1 //
2 // Copyright (C) 2012 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16
17 #include "update_engine/update_attempter.h"
18
19 #include <stdint.h>
20
21 #include <algorithm>
22 #include <memory>
23 #include <string>
24 #include <utility>
25 #include <vector>
26
27 #include <base/bind.h>
28 #include <base/files/file_util.h>
29 #include <base/logging.h>
30 #include <base/rand_util.h>
31 #include <base/strings/string_util.h>
32 #include <base/strings/stringprintf.h>
33 #include <base/time/time.h>
34 #include <brillo/data_encoding.h>
35 #include <brillo/errors/error_codes.h>
36 #include <brillo/message_loops/message_loop.h>
37 #include <policy/device_policy.h>
38 #include <policy/libpolicy.h>
39 #include <update_engine/dbus-constants.h>
40
41 #include "update_engine/certificate_checker.h"
42 #include "update_engine/common/boot_control_interface.h"
43 #include "update_engine/common/clock_interface.h"
44 #include "update_engine/common/constants.h"
45 #include "update_engine/common/dlcservice_interface.h"
46 #include "update_engine/common/hardware_interface.h"
47 #include "update_engine/common/platform_constants.h"
48 #include "update_engine/common/prefs_interface.h"
49 #include "update_engine/common/subprocess.h"
50 #include "update_engine/common/utils.h"
51 #include "update_engine/libcurl_http_fetcher.h"
52 #include "update_engine/metrics_reporter_interface.h"
53 #include "update_engine/omaha_request_action.h"
54 #include "update_engine/omaha_request_params.h"
55 #include "update_engine/omaha_response_handler_action.h"
56 #include "update_engine/p2p_manager.h"
57 #include "update_engine/payload_consumer/download_action.h"
58 #include "update_engine/payload_consumer/filesystem_verifier_action.h"
59 #include "update_engine/payload_consumer/postinstall_runner_action.h"
60 #include "update_engine/payload_state_interface.h"
61 #include "update_engine/power_manager_interface.h"
62 #include "update_engine/system_state.h"
63 #include "update_engine/update_boot_flags_action.h"
64 #include "update_engine/update_manager/policy.h"
65 #include "update_engine/update_manager/policy_utils.h"
66 #include "update_engine/update_manager/update_manager.h"
67 #include "update_engine/update_status_utils.h"
68
69 using base::Bind;
70 using base::Callback;
71 using base::Time;
72 using base::TimeDelta;
73 using base::TimeTicks;
74 using brillo::MessageLoop;
75 using chromeos_update_manager::CalculateStagingCase;
76 using chromeos_update_manager::EvalStatus;
77 using chromeos_update_manager::Policy;
78 using chromeos_update_manager::StagingCase;
79 using chromeos_update_manager::UpdateCheckParams;
80 using std::string;
81 using std::vector;
82 using update_engine::UpdateAttemptFlags;
83 using update_engine::UpdateEngineStatus;
84
85 namespace chromeos_update_engine {
86
87 const int UpdateAttempter::kMaxDeltaUpdateFailures = 3;
88
89 namespace {
90 const int kMaxConsecutiveObeyProxyRequests = 20;
91
92 // Minimum threshold to broadcast an status update in progress and time.
93 const double kBroadcastThresholdProgress = 0.01; // 1%
94 const int kBroadcastThresholdSeconds = 10;
95
96 // By default autest bypasses scattering. If we want to test scattering,
97 // use kScheduledAUTestURLRequest. The URL used is same in both cases, but
98 // different params are passed to CheckForUpdate().
99 const char kAUTestURLRequest[] = "autest";
100 const char kScheduledAUTestURLRequest[] = "autest-scheduled";
101 } // namespace
102
GetErrorCodeForAction(AbstractAction * action,ErrorCode code)103 ErrorCode GetErrorCodeForAction(AbstractAction* action, ErrorCode code) {
104 if (code != ErrorCode::kError)
105 return code;
106
107 const string type = action->Type();
108 if (type == OmahaRequestAction::StaticType())
109 return ErrorCode::kOmahaRequestError;
110 if (type == OmahaResponseHandlerAction::StaticType())
111 return ErrorCode::kOmahaResponseHandlerError;
112 if (type == FilesystemVerifierAction::StaticType())
113 return ErrorCode::kFilesystemVerifierError;
114 if (type == PostinstallRunnerAction::StaticType())
115 return ErrorCode::kPostinstallRunnerError;
116
117 return code;
118 }
119
UpdateAttempter(SystemState * system_state,CertificateChecker * cert_checker)120 UpdateAttempter::UpdateAttempter(SystemState* system_state,
121 CertificateChecker* cert_checker)
122 : processor_(new ActionProcessor()),
123 system_state_(system_state),
124 cert_checker_(cert_checker),
125 is_install_(false) {}
126
~UpdateAttempter()127 UpdateAttempter::~UpdateAttempter() {
128 // CertificateChecker might not be initialized in unittests.
129 if (cert_checker_)
130 cert_checker_->SetObserver(nullptr);
131 // Release ourselves as the ActionProcessor's delegate to prevent
132 // re-scheduling the updates due to the processing stopped.
133 processor_->set_delegate(nullptr);
134 }
135
Init()136 void UpdateAttempter::Init() {
137 // Pulling from the SystemState can only be done after construction, since
138 // this is an aggregate of various objects (such as the UpdateAttempter),
139 // which requires them all to be constructed prior to it being used.
140 prefs_ = system_state_->prefs();
141 omaha_request_params_ = system_state_->request_params();
142
143 if (cert_checker_)
144 cert_checker_->SetObserver(this);
145
146 // In case of update_engine restart without a reboot we need to restore the
147 // reboot needed state.
148 if (GetBootTimeAtUpdate(nullptr))
149 status_ = UpdateStatus::UPDATED_NEED_REBOOT;
150 else
151 status_ = UpdateStatus::IDLE;
152 }
153
ScheduleUpdates()154 bool UpdateAttempter::ScheduleUpdates() {
155 if (IsUpdateRunningOrScheduled())
156 return false;
157
158 chromeos_update_manager::UpdateManager* const update_manager =
159 system_state_->update_manager();
160 CHECK(update_manager);
161 Callback<void(EvalStatus, const UpdateCheckParams&)> callback =
162 Bind(&UpdateAttempter::OnUpdateScheduled, base::Unretained(this));
163 // We limit the async policy request to a reasonably short time, to avoid a
164 // starvation due to a transient bug.
165 update_manager->AsyncPolicyRequest(callback, &Policy::UpdateCheckAllowed);
166 waiting_for_scheduled_check_ = true;
167 return true;
168 }
169
CertificateChecked(ServerToCheck server_to_check,CertificateCheckResult result)170 void UpdateAttempter::CertificateChecked(ServerToCheck server_to_check,
171 CertificateCheckResult result) {
172 system_state_->metrics_reporter()->ReportCertificateCheckMetrics(
173 server_to_check, result);
174 }
175
CheckAndReportDailyMetrics()176 bool UpdateAttempter::CheckAndReportDailyMetrics() {
177 int64_t stored_value;
178 Time now = system_state_->clock()->GetWallclockTime();
179 if (system_state_->prefs()->Exists(kPrefsDailyMetricsLastReportedAt) &&
180 system_state_->prefs()->GetInt64(kPrefsDailyMetricsLastReportedAt,
181 &stored_value)) {
182 Time last_reported_at = Time::FromInternalValue(stored_value);
183 TimeDelta time_reported_since = now - last_reported_at;
184 if (time_reported_since.InSeconds() < 0) {
185 LOG(WARNING) << "Last reported daily metrics "
186 << utils::FormatTimeDelta(time_reported_since) << " ago "
187 << "which is negative. Either the system clock is wrong or "
188 << "the kPrefsDailyMetricsLastReportedAt state variable "
189 << "is wrong.";
190 // In this case, report daily metrics to reset.
191 } else {
192 if (time_reported_since.InSeconds() < 24 * 60 * 60) {
193 LOG(INFO) << "Last reported daily metrics "
194 << utils::FormatTimeDelta(time_reported_since) << " ago.";
195 return false;
196 }
197 LOG(INFO) << "Last reported daily metrics "
198 << utils::FormatTimeDelta(time_reported_since) << " ago, "
199 << "which is more than 24 hours ago.";
200 }
201 }
202
203 LOG(INFO) << "Reporting daily metrics.";
204 system_state_->prefs()->SetInt64(kPrefsDailyMetricsLastReportedAt,
205 now.ToInternalValue());
206
207 ReportOSAge();
208
209 return true;
210 }
211
ReportOSAge()212 void UpdateAttempter::ReportOSAge() {
213 struct stat sb;
214
215 if (system_state_ == nullptr)
216 return;
217
218 if (stat("/etc/lsb-release", &sb) != 0) {
219 PLOG(ERROR) << "Error getting file status for /etc/lsb-release "
220 << "(Note: this may happen in some unit tests)";
221 return;
222 }
223
224 Time lsb_release_timestamp = Time::FromTimeSpec(sb.st_ctim);
225 Time now = system_state_->clock()->GetWallclockTime();
226 TimeDelta age = now - lsb_release_timestamp;
227 if (age.InSeconds() < 0) {
228 LOG(ERROR) << "The OS age (" << utils::FormatTimeDelta(age)
229 << ") is negative. Maybe the clock is wrong? "
230 << "(Note: this may happen in some unit tests.)";
231 return;
232 }
233
234 system_state_->metrics_reporter()->ReportDailyMetrics(age);
235 }
236
Update(const string & app_version,const string & omaha_url,const string & target_channel,const string & target_version_prefix,bool rollback_allowed,bool obey_proxies,bool interactive)237 void UpdateAttempter::Update(const string& app_version,
238 const string& omaha_url,
239 const string& target_channel,
240 const string& target_version_prefix,
241 bool rollback_allowed,
242 bool obey_proxies,
243 bool interactive) {
244 // This is normally called frequently enough so it's appropriate to use as a
245 // hook for reporting daily metrics.
246 // TODO(garnold) This should be hooked to a separate (reliable and consistent)
247 // timeout event.
248 CheckAndReportDailyMetrics();
249
250 fake_update_success_ = false;
251 if (status_ == UpdateStatus::UPDATED_NEED_REBOOT) {
252 // Although we have applied an update, we still want to ping Omaha
253 // to ensure the number of active statistics is accurate.
254 //
255 // Also convey to the UpdateEngine.Check.Result metric that we're
256 // not performing an update check because of this.
257 LOG(INFO) << "Not updating b/c we already updated and we're waiting for "
258 << "reboot, we'll ping Omaha instead";
259 system_state_->metrics_reporter()->ReportUpdateCheckMetrics(
260 system_state_,
261 metrics::CheckResult::kRebootPending,
262 metrics::CheckReaction::kUnset,
263 metrics::DownloadErrorCode::kUnset);
264 PingOmaha();
265 return;
266 }
267 if (status_ != UpdateStatus::IDLE) {
268 // Update in progress. Do nothing
269 return;
270 }
271
272 if (!CalculateUpdateParams(app_version,
273 omaha_url,
274 target_channel,
275 target_version_prefix,
276 rollback_allowed,
277 obey_proxies,
278 interactive)) {
279 return;
280 }
281
282 BuildUpdateActions(interactive);
283
284 SetStatusAndNotify(UpdateStatus::CHECKING_FOR_UPDATE);
285
286 // Update the last check time here; it may be re-updated when an Omaha
287 // response is received, but this will prevent us from repeatedly scheduling
288 // checks in the case where a response is not received.
289 UpdateLastCheckedTime();
290
291 ScheduleProcessingStart();
292 }
293
RefreshDevicePolicy()294 void UpdateAttempter::RefreshDevicePolicy() {
295 // Lazy initialize the policy provider, or reload the latest policy data.
296 if (!policy_provider_.get())
297 policy_provider_.reset(new policy::PolicyProvider());
298 policy_provider_->Reload();
299
300 const policy::DevicePolicy* device_policy = nullptr;
301 if (policy_provider_->device_policy_is_loaded())
302 device_policy = &policy_provider_->GetDevicePolicy();
303
304 if (device_policy)
305 LOG(INFO) << "Device policies/settings present";
306 else
307 LOG(INFO) << "No device policies/settings present.";
308
309 system_state_->set_device_policy(device_policy);
310 system_state_->p2p_manager()->SetDevicePolicy(device_policy);
311 }
312
CalculateP2PParams(bool interactive)313 void UpdateAttempter::CalculateP2PParams(bool interactive) {
314 bool use_p2p_for_downloading = false;
315 bool use_p2p_for_sharing = false;
316
317 // Never use p2p for downloading in interactive checks unless the developer
318 // has opted in for it via a marker file.
319 //
320 // (Why would a developer want to opt in? If they are working on the
321 // update_engine or p2p codebases so they can actually test their code.)
322
323 if (system_state_ != nullptr) {
324 if (!system_state_->p2p_manager()->IsP2PEnabled()) {
325 LOG(INFO) << "p2p is not enabled - disallowing p2p for both"
326 << " downloading and sharing.";
327 } else {
328 // Allow p2p for sharing, even in interactive checks.
329 use_p2p_for_sharing = true;
330 if (!interactive) {
331 LOG(INFO) << "Non-interactive check - allowing p2p for downloading";
332 use_p2p_for_downloading = true;
333 } else {
334 LOG(INFO) << "Forcibly disabling use of p2p for downloading "
335 << "since this update attempt is interactive.";
336 }
337 }
338 }
339
340 PayloadStateInterface* const payload_state = system_state_->payload_state();
341 payload_state->SetUsingP2PForDownloading(use_p2p_for_downloading);
342 payload_state->SetUsingP2PForSharing(use_p2p_for_sharing);
343 }
344
CalculateUpdateParams(const string & app_version,const string & omaha_url,const string & target_channel,const string & target_version_prefix,bool rollback_allowed,bool obey_proxies,bool interactive)345 bool UpdateAttempter::CalculateUpdateParams(const string& app_version,
346 const string& omaha_url,
347 const string& target_channel,
348 const string& target_version_prefix,
349 bool rollback_allowed,
350 bool obey_proxies,
351 bool interactive) {
352 http_response_code_ = 0;
353 PayloadStateInterface* const payload_state = system_state_->payload_state();
354
355 // Refresh the policy before computing all the update parameters.
356 RefreshDevicePolicy();
357
358 // Check whether we need to clear the rollback-happened preference after
359 // policy is available again.
360 UpdateRollbackHappened();
361
362 // Update the target version prefix.
363 omaha_request_params_->set_target_version_prefix(target_version_prefix);
364
365 // Set whether rollback is allowed.
366 omaha_request_params_->set_rollback_allowed(rollback_allowed);
367
368 CalculateStagingParams(interactive);
369 // If staging_wait_time_ wasn't set, staging is off, use scattering instead.
370 if (staging_wait_time_.InSeconds() == 0) {
371 CalculateScatteringParams(interactive);
372 }
373
374 CalculateP2PParams(interactive);
375 if (payload_state->GetUsingP2PForDownloading() ||
376 payload_state->GetUsingP2PForSharing()) {
377 // OK, p2p is to be used - start it and perform housekeeping.
378 if (!StartP2PAndPerformHousekeeping()) {
379 // If this fails, disable p2p for this attempt
380 LOG(INFO) << "Forcibly disabling use of p2p since starting p2p or "
381 << "performing housekeeping failed.";
382 payload_state->SetUsingP2PForDownloading(false);
383 payload_state->SetUsingP2PForSharing(false);
384 }
385 }
386
387 if (!omaha_request_params_->Init(app_version, omaha_url, interactive)) {
388 LOG(ERROR) << "Unable to initialize Omaha request params.";
389 return false;
390 }
391
392 // Set the target channel, if one was provided.
393 if (target_channel.empty()) {
394 LOG(INFO) << "No target channel mandated by policy.";
395 } else {
396 LOG(INFO) << "Setting target channel as mandated: " << target_channel;
397 // Pass in false for powerwash_allowed until we add it to the policy
398 // protobuf.
399 string error_message;
400 if (!omaha_request_params_->SetTargetChannel(
401 target_channel, false, &error_message)) {
402 LOG(ERROR) << "Setting the channel failed: " << error_message;
403 }
404
405 // Since this is the beginning of a new attempt, update the download
406 // channel. The download channel won't be updated until the next attempt,
407 // even if target channel changes meanwhile, so that how we'll know if we
408 // should cancel the current download attempt if there's such a change in
409 // target channel.
410 omaha_request_params_->UpdateDownloadChannel();
411 }
412 // Set the DLC module ID list.
413 omaha_request_params_->set_dlc_module_ids(dlc_module_ids_);
414 omaha_request_params_->set_is_install(is_install_);
415
416 LOG(INFO) << "target_version_prefix = "
417 << omaha_request_params_->target_version_prefix()
418 << ", rollback_allowed = "
419 << omaha_request_params_->rollback_allowed()
420 << ", scatter_factor_in_seconds = "
421 << utils::FormatSecs(scatter_factor_.InSeconds());
422
423 LOG(INFO) << "Wall Clock Based Wait Enabled = "
424 << omaha_request_params_->wall_clock_based_wait_enabled()
425 << ", Update Check Count Wait Enabled = "
426 << omaha_request_params_->update_check_count_wait_enabled()
427 << ", Waiting Period = "
428 << utils::FormatSecs(
429 omaha_request_params_->waiting_period().InSeconds());
430
431 LOG(INFO) << "Use p2p For Downloading = "
432 << payload_state->GetUsingP2PForDownloading()
433 << ", Use p2p For Sharing = "
434 << payload_state->GetUsingP2PForSharing();
435
436 obeying_proxies_ = true;
437 if (obey_proxies || proxy_manual_checks_ == 0) {
438 LOG(INFO) << "forced to obey proxies";
439 // If forced to obey proxies, every 20th request will not use proxies
440 proxy_manual_checks_++;
441 LOG(INFO) << "proxy manual checks: " << proxy_manual_checks_;
442 if (proxy_manual_checks_ >= kMaxConsecutiveObeyProxyRequests) {
443 proxy_manual_checks_ = 0;
444 obeying_proxies_ = false;
445 }
446 } else if (base::RandInt(0, 4) == 0) {
447 obeying_proxies_ = false;
448 }
449 LOG_IF(INFO, !obeying_proxies_)
450 << "To help ensure updates work, this update check we are ignoring the "
451 << "proxy settings and using direct connections.";
452
453 DisableDeltaUpdateIfNeeded();
454 return true;
455 }
456
CalculateScatteringParams(bool interactive)457 void UpdateAttempter::CalculateScatteringParams(bool interactive) {
458 // Take a copy of the old scatter value before we update it, as
459 // we need to update the waiting period if this value changes.
460 TimeDelta old_scatter_factor = scatter_factor_;
461 const policy::DevicePolicy* device_policy = system_state_->device_policy();
462 if (device_policy) {
463 int64_t new_scatter_factor_in_secs = 0;
464 device_policy->GetScatterFactorInSeconds(&new_scatter_factor_in_secs);
465 if (new_scatter_factor_in_secs < 0) // sanitize input, just in case.
466 new_scatter_factor_in_secs = 0;
467 scatter_factor_ = TimeDelta::FromSeconds(new_scatter_factor_in_secs);
468 }
469
470 bool is_scatter_enabled = false;
471 if (scatter_factor_.InSeconds() == 0) {
472 LOG(INFO) << "Scattering disabled since scatter factor is set to 0";
473 } else if (interactive) {
474 LOG(INFO) << "Scattering disabled as this is an interactive update check";
475 } else if (system_state_->hardware()->IsOOBEEnabled() &&
476 !system_state_->hardware()->IsOOBEComplete(nullptr)) {
477 LOG(INFO) << "Scattering disabled since OOBE is enabled but not complete "
478 "yet";
479 } else {
480 is_scatter_enabled = true;
481 LOG(INFO) << "Scattering is enabled";
482 }
483
484 if (is_scatter_enabled) {
485 // This means the scattering policy is turned on.
486 // Now check if we need to update the waiting period. The two cases
487 // in which we'd need to update the waiting period are:
488 // 1. First time in process or a scheduled check after a user-initiated one.
489 // (omaha_request_params_->waiting_period will be zero in this case).
490 // 2. Admin has changed the scattering policy value.
491 // (new scattering value will be different from old one in this case).
492 int64_t wait_period_in_secs = 0;
493 if (omaha_request_params_->waiting_period().InSeconds() == 0) {
494 // First case. Check if we have a suitable value to set for
495 // the waiting period.
496 if (prefs_->GetInt64(kPrefsWallClockScatteringWaitPeriod,
497 &wait_period_in_secs) &&
498 wait_period_in_secs > 0 &&
499 wait_period_in_secs <= scatter_factor_.InSeconds()) {
500 // This means:
501 // 1. There's a persisted value for the waiting period available.
502 // 2. And that persisted value is still valid.
503 // So, in this case, we should reuse the persisted value instead of
504 // generating a new random value to improve the chances of a good
505 // distribution for scattering.
506 omaha_request_params_->set_waiting_period(
507 TimeDelta::FromSeconds(wait_period_in_secs));
508 LOG(INFO) << "Using persisted wall-clock waiting period: "
509 << utils::FormatSecs(
510 omaha_request_params_->waiting_period().InSeconds());
511 } else {
512 // This means there's no persisted value for the waiting period
513 // available or its value is invalid given the new scatter_factor value.
514 // So, we should go ahead and regenerate a new value for the
515 // waiting period.
516 LOG(INFO) << "Persisted value not present or not valid ("
517 << utils::FormatSecs(wait_period_in_secs)
518 << ") for wall-clock waiting period.";
519 GenerateNewWaitingPeriod();
520 }
521 } else if (scatter_factor_ != old_scatter_factor) {
522 // This means there's already a waiting period value, but we detected
523 // a change in the scattering policy value. So, we should regenerate the
524 // waiting period to make sure it's within the bounds of the new scatter
525 // factor value.
526 GenerateNewWaitingPeriod();
527 } else {
528 // Neither the first time scattering is enabled nor the scattering value
529 // changed. Nothing to do.
530 LOG(INFO) << "Keeping current wall-clock waiting period: "
531 << utils::FormatSecs(
532 omaha_request_params_->waiting_period().InSeconds());
533 }
534
535 // The invariant at this point is that omaha_request_params_->waiting_period
536 // is non-zero no matter which path we took above.
537 LOG_IF(ERROR, omaha_request_params_->waiting_period().InSeconds() == 0)
538 << "Waiting Period should NOT be zero at this point!!!";
539
540 // Since scattering is enabled, wall clock based wait will always be
541 // enabled.
542 omaha_request_params_->set_wall_clock_based_wait_enabled(true);
543
544 // If we don't have any issues in accessing the file system to update
545 // the update check count value, we'll turn that on as well.
546 bool decrement_succeeded = DecrementUpdateCheckCount();
547 omaha_request_params_->set_update_check_count_wait_enabled(
548 decrement_succeeded);
549 } else {
550 // This means the scattering feature is turned off or disabled for
551 // this particular update check. Make sure to disable
552 // all the knobs and artifacts so that we don't invoke any scattering
553 // related code.
554 omaha_request_params_->set_wall_clock_based_wait_enabled(false);
555 omaha_request_params_->set_update_check_count_wait_enabled(false);
556 omaha_request_params_->set_waiting_period(TimeDelta::FromSeconds(0));
557 prefs_->Delete(kPrefsWallClockScatteringWaitPeriod);
558 prefs_->Delete(kPrefsUpdateCheckCount);
559 // Don't delete the UpdateFirstSeenAt file as we don't want manual checks
560 // that result in no-updates (e.g. due to server side throttling) to
561 // cause update starvation by having the client generate a new
562 // UpdateFirstSeenAt for each scheduled check that follows a manual check.
563 }
564 }
565
GenerateNewWaitingPeriod()566 void UpdateAttempter::GenerateNewWaitingPeriod() {
567 omaha_request_params_->set_waiting_period(
568 TimeDelta::FromSeconds(base::RandInt(1, scatter_factor_.InSeconds())));
569
570 LOG(INFO) << "Generated new wall-clock waiting period: "
571 << utils::FormatSecs(
572 omaha_request_params_->waiting_period().InSeconds());
573
574 // Do a best-effort to persist this in all cases. Even if the persistence
575 // fails, we'll still be able to scatter based on our in-memory value.
576 // The persistence only helps in ensuring a good overall distribution
577 // across multiple devices if they tend to reboot too often.
578 system_state_->payload_state()->SetScatteringWaitPeriod(
579 omaha_request_params_->waiting_period());
580 }
581
CalculateStagingParams(bool interactive)582 void UpdateAttempter::CalculateStagingParams(bool interactive) {
583 bool oobe_complete = system_state_->hardware()->IsOOBEEnabled() &&
584 system_state_->hardware()->IsOOBEComplete(nullptr);
585 auto device_policy = system_state_->device_policy();
586 StagingCase staging_case = StagingCase::kOff;
587 if (device_policy && !interactive && oobe_complete) {
588 staging_wait_time_ = omaha_request_params_->waiting_period();
589 staging_case = CalculateStagingCase(
590 device_policy, prefs_, &staging_wait_time_, &staging_schedule_);
591 }
592 switch (staging_case) {
593 case StagingCase::kOff:
594 // Staging is off, get rid of persisted value.
595 prefs_->Delete(kPrefsWallClockStagingWaitPeriod);
596 // Set |staging_wait_time_| to its default value so scattering can still
597 // be turned on
598 staging_wait_time_ = TimeDelta();
599 break;
600 // Let the cases fall through since they just add, and never remove, steps
601 // to turning staging on.
602 case StagingCase::kNoSavedValue:
603 prefs_->SetInt64(kPrefsWallClockStagingWaitPeriod,
604 staging_wait_time_.InDays());
605 case StagingCase::kSetStagingFromPref:
606 omaha_request_params_->set_waiting_period(staging_wait_time_);
607 case StagingCase::kNoAction:
608 // Staging is on, enable wallclock based wait so that its values get used.
609 omaha_request_params_->set_wall_clock_based_wait_enabled(true);
610 // Use UpdateCheckCount if possible to prevent devices updating all at
611 // once.
612 omaha_request_params_->set_update_check_count_wait_enabled(
613 DecrementUpdateCheckCount());
614 // Scattering should not be turned on if staging is on, delete the
615 // existing scattering configuration.
616 prefs_->Delete(kPrefsWallClockScatteringWaitPeriod);
617 scatter_factor_ = TimeDelta();
618 }
619 }
620
BuildUpdateActions(bool interactive)621 void UpdateAttempter::BuildUpdateActions(bool interactive) {
622 CHECK(!processor_->IsRunning());
623 processor_->set_delegate(this);
624
625 // Actions:
626 auto update_check_fetcher = std::make_unique<LibcurlHttpFetcher>(
627 GetProxyResolver(), system_state_->hardware());
628 update_check_fetcher->set_server_to_check(ServerToCheck::kUpdate);
629 // Try harder to connect to the network, esp when not interactive.
630 // See comment in libcurl_http_fetcher.cc.
631 update_check_fetcher->set_no_network_max_retries(interactive ? 1 : 3);
632 auto update_check_action = std::make_unique<OmahaRequestAction>(
633 system_state_, nullptr, std::move(update_check_fetcher), false);
634 auto response_handler_action =
635 std::make_unique<OmahaResponseHandlerAction>(system_state_);
636 auto update_boot_flags_action =
637 std::make_unique<UpdateBootFlagsAction>(system_state_->boot_control());
638 auto download_started_action = std::make_unique<OmahaRequestAction>(
639 system_state_,
640 new OmahaEvent(OmahaEvent::kTypeUpdateDownloadStarted),
641 std::make_unique<LibcurlHttpFetcher>(GetProxyResolver(),
642 system_state_->hardware()),
643 false);
644
645 LibcurlHttpFetcher* download_fetcher =
646 new LibcurlHttpFetcher(GetProxyResolver(), system_state_->hardware());
647 download_fetcher->set_server_to_check(ServerToCheck::kDownload);
648 if (interactive)
649 download_fetcher->set_max_retry_count(kDownloadMaxRetryCountInteractive);
650 auto download_action =
651 std::make_unique<DownloadAction>(prefs_,
652 system_state_->boot_control(),
653 system_state_->hardware(),
654 system_state_,
655 download_fetcher, // passes ownership
656 interactive);
657 download_action->set_delegate(this);
658
659 auto download_finished_action = std::make_unique<OmahaRequestAction>(
660 system_state_,
661 new OmahaEvent(OmahaEvent::kTypeUpdateDownloadFinished),
662 std::make_unique<LibcurlHttpFetcher>(GetProxyResolver(),
663 system_state_->hardware()),
664 false);
665 auto filesystem_verifier_action =
666 std::make_unique<FilesystemVerifierAction>();
667 auto update_complete_action = std::make_unique<OmahaRequestAction>(
668 system_state_,
669 new OmahaEvent(OmahaEvent::kTypeUpdateComplete),
670 std::make_unique<LibcurlHttpFetcher>(GetProxyResolver(),
671 system_state_->hardware()),
672 false);
673
674 auto postinstall_runner_action = std::make_unique<PostinstallRunnerAction>(
675 system_state_->boot_control(), system_state_->hardware());
676 postinstall_runner_action->set_delegate(this);
677
678 // Bond them together. We have to use the leaf-types when calling
679 // BondActions().
680 BondActions(update_check_action.get(), response_handler_action.get());
681 BondActions(response_handler_action.get(), download_action.get());
682 BondActions(download_action.get(), filesystem_verifier_action.get());
683 BondActions(filesystem_verifier_action.get(),
684 postinstall_runner_action.get());
685
686 processor_->EnqueueAction(std::move(update_check_action));
687 processor_->EnqueueAction(std::move(response_handler_action));
688 processor_->EnqueueAction(std::move(update_boot_flags_action));
689 processor_->EnqueueAction(std::move(download_started_action));
690 processor_->EnqueueAction(std::move(download_action));
691 processor_->EnqueueAction(std::move(download_finished_action));
692 processor_->EnqueueAction(std::move(filesystem_verifier_action));
693 processor_->EnqueueAction(std::move(postinstall_runner_action));
694 processor_->EnqueueAction(std::move(update_complete_action));
695 }
696
Rollback(bool powerwash)697 bool UpdateAttempter::Rollback(bool powerwash) {
698 is_install_ = false;
699 if (!CanRollback()) {
700 return false;
701 }
702
703 // Extra check for enterprise-enrolled devices since they don't support
704 // powerwash.
705 if (powerwash) {
706 // Enterprise-enrolled devices have an empty owner in their device policy.
707 string owner;
708 RefreshDevicePolicy();
709 const policy::DevicePolicy* device_policy = system_state_->device_policy();
710 if (device_policy && (!device_policy->GetOwner(&owner) || owner.empty())) {
711 LOG(ERROR) << "Enterprise device detected. "
712 << "Cannot perform a powerwash for enterprise devices.";
713 return false;
714 }
715 }
716
717 processor_->set_delegate(this);
718
719 // Initialize the default request params.
720 if (!omaha_request_params_->Init("", "", true)) {
721 LOG(ERROR) << "Unable to initialize Omaha request params.";
722 return false;
723 }
724
725 LOG(INFO) << "Setting rollback options.";
726 install_plan_.reset(new InstallPlan());
727 install_plan_->target_slot = GetRollbackSlot();
728 install_plan_->source_slot = system_state_->boot_control()->GetCurrentSlot();
729
730 TEST_AND_RETURN_FALSE(
731 install_plan_->LoadPartitionsFromSlots(system_state_->boot_control()));
732 install_plan_->powerwash_required = powerwash;
733
734 LOG(INFO) << "Using this install plan:";
735 install_plan_->Dump();
736
737 auto install_plan_action =
738 std::make_unique<InstallPlanAction>(*install_plan_);
739 auto postinstall_runner_action = std::make_unique<PostinstallRunnerAction>(
740 system_state_->boot_control(), system_state_->hardware());
741 postinstall_runner_action->set_delegate(this);
742 BondActions(install_plan_action.get(), postinstall_runner_action.get());
743 processor_->EnqueueAction(std::move(install_plan_action));
744 processor_->EnqueueAction(std::move(postinstall_runner_action));
745
746 // Update the payload state for Rollback.
747 system_state_->payload_state()->Rollback();
748
749 SetStatusAndNotify(UpdateStatus::ATTEMPTING_ROLLBACK);
750
751 ScheduleProcessingStart();
752 return true;
753 }
754
CanRollback() const755 bool UpdateAttempter::CanRollback() const {
756 // We can only rollback if the update_engine isn't busy and we have a valid
757 // rollback partition.
758 return (status_ == UpdateStatus::IDLE &&
759 GetRollbackSlot() != BootControlInterface::kInvalidSlot);
760 }
761
GetRollbackSlot() const762 BootControlInterface::Slot UpdateAttempter::GetRollbackSlot() const {
763 LOG(INFO) << "UpdateAttempter::GetRollbackSlot";
764 const unsigned int num_slots = system_state_->boot_control()->GetNumSlots();
765 const BootControlInterface::Slot current_slot =
766 system_state_->boot_control()->GetCurrentSlot();
767
768 LOG(INFO) << " Installed slots: " << num_slots;
769 LOG(INFO) << " Booted from slot: "
770 << BootControlInterface::SlotName(current_slot);
771
772 if (current_slot == BootControlInterface::kInvalidSlot || num_slots < 2) {
773 LOG(INFO) << "Device is not updateable.";
774 return BootControlInterface::kInvalidSlot;
775 }
776
777 vector<BootControlInterface::Slot> bootable_slots;
778 for (BootControlInterface::Slot slot = 0; slot < num_slots; slot++) {
779 if (slot != current_slot &&
780 system_state_->boot_control()->IsSlotBootable(slot)) {
781 LOG(INFO) << "Found bootable slot "
782 << BootControlInterface::SlotName(slot);
783 return slot;
784 }
785 }
786 LOG(INFO) << "No other bootable slot found.";
787 return BootControlInterface::kInvalidSlot;
788 }
789
CheckForUpdate(const string & app_version,const string & omaha_url,UpdateAttemptFlags flags)790 bool UpdateAttempter::CheckForUpdate(const string& app_version,
791 const string& omaha_url,
792 UpdateAttemptFlags flags) {
793 dlc_module_ids_.clear();
794 is_install_ = false;
795 bool interactive = !(flags & UpdateAttemptFlags::kFlagNonInteractive);
796
797 if (interactive && status_ != UpdateStatus::IDLE) {
798 // An update check is either in-progress, or an update has completed and the
799 // system is in UPDATED_NEED_REBOOT. Either way, don't do an interactive
800 // update at this time
801 LOG(INFO) << "Refusing to do an interactive update with an update already "
802 "in progress";
803 return false;
804 }
805
806 LOG(INFO) << "Forced update check requested.";
807 forced_app_version_.clear();
808 forced_omaha_url_.clear();
809
810 // Certain conditions must be met to allow setting custom version and update
811 // server URLs. However, kScheduledAUTestURLRequest and kAUTestURLRequest are
812 // always allowed regardless of device state.
813 if (IsAnyUpdateSourceAllowed()) {
814 forced_app_version_ = app_version;
815 forced_omaha_url_ = omaha_url;
816 }
817 if (omaha_url == kScheduledAUTestURLRequest) {
818 forced_omaha_url_ = constants::kOmahaDefaultAUTestURL;
819 // Pretend that it's not user-initiated even though it is,
820 // so as to test scattering logic, etc. which get kicked off
821 // only in scheduled update checks.
822 interactive = false;
823 } else if (omaha_url == kAUTestURLRequest) {
824 forced_omaha_url_ = constants::kOmahaDefaultAUTestURL;
825 }
826
827 if (interactive) {
828 // Use the passed-in update attempt flags for this update attempt instead
829 // of the previously set ones.
830 current_update_attempt_flags_ = flags;
831 // Note: The caching for non-interactive update checks happens in
832 // OnUpdateScheduled().
833 }
834
835 if (forced_update_pending_callback_.get()) {
836 if (!system_state_->dlcservice()->GetInstalled(&dlc_module_ids_)) {
837 dlc_module_ids_.clear();
838 }
839 // Make sure that a scheduling request is made prior to calling the forced
840 // update pending callback.
841 ScheduleUpdates();
842 forced_update_pending_callback_->Run(true, interactive);
843 }
844
845 return true;
846 }
847
CheckForInstall(const vector<string> & dlc_module_ids,const string & omaha_url)848 bool UpdateAttempter::CheckForInstall(const vector<string>& dlc_module_ids,
849 const string& omaha_url) {
850 dlc_module_ids_ = dlc_module_ids;
851 is_install_ = true;
852 forced_omaha_url_.clear();
853
854 // Certain conditions must be met to allow setting custom version and update
855 // server URLs. However, kScheduledAUTestURLRequest and kAUTestURLRequest are
856 // always allowed regardless of device state.
857 if (IsAnyUpdateSourceAllowed()) {
858 forced_omaha_url_ = omaha_url;
859 }
860 if (omaha_url == kScheduledAUTestURLRequest) {
861 forced_omaha_url_ = constants::kOmahaDefaultAUTestURL;
862 } else if (omaha_url == kAUTestURLRequest) {
863 forced_omaha_url_ = constants::kOmahaDefaultAUTestURL;
864 }
865
866 if (!ScheduleUpdates()) {
867 if (forced_update_pending_callback_.get()) {
868 // Make sure that a scheduling request is made prior to calling the forced
869 // update pending callback.
870 ScheduleUpdates();
871 forced_update_pending_callback_->Run(true, true);
872 return true;
873 }
874 return false;
875 }
876 return true;
877 }
878
RebootIfNeeded()879 bool UpdateAttempter::RebootIfNeeded() {
880 #ifdef __ANDROID__
881 if (status_ != UpdateStatus::UPDATED_NEED_REBOOT) {
882 LOG(INFO) << "Reboot requested, but status is "
883 << UpdateStatusToString(status_) << ", so not rebooting.";
884 return false;
885 }
886 #endif // __ANDROID__
887
888 if (system_state_->power_manager()->RequestReboot())
889 return true;
890
891 return RebootDirectly();
892 }
893
WriteUpdateCompletedMarker()894 void UpdateAttempter::WriteUpdateCompletedMarker() {
895 string boot_id;
896 if (!utils::GetBootId(&boot_id))
897 return;
898 prefs_->SetString(kPrefsUpdateCompletedOnBootId, boot_id);
899
900 int64_t value = system_state_->clock()->GetBootTime().ToInternalValue();
901 prefs_->SetInt64(kPrefsUpdateCompletedBootTime, value);
902 }
903
RebootDirectly()904 bool UpdateAttempter::RebootDirectly() {
905 vector<string> command;
906 command.push_back("/sbin/shutdown");
907 command.push_back("-r");
908 command.push_back("now");
909 LOG(INFO) << "Running \"" << base::JoinString(command, " ") << "\"";
910 int rc = 0;
911 Subprocess::SynchronousExec(command, &rc, nullptr);
912 return rc == 0;
913 }
914
OnUpdateScheduled(EvalStatus status,const UpdateCheckParams & params)915 void UpdateAttempter::OnUpdateScheduled(EvalStatus status,
916 const UpdateCheckParams& params) {
917 waiting_for_scheduled_check_ = false;
918
919 if (status == EvalStatus::kSucceeded) {
920 if (!params.updates_enabled) {
921 LOG(WARNING) << "Updates permanently disabled.";
922 // Signal disabled status, then switch right back to idle. This is
923 // necessary for ensuring that observers waiting for a signal change will
924 // actually notice one on subsequent calls. Note that we don't need to
925 // re-schedule a check in this case as updates are permanently disabled;
926 // further (forced) checks may still initiate a scheduling call.
927 SetStatusAndNotify(UpdateStatus::DISABLED);
928 SetStatusAndNotify(UpdateStatus::IDLE);
929 return;
930 }
931
932 LOG(INFO) << "Running " << (params.interactive ? "interactive" : "periodic")
933 << " update.";
934
935 if (!params.interactive) {
936 // Cache the update attempt flags that will be used by this update attempt
937 // so that they can't be changed mid-way through.
938 current_update_attempt_flags_ = update_attempt_flags_;
939 }
940
941 LOG(INFO) << "Update attempt flags in use = 0x" << std::hex
942 << current_update_attempt_flags_;
943
944 Update(forced_app_version_,
945 forced_omaha_url_,
946 params.target_channel,
947 params.target_version_prefix,
948 params.rollback_allowed,
949 /*obey_proxies=*/false,
950 params.interactive);
951 // Always clear the forced app_version and omaha_url after an update attempt
952 // so the next update uses the defaults.
953 forced_app_version_.clear();
954 forced_omaha_url_.clear();
955 } else {
956 LOG(WARNING)
957 << "Update check scheduling failed (possibly timed out); retrying.";
958 ScheduleUpdates();
959 }
960
961 // This check ensures that future update checks will be or are already
962 // scheduled. The check should never fail. A check failure means that there's
963 // a bug that will most likely prevent further automatic update checks. It
964 // seems better to crash in such cases and restart the update_engine daemon
965 // into, hopefully, a known good state.
966 CHECK(IsUpdateRunningOrScheduled());
967 }
968
UpdateLastCheckedTime()969 void UpdateAttempter::UpdateLastCheckedTime() {
970 last_checked_time_ = system_state_->clock()->GetWallclockTime().ToTimeT();
971 }
972
UpdateRollbackHappened()973 void UpdateAttempter::UpdateRollbackHappened() {
974 DCHECK(system_state_);
975 DCHECK(system_state_->payload_state());
976 DCHECK(policy_provider_);
977 if (system_state_->payload_state()->GetRollbackHappened() &&
978 (policy_provider_->device_policy_is_loaded() ||
979 policy_provider_->IsConsumerDevice())) {
980 // Rollback happened, but we already went through OOBE and policy is
981 // present or it's a consumer device.
982 system_state_->payload_state()->SetRollbackHappened(false);
983 }
984 }
985
986 // Delegate methods:
ProcessingDone(const ActionProcessor * processor,ErrorCode code)987 void UpdateAttempter::ProcessingDone(const ActionProcessor* processor,
988 ErrorCode code) {
989 LOG(INFO) << "Processing Done.";
990
991 // Reset cpu shares back to normal.
992 cpu_limiter_.StopLimiter();
993
994 // reset the state that's only valid for a single update pass
995 current_update_attempt_flags_ = UpdateAttemptFlags::kNone;
996
997 if (forced_update_pending_callback_.get())
998 // Clear prior interactive requests once the processor is done.
999 forced_update_pending_callback_->Run(false, false);
1000
1001 if (status_ == UpdateStatus::REPORTING_ERROR_EVENT) {
1002 LOG(INFO) << "Error event sent.";
1003
1004 // Inform scheduler of new status;
1005 SetStatusAndNotify(UpdateStatus::IDLE);
1006 ScheduleUpdates();
1007
1008 if (!fake_update_success_) {
1009 return;
1010 }
1011 LOG(INFO) << "Booted from FW B and tried to install new firmware, "
1012 "so requesting reboot from user.";
1013 }
1014
1015 attempt_error_code_ = utils::GetBaseErrorCode(code);
1016
1017 if (code == ErrorCode::kSuccess) {
1018 // For install operation, we do not mark update complete since we do not
1019 // need reboot.
1020 if (!is_install_)
1021 WriteUpdateCompletedMarker();
1022 ReportTimeToUpdateAppliedMetric();
1023
1024 prefs_->SetInt64(kPrefsDeltaUpdateFailures, 0);
1025 prefs_->SetString(kPrefsPreviousVersion,
1026 omaha_request_params_->app_version());
1027 DeltaPerformer::ResetUpdateProgress(prefs_, false);
1028
1029 system_state_->payload_state()->UpdateSucceeded();
1030
1031 // Since we're done with scattering fully at this point, this is the
1032 // safest point delete the state files, as we're sure that the status is
1033 // set to reboot (which means no more updates will be applied until reboot)
1034 // This deletion is required for correctness as we want the next update
1035 // check to re-create a new random number for the update check count.
1036 // Similarly, we also delete the wall-clock-wait period that was persisted
1037 // so that we start with a new random value for the next update check
1038 // after reboot so that the same device is not favored or punished in any
1039 // way.
1040 prefs_->Delete(kPrefsUpdateCheckCount);
1041 system_state_->payload_state()->SetScatteringWaitPeriod(TimeDelta());
1042 system_state_->payload_state()->SetStagingWaitPeriod(TimeDelta());
1043 prefs_->Delete(kPrefsUpdateFirstSeenAt);
1044
1045 if (is_install_) {
1046 LOG(INFO) << "DLC successfully installed, no reboot needed.";
1047 SetStatusAndNotify(UpdateStatus::IDLE);
1048 ScheduleUpdates();
1049 return;
1050 }
1051
1052 SetStatusAndNotify(UpdateStatus::UPDATED_NEED_REBOOT);
1053 ScheduleUpdates();
1054 LOG(INFO) << "Update successfully applied, waiting to reboot.";
1055
1056 // |install_plan_| is null during rollback operations, and the stats don't
1057 // make much sense then anyway.
1058 if (install_plan_) {
1059 // Generate an unique payload identifier.
1060 string target_version_uid;
1061 for (const auto& payload : install_plan_->payloads) {
1062 target_version_uid +=
1063 brillo::data_encoding::Base64Encode(payload.hash) + ":" +
1064 payload.metadata_signature + ":";
1065 }
1066
1067 // If we just downloaded a rollback image, we should preserve this fact
1068 // over the following powerwash.
1069 if (install_plan_->is_rollback) {
1070 system_state_->payload_state()->SetRollbackHappened(true);
1071 system_state_->metrics_reporter()->ReportEnterpriseRollbackMetrics(
1072 /*success=*/true, install_plan_->version);
1073 }
1074
1075 // Expect to reboot into the new version to send the proper metric during
1076 // next boot.
1077 system_state_->payload_state()->ExpectRebootInNewVersion(
1078 target_version_uid);
1079 } else {
1080 // If we just finished a rollback, then we expect to have no Omaha
1081 // response. Otherwise, it's an error.
1082 if (system_state_->payload_state()->GetRollbackVersion().empty()) {
1083 LOG(ERROR) << "Can't send metrics because there was no Omaha response";
1084 }
1085 }
1086 return;
1087 }
1088
1089 if (ScheduleErrorEventAction()) {
1090 return;
1091 }
1092 LOG(INFO) << "No update.";
1093 SetStatusAndNotify(UpdateStatus::IDLE);
1094 ScheduleUpdates();
1095 }
1096
ProcessingStopped(const ActionProcessor * processor)1097 void UpdateAttempter::ProcessingStopped(const ActionProcessor* processor) {
1098 // Reset cpu shares back to normal.
1099 cpu_limiter_.StopLimiter();
1100 download_progress_ = 0.0;
1101 if (forced_update_pending_callback_.get())
1102 // Clear prior interactive requests once the processor is done.
1103 forced_update_pending_callback_->Run(false, false);
1104 SetStatusAndNotify(UpdateStatus::IDLE);
1105 ScheduleUpdates();
1106 error_event_.reset(nullptr);
1107 }
1108
1109 // Called whenever an action has finished processing, either successfully
1110 // or otherwise.
ActionCompleted(ActionProcessor * processor,AbstractAction * action,ErrorCode code)1111 void UpdateAttempter::ActionCompleted(ActionProcessor* processor,
1112 AbstractAction* action,
1113 ErrorCode code) {
1114 // Reset download progress regardless of whether or not the download
1115 // action succeeded. Also, get the response code from HTTP request
1116 // actions (update download as well as the initial update check
1117 // actions).
1118 const string type = action->Type();
1119 if (type == DownloadAction::StaticType()) {
1120 download_progress_ = 0.0;
1121 DownloadAction* download_action = static_cast<DownloadAction*>(action);
1122 http_response_code_ = download_action->GetHTTPResponseCode();
1123 } else if (type == OmahaRequestAction::StaticType()) {
1124 OmahaRequestAction* omaha_request_action =
1125 static_cast<OmahaRequestAction*>(action);
1126 // If the request is not an event, then it's the update-check.
1127 if (!omaha_request_action->IsEvent()) {
1128 http_response_code_ = omaha_request_action->GetHTTPResponseCode();
1129
1130 // Record the number of consecutive failed update checks.
1131 if (http_response_code_ == kHttpResponseInternalServerError ||
1132 http_response_code_ == kHttpResponseServiceUnavailable) {
1133 consecutive_failed_update_checks_++;
1134 } else {
1135 consecutive_failed_update_checks_ = 0;
1136 }
1137
1138 const OmahaResponse& omaha_response =
1139 omaha_request_action->GetOutputObject();
1140 // Store the server-dictated poll interval, if any.
1141 server_dictated_poll_interval_ =
1142 std::max(0, omaha_response.poll_interval);
1143
1144 // This update is ignored by omaha request action because update over
1145 // cellular connection is not allowed. Needs to ask for user's permissions
1146 // to update.
1147 if (code == ErrorCode::kOmahaUpdateIgnoredOverCellular) {
1148 new_version_ = omaha_response.version;
1149 new_payload_size_ = 0;
1150 for (const auto& package : omaha_response.packages) {
1151 new_payload_size_ += package.size;
1152 }
1153 SetStatusAndNotify(UpdateStatus::NEED_PERMISSION_TO_UPDATE);
1154 }
1155 }
1156 } else if (type == OmahaResponseHandlerAction::StaticType()) {
1157 // Depending on the returned error code, note that an update is available.
1158 if (code == ErrorCode::kOmahaUpdateDeferredPerPolicy ||
1159 code == ErrorCode::kSuccess) {
1160 // Note that the status will be updated to DOWNLOADING when some bytes
1161 // get actually downloaded from the server and the BytesReceived
1162 // callback is invoked. This avoids notifying the user that a download
1163 // has started in cases when the server and the client are unable to
1164 // initiate the download.
1165 auto omaha_response_handler_action =
1166 static_cast<OmahaResponseHandlerAction*>(action);
1167 install_plan_.reset(
1168 new InstallPlan(omaha_response_handler_action->install_plan()));
1169 UpdateLastCheckedTime();
1170 new_version_ = install_plan_->version;
1171 new_system_version_ = install_plan_->system_version;
1172 new_payload_size_ = 0;
1173 for (const auto& payload : install_plan_->payloads)
1174 new_payload_size_ += payload.size;
1175 cpu_limiter_.StartLimiter();
1176 SetStatusAndNotify(UpdateStatus::UPDATE_AVAILABLE);
1177 }
1178 }
1179 // General failure cases.
1180 if (code != ErrorCode::kSuccess) {
1181 // If the current state is at or past the download phase, count the failure
1182 // in case a switch to full update becomes necessary. Ignore network
1183 // transfer timeouts and failures.
1184 if (code != ErrorCode::kDownloadTransferError) {
1185 switch (status_) {
1186 case UpdateStatus::IDLE:
1187 case UpdateStatus::CHECKING_FOR_UPDATE:
1188 case UpdateStatus::UPDATE_AVAILABLE:
1189 case UpdateStatus::NEED_PERMISSION_TO_UPDATE:
1190 break;
1191 case UpdateStatus::DOWNLOADING:
1192 case UpdateStatus::VERIFYING:
1193 case UpdateStatus::FINALIZING:
1194 case UpdateStatus::UPDATED_NEED_REBOOT:
1195 case UpdateStatus::REPORTING_ERROR_EVENT:
1196 case UpdateStatus::ATTEMPTING_ROLLBACK:
1197 case UpdateStatus::DISABLED:
1198 MarkDeltaUpdateFailure();
1199 break;
1200 }
1201 }
1202 if (code != ErrorCode::kNoUpdate) {
1203 // On failure, schedule an error event to be sent to Omaha.
1204 CreatePendingErrorEvent(action, code);
1205 }
1206 return;
1207 }
1208 // Find out which action completed (successfully).
1209 if (type == DownloadAction::StaticType()) {
1210 SetStatusAndNotify(UpdateStatus::FINALIZING);
1211 } else if (type == FilesystemVerifierAction::StaticType()) {
1212 // Log the system properties before the postinst and after the file system
1213 // is verified. It used to be done in the postinst itself. But postinst
1214 // cannot do this anymore. On the other hand, these logs are frequently
1215 // looked at and it is preferable not to scatter them in random location in
1216 // the log and rather log it right before the postinst. The reason not do
1217 // this in the |PostinstallRunnerAction| is to prevent dependency from
1218 // libpayload_consumer to libupdate_engine.
1219 LogImageProperties();
1220 }
1221 }
1222
BytesReceived(uint64_t bytes_progressed,uint64_t bytes_received,uint64_t total)1223 void UpdateAttempter::BytesReceived(uint64_t bytes_progressed,
1224 uint64_t bytes_received,
1225 uint64_t total) {
1226 // The PayloadState keeps track of how many bytes were actually downloaded
1227 // from a given URL for the URL skipping logic.
1228 system_state_->payload_state()->DownloadProgress(bytes_progressed);
1229
1230 double progress = 0;
1231 if (total)
1232 progress = static_cast<double>(bytes_received) / static_cast<double>(total);
1233 if (status_ != UpdateStatus::DOWNLOADING || bytes_received == total) {
1234 download_progress_ = progress;
1235 SetStatusAndNotify(UpdateStatus::DOWNLOADING);
1236 } else {
1237 ProgressUpdate(progress);
1238 }
1239 }
1240
DownloadComplete()1241 void UpdateAttempter::DownloadComplete() {
1242 system_state_->payload_state()->DownloadComplete();
1243 }
1244
ProgressUpdate(double progress)1245 void UpdateAttempter::ProgressUpdate(double progress) {
1246 // Self throttle based on progress. Also send notifications if progress is
1247 // too slow.
1248 if (progress == 1.0 ||
1249 progress - download_progress_ >= kBroadcastThresholdProgress ||
1250 TimeTicks::Now() - last_notify_time_ >=
1251 TimeDelta::FromSeconds(kBroadcastThresholdSeconds)) {
1252 download_progress_ = progress;
1253 BroadcastStatus();
1254 }
1255 }
1256
ResetStatus()1257 bool UpdateAttempter::ResetStatus() {
1258 LOG(INFO) << "Attempting to reset state from "
1259 << UpdateStatusToString(status_) << " to UpdateStatus::IDLE";
1260
1261 switch (status_) {
1262 case UpdateStatus::IDLE:
1263 // no-op.
1264 return true;
1265
1266 case UpdateStatus::UPDATED_NEED_REBOOT: {
1267 bool ret_value = true;
1268 status_ = UpdateStatus::IDLE;
1269
1270 // Remove the reboot marker so that if the machine is rebooted
1271 // after resetting to idle state, it doesn't go back to
1272 // UpdateStatus::UPDATED_NEED_REBOOT state.
1273 ret_value = prefs_->Delete(kPrefsUpdateCompletedOnBootId) && ret_value;
1274 ret_value = prefs_->Delete(kPrefsUpdateCompletedBootTime) && ret_value;
1275
1276 // Update the boot flags so the current slot has higher priority.
1277 BootControlInterface* boot_control = system_state_->boot_control();
1278 if (!boot_control->SetActiveBootSlot(boot_control->GetCurrentSlot()))
1279 ret_value = false;
1280
1281 // Mark the current slot as successful again, since marking it as active
1282 // may reset the successful bit. We ignore the result of whether marking
1283 // the current slot as successful worked.
1284 if (!boot_control->MarkBootSuccessfulAsync(Bind([](bool successful) {})))
1285 ret_value = false;
1286
1287 // Notify the PayloadState that the successful payload was canceled.
1288 system_state_->payload_state()->ResetUpdateStatus();
1289
1290 // The previous version is used to report back to omaha after reboot that
1291 // we actually rebooted into the new version from this "prev-version". We
1292 // need to clear out this value now to prevent it being sent on the next
1293 // updatecheck request.
1294 ret_value = prefs_->SetString(kPrefsPreviousVersion, "") && ret_value;
1295
1296 LOG(INFO) << "Reset status " << (ret_value ? "successful" : "failed");
1297 return ret_value;
1298 }
1299
1300 default:
1301 LOG(ERROR) << "Reset not allowed in this state.";
1302 return false;
1303 }
1304 }
1305
GetStatus(UpdateEngineStatus * out_status)1306 bool UpdateAttempter::GetStatus(UpdateEngineStatus* out_status) {
1307 out_status->last_checked_time = last_checked_time_;
1308 out_status->status = status_;
1309 out_status->current_version = omaha_request_params_->app_version();
1310 out_status->current_system_version = omaha_request_params_->system_version();
1311 out_status->progress = download_progress_;
1312 out_status->new_size_bytes = new_payload_size_;
1313 out_status->new_version = new_version_;
1314 out_status->new_system_version = new_system_version_;
1315 return true;
1316 }
1317
BroadcastStatus()1318 void UpdateAttempter::BroadcastStatus() {
1319 UpdateEngineStatus broadcast_status;
1320 // Use common method for generating the current status.
1321 GetStatus(&broadcast_status);
1322
1323 for (const auto& observer : service_observers_) {
1324 observer->SendStatusUpdate(broadcast_status);
1325 }
1326 last_notify_time_ = TimeTicks::Now();
1327 }
1328
GetErrorCodeFlags()1329 uint32_t UpdateAttempter::GetErrorCodeFlags() {
1330 uint32_t flags = 0;
1331
1332 if (!system_state_->hardware()->IsNormalBootMode())
1333 flags |= static_cast<uint32_t>(ErrorCode::kDevModeFlag);
1334
1335 if (install_plan_ && install_plan_->is_resume)
1336 flags |= static_cast<uint32_t>(ErrorCode::kResumedFlag);
1337
1338 if (!system_state_->hardware()->IsOfficialBuild())
1339 flags |= static_cast<uint32_t>(ErrorCode::kTestImageFlag);
1340
1341 if (!omaha_request_params_->IsUpdateUrlOfficial()) {
1342 flags |= static_cast<uint32_t>(ErrorCode::kTestOmahaUrlFlag);
1343 }
1344
1345 return flags;
1346 }
1347
ShouldCancel(ErrorCode * cancel_reason)1348 bool UpdateAttempter::ShouldCancel(ErrorCode* cancel_reason) {
1349 // Check if the channel we're attempting to update to is the same as the
1350 // target channel currently chosen by the user.
1351 OmahaRequestParams* params = system_state_->request_params();
1352 if (params->download_channel() != params->target_channel()) {
1353 LOG(ERROR) << "Aborting download as target channel: "
1354 << params->target_channel()
1355 << " is different from the download channel: "
1356 << params->download_channel();
1357 *cancel_reason = ErrorCode::kUpdateCanceledByChannelChange;
1358 return true;
1359 }
1360
1361 return false;
1362 }
1363
SetStatusAndNotify(UpdateStatus status)1364 void UpdateAttempter::SetStatusAndNotify(UpdateStatus status) {
1365 status_ = status;
1366 BroadcastStatus();
1367 }
1368
CreatePendingErrorEvent(AbstractAction * action,ErrorCode code)1369 void UpdateAttempter::CreatePendingErrorEvent(AbstractAction* action,
1370 ErrorCode code) {
1371 if (error_event_.get() || status_ == UpdateStatus::REPORTING_ERROR_EVENT) {
1372 // This shouldn't really happen.
1373 LOG(WARNING) << "There's already an existing pending error event.";
1374 return;
1375 }
1376
1377 // Classify the code to generate the appropriate result so that
1378 // the Borgmon charts show up the results correctly.
1379 // Do this before calling GetErrorCodeForAction which could potentially
1380 // augment the bit representation of code and thus cause no matches for
1381 // the switch cases below.
1382 OmahaEvent::Result event_result;
1383 switch (code) {
1384 case ErrorCode::kOmahaUpdateIgnoredPerPolicy:
1385 case ErrorCode::kOmahaUpdateDeferredPerPolicy:
1386 case ErrorCode::kOmahaUpdateDeferredForBackoff:
1387 event_result = OmahaEvent::kResultUpdateDeferred;
1388 break;
1389 default:
1390 event_result = OmahaEvent::kResultError;
1391 break;
1392 }
1393
1394 code = GetErrorCodeForAction(action, code);
1395 fake_update_success_ = code == ErrorCode::kPostinstallBootedFromFirmwareB;
1396
1397 // Compute the final error code with all the bit flags to be sent to Omaha.
1398 code =
1399 static_cast<ErrorCode>(static_cast<uint32_t>(code) | GetErrorCodeFlags());
1400 error_event_.reset(
1401 new OmahaEvent(OmahaEvent::kTypeUpdateComplete, event_result, code));
1402 }
1403
ScheduleErrorEventAction()1404 bool UpdateAttempter::ScheduleErrorEventAction() {
1405 if (error_event_.get() == nullptr)
1406 return false;
1407
1408 LOG(ERROR) << "Update failed.";
1409 system_state_->payload_state()->UpdateFailed(error_event_->error_code);
1410
1411 // Send metrics if it was a rollback.
1412 if (install_plan_ && install_plan_->is_rollback) {
1413 system_state_->metrics_reporter()->ReportEnterpriseRollbackMetrics(
1414 /*success=*/false, install_plan_->version);
1415 }
1416
1417 // Send it to Omaha.
1418 LOG(INFO) << "Reporting the error event";
1419 auto error_event_action = std::make_unique<OmahaRequestAction>(
1420 system_state_,
1421 error_event_.release(), // Pass ownership.
1422 std::make_unique<LibcurlHttpFetcher>(GetProxyResolver(),
1423 system_state_->hardware()),
1424 false);
1425 processor_->EnqueueAction(std::move(error_event_action));
1426 SetStatusAndNotify(UpdateStatus::REPORTING_ERROR_EVENT);
1427 processor_->StartProcessing();
1428 return true;
1429 }
1430
ScheduleProcessingStart()1431 void UpdateAttempter::ScheduleProcessingStart() {
1432 LOG(INFO) << "Scheduling an action processor start.";
1433 MessageLoop::current()->PostTask(
1434 FROM_HERE,
1435 Bind([](ActionProcessor* processor) { processor->StartProcessing(); },
1436 base::Unretained(processor_.get())));
1437 }
1438
DisableDeltaUpdateIfNeeded()1439 void UpdateAttempter::DisableDeltaUpdateIfNeeded() {
1440 int64_t delta_failures;
1441 if (omaha_request_params_->delta_okay() &&
1442 prefs_->GetInt64(kPrefsDeltaUpdateFailures, &delta_failures) &&
1443 delta_failures >= kMaxDeltaUpdateFailures) {
1444 LOG(WARNING) << "Too many delta update failures, forcing full update.";
1445 omaha_request_params_->set_delta_okay(false);
1446 }
1447 }
1448
MarkDeltaUpdateFailure()1449 void UpdateAttempter::MarkDeltaUpdateFailure() {
1450 // Don't try to resume a failed delta update.
1451 DeltaPerformer::ResetUpdateProgress(prefs_, false);
1452 int64_t delta_failures;
1453 if (!prefs_->GetInt64(kPrefsDeltaUpdateFailures, &delta_failures) ||
1454 delta_failures < 0) {
1455 delta_failures = 0;
1456 }
1457 prefs_->SetInt64(kPrefsDeltaUpdateFailures, ++delta_failures);
1458 }
1459
PingOmaha()1460 void UpdateAttempter::PingOmaha() {
1461 if (!processor_->IsRunning()) {
1462 auto ping_action = std::make_unique<OmahaRequestAction>(
1463 system_state_,
1464 nullptr,
1465 std::make_unique<LibcurlHttpFetcher>(GetProxyResolver(),
1466 system_state_->hardware()),
1467 true);
1468 processor_->set_delegate(nullptr);
1469 processor_->EnqueueAction(std::move(ping_action));
1470 // Call StartProcessing() synchronously here to avoid any race conditions
1471 // caused by multiple outstanding ping Omaha requests. If we call
1472 // StartProcessing() asynchronously, the device can be suspended before we
1473 // get a chance to callback to StartProcessing(). When the device resumes
1474 // (assuming the device sleeps longer than the next update check period),
1475 // StartProcessing() is called back and at the same time, the next update
1476 // check is fired which eventually invokes StartProcessing(). A crash
1477 // can occur because StartProcessing() checks to make sure that the
1478 // processor is idle which it isn't due to the two concurrent ping Omaha
1479 // requests.
1480 processor_->StartProcessing();
1481 } else {
1482 LOG(WARNING) << "Action processor running, Omaha ping suppressed.";
1483 }
1484
1485 // Update the last check time here; it may be re-updated when an Omaha
1486 // response is received, but this will prevent us from repeatedly scheduling
1487 // checks in the case where a response is not received.
1488 UpdateLastCheckedTime();
1489
1490 // Update the status which will schedule the next update check
1491 SetStatusAndNotify(UpdateStatus::UPDATED_NEED_REBOOT);
1492 ScheduleUpdates();
1493 }
1494
DecrementUpdateCheckCount()1495 bool UpdateAttempter::DecrementUpdateCheckCount() {
1496 int64_t update_check_count_value;
1497
1498 if (!prefs_->Exists(kPrefsUpdateCheckCount)) {
1499 // This file does not exist. This means we haven't started our update
1500 // check count down yet, so nothing more to do. This file will be created
1501 // later when we first satisfy the wall-clock-based-wait period.
1502 LOG(INFO) << "No existing update check count. That's normal.";
1503 return true;
1504 }
1505
1506 if (prefs_->GetInt64(kPrefsUpdateCheckCount, &update_check_count_value)) {
1507 // Only if we're able to read a proper integer value, then go ahead
1508 // and decrement and write back the result in the same file, if needed.
1509 LOG(INFO) << "Update check count = " << update_check_count_value;
1510
1511 if (update_check_count_value == 0) {
1512 // It could be 0, if, for some reason, the file didn't get deleted
1513 // when we set our status to waiting for reboot. so we just leave it
1514 // as is so that we can prevent another update_check wait for this client.
1515 LOG(INFO) << "Not decrementing update check count as it's already 0.";
1516 return true;
1517 }
1518
1519 if (update_check_count_value > 0)
1520 update_check_count_value--;
1521 else
1522 update_check_count_value = 0;
1523
1524 // Write out the new value of update_check_count_value.
1525 if (prefs_->SetInt64(kPrefsUpdateCheckCount, update_check_count_value)) {
1526 // We successfully wrote out the new value, so enable the
1527 // update check based wait.
1528 LOG(INFO) << "New update check count = " << update_check_count_value;
1529 return true;
1530 }
1531 }
1532
1533 LOG(INFO) << "Deleting update check count state due to read/write errors.";
1534
1535 // We cannot read/write to the file, so disable the update check based wait
1536 // so that we don't get stuck in this OS version by any chance (which could
1537 // happen if there's some bug that causes to read/write incorrectly).
1538 // Also attempt to delete the file to do our best effort to cleanup.
1539 prefs_->Delete(kPrefsUpdateCheckCount);
1540 return false;
1541 }
1542
UpdateEngineStarted()1543 void UpdateAttempter::UpdateEngineStarted() {
1544 // If we just booted into a new update, keep the previous OS version
1545 // in case we rebooted because of a crash of the old version, so we
1546 // can do a proper crash report with correct information.
1547 // This must be done before calling
1548 // system_state_->payload_state()->UpdateEngineStarted() since it will
1549 // delete SystemUpdated marker file.
1550 if (system_state_->system_rebooted() &&
1551 prefs_->Exists(kPrefsSystemUpdatedMarker)) {
1552 if (!prefs_->GetString(kPrefsPreviousVersion, &prev_version_)) {
1553 // If we fail to get the version string, make sure it stays empty.
1554 prev_version_.clear();
1555 }
1556 }
1557
1558 system_state_->payload_state()->UpdateEngineStarted();
1559 StartP2PAtStartup();
1560 }
1561
StartP2PAtStartup()1562 bool UpdateAttempter::StartP2PAtStartup() {
1563 if (system_state_ == nullptr ||
1564 !system_state_->p2p_manager()->IsP2PEnabled()) {
1565 LOG(INFO) << "Not starting p2p at startup since it's not enabled.";
1566 return false;
1567 }
1568
1569 if (system_state_->p2p_manager()->CountSharedFiles() < 1) {
1570 LOG(INFO) << "Not starting p2p at startup since our application "
1571 << "is not sharing any files.";
1572 return false;
1573 }
1574
1575 return StartP2PAndPerformHousekeeping();
1576 }
1577
StartP2PAndPerformHousekeeping()1578 bool UpdateAttempter::StartP2PAndPerformHousekeeping() {
1579 if (system_state_ == nullptr)
1580 return false;
1581
1582 if (!system_state_->p2p_manager()->IsP2PEnabled()) {
1583 LOG(INFO) << "Not starting p2p since it's not enabled.";
1584 return false;
1585 }
1586
1587 LOG(INFO) << "Ensuring that p2p is running.";
1588 if (!system_state_->p2p_manager()->EnsureP2PRunning()) {
1589 LOG(ERROR) << "Error starting p2p.";
1590 return false;
1591 }
1592
1593 LOG(INFO) << "Performing p2p housekeeping.";
1594 if (!system_state_->p2p_manager()->PerformHousekeeping()) {
1595 LOG(ERROR) << "Error performing housekeeping for p2p.";
1596 return false;
1597 }
1598
1599 LOG(INFO) << "Done performing p2p housekeeping.";
1600 return true;
1601 }
1602
GetBootTimeAtUpdate(Time * out_boot_time)1603 bool UpdateAttempter::GetBootTimeAtUpdate(Time* out_boot_time) {
1604 // In case of an update_engine restart without a reboot, we stored the boot_id
1605 // when the update was completed by setting a pref, so we can check whether
1606 // the last update was on this boot or a previous one.
1607 string boot_id;
1608 TEST_AND_RETURN_FALSE(utils::GetBootId(&boot_id));
1609
1610 string update_completed_on_boot_id;
1611 if (!prefs_->Exists(kPrefsUpdateCompletedOnBootId) ||
1612 !prefs_->GetString(kPrefsUpdateCompletedOnBootId,
1613 &update_completed_on_boot_id) ||
1614 update_completed_on_boot_id != boot_id)
1615 return false;
1616
1617 // Short-circuit avoiding the read in case out_boot_time is nullptr.
1618 if (out_boot_time) {
1619 int64_t boot_time = 0;
1620 // Since the kPrefsUpdateCompletedOnBootId was correctly set, this pref
1621 // should not fail.
1622 TEST_AND_RETURN_FALSE(
1623 prefs_->GetInt64(kPrefsUpdateCompletedBootTime, &boot_time));
1624 *out_boot_time = Time::FromInternalValue(boot_time);
1625 }
1626 return true;
1627 }
1628
IsUpdateRunningOrScheduled()1629 bool UpdateAttempter::IsUpdateRunningOrScheduled() {
1630 return ((status_ != UpdateStatus::IDLE &&
1631 status_ != UpdateStatus::UPDATED_NEED_REBOOT) ||
1632 waiting_for_scheduled_check_);
1633 }
1634
IsAnyUpdateSourceAllowed() const1635 bool UpdateAttempter::IsAnyUpdateSourceAllowed() const {
1636 // We allow updates from any source if either of these are true:
1637 // * The device is running an unofficial (dev/test) image.
1638 // * The debugd dev features are accessible (i.e. in devmode with no owner).
1639 // This protects users running a base image, while still allowing a specific
1640 // window (gated by the debug dev features) where `cros flash` is usable.
1641 if (!system_state_->hardware()->IsOfficialBuild()) {
1642 LOG(INFO) << "Non-official build; allowing any update source.";
1643 return true;
1644 }
1645
1646 if (system_state_->hardware()->AreDevFeaturesEnabled()) {
1647 LOG(INFO) << "Developer features enabled; allowing custom update sources.";
1648 return true;
1649 }
1650
1651 LOG(INFO)
1652 << "Developer features disabled; disallowing custom update sources.";
1653 return false;
1654 }
1655
ReportTimeToUpdateAppliedMetric()1656 void UpdateAttempter::ReportTimeToUpdateAppliedMetric() {
1657 const policy::DevicePolicy* device_policy = system_state_->device_policy();
1658 if (device_policy && device_policy->IsEnterpriseEnrolled()) {
1659 vector<policy::DevicePolicy::WeeklyTimeInterval> parsed_intervals;
1660 bool has_time_restrictions =
1661 device_policy->GetDisallowedTimeIntervals(&parsed_intervals);
1662
1663 int64_t update_first_seen_at_int;
1664 if (system_state_->prefs()->Exists(kPrefsUpdateFirstSeenAt)) {
1665 if (system_state_->prefs()->GetInt64(kPrefsUpdateFirstSeenAt,
1666 &update_first_seen_at_int)) {
1667 TimeDelta update_delay =
1668 system_state_->clock()->GetWallclockTime() -
1669 Time::FromInternalValue(update_first_seen_at_int);
1670 system_state_->metrics_reporter()
1671 ->ReportEnterpriseUpdateSeenToDownloadDays(has_time_restrictions,
1672 update_delay.InDays());
1673 }
1674 }
1675 }
1676 }
1677
1678 } // namespace chromeos_update_engine
1679