1 //
2 // Copyright (C) 2012 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16
17 #include "update_engine/update_attempter.h"
18
19 #include <stdint.h>
20
21 #include <algorithm>
22 #include <memory>
23 #include <set>
24 #include <string>
25 #include <utility>
26 #include <vector>
27
28 #include <base/bind.h>
29 #include <base/files/file_util.h>
30 #include <base/logging.h>
31 #include <base/rand_util.h>
32 #include <base/strings/string_util.h>
33 #include <base/strings/stringprintf.h>
34 #include <brillo/data_encoding.h>
35 #include <brillo/errors/error_codes.h>
36 #include <brillo/message_loops/message_loop.h>
37 #include <policy/device_policy.h>
38 #include <policy/libpolicy.h>
39 #include <update_engine/dbus-constants.h>
40
41 #include "update_engine/certificate_checker.h"
42 #include "update_engine/common/boot_control_interface.h"
43 #include "update_engine/common/clock_interface.h"
44 #include "update_engine/common/constants.h"
45 #include "update_engine/common/hardware_interface.h"
46 #include "update_engine/common/platform_constants.h"
47 #include "update_engine/common/prefs_interface.h"
48 #include "update_engine/common/subprocess.h"
49 #include "update_engine/common/utils.h"
50 #include "update_engine/libcurl_http_fetcher.h"
51 #include "update_engine/metrics_reporter_interface.h"
52 #include "update_engine/omaha_request_action.h"
53 #include "update_engine/omaha_request_params.h"
54 #include "update_engine/omaha_response_handler_action.h"
55 #include "update_engine/p2p_manager.h"
56 #include "update_engine/payload_consumer/download_action.h"
57 #include "update_engine/payload_consumer/filesystem_verifier_action.h"
58 #include "update_engine/payload_consumer/postinstall_runner_action.h"
59 #include "update_engine/payload_state_interface.h"
60 #include "update_engine/power_manager_interface.h"
61 #include "update_engine/system_state.h"
62 #include "update_engine/update_manager/policy.h"
63 #include "update_engine/update_manager/update_manager.h"
64 #include "update_engine/update_status_utils.h"
65
66 using base::Bind;
67 using base::Callback;
68 using base::Time;
69 using base::TimeDelta;
70 using base::TimeTicks;
71 using brillo::MessageLoop;
72 using chromeos_update_manager::EvalStatus;
73 using chromeos_update_manager::Policy;
74 using chromeos_update_manager::UpdateCheckParams;
75 using std::set;
76 using std::shared_ptr;
77 using std::string;
78 using std::vector;
79 using update_engine::UpdateAttemptFlags;
80 using update_engine::UpdateEngineStatus;
81
82 namespace chromeos_update_engine {
83
84 const int UpdateAttempter::kMaxDeltaUpdateFailures = 3;
85
86 namespace {
87 const int kMaxConsecutiveObeyProxyRequests = 20;
88
89 // Minimum threshold to broadcast an status update in progress and time.
90 const double kBroadcastThresholdProgress = 0.01; // 1%
91 const int kBroadcastThresholdSeconds = 10;
92
93 // By default autest bypasses scattering. If we want to test scattering,
94 // use kScheduledAUTestURLRequest. The URL used is same in both cases, but
95 // different params are passed to CheckForUpdate().
96 const char kAUTestURLRequest[] = "autest";
97 const char kScheduledAUTestURLRequest[] = "autest-scheduled";
98 } // namespace
99
100 // Turns a generic ErrorCode::kError to a generic error code specific
101 // to |action| (e.g., ErrorCode::kFilesystemVerifierError). If |code| is
102 // not ErrorCode::kError, or the action is not matched, returns |code|
103 // unchanged.
GetErrorCodeForAction(AbstractAction * action,ErrorCode code)104 ErrorCode GetErrorCodeForAction(AbstractAction* action,
105 ErrorCode code) {
106 if (code != ErrorCode::kError)
107 return code;
108
109 const string type = action->Type();
110 if (type == OmahaRequestAction::StaticType())
111 return ErrorCode::kOmahaRequestError;
112 if (type == OmahaResponseHandlerAction::StaticType())
113 return ErrorCode::kOmahaResponseHandlerError;
114 if (type == FilesystemVerifierAction::StaticType())
115 return ErrorCode::kFilesystemVerifierError;
116 if (type == PostinstallRunnerAction::StaticType())
117 return ErrorCode::kPostinstallRunnerError;
118
119 return code;
120 }
121
UpdateAttempter(SystemState * system_state,CertificateChecker * cert_checker)122 UpdateAttempter::UpdateAttempter(SystemState* system_state,
123 CertificateChecker* cert_checker)
124 : processor_(new ActionProcessor()),
125 system_state_(system_state),
126 cert_checker_(cert_checker) {}
127
~UpdateAttempter()128 UpdateAttempter::~UpdateAttempter() {
129 // CertificateChecker might not be initialized in unittests.
130 if (cert_checker_)
131 cert_checker_->SetObserver(nullptr);
132 // Release ourselves as the ActionProcessor's delegate to prevent
133 // re-scheduling the updates due to the processing stopped.
134 processor_->set_delegate(nullptr);
135 }
136
Init()137 void UpdateAttempter::Init() {
138 // Pulling from the SystemState can only be done after construction, since
139 // this is an aggregate of various objects (such as the UpdateAttempter),
140 // which requires them all to be constructed prior to it being used.
141 prefs_ = system_state_->prefs();
142 omaha_request_params_ = system_state_->request_params();
143
144 if (cert_checker_)
145 cert_checker_->SetObserver(this);
146
147 // In case of update_engine restart without a reboot we need to restore the
148 // reboot needed state.
149 if (GetBootTimeAtUpdate(nullptr))
150 status_ = UpdateStatus::UPDATED_NEED_REBOOT;
151 else
152 status_ = UpdateStatus::IDLE;
153 }
154
ScheduleUpdates()155 void UpdateAttempter::ScheduleUpdates() {
156 if (IsUpdateRunningOrScheduled())
157 return;
158
159 chromeos_update_manager::UpdateManager* const update_manager =
160 system_state_->update_manager();
161 CHECK(update_manager);
162 Callback<void(EvalStatus, const UpdateCheckParams&)> callback = Bind(
163 &UpdateAttempter::OnUpdateScheduled, base::Unretained(this));
164 // We limit the async policy request to a reasonably short time, to avoid a
165 // starvation due to a transient bug.
166 update_manager->AsyncPolicyRequest(callback, &Policy::UpdateCheckAllowed);
167 waiting_for_scheduled_check_ = true;
168 }
169
CertificateChecked(ServerToCheck server_to_check,CertificateCheckResult result)170 void UpdateAttempter::CertificateChecked(ServerToCheck server_to_check,
171 CertificateCheckResult result) {
172 system_state_->metrics_reporter()->ReportCertificateCheckMetrics(
173 server_to_check, result);
174 }
175
CheckAndReportDailyMetrics()176 bool UpdateAttempter::CheckAndReportDailyMetrics() {
177 int64_t stored_value;
178 Time now = system_state_->clock()->GetWallclockTime();
179 if (system_state_->prefs()->Exists(kPrefsDailyMetricsLastReportedAt) &&
180 system_state_->prefs()->GetInt64(kPrefsDailyMetricsLastReportedAt,
181 &stored_value)) {
182 Time last_reported_at = Time::FromInternalValue(stored_value);
183 TimeDelta time_reported_since = now - last_reported_at;
184 if (time_reported_since.InSeconds() < 0) {
185 LOG(WARNING) << "Last reported daily metrics "
186 << utils::FormatTimeDelta(time_reported_since) << " ago "
187 << "which is negative. Either the system clock is wrong or "
188 << "the kPrefsDailyMetricsLastReportedAt state variable "
189 << "is wrong.";
190 // In this case, report daily metrics to reset.
191 } else {
192 if (time_reported_since.InSeconds() < 24*60*60) {
193 LOG(INFO) << "Last reported daily metrics "
194 << utils::FormatTimeDelta(time_reported_since) << " ago.";
195 return false;
196 }
197 LOG(INFO) << "Last reported daily metrics "
198 << utils::FormatTimeDelta(time_reported_since) << " ago, "
199 << "which is more than 24 hours ago.";
200 }
201 }
202
203 LOG(INFO) << "Reporting daily metrics.";
204 system_state_->prefs()->SetInt64(kPrefsDailyMetricsLastReportedAt,
205 now.ToInternalValue());
206
207 ReportOSAge();
208
209 return true;
210 }
211
ReportOSAge()212 void UpdateAttempter::ReportOSAge() {
213 struct stat sb;
214
215 if (system_state_ == nullptr)
216 return;
217
218 if (stat("/etc/lsb-release", &sb) != 0) {
219 PLOG(ERROR) << "Error getting file status for /etc/lsb-release "
220 << "(Note: this may happen in some unit tests)";
221 return;
222 }
223
224 Time lsb_release_timestamp = utils::TimeFromStructTimespec(&sb.st_ctim);
225 Time now = system_state_->clock()->GetWallclockTime();
226 TimeDelta age = now - lsb_release_timestamp;
227 if (age.InSeconds() < 0) {
228 LOG(ERROR) << "The OS age (" << utils::FormatTimeDelta(age)
229 << ") is negative. Maybe the clock is wrong? "
230 << "(Note: this may happen in some unit tests.)";
231 return;
232 }
233
234 system_state_->metrics_reporter()->ReportDailyMetrics(age);
235 }
236
Update(const string & app_version,const string & omaha_url,const string & target_channel,const string & target_version_prefix,bool obey_proxies,bool interactive)237 void UpdateAttempter::Update(const string& app_version,
238 const string& omaha_url,
239 const string& target_channel,
240 const string& target_version_prefix,
241 bool obey_proxies,
242 bool interactive) {
243 // This is normally called frequently enough so it's appropriate to use as a
244 // hook for reporting daily metrics.
245 // TODO(garnold) This should be hooked to a separate (reliable and consistent)
246 // timeout event.
247 CheckAndReportDailyMetrics();
248
249 // Notify of the new update attempt, clearing prior interactive requests.
250 if (forced_update_pending_callback_.get())
251 forced_update_pending_callback_->Run(false, false);
252
253 fake_update_success_ = false;
254 if (status_ == UpdateStatus::UPDATED_NEED_REBOOT) {
255 // Although we have applied an update, we still want to ping Omaha
256 // to ensure the number of active statistics is accurate.
257 //
258 // Also convey to the UpdateEngine.Check.Result metric that we're
259 // not performing an update check because of this.
260 LOG(INFO) << "Not updating b/c we already updated and we're waiting for "
261 << "reboot, we'll ping Omaha instead";
262 system_state_->metrics_reporter()->ReportUpdateCheckMetrics(
263 system_state_,
264 metrics::CheckResult::kRebootPending,
265 metrics::CheckReaction::kUnset,
266 metrics::DownloadErrorCode::kUnset);
267 PingOmaha();
268 return;
269 }
270 if (status_ != UpdateStatus::IDLE) {
271 // Update in progress. Do nothing
272 return;
273 }
274
275 if (!CalculateUpdateParams(app_version,
276 omaha_url,
277 target_channel,
278 target_version_prefix,
279 obey_proxies,
280 interactive)) {
281 return;
282 }
283
284 BuildUpdateActions(interactive);
285
286 SetStatusAndNotify(UpdateStatus::CHECKING_FOR_UPDATE);
287
288 // Update the last check time here; it may be re-updated when an Omaha
289 // response is received, but this will prevent us from repeatedly scheduling
290 // checks in the case where a response is not received.
291 UpdateLastCheckedTime();
292
293 // Just in case we didn't update boot flags yet, make sure they're updated
294 // before any update processing starts.
295 start_action_processor_ = true;
296 UpdateBootFlags();
297 }
298
RefreshDevicePolicy()299 void UpdateAttempter::RefreshDevicePolicy() {
300 // Lazy initialize the policy provider, or reload the latest policy data.
301 if (!policy_provider_.get())
302 policy_provider_.reset(new policy::PolicyProvider());
303 policy_provider_->Reload();
304
305 const policy::DevicePolicy* device_policy = nullptr;
306 if (policy_provider_->device_policy_is_loaded())
307 device_policy = &policy_provider_->GetDevicePolicy();
308
309 if (device_policy)
310 LOG(INFO) << "Device policies/settings present";
311 else
312 LOG(INFO) << "No device policies/settings present.";
313
314 system_state_->set_device_policy(device_policy);
315 system_state_->p2p_manager()->SetDevicePolicy(device_policy);
316 }
317
CalculateP2PParams(bool interactive)318 void UpdateAttempter::CalculateP2PParams(bool interactive) {
319 bool use_p2p_for_downloading = false;
320 bool use_p2p_for_sharing = false;
321
322 // Never use p2p for downloading in interactive checks unless the developer
323 // has opted in for it via a marker file.
324 //
325 // (Why would a developer want to opt in? If they are working on the
326 // update_engine or p2p codebases so they can actually test their code.)
327
328 if (system_state_ != nullptr) {
329 if (!system_state_->p2p_manager()->IsP2PEnabled()) {
330 LOG(INFO) << "p2p is not enabled - disallowing p2p for both"
331 << " downloading and sharing.";
332 } else {
333 // Allow p2p for sharing, even in interactive checks.
334 use_p2p_for_sharing = true;
335 if (!interactive) {
336 LOG(INFO) << "Non-interactive check - allowing p2p for downloading";
337 use_p2p_for_downloading = true;
338 } else {
339 LOG(INFO) << "Forcibly disabling use of p2p for downloading "
340 << "since this update attempt is interactive.";
341 }
342 }
343 }
344
345 PayloadStateInterface* const payload_state = system_state_->payload_state();
346 payload_state->SetUsingP2PForDownloading(use_p2p_for_downloading);
347 payload_state->SetUsingP2PForSharing(use_p2p_for_sharing);
348 }
349
CalculateUpdateParams(const string & app_version,const string & omaha_url,const string & target_channel,const string & target_version_prefix,bool obey_proxies,bool interactive)350 bool UpdateAttempter::CalculateUpdateParams(const string& app_version,
351 const string& omaha_url,
352 const string& target_channel,
353 const string& target_version_prefix,
354 bool obey_proxies,
355 bool interactive) {
356 http_response_code_ = 0;
357 PayloadStateInterface* const payload_state = system_state_->payload_state();
358
359 // Refresh the policy before computing all the update parameters.
360 RefreshDevicePolicy();
361
362 // Update the target version prefix.
363 omaha_request_params_->set_target_version_prefix(target_version_prefix);
364
365 CalculateScatteringParams(interactive);
366
367 CalculateP2PParams(interactive);
368 if (payload_state->GetUsingP2PForDownloading() ||
369 payload_state->GetUsingP2PForSharing()) {
370 // OK, p2p is to be used - start it and perform housekeeping.
371 if (!StartP2PAndPerformHousekeeping()) {
372 // If this fails, disable p2p for this attempt
373 LOG(INFO) << "Forcibly disabling use of p2p since starting p2p or "
374 << "performing housekeeping failed.";
375 payload_state->SetUsingP2PForDownloading(false);
376 payload_state->SetUsingP2PForSharing(false);
377 }
378 }
379
380 if (!omaha_request_params_->Init(app_version,
381 omaha_url,
382 interactive)) {
383 LOG(ERROR) << "Unable to initialize Omaha request params.";
384 return false;
385 }
386
387 // Set the target channel, if one was provided.
388 if (target_channel.empty()) {
389 LOG(INFO) << "No target channel mandated by policy.";
390 } else {
391 LOG(INFO) << "Setting target channel as mandated: " << target_channel;
392 // Pass in false for powerwash_allowed until we add it to the policy
393 // protobuf.
394 string error_message;
395 if (!omaha_request_params_->SetTargetChannel(target_channel, false,
396 &error_message)) {
397 LOG(ERROR) << "Setting the channel failed: " << error_message;
398 }
399
400 // Since this is the beginning of a new attempt, update the download
401 // channel. The download channel won't be updated until the next attempt,
402 // even if target channel changes meanwhile, so that how we'll know if we
403 // should cancel the current download attempt if there's such a change in
404 // target channel.
405 omaha_request_params_->UpdateDownloadChannel();
406 }
407
408 LOG(INFO) << "target_version_prefix = "
409 << omaha_request_params_->target_version_prefix()
410 << ", scatter_factor_in_seconds = "
411 << utils::FormatSecs(scatter_factor_.InSeconds());
412
413 LOG(INFO) << "Wall Clock Based Wait Enabled = "
414 << omaha_request_params_->wall_clock_based_wait_enabled()
415 << ", Update Check Count Wait Enabled = "
416 << omaha_request_params_->update_check_count_wait_enabled()
417 << ", Waiting Period = " << utils::FormatSecs(
418 omaha_request_params_->waiting_period().InSeconds());
419
420 LOG(INFO) << "Use p2p For Downloading = "
421 << payload_state->GetUsingP2PForDownloading()
422 << ", Use p2p For Sharing = "
423 << payload_state->GetUsingP2PForSharing();
424
425 obeying_proxies_ = true;
426 if (obey_proxies || proxy_manual_checks_ == 0) {
427 LOG(INFO) << "forced to obey proxies";
428 // If forced to obey proxies, every 20th request will not use proxies
429 proxy_manual_checks_++;
430 LOG(INFO) << "proxy manual checks: " << proxy_manual_checks_;
431 if (proxy_manual_checks_ >= kMaxConsecutiveObeyProxyRequests) {
432 proxy_manual_checks_ = 0;
433 obeying_proxies_ = false;
434 }
435 } else if (base::RandInt(0, 4) == 0) {
436 obeying_proxies_ = false;
437 }
438 LOG_IF(INFO, !obeying_proxies_) << "To help ensure updates work, this update "
439 "check we are ignoring the proxy settings and using "
440 "direct connections.";
441
442 DisableDeltaUpdateIfNeeded();
443 return true;
444 }
445
CalculateScatteringParams(bool interactive)446 void UpdateAttempter::CalculateScatteringParams(bool interactive) {
447 // Take a copy of the old scatter value before we update it, as
448 // we need to update the waiting period if this value changes.
449 TimeDelta old_scatter_factor = scatter_factor_;
450 const policy::DevicePolicy* device_policy = system_state_->device_policy();
451 if (device_policy) {
452 int64_t new_scatter_factor_in_secs = 0;
453 device_policy->GetScatterFactorInSeconds(&new_scatter_factor_in_secs);
454 if (new_scatter_factor_in_secs < 0) // sanitize input, just in case.
455 new_scatter_factor_in_secs = 0;
456 scatter_factor_ = TimeDelta::FromSeconds(new_scatter_factor_in_secs);
457 }
458
459 bool is_scatter_enabled = false;
460 if (scatter_factor_.InSeconds() == 0) {
461 LOG(INFO) << "Scattering disabled since scatter factor is set to 0";
462 } else if (interactive) {
463 LOG(INFO) << "Scattering disabled as this is an interactive update check";
464 } else if (system_state_->hardware()->IsOOBEEnabled() &&
465 !system_state_->hardware()->IsOOBEComplete(nullptr)) {
466 LOG(INFO) << "Scattering disabled since OOBE is enabled but not complete "
467 "yet";
468 } else {
469 is_scatter_enabled = true;
470 LOG(INFO) << "Scattering is enabled";
471 }
472
473 if (is_scatter_enabled) {
474 // This means the scattering policy is turned on.
475 // Now check if we need to update the waiting period. The two cases
476 // in which we'd need to update the waiting period are:
477 // 1. First time in process or a scheduled check after a user-initiated one.
478 // (omaha_request_params_->waiting_period will be zero in this case).
479 // 2. Admin has changed the scattering policy value.
480 // (new scattering value will be different from old one in this case).
481 int64_t wait_period_in_secs = 0;
482 if (omaha_request_params_->waiting_period().InSeconds() == 0) {
483 // First case. Check if we have a suitable value to set for
484 // the waiting period.
485 if (prefs_->GetInt64(kPrefsWallClockWaitPeriod, &wait_period_in_secs) &&
486 wait_period_in_secs > 0 &&
487 wait_period_in_secs <= scatter_factor_.InSeconds()) {
488 // This means:
489 // 1. There's a persisted value for the waiting period available.
490 // 2. And that persisted value is still valid.
491 // So, in this case, we should reuse the persisted value instead of
492 // generating a new random value to improve the chances of a good
493 // distribution for scattering.
494 omaha_request_params_->set_waiting_period(
495 TimeDelta::FromSeconds(wait_period_in_secs));
496 LOG(INFO) << "Using persisted wall-clock waiting period: " <<
497 utils::FormatSecs(
498 omaha_request_params_->waiting_period().InSeconds());
499 } else {
500 // This means there's no persisted value for the waiting period
501 // available or its value is invalid given the new scatter_factor value.
502 // So, we should go ahead and regenerate a new value for the
503 // waiting period.
504 LOG(INFO) << "Persisted value not present or not valid ("
505 << utils::FormatSecs(wait_period_in_secs)
506 << ") for wall-clock waiting period.";
507 GenerateNewWaitingPeriod();
508 }
509 } else if (scatter_factor_ != old_scatter_factor) {
510 // This means there's already a waiting period value, but we detected
511 // a change in the scattering policy value. So, we should regenerate the
512 // waiting period to make sure it's within the bounds of the new scatter
513 // factor value.
514 GenerateNewWaitingPeriod();
515 } else {
516 // Neither the first time scattering is enabled nor the scattering value
517 // changed. Nothing to do.
518 LOG(INFO) << "Keeping current wall-clock waiting period: " <<
519 utils::FormatSecs(
520 omaha_request_params_->waiting_period().InSeconds());
521 }
522
523 // The invariant at this point is that omaha_request_params_->waiting_period
524 // is non-zero no matter which path we took above.
525 LOG_IF(ERROR, omaha_request_params_->waiting_period().InSeconds() == 0)
526 << "Waiting Period should NOT be zero at this point!!!";
527
528 // Since scattering is enabled, wall clock based wait will always be
529 // enabled.
530 omaha_request_params_->set_wall_clock_based_wait_enabled(true);
531
532 // If we don't have any issues in accessing the file system to update
533 // the update check count value, we'll turn that on as well.
534 bool decrement_succeeded = DecrementUpdateCheckCount();
535 omaha_request_params_->set_update_check_count_wait_enabled(
536 decrement_succeeded);
537 } else {
538 // This means the scattering feature is turned off or disabled for
539 // this particular update check. Make sure to disable
540 // all the knobs and artifacts so that we don't invoke any scattering
541 // related code.
542 omaha_request_params_->set_wall_clock_based_wait_enabled(false);
543 omaha_request_params_->set_update_check_count_wait_enabled(false);
544 omaha_request_params_->set_waiting_period(TimeDelta::FromSeconds(0));
545 prefs_->Delete(kPrefsWallClockWaitPeriod);
546 prefs_->Delete(kPrefsUpdateCheckCount);
547 // Don't delete the UpdateFirstSeenAt file as we don't want manual checks
548 // that result in no-updates (e.g. due to server side throttling) to
549 // cause update starvation by having the client generate a new
550 // UpdateFirstSeenAt for each scheduled check that follows a manual check.
551 }
552 }
553
GenerateNewWaitingPeriod()554 void UpdateAttempter::GenerateNewWaitingPeriod() {
555 omaha_request_params_->set_waiting_period(TimeDelta::FromSeconds(
556 base::RandInt(1, scatter_factor_.InSeconds())));
557
558 LOG(INFO) << "Generated new wall-clock waiting period: " << utils::FormatSecs(
559 omaha_request_params_->waiting_period().InSeconds());
560
561 // Do a best-effort to persist this in all cases. Even if the persistence
562 // fails, we'll still be able to scatter based on our in-memory value.
563 // The persistence only helps in ensuring a good overall distribution
564 // across multiple devices if they tend to reboot too often.
565 system_state_->payload_state()->SetScatteringWaitPeriod(
566 omaha_request_params_->waiting_period());
567 }
568
BuildPostInstallActions(InstallPlanAction * previous_action)569 void UpdateAttempter::BuildPostInstallActions(
570 InstallPlanAction* previous_action) {
571 shared_ptr<PostinstallRunnerAction> postinstall_runner_action(
572 new PostinstallRunnerAction(system_state_->boot_control(),
573 system_state_->hardware()));
574 postinstall_runner_action->set_delegate(this);
575 actions_.push_back(shared_ptr<AbstractAction>(postinstall_runner_action));
576 BondActions(previous_action,
577 postinstall_runner_action.get());
578 }
579
BuildUpdateActions(bool interactive)580 void UpdateAttempter::BuildUpdateActions(bool interactive) {
581 CHECK(!processor_->IsRunning());
582 processor_->set_delegate(this);
583
584 // Actions:
585 std::unique_ptr<LibcurlHttpFetcher> update_check_fetcher(
586 new LibcurlHttpFetcher(GetProxyResolver(), system_state_->hardware()));
587 update_check_fetcher->set_server_to_check(ServerToCheck::kUpdate);
588 // Try harder to connect to the network, esp when not interactive.
589 // See comment in libcurl_http_fetcher.cc.
590 update_check_fetcher->set_no_network_max_retries(interactive ? 1 : 3);
591 shared_ptr<OmahaRequestAction> update_check_action(
592 new OmahaRequestAction(system_state_,
593 nullptr,
594 std::move(update_check_fetcher),
595 false));
596 shared_ptr<OmahaResponseHandlerAction> response_handler_action(
597 new OmahaResponseHandlerAction(system_state_));
598
599 shared_ptr<OmahaRequestAction> download_started_action(new OmahaRequestAction(
600 system_state_,
601 new OmahaEvent(OmahaEvent::kTypeUpdateDownloadStarted),
602 std::make_unique<LibcurlHttpFetcher>(GetProxyResolver(),
603 system_state_->hardware()),
604 false));
605
606 LibcurlHttpFetcher* download_fetcher =
607 new LibcurlHttpFetcher(GetProxyResolver(), system_state_->hardware());
608 download_fetcher->set_server_to_check(ServerToCheck::kDownload);
609 if (interactive)
610 download_fetcher->set_max_retry_count(kDownloadMaxRetryCountInteractive);
611 shared_ptr<DownloadAction> download_action(
612 new DownloadAction(prefs_,
613 system_state_->boot_control(),
614 system_state_->hardware(),
615 system_state_,
616 download_fetcher, // passes ownership
617 interactive));
618 shared_ptr<OmahaRequestAction> download_finished_action(
619 new OmahaRequestAction(
620 system_state_,
621 new OmahaEvent(OmahaEvent::kTypeUpdateDownloadFinished),
622 std::make_unique<LibcurlHttpFetcher>(GetProxyResolver(),
623 system_state_->hardware()),
624 false));
625 shared_ptr<FilesystemVerifierAction> filesystem_verifier_action(
626 new FilesystemVerifierAction());
627 shared_ptr<OmahaRequestAction> update_complete_action(
628 new OmahaRequestAction(system_state_,
629 new OmahaEvent(OmahaEvent::kTypeUpdateComplete),
630 std::make_unique<LibcurlHttpFetcher>(
631 GetProxyResolver(), system_state_->hardware()),
632 false));
633
634 download_action->set_delegate(this);
635 response_handler_action_ = response_handler_action;
636 download_action_ = download_action;
637
638 actions_.push_back(shared_ptr<AbstractAction>(update_check_action));
639 actions_.push_back(shared_ptr<AbstractAction>(response_handler_action));
640 actions_.push_back(shared_ptr<AbstractAction>(download_started_action));
641 actions_.push_back(shared_ptr<AbstractAction>(download_action));
642 actions_.push_back(shared_ptr<AbstractAction>(download_finished_action));
643 actions_.push_back(shared_ptr<AbstractAction>(filesystem_verifier_action));
644
645 // Bond them together. We have to use the leaf-types when calling
646 // BondActions().
647 BondActions(update_check_action.get(),
648 response_handler_action.get());
649 BondActions(response_handler_action.get(),
650 download_action.get());
651 BondActions(download_action.get(),
652 filesystem_verifier_action.get());
653 BuildPostInstallActions(filesystem_verifier_action.get());
654
655 actions_.push_back(shared_ptr<AbstractAction>(update_complete_action));
656
657 // Enqueue the actions
658 for (const shared_ptr<AbstractAction>& action : actions_) {
659 processor_->EnqueueAction(action.get());
660 }
661 }
662
Rollback(bool powerwash)663 bool UpdateAttempter::Rollback(bool powerwash) {
664 if (!CanRollback()) {
665 return false;
666 }
667
668 // Extra check for enterprise-enrolled devices since they don't support
669 // powerwash.
670 if (powerwash) {
671 // Enterprise-enrolled devices have an empty owner in their device policy.
672 string owner;
673 RefreshDevicePolicy();
674 const policy::DevicePolicy* device_policy = system_state_->device_policy();
675 if (device_policy && (!device_policy->GetOwner(&owner) || owner.empty())) {
676 LOG(ERROR) << "Enterprise device detected. "
677 << "Cannot perform a powerwash for enterprise devices.";
678 return false;
679 }
680 }
681
682 processor_->set_delegate(this);
683
684 // Initialize the default request params.
685 if (!omaha_request_params_->Init("", "", true)) {
686 LOG(ERROR) << "Unable to initialize Omaha request params.";
687 return false;
688 }
689
690 LOG(INFO) << "Setting rollback options.";
691 InstallPlan install_plan;
692
693 install_plan.target_slot = GetRollbackSlot();
694 install_plan.source_slot = system_state_->boot_control()->GetCurrentSlot();
695
696 TEST_AND_RETURN_FALSE(
697 install_plan.LoadPartitionsFromSlots(system_state_->boot_control()));
698 install_plan.powerwash_required = powerwash;
699
700 LOG(INFO) << "Using this install plan:";
701 install_plan.Dump();
702
703 shared_ptr<InstallPlanAction> install_plan_action(
704 new InstallPlanAction(install_plan));
705 actions_.push_back(shared_ptr<AbstractAction>(install_plan_action));
706
707 BuildPostInstallActions(install_plan_action.get());
708
709 // Enqueue the actions
710 for (const shared_ptr<AbstractAction>& action : actions_) {
711 processor_->EnqueueAction(action.get());
712 }
713
714 // Update the payload state for Rollback.
715 system_state_->payload_state()->Rollback();
716
717 SetStatusAndNotify(UpdateStatus::ATTEMPTING_ROLLBACK);
718
719 // Just in case we didn't update boot flags yet, make sure they're updated
720 // before any update processing starts. This also schedules the start of the
721 // actions we just posted.
722 start_action_processor_ = true;
723 UpdateBootFlags();
724 return true;
725 }
726
CanRollback() const727 bool UpdateAttempter::CanRollback() const {
728 // We can only rollback if the update_engine isn't busy and we have a valid
729 // rollback partition.
730 return (status_ == UpdateStatus::IDLE &&
731 GetRollbackSlot() != BootControlInterface::kInvalidSlot);
732 }
733
GetRollbackSlot() const734 BootControlInterface::Slot UpdateAttempter::GetRollbackSlot() const {
735 LOG(INFO) << "UpdateAttempter::GetRollbackSlot";
736 const unsigned int num_slots = system_state_->boot_control()->GetNumSlots();
737 const BootControlInterface::Slot current_slot =
738 system_state_->boot_control()->GetCurrentSlot();
739
740 LOG(INFO) << " Installed slots: " << num_slots;
741 LOG(INFO) << " Booted from slot: "
742 << BootControlInterface::SlotName(current_slot);
743
744 if (current_slot == BootControlInterface::kInvalidSlot || num_slots < 2) {
745 LOG(INFO) << "Device is not updateable.";
746 return BootControlInterface::kInvalidSlot;
747 }
748
749 vector<BootControlInterface::Slot> bootable_slots;
750 for (BootControlInterface::Slot slot = 0; slot < num_slots; slot++) {
751 if (slot != current_slot &&
752 system_state_->boot_control()->IsSlotBootable(slot)) {
753 LOG(INFO) << "Found bootable slot "
754 << BootControlInterface::SlotName(slot);
755 return slot;
756 }
757 }
758 LOG(INFO) << "No other bootable slot found.";
759 return BootControlInterface::kInvalidSlot;
760 }
761
CheckForUpdate(const string & app_version,const string & omaha_url,UpdateAttemptFlags flags)762 bool UpdateAttempter::CheckForUpdate(const string& app_version,
763 const string& omaha_url,
764 UpdateAttemptFlags flags) {
765 bool interactive = !(flags & UpdateAttemptFlags::kFlagNonInteractive);
766
767 if (interactive && status_ != UpdateStatus::IDLE) {
768 // An update check is either in-progress, or an update has completed and the
769 // system is in UPDATED_NEED_REBOOT. Either way, don't do an interactive
770 // update at this time
771 LOG(INFO) << "Refusing to do an interactive update with an update already "
772 "in progress";
773 return false;
774 }
775
776 LOG(INFO) << "Forced update check requested.";
777 forced_app_version_.clear();
778 forced_omaha_url_.clear();
779
780 // Certain conditions must be met to allow setting custom version and update
781 // server URLs. However, kScheduledAUTestURLRequest and kAUTestURLRequest are
782 // always allowed regardless of device state.
783 if (IsAnyUpdateSourceAllowed()) {
784 forced_app_version_ = app_version;
785 forced_omaha_url_ = omaha_url;
786 }
787 if (omaha_url == kScheduledAUTestURLRequest) {
788 forced_omaha_url_ = constants::kOmahaDefaultAUTestURL;
789 // Pretend that it's not user-initiated even though it is,
790 // so as to test scattering logic, etc. which get kicked off
791 // only in scheduled update checks.
792 interactive = false;
793 } else if (omaha_url == kAUTestURLRequest) {
794 forced_omaha_url_ = constants::kOmahaDefaultAUTestURL;
795 }
796
797 if (interactive) {
798 // Use the passed-in update attempt flags for this update attempt instead
799 // of the previously set ones.
800 current_update_attempt_flags_ = flags;
801 // Note: The caching for non-interactive update checks happens in
802 // OnUpdateScheduled().
803 }
804
805 if (forced_update_pending_callback_.get()) {
806 // Make sure that a scheduling request is made prior to calling the forced
807 // update pending callback.
808 ScheduleUpdates();
809 forced_update_pending_callback_->Run(true, interactive);
810 }
811
812 return true;
813 }
814
RebootIfNeeded()815 bool UpdateAttempter::RebootIfNeeded() {
816 if (status_ != UpdateStatus::UPDATED_NEED_REBOOT) {
817 LOG(INFO) << "Reboot requested, but status is "
818 << UpdateStatusToString(status_) << ", so not rebooting.";
819 return false;
820 }
821
822 if (system_state_->power_manager()->RequestReboot())
823 return true;
824
825 return RebootDirectly();
826 }
827
WriteUpdateCompletedMarker()828 void UpdateAttempter::WriteUpdateCompletedMarker() {
829 string boot_id;
830 if (!utils::GetBootId(&boot_id))
831 return;
832 prefs_->SetString(kPrefsUpdateCompletedOnBootId, boot_id);
833
834 int64_t value = system_state_->clock()->GetBootTime().ToInternalValue();
835 prefs_->SetInt64(kPrefsUpdateCompletedBootTime, value);
836 }
837
RebootDirectly()838 bool UpdateAttempter::RebootDirectly() {
839 vector<string> command;
840 command.push_back("/sbin/shutdown");
841 command.push_back("-r");
842 command.push_back("now");
843 LOG(INFO) << "Running \"" << base::JoinString(command, " ") << "\"";
844 int rc = 0;
845 Subprocess::SynchronousExec(command, &rc, nullptr);
846 return rc == 0;
847 }
848
OnUpdateScheduled(EvalStatus status,const UpdateCheckParams & params)849 void UpdateAttempter::OnUpdateScheduled(EvalStatus status,
850 const UpdateCheckParams& params) {
851 waiting_for_scheduled_check_ = false;
852
853 if (status == EvalStatus::kSucceeded) {
854 if (!params.updates_enabled) {
855 LOG(WARNING) << "Updates permanently disabled.";
856 // Signal disabled status, then switch right back to idle. This is
857 // necessary for ensuring that observers waiting for a signal change will
858 // actually notice one on subsequent calls. Note that we don't need to
859 // re-schedule a check in this case as updates are permanently disabled;
860 // further (forced) checks may still initiate a scheduling call.
861 SetStatusAndNotify(UpdateStatus::DISABLED);
862 SetStatusAndNotify(UpdateStatus::IDLE);
863 return;
864 }
865
866 LOG(INFO) << "Running "
867 << (params.is_interactive ? "interactive" : "periodic")
868 << " update.";
869
870 if (!params.is_interactive) {
871 // Cache the update attempt flags that will be used by this update attempt
872 // so that they can't be changed mid-way through.
873 current_update_attempt_flags_ = update_attempt_flags_;
874 }
875
876 LOG(INFO) << "Update attempt flags in use = 0x" << std::hex
877 << current_update_attempt_flags_;
878
879 Update(forced_app_version_, forced_omaha_url_, params.target_channel,
880 params.target_version_prefix, false, params.is_interactive);
881 // Always clear the forced app_version and omaha_url after an update attempt
882 // so the next update uses the defaults.
883 forced_app_version_.clear();
884 forced_omaha_url_.clear();
885 } else {
886 LOG(WARNING)
887 << "Update check scheduling failed (possibly timed out); retrying.";
888 ScheduleUpdates();
889 }
890
891 // This check ensures that future update checks will be or are already
892 // scheduled. The check should never fail. A check failure means that there's
893 // a bug that will most likely prevent further automatic update checks. It
894 // seems better to crash in such cases and restart the update_engine daemon
895 // into, hopefully, a known good state.
896 CHECK(IsUpdateRunningOrScheduled());
897 }
898
UpdateLastCheckedTime()899 void UpdateAttempter::UpdateLastCheckedTime() {
900 last_checked_time_ = system_state_->clock()->GetWallclockTime().ToTimeT();
901 }
902
903 // Delegate methods:
ProcessingDone(const ActionProcessor * processor,ErrorCode code)904 void UpdateAttempter::ProcessingDone(const ActionProcessor* processor,
905 ErrorCode code) {
906 LOG(INFO) << "Processing Done.";
907 actions_.clear();
908
909 // Reset cpu shares back to normal.
910 cpu_limiter_.StopLimiter();
911
912 // reset the state that's only valid for a single update pass
913 current_update_attempt_flags_ = UpdateAttemptFlags::kNone;
914
915 if (status_ == UpdateStatus::REPORTING_ERROR_EVENT) {
916 LOG(INFO) << "Error event sent.";
917
918 // Inform scheduler of new status;
919 SetStatusAndNotify(UpdateStatus::IDLE);
920 ScheduleUpdates();
921
922 if (!fake_update_success_) {
923 return;
924 }
925 LOG(INFO) << "Booted from FW B and tried to install new firmware, "
926 "so requesting reboot from user.";
927 }
928
929 if (code == ErrorCode::kSuccess) {
930 WriteUpdateCompletedMarker();
931 prefs_->SetInt64(kPrefsDeltaUpdateFailures, 0);
932 prefs_->SetString(kPrefsPreviousVersion,
933 omaha_request_params_->app_version());
934 DeltaPerformer::ResetUpdateProgress(prefs_, false);
935
936 system_state_->payload_state()->UpdateSucceeded();
937
938 // Since we're done with scattering fully at this point, this is the
939 // safest point delete the state files, as we're sure that the status is
940 // set to reboot (which means no more updates will be applied until reboot)
941 // This deletion is required for correctness as we want the next update
942 // check to re-create a new random number for the update check count.
943 // Similarly, we also delete the wall-clock-wait period that was persisted
944 // so that we start with a new random value for the next update check
945 // after reboot so that the same device is not favored or punished in any
946 // way.
947 prefs_->Delete(kPrefsUpdateCheckCount);
948 system_state_->payload_state()->SetScatteringWaitPeriod(TimeDelta());
949 prefs_->Delete(kPrefsUpdateFirstSeenAt);
950
951 SetStatusAndNotify(UpdateStatus::UPDATED_NEED_REBOOT);
952 ScheduleUpdates();
953 LOG(INFO) << "Update successfully applied, waiting to reboot.";
954
955 // This pointer is null during rollback operations, and the stats
956 // don't make much sense then anyway.
957 if (response_handler_action_) {
958 const InstallPlan& install_plan =
959 response_handler_action_->install_plan();
960
961 // Generate an unique payload identifier.
962 string target_version_uid;
963 for (const auto& payload : install_plan.payloads) {
964 target_version_uid +=
965 brillo::data_encoding::Base64Encode(payload.hash) + ":" +
966 payload.metadata_signature + ":";
967 }
968
969 // Expect to reboot into the new version to send the proper metric during
970 // next boot.
971 system_state_->payload_state()->ExpectRebootInNewVersion(
972 target_version_uid);
973 } else {
974 // If we just finished a rollback, then we expect to have no Omaha
975 // response. Otherwise, it's an error.
976 if (system_state_->payload_state()->GetRollbackVersion().empty()) {
977 LOG(ERROR) << "Can't send metrics because expected "
978 "response_handler_action_ missing.";
979 }
980 }
981 return;
982 }
983
984 if (ScheduleErrorEventAction()) {
985 return;
986 }
987 LOG(INFO) << "No update.";
988 SetStatusAndNotify(UpdateStatus::IDLE);
989 ScheduleUpdates();
990 }
991
ProcessingStopped(const ActionProcessor * processor)992 void UpdateAttempter::ProcessingStopped(const ActionProcessor* processor) {
993 // Reset cpu shares back to normal.
994 cpu_limiter_.StopLimiter();
995 download_progress_ = 0.0;
996 SetStatusAndNotify(UpdateStatus::IDLE);
997 ScheduleUpdates();
998 actions_.clear();
999 error_event_.reset(nullptr);
1000 }
1001
1002 // Called whenever an action has finished processing, either successfully
1003 // or otherwise.
ActionCompleted(ActionProcessor * processor,AbstractAction * action,ErrorCode code)1004 void UpdateAttempter::ActionCompleted(ActionProcessor* processor,
1005 AbstractAction* action,
1006 ErrorCode code) {
1007 // Reset download progress regardless of whether or not the download
1008 // action succeeded. Also, get the response code from HTTP request
1009 // actions (update download as well as the initial update check
1010 // actions).
1011 const string type = action->Type();
1012 if (type == DownloadAction::StaticType()) {
1013 download_progress_ = 0.0;
1014 DownloadAction* download_action = static_cast<DownloadAction*>(action);
1015 http_response_code_ = download_action->GetHTTPResponseCode();
1016 } else if (type == OmahaRequestAction::StaticType()) {
1017 OmahaRequestAction* omaha_request_action =
1018 static_cast<OmahaRequestAction*>(action);
1019 // If the request is not an event, then it's the update-check.
1020 if (!omaha_request_action->IsEvent()) {
1021 http_response_code_ = omaha_request_action->GetHTTPResponseCode();
1022
1023 // Record the number of consecutive failed update checks.
1024 if (http_response_code_ == kHttpResponseInternalServerError ||
1025 http_response_code_ == kHttpResponseServiceUnavailable) {
1026 consecutive_failed_update_checks_++;
1027 } else {
1028 consecutive_failed_update_checks_ = 0;
1029 }
1030
1031 // Store the server-dictated poll interval, if any.
1032 server_dictated_poll_interval_ =
1033 std::max(0, omaha_request_action->GetOutputObject().poll_interval);
1034 }
1035 } else if (type == OmahaResponseHandlerAction::StaticType()) {
1036 // Depending on the returned error code, note that an update is available.
1037 if (code == ErrorCode::kOmahaUpdateDeferredPerPolicy ||
1038 code == ErrorCode::kSuccess) {
1039 // Note that the status will be updated to DOWNLOADING when some bytes
1040 // get actually downloaded from the server and the BytesReceived
1041 // callback is invoked. This avoids notifying the user that a download
1042 // has started in cases when the server and the client are unable to
1043 // initiate the download.
1044 CHECK(action == response_handler_action_.get());
1045 auto plan = response_handler_action_->install_plan();
1046 UpdateLastCheckedTime();
1047 new_version_ = plan.version;
1048 new_system_version_ = plan.system_version;
1049 new_payload_size_ = 0;
1050 for (const auto& payload : plan.payloads)
1051 new_payload_size_ += payload.size;
1052 cpu_limiter_.StartLimiter();
1053 SetStatusAndNotify(UpdateStatus::UPDATE_AVAILABLE);
1054 }
1055 }
1056 // General failure cases.
1057 if (code != ErrorCode::kSuccess) {
1058 // If the current state is at or past the download phase, count the failure
1059 // in case a switch to full update becomes necessary. Ignore network
1060 // transfer timeouts and failures.
1061 if (status_ >= UpdateStatus::DOWNLOADING &&
1062 code != ErrorCode::kDownloadTransferError) {
1063 MarkDeltaUpdateFailure();
1064 }
1065 // On failure, schedule an error event to be sent to Omaha.
1066 CreatePendingErrorEvent(action, code);
1067 return;
1068 }
1069 // Find out which action completed (successfully).
1070 if (type == DownloadAction::StaticType()) {
1071 SetStatusAndNotify(UpdateStatus::FINALIZING);
1072 } else if (type == FilesystemVerifierAction::StaticType()) {
1073 // Log the system properties before the postinst and after the file system
1074 // is verified. It used to be done in the postinst itself. But postinst
1075 // cannot do this anymore. On the other hand, these logs are frequently
1076 // looked at and it is preferable not to scatter them in random location in
1077 // the log and rather log it right before the postinst. The reason not do
1078 // this in the |PostinstallRunnerAction| is to prevent dependency from
1079 // libpayload_consumer to libupdate_engine.
1080 LogImageProperties();
1081 }
1082 }
1083
BytesReceived(uint64_t bytes_progressed,uint64_t bytes_received,uint64_t total)1084 void UpdateAttempter::BytesReceived(uint64_t bytes_progressed,
1085 uint64_t bytes_received,
1086 uint64_t total) {
1087 // The PayloadState keeps track of how many bytes were actually downloaded
1088 // from a given URL for the URL skipping logic.
1089 system_state_->payload_state()->DownloadProgress(bytes_progressed);
1090
1091 double progress = 0;
1092 if (total)
1093 progress = static_cast<double>(bytes_received) / static_cast<double>(total);
1094 if (status_ != UpdateStatus::DOWNLOADING || bytes_received == total) {
1095 download_progress_ = progress;
1096 SetStatusAndNotify(UpdateStatus::DOWNLOADING);
1097 } else {
1098 ProgressUpdate(progress);
1099 }
1100 }
1101
DownloadComplete()1102 void UpdateAttempter::DownloadComplete() {
1103 system_state_->payload_state()->DownloadComplete();
1104 }
1105
ProgressUpdate(double progress)1106 void UpdateAttempter::ProgressUpdate(double progress) {
1107 // Self throttle based on progress. Also send notifications if progress is
1108 // too slow.
1109 if (progress == 1.0 ||
1110 progress - download_progress_ >= kBroadcastThresholdProgress ||
1111 TimeTicks::Now() - last_notify_time_ >=
1112 TimeDelta::FromSeconds(kBroadcastThresholdSeconds)) {
1113 download_progress_ = progress;
1114 BroadcastStatus();
1115 }
1116 }
1117
ResetStatus()1118 bool UpdateAttempter::ResetStatus() {
1119 LOG(INFO) << "Attempting to reset state from "
1120 << UpdateStatusToString(status_) << " to UpdateStatus::IDLE";
1121
1122 switch (status_) {
1123 case UpdateStatus::IDLE:
1124 // no-op.
1125 return true;
1126
1127 case UpdateStatus::UPDATED_NEED_REBOOT: {
1128 bool ret_value = true;
1129 status_ = UpdateStatus::IDLE;
1130
1131 // Remove the reboot marker so that if the machine is rebooted
1132 // after resetting to idle state, it doesn't go back to
1133 // UpdateStatus::UPDATED_NEED_REBOOT state.
1134 ret_value = prefs_->Delete(kPrefsUpdateCompletedOnBootId) && ret_value;
1135 ret_value = prefs_->Delete(kPrefsUpdateCompletedBootTime) && ret_value;
1136
1137 // Update the boot flags so the current slot has higher priority.
1138 BootControlInterface* boot_control = system_state_->boot_control();
1139 if (!boot_control->SetActiveBootSlot(boot_control->GetCurrentSlot()))
1140 ret_value = false;
1141
1142 // Mark the current slot as successful again, since marking it as active
1143 // may reset the successful bit. We ignore the result of whether marking
1144 // the current slot as successful worked.
1145 if (!boot_control->MarkBootSuccessfulAsync(Bind([](bool successful){})))
1146 ret_value = false;
1147
1148 // Notify the PayloadState that the successful payload was canceled.
1149 system_state_->payload_state()->ResetUpdateStatus();
1150
1151 // The previous version is used to report back to omaha after reboot that
1152 // we actually rebooted into the new version from this "prev-version". We
1153 // need to clear out this value now to prevent it being sent on the next
1154 // updatecheck request.
1155 ret_value = prefs_->SetString(kPrefsPreviousVersion, "") && ret_value;
1156
1157 LOG(INFO) << "Reset status " << (ret_value ? "successful" : "failed");
1158 return ret_value;
1159 }
1160
1161 default:
1162 LOG(ERROR) << "Reset not allowed in this state.";
1163 return false;
1164 }
1165 }
1166
GetStatus(UpdateEngineStatus * out_status)1167 bool UpdateAttempter::GetStatus(UpdateEngineStatus* out_status) {
1168 out_status->last_checked_time = last_checked_time_;
1169 out_status->status = status_;
1170 out_status->current_version = omaha_request_params_->app_version();
1171 out_status->current_system_version = omaha_request_params_->system_version();
1172 out_status->progress = download_progress_;
1173 out_status->new_size_bytes = new_payload_size_;
1174 out_status->new_version = new_version_;
1175 out_status->new_system_version = new_system_version_;
1176 return true;
1177 }
1178
UpdateBootFlags()1179 void UpdateAttempter::UpdateBootFlags() {
1180 if (update_boot_flags_running_) {
1181 LOG(INFO) << "Update boot flags running, nothing to do.";
1182 return;
1183 }
1184 if (updated_boot_flags_) {
1185 LOG(INFO) << "Already updated boot flags. Skipping.";
1186 if (start_action_processor_) {
1187 ScheduleProcessingStart();
1188 }
1189 return;
1190 }
1191 // This is purely best effort. Failures should be logged by Subprocess. Run
1192 // the script asynchronously to avoid blocking the event loop regardless of
1193 // the script runtime.
1194 update_boot_flags_running_ = true;
1195 LOG(INFO) << "Marking booted slot as good.";
1196 if (!system_state_->boot_control()->MarkBootSuccessfulAsync(Bind(
1197 &UpdateAttempter::CompleteUpdateBootFlags, base::Unretained(this)))) {
1198 LOG(ERROR) << "Failed to mark current boot as successful.";
1199 CompleteUpdateBootFlags(false);
1200 }
1201 }
1202
CompleteUpdateBootFlags(bool successful)1203 void UpdateAttempter::CompleteUpdateBootFlags(bool successful) {
1204 update_boot_flags_running_ = false;
1205 updated_boot_flags_ = true;
1206 if (start_action_processor_) {
1207 ScheduleProcessingStart();
1208 }
1209 }
1210
BroadcastStatus()1211 void UpdateAttempter::BroadcastStatus() {
1212 UpdateEngineStatus broadcast_status;
1213 // Use common method for generating the current status.
1214 GetStatus(&broadcast_status);
1215
1216 for (const auto& observer : service_observers_) {
1217 observer->SendStatusUpdate(broadcast_status);
1218 }
1219 last_notify_time_ = TimeTicks::Now();
1220 }
1221
GetErrorCodeFlags()1222 uint32_t UpdateAttempter::GetErrorCodeFlags() {
1223 uint32_t flags = 0;
1224
1225 if (!system_state_->hardware()->IsNormalBootMode())
1226 flags |= static_cast<uint32_t>(ErrorCode::kDevModeFlag);
1227
1228 if (response_handler_action_.get() &&
1229 response_handler_action_->install_plan().is_resume)
1230 flags |= static_cast<uint32_t>(ErrorCode::kResumedFlag);
1231
1232 if (!system_state_->hardware()->IsOfficialBuild())
1233 flags |= static_cast<uint32_t>(ErrorCode::kTestImageFlag);
1234
1235 if (omaha_request_params_->update_url() !=
1236 constants::kOmahaDefaultProductionURL) {
1237 flags |= static_cast<uint32_t>(ErrorCode::kTestOmahaUrlFlag);
1238 }
1239
1240 return flags;
1241 }
1242
ShouldCancel(ErrorCode * cancel_reason)1243 bool UpdateAttempter::ShouldCancel(ErrorCode* cancel_reason) {
1244 // Check if the channel we're attempting to update to is the same as the
1245 // target channel currently chosen by the user.
1246 OmahaRequestParams* params = system_state_->request_params();
1247 if (params->download_channel() != params->target_channel()) {
1248 LOG(ERROR) << "Aborting download as target channel: "
1249 << params->target_channel()
1250 << " is different from the download channel: "
1251 << params->download_channel();
1252 *cancel_reason = ErrorCode::kUpdateCanceledByChannelChange;
1253 return true;
1254 }
1255
1256 return false;
1257 }
1258
SetStatusAndNotify(UpdateStatus status)1259 void UpdateAttempter::SetStatusAndNotify(UpdateStatus status) {
1260 status_ = status;
1261 BroadcastStatus();
1262 }
1263
CreatePendingErrorEvent(AbstractAction * action,ErrorCode code)1264 void UpdateAttempter::CreatePendingErrorEvent(AbstractAction* action,
1265 ErrorCode code) {
1266 if (error_event_.get()) {
1267 // This shouldn't really happen.
1268 LOG(WARNING) << "There's already an existing pending error event.";
1269 return;
1270 }
1271
1272 // For now assume that a generic Omaha response action failure means that
1273 // there's no update so don't send an event. Also, double check that the
1274 // failure has not occurred while sending an error event -- in which case
1275 // don't schedule another. This shouldn't really happen but just in case...
1276 if ((action->Type() == OmahaResponseHandlerAction::StaticType() &&
1277 code == ErrorCode::kError) ||
1278 status_ == UpdateStatus::REPORTING_ERROR_EVENT) {
1279 return;
1280 }
1281
1282 // Classify the code to generate the appropriate result so that
1283 // the Borgmon charts show up the results correctly.
1284 // Do this before calling GetErrorCodeForAction which could potentially
1285 // augment the bit representation of code and thus cause no matches for
1286 // the switch cases below.
1287 OmahaEvent::Result event_result;
1288 switch (code) {
1289 case ErrorCode::kOmahaUpdateIgnoredPerPolicy:
1290 case ErrorCode::kOmahaUpdateDeferredPerPolicy:
1291 case ErrorCode::kOmahaUpdateDeferredForBackoff:
1292 event_result = OmahaEvent::kResultUpdateDeferred;
1293 break;
1294 default:
1295 event_result = OmahaEvent::kResultError;
1296 break;
1297 }
1298
1299 code = GetErrorCodeForAction(action, code);
1300 fake_update_success_ = code == ErrorCode::kPostinstallBootedFromFirmwareB;
1301
1302 // Compute the final error code with all the bit flags to be sent to Omaha.
1303 code = static_cast<ErrorCode>(
1304 static_cast<uint32_t>(code) | GetErrorCodeFlags());
1305 error_event_.reset(new OmahaEvent(OmahaEvent::kTypeUpdateComplete,
1306 event_result,
1307 code));
1308 }
1309
ScheduleErrorEventAction()1310 bool UpdateAttempter::ScheduleErrorEventAction() {
1311 if (error_event_.get() == nullptr)
1312 return false;
1313
1314 LOG(ERROR) << "Update failed.";
1315 system_state_->payload_state()->UpdateFailed(error_event_->error_code);
1316
1317 // Send it to Omaha.
1318 LOG(INFO) << "Reporting the error event";
1319 shared_ptr<OmahaRequestAction> error_event_action(
1320 new OmahaRequestAction(system_state_,
1321 error_event_.release(), // Pass ownership.
1322 std::make_unique<LibcurlHttpFetcher>(
1323 GetProxyResolver(), system_state_->hardware()),
1324 false));
1325 actions_.push_back(shared_ptr<AbstractAction>(error_event_action));
1326 processor_->EnqueueAction(error_event_action.get());
1327 SetStatusAndNotify(UpdateStatus::REPORTING_ERROR_EVENT);
1328 processor_->StartProcessing();
1329 return true;
1330 }
1331
ScheduleProcessingStart()1332 void UpdateAttempter::ScheduleProcessingStart() {
1333 LOG(INFO) << "Scheduling an action processor start.";
1334 start_action_processor_ = false;
1335 MessageLoop::current()->PostTask(
1336 FROM_HERE,
1337 Bind([](ActionProcessor* processor) { processor->StartProcessing(); },
1338 base::Unretained(processor_.get())));
1339 }
1340
DisableDeltaUpdateIfNeeded()1341 void UpdateAttempter::DisableDeltaUpdateIfNeeded() {
1342 int64_t delta_failures;
1343 if (omaha_request_params_->delta_okay() &&
1344 prefs_->GetInt64(kPrefsDeltaUpdateFailures, &delta_failures) &&
1345 delta_failures >= kMaxDeltaUpdateFailures) {
1346 LOG(WARNING) << "Too many delta update failures, forcing full update.";
1347 omaha_request_params_->set_delta_okay(false);
1348 }
1349 }
1350
MarkDeltaUpdateFailure()1351 void UpdateAttempter::MarkDeltaUpdateFailure() {
1352 // Don't try to resume a failed delta update.
1353 DeltaPerformer::ResetUpdateProgress(prefs_, false);
1354 int64_t delta_failures;
1355 if (!prefs_->GetInt64(kPrefsDeltaUpdateFailures, &delta_failures) ||
1356 delta_failures < 0) {
1357 delta_failures = 0;
1358 }
1359 prefs_->SetInt64(kPrefsDeltaUpdateFailures, ++delta_failures);
1360 }
1361
PingOmaha()1362 void UpdateAttempter::PingOmaha() {
1363 if (!processor_->IsRunning()) {
1364 shared_ptr<OmahaRequestAction> ping_action(new OmahaRequestAction(
1365 system_state_,
1366 nullptr,
1367 std::make_unique<LibcurlHttpFetcher>(GetProxyResolver(),
1368 system_state_->hardware()),
1369 true));
1370 actions_.push_back(shared_ptr<OmahaRequestAction>(ping_action));
1371 processor_->set_delegate(nullptr);
1372 processor_->EnqueueAction(ping_action.get());
1373 // Call StartProcessing() synchronously here to avoid any race conditions
1374 // caused by multiple outstanding ping Omaha requests. If we call
1375 // StartProcessing() asynchronously, the device can be suspended before we
1376 // get a chance to callback to StartProcessing(). When the device resumes
1377 // (assuming the device sleeps longer than the next update check period),
1378 // StartProcessing() is called back and at the same time, the next update
1379 // check is fired which eventually invokes StartProcessing(). A crash
1380 // can occur because StartProcessing() checks to make sure that the
1381 // processor is idle which it isn't due to the two concurrent ping Omaha
1382 // requests.
1383 processor_->StartProcessing();
1384 } else {
1385 LOG(WARNING) << "Action processor running, Omaha ping suppressed.";
1386 }
1387
1388 // Update the last check time here; it may be re-updated when an Omaha
1389 // response is received, but this will prevent us from repeatedly scheduling
1390 // checks in the case where a response is not received.
1391 UpdateLastCheckedTime();
1392
1393 // Update the status which will schedule the next update check
1394 SetStatusAndNotify(UpdateStatus::UPDATED_NEED_REBOOT);
1395 ScheduleUpdates();
1396 }
1397
1398
DecrementUpdateCheckCount()1399 bool UpdateAttempter::DecrementUpdateCheckCount() {
1400 int64_t update_check_count_value;
1401
1402 if (!prefs_->Exists(kPrefsUpdateCheckCount)) {
1403 // This file does not exist. This means we haven't started our update
1404 // check count down yet, so nothing more to do. This file will be created
1405 // later when we first satisfy the wall-clock-based-wait period.
1406 LOG(INFO) << "No existing update check count. That's normal.";
1407 return true;
1408 }
1409
1410 if (prefs_->GetInt64(kPrefsUpdateCheckCount, &update_check_count_value)) {
1411 // Only if we're able to read a proper integer value, then go ahead
1412 // and decrement and write back the result in the same file, if needed.
1413 LOG(INFO) << "Update check count = " << update_check_count_value;
1414
1415 if (update_check_count_value == 0) {
1416 // It could be 0, if, for some reason, the file didn't get deleted
1417 // when we set our status to waiting for reboot. so we just leave it
1418 // as is so that we can prevent another update_check wait for this client.
1419 LOG(INFO) << "Not decrementing update check count as it's already 0.";
1420 return true;
1421 }
1422
1423 if (update_check_count_value > 0)
1424 update_check_count_value--;
1425 else
1426 update_check_count_value = 0;
1427
1428 // Write out the new value of update_check_count_value.
1429 if (prefs_->SetInt64(kPrefsUpdateCheckCount, update_check_count_value)) {
1430 // We successfully wrote out te new value, so enable the
1431 // update check based wait.
1432 LOG(INFO) << "New update check count = " << update_check_count_value;
1433 return true;
1434 }
1435 }
1436
1437 LOG(INFO) << "Deleting update check count state due to read/write errors.";
1438
1439 // We cannot read/write to the file, so disable the update check based wait
1440 // so that we don't get stuck in this OS version by any chance (which could
1441 // happen if there's some bug that causes to read/write incorrectly).
1442 // Also attempt to delete the file to do our best effort to cleanup.
1443 prefs_->Delete(kPrefsUpdateCheckCount);
1444 return false;
1445 }
1446
1447
UpdateEngineStarted()1448 void UpdateAttempter::UpdateEngineStarted() {
1449 // If we just booted into a new update, keep the previous OS version
1450 // in case we rebooted because of a crash of the old version, so we
1451 // can do a proper crash report with correct information.
1452 // This must be done before calling
1453 // system_state_->payload_state()->UpdateEngineStarted() since it will
1454 // delete SystemUpdated marker file.
1455 if (system_state_->system_rebooted() &&
1456 prefs_->Exists(kPrefsSystemUpdatedMarker)) {
1457 if (!prefs_->GetString(kPrefsPreviousVersion, &prev_version_)) {
1458 // If we fail to get the version string, make sure it stays empty.
1459 prev_version_.clear();
1460 }
1461 }
1462
1463 system_state_->payload_state()->UpdateEngineStarted();
1464 StartP2PAtStartup();
1465 }
1466
StartP2PAtStartup()1467 bool UpdateAttempter::StartP2PAtStartup() {
1468 if (system_state_ == nullptr ||
1469 !system_state_->p2p_manager()->IsP2PEnabled()) {
1470 LOG(INFO) << "Not starting p2p at startup since it's not enabled.";
1471 return false;
1472 }
1473
1474 if (system_state_->p2p_manager()->CountSharedFiles() < 1) {
1475 LOG(INFO) << "Not starting p2p at startup since our application "
1476 << "is not sharing any files.";
1477 return false;
1478 }
1479
1480 return StartP2PAndPerformHousekeeping();
1481 }
1482
StartP2PAndPerformHousekeeping()1483 bool UpdateAttempter::StartP2PAndPerformHousekeeping() {
1484 if (system_state_ == nullptr)
1485 return false;
1486
1487 if (!system_state_->p2p_manager()->IsP2PEnabled()) {
1488 LOG(INFO) << "Not starting p2p since it's not enabled.";
1489 return false;
1490 }
1491
1492 LOG(INFO) << "Ensuring that p2p is running.";
1493 if (!system_state_->p2p_manager()->EnsureP2PRunning()) {
1494 LOG(ERROR) << "Error starting p2p.";
1495 return false;
1496 }
1497
1498 LOG(INFO) << "Performing p2p housekeeping.";
1499 if (!system_state_->p2p_manager()->PerformHousekeeping()) {
1500 LOG(ERROR) << "Error performing housekeeping for p2p.";
1501 return false;
1502 }
1503
1504 LOG(INFO) << "Done performing p2p housekeeping.";
1505 return true;
1506 }
1507
GetBootTimeAtUpdate(Time * out_boot_time)1508 bool UpdateAttempter::GetBootTimeAtUpdate(Time *out_boot_time) {
1509 // In case of an update_engine restart without a reboot, we stored the boot_id
1510 // when the update was completed by setting a pref, so we can check whether
1511 // the last update was on this boot or a previous one.
1512 string boot_id;
1513 TEST_AND_RETURN_FALSE(utils::GetBootId(&boot_id));
1514
1515 string update_completed_on_boot_id;
1516 if (!prefs_->Exists(kPrefsUpdateCompletedOnBootId) ||
1517 !prefs_->GetString(kPrefsUpdateCompletedOnBootId,
1518 &update_completed_on_boot_id) ||
1519 update_completed_on_boot_id != boot_id)
1520 return false;
1521
1522 // Short-circuit avoiding the read in case out_boot_time is nullptr.
1523 if (out_boot_time) {
1524 int64_t boot_time = 0;
1525 // Since the kPrefsUpdateCompletedOnBootId was correctly set, this pref
1526 // should not fail.
1527 TEST_AND_RETURN_FALSE(
1528 prefs_->GetInt64(kPrefsUpdateCompletedBootTime, &boot_time));
1529 *out_boot_time = Time::FromInternalValue(boot_time);
1530 }
1531 return true;
1532 }
1533
IsUpdateRunningOrScheduled()1534 bool UpdateAttempter::IsUpdateRunningOrScheduled() {
1535 return ((status_ != UpdateStatus::IDLE &&
1536 status_ != UpdateStatus::UPDATED_NEED_REBOOT) ||
1537 waiting_for_scheduled_check_);
1538 }
1539
IsAnyUpdateSourceAllowed()1540 bool UpdateAttempter::IsAnyUpdateSourceAllowed() {
1541 // We allow updates from any source if either of these are true:
1542 // * The device is running an unofficial (dev/test) image.
1543 // * The debugd dev features are accessible (i.e. in devmode with no owner).
1544 // This protects users running a base image, while still allowing a specific
1545 // window (gated by the debug dev features) where `cros flash` is usable.
1546 if (!system_state_->hardware()->IsOfficialBuild()) {
1547 LOG(INFO) << "Non-official build; allowing any update source.";
1548 return true;
1549 }
1550
1551 if (system_state_->hardware()->AreDevFeaturesEnabled()) {
1552 LOG(INFO) << "Developer features enabled; allowing custom update sources.";
1553 return true;
1554 }
1555
1556 LOG(INFO)
1557 << "Developer features disabled; disallowing custom update sources.";
1558 return false;
1559 }
1560
1561 } // namespace chromeos_update_engine
1562