File: device_management_backend.proto

package info (click to toggle)
chromium 139.0.7258.127-1
links: PTS, VCS
area: main
in suites:
size: 6,122,068 kB
sloc: cpp: 35,100,771; ansic: 7,163,530; javascript: 4,103,002; python: 1,436,920; asm: 946,517; xml: 746,709; pascal: 187,653; perl: 88,691; sh: 88,436; objc: 79,953; sql: 51,488; cs: 44,583; fortran: 24,137; makefile: 22,147; tcl: 15,277; php: 13,980; yacc: 8,984; ruby: 7,485; awk: 3,720; lisp: 3,096; lex: 1,327; ada: 727; jsp: 228; sed: 36
file content (5278 lines) | stat: -rw-r--r-- 197,635 bytes
parent folder | download | duplicates (3)
// Copyright 2013 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

syntax = "proto2";

package enterprise_management;

import "private_membership_rlwe.proto";

option optimize_for = LITE_RUNTIME;
option go_package = "chromium/policy/enterprise_management_proto";

// Everything below this comment will be synchronized between client and server
// repos ( go/cros-proto-sync ).

// This enum needs to be shared between DeviceRegisterRequest and
// LicenseAvailability protos. With java_api_version 1, this means that enum
// needs to be wrapped into a message.
message LicenseType {
  // Enumerates different license types.
  enum LicenseTypeEnum {
    // Unknown/undefined
    UNDEFINED = 0;
    // Chrome Device Management Perpetual
    CDM_PERPETUAL = 1;
    // Chrome Device Management Annual
    CDM_ANNUAL = 2;
    // Chrome Kiosk
    KIOSK = 3;
    // Chrome Enterprise bundled license
    CDM_PACKAGED = 4;
  }

  optional LicenseTypeEnum license_type = 1;
}

// The current active session type on the device, or `NO_SESSION` if no user
// is currently logged in.
// This enum is used in the response payload of the
// `FETCH_CRD_AVAILABILITY_INFO` remote command.
// NOTE: Please DO NOT rename enum entries as they are used by external APIs.
enum UserSessionType {
  USER_SESSION_TYPE_UNKNOWN = 0;
  AUTO_LAUNCHED_KIOSK_SESSION = 1;
  MANUALLY_LAUNCHED_KIOSK_SESSION = 2;
  AFFILIATED_USER_SESSION = 3;
  UNAFFILIATED_USER_SESSION = 4;
  MANAGED_GUEST_SESSION = 5;
  GUEST_SESSION = 6;
  NO_SESSION = 7;
}

// The type of the CRD session. This enum is used in:
//   * the response payload of `FETCH_CRD_AVAILABILITY_INFO`.
//   * the request payload of `DEVICE_START_CRD_SESSION`.
enum CrdSessionType {
  CRD_SESSION_TYPE_UNKNOWN = 0;
  // A session where the admin has exclusive control of the remote machine.
  REMOTE_ACCESS_SESSION = 1;
  // A session where the admin and the local user share control of the remote
  // machine.
  REMOTE_SUPPORT_SESSION = 2;
}

// Enum indicating why a CRD session is or is not available.
// This enum is used in the response payload of the
// `FETCH_CRD_AVAILABILITY_INFO` remote command.
// NOTE: Please DO NOT rename enum entries as they are used by external APIs.
enum CrdSessionAvailability {
  CRD_SESSION_AVAILABILITY_UNKNOWN = 0;
  // The CRD session is available and the admin can start a CRD session.
  AVAILABLE = 1;
  // The CRD session is not available for the current user session type.
  UNAVAILABLE_UNSUPPORTED_USER_SESSION_TYPE = 2;
  // The CRD session is not available since the device is in an unmanaged
  // environment.
  UNAVAILABLE_UNMANAGED_ENVIRONMENT = 3;
  // The CRD session type is unsupported by device os version
  UNAVAILABLE_UNSUPPORTED_DEVICE_OS_VERSION = 4;
  // CRD is disabled on the device by the 'enterprise remote support connection'
  // policy.
  UNAVAILABLE_DISABLED_BY_POLICY = 5;
}

// Result code used in the response payload of the `START_CRD_SESSION` remote
// command. This is used because it is more granular than the normal
// `ResultType` enum used as the result code for a remote command.
enum StartCrdSessionResultCode {
  START_CRD_SESSION_RESULT_UNKNOWN = -1;
  // Successfully obtained access code.
  START_CRD_SESSION_SUCCESS = 0;
  // Failed as required services are not launched on the device.
  SERVICES_NOT_READY = 1;
  // Failure as the current user type does not support remotely starting CRD.
  FAILURE_UNSUPPORTED_USER_TYPE = 2;
  // Failed as device is currently in use and no interruptUser flag is set.
  FAILURE_NOT_IDLE = 3;
  // Failed as we could not get OAuth token for whatever reason.
  FAILURE_NO_OAUTH_TOKEN = 4;
  // Failed as we could not get ICE configuration for whatever reason.
  // deprecated
  FAILURE_NO_ICE_CONFIG = 5;
  // Failure during attempt to start CRD host and obtain CRD token.
  FAILURE_CRD_HOST_ERROR = 6;
  // Failure to start a curtained session as we're not in a managed environment.
  FAILURE_UNMANAGED_ENVIRONMENT = 7;
  // Failed because RemoteAccessHostAllowEnterpriseRemoteSupportConnections
  // policy is disabled.
  FAILURE_DISABLED_BY_POLICY = 8;
}

// Result code used in the response payload of the `FETCH_SUPPORT_PACKET` remote
// command. The response payload will be a JSON string as follows:
// {
//   "result": <FetchSupportPacketResultCode enum>,
//   (optional) "notes": [<FetchSupportPacketResultNote enums>]
// }
enum FetchSupportPacketResultCode {
  // Unspecified result.
  FETCH_SUPPORT_PACKET_RESULT_CODE_UNSPECIFIED = 0;
  // Success.
  FETCH_SUPPORT_PACKET_RESULT_SUCCESS = 1;
  // Command is not enabled for the device or the user.
  FAILURE_COMMAND_NOT_ENABLED = 2;
  // Failed to create the file to upload.
  FAILURE_EXPORTING_FILE = 3;
  // Internal failure at reporting pipeline. LogUploadEvent can't be enqueued.
  FAILURE_REPORTING_PIPELINE = 4;
  // File upload to File Storage Server has failed.
  FAILURE_LOG_UPLOAD = 5;
}

// Result payload field that will used for FETCH_SUPPORT_PACKET remote command.
// This field represents the warnings or notes that the device sends along with
// the command result. This enum will be used to attach optional notes to
// successful execution. Failure details will be send to the server in
// FetchSupportPacketResultCode enum.
enum FetchSupportPacketResultNote {
  FETCH_SUPPORT_PACKET_RESULT_PAYLOAD_UNSPECIFIED = 0;
  // Warning that the requested PII is not allowed to be included in the
  // collected logs due to privacy issues. This is not an error but a warning to
  // the admin. The log file will be created and uploaded without PII.
  WARNING_PII_NOT_ALLOWED = 1;
}

// Data along with a cryptographic signature verifying their authenticity.
message SignedData {
  // The data to be signed.
  optional bytes data = 1;
  // The signature of the data field.
  optional bytes signature = 2;
  // How many bytes were added to the end of original data before signature
  // (e.g. a nonce to avoid proxy attacks of the signing service).
  optional int32 extra_data_bytes = 3;
}

// Request from device to server to check user account type for enrollment.
message CheckUserAccountRequest {
  // Email address of a user.
  // The user may not exist in GAIA.
  optional string user_email = 1;
  // If enrollment nudge policy is required.
  optional bool enrollment_nudge_request = 2 [default = false];
}

// Request from device to server to register a device, user or browser.
message DeviceRegisterRequest {
  reserved 5, 10;

  // Reregister device without erasing server state.  It can be used
  // to refresh dmtoken etc.  Client MUST set this value to true if it
  // reuses an existing device id.
  optional bool reregister = 1;

  // Register type.  This field does not exist for TT release.
  // When a client requests for policies, server should verify the
  // client has been registered properly.  For example, a client must
  // register with type DEVICE in order to retrieve device policies.
  enum Type {
    reserved 5;

    TT = 0;               // Register for TT release.
    USER = 1;             // Register for Chrome OS user polices.
    DEVICE = 2;           // Register for Chrome OS device policies.
    BROWSER = 3;          // Register for desktop Chrome browser user policies.
    ANDROID_BROWSER = 4;  // Register for Android Chrome browser user policies.
    IOS_BROWSER = 6;      // Register for iOS Chrome browser user policies.
  }
  // NOTE: we also use this field to detect client version.  If this
  // field is missing, then the request comes from TT.  We will remove
  // Chrome OS TT support once it is over.
  optional Type type = 2 [default = TT];

  // Machine hardware id, such as serial number.
  // This field is required if register type == DEVICE.
  optional string machine_id = 3;

  // Machine model name, such as "ZGA", "Cr-48", "Nexus One".  If the
  // model name is not available, client SHOULD send generic name like
  // "Android", or "Chrome OS".
  optional string machine_model = 4;

  // Indicates a requisition of the registering entity that the server can act
  // upon. This allows clients to pass hints e.g. at device enrollment time
  // about the intended use of the device.
  optional string requisition = 6;

  // The current server-backed state key for the client, if applicable. This can
  // be used by the server to link the registration request to an existing
  // device record for re-enrollment.
  optional bytes server_backed_state_key = 7;

  // Enumerates different flavors of registration.
  enum Flavor {
    reserved 12;

    // User manually enrolls a device for device management.
    FLAVOR_ENROLLMENT_MANUAL = 0;
    // User re-starts enrollment manually to recover from loss of policy.
    FLAVOR_ENROLLMENT_MANUAL_RENEW = 1;
    // Device enrollment forced by local device configuration, such as OEM
    // partition flags to force enrollment.
    FLAVOR_ENROLLMENT_LOCAL_FORCED = 2;
    // Enrollment advertised by local device configuration, such as OEM
    // partition flags indicating to prompt for enrollment, but allowing the
    // user to skip.
    FLAVOR_ENROLLMENT_LOCAL_ADVERTISED = 3;
    // Device state downloaded from the server during OOBE indicates that
    // re-enrollment is mandatory.
    FLAVOR_ENROLLMENT_SERVER_FORCED = 4;
    // Device state downloaded from the server during OOBE indicates that the
    // device should prompt for (re-)enrollment, but the user is allowed to
    // skip.
    FLAVOR_ENROLLMENT_SERVER_ADVERTISED = 5;
    // Device detected in steady state that it is supposed to be enrolled, but
    // the policy is missing.
    FLAVOR_ENROLLMENT_RECOVERY = 6;
    // User policy registration for a logged-in user.
    FLAVOR_USER_REGISTRATION = 7;
    // Attestation-based with the option to use a different authentication
    // mechanism.
    FLAVOR_ENROLLMENT_ATTESTATION = 8;
    // Forced attestation-based enrollment (cannot fallback to another flavor).
    FLAVOR_ENROLLMENT_ATTESTATION_LOCAL_FORCED = 9;
    // Device state downloaded from the server during OOBE indicates that
    // re-enrollment is mandatory and should be attestation-based.
    FLAVOR_ENROLLMENT_ATTESTATION_SERVER_FORCED = 10;
    // Device state downloaded from the server indicated that re-enrollment is
    // mandatory, but it failed and we are doing a fallback to manual
    // enrollment.
    FLAVOR_ENROLLMENT_ATTESTATION_MANUAL_FALLBACK = 11;
    // Device state downloaded from the server during OOBE indicates that
    // initial enrollment is mandatory.
    FLAVOR_ENROLLMENT_INITIAL_SERVER_FORCED = 13;
    // Device state downloaded from the server during OOBE indicates that
    // initial enrollment is mandatory and should be attestation-based.
    FLAVOR_ENROLLMENT_ATTESTATION_INITIAL_SERVER_FORCED = 14;
    // Device state downloaded from the server indicated that initial enrollment
    // is mandatory, but it failed and we are doing a fallback to manual
    // enrollment.
    FLAVOR_ENROLLMENT_ATTESTATION_INITIAL_MANUAL_FALLBACK = 15;
    // An enterprise rollback just took place and the device was wiped.
    // Attempt to re-enroll with attestation. This is forced from the
    // client side.
    FLAVOR_ENROLLMENT_ATTESTATION_ROLLBACK_FORCED = 16;
    // An enterprise rollback just took place and the device was wiped.
    // Attestation re-enrollment just failed, attempt manual enrollment as
    // fallback.
    FLAVOR_ENROLLMENT_ATTESTATION_ROLLBACK_MANUAL_FALLBACK = 17;
    // Device state downloaded from the server indicated that initial enrollment
    // is mandatory and should be token-based.
    FLAVOR_ENROLLMENT_TOKEN_INITIAL_SERVER_FORCED = 18;
    // Device state downloaded from the server indicated that initial
    // token-based enrollment is mandatory, but it failed and we are falling
    // back to manual enrollment.
    FLAVOR_ENROLLMENT_TOKEN_INITIAL_MANUAL_FALLBACK = 19;
    // Operating system was remotely installed, and device state downloaded
    // from the server indicated that initial token-based enrollment is
    // mandatory.
    FLAVOR_ENROLLMENT_REMOTE_DEPLOYMENT_SERVER_FORCED = 20;
    // Operating system was remotely installed, and device state downloaded
    // from the server indicated that initial token-based enrollment is
    // mandatory, but enrollment failed and we are falling back to manual
    // enrollment.
    FLAVOR_ENROLLMENT_REMOTE_DEPLOYMENT_MANUAL_FALLBACK = 21;
  }

  // Indicates the registration flavor. This is passed to the server FYI when
  // registering for policy so the server can distinguish registration triggers.
  optional Flavor flavor = 8;

  // If specified, represents the license type selected by user on the device.
  optional LicenseType license_type = 9;

  // Enumerates different expected lifetimes of registration.
  enum Lifetime {
    // Default case.
    LIFETIME_UNDEFINED = 0;
    // No expiration, most of the registrations have this lifetime.
    LIFETIME_INDEFINITE = 1;
    // Lifetime for ephemeral user policy registration.
    LIFETIME_EPHEMERAL_USER = 2;
  }

  // Indicates the expected lifetime of registration.
  optional Lifetime lifetime = 11 [default = LIFETIME_INDEFINITE];

  // The 4-character brand code of the device.
  optional string brand_code = 12;

  // Previous DMToken that should be reused for re-registration.
  optional string reregistration_dm_token = 13;

  // MAC address for onboard network (ethernet) interface.
  // The format is twelve (12) hexadecimal digits without any delimiter
  // (uppercase letters).
  // This field might be set only if register type == DEVICE.
  optional string ethernet_mac_address = 14;

  // Built-in MAC address for the docking station that the device can be
  // connected to.
  // The format is twelve (12) hexadecimal digits without any delimiter
  // (uppercase letters).
  // This field might be set only if register type == DEVICE.
  optional string dock_mac_address = 15;

  // The date the device was manufactured in yyyy-mm-dd format.
  // This field might be set only if register type == DEVICE.
  optional string manufacture_date = 16;

  // Currently using in token enrollment to ensure domain in request matches
  // domain from token.
  optional string expected_enrollment_domain = 17;

  // Identification of the device that is not already available.
  optional DeviceRegisterIdentification device_register_identification = 18;

  // Indicates all possible PSM (Private Set Membership) protocol final results
  // without specifying the root cause in case of an error.
  enum PsmExecutionResult {
    // PSM protocol started and it neither finished successfully nor
    // terminated due to a protocol's error.
    PSM_RESULT_UNKNOWN = 0;

    // PSM finished successfully and there was server-backed state for the
    // device.
    PSM_RESULT_SUCCESSFUL_WITH_STATE = 1;

    // PSM finished successfully and there was no server-backed state for the
    // device.
    PSM_RESULT_SUCCESSFUL_WITHOUT_STATE = 2;

    // PSM terminated due to an error.
    PSM_RESULT_ERROR = 3;

    // PSM check was skipped, as the device is going through Flex Auto
    // Enrollment after legacy state determination.
    PSM_SKIPPED_FOR_FLEX_AUTO_ENROLLMENT = 4;
  }
  optional PsmExecutionResult psm_execution_result = 19;

  // Timestamp of PSM retrieving the device's determination successfully in
  // milliseconds since Epoch in UTC timezone (Java time).
  optional int64 psm_determination_timestamp_ms = 20;

  // Information specific to Demo Mode about the device and the demo context.
  // Only set when the device is enrolling into Demo Mode, as defined by
  // DeviceRegisterRequest.requisition == "cros-demo-mode".
  optional DemoModeDimensions demo_mode_dimensions = 21;

  // Contains encoded customer information relevant for the generic OIDC profile
  // enrollment process.
  optional string oidc_profile_enrollment_state = 22;

  // Information from the device's SMBIOS.
  optional SmbiosInfo smbios_info = 23;

  // Next id: 24.
}

// Identification of a device used during its registration.
message DeviceRegisterIdentification {
  // The attested device ID for devices using Zero-Touch (see go/zt-sn).
  optional string attested_device_id = 1;
}

// Response from server to device
message CheckUserAccountResponse {
  // Enum listing the possible user account status.
  enum UserAccountType {
    UNKNOWN_USER_ACCOUNT_TYPE = 0;

    // There is no GAIA user exist mapping to the specific user email.
    NOT_EXIST = 1;

    // The GAIA user mapping to the specific user email is not a dasher user.
    CONSUMER = 2;
    // The GAIA user is a dasher user. See http://go/is-dasher-user
    DASHER = 3;
  }

  // The domain abstracted from the specific email has been verified by dasher.
  optional bool domain_verified = 1;

  // The account type mapping from the specific user email.
  optional UserAccountType user_account_type = 2;

  // Enum listing the possible enrollment nudge types.
  enum EnrollmentNudgeType {
    UNKNOWN_ENROLLMENT_NUDGE_TYPE = 0;
    // Enrollment is not required.
    NONE = 1;
    // Requires the user to complete the enrollment process before they can
    // login.
    ENROLLMENT_REQUIRED = 2;
  }

  // Whether to nudge managed users to enroll unowned devices.
  optional EnrollmentNudgeType enrollment_nudge_type = 3;
}

// Response from server to device register request.
message DeviceRegisterResponse {
  reserved 6;

  // Device management token for this registration.  This token MUST be
  // part of HTTP Authorization header for all future requests from
  // device to server.
  required string device_management_token = 1;

  // Device display name.  By default, server generates the name in
  // the format of "Machine Model - Machine Id".  However, domain
  // admin can update it using Admin console, so do NOT treat it as constant.
  optional string machine_name = 2;

  // Enum listing the possible modes the device should be locked into when the
  // registration is finished.
  enum DeviceMode {
    // In ENTERPRISE mode the device has no local owner and device settings are
    // controlled through the cloud policy infrastructure. Auto-enrollment is
    // supported in that mode.
    ENTERPRISE = 0;
    // DEPRECATED: Devices in RETAIL mode also have no local owner and get their
    // device settings from the cloud, but additionally this mode enables the
    // demo account on the device.
    RETAIL_DEPRECATED = 1;
    // DEPRECATED: Devices in CHROME_AD mode are in enterprises with AD.  Device
    // settings are controlled through the AD policy infrastructure.
    CHROME_AD_DEPRECATED = 2;
    // Devices in DEMO mode have no local owner and get their device settings
    // from the cloud. They are controlled by demo mode domain and provide
    // customized demo experience to the users.
    DEMO = 3;
  }
  optional DeviceMode enrollment_type = 3 [default = ENTERPRISE];

  // An opaque configuration string for devices that require it.  CHROME_AD
  // devices, for example, may use this string for AD discovery.  Must be at
  // most a few kBytes.
  optional string configuration_seed = 4;

  // List of user affiliation IDs. The list is used to define if the user
  // registering for policy is affiliated on the device.
  // Only sent if DeviceRegisterRequest.Type == USER
  repeated string user_affiliation_ids = 5;

  // The display name Chrome should use when setting up the profile, used for
  // OIDC managed profile only.
  optional string user_display_name = 7;

  // The email of the user who logged into this profile, used for OIDC managed
  // profile only.
  optional string user_email = 8;

  // Enum listing the possible types of the third party identity used for OIDC
  // managed profiles.
  enum ThirdPartyIdentityType {
    // The profile does not have third party identity.
    NONE = 0;
    // The third party identity is synced to Google (Dasher) and there is an
    // associated GAIA ID for it.
    DASHER_BASED = 1;
    // The third party identity is not synced to Google and there is no
    // associated GAIA ID for it.
    DASHERLESS = 2;
  }
  optional ThirdPartyIdentityType third_party_identity_type = 9
      [default = NONE];
}

// Request from device to server to unregister device.
// GoogleDMToken MUST be in HTTP Authorization header.
message DeviceUnregisterRequest {}

// Response from server to device for unregister request.
message DeviceUnregisterResponse {}

// Request from device to server to upload a device certificate or an enrollment
// identifier.
// GoogleDMToken MUST be in HTTP Authorization header.
message DeviceCertUploadRequest {
  enum CertificateType {
    // Default value for when a type is not specified.
    CERTIFICATE_TYPE_UNSPECIFIED = 0;
    // Enterprise machine certificate used for remote attestation.
    ENTERPRISE_MACHINE_CERTIFICATE = 1;
    // Enrollment certificate used to obtain an enrollment identifier.
    ENTERPRISE_ENROLLMENT_CERTIFICATE = 2;
  }

  // Certificate in X.509 format.
  optional bytes device_certificate = 1;
  // Type of certificate. If omitted, will be guessed from the other fields.
  optional CertificateType certificate_type = 2;
  // Enrollment identifier if provided.
  optional bytes enrollment_id = 3;
}

// Response from server to device for cert upload request.
message DeviceCertUploadResponse {}

// Request to access a Google service with the given scope.
message DeviceServiceApiAccessRequest {
  // The list of auth scopes the device requests from DMServer.
  repeated string auth_scopes = 1;

  // OAuth2 client ID to which the returned authorization code is bound.
  optional string oauth2_client_id = 2;

  // Enumerates different flavors of registration.
  enum DeviceType {
    // Authcode will be used by Chrome OS
    // (this is typically requested during device enrollment)
    CHROME_OS = 0;
    // Authcode will be used by Android (ARC) subsystem
    // (this is typically requested during ARC Kiosk session setup)
    ANDROID_OS = 1;
    // Authcode will be used by Chrome OS Demo Mode. This auth code can be used
    // to access Google Docs.
    // Please see go/cros-demo-mode and go/demo-mode-account-brainstorm.
    CHROME_OS_DEMO_MODE = 2;
    // Authcode will be used by the enterprise-managed Chrome Browser to
    // register for policy invalidations. This is requested during enrollment.
    CHROME_BROWSER = 3;
  }

  // Device type indicates the intended use of the auth code.
  optional DeviceType device_type = 3;
}

// Response from server to API access request.
message DeviceServiceApiAccessResponse {
  // The OAuth2 authorization code for the requested scope(s).
  // This can be exchanged for a refresh token.
  optional string auth_code = 1;
}

// Device Identifier for non-Chrome OS platform.
message BrowserDeviceIdentifier {
  reserved 3;

  // Name of the computer.
  optional string computer_name = 1;
  // Device serial number (definition depending on the platform).
  optional string serial_number = 2;
  // Hostname of the device. This field contains PII.
  optional string host_name = 4;
}

message PolicyFetchRequest {
  reserved 5, 11;
  reserved "invalidation_topics_only";

  // This is the policy type, which maps to D3 policy type internally.
  // By convention, we use "/" as separator to create policy namespace.
  // The policy type names are case insensitive.
  //
  // Possible values for Chrome OS are:
  //   google/chromeos/device => ChromeDeviceSettingsProto
  //   google/chromeos/publicaccount => ChromeSettingsProto
  //   google/chromeos/signinextension => ExternalPolicyData
  //   google/chromeos/remotecommand => RemoteCommand (*)
  //
  // For users signed in to Chrome,
  //   google/chromeos/user => ChromeSettingsProto
  //   google/android/user => ChromeSettingsProto
  //   google/chrome/user => ChromeSettingsProto
  //   google/ios/user => ChromeSettingsProto
  //   google/chrome/extension => ExternalPolicyData
  //
  // For Chrome Browser Cloud Management,
  //   google/chrome/machine-level-user => ChromeSettingsProto
  //   google/chrome/machine-level-user-android => ChromeSettingsProto
  //   google/chrome/machine-level-user-ios => ChromeSettingsProto
  //   google/chrome/machine-level-extension => ExternalPolicyData
  //   google/machine-level-apps =>
  //       Omaha policy fetch is translated into two policy types
  //       google/chrome/machine-level-user => ChromeSettingsProto
  //       google/machine-level-omaha => OmahaSettingsClientProto
  //
  // Types marked with an (*) are not policies, but data signed with the policy
  // key. It is illegal to try to fetch policies with those types.
  optional string policy_type = 1;

  // This is the last policy timestamp that client received from server. The
  // expectation is that this field is filled by the value of
  // PolicyData.timestamp from the last policy received by the client.
  optional int64 timestamp = 2;

  // Tell server what kind of security signature is required.
  // TODO(b/147782972): Move to toplevel in sync with Chrome OS client code.
  enum SignatureType {
    NONE = 0;
    SHA1_RSA = 1;
    SHA256_RSA = 2;
  }
  optional SignatureType signature_type = 3 [default = NONE];

  // The version number of the public key that is currently stored
  // on the client. This should be the last number the server had
  // supplied as new_public_key_version in PolicyData.
  // This field is unspecified if the client does not yet have a
  // public key.
  optional int32 public_key_version = 4;

  // This field is used for devices to send the additional ID to fetch settings.
  // Retrieving some settings requires more than just device or user ID.
  // For example, to retrieve public account, devices need to pass in
  // public account ID in addition to device ID. To retrieve extension or
  // plug-in settings, devices need to pass in extension/plug-in ID in
  // addition to user ID.
  // policy_type represents the type of settings (e.g. public account,
  // extension) devices request to fetch.
  optional string settings_entity_id = 6;

  // If this fetch is due to a policy invalidation, this field contains the
  // version provided with the invalidation. The server interprets this value
  // and the value of invalidation_payload to fetch the up-to-date policy.
  optional int64 invalidation_version = 7;

  // If this fetch is due to a policy invalidation, this field contains the
  // payload delivered with the invalidation. The server interprets this value
  // and the value of invalidation_version to fetch the up-to-date policy.
  optional bytes invalidation_payload = 8;

  // Hash string for the chrome policy verification public key which is embedded
  // into Chrome binary. Matching private key will be used by the server
  // to sign per-domain policy keys during key rotation. If server does not
  // have the key which matches this hash string, that could indicate malicious
  // or out-of-date Chrome client.
  optional string verification_key_hash = 9;

  // Encoded information from a policy invalidation notification. This is opaque
  // to the client and should be forwarded from the invalidation notification.
  optional string policy_invalidation_info = 10 [deprecated = true];

  // If this is an affiliated user, this is the device's DMToken.
  optional string device_dm_token = 12;

  // Device identifier for helping identify non-Chrome OS devices.
  optional BrowserDeviceIdentifier browser_device_identifier = 13;
}

// This message customizes how the device behaves when it is disabled by its
// owner. The message will be sent as part of the DeviceState fetched during
// normal operation and as part of the DeviceStateRetrievalResponse fetched when
// the device is wiped/reinstalled.
message DisabledState {
  // A message to the finder/thief that should be shown on the screen.
  optional string message = 1;
}

message DeviceState {
  // Modes of operation that the device can be in.
  enum DeviceMode {
    // The device is operating normally. Sessions can be started and the device
    // can be used.
    DEVICE_MODE_NORMAL = 0;
    // The device has been disabled by its owner. The device will show a warning
    // screen and will not allow any sessions to be started.
    DEVICE_MODE_DISABLED = 1;
  }
  // The mode of operation that the device should be in.
  optional DeviceMode device_mode = 1 [default = DEVICE_MODE_NORMAL];

  // State that is relevant only when the |device_mode| is
  // |DEVICE_MODE_DISABLED|.
  optional DisabledState disabled_state = 2;
}

message CustomerLogo {
  // The SCS url for the logo set by the admin for a particular OU.
  // This is in the form https://admin.googleusercontent.com/<scs_url_key>.
  optional string logo_url = 1;
}

// This message is included in serialized form in PolicyFetchResponse below. It
// may also be signed, with the signature being created for the serialized form.
message PolicyData {
  reserved 10, 13, 14, 18, 19;
  reserved "command_invalidation_name";
  reserved "command_invalidation_source";
  reserved "invalidation_name";
  reserved "invalidation_source";
  reserved "valid_serial_number_missing";

  // See PolicyFetchRequest.policy_type.
  optional string policy_type = 1;

  // [timestamp] is milliseconds since Epoch in UTC timezone (Java time). It is
  // included here so that the time at which the server issued this response
  // cannot be faked (as protection against replay attacks). It is the timestamp
  // generated by DMServer, NOT the time admin last updated the policy or
  // anything like that.
  optional int64 timestamp = 2;

  // The DMToken that was used by the client in the HTTP POST header for
  // authenticating the request. It is included here again so that the client
  // can verify that the response is meant for them (and not issued by a replay
  // or man-in-the-middle attack).
  // Note that the existence or non-existence of the DMToken is not the correct
  // way to determine whether the device is managed. Cf. |management_mode| below
  // for details.
  optional string request_token = 3;

  // The serialized value of the actual policy protobuf.  This can be
  // deserialized to an instance of, for example, ChromeSettingsProto,
  // ChromeDeviceSettingsProto, or ExternalPolicyData.
  optional bytes policy_value = 4;

  // The device display name assigned by the server.  It is only
  // filled if the display name is available.
  //
  // The display name of the machine as generated by the server or set
  // by the Administrator in the Admin console GUI. This is the same thing as
  // |machine_name| in DeviceRegisterResponse but it might have
  // changed since then.
  optional string machine_name = 5;

  // Version number of the server's current public key. (The key that
  // was used to sign this response. Numbering should start at 1 and be
  // increased by 1 at each key rotation.)
  optional int32 public_key_version = 6;

  // The user this policy is intended for. In case of device policy, the name
  // of the owner (who registered the device).
  optional string username = 7;

  // In this field the DMServer should echo back the "deviceid" HTTP parameter
  // from the request. This is also used for user and device local accounts ids,
  // see client_id in code.
  optional string device_id = 8;

  // Indicates which state this association with DMServer is in. This can be
  // used to tell the client that it is not receiving policy even though the
  // registration with the server is kept active.
  enum AssociationState {
    // Association is active and policy is pushed.
    ACTIVE = 0;
    // Association is alive, but the corresponding domain is not managed.
    UNMANAGED = 1;
    // The device has been deprovisioned by the administrator and is no longer
    // managed.
    DEPROVISIONED = 2;
  }
  optional AssociationState state = 9 [default = ACTIVE];

  // Indicates which public account or extension/plug-in this policy data is
  // for. See PolicyFetchRequest.settings_entity_id for more details.
  optional string settings_entity_id = 11;

  // Indicates the identity the device service account is associated with.
  // This is only sent as part of device policy fetch.
  optional string service_account_identity = 12;

  // Server-provided identifier of the fetched policy. This is to be used
  // by the client when requesting Policy Posture assertion through an API
  // call or SAML flow. For details, see http://go/chrome-nac-server-design.
  optional string policy_token = 15;

  // Indicates the management mode of the device. Note that old policies do not
  // have this field. If this field is not set but request_token is set, assume
  // the management mode is ENTERPRISE_MANAGED. If both this field and
  // request_token are not set, assume the management mode is LOCAL_OWNER.
  enum ManagementMode {
    // The device is owned locally. The policies are set by the local owner of
    // the device.
    LOCAL_OWNER = 0;
    // The device is enterprise-managed (either via DM server or through Active
    // Directory). See the comment above for backward compatibility.
    ENTERPRISE_MANAGED = 1;
    // Obsolete. Don't use.
    OBSOLETE_CONSUMER_MANAGED = 2;
  }
  optional ManagementMode management_mode = 16;

  // Indicates the state that the device should be in.
  optional DeviceState device_state = 17;

  // The free-text location info the admin enters to associate the device
  // with a location.
  optional string annotated_location = 20;

  // The free-text asset identifier the admin enters to associate the device
  // with a user-generated identifier.
  optional string annotated_asset_id = 21;

  // The unique directory api ID of the device which was generated on the
  // server-side.
  optional string directory_api_id = 22;

  // List of device affiliation IDs. If there exists an overlap between user
  // affiliation IDs and device affiliation IDs, we consider that the user is
  // affiliated on the device. Otherwise the user is not affiliated on the
  // device. Should be fetched with device policy. Ignored if fetched with
  // other polices.
  repeated string device_affiliation_ids = 23;

  // List of user affiliation IDs. The list is used to define if current user
  // is affiliated on the device. See device_affiliation_ids for details.
  // Should be fetched with user policy. Ignored if fetched with other polices.
  repeated string user_affiliation_ids = 24;

  // Used as the display domain when the primary domain gets renamed. This field
  // is present only for device policies.
  optional string display_domain = 25;

  // Invalidation topic for devices. Clients register for FCM messages using
  // this topic in order to receive notifications for device policy changes.
  optional string policy_invalidation_topic = 26;

  // Invalidation topic for commands. Clients register for FCM messages using
  // this topic in order to receive notifications that one or more commands are
  // available for execution.
  optional string command_invalidation_topic = 27;

  // Whether the device needs to upload an enrollment identifier to the cloud.
  // TODO(b/136188860) migrates to enrollment_certificate_needed under
  // client_action_required.
  optional bool enrollment_id_needed = 28;

  // Gaia id of the user the policy is intended for.
  // Should be fetched with user policy.
  optional string gaia_id = 29;

  // Indicate this device's market segment. The MarketSegment enum in
  // cloud_policy_constants.h (http://shortn/_3iFWcdjy0P) must be kept in sync
  // with this enum.
  enum MarketSegment {
    MARKET_SEGMENT_UNSPECIFIED = 0;
    ENROLLED_EDUCATION = 1;
    ENROLLED_ENTERPRISE = 2;
  }

  // This field should only be set for Device Policy response.
  // See go/cros-rlz-segments
  optional MarketSegment market_segment = 30;

  // This field is currently only set for Device Policy response.
  // This represents the logo set by the admin for the OU that the device
  // belongs to. This is domain metadata included in a device policy response,
  // but it is not an explicit device policy.
  optional CustomerLogo customer_logo = 31;

  // b/129771193
  // This setting is from SingleSignOnSettingsProto#change_password_uri
  // http://google3/ccc/hosted/policies/services/common/sso_settings.proto?l=48&rcl=241246111
  // This field is currently only set for User Policy response.
  optional string change_password_uri = 32;

  // This field is used for asking client to perform some actions. For instance,
  // server asks client to re-upload enrollment certificate. In long term, new
  // added field which asks client to perform an action in policy data should be
  // put in ClientActionRequired message.
  optional ClientActionRequired client_action_required = 33;

  // Obfuscated customerId the device is enrolled into.
  // Only set for device policy.
  optional string obfuscated_customer_id = 34;

  // The different types of user segments for metrics logging. If any values are
  // added to this enum, the corresponding enum in
  // UserTypeByDeviceTypeMetricsProvider::UserSegment
  // (http://shortn/_uK3ZM4pC0a) should be updated.
  enum MetricsLogSegment {
    UNSPECIFIED = 0;
    K12 = 1;
    UNIVERSITY = 2;
    NONPROFIT = 3;
    ENTERPRISE = 4;
  }

  // Indicates the segment the user's metrics should be logged under,
  // UNSPECIFIED if not relevant.
  // This field should only be set for User Policy response.
  optional MetricsLogSegment metrics_log_segment = 35;

  // This field will be populated with primary domain name for domain verified
  // customer, and primary admin email for domainless customer. The client side
  // will use this field to display who manages this device/browser/user.
  optional string managed_by = 36;

  // An identifier (e.g. "inboundSamlSsoProfiles/0abcdefg1234567") for the
  // device's managing OU's SSO profile. Currently, this points to the OU's
  // SAML settings. May support OIDC in the future.
  optional string sso_profile = 37;

  // Indicates which kind of licenses this device is using, so that chrome OS
  // can check that. The value is from ChromeOsDeviceInfo
  // http://google3/ccc/hosted/devices/services/chromeos/common.proto;rcl=436571779;l=549
  optional string license_sku = 38;

  // The K12 user age classification segments for metrics logging.
  // LINT.IfChange(K12AgeClassificationSegment)
  enum K12AgeClassificationMetricsLogSegment {
    AGE_UNSPECIFIED = 0;
    AGE_UNDER18 = 1;
    AGE_EQUAL_OR_OVER18 = 2;
  }
  // LINT.ThenChange(//tools/metrics/histograms/metadata/chromeos/enums.xml:K12AgeClassificationSegment,//chrome/browser/metrics/k12_age_classification_metrics_provider.h:K12AgeClassificationSegment)

  // Indicates the segment the user's age classification metrics should be
  // logged under, `AGE_UNSPECIFIED` if not relevant. This field should only be
  // set for User Policy response.
  optional K12AgeClassificationMetricsLogSegment
      k12_age_classification_metrics_log_segment = 39;

  // Indicates whether the domains has CEC enabled.
  optional bool cec_enabled = 40;
}

message ClientActionRequired {
  // Whether device needs to upload an enterprise enrollment certificate to
  // cloud.
  optional bool enrollment_certificate_needed = 1;
}

message PolicyFetchResponse {
  // Since a single policy request may ask for multiple policies, DM server
  // provides separate error codes (making use of standard HTTP Status Codes)
  // for each individual policy fetch.
  optional int32 error_code = 1;

  // Human readable error message for customer support purpose.
  optional string error_message = 2;

  // This is a serialized |PolicyData| protobuf (defined above).
  optional bytes policy_data = 3;

  // Signature of the policy data above.
  optional bytes policy_data_signature = 4;

  // If the public key has been rotated on the server, the new public
  // key is sent here. It is already used for |policy_data_signature|
  // above, whereas |new_public_key_signature| is created using the
  // old key (so the client can trust the new key). If this is the
  // first time when the client requests policies (so it doesn't have
  // on old public key), then |new_public_key_signature| is empty.
  optional bytes new_public_key = 5;
  optional bytes new_public_key_signature = 6;

  // DEPRECATED: Exists only to support older clients. This signature is similar
  // to new_public_key_verification_data_signature, but is computed over
  // DEPRECATEDPolicyPublicKeyAndDomain (which is equivalent to
  // PublicKeyVerificationData proto with version field unset).
  //
  // Do not remove this unless you know for sure that this is not required by
  // managed devices any more, including devices that might be pinned to
  // milestones older than current Stable.
  // Note: As of February 2024, this is still strictly required by
  // CloudPolicyValidator, see
  // https://source.chromium.org/chromium/chromium/src/+/main:components/policy/core/common/cloud/cloud_policy_validator.cc;drc=08b91b49531894cbe9061a1148fd535155c2554b;l=407
  optional bytes new_public_key_verification_signature_deprecated = 7
      [deprecated = true];

  // This is a serialized |PublicKeyVerificationData| protobuf (defined
  // below). See comments for |new_public_key_verification_data_signature| field
  // for details on how this data is signed.
  // Please note that |new_public_key| is also included inside this data
  // field. Thus we have new public key signed with old version of private key
  // (if client indicated to us that it has old key version), and
  // new public key data signed by primary verification key (if client told
  // us that it has public verification key - see |verification_key_id| field
  // of |PolicyFetchRequest|). In most cases, both signatures will be provided.
  // However, client might not have old policy signing key - for example, when
  // new profile is being set up. In this case, only verification signature
  // is supplied.
  // Or, client might not have verification public key (legacy Chrome build
  // before verification key was introduced, or outdated build which has
  // old/compromised verification key). In that case, verification signature
  // cannot be provided.
  // If client is missing both public keys (old signing key and verification
  // key), then we are unable to produce any valid signature and client must
  // drop such PolicyFetchResponse.
  optional bytes new_public_key_verification_data = 8;

  // If new_public_key is specified, this field contains the signature of a
  // PublicKeyVerificationData protobuf, signed using a key only available to
  // DMServer. The public key portion of this well-known key is embedded into
  // the Chrome binary. The hash of that embedded key is passed to DMServer as
  // verification_key_hash field in PolicyFetchRequest. DMServer picks a private
  // key on the server which matches the hash (matches public key on the
  // client). If DMServer is unable to find matching key, it returns an error
  // instead of policy data. In case a hash was not specified, DMServer leaves
  // the verification signature field empty (legacy behavior).
  // This signature is provided to better protect first key delivery (since the
  // browser does not possess the previous signing key, DMServer cannot compute
  // new_public_key_signature).
  // See http://go/chrome-nac-server-design for more information.
  optional bytes new_public_key_verification_data_signature = 9;

  // DEPRECATED! Client-side should verify and rely on the policy_type inside
  // the signed policy_data.
  optional string policy_type = 10 [deprecated = true];

  // The type of signature used to generate policy_data_signature.
  optional PolicyFetchRequest.SignatureType policy_data_signature_type = 11;
}

// DEPRECATED: Protobuf used to generate the deprecated
// new_public_key_verification_signature field.
message DEPRECATEDPolicyPublicKeyAndDomain {
  // The public key to sign (taken from the |new_public_key| field in
  // PolicyFetchResponse).
  optional bytes new_public_key = 1;

  // The domain associated with this key (should match the domain portion of the
  // username field of the policy).
  optional string domain = 2;
}

// This message contains the information which is signed by the verification key
// during policy key rotation. It is included in serialized form in
// PolicyFetchResponse above. A signature of the serialized form is included in
// the new_public_key_verification_data_signature field.
message PublicKeyVerificationData {
  // The new public policy key after a key rotation.
  optional bytes new_public_key = 1;

  // The domain of the device/user.
  optional string domain = 2;

  // The version number of the new_public_key. This must be monotonically
  // increasing (within a domain).
  optional int32 new_public_key_version = 3;
}

// Request from device to server for reading policies.
message DevicePolicyRequest {
  // The policy fetch requests.  If this field exists, the requests must come
  // from a non-TT client.  The repeated field allows clients to request
  // multiple policies for better performance.
  repeated PolicyFetchRequest requests = 3;

  // Reason for the requesting policies, to help with monitoring and alerting
  // (e.g. to detect an increase in fetch failures during enrollment).
  enum Reason {
    UNSPECIFIED = 0;
    // Required policy fetch during device enrollment.
    DEVICE_ENROLLMENT = 1;
    // Policy fetch triggered by incoming FCM invalidation.
    INVALIDATION = 2;
    // CloudPolicyClient registration changed (e.g. during startup).
    REGISTRATION_CHANGED = 3;
    // Retry after previous policy fetch failure.
    RETRY = 4;
    // Various retry reasons based on DMServer status, see
    // `CloudPolicyRefreshScheduler`.
    RETRY_AFTER_STATUS_SERVICE_ACTIVATION_PENDING = 5;
    RETRY_AFTER_STATUS_SERVICE_POLICY_NOT_FOUND = 6;
    RETRY_AFTER_STATUS_SERVICE_TOO_MANY_REQUESTS = 7;
    RETRY_AFTER_STATUS_REQUEST_FAILED = 8;
    RETRY_AFTER_STATUS_TEMPORARY_UNAVAILABLE = 9;
    RETRY_AFTER_STATUS_CANNOT_SIGN_REQUEST = 10;
    RETRY_AFTER_STATUS_REQUEST_INVALID = 11;
    RETRY_AFTER_STATUS_HTTP_STATUS_ERROR = 12;
    RETRY_AFTER_STATUS_RESPONSE_DECODING_ERROR = 13;
    RETRY_AFTER_STATUS_SERVICE_MANAGEMENT_NOT_SUPPORTED = 14;
    RETRY_AFTER_STATUS_REQUEST_TOO_LARGE = 15;
    // Scheduled policy refresh (e.g. once per day).
    SCHEDULED = 16;
    // Policy fetch triggered by sign-in.
    SIGNIN = 17;
    // A placeholder reason used for tests.
    TEST = 18;
    // Policy fetched at browser start, e.g. device policies at Ash start.
    BROWSER_START = 19;
    // ChromeOS Policy fetch request from Lacros to Ash.
    LACROS = 20;
    // Policy fetched as requested by the user, e.g. through chrome://policy.
    USER_REQUEST = 21;
    // Policy fetches triggered by the Chrome Remote Desktop policy watcher.
    CRD_HOST_POLICY_WATCHER = 22;
    // Fetch policy request when we shouldn't.
    UNNECESSARY = 100;
    // Fetch policy request when we disconnect from cloud management.
    UNNECESSARY_DISCONNECT = 101;
    // Fetch policy request when schema is updated.
    UNNECESSARY_SCHEMA_UPDATED = 102;
  }
  optional Reason reason = 4;
}

// Response from server to device for reading policies.
message DevicePolicyResponse {
  // The policy fetch responses.
  repeated PolicyFetchResponse responses = 3;
}

message TimePeriod {
  // [timestamp] is milliseconds since Epoch in UTC timezone (Java time).
  optional int64 start_timestamp = 1;
  optional int64 end_timestamp = 2;
}

message ActiveTimePeriod {
  optional TimePeriod time_period = 1;

  // The active duration during the above time period.
  // The unit is milli-second.
  optional int32 active_duration = 2;

  // Email address of the active user. Present only if the user type is managed
  // and affiliated.
  optional string user_email = 3;

  enum SessionType {
    SESSION_UNKNOWN = 0;
    SESSION_AFFILIATED_USER = 1;
    SESSION_MANAGED_GUEST = 2;
    SESSION_KIOSK = 3;
    SESSION_ARC_KIOSK = 4;
    SESSION_WEB_KIOSK = 5;
    SESSION_IWA_KIOSK = 6;
  }

  optional SessionType session_type = 4;
}

// Details about a network interface.
message NetworkInterface {
  // Indicates the type of network device.
  enum NetworkDeviceType {
    reserved 2;

    TYPE_ETHERNET = 0;
    TYPE_WIFI = 1;
    TYPE_BLUETOOTH = 3;
    TYPE_CELLULAR = 4;
  }

  // Network device type.
  optional NetworkDeviceType type = 1;

  // MAC address (if applicable) of the corresponding network device. This is
  // formatted as an ASCII string with 12 hex digits. Example: A0B1C2D3E4F5.
  optional string mac_address = 2;

  // MEID (if applicable) of the corresponding network device. Formatted as
  // ASCII string composed of 14 hex digits. Example: A10000009296F2.
  optional string meid = 3;

  // IMEI (if applicable) of the corresponding network device. 15-16 decimal
  // digits encoded as ASCII string. Example: 355402040158759.
  optional string imei = 4;

  // The device path associated with this network interface.
  optional string device_path = 5;

  // The integrated circuit card ID associated with the device's sim card.
  optional string iccid = 6;

  // The mobile directory number associated with the device's sim card.
  optional string mdn = 7;

  // List of EID (EUICC Identifier) of all cellular EUICCs
  // (Embedded Universal Integrated Circuit Cards) on the device.
  // 32 decimal digits encoded as ASCII string. e.g.
  repeated string eids = 8;
}

// Information about configured/visible networks - this is separate from
// NetworkInterface because a configured network may not be associated with
// any specific interface, or may be visible across multiple interfaces.
message NetworkState {
  // The current state of this network.
  enum ConnectionState {
    reserved 1;   // CARRIER
    reserved 6;   // OFFLINE
    reserved 10;  // ACTIVATION_FAILURE

    IDLE = 0;
    ASSOCIATION = 2;
    CONFIGURATION = 3;
    READY = 4;
    PORTAL = 5;
    ONLINE = 7;
    DISCONNECT = 8;
    FAILURE = 9;
    UNKNOWN = 11;
  }

  // For networks associated with a device, the path of the device.
  optional string device_path = 1;

  // Current state of this connection as reported by shill.
  optional ConnectionState connection_state = 2;

  // For wireless networks, the signal_strength in dBm.
  optional int32 signal_strength = 3;

  // The IP address this interface is bound to, if any.
  optional string ip_address = 4;

  // The gateway IP for this interface, if any.
  optional string gateway = 5;
}

// Details about a device user.
message DeviceUser {
  // Types of device users which can be reported.
  enum UserType {
    // A user managed by the same domain as the device.
    USER_TYPE_MANAGED = 0;

    // A user not managed by the same domain as the device.
    USER_TYPE_UNMANAGED = 1;
  }

  // The type of the user.
  required UserType type = 1;

  // Email address of the user. Present only if the user type is managed.
  optional string email = 2;
}

// Information about a single disk volume.
message VolumeInfo {
  optional string volume_id = 1;

  // The unit is bytes.
  optional int64 storage_total = 2;
  optional int64 storage_free = 3;
}

// Information about a single CPU utilization.
message CpuUtilizationInfo {
  // CPU utilization (0-100).
  optional int32 cpu_utilization_pct = 1;
  // The timestamp representing time at which the information was collected.
  // [timestamp] is milliseconds since Epoch in UTC timezone (Java time).
  optional int64 timestamp = 2;
}

// Information about a single free RAM.
message SystemFreeRamInfo {
  // Free RAM [in bytes] (unreliable due to GC).
  optional int64 size_in_bytes = 1;
  // The timestamp representing time at which the information was collected.
  // [timestamp] is milliseconds since Epoch in UTC timezone (Java time).
  optional int64 timestamp = 2;
}

// Information about a single CPU temperature channel.
message CPUTempInfo {
  // Temperature channel label.
  optional string cpu_label = 1;
  // CPU temperature in Celsius.
  optional int32 cpu_temp = 2;
  // Unix timestamp.
  optional int64 timestamp = 3;
}

// Contains the Stateful Partition Information for user data storage in the
// device.
message StatefulPartitionInfo {
  // Available space for user data storage in the device in bytes.
  optional uint64 available_space = 1;
  // Total space for user data storage in the device in bytes.
  optional uint64 total_space = 2;
  // File system on stateful partition. e.g. ext4.
  optional string filesystem = 3;
  // Source of stateful partition. e.g. /dev/mmcblk0p1.
  optional string mount_source = 4;
}

// Chrome release channel, shared for different reports.
enum Channel {
  CHANNEL_UNKNOWN = 0;
  CHANNEL_CANARY = 1;
  CHANNEL_DEV = 2;
  CHANNEL_BETA = 3;
  CHANNEL_STABLE = 4;
}

// Frequently changing data for battery.
message BatterySample {
  optional int64 timestamp = 1;
  // Battery voltage
  optional int64 voltage = 2;
  // Battery remaining capacity (mA-hours)
  optional int64 remaining_capacity = 3;
  // Temperature in Celsius.
  optional int32 temperature = 4;
  // The battery discharge rate measured in mW. Positive if the battery is being
  // discharged, negative if it's being charged.
  optional int32 discharge_rate = 5;
  // Battery charge percentage
  optional int32 charge_rate = 6;
  // Battery current (mA)
  optional int64 current = 7;
  // Battery status read from sysfs
  optional string status = 8;
}

// Status of the single battery
message BatteryInfo {
  optional string serial = 1;
  optional string manufacturer = 2;
  optional string battery_health = 3;
  // Design capacity (mA-hours)
  optional int64 design_capacity = 4;
  // Full charge capacity (mA-hours)
  optional int64 full_charge_capacity = 5;
  optional int32 cycle_count = 6;
  // Last sampling data.
  repeated BatterySample samples = 7;
  // Designed minimum output voltage (mV)
  optional int32 design_min_voltage = 9;
  // The date the battery was manufactured in yyyy-mm-dd format.
  optional string manufacture_date = 10;
  // Technology of the battery.
  optional string technology = 11;
}

// Status of the power subsystem
message PowerStatus {
  enum PowerSource {
    POWER_UNKNOWN = 0;
    POWER_AC = 1;
    POWER_BATTERY = 2;
  }
  optional PowerSource power_source = 1;
  repeated BatteryInfo batteries = 2;
}

// LifeTime estimation for eMMC devices
message DiskLifetimeEstimation {
  // Lifetime estimations for SLC and MLC areas of eMMC.
  // Values range from 00h to 0Bh -- indicating the percentage of device
  // lifetime used.
  optional int32 slc = 1;
  optional int32 mlc = 2;
}

// Status of the single storage device
// Next id: 29
message DiskInfo {
  optional string serial = 1;
  optional string manufacturer = 2;
  optional string model = 3;
  // Size in bytes
  optional int64 size = 4;
  // eMMC / NVMe / ATA / SCSI.
  optional string type = 5;
  optional string health = 6;
  // volume_id for volumes on this disk.
  repeated string volumes = 7;
  // Read/write statistics for this disk.
  optional uint64 bytes_read_since_last_boot = 8;
  optional uint64 bytes_written_since_last_boot = 9;
  optional uint64 read_time_seconds_since_last_boot = 10;
  optional uint64 write_time_seconds_since_last_boot = 11;
  // Counts the time the disk and queue were busy, so unlike the fields above,
  // parallel requests are not counted multiple times.
  optional uint64 io_time_seconds_since_last_boot = 12;
  // Time spent discarding since last boot. Discarding is writing to clear
  // blocks which are no longer in use. Supported on kernels 4.18+.
  optional uint64 discard_time_seconds_since_last_boot = 13;

  // The manufacturer of the block device.
  oneof vendor_id {
    // NVME vendors:
    // https://pcisig.com/membership/member-companies
    uint32 nvme_subsystem_vendor = 14;
    // EMMC oemids
    // https://screenshot.googleplex.com/eZWNnV8qGnc
    uint32 emmc_oemid = 15;
    uint32 other_vendor = 16;
    uint32 jedec_manfid = 27;
  }

  // The manufacturer-specific product identifier.
  oneof product_id {
    uint32 nvme_subsystem_device = 17;
    uint32 emmc_pnm = 18;
    uint32 other_product = 19;
  }

  // The revision of the device's hardware.
  oneof hardware_revision {
    uint32 nvme_hardware_rev = 20;
    uint32 emmc_hardware_rev = 21;
    uint32 other_hardware_rev = 22;
  }

  // The revision of the device's firmware.
  oneof firmware_revision {
    uint64 nvme_firmware_rev = 23;
    uint64 emmc_firmware_rev = 24;
    uint32 other_firmware_rev = 25;
    uint32 ufs_firmware_rev = 28;
  }

  // The purpose of the device on the system.
  enum DevicePurpose {
    PURPOSE_UNKNOWN = 0;
    PURPOSE_BOOT = 1;
    PURPOSE_SWAP = 2;
  }
  optional DevicePurpose purpose = 26;
}

// Status of the storage subsystem.
message StorageStatus {
  repeated DiskInfo disks = 1;
  optional DiskLifetimeEstimation lifetime_estimation = 2;
}

// Sampling for single temperature measurements
message ThermalSample {
  optional int64 timestamp = 1;
  optional int32 temperature = 2;
}

// Temperature measurement series for thermal point.
message ThermalInfo {
  reserved 2;
  optional string label = 1;
  repeated ThermalSample samples = 3;
}

// Status for various on-board components
message BoardStatus {
  repeated ThermalInfo thermal_infos = 1;
}

// Status about a system's various elements.
message SystemStatus {
  // The product SKU (stock keeping unit) number.
  optional string vpd_sku_number = 1;
  // The date the device was first activated.
  // Format: YYYY-WW.
  optional string first_power_date = 2;
  // The date the device was manufactured (finalized in factory).
  // Format: YYYY-MM-DD.
  optional string manufacture_date = 3;
  // Contents of CrosConfig in /arc/build-properties/marketing-name. E.g. "HP
  // Chromebook x360 14"
  optional string marketing_name = 4;
  // The BIOS version. E.g. "Google_Sarien.12200.58.0"
  optional string bios_version = 5;
  // The product name of the motherboard. E.g. "Sarien"
  optional string board_name = 6;
  // The version of the motherboard. E.g. "rev16"
  optional string board_version = 7;
  // The chassis type of the device. The values reported by chassis type are
  // mapped in
  // www.dmtf.org/sites/default/files/standards/documents/DSP0134_3.0.0.pdf.
  // E.g. "9"
  optional uint64 chassis_type = 8;
  // The product name (model) of the system. E.g. "Sarien"
  optional string product_name = 9;
  // The product serial number.
  optional string vpd_serial_number = 10;
}

// Status of a single C-state. C-states are various modes the CPU can transition
// to in order to use more or less power.
message CpuCStateInfo {
  // Name of the state.
  optional string name = 1;
  // Time spent in the state since the last reboot, in microseconds.
  optional uint64 time_in_state_since_last_boot_us = 2;
}

// Status of a single logical CPU.
message LogicalCpuInfo {
  // Maximum frequency the CPU is allowed to run at, by policy.
  optional uint32 scaling_max_frequency_khz = 1;
  // Current frequency the CPU is running at.
  optional uint32 scaling_current_frequency_khz = 2;
  // Idle time since last boot.
  optional uint64 idle_time_seconds = 3;
  // Information about the logical CPU's time in various C-states.
  repeated CpuCStateInfo c_states = 4;
}

// Status of a single physical CPU on the device.
message CpuInfo {
  // The CPU model name.
  optional string model_name = 1;

  // The CPU architecture.
  enum Architecture {
    ARCHITECTURE_UNSPECIFIED = 0;
    X86_64 = 1;
    AARCH64 = 2;
    ARMV7L = 3;
  }
  optional Architecture architecture = 2;

  // The max CPU clock speed in kHz.
  optional uint32 max_clock_speed_khz = 3;

  repeated LogicalCpuInfo logical_cpus = 4;
}

// Overall CPU information for the device.
message GlobalCpuInfo {
  // Total number of threads on the device.
  optional uint32 num_total_threads = 1;
}

// Status for a single display.  A display screen with resolution 1920x1080
// would have resolution_width: 1920 and resolution_height: 1080.
message DisplayInfo {
  // Resolution width
  optional uint32 resolution_width = 1;
  // Resolution height
  optional uint32 resolution_height = 2;
  // Refresh rate (Hz)
  optional uint32 refresh_rate = 3;
  // Set to true if display is internal, otherwise set to false.
  optional bool is_internal = 4;
}

// Status of a single graphics adapter (GPU).
message GraphicsAdapterInfo {
  // Adapter name. Example: Mesa DRI Intel(R) UHD Graphics 620 (Kabylake GT2)
  optional string name = 1;
  // Driver version
  optional string driver_version = 2;
  // Represents the graphics card device id
  optional uint64 device_id = 3;
  // GPU consumption of system RAM (bytes)
  optional uint64 system_ram_usage = 4;
}

// Status of the graphics subsystem.
message GraphicsStatus {
  optional GraphicsAdapterInfo adapter = 1;
  repeated DisplayInfo displays = 2;
}

// Status of a crash report.
message CrashReportInfo {
  // The status options should align with crash_reporter::ReportUploadState.
  enum CrashReportUploadStatus {
    UPLOAD_STATUS_UNKNOWN = 0;
    UPLOAD_STATUS_NOT_UPLOADED = 1;
    UPLOAD_STATUS_PENDING = 2;
    UPLOAD_STATUS_PENDING_USER_REQUESTED = 3;
    UPLOAD_STATUS_UPLOADED = 4;
  }

  // ID as provided by chrome://crashes.
  optional string remote_id = 1;

  // The timestamp when the crash is captured.
  // [timestamp] is milliseconds since Epoch in UTC timezone (Java time).
  optional int64 capture_timestamp = 2;

  // Human readable string that identifies what caused the crash.
  optional string cause = 3;

  // The upload status of crash report.
  optional CrashReportUploadStatus upload_status = 4;
}

// Timezone information for the device. This reflects what set timezone of the
// device, not necessarily the actual location of the device.
message TimezoneInfo {
  // The timezone of the device in POSIX standard. (MST7MDT,M3.2.0,M11.1.0)
  optional string posix = 1;
  // The timezone region of the device in the Olsen format (America/Denver).
  optional string region = 2;
}

// Memory information for the device.
message MemoryInfo {
  // Total memory, in KiB.
  optional uint32 total_memory_kib = 1;
  // Free memory, in KiB.
  optional uint32 free_memory_kib = 2;
  // Available memory, in KiB.
  optional uint32 available_memory_kib = 3;
  // Number of page faults since the last boot.
  optional uint64 page_faults_since_last_boot = 4;
}

// Information about the device's backlights.
message BacklightInfo {
  // Path to this backlight on the system. Useful if the caller needs to
  // correlate with other information.
  optional string path = 1;
  // Maximum brightness for the backlight.
  optional uint32 max_brightness = 2;
  // Current brightness of the backlight, between 0 and max_brightness.
  optional uint32 brightness = 3;
}

// Information about the device's fan.
message FanInfo {
  // Fan speed in RPM.
  optional uint32 speed_rpm = 1;
}

// Information about a device's Bluetooth adapter, which is used to detect and
// connect to Bluetooth devices.
message BluetoothAdapterInfo {
  // The name of the adapter.
  optional string name = 1;
  // The MAC address of the adapter.
  optional string address = 2;
  // Indicates whether the adapter is on or off.
  optional bool powered = 3;
  // The number of devices connected to this adapter.
  optional uint32 num_connected_devices = 4;
}

// Information from the device's SMBIOS. This is used to determine
// info such as the device's vendor and product name/version.
message SmbiosInfo {
  optional string sys_vendor = 1;
  optional string product_name = 2;
  optional string product_version = 3;
  optional string bios_version = 4;
}

// Information about the parameters passed to the kernel.
message KernelParameters {
  // True if cros_efi was passed to the kernel.
  // Used to know if the device was booted via EFI.
  optional bool cros_efi = 1;
}

// Information about the device's EFI Variables from efivarfs.
message EFIVars {
  // True if Secure Boot is enabled on the device.
  optional bool secure_boot = 1;
}

// Information about how the OS was booted. This is information
// such as boot method and other bios settings
message BootInfo {
  enum BootMethod {
    UNKNOWN = 0;
    CROS_SECURE = 1;
    // This field maps to kCrosEfi from cros_healthd.
    CROS_UEFI = 2;
    CROS_LEGACY = 3;
    CROS_EFI_SECURE = 4;
  }
  optional BootMethod boot_method = 1;

  // DEPRECATED: secure_boot is deprecated in favor of the
  // CROS_EFI_SECURE BootMethod value.
  optional bool secure_boot = 2 [deprecated = true];
}

// Hardware component bus device classes.
// Maps to BusDeviceClass from cros_healthd.
enum BusDeviceClass {
  DEVICE_CLASS_UNSPECIFIED = 0;
  DISPLAY_CONTROLLER = 1;
  ETHERNET_CONTROLLER = 2;
  WIRELESS_CONTROLLER = 3;
  BLUETOOTH_ADAPTER = 4;
  THUNDERBOLT_CONTROLLER = 5;
}

// Hardware component buses.
// Maps to BusInfo types from cros_healthd.
enum BusType {
  BUS_TYPE_UNSPECIFIED = 0;
  PCI_BUS = 1;
  USB_BUS = 2;
  THUNDERBOLT_BUS = 3;
}

// Information about a device's network hardware.
message NetworkAdapterInfo {
  optional BusDeviceClass device_class = 1;
  optional BusType bus_type = 2;
  optional int32 vendor_id = 3;
  optional string vendor_name = 4;
  optional int32 device_id = 5;
  optional string device_name = 6;
  repeated string driver = 7;
}

// Information specific to Demo Mode about the device and the demo context.
message DemoModeDimensions {
  // Two-letter country code.
  optional string country = 1;
  // Name of the retailer whose store the device is running in. Also called
  // retailer_id elsewhere in some legacy field names.
  optional string retailer_name = 2;
  // Retailer-defined number to identify the store that a device is running in.
  // Also called store_id elsewhere in some legacy field names.
  optional string store_number = 3;
  // Device attributes significant to Demo Mode for customization purposes.
  enum CustomizationFacet {
    UNDEFINED = 0;
    CLOUD_GAMING_DEVICE = 1;
    FEATURE_AWARE_DEVICE = 2;
  }
  repeated CustomizationFacet customization_facets = 4;
}

// Report device level status.
message DeviceStatusReportRequest {
  reserved 4, 7, 13, 20, 46, 48;

  // The OS version reported by the device is a platform version
  // e.g. 1435.0.2011_12_16_1635.
  optional string os_version = 1;
  optional string firmware_version = 2;

  // "Verified", "Dev". Same as verified mode.
  // If the mode is unknown, this field should not be set.
  optional string boot_mode = 3;

  // The browser version string as shown in the About dialog.
  // e.g. 17.0.963.18.
  optional string browser_version = 5;

  // A list of periods when the device was active, aggregated by day by user.
  repeated ActiveTimePeriod active_periods = 6;

  // List of network interfaces.
  repeated NetworkInterface network_interfaces = 8;

  // List of recent device users, in descending order by last login time.
  repeated DeviceUser users = 9;

  // Disk space + other info about mounted/connected volumes.
  repeated VolumeInfo volume_infos = 10;

  // List of visible/configured networks
  repeated NetworkState network_states = 11;

  // Samples of CPU utilization (0-100), sampled once every 120 seconds.
  // Deprecated: Use CpuUtilizationInfo instead.
  repeated int32 cpu_utilization_pct_samples = 12 [deprecated = true];

  // Total RAM on the device.
  // To deprecate: Use SystemFreeRamInfo instead.
  optional int64 system_ram_total = 14;

  // Samples of free RAM [in bytes] (unreliable due to GC).
  // Deprecated: Use SystemRamFreeInfo instead.
  repeated int64 system_ram_free_samples = 15 [deprecated = true];

  // Samples of CPU temperatures in Celsius, plus associated labels
  // identifying which CPU produced the temperature measurement.
  repeated CPUTempInfo cpu_temp_infos = 16;

  // This field is set only when an OS update is needed because of the required
  // platform version of an updated kiosk app is different from the current
  // OS version.
  optional OsUpdateStatus os_update_status = 17;

  // Set only when there is an auto launched with zero delay Chrome or ARC kiosk
  // app and it is currently running. Otherwise, this field is empty.
  optional AppStatus running_kiosk_app = 18;

  // Sound output volume level in range [0,100].
  optional int32 sound_volume = 19;

  // TPM version information.
  optional TpmVersionInfo tpm_version_info = 21;

  // Release channel (stable, beta, etc.).
  optional Channel channel = 22;

  // TPM status information.
  optional TpmStatusInfo tpm_status_info = 23;

  // Whether hardware write protect switch is on.
  optional bool write_protect_switch = 24;

  // Status of the power subsystem.
  optional PowerStatus power_status = 25;

  // Status of the storage subsystem.
  optional StorageStatus storage_status = 26;

  // Status of various main board components.
  optional BoardStatus board_status = 27;

  // Information about a system's various non-hardware elements. This includes
  // information from cached VPD, CrosConfig, and DMI.
  optional SystemStatus system_status = 28;

  // Stateful Partition Information for user data.
  optional StatefulPartitionInfo stateful_partition_info = 29;

  // Samples of CPU utilization (0-100), sampled once every 120 seconds.
  repeated CpuUtilizationInfo cpu_utilization_infos = 30;

  // Samples of free RAM [in bytes] (unreliable due to GC).
  repeated SystemFreeRamInfo system_ram_free_infos = 31;

  // Information about a devices physical CPU(s).
  repeated CpuInfo cpu_info = 32;

  // Status of the graphics adapter(s) and display(s).
  optional GraphicsStatus graphics_status = 33;

  // Information about the crash report(s) generated from the local device.
  repeated CrashReportInfo crash_report_infos = 34;

  // Information of the device's current timezone.
  optional TimezoneInfo timezone_info = 35;

  // Information about the device's memory.
  optional MemoryInfo memory_info = 36;

  // Information about the device's backlights.
  repeated BacklightInfo backlight_info = 37;

  // Information about the device's fans.
  repeated FanInfo fan_info = 38;

  // Overall information about the device's CPUs.
  optional GlobalCpuInfo global_cpu_info = 39;

  // Information about the device's Bluetooth adapters.
  repeated BluetoothAdapterInfo bluetooth_adapter_info = 40;

  // Information from the device's SMBIOS.
  optional SmbiosInfo smbios_info = 41;

  // Information about the parameters passed to the kernel.
  optional KernelParameters kernel_parameters = 42;

  // Information about the device's EFI Variables from efivarfs.
  optional EFIVars efi_vars = 43;

  // KernelParameters(42) and EFIVars(43) are deprecated
  // and rolled into BootInfo(44)

  // Information about how the os was booted.
  optional BootInfo boot_info = 44;

  // Information about the device's network hardware.
  repeated NetworkAdapterInfo network_adapter_info = 45;

  // Root device size as displayed in the device UI.
  optional int64 root_device_total_storage_bytes = 47;

  // Information specific to Demo Mode about the device and the demo context.
  // Only included for devices in Demo Mode.
  optional DemoModeDimensions demo_mode_dimensions = 49;
}

message OsUpdateStatus {
  enum UpdateStatus {
    OS_UP_TO_DATE = 0;
    OS_IMAGE_DOWNLOAD_NOT_STARTED = 1;
    OS_IMAGE_DOWNLOAD_IN_PROGRESS = 2;
    OS_UPDATE_NEED_REBOOT = 3;
  }

  optional UpdateStatus update_status = 1;

  // New platform version of the os image being downloaded and applied. It
  // is only set when update status is OS_IMAGE_DOWNLOAD_IN_PROGRESS or
  // OS_UPDATE_NEED_REBOOT. Note this could be a dummy "0.0.0.0" for
  // OS_UPDATE_NEED_REBOOT status for some edge cases, e.g. update engine is
  // restarted without a reboot.
  optional string new_platform_version = 2;

  // New required platform version from the pending updated kiosk app.
  optional string new_required_platform_version = 3;

  // The timestamp of the last update check.
  // [timestamp] is milliseconds since Epoch in UTC timezone (Java time).
  optional int64 last_checked_timestamp = 4;

  // The timestamp of the last reboot.
  // [timestamp] is milliseconds since Epoch in UTC timezone (Java time).
  optional int64 last_reboot_timestamp = 5;
}

// Provides status information for an installed app/extension.
message AppStatus {
  // ID of the installed app/extension for a Chrome app.
  // Package name for ARC kiosk app.
  optional string app_id = 1;

  // Currently installed version of the app for a Chrome app.
  // Empty for ARC kiosk app.
  optional string extension_version = 2;

  // Self-reported status summary (via chrome.reporting APIs)
  optional string status = 3;

  // If true, the application is currently in a self-reported error state.
  optional bool error = 4;

  // App required Chrome version, specified in app’s manifest file.
  // Empty for ARC kiosk app.
  optional string required_platform_version = 5;
}

// Provides all application types information.
message AppInfo {
  enum AppType {
    TYPE_UNKNOWN = 0;
    TYPE_ARC = 1;         // Android app.
    TYPE_CROSTINI = 3;    // Linux (via Crostini) app.
    TYPE_EXTENSION = 4;   // Extension-backed app.
    TYPE_WEB = 5;         // Web app.
    TYPE_PLUGINVM = 6;    // Plugin VM app.
    TYPE_BOREALIS = 7;    // Borealis app.
    TYPE_BRUSCHETTA = 8;  // Bruschetta app.

    reserved 2;
  }

  enum Status {
    STATUS_UNKNOWN = 0;
    STATUS_INSTALLED = 1;    // Installed and launachable.
    STATUS_DISABLED = 2;     // Disabled or terminated.
    STATUS_UNINSTALLED = 3;  // Uninstalled by user.
  }

  // ID of the application as defined by the OS, except for web apps, where it
  // is the start url.
  optional string app_id = 1;

  // Type of application (Chrome native, extension, Crostini, web app).
  optional AppType app_type = 2;

  // Name of the application as defined by the OS.
  optional string app_name = 3;

  // Identify if the app is installed, disabled, or uninstalled.
  optional Status status = 4;

  // The time the app was installed, if available.
  optional int64 install_time = 5;

  // Version of the application, if applicable.
  optional string version = 7;

  // A list of time periods when the app was active. These times are aggregated
  // per day, are pruned on the device after reporting successfully, and are
  // stored only for 30 days in the past.
  repeated TimePeriod active_time_periods = 8;
}

// LINT.IfChange
// Provides Android application permission.
message AndroidAppPermission {
  // Name of application permission.
  optional string name = 1;

  // Identify whether the application permission is granted.
  optional bool granted = 2;

  // Identify whether the application permission is managed.
  optional bool managed = 3;
}

// Provides Android application information.
message AndroidAppInfo {
  enum AndroidAppStatus {
    STATUS_UNKNOWN = 0;
    STATUS_ENABLED = 1;
    STATUS_SUSPENDED = 2;
    STATUS_DISABLED = 3;
  }

  enum InstalledSource {
    SOURCE_UNKNOWN = 0;
    SOURCE_BY_ADMIN = 1;
    SOURCE_BY_USER = 2;
    SOURCE_NOT_INSTALLED = 3;
  }

  // ID of the Android application.
  optional string app_id = 1;

  // Name of the Android application.
  optional string app_name = 2;

  // Name of the Android application package.
  optional string package_name = 3;

  // Status of the Android application. It is set as STATUS_SUSPENDED if the
  // application is suspended by specific policies.
  optional AndroidAppStatus status = 4;

  // Identify how the Android application is installed.
  optional InstalledSource installed_source = 5;

  // Package version of the Android application.
  optional int32 version = 6;

  // Permissions of the Android application.
  repeated AndroidAppPermission permissions = 7;
}
// LINT.ThenChange(//depot/google3/java/com/google/chrome/cros/spanner/devicemanagement/schema/chrome_os.proto)

// Sign in information of Profile.
message ChromeSignedInUser {
  // The email of the signed in user.
  optional string email = 1;
  // The obfuscated GaiaID of the signed in user.
  optional string obfuscated_gaia_id = 2;
}

// Extension request information.
message ExtensionRequest {
  // ID of the installed app/extension for a Chrome app or extension.
  optional string id = 1;

  // When the user commits to requesting the extension.
  // [request_timestamp] is milliseconds since Epoch in UTC timezone
  // (Java time).
  optional int64 request_timestamp = 2;

  // User justification describing why the extension is being requested.
  optional string justification = 3;
}

// Extension information.
message Extension {
  reserved 7, 12;

  // ID of the installed app/extension for a Chrome app or extension.
  optional string id = 1;
  // Currently installed version of the extension.
  optional string version = 2;
  // The name of the extension.
  optional string name = 3;
  // The description of the extension that is provided by extension author.
  optional string description = 4;

  // The type of extension.
  enum ExtensionType {
    TYPE_UNKNOWN = 0;
    TYPE_EXTENSION = 1;
    TYPE_HOSTED_APP = 2;
    TYPE_PACKAGED_APP = 3;
    TYPE_LEGACY_PACKAGED_APP = 4;
    TYPE_THEME = 5;
    TYPE_USER_SCRIPT = 6;
    TYPE_PLATFORM_APP = 7;
    TYPE_LOGIN_SCREEN_EXTENSION = 8;
    TYPE_CHROMEOS_SYSTEM_EXTENSION = 9;
  }
  optional ExtensionType app_type = 5;

  // URL of the homepage.
  optional string homepage_url = 6;

  // The installation source of the extension.
  enum InstallType {
    // An extension that is installed by user or installed by default but not
    // component extension.
    TYPE_NORMAL = 0;
    // An extension that is loaded as unpacked extension from chrome extension
    // page or --load-extension command line switch.
    TYPE_DEVELOPMENT = 1;
    // An extension that is loaded from the settings in Window Registry or
    // a preferences JSON file on Mac and Linux.
    TYPE_SIDELOAD = 2;
    // An extension that is loaded from policy settings.
    TYPE_ADMIN = 3;
    // Chrome component extension and unknown sources.
    TYPE_OTHER = 4;
  }
  optional InstallType install_type = 8;

  // True if the extension is currently enabled.
  optional bool enabled = 9;

  // The list of api based permissions the extension requires.
  repeated string permissions = 10;

  // The list of host based permissions the extension requires.
  repeated string host_permissions = 11;

  // True if the extension comes from web store.
  optional bool from_webstore = 13;

  // Manifest version of the extension.
  optional int32 manifest_version = 14;
}

// Policy information.
message Policy {
  // The name of the policy.
  optional string name = 1;

  // The level of a policy determines its enforceability and whether users can
  // override it or not.
  enum PolicyLevel {
    LEVEL_UNKNOWN = 0;
    // Recommended policies are a default value configured by admins and users
    // can choose to override it.
    LEVEL_RECOMMENDED = 1;

    // Mandatory policies must be enforced and users can't circumvent them.
    LEVEL_MANDATORY = 2;
  }
  optional PolicyLevel level = 2;

  // The scope of a policy flags whether it's applied to the current user or to
  // the machine.
  enum PolicyScope {
    SCOPE_UNKNOWN = 0;
    // User policies apply to current Session/Profile if it's cloud policy.
    // Or apply to current OS user on Windows.
    SCOPE_USER = 1;

    // Machine policies apply to any users of the current machine.
    SCOPE_MACHINE = 2;
  }
  optional PolicyScope scope = 3;

  // The source of a policy indicates where its value is originating from.
  enum PolicySource {
    SOURCE_UNKNOWN = 0;
    // A policy is set by Chrome when it's running in an
    // enterprise environment.
    SOURCE_ENTERPRISE_DEFAULT = 1;

    // A policy is set by Google's cloud management tool.
    SOURCE_CLOUD = 2;

    // A policy is set by active directory on ChromeOS.
    SOURCE_ACTIVE_DIRECTORY = 3;

    // A policy is overridden by ChromeOS if it's running in a public session or
    // kiosk mode.
    SOURCE_DEVICE_LOCAL_ACCOUNT_OVERRIDE_DEPRECATED = 4;

    // A policy is set by OS built-in tool on desktop.
    SOURCE_PLATFORM = 5;

    // A policy is set by Google's cloud management tool but has higher
    // priority.
    SOURCE_PRIORITY_CLOUD_DEPRECATED = 6;

    // A policy is set by multiple sources and value has been merged.
    SOURCE_MERGED = 7;

    // A policy is set by command line switch for testing purpose.
    SOURCE_COMMAND_LINE = 8;

    // A policy is set by Google's cloud management tool in Ash and piped to
    // Lacros.
    SOURCE_CLOUD_FROM_ASH = 9;

    // A policy that is set by the restricted managed guest session override.
    SOURCE_RESTRICTED_MANAGED_GUEST_SESSION_OVERRIDE = 10;
  }
  optional PolicySource source = 4;

  // The value of policy.
  optional string value = 5;

  // The error message of policy.
  optional string error = 6;

  // Other sources that set the same policy. Including the ones that are
  // merged in or have the same value.
  repeated Policy conflicts = 7;
}

// Extension policy information.
message ExtensionPolicy {
  // The id of extension that policies apply to.
  optional string extension_id = 1;

  // The list of policies that extension currently uses.
  repeated Policy policies = 2;
}

// Cloud policy last fetch time.
message PolicyFetchTimestamp {
  // The type of cloud policy.
  // TODO(b/327655459): This field is deprecated, delete once server
  // side references are all removed.
  optional string type = 1;
  // The last time the policies where fetched for the policy type.
  // [timestamp] is milliseconds since Epoch in UTC timezone (Java time).
  optional int64 timestamp = 2;
}

// Affiliation Information, with more deails about the reason of unaffiliation
message AffiliationState {
  // A boolean indicates whether the profile is affiliated with the device.
  optional bool is_affiliated = 1;

  // If profile is not affiliated, what's the reason.
  enum UnaffiliationReason {
    // Unknown
    UNKNOWN = 0;

    // User is not managed.
    USER_UNMANAGED = 1;

    // User is managed but device is not managed.
    DEVICE_UNMANAGED = 2;

    // User is managed but device is managed only by a platform source which
    // doesn't have domain information.
    DEVICE_MANAGED_BY_PLATFORM = 3;

    // User and device are both managed by cloud service. But they use
    // different domains.
    DEVICE_MANANGED_DIFFERENT_DOMAIN = 4;
  }
  optional UnaffiliationReason unaffiliation_reason = 2;
}

// Chrome user profile level status, used by activated Profiles. Profile name is
// not listed here as they are in the ChromeUserProfileBasicInfo.
message ChromeUserProfileInfo {
  reserved 6;

  // A string to uniquely identify this profile within the browser.
  optional string id = 1;

  // The name of the profile, which was entered by the user when creating
  // the profile. Empty when in incognito mode
  optional string name = 2;

  // Indicates if the profile contains all details. Only active profiles can
  // upload all needed details, idle profiles only upload |id| and |name|.
  optional bool is_detail_available = 3;

  // Gaia account information if the Profile is signed in.
  optional ChromeSignedInUser chrome_signed_in_user = 4;

  // The state of affiliation.
  optional AffiliationState affiliation = 11;

  // An unique Id generated by the client. More details in
  // go/chrome-profile-identifier.
  optional string profile_id = 12;

  // A list of extensions installed in the browser.
  repeated Extension extensions = 5;

  // A list of extensions requested for installation.
  repeated ExtensionRequest extension_requests = 10;

  // A list of Chrome browser policies set for this user profile.
  repeated Policy chrome_policies = 7;

  // A list of extensions' policies set for this user profile. The policies is
  // only added if the extension is installed.
  repeated ExtensionPolicy extension_policies = 8;

  // The last time the cloud policies where fetched for each policy type.
  // Only one policy type which is google/chrome/machine-level-user uploads
  // timestamp currently. More details in b/132973694
  repeated PolicyFetchTimestamp policy_fetched_timestamps = 9;

  // Profile level security signals.
  optional ProfileSignalsReport profile_signals_report = 13;
}

// Report browser level status.
message BrowserReport {
  reserved 4, 7;

  // The Chrome browser version, as seen from within Chrome code as opposed to
  // user agent.
  optional string browser_version = 1;

  // Release channel (stable, beta, etc.).
  optional Channel channel = 2;

  // Required. The path to the browser executable so that we can uniquely
  // identify it.
  optional string executable_path = 3;

  // A list of all Profiles that are created in the current browser instance.
  // Only activated Profiles are able to upload full details while the idle ones
  // contain id and name only. Please note that some activated Profiles may not
  // upload full details due to the limitation of the report size.
  // These details will be uploaded in the following reports.
  repeated ChromeUserProfileInfo chrome_user_profile_infos = 6;

  // The installed version of the browser if it differs from |browser_version|,
  // or absent otherwise. When present, it indicates that an update (of a higher
  // or lower version) has been installed and will be the active version
  // following a browser restart.
  optional string installed_browser_version = 8;

  // True for an extended stable channel installation.
  optional bool is_extended_stable_channel = 9 [default = false];
}

// Report profile level security signals.
message ProfileSignalsReport {
  // A boolean indicating whether Chrome's built-in DNS client is used.
  // If not, the OS DNS client is used instead.
  optional bool built_in_dns_client_enabled = 1;

  // A boolean indicating whether access to the Chrome Remote Desktop
  // application is blocked via a policy.
  optional bool chrome_remote_desktop_app_blocked = 2;

  enum PasswordProtectionTrigger {
    PASSWORD_PROTECTION_OFF = 0;
    PASSWORD_REUSE = 1;
    PHISHING_REUSE = 2;
    POLICY_UNSET = 3;
  }

  // A enum indicating the current setting of the Password Protection Warning
  // feature.
  optional PasswordProtectionTrigger password_protection_warning_trigger = 3;

  // A string contains the domain that manages the current profile.
  optional string profile_enrollment_domain = 4;

  enum RealtimeUrlCheckMode {
    DISABLED = 0;
    ENABLED_MAIN_FRAME = 1;
  }

  // A enum indicating whether Enterprise-grade (i.e. custom) unsafe URL
  // scanning is enabled.
  optional RealtimeUrlCheckMode realtime_url_check_mode = 5;

  enum SafeBrowsingLevel {
    NO_SAFE_BROWSING = 0;
    STANDARD_PROTECTION = 1;
    ENHANCED_PROTECTION = 2;
  }

  // A enum indicating  the Safe Browsing Protection Level.
  optional SafeBrowsingLevel safe_browsing_protection_level = 6;

  // A boolean indicating whether the Site Isolation (a.k.a Site Per Process)
  // setting is enabled.
  optional bool site_isolation_enabled = 7;

  // Providers for various analysis connectors.
  repeated string file_downloaded_providers = 8;
  repeated string file_attached_providers = 9;
  repeated string bulk_data_entry_providers = 10;
  repeated string print_providers = 11;
  repeated string security_event_providers = 12;
}

// Anti virus product information.
message AntiVirusProduct {
  enum AntiVirusProductState {
    ON = 0;
    OFF = 1;
    SNOOZED = 2;
    EXPIRED = 3;
  }

  optional string display_name = 1;
  optional string product_id = 2;
  optional AntiVirusProductState state = 3;
}

enum SettingValue {
  UNKNOWN = 0;
  DISABLED = 1;
  ENABLED = 2;
}

// Report Operating system related information.
message OSReport {
  // A string contains OS name.
  optional string name = 1;

  // A string contains OS architecture.
  optional string arch = 2;

  // A string contains OS version.
  optional string version = 3;

  enum VersionType {
    UNKNOWN = 0;
    HOME = 1;
    PROFESSIONAL = 2;
    SERVER = 3;
    ENTERPRISE = 4;
    EDUCATION = 5;
    EDUCATION_PRO = 6;
  }

  optional VersionType version_type = 4;

  // A string contains the domain that manages this device.
  optional string device_enrollment_domain = 5;

  // A string contains the name of the device's manufacturer.
  optional string device_manufacturer = 6;

  // A string contains the name of the device's model.
  optional string device_model = 7;

  // An enum that represents the encryption state of the disk.
  optional SettingValue disk_encryption = 8;

  // Strings that list the MAC addresses of the device. This field contains PII.
  repeated string mac_addresses = 9;

  // An enum that represents the state of the OS level firewall.
  optional SettingValue os_firewall = 10;

  // An enum that represents the state of the Screen Lock password protection.
  optional SettingValue screen_lock_secured = 11;

  // Strings that list the addresses of all OS level DNS servers configured in
  // the device's network settings.
  repeated string system_dns_servers = 12;

  // List of enums that represents anti virus product info. Windows only.
  repeated AntiVirusProduct antivirus_info = 13;

  // A string contains the ID of installed hotfix system updates. Windows only.
  repeated string hotfixes = 14;

  // The machine GUID of the device, Windows only. This field contains PII.
  optional string machine_guid = 15;

  // An enum that indicates whether the device's startup software has its Secure
  // Boot feature enabled. Windows only.
  optional SettingValue secure_boot_mode = 16;

  // A string contains the Windows domain that the current machine has joined.
  // Windows only.
  optional string windows_machine_domain = 17;

  // A string contains the Windows domain that the current OS user has joined.
  // Windows only.
  optional string windows_user_domain = 18;
}

// Report the status of a Chrome installation on non-Chrome OS platform.
message ChromeDesktopReportRequest {
  reserved 10;
  // The name of the machine within its local network. The string is a JSON
  // encoded structure with a single computername field.
  // This field is replaced by computer_name and only used by old Chrome
  // browser using the JSON legacy browser.
  // TODO(b/189584065): Remove when usage goes to zero.
  optional string machine_name = 1 [deprecated = true];
  // OS info. The string is a an encoded JSON object as returned by
  // chrome.runtime.getPlatformInfo.
  // This field is replaced by OSReport and only used by old Chrome browser.
  optional string os_info = 2;
  // The user name from the OS point of view. The string is a JSON encoded
  // structure with a single username field containing "DOMAIN\username".
  // This field is replaced by os_user_name and only used by old Chrome browser.
  optional string os_user = 3;
  // Browser related info.
  optional BrowserReport browser_report = 4;
  // The device serial number (this might differ with the client ID, depending
  // on the platform). Deprecated: Please use
  // ChromeDesktopReportProtoProcessor.getBrowserDeviceIdentifier().getSerialNumber
  // to extract the Serial Number from the Report Request.
  optional string serial_number = 5 [deprecated = true];
  // A string represents the name of computer. Deprecated: Please use
  // ChromeDesktopReportProtoProcessor.getBrowserDeviceIdentifier().getSerialNumber
  // to extract the Computer Name from the Report Request.
  optional string computer_name = 6 [deprecated = true];
  // Operating system related information.
  optional OSReport os_report = 7;
  // A string contains OS user name.
  optional string os_user_name = 8;
  // Device identifier for helping identify non-Chrome OS devices.
  // TODO(crbug.com/40706071): This will also replace the computer_name and
  // serial_number fields.
  optional BrowserDeviceIdentifier browser_device_identifier = 9;
  // Public key that can be used for attesting the machine.
  optional string machine_attestation_key = 11;
  // A string that represents the device model.
  optional string device_model = 12;
  // A string that represents the brand/manufacturer of a device.
  optional string brand_name = 13;
}

// Report user level status on Chrome OS platform. Chrome OS equivalent of
// ChromeDesktopReportRequest.
message ChromeOsUserReportRequest {
  reserved 3;
  // Browser related info.
  optional BrowserReport browser_report = 1;
  // Android applications installed in primary profile.
  repeated AndroidAppInfo android_app_infos = 2;
}

// Report user level status on all platforms. It includes the information of the
// profile that user has signed in plus some basic browser and OS information.
message ChromeProfileReportRequest {
  // Browser related info
  optional BrowserReport browser_report = 1;

  // Basic OS information
  optional OSReport os_report = 2;

  // Device identifier for helping identify non-Chrome OS devices.
  optional BrowserDeviceIdentifier browser_device_identifier = 3;

  enum ReportType {
    UNKNOWN = 0;
    PROFILE_REPORT = 1;
    PROFILE_SECURITY_SIGNALS = 2;
    PROFILE_REPORT_WITH_SECURITY_SIGNALS = 3;
  }

  // The type of report that is being sent.
  optional ReportType report_type = 4;
}

// A validation issue from validating a policy value that was contained in
// the payload of the policy fetch response.
message PolicyValueValidationIssue {
  // Policy name of the faulty value.
  optional string policy_name = 1;

  // LINT.IfChange
  enum ValueValidationIssueSeverity {
    // Default value for when a severity is not specified.
    VALUE_VALIDATION_ISSUE_SEVERITY_UNSPECIFIED = 0;

    // This result is a warning. The policy blob has not been rejected.
    VALUE_VALIDATION_ISSUE_SEVERITY_WARNING = 1;

    // This result is an error. The policy blob was rejected completely and not
    // updated on the device.
    VALUE_VALIDATION_ISSUE_SEVERITY_ERROR = 2;
  }
  // LINT.ThenChange(//depot/google3/chrome/cros/reporting/api/proto/synced/chromium/events/policy_validation_report.proto)

  // Severity of this policy value validation result.
  optional ValueValidationIssueSeverity severity = 2;

  // Message containing detailed information about the value validation warning
  // or error (e.g. type and specific location). This message is intended as
  // debug information for developers (not localized).
  optional string debug_message = 3;
}

// This message is used to upload the result of cloud policy validation after a
// PolicyFetchRequest.
message PolicyValidationReportRequest {
  // |policy_type| sent in PolicyFetchRequest on the request which
  // returned policy with validation errors.
  optional string policy_type = 1;

  // |policy_token| from the PolicyFetchResponse. This is used to identify the
  // specific policy fetch event that triggered this validation report.
  optional string policy_token = 2;

  // Specifies the result type of the validation.
  // Each enum value can correspond to one of three client behaviors (noted as
  // 'Client behavior' in the comment for each enum value):
  // - Unknown:
  //     It is not known if the fetched policy blob was accepted or rejected.
  // - Policy blob accepted:
  //     The client has accepted and applied the fetched policy blob.
  // - Policy blob rejected:
  //     The client has completely rejected the fetched policy blob.
  // LINT.IfChange
  enum ValidationResultType {
    // An enum value was received which is not known in this version of the
    // proto.
    // Client behavior: Unknown.
    VALIDATION_RESULT_TYPE_ERROR_UNSPECIFIED = 0;
    // Policy validated successfully.
    // Client behavior: Policy blob accepted.
    // Note: This result is here for completeness, the client will not send
    // reports with this enum value.
    VALIDATION_RESULT_TYPE_SUCCESS = 1;
    // Bad signature on the initial key.
    // Client behavior: Policy blob rejected.
    VALIDATION_RESULT_TYPE_BAD_INITIAL_SIGNATURE = 2;
    // Bad signature.
    // Client behavior: Policy blob rejected.
    VALIDATION_RESULT_TYPE_BAD_SIGNATURE = 3;
    // Policy blob contains error code.
    // Client behavior: Policy blob rejected.
    VALIDATION_RESULT_TYPE_ERROR_CODE_PRESENT = 4;
    // Policy payload failed to decode.
    // Client behavior: Policy blob rejected.
    VALIDATION_RESULT_TYPE_PAYLOAD_PARSE_ERROR = 5;
    // Unexpected policy type.
    // Client behavior: Policy blob rejected.
    VALIDATION_RESULT_TYPE_WRONG_POLICY_TYPE = 6;
    // Unexpected settings entity id.
    // Client behavior: Policy blob rejected.
    VALIDATION_RESULT_TYPE_WRONG_SETTINGS_ENTITY_ID = 7;
    // Timestamp is missing or is older than the timestamp of the previous
    // policy.
    // Client behavior: Policy blob rejected.
    VALIDATION_RESULT_TYPE_BAD_TIMESTAMP = 8;
    // DMToken is empty or doesn't match.
    // Client behavior: Policy blob rejected.
    VALIDATION_RESULT_TYPE_BAD_DM_TOKEN = 9;
    // Device id is empty or doesn't match.
    // Client behavior: Policy blob rejected.
    VALIDATION_RESULT_TYPE_BAD_DEVICE_ID = 10;
    // Username doesn't match.
    // Client behavior: Policy blob rejected.
    VALIDATION_RESULT_TYPE_BAD_USER = 11;
    // Policy payload protobuf parse error.
    // Client behavior: Policy blob rejected.
    VALIDATION_RESULT_TYPE_POLICY_PARSE_ERROR = 12;
    // Policy key signature could not be verified using the hard-coded
    // verification key.
    // Client behavior: Policy blob rejected.
    VALIDATION_RESULT_TYPE_BAD_KEY_VERIFICATION_SIGNATURE = 13;
    // There were validation warnings during validation of policy values in the
    // payload. See |policy_value_validation_results|.
    // Client behavior: Policy blob accepted.
    VALIDATION_RESULT_TYPE_VALUE_WARNING = 14;
    // There were validation errors during validation of policy values in the
    // payload. There may also have been warnings. See
    // |policy_value_validation_results| - that list will contain at least one
    // payload validation errors, and zero or more payload validation warnings.
    // Client behavior: Policy blob rejected.
    VALIDATION_RESULT_TYPE_VALUE_ERROR = 15;
  }
  // LINT.ThenChange(//depot/google3/chrome/cros/reporting/api/proto/synced/chromium/events/policy_validation_report.proto)

  // The validation result.
  optional ValidationResultType validation_result_type = 3;

  // Value validation issues in the policy payload. Will be filled if
  // |validation_result_type| is VALIDATION_RESULT_TYPE_VALUE_WARNING
  // or VALIDATION_RESULT_TYPE_VALUE_ERROR.
  repeated PolicyValueValidationIssue policy_value_validation_issues = 4;

  // The action that trigger the validation.
  enum Action {
    // Action is not provided.
    UNKNOWN = 0;
    // Store policy to disk with recently downloaded proto.
    STORE = 1;
    // Load policy from disk cache.
    LOAD = 2;
  }

  optional Action action = 5;
}

// Response from DMServer to a policy validation report.
message PolicyValidationReportResponse {}

message AndroidStatus {
  // JSON string of ARC status report.
  optional string status_payload = 1;
  // DroidGuard response obtained from DroidGuard server.
  optional string droid_guard_info = 2;
}

enum CrostiniAppType {
  // The default terminal App.
  CROSTINI_APP_TYPE_TERMINAL = 0;
  // A registered interactive Crostini App which is
  // not the default terminal app.
  CROSTINI_APP_TYPE_INTERACTIVE = 1;
  // Detected non-registered container applications.
  CROSTINI_APP_TYPE_OTHER = 2;
}

message CrostiniApp {
  // The default display name of the App.
  optional string app_name = 1;
  // The type of the App.
  optional CrostiniAppType app_type = 2;

  // Time stamp of last launch of the App with a three day granularity.
  // The timestamp is milliseconds since Epoch in UTC timezone (Java time).
  optional int64 last_launch_time_window_start_timestamp = 3;

  // If available, the name of the Debian package belonging to this App.
  optional string package_name = 4;
  // If available, the version of the Debian package belonging to this App.
  optional string package_version = 5;
  // If available, a hash of the package belonging to this App.
  optional string package_hash = 6;
}

message CrostiniStatus {
  // Time stamp of last launch of a Crostini app with three day granularity,
  // The timestamp is milliseconds since Epoch in UTC timezone (Java time).
  optional int64 last_launch_time_window_start_timestamp = 1;

  // The VM image version at the time of the last launch.
  optional string last_launch_vm_image_version = 2;
  // The VM kernel version at the time of the last launch.
  optional string last_launch_vm_kernel_version = 3;

  // Contains information about each installed app at the time of the
  // report.
  repeated CrostiniApp installed_apps = 4;
}

// Report current active session (a user on one device) level status.
message SessionStatusReportRequest {
  reserved 1, 2, 3, 6;

  // If this is a kiosk session, this is the device local account ID.
  optional string device_local_account_id = 4;

  // Information about kiosk app for kiosk session.
  repeated AppStatus installed_apps = 5;

  // Information about ARC status.
  optional AndroidStatus android_status = 7;

  // If this is a regular user session, this is the user's DMToken.
  optional string user_dm_token = 8;

  // Time zone id of the active user. Not set for enterprise users.
  // Format of the id is as specified in tz database e.g. Pacific/Honolulu. For
  // more details check third_party/icu/source/i18n/unicode/timezone.h.
  optional string time_zone = 9;

  // Information about Crostini status.
  optional CrostiniStatus crostini_status = 10;

  // Information about all applications for this user on this device, including
  // uninstalled and disabled apps.
  repeated AppInfo app_infos = 11;
}

// Response from DMServer to update devices' status.
// It is possible that status report fails but policy request succeed.  In such
// case, the DeviceStatusReportResponse will contain an error code and the
// device should re-send status report data in the next policy request.  The
// device should re-send report data if policy request fails, even if
// DeviceStatusReportResponse contains no error code.
message DeviceStatusReportResponse {
  optional int32 error_code = 1;

  // Human readable error message for customer support purpose.
  optional string error_message = 2;
}

// Response from DMServer to a Chrome desktop report request. The report
// upload errors will be set in the containing DeviceManagementResponse or
// eventually at the HTTP level.
message ChromeDesktopReportResponse {}

// Response from DMServer to a ChromeOS user report request. The report
// upload errors will be set in the containing DeviceManagementResponse or
// eventually at the HTTP level.
message ChromeOsUserReportResponse {}

// Response from DMServer to a profile report request. The report
// upload errors will be set in the containing DeviceManagementResponse or
// eventually at the HTTP level.
message ChromeProfileReportResponse {}

// Response from DMServer to update user devices' status.
// It is possible that status report fails but policy request succeed.  In such
// case, the SessionStatusReportResponse will contain an error code and the
// device should re-send status report data in the next policy request.  The
// device should re-send report data if policy request fails, even if
// SessionStatusReportResponse contains no error code.
message SessionStatusReportResponse {
  optional int32 error_code = 1;

  // Human readable error message for customer support purpose.
  optional string error_message = 2;
}

// Request from client to query device state using Private Set Membership (PSM).
// Please see go/cros-enterprise-psm and go/cros-client-psm for more details.
message PrivateSetMembershipRequest {
  // A request proto from the RLWE PSM protocol.
  optional PrivateSetMembershipRlweRequest rlwe_request = 1;
}

message PrivateSetMembershipResponse {
  // A response proto from the RLWE PSM protocol.
  optional PrivateSetMembershipRlweResponse rlwe_response = 1;
}

message PrivateSetMembershipRlweRequest {
  // First request sent by the client for checking membership.
  optional private_membership.rlwe.PrivateMembershipRlweOprfRequest
      oprf_request = 1;

  // Second request sent by the client for checking membership.
  optional private_membership.rlwe.PrivateMembershipRlweQueryRequest
      query_request = 2;
}

message PrivateSetMembershipRlweResponse {
  // First response sent by the server for checking membership.
  optional private_membership.rlwe.PrivateMembershipRlweOprfResponse
      oprf_response = 1;

  // Second response sent by the server for checking membership.
  optional private_membership.rlwe.PrivateMembershipRlweQueryResponse
      query_response = 2;
}

// Request from device to server to determine whether the device should
// go through enterprise enrollment. Unlike the other requests, this request is
// not authenticated.
message DeviceAutoEnrollmentRequest {
  // Device identifier hash, mod |modulus|.
  // The type of the device identifier hash depends on |enrollment_check_type|.
  // If |modulus| is 1, |remainder| should be 0.
  // |remainder| should always be present.
  optional int64 remainder = 1;

  // Modulus of the hash used by the client. For now, it is a power of 2, but
  // due to the strict constraint on how many serial numbers a bucket can
  // contain, it may become non power of 2. If that happens, client-side needs
  // to change its assumption.
  // |modulus| should always be present, but setting |modulus| to 1 means that
  // no bits of the client's hash are uploaded. |remainder| should be 0 in this
  // case.
  optional int64 modulus = 2;

  enum EnrollmentCheckType {
    // Unspecified.
    ENROLLMENT_CHECK_TYPE_UNSPECIFIED = 0;
    // Forced Re-Enrollment check with full SHA-256 hashes of the
    // server-backed state key.
    ENROLLMENT_CHECK_TYPE_FRE = 1;
    // Forced Enrollment check with SHA-256 hashes of (brand code + “_” + serial
    // number), truncated to first 8 bytes each.
    ENROLLMENT_CHECK_TYPE_FORCED_ENROLLMENT = 2;
  }

  // Specifies the type of auto enrollment check that is being made.
  // This also defines the format of the device identifier hash used in this
  // exchange.
  optional EnrollmentCheckType enrollment_check_type = 3
      [default = ENROLLMENT_CHECK_TYPE_FRE];
}

// Response from server to auto-enrollment detection request.
message DeviceAutoEnrollmentResponse {
  // If this field is present, the other fields are ignored and the client
  // should send a new DeviceAutoEnrollmentRequest with a |remainder|
  // computed using this new |expected_modulus|. If this field is empty, the
  // client's request was accepted.
  // DMServer guarantees that if the modulus sent by client in
  // DeviceAutoEnrollmentRequest matches server's expectation, this field
  // is unset.
  optional int64 expected_modulus = 1;

  // List of hashes. If the client's hash matches any in this list, the
  // client device should do enterprise enrollment. If it matches none,
  // enrollment should be optional.
  // The format of each entry depends on the |enrollment_check_type| that was
  // set in the DeviceAutoEnrollmentRequest.
  repeated bytes hashes = 2;
}

// Sent by the client to the server. This request is keyed by the opaque
// server-backed state key, (optionally) serial number and RLZ brand code; there
// is no further authentication.
//
// This message can be used for secondary state determination by managed devices
// after a hard reset to recover state. In this case, the client only sets the
// `server_backed_state_key`. The device management server keeps a mapping of
// this identifier to device state. In case device has been deprovisioned, the
// server also performs initial enrollment check using the serial number and
// brand code stored in device state from previous enrollment.
//
// It is also used for unified state determination, which replaces both initial
// and secondary state enrollment. In this case, this request can also be sent
// by brand new devices and the server would not know their serial number and
// brand code, hence the values are supplied as part of the request.
//
// Another device state retrieval scenario is Flex Auto Enrollment initial
// state determination, in which case the Flex enrollment token is included
// (along with brand code and serial number) to retrieve token-keyed state
// from the server.
message DeviceStateRetrievalRequest {
  // Opaque, client-determined, unpredictable, stable and unique device
  // identifier to retrieve state for. This field contains 32 bytes of data that
  // looks essentially random to the server. It may be generated e.g. by running
  // a concatenation of suitable device identifiers through a cryptographic hash
  // algorithm such as SHA-256.
  optional bytes server_backed_state_key = 1;

  // The serial number of the device.
  optional string serial_number = 2;

  // The 4-character brand code of the device.
  optional string brand_code = 3;

  // The enrollment token for Flex Auto Enrollment.
  optional string enrollment_token = 4;
}

// Sent by the client to the server when in registered state to update the
// device-determined device state keys.
message DeviceStateKeyUpdateRequest {
  // The client-determined state keys. To the server, these look like 32 bytes
  // of random data. The client should generate these keys using a deterministic
  // algorithm that takes stable device identifiers as an input and produces a
  // key as the output, possibly by running the identifiers through a
  // cryptographic hash function such as SHA-256.
  repeated bytes server_backed_state_keys = 1;
}

// Server to client message carrying the device state response. Because the
// request is not authenticated, the only protection against state extraction
// from server is the unpredictability of the server-backed state ID. Thus, the
// response should not contain any sensitive data. If the server doesn't know
// the requested identifier, it just returns a message with restore_mode set to
// RESTORE_MODE_NONE.
message DeviceStateRetrievalResponse {
  // Restorative action to take after device reset.
  enum RestoreMode {
    // No secondary state restoration.
    RESTORE_MODE_NONE = 0;
    // Enterprise enrollment requested, but user may skip.
    RESTORE_MODE_REENROLLMENT_REQUESTED = 1;
    // Enterprise enrollment is enforced and cannot be skipped.
    RESTORE_MODE_REENROLLMENT_ENFORCED = 2;
    // The device has been disabled by its owner. The device will show a warning
    // screen and prevent the user from proceeding further.
    RESTORE_MODE_DISABLED = 3;
    // Enterprise enrollment is enforced using Zero-Touch and cannot be skipped.
    RESTORE_MODE_REENROLLMENT_ZERO_TOUCH = 4;
  }
  // The server-indicated restore mode.
  optional RestoreMode restore_mode = 1 [default = RESTORE_MODE_NONE];

  // Primary domain the device is associated with.
  optional string management_domain = 2;

  // State that is relevant only when the |restore_mode| is
  // |RESTORE_MODE_DISABLED|.
  optional DisabledState disabled_state = 3;

  // Initial device state if |restore_mode| is |RESTORE_MODE_NONE|.
  optional DeviceInitialEnrollmentStateResponse initial_state_response = 4;

  // license type the device used in last enrollment
  optional LicenseType license_type = 5;
}

// Request from device to server to retrieve the enrollment mode and domain for
// this device. The client will use this request when the
// DeviceAutoEnrollmentRequest exchange with |enrollment_check_type| set to
// |ENROLLMENT_CHECK_TYPE_FORCED_ENROLLMENT| indicated that it should be
// enrolled. This request is not authenticated.
message DeviceInitialEnrollmentStateRequest {
  // The serial number of the device.
  optional string serial_number = 1;

  // The 4-character brand code of the device.
  optional string brand_code = 2;

  // The enrollment token for Flex Auto Enrollment.
  optional string enrollment_token = 3;
}

// Response from server DeviceInitialEnrollmentStateRequest.
message DeviceInitialEnrollmentStateResponse {
  // Initial action to take after OOBE.
  enum InitialEnrollmentMode {
    // No initial enrollment.
    INITIAL_ENROLLMENT_MODE_NONE = 0;
    // Enterprise enrollment is enforced and cannot be skipped.
    INITIAL_ENROLLMENT_MODE_ENROLLMENT_ENFORCED = 1;
    // Zero-Touch (attestation-based) enrollment is enforced and cannot be
    // skipped.
    INITIAL_ENROLLMENT_MODE_ZERO_TOUCH_ENFORCED = 2;
    // The device has been disabled by its owner. The device will show a warning
    // screen and prevent the user from proceeding further.
    INITIAL_ENROLLMENT_MODE_DISABLED = 3;
    // Token-based enrollment is enforced and cannot be skipped.
    INITIAL_ENROLLMENT_MODE_TOKEN_ENROLLMENT_ENFORCED = 4;
  }

  // The server-indicated initial enrollment mode.
  optional InitialEnrollmentMode initial_enrollment_mode = 1
      [default = INITIAL_ENROLLMENT_MODE_NONE];

  // The domain the device should be enrolled into.
  optional string management_domain = 2;

  // Whether the device comes packaged with a license or not.
  optional bool is_license_packaged_with_device = 3;

  // State that is relevant only when the |initial_enrollment_mode| is
  // |INITIAL_ENROLLMENT_MODE_DISABLED|.
  optional DisabledState disabled_state = 4;

  // License Packaging SKU type.
  // LINT.IfChange
  enum LicensePackagingSKU {
    // Not a License Packaged Device.
    NOT_EXIST = 0;
    // Enterprise SKU.
    CHROME_ENTERPRISE = 1;
    // Education SKU.
    CHROME_EDUCATION = 2;
    // Terminal SKU
    CHROME_TERMINAL = 3;
  }
  // LINT.ThenChange(//depot/google3/google/chrome/licensepackaging/v1/service.proto)

  // SKU Type for License Packaged Device.
  optional LicensePackagingSKU license_packaging_sku = 5;

  // Assigned upgrade type. See: go/zte-sku-consumption and go/cros-kiosk-prd
  // LINT.IfChange(AssignedUpgradeTypeChange)
  enum AssignedUpgradeType {
    // Unspecified
    ASSIGNED_UPGRADE_TYPE_UNSPECIFIED = 0;
    // Chrome Enterprise Upgrade (CEU)
    ASSIGNED_UPGRADE_TYPE_CHROME_ENTERPRISE = 1;
    // Kiosk & Signage Upgrade (KSU)
    ASSIGNED_UPGRADE_TYPE_KIOSK_AND_SIGNAGE = 2;
  }
  // LINT.ThenChange(//depot/google3/java/com/google/chrome/cros/spanner/devicemanagement/schema/enrollment.proto:AssignedUpgradeTypeChange)

  optional AssignedUpgradeType assigned_upgrade_type = 6;
}

// Sent by the client to the server to pair the Host device with the Controller
// device. The HTTP request contains an end-user OAuth token and only succeeds
// if both Host and Controller devices belong to the end-user domain.
message DevicePairingRequest {
  // The device ID of the Host device.
  optional string host_device_id = 1;

  // The device ID of the Controller device.
  optional string controller_device_id = 2;
}

// Response from the server to the device pairing request.
message DevicePairingResponse {
  // The client should check HTTP status code first. If HTTP status code is not
  // 200 (e.g. 500 internal error), then it means the pairing fails. If HTTP
  // status code is 200, then the client should check the status code within the
  // response.
  enum StatusCode {
    SUCCESS = 0;

    // A generic failure code for pairing.
    FAILED = 1;

    // The Host device cannot be found in the user's domain.
    HOST_DEVICE_NOT_FOUND = 2;

    // The Controller device cannot be found in the user's domain.
    CONTROLLER_DEVICE_NOT_FOUND = 3;

    // The Host device is deprovisioned.
    HOST_DEVICE_DEPROVISIONED = 4;

    // The Controller device is deprovisioned.
    CONTROLLER_DEVICE_DEPROVISIONED = 5;
  }

  optional StatusCode status_code = 1 [default = FAILED];
}

// Sent by the client to the server to check if the devices are paired. The HTTP
// request contains controller service account OAuth token as well as the
// DMToken from the Host device.
message CheckDevicePairingRequest {
  // The device ID of the Host device.
  optional string host_device_id = 1;

  // The device ID of the Controller device.
  optional string controller_device_id = 2;
}

// Response from the server to the check device pairing request.
message CheckDevicePairingResponse {
  // The client should check HTTP status code first. If HTTP status code is not
  // 200 (e.g. 500 internal error), then it means the pairing status is unknown.
  // If HTTP status code is 200, then the client should check the status code
  // within the response.
  enum StatusCode {
    PAIRED = 0;

    // The Host and Controller devices are not paired.
    NOT_PAIRED = 1;

    // The Host device cannot be found in the Host device domain.
    HOST_DEVICE_NOT_FOUND = 2;

    // The Controller device cannot be found in the Host device domain.
    CONTROLLER_DEVICE_NOT_FOUND = 3;

    // The Host device is deprovisioned.
    HOST_DEVICE_DEPROVISIONED = 4;

    // The Controller device is deprovisioned.
    CONTROLLER_DEVICE_DEPROVISIONED = 5;

    // Invalid controller identity.
    INVALID_CONTROLLER_DEVICE_IDENTITY = 6;
  }

  optional StatusCode status_code = 1 [default = NOT_PAIRED];
}

// This protobuf defines a single remote command from server to client for
// execution.
message RemoteCommand {
  // The names are used as part of metric names. If enumeration is updated
  // the names should also be updated:
  // - components/policy/core/common/cloud/enterprise_metrics.cc;
  // - components/policy/core/common/remote_commands/remote_commands_service.cc;
  // - Enterprise.RemoteCommandType in
  //     tools/metrics/histograms/metadata/enterprise/histograms.xml;
  enum Type {
    // Simple echo command for testing, will be ignored in production code.
    COMMAND_ECHO_TEST = -1;

    // Reboot the device.
    DEVICE_REBOOT = 0;

    // Take a screenshot.
    DEVICE_SCREENSHOT = 1;

    // Set device volume.
    DEVICE_SET_VOLUME = 2;

    // Force a refresh of device status (attributes and logs).
    DEVICE_FETCH_STATUS = 3;

    // Forwards a user command received from the management server to the ARC++
    // side. The payload is opaque to Chrome OS.
    USER_ARC_COMMAND = 4;

    // Wipe all the users off of the device.
    DEVICE_WIPE_USERS = 5;

    // Start Chrome Remote Desktop session.
    DEVICE_START_CRD_SESSION = 6;

    // Wipe the device (perform a powerwash).
    DEVICE_REMOTE_POWERWASH = 7;

    // Refresh the device machine certificate and re-upload it.
    DEVICE_REFRESH_ENTERPRISE_MACHINE_CERTIFICATE = 8;

    // Retrieve a list of available diagnostics routines.
    DEVICE_GET_AVAILABLE_DIAGNOSTIC_ROUTINES = 9;

    // Run a given diagnostics routine on the platform.
    DEVICE_RUN_DIAGNOSTIC_ROUTINE = 10;

    // Send a command or get an update from an existing diagnostics routine.
    DEVICE_GET_DIAGNOSTIC_ROUTINE_UPDATE = 11;

    // Clear the cache and cookies associated with a given profile.
    BROWSER_CLEAR_BROWSING_DATA = 12;

    // Reset the cellular EUICC (Embedded Universal Integrated Circuit Card) on
    // the device.
    DEVICE_RESET_EUICC = 13;

    // Rotates the attestation credentials associated with a browser device.
    BROWSER_ROTATE_ATTESTATION_CREDENTIAL = 14;

    // Fetch information that determines the availability of CRD on the device.
    FETCH_CRD_AVAILABILITY_INFO = 15;

    // Fetch the logs from the Support Tool on managed ChromeOS devices.
    FETCH_SUPPORT_PACKET = 16;

    // Please update metrics after adding a new item - see the comment above.
  }

  // The command type.
  optional Type type = 1;

  // An opaque unique identifier for the command. The client processes
  // the commands in the order of the command list it receives.
  optional int64 command_id = 2;

  // The age of the command (in milliseconds) when it is sent from server to
  // client, defined as current_server_time - command_generated_time.
  optional int64 age_of_command = 3;

  // Extra parameters for this command, expected to be a JSON string. The exact
  // format of the JSON payload depends on the command type specified by the
  // |type| field:
  // |DEVICE_SCREENSHOT|: {"fileUploadUrl" : url_string}.
  // |DEVICE_SET_VOLUME|: {"volume": volume_value}, where volume_value must be
  // an integer between 0 and 100.
  // |DEVICE_RUN_DIAGNOSTIC_ROUTINE|: {"routine" : routine_enum, "params" :
  // params_dict}, where params_dict varies by routine.
  // |DEVICE_GET_DIAGNOSTIC_ROUTINE_UPDATE|: {"id" : id_integer, "command" :
  // command, "includeOutput" : include_output_bool}, where command must be a
  // valid `ash::cros_healthd::mojom::DiagnosticRoutineCommandEnum`.
  // |DEVICE_REBOOT|: {"user_session_delay_s": delay_integer}, where delay value
  // represents seconds until reboot in user session.
  // |FETCH_SUPPORT_PACKET|:
  // {"supportPacketDetails":{ "issueCaseId": optional_support_case_id_string,
  // "issueDescription": optional_issue_description_string,
  // "requestedDataCollectors": [<list of `support_tool::DataCollectorType`
  // enums>], "requestedPiiTypes": [<list of `support_tool::PiiType` enums>]}}
  optional string payload = 4;

  // An identifier for the target this command is for. This is the same as
  // the device_id in PolicyData. We rely on this identifier not being stable
  // across powerwashes.
  optional string target_device_id = 5;
}

// This protobuf defines the execution result of a single remote command
// which will be sent back to the server.
message RemoteCommandResult {
  // If you change this, update policy.mojom/CommandResultType.
  enum ResultType {
    RESULT_IGNORED = 0;  // The command was ignored as obsolete.
    RESULT_FAILURE = 1;  // The command could not be executed or parsed.
    RESULT_SUCCESS = 2;  // The command was successfully executed. Commands
                         // such as powerwash will return success before they
                         // are executed since state will be forgotten.
  }

  // The result of the command.
  optional ResultType result = 1;

  // The opaque unique identifier of the command. This value is copied from the
  // RemoteCommand protobuf that contained the command.
  optional int64 command_id = 2;

  // The timestamp representing time at which the command was executed, if the
  // result is RESULT_SUCCESS. The timestamp is milliseconds since Epoch in UTC
  // timezone (Java time).
  optional int64 timestamp = 3;

  // Extra information sent to server as result of execution, expected to be a
  // JSON string.
  optional string payload = 4;
}

message DeviceRemoteCommandRequest {
  // Reason for the requesting remote commands, to help with monitoring and
  // alerting (e.g. to detect a decrease in invalidation requests).
  enum Reason {
    REASON_UNSPECIFIED = 0;
    // A placeholder reason used for tests.
    REASON_TEST = 1;
    // Fetch on browser startup.
    REASON_STARTUP = 2;
    // Fetch to upload results of executed commands
    REASON_UPLOAD_EXECUTION_RESULTS = 3;
    // User triggered fetch.
    REASON_USER_REQUEST = 4;
    // Fetch due to an invalidation.
    REASON_INVALIDATION = 5;
  }

  // The command ID of the last command received from the server until
  // now. Omitted if no commands have been received yet.
  optional int64 last_command_unique_id = 1;

  // The execution results of previously fetched commands.
  // The client should send back a command result whenever possible.
  repeated RemoteCommandResult command_results = 2;

  // Whether the server should send secure commands or not.
  optional bool send_secure_commands = 3;

  // What type of signature to use. Only valid if send_secure_commmands is true.
  // If NONE is passed, SHA1_RSA will be used instead for compatibility.
  optional PolicyFetchRequest.SignatureType signature_type = 4;

  // A string that represents the type of RemoteCommands that need to be
  // fetched. This type helps the server redirect the request to different
  // handlers.
  optional string type = 5;

  // Fetch request triggering reason.
  optional Reason reason = 6;
}

message DeviceRemoteCommandResponse {
  // The queue of pending, non secure commands. If this is present then there
  // shall be no secure commands in this response (and vice versa).
  repeated RemoteCommand commands = 1;

  // The queue of pending, secure commands. If this is present then there shall
  // be no non secure commands in this response (and vice versa).
  //
  // The secure_commands.data field contains a serialized PolicyData with a
  // “google/chromeos/remotecommand” policy_type. The secure_commands.signature
  // field is a signature of the data field with the policy key for the domain
  // the device belongs to.
  repeated SignedData secure_commands = 2;
}

// Sent by the client to the server to check if the current user or device is
// allowed to update attributes (asset id and location).  The HTTP request
// can contain an end-user OAuth token or a device DMToken.
message DeviceAttributeUpdatePermissionRequest {}

// Response from the server specifying whether the current user or device is
// allowed to update attributes (asset id and location).
message DeviceAttributeUpdatePermissionResponse {
  enum ResultType {
    ATTRIBUTE_UPDATE_DISALLOWED = 0;
    ATTRIBUTE_UPDATE_ALLOWED = 1;
  }

  optional ResultType result = 1;
}

// Sent by the client to the server to update device attributes (asset id and
// location). The HTTP request can contain an end-user OAuth token or a device
// DMToken.
message DeviceAttributeUpdateRequest {
  // The user-generated asset identifier.
  optional string asset_id = 1;

  // The user input device location.
  optional string location = 2;
}

// Response from the server to update device attributes (asset id and location).
message DeviceAttributeUpdateResponse {
  enum ResultType {
    ATTRIBUTE_UPDATE_ERROR = 0;
    ATTRIBUTE_UPDATE_SUCCESS = 1;
  }

  optional ResultType result = 1;
}

// Sent by the client to server to update the mapping from GCM id to device_id
// on the server side.
message GcmIdUpdateRequest {
  optional string gcm_id = 1;
}

// Response for GcmIdUpdateRequest, an empty message for now.
message GcmIdUpdateResponse {}

// Request from device to server to check for Android-for-Work service with
// DPC enforcement. Must be sent only for users who are not managed in Chrome
// OS.
// Provide user's OAuth token with your HTTP Request.
message CheckAndroidManagementRequest {}

// Response from server to device for check for Android-for-Work service with
// DPC enforcement request.
// SC_CONFLICT HTTP code is returned if DPC enforcement is required.
message CheckAndroidManagementResponse {}

// Request to register a new device (authenticated by enterprise enrollment
// certificate). See http://go/zero-touch-chrome for details.
// The response message will be the DeviceRegisterResponse.
message CertificateBasedDeviceRegisterRequest {
  // Signed request to register with a certificate. The signed_request.data
  // field contains a CertificateBasedDeviceRegistrationData with a nonce
  // (as added by the Chrome OS cryptohome client) appended. The
  // signed_request.signature field is a signature of the data field signed
  // with the enrollment certificate's private key.
  optional SignedData signed_request = 1;
}

// Request from device to server to register a device (authenticated with an
// enrollment token).
message TokenBasedDeviceRegisterRequest {
  optional DeviceRegisterRequest device_register_request = 1;
}

// Response to a token-based device registration request
// (@code `TokenBasedDeviceRegisterRequest`).
message TokenBasedDeviceRegisterResponse {
  optional DeviceRegisterResponse device_register_response = 1;
}

// Requested configuration to be passed along a registration request.
message DeviceRegisterConfiguration {
  // The device owner's email address.
  optional string device_owner = 1;
}

message CertificateBasedDeviceRegistrationData {
  enum CertificateType {
    UNKNOWN = 0;
    ENTERPRISE_ENROLLMENT_CERTIFICATE = 1;
  }

  optional CertificateType certificate_type = 1;
  // Device certificate in X.509 format.
  // We use CertificateFactory.generateCertificate() call and
  // the certificate provided must be DER-encoded and may be supplied in binary
  // or printable (Base64) encoding. If the certificate is provided in Base64
  // encoding, it must be bounded at the beginning by
  // -----BEGIN CERTIFICATE-----, and must be bounded at the end by
  // -----END CERTIFICATE-----.
  optional bytes device_certificate = 2;
  // regular device registration request
  optional DeviceRegisterRequest device_register_request = 3;
  // Additional configuration to register the device.
  optional DeviceRegisterConfiguration device_register_configuration = 4;
}

// Request to enroll a Chrome browser. Fields match identically named fields
// in ChromeBrowserDeviceInfo.
message RegisterBrowserRequest {
  // The name of the machine within its local network.
  optional string machine_name = 1;
  // Platform, e.g., Windows or Mac.
  optional string os_platform = 2;
  // Platform specific version number, e.g., 6.1.7601.0 or 10.12.6
  optional string os_version = 3;
  // Device identifier for helping identify non-Chrome OS devices.
  // TODO(crbug.com/40706071): This will also replace the machine_name field.
  optional BrowserDeviceIdentifier browser_device_identifier = 4;
  // The device model, e.g., iPad6,11
  optional string device_model = 5;
  // A string that represents the brand/manufacturer of a device.
  optional string brand_name = 6;
}

// Registration payload to enroll a Chrome Profile. Currently only used by
// OIDC profile registration.
message ProfileRegistrationPayload {
  // Passing encrypted user information from IdP to DMServer, Chrome itself
  // does not decrypt or access the information directly.
  // Format of the un-encrypted data has the format of `ProfileRegistrationData`
  // proto on DMServer.
  optional string encrypted_user_information = 1;
  // Chrome requires the subject and issuer to check whether a profile exists
  // for this user already.
  optional string subject = 2;
  optional string issuer = 3;
  // Used to detect duplicate GAIA profile for the same account
  optional string email = 4;
}

// Gets an enrollment token to a managed Google Play account for using it with
// Active Directory. Sent when a new user logs in with Active Directory and
// opens Play Store for the first time.
message ActiveDirectoryEnrollPlayUserRequest {
  // A server-provider identifier for the previously established SAML session.
  // If left empty and SAML authentication is required,
  // ActiveDirectoryEnrollPlayUserResponse.saml_parameters.auth_redirect_url
  // will contain initial Redirect required to start the SAML flow.
  optional string auth_session_id = 1;
}

// The result when a new user logs in to Play Store with Active Directory.
// 904 Arc Disabled HTTP error code is returned if the reason of the failure is
//     that ARC is not enabled for the domain.
// 403 Forbidden HTTP error code is returned if the device can't get Managed
//     Google Play accounts.
message ActiveDirectoryEnrollPlayUserResponse {
  // The enrollment token which can be used to fetch a Managed Google Play
  // account.
  optional string enrollment_token = 1;
  // The user id which identifies the user enrolled by this token. This user id
  // is opaque to the client and is only used in the ActiveDirectoryPlayActivity
  // requests.
  optional string user_id = 2;
  // If SAML authentication is required, SAML flow parameters are specified in
  // this proto and both enrollment_token and user_id fields are left unset.
  optional SamlParametersProto saml_parameters = 3;
}

message SamlParametersProto {
  // Initial Redirect URL to start the SAML flow.
  optional string auth_redirect_url = 1;
  // Auth Session ID which the client is supposed to use in the subsequent
  // DMServer request (to be sent after SAML flow completes).
  optional string auth_session_id = 2;
}

// Gets a URL to the SAML IdP authentication flow for using it with public
// SAML session. Sent when a user logs in to a SAML public session account.
message PublicSamlUserRequest {
  // Identifier for the public saml account. Same as
  // DeviceLocalAccountInfoProto.account_id.
  optional string account_id = 1;
}

// The result when a user logs in to a SAML public session account.
message PublicSamlUserResponse {
  // SAML flow parameters are specified in this proto.
  optional SamlParametersProto saml_parameters = 1;
}

// Reports that a managed Google Play account is used. This makes the garbage
// collection of accounts possible by reporting the ones which are still in use.
message ActiveDirectoryPlayActivityRequest {
  // The user id received in ActiveDirectoryEnrollPlayUserResponse which
  // identifies the user.
  optional string user_id = 1;
}

// Response to the Play account activity request.
message ActiveDirectoryPlayActivityResponse {}

// DEPRECATED: Request to retrieve available device licenses. User auth token
// or auth cookie must be provided with DeviceManagementRequest when
// CheckDeviceLicenseRequest is being sent.
// See go/cdm-mixed-license-pool for more info
message CheckDeviceLicenseRequest {}

// Represents availability of a single license type.
message LicenseAvailability {
  // License type.
  optional LicenseType license_type_deprecated = 1 [deprecated = true];

  // Remaining available licenses (can be 0).
  optional int32 available_licenses_deprecated = 2 [deprecated = true];
}

// DEPRECATED: Response to a check device license request.
message CheckDeviceLicenseResponse {
  enum LicenseSelectionMode {
    // Should not happen, included for compatibility.
    UNDEFINED = 0;
    // User is allowed to choose license.
    USER_SELECTION = 1;
    // Admin controls license selection preferences through management UI.
    ADMIN_SELECTION = 2;
  }

  // Policy setting value for license selection mode.
  optional LicenseSelectionMode license_selection_mode_deprecated = 1
      [deprecated = true];

  // Provides available license counts for each purchased license type.
  // This field would list each subscription for the domain even if all licenses
  // have been used up (in which case available_licenses field is set to zero).
  //
  // If license_selection_mode == USER_SELECTION and license_availability
  // contains more than one entry then device should display a screen asking
  // user to choose license type and send selected license type value in the
  // DeviceRegisterRequest.license_type field.
  repeated LicenseAvailability license_availabilities_deprecated = 2
      [deprecated = true];
}

// Sign in an Active Directory user using SAML SSO. The device management server
// redirects the client to the Active Directory server in order to authenticate
// and identify the Active Directory user. Active Directory redirects the client
// back to the device management server with an assertion of the Active
// Directory user's identity. The device management server then redirects the
// client to Google's authentication service in order to provision the user on
// the device.
message ActiveDirectoryUserSigninRequest {}

message ActiveDirectoryUserSigninResponse {
  // Initial Redirect URL to start the SAML flow.
  optional string auth_redirect_url = 1;
}

// Contains information about the TPM used on the device.
message TpmVersionInfo {
  enum GscVersion {
    GSC_VERSION_UNSPECIFIED = 0;
    GSC_VERSION_NOT_GSC = 1;
    GSC_VERSION_CR50 = 2;
    GSC_VERSION_TI50 = 3;
  }
  optional uint32 family = 1;
  optional uint64 spec_level = 2;
  optional uint32 manufacturer = 3;
  optional uint32 tpm_model = 4;
  optional uint64 firmware_version = 5;
  optional string vendor_specific = 6;
  optional GscVersion gsc_version = 7;
  // This field represents the tpm device id and vendor id
  // which is a combined value as declared in the TPM spec.
  optional string did_vid = 8;
}

// Contains status of the TPM unit.
message TpmStatusInfo {
  optional bool enabled = 1;
  optional bool owned = 2;
  // This field was previously named "initialized", but that's not a valid name
  // for a proto field since it generates isInitialized method for the Java
  // binding which collides with the isInitialized method that exists for all
  // Java protos.
  optional bool tpm_initialized = 3;
  optional bool attestation_prepared = 4;
  optional bool attestation_enrolled = 5;
  optional int32 dictionary_attack_counter = 6;
  optional int32 dictionary_attack_threshold = 7;
  optional bool dictionary_attack_lockout_in_effect = 8;
  optional int32 dictionary_attack_lockout_seconds_remaining = 9;
  // DEPRECATED: Not filled by the client anymore (since b/172748724).
  optional bool boot_lockbox_finalized = 10 [deprecated = true];
  optional bool owner_password_is_present = 11;
  optional TpmSupportedFeatures tpm_supported_features = 12;
}

// Contains information about specific features of the TPM unit.
message TpmSupportedFeatures {
  optional bool is_allowed = 1;
  optional bool support_pinweaver = 2;
  optional bool support_runtime_selection = 3;
  optional bool support_u2f = 4;
}

// System state included with some log events.
message SystemState {
  // VolumeInfo is reused from existing Chrome reporting.
  repeated VolumeInfo volume_infos = 1;
}

// A single entry in the install log for an extension.
message ExtensionInstallReportLogEvent {
  // Enumerates the possible event types.
  enum EventType {
    // Not used.
    LOG_EVENT_TYPE_UNKNOWN = 0;
    // Requested by policy to install the extension.
    POLICY_REQUEST = 1;
    // Install success.
    SUCCESS = 2;
    // Request canceled.
    CANCELED = 3;
    // Connectivity state changed.
    CONNECTIVITY_CHANGE = 4;
    // Session state changed.
    SESSION_STATE_CHANGE = 5;
    // Extension installation failed.
    INSTALLATION_FAILED = 6;
  }

  // Enumerates the possible changes in session state.
  enum SessionStateChangeType {
    // Not used.
    SESSION_STATE_CHANGE_TYPE_UNKNOWN = 0;
    // Session starting.
    LOGIN = 1;
    // Session ending.
    LOGOUT = 2;
    // Suspending.
    SUSPEND = 3;
    // Resuming.
    RESUME = 4;
  }

  // Possible failure reasons. See InstallStageTracker::FailureReason for more
  // details. InstallStageTracker::FailureReason is the main enum and this is
  // a copy used for reporting purposes.
  enum FailureReason {
    FAILURE_REASON_UNKNOWN = 0;
    INVALID_ID = 1;
    MALFORMED_EXTENSION_SETTINGS = 2;
    REPLACED_BY_ARC_APP = 3;
    MALFORMED_EXTENSION_DICT = 4;
    NOT_SUPPORTED_EXTENSION_DICT = 5;
    MALFORMED_EXTENSION_DICT_FILE_PATH = 6;
    MALFORMED_EXTENSION_DICT_VERSION = 7;
    MALFORMED_EXTENSION_DICT_UPDATE_URL = 8;
    LOCALE_NOT_SUPPORTED = 9;
    NOT_PERFORMING_NEW_INSTALL = 10;
    TOO_OLD_PROFILE = 11;
    DO_NOT_INSTALL_FOR_ENTERPRISE = 12;
    ALREADY_INSTALLED = 13;
    CRX_FETCH_FAILED = 14;
    MANIFEST_FETCH_FAILED = 15;
    MANIFEST_INVALID = 16;
    NO_UPDATE = 17;
    CRX_INSTALL_ERROR_DECLINED = 18;
    CRX_INSTALL_ERROR_SANDBOXED_UNPACKER_FAILURE = 19;
    CRX_INSTALL_ERROR_OTHER = 20;
    NO_UPDATE_URL = 21;
    PENDING_ADD_FAILED = 22;
    DOWNLOADER_ADD_FAILED = 23;
    IN_PROGRESS = 24;
    CRX_FETCH_URL_EMPTY = 25;
    CRX_FETCH_URL_INVALID = 26;
    OVERRIDDEN_BY_SETTINGS = 27;
    REPLACED_BY_SYSTEM_APP = 28;
  }

  //  Stage of extension installing process. See InstallStageTracker::Stage for
  //  more details. InstallStageTracker::Stage is the main enum and this is
  // a copy used for reporting purposes. The entries are in the order they occur
  // in the installation process.
  enum InstallationStage {
    INSTALLATION_STAGE_UNKNOWN = 0;
    CREATED = 1;
    PENDING = 2;
    DOWNLOADING = 3;
    INSTALLING = 4;
    COMPLETE = 5;
  }

  // Type of current user. See user_manager::UserType for more details.
  // user_manager::UserType is the main enum and this is a copy used for
  // reporting purposes.
  // LINT.IfChange(UserType)
  enum UserType {
    USER_TYPE_UNKNOWN = 0;
    USER_TYPE_REGULAR = 1;
    USER_TYPE_GUEST = 2;
    USER_TYPE_PUBLIC_ACCOUNT = 3;
    USER_TYPE_SUPERVISED_DEPRECATED = 4 [deprecated = true];
    USER_TYPE_KIOSK_APP = 5;
    USER_TYPE_CHILD = 6;
    USER_TYPE_ARC_KIOSK_APP = 7;
    USER_TYPE_ACTIVE_DIRECTORY = 8;
    USER_TYPE_WEB_KIOSK_APP = 9;
    USER_TYPE_KIOSK_IWA = 10;
  }
  // LINT.ThenChange(//components/user_manager/user_type.h:UserType)

  // Current stage of the extension downloading process. See
  // ExtensionDownloaderDelegate::Stage for more details.
  // ExtensionDownloaderDelegate::Stage is the main enum and this is a copy used
  // for reporting purposes.
  enum DownloadingStage {
    DOWNLOADING_STAGE_UNKNOWN = 0;
    DOWNLOAD_PENDING = 1;
    QUEUED_FOR_MANIFEST = 2;
    DOWNLOADING_MANIFEST = 3;
    DOWNLOADING_MANIFEST_RETRY = 4;
    PARSING_MANIFEST = 5;
    MANIFEST_LOADED = 6;
    QUEUED_FOR_CRX = 7;
    DOWNLOADING_CRX = 8;
    DOWNLOADING_CRX_RETRY = 9;
    FINISHED = 10;
  }

  // Current stage of the extension creation process. See
  // InstallStageTracker::InstallCreationStage for more details.
  // InstallStageTracker::InstallCreationStage is the main enum and this is a
  // copy used for reporting purposes.
  enum InstallCreationStage {
    INSTALL_CREATION_STAGE_UNKNOWN = 0;
    CREATION_INITIATED = 1;
    NOTIFIED_FROM_MANAGEMENT_INITIAL_CREATION_FORCED = 2;
    NOTIFIED_FROM_MANAGEMENT_INITIAL_CREATION_NOT_FORCED = 3;
    NOTIFIED_FROM_MANAGEMENT = 4;
    NOTIFIED_FROM_MANAGEMENT_NOT_FORCED = 5;
    SEEN_BY_POLICY_LOADER = 6;
    SEEN_BY_EXTERNAL_PROVIDER = 7;
  }

  // Status of cache when an attempt is made to fetch the extension from it
  // during the downloading process. See
  // ExtensionDownloaderDelegate::CacheStatus for more details.
  // ExtensionDownloaderDelegate::CacheStatus is the main enum and this is a
  // copy used for reporting purposes.
  enum DownloadCacheStatus {
    CACHE_UNKNOWN = 0;
    CACHE_DISABLED = 1;
    CACHE_MISS = 2;
    CACHE_OUTDATED = 3;
    CACHE_HIT = 4;
    CACHE_HIT_ON_MANIFEST_FETCH_FAILURE = 5;
  }

  // All the ways SandboxedUnpacker can fail. See
  // extensions::SandboxedUnpackerFailureReason for more details.
  // extensions::SandboxedUnpackerFailureReason is the main enum and this is a
  // copy used for reporting purposes.
  enum SandboxedUnpackerFailureReason {
    SANDBOXED_UNPACKER_FAILURE_REASON_UNKNOWN = 0;
    COULD_NOT_GET_TEMP_DIRECTORY = 1;
    COULD_NOT_CREATE_TEMP_DIRECTORY = 2;
    FAILED_TO_COPY_EXTENSION_FILE_TO_TEMP_DIRECTORY = 3;
    COULD_NOT_GET_SANDBOX_FRIENDLY_PATH = 4;
    COULD_NOT_LOCALIZE_EXTENSION = 5;
    INVALID_MANIFEST = 6;
    UNPACKER_CLIENT_FAILED = 7;
    UTILITY_PROCESS_CRASHED_WHILE_TRYING_TO_INSTALL = 8;
    CRX_FILE_NOT_READABLE = 9;
    CRX_HEADER_INVALID = 10;
    CRX_MAGIC_NUMBER_INVALID = 11;
    CRX_VERSION_NUMBER_INVALID = 12;
    CRX_EXCESSIVELY_LARGE_KEY_OR_SIGNATURE = 13;
    CRX_ZERO_KEY_LENGTH = 14;
    CRX_ZERO_SIGNATURE_LENGTH = 15;
    CRX_PUBLIC_KEY_INVALID = 16;
    CRX_SIGNATURE_INVALID = 17;
    CRX_SIGNATURE_VERIFICATION_INITIALIZATION_FAILED = 18;
    CRX_SIGNATURE_VERIFICATION_FAILED = 19;
    ERROR_SERIALIZING_MANIFEST_JSON = 20;
    ERROR_SAVING_MANIFEST_JSON = 21;
    COULD_NOT_READ_IMAGE_DATA_FROM_DISK_UNUSED = 22;
    DECODED_IMAGES_DO_NOT_MATCH_THE_MANIFEST_UNUSED = 23;
    INVALID_PATH_FOR_BROWSER_IMAGE = 24;
    ERROR_REMOVING_OLD_IMAGE_FILE = 25;
    INVALID_PATH_FOR_BITMAP_IMAGE = 26;
    ERROR_RE_ENCODING_THEME_IMAGE = 27;
    ERROR_SAVING_THEME_IMAGE = 28;
    DEPRECATED_ABORTED_DUE_TO_SHUTDOWN = 29;
    COULD_NOT_READ_CATALOG_DATA_FROM_DISK_UNUSED = 30;
    INVALID_CATALOG_DATA = 31;
    INVALID_PATH_FOR_CATALOG_UNUSED = 32;
    ERROR_SERIALIZING_CATALOG = 33;
    ERROR_SAVING_CATALOG = 34;
    CRX_HASH_VERIFICATION_FAILED = 35;
    UNZIP_FAILED = 36;
    DIRECTORY_MOVE_FAILED = 37;
    CRX_FILE_IS_DELTA_UPDATE = 38;
    CRX_EXPECTED_HASH_INVALID = 39;
    DEPRECATED_ERROR_PARSING_DNR_RULESET = 40;
    ERROR_INDEXING_DNR_RULESET = 41;
    CRX_REQUIRED_PROOF_MISSING = 42;
    CRX_HEADER_VERIFIED_CONTENTS_UNCOMPRESSING_FAILURE = 43;
    MALFORMED_VERIFIED_CONTENTS = 44;
    COULD_NOT_CREATE_METADATA_DIRECTORY = 45;
    COULD_NOT_WRITE_VERIFIED_CONTENTS_INTO_FILE = 46;
  }

  // Reason why extension failed due to failure reason MANIFEST_INVALID. See
  // extensions::ManifestInvalidError for more details.
  // extensions::ManifestInvalidError is the main enum and this is a
  // copy used for reporting purposes.
  enum ManifestInvalidError {
    MANIFEST_INVALID_ERROR_UNKNOWN = 0;
    XML_PARSING_FAILED = 1;
    INVALID_XLMNS_ON_GUPDATE_TAG = 2;
    MISSING_GUPDATE_TAG = 3;
    INVALID_PROTOCOL_ON_GUPDATE_TAG = 4;
    MISSING_APP_ID = 5;
    MISSING_UPDATE_CHECK_TAGS = 6;
    MULTIPLE_UPDATE_CHECK_TAGS = 7;
    INVALID_PRODVERSION_MIN = 8;
    EMPTY_CODEBASE_URL = 9;
    INVALID_CODEBASE_URL = 10;
    MISSING_VERSION_FOR_UPDATE_CHECK = 11;
    INVALID_VERSION = 12;
    BAD_UPDATE_SPECIFICATION = 13;
    BAD_APP_STATUS = 14;
  }

  // Extended error code if the extension installation failed due to CRX install
  // error. See extensions::CrxInstallErrorDetail for more details.
  // extensions::CrxInstallErrorDetail is the main enum and this is a
  // copy used for reporting purposes.
  enum CrxInstallErrorDetail {
    CRX_INSTALL_ERROR_DETAIL_UNKNOWN = 0;
    CONVERT_USER_SCRIPT_TO_EXTENSION_FAILED = 1;
    UNEXPECTED_ID = 2;
    UNEXPECTED_VERSION = 3;
    MISMATCHED_VERSION = 4;
    CRX_ERROR_MANIFEST_INVALID = 5;
    INSTALL_NOT_ENABLED = 6;
    OFFSTORE_INSTALL_DISALLOWED = 7;
    INCORRECT_APP_CONTENT_TYPE = 8;
    NOT_INSTALLED_FROM_GALLERY = 9;
    INCORRECT_INSTALL_HOST = 10;
    DEPENDENCY_NOT_SHARED_MODULE = 11;
    DEPENDENCY_OLD_VERSION = 12;
    DEPENDENCY_NOT_ALLOWLISTED = 13;
    UNSUPPORTED_REQUIREMENTS = 14;
    EXTENSION_IS_BLOCKLISTED = 15;
    DISALLOWED_BY_POLICY = 16;
    KIOSK_MODE_ONLY = 17;
    OVERLAPPING_WEB_EXTENT = 18;
    CANT_DOWNGRADE_VERSION = 19;
    MOVE_DIRECTORY_TO_PROFILE_FAILED = 20;
    CANT_LOAD_EXTENSION = 21;
    USER_CANCELED = 22;
    USER_ABORTED = 23;
    UPDATE_NON_EXISTING_EXTENSION = 24;
  }

  // Timestamp, in microseconds since epoch. Set for all log
  // events.
  optional int64 timestamp = 1;

  // Event type. Set for all log events.
  optional EventType event_type = 2;

  // Total and available space on the stateful partition, in bytes. Set for
  // event types INSTALLATION_FAILED and SUCCESS.
  optional int64 stateful_total = 3;
  optional int64 stateful_free = 4;

  // Network state. Set for event type SESSION_STATE_CHANGE of type LOGIN and
  // CONNECTIVITY_CHANGE.
  optional bool online = 5;

  // Type of session state change. Set for event type SESSION_STATE_CHANGE.
  optional SessionStateChangeType session_state_change_type = 6;

  // Type of failure reason. Set for event type INSTALLATION_FAILED.
  optional FailureReason failure_reason = 7;

  // Stage of installation process.
  optional InstallationStage installation_stage = 8;

  // Stage of downloading process.
  optional DownloadingStage downloading_stage = 9;

  // Type of the extension. Set for event type SUCCESS and sometimes (when
  // possible) for INSTALLATION_FAILED.
  optional Extension.ExtensionType extension_type = 10;

  // Type of the current user.
  optional UserType user_type = 11;

  // Whether the current user is new.
  optional bool is_new_user = 12;

  // Whether the current failure is a admin side miconfiguration failure. Set
  // for event type INSTALLATION_FAILED.
  optional bool is_misconfiguration_failure = 13;

  // Stage of install creation process.
  optional InstallCreationStage install_creation_stage = 14;

  // Status of cache during downloading process.
  optional DownloadCacheStatus download_cache_status = 15;

  // Detailed reason why unpacking of extension failed.
  optional SandboxedUnpackerFailureReason unpacker_failure_reason = 16;

  // Detailed reason why extension failed due to failure reason
  // MANIFEST_INVALID.
  optional ManifestInvalidError manifest_invalid_error = 17;

  // Extended error code if the extension installation failed due to CRX install
  // error.
  optional CrxInstallErrorDetail crx_install_error_detail = 18;

  // Fetch error code when failure_reason is CRX_FETCH_FAILED or
  // MANIFEST_FETCH_FAILED.
  optional int32 fetch_error_code = 19;

  // Number of fetch tries made when failure reason is CRX_FETCH_FAILED or
  // MANIFEST_FETCH_FAILED.
  optional int32 fetch_tries = 20;
}

// A single entry in the push-install log for an app.
message AppInstallReportLogEvent {
  // Enumerates the possible event types.
  enum EventType {
    // Not used.
    LOG_EVENT_TYPE_UNKNOWN = 0;
    // Request received by device
    SERVER_REQUEST = 1;
    // Request forwarded to CloudDPC
    CLOUDDPC_REQUEST = 2;
    // Request forwarded to CloudDPS
    CLOUDDPS_REQUEST = 3;
    // Response received from CloudDPS
    CLOUDDPS_RESPONSE = 4;
    // Log line written by Phonesky
    PHONESKY_LOG = 5;
    // Install success
    SUCCESS = 6;
    // Request canceled
    CANCELED = 7;
    // Connectivity state changed
    CONNECTIVITY_CHANGE = 8;
    // Session state changed
    SESSION_STATE_CHANGE = 9;
    // Package installation started
    INSTALLATION_STARTED = 10;
    // Package installation finished
    INSTALLATION_FINISHED = 11;
    // Package installation failed
    INSTALLATION_FAILED = 12;
    // Direct install scheduled
    DIRECT_INSTALL = 13;
    // No more regular attempts to install
    CLOUDDPC_MAIN_LOOP_FAILED = 14;
    // PlayStore local policy was set
    PLAYSTORE_LOCAL_POLICY_SET = 15;
  }

  // Enumerates the possible changes in session state.
  enum SessionStateChangeType {
    // Not used.
    SESSION_STATE_CHANGE_TYPE_UNKNOWN = 0;
    // Session starting
    LOGIN = 1;
    // Session ending
    LOGOUT = 2;
    // Suspending
    SUSPEND = 3;
    // Resuming
    RESUME = 4;
  }

  // Timestamp, in microseconds since epoch. Set for all log
  // events.
  optional int64 timestamp = 1;

  // Event type. Set for all log events.
  optional EventType event_type = 2;

  // Total and available space on the stateful partition, in bytes. Set for
  // event types SERVER_REQUEST, CLOUDDPS_RESPONSE, INSTALLATION_STARTED,
  // INSTALLATION_FINISHED, INSTALLATION_FAILED and SUCCESS.
  optional int64 stateful_total = 3;
  optional int64 stateful_free = 4;

  // CloudDPS response. Set for event type CLOUDDPS_RESPONSE.
  optional int32 clouddps_response = 5;

  // Log line written by Phonesky. Set for event type PHONESKY_LOG.
  optional string phonesky_log = 6;

  // Network state. Set for event type SESSION_STATE_CHANGE of type LOGIN and
  // CONNECTIVITY_CHANGE.
  optional bool online = 7;

  // Type of session state change. Set for event type SESSION_STATE_CHANGE.
  optional SessionStateChangeType session_state_change_type = 8;

  // ARC++ Android id.
  optional int64 android_id = 9;
}

// Log bucket for an extension.
message ExtensionInstallReport {
  // Extension id for the extension.
  optional string extension_id = 1;

  // Whether the log is incomplete, e.g. due to the log ring buffer overflowing
  // or disk corruption.
  optional bool incomplete = 2;

  // Log events for the extension.
  repeated ExtensionInstallReportLogEvent logs = 3;
}

// Log bucket for an ARC++ app.
message AppInstallReport {
  // Package name of the app.
  optional string package = 1;

  // Whether the log is incomplete, e.g. due to the log ring buffer overflowing
  // or disk corruption.
  optional bool incomplete = 2;

  // Log events for the app.
  repeated AppInstallReportLogEvent logs = 3;
}

// Push-install logs for all ARC++ apps.
message AppInstallReportRequest {
  // Log buckets for each app.
  repeated AppInstallReport app_install_reports = 1;
}

// Installation logs for all extensions.
message ExtensionInstallReportRequest {
  // Log buckets for each extension.
  repeated ExtensionInstallReport extension_install_reports = 1;
}

// Response from server after receiving a report on the status of app
// push-installs.
message AppInstallReportResponse {}

// Request from device to stop using a previously issued service account.
// The identity of a freshly-issued service account will be returned by a
// subsequent device policy fetch (see the |service_account_identity| field in
// |PolicyData| and auth codes tied to the new service account can be retrieved
// by subsequent |DeviceServiceApiAccessRequest| requests.
message RefreshAccountRequest {
  enum AccountType {
    ACCOUNT_TYPE_UNSPECIFIED = 0;

    // Refresh demo mode user account.
    // See go/cros-demo-mode and go/demo-mode-account-brainstorm.
    CHROME_OS_DEMO_MODE = 1;
  }

  optional AccountType account_type = 1;
}

// Response from server after receiving a request to refresh the service
// account.
message RefreshAccountResponse {}

// Request from device to upload RSU lookup key.
message RsuLookupKeyUploadRequest {
  // Google brand code for the given device SKU.
  optional bytes board_id = 1;

  // Hashed Cr50 device ID.
  optional bytes cr50_hashed_device_id = 2;
}

// Response to {@code RsuLookupKeyUploadRequest}.
message RsuLookupKeyUploadResponse {
  // Whether RSU lookup key was received.
  optional bool rsu_lookup_key_updated = 1;
}

// Information about an eSIM profile installed on an EUICC (Embedded Universal
// Integrated Circuit Card).
message ESimProfileInfo {
  // ICCID of the eSIM profile. Up to 22 decimal digits encoded as ASCII string.
  // Example: 3554020401587593554020.
  optional string iccid = 1;

  // SM-DP+ (Subscription Manager - Data Preparation) activation code that was
  // used to install this eSIM profile. The "address" terminology is historical
  // since the string is not strictly just an address. This field should be
  // considered mutually exclusive with |smds_address|. Up to 255 characters
  // encoded as UTF8 string.
  // Example: LPA:1$esim.example.com$matchingId
  optional string smdp_address = 2;

  // SM-DS (Subscription Manager - Discovery Service) activation code that was
  // used to install this eSIM profile. The "address" terminology is historical
  // since the string is not strictly just an address. This field should be
  // considered mutually exclusive with |smdp_address|. Up to 255 characters
  // encoded as UTF8 string.
  // Example: LPA:1$esim.example.com$
  optional string smds_address = 3;

  // The name of the policy-defined network that resulted in the installation of
  // this eSIM profile. This metadata is required to guarantee that multiple
  // policy-defined networks that are configured with the same activation code
  // are handled correctly, and will result in the appropriate number of eSIM
  // profiles being installed.
  optional string name = 4;
}

// Request from device to server to update information about EUICCs
// on the device.
message UploadEuiccInfoRequest {
  // Number of EUICCs on the device.
  optional uint32 euicc_count = 1;

  // List of policy provisioned eSIM profiles on the device.
  repeated ESimProfileInfo esim_profiles = 2;

  // A boolean flag which indicates that the list of eSim profiles was cleared.
  // We use this differentiate between intentionally empty profile list(after
  // cleanup) or not yet provisioned one.
  // On the server, we would ignore requests where |esim_profiles| is empty
  // if |clear_profile_list| is not set to |true| to not accidentally clear the
  // values previously stored for this device(which can happen in a case of
  // device being in after-powerwash state, for example).
  optional bool clear_profile_list = 3;
}

// Response from server to device for EUICC status update.
message UploadEuiccInfoResponse {}

// An event used for reporting when a new print job has completed.
message PrintJobEvent {
  message PrintJobConfiguration {
    // The ID of the job. This and the device ID uniquely identify a print job
    // in enterprise reporting.
    optional string id = 1;

    // The name of the document.
    optional string title = 2;

    // The final status of the job.
    optional int32 status = 3;

    // The time the print job was created in milliseconds since epoch.
    optional int64 creation_timestamp_ms = 4;

    // The time the print job was completed in milliseconds since epoch.
    optional int64 completion_timestamp_ms = 5;

    // The number of pages in the document.
    optional int32 number_of_pages = 6;

    // The settings of the print job.
    optional PrintSettings settings = 7;
  }

  enum UserType {
    UNKNOWN_USER_TYPE = 0;
    REGULAR = 1;
    GUEST = 2;
    KIOSK = 3;
  }

  message Printer {
    // Displayed name of the printer in the client.
    optional string name = 1;

    // URI of the printer, which serves as a unique identifier.
    optional string uri = 2;

    // Printer ID.
    optional string id = 3;
  }

  // The finishing settings of the print job.
  message PrintSettings {
    enum ColorMode {
      UNKNOWN_COLOR_MODE = 0;
      BLACK_AND_WHITE = 1;
      COLOR = 2;
    }

    enum DuplexMode {
      UNKNOWN_DUPLEX_MODE = 0;
      ONE_SIDED = 1;
      TWO_SIDED_LONG_EDGE = 2;
      TWO_SIDED_SHORT_EDGE = 3;
    }

    message MediaSize {
      // Width (in micrometers)
      optional int32 width = 1;

      // Height (in micrometers)
      optional int32 height = 2;

      // Platform specific id to map it back to the particular media.
      optional string vendor_id = 3;
    }

    optional ColorMode color = 1;

    optional DuplexMode duplex = 2;

    optional MediaSize media_size = 3;

    optional int32 copies = 4;
  }

  optional PrintJobConfiguration job_configuration = 1;

  optional UserType user_type = 2;

  optional Printer printer = 3;
}

// Provides information about an installed app.
message App {
  // Enum listing the available types of the apps.
  // Aligned with apps::mojom::AppType.
  enum AppType {
    // Unknown/undefined.
    UNKNOWN = 0;
    // ARC++/Android app.
    ARC = 1;
    // Built-in app.
    BUILT_IN = 2;
    // Linux/crostini app.
    CROSTINI = 3;
    // Chrome extension.
    EXTENSION = 4;
    // Progressive web app.
    WEB = 5;
    // Plugin VM app.
    PLUGIN_VM = 6;
    // Borealis VM app.
    BOREALIS = 7;
    // Bruschetta VM app.
    BRUSCHETTA = 8;
  }

  // ID of the installed application. Package name for Android apps and 32
  // character long app id for other applications (PWAs, Extensions, Built-in
  // apps).
  optional string app_id = 1;

  // Type of the application.
  optional AppType app_type = 2;

  // Additional IDs of the installed application if exist.
  // For example it will contain Chrome style 32 character long ids for Android
  // apps, that use package name as their primary ID.
  repeated string additional_app_id = 3;
}

// Information about app activity used for Per-App Time Limits feature.
message AppActivity {
  // Enumerates different states that the app can have.
  enum AppState {
    // State not known.
    UNKNOWN = 0;
    // Default state - no restrictions enforced.
    DEFAULT = 1;
    // Important app that cannot be blocked, because it is essential for the OS.
    ALWAYS_AVAILABLE = 2;
    // App blocked on the client.
    BLOCKED = 3;
    // App reached usage limit on the client.
    LIMIT_REACHED = 4;
    // App was uninstalled. It still might have some recent unreported activity.
    UNINSTALLED = 5;
  }

  // App identifying information.
  optional App app_info = 1;

  // A list of time periods when the app was active.
  repeated TimePeriod active_time_periods = 2;

  // Timestamp when this activity data were populated.
  // Specified in milliseconds since Epoch in UTC timezone (Java time).
  optional int64 populated_at = 3;

  // State of the app on client at the time of reporting. To maintain
  // consistency and help debugging between client and Family Link.
  optional AppState app_state = 4;
}

// Models a window for screen time.
message ScreenTimeSpan {
  optional TimePeriod time_period = 1;

  // The actual activity duration during a particular time period window
  // (in milliseconds).
  optional int64 active_duration_ms = 2;
}

// Informs the server about the current state of a child user's session, to
// allow parent supervision.
message ChildStatusReportRequest {
  // The user's DMToken.
  optional string user_dm_token = 1;

  // Timestamp of this status report in milliseconds since epoch.
  optional int64 timestamp_ms = 2;

  // Time zone id of the active user (e.g. America/Sao_Paulo).
  // For more details check `third_party/icu/source/i18n/unicode/timezone.h`.
  optional string time_zone = 3;

  // A list of time spans when the screen was on during the user's session.
  repeated ScreenTimeSpan screen_time_span = 4;

  // Information about ARC status.
  optional AndroidStatus android_status = 5;

  // The OS version reported by the device is a platform version
  // e.g. 1435.0.2011_12_16_1635.
  optional string os_version = 6;

  // "Verified", "Dev". Same as verified mode.
  // If the mode is unknown, this field should not be set.
  optional string boot_mode = 7;

  // A list of per-app activity used for Per-App Time Limits feature.
  // It might not be sent in every report.
  repeated AppActivity app_activity = 8;

  // A list of applications which are hidden from the user.
  repeated App hidden_app = 9;

  // Next id: 10.
}

// Response from DMServer to update user devices' status.
// It is possible that status report fails but policy request succeed.  In such
// case, the ChildStatusReportResponse will contain an error code and the
// device should re-send status report data in the next policy request.  The
// device should re-send report data if policy request fails, even if
// ChildStatusReportResponse contains no error code.
message ChildStatusReportResponse {
  optional int32 error_code = 1;

  // Human readable error message for customer support purpose.
  optional string error_message = 2;
}

// Hashing Algorithm for Client Certificate Provisioning Flow.
enum HashingAlgorithm {
  // DO NOT USE
  HASHING_ALGORITHM_UNSPECIFIED = 0;

  SHA1 = 1;
  SHA256 = 2;

  // Do not hash the input data - assume it is input to the signature algorithm.
  // The client supports this starting with M-89.
  //
  // For SigningAlgorithm RSA_PKCS1_V1_5, the client will perform PKCS#1 v1.5
  // padding on `data_to_sign`. `data_to_sign` is expected to already contain a
  // PKCS#1 DigestInfo prefix - the client will not attempt to add such a
  // prefix. Also `data_to_sign` must be shorter than (key_size-11) bytes. If no
  // other key size was specified in the
  // RequiredClientCertificateFor{User,Device} policy, 2048 bits is assumed.
  NO_HASH = 3;
}

// Signing Algorithm for Client Certificate Provisioning Flow.
enum SigningAlgorithm {
  // DO NOT USE
  SIGNING_ALGORITHM_UNSPECIFIED = 0;

  RSA_PKCS1_V1_5 = 1;
}

// Client Certificate Provisioning "Static" Flow, Stage 1: Start a CSR request.
// No additional fields because cert_profile_id and public_key are passed in the
// outer message.
message StartCsrRequest {}

message StartCsrResponse {
  // The client should register for FCM messages using this topic in order to
  // receive notifications for the certificate provisioning process.
  optional string invalidation_topic = 1;

  // The verified access challenge.
  optional bytes va_challenge = 2;

  // Algorithm to hash data with before signing.
  optional HashingAlgorithm hashing_algorithm = 5;

  // Algorithm to sign data with for CSR creation.
  optional SigningAlgorithm signing_algorithm = 3;

  // Data to sign for CSR creation.
  optional bytes data_to_sign = 4;
}

// Client Certificate Provisioning "Static" Flow, Stage 2: Finish the CSR
// request.
message FinishCsrRequest {
  // Verified access challenge response.
  optional bytes va_challenge_response = 1;

  // The signature generated using the private key.
  optional bytes signature = 2;
}

message FinishCsrResponse {}

// Client Certificate Provisioning "Static" Flow, Stage 3: Download the issued
// certificate.
message DownloadCertRequest {}

message DownloadCertResponse {
  // PEM-encoded issued certificate.
  optional string pem_encoded_certificate = 1;
}

// "Dynamic" flow: Used to start a cerificate provisioning process.
message CertProvStartRequest {}

message CertProvStartResponse {
  // The client should register for FCM messages using this topic in order to
  // receive notifications for the certificate provisioning process.
  optional string invalidation_topic = 1;
}

// "Dynamic" flow: Used to fetch the next instruction that the client should
// process.
message CertProvGetNextInstructionRequest {}

message CertProvGetNextInstructionResponse {
  // One of the instructions must be filled.
  // If no instruction is available yet, the server should respond with a
  // `CertProvBackendError` instead of a `CertProvGetNextInstructionResponse`.
  oneof instruction {
    CertProvAuthorizeInstruction authorize_instruction = 1;
    CertProvProofOfPossessionInstruction proof_of_possession_instruction = 2;
    CertProvImportCertificateInstruction import_certificate_instruction = 3;
  }
}

// "Dynamic" flow: Used to authorize the client, currently using a Verified
// Access challenge response.
// The client should send this request after it received a
// `CertProvAuthorizeInstruction`.
message CertProvAuthorizeRequest {
  // Verified access challenge response.
  optional bytes va_challenge_response = 1;
}

message CertProvAuthorizeResponse {}

// "Dynamic" flow: Upload the result of a `ProofOfPossessionInstruction`.
message CertProvUploadProofOfPossessionRequest {
  // A client-generated cryptographic signature proving the possession of the
  // client's private key.
  // The signing key is the client-owned private key corresponding to
  // `ClientCertificateProvisioningRequest.public_key`.
  // The signed data has been previously delivered by the server in
  // `CertProvProofOfPossessionInstruction.data_to_sign`.
  // The hashing and signing algorithms have been previously delivered by the
  // server in the `hashing_algorithm` and `signing_algorithm` fields of
  // `CertProvProofOfPossessionInstruction`.
  optional bytes signature = 1;
}

message CertProvUploadProofOfPossessionResponse {}

// The client should perform an authorization step.
message CertProvAuthorizeInstruction {
  // The verified access challenge.
  optional bytes va_challenge = 1;
}

// The client should provide a proof-of-possession signature generated using
// the private key.
message CertProvProofOfPossessionInstruction {
  // Data to sign for CSR creation.
  // Depending on the `signature_algorithm` this may either contain the PKCS#1
  // DigestInfo in DER format (note that it must be shorter than (key_size-11)
  // bytes) or unhashed data. The client must process `data_to_sign` according
  // to the specified `signature_algorithm`, see comments in the
  // `CertProvSignatureAlgorithm` enum for more details.
  optional bytes data_to_sign = 1;

  // The signature algorithm that the client uses to process `data_to_sign`.
  // This defines both the hashing and signing algorithm the client should use.
  optional CertProvSignatureAlgorithm signature_algorithm = 2;
}

// The algorithm that the client should use / has used to sign data using its
// private key for proof-of-posession.
enum CertProvSignatureAlgorithm {
  // Default value. This value is unused.
  SIGNATURE_ALGORITHM_UNSPECIFIED = 0;

  // The server-side builds the PKCS#1 DigestInfo, i.e., the SHA256 hash
  // is constructed on the server-side. The client should sign using RSA
  // with PKCS#1 v1.5 padding. If no other key size was specified in the
  // RequiredClientCertificateFor{User,Device} policy, 2048 bits is assumed.
  SIGNATURE_ALGORITHM_RSA_PKCS1_V1_5_NO_HASH = 1;

  // The PKCS#1 digest info is built by the server-side and sent to the
  // client unhashed. The client is responsible for signing and hashing.
  // Uses the P-256 curve.
  SIGNATURE_ALGORITHM_ECDSA_SHA256 = 2;
}

// The client should import an issued certificate.
message CertProvImportCertificateInstruction {
  // PEM-encoded issued certificate.
  optional string pem_encoded_certificate = 1;
}

// Start / continue client certificate provisioning process for the profile
// `cert_profile_id`.
message ClientCertificateProvisioningRequest {
  reserved 9 to 11;
  // The id that uniquely identifies a certificate provisioning process.
  optional string certificate_provisioning_process_id = 16;

  // The scope of the certificate. Similar to policy_type in PolicyFetchRequest.
  //   google/chromeos/device => a certificate for a device is being requested.
  //   google/chromeos/user => a certificate for a user is being requested.
  optional string certificate_scope = 1;

  // The id of the client certificate profile, specified in the policy.
  optional string cert_profile_id = 2;

  // The public key for which the certificate should be issued. It's a
  // DER-serialized X.509 SubjectPublicKeyInfo.
  optional bytes public_key = 3;

  // Only filled if this is a request for a certificate for a user
  optional string device_dm_token = 4;

  oneof request {
    // "Static" flow
    // (go/chromeos-mgmt-cert-provisioning#heading=h.mh0xyf2o1ums).
    StartCsrRequest start_csr_request = 5;
    FinishCsrRequest finish_csr_request = 6;
    DownloadCertRequest download_cert_request = 7;

    // "Dynamic" flow (go/cert-prov-api-dm-changes)
    CertProvStartRequest start_request = 12;
    CertProvGetNextInstructionRequest get_next_instruction_request = 13;
    CertProvAuthorizeRequest authorize_request = 14;
    CertProvUploadProofOfPossessionRequest upload_proof_of_possession_request =
        15;
  }

  // Received as part of policy for client certificate profiles. The client
  // should not interpret this data and should forward it verbatim. DMServer
  // uses `policy_version` as a hint to verify that the policy view of DMServer
  // matches the view of Chrome OS device.
  optional bytes policy_version = 8;
}

// This marks an error between ChromeOS client and backend, including those
// involving the Certificate Authority or a Connector software.
// These could be mapped to HTTP error codes, but reuse of HTTP error codes was
// deemed confusing and difficult in the existing device management protocol
// (see existing usage of HTTP error codes described in the
// `DeviceManagementResponse` comment).
message CertProvBackendError {
  // If a new error code is added to the enum and used by the DM Server to
  // propagate an error, ChromeOS clients running older versions
  // will not be aware of the new error code. As proto2 is using closed enums,
  // accessing such an unknown enum field returns the enum's default value
  // which is the first defined enum value, i.e., `ERROR_UNSPECIFIED`. ChromeOS
  // clients treat this error by marking the associated certificate provisioning
  // process as failing. These values are persisted to logs. Entries should not
  // be renumbered and numeric values should never be reused. Keep in sync with
  // the CertProvBackendError UMA enum.
  enum Error {
    ERROR_UNSPECIFIED = 0;
    // The attempted request is invalid in the current state of the certificate
    // provisioning process.
    INVALID_OPERATION = 1;
    // The client has sent inconsistent data. This can happen if the client has
    // outdated policy.
    INCONSISTENT_DATA = 2;
    // The identity of the client could not be verified.
    IDENTITY_VERIFICATION_ERROR = 3;
    // The Certificate Provisioning Process (CPP) already exists and cannot be
    // started again.
    CPP_ALREADY_EXISTS = 4;
    // The backend does not accept the public key sent by the client.
    BAD_PUBLIC_KEY = 5;
    // The signature provided by the client is invalid.
    INVALID_SIGNATURE = 6;
    // The next instruction on how to proceed in the certificate provisioning
    // protocol is not yet available.
    INSTRUCTION_NOT_YET_AVAILABLE = 7;
    // The CA did not respond within the deadline.
    CA_UNAVAILABLE = 8;
    // The CA exhibited an internal server error.
    CA_FAILURE = 9;
    // The referenced certificate provisioning profile does not exist.
    PROFILE_NOT_FOUND = 10;
    // The user primary email cannot be found.
    USER_PRIMARY_EMAIL_NOT_FOUND = 11;
    // The certificate provisioning profile is referencing a non-existent CA
    // connection.
    CA_CONNECTION_NOT_FOUND = 12;
    // The CA connection referenced by the certificate provisioning profile
    // is referencing a non-existent PubSub topic.
    PUBSUB_TOPIC_NOT_FOUND = 13;
    // The Adapter uploaded a certificate that cannot be parsed or was issued
    // for a wrong public key.
    BAD_ADAPTER_CERTIFICATE_RECEIVED = 14;
    // The requested certificate provisioning process cannot be found on
    // Spanner.
    CERTIFICATE_PROVISIONING_PROCESS_NOT_FOUND = 15;
    // Placeholders for future errors that require the client to immediately
    // retry provisioning the certificate from the very beginning (same as for
    // INCONSISTENT_DATA and PROFILE_NOT_FOUND, all other errors make the client
    // retry after a restart.)
    IMMEDIATE_RETRY_ERROR_ZERO = 16;
    IMMEDIATE_RETRY_ERROR_ONE = 17;
    IMMEDIATE_RETRY_ERROR_TWO = 18;
    IMMEDIATE_RETRY_ERROR_THREE = 19;
    IMMEDIATE_RETRY_ERROR_FOUR = 20;
    // Google's well-known borg service account used for sending out the initial
    // Pub/Sub notification to Certificate Provisioning Adapters was not granted
    // the necessary Pub/Sub Publisher permission in the Google Cloud project
    // which owns the Pub/Sub topic specified in the CA connection.
    MISSING_PUBSUB_PUBLISHER_PERMISSION = 21;
  }

  // The specific error type.
  optional Error error = 1;

  // A debug message that could be useful for understanding the error.
  optional string debug_message = 2;
}

// Response for ClientCertificateProvisioningRequest.
message ClientCertificateProvisioningResponse {
  reserved 6;

  // Error conditions that the server side reports to the client that don't fit
  // into the standard HTTP error schema.
  // Note that HTTP errors can still be signaled for the client certificate
  // provisioning requests, e.g. bad DMToken or internal errors will be
  // propagated as HTTP errors.
  enum Error {
    UNDEFINED = 0;
    // The backend has not received a certificate within the time limit.
    TIMED_OUT = 1;
    // The identity of the client could not be verified.
    IDENTITY_VERIFICATION_ERROR = 2;
    // The CA encountered an error when processing the certification request.
    CA_ERROR = 3;
    // The client has sent inconsistent data.
    INCONSISTENT_DATA = 4;
    // The backend does not accept the public key sent by the client.
    BAD_PUBLIC_KEY = 5;
    // The leaf CA certificate specified by the admin is invalid.
    BAD_CA_CERTIFICATE_SPECIFIED = 6;
    // The certificate received from the certificate enrollment agent cannot be
    // parsed or is not issued by the leaf CA certificate specified by the
    // admin.
    BAD_CLIENT_CERTIFICATE_RECEIVED = 7;
    // The CSR signature provided by the client is invalid.
    INVALID_CSR_SIGNATURE = 8;
    // A certificate signing request for the same public key has already been
    // sent.
    CSR_ALREADY_SENT = 9;
  }

  // If filled, the request can currently not be processed and the client
  // is supposed to try again later using the same data.
  // The value is the number of milliseconds when the client should
  // automatically retry.
  // Used in "Static" flow only.
  optional int64 try_again_later = 1;

  oneof response {
    // Used in "Static" flow.
    Error error = 2;
    StartCsrResponse start_csr_response = 3;
    FinishCsrResponse finish_csr_response = 4;
    DownloadCertResponse download_cert_response = 5;

    // Used in "Dynamic" flow.
    CertProvStartResponse start_response = 7;
    CertProvGetNextInstructionResponse get_next_instruction_response = 8;
    CertProvAuthorizeResponse authorize_response = 9;
    CertProvUploadProofOfPossessionResponse
        upload_proof_of_possession_response = 10;
    CertProvBackendError backend_error = 11;
  }
}

// Request from browser to server to upload public key.
// GoogleDMToken MUST be in HTTP Authorization header.
message BrowserPublicKeyUploadRequest {
  enum KeyTrustLevel {
    // UNSPECIFIED.
    KEY_TRUST_LEVEL_UNSPECIFIED = 0;
    // Chrome Browser with the key stored in the device hardware.
    CHROME_BROWSER_HW_KEY = 1;
    // Chrome Browser with the key stored at OS level.
    CHROME_BROWSER_OS_KEY = 2;
  }

  enum KeyType {
    KEY_TYPE_UNSPECIFIED = 0;
    RSA_KEY = 1;
    EC_KEY = 2;
  }

  // Public key in EC_NID_X9_62_PRIME256V1_PUBLIC_DER format.
  optional bytes public_key = 1;

  // Signature of the new public key signed using the existing key, empty for
  // initial upload.
  optional bytes signature = 2;

  // Trust Level of the key.
  optional KeyTrustLevel key_trust_level = 3;

  // Type of the key.
  optional KeyType key_type = 4;

  // Whether the server should create a client certificate for that public key
  // and return it as part of the response or not.
  optional bool provision_certificate = 5;
}

// Response from server to device for cert upload request.
message BrowserPublicKeyUploadResponse {
  enum ResponseCode {
    UNDEFINED = 0;
    // The new key is uploaded successfully.
    SUCCESS = 1;
    // The signature could not be verified.
    INVALID_SIGNATURE = 2;
  }
  optional ResponseCode response_code = 1;

  // If the request had `provision_certificate` as true, this property will
  // contain the X.509 client certificate in PEM format.
  optional string pem_encoded_certificate = 2;
}

// Upload request for Firebase Messaging token to communicate registration token
// to the server. The response message will be
// `FmRegistrationTokenUploadResponse`.
// See go/cros-invalidation-with-direct-messaging.
message FmRegistrationTokenUploadRequest {
  // Scope of the uploaded token.
  enum TokenType {
    DEVICE = 0;
    BROWSER = 1;
    USER = 2;
  }

  optional string token = 1;
  // Invalidation protocol version that uploader currently supports.
  optional int64 protocol_version = 2;
  // Scope of the uploaded token.
  optional TokenType token_type = 3;
  // Token's expiration timestamp in milliseconds since Epoch in UTC timezone
  // (Java time).
  optional int64 expiration_timestamp_ms = 4;
  // Project number used to regiester with FM and the token is associated with.
  // go/device-cloud-gcp#fcm-related-projects
  optional int64 project_number = 5;
}

// Response to `FmRegistrationTokenUploadRequest`.
message FmRegistrationTokenUploadResponse {}

// Request body for determining enterprise promotion eligibility.
message DeterminePromotionEligibilityRequest {}

enum PromotionType {
  PROMOTION_TYPE_UNSPECIFIED = 0;
  CHROME_ENTERPRISE_CORE = 1;
  CHROME_ENTERPRISE_PREMIUM = 2;
}

// The list of CEC, CEP promotions that the user is eligible for.
message PromotionEligibilityList {
  optional PromotionType policy_page_promotion = 1;

  optional PromotionType management_page_promotion = 2;

  optional PromotionType interstitial_block_promotion = 3;

  optional PromotionType interstitial_warn_promotion = 4;

  optional PromotionType ntp_promotion = 5;

  optional PromotionType cws_extension_details_promotion = 6;

  optional PromotionType cws_privacy_details_promotion = 7;
}

message GetUserEligiblePromotionsResponse {
  // The list of promotions that the user is eligible for.
  optional PromotionEligibilityList promotions = 1;
}

// Additional detail about the error which can be used to clarify user messaging
// around the error or to influence Chrome's error-handling behavior.
enum DeviceManagementErrorDetail {
  NO_ERROR_DETAIL = 0;

  // Only valid for CBCM browser DEVICE_NOT_FOUND errors. Indicates that the
  // DMToken should be deleted entirely from its storage location.
  CBCM_DELETION_POLICY_PREFERENCE_DELETE_TOKEN = 1;

  // Only valid for CBCM browser DEVICE_NOT_FOUND errors. Indicates that the
  // DMToken should be invalidated, preventing device re-enrollment.
  CBCM_DELETION_POLICY_PREFERENCE_INVALIDATE_TOKEN = 2;
}

// Request from the DMAgent on the device to the DMServer.  This is
// container for all requests from device to server.  The overall HTTP
// request MUST be in the following format:
//
// * HTTP method is POST
// * Data mime type is application/x-protobuffer
//   * See GoogleContentTypeEnum.java
// * HTTP parameters are (all required, all case sensitive):
//   * request: MUST BE one of
//     * api_authorization
//     * cert_upload
//     * check_device_pairing
//     * device_pairing
//     * device_state_retrieval
//     * enterprise_check
//     * enterprise_psm_check
//     * chrome_desktop_report
//     * chrome_os_user_report
//     * policy
//     * register
//     * status_upload
//     * unregister
//     * remote_commands
//     * attribute_update_permission
//     * attribute_update
//     * gcm_id_update
//     * check_android_management
//     * certificate_based_register
//     * active_directory_enroll_play_user
//     * active_directory_play_activity
//     * active_directory_user_signin
//     * register_browser
//     * policy_validation_report
//     * device_initial_enrollment_state
//     * refresh_account
//     * client_cert_provisioning
//     * browser_public_key_upload
//     * upload_euicc_info
//   * devicetype: MUST BE "1" for Android, "2" for Chrome OS or "3" for Chrome
//     browser.
//   * apptype: MUST BE Android or Chrome.
//   * deviceid: MUST BE no more than 64-char in [\x21-\x7E].
//   * agent: MUST BE no more than 64-char long.
// * HTTP Authorization header MUST be in the following formats:
//   * For register for Chrome browsers and token_based_register requests.
//     Authorization: GoogleEnrollmentToken token=<enrollment token>
//
//   * For unregister, policy, status, cert_upload, remote_commands,
//     gcm_id_update, active_directory_enroll_play_user,
//     active_directory_play_activity, active_directory_user_signin,
//     policy_validation_report, chrome_desktop_report,
//     chrome_os_user_report, refresh_account, client_cert_provisioning,
//     api_authorization requests
//     Authorization: GoogleDMToken token=<DMToken from register>
//
//   * The Authorization header isn't used for enterprise_check,
//     enterprise_psm_check, device_initial_enrollment_state or
//     certificate_based_register requests.
//     It is also not used for register requests
//     - for these requests, the OAuth token is passed in the "oauth"
//     HTTP query parameter.
//
// DeviceManagementRequest should only contain one request which matches the
// HTTP query parameter - request, as mentioned in comments on the fields of the
// message. Other requests within the container will be ignored.
message DeviceManagementRequest {
  reserved 24;  // unused previous version of chrome_desktop_report_request.

  // Register request.
  // HTTP query parameter 'request': 'register'
  optional DeviceRegisterRequest register_request = 1;

  // Unregister request.
  // HTTP query parameter 'request': 'unregister'
  optional DeviceUnregisterRequest unregister_request = 2;

  // Policy request.
  // HTTP query parameter 'request': 'policy'
  optional DevicePolicyRequest policy_request = 3;

  // Update status.
  // HTTP query parameter 'request': 'status'
  // (this applies to all of the following three fields, and they can all be
  // present in the same request).
  optional DeviceStatusReportRequest device_status_report_request = 4;
  optional SessionStatusReportRequest session_status_report_request = 5;
  optional ChildStatusReportRequest child_status_report_request = 30;

  // Auto-enrollment detection.
  // HTTP query parameter 'request': 'enterprise_check'
  optional DeviceAutoEnrollmentRequest auto_enrollment_request = 6;

  // EMCert upload (for remote attestation)
  // HTTP query parameter 'request': 'cert_upload'
  optional DeviceCertUploadRequest cert_upload_request = 7;

  // Request for OAuth2 authorization codes to access Google services.
  // HTTP query parameter 'request': 'api_authorization'
  optional DeviceServiceApiAccessRequest service_api_access_request = 8;

  // Device-state retrieval.
  // HTTP query parameter 'request': 'device_state_retrieval'
  optional DeviceStateRetrievalRequest device_state_retrieval_request = 9;

  // Device state key update.
  // HTTP query parameter 'request': 'policy'
  optional DeviceStateKeyUpdateRequest device_state_key_update_request = 10;

  // Pair two devices.
  // HTTP query parameter 'request': 'device_pairing'
  optional DevicePairingRequest device_pairing_request = 11;

  // Check if two devices are paired.
  // HTTP query parameter 'request': 'check_device_pairing'
  optional CheckDevicePairingRequest check_device_pairing_request = 12;

  // Remote command fetching.
  // HTTP query parameter 'request': 'remote_commands'
  optional DeviceRemoteCommandRequest remote_command_request = 13;

  // Check permission for updating device attribute.
  // HTTP query parameter 'request': 'attribute_update_permission'
  optional DeviceAttributeUpdatePermissionRequest
      device_attribute_update_permission_request = 14;

  // Update device attribute.
  // HTTP query parameter 'request': 'attribute_update'
  optional DeviceAttributeUpdateRequest device_attribute_update_request = 15;

  // Update the GCM id to device_id mapping.
  // HTTP query parameter 'request': 'gcm_id_update'
  optional GcmIdUpdateRequest gcm_id_update_request = 16;

  // Check if user is a managed Android-for-Work user with DPC enforcement.
  // HTTP query parameter 'request': 'check_android_management'
  optional CheckAndroidManagementRequest check_android_management_request = 17;

  // Request to register with a registration certificate.
  // HTTP query parameter 'request': 'certificate_based_register'
  optional CertificateBasedDeviceRegisterRequest
      certificate_based_register_request = 18;

  // Gets an enrollment token to a Managed Google Play Account for using it with
  // Active Directory.
  // HTTP query parameter 'request': 'active_directory_enroll_play_user'
  optional ActiveDirectoryEnrollPlayUserRequest
      active_directory_enroll_play_user_request = 19;

  // Reports that a Play account is used.
  // HTTP query parameter 'request': 'active_directory_play_activity'
  optional ActiveDirectoryPlayActivityRequest
      active_directory_play_activity_request = 20;

  // Request device license information.
  optional CheckDeviceLicenseRequest check_device_license_request_deprecated =
      21 [deprecated = true];

  // Initiate an Active Directory user signin.
  // HTTP query parameter 'request': 'active_directory_user_signin'
  optional ActiveDirectoryUserSigninRequest
      active_directory_user_signin_request = 22;

  // Request to register a browser independently of its users.
  // HTTP query parameter 'request': 'register_browser'
  optional RegisterBrowserRequest register_browser_request = 23;

  // A report on the status of app push-installs.
  // HTTP query parameter 'request': 'app_install_report'
  optional AppInstallReportRequest app_install_report_request = 25;

  // A Chrome desktop report request.
  // HTTP query parameter 'request': 'chrome_desktop_report'
  optional ChromeDesktopReportRequest chrome_desktop_report_request = 26;

  // Result of validating fetched policy on the client.
  // HTTP query parameter 'request': 'policy_validation_report'
  optional PolicyValidationReportRequest policy_validation_report_request = 27;

  // Query for initial enrollment details.
  // HTTP query parameter 'request': 'device_initial_enrollment_state'
  optional DeviceInitialEnrollmentStateRequest
      device_initial_enrollment_state_request = 28;

  // Request from device to wipe an old account and get a new account.
  // HTTP query parameter 'request': 'refresh_account'
  optional RefreshAccountRequest refresh_account_request = 29;

  // Request from device to upload RSU lookup key.
  // TODO(crbug.com/40210185): seems unused
  optional RsuLookupKeyUploadRequest rsu_lookup_key_upload_request = 31;

  // Request from device for SAML IdP URL address.
  // HTTP query parameter 'request': 'public_saml_user_request'
  optional PublicSamlUserRequest public_saml_user_request = 32;

  // A ChromeOS user report request.
  // HTTP query parameter 'request': 'chrome_os_user_report'
  optional ChromeOsUserReportRequest chrome_os_user_report_request = 33;

  // Request to start / continue client certificate provisioning process.
  // HTTP query parameter 'request': 'client_cert_provisioning'
  optional ClientCertificateProvisioningRequest
      client_certificate_provisioning_request = 34;

  // A report on the status of extension install process.
  // TODO(crbug.com/40210185): seems unused.
  optional ExtensionInstallReportRequest extension_install_report_request = 35;

  // Request to check user account for smart enrollment.
  // HTTP query parameter 'request': 'check_user_account'
  optional CheckUserAccountRequest check_user_account_request = 36;

  // Request from device to check the state stored in PSM. Currently, it is used
  // for ZTE/LP device initial enrollment state check.
  // HTTP query parameter 'request': 'enterprise_psm_check'
  optional PrivateSetMembershipRequest private_set_membership_request = 37;

  // Request from browser to upload public key.
  // HTTP query parameter 'request': 'browser_public_key_upload'
  optional BrowserPublicKeyUploadRequest browser_public_key_upload_request = 38;

  // Request to upload info about eSIM provisioning.
  // HTTP query parameter 'request': 'upload_euicc_info'
  optional UploadEuiccInfoRequest upload_euicc_info_request = 39;

  // Request to upload profile usage information.
  // HTTP query parameter 'request': 'chrome_profile_report'
  optional ChromeProfileReportRequest chrome_profile_report_request = 40;

  // Request to register a device with an enrollment token.
  // HTTP query parameter 'request': 'token_based_register'
  optional TokenBasedDeviceRegisterRequest token_based_device_register_request =
      41;

  optional FmRegistrationTokenUploadRequest
      fm_registration_token_upload_request = 42;

  optional DeterminePromotionEligibilityRequest
      determine_promotion_eligibility_request = 43;

  // Next id: 44.
}

// Response from server to device.
//
// For release clients, DMServer returns errors using HTTP Status Code, so that
// clients only need to check one place for all error codes.  It is also easier
// to perform log analysis and customer support since HTTP Status Code is easily
// visible in the logs.
//
// Possible HTTP status codes:
// 200 OK: valid response is returned to client.
// 400 Bad Request: invalid argument or payload.
// 401 Unauthorized: invalid auth cookie/OAuth token, DMToken or enrollment
//     token.
// 402 Missing license.
// 403 Forbidden: device management is not allowed (e.g. user may not enroll).
// 404 Not Found: the request URL is invalid.
// 405 Invalid serial number.
// 406 Domain mismatch (e.g. device is enrolling into the wrong domain, should
//     force-re-enroll into another domain).
// 409 Device id conflict.
// 410 Device Not Found: the device id is not found.
// 412 Pending approval. Used with ClientCertificateProvisioningRequest to
//     indicate that a certificate has not been issued yet.
// 413 Request payload too large.
// 417 Consumer (non-dasher) account can not enroll with packaged license.
// 418 Cannot enroll to kiosk with packaged license.
// 419 Org unit enrollment limit exceeded.
// 429 Too many requests.
// 500 Internal Server Error: most likely a bug in DM server.
// 503 Service Unavailable: most likely a backend error.
// 902 Policy Not Found: the policy is not found.
// 903 Deprovisioned: the device has been deprovisioned.
// 904 Arc Disabled: ARC is not enabled on the domain.
// 905 Can not enroll packaged license device to domainless customer.
// 906 TOS has not been accepted by customer.
// 907 Illegal account for packaged EDU license.
message DeviceManagementResponse {
  reserved 1, 24;

  // Error message.
  optional string error_message = 2;

  // Additional details about the error message.
  repeated DeviceManagementErrorDetail error_detail = 39;

  // Register response
  optional DeviceRegisterResponse register_response = 3;

  // Unregister response
  optional DeviceUnregisterResponse unregister_response = 4;

  // Policy response.
  optional DevicePolicyResponse policy_response = 5;

  // Update status report response.
  optional DeviceStatusReportResponse device_status_report_response = 6;
  optional SessionStatusReportResponse session_status_report_response = 7;
  optional ChildStatusReportResponse child_status_report_response = 29;

  // Auto-enrollment detection response.
  optional DeviceAutoEnrollmentResponse auto_enrollment_response = 8;

  // EMCert upload response.
  optional DeviceCertUploadResponse cert_upload_response = 9;

  // Response to OAuth2 authorization code request.
  optional DeviceServiceApiAccessResponse service_api_access_response = 10;

  // Device-state retrieval.
  optional DeviceStateRetrievalResponse device_state_retrieval_response = 11;

  // Response to device pairing request.
  optional DevicePairingResponse device_pairing_response = 12;

  // Response to check device pairing request.
  optional CheckDevicePairingResponse check_device_pairing_response = 13;

  // Response to remote command request.
  optional DeviceRemoteCommandResponse remote_command_response = 14;

  // Response to check device attribute update permission.
  optional DeviceAttributeUpdatePermissionResponse
      device_attribute_update_permission_response = 15;

  // Response to update device attribute.
  optional DeviceAttributeUpdateResponse device_attribute_update_response = 16;

  // Response to GCM id update request.
  optional GcmIdUpdateResponse gcm_id_update_response = 17;

  // Response to check Android management request.
  optional CheckAndroidManagementResponse check_android_management_response =
      18;

  // Response to an Active Directory Play user enrollment request.
  optional ActiveDirectoryEnrollPlayUserResponse
      active_directory_enroll_play_user_response = 19;

  // Response to a Play activity request.
  optional ActiveDirectoryPlayActivityResponse
      active_directory_play_activity_response = 20;

  // Response to a check device license request.
  optional CheckDeviceLicenseResponse check_device_license_response_deprecated =
      21 [deprecated = true];

  // Response to a request initiating an Active Directory user signin.
  optional ActiveDirectoryUserSigninResponse
      active_directory_user_signin_response = 22;

  // Response to a Chrome desktop report request.
  optional ChromeDesktopReportResponse chrome_desktop_report_response = 23;

  // Response a report on the status of app push-installs
  optional AppInstallReportResponse app_install_report_response = 25;

  // Response to a policy validation report.
  optional PolicyValidationReportResponse policy_validation_report_response =
      26;

  // Response to initial enrollment details query.
  optional DeviceInitialEnrollmentStateResponse
      device_initial_enrollment_state_response = 27;

  // Response to refresh account request.
  optional RefreshAccountResponse refresh_account_response = 28;

  // Response to RSU lookup key upload request.
  optional RsuLookupKeyUploadResponse rsu_lookup_key_upload_response = 30;

  // Response to public SAML session user request.
  optional PublicSamlUserResponse public_saml_user_response = 31;

  // Response to a ChromeOS user report request.
  optional ChromeOsUserReportResponse chrome_os_user_report_response = 32;

  // Response to a client certificate provisioning request.
  optional ClientCertificateProvisioningResponse
      client_certificate_provisioning_response = 33;

  // Response to a checking user account type for smart enrollment.
  optional CheckUserAccountResponse check_user_account_response = 34;

  // Response to a client private set membership request.
  optional PrivateSetMembershipResponse private_set_membership_response = 35;

  // Response to browser public key upload request.
  optional BrowserPublicKeyUploadResponse browser_public_key_upload_response =
      36;

  // Response to EUICC info upload request.
  optional UploadEuiccInfoResponse upload_euicc_info_response = 37;

  // Response to a Chrome Profile report request.
  optional ChromeProfileReportResponse chrome_profile_report_response = 38;

  // Response to a token-based register request.
  optional TokenBasedDeviceRegisterResponse
      token_based_device_register_response = 40;

  optional FmRegistrationTokenUploadResponse
      fm_registration_token_upload_response = 41;

  optional GetUserEligiblePromotionsResponse
      get_user_eligible_promotions_response = 42;

  // Next id: 43.
}

// Device State Information stored in the server is retrieval at
// enrollment process. Learn more at go/cros-enterprise-psm
message DeviceStateRetrievalInfo {
  // Whether the device should retrieve initial state or not.
  optional bool has_initial_state = 1;
}