// Copyright 2013 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. syntax = "proto2"; option optimize_for = LITE_RUNTIME; package enterprise_management; message DevicePolicyRefreshRateProto { // In milliseconds. optional int64 device_policy_refresh_rate = 1; } message UserWhitelistProto { // If a UserWhitelistProto is included in the ChromeDeviceSettingsProto but // the user_whitelist field is empty then no user can sign-in. repeated string user_whitelist = 1; } message AllowNewUsersProto { // Determines whether we allow arbitrary users to log into the device. // This interacts with the UserWhitelistProto as follows: // allow_new_users | user_whitelist | anyone can log in //-----------------+--------------------+------------------ // present, true | not present | Yes //-----------------+--------------------+------------------ // present, true | present | Yes //-----------------+--------------------+------------------ // present, false | not present | (Broken) Yes //-----------------+--------------------+------------------ // present, false | present | No, W/L enforced //-----------------+--------------------+------------------ // not present | not present | Yes //-----------------+--------------------+------------------ // not present | present, empty | Yes //-----------------+--------------------+------------------ // not present | present, non-empty | No, W/L enforced //-----------------+--------------------+------------------ optional bool allow_new_users = 1 [default = true]; } message GuestModeEnabledProto { // Determines if guests are allowed to log in to the device. optional bool guest_mode_enabled = 1 [default = true]; } message ShowUserNamesOnSigninProto { // Determines if we show pods for existing users on the sign in screen. optional bool show_user_names = 1 [default = true]; } message DataRoamingEnabledProto { // Determines if cellular data roaming is enabled. optional bool data_roaming_enabled = 1 [default = false]; } message DeviceProxySettingsProto { // One of "direct", "auto_detect", "pac_script", "fixed_servers", "system" optional string proxy_mode = 1; optional string proxy_server = 2; optional string proxy_pac_url = 3; optional string proxy_bypass_list = 4; } // This is used by chromeos, make sure to do cleanup there before marking it as // obsolette. message CameraEnabledProto { optional bool camera_enabled = 1; } message MetricsEnabledProto { optional bool metrics_enabled = 1; } message ReleaseChannelProto { // One of "stable-channel", "beta-channel", or "dev-channel" optional string release_channel = 1; // If |release_channel_delegated| is set to true and the |release_channel| // field is not set or left empty, the user can select the channel. If the // |release_channel| is specified it will always override users choice! optional bool release_channel_delegated = 2; } message DeviceOpenNetworkConfigurationProto { // The network configuration blob. This is a JSON string as specified by ONC. optional string open_network_configuration = 1; } // Policies to turn on portions of the device status reports. message DeviceReportingProto { optional bool report_version_info = 1; optional bool report_activity_times = 2; optional bool report_boot_mode = 3; optional bool report_location = 4; optional bool report_network_interfaces = 5; optional bool report_users = 6; } message EphemeralUsersEnabledProto { // Determines whether users should be treated as ephemeral. In ephemeral users // mode, no cryptohome is created for the user, but a tmpfs mount is used // instead such that upon logout all user state is discarded. optional bool ephemeral_users_enabled = 1; } // Details of an extension to install as part of the AppPack. message AppPackEntryProto { optional string extension_id = 1; optional string update_url = 2; // This field was added but never used and there are no plans to support it // eventually either. optional bool OBSOLETE_online_only = 3 [deprecated = true]; } message AppPackProto { // List of extensions to install as part of the AppPack. repeated AppPackEntryProto app_pack = 1; } // This is a special policy for kiosk/retail mode that specifies what apps // should be pinned to the launcher. For regular accounts, pinned apps are // controlled through user policy. message PinnedAppsProto { // App IDs for the apps to pin. repeated string app_id = 1; } message ForcedLogoutTimeoutsProto { // All timeouts are specified in milliseconds. // Specifies the timeout before an idle user session is terminated. // If this field is omitted or set to 0, no logout on idle will be performed. optional int64 idle_logout_timeout = 1; // Specifies the duration of a warning countdown before the user is logged out // because of idleness as specified by the |idle_logout_timeout| value. // This field is only used if |idle_logout_timeout| != 0 is specified. optional int64 idle_logout_warning_duration = 2; } message ScreenSaverProto { // Specifies the extension ID which is to be used as a screen saver on the // login screen if no user activity is present. Only respected if the device // is in RETAIL mode. optional string screen_saver_extension_id = 1; // Specifies the timeout before the screen saver is activated. If this field // is omitted or set to 0, no screen-saver will be started. // Measured in milliseconds. optional int64 screen_saver_timeout = 2; } // Enterprise controls for auto-update behavior of Chrome OS. message AutoUpdateSettingsProto { // True if we don't want the device to auto-update (target_version_prefix is // ignored in this case). optional bool update_disabled = 1; // Specifies the prefix of the target version we want the device to // update to, if it's on a older version. If the device is already on // a version with the given prefix, then there's no effect. If the device is // on a higher version, it will remain on the higher version as we // don't support rollback yet. The format of this version can be one // of the following: // --------------------------------------------------------------------- // "" (or not set at all): update to latest version available. // 1412.: update to any minor version of 1412 (e.g. 1412.24.34 or 1412.60.2) // 1412.2.: update to any minor version of 1412.2 (e.g. 1412.2.34 or 1412.2.2) // 1412.24.34: update to this specific version only // --------------------------------------------------------------------- optional string target_version_prefix = 2; // The Chrome browser version (e.g. "17.*") corresponding to the // target_version_prefix above. The target_version_prefix is the internal OS // version that external users normally are not aware of. This display_name // can be used by the devices to display a message to end-users about the auto // update setting. optional string target_version_display_name = 3; // Specifies the number of seconds up to which a device may randomly // delay its download of an update from the time the update was first pushed // out to the server. The device may wait a portion of this time in terms // of wall-clock-time and the remaining portion in terms of the number of // update checks. In any case, the scatter is upper bounded by a constant // amount of time so that a device does not ever get stuck waiting to download // an update forever. optional int64 scatter_factor_in_seconds = 4; // Enumerates network connection types. enum ConnectionType { CONNECTION_TYPE_ETHERNET = 0; CONNECTION_TYPE_WIFI = 1; CONNECTION_TYPE_WIMAX = 2; CONNECTION_TYPE_BLUETOOTH = 3; CONNECTION_TYPE_CELLULAR = 4; } // The types of connections that are OK to use for OS updates. OS updates // potentially put heavy strain on the connection due to their size and may // incur additional cost. Therefore, they are by default not enabled for // connection types that are considered expensive, which include WiMax, // Bluetooth and Cellular at the moment. repeated ConnectionType allowed_connection_types = 5; // This has been replaced by |reboot_after_update| below. optional bool OBSOLETE_reboot_after_update = 6 [deprecated = true]; // True if AU payloads can be downloaded via HTTP. False otherwise. optional bool http_downloads_enabled = 7 [default = false]; // True if the device should reboot automatically when an update has been // applied and a reboot is required to complete the update process. // // Note: Currently, automatic reboots are only enabled while the login screen // is being shown or a kiosk app session is in progress. This will change in // the future and the policy will always apply, regardless of whether a // session of any particular type is in progress or not. optional bool reboot_after_update = 8; // True if AU payloads may be shared with and consumed from other devices // on the LAN, using p2p. False otherwise. optional bool p2p_enabled = 9 [default = false]; } message StartUpUrlsProto { // Specifies the URLs to be loaded on login to the anonymous account used if // the device is in RETAIL mode. repeated string start_up_urls = 1; } message SystemTimezoneProto { // Specifies an owner-determined timezone that applies to the login screen and // all users. Valid values are listed in "timezone_settings.cc". Additionally, // timezones from the "IANA Time Zone Database" (e.g. listed on wikipedia) // that are equivalent to one of the timezones in "timezone_settings.cc" are // valid. In case of an invalid value, the setting is still activated with a // fallback timezone (currently "GMT"). In case of an empty string or if no // value is provided, the timezone device setting is inactive. In that case, // the currently active timezone will remain in use however users can change // the timezone and the change is persistent. Thus a change by one user // affects the login-screen and all other users. optional string timezone = 1; } message SystemUse24HourClockProto { // Specifies an owner-determined clock format that applies to the login // screen and is used as a default for all user sessions. Users can still // override the format to use for their account. // // True and false select a 24 and 12 hour clock format, respectively. The // default format for the case the setting is not present is 24 hour clock. optional bool use_24hour_clock = 1; } // Parameters for Kiosk App device-local accounts. message KioskAppInfoProto { // Indicates the Kiosk App for the corresponding device-local account. The // string value should be a valid 32-character Chrome App identifier and // specifies the Kiosk App to download and run. optional string app_id = 1; // Obsolete: Kiosk Apps can only be installed from the Chrome Web Store. optional string OBSOLETE_update_url = 2 [deprecated = true]; } // Describes a single device-local account. message DeviceLocalAccountInfoProto { // Deprecated: Account identifier for a public session device-local account. // Old code didn't have the |type| field, so it can't handle new types of // device-local accounts gracefully (i.e. ignoring unsupported types). New // code should instead set type to ACCOUNT_TYPE_PUBLIC_SESSION and write the // identifier to the |account_id| field below. If the |type| field is present, // |deprecated_public_session_id| will be ignored. optional string deprecated_public_session_id = 1; // Identifier for the device-local account. This is an opaque identifier that // is used to distinguish different device-local accounts configured. All // configured accounts on a device must have unique identifiers. optional string account_id = 2; // Indicates the type of device-local account. enum AccountType { // A login-less, policy-configured browsing session. ACCOUNT_TYPE_PUBLIC_SESSION = 0; // An account that serves as a container for a single full-screen app. ACCOUNT_TYPE_KIOSK_APP = 1; }; // The account type. optional AccountType type = 3; // Kiosk App parameters, relevant if |type| is ACCOUNT_TYPE_KIOSK_APP. optional KioskAppInfoProto kiosk_app = 4; } message DeviceLocalAccountsProto { // The list of device-local accounts (i.e. accounts without an associated // cloud-backed profile) that are available on the device. repeated DeviceLocalAccountInfoProto account = 1; // The identifier of the device-local account to which the device // should be logged in automatically. Should be equal to one of the // ids in DeviceLocalAccountInfoProto. optional string auto_login_id = 2; // The amount of time, in milliseconds, that should elapse at the signin // screen without user interaction before automatically logging in. optional int64 auto_login_delay = 3; // Whether the keyboard shortcut to prevent zero-delay auto-login should be // enabled or not. By default, the user has 3 seconds to press a shortcut // to prevent auto-login, which is useful to sign-in to a regular user session // and configure the machine. If this policy is set to false then this // shortcut is disabled and there is no way to skip auto-login. optional bool enable_auto_login_bailout = 4 [default = true]; // Whether network configuration should be offered or not when the device // does not have access to the Internet. If the policy is omitted or set to // true, the network configuration will be offered. Otherwise, only an error // message is displayed. // Note: If both this policy and enable_auto_login_bailout policy above is // set to false, there are chances that the device might become totally // unusable when there is no Internet access and has to go through the // recovery process. // If the device is offline at startup then the network configuration screen // is always shown, before auto-login kicks in. optional bool prompt_for_network_when_offline = 5 [default = true]; } message AllowRedeemChromeOsRegistrationOffersProto { // Chrome OS Registration service provides way for chromeos device users // to redeem electronic offers provided by service provider. // This value determines if users are allowed to redeem offers through // Chrome OS Registration service. optional bool allow_redeem_offers = 1 [default = true]; } message StartUpFlagsProto { // The list of flags to be applied to chrome on start-up (back up store for // owner set flags in about:flags). repeated string flags = 1; } message UptimeLimitProto { // This has been replaced by |uptime_limit| below. optional int64 OBSOLETE_uptime_limit = 1 [deprecated = true]; // Sets the length of device uptime after which an automatic reboot is // scheduled. An automatic reboot is scheduled at the selected time but may be // delayed on the device by up to 24 hours, e.g. if a user is currently using // the device or an app/extension has requested reboots to be inhibited // temporarily. The policy value should be specified in seconds. // // Note: Currently, automatic reboots are only enabled while the login screen // is being shown or a kiosk app session is in progress. This will change in // the future and the policy will always apply, regardless of whether a // session of any particular type is in progress or not. optional int64 uptime_limit = 2; } message VariationsParameterProto { // The string for the restrict parameter to be appended to the Variations URL // when pinging the Variations server. optional string parameter = 1; } message AttestationSettingsProto { // Attestation involves proving that a cryptographic key is protected by a // legitimate Chrome OS TPM and reporting the operating mode of the platform. // This setting enables enterprise attestation features at a device level. If // this is enabled a machine key will be generated and certified by the Chrome // OS CA. If this setting is disabled, even users with attestation settings // enabled will not be able to use those features on the device. optional bool attestation_enabled = 1 [default = false]; // Chrome OS devices can use remote attestation (Verified Access) to get a // certificate issued by the Chrome OS CA that asserts the device is eligible // to play protected content. This process involves sending hardware // endorsement information to the Chrome OS CA which uniquely identifies the // device. This setting allows this feature to be disabled for the device // regardless of any user-specific settings. optional bool content_protection_enabled = 2 [default = true]; } message AccessibilitySettingsProto { // Sets the default state of the large cursor accessibility feature on the // login screen. If this policy is set to true, the large cursor will be // enabled when the login screen is shown. If this policy is set to false, the // large cursor will be disabled when the login screen is shown. Users can // temporarily override this setting by enabling or disabling the large // cursor. However, the user's choice is not persistent and the default is // restored whenever the login screen is shown anew or the user remains idle // on the login screen for a minute. If this policy is left unset, the large // cursor is disabled when the login screen is first shown. Users can enable // or disable the large cursor anytime and its status on the login screen is // persisted between users. optional bool login_screen_default_large_cursor_enabled = 1; // Sets the default state of the spoken feedback accessibility feature on the // login screen. If this policy is set to true, spoken feedback will be // enabled when the login screen is shown. If this policy is set to false, // spoken feedback will be disabled when the login screen is shown. Users can // temporarily override this setting by enabling or disabling spoken feedback. // However, the user's choice is not persistent and the default is restored // whenever the login screen is shown anew or the user remains idle on the // login screen for a minute. If this policy is left unset, spoken feedback is // disabled when the login screen is first shown. Users can enable or disable // spoken feedback anytime and its status on the login screen is persisted // between users. optional bool login_screen_default_spoken_feedback_enabled = 2; // Sets the default state of the high contrast mode accessibility feature on // the login screen. If this policy is set to true, high contrast mode will be // enabled when the login screen is shown. If this policy is set to false, // high contrast mode will be disabled when the login screen is shown. Users // can temporarily override this setting by enabling or disabling high // contrast mode. However, the user's choice is not persistent and the default // is restored whenever the login screen is shown anew or the user remains // idle on the login screen for a minute. If this policy is left unset, high // contrast mode is disabled when the login screen is first shown. Users can // enable or disable high contrast mode anytime and its status on the login // screen is persisted between users. optional bool login_screen_default_high_contrast_enabled = 3; // Enumerates the screen magnifier types. enum ScreenMagnifierType { // Screen magnifier disabled. SCREEN_MAGNIFIER_TYPE_NONE = 0; // Full-screen magnifier enabled. SCREEN_MAGNIFIER_TYPE_FULL = 1; }; // Sets the default type of screen magnifier that is enabled on the login // screen. If this policy is set, it controls the type of screen magnifier // that is enabled when the login screen is shown. Users can temporarily // override this setting by enabling or disabling the screen magnifier. // However, the user's choice is not persistent and the default is restored // whenever the login screen is shown anew or the user remains idle on the // login screen for a minute. If this policy is left unset, the screen // magnifier is disabled when the login screen is first shown. Users can // enable or disable the screen magnifier anytime and its status on the login // screen is persisted between users. optional ScreenMagnifierType login_screen_default_screen_magnifier_type = 4; // Sets the default state of the on-screen keyboard accessibility feature on // the login screen. If this policy is set to true, the on-screen keyboard // will be enabled when the login screen is shown. If this policy is set to // false, the on-screen keyboard will be disabled when the login screen is // shown. Users can temporarily override this setting by enabling or disabling // the on-screen keyboard. However, the user's choice is not persistent and // the default is restored whenever the login screen is shown anew or the user // remains idle on the login screen for a minute. If this policy is left // unset, the on-screen keyboard is disabled when the login screen is first // shown. Users can enable or disable the on-screen keyboard anytime and its // status on the login screen is persisted between users. optional bool login_screen_default_virtual_keyboard_enabled = 5; } message SupervisedUsersSettingsProto { // Defines whether supervised users can be created on the device. optional bool supervised_users_enabled = 1; } message LoginScreenPowerManagementProto { // Configures power management on the login screen. The policy should be // specified as a string that expresses the individual settings in JSON // format, conforming to the following schema: // { // "type": "object", // "properties": { // "AC": { // "description": "Power management settings applicable only when // running on AC power", // "type": "object", // "properties": { // "Delays": { // "type": "object", // "properties": { // "ScreenDim": { // "description": "The length of time without user input after // which the screen is dimmed, in milliseconds", // "type": "integer", // "minimum": 0 // }, // "ScreenOff": { // "description": "The length of time without user input after // which the screen is turned off, in // milliseconds", // "type": "integer", // "minimum": 0 // }, // "Idle": { // "description": "The length of time without user input after // which the idle action is taken, in // milliseconds", // "type": "integer", // "minimum": 0 // } // } // }, // "IdleAction": { // "description": "Action to take when the idle delay is reached", // "enum": [ "Suspend", "Shutdown", "DoNothing" ] // } // } // }, // "Battery": { // "description": "Power management settings applicable only when // running on battery power", // "type": "object", // "properties": { // "Delays": { // "type": "object", // "properties": { // "ScreenDim": { // "description": "The length of time without user input after // which the screen is dimmed, in milliseconds", // "type": "integer", // "minimum": 0 // }, // "ScreenOff": { // "description": "The length of time without user input after // which the screen is turned off, in // milliseconds", // "type": "integer", // "minimum": 0 // }, // "Idle": { // "description": "The length of time without user input after // which the idle action is taken, in // milliseconds", // "type": "integer", // "minimum": 0 // } // } // }, // "IdleAction": { // "description": "Action to take when the idle delay is reached", // "enum": [ "Suspend", "Shutdown", "DoNothing" ] // } // } // }, // "LidCloseAction": { // "description": "Action to take when the lid is closed", // "enum": [ "Suspend", "Shutdown", "DoNothing" ] // }, // "UserActivityScreenDimDelayScale": { // "description": "Percentage by which the screen dim delay is scaled // when user activity is observed while the screen is // dimmed or soon after the screen has been turned off", // "type": "integer", // "minimum": 0 // } // } // } optional string login_screen_power_management = 1; } message AutoCleanupSettigsProto { // Deprecated. There is only one disk-full cleanup strategy: LRU. optional string clean_up_strategy = 1; } // Settings that control low-level functions of the system. message SystemSettingsProto { // Whether developer mode is allowed on the device. If the device owner sets // this flag to true, the system will refuse to boot and show an error screen // when the developer switch is turned on. optional bool block_devmode = 1; } message ChromeDeviceSettingsProto { optional DevicePolicyRefreshRateProto device_policy_refresh_rate = 1; optional UserWhitelistProto user_whitelist = 2; optional GuestModeEnabledProto guest_mode_enabled = 3; optional DeviceProxySettingsProto device_proxy_settings = 4; optional CameraEnabledProto camera_enabled = 5; optional ShowUserNamesOnSigninProto show_user_names = 6; optional DataRoamingEnabledProto data_roaming_enabled = 7; optional AllowNewUsersProto allow_new_users = 8; optional MetricsEnabledProto metrics_enabled = 9; optional ReleaseChannelProto release_channel = 10; optional DeviceOpenNetworkConfigurationProto open_network_configuration = 11; optional DeviceReportingProto device_reporting = 12; optional EphemeralUsersEnabledProto ephemeral_users_enabled = 13; optional AppPackProto app_pack = 14; optional ForcedLogoutTimeoutsProto forced_logout_timeouts = 15; optional ScreenSaverProto login_screen_saver = 16; optional AutoUpdateSettingsProto auto_update_settings = 17; optional StartUpUrlsProto start_up_urls = 18; optional PinnedAppsProto pinned_apps = 19; optional SystemTimezoneProto system_timezone = 20; optional DeviceLocalAccountsProto device_local_accounts = 21; optional AllowRedeemChromeOsRegistrationOffersProto allow_redeem_offers = 22; optional StartUpFlagsProto start_up_flags = 23; optional UptimeLimitProto uptime_limit = 24; optional VariationsParameterProto variations_parameter = 25; optional AttestationSettingsProto attestation_settings = 26; optional AccessibilitySettingsProto accessibility_settings = 27; optional SupervisedUsersSettingsProto supervised_users_settings = 28; optional LoginScreenPowerManagementProto login_screen_power_management = 29; optional SystemUse24HourClockProto use_24hour_clock = 30; optional AutoCleanupSettigsProto auto_clean_up_settings = 31; optional SystemSettingsProto system_settings = 32; }