update_attempter.cc revision aeeb2e015ef5ef046c744d3c5daa7f353eb71b4e
1// 2// Copyright (C) 2012 The Android Open Source Project 3// 4// Licensed under the Apache License, Version 2.0 (the "License"); 5// you may not use this file except in compliance with the License. 6// You may obtain a copy of the License at 7// 8// http://www.apache.org/licenses/LICENSE-2.0 9// 10// Unless required by applicable law or agreed to in writing, software 11// distributed under the License is distributed on an "AS IS" BASIS, 12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13// See the License for the specific language governing permissions and 14// limitations under the License. 15// 16 17#include "update_engine/update_attempter.h" 18 19#include <stdint.h> 20 21#include <algorithm> 22#include <memory> 23#include <set> 24#include <string> 25#include <utility> 26#include <vector> 27 28#include <base/bind.h> 29#include <base/files/file_util.h> 30#include <base/logging.h> 31#include <base/rand_util.h> 32#include <base/strings/string_util.h> 33#include <base/strings/stringprintf.h> 34#include <brillo/bind_lambda.h> 35#include <brillo/make_unique_ptr.h> 36#include <brillo/message_loops/message_loop.h> 37#include <debugd/dbus-constants.h> 38#include <policy/device_policy.h> 39#include <policy/libpolicy.h> 40#include <update_engine/dbus-constants.h> 41 42#include "update_engine/common/boot_control_interface.h" 43#include "update_engine/common/certificate_checker.h" 44#include "update_engine/common/clock_interface.h" 45#include "update_engine/common/constants.h" 46#include "update_engine/common/hardware_interface.h" 47#include "update_engine/common/libcurl_http_fetcher.h" 48#include "update_engine/common/multi_range_http_fetcher.h" 49#include "update_engine/common/platform_constants.h" 50#include "update_engine/common/prefs_interface.h" 51#include "update_engine/common/subprocess.h" 52#include "update_engine/common/utils.h" 53#include "update_engine/dbus_connection.h" 54#include "update_engine/metrics.h" 55#include "update_engine/omaha_request_action.h" 56#include "update_engine/omaha_request_params.h" 57#include "update_engine/omaha_response_handler_action.h" 58#include "update_engine/p2p_manager.h" 59#include "update_engine/payload_consumer/download_action.h" 60#include "update_engine/payload_consumer/filesystem_verifier_action.h" 61#include "update_engine/payload_consumer/postinstall_runner_action.h" 62#include "update_engine/payload_state_interface.h" 63#include "update_engine/power_manager_interface.h" 64#include "update_engine/system_state.h" 65#include "update_engine/update_manager/policy.h" 66#include "update_engine/update_manager/update_manager.h" 67#include "update_engine/update_status_utils.h" 68 69using base::Bind; 70using base::Callback; 71using base::Time; 72using base::TimeDelta; 73using base::TimeTicks; 74using brillo::MessageLoop; 75using chromeos_update_manager::EvalStatus; 76using chromeos_update_manager::Policy; 77using chromeos_update_manager::UpdateCheckParams; 78using std::set; 79using std::shared_ptr; 80using std::string; 81using std::vector; 82 83namespace chromeos_update_engine { 84 85const int UpdateAttempter::kMaxDeltaUpdateFailures = 3; 86 87namespace { 88const int kMaxConsecutiveObeyProxyRequests = 20; 89 90// Minimum threshold to broadcast an status update in progress and time. 91const double kBroadcastThresholdProgress = 0.01; // 1% 92const int kBroadcastThresholdSeconds = 10; 93 94// By default autest bypasses scattering. If we want to test scattering, 95// use kScheduledAUTestURLRequest. The URL used is same in both cases, but 96// different params are passed to CheckForUpdate(). 97const char kAUTestURLRequest[] = "autest"; 98const char kScheduledAUTestURLRequest[] = "autest-scheduled"; 99} // namespace 100 101// Turns a generic ErrorCode::kError to a generic error code specific 102// to |action| (e.g., ErrorCode::kFilesystemVerifierError). If |code| is 103// not ErrorCode::kError, or the action is not matched, returns |code| 104// unchanged. 105ErrorCode GetErrorCodeForAction(AbstractAction* action, 106 ErrorCode code) { 107 if (code != ErrorCode::kError) 108 return code; 109 110 const string type = action->Type(); 111 if (type == OmahaRequestAction::StaticType()) 112 return ErrorCode::kOmahaRequestError; 113 if (type == OmahaResponseHandlerAction::StaticType()) 114 return ErrorCode::kOmahaResponseHandlerError; 115 if (type == FilesystemVerifierAction::StaticType()) 116 return ErrorCode::kFilesystemVerifierError; 117 if (type == PostinstallRunnerAction::StaticType()) 118 return ErrorCode::kPostinstallRunnerError; 119 120 return code; 121} 122 123UpdateAttempter::UpdateAttempter(SystemState* system_state, 124 CertificateChecker* cert_checker, 125 LibCrosProxy* libcros_proxy) 126 : processor_(new ActionProcessor()), 127 system_state_(system_state), 128#if USE_LIBCROS 129 cert_checker_(cert_checker), 130 chrome_proxy_resolver_(libcros_proxy) { 131#else 132 cert_checker_(cert_checker) { 133#endif // USE_LIBCROS 134} 135 136UpdateAttempter::~UpdateAttempter() { 137 // CertificateChecker might not be initialized in unittests. 138 if (cert_checker_) 139 cert_checker_->SetObserver(nullptr); 140 // Release ourselves as the ActionProcessor's delegate to prevent 141 // re-scheduling the updates due to the processing stopped. 142 processor_->set_delegate(nullptr); 143} 144 145void UpdateAttempter::Init() { 146 // Pulling from the SystemState can only be done after construction, since 147 // this is an aggregate of various objects (such as the UpdateAttempter), 148 // which requires them all to be constructed prior to it being used. 149 prefs_ = system_state_->prefs(); 150 omaha_request_params_ = system_state_->request_params(); 151 152 if (cert_checker_) 153 cert_checker_->SetObserver(this); 154 155 // In case of update_engine restart without a reboot we need to restore the 156 // reboot needed state. 157 if (GetBootTimeAtUpdate(nullptr)) 158 status_ = UpdateStatus::UPDATED_NEED_REBOOT; 159 else 160 status_ = UpdateStatus::IDLE; 161 162#if USE_LIBCROS 163 chrome_proxy_resolver_.Init(); 164#endif // USE_LIBCROS 165 166 // unittest can set this to a mock before calling Init(). 167 if (!debugd_proxy_) 168 debugd_proxy_.reset( 169 new org::chromium::debugdProxy(DBusConnection::Get()->GetDBus())); 170} 171 172void UpdateAttempter::ScheduleUpdates() { 173 if (IsUpdateRunningOrScheduled()) 174 return; 175 176 chromeos_update_manager::UpdateManager* const update_manager = 177 system_state_->update_manager(); 178 CHECK(update_manager); 179 Callback<void(EvalStatus, const UpdateCheckParams&)> callback = Bind( 180 &UpdateAttempter::OnUpdateScheduled, base::Unretained(this)); 181 // We limit the async policy request to a reasonably short time, to avoid a 182 // starvation due to a transient bug. 183 update_manager->AsyncPolicyRequest(callback, &Policy::UpdateCheckAllowed); 184 waiting_for_scheduled_check_ = true; 185} 186 187void UpdateAttempter::CertificateChecked(ServerToCheck server_to_check, 188 CertificateCheckResult result) { 189 metrics::ReportCertificateCheckMetrics(system_state_, 190 server_to_check, 191 result); 192} 193 194bool UpdateAttempter::CheckAndReportDailyMetrics() { 195 int64_t stored_value; 196 Time now = system_state_->clock()->GetWallclockTime(); 197 if (system_state_->prefs()->Exists(kPrefsDailyMetricsLastReportedAt) && 198 system_state_->prefs()->GetInt64(kPrefsDailyMetricsLastReportedAt, 199 &stored_value)) { 200 Time last_reported_at = Time::FromInternalValue(stored_value); 201 TimeDelta time_reported_since = now - last_reported_at; 202 if (time_reported_since.InSeconds() < 0) { 203 LOG(WARNING) << "Last reported daily metrics " 204 << utils::FormatTimeDelta(time_reported_since) << " ago " 205 << "which is negative. Either the system clock is wrong or " 206 << "the kPrefsDailyMetricsLastReportedAt state variable " 207 << "is wrong."; 208 // In this case, report daily metrics to reset. 209 } else { 210 if (time_reported_since.InSeconds() < 24*60*60) { 211 LOG(INFO) << "Last reported daily metrics " 212 << utils::FormatTimeDelta(time_reported_since) << " ago."; 213 return false; 214 } 215 LOG(INFO) << "Last reported daily metrics " 216 << utils::FormatTimeDelta(time_reported_since) << " ago, " 217 << "which is more than 24 hours ago."; 218 } 219 } 220 221 LOG(INFO) << "Reporting daily metrics."; 222 system_state_->prefs()->SetInt64(kPrefsDailyMetricsLastReportedAt, 223 now.ToInternalValue()); 224 225 ReportOSAge(); 226 227 return true; 228} 229 230void UpdateAttempter::ReportOSAge() { 231 struct stat sb; 232 233 if (system_state_ == nullptr) 234 return; 235 236 if (stat("/etc/lsb-release", &sb) != 0) { 237 PLOG(ERROR) << "Error getting file status for /etc/lsb-release " 238 << "(Note: this may happen in some unit tests)"; 239 return; 240 } 241 242 Time lsb_release_timestamp = utils::TimeFromStructTimespec(&sb.st_ctim); 243 Time now = system_state_->clock()->GetWallclockTime(); 244 TimeDelta age = now - lsb_release_timestamp; 245 if (age.InSeconds() < 0) { 246 LOG(ERROR) << "The OS age (" << utils::FormatTimeDelta(age) 247 << ") is negative. Maybe the clock is wrong? " 248 << "(Note: this may happen in some unit tests.)"; 249 return; 250 } 251 252 metrics::ReportDailyMetrics(system_state_, age); 253} 254 255void UpdateAttempter::Update(const string& app_version, 256 const string& omaha_url, 257 const string& target_channel, 258 const string& target_version_prefix, 259 bool obey_proxies, 260 bool interactive) { 261 // This is normally called frequently enough so it's appropriate to use as a 262 // hook for reporting daily metrics. 263 // TODO(garnold) This should be hooked to a separate (reliable and consistent) 264 // timeout event. 265 CheckAndReportDailyMetrics(); 266 267 // Notify of the new update attempt, clearing prior interactive requests. 268 if (forced_update_pending_callback_.get()) 269 forced_update_pending_callback_->Run(false, false); 270 271 fake_update_success_ = false; 272 if (status_ == UpdateStatus::UPDATED_NEED_REBOOT) { 273 // Although we have applied an update, we still want to ping Omaha 274 // to ensure the number of active statistics is accurate. 275 // 276 // Also convey to the UpdateEngine.Check.Result metric that we're 277 // not performing an update check because of this. 278 LOG(INFO) << "Not updating b/c we already updated and we're waiting for " 279 << "reboot, we'll ping Omaha instead"; 280 metrics::ReportUpdateCheckMetrics(system_state_, 281 metrics::CheckResult::kRebootPending, 282 metrics::CheckReaction::kUnset, 283 metrics::DownloadErrorCode::kUnset); 284 PingOmaha(); 285 return; 286 } 287 if (status_ != UpdateStatus::IDLE) { 288 // Update in progress. Do nothing 289 return; 290 } 291 292 if (!CalculateUpdateParams(app_version, 293 omaha_url, 294 target_channel, 295 target_version_prefix, 296 obey_proxies, 297 interactive)) { 298 return; 299 } 300 301 BuildUpdateActions(interactive); 302 303 SetStatusAndNotify(UpdateStatus::CHECKING_FOR_UPDATE); 304 305 // Update the last check time here; it may be re-updated when an Omaha 306 // response is received, but this will prevent us from repeatedly scheduling 307 // checks in the case where a response is not received. 308 UpdateLastCheckedTime(); 309 310 // Just in case we didn't update boot flags yet, make sure they're updated 311 // before any update processing starts. 312 start_action_processor_ = true; 313 UpdateBootFlags(); 314} 315 316void UpdateAttempter::RefreshDevicePolicy() { 317 // Lazy initialize the policy provider, or reload the latest policy data. 318 if (!policy_provider_.get()) 319 policy_provider_.reset(new policy::PolicyProvider()); 320 policy_provider_->Reload(); 321 322 const policy::DevicePolicy* device_policy = nullptr; 323 if (policy_provider_->device_policy_is_loaded()) 324 device_policy = &policy_provider_->GetDevicePolicy(); 325 326 if (device_policy) 327 LOG(INFO) << "Device policies/settings present"; 328 else 329 LOG(INFO) << "No device policies/settings present."; 330 331 system_state_->set_device_policy(device_policy); 332 system_state_->p2p_manager()->SetDevicePolicy(device_policy); 333} 334 335void UpdateAttempter::CalculateP2PParams(bool interactive) { 336 bool use_p2p_for_downloading = false; 337 bool use_p2p_for_sharing = false; 338 339 // Never use p2p for downloading in interactive checks unless the 340 // developer has opted in for it via a marker file. 341 // 342 // (Why would a developer want to opt in? If he's working on the 343 // update_engine or p2p codebases so he can actually test his 344 // code.). 345 346 if (system_state_ != nullptr) { 347 if (!system_state_->p2p_manager()->IsP2PEnabled()) { 348 LOG(INFO) << "p2p is not enabled - disallowing p2p for both" 349 << " downloading and sharing."; 350 } else { 351 // Allow p2p for sharing, even in interactive checks. 352 use_p2p_for_sharing = true; 353 if (!interactive) { 354 LOG(INFO) << "Non-interactive check - allowing p2p for downloading"; 355 use_p2p_for_downloading = true; 356 } else { 357 LOG(INFO) << "Forcibly disabling use of p2p for downloading " 358 << "since this update attempt is interactive."; 359 } 360 } 361 } 362 363 PayloadStateInterface* const payload_state = system_state_->payload_state(); 364 payload_state->SetUsingP2PForDownloading(use_p2p_for_downloading); 365 payload_state->SetUsingP2PForSharing(use_p2p_for_sharing); 366} 367 368bool UpdateAttempter::CalculateUpdateParams(const string& app_version, 369 const string& omaha_url, 370 const string& target_channel, 371 const string& target_version_prefix, 372 bool obey_proxies, 373 bool interactive) { 374 http_response_code_ = 0; 375 PayloadStateInterface* const payload_state = system_state_->payload_state(); 376 377 // Refresh the policy before computing all the update parameters. 378 RefreshDevicePolicy(); 379 380 // Set the target version prefix, if provided. 381 if (!target_version_prefix.empty()) 382 omaha_request_params_->set_target_version_prefix(target_version_prefix); 383 384 CalculateScatteringParams(interactive); 385 386 CalculateP2PParams(interactive); 387 if (payload_state->GetUsingP2PForDownloading() || 388 payload_state->GetUsingP2PForSharing()) { 389 // OK, p2p is to be used - start it and perform housekeeping. 390 if (!StartP2PAndPerformHousekeeping()) { 391 // If this fails, disable p2p for this attempt 392 LOG(INFO) << "Forcibly disabling use of p2p since starting p2p or " 393 << "performing housekeeping failed."; 394 payload_state->SetUsingP2PForDownloading(false); 395 payload_state->SetUsingP2PForSharing(false); 396 } 397 } 398 399 if (!omaha_request_params_->Init(app_version, 400 omaha_url, 401 interactive)) { 402 LOG(ERROR) << "Unable to initialize Omaha request params."; 403 return false; 404 } 405 406 // Set the target channel, if one was provided. 407 if (target_channel.empty()) { 408 LOG(INFO) << "No target channel mandated by policy."; 409 } else { 410 LOG(INFO) << "Setting target channel as mandated: " << target_channel; 411 // Pass in false for powerwash_allowed until we add it to the policy 412 // protobuf. 413 string error_message; 414 if (!omaha_request_params_->SetTargetChannel(target_channel, false, 415 &error_message)) { 416 LOG(ERROR) << "Setting the channel failed: " << error_message; 417 } 418 // Notify observers the target channel change. 419 BroadcastChannel(); 420 421 // Since this is the beginning of a new attempt, update the download 422 // channel. The download channel won't be updated until the next attempt, 423 // even if target channel changes meanwhile, so that how we'll know if we 424 // should cancel the current download attempt if there's such a change in 425 // target channel. 426 omaha_request_params_->UpdateDownloadChannel(); 427 } 428 429 LOG(INFO) << "target_version_prefix = " 430 << omaha_request_params_->target_version_prefix() 431 << ", scatter_factor_in_seconds = " 432 << utils::FormatSecs(scatter_factor_.InSeconds()); 433 434 LOG(INFO) << "Wall Clock Based Wait Enabled = " 435 << omaha_request_params_->wall_clock_based_wait_enabled() 436 << ", Update Check Count Wait Enabled = " 437 << omaha_request_params_->update_check_count_wait_enabled() 438 << ", Waiting Period = " << utils::FormatSecs( 439 omaha_request_params_->waiting_period().InSeconds()); 440 441 LOG(INFO) << "Use p2p For Downloading = " 442 << payload_state->GetUsingP2PForDownloading() 443 << ", Use p2p For Sharing = " 444 << payload_state->GetUsingP2PForSharing(); 445 446 obeying_proxies_ = true; 447 if (obey_proxies || proxy_manual_checks_ == 0) { 448 LOG(INFO) << "forced to obey proxies"; 449 // If forced to obey proxies, every 20th request will not use proxies 450 proxy_manual_checks_++; 451 LOG(INFO) << "proxy manual checks: " << proxy_manual_checks_; 452 if (proxy_manual_checks_ >= kMaxConsecutiveObeyProxyRequests) { 453 proxy_manual_checks_ = 0; 454 obeying_proxies_ = false; 455 } 456 } else if (base::RandInt(0, 4) == 0) { 457 obeying_proxies_ = false; 458 } 459 LOG_IF(INFO, !obeying_proxies_) << "To help ensure updates work, this update " 460 "check we are ignoring the proxy settings and using " 461 "direct connections."; 462 463 DisableDeltaUpdateIfNeeded(); 464 return true; 465} 466 467void UpdateAttempter::CalculateScatteringParams(bool interactive) { 468 // Take a copy of the old scatter value before we update it, as 469 // we need to update the waiting period if this value changes. 470 TimeDelta old_scatter_factor = scatter_factor_; 471 const policy::DevicePolicy* device_policy = system_state_->device_policy(); 472 if (device_policy) { 473 int64_t new_scatter_factor_in_secs = 0; 474 device_policy->GetScatterFactorInSeconds(&new_scatter_factor_in_secs); 475 if (new_scatter_factor_in_secs < 0) // sanitize input, just in case. 476 new_scatter_factor_in_secs = 0; 477 scatter_factor_ = TimeDelta::FromSeconds(new_scatter_factor_in_secs); 478 } 479 480 bool is_scatter_enabled = false; 481 if (scatter_factor_.InSeconds() == 0) { 482 LOG(INFO) << "Scattering disabled since scatter factor is set to 0"; 483 } else if (interactive) { 484 LOG(INFO) << "Scattering disabled as this is an interactive update check"; 485 } else if (system_state_->hardware()->IsOOBEEnabled() && 486 !system_state_->hardware()->IsOOBEComplete(nullptr)) { 487 LOG(INFO) << "Scattering disabled since OOBE is enabled but not complete " 488 "yet"; 489 } else { 490 is_scatter_enabled = true; 491 LOG(INFO) << "Scattering is enabled"; 492 } 493 494 if (is_scatter_enabled) { 495 // This means the scattering policy is turned on. 496 // Now check if we need to update the waiting period. The two cases 497 // in which we'd need to update the waiting period are: 498 // 1. First time in process or a scheduled check after a user-initiated one. 499 // (omaha_request_params_->waiting_period will be zero in this case). 500 // 2. Admin has changed the scattering policy value. 501 // (new scattering value will be different from old one in this case). 502 int64_t wait_period_in_secs = 0; 503 if (omaha_request_params_->waiting_period().InSeconds() == 0) { 504 // First case. Check if we have a suitable value to set for 505 // the waiting period. 506 if (prefs_->GetInt64(kPrefsWallClockWaitPeriod, &wait_period_in_secs) && 507 wait_period_in_secs > 0 && 508 wait_period_in_secs <= scatter_factor_.InSeconds()) { 509 // This means: 510 // 1. There's a persisted value for the waiting period available. 511 // 2. And that persisted value is still valid. 512 // So, in this case, we should reuse the persisted value instead of 513 // generating a new random value to improve the chances of a good 514 // distribution for scattering. 515 omaha_request_params_->set_waiting_period( 516 TimeDelta::FromSeconds(wait_period_in_secs)); 517 LOG(INFO) << "Using persisted wall-clock waiting period: " << 518 utils::FormatSecs( 519 omaha_request_params_->waiting_period().InSeconds()); 520 } else { 521 // This means there's no persisted value for the waiting period 522 // available or its value is invalid given the new scatter_factor value. 523 // So, we should go ahead and regenerate a new value for the 524 // waiting period. 525 LOG(INFO) << "Persisted value not present or not valid (" 526 << utils::FormatSecs(wait_period_in_secs) 527 << ") for wall-clock waiting period."; 528 GenerateNewWaitingPeriod(); 529 } 530 } else if (scatter_factor_ != old_scatter_factor) { 531 // This means there's already a waiting period value, but we detected 532 // a change in the scattering policy value. So, we should regenerate the 533 // waiting period to make sure it's within the bounds of the new scatter 534 // factor value. 535 GenerateNewWaitingPeriod(); 536 } else { 537 // Neither the first time scattering is enabled nor the scattering value 538 // changed. Nothing to do. 539 LOG(INFO) << "Keeping current wall-clock waiting period: " << 540 utils::FormatSecs( 541 omaha_request_params_->waiting_period().InSeconds()); 542 } 543 544 // The invariant at this point is that omaha_request_params_->waiting_period 545 // is non-zero no matter which path we took above. 546 LOG_IF(ERROR, omaha_request_params_->waiting_period().InSeconds() == 0) 547 << "Waiting Period should NOT be zero at this point!!!"; 548 549 // Since scattering is enabled, wall clock based wait will always be 550 // enabled. 551 omaha_request_params_->set_wall_clock_based_wait_enabled(true); 552 553 // If we don't have any issues in accessing the file system to update 554 // the update check count value, we'll turn that on as well. 555 bool decrement_succeeded = DecrementUpdateCheckCount(); 556 omaha_request_params_->set_update_check_count_wait_enabled( 557 decrement_succeeded); 558 } else { 559 // This means the scattering feature is turned off or disabled for 560 // this particular update check. Make sure to disable 561 // all the knobs and artifacts so that we don't invoke any scattering 562 // related code. 563 omaha_request_params_->set_wall_clock_based_wait_enabled(false); 564 omaha_request_params_->set_update_check_count_wait_enabled(false); 565 omaha_request_params_->set_waiting_period(TimeDelta::FromSeconds(0)); 566 prefs_->Delete(kPrefsWallClockWaitPeriod); 567 prefs_->Delete(kPrefsUpdateCheckCount); 568 // Don't delete the UpdateFirstSeenAt file as we don't want manual checks 569 // that result in no-updates (e.g. due to server side throttling) to 570 // cause update starvation by having the client generate a new 571 // UpdateFirstSeenAt for each scheduled check that follows a manual check. 572 } 573} 574 575void UpdateAttempter::GenerateNewWaitingPeriod() { 576 omaha_request_params_->set_waiting_period(TimeDelta::FromSeconds( 577 base::RandInt(1, scatter_factor_.InSeconds()))); 578 579 LOG(INFO) << "Generated new wall-clock waiting period: " << utils::FormatSecs( 580 omaha_request_params_->waiting_period().InSeconds()); 581 582 // Do a best-effort to persist this in all cases. Even if the persistence 583 // fails, we'll still be able to scatter based on our in-memory value. 584 // The persistence only helps in ensuring a good overall distribution 585 // across multiple devices if they tend to reboot too often. 586 system_state_->payload_state()->SetScatteringWaitPeriod( 587 omaha_request_params_->waiting_period()); 588} 589 590void UpdateAttempter::BuildPostInstallActions( 591 InstallPlanAction* previous_action) { 592 shared_ptr<PostinstallRunnerAction> postinstall_runner_action( 593 new PostinstallRunnerAction(system_state_->boot_control(), 594 system_state_->hardware())); 595 postinstall_runner_action->set_delegate(this); 596 actions_.push_back(shared_ptr<AbstractAction>(postinstall_runner_action)); 597 BondActions(previous_action, 598 postinstall_runner_action.get()); 599} 600 601void UpdateAttempter::BuildUpdateActions(bool interactive) { 602 CHECK(!processor_->IsRunning()); 603 processor_->set_delegate(this); 604 605 // Actions: 606 std::unique_ptr<LibcurlHttpFetcher> update_check_fetcher( 607 new LibcurlHttpFetcher(GetProxyResolver(), system_state_->hardware())); 608 update_check_fetcher->set_server_to_check(ServerToCheck::kUpdate); 609 // Try harder to connect to the network, esp when not interactive. 610 // See comment in libcurl_http_fetcher.cc. 611 update_check_fetcher->set_no_network_max_retries(interactive ? 1 : 3); 612 shared_ptr<OmahaRequestAction> update_check_action( 613 new OmahaRequestAction(system_state_, 614 nullptr, 615 std::move(update_check_fetcher), 616 false)); 617 shared_ptr<OmahaResponseHandlerAction> response_handler_action( 618 new OmahaResponseHandlerAction(system_state_)); 619 620 shared_ptr<OmahaRequestAction> download_started_action( 621 new OmahaRequestAction(system_state_, 622 new OmahaEvent( 623 OmahaEvent::kTypeUpdateDownloadStarted), 624 brillo::make_unique_ptr(new LibcurlHttpFetcher( 625 GetProxyResolver(), 626 system_state_->hardware())), 627 false)); 628 629 LibcurlHttpFetcher* download_fetcher = 630 new LibcurlHttpFetcher(GetProxyResolver(), system_state_->hardware()); 631 download_fetcher->set_server_to_check(ServerToCheck::kDownload); 632 shared_ptr<DownloadAction> download_action(new DownloadAction( 633 prefs_, 634 system_state_->boot_control(), 635 system_state_->hardware(), 636 system_state_, 637 new MultiRangeHttpFetcher(download_fetcher))); // passes ownership 638 shared_ptr<OmahaRequestAction> download_finished_action( 639 new OmahaRequestAction( 640 system_state_, 641 new OmahaEvent(OmahaEvent::kTypeUpdateDownloadFinished), 642 brillo::make_unique_ptr( 643 new LibcurlHttpFetcher(GetProxyResolver(), 644 system_state_->hardware())), 645 false)); 646 shared_ptr<FilesystemVerifierAction> filesystem_verifier_action( 647 new FilesystemVerifierAction()); 648 shared_ptr<OmahaRequestAction> update_complete_action( 649 new OmahaRequestAction( 650 system_state_, 651 new OmahaEvent(OmahaEvent::kTypeUpdateComplete), 652 brillo::make_unique_ptr( 653 new LibcurlHttpFetcher(GetProxyResolver(), 654 system_state_->hardware())), 655 false)); 656 657 download_action->set_delegate(this); 658 response_handler_action_ = response_handler_action; 659 download_action_ = download_action; 660 661 actions_.push_back(shared_ptr<AbstractAction>(update_check_action)); 662 actions_.push_back(shared_ptr<AbstractAction>(response_handler_action)); 663 actions_.push_back(shared_ptr<AbstractAction>(download_started_action)); 664 actions_.push_back(shared_ptr<AbstractAction>(download_action)); 665 actions_.push_back(shared_ptr<AbstractAction>(download_finished_action)); 666 actions_.push_back(shared_ptr<AbstractAction>(filesystem_verifier_action)); 667 668 // Bond them together. We have to use the leaf-types when calling 669 // BondActions(). 670 BondActions(update_check_action.get(), 671 response_handler_action.get()); 672 BondActions(response_handler_action.get(), 673 download_action.get()); 674 BondActions(download_action.get(), 675 filesystem_verifier_action.get()); 676 BuildPostInstallActions(filesystem_verifier_action.get()); 677 678 actions_.push_back(shared_ptr<AbstractAction>(update_complete_action)); 679 680 // Enqueue the actions 681 for (const shared_ptr<AbstractAction>& action : actions_) { 682 processor_->EnqueueAction(action.get()); 683 } 684} 685 686bool UpdateAttempter::Rollback(bool powerwash) { 687 if (!CanRollback()) { 688 return false; 689 } 690 691 // Extra check for enterprise-enrolled devices since they don't support 692 // powerwash. 693 if (powerwash) { 694 // Enterprise-enrolled devices have an empty owner in their device policy. 695 string owner; 696 RefreshDevicePolicy(); 697 const policy::DevicePolicy* device_policy = system_state_->device_policy(); 698 if (device_policy && (!device_policy->GetOwner(&owner) || owner.empty())) { 699 LOG(ERROR) << "Enterprise device detected. " 700 << "Cannot perform a powerwash for enterprise devices."; 701 return false; 702 } 703 } 704 705 processor_->set_delegate(this); 706 707 // Initialize the default request params. 708 if (!omaha_request_params_->Init("", "", true)) { 709 LOG(ERROR) << "Unable to initialize Omaha request params."; 710 return false; 711 } 712 713 LOG(INFO) << "Setting rollback options."; 714 InstallPlan install_plan; 715 716 install_plan.target_slot = GetRollbackSlot(); 717 install_plan.source_slot = system_state_->boot_control()->GetCurrentSlot(); 718 719 TEST_AND_RETURN_FALSE( 720 install_plan.LoadPartitionsFromSlots(system_state_->boot_control())); 721 install_plan.powerwash_required = powerwash; 722 723 LOG(INFO) << "Using this install plan:"; 724 install_plan.Dump(); 725 726 shared_ptr<InstallPlanAction> install_plan_action( 727 new InstallPlanAction(install_plan)); 728 actions_.push_back(shared_ptr<AbstractAction>(install_plan_action)); 729 730 BuildPostInstallActions(install_plan_action.get()); 731 732 // Enqueue the actions 733 for (const shared_ptr<AbstractAction>& action : actions_) { 734 processor_->EnqueueAction(action.get()); 735 } 736 737 // Update the payload state for Rollback. 738 system_state_->payload_state()->Rollback(); 739 740 SetStatusAndNotify(UpdateStatus::ATTEMPTING_ROLLBACK); 741 742 // Just in case we didn't update boot flags yet, make sure they're updated 743 // before any update processing starts. This also schedules the start of the 744 // actions we just posted. 745 start_action_processor_ = true; 746 UpdateBootFlags(); 747 return true; 748} 749 750bool UpdateAttempter::CanRollback() const { 751 // We can only rollback if the update_engine isn't busy and we have a valid 752 // rollback partition. 753 return (status_ == UpdateStatus::IDLE && 754 GetRollbackSlot() != BootControlInterface::kInvalidSlot); 755} 756 757BootControlInterface::Slot UpdateAttempter::GetRollbackSlot() const { 758 LOG(INFO) << "UpdateAttempter::GetRollbackSlot"; 759 const unsigned int num_slots = system_state_->boot_control()->GetNumSlots(); 760 const BootControlInterface::Slot current_slot = 761 system_state_->boot_control()->GetCurrentSlot(); 762 763 LOG(INFO) << " Installed slots: " << num_slots; 764 LOG(INFO) << " Booted from slot: " 765 << BootControlInterface::SlotName(current_slot); 766 767 if (current_slot == BootControlInterface::kInvalidSlot || num_slots < 2) { 768 LOG(INFO) << "Device is not updateable."; 769 return BootControlInterface::kInvalidSlot; 770 } 771 772 vector<BootControlInterface::Slot> bootable_slots; 773 for (BootControlInterface::Slot slot = 0; slot < num_slots; slot++) { 774 if (slot != current_slot && 775 system_state_->boot_control()->IsSlotBootable(slot)) { 776 LOG(INFO) << "Found bootable slot " 777 << BootControlInterface::SlotName(slot); 778 return slot; 779 } 780 } 781 LOG(INFO) << "No other bootable slot found."; 782 return BootControlInterface::kInvalidSlot; 783} 784 785void UpdateAttempter::CheckForUpdate(const string& app_version, 786 const string& omaha_url, 787 bool interactive) { 788 LOG(INFO) << "Forced update check requested."; 789 forced_app_version_.clear(); 790 forced_omaha_url_.clear(); 791 792 // Certain conditions must be met to allow setting custom version and update 793 // server URLs. However, kScheduledAUTestURLRequest and kAUTestURLRequest are 794 // always allowed regardless of device state. 795 if (IsAnyUpdateSourceAllowed()) { 796 forced_app_version_ = app_version; 797 forced_omaha_url_ = omaha_url; 798 } 799 if (omaha_url == kScheduledAUTestURLRequest) { 800 forced_omaha_url_ = constants::kOmahaDefaultAUTestURL; 801 // Pretend that it's not user-initiated even though it is, 802 // so as to test scattering logic, etc. which get kicked off 803 // only in scheduled update checks. 804 interactive = false; 805 } else if (omaha_url == kAUTestURLRequest) { 806 forced_omaha_url_ = constants::kOmahaDefaultAUTestURL; 807 } 808 809 if (forced_update_pending_callback_.get()) { 810 // Make sure that a scheduling request is made prior to calling the forced 811 // update pending callback. 812 ScheduleUpdates(); 813 forced_update_pending_callback_->Run(true, interactive); 814 } 815} 816 817bool UpdateAttempter::RebootIfNeeded() { 818 if (status_ != UpdateStatus::UPDATED_NEED_REBOOT) { 819 LOG(INFO) << "Reboot requested, but status is " 820 << UpdateStatusToString(status_) << ", so not rebooting."; 821 return false; 822 } 823 824 if (system_state_->power_manager()->RequestReboot()) 825 return true; 826 827 return RebootDirectly(); 828} 829 830void UpdateAttempter::WriteUpdateCompletedMarker() { 831 string boot_id; 832 if (!utils::GetBootId(&boot_id)) 833 return; 834 prefs_->SetString(kPrefsUpdateCompletedOnBootId, boot_id); 835 836 int64_t value = system_state_->clock()->GetBootTime().ToInternalValue(); 837 prefs_->SetInt64(kPrefsUpdateCompletedBootTime, value); 838} 839 840bool UpdateAttempter::RebootDirectly() { 841 vector<string> command; 842 command.push_back("/sbin/shutdown"); 843 command.push_back("-r"); 844 command.push_back("now"); 845 LOG(INFO) << "Running \"" << base::JoinString(command, " ") << "\""; 846 int rc = 0; 847 Subprocess::SynchronousExec(command, &rc, nullptr); 848 return rc == 0; 849} 850 851void UpdateAttempter::OnUpdateScheduled(EvalStatus status, 852 const UpdateCheckParams& params) { 853 waiting_for_scheduled_check_ = false; 854 855 if (status == EvalStatus::kSucceeded) { 856 if (!params.updates_enabled) { 857 LOG(WARNING) << "Updates permanently disabled."; 858 // Signal disabled status, then switch right back to idle. This is 859 // necessary for ensuring that observers waiting for a signal change will 860 // actually notice one on subsequent calls. Note that we don't need to 861 // re-schedule a check in this case as updates are permanently disabled; 862 // further (forced) checks may still initiate a scheduling call. 863 SetStatusAndNotify(UpdateStatus::DISABLED); 864 SetStatusAndNotify(UpdateStatus::IDLE); 865 return; 866 } 867 868 LOG(INFO) << "Running " 869 << (params.is_interactive ? "interactive" : "periodic") 870 << " update."; 871 872 Update(forced_app_version_, forced_omaha_url_, params.target_channel, 873 params.target_version_prefix, false, params.is_interactive); 874 // Always clear the forced app_version and omaha_url after an update attempt 875 // so the next update uses the defaults. 876 forced_app_version_.clear(); 877 forced_omaha_url_.clear(); 878 } else { 879 LOG(WARNING) 880 << "Update check scheduling failed (possibly timed out); retrying."; 881 ScheduleUpdates(); 882 } 883 884 // This check ensures that future update checks will be or are already 885 // scheduled. The check should never fail. A check failure means that there's 886 // a bug that will most likely prevent further automatic update checks. It 887 // seems better to crash in such cases and restart the update_engine daemon 888 // into, hopefully, a known good state. 889 CHECK(IsUpdateRunningOrScheduled()); 890} 891 892void UpdateAttempter::UpdateLastCheckedTime() { 893 last_checked_time_ = system_state_->clock()->GetWallclockTime().ToTimeT(); 894} 895 896// Delegate methods: 897void UpdateAttempter::ProcessingDone(const ActionProcessor* processor, 898 ErrorCode code) { 899 LOG(INFO) << "Processing Done."; 900 actions_.clear(); 901 902 // Reset cpu shares back to normal. 903 cpu_limiter_.StopLimiter(); 904 905 if (status_ == UpdateStatus::REPORTING_ERROR_EVENT) { 906 LOG(INFO) << "Error event sent."; 907 908 // Inform scheduler of new status; 909 SetStatusAndNotify(UpdateStatus::IDLE); 910 ScheduleUpdates(); 911 912 if (!fake_update_success_) { 913 return; 914 } 915 LOG(INFO) << "Booted from FW B and tried to install new firmware, " 916 "so requesting reboot from user."; 917 } 918 919 if (code == ErrorCode::kSuccess) { 920 WriteUpdateCompletedMarker(); 921 prefs_->SetInt64(kPrefsDeltaUpdateFailures, 0); 922 prefs_->SetString(kPrefsPreviousVersion, 923 omaha_request_params_->app_version()); 924 DeltaPerformer::ResetUpdateProgress(prefs_, false); 925 926 system_state_->payload_state()->UpdateSucceeded(); 927 928 // Since we're done with scattering fully at this point, this is the 929 // safest point delete the state files, as we're sure that the status is 930 // set to reboot (which means no more updates will be applied until reboot) 931 // This deletion is required for correctness as we want the next update 932 // check to re-create a new random number for the update check count. 933 // Similarly, we also delete the wall-clock-wait period that was persisted 934 // so that we start with a new random value for the next update check 935 // after reboot so that the same device is not favored or punished in any 936 // way. 937 prefs_->Delete(kPrefsUpdateCheckCount); 938 system_state_->payload_state()->SetScatteringWaitPeriod(TimeDelta()); 939 prefs_->Delete(kPrefsUpdateFirstSeenAt); 940 941 SetStatusAndNotify(UpdateStatus::UPDATED_NEED_REBOOT); 942 ScheduleUpdates(); 943 LOG(INFO) << "Update successfully applied, waiting to reboot."; 944 945 // This pointer is null during rollback operations, and the stats 946 // don't make much sense then anyway. 947 if (response_handler_action_) { 948 const InstallPlan& install_plan = 949 response_handler_action_->install_plan(); 950 951 // Generate an unique payload identifier. 952 const string target_version_uid = 953 install_plan.payload_hash + ":" + install_plan.metadata_signature; 954 955 // Expect to reboot into the new version to send the proper metric during 956 // next boot. 957 system_state_->payload_state()->ExpectRebootInNewVersion( 958 target_version_uid); 959 } else { 960 // If we just finished a rollback, then we expect to have no Omaha 961 // response. Otherwise, it's an error. 962 if (system_state_->payload_state()->GetRollbackVersion().empty()) { 963 LOG(ERROR) << "Can't send metrics because expected " 964 "response_handler_action_ missing."; 965 } 966 } 967 return; 968 } 969 970 if (ScheduleErrorEventAction()) { 971 return; 972 } 973 LOG(INFO) << "No update."; 974 SetStatusAndNotify(UpdateStatus::IDLE); 975 ScheduleUpdates(); 976} 977 978void UpdateAttempter::ProcessingStopped(const ActionProcessor* processor) { 979 // Reset cpu shares back to normal. 980 cpu_limiter_.StopLimiter(); 981 download_progress_ = 0.0; 982 SetStatusAndNotify(UpdateStatus::IDLE); 983 ScheduleUpdates(); 984 actions_.clear(); 985 error_event_.reset(nullptr); 986} 987 988// Called whenever an action has finished processing, either successfully 989// or otherwise. 990void UpdateAttempter::ActionCompleted(ActionProcessor* processor, 991 AbstractAction* action, 992 ErrorCode code) { 993 // Reset download progress regardless of whether or not the download 994 // action succeeded. Also, get the response code from HTTP request 995 // actions (update download as well as the initial update check 996 // actions). 997 const string type = action->Type(); 998 if (type == DownloadAction::StaticType()) { 999 download_progress_ = 0.0; 1000 DownloadAction* download_action = static_cast<DownloadAction*>(action); 1001 http_response_code_ = download_action->GetHTTPResponseCode(); 1002 } else if (type == OmahaRequestAction::StaticType()) { 1003 OmahaRequestAction* omaha_request_action = 1004 static_cast<OmahaRequestAction*>(action); 1005 // If the request is not an event, then it's the update-check. 1006 if (!omaha_request_action->IsEvent()) { 1007 http_response_code_ = omaha_request_action->GetHTTPResponseCode(); 1008 1009 // Record the number of consecutive failed update checks. 1010 if (http_response_code_ == kHttpResponseInternalServerError || 1011 http_response_code_ == kHttpResponseServiceUnavailable) { 1012 consecutive_failed_update_checks_++; 1013 } else { 1014 consecutive_failed_update_checks_ = 0; 1015 } 1016 1017 // Store the server-dictated poll interval, if any. 1018 server_dictated_poll_interval_ = 1019 std::max(0, omaha_request_action->GetOutputObject().poll_interval); 1020 } 1021 } 1022 if (code != ErrorCode::kSuccess) { 1023 // If the current state is at or past the download phase, count the failure 1024 // in case a switch to full update becomes necessary. Ignore network 1025 // transfer timeouts and failures. 1026 if (status_ >= UpdateStatus::DOWNLOADING && 1027 code != ErrorCode::kDownloadTransferError) { 1028 MarkDeltaUpdateFailure(); 1029 } 1030 // On failure, schedule an error event to be sent to Omaha. 1031 CreatePendingErrorEvent(action, code); 1032 return; 1033 } 1034 // Find out which action completed. 1035 if (type == OmahaResponseHandlerAction::StaticType()) { 1036 // Note that the status will be updated to DOWNLOADING when some bytes get 1037 // actually downloaded from the server and the BytesReceived callback is 1038 // invoked. This avoids notifying the user that a download has started in 1039 // cases when the server and the client are unable to initiate the download. 1040 CHECK(action == response_handler_action_.get()); 1041 const InstallPlan& plan = response_handler_action_->install_plan(); 1042 UpdateLastCheckedTime(); 1043 new_version_ = plan.version; 1044 new_payload_size_ = plan.payload_size; 1045 SetupDownload(); 1046 cpu_limiter_.StartLimiter(); 1047 SetStatusAndNotify(UpdateStatus::UPDATE_AVAILABLE); 1048 } else if (type == DownloadAction::StaticType()) { 1049 SetStatusAndNotify(UpdateStatus::FINALIZING); 1050 } 1051} 1052 1053void UpdateAttempter::BytesReceived(uint64_t bytes_progressed, 1054 uint64_t bytes_received, 1055 uint64_t total) { 1056 // The PayloadState keeps track of how many bytes were actually downloaded 1057 // from a given URL for the URL skipping logic. 1058 system_state_->payload_state()->DownloadProgress(bytes_progressed); 1059 1060 double progress = 0; 1061 if (total) 1062 progress = static_cast<double>(bytes_received) / static_cast<double>(total); 1063 if (status_ != UpdateStatus::DOWNLOADING || bytes_received == total) { 1064 download_progress_ = progress; 1065 SetStatusAndNotify(UpdateStatus::DOWNLOADING); 1066 } else { 1067 ProgressUpdate(progress); 1068 } 1069} 1070 1071void UpdateAttempter::DownloadComplete() { 1072 system_state_->payload_state()->DownloadComplete(); 1073} 1074 1075bool UpdateAttempter::OnCheckForUpdates(brillo::ErrorPtr* error) { 1076 CheckForUpdate( 1077 "" /* app_version */, "" /* omaha_url */, true /* interactive */); 1078 return true; 1079} 1080 1081bool UpdateAttempter::OnTrackChannel(const string& channel, 1082 brillo::ErrorPtr* error) { 1083 LOG(INFO) << "Setting destination channel to: " << channel; 1084 string error_message; 1085 if (!system_state_->request_params()->SetTargetChannel( 1086 channel, false /* powerwash_allowed */, &error_message)) { 1087 brillo::Error::AddTo(error, 1088 FROM_HERE, 1089 brillo::errors::dbus::kDomain, 1090 "set_target_error", 1091 error_message); 1092 return false; 1093 } 1094 // Notify observers the target channel change. 1095 BroadcastChannel(); 1096 return true; 1097} 1098 1099bool UpdateAttempter::GetWeaveState(int64_t* last_checked_time, 1100 double* progress, 1101 UpdateStatus* update_status, 1102 string* current_channel, 1103 string* tracking_channel) { 1104 *last_checked_time = last_checked_time_; 1105 *progress = download_progress_; 1106 *update_status = status_; 1107 OmahaRequestParams* rp = system_state_->request_params(); 1108 *current_channel = rp->current_channel(); 1109 *tracking_channel = rp->target_channel(); 1110 return true; 1111} 1112 1113void UpdateAttempter::ProgressUpdate(double progress) { 1114 // Self throttle based on progress. Also send notifications if progress is 1115 // too slow. 1116 if (progress == 1.0 || 1117 progress - download_progress_ >= kBroadcastThresholdProgress || 1118 TimeTicks::Now() - last_notify_time_ >= 1119 TimeDelta::FromSeconds(kBroadcastThresholdSeconds)) { 1120 download_progress_ = progress; 1121 BroadcastStatus(); 1122 } 1123} 1124 1125bool UpdateAttempter::ResetStatus() { 1126 LOG(INFO) << "Attempting to reset state from " 1127 << UpdateStatusToString(status_) << " to UpdateStatus::IDLE"; 1128 1129 switch (status_) { 1130 case UpdateStatus::IDLE: 1131 // no-op. 1132 return true; 1133 1134 case UpdateStatus::UPDATED_NEED_REBOOT: { 1135 bool ret_value = true; 1136 status_ = UpdateStatus::IDLE; 1137 1138 // Remove the reboot marker so that if the machine is rebooted 1139 // after resetting to idle state, it doesn't go back to 1140 // UpdateStatus::UPDATED_NEED_REBOOT state. 1141 ret_value = prefs_->Delete(kPrefsUpdateCompletedOnBootId) && ret_value; 1142 ret_value = prefs_->Delete(kPrefsUpdateCompletedBootTime) && ret_value; 1143 1144 // Update the boot flags so the current slot has higher priority. 1145 BootControlInterface* boot_control = system_state_->boot_control(); 1146 if (!boot_control->SetActiveBootSlot(boot_control->GetCurrentSlot())) 1147 ret_value = false; 1148 1149 // Notify the PayloadState that the successful payload was canceled. 1150 system_state_->payload_state()->ResetUpdateStatus(); 1151 1152 // The previous version is used to report back to omaha after reboot that 1153 // we actually rebooted into the new version from this "prev-version". We 1154 // need to clear out this value now to prevent it being sent on the next 1155 // updatecheck request. 1156 ret_value = prefs_->SetString(kPrefsPreviousVersion, "") && ret_value; 1157 1158 LOG(INFO) << "Reset status " << (ret_value ? "successful" : "failed"); 1159 return ret_value; 1160 } 1161 1162 default: 1163 LOG(ERROR) << "Reset not allowed in this state."; 1164 return false; 1165 } 1166} 1167 1168bool UpdateAttempter::GetStatus(int64_t* last_checked_time, 1169 double* progress, 1170 string* current_operation, 1171 string* new_version, 1172 int64_t* new_payload_size) { 1173 *last_checked_time = last_checked_time_; 1174 *progress = download_progress_; 1175 *current_operation = UpdateStatusToString(status_); 1176 *new_version = new_version_; 1177 *new_payload_size = new_payload_size_; 1178 return true; 1179} 1180 1181void UpdateAttempter::UpdateBootFlags() { 1182 if (update_boot_flags_running_) { 1183 LOG(INFO) << "Update boot flags running, nothing to do."; 1184 return; 1185 } 1186 if (updated_boot_flags_) { 1187 LOG(INFO) << "Already updated boot flags. Skipping."; 1188 if (start_action_processor_) { 1189 ScheduleProcessingStart(); 1190 } 1191 return; 1192 } 1193 // This is purely best effort. Failures should be logged by Subprocess. Run 1194 // the script asynchronously to avoid blocking the event loop regardless of 1195 // the script runtime. 1196 update_boot_flags_running_ = true; 1197 LOG(INFO) << "Marking booted slot as good."; 1198 if (!system_state_->boot_control()->MarkBootSuccessfulAsync(Bind( 1199 &UpdateAttempter::CompleteUpdateBootFlags, base::Unretained(this)))) { 1200 LOG(ERROR) << "Failed to mark current boot as successful."; 1201 CompleteUpdateBootFlags(false); 1202 } 1203} 1204 1205void UpdateAttempter::CompleteUpdateBootFlags(bool successful) { 1206 update_boot_flags_running_ = false; 1207 updated_boot_flags_ = true; 1208 if (start_action_processor_) { 1209 ScheduleProcessingStart(); 1210 } 1211} 1212 1213void UpdateAttempter::BroadcastStatus() { 1214 for (const auto& observer : service_observers_) { 1215 observer->SendStatusUpdate(last_checked_time_, 1216 download_progress_, 1217 status_, 1218 new_version_, 1219 new_payload_size_); 1220 } 1221 last_notify_time_ = TimeTicks::Now(); 1222} 1223 1224void UpdateAttempter::BroadcastChannel() { 1225 for (const auto& observer : service_observers_) { 1226 observer->SendChannelChangeUpdate( 1227 system_state_->request_params()->target_channel()); 1228 } 1229} 1230 1231uint32_t UpdateAttempter::GetErrorCodeFlags() { 1232 uint32_t flags = 0; 1233 1234 if (!system_state_->hardware()->IsNormalBootMode()) 1235 flags |= static_cast<uint32_t>(ErrorCode::kDevModeFlag); 1236 1237 if (response_handler_action_.get() && 1238 response_handler_action_->install_plan().is_resume) 1239 flags |= static_cast<uint32_t>(ErrorCode::kResumedFlag); 1240 1241 if (!system_state_->hardware()->IsOfficialBuild()) 1242 flags |= static_cast<uint32_t>(ErrorCode::kTestImageFlag); 1243 1244 if (omaha_request_params_->update_url() != 1245 constants::kOmahaDefaultProductionURL) { 1246 flags |= static_cast<uint32_t>(ErrorCode::kTestOmahaUrlFlag); 1247 } 1248 1249 return flags; 1250} 1251 1252bool UpdateAttempter::ShouldCancel(ErrorCode* cancel_reason) { 1253 // Check if the channel we're attempting to update to is the same as the 1254 // target channel currently chosen by the user. 1255 OmahaRequestParams* params = system_state_->request_params(); 1256 if (params->download_channel() != params->target_channel()) { 1257 LOG(ERROR) << "Aborting download as target channel: " 1258 << params->target_channel() 1259 << " is different from the download channel: " 1260 << params->download_channel(); 1261 *cancel_reason = ErrorCode::kUpdateCanceledByChannelChange; 1262 return true; 1263 } 1264 1265 return false; 1266} 1267 1268void UpdateAttempter::SetStatusAndNotify(UpdateStatus status) { 1269 status_ = status; 1270 BroadcastStatus(); 1271} 1272 1273void UpdateAttempter::CreatePendingErrorEvent(AbstractAction* action, 1274 ErrorCode code) { 1275 if (error_event_.get()) { 1276 // This shouldn't really happen. 1277 LOG(WARNING) << "There's already an existing pending error event."; 1278 return; 1279 } 1280 1281 // For now assume that a generic Omaha response action failure means that 1282 // there's no update so don't send an event. Also, double check that the 1283 // failure has not occurred while sending an error event -- in which case 1284 // don't schedule another. This shouldn't really happen but just in case... 1285 if ((action->Type() == OmahaResponseHandlerAction::StaticType() && 1286 code == ErrorCode::kError) || 1287 status_ == UpdateStatus::REPORTING_ERROR_EVENT) { 1288 return; 1289 } 1290 1291 // Classify the code to generate the appropriate result so that 1292 // the Borgmon charts show up the results correctly. 1293 // Do this before calling GetErrorCodeForAction which could potentially 1294 // augment the bit representation of code and thus cause no matches for 1295 // the switch cases below. 1296 OmahaEvent::Result event_result; 1297 switch (code) { 1298 case ErrorCode::kOmahaUpdateIgnoredPerPolicy: 1299 case ErrorCode::kOmahaUpdateDeferredPerPolicy: 1300 case ErrorCode::kOmahaUpdateDeferredForBackoff: 1301 event_result = OmahaEvent::kResultUpdateDeferred; 1302 break; 1303 default: 1304 event_result = OmahaEvent::kResultError; 1305 break; 1306 } 1307 1308 code = GetErrorCodeForAction(action, code); 1309 fake_update_success_ = code == ErrorCode::kPostinstallBootedFromFirmwareB; 1310 1311 // Compute the final error code with all the bit flags to be sent to Omaha. 1312 code = static_cast<ErrorCode>( 1313 static_cast<uint32_t>(code) | GetErrorCodeFlags()); 1314 error_event_.reset(new OmahaEvent(OmahaEvent::kTypeUpdateComplete, 1315 event_result, 1316 code)); 1317} 1318 1319bool UpdateAttempter::ScheduleErrorEventAction() { 1320 if (error_event_.get() == nullptr) 1321 return false; 1322 1323 LOG(ERROR) << "Update failed."; 1324 system_state_->payload_state()->UpdateFailed(error_event_->error_code); 1325 1326 // Send it to Omaha. 1327 LOG(INFO) << "Reporting the error event"; 1328 shared_ptr<OmahaRequestAction> error_event_action( 1329 new OmahaRequestAction(system_state_, 1330 error_event_.release(), // Pass ownership. 1331 brillo::make_unique_ptr(new LibcurlHttpFetcher( 1332 GetProxyResolver(), 1333 system_state_->hardware())), 1334 false)); 1335 actions_.push_back(shared_ptr<AbstractAction>(error_event_action)); 1336 processor_->EnqueueAction(error_event_action.get()); 1337 SetStatusAndNotify(UpdateStatus::REPORTING_ERROR_EVENT); 1338 processor_->StartProcessing(); 1339 return true; 1340} 1341 1342void UpdateAttempter::ScheduleProcessingStart() { 1343 LOG(INFO) << "Scheduling an action processor start."; 1344 start_action_processor_ = false; 1345 MessageLoop::current()->PostTask( 1346 FROM_HERE, 1347 Bind([this] { this->processor_->StartProcessing(); })); 1348} 1349 1350void UpdateAttempter::DisableDeltaUpdateIfNeeded() { 1351 int64_t delta_failures; 1352 if (omaha_request_params_->delta_okay() && 1353 prefs_->GetInt64(kPrefsDeltaUpdateFailures, &delta_failures) && 1354 delta_failures >= kMaxDeltaUpdateFailures) { 1355 LOG(WARNING) << "Too many delta update failures, forcing full update."; 1356 omaha_request_params_->set_delta_okay(false); 1357 } 1358} 1359 1360void UpdateAttempter::MarkDeltaUpdateFailure() { 1361 // Don't try to resume a failed delta update. 1362 DeltaPerformer::ResetUpdateProgress(prefs_, false); 1363 int64_t delta_failures; 1364 if (!prefs_->GetInt64(kPrefsDeltaUpdateFailures, &delta_failures) || 1365 delta_failures < 0) { 1366 delta_failures = 0; 1367 } 1368 prefs_->SetInt64(kPrefsDeltaUpdateFailures, ++delta_failures); 1369} 1370 1371void UpdateAttempter::SetupDownload() { 1372 MultiRangeHttpFetcher* fetcher = 1373 static_cast<MultiRangeHttpFetcher*>(download_action_->http_fetcher()); 1374 fetcher->ClearRanges(); 1375 if (response_handler_action_->install_plan().is_resume) { 1376 // Resuming an update so fetch the update manifest metadata first. 1377 int64_t manifest_metadata_size = 0; 1378 int64_t manifest_signature_size = 0; 1379 prefs_->GetInt64(kPrefsManifestMetadataSize, &manifest_metadata_size); 1380 prefs_->GetInt64(kPrefsManifestSignatureSize, &manifest_signature_size); 1381 fetcher->AddRange(0, manifest_metadata_size + manifest_signature_size); 1382 // If there're remaining unprocessed data blobs, fetch them. Be careful not 1383 // to request data beyond the end of the payload to avoid 416 HTTP response 1384 // error codes. 1385 int64_t next_data_offset = 0; 1386 prefs_->GetInt64(kPrefsUpdateStateNextDataOffset, &next_data_offset); 1387 uint64_t resume_offset = 1388 manifest_metadata_size + manifest_signature_size + next_data_offset; 1389 if (resume_offset < response_handler_action_->install_plan().payload_size) { 1390 fetcher->AddRange(resume_offset); 1391 } 1392 } else { 1393 fetcher->AddRange(0); 1394 } 1395} 1396 1397void UpdateAttempter::PingOmaha() { 1398 if (!processor_->IsRunning()) { 1399 shared_ptr<OmahaRequestAction> ping_action(new OmahaRequestAction( 1400 system_state_, 1401 nullptr, 1402 brillo::make_unique_ptr(new LibcurlHttpFetcher( 1403 GetProxyResolver(), 1404 system_state_->hardware())), 1405 true)); 1406 actions_.push_back(shared_ptr<OmahaRequestAction>(ping_action)); 1407 processor_->set_delegate(nullptr); 1408 processor_->EnqueueAction(ping_action.get()); 1409 // Call StartProcessing() synchronously here to avoid any race conditions 1410 // caused by multiple outstanding ping Omaha requests. If we call 1411 // StartProcessing() asynchronously, the device can be suspended before we 1412 // get a chance to callback to StartProcessing(). When the device resumes 1413 // (assuming the device sleeps longer than the next update check period), 1414 // StartProcessing() is called back and at the same time, the next update 1415 // check is fired which eventually invokes StartProcessing(). A crash 1416 // can occur because StartProcessing() checks to make sure that the 1417 // processor is idle which it isn't due to the two concurrent ping Omaha 1418 // requests. 1419 processor_->StartProcessing(); 1420 } else { 1421 LOG(WARNING) << "Action processor running, Omaha ping suppressed."; 1422 } 1423 1424 // Update the last check time here; it may be re-updated when an Omaha 1425 // response is received, but this will prevent us from repeatedly scheduling 1426 // checks in the case where a response is not received. 1427 UpdateLastCheckedTime(); 1428 1429 // Update the status which will schedule the next update check 1430 SetStatusAndNotify(UpdateStatus::UPDATED_NEED_REBOOT); 1431 ScheduleUpdates(); 1432} 1433 1434 1435bool UpdateAttempter::DecrementUpdateCheckCount() { 1436 int64_t update_check_count_value; 1437 1438 if (!prefs_->Exists(kPrefsUpdateCheckCount)) { 1439 // This file does not exist. This means we haven't started our update 1440 // check count down yet, so nothing more to do. This file will be created 1441 // later when we first satisfy the wall-clock-based-wait period. 1442 LOG(INFO) << "No existing update check count. That's normal."; 1443 return true; 1444 } 1445 1446 if (prefs_->GetInt64(kPrefsUpdateCheckCount, &update_check_count_value)) { 1447 // Only if we're able to read a proper integer value, then go ahead 1448 // and decrement and write back the result in the same file, if needed. 1449 LOG(INFO) << "Update check count = " << update_check_count_value; 1450 1451 if (update_check_count_value == 0) { 1452 // It could be 0, if, for some reason, the file didn't get deleted 1453 // when we set our status to waiting for reboot. so we just leave it 1454 // as is so that we can prevent another update_check wait for this client. 1455 LOG(INFO) << "Not decrementing update check count as it's already 0."; 1456 return true; 1457 } 1458 1459 if (update_check_count_value > 0) 1460 update_check_count_value--; 1461 else 1462 update_check_count_value = 0; 1463 1464 // Write out the new value of update_check_count_value. 1465 if (prefs_->SetInt64(kPrefsUpdateCheckCount, update_check_count_value)) { 1466 // We successfully wrote out te new value, so enable the 1467 // update check based wait. 1468 LOG(INFO) << "New update check count = " << update_check_count_value; 1469 return true; 1470 } 1471 } 1472 1473 LOG(INFO) << "Deleting update check count state due to read/write errors."; 1474 1475 // We cannot read/write to the file, so disable the update check based wait 1476 // so that we don't get stuck in this OS version by any chance (which could 1477 // happen if there's some bug that causes to read/write incorrectly). 1478 // Also attempt to delete the file to do our best effort to cleanup. 1479 prefs_->Delete(kPrefsUpdateCheckCount); 1480 return false; 1481} 1482 1483 1484void UpdateAttempter::UpdateEngineStarted() { 1485 // If we just booted into a new update, keep the previous OS version 1486 // in case we rebooted because of a crash of the old version, so we 1487 // can do a proper crash report with correct information. 1488 // This must be done before calling 1489 // system_state_->payload_state()->UpdateEngineStarted() since it will 1490 // delete SystemUpdated marker file. 1491 if (system_state_->system_rebooted() && 1492 prefs_->Exists(kPrefsSystemUpdatedMarker)) { 1493 if (!prefs_->GetString(kPrefsPreviousVersion, &prev_version_)) { 1494 // If we fail to get the version string, make sure it stays empty. 1495 prev_version_.clear(); 1496 } 1497 } 1498 1499 system_state_->payload_state()->UpdateEngineStarted(); 1500 StartP2PAtStartup(); 1501} 1502 1503bool UpdateAttempter::StartP2PAtStartup() { 1504 if (system_state_ == nullptr || 1505 !system_state_->p2p_manager()->IsP2PEnabled()) { 1506 LOG(INFO) << "Not starting p2p at startup since it's not enabled."; 1507 return false; 1508 } 1509 1510 if (system_state_->p2p_manager()->CountSharedFiles() < 1) { 1511 LOG(INFO) << "Not starting p2p at startup since our application " 1512 << "is not sharing any files."; 1513 return false; 1514 } 1515 1516 return StartP2PAndPerformHousekeeping(); 1517} 1518 1519bool UpdateAttempter::StartP2PAndPerformHousekeeping() { 1520 if (system_state_ == nullptr) 1521 return false; 1522 1523 if (!system_state_->p2p_manager()->IsP2PEnabled()) { 1524 LOG(INFO) << "Not starting p2p since it's not enabled."; 1525 return false; 1526 } 1527 1528 LOG(INFO) << "Ensuring that p2p is running."; 1529 if (!system_state_->p2p_manager()->EnsureP2PRunning()) { 1530 LOG(ERROR) << "Error starting p2p."; 1531 return false; 1532 } 1533 1534 LOG(INFO) << "Performing p2p housekeeping."; 1535 if (!system_state_->p2p_manager()->PerformHousekeeping()) { 1536 LOG(ERROR) << "Error performing housekeeping for p2p."; 1537 return false; 1538 } 1539 1540 LOG(INFO) << "Done performing p2p housekeeping."; 1541 return true; 1542} 1543 1544bool UpdateAttempter::GetBootTimeAtUpdate(Time *out_boot_time) { 1545 // In case of an update_engine restart without a reboot, we stored the boot_id 1546 // when the update was completed by setting a pref, so we can check whether 1547 // the last update was on this boot or a previous one. 1548 string boot_id; 1549 TEST_AND_RETURN_FALSE(utils::GetBootId(&boot_id)); 1550 1551 string update_completed_on_boot_id; 1552 if (!prefs_->Exists(kPrefsUpdateCompletedOnBootId) || 1553 !prefs_->GetString(kPrefsUpdateCompletedOnBootId, 1554 &update_completed_on_boot_id) || 1555 update_completed_on_boot_id != boot_id) 1556 return false; 1557 1558 // Short-circuit avoiding the read in case out_boot_time is nullptr. 1559 if (out_boot_time) { 1560 int64_t boot_time = 0; 1561 // Since the kPrefsUpdateCompletedOnBootId was correctly set, this pref 1562 // should not fail. 1563 TEST_AND_RETURN_FALSE( 1564 prefs_->GetInt64(kPrefsUpdateCompletedBootTime, &boot_time)); 1565 *out_boot_time = Time::FromInternalValue(boot_time); 1566 } 1567 return true; 1568} 1569 1570bool UpdateAttempter::IsUpdateRunningOrScheduled() { 1571 return ((status_ != UpdateStatus::IDLE && 1572 status_ != UpdateStatus::UPDATED_NEED_REBOOT) || 1573 waiting_for_scheduled_check_); 1574} 1575 1576bool UpdateAttempter::IsAnyUpdateSourceAllowed() { 1577 // We allow updates from any source if either of these are true: 1578 // * The device is running an unofficial (dev/test) image. 1579 // * The debugd dev features are accessible (i.e. in devmode with no owner). 1580 // This protects users running a base image, while still allowing a specific 1581 // window (gated by the debug dev features) where `cros flash` is usable. 1582 if (!system_state_->hardware()->IsOfficialBuild()) { 1583 LOG(INFO) << "Non-official build; allowing any update source."; 1584 return true; 1585 } 1586 1587 // Even though the debugd tools are also gated on devmode, checking here can 1588 // save us a D-Bus call so it's worth doing explicitly. 1589 if (system_state_->hardware()->IsNormalBootMode()) { 1590 LOG(INFO) << "Not in devmode; disallowing custom update sources."; 1591 return false; 1592 } 1593 1594 // Official images in devmode are allowed a custom update source iff the 1595 // debugd dev tools are enabled. 1596 if (!debugd_proxy_) 1597 return false; 1598 int32_t dev_features = debugd::DEV_FEATURES_DISABLED; 1599 brillo::ErrorPtr error; 1600 bool success = debugd_proxy_->QueryDevFeatures(&dev_features, &error); 1601 1602 // Some boards may not include debugd so it's expected that this may fail, 1603 // in which case we default to disallowing custom update sources. 1604 if (success && !(dev_features & debugd::DEV_FEATURES_DISABLED)) { 1605 LOG(INFO) << "Debugd dev tools enabled; allowing any update source."; 1606 return true; 1607 } 1608 LOG(INFO) << "Debugd dev tools disabled; disallowing custom update sources."; 1609 return false; 1610} 1611 1612} // namespace chromeos_update_engine 1613