987ffc192fdc74cc71452253e43f0c740306e752 |
|
06-Oct-2017 |
Aaron Wood <aaronwood@google.com> |
Allow Policies to defer updates The OmahaResponseHandlerAction consults with the Policy to confirm if the generated InstallPlan can be actioned or not. If not, then the UpdateAttempter reports to Omaha that the update has been deferred and reverts to a status of IDLE. This causes an API-visible transition through REPORTING_ERROR, before ending at IDLE. Bug: 66016687 Test: unit-tests, manual OTA Exempt-From-Owner-Approval: cherry-pick from nyc-iot-dev Change-Id: I5c31a04975586630dd6a9c373022f1b407bef4e8 (cherry picked from commit 8a5f6317a60c6e54917f115bdf190f46653a225a) (cherry picked from commit 68b15c64e731cf5f8d2b93fb9f33da3da5f37a92)
/system/update_engine/update_manager/default_policy.h
|
39910dcd1d68987ccee7c3031dc269233a8490bb |
|
10-Nov-2015 |
Alex Deymo <deymo@google.com> |
Split payload application code into a subdirectory. This patch splits from the main libupdate_engine code the part that is strictly used to download and apply a payload into a new static library, moving the code to subdirectories. The new library is divided in two subdirectories: common/ and payload_consumer/, and should not depend on other update_engine files outside those two subdirectories. The main difference between those two is that the common/ tools are more generic and not tied to the payload consumer process, but otherwise they are both compiled together. There are still dependencies from the new libpayload_consumer library into the main directory files and DBus generated files. Those will be addressed in follow up CLs. Bug: 25197634 Test: FEATURES=test emerge-link update_engine; `mm` on Brillo. Change-Id: Id8d0204ea573627e6e26ca9ea17b9592ca95bc23
/system/update_engine/update_manager/default_policy.h
|
aea4c1cea20dda7ae7e85fc8924a2d784f70d806 |
|
20-Aug-2015 |
Alex Deymo <deymo@google.com> |
Re-license update_engine to Apache2 This patch automatically replaced the license on all text files from Chromium OS (BSD style) to AOSP (Apache2), keeping the original year as a reference. The license header was added to .gyp and .gypi files, the NOTICE was replaced with a copy of the Apache2 license and MODULE_LICENSE_* file was updated. BUG=b/23084294 TEST=grep 'Chromium OS Authors' doesn't find anything. Change-Id: Ie5083750755f5180a8a785b24fe67dbf9195cd10
/system/update_engine/update_manager/default_policy.h
|
610277efc6f7e5239158dfa4bb3b1021804326e0 |
|
12-Nov-2014 |
Alex Deymo <deymo@chromium.org> |
update_engine: Add override when possible. Google Style Guide requires to include the "override" keyword when overriding a method on a derived class, so the compiler will catch errors if the method is not overriding a member of the base class. This patch introduces the "override" keyword when possible. BUG=None TEST=FEATURES=test emerge-link update_engine Change-Id: Ie83d115c5730f3b35b3d95859a54bc1a48e0be7b Reviewed-on: https://chromium-review.googlesource.com/228928 Tested-by: Alex Deymo <deymo@chromium.org> Reviewed-by: Alex Vakulenko <avakulenko@chromium.org> Commit-Queue: Alex Deymo <deymo@chromium.org>
/system/update_engine/update_manager/default_policy.h
|
78ecbfc254c574e52cfe63310a801381a0035c43 |
|
22-Oct-2014 |
Gilad Arnold <garnold@chromium.org> |
update_engine: UM: Separate global P2P usage from payload-specific attributes. This change is needed for two reasons: (a) The decision regarding the global P2P enabled state and those pertaining to whether individual payloads may be downloaded and/or shared via P2P have distinct and not necessarily nested lifespans. (b) Some parts of the update engine are concerned with the former and some with the latter, and so we need separate entry points in the Update Manager to accommodate that. This also introduces two Omaha-derived values, denoting whether P2P downloading and/or sharing should be disabled for the current payload, into the UpdateCanStart policy. BUG=chromium:425233 TEST=Unit tests. Change-Id: I0ba0090bd4c5ceb0c812ea218b070945083abd95 Reviewed-on: https://chromium-review.googlesource.com/225150 Tested-by: Gilad Arnold <garnold@chromium.org> Reviewed-by: Alex Deymo <deymo@chromium.org> Commit-Queue: Gilad Arnold <garnold@chromium.org>
/system/update_engine/update_manager/default_policy.h
|
02f7c1dee242f490143791dbb73fa23fa3007cfa |
|
19-Oct-2014 |
Ben Chan <benchan@chromium.org> |
update_engine: Replace scoped_ptr with std::unique_ptr. BUG=None TEST=`FEATURES=test emerge-$BOARD update_engine` TEST=`USE='clang asan' FEATURES=test emerge-$BOARD update_engine` Change-Id: I55a2f7f53675faaac20ba25f72ed52cf938d7744 Reviewed-on: https://chromium-review.googlesource.com/224189 Tested-by: Ben Chan <benchan@chromium.org> Reviewed-by: Alex Deymo <deymo@chromium.org> Commit-Queue: Ben Chan <benchan@chromium.org>
/system/update_engine/update_manager/default_policy.h
|
d78caf9baf2026a356130f4754af2c504f423945 |
|
24-Sep-2014 |
Gilad Arnold <garnold@chromium.org> |
update_engine: UM: Change policy argument from const ref to value. It turns out that passing an argument by reference to UpdateCanStart via UpdateManager::AsyncPolicyRequest is a pain. Furthermore, given that the policy is async by definition, it makes little sense to hand it a const reference argument. This changes the said argument to be passed by value. BUG=chromium:396148 TEST=Unit tests. Change-Id: I45a8141b389c173347f3a6b7dc03ffe46cb32228 Reviewed-on: https://chromium-review.googlesource.com/219694 Reviewed-by: Alex Vakulenko <avakulenko@chromium.org> Tested-by: Gilad Arnold <garnold@chromium.org> Reviewed-by: Alex Deymo <deymo@chromium.org> Commit-Queue: Gilad Arnold <garnold@chromium.org>
/system/update_engine/update_manager/default_policy.h
|
dc4bb268eb6e6ddcd087d5eccfd88c8e92252920 |
|
23-Jul-2014 |
Gilad Arnold <garnold@chromium.org> |
update_engine: UM: Incorporate backoff logic in UpdateCanStart. This change adds backoff computation logic to UpdateCanStart. For the most part, it is extending a private policy call (UpdateDownloadUrl) to account for previously enacted backoff periods and to compute new ones when an update failure is identified (accordingly, it is now called UpdateBackoffAndDownloadUrl). To conform with the pure nature of policy implementations, yet minimizing the amount of "state" that needs to be managed and persisted by the updater, we now consider download errors in bulks defined by the most recent update failure (namely, the point in time when all URLs where tried and failed). The updater is expected to keep track of the update failure count, setting it to zero when a new update is seen, and incrementing it (and recording the time it was incremented) when told to do so by the policy. We therefore make some adjustments to the policy API and its usage semantics. BUG=chromium:396148 TEST=Unit tests. Change-Id: If8787b8c41055779945f9b41368ec08ac5e6fcca Reviewed-on: https://chromium-review.googlesource.com/210702 Reviewed-by: Alex Vakulenko <avakulenko@chromium.org> Tested-by: Gilad Arnold <garnold@chromium.org> Reviewed-by: Alex Deymo <deymo@chromium.org> Commit-Queue: Gilad Arnold <garnold@chromium.org>
/system/update_engine/update_manager/default_policy.h
|
157fe307f162d13f53e7f98f6e2da7c60c0ff001 |
|
12-Aug-2014 |
Alex Vakulenko <avakulenko@chromium.org> |
platform2: sweep the lint errors identified by the updated linter cpplint.py has been updated and identified new issues in existing code. Stuff like overridden functions that specify 'override' should not be marked as 'virtual', and constructors with no parameters should not be marked as 'explicit'. BUG=None TEST=cpplint.py `find ./platform2 -name *.cc -or -name *.h` Change-Id: Ibb9de43286d874d076ffd5ebb1b13c36ec794f01 Reviewed-on: https://chromium-review.googlesource.com/211950 Reviewed-by: Alex Vakulenko <avakulenko@chromium.org> Commit-Queue: Alex Vakulenko <avakulenko@chromium.org> Tested-by: Alex Vakulenko <avakulenko@chromium.org>
/system/update_engine/update_manager/default_policy.h
|
a23e408368ad34e21ee90ebd0dcb55cd03417d22 |
|
17-Jul-2014 |
Gilad Arnold <garnold@chromium.org> |
update_engine: UM: Make DefaultPolicy::UpdateCheckAllowed stateful. This adds an auxiliary state to DefaultPolicy, and makes UpdateCheckAllowed use it for recording the last time an update check was allowed. This is necessary for enforcing a minimum interval between consecutive update checks, a necessary property in the unlikely case that the main policy is badly screwed: with it, the update engine will repeatedly check for updates, unnecessarily consuming local resources and potentially DDoS-ing Omaha. In order to track time, the DefaultPolicy now takes a ClockInterface argument; for backward compatibility with existing unit testing code, we allow this handle to be null, in which case time is not tracked and the policy resorts to the previous default behavior (namely, updates are always allowed). We do plug a clock when DefaultPolicy is used in the UpdateManager production (backup policy) and fake (main policy) implementations. Note that the state is added as an external object, in order to work around the constness of policy objects that's implied by the policy API (const methods). Finally, it should be noted that we use monotonic time in order to ensure that the DefaultPolicy does not become an attack surface for denying updates, or exhausting local resources and/or DoS-ing services. BUG=chromium:394778 TEST=Unit tests. Change-Id: I08628ea9b0067fa7abf6e457c55d4ffea276c463 Reviewed-on: https://chromium-review.googlesource.com/208732 Reviewed-by: Gilad Arnold <garnold@chromium.org> Tested-by: Gilad Arnold <garnold@chromium.org> Commit-Queue: Gilad Arnold <garnold@chromium.org>
/system/update_engine/update_manager/default_policy.h
|
42f253b5318dbe6d0ecf48f7f9a639363fa253e2 |
|
25-Jun-2014 |
Gilad Arnold <garnold@chromium.org> |
UpdateManager: Move logic from UpdateCanStart to UpdateCheckAllowed. The following should be part of the policy that is consulted before performing an update check: 1) Whether updates are disabled by device policy. 2) Whether a specific target channel is dictated by the device policy. This CL moves it from UpdateCanStart into UpdateCheckAllowed. Another change is renaming the output construct of UpdateCanStart into 'UpdateDownloadParams'; this is in line with the naming of the output struct of UpdateCheckAllowed, and reflects the fact that it contains information regarding the download of an update, to be used by the caller. BUG=chromium:388386 TEST=Unit tests. Change-Id: I0631a4464800db77807d7da9a2a2c256b519c5c3 Reviewed-on: https://chromium-review.googlesource.com/205728 Reviewed-by: Gilad Arnold <garnold@chromium.org> Commit-Queue: Gilad Arnold <garnold@chromium.org> Tested-by: Gilad Arnold <garnold@chromium.org>
/system/update_engine/update_manager/default_policy.h
|
684219dc29acb0111d09aaf2d466cf837b043d9e |
|
07-Jul-2014 |
Gilad Arnold <garnold@chromium.org> |
UpdateManager: rename UpdateCurrentConnectionAllowed into UpdateDownloadAllowed. The signifies the *functional* nature of this policy request, instead of dwelling on the low-level information it is evaluating. BUG=chromium:389677 TEST=Unit tests. Change-Id: I684ea13d4e89554b6a4d596666c18e2dbd609991 Reviewed-on: https://chromium-review.googlesource.com/206903 Tested-by: Gilad Arnold <garnold@chromium.org> Reviewed-by: Alex Vakulenko <avakulenko@chromium.org> Commit-Queue: Gilad Arnold <garnold@chromium.org>
/system/update_engine/update_manager/default_policy.h
|
48415f1f6c6c356bfa9ac85b76d8ebcf053f7157 |
|
27-Jun-2014 |
Gilad Arnold <garnold@chromium.org> |
UpdateManager: Adjustments for cpplint. - Rename header file guards. - Added missing #includes. Note that the linter still barks about C++11-style curly-braced member initialization; there are abundant uses of this and we should probably upstream a change to accommodate that. BUG=None TEST=Builds. Change-Id: Icccc88e6e56e56f644536147cd88ae92462a1495 Reviewed-on: https://chromium-review.googlesource.com/205894 Tested-by: Gilad Arnold <garnold@chromium.org> Reviewed-by: Alex Deymo <deymo@chromium.org> Commit-Queue: Gilad Arnold <garnold@chromium.org>
/system/update_engine/update_manager/default_policy.h
|
b3b05446d3ef9620c90084e11cd1ae4eca20f4a2 |
|
30-May-2014 |
Gilad Arnold <garnold@chromium.org> |
UM: Policy for deciding download URL. This adds a new private policy (UpdateDownloadUrl) for determining which download URL should be used for obtaining the update payload. We further extend an existing public policy (UpdateCanStart) to return the download URL details, based on the current URL index and the number of failures associated with it. This renders the explicit notion of "HTTP download allowed" in the return value unnecessary: If HTTP is not allowed, then HTTP URLs will not be considered. We also implement logic for logging the start/end of a policy evaluation, so that intermediate log messages emitted during evaluation have a clear context. BUG=chromium:358329 TEST=Unit tests. Change-Id: Ib5343417480d8825082f83bed2630a6611360b61 Reviewed-on: https://chromium-review.googlesource.com/203373 Tested-by: Gilad Arnold <garnold@chromium.org> Reviewed-by: Alex Deymo <deymo@chromium.org> Commit-Queue: Gilad Arnold <garnold@chromium.org>
/system/update_engine/update_manager/default_policy.h
|
63784a578dd26880454d70797519358a2326291b |
|
28-May-2014 |
Alex Deymo <deymo@chromium.org> |
Rename the PolicyManager to UpdateManager. This change renames the PolicyManager class, directory, tests, etc, to avoid confusion with libpolicy and its classes. BUG=chromium:373551 TEST=emerged on link. CQ-DEPEND=CL:I43081673c7ba409f02273197da7915537bde39c6 Change-Id: Iffa76caa3b95ecbbdba87ab01006d1d8ce35a27f Reviewed-on: https://chromium-review.googlesource.com/201876 Tested-by: Alex Deymo <deymo@chromium.org> Reviewed-by: David Zeuthen <zeuthen@chromium.org> Commit-Queue: Alex Deymo <deymo@chromium.org>
/system/update_engine/update_manager/default_policy.h
|