| 987ffc192fdc74cc71452253e43f0c740306e752 |
|
06-Oct-2017 |
Aaron Wood <aaronwood@google.com> |
Allow Policies to defer updates
The OmahaResponseHandlerAction consults with the Policy to confirm if
the generated InstallPlan can be actioned or not. If not, then the
UpdateAttempter reports to Omaha that the update has been deferred and
reverts to a status of IDLE.
This causes an API-visible transition through REPORTING_ERROR, before
ending at IDLE.
Bug: 66016687
Test: unit-tests, manual OTA
Exempt-From-Owner-Approval: cherry-pick from nyc-iot-dev
Change-Id: I5c31a04975586630dd6a9c373022f1b407bef4e8
(cherry picked from commit 8a5f6317a60c6e54917f115bdf190f46653a225a)
(cherry picked from commit 68b15c64e731cf5f8d2b93fb9f33da3da5f37a92)
/system/update_engine/update_manager/default_policy.h
|
| 39910dcd1d68987ccee7c3031dc269233a8490bb |
|
10-Nov-2015 |
Alex Deymo <deymo@google.com> |
Split payload application code into a subdirectory.
This patch splits from the main libupdate_engine code the part that
is strictly used to download and apply a payload into a new static
library, moving the code to subdirectories. The new library is divided
in two subdirectories: common/ and payload_consumer/, and should not
depend on other update_engine files outside those two subdirectories.
The main difference between those two is that the common/ tools are more
generic and not tied to the payload consumer process, but otherwise they
are both compiled together.
There are still dependencies from the new libpayload_consumer library
into the main directory files and DBus generated files. Those will be
addressed in follow up CLs.
Bug: 25197634
Test: FEATURES=test emerge-link update_engine; `mm` on Brillo.
Change-Id: Id8d0204ea573627e6e26ca9ea17b9592ca95bc23
/system/update_engine/update_manager/default_policy.h
|
| aea4c1cea20dda7ae7e85fc8924a2d784f70d806 |
|
20-Aug-2015 |
Alex Deymo <deymo@google.com> |
Re-license update_engine to Apache2
This patch automatically replaced the license on all text files from
Chromium OS (BSD style) to AOSP (Apache2), keeping the original year as
a reference.
The license header was added to .gyp and .gypi files, the NOTICE was
replaced with a copy of the Apache2 license and MODULE_LICENSE_* file
was updated.
BUG=b/23084294
TEST=grep 'Chromium OS Authors' doesn't find anything.
Change-Id: Ie5083750755f5180a8a785b24fe67dbf9195cd10
/system/update_engine/update_manager/default_policy.h
|
| 610277efc6f7e5239158dfa4bb3b1021804326e0 |
|
12-Nov-2014 |
Alex Deymo <deymo@chromium.org> |
update_engine: Add override when possible.
Google Style Guide requires to include the "override" keyword
when overriding a method on a derived class, so the compiler will
catch errors if the method is not overriding a member of the base
class.
This patch introduces the "override" keyword when possible.
BUG=None
TEST=FEATURES=test emerge-link update_engine
Change-Id: Ie83d115c5730f3b35b3d95859a54bc1a48e0be7b
Reviewed-on: https://chromium-review.googlesource.com/228928
Tested-by: Alex Deymo <deymo@chromium.org>
Reviewed-by: Alex Vakulenko <avakulenko@chromium.org>
Commit-Queue: Alex Deymo <deymo@chromium.org>
/system/update_engine/update_manager/default_policy.h
|
| 78ecbfc254c574e52cfe63310a801381a0035c43 |
|
22-Oct-2014 |
Gilad Arnold <garnold@chromium.org> |
update_engine: UM: Separate global P2P usage from payload-specific attributes.
This change is needed for two reasons: (a) The decision regarding the
global P2P enabled state and those pertaining to whether individual
payloads may be downloaded and/or shared via P2P have distinct and not
necessarily nested lifespans. (b) Some parts of the update engine are
concerned with the former and some with the latter, and so we need
separate entry points in the Update Manager to accommodate that.
This also introduces two Omaha-derived values, denoting whether P2P
downloading and/or sharing should be disabled for the current payload,
into the UpdateCanStart policy.
BUG=chromium:425233
TEST=Unit tests.
Change-Id: I0ba0090bd4c5ceb0c812ea218b070945083abd95
Reviewed-on: https://chromium-review.googlesource.com/225150
Tested-by: Gilad Arnold <garnold@chromium.org>
Reviewed-by: Alex Deymo <deymo@chromium.org>
Commit-Queue: Gilad Arnold <garnold@chromium.org>
/system/update_engine/update_manager/default_policy.h
|
| 02f7c1dee242f490143791dbb73fa23fa3007cfa |
|
19-Oct-2014 |
Ben Chan <benchan@chromium.org> |
update_engine: Replace scoped_ptr with std::unique_ptr.
BUG=None
TEST=`FEATURES=test emerge-$BOARD update_engine`
TEST=`USE='clang asan' FEATURES=test emerge-$BOARD update_engine`
Change-Id: I55a2f7f53675faaac20ba25f72ed52cf938d7744
Reviewed-on: https://chromium-review.googlesource.com/224189
Tested-by: Ben Chan <benchan@chromium.org>
Reviewed-by: Alex Deymo <deymo@chromium.org>
Commit-Queue: Ben Chan <benchan@chromium.org>
/system/update_engine/update_manager/default_policy.h
|
| d78caf9baf2026a356130f4754af2c504f423945 |
|
24-Sep-2014 |
Gilad Arnold <garnold@chromium.org> |
update_engine: UM: Change policy argument from const ref to value.
It turns out that passing an argument by reference to UpdateCanStart via
UpdateManager::AsyncPolicyRequest is a pain. Furthermore, given that the
policy is async by definition, it makes little sense to hand it a const
reference argument. This changes the said argument to be passed by
value.
BUG=chromium:396148
TEST=Unit tests.
Change-Id: I45a8141b389c173347f3a6b7dc03ffe46cb32228
Reviewed-on: https://chromium-review.googlesource.com/219694
Reviewed-by: Alex Vakulenko <avakulenko@chromium.org>
Tested-by: Gilad Arnold <garnold@chromium.org>
Reviewed-by: Alex Deymo <deymo@chromium.org>
Commit-Queue: Gilad Arnold <garnold@chromium.org>
/system/update_engine/update_manager/default_policy.h
|
| dc4bb268eb6e6ddcd087d5eccfd88c8e92252920 |
|
23-Jul-2014 |
Gilad Arnold <garnold@chromium.org> |
update_engine: UM: Incorporate backoff logic in UpdateCanStart.
This change adds backoff computation logic to UpdateCanStart. For the
most part, it is extending a private policy call (UpdateDownloadUrl) to
account for previously enacted backoff periods and to compute new ones
when an update failure is identified (accordingly, it is now called
UpdateBackoffAndDownloadUrl).
To conform with the pure nature of policy implementations, yet
minimizing the amount of "state" that needs to be managed and persisted
by the updater, we now consider download errors in bulks defined by the
most recent update failure (namely, the point in time when all URLs
where tried and failed). The updater is expected to keep track of the
update failure count, setting it to zero when a new update is seen, and
incrementing it (and recording the time it was incremented) when told to
do so by the policy. We therefore make some adjustments to the policy
API and its usage semantics.
BUG=chromium:396148
TEST=Unit tests.
Change-Id: If8787b8c41055779945f9b41368ec08ac5e6fcca
Reviewed-on: https://chromium-review.googlesource.com/210702
Reviewed-by: Alex Vakulenko <avakulenko@chromium.org>
Tested-by: Gilad Arnold <garnold@chromium.org>
Reviewed-by: Alex Deymo <deymo@chromium.org>
Commit-Queue: Gilad Arnold <garnold@chromium.org>
/system/update_engine/update_manager/default_policy.h
|
| 157fe307f162d13f53e7f98f6e2da7c60c0ff001 |
|
12-Aug-2014 |
Alex Vakulenko <avakulenko@chromium.org> |
platform2: sweep the lint errors identified by the updated linter
cpplint.py has been updated and identified new issues in existing
code. Stuff like overridden functions that specify 'override' should
not be marked as 'virtual', and constructors with no parameters
should not be marked as 'explicit'.
BUG=None
TEST=cpplint.py `find ./platform2 -name *.cc -or -name *.h`
Change-Id: Ibb9de43286d874d076ffd5ebb1b13c36ec794f01
Reviewed-on: https://chromium-review.googlesource.com/211950
Reviewed-by: Alex Vakulenko <avakulenko@chromium.org>
Commit-Queue: Alex Vakulenko <avakulenko@chromium.org>
Tested-by: Alex Vakulenko <avakulenko@chromium.org>
/system/update_engine/update_manager/default_policy.h
|
| a23e408368ad34e21ee90ebd0dcb55cd03417d22 |
|
17-Jul-2014 |
Gilad Arnold <garnold@chromium.org> |
update_engine: UM: Make DefaultPolicy::UpdateCheckAllowed stateful.
This adds an auxiliary state to DefaultPolicy, and makes
UpdateCheckAllowed use it for recording the last time an update check
was allowed. This is necessary for enforcing a minimum interval between
consecutive update checks, a necessary property in the unlikely case
that the main policy is badly screwed: with it, the update engine will
repeatedly check for updates, unnecessarily consuming local resources
and potentially DDoS-ing Omaha.
In order to track time, the DefaultPolicy now takes a ClockInterface
argument; for backward compatibility with existing unit testing code, we
allow this handle to be null, in which case time is not tracked and the
policy resorts to the previous default behavior (namely, updates are
always allowed). We do plug a clock when DefaultPolicy is used in the
UpdateManager production (backup policy) and fake (main policy)
implementations.
Note that the state is added as an external object, in order to work
around the constness of policy objects that's implied by the policy API
(const methods).
Finally, it should be noted that we use monotonic time in order to
ensure that the DefaultPolicy does not become an attack surface for
denying updates, or exhausting local resources and/or DoS-ing services.
BUG=chromium:394778
TEST=Unit tests.
Change-Id: I08628ea9b0067fa7abf6e457c55d4ffea276c463
Reviewed-on: https://chromium-review.googlesource.com/208732
Reviewed-by: Gilad Arnold <garnold@chromium.org>
Tested-by: Gilad Arnold <garnold@chromium.org>
Commit-Queue: Gilad Arnold <garnold@chromium.org>
/system/update_engine/update_manager/default_policy.h
|
| 42f253b5318dbe6d0ecf48f7f9a639363fa253e2 |
|
25-Jun-2014 |
Gilad Arnold <garnold@chromium.org> |
UpdateManager: Move logic from UpdateCanStart to UpdateCheckAllowed.
The following should be part of the policy that is consulted before
performing an update check:
1) Whether updates are disabled by device policy.
2) Whether a specific target channel is dictated by the device policy.
This CL moves it from UpdateCanStart into UpdateCheckAllowed.
Another change is renaming the output construct of UpdateCanStart into
'UpdateDownloadParams'; this is in line with the naming of the output
struct of UpdateCheckAllowed, and reflects the fact that it contains
information regarding the download of an update, to be used by the
caller.
BUG=chromium:388386
TEST=Unit tests.
Change-Id: I0631a4464800db77807d7da9a2a2c256b519c5c3
Reviewed-on: https://chromium-review.googlesource.com/205728
Reviewed-by: Gilad Arnold <garnold@chromium.org>
Commit-Queue: Gilad Arnold <garnold@chromium.org>
Tested-by: Gilad Arnold <garnold@chromium.org>
/system/update_engine/update_manager/default_policy.h
|
| 684219dc29acb0111d09aaf2d466cf837b043d9e |
|
07-Jul-2014 |
Gilad Arnold <garnold@chromium.org> |
UpdateManager: rename UpdateCurrentConnectionAllowed into UpdateDownloadAllowed.
The signifies the *functional* nature of this policy request, instead of
dwelling on the low-level information it is evaluating.
BUG=chromium:389677
TEST=Unit tests.
Change-Id: I684ea13d4e89554b6a4d596666c18e2dbd609991
Reviewed-on: https://chromium-review.googlesource.com/206903
Tested-by: Gilad Arnold <garnold@chromium.org>
Reviewed-by: Alex Vakulenko <avakulenko@chromium.org>
Commit-Queue: Gilad Arnold <garnold@chromium.org>
/system/update_engine/update_manager/default_policy.h
|
| 48415f1f6c6c356bfa9ac85b76d8ebcf053f7157 |
|
27-Jun-2014 |
Gilad Arnold <garnold@chromium.org> |
UpdateManager: Adjustments for cpplint.
- Rename header file guards.
- Added missing #includes.
Note that the linter still barks about C++11-style curly-braced member
initialization; there are abundant uses of this and we should probably
upstream a change to accommodate that.
BUG=None
TEST=Builds.
Change-Id: Icccc88e6e56e56f644536147cd88ae92462a1495
Reviewed-on: https://chromium-review.googlesource.com/205894
Tested-by: Gilad Arnold <garnold@chromium.org>
Reviewed-by: Alex Deymo <deymo@chromium.org>
Commit-Queue: Gilad Arnold <garnold@chromium.org>
/system/update_engine/update_manager/default_policy.h
|
| b3b05446d3ef9620c90084e11cd1ae4eca20f4a2 |
|
30-May-2014 |
Gilad Arnold <garnold@chromium.org> |
UM: Policy for deciding download URL.
This adds a new private policy (UpdateDownloadUrl) for determining which
download URL should be used for obtaining the update payload. We further
extend an existing public policy (UpdateCanStart) to return the download
URL details, based on the current URL index and the number of failures
associated with it. This renders the explicit notion of "HTTP download
allowed" in the return value unnecessary: If HTTP is not allowed, then
HTTP URLs will not be considered.
We also implement logic for logging the start/end of a policy
evaluation, so that intermediate log messages emitted during evaluation
have a clear context.
BUG=chromium:358329
TEST=Unit tests.
Change-Id: Ib5343417480d8825082f83bed2630a6611360b61
Reviewed-on: https://chromium-review.googlesource.com/203373
Tested-by: Gilad Arnold <garnold@chromium.org>
Reviewed-by: Alex Deymo <deymo@chromium.org>
Commit-Queue: Gilad Arnold <garnold@chromium.org>
/system/update_engine/update_manager/default_policy.h
|
| 63784a578dd26880454d70797519358a2326291b |
|
28-May-2014 |
Alex Deymo <deymo@chromium.org> |
Rename the PolicyManager to UpdateManager.
This change renames the PolicyManager class, directory, tests, etc,
to avoid confusion with libpolicy and its classes.
BUG=chromium:373551
TEST=emerged on link.
CQ-DEPEND=CL:I43081673c7ba409f02273197da7915537bde39c6
Change-Id: Iffa76caa3b95ecbbdba87ab01006d1d8ce35a27f
Reviewed-on: https://chromium-review.googlesource.com/201876
Tested-by: Alex Deymo <deymo@chromium.org>
Reviewed-by: David Zeuthen <zeuthen@chromium.org>
Commit-Queue: Alex Deymo <deymo@chromium.org>
/system/update_engine/update_manager/default_policy.h
|