1// Copyright 2019 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5// This API is used for configuring network connections (Cellular, Ethernet, 6// VPN, WiFi, or Tether). See the Open Network Configuration 7// (ONC) documentation for detailed descriptions of properties: 8// components/onc/docs/onc_spec.md. 9 10// Currently this service is implemented in the Chrome Browser process with 11// clients in Chrome and WebUI. 12 13module chromeos.network_config.mojom; 14 15import "chromeos/services/network_config/public/mojom/network_types.mojom"; 16import "mojo/public/mojom/base/time.mojom"; 17import "services/network/public/mojom/ip_address.mojom"; 18 19// Activation state for Cellular networks. 20enum ActivationStateType { 21 kUnknown, 22 kNotActivated, 23 kActivating, 24 kPartiallyActivated, 25 kActivated, 26 // A cellular modem exists, but no network service is available. 27 kNoService, 28}; 29 30// The authentication type for Ethernet networks. 31enum AuthenticationType { 32 kNone, 33 k8021x, 34}; 35 36enum ProxyMode { 37 // Direct connection to the network. 38 kDirect, 39 // Try to retrieve a PAC script from http://wpad/wpad.dat. 40 kAutoDetect, 41 // Try to retrieve a PAC script from kProxyPacURL. 42 kPacScript, 43 // Use a specified list of servers. 44 kFixedServers, 45 // Use the system's proxy settings. 46 kSystem, 47}; 48 49// The security type for WiFi Ethernet networks. 50enum SecurityType { 51 kNone, 52 kWep8021x, 53 kWepPsk, 54 kWpaEap, 55 kWpaPsk, 56}; 57 58// The configuration type for virtual networks. 59enum VpnType { 60 // Internal VPN types. 61 kL2TPIPsec, 62 kOpenVPN, 63 // VPN provided by a Chrome Extension. 64 kExtension, 65 // VPN provided by an Arc++ app. 66 kArc, 67}; 68 69// Filter used for requesting lists of network states. 70enum FilterType { 71 // Return active (Connected or Connecting) networks. 72 kActive, 73 // Return visible (active, physically connected or in-range) networks. 74 // Active networks will be listed first. 75 kVisible, 76 // Only include configured (saved) networks. 77 kConfigured, 78 // Include all networks. 79 kAll, 80}; 81 82enum StartConnectResult { 83 // The request was successfully sent. 84 kSuccess, 85 // The provided GUID is not associated with an existing network configuration. 86 kInvalidGuid, 87 // The network is not in a connectable state (e.g. already connected or 88 // connecting, or a required service is unavailable). 89 kInvalidState, 90 // The connect request was cancelled before being sent, e.g. due to another 91 // connect request. 92 kCanceled, 93 // The network is in an error state because invalid credentials were provided 94 // or a certificate is unavailable. 95 kNotConfigured, 96 // Connecting to the network is blocked, e.g. by policy. 97 kBlocked, 98 // Unknown or other error. 99 kUnknown, 100}; 101 102enum CertificateType { 103 kServerCA, 104 kUserCert, 105}; 106 107// The SIM card lock status for Cellular networks. 108struct SIMLockStatus { 109 // The status of SIM lock. Possible values are 'sim-pin', 'sim-puk' or empty. 110 string lock_type; 111 // Whether SIM lock is enabled. 112 bool lock_enabled; 113 // Number of PIN lock tries allowed before PUK is required to unlock the SIM. 114 int32 retries_left; 115}; 116 117struct CellularStateProperties { 118 // Enumerated ONC activation state. 119 ActivationStateType activation_state = kUnknown; 120 // ONC NetworkTechnology value. 121 string network_technology; 122 // True when in a roaming state and the provider is not always roaming. 123 bool roaming = false; 124 // The signal strength of the cellular connection. 125 int32 signal_strength; 126 // True when a SIM is present and locked. 127 bool sim_locked = false; 128}; 129 130struct EthernetStateProperties { 131 // This represents the actual authentication type for a connected Ethernet 132 // network. Note: An EAP configuration may exist but not be applied (e.g. if 133 // no certificate is installed), in which case the value will be kNone. 134 AuthenticationType authentication; 135}; 136 137struct TetherStateProperties { 138 // The battery percentage of the tethered device. 139 int32 battery_percentage; 140 // The cellular carrier for the tethered device. 141 string carrier; 142 // Whether the tethered device has already been connected to. 143 bool has_connected_to_host; 144 // The signal strength of the tethered device's cellular connection. 145 int32 signal_strength; 146}; 147 148struct VPNStateProperties { 149 VpnType type; 150 string provider_id; 151 string provider_name; 152}; 153 154struct WiFiStateProperties { 155 // The id of the basic service set (access point) associated with the network. 156 string bssid; 157 // The WiFi service operating frequency in MHz. For connected networks, the 158 // current frequency, otherwise, the frequency of the best available BSS. 159 int32 frequency; 160 // The hex encoded SSID (name) of the network. 161 string hex_ssid; 162 SecurityType security; 163 // The signal strength for visible networks. 164 int32 signal_strength; 165 // The network SSID. 166 string ssid; 167}; 168 169union NetworkTypeStateProperties { 170 CellularStateProperties cellular; 171 EthernetStateProperties ethernet; 172 TetherStateProperties tether; 173 VPNStateProperties vpn; 174 WiFiStateProperties wifi; 175}; 176 177struct NetworkStateProperties { 178 // True if the network is configured and may be connectable. 179 bool connectable = false; 180 // True if an explicit connect was requested. The network state may not be 181 // Connecting yet. 182 bool connect_requested = false; 183 ConnectionStateType connection_state; 184 // A string describing the network error state. TODO(stevenjb): Use an enum. 185 string? error_state; 186 // The unique identifier for the network. 187 string guid; 188 // The human readable name of the network, e.g. WiFi SSID or network type. 189 string name; 190 // The captive portal state when connectionState == kPortal. 191 PortalState portal_state = kUnknown; 192 // The relative priority of the network. Larger values have higher priority. 193 int32 priority; 194 // The proxy mode affecting this network. Includes any settings that affect 195 // this network (i.e. global proxy settings are also considered). 196 ProxyMode proxy_mode; 197 // True for visible networks that are blocked / disallowed by policy. 198 bool prohibited_by_policy = false; 199 OncSource source; 200 // |type| is explicitly provided here to simplify UI code and will always 201 // match the type of |type_state|, which will always be provided. 202 NetworkType type; 203 NetworkTypeStateProperties type_state; 204}; 205 206struct DeviceStateProperties { 207 // IP address for the primary network corresponding to the device type. If no 208 // network is in a connected state, or the address type is not available, 209 // these will be null. When there are multiple IP addresses, only the first 210 // is provided. 211 network.mojom.IPAddress? ipv4_address; 212 network.mojom.IPAddress? ipv6_address; 213 // AA:BB formatted MAC address for the device. Use for display purposes only. 214 // May be null if no MAC address is available for the device. 215 string? mac_address; 216 // Set if the device is currently scanning. 217 bool scanning = false; 218 // The SIM lock status if Type = Cellular and a SIM is present. 219 SIMLockStatus? sim_lock_status; 220 // True when a SIM is required and not present. 221 bool sim_absent = false; 222 DeviceStateType device_state; 223 NetworkType type; 224 // Whether or not any managed networks are available. 225 bool managed_network_available = false; 226}; 227 228const int32 kNoLimit = 0; 229 230struct NetworkFilter { 231 // Which networks to return (active, visible, etc). 232 FilterType filter; 233 // The type of networks to return. 234 NetworkType network_type; 235 // Maximum number of networks to return. 0 indicates no limit. 236 int32 limit = kNoLimit; 237}; 238 239// Specialized unmanaged property types. 240 241struct ApnProperties { 242 string access_point_name; 243 string? authentication; 244 string? language; 245 string? localized_name; 246 string? name; 247 string? password; 248 string? username; 249}; 250 251struct CellularProviderProperties { 252 string name; 253 string code; 254 string? country; 255}; 256 257struct FoundNetworkProperties { 258 string status; 259 string network_id; 260 string technology; 261 string? short_name; 262 string? long_name; 263}; 264 265// A routing prefix can not be 0. Use 0 to indicate an unset value. 266const int32 kNoRoutingPrefix = 0; 267 268struct IPConfigProperties { 269 string? gateway; 270 // The IP address represented as a string, as provided by the configuration 271 // manager (e.g. Shill) and/or the policy provider. It should be used for 272 // display purposes only. 273 string? ip_address; 274 array<string>? excluded_routes; 275 array<string>? included_routes; 276 array<string>? name_servers; 277 array<string>? search_domains; 278 int32 routing_prefix = kNoRoutingPrefix; 279 string? type; 280 string? web_proxy_auto_discovery_url; 281}; 282 283struct PaymentPortalProperties { 284 string method; 285 string? post_data; 286 string? url; 287}; 288 289// Managed property types. These types all share a common structure. 290// The structure differs from the structure used in //components/onc which 291// relies on optional boolean and integer values which are unsupported in mojo, 292// and provides more detail than is required by the UI. 293 294// active_value: The value provided by the configuration manager (e.g. Shill). 295// This will match |policy_value| when |policy_source| is enforced. 296// policy_source: The source of the value provided by policy when available, 297// or kNone (see PolicySource in network_types.mojom). 298// policy_value: The value provided by policy when available. 299 300// Fundamental managed types. 301 302struct ManagedBoolean { 303 bool active_value; 304 PolicySource policy_source = kNone; 305 bool policy_value = false; 306}; 307 308struct ManagedInt32 { 309 int32 active_value = 0; 310 PolicySource policy_source = kNone; 311 int32 policy_value = 0; 312}; 313 314struct ManagedString { 315 string active_value; 316 PolicySource policy_source = kNone; 317 string? policy_value; 318}; 319 320struct ManagedStringList { 321 array<string> active_value; 322 PolicySource policy_source = kNone; 323 array<string>? policy_value; 324}; 325 326// Specialized managed types. 327 328struct ManagedApnProperties { 329 ManagedString access_point_name; 330 ManagedString? authentication; 331 ManagedString? language; 332 ManagedString? localized_name; 333 ManagedString? name; 334 ManagedString? password; 335 ManagedString? username; 336}; 337 338struct ManagedApnList { 339 array<ApnProperties> active_value; 340 PolicySource policy_source = kNone; 341 array<ApnProperties>? policy_value; 342}; 343 344struct ManagedIssuerSubjectPattern { 345 ManagedString? common_name; 346 ManagedString? locality; 347 ManagedString? organization; 348 ManagedString? organizational_unit; 349}; 350 351struct ManagedCertificatePattern { 352 ManagedStringList? enrollment_uri; 353 ManagedIssuerSubjectPattern? issuer; 354 ManagedStringList? issuer_ca_ref; 355 ManagedIssuerSubjectPattern? subject; 356}; 357 358struct ManagedEAPProperties { 359 ManagedString? anonymous_identity; 360 ManagedCertificatePattern? client_cert_pattern; 361 ManagedString? client_cert_pkcs11_id; 362 ManagedString? client_cert_ref; 363 ManagedString? client_cert_type; 364 ManagedString? identity; 365 ManagedString? inner; 366 ManagedString? outer; 367 // Note: |password| contains a placeholder if set to avoid leaking secrets. 368 ManagedString? password; 369 ManagedBoolean? save_credentials; 370 ManagedStringList? server_ca_pems; 371 ManagedStringList? server_ca_refs; 372 ManagedString? subject_match; 373 ManagedString? tls_version_max; 374 ManagedBoolean? use_proactive_key_caching; 375 ManagedBoolean? use_system_cas; 376}; 377 378struct ManagedIPConfigProperties { 379 ManagedString? gateway; 380 // See comment for IPConfigProperties. 381 ManagedString? ip_address; 382 ManagedStringList? name_servers; 383 ManagedInt32? routing_prefix; 384 ManagedString? type; 385 ManagedString? web_proxy_auto_discovery_url; 386}; 387 388struct ManagedIPSecProperties { 389 ManagedString authentication_type; 390 ManagedCertificatePattern? client_cert_pattern; 391 ManagedString? client_cert_pkcs11_id; 392 ManagedString? client_cert_ref; 393 ManagedString? client_cert_type; 394 ManagedEAPProperties? eap; 395 ManagedString? group; 396 ManagedInt32? ike_version; 397 // Note: |psk| contains a placeholder if set to avoid leaking secrets. 398 ManagedString? psk; 399 ManagedBoolean? save_credentials; 400 ManagedStringList? server_ca_pems; 401 ManagedStringList? server_ca_refs; 402}; 403 404struct ManagedL2TPProperties { 405 ManagedBoolean? lcp_echo_disabled; 406 // Note: |password| contains a placeholder if set to avoid leaking secrets. 407 ManagedString? password; 408 ManagedBoolean? save_credentials; 409 ManagedString? username; 410}; 411 412struct ManagedProxyLocation { 413 ManagedString host; 414 ManagedInt32 port; 415}; 416 417struct ManagedManualProxySettings { 418 ManagedProxyLocation? http_proxy; 419 ManagedProxyLocation? secure_http_proxy; 420 ManagedProxyLocation? ftp_proxy; 421 ManagedProxyLocation? socks; 422}; 423 424struct ManagedProxySettings { 425 ManagedString type; 426 ManagedManualProxySettings? manual; 427 ManagedStringList? exclude_domains; 428 ManagedString? pac; 429}; 430 431struct ManagedVerifyX509Properties { 432 ManagedString? name; 433 ManagedString? type; 434}; 435 436struct ManagedOpenVPNProperties { 437 ManagedString? auth; 438 ManagedString? auth_retry; 439 ManagedBoolean? auth_no_cache; 440 ManagedString? cipher; 441 ManagedString? client_cert_pkcs11_id; 442 ManagedCertificatePattern? client_cert_pattern; 443 ManagedString? client_cert_ref; 444 ManagedString? client_cert_type; 445 ManagedString? compression_algorithm; 446 ManagedStringList? extra_hosts; 447 ManagedBoolean? ignore_default_route; 448 ManagedString? key_direction; 449 ManagedString? ns_cert_type; 450 // Note: |password| contains a placeholder if set to avoid leaking secrets. 451 ManagedString? password; 452 ManagedInt32? port; 453 ManagedString? proto; 454 ManagedBoolean? push_peer_info; 455 ManagedString? remote_cert_eku; 456 ManagedStringList? remote_cert_ku; 457 ManagedString? remote_cert_tls; 458 ManagedInt32? reneg_sec; 459 ManagedBoolean? save_credentials; 460 ManagedStringList? server_ca_pems; 461 ManagedStringList? server_ca_refs; 462 ManagedString? server_cert_ref; 463 ManagedInt32? server_poll_timeout; 464 ManagedInt32? shaper; 465 ManagedString? static_challenge; 466 ManagedString? tls_auth_contents; 467 ManagedString? tls_remote; 468 ManagedString? tls_version_min; 469 ManagedString? user_authentication_type; 470 ManagedString? username; 471 ManagedString? verb; 472 ManagedString? verify_hash; 473 ManagedVerifyX509Properties? verify_x509; 474}; 475 476// Managed NetworkType specific dictionaries. 477 478struct ManagedCellularProperties { 479 ManagedBoolean? auto_connect; 480 // The current user selected APN. This corresponds to APN field 481 // in ONC. 482 ManagedApnProperties? selected_apn; 483 ManagedApnList? apn_list; 484 // List of user-entered custom APN entries. Note: This field is not 485 // part of ONC spec. 486 array<ApnProperties>? custom_apn_list; 487 ActivationStateType activation_state; 488 bool allow_roaming = false; 489 string? esn; 490 string? family; 491 string? firmware_revision; 492 array<FoundNetworkProperties>? found_networks; 493 string? hardware_revision; 494 CellularProviderProperties? home_provider; 495 string? iccid; 496 string? imei; 497 ApnProperties? last_good_apn; 498 string? manufacturer; 499 string? mdn; 500 string? meid; 501 string? min; 502 string? model_id; 503 string? network_technology; 504 PaymentPortalProperties? payment_portal; 505 string? roaming_state; 506 CellularProviderProperties? serving_operator; 507 int32 signal_strength = 0; 508 bool support_network_scan = false; 509}; 510 511struct ManagedEthernetProperties { 512 // This represents the configured authentication type for an Ethernet network. 513 // Note: This might not match the State value (which uses an enum instead of 514 // a managed string) if the EAP configuration can not be applied (e.g. when 515 // no certificate is installed). 516 ManagedString? authentication; 517 ManagedEAPProperties? eap; 518}; 519 520struct ManagedVPNProperties { 521 ManagedBoolean? auto_connect; 522 ManagedString? host; 523 ManagedIPSecProperties? ip_sec; 524 ManagedL2TPProperties? l2tp; 525 ManagedOpenVPNProperties? open_vpn; 526 ManagedString? provider_id; 527 string provider_name; 528 VpnType type; 529}; 530 531struct ManagedWiFiProperties { 532 ManagedBoolean? allow_gateway_arp_polling; 533 ManagedBoolean? auto_connect; 534 string? bssid; 535 ManagedEAPProperties? eap; 536 int32 frequency = 0; 537 array<int32>? frequency_list; 538 ManagedString? hex_ssid; 539 ManagedBoolean? hidden_ssid; 540 // Note: |passphrase| contains a placeholder if set to avoid leaking secrets. 541 ManagedString? passphrase; 542 ManagedString ssid; 543 SecurityType security; 544 int32 signal_strength = 0; 545 string? tethering_state; 546 // Indicates whether the network is eligible to be included in Chrome Sync. 547 bool is_syncable; 548 // True for unshared networks and for shared networks configured by the 549 // active user. Updated whenever the passphrase is modified. 550 bool is_configured_by_active_user; 551}; 552 553union NetworkTypeManagedProperties { 554 ManagedCellularProperties cellular; 555 ManagedEthernetProperties ethernet; 556 // Tether has no managed properties. Provide TetherStateProperties for display 557 // purposes. 558 TetherStateProperties tether; 559 ManagedVPNProperties vpn; 560 ManagedWiFiProperties wifi; 561}; 562 563// Managed properties provided by getManagedProperties. See onc_spec.md for 564// details about each property. 565struct ManagedProperties { 566 // Typed properties for compatibility with NetworkStateProperties. 567 ConnectionStateType connection_state = kNotConnected; 568 OncSource source; 569 // Other properties and property dictionaries use ONC strings for values. 570 bool connectable = false; 571 string? error_state; 572 string guid; 573 ManagedString ip_address_config_type; 574 array<IPConfigProperties>? ip_configs; 575 ManagedBoolean? metered; 576 ManagedString? name; 577 ManagedString name_servers_config_type; 578 ManagedInt32? priority; 579 ManagedProxySettings? proxy_settings; 580 PortalState portal_state = kUnknown; 581 ManagedIPConfigProperties? static_ip_config; 582 IPConfigProperties? saved_ip_config; 583 // |type| is explicitly provided here to simplify UI code and will always 584 // match the type of |type_properties|, which will always be provided. 585 NetworkType type; 586 NetworkTypeManagedProperties type_properties; 587}; 588 589// Properties for SetProperties and ConfigureNetwork. All of the top level 590// properties and many nested properties are optional so that sparse 591// configurations can be provided, e.g. just the |auto_connect| property can 592// be changed. The ONC validation code (chromeos/network/onc/onc_validator.cc) 593// ensures that configurations are valid before translating and passing them to 594// Shill. 595 596// Wrapper to allow optional auto_connect configuration. 597struct AutoConnectConfig { 598 bool value; 599}; 600 601// Wrapper to allow optional metered configuration. 602struct MeteredConfig { 603 bool value; 604}; 605 606// Wrapper to allow optional priority configuration. 607struct PriorityConfig { 608 int32 value; 609}; 610 611// Wrapper to allow optional VpnType configuration. Note: only configuration of 612// internal VPN types (kOpenVPN and kL2TPIPsec) is supported. 613// TODO(657632): Remove wrapper once optional enums are supported. 614struct VpnTypeConfig { 615 VpnType value; 616}; 617 618struct ProxyLocation { 619 string host; 620 int32 port; 621}; 622 623struct ManualProxySettings { 624 ProxyLocation? http_proxy; 625 ProxyLocation? secure_http_proxy; 626 ProxyLocation? ftp_proxy; 627 ProxyLocation? socks; 628}; 629 630struct ProxySettings { 631 string type; 632 ManualProxySettings? manual; 633 array<string>? exclude_domains; 634 string? pac; 635}; 636 637struct EAPConfigProperties { 638 string? anonymous_identity; 639 string? client_cert_pkcs11_id; 640 string? client_cert_type; 641 string? identity; 642 string? inner; 643 string? outer; 644 string? password; 645 bool save_credentials = false; 646 array<string>? server_ca_pems; 647 string? subject_match; 648 bool use_system_cas = false; 649}; 650 651// Subset of currently implemented config properties in the UI. Additional 652// optional propreties from onc_spec.md may be added as needed. 653struct IPSecConfigProperties { 654 string authentication_type; 655 string? client_cert_pkcs11_id; 656 string? client_cert_type; 657 string? group; 658 int32 ike_version = 1; 659 string? psk; 660 bool save_credentials = false; 661 array<string>? server_ca_pems; 662 array<string>? server_ca_refs; 663}; 664 665// Subset of currently implemented config properties in the UI. Additional 666// optional propreties from onc_spec.md may be added as needed. 667struct L2TPConfigProperties { 668 bool lcp_echo_disabled = false; 669 string? password; 670 bool save_credentials = false; 671 string? username; 672}; 673 674// Subset of currently implemented config properties in the UI. Additional 675// optional propreties from onc_spec.md may be added as needed. 676struct OpenVPNConfigProperties { 677 string? client_cert_pkcs11_id; 678 string? client_cert_type; 679 array<string>? extra_hosts; 680 string? otp; 681 string? password; 682 bool save_credentials = false; 683 array<string>? server_ca_pems; 684 array<string>? server_ca_refs; 685 string? username; 686 string? user_authentication_type; 687}; 688 689// Only one of {Cellular|Ethernet|VPN|Wifi}ConfigProperties is allowed. 690// TODO(stevenjb): Make these a union. 691struct CellularConfigProperties { 692 ApnProperties? apn; 693}; 694 695struct EthernetConfigProperties { 696 // |authentication| will default to "none" if not provided for new configs. 697 // TODO(657632): Use AuthenticationType here. 698 string? authentication; 699 EAPConfigProperties? eap; 700}; 701 702struct VPNConfigProperties { 703 string? host; 704 IPSecConfigProperties? ip_sec; 705 L2TPConfigProperties? l2tp; 706 OpenVPNConfigProperties? open_vpn; 707 // |type| is required for new configs, optional otherwise. 708 VpnTypeConfig? type; 709}; 710 711struct WiFiConfigProperties { 712 EAPConfigProperties? eap; 713 string? passphrase; 714 // |ssid| is required for new configurations, optional otherwise. 715 string? ssid; 716 SecurityType security = kNone; 717}; 718 719union NetworkTypeConfigProperties { 720 CellularConfigProperties cellular; 721 EthernetConfigProperties ethernet; 722 VPNConfigProperties vpn; 723 WiFiConfigProperties wifi; 724}; 725 726struct ConfigProperties { 727 AutoConnectConfig? auto_connect; 728 // An optional guid may be provided when configuring a visible network to 729 // preserve the existing guid. 730 string? guid; 731 string? ip_address_config_type; 732 MeteredConfig? metered; 733 // Name is only required for new configurations. 734 string? name; 735 string? name_servers_config_type; 736 PriorityConfig? priority; 737 ProxySettings? proxy_settings; 738 IPConfigProperties? static_ip_config; 739 // NetworkType is inferred from |type_config|. 740 NetworkTypeConfigProperties type_config; 741}; 742 743// Properties provided to SetCellularSimState. 744struct CellularSimState { 745 // The current PIN or PUK. Required for unlocking the SIM, or when setting 746 // |require_pin|. 747 string current_pin_or_puk; 748 // If provided change the PIN to |new_pin|. Required if the SIM is PUK locked. 749 string? new_pin; 750 // Whether a PIN should be required. Ignored when unlocking a locked SIM. 751 bool require_pin; 752}; 753 754// Properties provided by GetGlobalPolicy. These properties affect network 755// configuration as a whole instead of individual network configurations. 756struct GlobalPolicy { 757 // If true, only policy networks may auto connect. 758 bool allow_only_policy_networks_to_autoconnect = false; 759 760 // If true, only policy networks may be connected to and no new networks may 761 // be added or configured. 762 bool allow_only_policy_networks_to_connect = false; 763 764 // If true and a managed network is available in the visible network list, 765 // only policy networks may be connected to and no new networks may be added 766 // or configured. 767 bool allow_only_policy_networks_to_connect_if_available = false; 768 769 // List of blocked networks which can not be connected to. 770 array<string> blocked_hex_ssids; 771}; 772 773// VPN providers for type kExtension and kArc are set via SetVpnProviders and 774// stored in the service implementation. Clients may retrieve the current list 775// and receive observer events to track changes to the list. The list of 776// providers is only used by UI code, they are not sent to the connection 777// manager (Shill). 778struct VpnProvider { 779 // Only type kExtension and kArc should be used here. Other provider types 780 // are internal to Shill and implicit; VpnProvider properties will be ignored. 781 VpnType type; 782 // Extension id (GUID) or Arc package name, e.g. myvpn.app.package. 783 string provider_id; 784 // Extension provider name or Arc app name, e.g. MyVPN. 785 string provider_name; 786 // Extension id (GUID) or Arc app id (GUID), used to launch the VPN UI. 787 string app_id; 788 // Last launch time of the VPN. 789 mojo_base.mojom.Time last_launch_time; 790}; 791 792// Information about a network certificate for the purpose of selecting an 793// available certificate in a UI and providing information in a ConfigProperties 794// struct to SetProperties or ConfigureNetwork. No private information should 795// be included here. 796struct NetworkCertificate { 797 CertificateType type; 798 // Unique hash for the certificate, used to uniquely identify certificates. 799 string hash; 800 // Certificate issuer common name for display in a UI. 801 string issued_by; 802 // Certificate name or nickname for display in a UI. 803 string issued_to; 804 // For server certificate authorities (type == kServerCA), this contains the 805 // public certificate in PEM format. 806 // For user certificates, this contains the PKCS#11 id to be passed to the 807 // configuration manager (Shill) for retrieving the encrypted certificate. 808 // This will be used in the appropriate ConfigProperties dictionary. 809 // TODO(1006901): Use a union here instead once the issue is fixed. 810 string pem_or_id; 811 // Whether the certificate is hardware backed. 812 bool hardware_backed; 813 // Whether the certificate is device wide (i.e. stored in a shared profile, 814 // not a user specific profile). 815 bool device_wide; 816}; 817 818// Interface for fetching and setting network configuration properties, e.g. 819// from Settings WebUI or the SystemTray. 820interface CrosNetworkConfig { 821 AddObserver(pending_remote<CrosNetworkConfigObserver> observer); 822 823 // Returns the state properties of the network matching |guid|. If the network 824 // is not available returns null. 825 GetNetworkState(string guid) => (NetworkStateProperties? result); 826 827 // Returns a list of Network properties matching |filter|. Networks are 828 // ordered by the system based on their priority, with active networks listed 829 // first. 830 GetNetworkStateList(NetworkFilter filter) => 831 (array<NetworkStateProperties> result); 832 833 // Returns a list of Device properties. 834 GetDeviceStateList() => (array<DeviceStateProperties> result); 835 836 // Returns the managed properties of the network matching |guid|. The result 837 // is an ONC dictionary with well defined property keys and managed ONC value 838 // dictionaries (e.g. ManagedString). If the network properties are not 839 // available returns null. 840 GetManagedProperties(string guid) => (ManagedProperties? result); 841 842 // Sets properties for the network matching |guid|. |properties.guid| must be 843 // null or match |guid|, otherwise it will fail with an invalid input error. 844 // If |success| is false, |error_message| provides a string identifying the 845 // error. The string may be a Shill error, or an error token provided by the 846 // NetworkHandler layer. JS localization for a common subset of these is 847 // provided by network_element::AddErrorLocalizedStrings. 848 // TODO(1004434): Consider enumerating these. 849 SetProperties(string guid, ConfigProperties properties) => 850 (bool success, string error_message); 851 852 // Configures a new network with |properties|. If |properties.guid| is 853 // provided, an existing configuration must exist and match the provided 854 // |properties|. Returns the guid of the new network configuration on success. 855 // A null guid indicates that the properties were invalid or incomplete. See 856 // SetProperties for notes on errorMessage. 857 ConfigureNetwork(ConfigProperties properties, bool shared) => 858 (string? guid, string error_message); 859 860 // Forgets an existing network configuration matching |guid| by clearing all 861 // configured properties. Returns true if the network exists and is 862 // successfully removed. 863 ForgetNetwork(string guid) => (bool success); 864 865 // Sets a single network type (e.g. WiFi) to enabled or disabled. Types 866 // describing multiple technologies (e.g. kWireless) are not supported. 867 // Returns false if the type is invalid, unavailable, or can not be disabled. 868 // CrosNetworkConfigObserver::OnDeviceStateListChanged() can be used to be 869 // notified when the enabled state changes. 870 SetNetworkTypeEnabledState(NetworkType type, bool enabled) => (bool success); 871 872 // Sets the SIM state for the primary Cellular device: 873 // * If no SIM is present, returns false. 874 // * If the SIM is PUK locked, attempts to unlock the SIM with the provided 875 // |current_pin_or_puk| value and set a new SIM value to |new_pin| which 876 // must be provided. |pin_required| is ignored. Returns true on success. 877 // * If the SIM is PIN locked, attempts to unlock the SIM with the provided 878 // |current_pin_or_puk| value. |pin_required| is ignored. Returns true on 879 // success. 880 // * If the SIM is unlocked, |current_pin_or_puk| must match the current PIN. 881 // * If |new_pin| if provided, attempts to set the new PIN. 882 // * Otherwise attempts to set the pin required state to |pin_required|. 883 // * Returns true if the operation succeeded. 884 SetCellularSimState(CellularSimState state) => (bool success); 885 886 // Selects which Cellular mobile network to use. |network_id| must match a 887 // FoundNetworkProperties.network_id for an entry in the 888 // ManagedProperties.found_networks property for the specified Cellular 889 // network. Returns true if the operation succeeded. 890 SelectCellularMobileNetwork(string guid, string network_id) => (bool success); 891 892 // Requests a scan for new networks. If the list updates, 893 // CrosNetworkConfigObserver::OnNetworkStateListChanged() will be signaled. 894 // Note: If |type| is Cellular, a mobile network scan will be requested 895 // if supported. This is disruptive and should only be triggered by an 896 // explicit user action. 897 RequestNetworkScan(NetworkType type); 898 899 // Returns the global policy properties. These properties are not expected to 900 // change during a session. 901 GetGlobalPolicy() => (GlobalPolicy result); 902 903 // Starts a connection to the network matching |guid|. The response returns 904 // |result| when the connect request is sent or is determined unable to be 905 // sent, not when the operation completes. Use CrosNetworkConfigObserver to 906 // observe the connection state after a successful request. If the result is 907 // not kSuccess, |message| will contain a descriptive string for debugging. 908 StartConnect(string guid) => (StartConnectResult result, string message); 909 910 // Starts a disconnect from the network matching |guid|. The response returns 911 // true when the disconnect request is sent if the network exists and is 912 // connected, or false if not. Use CrosNetworkConfigObserver to observe the 913 // connection state after a successful request. 914 StartDisconnect(string guid) => (bool success); 915 916 // Provides a list of external VPN providers. Used to populate provider name 917 // in VPN properties, returned from GetVpnProviders, and sent to observers. 918 SetVpnProviders(array<VpnProvider> providers); 919 920 // Returns the list of external VPN providers. 921 GetVpnProviders() => (array<VpnProvider> providers); 922 923 // Returns the lists of server certificate authorities and user certificates 924 // available for network configuration. See NetworkCerificate for more info. 925 GetNetworkCertificates() => (array<NetworkCertificate> server_cas, 926 array<NetworkCertificate> user_certs); 927}; 928 929interface CrosNetworkConfigObserver { 930 // Fired when properties of any active network or previously active network 931 // change. Provides all currently active network states. 932 OnActiveNetworksChanged(array<NetworkStateProperties> networks); 933 934 // Fired when the properties of a specific network state change. For active 935 // networks this will be fired in addition to OnActiveNetworksChanged. For 936 // other networks it will fire when the configuration changes or a non 937 // active property changes (e.g. signal_strength). 938 OnNetworkStateChanged(NetworkStateProperties network); 939 940 // Fired when the list of networks changes. 941 // CrosNetworkConfig::GetNetworkStateList() can be used to get the network 942 // states. 943 OnNetworkStateListChanged(); 944 945 // Fired when the list of devices changes or a device property changes. 946 // CrosNetworkConfig::GetDeviceStateList() can be used to retrieve the device 947 // states. 948 OnDeviceStateListChanged(); 949 950 // Fired when the list of VPN providers changes. Use GetVpnProviders if the 951 // updated provider list is required. 952 OnVpnProvidersChanged(); 953 954 // Fired when the server CA or user certificate lists change. Use 955 // GetNetworkCertificates if the updated certificate lists are required. 956 OnNetworkCertificatesChanged(); 957}; 958