// Copyright 2019 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// This API is used for configuring network connections (Cellular, Ethernet,
// VPN, WiFi, or Tether). See the Open Network Configuration
// (ONC) documentation for detailed descriptions of properties:
// components/onc/docs/onc_spec.md.
// Currently this service is implemented in the Chrome Browser process with
// clients in Chrome and WebUI.
module chromeos.network_config.mojom;
import "chromeos/services/network_config/public/mojom/network_types.mojom";
import "mojo/public/mojom/base/time.mojom";
import "services/network/public/mojom/ip_address.mojom";
import "url/mojom/url.mojom";
// The maximum number of custom APNs that a cellular network can have.
const uint8 kMaxNumCustomApns = 10;
// Activation state for Cellular networks.
enum ActivationStateType {
kUnknown,
kNotActivated,
kActivating,
kPartiallyActivated,
kActivated,
// A cellular modem exists, but no network service is available.
kNoService,
};
// The authentication type for Ethernet networks.
enum AuthenticationType {
kNone,
k8021x,
};
// Tri-state status of hidden_ssid.
enum HiddenSsidMode {
// Let the platform decide based on the presence of the SSID in current scan.
kAutomatic,
// HiddenSSID = false
kDisabled,
// HiddenSSID = true
kEnabled,
};
enum ProxyMode {
// Direct connection to the network.
kDirect,
// Try to retrieve a PAC script from http://wpad/wpad.dat.
kAutoDetect,
// Try to retrieve a PAC script from kProxyPacURL.
kPacScript,
// Use a specified list of servers.
kFixedServers,
// Use the system's proxy settings.
kSystem,
};
// The security type for WiFi Ethernet networks.
enum SecurityType {
kNone,
kWep8021x,
kWepPsk,
kWpaEap,
kWpaPsk,
};
// The network match type for WiFi Passpoint networks.
enum MatchType {
// The Wi-Fi network had no match with Passpoint credentials.
kNoMatch,
// The WiFi network matched with a set of Passpoint credentials as a provider
// home network.
kHome,
// The WiFI network matched with a set of Passpoint credentials as a provider
// roaming network.
kRoaming,
// The match type of the network is unknown.
kUnknown,
};
// The configuration type for virtual networks.
enum VpnType {
// Internal VPN types.
kIKEv2,
kL2TPIPsec,
kOpenVPN,
kWireGuard,
// VPN provided by a Chrome Extension.
kExtension,
// VPN provided by an Arc++ app.
kArc,
};
// Filter used for requesting lists of network states.
enum FilterType {
// Return active networks. A network is active when its ConnectionStateType
// != kNotConnected. The ConnectionStateType is defined in
// network_types.mojom.
kActive,
// Return visible (active, physically connected or in-range) networks.
// Active networks will be listed first.
kVisible,
// Only include configured (saved) networks.
kConfigured,
// Include all networks.
kAll,
};
enum StartConnectResult {
// The request was successfully sent.
kSuccess,
// The provided GUID is not associated with an existing network configuration.
kInvalidGuid,
// The network is not in a connectable state (e.g. already connected or
// connecting, or a required service is unavailable).
kInvalidState,
// The connect request was cancelled before being sent, e.g. due to another
// connect request.
kCanceled,
// The network is in an error state because invalid credentials were provided
// or a certificate is unavailable.
kNotConfigured,
// Connecting to the network is blocked, e.g. by policy.
kBlocked,
// Unknown or other error.
kUnknown,
};
enum CertificateType {
kServerCA,
kUserCert,
};
// Reasons why the Cellular Device may have its scanning inhibited (i.e.,
// temporarily stopped).
enum InhibitReason {
// Not inhibited.
kNotInhibited,
// Inhibited because an eSIM profile is being installed.
kInstallingProfile,
// Inhibited because an eSIM profile is being renamed.
kRenamingProfile,
// Inhibited because an eSIM profile is being removed.
kRemovingProfile,
// Inhibited because a connection is in progress which requires that the
// device switch to a different eSIM profile.
kConnectingToProfile,
// Inhibited because the list of pending eSIM profiles is being refreshed by
// checking with an SMDS server.
kRefreshingProfileList,
// Inhibited because the EUICC memory is being reset.
kResettingEuiccMemory,
// Inhibited because an eSIM profile is being disabled.
kDisablingProfile,
// Inhibited because SM-DS scans are being performed to discover profiles
// available for this device.
kRequestingAvailableProfiles,
};
// Always-on VPN operating mode.
enum AlwaysOnVpnMode {
// Always-on VPN is disabled.
kOff,
// Always-on VPN is enabled, traffic goes through the tunnel as long as it is
// available, otherwise it falls back to the default network.
kBestEffort,
// Always-on VPN is enabled and traffic is blocked when the tunnel is not
// available.
kStrict,
};
// The SIM card lock status for Cellular networks.
struct SIMLockStatus {
// The status of SIM lock. Possible values are 'sim-pin', 'sim-puk' or empty.
string lock_type;
// Whether SIM lock is enabled.
bool lock_enabled;
// Number of PIN lock tries allowed before PUK is required to unlock the SIM.
int32 retries_left;
};
// Details about a sim slot available on the device.
struct SIMInfo {
// Slot identifier.
int32 slot_id;
// EID of EUICC at this slot. Empty if this is a physical SIM slot.
string eid;
// ICCID of the eSIM profile or the physical SIM
// card active on this slot when available from Shill.
string iccid;
// True when this slot is currently active.
bool is_primary;
};
struct CellularStateProperties {
// ICCID of the eSIM profile or the physical SIM that corresponds to this
// network.
string iccid;
// The EID of EUICC that this network is installed on. Empty if this network
// corresponds to a physical SIM.
string eid;
// Enumerated ONC activation state.
ActivationStateType activation_state = kUnknown;
// ONC NetworkTechnology value.
string network_technology;
// True when in a roaming state and the provider is not always roaming.
bool roaming = false;
// The signal strength of the cellular connection.
int32 signal_strength;
// True when a SIM is present and has locking enabled.
bool sim_lock_enabled = false;
// True when a SIM is present and locked.
bool sim_locked = false;
// String representing the SIM lock type. This will be empty when the SIM
// is unlocked.
string sim_lock_type;
// True when a SIM has a custom name.
bool has_nick_name = false;
// String representing the network operator.
string network_operator;
PaymentPortalProperties? payment_portal;
};
struct EthernetStateProperties {
// This represents the actual authentication type for a connected Ethernet
// network. Note: An EAP configuration may exist but not be applied (e.g. if
// no certificate is installed), in which case the value will be kNone.
AuthenticationType authentication;
};
struct TetherStateProperties {
// The battery percentage of the tethered device.
int32 battery_percentage;
// The cellular carrier for the tethered device.
string carrier;
// Whether the tethered device has already been connected to.
bool has_connected_to_host;
// The signal strength of the tethered device's cellular connection.
int32 signal_strength;
};
struct VPNStateProperties {
VpnType type;
string provider_id;
string provider_name;
};
struct WiFiStateProperties {
// The id of the basic service set (access point) associated with the network.
string bssid;
// The WiFi service operating frequency in MHz. For connected networks, the
// current frequency, otherwise, the frequency of the best available BSS.
int32 frequency;
// The hex encoded SSID (name) of the network.
string hex_ssid;
SecurityType security;
// The signal strength for visible networks.
int32 signal_strength;
// The network SSID.
string ssid;
// Whether the network is in range.
bool visible;
// Whether the AP has a hidden SSID.
bool hidden_ssid;
// Identifier of the set of Passpoint credentials that populated this Wi-Fi
// network.
string passpoint_id;
};
union NetworkTypeStateProperties {
CellularStateProperties cellular;
EthernetStateProperties ethernet;
TetherStateProperties tether;
VPNStateProperties vpn;
WiFiStateProperties wifi;
};
struct NetworkStateProperties {
// True if the network is configured and may be connectable.
bool connectable = false;
// True if an explicit connect was requested. The network state may not be
// Connecting yet.
bool connect_requested = false;
ConnectionStateType connection_state;
// A string describing the network error state. TODO(stevenjb): Use an enum.
string? error_state;
// The unique identifier for the network.
string guid;
// The human readable name of the network, e.g. WiFi SSID or network type.
string name;
// The captive portal state when connection_state == kPortal.
PortalState portal_state = kUnknown;
// The URL used to identify a captive portal state, set when portal_state is
// kPortal or kPortalSuspected.
url.mojom.Url? portal_probe_url;
// The relative priority of the network. Larger values have higher priority.
int32 priority;
// The proxy mode affecting this network. Includes any settings that affect
// this network (i.e. global proxy settings are also considered).
ProxyMode proxy_mode;
// True for visible networks that are blocked / disallowed by policy.
bool prohibited_by_policy = false;
OncSource source;
// |type| is explicitly provided here to simplify UI code and will always
// match the type of |type_state|, which will always be provided.
NetworkType type;
NetworkTypeStateProperties type_state;
};
struct DeviceStateProperties {
// IP address for the primary network corresponding to the device type. If no
// network is in a connected state, or the address type is not available,
// these will be null. When there are multiple IP addresses, only the first
// is provided.
network.mojom.IPAddress? ipv4_address;
network.mojom.IPAddress? ipv6_address;
// IMEI of the cellular modem. Present only for Cellular device.
string? imei;
// AA:BB formatted MAC address for the device. Use for display purposes only.
// May be null if no MAC address is available for the device.
string? mac_address;
// Set if the device is currently scanning.
bool scanning = false;
// The SIM lock status if Type = Cellular and a SIM is present.
SIMLockStatus? sim_lock_status;
// Details about the physical SIM and eSIM available on the device if Type =
// Cellular. Note that the array will be ordered by the |slot_id|.
array<SIMInfo>? sim_infos;
// The reason for cellular scans to be inhibited; only set if Type = Cellular.
InhibitReason inhibit_reason = kNotInhibited;
// True when a SIM is required and not present.
bool sim_absent = false;
DeviceStateType device_state;
NetworkType type;
// Whether or not any managed networks are available.
bool managed_network_available = false;
// Serial number of the device, reported for cellular devices
// to start with. Displayed along with IMEI/EID to help user
// unlock carrier locked device.
string? serial;
// Indicates if the device is carrier locked.
// Reported only for cellular devices. Defaults to false
// for other device types.
bool is_carrier_locked = false;
// Indicates whether the device is in the flashing state. Reported only
// for cellular devices. Defaults to false for other device types.
bool is_flashing = false;
};
const int32 kNoLimit = 0;
struct NetworkFilter {
// Which networks to return (active, visible, etc).
FilterType filter;
// The type of networks to return.
NetworkType network_type;
// Maximum number of networks to return. 0 indicates no limit.
int32 limit = kNoLimit;
};
// Specialized unmanaged property types.
// Refers to whether the user or admin is allowing the APN to be used.
enum ApnState {
// The APN is enabled in network settings. This indicates that the APN may be
// used for cellular connectivity. However, it does not necessarily mean that
// the APN *will* be used. If there are multiple custom APNs marked as
// |kEnabled|, it is possible that one enabled APN will be used and another
// will not be used.
kEnabled,
// The APN is disabled in network settings. This indicates that the APN won't
// be used for cellular connectivity.
kDisabled,
};
// Authentication types for APNs.
enum ApnAuthenticationType {
kAutomatic,
// Password Authentication Protocol
kPap,
// Challenge-Handshake Authentication Protocol
kChap,
};
// IP types for APNs.
enum ApnIpType {
kAutomatic,
kIpv4,
kIpv6,
kIpv4Ipv6,
};
// Supported APN types.
enum ApnType {
kDefault,
kAttach,
kTether,
};
// Sources for APNs.
enum ApnSource {
kModem,
kModb,
kUi,
};
struct ApnProperties {
string access_point_name;
// This id will only be set for custom APNs.
string? id;
ApnAuthenticationType authentication;
string? language;
string? localized_name;
string? name;
string? password;
string? username;
// The attach property uses a string? instead of an enum to allow for possible
// free-form entry in the future.
// TODO(b/249550650) Remove attach after APN Revamp feature
// has been completely transitioned.
// TODO(b/249550650) Add all new properties to the
// //components/onc/docs/onc_spec.md documentation.
string? attach;
// The state property will be used by Chrome to determine whether a custom APN
// is disabled by the user or not. Chrome will filter out disabled APNs before
// passing them to Shill.
ApnState state;
ApnIpType ip_type;
array<ApnType> apn_types;
ApnSource source;
};
struct RoamingProperties {
bool allow_roaming;
};
struct CellularProviderProperties {
string name;
string code;
string? country;
};
struct FoundNetworkProperties {
string status;
string network_id;
string technology;
string? short_name;
string? long_name;
};
// A routing prefix can not be 0. Use 0 to indicate an unset value.
const int32 kNoRoutingPrefix = 0;
struct IPConfigProperties {
string? gateway;
// The IP address represented as a string, as provided by the configuration
// manager (e.g. Shill) and/or the policy provider. It should be used for
// display purposes only.
string? ip_address;
array<string>? excluded_routes;
array<string>? included_routes;
array<string>? name_servers;
array<string>? search_domains;
int32 routing_prefix = kNoRoutingPrefix;
IPConfigType type;
string? web_proxy_auto_discovery_url;
};
struct PaymentPortalProperties {
string method;
string? post_data;
string? url;
};
// WireGuard per-peer properties. These properties are opaquely passed as
// strings to the platform daemon (e.g. Shill) and only from there are then
// parsed syntacticly.
// The syntax is as defined at https://www.wireguard.com/xplatform/.
// Particularly, |allowed_ips| is a comma-separated string of CIDR prefixes,
// and endpoint is a host name or IP address followed by ":port".
struct WireGuardPeerProperties {
string public_key;
// Note: when read by UI, |preshared_key| contains a placeholder if set to
// avoid leaking secrets.
string? preshared_key;
string? allowed_ips;
string? endpoint;
int32 persistent_keepalive_interval;
};
// Managed property types. These types all share a common structure.
// The structure differs from the structure used in //components/onc which
// relies on optional boolean and integer values which are unsupported in mojo,
// and provides more detail than is required by the UI.
// active_value: The value provided by the configuration manager (e.g. Shill).
// This will match |policy_value| when |policy_source| is enforced.
// policy_source: The source of the value provided by policy when available,
// or kNone (see PolicySource in network_types.mojom).
// policy_value: The value provided by policy when available.
// Fundamental managed types.
struct ManagedBoolean {
bool active_value;
PolicySource policy_source = kNone;
bool policy_value = false;
};
struct ManagedInt32 {
int32 active_value = 0;
PolicySource policy_source = kNone;
int32 policy_value = 0;
};
struct ManagedString {
string active_value;
PolicySource policy_source = kNone;
string? policy_value;
};
struct ManagedStringList {
array<string> active_value;
PolicySource policy_source = kNone;
array<string>? policy_value;
};
// Specialized managed types.
struct ManagedApnProperties {
ManagedString access_point_name;
ManagedString? authentication;
ManagedString? language;
ManagedString? localized_name;
ManagedString? name;
ManagedString? password;
ManagedString? username;
// The attach property uses a string? instead of an enum to allow for possible
// free-form entry in the future.
ManagedString? attach;
};
struct ManagedApnList {
array<ApnProperties> active_value;
PolicySource policy_source = kNone;
array<ApnProperties>? policy_value;
};
struct ManagedIssuerSubjectPattern {
ManagedString? common_name;
ManagedString? locality;
ManagedString? organization;
ManagedString? organizational_unit;
};
struct ManagedCertificatePattern {
ManagedStringList? enrollment_uri;
ManagedIssuerSubjectPattern? issuer;
ManagedStringList? issuer_ca_ref;
ManagedIssuerSubjectPattern? subject;
};
struct ManagedEAPProperties {
ManagedString? anonymous_identity;
ManagedCertificatePattern? client_cert_pattern;
ManagedString? client_cert_pkcs11_id;
ManagedString? client_cert_provisioning_profile_id;
ManagedString? client_cert_ref;
ManagedString? client_cert_type;
ManagedStringList? domain_suffix_match;
ManagedString? identity;
ManagedString? inner;
ManagedString? outer;
// Note: |password| contains a placeholder if set to avoid leaking secrets.
ManagedString? password;
ManagedBoolean? save_credentials;
ManagedStringList? server_ca_pems;
ManagedStringList? server_ca_refs;
ManagedSubjectAltNameMatchList? subject_alt_name_match;
ManagedString? subject_match;
ManagedString? tls_version_max;
ManagedBoolean? use_proactive_key_caching;
ManagedBoolean? use_system_cas;
};
struct ManagedSubjectAltNameMatchList {
array<SubjectAltName> active_value;
PolicySource policy_source = kNone;
array<SubjectAltName> policy_value;
};
struct ManagedIPConfigProperties {
ManagedString? gateway;
// See comment for IPConfigProperties.
ManagedString? ip_address;
ManagedStringList? name_servers;
ManagedInt32? routing_prefix;
IPConfigType type;
ManagedString? web_proxy_auto_discovery_url;
};
struct ManagedIPSecProperties {
ManagedString authentication_type;
ManagedCertificatePattern? client_cert_pattern;
ManagedString? client_cert_pkcs11_id;
ManagedString? client_cert_provisioning_profile_id;
ManagedString? client_cert_ref;
ManagedString? client_cert_type;
ManagedEAPProperties? eap;
ManagedString? group;
ManagedInt32? ike_version;
ManagedString? local_identity;
// Note: |psk| contains a placeholder if set to avoid leaking secrets.
ManagedString? psk;
ManagedString? remote_identity;
ManagedBoolean? save_credentials;
ManagedStringList? server_ca_pems;
ManagedStringList? server_ca_refs;
};
struct ManagedL2TPProperties {
ManagedBoolean? lcp_echo_disabled;
// Note: |password| contains a placeholder if set to avoid leaking secrets.
ManagedString? password;
ManagedBoolean? save_credentials;
ManagedString? username;
};
struct ManagedProxyLocation {
ManagedString host;
ManagedInt32 port;
};
struct ManagedManualProxySettings {
ManagedProxyLocation? http_proxy;
ManagedProxyLocation? secure_http_proxy;
ManagedProxyLocation? ftp_proxy;
ManagedProxyLocation? socks;
};
struct ManagedProxySettings {
ManagedString type;
ManagedManualProxySettings? manual;
ManagedStringList? exclude_domains;
ManagedString? pac;
};
struct ManagedVerifyX509Properties {
ManagedString? name;
ManagedString? type;
};
struct ManagedOpenVPNProperties {
ManagedString? auth;
ManagedString? auth_retry;
ManagedBoolean? auth_no_cache;
ManagedString? cipher;
ManagedString? client_cert_pkcs11_id;
ManagedCertificatePattern? client_cert_pattern;
ManagedString? client_cert_provisioning_profile_id;
ManagedString? client_cert_ref;
ManagedString? client_cert_type;
ManagedString? compression_algorithm;
ManagedStringList? extra_hosts;
ManagedBoolean? ignore_default_route;
ManagedString? key_direction;
ManagedString? ns_cert_type;
// Note: |password| contains a placeholder if set to avoid leaking secrets.
ManagedString? password;
ManagedInt32? port;
ManagedString? proto;
ManagedBoolean? push_peer_info;
ManagedString? remote_cert_eku;
ManagedStringList? remote_cert_ku;
ManagedString? remote_cert_tls;
ManagedInt32? reneg_sec;
ManagedBoolean? save_credentials;
ManagedStringList? server_ca_pems;
ManagedStringList? server_ca_refs;
ManagedString? server_cert_ref;
ManagedInt32? server_poll_timeout;
ManagedInt32? shaper;
ManagedString? static_challenge;
ManagedString? tls_auth_contents;
ManagedString? tls_remote;
ManagedString? tls_version_min;
ManagedString? user_authentication_type;
ManagedString? username;
ManagedString? verb;
ManagedString? verify_hash;
ManagedVerifyX509Properties? verify_x509;
};
struct ManagedWireGuardPeerList {
array<WireGuardPeerProperties> active_value;
PolicySource policy_source = kNone;
array<WireGuardPeerProperties>? policy_value;
};
struct ManagedWireGuardProperties {
ManagedStringList? ip_addresses;
// Note: |private_key| is not readable to avoid leaking secrets.
ManagedString? private_key;
ManagedString? public_key;
ManagedWireGuardPeerList peers;
};
// Managed NetworkType specific dictionaries.
struct ManagedCellularProperties {
ActivationStateType activation_state;
// Note: |sim_locked| field is not part of ONC spec.
bool sim_locked = false;
ManagedBoolean? allow_roaming;
ManagedBoolean? allow_text_messages;
ManagedApnList? apn_list;
ManagedBoolean? auto_connect;
// List of user-entered custom APN entries. Note: This field is not
// part of ONC spec.
array<ApnProperties>? custom_apn_list;
string? eid;
string? esn;
string? family;
string? firmware_revision;
array<FoundNetworkProperties>? found_networks;
string? hardware_revision;
CellularProviderProperties? home_provider;
string? iccid;
string? imei;
// TODO(b/249550650) Remove last_good_apn after APN Revamp
// feature has been completely transitioned.
ApnProperties? last_good_apn;
// The APN used to connect to the network. Note: This field is not
// part of ONC, and it is set only when the kApnRevamp flag is enabled.
ApnProperties? connected_apn;
string? manufacturer;
string? mdn;
string? meid;
string? min;
string? model_id;
string? network_technology;
string sim_lock_type;
PaymentPortalProperties? payment_portal;
string? roaming_state;
// The current user selected APN. This corresponds to APN field in ONC.
// TODO(b/249550650) Remove selected_apn after APN Revamp
// feature has been completely transitioned.
ManagedApnProperties? selected_apn;
CellularProviderProperties? serving_operator;
int32 signal_strength = 0;
bool support_network_scan = false;
};
struct ManagedEthernetProperties {
// This represents the configured authentication type for an Ethernet network.
// Note: This might not match the State value (which uses an enum instead of
// a managed string) if the EAP configuration can not be applied (e.g. when
// no certificate is installed).
ManagedString? authentication;
ManagedEAPProperties? eap;
};
struct ManagedVPNProperties {
ManagedBoolean? auto_connect;
// Note: in the case of WireGuard VPN |host| is not relevant and contains a
// placeholder value.
ManagedString? host;
ManagedIPSecProperties? ip_sec;
ManagedL2TPProperties? l2tp;
ManagedOpenVPNProperties? open_vpn;
ManagedWireGuardProperties? wireguard;
ManagedString? provider_id;
string provider_name;
VpnType type;
};
struct ManagedWiFiProperties {
ManagedBoolean? allow_gateway_arp_polling;
ManagedBoolean? auto_connect;
string? bssid;
ManagedEAPProperties? eap;
int32 frequency = 0;
array<int32>? frequency_list;
ManagedString? hex_ssid;
ManagedBoolean? hidden_ssid;
// Note: |passphrase| contains a placeholder if set to avoid leaking secrets.
ManagedString? passphrase;
ManagedString ssid;
SecurityType security;
int32 signal_strength = 0;
// Indicates whether the network is eligible to be included in Chrome Sync.
bool is_syncable;
// True for unshared networks and for shared networks configured by the
// active user. Updated whenever the passphrase is modified.
bool is_configured_by_active_user;
// Identifier of the set of Passpoint credentials that populated this service.
// Will be used to display the credentials.
string? passpoint_id;
// Network tier deduced from the match between the Wi-Fi network and the
// Passpoint credentials.
MatchType passpoint_match_type;
};
union NetworkTypeManagedProperties {
ManagedCellularProperties cellular;
ManagedEthernetProperties ethernet;
// Tether has no managed properties. Provide TetherStateProperties for display
// purposes.
TetherStateProperties tether;
ManagedVPNProperties vpn;
ManagedWiFiProperties wifi;
};
struct UInt32Value {
uint32 value;
};
struct TrafficCounterProperties {
// Time when the traffic counters for a Service were last reset.
mojo_base.mojom.Time? last_reset_time;
// A friendly formatted sentence representing the |last_reset_time| as a
// date, e.g., Monday, March 6, 2008. This value takes locale into account.
string? friendly_date;
// Whether traffic counters are reset automatically.
bool auto_reset;
// User selected day of month when traffic counters are reset.
uint32 user_specified_reset_day;
};
// Managed properties provided by getManagedProperties. See
// //components/onc/docs/onc_spec.md for details about each property.
struct ManagedProperties {
// Typed properties for compatibility with NetworkStateProperties.
ConnectionStateType connection_state = kNotConnected;
OncSource source;
// Other properties and property dictionaries use ONC strings for values.
bool connectable = false;
string? error_state;
string guid;
ManagedString ip_address_config_type;
array<IPConfigProperties>? ip_configs;
ManagedBoolean? metered;
ManagedString? name;
ManagedString name_servers_config_type;
ManagedInt32? priority;
ManagedProxySettings? proxy_settings;
PortalState portal_state = kUnknown;
ManagedIPConfigProperties? static_ip_config;
IPConfigProperties? saved_ip_config;
// |type| is explicitly provided here to simplify UI code and will always
// match the type of |type_properties|, which will always be provided.
NetworkType type;
NetworkTypeManagedProperties type_properties;
// Contains traffic counter related information for this network. This field
// is only applicable for Cellular and WiFi networks when
// TrafficCountersEnabled and TrafficCountersForWiFiTesting, respectively, is
// enabled.
TrafficCounterProperties? traffic_counter_properties;
};
// Properties for SetProperties and ConfigureNetwork. All of the top level
// properties and many nested properties are optional so that sparse
// configurations can be provided, e.g. just the |auto_connect| property can
// be changed. The ONC validation code
// (chromeos/ash/components/network/onc/onc_validator.cc) ensures that
// configurations are valid before translating and passing them to Shill.
// Wrapper to allow optional auto_connect configuration.
struct AutoConnectConfig {
bool value;
};
// Wrapper to allow optional metered configuration.
struct MeteredConfig {
bool value;
};
// Wrapper to allow optional priority configuration.
struct PriorityConfig {
int32 value;
};
// Wrapper to allow optional VpnType configuration. Note: only configuration of
// internal VPN types (kOpenVPN and kL2TPIPsec) is supported.
// TODO(crbug.com/40489779): Remove wrapper once optional enums are supported.
struct VpnTypeConfig {
VpnType value;
};
struct ProxyLocation {
string host;
int32 port;
};
struct ManualProxySettings {
ProxyLocation? http_proxy;
ProxyLocation? secure_http_proxy;
ProxyLocation? ftp_proxy;
ProxyLocation? socks;
};
struct ProxySettings {
string type;
ManualProxySettings? manual;
array<string>? exclude_domains;
string? pac;
};
struct EAPConfigProperties {
string? anonymous_identity;
string? client_cert_pkcs11_id;
string? client_cert_type;
array<string> domain_suffix_match;
string? identity;
string? inner;
string? outer;
string? password;
bool save_credentials = false;
array<string>? server_ca_pems;
array<SubjectAltName> subject_alt_name_match;
string? subject_match;
bool use_system_cas = false;
};
struct SubjectAltName {
enum Type {
kEmail,
kDns,
kUri
};
Type type;
string value;
};
// Subset of currently implemented config properties in the UI. Additional
// optional properties from //components/onc/docs/onc_spec.md may be added as
// needed.
struct IPSecConfigProperties {
string authentication_type;
string? client_cert_pkcs11_id;
string? client_cert_type;
EAPConfigProperties? eap;
string? group;
int32 ike_version = 1;
string? local_identity;
string? psk;
string? remote_identity;
bool save_credentials = false;
array<string>? server_ca_pems;
array<string>? server_ca_refs;
};
// Subset of currently implemented config properties in the UI. Additional
// optional properties from //components/onc/docs/onc_spec.md may be added as
// needed.
struct L2TPConfigProperties {
bool lcp_echo_disabled = false;
string? password;
bool save_credentials = false;
string? username;
};
// Subset of currently implemented config properties in the UI. Additional
// optional properties from //components/onc/docs/onc_spec.md may be added as
// needed.
struct OpenVPNConfigProperties {
string? client_cert_pkcs11_id;
string? client_cert_type;
array<string>? extra_hosts;
string? otp;
string? password;
bool save_credentials = false;
array<string>? server_ca_pems;
array<string>? server_ca_refs;
string? username;
string? user_authentication_type;
};
// The WireGuard config properties implemented in UI.
struct WireGuardConfigProperties {
// List of IP addresses in string representation (case-insensitive for IPv6)
// to be configured on the WireGuard interface.
array<string>? ip_addresses;
// Private key of local peer, or empty string to indicate a key should be
// generated by shill, or null to indicate the current stored key should be
// kept unchanged.
string? private_key;
// List of peers. See WireGuardPeerProperties for detail.
array<WireGuardPeerProperties>? peers;
};
struct TextMessagesAllowState {
bool allow_text_messages;
};
// Only one of {Cellular|Ethernet|VPN|Wifi}ConfigProperties is allowed.
// TODO(stevenjb): Make these a union.
struct CellularConfigProperties {
// TODO(b/249550650) Remove apn after APN Revamp feature
// has been completely transitioned.
ApnProperties? apn;
// If not provided the default allow_roaming behavior will be used for the
// network.
RoamingProperties? roaming;
// If not provided the existing user/policy set behavior
// text_message_allow_state will be used.
TextMessagesAllowState? text_message_allow_state;
};
struct EthernetConfigProperties {
// |authentication| will default to "none" if not provided for new configs.
// TODO(crbug.com/40489779): Use AuthenticationType here.
string? authentication;
EAPConfigProperties? eap;
};
struct VPNConfigProperties {
string? host;
IPSecConfigProperties? ip_sec;
L2TPConfigProperties? l2tp;
OpenVPNConfigProperties? open_vpn;
WireGuardConfigProperties? wireguard;
// |type| is required for new configs, optional otherwise.
VpnTypeConfig? type;
};
struct WiFiConfigProperties {
EAPConfigProperties? eap;
string? passphrase;
// |ssid| is required for new configurations, optional otherwise.
string? ssid;
SecurityType security = kNone;
// Whether the AP has a hidden SSID.
HiddenSsidMode hidden_ssid = kAutomatic;
};
union NetworkTypeConfigProperties {
CellularConfigProperties cellular;
EthernetConfigProperties ethernet;
VPNConfigProperties vpn;
WiFiConfigProperties wifi;
};
struct ConfigProperties {
AutoConnectConfig? auto_connect;
// An optional guid may be provided when configuring a visible network to
// preserve the existing guid.
string? guid;
string? ip_address_config_type;
MeteredConfig? metered;
// Name is only required for new configurations.
string? name;
string? name_servers_config_type;
PriorityConfig? priority;
ProxySettings? proxy_settings;
IPConfigProperties? static_ip_config;
// NetworkType is inferred from |type_config|.
NetworkTypeConfigProperties type_config;
};
// Properties provided to SetCellularSimState.
struct CellularSimState {
// The current PIN or PUK. Required for unlocking the SIM, or when setting
// |require_pin|.
string current_pin_or_puk;
// If provided change the PIN to |new_pin|. Required if the SIM is PUK locked.
string? new_pin;
// Whether a PIN should be required. Ignored when unlocking a locked SIM.
bool require_pin;
};
// Properties provided by GetGlobalPolicy. These properties affect network
// configuration as a whole instead of individual network configurations.
// Default values should be explicitly provided for boolean values.
struct GlobalPolicy {
// If true, users will be allowed to modify APNs.
bool allow_apn_modification = true;
// If true, allow PIN locking of SIMs attached to the device.
// If false, PIN locking is prohibited.
bool allow_cellular_sim_lock = true;
// If true, users will be allowed to turn on cellular hotspot.
bool allow_cellular_hotspot = true;
// If true, only cellular networks present in policy may be connected to and
// no new networks may be added or configured.
bool allow_only_policy_cellular_networks = false;
// If true, only policy networks may auto connect.
bool allow_only_policy_networks_to_autoconnect = false;
// If true, only WiFi networks present in policy may be connected to and no
// new networks may be added or configured.
bool allow_only_policy_wifi_networks_to_connect = false;
// If true and a managed network is available in the visible network list,
// only WiFi networks present in policy may be connected to and no new
// networks may be added or configured.
bool allow_only_policy_wifi_networks_to_connect_if_available = false;
// Indicates if the DNS queries can be used to monitor user traffic via user
// or device identifiers in the secure DNS URI templates.
bool dns_queries_monitored = false;
// Indicates if the deviceReportXDREvents policy is enabled. When enabled
// user's network activity will be monitored/reported for system security.
bool report_xdr_events_enabled = false;
// List of blocked networks which can not be connected to.
array<string> blocked_hex_ssids;
// If true, ChromeOS wipes "Recommended" values in shared managed networks on
// some occasions (see //components/onc/docs/onc_spec.md).
bool recommended_values_are_ephemeral = false;
// If true, ChromeOS deletes shared non-managed on some occasions (see
// //components/onc/docs/onc_spec.md).
bool user_created_network_configurations_are_ephemeral = false;
// If set to kAllow, ChromeOS will allow showing text message notifications,
// when set to kSuppress, notifications will not be shown, when kUnset
// allows configuration by the user. (see //components/onc/docs/onc_spec.md).
SuppressionType allow_text_messages = kUnset;
};
// Type of the allow text messages property, mapped from onc strings. (see
// components/onc/docs/onc_spec.md)
enum SuppressionType {
kUnset,
kAllow,
kSuppress,
};
// VPN providers for type kExtension and kArc are set via SetVpnProviders and
// stored in the service implementation. Clients may retrieve the current list
// and receive observer events to track changes to the list. The list of
// providers is only used by UI code, they are not sent to the connection
// manager (Shill).
struct VpnProvider {
// Only type kExtension and kArc should be used here. Other provider types
// are internal to Shill and implicit; VpnProvider properties will be ignored.
VpnType type;
// Extension id (GUID) or Arc package name, e.g. myvpn.app.package.
string provider_id;
// Extension provider name or Arc app name, e.g. MyVPN.
string provider_name;
// Extension id (GUID) or Arc app id (GUID), used to launch the VPN UI.
string app_id;
// Last launch time of the VPN.
mojo_base.mojom.Time last_launch_time;
};
// Information about a network certificate for the purpose of selecting an
// available certificate in a UI and providing information in a ConfigProperties
// struct to SetProperties or ConfigureNetwork. No private information should
// be included here.
struct NetworkCertificate {
CertificateType type;
// Unique hash for the certificate, used to uniquely identify certificates.
string hash;
// Certificate issuer common name for display in a UI.
string issued_by;
// Certificate name or nickname for display in a UI.
string issued_to;
// For server certificate authorities (type == kServerCA), this contains the
// public certificate in PEM format.
// For user certificates, this contains the PKCS#11 id to be passed to the
// configuration manager (Shill) for retrieving the encrypted certificate.
// This will be used in the appropriate ConfigProperties dictionary.
// TODO(crbug.com/40100073): Use a union here instead once the issue is fixed.
string pem_or_id;
// Whether the certificate is available for network authentication.
bool available_for_network_auth;
// Whether the certificate is hardware backed.
bool hardware_backed;
// Whether the certificate is device wide (i.e. stored in a shared profile,
// not a user specific profile).
bool device_wide;
};
// Always-on VPN configuration obtained with GetAlwaysOnVpn and set using
// SetAlwaysOnVpn for the purpose of enabling/disabling the feature and choosing
// the service to be automatically started.
struct AlwaysOnVpnProperties {
// Always-on VPN operating mode.
AlwaysOnVpnMode mode;
// GUID of the VPN service managed by always-on VPN. This can be configured
// independently of |mode|, but it expected to be only used when |mode| is not
// AlwaysOnVpnMode::kOff.
string service_guid;
};
// Source of the traffic. These sources are kept in sync with
// third_party/cros_system_api/dbus/shill/dbus-constants.h.
enum TrafficCounterSource {
kUnknown,
kChrome,
kUser,
kArc,
kCrosvm,
kPluginvm,
kUpdateEngine,
kVpn,
kSystem,
};
// Information about a traffic counter for a single source.
struct TrafficCounter {
// Source of traffic.
TrafficCounterSource source;
// Corresponds to the number of bytes received by |source| since the last
// reset.
uint64 rx_bytes;
// Corresponds to the number of bytes transmitted by |source| since the last
// reset.
uint64 tx_bytes;
};
// Interface for fetching and setting network configuration properties, e.g.
// from Settings WebUI or the SystemTray.
interface CrosNetworkConfig {
AddObserver(pending_remote<CrosNetworkConfigObserver> observer);
// Returns the state properties of the network matching |guid|. If the network
// is not available returns null.
GetNetworkState(string guid) => (NetworkStateProperties? result);
// Returns a list of Network properties matching |filter|. Networks are
// ordered by the system based on their priority, with active networks listed
// first.
GetNetworkStateList(NetworkFilter filter) =>
(array<NetworkStateProperties> result);
// Returns a list of Device properties.
GetDeviceStateList() => (array<DeviceStateProperties> result);
// Returns the managed properties of the network matching |guid|. The result
// is an ONC dictionary with well defined property keys and managed ONC value
// dictionaries (e.g. ManagedString). If the network properties are not
// available returns null.
GetManagedProperties(string guid) => (ManagedProperties? result);
// Sets properties for the network matching |guid|. |properties.guid| must be
// null or match |guid|, otherwise it will fail with an invalid input error.
// If |success| is false, |error_message| provides a string identifying the
// error. The string may be a Shill error, or an error token provided by the
// NetworkHandler layer. JS localization for a common subset of these is
// provided by network_element::AddErrorLocalizedStrings.
// TODO(1004434): Consider enumerating these.
SetProperties(string guid, ConfigProperties properties) =>
(bool success, string error_message);
// Configures a new network with |properties|. If |properties.guid| is
// provided, an existing configuration must exist and match the provided
// |properties|. Returns the guid of the new network configuration on success.
// A null guid indicates that the properties were invalid or incomplete. See
// SetProperties for notes on errorMessage.
ConfigureNetwork(ConfigProperties properties, bool shared) =>
(string? guid, string error_message);
// Forgets an existing network configuration matching |guid| by clearing all
// configured properties. Returns true if the network exists and is
// successfully removed.
ForgetNetwork(string guid) => (bool success);
// Sets a single network type (e.g. WiFi) to enabled or disabled. Types
// describing multiple technologies (e.g. kWireless) are not supported.
// Returns false if the type is invalid, unavailable, or can not be disabled.
// CrosNetworkConfigObserver::OnDeviceStateListChanged() can be used to be
// notified when the enabled state changes.
SetNetworkTypeEnabledState(NetworkType type, bool enabled) => (bool success);
// Sets the SIM state for the primary Cellular device:
// * If no SIM is present, returns false.
// * If the SIM is PUK locked, attempts to unlock the SIM with the provided
// |current_pin_or_puk| value and set a new SIM value to |new_pin| which
// must be provided. |pin_required| is ignored. Returns true on success.
// * If the SIM is PIN locked, attempts to unlock the SIM with the provided
// |current_pin_or_puk| value. |pin_required| is ignored. Returns true on
// success.
// * If the SIM is unlocked, |current_pin_or_puk| must match the current PIN.
// * If |new_pin| if provided, attempts to set the new PIN.
// * Otherwise attempts to set the pin required state to |pin_required|.
// * Returns true if the operation succeeded.
SetCellularSimState(CellularSimState state) => (bool success);
// Selects which Cellular mobile network to use. |network_id| must match a
// FoundNetworkProperties.network_id for an entry in the
// ManagedProperties.found_networks property for the specified Cellular
// network. Returns true if the operation succeeded.
SelectCellularMobileNetwork(string guid, string network_id) => (bool success);
// Requests a scan for new networks. If the list updates,
// CrosNetworkConfigObserver::OnNetworkStateListChanged() will be signaled.
// Note: If |type| is Cellular, a mobile network scan will be requested
// if supported. This is disruptive and should only be triggered by an
// explicit user action.
RequestNetworkScan(NetworkType type);
// Returns the global policy properties. These properties are not expected to
// change during a session.
GetGlobalPolicy() => (GlobalPolicy result);
// Starts a connection to the network matching |guid|. The response returns
// |result| when the connect request is sent or is determined unable to be
// sent, not when the operation completes. Use CrosNetworkConfigObserver to
// observe the connection state after a successful request. If the result is
// not kSuccess, |message| will contain a descriptive string for debugging.
StartConnect(string guid) => (StartConnectResult result, string message);
// Starts a disconnect from the network matching |guid|. The response returns
// true when the disconnect request is sent if the network exists and is
// connected, or false if not. Use CrosNetworkConfigObserver to observe the
// connection state after a successful request.
StartDisconnect(string guid) => (bool success);
// Provides a list of external VPN providers. Used to populate provider name
// in VPN properties, returned from GetVpnProviders, and sent to observers.
SetVpnProviders(array<VpnProvider> providers);
// Returns the list of external VPN providers.
GetVpnProviders() => (array<VpnProvider> providers);
// Returns the lists of server certificate authorities and user certificates
// available for network configuration. See NetworkCerificate for more info.
GetNetworkCertificates() => (array<NetworkCertificate> server_cas,
array<NetworkCertificate> user_certs);
// Returns the current always-on VPN configuration.
GetAlwaysOnVpn() => (AlwaysOnVpnProperties properties);
// Sets the always-on VPN mode and service with |properties.mode| and
// |properties.service_guid|. The service GUID must match a VPN service.
SetAlwaysOnVpn(AlwaysOnVpnProperties properties);
// Returns the list of supported VPN types.
GetSupportedVpnTypes() => (array<string> vpn_types);
// Requests traffic counters for a service with ID |guid|.
RequestTrafficCounters(string guid) =>
(array<TrafficCounter> traffic_counters);
// Resets traffic counters for a service with ID |guid|.
ResetTrafficCounters(string guid);
// Sets the traffic counters reset day. In order for |day| to be valid, it
// must be within the limit 1 <= |day| <= 31.
SetTrafficCountersResetDay(string guid, UInt32Value? day) => (bool success);
// Creates a new APN for the cellular network with ID |network_guid|, and
// appends it to |custom_apn_list|. Should only be called when the APN
// Revamp feature flag is enabled.
CreateCustomApn(string network_guid, ApnProperties apn) =>
(bool success);
// Creates a new APN for the cellular network with ID |network_guid|,
// appends it to |custom_apn_list| in the enabled state, and disables
// all other existing custom APNs. Should only be called when the APN
// Revamp feature flag is enabled.
CreateExclusivelyEnabledCustomApn(string network_guid, ApnProperties apn) =>
(bool success);
// Removes the APN with ID |apn_id| from |custom_apn_list| for the cellular
// network with ID |network_guid|. Should only be called when the APN
// Revamp feature flag is enabled.
RemoveCustomApn(string network_guid, string apn_id);
// Finds the APN that matches |apn.id| in |custom_apn_list| for the network
// with ID |network_guid|. If found, replaces the content with |apn|.
// Should only be called when the APN Revamp feature flag is enabled.
ModifyCustomApn(string network_guid, ApnProperties apn);
};
interface CrosNetworkConfigObserver {
// Fired when properties of any active network or previously active network
// change. Provides all currently active network states.
OnActiveNetworksChanged(array<NetworkStateProperties> networks);
// Fired when the properties of a specific network state change. For active
// networks this will be fired in addition to OnActiveNetworksChanged. For
// other networks it will fire when the configuration changes or a non
// active property changes (e.g. signal_strength).
OnNetworkStateChanged(NetworkStateProperties network);
// Fired when the list of networks changes.
// CrosNetworkConfig::GetNetworkStateList() can be used to get the network
// states.
OnNetworkStateListChanged();
// Fired when the list of devices changes or a device property changes.
// CrosNetworkConfig::GetDeviceStateList() can be used to retrieve the device
// states.
OnDeviceStateListChanged();
// Fired when the list of VPN providers changes. Use GetVpnProviders if the
// updated provider list is required.
OnVpnProvidersChanged();
// Fired when the server CA or user certificate lists change. Use
// GetNetworkCertificates if the updated certificate lists are required.
OnNetworkCertificatesChanged();
// Fired when managed policies for |userhash| are applied to networks.
OnPoliciesApplied(string userhash);
};