1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef COMPONENTS_POLICY_CORE_COMMON_CLOUD_CLOUD_POLICY_CONSTANTS_H_
6 #define COMPONENTS_POLICY_CORE_COMMON_CLOUD_CLOUD_POLICY_CONSTANTS_H_
7 
8 #include <string>
9 
10 #include "components/policy/policy_export.h"
11 
12 namespace policy {
13 
14 // Constants related to the device management protocol.
15 namespace dm_protocol {
16 
17 // Name extern constants for URL query parameters.
18 POLICY_EXPORT extern const char kParamAgent[];
19 POLICY_EXPORT extern const char kParamAppType[];
20 POLICY_EXPORT extern const char kParamCritical[];
21 POLICY_EXPORT extern const char kParamDeviceID[];
22 POLICY_EXPORT extern const char kParamDeviceType[];
23 POLICY_EXPORT extern const char kParamLastError[];
24 POLICY_EXPORT extern const char kParamOAuthToken[];
25 POLICY_EXPORT extern const char kParamPlatform[];
26 POLICY_EXPORT extern const char kParamRequest[];
27 POLICY_EXPORT extern const char kParamRetry[];
28 
29 // Policy constants used in authorization header.
30 POLICY_EXPORT extern const char kAuthHeader[];
31 POLICY_EXPORT extern const char kServiceTokenAuthHeaderPrefix[];
32 POLICY_EXPORT extern const char kDMTokenAuthHeaderPrefix[];
33 POLICY_EXPORT extern const char kEnrollmentTokenAuthHeaderPrefix[];
34 
35 // String extern constants for the device and app type we report to the server.
36 POLICY_EXPORT extern const char kValueAppType[];
37 POLICY_EXPORT extern const char kValueDeviceType[];
38 POLICY_EXPORT extern const char kValueRequestAutoEnrollment[];
39 POLICY_EXPORT extern const char kValueRequestPsmHasDeviceState[];
40 POLICY_EXPORT extern const char kValueRequestPolicy[];
41 POLICY_EXPORT extern const char kValueRequestRegister[];
42 POLICY_EXPORT extern const char kValueRequestApiAuthorization[];
43 POLICY_EXPORT extern const char kValueRequestUnregister[];
44 POLICY_EXPORT extern const char kValueRequestUploadCertificate[];
45 POLICY_EXPORT extern const char kValueRequestDeviceStateRetrieval[];
46 POLICY_EXPORT extern const char kValueRequestUploadStatus[];
47 POLICY_EXPORT extern const char kValueRequestRemoteCommands[];
48 POLICY_EXPORT extern const char kValueRequestDeviceAttributeUpdatePermission[];
49 POLICY_EXPORT extern const char kValueRequestDeviceAttributeUpdate[];
50 POLICY_EXPORT extern const char kValueRequestGcmIdUpdate[];
51 POLICY_EXPORT extern const char kValueRequestCheckAndroidManagement[];
52 POLICY_EXPORT extern const char kValueRequestCertBasedRegister[];
53 POLICY_EXPORT extern const char kValueRequestActiveDirectoryEnrollPlayUser[];
54 POLICY_EXPORT extern const char kValueRequestActiveDirectoryPlayActivity[];
55 POLICY_EXPORT extern const char kValueRequestAppInstallReport[];
56 POLICY_EXPORT extern const char kValueRequestTokenEnrollment[];
57 POLICY_EXPORT extern const char kValueRequestChromeDesktopReport[];
58 POLICY_EXPORT extern const char kValueRequestInitialEnrollmentStateRetrieval[];
59 POLICY_EXPORT extern const char kValueRequestUploadPolicyValidationReport[];
60 POLICY_EXPORT extern const char kValueRequestPublicSamlUser[];
61 POLICY_EXPORT extern const char kValueRequestChromeOsUserReport[];
62 POLICY_EXPORT extern const char kValueRequestCertProvisioningRequest[];
63 
64 // Policy type strings for the policy_type field in PolicyFetchRequest.
65 POLICY_EXPORT extern const char kChromeDevicePolicyType[];
66 POLICY_EXPORT extern const char kChromeUserPolicyType[];
67 POLICY_EXPORT extern const char kChromePublicAccountPolicyType[];
68 POLICY_EXPORT extern const char kChromeExtensionPolicyType[];
69 POLICY_EXPORT extern const char kChromeSigninExtensionPolicyType[];
70 POLICY_EXPORT extern const char kChromeMachineLevelUserCloudPolicyType[];
71 POLICY_EXPORT extern const char kChromeMachineLevelUserCloudPolicyIOSType[];
72 POLICY_EXPORT extern const char kChromeMachineLevelExtensionCloudPolicyType[];
73 POLICY_EXPORT extern const char kChromeRemoteCommandPolicyType[];
74 
75 POLICY_EXPORT extern const char kChromeMachineLevelUserCloudPolicyTypeBase64[];
76 
77 // These codes are sent in the |error_code| field of PolicyFetchResponse.
78 enum PolicyFetchStatus {
79   POLICY_FETCH_SUCCESS = 200,
80   POLICY_FETCH_ERROR_NOT_FOUND = 902,
81 };
82 
83 }  // namespace dm_protocol
84 
85 // Public half of the verification key that is used to verify that policy
86 // signing keys are originating from DM server.
87 POLICY_EXPORT std::string GetPolicyVerificationKey();
88 
89 // Corresponding hash.
90 POLICY_EXPORT extern const char kPolicyVerificationKeyHash[];
91 
92 // Status codes for communication errors with the device management service.
93 // This enum is used to define the buckets for an enumerated UMA histogram.
94 // Hence,
95 //   (a) existing enumerated constants should never be deleted or reordered, and
96 //   (b) new constants should only be appended at the end of the enumeration.
97 enum DeviceManagementStatus {
98   // All is good.
99   DM_STATUS_SUCCESS = 0,
100   // Request payload invalid.
101   DM_STATUS_REQUEST_INVALID = 1,
102   // The HTTP request failed.
103   DM_STATUS_REQUEST_FAILED = 2,
104   // The server returned an error code that points to a temporary problem.
105   DM_STATUS_TEMPORARY_UNAVAILABLE = 3,
106   // The HTTP request returned a non-success code.
107   DM_STATUS_HTTP_STATUS_ERROR = 4,
108   // Response could not be decoded.
109   DM_STATUS_RESPONSE_DECODING_ERROR = 5,
110   // Service error: Management not supported.
111   DM_STATUS_SERVICE_MANAGEMENT_NOT_SUPPORTED = 6,
112   // Service error: Device not found.
113   DM_STATUS_SERVICE_DEVICE_NOT_FOUND = 7,
114   // Service error: Device token invalid.
115   DM_STATUS_SERVICE_MANAGEMENT_TOKEN_INVALID = 8,
116   // Service error: Activation pending.
117   DM_STATUS_SERVICE_ACTIVATION_PENDING = 9,
118   // Service error: The serial number is not valid or not known to the server.
119   DM_STATUS_SERVICE_INVALID_SERIAL_NUMBER = 10,
120   // Service error: The device id used for registration is already taken.
121   DM_STATUS_SERVICE_DEVICE_ID_CONFLICT = 11,
122   // Service error: The licenses have expired or have been exhausted.
123   DM_STATUS_SERVICE_MISSING_LICENSES = 12,
124   // Service error: The administrator has deprovisioned this client.
125   DM_STATUS_SERVICE_DEPROVISIONED = 13,
126   // Service error: Device registration for the wrong domain.
127   DM_STATUS_SERVICE_DOMAIN_MISMATCH = 14,
128   // Client error: Request could not be signed.
129   DM_STATUS_CANNOT_SIGN_REQUEST = 15,
130   // Client error: Request body is too large.
131   DM_STATUS_REQUEST_TOO_LARGE = 16,
132   // Client error: Too many request.
133   DM_STATUS_SERVICE_TOO_MANY_REQUESTS = 17,
134   // Service error: Policy not found. Error code defined by the DM folks.
135   DM_STATUS_SERVICE_POLICY_NOT_FOUND = 902,
136   // Service error: ARC is not enabled on this domain.
137   DM_STATUS_SERVICE_ARC_DISABLED = 904,
138   // Service error: Non-dasher account with packaged license can't enroll.
139   DM_STATUS_SERVICE_CONSUMER_ACCOUNT_WITH_PACKAGED_LICENSE = 905,
140   // Service error: Not eligible enterprise account can't enroll.
141   DM_STATUS_SERVICE_ENTERPRISE_ACCOUNT_IS_NOT_ELIGIBLE_TO_ENROLL = 906,
142   // Service error: Enterprise TOS has not been accepted.
143   DM_STATUS_SERVICE_ENTERPRISE_TOS_HAS_NOT_BEEN_ACCEPTED = 907,
144   // Service error: Illegal account for packaged EDU license.
145   DM_STATUS_SERVICE_ILLEGAL_ACCOUNT_FOR_PACKAGED_EDU_LICENSE = 908,
146 };
147 
148 // List of modes that the device can be locked into.
149 enum DeviceMode {
150   DEVICE_MODE_PENDING,             // The device mode is not yet available.
151   DEVICE_MODE_NOT_SET,             // The device is not yet enrolled or owned.
152   DEVICE_MODE_CONSUMER,            // The device is locally owned as consumer
153                                    // device.
154   DEVICE_MODE_ENTERPRISE,          // The device is enrolled as an enterprise
155                                    // device.
156   DEVICE_MODE_ENTERPRISE_AD,       // The device has joined AD.
157   DEVICE_MODE_LEGACY_RETAIL_MODE,  // The device is enrolled as a retail kiosk
158                                    // device. Even though retail mode is
159                                    // deprecated, we still check for this device
160                                    // mode so that if an existing device is
161                                    // still enrolled in retail mode, we take the
162                                    // appropriate action (currently, launching
163                                    // offline demo mode).
164   DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH,  // The device is locally owned as
165                                           // consumer kiosk with ability to auto
166                                           // launch a kiosk webapp.
167   DEVICE_MODE_DEMO,                       // The device is in demo mode. It was
168                                           // either enrolled online or setup
169                                           // offline into demo mode domain -
170                                           // see kDemoModeDomain.
171 };
172 
173 // Domain that demo mode devices are enrolled into: cros-demo-mode.com
174 POLICY_EXPORT extern const char kDemoModeDomain[];
175 
176 // Indicate this device's market segment. go/cros-rlz-segments
177 enum class MarketSegment {
178   UNKNOWN,  // If device is not enrolled or market segment is not specified.
179   EDUCATION,
180   ENTERPRISE,
181 };
182 
183 // Sender ID of FCM (Firebase Cloud Messaging)
184 // Policy Invalidation sender coming from the Firebase console.
185 extern const char kPolicyFCMInvalidationSenderID[];
186 
187 }  // namespace policy
188 
189 #endif  // COMPONENTS_POLICY_CORE_COMMON_CLOUD_CLOUD_POLICY_CONSTANTS_H_
190