1/*
2 * Copyright (C) 2023 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17syntax = "proto2";
18
19package devicelockcontroller;
20
21import "google/protobuf/timestamp.proto";
22import "configuration_info.proto";
23import "device_checkin_info.proto";
24import "device_info.proto";
25import "enrollment_info.proto";
26
27option java_package = "com.android.devicelockcontroller.proto";
28option java_multiple_files = true;
29
30// This service is used by the Device Lock Android client to facilitate device
31// provisioning of an eligible device into a Device Lock locking program.
32service DeviceLockCheckinService {
33  // Fetches the check-in status of the device.
34  rpc GetDeviceCheckinStatus(GetDeviceCheckinStatusRequest)
35      returns (GetDeviceCheckinStatusResponse) {}
36
37  // Determines if a device is in an approved country.
38  rpc IsDeviceInApprovedCountry(IsDeviceInApprovedCountryRequest)
39      returns (IsDeviceInApprovedCountryResponse) {}
40
41  // Pauses the provisioning of the device.
42  rpc PauseDeviceProvisioning(PauseDeviceProvisioningRequest)
43      returns (PauseDeviceProvisioningResponse) {}
44
45  // Reports the device provision state of a device that is undergoing device
46  // provisioning.
47  rpc ReportDeviceProvisionState(ReportDeviceProvisionStateRequest)
48      returns (ReportDeviceProvisionStateResponse) {}
49}
50
51// Request to retrieve the check-in status of the device.
52message GetDeviceCheckinStatusRequest {
53  // The device identifiers associated with the device provided by the Device
54  // Lock Android client. The Device Lock Android client would provide only one
55  // device identifier once the Device Lock Check-in service determines which
56  // of the device identifiers is registered with a locking program.
57  repeated ClientDeviceIdentifier client_device_identifiers = 1;
58  // The Mobile Network Code for the carrier, the Device Lock Android client
59  // would fetch it from TelephonyManager#getSimOperator().
60  optional string carrier_mccmnc = 2;
61  // The Firebase Cloud Messaging (FCM) registration token associated with the
62  // device provided by the Device Lock Android client. The token is only used
63  // for GMS devices.
64  optional string fcm_registration_token = 3;
65  // The name of the manufacturer of the device.
66  optional string device_manufacturer = 4;
67  // The name of the model of the device.
68  optional string device_model = 5;
69  // The internal name of the device.
70  optional string device_internal_name = 6;
71}
72
73message ClientDeviceIdentifier {
74  // The device identifier associated with the device.
75  optional string device_identifier = 1;
76  // The type of the device identifier.
77  optional DeviceIdentifierType device_identifier_type = 2;
78}
79
80// The different check-in status the Device Lock Android client can be in.
81enum ClientCheckinStatus {
82  CLIENT_CHECKIN_STATUS_UNSPECIFIED = 0;
83  // The device is not ready for provision. The Device Lock Android client
84  // would need to do another check-in.
85  CLIENT_CHECKIN_STATUS_RETRY_CHECKIN = 1;
86  // The device is ready for provision. The Device Lock Android client can use
87  // the device provisioning information provided by the Device Lock server to
88  // provision the device.
89  CLIENT_CHECKIN_STATUS_READY_FOR_PROVISION = 2;
90  // The device no longer needs to be provisioned. The Device Lock Android
91  // client can stop future check-ins.
92  CLIENT_CHECKIN_STATUS_STOP_CHECKIN = 3;
93}
94
95// Response to a request to retrieve the check-in status of a given device.
96message GetDeviceCheckinStatusResponse {
97  // The Device Lock Android client check-in status determined by the Device
98  // Lock server.
99  optional ClientCheckinStatus client_checkin_status = 1;
100  // Set by the Device Lock server when the Device Lock Android client provides
101  // multiple device identifiers and one of the multiple device identifiers is
102  // registered with the Device Lock server. The client should use the device
103  // identifier that was found for any future communications with the Device
104  // Lock server.
105  optional string registered_device_identifier = 2;
106  // One of the following fields will get populated based on the device
107  // check-in status. But if the Device Lock server determines that the Device
108  // Lock Android client no longer needs to do a check-in, then none of the
109  // fields will be populated.
110  oneof next_steps {
111    // The Device Lock server determined that the Device Lock Android client
112    // needs to perform another device check-in.
113    NextCheckinInformation next_checkin_information = 3;
114    // The Device Lock server determined that the Device Lock Android client
115    // can now provision the device.
116    DeviceProvisioningInformation device_provisioning_information = 4;
117  }
118}
119
120// Information needed by the Device Lock Android client for the next check-in.
121message NextCheckinInformation {
122  // Set by the Device Lock server which tells the Device Lock Android client
123  // the date when the next check-in should happen.
124  optional google.protobuf.Timestamp next_checkin_timestamp = 1;
125}
126
127// Information needed by the Device Lock Android client for device provisioning.
128message DeviceProvisioningInformation {
129  // The configuration information assigned to the device.
130  optional ConfigurationInfo configuration_information = 1;
131  // The type of enrollment assigned to the device. This is used by the
132  // Device Lock Android client to determine what type of strings should be
133  // shown to the user.
134  optional EnrollmentType enrollment_type = 2;
135  // The provision type selected when enrolling the device into a locking
136  // program. The Device Lock Android client would use this to determine which
137  // provision approach should be used to provision the device.
138  optional DeviceProvisionType device_provision_type = 3;
139  // Whether the Device Lock Android client should force the provisioning. If
140  // true, then the user cannot stop device provisioning. Otherwise, if false,
141  // then the user can optionally pause device provisioning.
142  optional bool force_provisioning = 4;
143  // Whether the device is an approved country. If true, then the Device Lock
144  // Android client can proceed with device provisioning. Otherwise, this would
145  // be considered a provisioning failure and the Device Lock Android client
146  // would use the ReportDeviceProvisionState RPC to report the provision
147  // failure.
148  optional bool is_device_in_approved_country = 5;
149  // Whether the device is allowed to use adb debugging on production builds.
150  // Should only be true for a small set of tester devices.
151  optional bool allow_debugging = 6;
152}
153
154// Request to determine whether a registered device is in an approved country.
155message IsDeviceInApprovedCountryRequest {
156  // The device identifier that is registered with the Device Lock server.
157  optional string registered_device_identifier = 1;
158  // The Mobile Network Code for the carrier, the Device Lock Android client
159  // would fetch it from TelephonyManager#getSimOperator().
160  optional string carrier_mccmnc = 2;
161}
162
163// Response to a request for determining if a registered device is in an
164// approved country.
165message IsDeviceInApprovedCountryResponse {
166  // Whether the device is an approved country.
167  optional bool is_device_in_approved_country = 1;
168}
169
170// The different reasons device provisioning can be paused.
171enum PauseDeviceProvisioningReason {
172  PAUSE_DEVICE_PROVISIONING_REASON_UNSPECIFIED = 0;
173  // If given as an option to the user, the user can pause device provisioning.
174  // For example, the user is currently driving and the Device Lock Android
175  // client is prompting the user to proceed with device provisioning.
176  PAUSE_DEVICE_PROVISIONING_REASON_USER_DEFERRED_DEVICE_PROVISIONING = 1;
177}
178
179// Request to pause device provisioning of an eligible device.
180message PauseDeviceProvisioningRequest {
181  // The device identifier that is registered with the Device Lock server that
182  // is requesting to pause device provisioning.
183  optional string registered_device_identifier = 1;
184  // The reason for pausing device provisioning.
185  optional PauseDeviceProvisioningReason pause_device_provisioning_reason = 2;
186}
187
188// Response to a request to pause device provisioning of an eligible device.
189message PauseDeviceProvisioningResponse {}
190
191// The different reasons device provisioning can fail on a device.
192enum ClientProvisionFailureReason {
193  PROVISION_FAILURE_REASON_UNSPECIFIED = 0;
194  // Provision failed due to play installation task class is unavailable.
195  PROVISION_FAILURE_REASON_PLAY_TASK_UNAVAILABLE = 1;
196  // Provision failed due to play installation failed.
197  PROVISION_FAILURE_REASON_PLAY_INSTALLATION_FAILED = 2;
198  // Provision failed due to country eligibility information unavailable.
199  PROVISION_FAILURE_REASON_COUNTRY_INFO_UNAVAILABLE = 3;
200  // Provision failed due to device is not in an eligible country or region.
201  PROVISION_FAILURE_REASON_NOT_IN_ELIGIBLE_COUNTRY = 4;
202  // Provision failed due to inability to enforce policies.
203  PROVISION_FAILURE_REASON_POLICY_ENFORCEMENT_FAILED = 5;
204  // Provision failed previously and the device has stayed failing beyond
205  // the deadline.
206  PROVISION_FAILURE_REASON_DEADLINE_PASSED = 6;
207}
208
209// The different provision states of a device.
210enum ClientProvisionState {
211  CLIENT_PROVISION_STATE_UNSPECIFIED = 0;
212  // The Device Lock Android client would retry to provision the device.
213  CLIENT_PROVISION_STATE_RETRY = 1;
214  // The Device Lock Android client would inform the user that there has been
215  // an issue with device provisioning. The user can dismiss this.
216  CLIENT_PROVISION_STATE_DISMISSIBLE_UI = 2;
217  // The Device Lock Android client would inform the user that there has been
218  // an issue with device provisioning. The user cannot dismiss this.
219  CLIENT_PROVISION_STATE_PERSISTENT_UI = 3;
220  // The Device Lock Android client would factory reset the device because
221  // device provisioning could not be done.
222  CLIENT_PROVISION_STATE_FACTORY_RESET = 4;
223  // Device provisioning was a success.
224  CLIENT_PROVISION_STATE_SUCCESS = 5;
225}
226
227// Request to report the device provision state of a device that is
228// undergoing device provisioning.
229message ReportDeviceProvisionStateRequest {
230  // The reason why device provisioning failed if applicable.
231  optional ClientProvisionFailureReason client_provision_failure_reason = 1;
232  // The previous device provision state that the device was in. If not known,
233  // then CLIENT_PROVISION_STATE_UNSPECIFIED should be used. It is not known
234  // by the client on the first attempt of device provisioning.
235  optional ClientProvisionState previous_client_provision_state = 2;
236  // Whether device provision was a success.
237  optional bool provision_success = 3;
238  // The device identifier that is registered with the Device Lock server.
239  optional string registered_device_identifier = 4;
240}
241
242// Response to a request that is reporting the device provision state of a
243// device undergoing device provisioning.
244message ReportDeviceProvisionStateResponse {
245  // The Device Lock server determined the next provision state of the client.
246  // If the Device Lock Android client needs to send another gRPC request, then
247  // this provision state would be used as the previous provision state in the
248  // request.
249  optional ClientProvisionState next_client_provision_state = 1;
250  // The number of days left until the device should factory reset because of a failed provision.
251  // This number should only be used when next_client_provision_state is
252  // CLIENT_PROVISION_STATE_DISMISSIBLE_UI
253  optional uint32 days_left_until_reset = 2;
254}
255