270 lines
12 KiB
Protocol Buffer
270 lines
12 KiB
Protocol Buffer
/*
|
|
* Copyright (C) 2023 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
syntax = "proto2";
|
|
|
|
package devicelockcontroller;
|
|
|
|
import "google/protobuf/timestamp.proto";
|
|
import "configuration_info.proto";
|
|
import "device_checkin_info.proto";
|
|
import "device_info.proto";
|
|
|
|
option java_package = "com.android.devicelockcontroller.proto";
|
|
option java_multiple_files = true;
|
|
|
|
// This service is used by the Device Lock Android client to facilitate device
|
|
// provisioning of an eligible device into a Device Lock locking program.
|
|
service DeviceLockCheckinService {
|
|
// Fetches the check-in status of the device.
|
|
rpc GetDeviceCheckinStatus(GetDeviceCheckinStatusRequest)
|
|
returns (GetDeviceCheckinStatusResponse) {}
|
|
|
|
// Determines if a device is in an approved country.
|
|
rpc IsDeviceInApprovedCountry(IsDeviceInApprovedCountryRequest)
|
|
returns (IsDeviceInApprovedCountryResponse) {}
|
|
|
|
// Pauses the provisioning of the device.
|
|
rpc PauseDeviceProvisioning(PauseDeviceProvisioningRequest)
|
|
returns (PauseDeviceProvisioningResponse) {}
|
|
|
|
// Reports the device provision state of a device that is undergoing device
|
|
// provisioning.
|
|
rpc ReportDeviceProvisionState(ReportDeviceProvisionStateRequest)
|
|
returns (ReportDeviceProvisionStateResponse) {}
|
|
}
|
|
|
|
// Request to retrieve the check-in status of the device.
|
|
message GetDeviceCheckinStatusRequest {
|
|
// The device identifiers associated with the device provided by the Device
|
|
// Lock Android client. The Device Lock Android client would provide only one
|
|
// device identifier once the Device Lock Check-in service determines which
|
|
// of the device identifiers is registered with a locking program.
|
|
repeated ClientDeviceIdentifier client_device_identifiers = 1;
|
|
// The Mobile Network Code for the carrier, the Device Lock Android client
|
|
// would fetch it from TelephonyManager#getSimOperator().
|
|
optional string carrier_mccmnc = 2;
|
|
// The Firebase Cloud Messaging (FCM) registration token associated with the
|
|
// device provided by the Device Lock Android client. The token is only used
|
|
// for GMS devices.
|
|
optional string fcm_registration_token = 3;
|
|
}
|
|
|
|
message ClientDeviceIdentifier {
|
|
// The device identifier associated with the device.
|
|
optional string device_identifier = 1;
|
|
// The type of the device identifier.
|
|
optional DeviceIdentifierType device_identifier_type = 2;
|
|
}
|
|
|
|
// The different check-in status the Device Lock Android client can be in.
|
|
enum ClientCheckinStatus {
|
|
CLIENT_CHECKIN_STATUS_UNSPECIFIED = 0;
|
|
// The device is not ready for provision. The Device Lock Android client
|
|
// would need to do another check-in.
|
|
CLIENT_CHECKIN_STATUS_RETRY_CHECKIN = 1;
|
|
// The device is ready for provision. The Device Lock Android client can use
|
|
// the device provisioning information provided by the Device Lock server to
|
|
// provision the device.
|
|
CLIENT_CHECKIN_STATUS_READY_FOR_PROVISION = 2;
|
|
// The device no longer needs to be provisioned. The Device Lock Android
|
|
// client can stop future check-ins.
|
|
CLIENT_CHECKIN_STATUS_STOP_CHECKIN = 3;
|
|
}
|
|
|
|
// Response to a request to retrieve the check-in status of a given device.
|
|
message GetDeviceCheckinStatusResponse {
|
|
// The Device Lock Android client check-in status determined by the Device
|
|
// Lock server.
|
|
optional ClientCheckinStatus client_checkin_status = 1;
|
|
// Set by the Device Lock server when the Device Lock Android client provides
|
|
// multiple device identifiers and one of the multiple device identifiers is
|
|
// registered with the Device Lock server. The client should use the device
|
|
// identifier that was found for any future communications with the Device
|
|
// Lock server.
|
|
optional string registered_device_identifier = 2;
|
|
// One of the following fields will get populated based on the device
|
|
// check-in status. But if the Device Lock server determines that the Device
|
|
// Lock Android client no longer needs to do a check-in, then none of the
|
|
// fields will be populated.
|
|
oneof next_steps {
|
|
// The Device Lock server determined that the Device Lock Android client
|
|
// needs to perform another device check-in.
|
|
NextCheckinInformation next_checkin_information = 3;
|
|
// The Device Lock server determined that the Device Lock Android client
|
|
// can now provision the device.
|
|
DeviceProvisioningInformation device_provisioning_information = 4;
|
|
}
|
|
}
|
|
|
|
// Information needed by the Device Lock Android client for the next check-in.
|
|
message NextCheckinInformation {
|
|
// Set by the Device Lock server which tells the Device Lock Android client
|
|
// the date when the next check-in should happen.
|
|
optional google.protobuf.Timestamp next_checkin_timestamp = 1;
|
|
}
|
|
|
|
// Information needed by the Device Lock Android client for device provisioning.
|
|
message DeviceProvisioningInformation {
|
|
// The configuration information assigned to the device.
|
|
optional ConfigurationInfo configuration_information = 1;
|
|
// The type of configuration assigned to the device. This is used by the
|
|
// Device Lock Android client to determine what type of strings should be
|
|
// shown to the user.
|
|
optional ConfigurationType configuration_type = 2;
|
|
// The provision type selected when enrolling the device into a locking
|
|
// program. The Device Lock Android client would use this to determine which
|
|
// provision approach should be used to provision the device.
|
|
optional DeviceProvisionType device_provision_type = 3;
|
|
// Whether the Device Lock Android client should force the provisioning. If
|
|
// true, then the user cannot stop device provisioning. Otherwise, if false,
|
|
// then the user can optionally pause device provisioning.
|
|
optional bool force_provisioning = 4;
|
|
// Whether the device is an approved country. If true, then the Device Lock
|
|
// Android client can proceed with device provisioning. Otherwise, this would
|
|
// be considered a provisioning failure and the Device Lock Android client
|
|
// would use the ReportDeviceProvisionState RPC to report the provision
|
|
// failure.
|
|
optional bool is_device_in_approved_country = 5;
|
|
}
|
|
|
|
// Request to determine whether a registered device is in an approved country.
|
|
message IsDeviceInApprovedCountryRequest {
|
|
// The device identifier that is registered with the Device Lock server.
|
|
optional string registered_device_identifier = 1;
|
|
// The Mobile Network Code for the carrier, the Device Lock Android client
|
|
// would fetch it from TelephonyManager#getSimOperator().
|
|
optional string carrier_mccmnc = 2;
|
|
}
|
|
|
|
// Response to a request for determining if a registered device is in an
|
|
// approved country.
|
|
message IsDeviceInApprovedCountryResponse {
|
|
// Whether the device is an approved country.
|
|
optional bool is_device_in_approved_country = 1;
|
|
}
|
|
|
|
// The different reasons device provisioning can be paused.
|
|
enum PauseDeviceProvisioningReason {
|
|
PAUSE_DEVICE_PROVISIONING_REASON_UNSPECIFIED = 0;
|
|
// If given as an option to the user, the user can pause device provisioning.
|
|
// For example, the user is currently driving and the Device Lock Android
|
|
// client is prompting the user to proceed with device provisioning.
|
|
PAUSE_DEVICE_PROVISIONING_REASON_USER_DEFERRED_DEVICE_PROVISIONING = 1;
|
|
}
|
|
|
|
// Request to pause device provisioning of an eligible device.
|
|
message PauseDeviceProvisioningRequest {
|
|
// The device identifier that is registered with the Device Lock server that
|
|
// is requesting to pause device provisioning.
|
|
optional string registered_device_identifier = 1;
|
|
// The reason for pausing device provisioning.
|
|
optional PauseDeviceProvisioningReason pause_device_provisioning_reason = 2;
|
|
}
|
|
|
|
// Response to a request to pause device provisioning of an eligible device.
|
|
message PauseDeviceProvisioningResponse {
|
|
// The Device Lock server decision as to whether or not to force device
|
|
// provisioning after receiving the pause device provisioning request. If
|
|
// true, then device provisioning would be forced. Otherwise, if false, then
|
|
// the device provisioning can still be paused.
|
|
optional bool force_provisioning = 1;
|
|
}
|
|
|
|
// Request to report that device provisioning of an eligible device is complete.
|
|
message ReportDeviceProvisionCompleteRequest {
|
|
// The device identifier that is registered with the Device Lock server that
|
|
// was provisioned.
|
|
optional string registered_device_identifier = 1;
|
|
}
|
|
|
|
// Response to a request reporting that device provisioning of an eligible
|
|
// device is complete.
|
|
message ReportDeviceProvisionCompleteResponse {
|
|
// An enrollment token the Device Lock Android client can use for future
|
|
// communication with the Device Lock server post-provisioning.
|
|
optional string enrollment_token = 1;
|
|
}
|
|
|
|
// The different reasons device provisioning can fail on a device.
|
|
enum ClientProvisionFailureReason {
|
|
CLIENT_PROVISION_FAILURE_REASON_UNSPECIFIED = 0;
|
|
// Setup failed to complete on the device.
|
|
CLIENT_PROVISION_FAILURE_REASON_SETUP_FAILED = 1;
|
|
// Failed to download the creditor apk.
|
|
CLIENT_PROVISION_FAILURE_REASON_DOWNLOAD_FAILED = 2;
|
|
// Verification of the creditor apk failed.
|
|
CLIENT_PROVISION_FAILURE_REASON_VERIFICATION_FAILED = 3;
|
|
// Failed to install the creditor apk.
|
|
CLIENT_PROVISION_FAILURE_REASON_INSTALL_FAILED = 4;
|
|
// Pre-installed package not found.
|
|
CLIENT_PROVISION_FAILURE_REASON_PACKAGE_DOES_NOT_EXIST = 5;
|
|
// Delete apk failed.
|
|
CLIENT_PROVISION_FAILURE_REASON_DELETE_PACKAGE_FAILED = 6;
|
|
// Install package for secondary users failed.
|
|
CLIENT_PROVISION_FAILURE_REASON_INSTALL_EXISTING_FAILED = 7;
|
|
}
|
|
|
|
// The different provision states of a device.
|
|
enum ClientProvisionState {
|
|
CLIENT_PROVISION_STATE_UNSPECIFIED = 0;
|
|
// The Device Lock Android client would retry to provision the device.
|
|
CLIENT_PROVISION_STATE_RETRY = 1;
|
|
// The Device Lock Android client would inform the user that there has been
|
|
// an issue with device provisioning. The user can dismiss this.
|
|
CLIENT_PROVISION_STATE_DISMISSIBLE_UI = 2;
|
|
// The Device Lock Android client would inform the user that there has been
|
|
// an issue with device provisioning. The user cannot dismiss this.
|
|
CLIENT_PROVISION_STATE_PERSISTENT_UI = 3;
|
|
// The Device Lock Android client would factory reset the device because
|
|
// device provisioning could not be done.
|
|
CLIENT_PROVISION_STATE_FACTORY_RESET = 4;
|
|
// Device provisioning was a success.
|
|
CLIENT_PROVISION_STATE_SUCCESS = 5;
|
|
}
|
|
|
|
// Request to report the device provision state of a device that is
|
|
// undergoing device provisioning.
|
|
message ReportDeviceProvisionStateRequest {
|
|
// The reason why device provisioning failed if applicable.
|
|
optional ClientProvisionFailureReason client_provision_failure_reason = 1;
|
|
// The previous device provision state that the device was in. If not known,
|
|
// then CLIENT_PROVISION_STATE_UNSPECIFIED should be used. It is not known
|
|
// by the client on the first attempt of device provisioning.
|
|
optional ClientProvisionState previous_client_provision_state = 2;
|
|
// Whether device provision was a success.
|
|
optional bool provision_success = 3;
|
|
// The device identifier that is registered with the Device Lock server.
|
|
optional string registered_device_identifier = 4;
|
|
}
|
|
|
|
// Response to a request that is reporting the device provision state of a
|
|
// device undergoing device provisioning.
|
|
message ReportDeviceProvisionStateResponse {
|
|
// The Device Lock server determined the next provision state of the client.
|
|
// If the Device Lock Android client needs to send another gRPC request, then
|
|
// this provision state would be used as the previous provision state in the
|
|
// request.
|
|
optional ClientProvisionState next_client_provision_state = 1;
|
|
// An enrollment token the Device Lock Android client can use for future
|
|
// communication with the Device Lock server post-provisioning. This is only
|
|
// provided if device provisioning was a success.
|
|
optional string enrollment_token = 2;
|
|
// The number of days left until the device should factory reset because of a failed provision.
|
|
// This number should only be used when next_client_provision_state is
|
|
// CLIENT_PROVISION_STATE_DISMISSIBLE_UI
|
|
optional uint32 days_left_until_reset = 3;
|
|
} |