1 // 2 // Copyright (C) 2012 The Android Open Source Project 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 // 16 17 #include "update_engine/update_attempter.h" 18 19 #include <stdint.h> 20 21 #include <algorithm> 22 #include <memory> 23 #include <set> 24 #include <string> 25 #include <utility> 26 #include <vector> 27 28 #include <base/bind.h> 29 #include <base/files/file_util.h> 30 #include <base/logging.h> 31 #include <base/rand_util.h> 32 #include <base/strings/string_util.h> 33 #include <base/strings/stringprintf.h> 34 #include <brillo/data_encoding.h> 35 #include <brillo/errors/error_codes.h> 36 #include <brillo/message_loops/message_loop.h> 37 #include <policy/device_policy.h> 38 #include <policy/libpolicy.h> 39 #include <update_engine/dbus-constants.h> 40 41 #include "update_engine/certificate_checker.h" 42 #include "update_engine/common/boot_control_interface.h" 43 #include "update_engine/common/clock_interface.h" 44 #include "update_engine/common/constants.h" 45 #include "update_engine/common/hardware_interface.h" 46 #include "update_engine/common/platform_constants.h" 47 #include "update_engine/common/prefs_interface.h" 48 #include "update_engine/common/subprocess.h" 49 #include "update_engine/common/utils.h" 50 #include "update_engine/libcurl_http_fetcher.h" 51 #include "update_engine/metrics_reporter_interface.h" 52 #include "update_engine/omaha_request_action.h" 53 #include "update_engine/omaha_request_params.h" 54 #include "update_engine/omaha_response_handler_action.h" 55 #include "update_engine/p2p_manager.h" 56 #include "update_engine/payload_consumer/download_action.h" 57 #include "update_engine/payload_consumer/filesystem_verifier_action.h" 58 #include "update_engine/payload_consumer/postinstall_runner_action.h" 59 #include "update_engine/payload_state_interface.h" 60 #include "update_engine/power_manager_interface.h" 61 #include "update_engine/system_state.h" 62 #include "update_engine/update_manager/policy.h" 63 #include "update_engine/update_manager/update_manager.h" 64 #include "update_engine/update_status_utils.h" 65 66 using base::Bind; 67 using base::Callback; 68 using base::Time; 69 using base::TimeDelta; 70 using base::TimeTicks; 71 using brillo::MessageLoop; 72 using chromeos_update_manager::EvalStatus; 73 using chromeos_update_manager::Policy; 74 using chromeos_update_manager::UpdateCheckParams; 75 using std::set; 76 using std::shared_ptr; 77 using std::string; 78 using std::vector; 79 using update_engine::UpdateAttemptFlags; 80 using update_engine::UpdateEngineStatus; 81 82 namespace chromeos_update_engine { 83 84 const int UpdateAttempter::kMaxDeltaUpdateFailures = 3; 85 86 namespace { 87 const int kMaxConsecutiveObeyProxyRequests = 20; 88 89 // Minimum threshold to broadcast an status update in progress and time. 90 const double kBroadcastThresholdProgress = 0.01; // 1% 91 const int kBroadcastThresholdSeconds = 10; 92 93 // By default autest bypasses scattering. If we want to test scattering, 94 // use kScheduledAUTestURLRequest. The URL used is same in both cases, but 95 // different params are passed to CheckForUpdate(). 96 const char kAUTestURLRequest[] = "autest"; 97 const char kScheduledAUTestURLRequest[] = "autest-scheduled"; 98 } // namespace 99 100 // Turns a generic ErrorCode::kError to a generic error code specific 101 // to |action| (e.g., ErrorCode::kFilesystemVerifierError). If |code| is 102 // not ErrorCode::kError, or the action is not matched, returns |code| 103 // unchanged. 104 ErrorCode GetErrorCodeForAction(AbstractAction* action, 105 ErrorCode code) { 106 if (code != ErrorCode::kError) 107 return code; 108 109 const string type = action->Type(); 110 if (type == OmahaRequestAction::StaticType()) 111 return ErrorCode::kOmahaRequestError; 112 if (type == OmahaResponseHandlerAction::StaticType()) 113 return ErrorCode::kOmahaResponseHandlerError; 114 if (type == FilesystemVerifierAction::StaticType()) 115 return ErrorCode::kFilesystemVerifierError; 116 if (type == PostinstallRunnerAction::StaticType()) 117 return ErrorCode::kPostinstallRunnerError; 118 119 return code; 120 } 121 122 UpdateAttempter::UpdateAttempter(SystemState* system_state, 123 CertificateChecker* cert_checker) 124 : processor_(new ActionProcessor()), 125 system_state_(system_state), 126 cert_checker_(cert_checker) {} 127 128 UpdateAttempter::~UpdateAttempter() { 129 // CertificateChecker might not be initialized in unittests. 130 if (cert_checker_) 131 cert_checker_->SetObserver(nullptr); 132 // Release ourselves as the ActionProcessor's delegate to prevent 133 // re-scheduling the updates due to the processing stopped. 134 processor_->set_delegate(nullptr); 135 } 136 137 void UpdateAttempter::Init() { 138 // Pulling from the SystemState can only be done after construction, since 139 // this is an aggregate of various objects (such as the UpdateAttempter), 140 // which requires them all to be constructed prior to it being used. 141 prefs_ = system_state_->prefs(); 142 omaha_request_params_ = system_state_->request_params(); 143 144 if (cert_checker_) 145 cert_checker_->SetObserver(this); 146 147 // In case of update_engine restart without a reboot we need to restore the 148 // reboot needed state. 149 if (GetBootTimeAtUpdate(nullptr)) 150 status_ = UpdateStatus::UPDATED_NEED_REBOOT; 151 else 152 status_ = UpdateStatus::IDLE; 153 } 154 155 void UpdateAttempter::ScheduleUpdates() { 156 if (IsUpdateRunningOrScheduled()) 157 return; 158 159 chromeos_update_manager::UpdateManager* const update_manager = 160 system_state_->update_manager(); 161 CHECK(update_manager); 162 Callback<void(EvalStatus, const UpdateCheckParams&)> callback = Bind( 163 &UpdateAttempter::OnUpdateScheduled, base::Unretained(this)); 164 // We limit the async policy request to a reasonably short time, to avoid a 165 // starvation due to a transient bug. 166 update_manager->AsyncPolicyRequest(callback, &Policy::UpdateCheckAllowed); 167 waiting_for_scheduled_check_ = true; 168 } 169 170 void UpdateAttempter::CertificateChecked(ServerToCheck server_to_check, 171 CertificateCheckResult result) { 172 system_state_->metrics_reporter()->ReportCertificateCheckMetrics( 173 server_to_check, result); 174 } 175 176 bool UpdateAttempter::CheckAndReportDailyMetrics() { 177 int64_t stored_value; 178 Time now = system_state_->clock()->GetWallclockTime(); 179 if (system_state_->prefs()->Exists(kPrefsDailyMetricsLastReportedAt) && 180 system_state_->prefs()->GetInt64(kPrefsDailyMetricsLastReportedAt, 181 &stored_value)) { 182 Time last_reported_at = Time::FromInternalValue(stored_value); 183 TimeDelta time_reported_since = now - last_reported_at; 184 if (time_reported_since.InSeconds() < 0) { 185 LOG(WARNING) << "Last reported daily metrics " 186 << utils::FormatTimeDelta(time_reported_since) << " ago " 187 << "which is negative. Either the system clock is wrong or " 188 << "the kPrefsDailyMetricsLastReportedAt state variable " 189 << "is wrong."; 190 // In this case, report daily metrics to reset. 191 } else { 192 if (time_reported_since.InSeconds() < 24*60*60) { 193 LOG(INFO) << "Last reported daily metrics " 194 << utils::FormatTimeDelta(time_reported_since) << " ago."; 195 return false; 196 } 197 LOG(INFO) << "Last reported daily metrics " 198 << utils::FormatTimeDelta(time_reported_since) << " ago, " 199 << "which is more than 24 hours ago."; 200 } 201 } 202 203 LOG(INFO) << "Reporting daily metrics."; 204 system_state_->prefs()->SetInt64(kPrefsDailyMetricsLastReportedAt, 205 now.ToInternalValue()); 206 207 ReportOSAge(); 208 209 return true; 210 } 211 212 void UpdateAttempter::ReportOSAge() { 213 struct stat sb; 214 215 if (system_state_ == nullptr) 216 return; 217 218 if (stat("/etc/lsb-release", &sb) != 0) { 219 PLOG(ERROR) << "Error getting file status for /etc/lsb-release " 220 << "(Note: this may happen in some unit tests)"; 221 return; 222 } 223 224 Time lsb_release_timestamp = utils::TimeFromStructTimespec(&sb.st_ctim); 225 Time now = system_state_->clock()->GetWallclockTime(); 226 TimeDelta age = now - lsb_release_timestamp; 227 if (age.InSeconds() < 0) { 228 LOG(ERROR) << "The OS age (" << utils::FormatTimeDelta(age) 229 << ") is negative. Maybe the clock is wrong? " 230 << "(Note: this may happen in some unit tests.)"; 231 return; 232 } 233 234 system_state_->metrics_reporter()->ReportDailyMetrics(age); 235 } 236 237 void UpdateAttempter::Update(const string& app_version, 238 const string& omaha_url, 239 const string& target_channel, 240 const string& target_version_prefix, 241 bool obey_proxies, 242 bool interactive) { 243 // This is normally called frequently enough so it's appropriate to use as a 244 // hook for reporting daily metrics. 245 // TODO(garnold) This should be hooked to a separate (reliable and consistent) 246 // timeout event. 247 CheckAndReportDailyMetrics(); 248 249 // Notify of the new update attempt, clearing prior interactive requests. 250 if (forced_update_pending_callback_.get()) 251 forced_update_pending_callback_->Run(false, false); 252 253 fake_update_success_ = false; 254 if (status_ == UpdateStatus::UPDATED_NEED_REBOOT) { 255 // Although we have applied an update, we still want to ping Omaha 256 // to ensure the number of active statistics is accurate. 257 // 258 // Also convey to the UpdateEngine.Check.Result metric that we're 259 // not performing an update check because of this. 260 LOG(INFO) << "Not updating b/c we already updated and we're waiting for " 261 << "reboot, we'll ping Omaha instead"; 262 system_state_->metrics_reporter()->ReportUpdateCheckMetrics( 263 system_state_, 264 metrics::CheckResult::kRebootPending, 265 metrics::CheckReaction::kUnset, 266 metrics::DownloadErrorCode::kUnset); 267 PingOmaha(); 268 return; 269 } 270 if (status_ != UpdateStatus::IDLE) { 271 // Update in progress. Do nothing 272 return; 273 } 274 275 if (!CalculateUpdateParams(app_version, 276 omaha_url, 277 target_channel, 278 target_version_prefix, 279 obey_proxies, 280 interactive)) { 281 return; 282 } 283 284 BuildUpdateActions(interactive); 285 286 SetStatusAndNotify(UpdateStatus::CHECKING_FOR_UPDATE); 287 288 // Update the last check time here; it may be re-updated when an Omaha 289 // response is received, but this will prevent us from repeatedly scheduling 290 // checks in the case where a response is not received. 291 UpdateLastCheckedTime(); 292 293 // Just in case we didn't update boot flags yet, make sure they're updated 294 // before any update processing starts. 295 start_action_processor_ = true; 296 UpdateBootFlags(); 297 } 298 299 void UpdateAttempter::RefreshDevicePolicy() { 300 // Lazy initialize the policy provider, or reload the latest policy data. 301 if (!policy_provider_.get()) 302 policy_provider_.reset(new policy::PolicyProvider()); 303 policy_provider_->Reload(); 304 305 const policy::DevicePolicy* device_policy = nullptr; 306 if (policy_provider_->device_policy_is_loaded()) 307 device_policy = &policy_provider_->GetDevicePolicy(); 308 309 if (device_policy) 310 LOG(INFO) << "Device policies/settings present"; 311 else 312 LOG(INFO) << "No device policies/settings present."; 313 314 system_state_->set_device_policy(device_policy); 315 system_state_->p2p_manager()->SetDevicePolicy(device_policy); 316 } 317 318 void UpdateAttempter::CalculateP2PParams(bool interactive) { 319 bool use_p2p_for_downloading = false; 320 bool use_p2p_for_sharing = false; 321 322 // Never use p2p for downloading in interactive checks unless the developer 323 // has opted in for it via a marker file. 324 // 325 // (Why would a developer want to opt in? If they are working on the 326 // update_engine or p2p codebases so they can actually test their code.) 327 328 if (system_state_ != nullptr) { 329 if (!system_state_->p2p_manager()->IsP2PEnabled()) { 330 LOG(INFO) << "p2p is not enabled - disallowing p2p for both" 331 << " downloading and sharing."; 332 } else { 333 // Allow p2p for sharing, even in interactive checks. 334 use_p2p_for_sharing = true; 335 if (!interactive) { 336 LOG(INFO) << "Non-interactive check - allowing p2p for downloading"; 337 use_p2p_for_downloading = true; 338 } else { 339 LOG(INFO) << "Forcibly disabling use of p2p for downloading " 340 << "since this update attempt is interactive."; 341 } 342 } 343 } 344 345 PayloadStateInterface* const payload_state = system_state_->payload_state(); 346 payload_state->SetUsingP2PForDownloading(use_p2p_for_downloading); 347 payload_state->SetUsingP2PForSharing(use_p2p_for_sharing); 348 } 349 350 bool UpdateAttempter::CalculateUpdateParams(const string& app_version, 351 const string& omaha_url, 352 const string& target_channel, 353 const string& target_version_prefix, 354 bool obey_proxies, 355 bool interactive) { 356 http_response_code_ = 0; 357 PayloadStateInterface* const payload_state = system_state_->payload_state(); 358 359 // Refresh the policy before computing all the update parameters. 360 RefreshDevicePolicy(); 361 362 // Update the target version prefix. 363 omaha_request_params_->set_target_version_prefix(target_version_prefix); 364 365 CalculateScatteringParams(interactive); 366 367 CalculateP2PParams(interactive); 368 if (payload_state->GetUsingP2PForDownloading() || 369 payload_state->GetUsingP2PForSharing()) { 370 // OK, p2p is to be used - start it and perform housekeeping. 371 if (!StartP2PAndPerformHousekeeping()) { 372 // If this fails, disable p2p for this attempt 373 LOG(INFO) << "Forcibly disabling use of p2p since starting p2p or " 374 << "performing housekeeping failed."; 375 payload_state->SetUsingP2PForDownloading(false); 376 payload_state->SetUsingP2PForSharing(false); 377 } 378 } 379 380 if (!omaha_request_params_->Init(app_version, 381 omaha_url, 382 interactive)) { 383 LOG(ERROR) << "Unable to initialize Omaha request params."; 384 return false; 385 } 386 387 // Set the target channel, if one was provided. 388 if (target_channel.empty()) { 389 LOG(INFO) << "No target channel mandated by policy."; 390 } else { 391 LOG(INFO) << "Setting target channel as mandated: " << target_channel; 392 // Pass in false for powerwash_allowed until we add it to the policy 393 // protobuf. 394 string error_message; 395 if (!omaha_request_params_->SetTargetChannel(target_channel, false, 396 &error_message)) { 397 LOG(ERROR) << "Setting the channel failed: " << error_message; 398 } 399 400 // Since this is the beginning of a new attempt, update the download 401 // channel. The download channel won't be updated until the next attempt, 402 // even if target channel changes meanwhile, so that how we'll know if we 403 // should cancel the current download attempt if there's such a change in 404 // target channel. 405 omaha_request_params_->UpdateDownloadChannel(); 406 } 407 408 LOG(INFO) << "target_version_prefix = " 409 << omaha_request_params_->target_version_prefix() 410 << ", scatter_factor_in_seconds = " 411 << utils::FormatSecs(scatter_factor_.InSeconds()); 412 413 LOG(INFO) << "Wall Clock Based Wait Enabled = " 414 << omaha_request_params_->wall_clock_based_wait_enabled() 415 << ", Update Check Count Wait Enabled = " 416 << omaha_request_params_->update_check_count_wait_enabled() 417 << ", Waiting Period = " << utils::FormatSecs( 418 omaha_request_params_->waiting_period().InSeconds()); 419 420 LOG(INFO) << "Use p2p For Downloading = " 421 << payload_state->GetUsingP2PForDownloading() 422 << ", Use p2p For Sharing = " 423 << payload_state->GetUsingP2PForSharing(); 424 425 obeying_proxies_ = true; 426 if (obey_proxies || proxy_manual_checks_ == 0) { 427 LOG(INFO) << "forced to obey proxies"; 428 // If forced to obey proxies, every 20th request will not use proxies 429 proxy_manual_checks_++; 430 LOG(INFO) << "proxy manual checks: " << proxy_manual_checks_; 431 if (proxy_manual_checks_ >= kMaxConsecutiveObeyProxyRequests) { 432 proxy_manual_checks_ = 0; 433 obeying_proxies_ = false; 434 } 435 } else if (base::RandInt(0, 4) == 0) { 436 obeying_proxies_ = false; 437 } 438 LOG_IF(INFO, !obeying_proxies_) << "To help ensure updates work, this update " 439 "check we are ignoring the proxy settings and using " 440 "direct connections."; 441 442 DisableDeltaUpdateIfNeeded(); 443 return true; 444 } 445 446 void UpdateAttempter::CalculateScatteringParams(bool interactive) { 447 // Take a copy of the old scatter value before we update it, as 448 // we need to update the waiting period if this value changes. 449 TimeDelta old_scatter_factor = scatter_factor_; 450 const policy::DevicePolicy* device_policy = system_state_->device_policy(); 451 if (device_policy) { 452 int64_t new_scatter_factor_in_secs = 0; 453 device_policy->GetScatterFactorInSeconds(&new_scatter_factor_in_secs); 454 if (new_scatter_factor_in_secs < 0) // sanitize input, just in case. 455 new_scatter_factor_in_secs = 0; 456 scatter_factor_ = TimeDelta::FromSeconds(new_scatter_factor_in_secs); 457 } 458 459 bool is_scatter_enabled = false; 460 if (scatter_factor_.InSeconds() == 0) { 461 LOG(INFO) << "Scattering disabled since scatter factor is set to 0"; 462 } else if (interactive) { 463 LOG(INFO) << "Scattering disabled as this is an interactive update check"; 464 } else if (system_state_->hardware()->IsOOBEEnabled() && 465 !system_state_->hardware()->IsOOBEComplete(nullptr)) { 466 LOG(INFO) << "Scattering disabled since OOBE is enabled but not complete " 467 "yet"; 468 } else { 469 is_scatter_enabled = true; 470 LOG(INFO) << "Scattering is enabled"; 471 } 472 473 if (is_scatter_enabled) { 474 // This means the scattering policy is turned on. 475 // Now check if we need to update the waiting period. The two cases 476 // in which we'd need to update the waiting period are: 477 // 1. First time in process or a scheduled check after a user-initiated one. 478 // (omaha_request_params_->waiting_period will be zero in this case). 479 // 2. Admin has changed the scattering policy value. 480 // (new scattering value will be different from old one in this case). 481 int64_t wait_period_in_secs = 0; 482 if (omaha_request_params_->waiting_period().InSeconds() == 0) { 483 // First case. Check if we have a suitable value to set for 484 // the waiting period. 485 if (prefs_->GetInt64(kPrefsWallClockWaitPeriod, &wait_period_in_secs) && 486 wait_period_in_secs > 0 && 487 wait_period_in_secs <= scatter_factor_.InSeconds()) { 488 // This means: 489 // 1. There's a persisted value for the waiting period available. 490 // 2. And that persisted value is still valid. 491 // So, in this case, we should reuse the persisted value instead of 492 // generating a new random value to improve the chances of a good 493 // distribution for scattering. 494 omaha_request_params_->set_waiting_period( 495 TimeDelta::FromSeconds(wait_period_in_secs)); 496 LOG(INFO) << "Using persisted wall-clock waiting period: " << 497 utils::FormatSecs( 498 omaha_request_params_->waiting_period().InSeconds()); 499 } else { 500 // This means there's no persisted value for the waiting period 501 // available or its value is invalid given the new scatter_factor value. 502 // So, we should go ahead and regenerate a new value for the 503 // waiting period. 504 LOG(INFO) << "Persisted value not present or not valid (" 505 << utils::FormatSecs(wait_period_in_secs) 506 << ") for wall-clock waiting period."; 507 GenerateNewWaitingPeriod(); 508 } 509 } else if (scatter_factor_ != old_scatter_factor) { 510 // This means there's already a waiting period value, but we detected 511 // a change in the scattering policy value. So, we should regenerate the 512 // waiting period to make sure it's within the bounds of the new scatter 513 // factor value. 514 GenerateNewWaitingPeriod(); 515 } else { 516 // Neither the first time scattering is enabled nor the scattering value 517 // changed. Nothing to do. 518 LOG(INFO) << "Keeping current wall-clock waiting period: " << 519 utils::FormatSecs( 520 omaha_request_params_->waiting_period().InSeconds()); 521 } 522 523 // The invariant at this point is that omaha_request_params_->waiting_period 524 // is non-zero no matter which path we took above. 525 LOG_IF(ERROR, omaha_request_params_->waiting_period().InSeconds() == 0) 526 << "Waiting Period should NOT be zero at this point!!!"; 527 528 // Since scattering is enabled, wall clock based wait will always be 529 // enabled. 530 omaha_request_params_->set_wall_clock_based_wait_enabled(true); 531 532 // If we don't have any issues in accessing the file system to update 533 // the update check count value, we'll turn that on as well. 534 bool decrement_succeeded = DecrementUpdateCheckCount(); 535 omaha_request_params_->set_update_check_count_wait_enabled( 536 decrement_succeeded); 537 } else { 538 // This means the scattering feature is turned off or disabled for 539 // this particular update check. Make sure to disable 540 // all the knobs and artifacts so that we don't invoke any scattering 541 // related code. 542 omaha_request_params_->set_wall_clock_based_wait_enabled(false); 543 omaha_request_params_->set_update_check_count_wait_enabled(false); 544 omaha_request_params_->set_waiting_period(TimeDelta::FromSeconds(0)); 545 prefs_->Delete(kPrefsWallClockWaitPeriod); 546 prefs_->Delete(kPrefsUpdateCheckCount); 547 // Don't delete the UpdateFirstSeenAt file as we don't want manual checks 548 // that result in no-updates (e.g. due to server side throttling) to 549 // cause update starvation by having the client generate a new 550 // UpdateFirstSeenAt for each scheduled check that follows a manual check. 551 } 552 } 553 554 void UpdateAttempter::GenerateNewWaitingPeriod() { 555 omaha_request_params_->set_waiting_period(TimeDelta::FromSeconds( 556 base::RandInt(1, scatter_factor_.InSeconds()))); 557 558 LOG(INFO) << "Generated new wall-clock waiting period: " << utils::FormatSecs( 559 omaha_request_params_->waiting_period().InSeconds()); 560 561 // Do a best-effort to persist this in all cases. Even if the persistence 562 // fails, we'll still be able to scatter based on our in-memory value. 563 // The persistence only helps in ensuring a good overall distribution 564 // across multiple devices if they tend to reboot too often. 565 system_state_->payload_state()->SetScatteringWaitPeriod( 566 omaha_request_params_->waiting_period()); 567 } 568 569 void UpdateAttempter::BuildPostInstallActions( 570 InstallPlanAction* previous_action) { 571 shared_ptr<PostinstallRunnerAction> postinstall_runner_action( 572 new PostinstallRunnerAction(system_state_->boot_control(), 573 system_state_->hardware())); 574 postinstall_runner_action->set_delegate(this); 575 actions_.push_back(shared_ptr<AbstractAction>(postinstall_runner_action)); 576 BondActions(previous_action, 577 postinstall_runner_action.get()); 578 } 579 580 void UpdateAttempter::BuildUpdateActions(bool interactive) { 581 CHECK(!processor_->IsRunning()); 582 processor_->set_delegate(this); 583 584 // Actions: 585 std::unique_ptr<LibcurlHttpFetcher> update_check_fetcher( 586 new LibcurlHttpFetcher(GetProxyResolver(), system_state_->hardware())); 587 update_check_fetcher->set_server_to_check(ServerToCheck::kUpdate); 588 // Try harder to connect to the network, esp when not interactive. 589 // See comment in libcurl_http_fetcher.cc. 590 update_check_fetcher->set_no_network_max_retries(interactive ? 1 : 3); 591 shared_ptr<OmahaRequestAction> update_check_action( 592 new OmahaRequestAction(system_state_, 593 nullptr, 594 std::move(update_check_fetcher), 595 false)); 596 shared_ptr<OmahaResponseHandlerAction> response_handler_action( 597 new OmahaResponseHandlerAction(system_state_)); 598 599 shared_ptr<OmahaRequestAction> download_started_action(new OmahaRequestAction( 600 system_state_, 601 new OmahaEvent(OmahaEvent::kTypeUpdateDownloadStarted), 602 std::make_unique<LibcurlHttpFetcher>(GetProxyResolver(), 603 system_state_->hardware()), 604 false)); 605 606 LibcurlHttpFetcher* download_fetcher = 607 new LibcurlHttpFetcher(GetProxyResolver(), system_state_->hardware()); 608 download_fetcher->set_server_to_check(ServerToCheck::kDownload); 609 if (interactive) 610 download_fetcher->set_max_retry_count(kDownloadMaxRetryCountInteractive); 611 shared_ptr<DownloadAction> download_action( 612 new DownloadAction(prefs_, 613 system_state_->boot_control(), 614 system_state_->hardware(), 615 system_state_, 616 download_fetcher, // passes ownership 617 interactive)); 618 shared_ptr<OmahaRequestAction> download_finished_action( 619 new OmahaRequestAction( 620 system_state_, 621 new OmahaEvent(OmahaEvent::kTypeUpdateDownloadFinished), 622 std::make_unique<LibcurlHttpFetcher>(GetProxyResolver(), 623 system_state_->hardware()), 624 false)); 625 shared_ptr<FilesystemVerifierAction> filesystem_verifier_action( 626 new FilesystemVerifierAction()); 627 shared_ptr<OmahaRequestAction> update_complete_action( 628 new OmahaRequestAction(system_state_, 629 new OmahaEvent(OmahaEvent::kTypeUpdateComplete), 630 std::make_unique<LibcurlHttpFetcher>( 631 GetProxyResolver(), system_state_->hardware()), 632 false)); 633 634 download_action->set_delegate(this); 635 response_handler_action_ = response_handler_action; 636 download_action_ = download_action; 637 638 actions_.push_back(shared_ptr<AbstractAction>(update_check_action)); 639 actions_.push_back(shared_ptr<AbstractAction>(response_handler_action)); 640 actions_.push_back(shared_ptr<AbstractAction>(download_started_action)); 641 actions_.push_back(shared_ptr<AbstractAction>(download_action)); 642 actions_.push_back(shared_ptr<AbstractAction>(download_finished_action)); 643 actions_.push_back(shared_ptr<AbstractAction>(filesystem_verifier_action)); 644 645 // Bond them together. We have to use the leaf-types when calling 646 // BondActions(). 647 BondActions(update_check_action.get(), 648 response_handler_action.get()); 649 BondActions(response_handler_action.get(), 650 download_action.get()); 651 BondActions(download_action.get(), 652 filesystem_verifier_action.get()); 653 BuildPostInstallActions(filesystem_verifier_action.get()); 654 655 actions_.push_back(shared_ptr<AbstractAction>(update_complete_action)); 656 657 // Enqueue the actions 658 for (const shared_ptr<AbstractAction>& action : actions_) { 659 processor_->EnqueueAction(action.get()); 660 } 661 } 662 663 bool UpdateAttempter::Rollback(bool powerwash) { 664 if (!CanRollback()) { 665 return false; 666 } 667 668 // Extra check for enterprise-enrolled devices since they don't support 669 // powerwash. 670 if (powerwash) { 671 // Enterprise-enrolled devices have an empty owner in their device policy. 672 string owner; 673 RefreshDevicePolicy(); 674 const policy::DevicePolicy* device_policy = system_state_->device_policy(); 675 if (device_policy && (!device_policy->GetOwner(&owner) || owner.empty())) { 676 LOG(ERROR) << "Enterprise device detected. " 677 << "Cannot perform a powerwash for enterprise devices."; 678 return false; 679 } 680 } 681 682 processor_->set_delegate(this); 683 684 // Initialize the default request params. 685 if (!omaha_request_params_->Init("", "", true)) { 686 LOG(ERROR) << "Unable to initialize Omaha request params."; 687 return false; 688 } 689 690 LOG(INFO) << "Setting rollback options."; 691 InstallPlan install_plan; 692 693 install_plan.target_slot = GetRollbackSlot(); 694 install_plan.source_slot = system_state_->boot_control()->GetCurrentSlot(); 695 696 TEST_AND_RETURN_FALSE( 697 install_plan.LoadPartitionsFromSlots(system_state_->boot_control())); 698 install_plan.powerwash_required = powerwash; 699 700 LOG(INFO) << "Using this install plan:"; 701 install_plan.Dump(); 702 703 shared_ptr<InstallPlanAction> install_plan_action( 704 new InstallPlanAction(install_plan)); 705 actions_.push_back(shared_ptr<AbstractAction>(install_plan_action)); 706 707 BuildPostInstallActions(install_plan_action.get()); 708 709 // Enqueue the actions 710 for (const shared_ptr<AbstractAction>& action : actions_) { 711 processor_->EnqueueAction(action.get()); 712 } 713 714 // Update the payload state for Rollback. 715 system_state_->payload_state()->Rollback(); 716 717 SetStatusAndNotify(UpdateStatus::ATTEMPTING_ROLLBACK); 718 719 // Just in case we didn't update boot flags yet, make sure they're updated 720 // before any update processing starts. This also schedules the start of the 721 // actions we just posted. 722 start_action_processor_ = true; 723 UpdateBootFlags(); 724 return true; 725 } 726 727 bool UpdateAttempter::CanRollback() const { 728 // We can only rollback if the update_engine isn't busy and we have a valid 729 // rollback partition. 730 return (status_ == UpdateStatus::IDLE && 731 GetRollbackSlot() != BootControlInterface::kInvalidSlot); 732 } 733 734 BootControlInterface::Slot UpdateAttempter::GetRollbackSlot() const { 735 LOG(INFO) << "UpdateAttempter::GetRollbackSlot"; 736 const unsigned int num_slots = system_state_->boot_control()->GetNumSlots(); 737 const BootControlInterface::Slot current_slot = 738 system_state_->boot_control()->GetCurrentSlot(); 739 740 LOG(INFO) << " Installed slots: " << num_slots; 741 LOG(INFO) << " Booted from slot: " 742 << BootControlInterface::SlotName(current_slot); 743 744 if (current_slot == BootControlInterface::kInvalidSlot || num_slots < 2) { 745 LOG(INFO) << "Device is not updateable."; 746 return BootControlInterface::kInvalidSlot; 747 } 748 749 vector<BootControlInterface::Slot> bootable_slots; 750 for (BootControlInterface::Slot slot = 0; slot < num_slots; slot++) { 751 if (slot != current_slot && 752 system_state_->boot_control()->IsSlotBootable(slot)) { 753 LOG(INFO) << "Found bootable slot " 754 << BootControlInterface::SlotName(slot); 755 return slot; 756 } 757 } 758 LOG(INFO) << "No other bootable slot found."; 759 return BootControlInterface::kInvalidSlot; 760 } 761 762 bool UpdateAttempter::CheckForUpdate(const string& app_version, 763 const string& omaha_url, 764 UpdateAttemptFlags flags) { 765 bool interactive = !(flags & UpdateAttemptFlags::kFlagNonInteractive); 766 767 if (interactive && status_ != UpdateStatus::IDLE) { 768 // An update check is either in-progress, or an update has completed and the 769 // system is in UPDATED_NEED_REBOOT. Either way, don't do an interactive 770 // update at this time 771 LOG(INFO) << "Refusing to do an interactive update with an update already " 772 "in progress"; 773 return false; 774 } 775 776 LOG(INFO) << "Forced update check requested."; 777 forced_app_version_.clear(); 778 forced_omaha_url_.clear(); 779 780 // Certain conditions must be met to allow setting custom version and update 781 // server URLs. However, kScheduledAUTestURLRequest and kAUTestURLRequest are 782 // always allowed regardless of device state. 783 if (IsAnyUpdateSourceAllowed()) { 784 forced_app_version_ = app_version; 785 forced_omaha_url_ = omaha_url; 786 } 787 if (omaha_url == kScheduledAUTestURLRequest) { 788 forced_omaha_url_ = constants::kOmahaDefaultAUTestURL; 789 // Pretend that it's not user-initiated even though it is, 790 // so as to test scattering logic, etc. which get kicked off 791 // only in scheduled update checks. 792 interactive = false; 793 } else if (omaha_url == kAUTestURLRequest) { 794 forced_omaha_url_ = constants::kOmahaDefaultAUTestURL; 795 } 796 797 if (interactive) { 798 // Use the passed-in update attempt flags for this update attempt instead 799 // of the previously set ones. 800 current_update_attempt_flags_ = flags; 801 // Note: The caching for non-interactive update checks happens in 802 // OnUpdateScheduled(). 803 } 804 805 if (forced_update_pending_callback_.get()) { 806 // Make sure that a scheduling request is made prior to calling the forced 807 // update pending callback. 808 ScheduleUpdates(); 809 forced_update_pending_callback_->Run(true, interactive); 810 } 811 812 return true; 813 } 814 815 bool UpdateAttempter::RebootIfNeeded() { 816 if (status_ != UpdateStatus::UPDATED_NEED_REBOOT) { 817 LOG(INFO) << "Reboot requested, but status is " 818 << UpdateStatusToString(status_) << ", so not rebooting."; 819 return false; 820 } 821 822 if (system_state_->power_manager()->RequestReboot()) 823 return true; 824 825 return RebootDirectly(); 826 } 827 828 void UpdateAttempter::WriteUpdateCompletedMarker() { 829 string boot_id; 830 if (!utils::GetBootId(&boot_id)) 831 return; 832 prefs_->SetString(kPrefsUpdateCompletedOnBootId, boot_id); 833 834 int64_t value = system_state_->clock()->GetBootTime().ToInternalValue(); 835 prefs_->SetInt64(kPrefsUpdateCompletedBootTime, value); 836 } 837 838 bool UpdateAttempter::RebootDirectly() { 839 vector<string> command; 840 command.push_back("/sbin/shutdown"); 841 command.push_back("-r"); 842 command.push_back("now"); 843 LOG(INFO) << "Running \"" << base::JoinString(command, " ") << "\""; 844 int rc = 0; 845 Subprocess::SynchronousExec(command, &rc, nullptr); 846 return rc == 0; 847 } 848 849 void UpdateAttempter::OnUpdateScheduled(EvalStatus status, 850 const UpdateCheckParams& params) { 851 waiting_for_scheduled_check_ = false; 852 853 if (status == EvalStatus::kSucceeded) { 854 if (!params.updates_enabled) { 855 LOG(WARNING) << "Updates permanently disabled."; 856 // Signal disabled status, then switch right back to idle. This is 857 // necessary for ensuring that observers waiting for a signal change will 858 // actually notice one on subsequent calls. Note that we don't need to 859 // re-schedule a check in this case as updates are permanently disabled; 860 // further (forced) checks may still initiate a scheduling call. 861 SetStatusAndNotify(UpdateStatus::DISABLED); 862 SetStatusAndNotify(UpdateStatus::IDLE); 863 return; 864 } 865 866 LOG(INFO) << "Running " 867 << (params.is_interactive ? "interactive" : "periodic") 868 << " update."; 869 870 if (!params.is_interactive) { 871 // Cache the update attempt flags that will be used by this update attempt 872 // so that they can't be changed mid-way through. 873 current_update_attempt_flags_ = update_attempt_flags_; 874 } 875 876 LOG(INFO) << "Update attempt flags in use = 0x" << std::hex 877 << current_update_attempt_flags_; 878 879 Update(forced_app_version_, forced_omaha_url_, params.target_channel, 880 params.target_version_prefix, false, params.is_interactive); 881 // Always clear the forced app_version and omaha_url after an update attempt 882 // so the next update uses the defaults. 883 forced_app_version_.clear(); 884 forced_omaha_url_.clear(); 885 } else { 886 LOG(WARNING) 887 << "Update check scheduling failed (possibly timed out); retrying."; 888 ScheduleUpdates(); 889 } 890 891 // This check ensures that future update checks will be or are already 892 // scheduled. The check should never fail. A check failure means that there's 893 // a bug that will most likely prevent further automatic update checks. It 894 // seems better to crash in such cases and restart the update_engine daemon 895 // into, hopefully, a known good state. 896 CHECK(IsUpdateRunningOrScheduled()); 897 } 898 899 void UpdateAttempter::UpdateLastCheckedTime() { 900 last_checked_time_ = system_state_->clock()->GetWallclockTime().ToTimeT(); 901 } 902 903 // Delegate methods: 904 void UpdateAttempter::ProcessingDone(const ActionProcessor* processor, 905 ErrorCode code) { 906 LOG(INFO) << "Processing Done."; 907 actions_.clear(); 908 909 // Reset cpu shares back to normal. 910 cpu_limiter_.StopLimiter(); 911 912 // reset the state that's only valid for a single update pass 913 current_update_attempt_flags_ = UpdateAttemptFlags::kNone; 914 915 if (status_ == UpdateStatus::REPORTING_ERROR_EVENT) { 916 LOG(INFO) << "Error event sent."; 917 918 // Inform scheduler of new status; 919 SetStatusAndNotify(UpdateStatus::IDLE); 920 ScheduleUpdates(); 921 922 if (!fake_update_success_) { 923 return; 924 } 925 LOG(INFO) << "Booted from FW B and tried to install new firmware, " 926 "so requesting reboot from user."; 927 } 928 929 if (code == ErrorCode::kSuccess) { 930 WriteUpdateCompletedMarker(); 931 prefs_->SetInt64(kPrefsDeltaUpdateFailures, 0); 932 prefs_->SetString(kPrefsPreviousVersion, 933 omaha_request_params_->app_version()); 934 DeltaPerformer::ResetUpdateProgress(prefs_, false); 935 936 system_state_->payload_state()->UpdateSucceeded(); 937 938 // Since we're done with scattering fully at this point, this is the 939 // safest point delete the state files, as we're sure that the status is 940 // set to reboot (which means no more updates will be applied until reboot) 941 // This deletion is required for correctness as we want the next update 942 // check to re-create a new random number for the update check count. 943 // Similarly, we also delete the wall-clock-wait period that was persisted 944 // so that we start with a new random value for the next update check 945 // after reboot so that the same device is not favored or punished in any 946 // way. 947 prefs_->Delete(kPrefsUpdateCheckCount); 948 system_state_->payload_state()->SetScatteringWaitPeriod(TimeDelta()); 949 prefs_->Delete(kPrefsUpdateFirstSeenAt); 950 951 SetStatusAndNotify(UpdateStatus::UPDATED_NEED_REBOOT); 952 ScheduleUpdates(); 953 LOG(INFO) << "Update successfully applied, waiting to reboot."; 954 955 // This pointer is null during rollback operations, and the stats 956 // don't make much sense then anyway. 957 if (response_handler_action_) { 958 const InstallPlan& install_plan = 959 response_handler_action_->install_plan(); 960 961 // Generate an unique payload identifier. 962 string target_version_uid; 963 for (const auto& payload : install_plan.payloads) { 964 target_version_uid += 965 brillo::data_encoding::Base64Encode(payload.hash) + ":" + 966 payload.metadata_signature + ":"; 967 } 968 969 // Expect to reboot into the new version to send the proper metric during 970 // next boot. 971 system_state_->payload_state()->ExpectRebootInNewVersion( 972 target_version_uid); 973 } else { 974 // If we just finished a rollback, then we expect to have no Omaha 975 // response. Otherwise, it's an error. 976 if (system_state_->payload_state()->GetRollbackVersion().empty()) { 977 LOG(ERROR) << "Can't send metrics because expected " 978 "response_handler_action_ missing."; 979 } 980 } 981 return; 982 } 983 984 if (ScheduleErrorEventAction()) { 985 return; 986 } 987 LOG(INFO) << "No update."; 988 SetStatusAndNotify(UpdateStatus::IDLE); 989 ScheduleUpdates(); 990 } 991 992 void UpdateAttempter::ProcessingStopped(const ActionProcessor* processor) { 993 // Reset cpu shares back to normal. 994 cpu_limiter_.StopLimiter(); 995 download_progress_ = 0.0; 996 SetStatusAndNotify(UpdateStatus::IDLE); 997 ScheduleUpdates(); 998 actions_.clear(); 999 error_event_.reset(nullptr); 1000 } 1001 1002 // Called whenever an action has finished processing, either successfully 1003 // or otherwise. 1004 void UpdateAttempter::ActionCompleted(ActionProcessor* processor, 1005 AbstractAction* action, 1006 ErrorCode code) { 1007 // Reset download progress regardless of whether or not the download 1008 // action succeeded. Also, get the response code from HTTP request 1009 // actions (update download as well as the initial update check 1010 // actions). 1011 const string type = action->Type(); 1012 if (type == DownloadAction::StaticType()) { 1013 download_progress_ = 0.0; 1014 DownloadAction* download_action = static_cast<DownloadAction*>(action); 1015 http_response_code_ = download_action->GetHTTPResponseCode(); 1016 } else if (type == OmahaRequestAction::StaticType()) { 1017 OmahaRequestAction* omaha_request_action = 1018 static_cast<OmahaRequestAction*>(action); 1019 // If the request is not an event, then it's the update-check. 1020 if (!omaha_request_action->IsEvent()) { 1021 http_response_code_ = omaha_request_action->GetHTTPResponseCode(); 1022 1023 // Record the number of consecutive failed update checks. 1024 if (http_response_code_ == kHttpResponseInternalServerError || 1025 http_response_code_ == kHttpResponseServiceUnavailable) { 1026 consecutive_failed_update_checks_++; 1027 } else { 1028 consecutive_failed_update_checks_ = 0; 1029 } 1030 1031 // Store the server-dictated poll interval, if any. 1032 server_dictated_poll_interval_ = 1033 std::max(0, omaha_request_action->GetOutputObject().poll_interval); 1034 } 1035 } else if (type == OmahaResponseHandlerAction::StaticType()) { 1036 // Depending on the returned error code, note that an update is available. 1037 if (code == ErrorCode::kOmahaUpdateDeferredPerPolicy || 1038 code == ErrorCode::kSuccess) { 1039 // Note that the status will be updated to DOWNLOADING when some bytes 1040 // get actually downloaded from the server and the BytesReceived 1041 // callback is invoked. This avoids notifying the user that a download 1042 // has started in cases when the server and the client are unable to 1043 // initiate the download. 1044 CHECK(action == response_handler_action_.get()); 1045 auto plan = response_handler_action_->install_plan(); 1046 UpdateLastCheckedTime(); 1047 new_version_ = plan.version; 1048 new_system_version_ = plan.system_version; 1049 new_payload_size_ = 0; 1050 for (const auto& payload : plan.payloads) 1051 new_payload_size_ += payload.size; 1052 cpu_limiter_.StartLimiter(); 1053 SetStatusAndNotify(UpdateStatus::UPDATE_AVAILABLE); 1054 } 1055 } 1056 // General failure cases. 1057 if (code != ErrorCode::kSuccess) { 1058 // If the current state is at or past the download phase, count the failure 1059 // in case a switch to full update becomes necessary. Ignore network 1060 // transfer timeouts and failures. 1061 if (status_ >= UpdateStatus::DOWNLOADING && 1062 code != ErrorCode::kDownloadTransferError) { 1063 MarkDeltaUpdateFailure(); 1064 } 1065 // On failure, schedule an error event to be sent to Omaha. 1066 CreatePendingErrorEvent(action, code); 1067 return; 1068 } 1069 // Find out which action completed (successfully). 1070 if (type == DownloadAction::StaticType()) { 1071 SetStatusAndNotify(UpdateStatus::FINALIZING); 1072 } else if (type == FilesystemVerifierAction::StaticType()) { 1073 // Log the system properties before the postinst and after the file system 1074 // is verified. It used to be done in the postinst itself. But postinst 1075 // cannot do this anymore. On the other hand, these logs are frequently 1076 // looked at and it is preferable not to scatter them in random location in 1077 // the log and rather log it right before the postinst. The reason not do 1078 // this in the |PostinstallRunnerAction| is to prevent dependency from 1079 // libpayload_consumer to libupdate_engine. 1080 LogImageProperties(); 1081 } 1082 } 1083 1084 void UpdateAttempter::BytesReceived(uint64_t bytes_progressed, 1085 uint64_t bytes_received, 1086 uint64_t total) { 1087 // The PayloadState keeps track of how many bytes were actually downloaded 1088 // from a given URL for the URL skipping logic. 1089 system_state_->payload_state()->DownloadProgress(bytes_progressed); 1090 1091 double progress = 0; 1092 if (total) 1093 progress = static_cast<double>(bytes_received) / static_cast<double>(total); 1094 if (status_ != UpdateStatus::DOWNLOADING || bytes_received == total) { 1095 download_progress_ = progress; 1096 SetStatusAndNotify(UpdateStatus::DOWNLOADING); 1097 } else { 1098 ProgressUpdate(progress); 1099 } 1100 } 1101 1102 void UpdateAttempter::DownloadComplete() { 1103 system_state_->payload_state()->DownloadComplete(); 1104 } 1105 1106 void UpdateAttempter::ProgressUpdate(double progress) { 1107 // Self throttle based on progress. Also send notifications if progress is 1108 // too slow. 1109 if (progress == 1.0 || 1110 progress - download_progress_ >= kBroadcastThresholdProgress || 1111 TimeTicks::Now() - last_notify_time_ >= 1112 TimeDelta::FromSeconds(kBroadcastThresholdSeconds)) { 1113 download_progress_ = progress; 1114 BroadcastStatus(); 1115 } 1116 } 1117 1118 bool UpdateAttempter::ResetStatus() { 1119 LOG(INFO) << "Attempting to reset state from " 1120 << UpdateStatusToString(status_) << " to UpdateStatus::IDLE"; 1121 1122 switch (status_) { 1123 case UpdateStatus::IDLE: 1124 // no-op. 1125 return true; 1126 1127 case UpdateStatus::UPDATED_NEED_REBOOT: { 1128 bool ret_value = true; 1129 status_ = UpdateStatus::IDLE; 1130 1131 // Remove the reboot marker so that if the machine is rebooted 1132 // after resetting to idle state, it doesn't go back to 1133 // UpdateStatus::UPDATED_NEED_REBOOT state. 1134 ret_value = prefs_->Delete(kPrefsUpdateCompletedOnBootId) && ret_value; 1135 ret_value = prefs_->Delete(kPrefsUpdateCompletedBootTime) && ret_value; 1136 1137 // Update the boot flags so the current slot has higher priority. 1138 BootControlInterface* boot_control = system_state_->boot_control(); 1139 if (!boot_control->SetActiveBootSlot(boot_control->GetCurrentSlot())) 1140 ret_value = false; 1141 1142 // Mark the current slot as successful again, since marking it as active 1143 // may reset the successful bit. We ignore the result of whether marking 1144 // the current slot as successful worked. 1145 if (!boot_control->MarkBootSuccessfulAsync(Bind([](bool successful){}))) 1146 ret_value = false; 1147 1148 // Notify the PayloadState that the successful payload was canceled. 1149 system_state_->payload_state()->ResetUpdateStatus(); 1150 1151 // The previous version is used to report back to omaha after reboot that 1152 // we actually rebooted into the new version from this "prev-version". We 1153 // need to clear out this value now to prevent it being sent on the next 1154 // updatecheck request. 1155 ret_value = prefs_->SetString(kPrefsPreviousVersion, "") && ret_value; 1156 1157 LOG(INFO) << "Reset status " << (ret_value ? "successful" : "failed"); 1158 return ret_value; 1159 } 1160 1161 default: 1162 LOG(ERROR) << "Reset not allowed in this state."; 1163 return false; 1164 } 1165 } 1166 1167 bool UpdateAttempter::GetStatus(UpdateEngineStatus* out_status) { 1168 out_status->last_checked_time = last_checked_time_; 1169 out_status->status = status_; 1170 out_status->current_version = omaha_request_params_->app_version(); 1171 out_status->current_system_version = omaha_request_params_->system_version(); 1172 out_status->progress = download_progress_; 1173 out_status->new_size_bytes = new_payload_size_; 1174 out_status->new_version = new_version_; 1175 out_status->new_system_version = new_system_version_; 1176 return true; 1177 } 1178 1179 void UpdateAttempter::UpdateBootFlags() { 1180 if (update_boot_flags_running_) { 1181 LOG(INFO) << "Update boot flags running, nothing to do."; 1182 return; 1183 } 1184 if (updated_boot_flags_) { 1185 LOG(INFO) << "Already updated boot flags. Skipping."; 1186 if (start_action_processor_) { 1187 ScheduleProcessingStart(); 1188 } 1189 return; 1190 } 1191 // This is purely best effort. Failures should be logged by Subprocess. Run 1192 // the script asynchronously to avoid blocking the event loop regardless of 1193 // the script runtime. 1194 update_boot_flags_running_ = true; 1195 LOG(INFO) << "Marking booted slot as good."; 1196 if (!system_state_->boot_control()->MarkBootSuccessfulAsync(Bind( 1197 &UpdateAttempter::CompleteUpdateBootFlags, base::Unretained(this)))) { 1198 LOG(ERROR) << "Failed to mark current boot as successful."; 1199 CompleteUpdateBootFlags(false); 1200 } 1201 } 1202 1203 void UpdateAttempter::CompleteUpdateBootFlags(bool successful) { 1204 update_boot_flags_running_ = false; 1205 updated_boot_flags_ = true; 1206 if (start_action_processor_) { 1207 ScheduleProcessingStart(); 1208 } 1209 } 1210 1211 void UpdateAttempter::BroadcastStatus() { 1212 UpdateEngineStatus broadcast_status; 1213 // Use common method for generating the current status. 1214 GetStatus(&broadcast_status); 1215 1216 for (const auto& observer : service_observers_) { 1217 observer->SendStatusUpdate(broadcast_status); 1218 } 1219 last_notify_time_ = TimeTicks::Now(); 1220 } 1221 1222 uint32_t UpdateAttempter::GetErrorCodeFlags() { 1223 uint32_t flags = 0; 1224 1225 if (!system_state_->hardware()->IsNormalBootMode()) 1226 flags |= static_cast<uint32_t>(ErrorCode::kDevModeFlag); 1227 1228 if (response_handler_action_.get() && 1229 response_handler_action_->install_plan().is_resume) 1230 flags |= static_cast<uint32_t>(ErrorCode::kResumedFlag); 1231 1232 if (!system_state_->hardware()->IsOfficialBuild()) 1233 flags |= static_cast<uint32_t>(ErrorCode::kTestImageFlag); 1234 1235 if (omaha_request_params_->update_url() != 1236 constants::kOmahaDefaultProductionURL) { 1237 flags |= static_cast<uint32_t>(ErrorCode::kTestOmahaUrlFlag); 1238 } 1239 1240 return flags; 1241 } 1242 1243 bool UpdateAttempter::ShouldCancel(ErrorCode* cancel_reason) { 1244 // Check if the channel we're attempting to update to is the same as the 1245 // target channel currently chosen by the user. 1246 OmahaRequestParams* params = system_state_->request_params(); 1247 if (params->download_channel() != params->target_channel()) { 1248 LOG(ERROR) << "Aborting download as target channel: " 1249 << params->target_channel() 1250 << " is different from the download channel: " 1251 << params->download_channel(); 1252 *cancel_reason = ErrorCode::kUpdateCanceledByChannelChange; 1253 return true; 1254 } 1255 1256 return false; 1257 } 1258 1259 void UpdateAttempter::SetStatusAndNotify(UpdateStatus status) { 1260 status_ = status; 1261 BroadcastStatus(); 1262 } 1263 1264 void UpdateAttempter::CreatePendingErrorEvent(AbstractAction* action, 1265 ErrorCode code) { 1266 if (error_event_.get()) { 1267 // This shouldn't really happen. 1268 LOG(WARNING) << "There's already an existing pending error event."; 1269 return; 1270 } 1271 1272 // For now assume that a generic Omaha response action failure means that 1273 // there's no update so don't send an event. Also, double check that the 1274 // failure has not occurred while sending an error event -- in which case 1275 // don't schedule another. This shouldn't really happen but just in case... 1276 if ((action->Type() == OmahaResponseHandlerAction::StaticType() && 1277 code == ErrorCode::kError) || 1278 status_ == UpdateStatus::REPORTING_ERROR_EVENT) { 1279 return; 1280 } 1281 1282 // Classify the code to generate the appropriate result so that 1283 // the Borgmon charts show up the results correctly. 1284 // Do this before calling GetErrorCodeForAction which could potentially 1285 // augment the bit representation of code and thus cause no matches for 1286 // the switch cases below. 1287 OmahaEvent::Result event_result; 1288 switch (code) { 1289 case ErrorCode::kOmahaUpdateIgnoredPerPolicy: 1290 case ErrorCode::kOmahaUpdateDeferredPerPolicy: 1291 case ErrorCode::kOmahaUpdateDeferredForBackoff: 1292 event_result = OmahaEvent::kResultUpdateDeferred; 1293 break; 1294 default: 1295 event_result = OmahaEvent::kResultError; 1296 break; 1297 } 1298 1299 code = GetErrorCodeForAction(action, code); 1300 fake_update_success_ = code == ErrorCode::kPostinstallBootedFromFirmwareB; 1301 1302 // Compute the final error code with all the bit flags to be sent to Omaha. 1303 code = static_cast<ErrorCode>( 1304 static_cast<uint32_t>(code) | GetErrorCodeFlags()); 1305 error_event_.reset(new OmahaEvent(OmahaEvent::kTypeUpdateComplete, 1306 event_result, 1307 code)); 1308 } 1309 1310 bool UpdateAttempter::ScheduleErrorEventAction() { 1311 if (error_event_.get() == nullptr) 1312 return false; 1313 1314 LOG(ERROR) << "Update failed."; 1315 system_state_->payload_state()->UpdateFailed(error_event_->error_code); 1316 1317 // Send it to Omaha. 1318 LOG(INFO) << "Reporting the error event"; 1319 shared_ptr<OmahaRequestAction> error_event_action( 1320 new OmahaRequestAction(system_state_, 1321 error_event_.release(), // Pass ownership. 1322 std::make_unique<LibcurlHttpFetcher>( 1323 GetProxyResolver(), system_state_->hardware()), 1324 false)); 1325 actions_.push_back(shared_ptr<AbstractAction>(error_event_action)); 1326 processor_->EnqueueAction(error_event_action.get()); 1327 SetStatusAndNotify(UpdateStatus::REPORTING_ERROR_EVENT); 1328 processor_->StartProcessing(); 1329 return true; 1330 } 1331 1332 void UpdateAttempter::ScheduleProcessingStart() { 1333 LOG(INFO) << "Scheduling an action processor start."; 1334 start_action_processor_ = false; 1335 MessageLoop::current()->PostTask( 1336 FROM_HERE, 1337 Bind([](ActionProcessor* processor) { processor->StartProcessing(); }, 1338 base::Unretained(processor_.get()))); 1339 } 1340 1341 void UpdateAttempter::DisableDeltaUpdateIfNeeded() { 1342 int64_t delta_failures; 1343 if (omaha_request_params_->delta_okay() && 1344 prefs_->GetInt64(kPrefsDeltaUpdateFailures, &delta_failures) && 1345 delta_failures >= kMaxDeltaUpdateFailures) { 1346 LOG(WARNING) << "Too many delta update failures, forcing full update."; 1347 omaha_request_params_->set_delta_okay(false); 1348 } 1349 } 1350 1351 void UpdateAttempter::MarkDeltaUpdateFailure() { 1352 // Don't try to resume a failed delta update. 1353 DeltaPerformer::ResetUpdateProgress(prefs_, false); 1354 int64_t delta_failures; 1355 if (!prefs_->GetInt64(kPrefsDeltaUpdateFailures, &delta_failures) || 1356 delta_failures < 0) { 1357 delta_failures = 0; 1358 } 1359 prefs_->SetInt64(kPrefsDeltaUpdateFailures, ++delta_failures); 1360 } 1361 1362 void UpdateAttempter::PingOmaha() { 1363 if (!processor_->IsRunning()) { 1364 shared_ptr<OmahaRequestAction> ping_action(new OmahaRequestAction( 1365 system_state_, 1366 nullptr, 1367 std::make_unique<LibcurlHttpFetcher>(GetProxyResolver(), 1368 system_state_->hardware()), 1369 true)); 1370 actions_.push_back(shared_ptr<OmahaRequestAction>(ping_action)); 1371 processor_->set_delegate(nullptr); 1372 processor_->EnqueueAction(ping_action.get()); 1373 // Call StartProcessing() synchronously here to avoid any race conditions 1374 // caused by multiple outstanding ping Omaha requests. If we call 1375 // StartProcessing() asynchronously, the device can be suspended before we 1376 // get a chance to callback to StartProcessing(). When the device resumes 1377 // (assuming the device sleeps longer than the next update check period), 1378 // StartProcessing() is called back and at the same time, the next update 1379 // check is fired which eventually invokes StartProcessing(). A crash 1380 // can occur because StartProcessing() checks to make sure that the 1381 // processor is idle which it isn't due to the two concurrent ping Omaha 1382 // requests. 1383 processor_->StartProcessing(); 1384 } else { 1385 LOG(WARNING) << "Action processor running, Omaha ping suppressed."; 1386 } 1387 1388 // Update the last check time here; it may be re-updated when an Omaha 1389 // response is received, but this will prevent us from repeatedly scheduling 1390 // checks in the case where a response is not received. 1391 UpdateLastCheckedTime(); 1392 1393 // Update the status which will schedule the next update check 1394 SetStatusAndNotify(UpdateStatus::UPDATED_NEED_REBOOT); 1395 ScheduleUpdates(); 1396 } 1397 1398 1399 bool UpdateAttempter::DecrementUpdateCheckCount() { 1400 int64_t update_check_count_value; 1401 1402 if (!prefs_->Exists(kPrefsUpdateCheckCount)) { 1403 // This file does not exist. This means we haven't started our update 1404 // check count down yet, so nothing more to do. This file will be created 1405 // later when we first satisfy the wall-clock-based-wait period. 1406 LOG(INFO) << "No existing update check count. That's normal."; 1407 return true; 1408 } 1409 1410 if (prefs_->GetInt64(kPrefsUpdateCheckCount, &update_check_count_value)) { 1411 // Only if we're able to read a proper integer value, then go ahead 1412 // and decrement and write back the result in the same file, if needed. 1413 LOG(INFO) << "Update check count = " << update_check_count_value; 1414 1415 if (update_check_count_value == 0) { 1416 // It could be 0, if, for some reason, the file didn't get deleted 1417 // when we set our status to waiting for reboot. so we just leave it 1418 // as is so that we can prevent another update_check wait for this client. 1419 LOG(INFO) << "Not decrementing update check count as it's already 0."; 1420 return true; 1421 } 1422 1423 if (update_check_count_value > 0) 1424 update_check_count_value--; 1425 else 1426 update_check_count_value = 0; 1427 1428 // Write out the new value of update_check_count_value. 1429 if (prefs_->SetInt64(kPrefsUpdateCheckCount, update_check_count_value)) { 1430 // We successfully wrote out te new value, so enable the 1431 // update check based wait. 1432 LOG(INFO) << "New update check count = " << update_check_count_value; 1433 return true; 1434 } 1435 } 1436 1437 LOG(INFO) << "Deleting update check count state due to read/write errors."; 1438 1439 // We cannot read/write to the file, so disable the update check based wait 1440 // so that we don't get stuck in this OS version by any chance (which could 1441 // happen if there's some bug that causes to read/write incorrectly). 1442 // Also attempt to delete the file to do our best effort to cleanup. 1443 prefs_->Delete(kPrefsUpdateCheckCount); 1444 return false; 1445 } 1446 1447 1448 void UpdateAttempter::UpdateEngineStarted() { 1449 // If we just booted into a new update, keep the previous OS version 1450 // in case we rebooted because of a crash of the old version, so we 1451 // can do a proper crash report with correct information. 1452 // This must be done before calling 1453 // system_state_->payload_state()->UpdateEngineStarted() since it will 1454 // delete SystemUpdated marker file. 1455 if (system_state_->system_rebooted() && 1456 prefs_->Exists(kPrefsSystemUpdatedMarker)) { 1457 if (!prefs_->GetString(kPrefsPreviousVersion, &prev_version_)) { 1458 // If we fail to get the version string, make sure it stays empty. 1459 prev_version_.clear(); 1460 } 1461 } 1462 1463 system_state_->payload_state()->UpdateEngineStarted(); 1464 StartP2PAtStartup(); 1465 } 1466 1467 bool UpdateAttempter::StartP2PAtStartup() { 1468 if (system_state_ == nullptr || 1469 !system_state_->p2p_manager()->IsP2PEnabled()) { 1470 LOG(INFO) << "Not starting p2p at startup since it's not enabled."; 1471 return false; 1472 } 1473 1474 if (system_state_->p2p_manager()->CountSharedFiles() < 1) { 1475 LOG(INFO) << "Not starting p2p at startup since our application " 1476 << "is not sharing any files."; 1477 return false; 1478 } 1479 1480 return StartP2PAndPerformHousekeeping(); 1481 } 1482 1483 bool UpdateAttempter::StartP2PAndPerformHousekeeping() { 1484 if (system_state_ == nullptr) 1485 return false; 1486 1487 if (!system_state_->p2p_manager()->IsP2PEnabled()) { 1488 LOG(INFO) << "Not starting p2p since it's not enabled."; 1489 return false; 1490 } 1491 1492 LOG(INFO) << "Ensuring that p2p is running."; 1493 if (!system_state_->p2p_manager()->EnsureP2PRunning()) { 1494 LOG(ERROR) << "Error starting p2p."; 1495 return false; 1496 } 1497 1498 LOG(INFO) << "Performing p2p housekeeping."; 1499 if (!system_state_->p2p_manager()->PerformHousekeeping()) { 1500 LOG(ERROR) << "Error performing housekeeping for p2p."; 1501 return false; 1502 } 1503 1504 LOG(INFO) << "Done performing p2p housekeeping."; 1505 return true; 1506 } 1507 1508 bool UpdateAttempter::GetBootTimeAtUpdate(Time *out_boot_time) { 1509 // In case of an update_engine restart without a reboot, we stored the boot_id 1510 // when the update was completed by setting a pref, so we can check whether 1511 // the last update was on this boot or a previous one. 1512 string boot_id; 1513 TEST_AND_RETURN_FALSE(utils::GetBootId(&boot_id)); 1514 1515 string update_completed_on_boot_id; 1516 if (!prefs_->Exists(kPrefsUpdateCompletedOnBootId) || 1517 !prefs_->GetString(kPrefsUpdateCompletedOnBootId, 1518 &update_completed_on_boot_id) || 1519 update_completed_on_boot_id != boot_id) 1520 return false; 1521 1522 // Short-circuit avoiding the read in case out_boot_time is nullptr. 1523 if (out_boot_time) { 1524 int64_t boot_time = 0; 1525 // Since the kPrefsUpdateCompletedOnBootId was correctly set, this pref 1526 // should not fail. 1527 TEST_AND_RETURN_FALSE( 1528 prefs_->GetInt64(kPrefsUpdateCompletedBootTime, &boot_time)); 1529 *out_boot_time = Time::FromInternalValue(boot_time); 1530 } 1531 return true; 1532 } 1533 1534 bool UpdateAttempter::IsUpdateRunningOrScheduled() { 1535 return ((status_ != UpdateStatus::IDLE && 1536 status_ != UpdateStatus::UPDATED_NEED_REBOOT) || 1537 waiting_for_scheduled_check_); 1538 } 1539 1540 bool UpdateAttempter::IsAnyUpdateSourceAllowed() { 1541 // We allow updates from any source if either of these are true: 1542 // * The device is running an unofficial (dev/test) image. 1543 // * The debugd dev features are accessible (i.e. in devmode with no owner). 1544 // This protects users running a base image, while still allowing a specific 1545 // window (gated by the debug dev features) where `cros flash` is usable. 1546 if (!system_state_->hardware()->IsOfficialBuild()) { 1547 LOG(INFO) << "Non-official build; allowing any update source."; 1548 return true; 1549 } 1550 1551 if (system_state_->hardware()->AreDevFeaturesEnabled()) { 1552 LOG(INFO) << "Developer features enabled; allowing custom update sources."; 1553 return true; 1554 } 1555 1556 LOG(INFO) 1557 << "Developer features disabled; disallowing custom update sources."; 1558 return false; 1559 } 1560 1561 } // namespace chromeos_update_engine 1562