// Copyright 2017 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

syntax = "proto2";

option optimize_for = LITE_RUNTIME;

package login_manager;

// Specifies the account type that the |account_id| in PolicyDescriptor
// references.
enum PolicyAccountType {
  // |account_id| must be empty. Policy is stored in a device-wide root-owned
  // location.
  ACCOUNT_TYPE_DEVICE = 0;

  // |account_id| references a user account. Policy is stored on the user's
  // cryptohome.
  ACCOUNT_TYPE_USER = 1;

  // |account_id| references a user account where the user session hasn't been
  // added to Session Manager yet. Special case to retrieve user policy on the
  // login screen.
  ACCOUNT_TYPE_SESSIONLESS_USER = 2;

  // |account_id| references a device local account. Policy is stored in a
  // device-wide root-owned location in a folder that depends on |account_id|.
  ACCOUNT_TYPE_DEVICE_LOCAL_ACCOUNT = 3;

  // Next ID to use: 4
};

// Within a given account, policies are namespaced by a
// (|domain|, |component_id|) pair in PolicyDescriptor.
// The meaning of the |component_id| depends on the domain, see below.
enum PolicyDomain {
  // Domain for Chrome policies. |component_id| must be empty.
  POLICY_DOMAIN_CHROME = 0;

  // Domain for policies for regular Chrome extensions. |component_id| must be
  // equal to the extension ID.
  POLICY_DOMAIN_EXTENSIONS = 1;

  // Domain for policies for Chrome extensions running under the Chrome OS
  // signin profile. |component_id| must be equal to the extension ID.
  POLICY_DOMAIN_SIGNIN_EXTENSIONS = 2;

  // Next ID to use: 3
};

// Descriptor for policy blobs to give SessionManager's StorePolicy*Ex and
// RetrievePolicyEx enough context to decide how to store policy.
message PolicyDescriptor {
  // The pair (|account_type|, |account_id|) determines the account for policy
  // storage.
  optional PolicyAccountType account_type = 1;

  // The meaning of |account_id| depends on |account_type|, see
  // PolicyAccountType.
  optional string account_id = 2;

  // The pair (|domain|, |component_id|) determines the namespace for policy
  // storage.
  optional PolicyDomain domain = 3;

  // The meaning of |component_id| depends on |domain|, see PolicyDomain.
  optional string component_id = 4;

  // Next ID to use: 5
}