1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef COMPONENTS_POLICY_CORE_COMMON_CLOUD_CLOUD_POLICY_CONSTANTS_H_ 6 #define COMPONENTS_POLICY_CORE_COMMON_CLOUD_CLOUD_POLICY_CONSTANTS_H_ 7 8 #include <string> 9 10 #include "components/policy/policy_export.h" 11 12 namespace policy { 13 14 // Constants related to the device management protocol. 15 namespace dm_protocol { 16 17 // Name extern constants for URL query parameters. 18 POLICY_EXPORT extern const char kParamAgent[]; 19 POLICY_EXPORT extern const char kParamAppType[]; 20 POLICY_EXPORT extern const char kParamCritical[]; 21 POLICY_EXPORT extern const char kParamDeviceID[]; 22 POLICY_EXPORT extern const char kParamDeviceType[]; 23 POLICY_EXPORT extern const char kParamLastError[]; 24 POLICY_EXPORT extern const char kParamOAuthToken[]; 25 POLICY_EXPORT extern const char kParamPlatform[]; 26 POLICY_EXPORT extern const char kParamRequest[]; 27 POLICY_EXPORT extern const char kParamRetry[]; 28 29 // Policy constants used in authorization header. 30 POLICY_EXPORT extern const char kAuthHeader[]; 31 POLICY_EXPORT extern const char kServiceTokenAuthHeaderPrefix[]; 32 POLICY_EXPORT extern const char kDMTokenAuthHeaderPrefix[]; 33 POLICY_EXPORT extern const char kEnrollmentTokenAuthHeaderPrefix[]; 34 35 // String extern constants for the device and app type we report to the server. 36 POLICY_EXPORT extern const char kValueAppType[]; 37 POLICY_EXPORT extern const char kValueDeviceType[]; 38 POLICY_EXPORT extern const char kValueRequestAutoEnrollment[]; 39 POLICY_EXPORT extern const char kValueRequestPsmHasDeviceState[]; 40 POLICY_EXPORT extern const char kValueRequestPolicy[]; 41 POLICY_EXPORT extern const char kValueRequestRegister[]; 42 POLICY_EXPORT extern const char kValueRequestApiAuthorization[]; 43 POLICY_EXPORT extern const char kValueRequestUnregister[]; 44 POLICY_EXPORT extern const char kValueRequestUploadCertificate[]; 45 POLICY_EXPORT extern const char kValueRequestDeviceStateRetrieval[]; 46 POLICY_EXPORT extern const char kValueRequestUploadStatus[]; 47 POLICY_EXPORT extern const char kValueRequestRemoteCommands[]; 48 POLICY_EXPORT extern const char kValueRequestDeviceAttributeUpdatePermission[]; 49 POLICY_EXPORT extern const char kValueRequestDeviceAttributeUpdate[]; 50 POLICY_EXPORT extern const char kValueRequestGcmIdUpdate[]; 51 POLICY_EXPORT extern const char kValueRequestCheckAndroidManagement[]; 52 POLICY_EXPORT extern const char kValueRequestCertBasedRegister[]; 53 POLICY_EXPORT extern const char kValueRequestActiveDirectoryEnrollPlayUser[]; 54 POLICY_EXPORT extern const char kValueRequestActiveDirectoryPlayActivity[]; 55 POLICY_EXPORT extern const char kValueRequestAppInstallReport[]; 56 POLICY_EXPORT extern const char kValueRequestTokenEnrollment[]; 57 POLICY_EXPORT extern const char kValueRequestChromeDesktopReport[]; 58 POLICY_EXPORT extern const char kValueRequestInitialEnrollmentStateRetrieval[]; 59 POLICY_EXPORT extern const char kValueRequestUploadPolicyValidationReport[]; 60 POLICY_EXPORT extern const char kValueRequestPublicSamlUser[]; 61 POLICY_EXPORT extern const char kValueRequestChromeOsUserReport[]; 62 POLICY_EXPORT extern const char kValueRequestCertProvisioningRequest[]; 63 64 // Policy type strings for the policy_type field in PolicyFetchRequest. 65 POLICY_EXPORT extern const char kChromeDevicePolicyType[]; 66 POLICY_EXPORT extern const char kChromeUserPolicyType[]; 67 POLICY_EXPORT extern const char kChromePublicAccountPolicyType[]; 68 POLICY_EXPORT extern const char kChromeExtensionPolicyType[]; 69 POLICY_EXPORT extern const char kChromeSigninExtensionPolicyType[]; 70 POLICY_EXPORT extern const char kChromeMachineLevelUserCloudPolicyType[]; 71 POLICY_EXPORT extern const char kChromeMachineLevelUserCloudPolicyIOSType[]; 72 POLICY_EXPORT extern const char kChromeMachineLevelExtensionCloudPolicyType[]; 73 POLICY_EXPORT extern const char kChromeRemoteCommandPolicyType[]; 74 75 POLICY_EXPORT extern const char kChromeMachineLevelUserCloudPolicyTypeBase64[]; 76 77 // These codes are sent in the |error_code| field of PolicyFetchResponse. 78 enum PolicyFetchStatus { 79 POLICY_FETCH_SUCCESS = 200, 80 POLICY_FETCH_ERROR_NOT_FOUND = 902, 81 }; 82 83 } // namespace dm_protocol 84 85 // Public half of the verification key that is used to verify that policy 86 // signing keys are originating from DM server. 87 POLICY_EXPORT std::string GetPolicyVerificationKey(); 88 89 // Corresponding hash. 90 POLICY_EXPORT extern const char kPolicyVerificationKeyHash[]; 91 92 // Status codes for communication errors with the device management service. 93 // This enum is used to define the buckets for an enumerated UMA histogram. 94 // Hence, 95 // (a) existing enumerated constants should never be deleted or reordered, and 96 // (b) new constants should only be appended at the end of the enumeration. 97 enum DeviceManagementStatus { 98 // All is good. 99 DM_STATUS_SUCCESS = 0, 100 // Request payload invalid. 101 DM_STATUS_REQUEST_INVALID = 1, 102 // The HTTP request failed. 103 DM_STATUS_REQUEST_FAILED = 2, 104 // The server returned an error code that points to a temporary problem. 105 DM_STATUS_TEMPORARY_UNAVAILABLE = 3, 106 // The HTTP request returned a non-success code. 107 DM_STATUS_HTTP_STATUS_ERROR = 4, 108 // Response could not be decoded. 109 DM_STATUS_RESPONSE_DECODING_ERROR = 5, 110 // Service error: Management not supported. 111 DM_STATUS_SERVICE_MANAGEMENT_NOT_SUPPORTED = 6, 112 // Service error: Device not found. 113 DM_STATUS_SERVICE_DEVICE_NOT_FOUND = 7, 114 // Service error: Device token invalid. 115 DM_STATUS_SERVICE_MANAGEMENT_TOKEN_INVALID = 8, 116 // Service error: Activation pending. 117 DM_STATUS_SERVICE_ACTIVATION_PENDING = 9, 118 // Service error: The serial number is not valid or not known to the server. 119 DM_STATUS_SERVICE_INVALID_SERIAL_NUMBER = 10, 120 // Service error: The device id used for registration is already taken. 121 DM_STATUS_SERVICE_DEVICE_ID_CONFLICT = 11, 122 // Service error: The licenses have expired or have been exhausted. 123 DM_STATUS_SERVICE_MISSING_LICENSES = 12, 124 // Service error: The administrator has deprovisioned this client. 125 DM_STATUS_SERVICE_DEPROVISIONED = 13, 126 // Service error: Device registration for the wrong domain. 127 DM_STATUS_SERVICE_DOMAIN_MISMATCH = 14, 128 // Client error: Request could not be signed. 129 DM_STATUS_CANNOT_SIGN_REQUEST = 15, 130 // Client error: Request body is too large. 131 DM_STATUS_REQUEST_TOO_LARGE = 16, 132 // Client error: Too many request. 133 DM_STATUS_SERVICE_TOO_MANY_REQUESTS = 17, 134 // Service error: Policy not found. Error code defined by the DM folks. 135 DM_STATUS_SERVICE_POLICY_NOT_FOUND = 902, 136 // Service error: ARC is not enabled on this domain. 137 DM_STATUS_SERVICE_ARC_DISABLED = 904, 138 // Service error: Non-dasher account with packaged license can't enroll. 139 DM_STATUS_SERVICE_CONSUMER_ACCOUNT_WITH_PACKAGED_LICENSE = 905, 140 // Service error: Not eligible enterprise account can't enroll. 141 DM_STATUS_SERVICE_ENTERPRISE_ACCOUNT_IS_NOT_ELIGIBLE_TO_ENROLL = 906, 142 // Service error: Enterprise TOS has not been accepted. 143 DM_STATUS_SERVICE_ENTERPRISE_TOS_HAS_NOT_BEEN_ACCEPTED = 907, 144 // Service error: Illegal account for packaged EDU license. 145 DM_STATUS_SERVICE_ILLEGAL_ACCOUNT_FOR_PACKAGED_EDU_LICENSE = 908, 146 }; 147 148 // List of modes that the device can be locked into. 149 enum DeviceMode { 150 DEVICE_MODE_PENDING, // The device mode is not yet available. 151 DEVICE_MODE_NOT_SET, // The device is not yet enrolled or owned. 152 DEVICE_MODE_CONSUMER, // The device is locally owned as consumer 153 // device. 154 DEVICE_MODE_ENTERPRISE, // The device is enrolled as an enterprise 155 // device. 156 DEVICE_MODE_ENTERPRISE_AD, // The device has joined AD. 157 DEVICE_MODE_LEGACY_RETAIL_MODE, // The device is enrolled as a retail kiosk 158 // device. Even though retail mode is 159 // deprecated, we still check for this device 160 // mode so that if an existing device is 161 // still enrolled in retail mode, we take the 162 // appropriate action (currently, launching 163 // offline demo mode). 164 DEVICE_MODE_CONSUMER_KIOSK_AUTOLAUNCH, // The device is locally owned as 165 // consumer kiosk with ability to auto 166 // launch a kiosk webapp. 167 DEVICE_MODE_DEMO, // The device is in demo mode. It was 168 // either enrolled online or setup 169 // offline into demo mode domain - 170 // see kDemoModeDomain. 171 }; 172 173 // Domain that demo mode devices are enrolled into: cros-demo-mode.com 174 POLICY_EXPORT extern const char kDemoModeDomain[]; 175 176 // Indicate this device's market segment. go/cros-rlz-segments 177 enum class MarketSegment { 178 UNKNOWN, // If device is not enrolled or market segment is not specified. 179 EDUCATION, 180 ENTERPRISE, 181 }; 182 183 // Sender ID of FCM (Firebase Cloud Messaging) 184 // Policy Invalidation sender coming from the Firebase console. 185 extern const char kPolicyFCMInvalidationSenderID[]; 186 187 } // namespace policy 188 189 #endif // COMPONENTS_POLICY_CORE_COMMON_CLOUD_CLOUD_POLICY_CONSTANTS_H_ 190