File: cloud_policy_constants.h

package info (click to toggle)
chromium 139.0.7258.127-1
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 6,122,068 kB
  • sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (245 lines) | stat: -rw-r--r-- 11,171 bytes parent folder | download | duplicates (6)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef COMPONENTS_POLICY_CORE_COMMON_CLOUD_CLOUD_POLICY_CONSTANTS_H_
#define COMPONENTS_POLICY_CORE_COMMON_CLOUD_CLOUD_POLICY_CONSTANTS_H_

#include <stdint.h>

#include <string>

#include "components/policy/policy_export.h"

namespace policy {

// Constants related to the device management protocol.
namespace dm_protocol {

// Name extern constants for URL query parameters.
extern const char kParamAgent[];
extern const char kParamAppType[];
extern const char kParamCritical[];
extern const char kParamDeviceID[];
extern const char kParamDeviceType[];
extern const char kParamLastError[];
extern const char kParamOAuthToken[];
extern const char kParamPlatform[];
extern const char kParamRequest[];
extern const char kParamRetry[];
extern const char kParamProfileID[];

// Policy constants used in authorization header.
extern const char kAuthHeader[];
extern const char kServiceTokenAuthHeaderPrefix[];
extern const char kDMTokenAuthHeaderPrefix[];
extern const char kEnrollmentTokenAuthHeaderPrefix[];
extern const char kOAuthTokenHeaderPrefix[];
extern const char kOidcAuthHeaderPrefix[];
extern const char kOidcAuthTokenHeaderPrefix[];
extern const char kOidcIdTokenHeaderPrefix[];
extern const char kOidcEncryptedUserInfoPrefix[];

// String extern constants for the device and app type we report to the server.
extern const char kValueAppType[];
extern const char kValueBrowserUploadPublicKey[];
extern const char kValueDeviceType[];
extern const char kValueRequestAutoEnrollment[];
extern const char kValueRequestPsmHasDeviceState[];
extern const char kValueCheckUserAccount[];
extern const char kValueRequestPolicy[];
extern const char kValueRequestRegister[];
extern const char kValueRequestRegisterProfile[];
extern const char kValueRequestApiAuthorization[];
extern const char kValueRequestUnregister[];
extern const char kValueRequestUploadCertificate[];
extern const char kValueRequestUploadEuiccInfo[];
extern const char kValueRequestDeviceStateRetrieval[];
extern const char kValueRequestUploadStatus[];
extern const char kValueRequestRemoteCommands[];
extern const char kValueRequestDeviceAttributeUpdatePermission[];
extern const char kValueRequestDeviceAttributeUpdate[];
extern const char kValueRequestGcmIdUpdate[];
extern const char kValueRequestCheckAndroidManagement[];
extern const char kValueRequestCertBasedRegister[];
extern const char kValueRequestTokenBasedRegister[];
extern const char kValueRequestActiveDirectoryEnrollPlayUser[];
extern const char kValueRequestActiveDirectoryPlayActivity[];
extern const char kValueRequestAppInstallReport[];
extern const char kValueRequestRegisterBrowser[];
extern const char kValueRequestRegisterPolicyAgent[];
extern const char kValueRequestChromeDesktopReport[];
extern const char kValueRequestInitialEnrollmentStateRetrieval[];
extern const char kValueRequestUploadPolicyValidationReport[];
extern const char kValueRequestPublicSamlUser[];
extern const char kValueRequestChromeOsUserReport[];
extern const char kValueRequestCertProvisioningRequest[];
extern const char kValueRequestChromeProfileReport[];
extern const char kValueRequestFmRegistrationTokenUpload[];
extern const char kValueRequestDeterminePromotionEligibility[];

// Policy type strings for the policy_type field in PolicyFetchRequest.
extern const char kChromeDevicePolicyType[];
extern const char kChromeUserPolicyType[];
extern const char kChromePublicAccountPolicyType[];
extern const char kChromeExtensionPolicyType[];
extern const char kChromeSigninExtensionPolicyType[];
extern const char kChromeMachineLevelUserCloudPolicyType[];
extern const char kChromeMachineLevelExtensionCloudPolicyType[];
extern const char kChromeRemoteCommandPolicyType[];
extern const char kGoogleUpdateMachineLevelAppsPolicyType[];
extern const char kGoogleUpdateMachineLevelOmahaPolicyType[];

// Remote command type for `type` field in DeviceRemoteCommandRequest.
// Command for Chrome OS Ash user.
extern const char kChromeAshUserRemoteCommandType[];
// Command for Chrome OS device.
extern const char kChromeDeviceRemoteCommandType[];
// Command for CBCM device on non-CrOS
extern const char kChromeBrowserRemoteCommandType[];
// Command for browser profile.
extern const char kChromeUserRemoteCommandType[];

extern const char kChromeMachineLevelUserCloudPolicyTypeBase64[];

// These codes are sent in the |error_code| field of PolicyFetchResponse.
enum PolicyFetchStatus {
  POLICY_FETCH_SUCCESS = 200,
  POLICY_FETCH_ERROR_NOT_FOUND = 902,
};

}  // namespace dm_protocol

// Public half of the verification key that is used to verify that policy
// signing keys are originating from DM server.
std::string GetPolicyVerificationKey();

// Corresponding hash.
extern const char kPolicyVerificationKeyHash[];

// Status codes for communication errors with the device management service.
// This enum is used to define the buckets for an enumerated UMA histogram.
// Hence,
//   (a) existing enumerated constants should never be deleted or reordered, and
//   (b) new constants should only be appended at the end of the enumeration.
enum DeviceManagementStatus {
  // All is good.
  DM_STATUS_SUCCESS = 0,
  // Request payload invalid.
  DM_STATUS_REQUEST_INVALID = 1,
  // The HTTP request failed.
  DM_STATUS_REQUEST_FAILED = 2,
  // The server returned an error code that points to a temporary problem.
  DM_STATUS_TEMPORARY_UNAVAILABLE = 3,
  // The HTTP request returned a non-success code.
  DM_STATUS_HTTP_STATUS_ERROR = 4,
  // Response could not be decoded.
  DM_STATUS_RESPONSE_DECODING_ERROR = 5,
  // Service error: Management not supported.
  DM_STATUS_SERVICE_MANAGEMENT_NOT_SUPPORTED = 6,
  // Service error: Device not found.
  DM_STATUS_SERVICE_DEVICE_NOT_FOUND = 7,
  // Service error: Device token invalid.
  DM_STATUS_SERVICE_MANAGEMENT_TOKEN_INVALID = 8,
  // Service error: Activation pending.
  DM_STATUS_SERVICE_ACTIVATION_PENDING = 9,
  // Service error: The serial number is not valid or not known to the server.
  DM_STATUS_SERVICE_INVALID_SERIAL_NUMBER = 10,
  // Service error: The device id used for registration is already taken.
  DM_STATUS_SERVICE_DEVICE_ID_CONFLICT = 11,
  // Service error: The licenses have expired or have been exhausted.
  DM_STATUS_SERVICE_MISSING_LICENSES = 12,
  // Service error: The administrator has deprovisioned this client.
  DM_STATUS_SERVICE_DEPROVISIONED = 13,
  // Service error: Device registration for the wrong domain.
  DM_STATUS_SERVICE_DOMAIN_MISMATCH = 14,
  // Client error: Request could not be signed.
  DM_STATUS_CANNOT_SIGN_REQUEST = 15,
  // Client error: Request body is too large.
  DM_STATUS_REQUEST_TOO_LARGE = 16,
  // Client error: Too many request.
  DM_STATUS_SERVICE_TOO_MANY_REQUESTS = 17,
  // Service error: The device needs to be reset (ex. for re-enrollment).
  DM_STATUS_SERVICE_DEVICE_NEEDS_RESET = 18,
  // Service error: Policy not found. Error code defined by the DM folks.
  DM_STATUS_SERVICE_POLICY_NOT_FOUND = 902,
  // Service error: ARC is not enabled on this domain.
  DM_STATUS_SERVICE_ARC_DISABLED = 904,
  // Service error: Non-dasher account with packaged license can't enroll.
  DM_STATUS_SERVICE_CONSUMER_ACCOUNT_WITH_PACKAGED_LICENSE = 905,
  // Service error: Not eligible enterprise account can't enroll.
  DM_STATUS_SERVICE_ENTERPRISE_ACCOUNT_IS_NOT_ELIGIBLE_TO_ENROLL = 906,
  // Service error: Enterprise TOS has not been accepted.
  DM_STATUS_SERVICE_ENTERPRISE_TOS_HAS_NOT_BEEN_ACCEPTED = 907,
  // Service error: Illegal account for packaged EDU license.
  DM_STATUS_SERVICE_ILLEGAL_ACCOUNT_FOR_PACKAGED_EDU_LICENSE = 908,
  // Service error: Packaged license device can't enroll KIOSK.
  DM_STATUS_SERVICE_INVALID_PACKAGED_DEVICE_FOR_KIOSK = 909,
  // Service error: Org Unit enrollment limit has been exceeded.
  DM_STATUS_SERVICE_ORG_UNIT_ENROLLMENT_LIMIT_EXCEEEDED = 910
};

// List of modes that the device can be locked into. Some IDs are skipped
// because they have been used in the past but got deprecated and deleted.
enum DeviceMode {
  DEVICE_MODE_PENDING = 0,     // The device mode is not yet available.
  DEVICE_MODE_NOT_SET = 1,     // The device is not yet enrolled or owned.
  DEVICE_MODE_CONSUMER = 2,    // The device is locally owned as consumer
                               // device.
  DEVICE_MODE_ENTERPRISE = 3,  // The device is enrolled as an enterprise
                               // device.
  DEPRECATED_DEVICE_MODE_LEGACY_RETAIL_MODE = 5,  // The device is enrolled as a
                                                  // retail kiosk device. This
                                                  // is deprecated.
  DEPRECATED_DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH = 6,  // The device is
                                                         // locally owned as
                                                         // consumer kiosk with
                                                         // ability to auto
                                                         // launch a kiosk
                                                         // webapp. This is
                                                         // deprecated.
  DEVICE_MODE_DEMO = 7,  // The device is in demo mode. It was
                         // either enrolled online or setup
                         // offline into demo mode domain -
                         // see kDemoModeDomain.
};

// List of modes of OIDC management.
enum ThirdPartyIdentityType {
  NO_THIRD_PARTY_MANAGEMENT =
      0,  // The device mode is not managed by a third party identity.
  OIDC_MANAGEMENT_DASHER_BASED =
      1,  // The device mode is managed by a third party identity that is
          // sync-ed to Google.
  OIDC_MANAGEMENT_DASHERLESS =
      2,  // The device mode is managed by a third party identity that is
          // notsync-ed to Google.
};

// Domain that demo mode devices are enrolled into: cros-demo-mode.com
extern const char kDemoModeDomain[];

// Indicate this device's market segment. go/cros-rlz-segments.
// This enum should be kept in sync with MarketSegment enum in
// device_management_backend.proto (http://shortn/_p0P58C4BRV). If any additions
// are made to this proto, the UserDeviceMatrix in
// src/tools/metrics/histograms/enums.xml should also be updated, as well as the
// browser test suite in usertype_by_devicetype_metrics_provider_browsertest.cc
// (http://shortn/_gD5uIM9Z78) to account for the new user / device type combo.
enum class MarketSegment {
  UNKNOWN,  // If device is not enrolled or market segment is not specified.
  EDUCATION,
  ENTERPRISE,
};

// Sender ID of FCM (Firebase Cloud Messaging)
// Policy Invalidation sender coming from the Firebase console.
inline constexpr int64_t kPolicyFCMInvalidationSenderID = 1013309121859;

// Kiosk SKU name. This is the constant of the enrollment license type that
// exists on the server side.
inline static const char kKioskSkuName[] = "GOOGLE.CHROME_KIOSK_ANNUAL";

}  // namespace policy

#endif  // COMPONENTS_POLICY_CORE_COMMON_CLOUD_CLOUD_POLICY_CONSTANTS_H_