login_manager/dbus_bindings/org.chromium.SessionManagerInterface.xml - mirrors/cros/chromiumos/platform2 - Git at Google

 <!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN"
  "http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
 <node name="/org/chromium/SessionManager"
       xmlns:doc="http://www.freedesktop.org/dbus/1.0/doc.dtd">
 <!--
   Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
   Use of this source code is governed by a BSD-style license that can be
   found in the LICENSE file.

 -->

   <!-- ********************************************************************* -->

   <!--
       org.chromium.SessionManagerInterface:
       @short_description: User session manager.

       Interface for user session manager. Also handles persisting and
       retrieving device and per-user enterprise policy blobs and
       brokering certain privileged operations on the browser's behalf.
   -->
   <interface name="org.chromium.SessionManagerInterface">

     <!--
         EmitLoginPromptVisible:

         Emits the "login-prompt-visible" upstart signal and LoginPromptVisible
         DBus signal on the browser's behalf.
     -->
     <method name="EmitLoginPromptVisible">
       <annotation name="org.chromium.DBus.Method.Kind" value="simple" />
     </method>

     <!--
         LoginPromptVisible:

         Emitted when the browser indicates that the sign in screen is visible.
     -->
     <signal name="LoginPromptVisible" />

     <!--
         EnableChromeTesting:
         @force_relaunch: Restart the browser no matter what.
         @extra_arguments: Extra command line arguments to pass on restart.
         @filepath: The named pipe to be used for testing communication.

         Restarts the browser, leaving it open for testing automation.
         Adds an argument to the chrome child job command line that causes it,
         upon restart, to open a testing channel. Next, kills and restarts
         chrome. The name of the pipe to be used for testing is returned in
         @filepath.
         If @force_relaunch is true, Chrome will be restarted with each
         invocation. Otherwise, it will only be restarted if
         automation is not yet enabled.  @extra_arguments can
         include any additional arguments that need to be passed to
         Chrome on subsequent launches.
     -->
     <method name="EnableChromeTesting">
       <arg type="b" name="force_relaunch" direction="in" />
       <arg type="as" name="extra_arguments" direction="in" />
       <arg type="s" name="filepath" direction="out" />
     </method>

     <!--
         StartSession:
         @account_id: Account ID of the user to start a session for.
         @unique_identifier: Unused.

         Updates bookkeeping to know about a session for @account_id. Also emits
         "start-user-session" upstart signal (asynchronously) and
         "SessionStateChanged:started" D-Bus signal.
     -->
     <method name="StartSession">
       <arg type="s" name="account_id" direction="in" />
       <arg type="s" name="unique_identifier" direction="in" />
     </method>

     <!--
         StopSession:
         @unique_identifier: Unused.

         Terminates all active user sessions, announces this over upstart
         ("stop-user-session") and DBus (SessionStateChanges:stopped).
     -->
     <method name="StopSession">
       <arg type="s" name="unique_identifier" direction="in" />
       <annotation name="org.chromium.DBus.Method.Kind" value="simple" />
     </method>

     <!--
         SessionStateChanged:
         @state: State the device has changed to.

         Signal emitted to announce session state changes. Supported values for
         @state include <quote>started</quote>, <quote>stopping</quote>, and
         <quote>stopped</quote>.
     -->
     <signal name="SessionStateChanged">
       <arg type="s" name="state" />
     </signal>

     <!--
         StorePolicy:
         @policy_blob: Serialized protobuf containing a device policy and a
                       signature over that policy.

         Stores a device policy. This method will verify the sig in @policy_blob
         and persist the blob to disk.
         The signature is a SHA1 with RSA signature over the policy,
         verifiable with the device-wide policy key.
     -->
     <method name="StorePolicy">
       <arg type="ay" name="policy_blob" direction="in" />
     </method>

     <!--
         StoreUnsignedPolicy:
         @policy_blob: Serialized protobuf containing device policy.

         Stores device policy without signature verification for AD managed
         devices. Locked down through busconfig to be only callable by
         authpolicyd and exits with an error if install attributes are not locked
         to enterprise_ad device mode.
     -->
     <method name="StoreUnsignedPolicy">
       <arg type="ay" name="policy_blob" direction="in" />
     </method>

     <!--
         RetrievePolicy:
         @policy_blob: Serialized protobuf containing a device policy and a
                       signature over that policy.

         Retrieve device policy stored by StorePolicy.
     -->
     <method name="RetrievePolicy">
       <arg type="ay" name="policy_blob" direction="out" />
     </method>

     <!--
         StorePolicyForUser:
         @account_id: Account ID of the user whose policy is to be stored.
         @policy_blob: A serialized PolicyFetchResponse protobuf.

         Similar to StorePolicy() above, but for user policy.
         @policy_blob should contain a serialized PolicyFetchResponse protobuf
         which wraps the actual policy data along with an SHA1-RSA signature
         over the policy data. The policy data is opaque to session_manager,
         the exact definition is only relevant to client code in Chrome.

         Calling this function attempts to persist the policy blob for
         a given user. Policy is stored in a root-owned location
         within the user's cryptohome (for privacy reasons). The
         first attempt to store policy also installs the signing
         key for user policy. This key is used later to verify policy
         updates pushed by Chrome.
     -->
     <method name="StorePolicyForUser">
       <arg type="s" name="account_id" direction="in" />
       <arg type="ay" name="policy_blob" direction="in" />
     </method>

     <!--
         StoreUnsignedPolicyForUser:
         @account_id: Account ID of the user whose policy is to be stored.
         @policy_blob: A serialized PolicyFetchResponse protobuf.

         Similar to StoreUnsignedPolicy() above, but for user policy.

         Stores user policy without signature verification for AD managed
         devices. Locked down through busconfig to be only callable by
         authpolicyd and exits with an error if install attributes are not locked
         to enterprise_ad device mode. The policy data is opaque to
         session_manager, the exact definition is only relevant to client code in
         Chrome.

         Calling this function attempts to persist the policy blob for a given
         user. Policy is stored in a root-owned location within the user's
         cryptohome (for privacy reasons and to prevent tampering by other system
         components).
     -->
     <method name="StoreUnsignedPolicyForUser">
       <arg type="s" name="account_id" direction="in" />
       <arg type="ay" name="policy_blob" direction="in" />
     </method>

     <!--
         RetrievePolicyForUser:
         @account_id: Account ID of the user whose policy the caller wants.
         @policy_blob: Serialized protobuf containing a PolicyFetchResponse and a
                       signature over that policy.

         Retrieves user policy for a given user.
     -->
     <method name="RetrievePolicyForUser">
       <arg type="s" name="account_id" direction="in" />
       <arg type="ay" name="policy_blob" direction="out" />
     </method>

     <!--
         StoreDeviceLocalAccountPolicy:
         @account_id: Account whose policy is to be stored.
         @policy_blob: A serialized PolicyFetchResponse protobuf.

         Similar to StorePolicyForUser() above, but for device-local
         accounts. @policy_blob should contain a serialized
         PolicyFetchResponse protobuf which wraps the actual policy
         data along with an SHA1-RSA signature over the policy
         data. The policy data is opaque to session manager, the exact
         definition is only relevant to client code in Chrome.

         Calling this function attempts to persist the policy blob for
         the device-local account specified in the method call. Policy
         is stored in the root-owned /var/lib/device_local_accounts
         directory in the stateful partition. Signatures are checked
         against the owner key, key rotation is not allowed.
     -->
     <method name="StoreDeviceLocalAccountPolicy">
       <arg type="s" name="account_id" direction="in" />
       <arg type="ay" name="policy_blob" direction="in" />
     </method>

     <!--
         RetrieveDeviceLocalAccountPolicy:
         @account_id: Account ID of the user whose policy is to be stored.
         @policy_blob: Serialized protobuf containing a PolicyFetchResponse and a
                       signature over that policy.

         Retrieves device-local account policy for the specified @account_id.
     -->
     <method name="RetrieveDeviceLocalAccountPolicy">
       <arg type="s" name="account_id" direction="in" />
       <arg type="ay" name="policy_blob" direction="out" />
     </method>

     <!--
         SetOwnerKeyComplete:
         Defined as login_manager::kOwnerKeySetSignal, broadcast when the request
         to persist the policy key was completed.
         @success: A string value with either "success" or "failure" indicating
                   whether the policy key was actually persisted.
     -->
     <signal name="SetOwnerKeyComplete">
       <arg type="s" name="success" />
     </signal>

     <!--
         PropertyChangeComplete:
         Broadcast when a request to persist the policy blob file on disk was
         completed.
         @success: A string value with either "success" or "failure" indicating
                   whether the policy blob was actually persisted.
     -->
     <signal name="PropertyChangeComplete">
       <arg type="s" name="success" />
     </signal>

     <!--
         RetrieveSessionState:
         @state: The current session state.

         Get information about the current session. Will be one of
         <quote>started</quote>, <quote>stopping</quote>, <quote>stopped</quote>.
     -->
     <method name="RetrieveSessionState">
       <arg type="s" name="state" direction="out" />
     </method>

     <!--
         RetrieveActiveSessions:
         @sessions: A map describing the currently active user sessions.

         Enumerate active user sessions.
         @sessions is a dictionary mapping { username: sanitized_user_name }.
     -->
     <method name="RetrieveActiveSessions">
       <arg type="a{ss}" name="sessions" direction="out" />
     </method>

     <!--
 	HandleSupervisedUserCreationStarting:

         Handle notification from Chrome that creation of a supervised user is
         underway. Browser crashes will trigger session termination until
         someone calls HandleSupervisedUserCreationFinished.
     -->
     <method name="HandleSupervisedUserCreationStarting">
     </method>

     <!--
 	HandleSupervisedUserCreationFinished:

         Handle notification from Chrome that creation of a supervised user is
         completed. Browser crashes will once again trigger a browser restart.
     -->
     <method name="HandleSupervisedUserCreationFinished">
     </method>

     <!--
         LockScreen:

         Allows other processes to request screen locking.
         Emits LockScreen signal to Chromium Browser to tell it to lock the
         screen. The browser should call the HandleScreenLocked
         method when the screen is actually locked.
     -->
     <method name="LockScreen">
     </method>

     <!--
         HandleLockScreenShown:

         Handle notification from Chrome that the lock screen is visible.
         Emits ScreenIsLocked.
     -->
     <method name="HandleLockScreenShown">
     </method>

     <!--
         HandleLockScreenDismissed:

         Handle notification from Chrome that the lock screen is hidden.
         Emits ScreenIsUnlocked.
     -->
     <method name="HandleLockScreenDismissed">
     </method>

     <!--
         ScreenIsLocked:
         Broadcast that the browser locked the screen.
     -->
     <signal name="ScreenIsLocked">
     </signal>
     <!--
         ScreenIsUnlocked:
         Broadcast that the browser unlocked the screen.
     -->
     <signal name="ScreenIsUnlocked">
     </signal>

     <!--
         RestartJob:
         @cred_fd: File descriptor that provides PID to be restarted.
         @argv: Command line arguments to restart the job with.

         Restarts job with pid returned when querying @cred_fd using
         SO_PEERCRED, replacing its command line arguments with those provided.
         Only works for the browser process managed by the SessionManager.
     -->
     <method name="RestartJob">
       <arg type="h" name="cred_fd" direction="in" />
       <arg type="as" name="argv" direction="in" />
     </method>

     <!--
         StartDeviceWipe:

         Sets the device up to "Powerwash" on reboot, and triggers a reboot.
     -->
     <method name="StartDeviceWipe" />

     <!--
         SetFlagsForUser:
         @account_id: Account ID of the user to set flags for.
         @flags: array of flags to be set for the user.

         Sets browser @flags to be applied on next in-session restart.
     -->
     <method name="SetFlagsForUser">
       <arg type="s" name="account_id" direction="in" />
       <arg type="as" name="flags" direction="in" />
     </method>

     <!--
         GetServerBackedStateKeys:
         @state_keys: The array of currently valid state keys.

         Requests server-backed state keys to be computed and returned. A
         server-backed state key is an opaque client-determined identifier that's
         used to stage state in a server to be retrieved after device
         recovery. These are used to figure out device state such as previous
         enrollment domain and whether the device got marked as stolen by its
         owner. The keys are time-dependent, with each key being valid only for a
         window of time, and based on system time this call returns the currently
         valid state key plus a number of subsequent state keys (all sorted by
         time in ascending order) that span approximately a year of time in
         coverage. It is the responsibility of the caller to ensure that the
         system time is accurate before starting the request!
     -->
     <method name="GetServerBackedStateKeys">
       <arg type="aay" name="state_keys" direction="out" />
     </method>

     <!--
         InitMachineInfo:
         @data: A string containing newline-separated key=value pairs.

         Initializes supplemental machine information for use by session manager
         that has be asynchronously determined in the boot process after
         starting session_manager. This method gets invoked by the ui-init-late
         init job; nothing else should call this method.
     -->
     <method name="InitMachineInfo">
       <arg type="s" name="data" direction="in" />
     </method>

     <!--
         StartContainer:
         @name: A string containing the name of the container to start.

         Starts a container.  Containers must be bundled with the rootfs so they
         are signed.
     -->
     <method name="StartContainer">
       <arg type="s" name="name" direction="in" />
     </method>

     <!--
         StopContainer:
         @name: A string containing the name of the container to stop.

         Stops a currently running container.
     -->
     <method name="StopContainer">
       <arg type="s" name="name" direction="in" />
     </method>

     <!--
         StartArcInstance:
         @request: Serialized StartArcInstanceRequest proto message containing
                   ARC startup options.
         @container_instance_id: Output parameter containing an opaque
                   identifier for the container instance. The
                   ArcInstanceStopped signal will contain the same identifier.

         Starts an ARC instance. Only one instance of ARC can be executing at a
         given point in time. This method is only available if the board
         supports ARC. This method gets invoked by Chrome.
     -->
     <method name="StartArcInstance">
       <arg type="ay" name="request" direction="in" />
       <arg type="s" name="container_instance_id" direction="out" />
     </method>

     <!--
         StopArcInstance:

         Stops the currently running ARC instance. Used to manually stop the ARC
         instance. If the instance is not running, this will result in a no-op.
         If this method is not called, session_manager will still stop the
         instance when the user's session ends. This method is only available if
         the board supports ARC. This method gets invoked by Chrome.
     -->
     <method name="StopArcInstance">
     </method>

     <!--
         SetArcCpuRestriction:
         @restriction_state: State used to set the level of CPU allowed specified
         as foreground or background with the
         |login_manager::ContainerCpuRestrictionState| enum.

         Adjusts the amount of CPU the ARC instance is allowed to use by setting
         the cpu.shares value of ARC's cpu cgroup.  When restriction_state is
         CONTAINER_CPU_RESTRICTION_FOREGROUND the limit is adjusted so ARC can
         use all the system's CPU if needed.  When restriction_state is
         CONTAINER_CPU_RESTRICTION_BACKGROUND, cpu.shares is set back to a
         tightly restricted level.  The ARC container is started in a state that
         is more restricted than CONTAINER_CPU_RESTRICTION_BACKGROUND.  This
         startup state is to allow Chrome to restore during login and can't be
         re-entered after startup is complete.
         Calling the method while the instance is not running *is* okay as long
         as the cgroups exist.
     -->
     <method name="SetArcCpuRestriction">
       <arg type="u" name="restriction_state" direction="in" />
     </method>

     <!--
         EmitArcBooted:

         Emits the "arc-booted" upstart signal on the browser's behalf.
     -->
     <method name="EmitArcBooted">
       <arg type="s" name="account_id" direction="in" />
     </method>

     <!--
         GetArcStartTimeTicks:

         Returns the value of start time (base::TimeTicks::ToInternalValue()) of
         the ARC instance if exists, otherwise an error will be returned
         accordingly i.e. ARC is not available on the platform or ARC is not
         started.
     -->
     <method name="GetArcStartTimeTicks">
       <arg type="x" name="start_time" direction="out" />
     </method>
     <!--
          RemoveArcData:
          @account_id: Account ID of the user whose ARC data is removed.

          Removes ARC data from the user's profile.  This does not remove ARC
          system data such as root images.
     -->
     <method name="RemoveArcData">
       <arg type="s" name="account_id" direction="in" />
     </method>
   </interface>
   <!-- ********************************************************************* -->
 </node>
	<!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN"
	"http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
	<node name="/org/chromium/SessionManager"
	xmlns:doc="http://www.freedesktop.org/dbus/1.0/doc.dtd">
	<!--
	Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
	Use of this source code is governed by a BSD-style license that can be
	found in the LICENSE file.

	-->

	<!-- ********************************************************************* -->

	<!--
	org.chromium.SessionManagerInterface:
	@short_description: User session manager.

	Interface for user session manager. Also handles persisting and
	retrieving device and per-user enterprise policy blobs and
	brokering certain privileged operations on the browser's behalf.
	-->
	<interface name="org.chromium.SessionManagerInterface">

	<!--
	EmitLoginPromptVisible:

	Emits the "login-prompt-visible" upstart signal and LoginPromptVisible
	DBus signal on the browser's behalf.
	-->
	<method name="EmitLoginPromptVisible">
	<annotation name="org.chromium.DBus.Method.Kind" value="simple" />
	</method>

	<!--
	LoginPromptVisible:

	Emitted when the browser indicates that the sign in screen is visible.
	-->
	<signal name="LoginPromptVisible" />

	<!--
	EnableChromeTesting:
	@force_relaunch: Restart the browser no matter what.
	@extra_arguments: Extra command line arguments to pass on restart.
	@filepath: The named pipe to be used for testing communication.

	Restarts the browser, leaving it open for testing automation.
	Adds an argument to the chrome child job command line that causes it,
	upon restart, to open a testing channel. Next, kills and restarts
	chrome. The name of the pipe to be used for testing is returned in
	@filepath.
	If @force_relaunch is true, Chrome will be restarted with each
	invocation. Otherwise, it will only be restarted if
	automation is not yet enabled. @extra_arguments can
	include any additional arguments that need to be passed to
	Chrome on subsequent launches.
	-->
	<method name="EnableChromeTesting">
	<arg type="b" name="force_relaunch" direction="in" />
	<arg type="as" name="extra_arguments" direction="in" />
	<arg type="s" name="filepath" direction="out" />
	</method>

	<!--
	StartSession:
	@account_id: Account ID of the user to start a session for.
	@unique_identifier: Unused.

	Updates bookkeeping to know about a session for @account_id. Also emits
	"start-user-session" upstart signal (asynchronously) and
	"SessionStateChanged:started" D-Bus signal.
	-->
	<method name="StartSession">
	<arg type="s" name="account_id" direction="in" />
	<arg type="s" name="unique_identifier" direction="in" />
	</method>

	<!--
	StopSession:
	@unique_identifier: Unused.

	Terminates all active user sessions, announces this over upstart
	("stop-user-session") and DBus (SessionStateChanges:stopped).
	-->
	<method name="StopSession">
	<arg type="s" name="unique_identifier" direction="in" />
	<annotation name="org.chromium.DBus.Method.Kind" value="simple" />
	</method>

	<!--
	SessionStateChanged:
	@state: State the device has changed to.

	Signal emitted to announce session state changes. Supported values for
	@state include <quote>started</quote>, <quote>stopping</quote>, and
	<quote>stopped</quote>.
	-->
	<signal name="SessionStateChanged">
	<arg type="s" name="state" />
	</signal>

	<!--
	StorePolicy:
	@policy_blob: Serialized protobuf containing a device policy and a
	signature over that policy.

	Stores a device policy. This method will verify the sig in @policy_blob
	and persist the blob to disk.
	The signature is a SHA1 with RSA signature over the policy,
	verifiable with the device-wide policy key.
	-->
	<method name="StorePolicy">
	<arg type="ay" name="policy_blob" direction="in" />
	</method>

	<!--
	StoreUnsignedPolicy:
	@policy_blob: Serialized protobuf containing device policy.

	Stores device policy without signature verification for AD managed
	devices. Locked down through busconfig to be only callable by
	authpolicyd and exits with an error if install attributes are not locked
	to enterprise_ad device mode.
	-->
	<method name="StoreUnsignedPolicy">
	<arg type="ay" name="policy_blob" direction="in" />
	</method>

	<!--
	RetrievePolicy:
	@policy_blob: Serialized protobuf containing a device policy and a
	signature over that policy.

	Retrieve device policy stored by StorePolicy.
	-->
	<method name="RetrievePolicy">
	<arg type="ay" name="policy_blob" direction="out" />
	</method>

	<!--
	StorePolicyForUser:
	@account_id: Account ID of the user whose policy is to be stored.
	@policy_blob: A serialized PolicyFetchResponse protobuf.

	Similar to StorePolicy() above, but for user policy.
	@policy_blob should contain a serialized PolicyFetchResponse protobuf
	which wraps the actual policy data along with an SHA1-RSA signature
	over the policy data. The policy data is opaque to session_manager,
	the exact definition is only relevant to client code in Chrome.

	Calling this function attempts to persist the policy blob for
	a given user. Policy is stored in a root-owned location
	within the user's cryptohome (for privacy reasons). The
	first attempt to store policy also installs the signing
	key for user policy. This key is used later to verify policy
	updates pushed by Chrome.
	-->
	<method name="StorePolicyForUser">
	<arg type="s" name="account_id" direction="in" />
	<arg type="ay" name="policy_blob" direction="in" />
	</method>

	<!--
	StoreUnsignedPolicyForUser:
	@account_id: Account ID of the user whose policy is to be stored.
	@policy_blob: A serialized PolicyFetchResponse protobuf.

	Similar to StoreUnsignedPolicy() above, but for user policy.

	Stores user policy without signature verification for AD managed
	devices. Locked down through busconfig to be only callable by
	authpolicyd and exits with an error if install attributes are not locked
	to enterprise_ad device mode. The policy data is opaque to
	session_manager, the exact definition is only relevant to client code in
	Chrome.

	Calling this function attempts to persist the policy blob for a given
	user. Policy is stored in a root-owned location within the user's
	cryptohome (for privacy reasons and to prevent tampering by other system
	components).
	-->
	<method name="StoreUnsignedPolicyForUser">
	<arg type="s" name="account_id" direction="in" />
	<arg type="ay" name="policy_blob" direction="in" />
	</method>

	<!--
	RetrievePolicyForUser:
	@account_id: Account ID of the user whose policy the caller wants.
	@policy_blob: Serialized protobuf containing a PolicyFetchResponse and a
	signature over that policy.

	Retrieves user policy for a given user.
	-->
	<method name="RetrievePolicyForUser">
	<arg type="s" name="account_id" direction="in" />
	<arg type="ay" name="policy_blob" direction="out" />
	</method>

	<!--
	StoreDeviceLocalAccountPolicy:
	@account_id: Account whose policy is to be stored.
	@policy_blob: A serialized PolicyFetchResponse protobuf.

	Similar to StorePolicyForUser() above, but for device-local
	accounts. @policy_blob should contain a serialized
	PolicyFetchResponse protobuf which wraps the actual policy
	data along with an SHA1-RSA signature over the policy
	data. The policy data is opaque to session manager, the exact
	definition is only relevant to client code in Chrome.

	Calling this function attempts to persist the policy blob for
	the device-local account specified in the method call. Policy
	is stored in the root-owned /var/lib/device_local_accounts
	directory in the stateful partition. Signatures are checked
	against the owner key, key rotation is not allowed.
	-->
	<method name="StoreDeviceLocalAccountPolicy">
	<arg type="s" name="account_id" direction="in" />
	<arg type="ay" name="policy_blob" direction="in" />
	</method>

	<!--
	RetrieveDeviceLocalAccountPolicy:
	@account_id: Account ID of the user whose policy is to be stored.
	@policy_blob: Serialized protobuf containing a PolicyFetchResponse and a
	signature over that policy.

	Retrieves device-local account policy for the specified @account_id.
	-->
	<method name="RetrieveDeviceLocalAccountPolicy">
	<arg type="s" name="account_id" direction="in" />
	<arg type="ay" name="policy_blob" direction="out" />
	</method>

	<!--
	SetOwnerKeyComplete:
	Defined as login_manager::kOwnerKeySetSignal, broadcast when the request
	to persist the policy key was completed.
	@success: A string value with either "success" or "failure" indicating
	whether the policy key was actually persisted.
	-->
	<signal name="SetOwnerKeyComplete">
	<arg type="s" name="success" />
	</signal>

	<!--
	PropertyChangeComplete:
	Broadcast when a request to persist the policy blob file on disk was
	completed.
	@success: A string value with either "success" or "failure" indicating
	whether the policy blob was actually persisted.
	-->
	<signal name="PropertyChangeComplete">
	<arg type="s" name="success" />
	</signal>

	<!--
	RetrieveSessionState:
	@state: The current session state.

	Get information about the current session. Will be one of
	<quote>started</quote>, <quote>stopping</quote>, <quote>stopped</quote>.
	-->
	<method name="RetrieveSessionState">
	<arg type="s" name="state" direction="out" />
	</method>

	<!--
	RetrieveActiveSessions:
	@sessions: A map describing the currently active user sessions.

	Enumerate active user sessions.
	@sessions is a dictionary mapping { username: sanitized_user_name }.
	-->
	<method name="RetrieveActiveSessions">
	<arg type="a{ss}" name="sessions" direction="out" />
	</method>

	<!--
	HandleSupervisedUserCreationStarting:

	Handle notification from Chrome that creation of a supervised user is
	underway. Browser crashes will trigger session termination until
	someone calls HandleSupervisedUserCreationFinished.
	-->
	<method name="HandleSupervisedUserCreationStarting">
	</method>

	<!--
	HandleSupervisedUserCreationFinished:

	Handle notification from Chrome that creation of a supervised user is
	completed. Browser crashes will once again trigger a browser restart.
	-->
	<method name="HandleSupervisedUserCreationFinished">
	</method>

	<!--
	LockScreen:

	Allows other processes to request screen locking.
	Emits LockScreen signal to Chromium Browser to tell it to lock the
	screen. The browser should call the HandleScreenLocked
	method when the screen is actually locked.
	-->
	<method name="LockScreen">
	</method>

	<!--
	HandleLockScreenShown:

	Handle notification from Chrome that the lock screen is visible.
	Emits ScreenIsLocked.
	-->
	<method name="HandleLockScreenShown">
	</method>

	<!--
	HandleLockScreenDismissed:

	Handle notification from Chrome that the lock screen is hidden.
	Emits ScreenIsUnlocked.
	-->
	<method name="HandleLockScreenDismissed">
	</method>

	<!--
	ScreenIsLocked:
	Broadcast that the browser locked the screen.
	-->
	<signal name="ScreenIsLocked">
	</signal>
	<!--
	ScreenIsUnlocked:
	Broadcast that the browser unlocked the screen.
	-->
	<signal name="ScreenIsUnlocked">
	</signal>

	<!--
	RestartJob:
	@cred_fd: File descriptor that provides PID to be restarted.
	@argv: Command line arguments to restart the job with.

	Restarts job with pid returned when querying @cred_fd using
	SO_PEERCRED, replacing its command line arguments with those provided.
	Only works for the browser process managed by the SessionManager.
	-->
	<method name="RestartJob">
	<arg type="h" name="cred_fd" direction="in" />
	<arg type="as" name="argv" direction="in" />
	</method>

	<!--
	StartDeviceWipe:

	Sets the device up to "Powerwash" on reboot, and triggers a reboot.
	-->
	<method name="StartDeviceWipe" />

	<!--
	SetFlagsForUser:
	@account_id: Account ID of the user to set flags for.
	@flags: array of flags to be set for the user.

	Sets browser @flags to be applied on next in-session restart.
	-->
	<method name="SetFlagsForUser">
	<arg type="s" name="account_id" direction="in" />
	<arg type="as" name="flags" direction="in" />
	</method>

	<!--
	GetServerBackedStateKeys:
	@state_keys: The array of currently valid state keys.

	Requests server-backed state keys to be computed and returned. A
	server-backed state key is an opaque client-determined identifier that's
	used to stage state in a server to be retrieved after device
	recovery. These are used to figure out device state such as previous
	enrollment domain and whether the device got marked as stolen by its
	owner. The keys are time-dependent, with each key being valid only for a
	window of time, and based on system time this call returns the currently
	valid state key plus a number of subsequent state keys (all sorted by
	time in ascending order) that span approximately a year of time in
	coverage. It is the responsibility of the caller to ensure that the
	system time is accurate before starting the request!
	-->
	<method name="GetServerBackedStateKeys">
	<arg type="aay" name="state_keys" direction="out" />
	</method>

	<!--
	InitMachineInfo:
	@data: A string containing newline-separated key=value pairs.

	Initializes supplemental machine information for use by session manager
	that has be asynchronously determined in the boot process after
	starting session_manager. This method gets invoked by the ui-init-late
	init job; nothing else should call this method.
	-->
	<method name="InitMachineInfo">
	<arg type="s" name="data" direction="in" />
	</method>

	<!--
	StartContainer:
	@name: A string containing the name of the container to start.

	Starts a container. Containers must be bundled with the rootfs so they
	are signed.
	-->
	<method name="StartContainer">
	<arg type="s" name="name" direction="in" />
	</method>

	<!--
	StopContainer:
	@name: A string containing the name of the container to stop.

	Stops a currently running container.
	-->
	<method name="StopContainer">
	<arg type="s" name="name" direction="in" />
	</method>

	<!--
	StartArcInstance:
	@request: Serialized StartArcInstanceRequest proto message containing
	ARC startup options.
	@container_instance_id: Output parameter containing an opaque
	identifier for the container instance. The
	ArcInstanceStopped signal will contain the same identifier.

	Starts an ARC instance. Only one instance of ARC can be executing at a
	given point in time. This method is only available if the board
	supports ARC. This method gets invoked by Chrome.
	-->
	<method name="StartArcInstance">
	<arg type="ay" name="request" direction="in" />
	<arg type="s" name="container_instance_id" direction="out" />
	</method>

	<!--
	StopArcInstance:

	Stops the currently running ARC instance. Used to manually stop the ARC
	instance. If the instance is not running, this will result in a no-op.
	If this method is not called, session_manager will still stop the
	instance when the user's session ends. This method is only available if
	the board supports ARC. This method gets invoked by Chrome.
	-->
	<method name="StopArcInstance">
	</method>

	<!--
	SetArcCpuRestriction:
	@restriction_state: State used to set the level of CPU allowed specified
	as foreground or background with the
	\|login_manager::ContainerCpuRestrictionState\| enum.

	Adjusts the amount of CPU the ARC instance is allowed to use by setting
	the cpu.shares value of ARC's cpu cgroup. When restriction_state is
	CONTAINER_CPU_RESTRICTION_FOREGROUND the limit is adjusted so ARC can
	use all the system's CPU if needed. When restriction_state is
	CONTAINER_CPU_RESTRICTION_BACKGROUND, cpu.shares is set back to a
	tightly restricted level. The ARC container is started in a state that
	is more restricted than CONTAINER_CPU_RESTRICTION_BACKGROUND. This
	startup state is to allow Chrome to restore during login and can't be
	re-entered after startup is complete.
	Calling the method while the instance is not running is okay as long
	as the cgroups exist.
	-->
	<method name="SetArcCpuRestriction">
	<arg type="u" name="restriction_state" direction="in" />
	</method>

	<!--
	EmitArcBooted:

	Emits the "arc-booted" upstart signal on the browser's behalf.
	-->
	<method name="EmitArcBooted">
	<arg type="s" name="account_id" direction="in" />
	</method>

	<!--
	GetArcStartTimeTicks:

	Returns the value of start time (base::TimeTicks::ToInternalValue()) of
	the ARC instance if exists, otherwise an error will be returned
	accordingly i.e. ARC is not available on the platform or ARC is not
	started.
	-->
	<method name="GetArcStartTimeTicks">
	<arg type="x" name="start_time" direction="out" />
	</method>
	<!--
	RemoveArcData:
	@account_id: Account ID of the user whose ARC data is removed.

	Removes ARC data from the user's profile. This does not remove ARC
	system data such as root images.
	-->
	<method name="RemoveArcData">
	<arg type="s" name="account_id" direction="in" />
	</method>
	</interface>
	<!-- ********************************************************************* -->
	</node>