1// Copyright 2017 The Chromium OS Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5syntax = "proto2";
6
7option optimize_for = LITE_RUNTIME;
8
9package login_manager;
10
11// Specifies the account type that the |account_id| in PolicyDescriptor
12// references.
13enum PolicyAccountType {
14  // |account_id| must be empty. Policy is stored in a device-wide root-owned
15  // location.
16  ACCOUNT_TYPE_DEVICE = 0;
17
18  // |account_id| references a user account. Policy is stored on the user's
19  // cryptohome.
20  ACCOUNT_TYPE_USER = 1;
21
22  // |account_id| references a user account where the user session hasn't been
23  // added to Session Manager yet. Special case to retrieve user policy on the
24  // login screen.
25  ACCOUNT_TYPE_SESSIONLESS_USER = 2;
26
27  // |account_id| references a device local account. Policy is stored in a
28  // device-wide root-owned location in a folder that depends on |account_id|.
29  ACCOUNT_TYPE_DEVICE_LOCAL_ACCOUNT = 3;
30
31  // Next ID to use: 4
32};
33
34// Within a given account, policies are namespaced by a
35// (|domain|, |component_id|) pair in PolicyDescriptor.
36// The meaning of the |component_id| depends on the domain, see below.
37enum PolicyDomain {
38  // Domain for Chrome policies. |component_id| must be empty.
39  POLICY_DOMAIN_CHROME = 0;
40
41  // Domain for policies for regular Chrome extensions. |component_id| must be
42  // equal to the extension ID.
43  POLICY_DOMAIN_EXTENSIONS = 1;
44
45  // Domain for policies for Chrome extensions running under the Chrome OS
46  // signin profile. |component_id| must be equal to the extension ID.
47  POLICY_DOMAIN_SIGNIN_EXTENSIONS = 2;
48
49  // Next ID to use: 3
50};
51
52// Descriptor for policy blobs to give SessionManager's StorePolicy*Ex and
53// RetrievePolicyEx enough context to decide how to store policy.
54message PolicyDescriptor {
55  // The pair (|account_type|, |account_id|) determines the account for policy
56  // storage.
57  optional PolicyAccountType account_type = 1;
58
59  // The meaning of |account_id| depends on |account_type|, see
60  // PolicyAccountType.
61  optional string account_id = 2;
62
63  // The pair (|domain|, |component_id|) determines the namespace for policy
64  // storage.
65  optional PolicyDomain domain = 3;
66
67  // The meaning of |component_id| depends on |domain|, see PolicyDomain.
68  optional string component_id = 4;
69
70  // Next ID to use: 5
71}
72