1/* 2 * Copyright (C) 2023 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17syntax = "proto2"; 18 19package devicelockcontroller; 20 21import "google/protobuf/timestamp.proto"; 22import "configuration_info.proto"; 23import "device_checkin_info.proto"; 24import "device_info.proto"; 25import "enrollment_info.proto"; 26 27option java_package = "com.android.devicelockcontroller.proto"; 28option java_multiple_files = true; 29 30// This service is used by the Device Lock Android client to facilitate device 31// provisioning of an eligible device into a Device Lock locking program. 32service DeviceLockCheckinService { 33 // Fetches the check-in status of the device. 34 rpc GetDeviceCheckinStatus(GetDeviceCheckinStatusRequest) 35 returns (GetDeviceCheckinStatusResponse) {} 36 37 // Determines if a device is in an approved country. 38 rpc IsDeviceInApprovedCountry(IsDeviceInApprovedCountryRequest) 39 returns (IsDeviceInApprovedCountryResponse) {} 40 41 // Pauses the provisioning of the device. 42 rpc PauseDeviceProvisioning(PauseDeviceProvisioningRequest) 43 returns (PauseDeviceProvisioningResponse) {} 44 45 // Reports the device provision state of a device that is undergoing device 46 // provisioning. 47 rpc ReportDeviceProvisionState(ReportDeviceProvisionStateRequest) 48 returns (ReportDeviceProvisionStateResponse) {} 49 50 // Updates FCM token for a device. 51 rpc UpdateFcmToken(UpdateFcmTokenRequest) 52 returns (UpdateFcmTokenResponse) {} 53} 54 55// Request to retrieve the check-in status of the device. 56message GetDeviceCheckinStatusRequest { 57 // The device identifiers associated with the device provided by the Device 58 // Lock Android client. The Device Lock Android client would provide only one 59 // device identifier once the Device Lock Check-in service determines which 60 // of the device identifiers is registered with a locking program. 61 repeated ClientDeviceIdentifier client_device_identifiers = 1; 62 // The Mobile Network Code for the carrier, the Device Lock Android client 63 // would fetch it from TelephonyManager#getSimOperator(). 64 optional string carrier_mccmnc = 2; 65 // The Firebase Cloud Messaging (FCM) registration token associated with the 66 // device provided by the Device Lock Android client. The token is only used 67 // for GMS devices. 68 optional string fcm_registration_token = 3; 69 // The name of the manufacturer of the device. 70 optional string device_manufacturer = 4; 71 // The name of the model of the device. 72 optional string device_model = 5; 73 // The internal name of the device. 74 optional string device_internal_name = 6; 75} 76 77message ClientDeviceIdentifier { 78 // The device identifier associated with the device. 79 optional string device_identifier = 1; 80 // The type of the device identifier. 81 optional DeviceIdentifierType device_identifier_type = 2; 82} 83 84// The different check-in status the Device Lock Android client can be in. 85enum ClientCheckinStatus { 86 CLIENT_CHECKIN_STATUS_UNSPECIFIED = 0; 87 // The device is not ready for provision. The Device Lock Android client 88 // would need to do another check-in. 89 CLIENT_CHECKIN_STATUS_RETRY_CHECKIN = 1; 90 // The device is ready for provision. The Device Lock Android client can use 91 // the device provisioning information provided by the Device Lock server to 92 // provision the device. 93 CLIENT_CHECKIN_STATUS_READY_FOR_PROVISION = 2; 94 // The device no longer needs to be provisioned. The Device Lock Android 95 // client can stop future check-ins. 96 CLIENT_CHECKIN_STATUS_STOP_CHECKIN = 3; 97} 98 99// Response to a request to retrieve the check-in status of a given device. 100message GetDeviceCheckinStatusResponse { 101 // The Device Lock Android client check-in status determined by the Device 102 // Lock server. 103 optional ClientCheckinStatus client_checkin_status = 1; 104 // Set by the Device Lock server when the Device Lock Android client provides 105 // multiple device identifiers and one of the multiple device identifiers is 106 // registered with the Device Lock server. The client should use the device 107 // identifier that was found for any future communications with the Device 108 // Lock server. 109 optional string registered_device_identifier = 2; 110 // One of the following fields will get populated based on the device 111 // check-in status. But if the Device Lock server determines that the Device 112 // Lock Android client no longer needs to do a check-in, then none of the 113 // fields will be populated. 114 oneof next_steps { 115 // The Device Lock server determined that the Device Lock Android client 116 // needs to perform another device check-in. 117 NextCheckinInformation next_checkin_information = 3; 118 // The Device Lock server determined that the Device Lock Android client 119 // can now provision the device. 120 DeviceProvisioningInformation device_provisioning_information = 4; 121 } 122} 123 124// Information needed by the Device Lock Android client for the next check-in. 125message NextCheckinInformation { 126 // Set by the Device Lock server which tells the Device Lock Android client 127 // the date when the next check-in should happen. 128 optional google.protobuf.Timestamp next_checkin_timestamp = 1; 129} 130 131// Information needed by the Device Lock Android client for device provisioning. 132message DeviceProvisioningInformation { 133 // The configuration information assigned to the device. 134 optional ConfigurationInfo configuration_information = 1; 135 // The type of enrollment assigned to the device. This is used by the 136 // Device Lock Android client to determine what type of strings should be 137 // shown to the user. 138 optional EnrollmentType enrollment_type = 2; 139 // The provision type selected when enrolling the device into a locking 140 // program. The Device Lock Android client would use this to determine which 141 // provision approach should be used to provision the device. 142 optional DeviceProvisionType device_provision_type = 3; 143 // Whether the Device Lock Android client should force the provisioning. If 144 // true, then the user cannot stop device provisioning. Otherwise, if false, 145 // then the user can optionally pause device provisioning. 146 optional bool force_provisioning = 4; 147 // Whether the device is an approved country. If true, then the Device Lock 148 // Android client can proceed with device provisioning. Otherwise, this would 149 // be considered a provisioning failure and the Device Lock Android client 150 // would use the ReportDeviceProvisionState RPC to report the provision 151 // failure. 152 optional bool is_device_in_approved_country = 5; 153 // Whether the device is allowed to use adb debugging on production builds. 154 // Should only be true for a small set of tester devices. 155 optional bool allow_debugging = 6; 156} 157 158// Request to determine whether a registered device is in an approved country. 159message IsDeviceInApprovedCountryRequest { 160 // The device identifier that is registered with the Device Lock server. 161 optional string registered_device_identifier = 1; 162 // The Mobile Network Code for the carrier, the Device Lock Android client 163 // would fetch it from TelephonyManager#getSimOperator(). 164 optional string carrier_mccmnc = 2; 165} 166 167// Response to a request for determining if a registered device is in an 168// approved country. 169message IsDeviceInApprovedCountryResponse { 170 // Whether the device is an approved country. 171 optional bool is_device_in_approved_country = 1; 172} 173 174// The different reasons device provisioning can be paused. 175enum PauseDeviceProvisioningReason { 176 PAUSE_DEVICE_PROVISIONING_REASON_UNSPECIFIED = 0; 177 // If given as an option to the user, the user can pause device provisioning. 178 // For example, the user is currently driving and the Device Lock Android 179 // client is prompting the user to proceed with device provisioning. 180 PAUSE_DEVICE_PROVISIONING_REASON_USER_DEFERRED_DEVICE_PROVISIONING = 1; 181} 182 183// Request to pause device provisioning of an eligible device. 184message PauseDeviceProvisioningRequest { 185 // The device identifier that is registered with the Device Lock server that 186 // is requesting to pause device provisioning. 187 optional string registered_device_identifier = 1; 188 // The reason for pausing device provisioning. 189 optional PauseDeviceProvisioningReason pause_device_provisioning_reason = 2; 190} 191 192// Response to a request to pause device provisioning of an eligible device. 193message PauseDeviceProvisioningResponse {} 194 195// The different reasons device provisioning can fail on a device. 196enum ClientProvisionFailureReason { 197 PROVISION_FAILURE_REASON_UNSPECIFIED = 0; 198 // Provision failed due to play installation task class is unavailable. 199 PROVISION_FAILURE_REASON_PLAY_TASK_UNAVAILABLE = 1; 200 // Provision failed due to play installation failed. 201 PROVISION_FAILURE_REASON_PLAY_INSTALLATION_FAILED = 2; 202 // Provision failed due to country eligibility information unavailable. 203 PROVISION_FAILURE_REASON_COUNTRY_INFO_UNAVAILABLE = 3; 204 // Provision failed due to device is not in an eligible country or region. 205 PROVISION_FAILURE_REASON_NOT_IN_ELIGIBLE_COUNTRY = 4; 206 // Provision failed due to inability to enforce policies. 207 PROVISION_FAILURE_REASON_POLICY_ENFORCEMENT_FAILED = 5; 208 // Provision failed previously and the device has stayed failing beyond 209 // the deadline. 210 PROVISION_FAILURE_REASON_DEADLINE_PASSED = 6; 211} 212 213// The different provision states of a device. 214enum ClientProvisionState { 215 CLIENT_PROVISION_STATE_UNSPECIFIED = 0; 216 // The Device Lock Android client would retry to provision the device. 217 CLIENT_PROVISION_STATE_RETRY = 1; 218 // The Device Lock Android client would inform the user that there has been 219 // an issue with device provisioning. The user can dismiss this. 220 CLIENT_PROVISION_STATE_DISMISSIBLE_UI = 2; 221 // The Device Lock Android client would inform the user that there has been 222 // an issue with device provisioning. The user cannot dismiss this. 223 CLIENT_PROVISION_STATE_PERSISTENT_UI = 3; 224 // The Device Lock Android client would factory reset the device because 225 // device provisioning could not be done. 226 CLIENT_PROVISION_STATE_FACTORY_RESET = 4; 227 // Device provisioning was a success. 228 CLIENT_PROVISION_STATE_SUCCESS = 5; 229} 230 231// Request to report the device provision state of a device that is 232// undergoing device provisioning. 233message ReportDeviceProvisionStateRequest { 234 // The reason why device provisioning failed if applicable. 235 optional ClientProvisionFailureReason client_provision_failure_reason = 1; 236 // The previous device provision state that the device was in. If not known, 237 // then CLIENT_PROVISION_STATE_UNSPECIFIED should be used. It is not known 238 // by the client on the first attempt of device provisioning. 239 optional ClientProvisionState previous_client_provision_state = 2; 240 // Whether device provision was a success. 241 optional bool provision_success = 3; 242 // The device identifier that is registered with the Device Lock server. 243 optional string registered_device_identifier = 4; 244} 245 246// Response to a request that is reporting the device provision state of a 247// device undergoing device provisioning. 248message ReportDeviceProvisionStateResponse { 249 // The Device Lock server determined the next provision state of the client. 250 // If the Device Lock Android client needs to send another gRPC request, then 251 // this provision state would be used as the previous provision state in the 252 // request. 253 optional ClientProvisionState next_client_provision_state = 1; 254 // The number of days left until the device should factory reset because of a failed provision. 255 // This number should only be used when next_client_provision_state is 256 // CLIENT_PROVISION_STATE_DISMISSIBLE_UI 257 optional uint32 days_left_until_reset = 2; 258} 259 260// Request to update FCM token for a device. 261message UpdateFcmTokenRequest { 262 // The device identifiers associated with the device provided by the Device 263 // Lock Android client. 264 repeated ClientDeviceIdentifier client_device_identifiers = 1; 265 266 // The Firebase Cloud Messaging (FCM) registration token associated with the 267 // device provided by the Device Lock Android client. The token is only used 268 // for GMS devices. 269 optional string fcm_registration_token = 2; 270} 271 272// Response to a request to update FCM token for a device. 273message UpdateFcmTokenResponse { 274 // The result of the update. 275 optional UpdateFcmTokenResult result = 1; 276} 277 278// The results of FCM token update. 279enum UpdateFcmTokenResult { 280 // Unspecified result. 281 UPDATE_FCM_TOKEN_RESULT_UNSPECIFIED = 0; 282 283 // Update to FCM token was successful. 284 UPDATE_FCM_TOKEN_RESULT_SUCCESS = 1; 285 286 // Update to FCM token was unsuccessful. 287 UPDATE_FCM_TOKEN_RESULT_FAILURE = 2; 288} 289