| // Copyright 2018 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| // |
| // Protocol buffers shared by the Chrome Cleanup Tool and the Software Reporter |
| // Tool. Those protocol messages should be kept in sync with the server |
| // implementation. |
| |
| syntax = "proto2"; |
| |
| import "removal_status.proto"; |
| |
| option optimize_for = LITE_RUNTIME; |
| |
| package chrome_cleaner; |
| |
| // The host of a loaded module. |
| enum ModuleHost { |
| CHROME_CLEANUP_TOOL = 0; |
| CHROME = 1; |
| } |
| |
| // The method used to install an extension. |
| enum ExtensionInstallMethod { |
| INSTALL_METHOD_UNSPECIFIED = 0; |
| POLICY_EXTENSION_FORCELIST = 1; |
| POLICY_EXTENSION_SETTINGS = 2; |
| POLICY_MASTER_PREFERENCES = 3; |
| DEFAULT_APPS_EXTENSION = 4; |
| } |
| |
| // Next tag: 16 |
| message FileInformation { |
| // The full path to the file, expanded. |
| optional string path = 1; |
| |
| // File creation date. |
| optional string creation_date = 2; |
| |
| // Last file modification date. |
| optional string last_modified_date = 3; |
| |
| // The file's sha256 digest, not always present. |
| optional string sha256 = 5; |
| |
| // The size of the file. |
| optional int64 size = 6; |
| |
| // The name of the company that created the file. |
| optional bytes company_name = 7; |
| |
| // The short name of the company that created the file. |
| optional bytes company_short_name = 8; |
| |
| // The name of the product that owns this file. |
| optional bytes product_name = 9; |
| |
| // The short name of the product that owns this file. |
| optional bytes product_short_name = 10; |
| |
| // The internal name for this file. |
| optional bytes internal_name = 11; |
| |
| // The original file name for this file. |
| optional bytes original_filename = 12; |
| |
| // The file description for this file. |
| optional bytes file_description = 13; |
| |
| // The version of this file. |
| optional bytes file_version = 14; |
| |
| // True if this file is an active part of the UwS installation. |
| optional bool active_file = 15; |
| } |
| |
| // Next tag: 4. |
| message FolderInformation { |
| // The full path to the folder, expanded. |
| optional bytes path = 1; |
| |
| // Folder creation date. |
| optional string creation_date = 2; |
| |
| // Last modification date. |
| optional string last_modified_date = 3; |
| } |
| |
| // Next tag: 4 |
| message ScheduledTaskAction { |
| optional FileInformation file_information = 1; |
| optional bytes working_dir = 2; |
| optional bytes arguments = 3; |
| } |
| |
| // Information about a scheduled task. |
| // Next tag: 5. |
| message ScheduledTask { |
| optional bytes name = 1; |
| optional bytes description = 2; |
| repeated FileInformation deprecated_actions = 3; |
| repeated ScheduledTaskAction actions = 4; |
| } |
| |
| // Information related to a matched UwS file. |
| // Next tag: 3. |
| message MatchedFile { |
| optional FileInformation file_information = 1; |
| |
| // Indication if the file was matched only, removed, scheduled for removal, |
| // etc. |
| optional RemovalStatus removal_status = 2; |
| } |
| |
| // Information related to a matched UwS folder. |
| // Next tag: 3. |
| message MatchedFolder { |
| optional FolderInformation folder_information = 1; |
| |
| // Indication if the folder was matched only, removed, scheduled for removal, |
| // etc. |
| optional RemovalStatus removal_status = 2; |
| } |
| |
| // Next tag: 4. |
| message MatchedRegistryEntry { |
| optional bytes key_path = 1; |
| optional bytes value_name = 2; |
| |
| // Note, this doesn't contain the value of the registry substring, it |
| // just contains what was in the PUP footprint to match against the |
| // registry, and how it was matched is determined by the rule (which we |
| // don't currently store here). |
| optional bytes value_substring = 3; |
| } |
| |
| // Next tag: 2 |
| message MatchedScheduledTask { |
| optional ScheduledTask scheduled_task = 1; |
| } |
| |
| // Information about a registry value. |
| // Next tag: 5. |
| message RegistryValue { |
| optional bytes key_path = 1; |
| optional bytes value_name = 2; |
| optional bytes data = 3; |
| repeated FileInformation file_informations = 4; |
| } |
| |
| // All the information found by the app about an UwS during a run. |
| // Next tag: 10. |
| message UwS { |
| optional uint32 id = 6; |
| optional string name = 1; |
| |
| repeated MatchedFile files = 2; |
| |
| repeated MatchedFolder folders = 7; |
| |
| repeated MatchedRegistryEntry registry_entries = 3; |
| |
| repeated MatchedScheduledTask scheduled_tasks = 4; |
| |
| // If you are adding new matched footprint type, please update conditions of |
| // "forced detection" in scanner/scanner.cc:ScanThisPUP and update |
| // SilentScanAndCleanTest.NoPotentialFalsePositivesOnCleanMachine test. |
| |
| // Documents the detail level with which this UwS was collected. |
| // Next tag: 3. |
| message DetailLevel { |
| // Whether or not the scanner stopped after finding one active |
| // footprint. |
| optional bool only_one_footprint = 1; |
| |
| // Whether or not collectors were run to find items on the system, |
| // such as links and registry entries, that point to matched |
| // footprints. |
| optional bool ran_collectors = 2; |
| } |
| optional DetailLevel detail_level = 5; |
| |
| // The state of an UwS. |
| enum State { |
| UNKNOWN = 0; |
| REPORT_ONLY = 1; |
| REMOVABLE = 2; |
| FORCED_DETECTION = 3; |
| } |
| optional State state = 8; |
| |
| enum TraceLocation { |
| FOUND_IN_UNKNOWN = 0; |
| FOUND_IN_STARTUP = 1; |
| FOUND_IN_MEMORY = 2; |
| FOUND_IN_UNINSTALLSTRING = 3; // Contents of HKEY_LOCAL_MACHINE\SOFTWARE\ |
| // Wow6432Node\Microsoft\Windows\ |
| // CurrentVersion\Uninstall\<SoftwareName>\ |
| // UninstallString |
| FOUND_IN_INSTALLLOCATION = 4; // InstallLocation |
| FOUND_IN_MUICACHE = 5; // HKEY_CLASSES_ROOT\Local Settings\Software\ |
| // Microsoft\Windows\Shell\MuiCache |
| FOUND_IN_SERVICE = 6; // Services |
| FOUND_IN_SHELL = 7; // Menu Start, Startup, Desktop |
| FOUND_IN_SCHEDULED_TASK = 8; // Task scheduler |
| FOUND_IN_CLSID = 9; // CLSID |
| FOUND_IN_MODULES = 10; // Loaded modules of a process |
| } |
| repeated TraceLocation trace_locations = 9; |
| } |
| |
| // Information collected by the app when it's only able to find incomplete |
| // matches for an UwS that could correspond to a new flavour that is currently |
| // not tracked. |
| // Next tag: 4. |
| message IncompleteUwSMatch { |
| optional uint32 uws_id = 1; |
| optional string uws_name = 2; |
| |
| // Clue corresponding to an incomplete UwS matching. |
| // Next tag: 5. |
| message Clue { |
| // Deprecated details field that was defined only in 11.72 but never used. |
| reserved 3; |
| |
| // Title of the clue (e.g. main problem encountered when attempting |
| // a match, relevance of files and registry entries listed in the trace |
| // etc.). |
| optional string title = 1; |
| |
| repeated MatchedFile files = 2; |
| |
| repeated MatchedRegistryEntry registry_entries = 4; |
| } |
| repeated Clue clues = 3; |
| } |
| |
| // ChromeFoilResponse is a legacy name that must be kept because existing |
| // analysis tools use it. |
| // |
| // Next tag: 2. |
| message ChromeFoilResponse { |
| // An arbitrary token that can be used to later reference this |
| // specific request+response. |
| optional bytes token = 1; |
| } |
| |
| // Next tag: 4. |
| message Engine { |
| enum Name { |
| UNKNOWN = 0; |
| URZA = 1; // Legacy name for the original engine, must be kept because |
| // analysis tools refer to this name. |
| ESET = 2; |
| } |
| |
| // Deprecated stub_implementation field that stopped being sent after 26.142. |
| reserved 2; |
| |
| optional Name name = 1; |
| |
| optional string version = 3; |
| } |
| |
| // Performance information about spawned processes. |
| // Next tag: 3 |
| message ProcessInformation { |
| enum Process { |
| UNKNOWN = 0; |
| MAIN = 1; |
| DEPRECATED_SIGNATURE_MATCHER_SANDBOX = 2; |
| ESET_SANDBOX = 3; |
| } |
| optional Process process = 1; |
| |
| // Next tag: 10 |
| message SystemResourceUsage { |
| // In seconds. |
| optional uint32 user_time = 1; |
| // In seconds. |
| optional uint32 kernel_time = 2; |
| // In bytes. |
| optional uint64 peak_working_set_size = 3; |
| |
| optional uint64 read_operation_count = 4; |
| optional uint64 write_operation_count = 5; |
| optional uint64 other_operation_count = 6; |
| optional uint64 read_transfer_count = 7; |
| optional uint64 write_transfer_count = 8; |
| optional uint64 other_transfer_count = 9; |
| } |
| optional SystemResourceUsage resource_usage = 2; |
| } |