googleapis

import { OAuth2Client, JWT, Compute, UserRefreshClient, BaseExternalAccountClient, GaxiosResponseWithHTTP2, GoogleConfigurable, MethodOptions, StreamMethodOptions, GlobalOptions, GoogleAuth, BodyResponseCallback, APIRequestContext } from 'googleapis-common'; import { Readable } from 'stream'; export declare namespace androidmanagement_v1 { export interface Options extends GlobalOptions { version: 'v1'; } interface StandardParameters { /** * Auth client or API Key for the request */ auth?: string | OAuth2Client | JWT | Compute | UserRefreshClient | BaseExternalAccountClient | GoogleAuth; /** * V1 error format. */ '$.xgafv'?: string; /** * OAuth access token. */ access_token?: string; /** * Data format for response. */ alt?: string; /** * JSONP */ callback?: string; /** * Selector specifying which fields to include in a partial response. */ fields?: string; /** * API key. Your API key identifies your project and provides you with API access, quota, and reports. Required unless you provide an OAuth 2.0 token. */ key?: string; /** * OAuth 2.0 token for the current user. */ oauth_token?: string; /** * Returns response with indentations and line breaks. */ prettyPrint?: boolean; /** * Available to use for quota purposes for server-side applications. Can be any arbitrary string assigned to a user, but should not exceed 40 characters. */ quotaUser?: string; /** * Legacy upload protocol for media (e.g. "media", "multipart"). */ uploadType?: string; /** * Upload protocol for media (e.g. "raw", "multipart"). */ upload_protocol?: string; } /** * Android Management API * * The Android Management API provides remote enterprise management of Android devices and apps. * * @example * ```js * const {google} = require('googleapis'); * const androidmanagement = google.androidmanagement('v1'); * ``` */ export class Androidmanagement { context: APIRequestContext; enterprises: Resource$Enterprises; provisioningInfo: Resource$Provisioninginfo; signupUrls: Resource$Signupurls; constructor(options: GlobalOptions, google?: GoogleConfigurable); } /** * A shell command was issued over ADB via “adb shell command”. */ export interface Schema$AdbShellCommandEvent { /** * Shell command that was issued over ADB via "adb shell command". Redacted to empty string on organization-owned managed profile devices. */ shellCmd?: string | null; } /** * An ADB interactive shell was opened via “adb shell”. Intentionally empty. */ export interface Schema$AdbShellInteractiveEvent { } /** * Parameters associated with the ADD_ESIM command to add an eSIM profile to the device. */ export interface Schema$AddEsimParams { /** * Required. The activation code for the eSIM profile. */ activationCode?: string | null; /** * Required. The activation state of the eSIM profile once it is downloaded. */ activationState?: string | null; } /** * Advanced security settings. In most cases, setting these is not needed. */ export interface Schema$AdvancedSecurityOverrides { /** * Controls Common Criteria Mode—security standards defined in the Common Criteria for Information Technology Security Evaluation (https://www.commoncriteriaportal.org/) (CC). Enabling Common Criteria Mode increases certain security components on a device, see CommonCriteriaMode for details.Warning: Common Criteria Mode enforces a strict security model typically only required for IT products used in national security systems and other highly sensitive organizations. Standard device use may be affected. Only enabled if required. If Common Criteria Mode is turned off after being enabled previously, all user-configured Wi-Fi networks may be lost and any enterprise-configured Wi-Fi networks that require user input may need to be reconfigured. */ commonCriteriaMode?: string | null; /** * Optional. Controls whether content protection, which scans for deceptive apps, is enabled. This is supported on Android 15 and above. */ contentProtectionPolicy?: string | null; /** * Controls access to developer settings: developer options and safe boot. Replaces safeBootDisabled (deprecated) and debuggingFeaturesAllowed (deprecated). On personally-owned devices with a work profile, setting this policy will not disable safe boot. In this case, a NonComplianceDetail with MANAGEMENT_MODE is reported. */ developerSettings?: string | null; /** * Whether Google Play Protect verification (https://support.google.com/accounts/answer/2812853) is enforced. Replaces ensureVerifyAppsEnabled (deprecated). */ googlePlayProtectVerifyApps?: string | null; /** * Optional. Controls Memory Tagging Extension (MTE) (https://source.android.com/docs/security/test/memory-safety/arm-mte) on the device. The device needs to be rebooted to apply changes to the MTE policy. On Android 15 and above, a NonComplianceDetail with PENDING is reported if the policy change is pending a device reboot. */ mtePolicy?: string | null; /** * Personal apps that can read work profile notifications using a NotificationListenerService (https://developer.android.com/reference/android/service/notification/NotificationListenerService). By default, no personal apps (aside from system apps) can read work notifications. Each value in the list must be a package name. */ personalAppsThatCanReadWorkNotifications?: string[] | null; /** * The policy for untrusted apps (apps from unknown sources) enforced on the device. Replaces install_unknown_sources_allowed (deprecated). */ untrustedAppsPolicy?: string | null; } /** * Configuration for an always-on VPN connection. */ export interface Schema$AlwaysOnVpnPackage { /** * Disallows networking when the VPN is not connected. */ lockdownEnabled?: boolean | null; /** * The package name of the VPN app. */ packageName?: string | null; } /** * A compliance rule condition which is satisfied if the Android Framework API level on the device doesn't meet a minimum requirement. There can only be one rule with this type of condition per policy. */ export interface Schema$ApiLevelCondition { /** * The minimum desired Android Framework API level. If the device doesn't meet the minimum requirement, this condition is satisfied. Must be greater than zero. */ minApiLevel?: number | null; } /** * Access Point Name (APN) policy. Configuration for Access Point Names (APNs) which may override any other APNs on the device. See OVERRIDE_APNS_ENABLED and overrideApns for details. */ export interface Schema$ApnPolicy { /** * Optional. APN settings for override APNs. There must not be any conflict between any of APN settings provided, otherwise the policy will be rejected. Two ApnSettings are considered to conflict when all of the following fields match on both: numericOperatorId, apn, proxyAddress, proxyPort, mmsProxyAddress, mmsProxyPort, mmsc, mvnoType, protocol, roamingProtocol. If some of the APN settings result in non-compliance of INVALID_VALUE , they will be ignored. This can be set on fully managed devices on Android 10 and above. This can also be set on work profiles on Android 13 and above and only with ApnSetting's with ENTERPRISE APN type. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 10. A NonComplianceDetail with MANAGEMENT_MODE is reported for work profiles on Android versions less than 13. */ apnSettings?: Schema$ApnSetting[]; /** * Optional. Whether override APNs are disabled or enabled. See DevicePolicyManager.setOverrideApnsEnabled (https://developer.android.com/reference/android/app/admin/DevicePolicyManager#setOverrideApnsEnabled) for more details. */ overrideApns?: string | null; } /** * An Access Point Name (APN) configuration for a carrier data connection. The APN provides configuration to connect a cellular network device to an IP data network. A carrier uses this setting to decide which IP address to assign, any security methods to apply, and how the device might be connected to private networks. */ export interface Schema$ApnSetting { /** * Optional. Whether User Plane resources have to be activated during every transition from CM-IDLE mode to CM-CONNECTED state for this APN. See 3GPP TS 23.501 section 5.6.13. */ alwaysOnSetting?: string | null; /** * Required. Name of the APN. Policy will be rejected if this field is empty. */ apn?: string | null; /** * Required. Usage categories for the APN. Policy will be rejected if this field is empty or contains APN_TYPE_UNSPECIFIED or duplicates. Multiple APN types can be set on fully managed devices. ENTERPRISE is the only allowed APN type on work profiles. A NonComplianceDetail with MANAGEMENT_MODE is reported for any other value on work profiles. APN types that are not supported on the device or management mode will be ignored. If this results in the empty list, the APN setting will be ignored, because apnTypes is a required field. A NonComplianceDetail with INVALID_VALUE is reported if none of the APN types are supported on the device or management mode. */ apnTypes?: string[] | null; /** * Optional. Authentication type of the APN. */ authType?: string | null; /** * Optional. Carrier ID for the APN. A value of 0 (default) means not set and negative values are rejected. */ carrierId?: number | null; /** * Required. Human-readable name that describes the APN. Policy will be rejected if this field is empty. */ displayName?: string | null; /** * Optional. MMSC (Multimedia Messaging Service Center) URI of the APN. */ mmsc?: string | null; /** * Optional. MMS (Multimedia Messaging Service) proxy address of the APN which can be an IP address or hostname (not a URL). */ mmsProxyAddress?: string | null; /** * Optional. MMS (Multimedia Messaging Service) proxy port of the APN. A value of 0 (default) means not set and negative values are rejected. */ mmsProxyPort?: number | null; /** * Optional. The default MTU (Maximum Transmission Unit) size in bytes of the IPv4 routes brought up by this APN setting. A value of 0 (default) means not set and negative values are rejected. Supported on Android 13 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 13. */ mtuV4?: number | null; /** * Optional. The MTU (Maximum Transmission Unit) size of the IPv6 mobile interface to which the APN connected. A value of 0 (default) means not set and negative values are rejected. Supported on Android 13 and above. A NonComplianceDetail with API_LEVEL is reported if the Android version is less than 13. */ mtuV6?: number | null; /** * Optional. MVNO match type for the APN. */ mvnoType?: string | null; /** * Optional. Radio technologies (network types) the APN may use. Policy will be rejected if this field contains NETWORK_TYPE_UNSPECIFIED or duplicates. */ networkTypes?: string[] | null; /** * Optional. The numeric operator ID of the APN. Numeric operator ID is defined as MCC (Mobile Country Code) + MNC (Mobile Network Code). */ numericOperatorId?: string | null; /** * Optional. APN password of the APN. */ password?: string | null; /** * Optional. The protocol to use to connect to this APN. */ protocol?: string | null; /** * Optional. The proxy address of the APN. */ proxyAddress?: string | null; /** * Optional. The proxy port of the APN. A value of 0 (default) means not set and negative values are rejected. */ proxyPort?: number | null; /** * Optional. The protocol to use to connect to this APN while the device is roaming. */ roamingProtocol?: string | null; /** * Optional. APN username of the APN. */ username?: string | null; } /** * Information about an app. */ export interface Schema$Application { /** * Whether this app is free, free with in-app purchases, or paid. If the pricing is unspecified, this means the app is not generally available anymore (even though it might still be available to people who own it). */ appPricing?: string | null; /** * Application tracks visible to the enterprise. */ appTracks?: Schema$AppTrackInfo[]; /** * Versions currently available for this app. */ appVersions?: Schema$AppVersion[]; /** * The name of the author of the apps (for example, the app developer). */ author?: string | null; /** * The countries which this app is available in as per ISO 3166-1 alpha-2. */ availableCountries?: string[] | null; /** * The app category (e.g. RACING, SOCIAL, etc.) */ category?: string | null; /** * The content rating for this app. */ contentRating?: string | null; /** * The localized promotional description, if available. */ description?: string | null; /** * How and to whom the package is made available. */ distributionChannel?: string | null; /** * Noteworthy features (if any) of this app. */ features?: string[] | null; /** * Full app description, if available. */ fullDescription?: string | null; /** * A link to an image that can be used as an icon for the app. This image is suitable for use up to a pixel size of 512 x 512. */ iconUrl?: string | null; /** * The set of managed properties available to be pre-configured for the app. */ managedProperties?: Schema$ManagedProperty[]; /** * The minimum Android SDK necessary to run the app. */ minAndroidSdkVersion?: number | null; /** * The name of the app in the form enterprises/{enterprise\}/applications/{package_name\}. */ name?: string | null; /** * The permissions required by the app. */ permissions?: Schema$ApplicationPermission[]; /** * A link to the (consumer) Google Play details page for the app. */ playStoreUrl?: string | null; /** * A localised description of the recent changes made to the app. */ recentChanges?: string | null; /** * A list of screenshot links representing the app. */ screenshotUrls?: string[] | null; /** * A link to a smaller image that can be used as an icon for the app. This image is suitable for use up to a pixel size of 128 x 128. */ smallIconUrl?: string | null; /** * The title of the app. Localized. */ title?: string | null; /** * Output only. The approximate time (within 7 days) the app was last published. */ updateTime?: string | null; } /** * An app-related event. */ export interface Schema$ApplicationEvent { /** * The creation time of the event. */ createTime?: string | null; /** * App event type. */ eventType?: string | null; } /** * A permission required by the app. */ export interface Schema$ApplicationPermission { /** * A longer description of the permission, providing more detail on what it affects. Localized. */ description?: string | null; /** * The name of the permission. Localized. */ name?: string | null; /** * An opaque string uniquely identifying the permission. Not localized. */ permissionId?: string | null; } /** * Policy for an individual app. Note: Application availability on a given device cannot be changed using this policy if installAppsDisabled is enabled. The maximum number of applications that you can specify per policy is 3,000. */ export interface Schema$ApplicationPolicy { /** * List of the app’s track IDs that a device belonging to the enterprise can access. If the list contains multiple track IDs, devices receive the latest version among all accessible tracks. If the list contains no track IDs, devices only have access to the app’s production track. More details about each track are available in AppTrackInfo. */ accessibleTrackIds?: string[] | null; /** * Specifies whether the app is allowed networking when the VPN is not connected and alwaysOnVpnPackage.lockdownEnabled is enabled. If set to VPN_LOCKDOWN_ENFORCED, the app is not allowed networking, and if set to VPN_LOCKDOWN_EXEMPTION, the app is allowed networking. Only supported on devices running Android 10 and above. If this is not supported by the device, the device will contain a NonComplianceDetail with non_compliance_reason set to API_LEVEL and a fieldPath. If this is not applicable to the app, the device will contain a NonComplianceDetail with non_compliance_reason set to UNSUPPORTED and a fieldPath. The fieldPath is set to applications[i].alwaysOnVpnLockdownExemption, where i is the index of the package in the applications policy. */ alwaysOnVpnLockdownExemption?: string | null; /** * Controls the auto-update mode for the app. */ autoUpdateMode?: string | null; /** * Controls whether the app can communicate with itself across a device’s work and personal profiles, subject to user consent. */ connectedWorkAndPersonalApp?: string | null; /** * Optional. Whether the app is allowed to act as a credential provider on Android 14 and above. */ credentialProviderPolicy?: string | null; /** * Optional. Configuration for this custom app.install_type must be set to CUSTOM for this to be set. */ customAppConfig?: Schema$CustomAppConfig; /** * The default policy for all permissions requested by the app. If specified, this overrides the policy-level default_permission_policy which applies to all apps. It does not override the permission_grants which applies to all apps. */ defaultPermissionPolicy?: string | null; /** * The scopes delegated to the app from Android Device Policy. These provide additional privileges for the applications they are applied to. */ delegatedScopes?: string[] | null; /** * Whether the app is disabled. When disabled, the app data is still preserved. */ disabled?: boolean | null; /** * Configuration to enable this app as an extension app, with the capability of interacting with Android Device Policy offline.This field can be set for at most one app. If there is any app with COMPANION_APP role, this field cannot be set.The signing key certificate fingerprint of the app on the device must match one of the entries in ApplicationPolicy.signingKeyCerts or ExtensionConfig.signingKeyFingerprintsSha256 (deprecated) or the signing key certificate fingerprints obtained from Play Store for the app to be able to communicate with Android Device Policy. If the app is not on Play Store and if ApplicationPolicy.signingKeyCerts and ExtensionConfig.signingKeyFingerprintsSha256 (deprecated) are not set, a NonComplianceDetail with INVALID_VALUE is reported. */ extensionConfig?: Schema$ExtensionConfig; /** * Optional. The constraints for installing the app. You can specify a maximum of one InstallConstraint. Multiple constraints are rejected. */ installConstraint?: Schema$InstallConstraint[]; /** * Optional. Amongst apps with installType set to: FORCE_INSTALLED PREINSTALLEDthis controls the relative priority of installation. A value of 0 (default) means this app has no priority over other apps. For values between 1 and 10,000, a lower value means a higher priority. Values outside of the range 0 to 10,000 inclusive are rejected. */ installPriority?: number | null; /** * The type of installation to perform. */ installType?: string | null; /** * Whether the app is allowed to lock itself in full-screen mode. DEPRECATED. Use InstallType KIOSK or kioskCustomLauncherEnabled to configure a dedicated device. */ lockTaskAllowed?: boolean | null; /** * Managed configuration applied to the app. The format for the configuration is dictated by the ManagedProperty values supported by the app. Each field name in the managed configuration must match the key field of the ManagedProperty. The field value must be compatible with the type of the ManagedProperty: *type* *JSON value* BOOL true or false STRING string INTEGER number CHOICE string MULTISELECT array of strings HIDDEN string BUNDLE_ARRAY array of objects Note: string values cannot be longer than 65535 characters. */ managedConfiguration?: { [key: string]: any; } | null; /** * The managed configurations template for the app, saved from the managed configurations iframe. This field is ignored if managed_configuration is set. */ managedConfigurationTemplate?: Schema$ManagedConfigurationTemplate; /** * The minimum version of the app that runs on the device. If set, the device attempts to update the app to at least this version code. If the app is not up-to-date, the device will contain a NonComplianceDetail with non_compliance_reason set to APP_NOT_UPDATED. The app must already be published to Google Play with a version code greater than or equal to this value. At most 20 apps may specify a minimum version code per policy. */ minimumVersionCode?: number | null; /** * The package name of the app. For example, com.google.android.youtube for the YouTube app. */ packageName?: string | null; /** * Explicit permission grants or denials for the app. These values override the default_permission_policy and permission_grants which apply to all apps. */ permissionGrants?: Schema$PermissionGrant[]; /** * Optional. ID of the preferential network the application uses. There must be a configuration for the specified network ID in preferentialNetworkServiceConfigs. If set to PREFERENTIAL_NETWORK_ID_UNSPECIFIED, the application will use the default network ID specified in defaultPreferentialNetworkId. See the documentation of defaultPreferentialNetworkId for the list of apps excluded from this defaulting. This applies on both work profiles and fully managed devices on Android 13 and above. */ preferentialNetworkId?: string | null; /** * Optional. Roles the app has.Apps having certain roles can be exempted from power and background execution restrictions, suspension and hibernation on Android 14 and above. The user control can also be disallowed for apps with certain roles on Android 11 and above. Refer to the documentation of each RoleType for more details.The app is notified about the roles that are set for it if the app has a notification receiver service with . The app is notified whenever its roles are updated or after the app is installed when it has nonempty list of roles. The app can use this notification to bootstrap itself after the installation. See Integrate with the AMAPI SDK (https://developers.google.com/android/management/sdk-integration) and Manage app roles (https://developers.google.com/android/management/app-roles) guides for more details on the requirements for the service.For the exemptions to be applied and the app to be notified about the roles, the signing key certificate fingerprint of the app on the device must match one of the signing key certificate fingerprints obtained from Play Store or one of the entries in ApplicationPolicy.signingKeyCerts. Otherwise, a NonComplianceDetail with APP_SIGNING_CERT_MISMATCH is reported.There must not be duplicate roles with the same roleType. Multiple apps cannot hold a role with the same roleType. A role with type ROLE_TYPE_UNSPECIFIED is not allowed. */ roles?: Schema$Role[]; /** * Optional. Signing key certificates of the app.This field is required in the following cases: The app has installType set to CUSTOM (i.e. a custom app). The app has roles set to a nonempty list and the app does not exist on the Play Store. The app has extensionConfig set (i.e. an extension app) but ExtensionConfig.signingKeyFingerprintsSha256 (deprecated) is not set and the app does not exist on the Play Store.If this field is not set for a custom app, the policy is rejected. If it is not set when required for a non-custom app, a NonComplianceDetail with INVALID_VALUE is reported.For other cases, this field is optional and the signing key certificates obtained from Play Store are used.See following policy settings to see how this field is used: choosePrivateKeyRules ApplicationPolicy.InstallType.CUSTOM ApplicationPolicy.extensionConfig ApplicationPolicy.roles */ signingKeyCerts?: Schema$ApplicationSigningKeyCert[]; /** * Optional. Specifies whether user control is permitted for the app. User control includes user actions like force-stopping and clearing app data. Certain types of apps have special treatment, see USER_CONTROL_SETTINGS_UNSPECIFIED and USER_CONTROL_ALLOWED for more details. */ userControlSettings?: string | null; /** * Specifies whether the app installed in the work profile is allowed to add widgets to the home screen. */ workProfileWidgets?: string | null; } /** * A change to be made to a single ApplicationPolicy object. */ export interface Schema$ApplicationPolicyChange { /** * If ApplicationPolicy.packageName matches an existing ApplicationPolicy object within the Policy being modified, then that object will be updated. Otherwise, it will be added to the end of the Policy.applications. */ application?: Schema$ApplicationPolicy; /** * The field mask indicating the fields to update. If omitted, all modifiable fields are updated. */ updateMask?: string | null; } /** * Information reported about an installed app. */ export interface Schema$ApplicationReport { /** * The source of the package. */ applicationSource?: string | null; /** * The display name of the app. */ displayName?: string | null; /** * The list of app events which have occurred in the last 30 hours. */ events?: Schema$ApplicationEvent[]; /** * The package name of the app that installed this app. */ installerPackageName?: string | null; /** * List of keyed app states reported by the app. */ keyedAppStates?: Schema$KeyedAppState[]; /** * Package name of the app. */ packageName?: string | null; /** * The SHA-256 hash of the app's APK file, which can be used to verify the app hasn't been modified. Each byte of the hash value is represented as a two-digit hexadecimal number. */ packageSha256Hash?: string | null; /** * The SHA-1 hash of each android.content.pm.Signature (https://developer.android.com/reference/android/content/pm/Signature.html) associated with the app package. Each byte of each hash value is represented as a two-digit hexadecimal number. */ signingKeyCertFingerprints?: string[] | null; /** * Application state. */ state?: string | null; /** * Whether the app is user facing. */ userFacingType?: string | null; /** * The app version code, which can be used to determine whether one version is more recent than another. */ versionCode?: number | null; /** * The app version as displayed to the user. */ versionName?: string | null; } /** * Settings controlling the behavior of application reports. */ export interface Schema$ApplicationReportingSettings { /** * Whether removed apps are included in application reports. */ includeRemovedApps?: boolean | null; } /** * The application signing key certificate. */ export interface Schema$ApplicationSigningKeyCert { /** * Required. The SHA-256 hash value of the signing key certificate of the app. This must be a valid SHA-256 hash value, i.e. 32 bytes. Otherwise, the policy is rejected. */ signingKeyCertFingerprintSha256?: string | null; } /** * Information about a process. It contains process name, start time, app Uid, app Pid, seinfo tag, hash of the base APK. */ export interface Schema$AppProcessInfo { /** * SHA-256 hash of the base APK, in hexadecimal format. */ apkSha256Hash?: string | null; /** * Package names of all packages that are associated with the particular user ID. In most cases, this will be a single package name, the package that has been assigned that user ID. If multiple application share a UID then all packages sharing UID will be included. */ packageNames?: string[] | null; /** * Process ID. */ pid?: number | null; /** * Process name. */ processName?: string | null; /** * SELinux policy info. */ seinfo?: string | null; /** * Process start time. */ startTime?: string | null; /** * UID of the package. */ uid?: number | null; } /** * An app process was started. This is available device-wide on fully managed devices and within the work profile on organization-owned devices with a work profile. */ export interface Schema$AppProcessStartEvent { /** * Information about a process. */ processInfo?: Schema$AppProcessInfo; } /** * Id to name association of a app track. */ export interface Schema$AppTrackInfo { /** * The track name associated with the trackId, set in the Play Console. The name is modifiable from Play Console. */ trackAlias?: string | null; /** * The unmodifiable unique track identifier, taken from the releaseTrackId in the URL of the Play Console page that displays the app’s track information. */ trackId?: string | null; } /** * This represents a single version of the app. */ export interface Schema$AppVersion { /** * If the value is True, it indicates that this version is a production track. */ production?: boolean | null; /** * Track identifiers that the app version is published in. This does not include the production track (see production instead). */ trackIds?: string[] | null; /** * Unique increasing identifier for the app version. */ versionCode?: number | null; /** * The string used in the Play store by the app developer to identify the version. The string is not necessarily unique or localized (for example, the string could be "1.4"). */ versionString?: string | null; } /** * An admin has enabled or disabled backup service. */ export interface Schema$BackupServiceToggledEvent { /** * Package name of the admin app requesting the change. */ adminPackageName?: string | null; /** * User ID of the admin app from the which the change was requested. */ adminUserId?: number | null; /** * Whether the backup service is enabled */ backupServiceState?: string | null; } /** * Batched event logs of events from the device. */ export interface Schema$BatchUsageLogEvents { /** * If present, the name of the device in the form ‘enterprises/{enterpriseId\}/devices/{deviceId\}’ */ device?: string | null; /** * The device timestamp when the batch of events were collected from the device. */ retrievalTime?: string | null; /** * The list of UsageLogEvent that were reported by the device, sorted chronologically by the event time. */ usageLogEvents?: Schema$UsageLogEvent[]; /** * If present, the resource name of the user that owns this device in the form ‘enterprises/{enterpriseId\}/users/{userId\}’. */ user?: string | null; } /** * An action to block access to apps and data on a fully managed device or in a work profile. This action also triggers a device or work profile to displays a user-facing notification with information (where possible) on how to correct the compliance issue. Note: wipeAction must also be specified. */ export interface Schema$BlockAction { /** * Number of days the policy is non-compliant before the device or work profile is blocked. To block access immediately, set to 0. blockAfterDays must be less than wipeAfterDays. */ blockAfterDays?: number | null; /** * Specifies the scope of this BlockAction. Only applicable to devices that are company-owned. */ blockScope?: string | null; } /** * A new root certificate was installed into the system's trusted credential storage. This is available device-wide on fully managed devices and within the work profile on organization-owned devices with a work profile. */ export interface Schema$CertAuthorityInstalledEvent { /** * Subject of the certificate. */ certificate?: string | null; /** * Whether the installation event succeeded. */ success?: boolean | null; /** * The user in which the certificate install event happened. Only available for devices running Android 11 and above. */ userId?: number | null; } /** * A root certificate was removed from the system's trusted credential storage. This is available device-wide on fully managed devices and within the work profile on organization-owned devices with a work profile. */ export interface Schema$CertAuthorityRemovedEvent { /** * Subject of the certificate. */ certificate?: string | null; /** * Whether the removal succeeded. */ success?: boolean | null; /** * The user in which the certificate removal event occurred. Only available for devices running Android 11 and above. */ userId?: number | null; } /** * An X.509v3 certificate failed to validate, currently this validation is performed on the Wi-FI access point and failure may be due to a mismatch upon server certificate validation. However it may in the future include other validation events of an X.509v3 certificate. */ export interface Schema$CertValidationFailureEvent { /** * The reason why certification validation failed. */ failureReason?: string | null; } /** * Controls apps' access to private keys. The rule determines which private key, if any, Android Device Policy grants to the specified app. Access is granted either when the app calls KeyChain.choosePrivateKeyAlias (https://developer.android.com/reference/android/security/KeyChain#choosePrivateKeyAlias%28android.app.Activity,%20android.security.KeyChainAliasCallback,%20java.lang.String[],%20java.security.Principal[],%20java.lang.String,%20int,%20java.lang.String%29) (or any overloads) to request a private key alias for a given URL, or for rules that are not URL-specific (that is, if urlPattern is not set, or set to the empty string or .*) on Android 11 and above, directly so that the app can call KeyChain.getPrivateKey (https://developer.android.com/reference/android/security/KeyChain#getPrivateKey%28android.content.Context,%20java.lang.String%29), without first having to call KeyChain.choosePrivateKeyAlias.When an app calls KeyChain.choosePrivateKeyAlias if more than one choosePrivateKeyRules matches, the last matching rule defines which key alias to return. */ export interface Schema$ChoosePrivateKeyRule { /** * The package names to which this rule applies. The signing key certificate fingerprint of the app is verified against the signing key certificate fingerprints provided by Play Store and ApplicationPolicy.signingKeyCerts . If no package names are specified, then the alias is provided to all apps that call KeyChain.choosePrivateKeyAlias (https://developer.android.com/reference/android/security/KeyChain#choosePrivateKeyAlias%28android.app.Activity,%20android.security.KeyChainAliasCallback,%20java.lang.String[],%20java.security.Principal[],%20java.lang.String,%20int,%20java.lang.String%29) or any overloads (but not without calling KeyChain.choosePrivateKeyAlias, even on Android 11 and above). Any app with the same Android UID as a package specified here will have access when they call KeyChain.choosePrivateKeyAlias. */ packageNames?: string[] | null; /** * The alias of the private key to be used. */ privateKeyAlias?: string | null; /** * The URL pattern to match against the URL of the request. If not set or empty, it matches all URLs. This uses the regular expression syntax of java.util.regex.Pattern. */ urlPattern?: string | null; } /** * Parameters associated with the CLEAR_APP_DATA command to clear the data of specified apps from the device. */ export interface Schema$ClearAppsDataParams { /** * The package names of the apps whose data will be cleared when the command is executed. */ packageNames?: string[] | null; } /** * Status of the CLEAR_APP_DATA command to clear the data of specified apps from the device. */ export interface Schema$ClearAppsDataStatus { /** * The per-app results, a mapping from package names to the respective clearing result. */ results?: { [key: string]: Schema$PerAppResult; } | null; } /** * A command. */ export interface Schema$Command { /** * Optional. Parameters for the ADD_ESIM command to add an eSIM profile to the device. If this is set, then it is suggested that type should not be set. In this case, the server automatically sets it to ADD_ESIM. It is also acceptable to explicitly set type to ADD_ESIM. */ addEsimParams?: Schema$AddEsimParams; /** * Parameters for the CLEAR_APP_DATA command to clear the data of specified apps from the device. See ClearAppsDataParams. If this is set, then it is suggested that type should not be set. In this case, the server automatically sets it to CLEAR_APP_DATA. It is also acceptable to explicitly set type to CLEAR_APP_DATA. */ clearAppsDataParams?: Schema$ClearAppsDataParams; /** * Output only. Status of the CLEAR_APP_DATA command to clear the data of specified apps from the device. See ClearAppsDataStatus. */ clearAppsDataStatus?: Schema$ClearAppsDataStatus; /** * The timestamp at which the command was created. The timestamp is automatically generated by the server. */ createTime?: string | null; /** * The duration for which the command is valid. The command will expire if not executed by the device during this time. The default duration if unspecified is ten minutes. There is no maximum duration. */ duration?: string | null; /** * If the command failed, an error code explaining the failure. This is not set when the command is cancelled by the caller. For reasoning about command errors, prefer fields in the following order (most preferred first): 1. Command-specific fields like clearAppsDataStatus, startLostModeStatus, or similar, if they exist. 2. This field, if set. 3. The generic error field in the Operation that wraps the command. */ errorCode?: string | null; /** * Output only. Status of an ADD_ESIM or REMOVE_ESIM command. */ esimStatus?: Schema$EsimCommandStatus; /** * For commands of type RESET_PASSWORD, optionally specifies the new password. Note: The new password must be at least 6 characters long if it is numeric in case of Android 14 devices. Else the command will fail with INVALID_VALUE. */ newPassword?: string | null; /** * Optional. Parameters for the REMOVE_ESIM command to remove an eSIM profile from the device. If this is set, then it is suggested that type should not be set. In this case, the server automatically sets it to REMOVE_ESIM. It is also acceptable to explicitly set type to REMOVE_ESIM. */ removeEsimParams?: Schema$RemoveEsimParams; /** * Optional. Parameters for the REQUEST_DEVICE_INFO command to get device related information. If this is set, then it is suggested that type should not be set. In this case, the server automatically sets it to REQUEST_DEVICE_INFO . It is also acceptable to explicitly set type to REQUEST_DEVICE_INFO. */ requestDeviceInfoParams?: Schema$RequestDeviceInfoParams; /** * Output only. Status of the REQUEST_DEVICE_INFO command. */ requestDeviceInfoStatus?: Schema$RequestDeviceInfoStatus; /** * For commands of type RESET_PASSWORD, optionally specifies flags. */ resetPasswordFlags?: string[] | null; /** * Parameters for the START_LOST_MODE command to put the device into lost mode. See StartLostModeParams. If this is set, then it is suggested that type should not be set. In this case, the server automatically sets it to START_LOST_MODE. It is also acceptable to explicitly set type to START_LOST_MODE. */ startLostModeParams?: Schema$StartLostModeParams; /** * Output only. Status of the START_LOST_MODE command to put the device into lost mode. See StartLostModeStatus. */ startLostModeStatus?: Schema$StartLostModeStatus; /** * Parameters for the STOP_LOST_MODE command to take the device out of lost mode. See StopLostModeParams. If this is set, then it is suggested that type should not be set. In this case, the server automatically sets it to STOP_LOST_MODE. It is also acceptable to explicitly set type to STOP_LOST_MODE. */ stopLostModeParams?: Schema$StopLostModeParams; /** * Output only. Status of the STOP_LOST_MODE command to take the device out of lost mode. See StopLostModeStatus. */ stopLostModeStatus?: Schema$StopLostModeStatus; /** * The type of the command. */ type?: string | null; /** * The resource name of the user that owns the device in the form enterprises/{enterpriseId\}/users/{userId\}. This is automatically generated by the server based on the device the command is sent to. */ userName?: string | null; /** * Optional. Parameters for the WIPE command to wipe the device. If this is set, then it is suggested that type should not be set. In this case, the server automatically sets it to WIPE. It is also acceptable to explicitly set type to WIPE. */ wipeParams?: Schema$WipeParams; } /** * Information about Common Criteria Mode—security standards defined in the Common Criteria for Information Technology Security Evaluation (https://www.commoncriteriaportal.org/) (CC).This information is only available if statusReportingSettings.commonCriteriaModeEnabled is true in the device's policy. */ export interface Schema$CommonCriteriaModeInfo { /** * Whether Common Criteria Mode is enabled. */ commonCriteriaModeStatus?: string | null; /** * Output only. The status of policy signature verification. */ policySignatureVerificationStatus?: string | null; } /** * A rule declaring which mitigating actions to take when a device is not compliant with its policy. For every rule, there is always an implicit mitigating action to set policy_compliant to false for the Device resource, and display a message on the device indicating that the device is not compliant with its policy. Other mitigating actions may optionally be taken as well, depending on the field values in the rule. */ export interface Schema$ComplianceRule { /** * A condition which is satisfied if the Android Framework API level on the device doesn't meet a minimum requirement. */ apiLevelCondition?: Schema$ApiLevelCondition; /** * If set to true, the rule includes a mitigating action to disable apps so that the device is effectively disabled, but app data is preserved. If the device is running an app in locked task mode, the app will be closed and a UI showing the reason for non-compliance will be displayed. */ disableApps?: boolean | null; /** * A condition which is satisfied if there exists any matching NonComplianceDetail for the device. */ nonComplianceDetailCondition?: Schema$NonComplianceDetailCondition; /** * If set, the rule includes a mitigating action to disable apps specified in the list, but app data is preserved. */ packageNamesToDisable?: string[] | null; } /** * A TCP connect event was initiated through the standard network stack. */ export interface Schema$ConnectEvent { /** * The destination IP address of the connect call. */ destinationIpAddress?: string | null; /** * The destination port of the connect call. */ destinationPort?: number | null; /** * The package name of the UID that performed the connect call. */ packageName?: string | null; } /** * Contact details for managed Google Play enterprises. */ export interface Schema$ContactInfo { /** * Email address for a point of contact, which will be used to send important announcements related to managed Google Play. */ contactEmail?: string | null; /** * The email of the data protection officer. The email is validated but not verified. */ dataProtectionOfficerEmail?: string | null; /** * The name of the data protection officer. */ dataProtectionOfficerName?: string | null; /** * The phone number of the data protection officer The phone number is validated but not verified. */ dataProtectionOfficerPhone?: string | null; /** * The email of the EU representative. The email is validated but not verified. */ euRepresentativeEmail?: string | null; /** * The name of the EU representative. */ euRepresentativeName?: string | null; /** * The phone number of the EU representative. The phone number is validated but not verified. */ euRepresentativePhone?: string | null; } /** * This feature is not generally available. */ export interface Schema$ContentProviderEndpoint { /** * This feature is not generally available. */ packageName?: string | null; /**