blob: 18e6700409f7346ed26a988eaf32cf022f49bf81 [file] [log] [blame]
// Copyright 2018 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
//
// Protocol buffers shared by the Chrome Cleanup Tool and the Software Reporter
// Tool. Those protocol messages should be kept in sync with the server
// implementation.
syntax = "proto2";
import "removal_status.proto";
option optimize_for = LITE_RUNTIME;
package chrome_cleaner;
// The host of a loaded module.
enum ModuleHost {
CHROME_CLEANUP_TOOL = 0;
CHROME = 1;
}
// The method used to install an extension.
enum ExtensionInstallMethod {
INSTALL_METHOD_UNSPECIFIED = 0;
POLICY_EXTENSION_FORCELIST = 1;
POLICY_EXTENSION_SETTINGS = 2;
POLICY_MASTER_PREFERENCES = 3;
DEFAULT_APPS_EXTENSION = 4;
}
// Next tag: 16
message FileInformation {
// The full path to the file, expanded.
optional string path = 1;
// File creation date.
optional string creation_date = 2;
// Last file modification date.
optional string last_modified_date = 3;
// The file's sha256 digest, not always present.
optional string sha256 = 5;
// The size of the file.
optional int64 size = 6;
// The name of the company that created the file.
optional bytes company_name = 7;
// The short name of the company that created the file.
optional bytes company_short_name = 8;
// The name of the product that owns this file.
optional bytes product_name = 9;
// The short name of the product that owns this file.
optional bytes product_short_name = 10;
// The internal name for this file.
optional bytes internal_name = 11;
// The original file name for this file.
optional bytes original_filename = 12;
// The file description for this file.
optional bytes file_description = 13;
// The version of this file.
optional bytes file_version = 14;
// True if this file is an active part of the UwS installation.
optional bool active_file = 15;
}
// Next tag: 4.
message FolderInformation {
// The full path to the folder, expanded.
optional bytes path = 1;
// Folder creation date.
optional string creation_date = 2;
// Last modification date.
optional string last_modified_date = 3;
}
// Next tag: 4
message ScheduledTaskAction {
optional FileInformation file_information = 1;
optional bytes working_dir = 2;
optional bytes arguments = 3;
}
// Information about a scheduled task.
// Next tag: 5.
message ScheduledTask {
optional bytes name = 1;
optional bytes description = 2;
repeated FileInformation deprecated_actions = 3;
repeated ScheduledTaskAction actions = 4;
}
// Information related to a matched UwS file.
// Next tag: 3.
message MatchedFile {
optional FileInformation file_information = 1;
// Indication if the file was matched only, removed, scheduled for removal,
// etc.
optional RemovalStatus removal_status = 2;
}
// Information related to a matched UwS folder.
// Next tag: 3.
message MatchedFolder {
optional FolderInformation folder_information = 1;
// Indication if the folder was matched only, removed, scheduled for removal,
// etc.
optional RemovalStatus removal_status = 2;
}
// Next tag: 4.
message MatchedRegistryEntry {
optional bytes key_path = 1;
optional bytes value_name = 2;
// Note, this doesn't contain the value of the registry substring, it
// just contains what was in the PUP footprint to match against the
// registry, and how it was matched is determined by the rule (which we
// don't currently store here).
optional bytes value_substring = 3;
}
// Next tag: 2
message MatchedScheduledTask {
optional ScheduledTask scheduled_task = 1;
}
// Information about a registry value.
// Next tag: 5.
message RegistryValue {
optional bytes key_path = 1;
optional bytes value_name = 2;
optional bytes data = 3;
repeated FileInformation file_informations = 4;
}
// All the information found by the app about an UwS during a run.
// Next tag: 10.
message UwS {
optional uint32 id = 6;
optional string name = 1;
repeated MatchedFile files = 2;
repeated MatchedFolder folders = 7;
repeated MatchedRegistryEntry registry_entries = 3;
repeated MatchedScheduledTask scheduled_tasks = 4;
// If you are adding new matched footprint type, please update conditions of
// "forced detection" in scanner/scanner.cc:ScanThisPUP and update
// SilentScanAndCleanTest.NoPotentialFalsePositivesOnCleanMachine test.
// Documents the detail level with which this UwS was collected.
// Next tag: 3.
message DetailLevel {
// Whether or not the scanner stopped after finding one active
// footprint.
optional bool only_one_footprint = 1;
// Whether or not collectors were run to find items on the system,
// such as links and registry entries, that point to matched
// footprints.
optional bool ran_collectors = 2;
}
optional DetailLevel detail_level = 5;
// The state of an UwS.
enum State {
UNKNOWN = 0;
REPORT_ONLY = 1;
REMOVABLE = 2;
FORCED_DETECTION = 3;
}
optional State state = 8;
enum TraceLocation {
FOUND_IN_UNKNOWN = 0;
FOUND_IN_STARTUP = 1;
FOUND_IN_MEMORY = 2;
FOUND_IN_UNINSTALLSTRING = 3; // Contents of HKEY_LOCAL_MACHINE\SOFTWARE\
// Wow6432Node\Microsoft\Windows\
// CurrentVersion\Uninstall\<SoftwareName>\
// UninstallString
FOUND_IN_INSTALLLOCATION = 4; // InstallLocation
FOUND_IN_MUICACHE = 5; // HKEY_CLASSES_ROOT\Local Settings\Software\
// Microsoft\Windows\Shell\MuiCache
FOUND_IN_SERVICE = 6; // Services
FOUND_IN_SHELL = 7; // Menu Start, Startup, Desktop
FOUND_IN_SCHEDULED_TASK = 8; // Task scheduler
FOUND_IN_CLSID = 9; // CLSID
FOUND_IN_MODULES = 10; // Loaded modules of a process
}
repeated TraceLocation trace_locations = 9;
}
// Information collected by the app when it's only able to find incomplete
// matches for an UwS that could correspond to a new flavour that is currently
// not tracked.
// Next tag: 4.
message IncompleteUwSMatch {
optional uint32 uws_id = 1;
optional string uws_name = 2;
// Clue corresponding to an incomplete UwS matching.
// Next tag: 5.
message Clue {
// Deprecated details field that was defined only in 11.72 but never used.
reserved 3;
// Title of the clue (e.g. main problem encountered when attempting
// a match, relevance of files and registry entries listed in the trace
// etc.).
optional string title = 1;
repeated MatchedFile files = 2;
repeated MatchedRegistryEntry registry_entries = 4;
}
repeated Clue clues = 3;
}
// ChromeFoilResponse is a legacy name that must be kept because existing
// analysis tools use it.
//
// Next tag: 2.
message ChromeFoilResponse {
// An arbitrary token that can be used to later reference this
// specific request+response.
optional bytes token = 1;
}
// Next tag: 4.
message Engine {
enum Name {
UNKNOWN = 0;
URZA = 1; // Legacy name for the original engine, must be kept because
// analysis tools refer to this name.
ESET = 2;
}
// Deprecated stub_implementation field that stopped being sent after 26.142.
reserved 2;
optional Name name = 1;
optional string version = 3;
}
// Performance information about spawned processes.
// Next tag: 3
message ProcessInformation {
enum Process {
UNKNOWN = 0;
MAIN = 1;
DEPRECATED_SIGNATURE_MATCHER_SANDBOX = 2;
ESET_SANDBOX = 3;
}
optional Process process = 1;
// Next tag: 10
message SystemResourceUsage {
// In seconds.
optional uint32 user_time = 1;
// In seconds.
optional uint32 kernel_time = 2;
// In bytes.
optional uint64 peak_working_set_size = 3;
optional uint64 read_operation_count = 4;
optional uint64 write_operation_count = 5;
optional uint64 other_operation_count = 6;
optional uint64 read_transfer_count = 7;
optional uint64 write_transfer_count = 8;
optional uint64 other_transfer_count = 9;
}
optional SystemResourceUsage resource_usage = 2;
}