1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
ash / components / arc / mojom / net.mojom [blame]
// Copyright 2015 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Next MinVersion: 39
// This file defines the mojo interface between the ARC networking stack and
// Chrome OS. There are three different groups of interactions:
// - WiFi RPCs for scanning and manipulating saved network configurations,
// - Layer 3 RPCs for configuring and registering IP networks inside ARC,
// - VPN RPCs for integrating Always-on-VPNs and ARC as a VPN provider.
module arc.mojom;
import "ash/components/arc/mojom/app.mojom";
import "ash/components/arc/mojom/net_shared.mojom";
import "services/network/public/mojom/ip_address.mojom";
import "url/mojom/url.mojom";
// Indicates if a request send by ARC to the host has successfully completed.
[Extensible]
enum NetworkResult {
SUCCESS = 0,
FAILURE = 1,
};
// Additional argument to GetNetworks to specify the type of networks the
// host is interested to learn about.
[Extensible]
enum GetNetworksRequestType {
// All configured WiFi networks saved on the host.
CONFIGURED_ONLY = 0,
// All WiFi networks currently visible by scanning.
VISIBLE_ONLY = 1,
// All networks with an active layer 3 connection for all physical types.
[MinVersion=10] ACTIVE_ONLY = 2,
};
// Represents the possible connection states of a network service.
// It is effectively a subset of the shill::ConnectState enum defined in
// platform2/shill/service.h. Before adding a new state to shill::ConnectState
// there must be a valid value in this enum to map it to, or a new value must
// first be defined in ConnectionStateType and correctly handled by ARC.
// The mapping from shill::ConnectState must then be updated inside shill in
// Service::GetStateString (platform2/shill/service.cc) as well as in
// TranslateConnectionState inside components/arc/net/arc_net_host_impl.cc.
[Extensible]
enum ConnectionStateType {
// An active network that is connected at the physical layer and for which IP
// provisioning has succeeded for IPv4, or IPv6, or both.
// This corresponds to shill::ConnectState.kStateConnected.
CONNECTED = 0,
// The network is still connecting and not ready for IP traffic, but already
// considered active. This corresponds to kStateAssociating and
// kStateConfiguring in shill::ConnectState.
CONNECTING = 1,
// The network is disconnected. This corresponds to kStateUnknown, kStateIdle,
// and kStateFailure in shill::ConnectState.
NOT_CONNECTED = 2,
// The network is active and ready for IP traffic, but a captive portal is
// known to prevent access to the Internet. This corresponds to
// shill::ConnectState.kStateRedirectFound
PORTAL = 3,
// The network is active and ready for IP traffic, and there is no known
// captive portal blocking the traffic to the Internet. This corresponds to
// shill::ConnectState.kStateOnline
ONLINE = 4,
};
// Additional WiFi network information provided by scan results.
struct VisibleNetworkDetails {
int32 frequency;
int32 signal_strength;
string bssid;
};
// Additional configuration information needed for creating and saving
// WiFi network configuration on the host.
struct ConfiguredNetworkDetails {
string? passphrase;
bool autoconnect;
// This is the BSSID that the client would like to connect to. This is
// semantically different from |WiFi.bssid|, which is what the network's BSSID
// actually is. In the format of an Ethernet MAC address with lowercase
// letters (e.g. 00:11:22:aa:bb:cc).
[MinVersion=33] string? bssid;
};
// Passpoint credentials used to connect to matching passpoint networks.
// This struct should be mirroring 1-to-1 the "passpoint properties" names and
// types defined in src/platform2/dbus/shill/dbus-constants.h.
struct PasspointCredentials {
// All home service provider fully qualified domain name(s).
array<string> domains@0;
// The realm associated with this credential. It will be used to determine
// if this credential can be used to authenticate with a given hotspot by
// comparing the realm specified in that hotspot's Access Network Query
// Protocol (ANQP) element.
string realm@1;
// List of Home Organization Identifiers (OIs) used for determining if this
// credentials match a given Hotspot provider. Matching of any OIs in this
// list with an OI in the Roaming Consortium advertised by a Hotspot means
// that successful authentication with such Hotspot is possible.
array<uint64> home_ois@2;
// List of Home Organization Identifiers (OIs) used for determining if a
// provider is a member of a given Hotspot provider. Every OIs in this list
// are required to match an OI in the the Roaming Consortium advertised by a
// Hotspot in order to support authentication with this credentials.
array<uint64> required_home_ois@3;
// Roaming consortium Organization Identifiers (OIs) used to determine which
// access points support authentication with this credentials.
array<uint64> roaming_consortium_ois@4;
// Set of EAP credentials (TLS or TTLS only) used to connect to a network
// that matched these credentials.
EapCredentials eap@5;
// True if the user or App specified any network provisioned
// with these credentials should be considered as metered.
bool metered@6;
// Package name of the App that provided these credentials.
string package_name@7;
// Friendly name of the home service provider. Taken from Android's
// android.net.wifi.hotspot2.pps.HomeSp.getFriendlyName().
[MinVersion=22] string? friendly_name@8;
// The time this subscription will expire or minimum value of 64-bit int to
// indicate unset value. It is in the format of number of milliseconds since
// January 1, 1970, 00:00:00 GMT.
// The field is a direct copy of Android's Java signed value taken from
// android.net.wifi.hotspot2.getSubscriptionExpirationTimeMillis().
[MinVersion=22] int64 subscription_expiration_time_ms@9;
};
// Values to be used to remove matching Passpoint credentials.
struct PasspointRemovalProperties {
// Home service provider fully qualified domain name.
string? fqdn@0;
// Package name of the app that created the credentials.
string? package_name@1;
};
// The EAP method that will be used when connecting to a 802.1x WiFi network or
// Passpoint WiFi network.
[Extensible]
enum EapMethod {
kNone = 0,
kLeap = 1,
kPeap = 2,
kTls = 3,
kTtls = 4,
};
// The authentication methods that will be on the inside of a PEAP or EAP-TTLS
// tunnel.
[Extensible]
enum EapPhase2Method {
kNone = 0,
kPap = 1,
kMschap = 2,
kMschapv2 = 3,
};
// Recognized key management schemes.
[Extensible]
enum KeyManagement {
kNone = 0,
kIeee8021X = 1,
kFtEap = 2,
kFtPsk = 3,
kFtSae = 4,
kWpaEap = 5,
kWpaEapSha256 = 6,
kWpaPsk = 7,
kSae = 8,
};
// EAP credential used to connect to a 802.1x WiFi network or Passpoint WiFi
// network that matched the credentials.
// This struct should be mirroring 1-to-1 the "EAP properties" names and types
// defined in src/platform2/system_api/dbus/shill/dbus-constants.h.
// ARC is responsible for filling / hardcoding any field that the Android APIs
// do not provide directly, so that ArcNetHostImpl can be a dumb data transfer
// layer with no other logic.
struct EapCredentials {
// The outer or only EAP authentication type.
EapMethod method@0;
// The inner EAP authentication type.
EapPhase2Method phase2_method@1;
// When there is an inner EAP type, use this identity for the outer.
string? anonymous_identity@2;
// Who we identify ourselves as to the EAP authenticator.
string? identity@3;
// Password to use for EAP methods which require one.
string? password@4;
// Key management algorithm to use after EAP succeeds.
KeyManagement key_management@5;
// PEM formatted contents of the CA certificate(s).
array<string>? ca_certificate_pem@6;
// PEM formatted contents of the client certificate(s).
array<string>? client_certificate_pem@7;
// PEM formatted contents of the client private key.
string? client_certificate_key@8;
// If non-empty, string to match remote subject against before connecting.
string? subject_match@9;
// A list of serialized subject alternative names (SANs) to be matched against
// the alternative subject name of the authentication server certificate. When
// multiple match strings are specified, a match with any one of the values is
// considered a sufficient match for the server certificate.
array<string>? subject_alternative_name_match_list@10;
// A list of constraints for the server domain name. If set, the entries will
// be used as suffix match requirements against the DNS name element(s) of the
// alternative subject name of an authentication server. When multiple match
// strings are specified, a match with any one of the values is considered a
// sufficient match for the server certificate.
array<string>? domain_suffix_match_list@11;
// The highest TLS version supplicant is allowed to negotiate.
string? tls_version_max@12;
// If true, use the system-wide certificate authority database to authenticate
// the remote.
bool use_system_cas@13;
// If true, use per network proactive key caching.
bool use_proactive_key_caching@14;
// If true, use the user's stored login password as the password.
bool use_login_password@15;
};
union NetworkDetails {
VisibleNetworkDetails visible;
ConfiguredNetworkDetails configured;
};
// The two possible Internet Procol families.
[Extensible]
enum IPAddressType {
IPV4,
IPV6,
};
// Deprecated. Individual fields added to NetworkConfiguration in version 13 of
// this file should be used instead.
struct IPConfiguration {
// Literal representation of the IP address of the ARC gateway.
string gateway;
// Literal representation of the IP address of ARC for that network.
string ip_address;
// List of literal IP addresses of name servers to use on that network.
array<string> name_servers;
// Length of the routing prefix.
int32 routing_prefix;
// IP family for that configuration
IPAddressType type;
};
// Deprecated enum. |is_metered| in NetworkConfiguration should be
// used instead.
[Extensible]
enum TetheringClientState {
// Tethering state is detected and confirmed.
CONFIRMED,
// Tethering state is not detected.
NOT_DETECTED,
// Tethering data is suspected and can be |CONFIRMED| in the future.
SUSPECTED,
};
// Describes properties of a WiFi networks used to create Android's
// android.net.wifi.Wificonfiguration objects and android.net.wifi.WifiInfo
// objects.
struct WiFi {
// The network BSSID in the format of an Ethernet MAC address.
string bssid;
// The frequency of this network, in MHz.
int32 frequency;
// The network SSID encoded as an hexadecimal string.
string hex_ssid;
// True if the network does not broadcast its ssid.
bool hidden_ssid;
// The type of wireless security protocol used by this network.
SecurityType security;
// The current signal strength of this network. Updates for this value are not
// sent to ARC for connected WiFi networks and should be considered precise
// only for scanning results.
int32 signal_strength;
// True if the network represents a Passpoint network.
[MinVersion=16] bool is_passpoint;
// Fully qualified domain name (FQDN) of a Passpoint configuration.
[MinVersion=16] string? fqdn;
// The current RSSI (Received Signal Strength Indicator) in dBm of this
// network. This is typically between -90 and -20 dBm. Unknown value
// is represented as -32768 dBm (int16 min value).
[MinVersion=23] int16 rssi;
};
// The physical network types exposed to ARC by the host,
// corresponding to a subset of shill technology types defined
// in platform2/system_api/dbus/shill/dbus-constants.h.
// The missing shill technology types are:
// - WiMAX: obsolete WiFi standard, deprecated in Chrome OS in Q2 2019.
// - Bluetooth: ARC does not support host IP networks over Bluetooth.
// - PPPoE: ARC does not support host Point to Point networks.
// Next Enum ID: 5
// ID 4 was previously assigned to WiMAX.
[Extensible]
enum NetworkType {
CELLULAR = 0,
ETHERNET = 1,
VPN = 2,
WIFI = 3,
};
// Used by ARC to request a network configuration to be created on the host.
struct NetworkConfiguration {
// The connection state of the network service.
ConnectionStateType connection_state;
// A string token that uniquely identifies this network service.
string guid;
// Deprecated. Individual fields added to NetworkConfiguration in version 13
// of this file should be used instead.
array<IPConfiguration>? deprecated_ip_configs;
// Deprecated field unused from ARC P and later.
string? deprecated_mac_address;
// The type of the underlying physical network.
NetworkType type;
// Additional WiFi properties for WiFi network services.
WiFi? wifi;
// Deprecated field. Uses |is_metered| instead.
[MinVersion=8] TetheringClientState deprecated_tethering_client_state;
// The name of the network interface on the host.
[MinVersion=10] string? network_interface;
// True if this network is the host default network.
[MinVersion=11] bool is_default_network;
// The name of the shill service associated with this network connection.
[MinVersion=12] string? service_name;
// This is the network MTU value (device kIpConfigsProperty) or the
// native VPN MTU value (service property), or 0 if undefined.
[MinVersion=13] uint32 host_mtu;
// Prefix length of the host IPv4 subnet, or 0 for an IPv6 only network.
[MinVersion=13] uint32 host_ipv4_prefix_length;
// IPv4 address assigned to the host, or empty for an IPv6 only network.
[MinVersion=13] string? host_ipv4_address;
// IPv4 address of the local gateway, or empty for an IPv6 only network.
[MinVersion=13] string? host_ipv4_gateway;
// Prefix length of the host IPv6 subnet, or 0 for an IPv4 only network.
[MinVersion=13] uint32 host_ipv6_prefix_length;
// Global unicast IPv6 addresses assigned to the host, or empty for an IPv4
// only network. The link local address and unique local addresses are
// ignored.
[MinVersion=13] array<string>? host_ipv6_global_addresses;
// IPv6 address of the local gateway, or empty for an IPv4 only network.
[MinVersion=13] string? host_ipv6_gateway;
// All IPv4 and IPv6 addresses of name servers for the network,
// either obtained by DHCPv4, by IPv6 RA RDNSS, or set statically.
[MinVersion=13] array<string>? host_dns_addresses;
// All search domains set for the host for the network, either obtained by
// DHCPv4, by IPv6 RA DNSSL, or set statically. Search domains are set as an
// explicit array of strings instead of a comma separated list embedded into
// a single string.
[MinVersion=13] array<string>? host_search_domains;
// The following four fields specify the static IPv4 configuration for the
// virtual network exposed inside ARC environment by arc-networkd, and
// attached to this host network. These values are defined even if the
// host network is an IPv6 only network.
// Prefix length of the IPv4 subnet assigned to the ARC virtual network.
[MinVersion=13] uint32 arc_ipv4_prefix_length;
// IPv4 address assigned to the ARC guest.
[MinVersion=13] string? arc_ipv4_address;
// IPv4 address of the gateway for the ARC virtual network.
[MinVersion=13] string? arc_ipv4_gateway;
// The name of the network interface matching the virtual interface exposed
// to ARC and associated with the network service. This can be different
// from the name of the real physical interface managed by shill.
[MinVersion=13] string? arc_network_interface;
// True if the network has been autodetected by the platform as a metered
// network or if the user explicitly marked the network as metered in the UI.
[MinVersion=14] bool is_metered;
// Routes of destinations for the host network in CIDR format. If null/empty,
// all (both IPv4 and IPv6) destinations are assumed to go through the host
// network. As long as there is at least one destination in the list,
// regardless of IPv4 or IPv6 family, then no default destinations for any
// IPv* family are assumed anymore.
//
// For example:
// [ ] => Implies 0.0.0.0/0 and ::/0
// [ 10.8.0.5/32 ] => 10.8.0.5/32 for IPv4, no IPv6
// [ 2001:DB8::/32 ] => 2001:DB8::/32 for IPv6, no IPv4
// [ 10.8.0.5/32, ::/0 ] => 10.8.0.5/32 for IPv4, all IPv6
// [ 2001:DB88::/32, 0.0.0.0/0 ] => 2001::DB8::/32 for IPv6, all IPv4
//
// If the same destination is present in include_routes and exclude_routes,
// then exclude_routes will take precedence and the destination will be
// excluded from the host network.
[MinVersion=15] array<string>? include_routes;
// Routes of destinations to exclude for the host network in CIDR format. If
// null/empty, it is assumed no destinations are excluded. If the same
// destination is present in include_routes and exclude_routes, then
// exclude_routes will take precedence and the destination will be excluded
// from the host network.
[MinVersion=15] array<string>? exclude_routes;
// IPv4 and IPv6 addresses of DNS proxy. When this field is not empty ARC
// overrides the network DNS addresses with these addresses.
[MinVersion=19] array<string>? dns_proxy_addresses;
// Available maximal uplink and downlink speeds for the network in kbps.
[MinVersion=28] LinkSpeed? link_speed;
};
// Uplink and downlink speeds in Kbps for the network.
struct LinkSpeed {
uint32 uplink_speed_kbps@0;
uint32 downlink_speed_kbps@1;
};
// Describes a Wifi network configuration that ARC has requested the host to
// create.
struct WifiConfiguration {
// These correspond to ONC properties returned by
// chrome.networkingPrivate.getNetworks() and createNetwork().
// See components/onc/docs/onc_spec.html
// SSID encoded as a series of hex bytes, e.g. "61626364"
// This allows for handling SSIDs which are not valid UTF-8 strings.
[MinVersion=2] string? hexssid@6;
[MinVersion=1] string? guid@5;
string security@4;
// Fields specific to either visible or configured networks.
[MinVersion=2] NetworkDetails? details@7;
// Deprecated. These will be removed when both sides support NetworkDetails.
int32 frequency@1;
int32 signal_strength@2;
string bssid@3;
// Deprecated. |hexssid| will be used, going forward.
string ssid@0;
// Set of EAP credentials used to connect to a network that matched these
// credentials.
[MinVersion=16] EapCredentials? eap@8;
// Indicates if the App has expressed an explicit opinion about the
// meteredness of this network.
[MinVersion=20] MeteredOverride metered_override@9;
// The proxy configuration of this object.
[MinVersion=20] ArcProxyInfo? http_proxy@10;
// Static IPv4 configuration of the network
[MinVersion=20] StaticIpv4Configuration? static_ipv4_config@11;
// List of domains to search when resolving host names on this
// link, in priority order.
[MinVersion=20] array<string>? domains@12;
// DNS server IP addresses included in the configuration
[MinVersion=20] array<string>? dns_servers@13;
// A list of BSSIDs that control what APs can be connected to.
// If null, there are no restrictions and this field is ignored.
// If empty, then nothing is allowed and no AP will be connected to.
// If non-empty, then only APs whose BSSID is included in the list can be
// connected to. BSSIDs should be in MAC address format.
[MinVersion=26] array<string>? bssid_allowlist@14;
};
[Extensible]
enum MeteredOverride {
// No metered override
[Default] kNone = 0,
// Override network to be metered
kMetered = 1,
// Override network to be unmetered
kNotmetered = 2,
};
// Static Ipv4 configuration
struct StaticIpv4Configuration {
// Static IPv4 address included in the configuration
string? ipv4_addr@0;
// Static IPv4 address of the gateway included in the configuration
string? gateway_ipv4_addr@1;
// Prefix length of the network
int32 prefix_length@2;
};
// For ProxyInfo, we have 2 options to set up proxy:
// 1. a direct configuration: host, port, and exclusion_list are
// used and pac_url is ignored
// 2. a PAC URL configuration: only pac_url
// is used and other fields are ignored.
union ArcProxyInfo {
ManualProxyConfig manual_proxy@0;
PacUrlProxyConfig pac_url_proxy@1;
};
struct PacUrlProxyConfig {
// PAC script download URL for that network.
url.mojom.Url pac_url@0;
};
struct ManualProxyConfig {
// The host IP address of this proxy
string host@0;
// The port of this proxy
int32 port@1;
// When configured to use a Direct Proxy this returns the list of hosts
// for which the proxy is ignored.
array<string> exclusion_list@2;
};
// Response object sent back to ARC when it queries existing networks on
// Chrome OS side. The kind of networks returned by Chrome OS is specified
// with the GetNetworksRequestType enum.
struct GetNetworksResponseType {
NetworkResult status;
array<NetworkConfiguration> networks;
};
struct AndroidVpnConfiguration {
// The canonical name of the VPN app (e.g. "com.android.myvpn").
string app_name@0;
// The human-readable name of the VPN app (e.g. "OpenVPN").
string app_label@1;
// The name of the VPN session, as set by the app using setSession().
// The app does not need to call setSession() so this may be empty.
string session_name@2;
// True if Chrome browser traffic should be sent through the VPN.
bool tunnel_chrome_traffic@3;
// The next hop for IPv4 traffic originating on the host. Currently this
// will be set to arc0's IP address.
string ipv4_gateway@4;
// A list of IPv4 and IPv6 ranges to route through the VPN. e.g.
// ["0.0.0.0/0"] or ["192.168.1.0/24", "10.1.0.0/16"].
array<string> split_include@5;
// A list of IPv4 and IPv6 ranges to exclude from the VPN. If specified,
// all traffic that does not fall into these ranges will use the VPN.
array<string> split_exclude@6;
// A list of DNS servers.
array<string> nameservers@7;
// A list of search domains for DNS resolution.
array<string> domains@8;
// The proxy configuration provided by the Android VPN when running
// on ARC R or later. Android only allows manual proxy configurations
// by IP address and port. PAC URL configurations are not supported.
// On ARC P, Android VPNs cannot specify a proxy configuration.
[MinVersion=21] ArcProxyInfo? http_proxy@9;
// The maximum transmission unit (MTU) in bytes. See the comments for NetHost
// for the rationale of using int32 instead of uint32 here.
[MinVersion=38] int32 mtu@10;
};
// Result object that is returned to the caller of the ARC DNS
// Resolution test. Contains information regarding the test result.
struct ArcDnsResolutionTestResult {
// True if the test passed successfully.
bool is_successful;
// RCODE of the DNS response as defined by rfc2929#section-2.3.
int32 response_code;
// Time elapsed for the DNS resolution (milliseconds).
int64 duration_ms;
};
// Result object that is returned to the caller of the ARC HTTP
// test. Contains information regarding the test result.
struct ArcHttpTestResult {
// True if the HTTP request completed successfully.
bool is_successful;
// Status code of the HTTP response header.
int32 status_code;
// HTTP response header fields.
map<string, string> response_header_fields;
// Time elapsed for the HTTP request and response (milliseconds).
int64 duration_ms;
};
// Result object that is returned to the caller of the ARC
// Ping test. Contains information regarding the test result.
struct ArcPingTestResult {
// True if the test passed successfully.
bool is_successful;
// Time elapsed for the ping (milliseconds).
int64 duration_ms;
};
// Chrome flags that should be passed into ARC via NetInstance::SetUpFlag().
[Extensible]
enum Flag {
[Default] UNKNOWN = 0,
// Launched and deprecated, b/257889534
DEPRECATED_ENABLE_ARC_HOST_VPN = 1,
};
// The band to start an AP on.
[Extensible]
enum WifiBand {
[Default] kUnknown = 0,
k2Ghz = 1,
k5Ghz = 2,
k6Ghz = 3,
k60Ghz = 4,
};
// The status to represent a local only hotspot connection status.
[Extensible]
enum LohsStatus {
[Default] kUnknown = 0,
kSuccess = 1,
kErrorGeneric = 2,
kErrorIncompatibleMode = 3,
kErrorTetheringDisallowed = 4,
// The ARC config contains values that the host cannot support.
[MinVersion=27] kErrorInvalidArgument = 5,
// The ARC config is theoretically valid, but there was some error at the
// platform-level.
[MinVersion=27] kErrorConfiguringPlatform = 6,
};
// The struct to represent a local only hotspot configuration.
struct LohsConfig {
// The network band that Android is requesting.
WifiBand band@0;
// Security type of the local only hotspot.
SecurityType security_type@1;
// SSID of the local only hotspot. The network SSID encoded as a
// hexadecimal string.
string hexssid@2;
// Passphrase of the local only hotspot. If the security type requires one.
// It will be null otherwise.
string? passphrase@3;
};
// Request object that is passed to the Chrome API RequestPasspointAppApproval.
struct PasspointApprovalRequest {
// The package name of the app requesting the approval. This is needed for
// Chrome to check if the app window is valid.
string package_name;
// The name of the app requesting the approval.
string app_name;
// Friendly name of the home service provider. Matches Android's
// android.net.wifi.hotspot2.pps.HomeSp.getFriendlyName() and
// PasspointCredentials.friendly_name.
// This value can be different from |app_name|, for instance for aggregator
// Apps.
[MinVersion=31] string? friendly_name;
// The time this subscription will expire or minimum value of 64-bit int to
// indicate unset value. It is in the format of number of milliseconds since
// January 1, 1970, 00:00:00 GMT.
// The field is a direct copy of Android's Java signed value taken from
// android.net.wifi.hotspot2.getSubscriptionExpirationTimeMillis().
// The field also matches subscription_expiration_time_ms of
// PasspointCredentials.
[MinVersion=31] int64 subscription_expiration_time_ms;
};
// Result object that is returned to the caller to the Chrome API
// RequestPasspointAppApproval.
struct PasspointApprovalResponse {
// True if the user allowed the request.
bool allowed;
};
// Next Method ID: 27
// IDs 3 and 9 are missing as they belonged to deprecated methods.
// Mojo interface exposed by the Chrome browser process for
// networking/WiFi/VPN, ARC is the client.
// The reason for using int for uint fields such as port is: Mojo
// uint values are byte cast when deserialized in Java, the practical
// and safe solution is to pick the next signed type that includes the
// whole unsigned range of possible values. Otherwise it forces writing
// error-prone conversion code at the entry or exit of mojo data.
interface NetHost {
// Sends a request to get enabled / disabled status of WiFi.
GetWifiEnabledState@1() => (bool is_enabled);
// Sends a request to start scan of WiFi APs.
[MinVersion=1] StartScan@2();
// Sends a request to enable or disable WiFi. The |result| is true when the
// the state has been successfully set or WiFi is already in the desired
// state. It is false if WiFi manipulation is prohibited due to a policy or
// its current state.
[MinVersion=3] SetWifiEnabledState@4(bool is_enabled) => (bool result);
// Creates a new network and returns the GUID. If an error occurs,
// |guid| will be an empty string.
[MinVersion=4] CreateNetwork@5(WifiConfiguration cfg) => (string guid);
// Deletes an existing network.
[MinVersion=4] ForgetNetwork@6(string guid) => (NetworkResult status);
// Updates an existing Wifi network.
[MinVersion=29] UpdateWifiNetwork@20(string guid, WifiConfiguration cfg) =>
(NetworkResult status);
// Initiates a network connection. If called when connected to a different
// network, it will drop the current connection first.
[MinVersion=4] StartConnect@7(string guid) => (NetworkResult status);
// Disconnects from network |guid|.
[MinVersion=4] StartDisconnect@8(string guid) => (NetworkResult status);
// Sends a request to get the subset of network services existing on Chrome OS
// that match the kind specified with GetNetworksRequestType. This call
// supports three usages:
// - Querying the list of saved WiFi network configurations for implementing
// WifiManager public APIs for accessing saved WiFi profiles.
// - Querying visible WiFi networks for implementing Android WifiManager
// public scanning APIs.
// - Querying the list of all networks with an active layer 3 connection,
// which is used for the initial registration of IP networks to Android
// connectivity stack. This includes all physical types of networks.
[MinVersion=6] GetNetworks@10(GetNetworksRequestType type) =>
(GetNetworksResponseType response);
// For the following AndroidVpn* methods, these are intentionally created as
// a multiplexed interface design (along with the corresponding NetInstance
// *AndroidVpn methods). This is because
// connection/configuration/disconnection events can be initiated from both
// the Android and the ChromeOS-side. There should only be one connected
// Android VPN at any time.
//
// Inform ChromeOS that an Android VPN has connected. If the Android VPN is
// already registered as a shill service, then the service will be updated. If
// not, a new shill service will be created for the current user.
[MinVersion=7] AndroidVpnConnected@11(AndroidVpnConfiguration cfg);
// Inform ChromeOS that an Android VPN's configuration has been updated. The
// Android VPN should already exist as a shill service for the current user,
// otherwise this is a no-op.
[MinVersion=36] AndroidVpnUpdated@25(AndroidVpnConfiguration cfg);
// Inform ChromeOS that an Android VPN is disconnected, reconnecting, or
// reconnected.
// DEPRECATED: Replaced by `AndroidVpnDisconnected`
// TODO(b/329529872): Remove method once M126 hits stable
[MinVersion=7] DEPRECATED_AndroidVpnStateChanged@12(
ConnectionStateType state);
// Inform ChromeOS that an Android VPN has disconnected.
[MinVersion=37] AndroidVpnDisconnected@26();
// Tells Chrome OS that network traffic should go through a certain VPN
// connection. |vpnPackage| is the package name of the Android VPN app. If
// |lockdown| is true and the VPN connection is down, traffic is blackholed to
// prevent circumventing the VPN connection. This applies to Chrome traffic
// (users 'chronos' and 'debugd'), not other system traffic like the
// update engine.
// TODO(b/111201944): Add Chrome UI to enable the user to escape the lockdown,
// unless the lockdown is dictated via policy.
// Call with empty string as |vpnPackage| to lift the restriction.
[MinVersion=9] SetAlwaysOnVpn@13(string vpnPackage, bool lockdown);
// Sends a request to Chrome to ask for user approval for the app to set up
// WiFi networks through Passpoint.
[MinVersion=30] RequestPasspointAppApproval@21(
PasspointApprovalRequest request) => (PasspointApprovalResponse response);
// Adds a PasspointCredentials block provided by an Android App onto the host
// platform.
[MinVersion=16] AddPasspointCredentials@14(PasspointCredentials credentials);
// Removes all PasspointCredentials blocks that match all property of
// |properties|.
// Calling this will also revoke all associated WiFi Services provisioned
// with the credentials blocks.
// ARC calls this function whenever an app is removed regardless of whether
// the app has configured Passpoint.
[MinVersion=17] RemovePasspointCredentials@16(
PasspointRemovalProperties properties);
// Disconnects the current ChromeOS VPN network if one exists. If ChromeOS has
// a network that represents an Android VPN, the network doesn't count as a
// ChromeOS VPN network and won't be disconnected. If the default network
// isn't a ChromeOS VPN network, then nothing happens.
[MinVersion=18] DisconnectHostVpn@17();
// Sends a request to Chrome to start a local only hotspot.
[MinVersion=25] StartLohs@18(LohsConfig config) => (LohsStatus status);
// Sends a request to Chrome to stop a local only hotspot.
[MinVersion=25] StopLohs@19();
// Sends a notification to Chrome about the change in whether Android WiFi
// multicast lock is held by any app in ARC.
[MinVersion=32] NotifyAndroidWifiMulticastLockChange@22(bool is_held);
// Sends a notification to Chrome about a socket connection event in ARC.
[MinVersion=34] NotifySocketConnectionEvent@23(SocketConnectionEvent msg);
// Sends a notification to Chrome about a socket connection event of ARC VPN.
[MinVersion=35] NotifyARCVPNSocketConnectionEvent@24(
SocketConnectionEvent msg);
};
// Next Method ID: 12
// IDs 0 and 2 are missing as they belonged to deprecated method.
// Mojo interface exposed by ARC for networking/WiFi/VPN, the Chrome
// browser process is the client.
// The reason for using int for uint fields like port is the same and
// can be found in description for interface |NetHost|.
interface NetInstance {
// Establishes full-duplex communication with the host.
[MinVersion=8] Init@6(pending_remote<NetHost> host_remote) => ();
// Notifies the instance of a WiFI AP scan being completed.
[MinVersion=1] ScanCompleted@1();
// Notifies the instance of a change in the state of WiFi on the host.
[MinVersion=3] WifiEnabledStateChanged@3(bool is_enabled);
// For the following *AndroidVpn methods, these are intentionally created as
// a multiplexed interface design (along with the corresponding NetHost
// AndroidVpn* methods). This is because
// connection/configuration/disconnection events can be initiated from both
// the Android and the ChromeOS-side. There should only be one connected
// Android VPN at any time.
//
// Ask Android to disconnect the VPN, per user request.
[MinVersion=7] DisconnectAndroidVpn@4();
// Ask Android to pop up a VPN configuration dialog, per user request.
[MinVersion=7] ConfigureAndroidVpn@5();
// Notifies the instance of a change in one active network service.
// Updates are only sent for active networks with an active layer 3
// connection or networks in the process of connecting, corresponding to
// CONNECTING, CONNECTED, PORTAL, and ONLINE ConnectionStateType values.
// TODO(b/77293260): Notifications should only be sent for updates to
// properties and data visible in NetworkConfiguration, and not for all shill
// property updates.
[MinVersion=10] ActiveNetworksChanged@7(array<NetworkConfiguration> network);
// Does a DNS query from within ARC and returns result.
// The test is bound to the ARC network corresponding to the host transport
// name |transport_name|.
[MinVersion=15] DnsResolutionTest@8(string transport_name,
string host_name) => (ArcDnsResolutionTestResult result);
// Does an HTTP GET request from within ARC and returns result.
// Only HTTP and HTTPS are supported and the connection does not use any
// caches/cookie jars/etc. that might exist on the Android side.
// The test is bound to the ARC network corresponding to the host transport
// name |transport_name|.
[MinVersion=15] HttpTest@9(string transport_name, url.mojom.Url url)
=> (ArcHttpTestResult result);
// Sends an ICMP echo request from within ARC to the given IP address and
// returns result.
// The test is bound to the ARC network corresponding to the host transport
// name |transport_name|.
[MinVersion=15] PingTest@10(string transport_name, string ip_address)
=> (ArcPingTestResult result);
// Pass a Chrome flag value into ARC.
[MinVersion=24] SetUpFlag@11(Flag flag, bool value);
};
// IP protocols used in a socket connection. Currently we are only interested
// in TCP and UDP for WiFi QoS and ignore other protocols such as ICMP.
[Extensible]
enum IpProtocol {
[Default] kUnknown = 0,
kTcp = 1,
kUdp = 2,
};
// Events to describe status change of a socket.
[Extensible]
enum SocketEvent {
[Default] kUnknown = 0,
kOpen = 1,
kClose = 2,
};
// QoS categories for a socket connection defined in RFC4594.
[Extensible]
enum QosCategory {
[Default] kUnknown = 0,
kRealtimeInteractive = 1,
kMultimediaConferencing = 2,
};
struct SocketConnectionEvent {
// Source IP address for this socket connection.
network.mojom.IPAddress src_addr@0;
// Destination IP address for this socket connection.
network.mojom.IPAddress dst_addr@1;
// Source IP port for this socket connection.
int32 src_port@2;
// Destination IP port for this socket connection.
int32 dst_port@3;
// Procotol used for this socket connection.
IpProtocol proto@4;
// Socket event of this socket connection, whether this connection is opened
// or closed.
SocketEvent event@5;
// Category of App that this socket connection is associated with.
AppCategory app_category@6;
// The inferred QoS category of this socket connection.
QosCategory qos_category@7;
};