| // Copyright 2015 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| // Next MinVersion: 31 |
| |
| module arc.mojom; |
| |
| // These values describe failure reason of auth code retrieval. |
| // This enum previously had provisioning status values such as GMS |
| // sign-in and check-in failure codes from 0 to 22 that have been |
| // removed and should not be re-introduced. |
| [Extensible] |
| enum ArcAuthCodeStatus { |
| // Next value: 23. |
| |
| // Server does not return authorization. |
| [MinVersion=10] CHROME_SERVER_COMMUNICATION_ERROR = 16, |
| |
| // ARC was disabled for Active Directory user. |
| [MinVersion=10] ARC_DISABLED = 17, |
| |
| [MinVersion=10] SUCCESS = 18, |
| |
| // Account is not present in Chrome OS Account Manager. |
| [MinVersion=21] CHROME_ACCOUNT_NOT_FOUND = 21, |
| |
| // NOTE: If you add any entries to this enum, you must also update the |
| // corresponding UMA ArcAuthMainAccountResolutionStatus at |
| // tools/metrics/histograms/enums.xml. |
| }; |
| |
| [Extensible] |
| enum GeneralSignInError { |
| // Next value: 8. |
| UNKNOWN_ERROR = 0, |
| |
| // Mojo errors: |
| // MOJO_VERSION_MISMATCH: is sent when an API is not supported |
| // due to Host/Instance version mismatch. |
| MOJO_VERSION_MISMATCH = 1, |
| |
| // GENERIC_PROVISIONING_TIMEOUT: is sent when provisioning is started |
| // but not completed with time out. |
| GENERIC_PROVISIONING_TIMEOUT = 2, |
| |
| // Network connection is unavailable. |
| NO_NETWORK_CONNECTION = 3, |
| |
| // Server does not return authorization. |
| CHROME_SERVER_COMMUNICATION_ERROR = 4, |
| |
| // ARC was disabled for Active Directory user. |
| ARC_DISABLED = 5, |
| |
| // Account type is not supported for authorization. |
| UNSUPPORTED_ACCOUNT_TYPE = 6, |
| |
| // Account is not present in Chrome OS Account Manager. |
| CHROME_ACCOUNT_NOT_FOUND = 7, |
| }; |
| |
| [Extensible] |
| enum GMSCheckInError { |
| // Next value: 4. |
| |
| // GMS_CHECK_IN_FAILED: is sent when "check-in" procedure is completed |
| // but is actually failed. |
| GMS_CHECK_IN_FAILED = 1, |
| |
| // GMS_CHECK_IN_TIMEOUT: is sent when "check-in" procedure started |
| // but is not completed. |
| GMS_CHECK_IN_TIMEOUT = 2, |
| |
| // GMS_CHECK_IN_INTERNAL_ERROR: is sent when "check-in" procedure is |
| // started, but some unexpected error situation happens so that it could |
| // not completed. |
| GMS_CHECK_IN_INTERNAL_ERROR = 3, |
| }; |
| |
| [Extensible] |
| enum GMSSignInError { |
| // Next value: 7. |
| |
| // GMS_SIGN_IN_NETWORK_ERROR: is sent when GMS sign-in procedure is |
| // started, but it reports NETWORK_ERROR. |
| GMS_SIGN_IN_NETWORK_ERROR = 1, |
| |
| // GMS_SIGN_IN_SERVICE_UNAVAILABLE: is sent when GMS sign-in |
| // procedure is started but it reports SERVICE_UNAVAILABLE. Note |
| // that this is not generic service unavailable error code. |
| GMS_SIGN_IN_SERVICE_UNAVAILABLE = 2, |
| |
| // GMS_SIGN_IN_BAD_AUTHENTICATION: is sent when GMS sign-in procedure |
| // is started but it reports BAD_AUTHENTICATION. |
| GMS_SIGN_IN_BAD_AUTHENTICATION = 3, |
| |
| // GMS_SIGN_IN_FAILED: is sent when GMS sign in procedure is started but |
| // it reports an error other than above NETWORK_ERROR, SERVICE_UNAVAILABLE |
| // or BAD_AUTHENTICATION. In general, we do not expect this kind of cases. |
| GMS_SIGN_IN_FAILED = 4, |
| |
| // GMS_SIGN_IN_TIMEOUT: is sent when GMS sign in procedure is started but |
| // not returned. |
| GMS_SIGN_IN_TIMEOUT = 5, |
| |
| // GMS_SIGN_IN_INTERNAL_ERROR: is sent when GMS sign in procedure is started |
| // but could not completed. |
| GMS_SIGN_IN_INTERNAL_ERROR = 6, |
| }; |
| |
| [Extensible] |
| // These values must be in sync with ProvisionConstants in CloudDPC code |
| enum CloudProvisionFlowError { |
| // Unknown or uncommon error. |
| ERROR_OTHER = 0, |
| // Enrollment token provided was invalid. |
| ERROR_ENROLLMENT_TOKEN_INVALID = 1, |
| // Enterprise hit device quota. |
| ERROR_DEVICE_QUOTA_EXCEEDED = 2, |
| // CloudDPS could not fulfill request because of a transient error. |
| ERROR_SERVER_TRANSIENT_ERROR = 3, |
| // Account could not be added. |
| ERROR_ADD_ACCOUNT_FAILED = 4, |
| // Could not get Android ID |
| ERROR_REQUEST_ANDROID_ID_FAILED = 5, |
| // Device got stuck in quarantine mode. |
| ERROR_QUARANTINE = 6, |
| // Setup step timed out. |
| ERROR_TIMEOUT = 7, |
| // There was no network, so device couldn't fulfill a request. |
| ERROR_NETWORK_UNAVAILABLE = 8, |
| // Enterprise is not registered with CloudDPx. |
| ERROR_ENTERPRISE_INVALID = 9, |
| // User cancelled the step. |
| ERROR_USER_CANCEL = 10, |
| // Either account migration failed or account was deleted by user during provisioning. |
| ERROR_NO_ACCOUNT_IN_WORK_PROFILE = 11, |
| // Policy got stuck in invalid state. |
| ERROR_INVALID_POLICY_STATE = 12, |
| // Issues with DpcSupport. |
| ERROR_DPC_SUPPORT = 13, |
| // Account wad not ready. |
| ERROR_ACCOUNT_NOT_READY = 14, |
| // Checkin failed. |
| ERROR_CHECKIN_FAILED = 15, |
| // Issues with allowlisting work account. |
| ERROR_ACCOUNT_NOT_ALLOWLISTED = 16, |
| // Error parsing JSON, most likely policy JSON |
| ERROR_JSON = 17, |
| // ManagedProvisioning failed. |
| ERROR_MANAGED_PROVISIONING_FAILED = 18, |
| // Setup intent could not be parsed. |
| ERROR_INVALID_SETUP_ACTION = 19, |
| // CloudDPS exception with an uncommon server code. |
| ERROR_SERVER = 20, |
| // Removing a previously existing unmanaged account failed. |
| ERROR_REMOVE_ACCOUNT_FAILED = 21, |
| // Error with getting OAuth token. |
| ERROR_OAUTH_TOKEN = 22, |
| // AccountException with no exception details. |
| ERROR_ACCOUNT_OTHER = 23, |
| // Error with getting OAuth token due to AuthenticatorException. |
| ERROR_OAUTH_TOKEN_AUTHENTICATOR_EXCEPTION = 24, |
| // Error with getting OAuth token due to IOException. |
| ERROR_OAUTH_TOKEN_IO_EXCEPTION = 25, |
| // Error with getting OAuth token due to OperationCanceledException. |
| ERROR_OAUTH_TOKEN_OPERATION_CANCELED_EXCEPTION = 26, |
| }; |
| |
| [Extensible] |
| enum ArcSignInSuccess { |
| // Next value: 3. |
| [MinVersion=10] SUCCESS = 1, |
| |
| // ARC was already provisioned. |
| [MinVersion=11] SUCCESS_ALREADY_PROVISIONED = 2 |
| }; |
| |
| // Represents different kinds of errors that can happen during |
| // sign-in. |
| union ArcSignInError { |
| CloudProvisionFlowError cloud_provision_flow_error; |
| [MinVersion=26] GeneralSignInError general_error; |
| [MinVersion=26] GMSSignInError sign_in_error; |
| [MinVersion=26] GMSCheckInError check_in_error; |
| }; |
| |
| union ArcSignInResult { |
| ArcSignInSuccess success; |
| ArcSignInError? error; |
| }; |
| |
| union ArcSignInAccount { |
| // Placeholder value; if this is the union type, indicates the |
| // auth flow was for initial device provisioning. |
| uint8 initial_signin; |
| |
| // If |account_name| is not present, it is assumed to be the Primary/Device |
| // account. |
| string? account_name; |
| }; |
| |
| // These values describe account check status. |
| [Extensible] |
| enum AccountCheckStatus { |
| // Checked account exists and is up to date. |
| [MinVersion=9] UP_TO_DATE = 0, |
| |
| // Checked account is new in the system. |
| [MinVersion=9] NEW = 1, |
| |
| // Checked account exists but need to be reauthorized. |
| [MinVersion=9] NEED_REAUTH = 2, |
| |
| // Checked account exists but it is in unknown state. |
| [MinVersion=9] UNKNOWN = 3, |
| |
| // Account check has failed. |
| [MinVersion=9] CHECK_FAILED = 4, |
| |
| // NOTE: If you add any entries to this enum, you must also update the |
| // corresponding UMA callsite in Chrome arc::UpdateAuthAccountCheckStatus. |
| }; |
| |
| // These values describe AndroidId source during ARC provisioning. |
| // These values are persisted to logs. Entries should not be renumbered and |
| // numeric values should never be reused. |
| [Extensible] |
| enum AndroidIdSource { |
| // AndroidId was not found. |
| [MinVersion=28] MISSING = 0, |
| |
| // AndroidId was cached. |
| [MinVersion=28] CACHED = 1, |
| |
| // AndroidId was found via GService flag. |
| [MinVersion=28] GSERVICE_FLAG = 2, |
| |
| // AndroidId was found via GmsProxy api. |
| [MinVersion=28] GMS_PROXY = 3, |
| }; |
| |
| // These values describe the reason for reauth. |
| [Extensible] |
| enum ReauthReason { |
| // Device is provisioned but Android id is not set. |
| [MinVersion=27] ANDROID_ID_MISSING = 0, |
| |
| // Main account set in system properties is not found in Android |
| // Account Manager. |
| [MinVersion=27] MAIN_ACCOUNT_UNKNOWN = 1, |
| |
| // Device Policy Controller account info is out of sync. |
| [MinVersion=30] DPC_OUT_OF_SYNC = 2, |
| |
| // Used as a baseline to capture when reauth is not needed. |
| [MinVersion=30] NOT_NEEDED = 3, |
| }; |
| |
| [Extensible] |
| enum MainAccountResolutionStatus { |
| // No hash code was set for the main account. System contains no account of |
| // required type. |
| [MinVersion=22] NO_HASH_CODE_NO_ACCOUNT = 0, |
| |
| // No hash code was set for the main account. System contains only single |
| // account of required type. |
| [MinVersion=22] NO_HASH_CODE_SINGLE_ACCOUNT = 1, |
| |
| // No hash code was set for the main account. System contains multiple |
| // accounts of required type. |
| [MinVersion=22] NO_HASH_CODE_MULTIPLE_ACCOUNTS = 2, |
| |
| // Hash code was set but no account currently available. |
| [MinVersion=22] HASH_CODE_NO_ACCOUNT = 3, |
| |
| // Hash code was set but it does not match single account of required type. |
| [MinVersion=22] HASH_CODE_DO_NOT_MATCH_SINGLE_ACCOUNT = 4, |
| |
| // Hash code was set but it does not match multiple accounts of required |
| // type. |
| [MinVersion=22] HASH_CODE_DO_NOT_MATCH_MULTIPLE_ACCOUNTS = 5, |
| |
| // Hash code was set and it matches single account of required type. |
| [MinVersion=22] HASH_CODE_MATCH_SINGLE_ACCOUNT = 6, |
| |
| // Hash code was set and it matches one of multiple accounts of required |
| // type. |
| [MinVersion=22] HASH_CODE_MATCH_MULTIPLE_ACCOUNTS = 7, |
| |
| // Hash code collides with multiple accounts of required type. |
| [MinVersion=22] HASH_CODE_COLLIDE_FOR_MULTIPLE_ACCOUNTS = 8, |
| |
| // NOTE: If you add any entries to this enum, you must also update the |
| // corresponding UMA ArcAuthMainAccountResolutionStatus at |
| // tools/metrics/histograms/enums.xml. |
| }; |
| |
| // These values describe the result of ARC attempting to change management |
| // state after an account type change. |
| [Extensible] |
| enum ManagementChangeStatus { |
| // CloudDPC was disabled successfully. |
| [MinVersion=13] CLOUD_DPC_DISABLED = 0, |
| |
| // CloudDPC was already disabled. |
| [MinVersion=13] CLOUD_DPC_ALREADY_DISABLED = 1, |
| |
| // CloudDPC was enabled successfully. |
| [MinVersion=13] CLOUD_DPC_ENABLED = 2, |
| |
| // CloudDPC was already enabled. |
| [MinVersion=13] CLOUD_DPC_ALREADY_ENABLED = 3, |
| |
| // Invalid state returned from Chrome. |
| [MinVersion=13] INVALID_MANAGEMENT_STATE = 4, |
| |
| // Failed to disable CloudDPC due to an unspecified error. |
| [MinVersion=13] CLOUD_DPC_DISABLING_FAILED = 5, |
| |
| // Failed to enable CloudDPC due to an unspecified error. |
| [MinVersion=13] CLOUD_DPC_ENABLING_FAILED = 6, |
| }; |
| |
| // These values describe the type of the Chrome account to provision. |
| [Extensible] |
| enum ChromeAccountType { |
| // Next value: 6 |
| UNKNOWN = 0, |
| |
| // Chrome login account type is a user account. |
| USER_ACCOUNT = 1, |
| |
| // Chrome login account type is a robot (service) account. |
| ROBOT_ACCOUNT = 2, |
| |
| // Chrome login account type is an Active Directory account. |
| ACTIVE_DIRECTORY_ACCOUNT = 3, |
| |
| // Chrome login account type is a child account. |
| CHILD_ACCOUNT = 4, |
| |
| // Chrome login account is a demo session account that was enrolled offline, |
| // using policies bundled with Chrome OS, and thus does not have a working |
| // robot account associated with it. |
| [MinVersion=14] OFFLINE_DEMO_ACCOUNT = 5, |
| }; |
| |
| // These values describe the type of the metrics to report. |
| [Extensible] |
| enum MetricsType { |
| // Duration of waiting for network connection in milliseconds. |
| NETWORK_WAITING_TIME_MILLISECONDS = 0, |
| |
| // Number of attempts to wait for Checkin task completed. 0 indicates that |
| // Checkin task was already completed prior to GMS SignIn. |
| CHECKIN_ATTEMPTS = 1, |
| |
| // Duration of waiting for Checkin task completed in milliseconds. |
| CHECKIN_TIME_MILLISECONDS = 2, |
| |
| // Duration of waiting for sign-in completed in milliseconds. |
| SIGNIN_TIME_MILLISECONDS = 3, |
| |
| // Duration of checking the status of account. |
| [MinVersion=9] ACCOUNT_CHECK_MILLISECONDS = 4, |
| }; |
| |
| // These values describe the type of account update. |
| [Extensible] |
| enum AccountUpdateType { |
| // An account was updated or inserted in Chrome OS Account Manager. |
| UPSERT = 0, |
| |
| // An account was removed from Chrome OS Account Manager. |
| REMOVAL = 1, |
| }; |
| |
| // The necessary information for Android to sign in and provision itself. |
| struct AccountInfo { |
| // Name of account, used to map to existing Android account. |
| [MinVersion=9] string? account_name@4; |
| |
| // The authorization code that can be used in Android to sign in when |
| // account_type is USER_ACCOUNT, ROBOT_ACCOUNT or CHILD_ACCOUNT. If it is |
| // null in these cases, sign-in will be skipped. |
| string? auth_code@0; |
| |
| // If account_type is ACTIVE_DIRECTORY_ACCOUNT, this contains an enrollment |
| // token for a Managed Google Play account. If it is null in this case, |
| // sign-in will be skipped. |
| [MinVersion=6] string? enrollment_token@3; |
| |
| // The type of Chrome account to provision. |
| ChromeAccountType account_type@1; |
| |
| // Whether the account is managed from Chrome OS. |
| bool is_managed@2; |
| }; |
| |
| // Information about an account in ARC. |
| struct ArcAccountInfo { |
| // Account's email id. |
| string email; |
| |
| // Account's obfuscated Gaia id. |
| string gaia_id; |
| }; |
| |
| // Next Method ID: 22. |
| // Deprecated method IDs: 21 |
| interface AuthHost { |
| // Notifies Chrome that the authorization flow is completed and provides |
| // |result| and |account| that was authorized. |
| [MinVersion=26] OnAuthorizationResult@19( |
| ArcSignInResult result, |
| ArcSignInAccount account); |
| |
| // Reports metrics to Chrome to be recorded in UMA. |
| [MinVersion=7] ReportMetrics@8(MetricsType metrics_type, int32 value); |
| |
| // Reports result of account check. |
| [MinVersion=9] ReportAccountCheckStatus@9(AccountCheckStatus status); |
| |
| // Reports to Chrome the result of changing the management state. |
| // Chrome informs ARC on every boot if a management transition is necessary |
| // or not (see https://crrev.com/c/1069031). ARC should report back only if |
| // a transition was necessary. |
| [MinVersion=13] ReportManagementChangeStatus@11( |
| ManagementChangeStatus status); |
| |
| // Returns the primary account from Chrome. |
| // |account_name| is the email address of the primary account for consumer and |
| // managed Gaia accounts and empty for all other cases (like demo sessions, |
| // Active Directory sessions, etc). |
| [MinVersion=23] RequestPrimaryAccount@18() |
| => (string account_name, ChromeAccountType account_type); |
| |
| // Requests an authorization code, as well as the account information for the |
| // Primary/Device Account in Chrome OS Account Manager. |
| // This is called for ARC's initial provisioning flow. |
| // If the request completes successfully, |status| must be SUCCESS and |
| // |account_info| is not null. |
| // In case of an error, |status| must contain the reason of failure, other |
| // than SUCCESS, and |account_info| is null. |
| [MinVersion=15] RequestPrimaryAccountInfo@12() |
| => (ArcAuthCodeStatus status, AccountInfo? account_info); |
| |
| // Requests an authorization code, as well as the account information for an |
| // account in Chrome OS Account Manager. |
| // This must be called after ARC's initial provisioning flow is complete. |
| // If the request completes successfully, |status| must be SUCCESS and |
| // |account_info| is not null. |
| // In case of an error, |status| must contain the reason of failure, other |
| // than SUCCESS, and |account_info| is null. |
| // |persistent_error| flag set to true indicates that error cannot be |
| // eliminated by retrying the request. |
| [MinVersion=15] RequestAccountInfo@13(string account_name) |
| => (ArcAuthCodeStatus status, |
| AccountInfo? account_info, |
| [MinVersion=24] bool persistent_error); |
| |
| // Returns |true| if Chrome OS Account Manager is available for this session. |
| // Account Manager is not available in Guest Sessions and Public Sessions |
| // among other cases. Returning |true| here has the effect of routing all |
| // Google account management |Intent|s from Android to Chrome OS Account |
| // Manager, instead of launching Android's account management flows. |
| [MinVersion=20] IsAccountManagerAvailable@14() => (bool is_available); |
| |
| // Handles an Android |Intent| to add a Google account by displaying Chrome OS |
| // Account Manager's account addition UI. |
| [MinVersion=20] HandleAddAccountRequest@15(); |
| |
| // Handles an Android |Intent| to remove a Google account. |account_name| is |
| // the Google email id for the account. |account_name| cannot be null or |
| // empty. |
| // Note: Calling this API will not silently remove |account_name|. Currently |
| // it redirects users to Chrome OS Account Manager's Settings Page. |
| [MinVersion=20] HandleRemoveAccountRequest@16(string account_name); |
| |
| // Handles an Android |Intent| to update a Google account by displaying Chrome |
| // OS Account Manager's re-authentication UI. |account_name| is the Google |
| // email id for the account. |account_name| cannot be null or empty. |
| [MinVersion=20] HandleUpdateCredentialsRequest@17(string account_name); |
| |
| // Reports the reason for doing auth despite device being provisioned earlier. |
| [MinVersion=27] ReportAccountReauthReason@20(ReauthReason reason); |
| }; |
| |
| // Next Method ID: 7 |
| interface AuthInstance { |
| // Establishes full-duplex communication with the host. |
| [MinVersion=12] Init@2(pending_remote<AuthHost> host_remote) => (); |
| |
| // A notification that an account was updated (or inserted, or removed; see |
| // |AccountUpdateType|) in Chrome OS Account Manager. |
| // This notification is sent for the Primary/Device Account and Secondary |
| // Accounts, both. |
| [MinVersion=17] OnAccountUpdated@3( |
| string account_name, AccountUpdateType update_type); |
| |
| // Gets the list of Google accounts in ARC. Called during the one-time |
| // migration of accounts from ARC to Chrome OS Account Manager. |
| [MinVersion=19] GetGoogleAccounts@4() => (array<ArcAccountInfo> accounts); |
| |
| // Gets resolution status of main account for statistics reporting. |
| [MinVersion=22] GetMainAccountResolutionStatus@5() |
| => (MainAccountResolutionStatus status); |
| |
| // Pushes the `accounts` list to ARC on session start. |
| // - Just after ARC provisioning, all accounts except the primary account |
| // are pushed to ARC. Pushing the primary account is not required since ARC |
| // was just provisioned and it may also cause performance issues, see |
| // https://crrev.com/c/1796344. |
| // - On the start of the following sessions all accounts (including the |
| // primary account) are pushed to ARC. |
| // ARC will remove any accounts in the Android account manager that are not |
| // present in `accounts` (with an exception for the primary account as noted |
| // above). Accounts in `accounts` will be added or updated to the Android |
| // account manager. |
| // During a session, subsequent changes to the list of accounts are still |
| // managed through OnAccountUpdated. |
| [MinVersion=29] SetAccounts@6(array<ArcAccountInfo> accounts); |
| }; |