1
    2
    3
    4
    5
    6
    7
    8
    9
   10
   11
   12
   13
   14
   15
   16
   17
   18
   19
   20
   21
   22
   23
   24
   25
   26
   27
   28
   29
   30
   31
   32
   33
   34
   35
   36
   37
   38
   39
   40
   41
   42
   43
   44
   45
   46
   47
   48
   49
   50
   51
   52
   53
   54
   55
   56
   57
   58
   59
   60
   61
   62
   63
   64
   65
   66
   67
   68
   69
   70
   71
   72
   73
   74
   75
   76
   77
   78
   79
   80
   81
   82
   83
   84
   85
   86
   87
   88
   89
   90
   91
   92
   93
   94
   95
   96
   97
   98
   99
  100
  101
  102
  103
  104
  105
  106
  107
  108
  109
  110
  111
  112
  113
  114
  115
  116
  117
  118
  119
  120
  121
  122
  123
  124
  125
  126
  127
  128
  129
  130
  131
  132
  133
  134
  135
  136
  137
  138
  139
  140
  141
  142
  143
  144
  145
  146
  147
  148
  149
  150
  151
  152
  153
  154
  155
  156
  157
  158
  159
  160
  161
  162
  163
  164
  165
  166
  167
  168
  169
  170
  171
  172
  173
  174
  175
  176
  177
  178
  179
  180
  181
  182
  183
  184
  185
  186
  187
  188
  189
  190
  191
  192
  193
  194
  195
  196
  197
  198
  199
  200
  201
  202
  203
  204
  205
  206
  207
  208
  209
  210
  211
  212
  213
  214
  215
  216
  217
  218
  219
  220
  221
  222
  223
  224
  225
  226
  227
  228
  229
  230
  231
  232
  233
  234
  235
  236
  237
  238
  239
  240
  241
  242
  243
  244
  245
  246
  247
  248
  249
  250
  251
  252
  253
  254
  255
  256
  257
  258
  259
  260
  261
  262
  263
  264
  265
  266
  267
  268
  269
  270
  271
  272
  273
  274
  275
  276
  277
  278
  279
  280
  281
  282
  283
  284
  285
  286
  287
  288
  289
  290
  291
  292
  293
  294
  295
  296
  297
  298
  299
  300
  301
  302
  303
  304
  305
  306
  307
  308
  309
  310
  311
  312
  313
  314
  315
  316
  317
  318
  319
  320
  321
  322
  323
  324
  325
  326
  327
  328
  329
  330
  331
  332
  333
  334
  335
  336
  337
  338
  339
  340
  341
  342
  343
  344
  345
  346
  347
  348
  349
  350
  351
  352
  353
  354
  355
  356
  357
  358
  359
  360
  361
  362
  363
  364
  365
  366
  367
  368
  369
  370
  371
  372
  373
  374
  375
  376
  377
  378
  379
  380
  381
  382
  383
  384
  385
  386
  387
  388
  389
  390
  391
  392
  393
  394
  395
  396
  397
  398
  399
  400
  401
  402
  403
  404
  405
  406
  407
  408
  409
  410
  411
  412
  413
  414
  415
  416
  417
  418
  419
  420
  421
  422
  423
  424
  425
  426
  427
  428
  429
  430
  431
  432
  433
  434
  435
  436
  437
  438
  439
  440
  441
  442
  443
  444
  445
  446
  447
  448
  449
  450
  451
  452
  453
  454
  455
  456
  457
  458
  459
  460
  461
  462
  463
  464
  465
  466
  467
  468
  469
  470
  471
  472
  473
  474
  475
  476
  477
  478
  479
  480
  481
  482
  483
  484
  485
  486
  487
  488
  489
  490
  491
  492
  493
  494
  495
  496
  497
  498
  499
  500
  501
  502
  503
  504
  505
  506
  507
  508
  509
  510
  511
  512
  513
  514
  515
  516
  517
  518
  519
  520
  521
  522
  523
  524
  525
  526
  527
  528
  529
  530
  531
  532
  533
  534
  535
  536
  537
  538
  539
  540
  541
  542
  543
  544
  545
  546
  547
  548
  549
  550
  551
  552
  553
  554
  555
  556
  557
  558
  559
  560
  561
  562
  563
  564
  565
  566
  567
  568
  569
  570
  571
  572
  573
  574
  575
  576
  577
  578
  579
  580
  581
  582
  583
  584
  585
  586
  587
  588
  589
  590
  591
  592
  593
  594
  595
  596
  597
  598
  599
  600
  601
  602
  603
  604
  605
  606
  607
  608
  609
  610
  611
  612
  613
  614
  615
  616
  617
  618
  619
  620
  621
  622
  623
  624
  625
  626
  627
  628
  629
  630
  631
  632
  633
  634
  635
  636
  637
  638
  639
  640
  641
  642
  643
  644
  645
  646
  647
  648
  649
  650
  651
  652
  653
  654
  655
  656
  657
  658
  659
  660
  661
  662
  663
  664
  665
  666
  667
  668
  669
  670
  671
  672
  673
  674
  675
  676
  677
  678
  679
  680
  681
  682
  683
  684
  685
  686
  687
  688
  689
  690
  691
  692
  693
  694
  695
  696
  697
  698
  699
  700
  701
  702
  703
  704
  705
  706
  707
  708
  709
  710
  711
  712
  713
  714
  715
  716
  717
  718
  719
  720
  721
  722
  723
  724
  725
  726
  727
  728
  729
  730
  731
  732
  733
  734
  735
  736
  737
  738
  739
  740
  741
  742
  743
  744
  745
  746
  747
  748
  749
  750
  751
  752
  753
  754
  755
  756
  757
  758
  759
  760
  761
  762
  763
  764
  765
  766
  767
  768
  769
  770
  771
  772
  773
  774
  775
  776
  777
  778
  779
  780
  781
  782
  783
  784
  785
  786
  787
  788
  789
  790
  791
  792
  793
  794
  795
  796
  797
  798
  799
  800
  801
  802
  803
  804
  805
  806
  807
  808
  809
  810
  811
  812
  813
  814
  815
  816
  817
  818
  819
  820
  821
  822
  823
  824
  825
  826
  827
  828
  829
  830
  831
  832
  833
  834
  835
  836
  837
  838
  839
  840
  841
  842
  843
  844
  845
  846
  847
  848
  849
  850
  851
  852
  853
  854
  855
  856
  857
  858
  859
  860
  861
  862
  863
  864
  865
  866
  867
  868
  869
  870
  871
  872
  873
  874
  875
  876
  877
  878
  879
  880
  881
  882
  883
  884
  885
  886
  887
  888
  889
  890
  891
  892
  893
  894
  895
  896
  897
  898
  899
  900
  901
  902
  903
  904
  905
  906
  907
  908
  909
  910
  911
  912
  913
  914
  915
  916
  917
  918
  919
  920
  921
  922
  923
  924
  925
  926
  927
  928
  929
  930
  931
  932
  933
  934
  935
  936
  937
  938
  939
  940
  941
  942
  943
  944
  945
  946
  947
  948
  949
  950
  951
  952
  953
  954
  955
  956
  957
  958
  959
  960
  961
  962
  963
  964
  965
  966
  967
  968
  969
  970
  971
  972
  973
  974
  975
  976
  977
  978
  979
  980
  981
  982
  983
  984
  985
  986
  987
  988
  989
  990
  991
  992
  993
  994
  995
  996
  997
  998
  999
 1000
 1001
 1002
 1003
 1004
 1005
 1006
 1007
 1008
 1009
 1010
 1011

ash / components / arc / mojom / net.mojom [blame]

// Copyright 2015 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

// Next MinVersion: 39

// This file defines the mojo interface between the ARC networking stack and
// Chrome OS. There are three different groups of interactions:
//  - WiFi RPCs for scanning and manipulating saved network configurations,
//  - Layer 3 RPCs for configuring and registering IP networks inside ARC,
//  - VPN RPCs for integrating Always-on-VPNs and ARC as a VPN provider.

module arc.mojom;

import "ash/components/arc/mojom/app.mojom";
import "ash/components/arc/mojom/net_shared.mojom";
import "services/network/public/mojom/ip_address.mojom";
import "url/mojom/url.mojom";

// Indicates if a request send by ARC to the host has successfully completed.
[Extensible]
enum NetworkResult {
  SUCCESS = 0,
  FAILURE = 1,
};

// Additional argument to GetNetworks to specify the type of networks the
// host is interested to learn about.
[Extensible]
enum GetNetworksRequestType {
  // All configured WiFi networks saved on the host.
  CONFIGURED_ONLY = 0,
  // All WiFi networks currently visible by scanning.
  VISIBLE_ONLY = 1,
  // All networks with an active layer 3 connection for all physical types.
  [MinVersion=10] ACTIVE_ONLY = 2,
};

// Represents the possible connection states of a network service.
// It is effectively a subset of the shill::ConnectState enum defined in
// platform2/shill/service.h. Before adding a new state to shill::ConnectState
// there must be a valid value in this enum to map it to, or a new value must
// first be defined in ConnectionStateType and correctly handled by ARC.
// The mapping from shill::ConnectState must then be updated inside shill in
// Service::GetStateString (platform2/shill/service.cc) as well as in
// TranslateConnectionState inside components/arc/net/arc_net_host_impl.cc.
[Extensible]
enum ConnectionStateType {
  // An active network that is connected at the physical layer and for which IP
  // provisioning has succeeded for IPv4, or IPv6, or both.
  // This corresponds to shill::ConnectState.kStateConnected.
  CONNECTED = 0,

  // The network is still connecting and not ready for IP traffic, but already
  // considered active. This corresponds to kStateAssociating and
  // kStateConfiguring in shill::ConnectState.
  CONNECTING = 1,

  // The network is disconnected. This corresponds to kStateUnknown, kStateIdle,
  // and kStateFailure in shill::ConnectState.
  NOT_CONNECTED = 2,

  // The network is active and ready for IP traffic, but a captive portal is
  // known to prevent access to the Internet. This corresponds to
  // shill::ConnectState.kStateRedirectFound
  PORTAL = 3,

  // The network is active and ready for IP traffic, and there is no known
  // captive portal blocking the traffic to the Internet. This corresponds to
  // shill::ConnectState.kStateOnline
  ONLINE = 4,
};

// Additional WiFi network information provided by scan results.
struct VisibleNetworkDetails {
  int32 frequency;
  int32 signal_strength;
  string bssid;
};

// Additional configuration information needed for creating and saving
// WiFi network configuration on the host.
struct ConfiguredNetworkDetails {
  string? passphrase;
  bool autoconnect;

  // This is the BSSID that the client would like to connect to. This is
  // semantically different from |WiFi.bssid|, which is what the network's BSSID
  // actually is. In the format of an Ethernet MAC address with lowercase
  // letters (e.g. 00:11:22:aa:bb:cc).
  [MinVersion=33] string? bssid;
};

// Passpoint credentials used to connect to matching passpoint networks.
// This struct should be mirroring 1-to-1 the "passpoint properties" names and
// types defined in src/platform2/dbus/shill/dbus-constants.h.
struct PasspointCredentials {
  // All home service provider fully qualified domain name(s).
  array<string> domains@0;

  // The realm associated with this credential. It will be used to determine
  // if this credential can be used to authenticate with a given hotspot by
  // comparing the realm specified in that hotspot's Access Network Query
  // Protocol (ANQP) element.
  string realm@1;

  // List of Home Organization Identifiers (OIs) used for determining if this
  // credentials match a given Hotspot provider. Matching of any OIs in this
  // list with an OI in the Roaming Consortium advertised by a Hotspot means
  // that successful authentication with such Hotspot is possible.
  array<uint64> home_ois@2;

  // List of Home Organization Identifiers (OIs) used for determining if a
  // provider is a member of a given Hotspot provider. Every OIs in this list
  // are required to match an OI in the the Roaming Consortium advertised by a
  // Hotspot in order to support authentication with this credentials.
  array<uint64> required_home_ois@3;

  // Roaming consortium Organization Identifiers (OIs) used to determine which
  // access points support authentication with this credentials.
  array<uint64> roaming_consortium_ois@4;

  // Set of EAP credentials (TLS or TTLS only) used to connect to a network
  // that matched these credentials.
  EapCredentials eap@5;

  // True if the user or App specified any network provisioned
  // with these credentials should be considered as metered.
  bool metered@6;

  // Package name of the App that provided these credentials.
  string package_name@7;

  // Friendly name of the home service provider. Taken from Android's
  // android.net.wifi.hotspot2.pps.HomeSp.getFriendlyName().
  [MinVersion=22] string? friendly_name@8;

  // The time this subscription will expire or minimum value of 64-bit int to
  // indicate unset value. It is in the format of number of milliseconds since
  // January 1, 1970, 00:00:00 GMT.
  // The field is a direct copy of Android's Java signed value taken from
  // android.net.wifi.hotspot2.getSubscriptionExpirationTimeMillis().
  [MinVersion=22] int64 subscription_expiration_time_ms@9;
};

// Values to be used to remove matching Passpoint credentials.
struct PasspointRemovalProperties {
  // Home service provider fully qualified domain name.
  string? fqdn@0;

  // Package name of the app that created the credentials.
  string? package_name@1;
};

// The EAP method that will be used when connecting to a 802.1x WiFi network or
// Passpoint WiFi network.
[Extensible]
enum EapMethod {
  kNone = 0,
  kLeap = 1,
  kPeap = 2,
  kTls = 3,
  kTtls = 4,
};

// The authentication methods that will be on the inside of a PEAP or EAP-TTLS
// tunnel.
[Extensible]
enum EapPhase2Method {
  kNone = 0,
  kPap = 1,
  kMschap = 2,
  kMschapv2 = 3,
};

// Recognized key management schemes.
[Extensible]
enum KeyManagement {
  kNone = 0,
  kIeee8021X = 1,
  kFtEap = 2,
  kFtPsk = 3,
  kFtSae = 4,
  kWpaEap = 5,
  kWpaEapSha256 = 6,
  kWpaPsk = 7,
  kSae = 8,
};

// EAP credential used to connect to a 802.1x WiFi network or Passpoint WiFi
// network that matched the credentials.
// This struct should be mirroring 1-to-1 the "EAP properties" names and types
// defined in src/platform2/system_api/dbus/shill/dbus-constants.h.
// ARC is responsible for filling / hardcoding any field that the Android APIs
// do not provide directly, so that ArcNetHostImpl can be a dumb data transfer
// layer with no other logic.
struct EapCredentials {
  // The outer or only EAP authentication type.
  EapMethod method@0;

  // The inner EAP authentication type.
  EapPhase2Method phase2_method@1;

  // When there is an inner EAP type, use this identity for the outer.
  string? anonymous_identity@2;

  // Who we identify ourselves as to the EAP authenticator.
  string? identity@3;

  // Password to use for EAP methods which require one.
  string? password@4;

  // Key management algorithm to use after EAP succeeds.
  KeyManagement key_management@5;

  // PEM formatted contents of the CA certificate(s).
  array<string>? ca_certificate_pem@6;

  // PEM formatted contents of the client certificate(s).
  array<string>? client_certificate_pem@7;

  // PEM formatted contents of the client private key.
  string? client_certificate_key@8;

  // If non-empty, string to match remote subject against before connecting.
  string? subject_match@9;

  // A list of serialized subject alternative names (SANs) to be matched against
  // the alternative subject name of the authentication server certificate. When
  // multiple match strings are specified, a match with any one of the values is
  // considered a sufficient match for the server certificate.
  array<string>? subject_alternative_name_match_list@10;

  // A list of constraints for the server domain name. If set, the entries will
  // be used as suffix match requirements against the DNS name element(s) of the
  // alternative subject name of an authentication server. When multiple match
  // strings are specified, a match with any one of the values is considered a
  // sufficient match for the server certificate.
  array<string>? domain_suffix_match_list@11;

  // The highest TLS version supplicant is allowed to negotiate.
  string? tls_version_max@12;

  // If true, use the system-wide certificate authority database to authenticate
  // the remote.
  bool use_system_cas@13;

  // If true, use per network proactive key caching.
  bool use_proactive_key_caching@14;

  // If true, use the user's stored login password as the password.
  bool use_login_password@15;
};

union NetworkDetails {
  VisibleNetworkDetails visible;
  ConfiguredNetworkDetails configured;
};

// The two possible Internet Procol families.
[Extensible]
enum IPAddressType {
  IPV4,
  IPV6,
};

// Deprecated. Individual fields added to NetworkConfiguration in version 13 of
// this file should be used instead.
struct IPConfiguration {

  // Literal representation of the IP address of the ARC gateway.
  string gateway;

  // Literal representation of the IP address of ARC for that network.
  string ip_address;

  // List of literal IP addresses of name servers to use on that network.
  array<string> name_servers;

  // Length of the routing prefix.
  int32 routing_prefix;

  // IP family for that configuration
  IPAddressType type;
};

// Deprecated enum. |is_metered| in NetworkConfiguration should be
// used instead.
[Extensible]
enum TetheringClientState {
  // Tethering state is detected and confirmed.
  CONFIRMED,

  // Tethering state is not detected.
  NOT_DETECTED,

  // Tethering data is suspected and can be |CONFIRMED| in the future.
  SUSPECTED,
};

// Describes properties of a WiFi networks used to create Android's
// android.net.wifi.Wificonfiguration objects and android.net.wifi.WifiInfo
// objects.
struct WiFi {
  // The network BSSID in the format of an Ethernet MAC address.
  string bssid;

  // The frequency of this network, in MHz.
  int32 frequency;

  // The network SSID encoded as an hexadecimal string.
  string hex_ssid;

  // True if the network does not broadcast its ssid.
  bool hidden_ssid;

  // The type of wireless security protocol used by this network.
  SecurityType security;

  // The current signal strength of this network. Updates for this value are not
  // sent to ARC for connected WiFi networks and should be considered precise
  // only for scanning results.
  int32 signal_strength;

  // True if the network represents a Passpoint network.
  [MinVersion=16] bool is_passpoint;

  // Fully qualified domain name (FQDN) of a Passpoint configuration.
  [MinVersion=16] string? fqdn;

  // The current RSSI (Received Signal Strength Indicator) in dBm of this
  // network. This is typically between -90 and -20 dBm. Unknown value
  // is represented as -32768 dBm (int16 min value).
  [MinVersion=23] int16 rssi;
};

// The physical network types exposed to ARC by the host,
// corresponding to a subset of shill technology types defined
// in platform2/system_api/dbus/shill/dbus-constants.h.
// The missing shill technology types are:
//  - WiMAX: obsolete WiFi standard, deprecated in Chrome OS in Q2 2019.
//  - Bluetooth: ARC does not support host IP networks over Bluetooth.
//  - PPPoE: ARC does not support host Point to Point networks.
// Next Enum ID: 5
// ID 4 was previously assigned to WiMAX.
[Extensible]
enum NetworkType {
  CELLULAR = 0,
  ETHERNET = 1,
  VPN = 2,
  WIFI = 3,
};

// Used by ARC to request a network configuration to be created on the host.
struct NetworkConfiguration {
  // The connection state of the network service.
  ConnectionStateType connection_state;

  // A string token that uniquely identifies this network service.
  string guid;

  // Deprecated. Individual fields added to NetworkConfiguration in version 13
  // of this file should be used instead.
  array<IPConfiguration>? deprecated_ip_configs;

  // Deprecated field unused from ARC P and later.
  string? deprecated_mac_address;

  // The type of the underlying physical network.
  NetworkType type;

  // Additional WiFi properties for WiFi network services.
  WiFi? wifi;

  // Deprecated field. Uses |is_metered| instead.
  [MinVersion=8] TetheringClientState deprecated_tethering_client_state;

  // The name of the network interface on the host.
  [MinVersion=10] string? network_interface;

  // True if this network is the host default network.
  [MinVersion=11] bool is_default_network;

  // The name of the shill service associated with this network connection.
  [MinVersion=12] string? service_name;

  // This is the network MTU value (device kIpConfigsProperty) or the
  // native VPN MTU value (service property), or 0 if undefined.
  [MinVersion=13] uint32 host_mtu;

  // Prefix length of the host IPv4 subnet, or 0 for an IPv6 only network.
  [MinVersion=13] uint32 host_ipv4_prefix_length;

  // IPv4 address assigned to the host, or empty for an IPv6 only network.
  [MinVersion=13] string? host_ipv4_address;

  // IPv4 address of the local gateway, or empty for an IPv6 only network.
  [MinVersion=13] string? host_ipv4_gateway;

  // Prefix length of the host IPv6 subnet, or 0 for an IPv4 only network.
  [MinVersion=13] uint32 host_ipv6_prefix_length;

  // Global unicast IPv6 addresses assigned to the host, or empty for an IPv4
  // only network. The link local address and unique local addresses are
  // ignored.
  [MinVersion=13] array<string>? host_ipv6_global_addresses;

  // IPv6 address of the local gateway, or empty for an IPv4 only network.
  [MinVersion=13] string? host_ipv6_gateway;

  // All IPv4 and IPv6 addresses of name servers for the network,
  // either obtained by DHCPv4, by IPv6 RA RDNSS, or set statically.
  [MinVersion=13] array<string>? host_dns_addresses;

  // All search domains set for the host for the network, either obtained by
  // DHCPv4, by IPv6 RA DNSSL, or set statically. Search domains are set as an
  // explicit array of strings instead of a comma separated list embedded into
  // a single string.
  [MinVersion=13] array<string>? host_search_domains;

  // The following four fields specify the static IPv4 configuration for the
  // virtual network exposed inside ARC environment by arc-networkd, and
  // attached to this host network. These values are defined even if the
  // host network is an IPv6 only network.

  // Prefix length of the IPv4 subnet assigned to the ARC virtual network.
  [MinVersion=13] uint32 arc_ipv4_prefix_length;

  // IPv4 address assigned to the ARC guest.
  [MinVersion=13] string? arc_ipv4_address;

  // IPv4 address of the gateway for the ARC virtual network.
  [MinVersion=13] string? arc_ipv4_gateway;

  // The name of the network interface matching the virtual interface exposed
  // to ARC and associated with the network service. This can be different
  // from the name of the real physical interface managed by shill.
  [MinVersion=13] string? arc_network_interface;

  // True if the network has been autodetected by the platform as a metered
  // network or if the user explicitly marked the network as metered in the UI.
  [MinVersion=14] bool is_metered;

  // Routes of destinations for the host network in CIDR format. If null/empty,
  // all (both IPv4 and IPv6) destinations are assumed to go through the host
  // network. As long as there is at least one destination in the list,
  // regardless of IPv4 or IPv6 family, then no default destinations for any
  // IPv* family are assumed anymore.
  //
  // For example:
  //   [ ] => Implies 0.0.0.0/0 and ::/0
  //   [ 10.8.0.5/32 ] => 10.8.0.5/32 for IPv4, no IPv6
  //   [ 2001:DB8::/32 ] => 2001:DB8::/32 for IPv6, no IPv4
  //   [ 10.8.0.5/32, ::/0 ] => 10.8.0.5/32 for IPv4, all IPv6
  //   [ 2001:DB88::/32, 0.0.0.0/0 ] => 2001::DB8::/32 for IPv6, all IPv4
  //
  // If the same destination is present in include_routes and exclude_routes,
  // then exclude_routes will take precedence and the destination will be
  // excluded from the host network.
  [MinVersion=15] array<string>? include_routes;

  // Routes of destinations to exclude for the host network in CIDR format. If
  // null/empty, it is assumed no destinations are excluded. If the same
  // destination is present in include_routes and exclude_routes, then
  // exclude_routes will take precedence and the destination will be excluded
  // from the host network.
  [MinVersion=15] array<string>? exclude_routes;

  // IPv4 and IPv6 addresses of DNS proxy. When this field is not empty ARC
  // overrides the network DNS addresses with these addresses.
  [MinVersion=19] array<string>? dns_proxy_addresses;

  // Available maximal uplink and downlink speeds for the network in kbps.
  [MinVersion=28] LinkSpeed? link_speed;
};

// Uplink and downlink speeds in Kbps for the network.
struct LinkSpeed {
  uint32 uplink_speed_kbps@0;
  uint32 downlink_speed_kbps@1;
};

// Describes a Wifi network configuration that ARC has requested the host to
// create.
struct WifiConfiguration {
  // These correspond to ONC properties returned by
  // chrome.networkingPrivate.getNetworks() and createNetwork().
  // See components/onc/docs/onc_spec.html

  // SSID encoded as a series of hex bytes, e.g. "61626364"
  // This allows for handling SSIDs which are not valid UTF-8 strings.
  [MinVersion=2] string? hexssid@6;

  [MinVersion=1] string? guid@5;
  string security@4;

  // Fields specific to either visible or configured networks.
  [MinVersion=2] NetworkDetails? details@7;

  // Deprecated.  These will be removed when both sides support NetworkDetails.
  int32 frequency@1;
  int32 signal_strength@2;
  string bssid@3;

  // Deprecated. |hexssid| will be used, going forward.
  string ssid@0;

  // Set of EAP credentials used to connect to a network that matched these
  // credentials.
  [MinVersion=16] EapCredentials? eap@8;

  // Indicates if the App has expressed an explicit opinion about the
  // meteredness of this network.
  [MinVersion=20] MeteredOverride metered_override@9;

  // The proxy configuration of this object.
  [MinVersion=20] ArcProxyInfo? http_proxy@10;

  // Static IPv4 configuration of the network
  [MinVersion=20] StaticIpv4Configuration? static_ipv4_config@11;

  // List of domains to search when resolving host names on this
  // link, in priority order.
  [MinVersion=20] array<string>? domains@12;

    // DNS server IP addresses included in the configuration
  [MinVersion=20] array<string>? dns_servers@13;

  // A list of BSSIDs that control what APs can be connected to.
  // If null, there are no restrictions and this field is ignored.
  // If empty, then nothing is allowed and no AP will be connected to.
  // If non-empty, then only APs whose BSSID is included in the list can be
  // connected to. BSSIDs should be in MAC address format.
  [MinVersion=26] array<string>? bssid_allowlist@14;
};

[Extensible]
enum MeteredOverride {
  // No metered override
  [Default] kNone = 0,

  // Override network to be metered
  kMetered = 1,

  // Override network to be unmetered
  kNotmetered = 2,
};

// Static Ipv4 configuration
struct StaticIpv4Configuration {
  // Static IPv4 address included in the configuration
  string? ipv4_addr@0;

  // Static IPv4 address of the gateway included in the configuration
  string? gateway_ipv4_addr@1;

  // Prefix length of the network
  int32 prefix_length@2;
};

// For ProxyInfo, we have 2 options to set up proxy:
// 1. a direct configuration: host, port, and exclusion_list are
// used and pac_url is ignored
// 2. a PAC URL configuration: only pac_url
// is used and other fields are ignored.
union ArcProxyInfo {
  ManualProxyConfig manual_proxy@0;
  PacUrlProxyConfig pac_url_proxy@1;
};

struct PacUrlProxyConfig {
  // PAC script download URL for that network.
  url.mojom.Url pac_url@0;
};

struct ManualProxyConfig {
  // The host IP address of this proxy
  string host@0;

  // The port of this proxy
  int32 port@1;

  // When configured to use a Direct Proxy this returns the list of hosts
  // for which the proxy is ignored.
  array<string> exclusion_list@2;
};

// Response object sent back to ARC when it queries existing networks on
// Chrome OS side. The kind of networks returned by Chrome OS is specified
// with the GetNetworksRequestType enum.
struct GetNetworksResponseType {
  NetworkResult status;
  array<NetworkConfiguration> networks;
};

struct AndroidVpnConfiguration {
  // The canonical name of the VPN app (e.g. "com.android.myvpn").
  string app_name@0;

  // The human-readable name of the VPN app (e.g. "OpenVPN").
  string app_label@1;

  // The name of the VPN session, as set by the app using setSession().
  // The app does not need to call setSession() so this may be empty.
  string session_name@2;

  // True if Chrome browser traffic should be sent through the VPN.
  bool tunnel_chrome_traffic@3;

  // The next hop for IPv4 traffic originating on the host.  Currently this
  // will be set to arc0's IP address.
  string ipv4_gateway@4;

  // A list of IPv4 and IPv6 ranges to route through the VPN.  e.g.
  // ["0.0.0.0/0"] or ["192.168.1.0/24", "10.1.0.0/16"].
  array<string> split_include@5;

  // A list of IPv4 and IPv6 ranges to exclude from the VPN.  If specified,
  // all traffic that does not fall into these ranges will use the VPN.
  array<string> split_exclude@6;

  // A list of DNS servers.
  array<string> nameservers@7;

  // A list of search domains for DNS resolution.
  array<string> domains@8;

  // The proxy configuration provided by the Android VPN when running
  // on ARC R or later. Android only allows manual proxy configurations
  // by IP address and port. PAC URL configurations are not supported.
  // On ARC P, Android VPNs cannot specify a proxy configuration.
  [MinVersion=21] ArcProxyInfo? http_proxy@9;

  // The maximum transmission unit (MTU) in bytes. See the comments for NetHost
  // for the rationale of using int32 instead of uint32 here.
  [MinVersion=38] int32 mtu@10;
};

// Result object that is returned to the caller of the ARC DNS
// Resolution test. Contains information regarding the test result.
struct ArcDnsResolutionTestResult {
  // True if the test passed successfully.
  bool is_successful;

  // RCODE of the DNS response as defined by rfc2929#section-2.3.
  int32 response_code;

  // Time elapsed for the DNS resolution (milliseconds).
  int64 duration_ms;
};

// Result object that is returned to the caller of the ARC HTTP
// test. Contains information regarding the test result.
struct ArcHttpTestResult {
  // True if the HTTP request completed successfully.
  bool is_successful;

  // Status code of the HTTP response header.
  int32 status_code;

  // HTTP response header fields.
  map<string, string> response_header_fields;

  // Time elapsed for the HTTP request and response (milliseconds).
  int64 duration_ms;
};

// Result object that is returned to the caller of the ARC
// Ping test. Contains information regarding the test result.
struct ArcPingTestResult {
  // True if the test passed successfully.
  bool is_successful;

  // Time elapsed for the ping (milliseconds).
  int64 duration_ms;
};

// Chrome flags that should be passed into ARC via NetInstance::SetUpFlag().
[Extensible]
enum Flag {
  [Default] UNKNOWN  = 0,

  // Launched and deprecated, b/257889534
  DEPRECATED_ENABLE_ARC_HOST_VPN = 1,
};

// The band to start an AP on.
[Extensible]
enum WifiBand {
  [Default] kUnknown = 0,
  k2Ghz = 1,
  k5Ghz = 2,
  k6Ghz = 3,
  k60Ghz = 4,
};


// The status to represent a local only hotspot connection status.
[Extensible]
enum LohsStatus {
  [Default] kUnknown = 0,
  kSuccess = 1,
  kErrorGeneric = 2,
  kErrorIncompatibleMode = 3,
  kErrorTetheringDisallowed = 4,

  // The ARC config contains values that the host cannot support.
  [MinVersion=27] kErrorInvalidArgument = 5,

  // The ARC config is theoretically valid, but there was some error at the
  // platform-level.
  [MinVersion=27] kErrorConfiguringPlatform = 6,
};

// The struct to represent a local only hotspot configuration.
struct LohsConfig {
  // The network band that Android is requesting.
  WifiBand band@0;

  // Security type of the local only hotspot.
  SecurityType security_type@1;

  // SSID of the local only hotspot. The network SSID encoded as a
  // hexadecimal string.
  string hexssid@2;

  // Passphrase of the local only hotspot. If the security type requires one.
  // It will be null otherwise.
  string? passphrase@3;
};

// Request object that is passed to the Chrome API RequestPasspointAppApproval.
struct PasspointApprovalRequest {
  // The package name of the app requesting the approval. This is needed for
  // Chrome to check if the app window is valid.
  string package_name;

  // The name of the app requesting the approval.
  string app_name;

  // Friendly name of the home service provider. Matches Android's
  // android.net.wifi.hotspot2.pps.HomeSp.getFriendlyName() and
  // PasspointCredentials.friendly_name.
  // This value can be different from |app_name|, for instance for aggregator
  // Apps.
  [MinVersion=31] string? friendly_name;

  // The time this subscription will expire or minimum value of 64-bit int to
  // indicate unset value. It is in the format of number of milliseconds since
  // January 1, 1970, 00:00:00 GMT.
  // The field is a direct copy of Android's Java signed value taken from
  // android.net.wifi.hotspot2.getSubscriptionExpirationTimeMillis().
  // The field also matches subscription_expiration_time_ms of
  // PasspointCredentials.
  [MinVersion=31] int64 subscription_expiration_time_ms;
};

// Result object that is returned to the caller to the Chrome API
// RequestPasspointAppApproval.
struct PasspointApprovalResponse {
  // True if the user allowed the request.
  bool allowed;
};

// Next Method ID: 27
// IDs 3 and 9 are missing as they belonged to deprecated methods.
// Mojo interface exposed by the Chrome browser process for
// networking/WiFi/VPN, ARC is the client.
// The reason for using int for uint fields such as port is: Mojo
// uint values are byte cast when deserialized in Java, the practical
// and safe solution is to pick the next signed type that includes the
// whole unsigned range of possible values. Otherwise it forces writing
// error-prone conversion code at the entry or exit of mojo data.
interface NetHost {
  // Sends a request to get enabled / disabled status of WiFi.
  GetWifiEnabledState@1() => (bool is_enabled);

  // Sends a request to start scan of WiFi APs.
  [MinVersion=1] StartScan@2();

  // Sends a request to enable or disable WiFi. The |result| is true when the
  // the state has been successfully set or WiFi is already in the desired
  // state. It is false if WiFi manipulation is prohibited due to a policy or
  // its current state.
  [MinVersion=3] SetWifiEnabledState@4(bool is_enabled) => (bool result);

  // Creates a new network and returns the GUID.  If an error occurs,
  // |guid| will be an empty string.
  [MinVersion=4] CreateNetwork@5(WifiConfiguration cfg) => (string guid);

  // Deletes an existing network.
  [MinVersion=4] ForgetNetwork@6(string guid) => (NetworkResult status);

  // Updates an existing Wifi network.
  [MinVersion=29] UpdateWifiNetwork@20(string guid, WifiConfiguration cfg) =>
      (NetworkResult status);

  // Initiates a network connection.  If called when connected to a different
  // network, it will drop the current connection first.
  [MinVersion=4] StartConnect@7(string guid) => (NetworkResult status);

  // Disconnects from network |guid|.
  [MinVersion=4] StartDisconnect@8(string guid) => (NetworkResult status);

  // Sends a request to get the subset of network services existing on Chrome OS
  // that match the kind specified with GetNetworksRequestType. This call
  // supports three usages:
  //  - Querying the list of saved WiFi network configurations for implementing
  //    WifiManager public APIs for accessing saved WiFi profiles.
  //  - Querying visible WiFi networks for implementing Android WifiManager
  //    public scanning APIs.
  //  - Querying the list of all networks with an active layer 3 connection,
  //    which is used for the initial registration of IP networks to Android
  //    connectivity stack. This includes all physical types of networks.
  [MinVersion=6] GetNetworks@10(GetNetworksRequestType type) =>
      (GetNetworksResponseType response);

  // For the following AndroidVpn* methods, these are intentionally created as
  // a multiplexed interface design (along with the corresponding NetInstance
  // *AndroidVpn methods). This is because
  // connection/configuration/disconnection events can be initiated from both
  // the Android and the ChromeOS-side. There should only be one connected
  // Android VPN at any time.
  //
  // Inform ChromeOS that an Android VPN has connected. If the Android VPN is
  // already registered as a shill service, then the service will be updated. If
  // not, a new shill service will be created for the current user.
  [MinVersion=7] AndroidVpnConnected@11(AndroidVpnConfiguration cfg);

  // Inform ChromeOS that an Android VPN's configuration has been updated. The
  // Android VPN should already exist as a shill service for the current user,
  // otherwise this is a no-op.
  [MinVersion=36] AndroidVpnUpdated@25(AndroidVpnConfiguration cfg);

  // Inform ChromeOS that an Android VPN is disconnected, reconnecting, or
  // reconnected.
  // DEPRECATED: Replaced by `AndroidVpnDisconnected`
  // TODO(b/329529872): Remove method once M126 hits stable
  [MinVersion=7] DEPRECATED_AndroidVpnStateChanged@12(
      ConnectionStateType state);

  // Inform ChromeOS that an Android VPN has disconnected.
  [MinVersion=37] AndroidVpnDisconnected@26();

  // Tells Chrome OS that network traffic should go through a certain VPN
  // connection. |vpnPackage| is the package name of the Android VPN app. If
  // |lockdown| is true and the VPN connection is down, traffic is blackholed to
  // prevent circumventing the VPN connection. This applies to Chrome traffic
  // (users 'chronos' and 'debugd'), not other system traffic like the
  // update engine.
  // TODO(b/111201944): Add Chrome UI to enable the user to escape the lockdown,
  // unless the lockdown is dictated via policy.
  // Call with empty string as |vpnPackage| to lift the restriction.
  [MinVersion=9] SetAlwaysOnVpn@13(string vpnPackage, bool lockdown);

  // Sends a request to Chrome to ask for user approval for the app to set up
  // WiFi networks through Passpoint.
  [MinVersion=30] RequestPasspointAppApproval@21(
      PasspointApprovalRequest request) => (PasspointApprovalResponse response);

  // Adds a PasspointCredentials block provided by an Android App onto the host
  // platform.
  [MinVersion=16] AddPasspointCredentials@14(PasspointCredentials credentials);

  // Removes all PasspointCredentials blocks that match all property of
  // |properties|.
  // Calling this will also revoke all associated WiFi Services provisioned
  // with the credentials blocks.
  // ARC calls this function whenever an app is removed regardless of whether
  // the app has configured Passpoint.
  [MinVersion=17] RemovePasspointCredentials@16(
      PasspointRemovalProperties properties);

  // Disconnects the current ChromeOS VPN network if one exists. If ChromeOS has
  // a network that represents an Android VPN, the network doesn't count as a
  // ChromeOS VPN network and won't be disconnected. If the default network
  // isn't a ChromeOS VPN network, then nothing happens.
  [MinVersion=18] DisconnectHostVpn@17();

  // Sends a request to Chrome to start a local only hotspot.
  [MinVersion=25] StartLohs@18(LohsConfig config) => (LohsStatus status);

  // Sends a request to Chrome to stop a local only hotspot.
  [MinVersion=25] StopLohs@19();

  // Sends a notification to Chrome about the change in whether Android WiFi
  // multicast lock is held by any app in ARC.
  [MinVersion=32] NotifyAndroidWifiMulticastLockChange@22(bool is_held);

  // Sends a notification to Chrome about a socket connection event in ARC.
  [MinVersion=34] NotifySocketConnectionEvent@23(SocketConnectionEvent msg);

  // Sends a notification to Chrome about a socket connection event of ARC VPN.
  [MinVersion=35] NotifyARCVPNSocketConnectionEvent@24(
      SocketConnectionEvent msg);
};

// Next Method ID: 12
// IDs 0 and 2 are missing as they belonged to deprecated method.
// Mojo interface exposed by ARC for networking/WiFi/VPN, the Chrome
// browser process is the client.
// The reason for using int for uint fields like port is the same and
// can be found in description for interface |NetHost|.
interface NetInstance {
  // Establishes full-duplex communication with the host.
  [MinVersion=8] Init@6(pending_remote<NetHost> host_remote) => ();

  // Notifies the instance of a WiFI AP scan being completed.
  [MinVersion=1] ScanCompleted@1();

  // Notifies the instance of a change in the state of WiFi on the host.
  [MinVersion=3] WifiEnabledStateChanged@3(bool is_enabled);

  // For the following *AndroidVpn methods, these are intentionally created as
  // a multiplexed interface design (along with the corresponding NetHost
  // AndroidVpn* methods). This is because
  // connection/configuration/disconnection events can be initiated from both
  // the Android and the ChromeOS-side. There should only be one connected
  // Android VPN at any time.
  //
  // Ask Android to disconnect the VPN, per user request.
  [MinVersion=7] DisconnectAndroidVpn@4();

  // Ask Android to pop up a VPN configuration dialog, per user request.
  [MinVersion=7] ConfigureAndroidVpn@5();

  // Notifies the instance of a change in one active network service.
  // Updates are only sent for active networks with an active layer 3
  // connection or networks in the process of connecting, corresponding to
  // CONNECTING, CONNECTED, PORTAL, and ONLINE ConnectionStateType values.
  // TODO(b/77293260): Notifications should only be sent for updates to
  // properties and data visible in NetworkConfiguration, and not for all shill
  // property updates.
  [MinVersion=10] ActiveNetworksChanged@7(array<NetworkConfiguration> network);

  // Does a DNS query from within ARC and returns result.
  // The test is bound to the ARC network corresponding to the host transport
  // name |transport_name|.
  [MinVersion=15] DnsResolutionTest@8(string transport_name,
      string host_name) => (ArcDnsResolutionTestResult result);

  // Does an HTTP GET request from within ARC and returns result.
  // Only HTTP and HTTPS are supported and the connection does not use any
  // caches/cookie jars/etc. that might exist on the Android side.
  // The test is bound to the ARC network corresponding to the host transport
  // name |transport_name|.
  [MinVersion=15] HttpTest@9(string transport_name, url.mojom.Url url)
      => (ArcHttpTestResult result);

  // Sends an ICMP echo request from within ARC to the given IP address and
  // returns result.
  // The test is bound to the ARC network corresponding to the host transport
  // name |transport_name|.
  [MinVersion=15] PingTest@10(string transport_name, string ip_address)
      => (ArcPingTestResult result);

  // Pass a Chrome flag value into ARC.
  [MinVersion=24] SetUpFlag@11(Flag flag, bool value);
};

// IP protocols used in a socket connection. Currently we are only interested
// in TCP and UDP for WiFi QoS and ignore other protocols such as ICMP.
[Extensible]
enum IpProtocol {
  [Default] kUnknown = 0,
  kTcp = 1,
  kUdp = 2,
};

// Events to describe status change of a socket.
[Extensible]
enum SocketEvent {
  [Default] kUnknown = 0,
  kOpen = 1,
  kClose = 2,
};

// QoS categories for a socket connection defined in RFC4594.
[Extensible]
enum QosCategory {
  [Default] kUnknown = 0,
  kRealtimeInteractive = 1,
  kMultimediaConferencing = 2,
};

struct SocketConnectionEvent {
  // Source IP address for this socket connection.
  network.mojom.IPAddress src_addr@0;

  // Destination IP address for this socket connection.
  network.mojom.IPAddress dst_addr@1;

  // Source IP port for this socket connection.
  int32 src_port@2;

  // Destination IP port for this socket connection.
  int32 dst_port@3;

  // Procotol used for this socket connection.
  IpProtocol proto@4;

  // Socket event of this socket connection, whether this connection is opened
  // or closed.
  SocketEvent event@5;

  // Category of App that this socket connection is associated with.
  AppCategory app_category@6;

  // The inferred QoS category of this socket connection.
  QosCategory qos_category@7;
};