| <!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN" |
| "http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd"> |
| <node name="/org/chromium/SessionManager" |
| xmlns:doc="http://www.freedesktop.org/dbus/1.0/doc.dtd"> |
| <!-- |
| Copyright (c) 2012 The Chromium OS Authors. All rights reserved. |
| Use of this source code is governed by a BSD-style license that can be |
| found in the LICENSE file. |
| |
| --> |
| |
| <!-- ********************************************************************* --> |
| |
| <!-- |
| org.chromium.SessionManagerInterface: |
| @short_description: User session manager. |
| |
| Interface for user session manager. Also handles persisting and |
| retrieving device and per-user enterprise policy blobs and |
| brokering certain privileged operations on the browser's behalf. |
| --> |
| <interface name="org.chromium.SessionManagerInterface"> |
| <!-- |
| EmitLoginPromptVisible: |
| |
| Emits the "login-prompt-visible" upstart signal and LoginPromptVisible |
| DBus signal on the browser's behalf. |
| --> |
| <method name="EmitLoginPromptVisible"> |
| </method> |
| <!-- |
| LoginPromptVisible: |
| |
| Emitted when the browser indicates that the sign in screen is visible. |
| --> |
| <signal name="LoginPromptVisible"> |
| </signal> |
| <!-- |
| EnableChromeTesting: |
| @force_relaunch: Restart the browser no matter what. |
| @extra_arguments: Extra command line arguments to pass on restart. |
| @filepath: The named pipe to be used for testing communication. |
| |
| Restarts the browser, leaving it open for testing automation. |
| Adds an argument to the chrome child job command line that causes it, |
| upon restart, to open a testing channel. Next, kills and restarts |
| chrome. The name of the pipe to be used for testing is returned in |
| @filepath. |
| If @force_relaunch is true, Chrome will be restarted with each |
| invocation. Otherwise, it will only be restarted if |
| automation is not yet enabled. @extra_arguments can |
| include any additional arguments that need to be passed to |
| Chrome on subsequent launches. |
| --> |
| <method name="EnableChromeTesting"> |
| <arg type="b" name="force_relaunch" direction="in" /> |
| <arg type="as" name="extra_arguments" direction="in" /> |
| <arg type="s" name="filepath" direction="out" /> |
| </method> |
| |
| <!-- |
| StartSession: |
| @account_id: Account ID of the user to start a session for. |
| @unique_identifier: Unused. |
| @done: True on success. Error returned on failure, so likely redundant. |
| |
| Updates bookkeeping to know about a session for @account_id. Also emits |
| "start-user-session" upstart signal (asynchronously) and |
| "SessionStateChanged:started" D-Bus signal. |
| --> |
| <method name="StartSession"> |
| <arg type="s" name="account_id" direction="in" /> |
| <arg type="s" name="unique_identifier" direction="in" /> |
| <arg type="b" name="done" direction="out" /> |
| </method> |
| |
| <!-- |
| StopSession: |
| @unique_identifier: Unused. |
| @done: True on success. Error returned on failure, so likely redundant. |
| |
| Terminates all active user sessions, announces this over upstart |
| ("stop-user-session") and DBus (SessionStateChanges:stopped). |
| --> |
| <method name="StopSession"> |
| <arg type="s" name="unique_identifier" direction="in" /> |
| <arg type="b" name="done" direction="out" /> |
| </method> |
| |
| <!-- |
| SessionStateChanged: |
| @state: State the device has changed to. |
| |
| Signal emitted to announce session state changes. Supported values for |
| @state include <quote>started</quote>, <quote>stopping</quote>, and |
| <quote>stopped</quote>. |
| --> |
| <signal name="SessionStateChanged"> |
| <arg type="s" name="state" /> |
| </signal> |
| |
| <!-- |
| StorePolicy: |
| @policy_blob: Serialized protobuf containing a device policy and a |
| signature over that policy. |
| @done: True on success. Error returned on failure, so likely redundant. |
| |
| Stores a device policy. This method will verify the sig in @policy_blob |
| and persist the blob to disk. |
| The signature is a SHA1 with RSA signature over the policy, |
| verifiable with the device-wide policy key. |
| --> |
| <method name="StorePolicy"> |
| <arg type="ay" name="policy_blob" direction="in" /> |
| <arg type="b" name="done" direction="out"></arg> |
| </method> |
| |
| <!-- |
| StoreUnsignedPolicy: |
| @policy_blob: Serialized protobuf containing device policy. |
| |
| Stores device policy without signature verification for AD managed |
| devices. Locked down through busconfig to be only callable by |
| authpolicyd and exits with an error if install attributes are not locked |
| to enterprise_ad device mode. |
| --> |
| <method name="StoreUnsignedPolicy"> |
| <arg type="ay" name="policy_blob" direction="in" /> |
| </method> |
| |
| <!-- |
| RetrievePolicy: |
| @policy_blob: Serialized protobuf containing a device policy and a |
| signature over that policy. |
| |
| Retrieve device policy stored by StorePolicy. |
| --> |
| <method name="RetrievePolicy"> |
| <arg type="ay" name="policy_blob" direction="out" /> |
| </method> |
| |
| <!-- |
| StorePolicyForUser: |
| @account_id: Account ID of the user whose policy is to be stored. |
| @policy_blob: A serialized PolicyFetchResponse protobuf. |
| @done: True on success. Error returned on failure, so likely redundant. |
| |
| Similar to StorePolicy() above, but for user policy. |
| @policy_blob should contain a serialized PolicyFetchResponse protobuf |
| which wraps the actual policy data along with an SHA1-RSA signature |
| over the policy data. The policy data is opaque to session_manager, |
| the exact definition is only relevant to client code in Chrome. |
| |
| Calling this function attempts to persist the policy blob for |
| a given user. Policy is stored in a root-owned location |
| within the user's cryptohome (for privacy reasons). The |
| first attempt to store policy also installs the signing |
| key for user policy. This key is used later to verify policy |
| updates pushed by Chrome. |
| --> |
| <method name="StorePolicyForUser"> |
| <arg type="s" name="account_id" direction="in" /> |
| <arg type="ay" name="policy_blob" direction="in" /> |
| <arg type="b" name="done" direction="out" /> |
| </method> |
| |
| <!-- |
| StoreUnsignedPolicyForUser: |
| @account_id: Account ID of the user whose policy is to be stored. |
| @policy_blob: A serialized PolicyFetchResponse protobuf. |
| |
| Similar to StoreUnsignedPolicy() above, but for user policy. |
| |
| Stores user policy without signature verification for AD managed |
| devices. Locked down through busconfig to be only callable by |
| authpolicyd and exits with an error if install attributes are not locked |
| to enterprise_ad device mode. The policy data is opaque to |
| session_manager, the exact definition is only relevant to client code in |
| Chrome. |
| |
| Calling this function attempts to persist the policy blob for a given |
| user. Policy is stored in a root-owned location within the user's |
| cryptohome (for privacy reasons and to prevent tampering by other system |
| components). |
| --> |
| <method name="StoreUnsignedPolicyForUser"> |
| <arg type="s" name="account_id" direction="in" /> |
| <arg type="ay" name="policy_blob" direction="in" /> |
| </method> |
| |
| <!-- |
| RetrievePolicyForUser: |
| @account_id: Account ID of the user whose policy the caller wants. |
| @policy_blob: Serialized protobuf containing a PolicyFetchResponse and a |
| signature over that policy. |
| |
| Retrieves user policy for a given user. |
| --> |
| <method name="RetrievePolicyForUser"> |
| <arg type="s" name="account_id" direction="in" /> |
| <arg type="ay" name="policy_blob" direction="out" /> |
| </method> |
| |
| <!-- |
| StoreDeviceLocalAccountPolicy: |
| @account_id: Account whose policy is to be stored. |
| @policy_blob: A serialized PolicyFetchResponse protobuf. |
| @done: True on success. Error returned on failure, so likely redundant. |
| |
| Similar to StorePolicyForUser() above, but for device-local |
| accounts. @policy_blob should contain a serialized |
| PolicyFetchResponse protobuf which wraps the actual policy |
| data along with an SHA1-RSA signature over the policy |
| data. The policy data is opaque to session manager, the exact |
| definition is only relevant to client code in Chrome. |
| |
| Calling this function attempts to persist the policy blob for |
| the device-local account specified in the method call. Policy |
| is stored in the root-owned /var/lib/device_local_accounts |
| directory in the stateful partition. Signatures are checked |
| against the owner key, key rotation is not allowed. |
| --> |
| <method name="StoreDeviceLocalAccountPolicy"> |
| <arg type="s" name="account_id" direction="in" /> |
| <arg type="ay" name="policy_blob" direction="in" /> |
| <arg type="b" name="done" direction="out" /> |
| </method> |
| |
| <!-- |
| RetrieveDeviceLocalAccountPolicy: |
| @account_id: Account ID of the user whose policy is to be stored. |
| @policy_blob: Serialized protobuf containing a PolicyFetchResponse and a |
| signature over that policy. |
| |
| Retrieves device-local account policy for the specified @account_id. |
| --> |
| <method name="RetrieveDeviceLocalAccountPolicy"> |
| <arg type="s" name="account_id" direction="in" /> |
| <arg type="ay" name="policy_blob" direction="out" /> |
| </method> |
| |
| <!-- |
| SetOwnerKeyComplete: |
| Defined as login_manager::kOwnerKeySetSignal, broadcast when the request |
| to persist the policy key was completed. |
| @success: A string value with either "success" or "failure" indicating |
| whether the policy key was actually persisted. |
| --> |
| <signal name="SetOwnerKeyComplete"> |
| <arg type="s" name="success" /> |
| </signal> |
| |
| <!-- |
| PropertyChangeComplete: |
| Broadcast when a request to persist the policy blob file on disk was |
| completed. |
| @success: A string value with either "success" or "failure" indicating |
| whether the policy blob was actually persisted. |
| --> |
| <signal name="PropertyChangeComplete"> |
| <arg type="s" name="success" /> |
| </signal> |
| |
| <!-- |
| RetrieveSessionState: |
| @state: The current session state. |
| |
| Get information about the current session. Will be one of |
| <quote>started</quote>, <quote>stopping</quote>, <quote>stopped</quote>. |
| --> |
| <method name="RetrieveSessionState"> |
| <arg type="s" name="state" direction="out" /> |
| </method> |
| |
| <!-- |
| RetrieveActiveSessions: |
| @sessions: A map describing the currently active user sessions. |
| |
| Enumerate active user sessions. |
| @sessions is a dictionary mapping { username: sanitized_user_name }. |
| --> |
| <method name="RetrieveActiveSessions"> |
| <arg type="a{ss}" name="sessions" direction="out" /> |
| </method> |
| |
| <!-- |
| HandleSupervisedUserCreationStarting: |
| |
| Handle notification from Chrome that creation of a supervised user is |
| underway. Browser crashes will trigger session termination until |
| someone calls HandleSupervisedUserCreationFinished. |
| --> |
| <method name="HandleSupervisedUserCreationStarting"> |
| </method> |
| |
| <!-- |
| HandleSupervisedUserCreationFinished: |
| |
| Handle notification from Chrome that creation of a supervised user is |
| completed. Browser crashes will once again trigger a browser restart. |
| --> |
| <method name="HandleSupervisedUserCreationFinished"> |
| </method> |
| |
| <!-- |
| LockScreen: |
| |
| Allows other processes to request screen locking. |
| Emits LockScreen signal to Chromium Browser to tell it to lock the |
| screen. The browser should call the HandleScreenLocked |
| method when the screen is actually locked. |
| --> |
| <method name="LockScreen"> |
| </method> |
| |
| <!-- |
| HandleLockScreenShown: |
| |
| Handle notification from Chrome that the lock screen is visible. |
| Emits ScreenIsLocked. |
| --> |
| <method name="HandleLockScreenShown"> |
| </method> |
| |
| <!-- |
| HandleLockScreenDismissed: |
| |
| Handle notification from Chrome that the lock screen is hidden. |
| Emits ScreenIsUnlocked. |
| --> |
| <method name="HandleLockScreenDismissed"> |
| </method> |
| |
| <!-- |
| ScreenIsLocked: |
| Broadcast that the browser locked the screen. |
| --> |
| <signal name="ScreenIsLocked"> |
| </signal> |
| <!-- |
| ScreenIsUnlocked: |
| Broadcast that the browser unlocked the screen. |
| --> |
| <signal name="ScreenIsUnlocked"> |
| </signal> |
| |
| <!-- |
| RestartJob: |
| @cred_fd: File descriptor that provides PID to be restarted. |
| @argv: Command line arguments to restart the job with. |
| |
| Restarts job with pid returned when querying @cred_fd using |
| SO_PEERCRED, replacing its command line arguments with those provided. |
| Only works for the browser process managed by the SessionManager. |
| --> |
| <method name="RestartJob"> |
| <arg type="h" name="cred_fd" direction="in" /> |
| <arg type="as" name="argv" direction="in" /> |
| </method> |
| |
| <!-- |
| StartDeviceWipe: |
| @done: True on success. Error returned on failure, so likely redundant. |
| |
| Sets the device up to "Powerwash" on reboot, and triggers a reboot. |
| --> |
| <method name="StartDeviceWipe"> |
| <arg type="b" name="done" direction="out" /> |
| </method> |
| |
| <!-- |
| SetFlagsForUser: |
| @account_id: Account ID of the user to set flags for. |
| @flags: array of flags to be set for the user. |
| |
| Sets browser @flags to be applied on next in-session restart. |
| --> |
| <method name="SetFlagsForUser"> |
| <arg type="s" name="account_id" direction="in" /> |
| <arg type="as" name="flags" direction="in" /> |
| </method> |
| |
| <!-- |
| GetServerBackedStateKeys: |
| @state_keys: The array of currently valid state keys. |
| |
| Requests server-backed state keys to be computed and returned. A |
| server-backed state key is an opaque client-determined identifier that's |
| used to stage state in a server to be retrieved after device |
| recovery. These are used to figure out device state such as previous |
| enrollment domain and whether the device got marked as stolen by its |
| owner. The keys are time-dependent, with each key being valid only for a |
| window of time, and based on system time this call returns the currently |
| valid state key plus a number of subsequent state keys (all sorted by |
| time in ascending order) that span approximately a year of time in |
| coverage. It is the responsibility of the caller to ensure that the |
| system time is accurate before starting the request! |
| --> |
| <method name="GetServerBackedStateKeys"> |
| <arg type="aay" name="state_keys" direction="out" /> |
| </method> |
| |
| <!-- |
| InitMachineInfo: |
| @data: A string containing newline-separated key=value pairs. |
| |
| Initializes supplemental machine information for use by session manager |
| that has be asynchronously determined in the boot process after |
| starting session_manager. This method gets invoked by the ui-init-late |
| init job; nothing else should call this method. |
| --> |
| <method name="InitMachineInfo"> |
| <arg type="s" name="data" direction="in" /> |
| </method> |
| |
| <!-- |
| StartContainer: |
| @name: A string containing the name of the container to start. |
| |
| Starts a container. Containers must be bundled with the rootfs so they |
| are signed. |
| --> |
| <method name="StartContainer"> |
| <arg type="s" name="name" direction="in" /> |
| </method> |
| |
| <!-- |
| StopContainer: |
| @name: A string containing the name of the container to stop. |
| |
| Stops a currently running container. |
| --> |
| <method name="StopContainer"> |
| <arg type="s" name="name" direction="in" /> |
| </method> |
| |
| <!-- |
| StartArcInstance: |
| @account_id: Account ID of the user to start ARC for. This |
| must be the same as the one given in StartSession. |
| @disable_boot_completed_broadcast: Option to disable |
| ACTION_BOOT_COMPLETED broadcast for 3rd party apps. |
| |
| Starts an ARC instance. Only one instance of ARC can be executing at a |
| given point in time. This method is only available if the board |
| supports ARC. This method gets invoked by Chrome. |
| --> |
| <method name="StartArcInstance"> |
| <arg type="s" name="account_id" direction="in" /> |
| <arg type="b" name="disable_boot_completed_broadcast" direction="in" /> |
| </method> |
| |
| <!-- |
| StopArcInstance: |
| |
| Stops the currently running ARC instance. Used to manually stop the ARC |
| instance. If the instance is not running, this will result in a no-op. |
| If this method is not called, session_manager will still stop the |
| instance when the user's session ends. This method is only available if |
| the board supports ARC. This method gets invoked by Chrome. |
| --> |
| <method name="StopArcInstance"> |
| </method> |
| |
| <!-- |
| SetArcCpuRestriction: |
| @restriction_state: State used to set the level of CPU allowed specified |
| as foreground or background with the |
| |login_manager::ContainerCpuRestrictionState| enum. |
| |
| Adjusts the amount of CPU the ARC instance is allowed to use by setting |
| the cpu.shares value of ARC's cpu cgroup. When restriction_state is |
| CONTAINER_CPU_RESTRICTION_FOREGROUND the limit is adjusted so ARC can |
| use all the system's CPU if needed. When restriction_state is |
| CONTAINER_CPU_RESTRICTION_BACKGROUND, cpu.shares is set back to a |
| tightly restricted level. The ARC container is started in a state that |
| is more restricted than CONTAINER_CPU_RESTRICTION_BACKGROUND. This |
| startup state is to allow Chrome to restore during login and can't be |
| re-entered after startup is complete. |
| Calling the method while the instance is not running *is* okay as long |
| as the cgroups exist. |
| --> |
| <method name="SetArcCpuRestriction"> |
| <arg type="u" name="restriction_state" direction="in" /> |
| </method> |
| |
| <!-- |
| EmitArcBooted: |
| |
| Emits the "arc-booted" upstart signal on the browser's behalf. |
| --> |
| <method name="EmitArcBooted"> |
| </method> |
| |
| <!-- |
| GetArcStartTimeTicks: |
| |
| Returns the value of start time (base::TimeTicks::ToInternalValue()) of |
| the ARC instance if exists, otherwise an error will be returned |
| accordingly i.e. ARC is not available on the platform or ARC is not |
| started. |
| --> |
| <method name="GetArcStartTimeTicks"> |
| <arg type="x" name="start_time" direction="out" /> |
| </method> |
| <!-- |
| RemoveArcData: |
| @account_id: Account ID of the user whose ARC data is removed. |
| |
| Removes ARC data from the user's profile. This does not remove ARC |
| system data such as root images. |
| --> |
| <method name="RemoveArcData"> |
| <arg type="s" name="account_id" direction="in" /> |
| </method> |
| </interface> |
| <!-- ********************************************************************* --> |
| </node> |