blob: 8ac68e0dbcdcef04e7959c2c0067021e99f0bccc [file] [log] [blame]
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
syntax = "proto2";
option optimize_for = LITE_RUNTIME;
package enterprise_management;
message DevicePolicyRefreshRateProto {
// In milliseconds.
optional int64 device_policy_refresh_rate = 1;
message UserWhitelistProto {
// If a UserWhitelistProto is included in the ChromeDeviceSettingsProto but
// the user_whitelist field is empty then no user can sign-in.
repeated string user_whitelist = 1;
message AllowNewUsersProto {
// Determines whether we allow arbitrary users to log into the device.
// This interacts with the UserWhitelistProto as follows:
// allow_new_users | user_whitelist | anyone can log in
// present, true | not present | Yes
// present, true | present | Yes
// present, false | not present | (Broken) Yes
// present, false | present | No, W/L enforced
// not present | not present | Yes
// not present | present, empty | Yes
// not present | present, non-empty | No, W/L enforced
optional bool allow_new_users = 1 [default = true];
message GuestModeEnabledProto {
// Determines if guests are allowed to log in to the device.
optional bool guest_mode_enabled = 1 [default = true];
message ShowUserNamesOnSigninProto {
// Determines if we show pods for existing users on the sign in screen.
optional bool show_user_names = 1 [default = true];
message DataRoamingEnabledProto {
// Determines if cellular data roaming is enabled.
optional bool data_roaming_enabled = 1 [default = false];
message DeviceProxySettingsProto {
// One of "direct", "auto_detect", "pac_script", "fixed_servers", "system"
optional string proxy_mode = 1;
optional string proxy_server = 2;
optional string proxy_pac_url = 3;
optional string proxy_bypass_list = 4;
message CameraEnabledProto {
optional bool camera_enabled = 1;
message MetricsEnabledProto {
optional bool metrics_enabled = 1;
message ReleaseChannelProto {
// One of "stable-channel", "beta-channel", or "dev-channel"
optional string release_channel = 1;
// If |release_channel_delegated| is set to true and the |release_channel|
// field is not set or left empty, the user can select the channel. If the
// |release_channel| is specified it will always override users choice!
optional bool release_channel_delegated = 2;
message DeviceOpenNetworkConfigurationProto {
// The network configuration blob. This is a JSON string as specified by ONC.
optional string open_network_configuration = 1;
// Policies to turn on portions of the device status reports.
message DeviceReportingProto {
optional bool report_version_info = 1;
optional bool report_activity_times = 2;
optional bool report_boot_mode = 3;
optional bool report_location = 4;
message EphemeralUsersEnabledProto {
// Determines whether users should be treated as ephemeral. In ephemeral users
// mode, no cryptohome is created for the user, but a tmpfs mount is used
// instead such that upon logout all user state is discarded.
optional bool ephemeral_users_enabled = 1;
// Details of an extension to install as part of the AppPack.
message AppPackEntryProto {
optional string extension_id = 1;
optional string update_url = 2;
optional bool online_only = 3;
message AppPackProto {
// List of extensions to install as part of the AppPack.
repeated AppPackEntryProto app_pack = 1;
// This is a special policy for kiosk/retail mode that specifies what apps
// should be pinned to the launcher. For regular accounts, pinned apps are
// controlled through user policy.
message PinnedAppsProto {
// App IDs for the apps to pin.
repeated string app_id = 1;
message ForcedLogoutTimeoutsProto {
// All timeouts are specified in milliseconds.
// Specifies the timeout before an idle user session is terminated.
// If this field is omitted or set to 0, no logout on idle will be performed.
optional int64 idle_logout_timeout = 1;
// Specifies the duration of a warning countdown before the user is logged out
// because of idleness as specified by the |idle_logout_timeout| value.
// This field is only used if |idle_logout_timeout| != 0 is specified.
optional int64 idle_logout_warning_duration = 2;
message ScreenSaverProto {
// Specifies the extension ID which is to be used as a screen saver on the
// login screen if no user activity is present. Only respected if the device
// is in RETAIL mode.
optional string screen_saver_extension_id = 1;
// Specifies the timeout before the screen saver is activated. If this field
// is omitted or set to 0, no screen-saver will be started.
// Measured in milliseconds.
optional int64 screen_saver_timeout = 2;
// Enterprise controls for auto-update behavior of Chrome OS.
message AutoUpdateSettingsProto {
// True if we don't want the device to auto-update (target_version_prefix is
// ignored in this case).
optional bool update_disabled = 1;
// Specifies the prefix of the target version we want the device to
// update to, if it's on a older version. If the device is already on
// a version with the given prefix, then there's no effect. If the device is
// on a higher version, it will remain on the higher version as we
// don't support rollback yet. The format of this version can be one
// of the following:
// ---------------------------------------------------------------------
// "" (or not set at all): update to latest version available.
// 1412.: update to any minor version of 1412 (e.g. 1412.24.34 or 1412.60.2)
// 1412.2.: update to any minor version of 1412.2 (e.g. 1412.2.34 or 1412.2.2)
// 1412.24.34: update to this specific version only
// ---------------------------------------------------------------------
optional string target_version_prefix = 2;
// The Chrome browser version (e.g. "17.*") corresponding to the
// target_version_prefix above. The target_version_prefix is the internal OS
// version that external users normally are not aware of. This display_name
// can be used by the devices to display a message to end-users about the auto
// update setting.
optional string target_version_display_name = 3;
// Specifies the number of seconds up to which a device may randomly
// delay its download of an update from the time the update was first pushed
// out to the server. The device may wait a portion of this time in terms
// of wall-clock-time and the remaining portion in terms of the number of
// update checks. In any case, the scatter is upper bounded by a constant
// amount of time so that a device does not ever get stuck waiting to download
// an update forever.
optional int64 scatter_factor_in_seconds = 4;
// Enumerates network connection types.
enum ConnectionType {
// The types of connections that are OK to use for OS updates. OS updates
// potentially put heavy strain on the connection due to their size and may
// incur additional cost. Therefore, they are by default not enabled for
// connection types that are considered expensive, which include WiMax,
// Bluetooth and Cellular at the moment.
repeated ConnectionType allowed_connection_types = 5;
// True if the device should reboot automatically when an update has been
// applied and a reboot is required to complete the update process.
optional bool reboot_after_update = 6;
message StartUpUrlsProto {
// Specifies the URLs to be loaded on login to the anonymous account used if
// the device is in RETAIL mode.
repeated string start_up_urls = 1;
message SystemTimezoneProto {
// Specifies an owner-determined timezone that applies to the login screen and
// all users. Valid values are listed in "". Additionally,
// timezones from the "IANA Time Zone Database" (e.g. listed on wikipedia)
// that are equivalent to one of the timezones in "" are
// valid. In case of an invalid value, the setting is still activated with a
// fallback timezone (currently "GMT"). In case of an empty string or if no
// value is provided, the timezone device setting is inactive. In that case,
// the currently active timezone will remain in use however users can change
// the timezone and the change is persistent. Thus a change by one user
// affects the login-screen and all other users.
optional string timezone = 1;
// Parameters for Kiosk App device-local accounts.
message KioskAppInfoProto {
// Indicates the Kiosk App for the corresponding device-local account. The
// string value should be a valid 32-character Chrome App identifier and
// specifies the Kiosk App to download and run.
optional string app_id = 1;
// Optional extension update URL to download the Kiosk App package from. If
// not specified, the app will be downloaded from the standard Chrome Web
// Store update URL.
optional string update_url = 2;
// Describes a single device-local account.
message DeviceLocalAccountInfoProto {
// Deprecated: Account identifier for a public session device-local account.
// Old code didn't have the |type| field, so it can't handle new types of
// device-local accounts gracefully (i.e. ignoring unsupported types). New
// code should instead set type to ACCOUNT_TYPE_PUBLIC_SESSION and write the
// identifier to the |account_id| field below. If the |type| field is present,
// |deprecated_public_session_id| will be ignored.
// TODO(mnissler): Rename this field to indicate it's deprecated.
optional string id = 1;
// Identifier for the device-local account. This is an opaque identifier that
// is used to distinguish different device-local accounts configured. All
// configured accounts on a device must have unique identifiers.
optional string account_id = 2;
// Indicates the type of device-local account.
enum AccountType {
// A login-less, policy-configured browsing session.
// An account that serves as a container for a single full-screen app.
// The account type.
optional AccountType type = 3;
// Kiosk App parameters, relevant if |type| is ACCOUNT_TYPE_KIOSK_APP.
optional KioskAppInfoProto kiosk_app = 4;
message DeviceLocalAccountsProto {
// The list of device-local accounts (i.e. accounts without an associated
// cloud-backed profile) that are available on the device.
repeated DeviceLocalAccountInfoProto account = 1;
// The identifier of the device-local account to which the device
// should be logged in automatically. Should be equal to one of the
// ids in DeviceLocalAccountInfoProto.
optional string auto_login_id = 2;
// The amount of time, in milliseconds, that should elapse at the signin
// screen without user interaction before automatically logging in.
optional int64 auto_login_delay = 3;
// Whether the keyboard shortcut to prevent zero-delay auto-login should be
// enabled or not. If this keyboard shortcut is engaged, the auto-login will
// be delayed by 3 minutes so administrators can log in or make configuration
// changes.
optional bool enable_auto_login_bailout = 4 [default = true];
message AllowRedeemChromeOsRegistrationOffersProto {
// Chrome OS Registration service provides way for chromeos device users
// to redeem electronic offers provided by service provider.
// This value determines if users are allowed to redeem offers through
// Chrome OS Registration service.
optional bool allow_redeem_offers = 1 [default = true];
message StartUpFlagsProto {
// The list of flags to be applied to chrome on start-up (back up store for
// owner set flags in about:flags).
repeated string flags = 1;
message UptimeLimitProto {
// Sets the length of device uptime after which an automatic reboot is
// scheduled. An automatic reboot is scheduled at the selected time but may be
// delayed on the device by up to 24 hours, e.g. if a user is currently using
// the device or an app/extension has requested reboots to be inhibited
// temporarily. The policy value should be specified in seconds.
optional int64 uptime_limit = 1;
message VariationsParameterProto {
// The string for the restrict parameter to be appended to the Variations URL
// when pinging the Variations server.
optional string parameter = 1;
message AttestationSettingsProto {
// Attestation involves proving that a cryptographic key is protected by a
// legitimate Chrome OS TPM and reporting the operating mode of the platform.
// This setting enables attestation features at a device level. If this is
// enabled a machine key will be generated and certified by the Chrome OS
// CA. If this setting is disabled, the device will not communicate with the
// Chrome OS CA under any circumstances. Even users with attestation settings
// enabled will not be able to use those features on the device.
optional bool attestation_enabled = 1;
message ChromeDeviceSettingsProto {
optional DevicePolicyRefreshRateProto device_policy_refresh_rate = 1;
optional UserWhitelistProto user_whitelist = 2;
optional GuestModeEnabledProto guest_mode_enabled = 3;
optional DeviceProxySettingsProto device_proxy_settings = 4;
optional CameraEnabledProto camera_enabled = 5;
optional ShowUserNamesOnSigninProto show_user_names = 6;
optional DataRoamingEnabledProto data_roaming_enabled = 7;
optional AllowNewUsersProto allow_new_users = 8;
optional MetricsEnabledProto metrics_enabled = 9;
optional ReleaseChannelProto release_channel = 10;
optional DeviceOpenNetworkConfigurationProto open_network_configuration = 11;
optional DeviceReportingProto device_reporting = 12;
optional EphemeralUsersEnabledProto ephemeral_users_enabled = 13;
optional AppPackProto app_pack = 14;
optional ForcedLogoutTimeoutsProto forced_logout_timeouts = 15;
optional ScreenSaverProto login_screen_saver = 16;
optional AutoUpdateSettingsProto auto_update_settings = 17;
optional StartUpUrlsProto start_up_urls = 18;
optional PinnedAppsProto pinned_apps = 19;
optional SystemTimezoneProto system_timezone = 20;
optional DeviceLocalAccountsProto device_local_accounts = 21;
optional AllowRedeemChromeOsRegistrationOffersProto allow_redeem_offers = 22;
optional StartUpFlagsProto start_up_flags = 23;
optional UptimeLimitProto uptime_limit = 24;
optional VariationsParameterProto variations_parameter = 25;
optional AttestationSettingsProto attestation_settings = 26;