1//
2// Copyright (C) 2012 The Android Open Source Project
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8//      http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15//
16
17#ifndef UPDATE_ENGINE_UPDATE_ATTEMPTER_H_
18#define UPDATE_ENGINE_UPDATE_ATTEMPTER_H_
19
20#include <time.h>
21
22#include <memory>
23#include <set>
24#include <string>
25#include <utility>
26#include <vector>
27
28#include <base/bind.h>
29#include <base/time/time.h>
30#include <gtest/gtest_prod.h>  // for FRIEND_TEST
31
32#include "debugd/dbus-proxies.h"
33#include "update_engine/chrome_browser_proxy_resolver.h"
34#include "update_engine/client_library/include/update_engine/update_status.h"
35#include "update_engine/common/action_processor.h"
36#include "update_engine/common/certificate_checker.h"
37#include "update_engine/common/cpu_limiter.h"
38#include "update_engine/libcros_proxy.h"
39#include "update_engine/omaha_request_params.h"
40#include "update_engine/omaha_response_handler_action.h"
41#include "update_engine/payload_consumer/download_action.h"
42#include "update_engine/payload_consumer/postinstall_runner_action.h"
43#include "update_engine/proxy_resolver.h"
44#include "update_engine/service_observer_interface.h"
45#include "update_engine/system_state.h"
46#include "update_engine/update_manager/policy.h"
47#include "update_engine/update_manager/update_manager.h"
48#include "update_engine/weave_service_interface.h"
49
50class MetricsLibraryInterface;
51
52namespace policy {
53class PolicyProvider;
54}
55
56namespace chromeos_update_engine {
57
58class UpdateEngineAdaptor;
59
60class UpdateAttempter : public ActionProcessorDelegate,
61                        public DownloadActionDelegate,
62                        public CertificateChecker::Observer,
63                        public WeaveServiceInterface::DelegateInterface,
64                        public PostinstallRunnerAction::DelegateInterface {
65 public:
66  using UpdateStatus = update_engine::UpdateStatus;
67  static const int kMaxDeltaUpdateFailures;
68
69  UpdateAttempter(SystemState* system_state,
70                  CertificateChecker* cert_checker,
71                  LibCrosProxy* libcros_proxy,
72                  org::chromium::debugdProxyInterface* debugd_proxy);
73  ~UpdateAttempter() override;
74
75  // Further initialization to be done post construction.
76  void Init();
77
78  // Initiates scheduling of update checks.
79  virtual void ScheduleUpdates();
80
81  // Checks for update and, if a newer version is available, attempts to update
82  // the system. Non-empty |in_app_version| or |in_update_url| prevents
83  // automatic detection of the parameter.  |target_channel| denotes a
84  // policy-mandated channel we are updating to, if not empty. If |obey_proxies|
85  // is true, the update will likely respect Chrome's proxy setting. For
86  // security reasons, we may still not honor them. |interactive| should be true
87  // if this was called from the user (ie dbus).
88  virtual void Update(const std::string& app_version,
89                      const std::string& omaha_url,
90                      const std::string& target_channel,
91                      const std::string& target_version_prefix,
92                      bool obey_proxies,
93                      bool interactive);
94
95  // ActionProcessorDelegate methods:
96  void ProcessingDone(const ActionProcessor* processor,
97                      ErrorCode code) override;
98  void ProcessingStopped(const ActionProcessor* processor) override;
99  void ActionCompleted(ActionProcessor* processor,
100                       AbstractAction* action,
101                       ErrorCode code) override;
102
103  // WeaveServiceInterface::DelegateInterface overrides.
104  bool OnCheckForUpdates(brillo::ErrorPtr* error) override;
105  bool OnTrackChannel(const std::string& channel,
106                      brillo::ErrorPtr* error) override;
107  bool GetWeaveState(int64_t* last_checked_time,
108                     double* progress,
109                     UpdateStatus* update_status,
110                     std::string* current_channel,
111                     std::string* tracking_channel) override;
112
113  // PostinstallRunnerAction::DelegateInterface
114  void ProgressUpdate(double progress) override;
115
116  // Resets the current state to UPDATE_STATUS_IDLE.
117  // Used by update_engine_client for restarting a new update without
118  // having to reboot once the previous update has reached
119  // UPDATE_STATUS_UPDATED_NEED_REBOOT state. This is used only
120  // for testing purposes.
121  virtual bool ResetStatus();
122
123  // Returns the current status in the out params. Returns true on success.
124  virtual bool GetStatus(int64_t* last_checked_time,
125                         double* progress,
126                         std::string* current_operation,
127                         std::string* new_version,
128                         int64_t* new_size);
129
130  // Runs chromeos-setgoodkernel, whose responsibility it is to mark the
131  // currently booted partition has high priority/permanent/etc. The execution
132  // is asynchronous. On completion, the action processor may be started
133  // depending on the |start_action_processor_| field. Note that every update
134  // attempt goes through this method.
135  void UpdateBootFlags();
136
137  // Called when the boot flags have been updated.
138  void CompleteUpdateBootFlags(bool success);
139
140  UpdateStatus status() const { return status_; }
141
142  int http_response_code() const { return http_response_code_; }
143  void set_http_response_code(int code) { http_response_code_ = code; }
144
145  // This is the internal entry point for going through an
146  // update. If the current status is idle invokes Update.
147  // This is called by the DBus implementation.
148  virtual void CheckForUpdate(const std::string& app_version,
149                              const std::string& omaha_url,
150                              bool is_interactive);
151
152  // This is the internal entry point for going through a rollback. This will
153  // attempt to run the postinstall on the non-active partition and set it as
154  // the partition to boot from. If |powerwash| is True, perform a powerwash
155  // as part of rollback. Returns True on success.
156  bool Rollback(bool powerwash);
157
158  // This is the internal entry point for checking if we can rollback.
159  bool CanRollback() const;
160
161  // This is the internal entry point for getting a rollback partition name,
162  // if one exists. It returns the bootable rollback kernel device partition
163  // name or empty string if none is available.
164  BootControlInterface::Slot GetRollbackSlot() const;
165
166  // Initiates a reboot if the current state is
167  // UPDATED_NEED_REBOOT. Returns true on sucess, false otherwise.
168  bool RebootIfNeeded();
169
170  // DownloadActionDelegate methods:
171  void BytesReceived(uint64_t bytes_progressed,
172                     uint64_t bytes_received,
173                     uint64_t total) override;
174
175  // Returns that the update should be canceled when the download channel was
176  // changed.
177  bool ShouldCancel(ErrorCode* cancel_reason) override;
178
179  void DownloadComplete() override;
180
181  // Broadcasts the current status to all observers.
182  void BroadcastStatus();
183
184  // Broadcasts the current tracking channel to all observers.
185  void BroadcastChannel();
186
187  // Returns the special flags to be added to ErrorCode values based on the
188  // parameters used in the current update attempt.
189  uint32_t GetErrorCodeFlags();
190
191  // Called at update_engine startup to do various house-keeping.
192  void UpdateEngineStarted();
193
194  // Reloads the device policy from libbrillo. Note: This method doesn't
195  // cause a real-time policy fetch from the policy server. It just reloads the
196  // latest value that libbrillo has cached. libbrillo fetches the policies
197  // from the server asynchronously at its own frequency.
198  virtual void RefreshDevicePolicy();
199
200  // Stores in |out_boot_time| the boottime (CLOCK_BOOTTIME) recorded at the
201  // time of the last successful update in the current boot. Returns false if
202  // there wasn't a successful update in the current boot.
203  virtual bool GetBootTimeAtUpdate(base::Time *out_boot_time);
204
205  // Returns a version OS version that was being used before the last reboot,
206  // and if that reboot happended to be into an update (current version).
207  // This will return an empty string otherwise.
208  std::string const& GetPrevVersion() const { return prev_version_; }
209
210  // Returns the number of consecutive failed update checks.
211  virtual unsigned int consecutive_failed_update_checks() const {
212    return consecutive_failed_update_checks_;
213  }
214
215  // Returns the poll interval dictated by Omaha, if provided; zero otherwise.
216  virtual unsigned int server_dictated_poll_interval() const {
217    return server_dictated_poll_interval_;
218  }
219
220  // Sets a callback to be used when either a forced update request is received
221  // (first argument set to true) or cleared by an update attempt (first
222  // argument set to false). The callback further encodes whether the forced
223  // check is an interactive one (second argument set to true). Takes ownership
224  // of the callback object. A null value disables callback on these events.
225  // Note that only one callback can be set, so effectively at most one client
226  // can be notified.
227  virtual void set_forced_update_pending_callback(
228      base::Callback<void(bool, bool)>*  // NOLINT(readability/function)
229      callback) {
230    forced_update_pending_callback_.reset(callback);
231  }
232
233  // Returns true if we should allow updates from any source. In official builds
234  // we want to restrict updates to known safe sources, but under certain
235  // conditions it's useful to allow updating from anywhere (e.g. to allow
236  // 'cros flash' to function properly).
237  virtual bool IsAnyUpdateSourceAllowed();
238
239  // Add and remove a service observer.
240  void AddObserver(ServiceObserverInterface* observer) {
241    service_observers_.insert(observer);
242  }
243  void RemoveObserver(ServiceObserverInterface* observer) {
244    service_observers_.erase(observer);
245  }
246
247  // Remove all the observers.
248  void ClearObservers() { service_observers_.clear(); }
249
250 private:
251  // Update server URL for automated lab test.
252  static const char* const kTestUpdateUrl;
253
254  // Friend declarations for testing purposes.
255  friend class UpdateAttempterUnderTest;
256  friend class UpdateAttempterTest;
257  FRIEND_TEST(UpdateAttempterTest, ActionCompletedDownloadTest);
258  FRIEND_TEST(UpdateAttempterTest, ActionCompletedErrorTest);
259  FRIEND_TEST(UpdateAttempterTest, ActionCompletedOmahaRequestTest);
260  FRIEND_TEST(UpdateAttempterTest, CreatePendingErrorEventTest);
261  FRIEND_TEST(UpdateAttempterTest, CreatePendingErrorEventResumedTest);
262  FRIEND_TEST(UpdateAttempterTest, DisableDeltaUpdateIfNeededTest);
263  FRIEND_TEST(UpdateAttempterTest, MarkDeltaUpdateFailureTest);
264  FRIEND_TEST(UpdateAttempterTest, PingOmahaTest);
265  FRIEND_TEST(UpdateAttempterTest, ScheduleErrorEventActionNoEventTest);
266  FRIEND_TEST(UpdateAttempterTest, ScheduleErrorEventActionTest);
267  FRIEND_TEST(UpdateAttempterTest, UpdateTest);
268  FRIEND_TEST(UpdateAttempterTest, ReportDailyMetrics);
269  FRIEND_TEST(UpdateAttempterTest, BootTimeInUpdateMarkerFile);
270
271  // CertificateChecker::Observer method.
272  // Report metrics about the certificate being checked.
273  void CertificateChecked(ServerToCheck server_to_check,
274                          CertificateCheckResult result) override;
275
276  // Checks if it's more than 24 hours since daily metrics were last
277  // reported and, if so, reports daily metrics. Returns |true| if
278  // metrics were reported, |false| otherwise.
279  bool CheckAndReportDailyMetrics();
280
281  // Calculates and reports the age of the currently running OS. This
282  // is defined as the age of the /etc/lsb-release file.
283  void ReportOSAge();
284
285  // Sets the status to the given status and notifies a status update over dbus.
286  void SetStatusAndNotify(UpdateStatus status);
287
288  // Sets up the download parameters after receiving the update check response.
289  void SetupDownload();
290
291  // Creates an error event object in |error_event_| to be included in an
292  // OmahaRequestAction once the current action processor is done.
293  void CreatePendingErrorEvent(AbstractAction* action, ErrorCode code);
294
295  // If there's a pending error event allocated in |error_event_|, schedules an
296  // OmahaRequestAction with that event in the current processor, clears the
297  // pending event, updates the status and returns true. Returns false
298  // otherwise.
299  bool ScheduleErrorEventAction();
300
301  // Schedules an event loop callback to start the action processor. This is
302  // scheduled asynchronously to unblock the event loop.
303  void ScheduleProcessingStart();
304
305  // Checks if a full update is needed and forces it by updating the Omaha
306  // request params.
307  void DisableDeltaUpdateIfNeeded();
308
309  // If this was a delta update attempt that failed, count it so that a full
310  // update can be tried when needed.
311  void MarkDeltaUpdateFailure();
312
313  ProxyResolver* GetProxyResolver() {
314#if USE_LIBCROS
315    return obeying_proxies_ ?
316        reinterpret_cast<ProxyResolver*>(&chrome_proxy_resolver_) :
317        reinterpret_cast<ProxyResolver*>(&direct_proxy_resolver_);
318#else
319    return &direct_proxy_resolver_;
320#endif  // USE_LIBCROS
321  }
322
323  // Sends a ping to Omaha.
324  // This is used after an update has been applied and we're waiting for the
325  // user to reboot.  This ping helps keep the number of actives count
326  // accurate in case a user takes a long time to reboot the device after an
327  // update has been applied.
328  void PingOmaha();
329
330  // Helper method of Update() to calculate the update-related parameters
331  // from various sources and set the appropriate state. Please refer to
332  // Update() method for the meaning of the parametes.
333  bool CalculateUpdateParams(const std::string& app_version,
334                             const std::string& omaha_url,
335                             const std::string& target_channel,
336                             const std::string& target_version_prefix,
337                             bool obey_proxies,
338                             bool interactive);
339
340  // Calculates all the scattering related parameters (such as waiting period,
341  // which type of scattering is enabled, etc.) and also updates/deletes
342  // the corresponding prefs file used in scattering. Should be called
343  // only after the device policy has been loaded and set in the system_state_.
344  void CalculateScatteringParams(bool is_interactive);
345
346  // Sets a random value for the waiting period to wait for before downloading
347  // an update, if one available. This value will be upperbounded by the
348  // scatter factor value specified from policy.
349  void GenerateNewWaitingPeriod();
350
351  // Helper method of Update() and Rollback() to construct the sequence of
352  // actions to be performed for the postinstall.
353  // |previous_action| is the previous action to get
354  // bonded with the install_plan that gets passed to postinstall.
355  void BuildPostInstallActions(InstallPlanAction* previous_action);
356
357  // Helper method of Update() to construct the sequence of actions to
358  // be performed for an update check. Please refer to
359  // Update() method for the meaning of the parameters.
360  void BuildUpdateActions(bool interactive);
361
362  // Decrements the count in the kUpdateCheckCountFilePath.
363  // Returns True if successfully decremented, false otherwise.
364  bool DecrementUpdateCheckCount();
365
366  // Starts p2p and performs housekeeping. Returns true only if p2p is
367  // running and housekeeping was done.
368  bool StartP2PAndPerformHousekeeping();
369
370  // Calculates whether peer-to-peer should be used. Sets the
371  // |use_p2p_to_download_| and |use_p2p_to_share_| parameters
372  // on the |omaha_request_params_| object.
373  void CalculateP2PParams(bool interactive);
374
375  // Starts P2P if it's enabled and there are files to actually share.
376  // Called only at program startup. Returns true only if p2p was
377  // started and housekeeping was performed.
378  bool StartP2PAtStartup();
379
380  // Writes to the processing completed marker. Does nothing if
381  // |update_completed_marker_| is empty.
382  void WriteUpdateCompletedMarker();
383
384  // Sends a D-Bus message to the Chrome OS power manager asking it to reboot
385  // the system. Returns true on success.
386  bool RequestPowerManagerReboot();
387
388  // Reboots the system directly by calling /sbin/shutdown. Returns true on
389  // success.
390  bool RebootDirectly();
391
392  // Callback for the async UpdateCheckAllowed policy request. If |status| is
393  // |EvalStatus::kSucceeded|, either runs or suppresses periodic update checks,
394  // based on the content of |params|. Otherwise, retries the policy request.
395  void OnUpdateScheduled(
396      chromeos_update_manager::EvalStatus status,
397      const chromeos_update_manager::UpdateCheckParams& params);
398
399  // Updates the time an update was last attempted to the current time.
400  void UpdateLastCheckedTime();
401
402  // Returns whether an update is currently running or scheduled.
403  bool IsUpdateRunningOrScheduled();
404
405  // Last status notification timestamp used for throttling. Use monotonic
406  // TimeTicks to ensure that notifications are sent even if the system clock is
407  // set back in the middle of an update.
408  base::TimeTicks last_notify_time_;
409
410  std::vector<std::shared_ptr<AbstractAction>> actions_;
411  std::unique_ptr<ActionProcessor> processor_;
412
413  // External state of the system outside the update_engine process
414  // carved out separately to mock out easily in unit tests.
415  SystemState* system_state_;
416
417  // Pointer to the certificate checker instance to use.
418  CertificateChecker* cert_checker_;
419
420  // The list of services observing changes in the updater.
421  std::set<ServiceObserverInterface*> service_observers_;
422
423  // Pointer to the OmahaResponseHandlerAction in the actions_ vector.
424  std::shared_ptr<OmahaResponseHandlerAction> response_handler_action_;
425
426  // Pointer to the DownloadAction in the actions_ vector.
427  std::shared_ptr<DownloadAction> download_action_;
428
429  // Pointer to the preferences store interface. This is just a cached
430  // copy of system_state->prefs() because it's used in many methods and
431  // is convenient this way.
432  PrefsInterface* prefs_ = nullptr;
433
434  // Pending error event, if any.
435  std::unique_ptr<OmahaEvent> error_event_;
436
437  // If we should request a reboot even tho we failed the update
438  bool fake_update_success_ = false;
439
440  // HTTP server response code from the last HTTP request action.
441  int http_response_code_ = 0;
442
443  // CPU limiter during the update.
444  CPULimiter cpu_limiter_;
445
446  // For status:
447  UpdateStatus status_{UpdateStatus::IDLE};
448  double download_progress_ = 0.0;
449  int64_t last_checked_time_ = 0;
450  std::string prev_version_;
451  std::string new_version_ = "0.0.0.0";
452  int64_t new_payload_size_ = 0;
453
454  // Common parameters for all Omaha requests.
455  OmahaRequestParams* omaha_request_params_ = nullptr;
456
457  // Number of consecutive manual update checks we've had where we obeyed
458  // Chrome's proxy settings.
459  int proxy_manual_checks_ = 0;
460
461  // If true, this update cycle we are obeying proxies
462  bool obeying_proxies_ = true;
463
464  // Our two proxy resolvers
465  DirectProxyResolver direct_proxy_resolver_;
466#if USE_LIBCROS
467  ChromeBrowserProxyResolver chrome_proxy_resolver_;
468#endif  // USE_LIBCROS
469
470  // Originally, both of these flags are false. Once UpdateBootFlags is called,
471  // |update_boot_flags_running_| is set to true. As soon as UpdateBootFlags
472  // completes its asynchronous run, |update_boot_flags_running_| is reset to
473  // false and |updated_boot_flags_| is set to true. From that point on there
474  // will be no more changes to these flags.
475  //
476  // True if UpdateBootFlags has completed.
477  bool updated_boot_flags_ = false;
478  // True if UpdateBootFlags is running.
479  bool update_boot_flags_running_ = false;
480
481  // True if the action processor needs to be started by the boot flag updater.
482  bool start_action_processor_ = false;
483
484  // Used for fetching information about the device policy.
485  std::unique_ptr<policy::PolicyProvider> policy_provider_;
486
487  // The current scatter factor as found in the policy setting.
488  base::TimeDelta scatter_factor_;
489
490  // The number of consecutive failed update checks. Needed for calculating the
491  // next update check interval.
492  unsigned int consecutive_failed_update_checks_ = 0;
493
494  // The poll interval (in seconds) that was dictated by Omaha, if any; zero
495  // otherwise. This is needed for calculating the update check interval.
496  unsigned int server_dictated_poll_interval_ = 0;
497
498  // Tracks whether we have scheduled update checks.
499  bool waiting_for_scheduled_check_ = false;
500
501  // A callback to use when a forced update request is either received (true) or
502  // cleared by an update attempt (false). The second argument indicates whether
503  // this is an interactive update, and its value is significant iff the first
504  // argument is true.
505  std::unique_ptr<base::Callback<void(bool, bool)>>
506      forced_update_pending_callback_;
507
508  // The |app_version| and |omaha_url| parameters received during the latest
509  // forced update request. They are retrieved for use once the update is
510  // actually scheduled.
511  std::string forced_app_version_;
512  std::string forced_omaha_url_;
513
514  org::chromium::debugdProxyInterface* debugd_proxy_;
515
516  DISALLOW_COPY_AND_ASSIGN(UpdateAttempter);
517};
518
519}  // namespace chromeos_update_engine
520
521#endif  // UPDATE_ENGINE_UPDATE_ATTEMPTER_H_
522