamingEnabledProto {
  // Determines if cellular data roaming is enabled.
  optional bool data_roaming_enabled = 1 [default = false];
}

message DeviceProxySettingsProto {
  // One of "direct", "auto_detect", "pac_script", "fixed_servers", "system"
  optional string proxy_mode = 1;
  optional string proxy_server = 2;
  optional string proxy_pac_url = 3;
  optional string proxy_bypass_list = 4;
}

message CameraEnabledProto {
  optional bool camera_enabled = 1;
}

message MetricsEnabledProto {
  optional bool metrics_enabled = 1;
}

message ReleaseChannelProto {
  // One of "stable-channel", "beta-channel", or "dev-channel"
  optional string release_channel = 1;

  // If |release_channel_delegated| is set to true and the |release_channel|
  // field is not set or left empty, the user can select the channel. If the
  // |release_channel| is specified it will always override users choice!
  optional bool release_channel_delegated = 2;
}

message DeviceOpenNetworkConfigurationProto {
  // The network configuration blob. This is a JSON string as specified by ONC.
  optional string open_network_configuration = 1;
}

// Policies to turn on portions of the device status reports.
message DeviceReportingProto {
  optional bool report_version_info = 1;
  optional bool report_activity_times = 2;
  optional bool report_boot_mode = 3;
  optional bool report_location = 4;
  optional bool report_network_interfaces = 5;
}

message EphemeralUsersEnabledProto {
  // Determines whether users should be treated as ephemeral. In ephemeral users
  // mode, no cryptohome is created for the user, but a tmpfs mount is used
  // instead such that upon logout all user state is discarded.
  optional bool ephemeral_users_enabled = 1;
}

// Details of an extension to install as part of the AppPack.
message AppPackEntryProto {
  optional string extension_id = 1;
  optional string update_url = 2;
  optional bool online_only = 3;
}

message AppPackProto {
  // List of extensions to install as part of the AppPack.
  repeated AppPackEntryProto app_pack = 1;
}

// This is a special policy for kiosk/retail mode that specifies what apps
// should be pinned to the launcher. For regular accounts, pinned apps are
// controlled through user policy.
message PinnedAppsProto {
  // App IDs for the apps to pin.
  repeated string app_id = 1;
}

message ForcedLogoutTimeoutsProto {
  // All timeouts are specified in milliseconds.

  // Specifies the timeout before an idle user session is terminated.
  // If this field is omitted or set to 0, no logout on idle will be performed.
  optional int64 idle_logout_timeout = 1;

  // Specifies the duration of a warning countdown before the user is logged out
  // because of idleness as specified by the |idle_logout_timeout| value.
  // This field is only used if |idle_logout_timeout| != 0 is specified.
  optional int64 idle_logout_warning_duration = 2;
}

message ScreenSaverProto {
  // Specifies the extension ID which is to be used as a screen saver on the
  // login screen if no user activity is present. Only respected if the device
  // is in RETAIL mode.
  optional string screen_saver_extension_id = 1;

  // Specifies the timeout before the screen saver is activated. If this field
  // is omitted or set to 0, no screen-saver will be started.
  // Measured in milliseconds.
  optional int64 screen_saver_timeout = 2;
}

// Enterprise controls for auto-update behavior of Chrome OS.
message AutoUpdateSettingsProto {
  // True if we don't want the device to auto-update (target_version_prefix is
  // ignored in this case).
  optional bool update_disabled = 1;

  // Specifies the prefix of the target version we want the device to
  // update to, if it's on a older version. If the device is already on
  // a version with the given prefix, then there's no effect. If the device is
  // on a higher version, it will remain on the higher version as we
  // don't support rollback yet. The format of this version can be one
  // of the following:
  // ---------------------------------------------------------------------
  // "" (or not set at all): update to latest version available.
  // 1412.: update to any minor version of 1412 (e.g. 1412.24.34 or 1412.60.2)
  // 1412.2.: update to any minor version of 1412.2 (e.g. 1412.2.34 or 1412.2.2)
  // 1412.24.34: update to this specific version only
  // ---------------------------------------------------------------------
  optional string target_version_prefix = 2;

  // The Chrome browser version (e.g. "17.*") corresponding to the
  // target_version_prefix above. The target_version_prefix is the internal OS
  // version that external users normally are not aware of. This display_name
  // can be used by the devices to display a message to end-users about the auto
  // update setting.
  optional string target_version_display_name = 3;

  // Specifies the number of seconds up to which a device may randomly
  // delay its download of an update from the time the update was first pushed
  // out to the server. The device may wait a portion of this time in terms
  // of wall-clock-time and the remaining portion in terms of the number of
  // update checks. In any case, the scatter is upper bounded by a constant
  // amount of time so that a device does not ever get stuck waiting to download
  // an update forever.
  optional int64 scatter_factor_in_seconds = 4;

  // Enumerates network connection types.
  enum ConnectionType {
    CONNECTION_TYPE_ETHERNET = 0;
    CONNECTION_TYPE_WIFI = 1;
    CONNECTION_TYPE_WIMAX = 2;
    CONNECTION_TYPE_BLUETOOTH = 3;
    CONNECTION_TYPE_CELLULAR = 4;
  }

  // The types of connections that are OK to use for OS updates. OS updates
  // potentially put heavy strain on the connection due to their size and may
  // incur additional cost. Therefore, they are by default not enabled for
  // connection types that are considered expensive, which include WiMax,
  // Bluetooth and Cellular at the moment.
  repeated ConnectionType allowed_connection_types = 5;

  // This has been replaced by |reboot_after_update| below.
  optional bool OBSOLETE_reboot_after_update = 6 [deprecated = true];

  // True if AU payloads can be downloaded via HTTP. False otherwise.
  optional bool http_downloads_enabled = 7 [default = false];

  // True if the device should reboot automatically when an update has been
  // applied and a reboot is required to complete the update process.
  //
  // Note: Currently, automatic reboots are only enabled while the login screen
  // is being shown or a kiosk app session is in progress. This will change in
  // the future and the policy will always apply, regardless of whether a
  // session of any particular type is in progress or not.
  optional bool reboot_after_update = 8;
}

message StartUpUrlsProto {
  // Specifies the URLs to be loaded on login to the anonymous account used if
  // the device is in RETAIL mode.
  repeated string start_up_urls = 1;
}

message SystemTimezoneProto {
  // Specifies an owner-determined timezone that applies to the login screen and
  // all users. Valid values are listed in "timezone_settings.cc". Additionally,
  // timezones from the "IANA Time Zone Database" (e.g. listed on wikipedia)
  // that are equivalent to one of the timezones in "timezone_settings.cc" are
  // valid. In case of an invalid value, the setting is still activated with a
  // fallback timezone (currently "GMT"). In case of an empty string or if no
  // value is provided, the timezone device setting is inactive. In that case,
  // the currently active timezone will remain in use however users can change
  // the timezone and the change is persistent. Thus a change by one user
  // affects the login-screen and all other users.
  optional string timezone = 1;
}

message SystemUse24HourClockProto {
  // Specifies an owner-determined clock format that applies to the login
  // screen and all users.
  optional bool use_24hour_clock = 1;
}

// Parameters for Kiosk App device-local accounts.
message KioskAppInfoProto {
  // Indicates the Kiosk App for the corresponding device-local account. The
  // string value should be a valid 32-character Chrome App identifier and
  // specifies the Kiosk App to download and run.
  optional string app_id = 1;

  // Optional extension update URL to download the Kiosk App package from. If
  // not specified, the app will be downloaded from the standard Chrome Web
  // Store update URL.
  optional string update_url = 2;
}

// Describes a single device-local account.
message DeviceLocalAccountInfoProto {
  // Deprecated: Account identifier for a public session device-local account.
  // Old code didn't have the |type| field, so it can't handle new types of
  // device-local accounts gracefully (i.e. ignoring unsupported types). New
  // code should instead set type to ACCOUNT_TYPE_PUBLIC_SESSION and write the
  // identifier to the |account_id| field below. If the |type| field is present,
  // |deprecated_public_session_id| will be ignored.
  optional string deprecated_public_session_id = 1;

  // Identifier for the device-local account. This is an opaque identifier that
  // is used to distinguish different device-local accounts configured. All
  // configured accounts on a device must have unique identifiers.
  optional string account_id = 2;

  // Indicates the type of device-local account.
  enum AccountType {
    // A login-less, policy-configured browsing session.
    ACCOUNT_TYPE_PUBLIC_SESSION = 0;
    // An account that serves as a container for a single full-screen app.
    ACCOUNT_TYPE_KIOSK_APP = 1;
  };

  // The account type.
  optional AccountType type = 3;

  // Kiosk App parameters, relevant if |type| is ACCOUNT_TYPE_KIOSK_APP.
  optional KioskAppInfoProto kiosk_app = 4;
}

message DeviceLocalAccountsProto {
  // The list of device-local accounts (i.e. accounts without an associated
  // cloud-backed profile) that are available on the device.
  repeated DeviceLocalAccountInfoProto account = 1;

  // The identifier of the device-local account to which the device
  // should be logged in automatically.  Should be equal to one of the
  // ids in DeviceLocalAccountInfoProto.
  optional string auto_login_id = 2;

  // The amount of time, in milliseconds, that should elapse at the signin
  // screen without user interaction before automatically logging in.
  optional int64 auto_login_delay = 3;

  // Whether the keyboard shortcut to prevent zero-delay auto-login should be
  // enabled or not. If this keyboard shortcut is engaged, the auto-login will
  // be delayed by 3 minutes so administrators can log in or make configuration
  // changes.
  optional bool enable_auto_login_bailout = 4 [default = true];
}

message AllowRedeemChromeOsRegistrationOffersProto {
  // Chrome OS Registration service provides way for chromeos device users
  // to redeem electronic offers provided by service provider.
  // This value determines if users are allowed to redeem offers through
  // Chrome OS Registration service.
  optional bool allow_redeem_offers = 1 [default = true];
}

message StartUpFlagsProto {
  // The list of flags to be applied to chrome on start-up (back up store for
  // owner set flags in about:flags).
  repeated string flags = 1;
}

message UptimeLimitProto {
  // This has been replaced by |uptime_limit| below.
  optional int64 OBSOLETE_uptime_limit = 1 [deprecated = true];

  // Sets the length of device uptime after which an automatic reboot is
  // scheduled. An automatic reboot is scheduled at the selected time but may be
  // delayed on the device by up to 24 hours, e.g. if a user is currently using
  // the device or an app/extension has requested reboots to be inhibited
  // temporarily. The policy value should be specified in seconds.
  //
  // Note: Currently, automatic reboots are only enabled while the login screen
  // is being shown or a kiosk app session is in progress. This will change in
  // the future and the policy will always apply, regardless of whether a
  // session of any particular type is in progress or not.
  optional int64 uptime_limit = 2;
}

message VariationsParameterProto {
  // The string for the restrict parameter to be appended to the Variations URL
  // when pinging the Variations server.
  optional string parameter = 1;
}

message AttestationSettingsProto {
  // Attestation involves proving that a cryptographic key is protected by a
  // legitimate Chrome OS TPM and reporting the operating mode of the platform.
  // This setting enables attestation features at a device level.  If this is
  // enabled a machine key will be generated and certified by the Chrome OS
  // CA.  If this setting is disabled, the device will not communicate with the
  // Chrome OS CA under any circumstances.  Even users with attestation settings
  // enabled will not be able to use those features on the device.
  optional bool attestation_enabled = 1;
}

message AccessibilitySettingsProto {
  // Sets the default state of the large cursor accessibility feature on the
  // login screen. If this policy is set to true, the large cursor will be
  // enabled when the login screen is shown. If this policy is set to false, the
  // large cursor will be disabled when the login screen is shown. Users can
  // temporarily override this setting by enabling or disabling the large
  // cursor. However, the user's choice is not persistent and the default is
  // restored whenever the login screen is shown anew or the user remains idle
  // on the login screen for a minute. If this policy is left unset, the large
  // cursor is disabled when the login screen is first shown. Users can enable
  // or disable the large cursor anytime and its status on the login screen is
  // persisted between users.
  optional bool login_screen_default_large_cursor_enabled = 1;

  // Sets the default state of the spoken feedback accessibility feature on the
  // login screen. If this policy is set to true, spoken feedback will be
  // enabled when the login screen is shown. If this policy is set to false,
  // spoken feedback will be disabled when the login screen is shown. Users can
  // temporarily override this setting by enabling or disabling spoken feedback.
  // However, the user's choice is not persistent and the default is restored
  // whenever the login screen is shown anew or the user remains idle on the
  // login screen for a minute. If this policy is left unset, spoken feedback is
  // disabled when the login screen is first shown. Users can enable or disable
  // spoken feedback anytime and its status on the login screen is persisted
  // between users.
  optional bool login_screen_default_spoken_feedback_enabled = 2;

  // Sets the default state of the high contrast mode accessibility feature on
  // the login screen. If this policy is set to true, high contrast mode will be
  // enabled when the login screen is shown. If this policy is set to false,
  // high contrast mode will be disabled when the login screen is shown. Users
  // can temporarily override this setting by enabling or disabling high
  // contrast mode. However, the user's choice is not persistent and the default
  // is restored whenever the login screen is shown anew or the user remains
  // idle on the login screen for a minute. If this policy is left unset, high
  // contrast mode is disabled when the login screen is first shown. Users can
  // enable or disable high contrast mode anytime and its status on the login
  // screen is persisted between users.
  optional bool login_screen_default_high_contrast_enabled = 3;

  // Enumerates the screen magnifier types.
  enum ScreenMagnifierType {
    // Screen magnifier disabled.
    SCREEN_MAGNIFIER_TYPE_NONE = 0;
    // Full-screen magnifier enabled.
    SCREEN_MAGNIFIER_TYPE_FULL = 1;
  };

  // Sets the default type of screen magnifier that is enabled on the login
  // screen. If this policy is set, it controls the type of screen magnifier
  // that is enabled when the login screen is shown. Users can temporarily
  // override this setting by enabling or disabling the screen magnifier.
  // However, the user's choice is not persistent and the default is restored
  // whenever the login screen is shown anew or the user remains idle on the
  // login screen for a minute. If this policy is left unset, the screen
  // magnifier is disabled when the login screen is first shown. Users can
  // enable or disable the screen magnifier anytime and its status on the login
  // screen is persisted between users.
  optional ScreenMagnifierType login_screen_default_screen_magnifier_type = 4;
}

message SupervisedUsersSettingsProto {
  // Defines whether supervised users can be created on the device.
  optional bool supervised_users_enabled = 1;
}

message LoginScreenPowerManagementProto {
  // Configures power management on the login screen. The policy should be
  // specified as a string that expresses the individual settings in JSON
  // format, conforming to the following schema:
  // {
  //   "type": "object",
  //   "properties": {
  //     "AC": {
  //       "description": "Power management settings applicable only when
  //                       running on AC power",
  //       "type": "object",
  //       "properties": {
  //         "Delays": {
  //           "type": "object",
  //           "properties": {
  //             "ScreenDim": {
  //               "description": "The length of time without user input after
  //                               which the screen is dimmed, in milliseconds",
  //               "type": "integer",
  //               "minimum": 0
  //             },
  //             "ScreenOff": {
  //               "description": "The length of time without user input after
  //                               which the screen is turned off, in
  //                               milliseconds",
  //               "type": "integer",
  //               "minimum": 0
  //             },
  //             "Idle": {
  //               "description": "The length of time without user input after
  //                               which the idle action is taken, in
  //                               milliseconds",
  //               "type": "integer",
  //               "minimum": 0
  //             }
  //           }
  //         },
  //         "IdleAction": {
  //           "description": "Action to take when the idle delay is reached",
  //           "enum": [ "Suspend", "Shutdown", "DoNothing" ]
  //         }
  //       }
  //     },
  //     "Battery": {
  //       "description": "Power management settings applicable only when
  //                       running on battery power",
  //       "type": "object",
  //       "properties": {
  //         "Delays": {
  //           "type": "object",
  //           "properties": {
  //             "ScreenDim": {
  //               "description": "The length of time without user input after
  //                               which the screen is dimmed, in milliseconds",
  //               "type": "integer",
  //               "minimum": 0
  //             },
  //             "ScreenOff": {
  //               "description": "The length of time without user input after
  //                               which the screen is turned off, in
  //                               milliseconds",
  //               "type": "integer",
  //               "minimum": 0
  //             },
  //             "Idle": {
  //               "description": "The length of time without user input after
  //                               which the idle action is taken, in
  //                               milliseconds",
  //               "type": "integer",
  //               "minimum": 0
  //             }
  //           }
  //         },
  //         "IdleAction": {
  //           "description": "Action to take when the idle delay is reached",
  //           "enum": [ "Suspend", "Shutdown", "DoNothing" ]
  //         }
  //       }
  //     },
  //     "LidCloseAction": {
  //       "description": "Action to take when the lid is closed",
  //       "enum": [ "Suspend", "Shutdown", "DoNothing" ]
  //     },
  //     "UserActivityScreenDimDelayScale": {
  //       "description": "Percentage by which the screen dim delay is scaled
  //                       when user activity is observed while the screen is
  //                       dimmed or soon after the screen has been turned off",
  //       "type": "integer",
  //       "minimum": 0
  //     }
  //   }
  // }
  optional string login_screen_power_management = 1;
}

message ChromeDeviceSettingsProto {
  optional DevicePolicyRefreshRateProto device_policy_refresh_rate = 1;
  optional UserWhitelistProto user_whitelist = 2;
  optional GuestModeEnabledProto guest_mode_enabled = 3;
  optional DeviceProxySettingsProto device_proxy_settings = 4;
  optional CameraEnabledProto camera_enabled = 5;
  optional ShowUserNamesOnSigninProto show_user_names = 6;
  optional DataRoamingEnabledProto data_roaming_enabled = 7;
  optional AllowNewUsersProto allow_new_users = 8;
  optional MetricsEnabledProto metrics_enabled = 9;
  optional ReleaseChannelProto release_channel = 10;
  optional DeviceOpenNetworkConfigurationProto open_network_configuration = 11;
  optional DeviceReportingProto device_reporting = 12;
  optional EphemeralUsersEnabledProto ephemeral_users_enabled = 13;
  optional AppPackProto app_pack = 14;
  optional ForcedLogoutTimeoutsProto forced_logout_timeouts = 15;
  optional ScreenSaverProto login_screen_saver = 16;
  optional AutoUpdateSettingsProto auto_update_settings = 17;
  optional StartUpUrlsProto start_up_urls = 18;
  optional PinnedAppsProto pinned_apps = 19;
  optional SystemTimezoneProto system_timezone = 20;
  optional DeviceLocalAccountsProto device_local_accounts = 21;
  optional AllowRedeemChromeOsRegistrationOffersProto allow_redeem_offers = 22;
  optional StartUpFlagsProto start_up_flags = 23;
  optional UptimeLimitProto uptime_limit = 24;
  optional VariationsParameterProto variations_parameter = 25;
  optional AttestationSettingsProto attestation_settings = 26;
  optional AccessibilitySettingsProto accessibility_settings = 27;
  optional SupervisedUsersSettingsProto supervised_users_settings = 28;
  optional LoginScreenPowerManagementProto login_screen_power_management = 29;
  optional SystemUse24HourClockProto use_24hour_clock = 30;
}