1 //
2 // Copyright (C) 2012 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16 
17 #include "update_engine/cros/update_attempter.h"
18 
19 #include <stdint.h>
20 
21 #include <algorithm>
22 #include <map>
23 #include <memory>
24 #include <string>
25 #include <unordered_set>
26 #include <utility>
27 #include <vector>
28 
29 #include <base/bind.h>
30 #include <base/compiler_specific.h>
31 #include <base/files/file_util.h>
32 #include <base/logging.h>
33 #include <base/rand_util.h>
34 #include <base/strings/string_number_conversions.h>
35 #include <base/strings/string_util.h>
36 #include <base/strings/stringprintf.h>
37 #include <base/time/time.h>
38 #include <brillo/data_encoding.h>
39 #include <brillo/errors/error_codes.h>
40 #include <brillo/message_loops/message_loop.h>
41 #include <policy/device_policy.h>
42 #include <policy/libpolicy.h>
43 #include <update_engine/dbus-constants.h>
44 
45 #include "update_engine/certificate_checker.h"
46 #include "update_engine/common/boot_control_interface.h"
47 #include "update_engine/common/constants.h"
48 #include "update_engine/common/dlcservice_interface.h"
49 #include "update_engine/common/download_action.h"
50 #include "update_engine/common/excluder_interface.h"
51 #include "update_engine/common/hardware_interface.h"
52 #include "update_engine/common/metrics_reporter_interface.h"
53 #include "update_engine/common/platform_constants.h"
54 #include "update_engine/common/prefs.h"
55 #include "update_engine/common/prefs_interface.h"
56 #include "update_engine/common/subprocess.h"
57 #include "update_engine/common/system_state.h"
58 #include "update_engine/common/utils.h"
59 #include "update_engine/cros/download_action_chromeos.h"
60 #include "update_engine/cros/omaha_request_action.h"
61 #include "update_engine/cros/omaha_request_params.h"
62 #include "update_engine/cros/omaha_response_handler_action.h"
63 #include "update_engine/cros/omaha_utils.h"
64 #include "update_engine/cros/p2p_manager.h"
65 #include "update_engine/cros/payload_state_interface.h"
66 #include "update_engine/cros/power_manager_interface.h"
67 #include "update_engine/libcurl_http_fetcher.h"
68 #include "update_engine/payload_consumer/filesystem_verifier_action.h"
69 #include "update_engine/payload_consumer/postinstall_runner_action.h"
70 #include "update_engine/update_boot_flags_action.h"
71 #include "update_engine/update_manager/policy.h"
72 #include "update_engine/update_manager/policy_utils.h"
73 #include "update_engine/update_manager/update_manager.h"
74 #include "update_engine/update_status_utils.h"
75 
76 using base::Bind;
77 using base::Callback;
78 using base::FilePath;
79 using base::Time;
80 using base::TimeDelta;
81 using base::TimeTicks;
82 using brillo::MessageLoop;
83 using chromeos_update_manager::CalculateStagingCase;
84 using chromeos_update_manager::EvalStatus;
85 using chromeos_update_manager::Policy;
86 using chromeos_update_manager::StagingCase;
87 using chromeos_update_manager::UpdateCheckParams;
88 using std::map;
89 using std::string;
90 using std::vector;
91 using update_engine::UpdateAttemptFlags;
92 using update_engine::UpdateEngineStatus;
93 
94 namespace chromeos_update_engine {
95 
96 const int UpdateAttempter::kMaxDeltaUpdateFailures = 3;
97 
98 namespace {
99 const int kMaxConsecutiveObeyProxyRequests = 20;
100 
101 // Minimum threshold to broadcast an status update in progress and time.
102 const double kBroadcastThresholdProgress = 0.01;  // 1%
103 const int kBroadcastThresholdSeconds = 10;
104 
105 // By default autest bypasses scattering. If we want to test scattering,
106 // use kScheduledAUTestURLRequest. The URL used is same in both cases, but
107 // different params are passed to CheckForUpdate().
108 const char kAUTestURLRequest[] = "autest";
109 const char kScheduledAUTestURLRequest[] = "autest-scheduled";
110 }  // namespace
111 
GetErrorCodeForAction(AbstractAction * action,ErrorCode code)112 ErrorCode GetErrorCodeForAction(AbstractAction* action, ErrorCode code) {
113   if (code != ErrorCode::kError)
114     return code;
115 
116   const string type = action->Type();
117   if (type == OmahaRequestAction::StaticType())
118     return ErrorCode::kOmahaRequestError;
119   if (type == OmahaResponseHandlerAction::StaticType())
120     return ErrorCode::kOmahaResponseHandlerError;
121   if (type == FilesystemVerifierAction::StaticType())
122     return ErrorCode::kFilesystemVerifierError;
123   if (type == PostinstallRunnerAction::StaticType())
124     return ErrorCode::kPostinstallRunnerError;
125 
126   return code;
127 }
128 
UpdateAttempter(CertificateChecker * cert_checker)129 UpdateAttempter::UpdateAttempter(CertificateChecker* cert_checker)
130     : processor_(new ActionProcessor()),
131       cert_checker_(cert_checker),
132       is_install_(false) {}
133 
~UpdateAttempter()134 UpdateAttempter::~UpdateAttempter() {
135   // Prevent any DBus communication from UpdateAttempter when shutting down the
136   // daemon.
137   ClearObservers();
138 
139   // CertificateChecker might not be initialized in unittests.
140   if (cert_checker_)
141     cert_checker_->SetObserver(nullptr);
142   // Release ourselves as the ActionProcessor's delegate to prevent
143   // re-scheduling the updates due to the processing stopped.
144   processor_->set_delegate(nullptr);
145 }
146 
Init()147 void UpdateAttempter::Init() {
148   // Pulling from the SystemState can only be done after construction, since
149   // this is an aggregate of various objects (such as the UpdateAttempter),
150   // which requires them all to be constructed prior to it being used.
151   prefs_ = SystemState::Get()->prefs();
152   omaha_request_params_ = SystemState::Get()->request_params();
153 
154   if (cert_checker_)
155     cert_checker_->SetObserver(this);
156 
157   // In case of update_engine restart without a reboot we need to restore the
158   // reboot needed state.
159   if (GetBootTimeAtUpdate(nullptr)) {
160     status_ = UpdateStatus::UPDATED_NEED_REBOOT;
161   } else {
162     status_ = UpdateStatus::IDLE;
163     prefs_->Delete(kPrefsLastFp, {kDlcPrefsSubDir});
164   }
165 }
166 
ScheduleUpdates()167 bool UpdateAttempter::ScheduleUpdates() {
168   if (IsBusyOrUpdateScheduled())
169     return false;
170 
171   chromeos_update_manager::UpdateManager* const update_manager =
172       SystemState::Get()->update_manager();
173   CHECK(update_manager);
174   Callback<void(EvalStatus, const UpdateCheckParams&)> callback =
175       Bind(&UpdateAttempter::OnUpdateScheduled, base::Unretained(this));
176   // We limit the async policy request to a reasonably short time, to avoid a
177   // starvation due to a transient bug.
178   update_manager->AsyncPolicyRequestUpdateCheckAllowed(
179       callback, &Policy::UpdateCheckAllowed);
180   waiting_for_scheduled_check_ = true;
181   return true;
182 }
183 
StartUpdater()184 bool UpdateAttempter::StartUpdater() {
185   // Initiate update checks.
186   ScheduleUpdates();
187 
188   auto update_boot_flags_action = std::make_unique<UpdateBootFlagsAction>(
189       SystemState::Get()->boot_control());
190   aux_processor_.EnqueueAction(std::move(update_boot_flags_action));
191   // Update boot flags after 45 seconds.
192   MessageLoop::current()->PostDelayedTask(
193       FROM_HERE,
194       base::Bind(&ActionProcessor::StartProcessing,
195                  base::Unretained(&aux_processor_)),
196       base::TimeDelta::FromSeconds(45));
197 
198   // Broadcast the update engine status on startup to ensure consistent system
199   // state on crashes.
200   MessageLoop::current()->PostTask(
201       FROM_HERE,
202       base::Bind(&UpdateAttempter::BroadcastStatus, base::Unretained(this)));
203 
204   MessageLoop::current()->PostTask(
205       FROM_HERE,
206       base::Bind(&UpdateAttempter::UpdateEngineStarted,
207                  base::Unretained(this)));
208   return true;
209 }
210 
CertificateChecked(ServerToCheck server_to_check,CertificateCheckResult result)211 void UpdateAttempter::CertificateChecked(ServerToCheck server_to_check,
212                                          CertificateCheckResult result) {
213   SystemState::Get()->metrics_reporter()->ReportCertificateCheckMetrics(
214       server_to_check, result);
215 }
216 
CheckAndReportDailyMetrics()217 bool UpdateAttempter::CheckAndReportDailyMetrics() {
218   int64_t stored_value;
219   Time now = SystemState::Get()->clock()->GetWallclockTime();
220   if (SystemState::Get()->prefs()->Exists(kPrefsDailyMetricsLastReportedAt) &&
221       SystemState::Get()->prefs()->GetInt64(kPrefsDailyMetricsLastReportedAt,
222                                             &stored_value)) {
223     Time last_reported_at = Time::FromInternalValue(stored_value);
224     TimeDelta time_reported_since = now - last_reported_at;
225     if (time_reported_since.InSeconds() < 0) {
226       LOG(WARNING) << "Last reported daily metrics "
227                    << utils::FormatTimeDelta(time_reported_since) << " ago "
228                    << "which is negative. Either the system clock is wrong or "
229                    << "the kPrefsDailyMetricsLastReportedAt state variable "
230                    << "is wrong.";
231       // In this case, report daily metrics to reset.
232     } else {
233       if (time_reported_since.InSeconds() < 24 * 60 * 60) {
234         LOG(INFO) << "Last reported daily metrics "
235                   << utils::FormatTimeDelta(time_reported_since) << " ago.";
236         return false;
237       }
238       LOG(INFO) << "Last reported daily metrics "
239                 << utils::FormatTimeDelta(time_reported_since) << " ago, "
240                 << "which is more than 24 hours ago.";
241     }
242   }
243 
244   LOG(INFO) << "Reporting daily metrics.";
245   SystemState::Get()->prefs()->SetInt64(kPrefsDailyMetricsLastReportedAt,
246                                         now.ToInternalValue());
247 
248   ReportOSAge();
249 
250   return true;
251 }
252 
ReportOSAge()253 void UpdateAttempter::ReportOSAge() {
254   struct stat sb;
255   if (stat("/etc/lsb-release", &sb) != 0) {
256     PLOG(ERROR) << "Error getting file status for /etc/lsb-release "
257                 << "(Note: this may happen in some unit tests)";
258     return;
259   }
260 
261   Time lsb_release_timestamp = Time::FromTimeSpec(sb.st_ctim);
262   Time now = SystemState::Get()->clock()->GetWallclockTime();
263   TimeDelta age = now - lsb_release_timestamp;
264   if (age.InSeconds() < 0) {
265     LOG(ERROR) << "The OS age (" << utils::FormatTimeDelta(age)
266                << ") is negative. Maybe the clock is wrong? "
267                << "(Note: this may happen in some unit tests.)";
268     return;
269   }
270 
271   SystemState::Get()->metrics_reporter()->ReportDailyMetrics(age);
272 }
273 
Update(const UpdateCheckParams & params)274 void UpdateAttempter::Update(const UpdateCheckParams& params) {
275   // This is normally called frequently enough so it's appropriate to use as a
276   // hook for reporting daily metrics.
277   // TODO(garnold) This should be hooked to a separate (reliable and consistent)
278   // timeout event.
279   CheckAndReportDailyMetrics();
280 
281   fake_update_success_ = false;
282   if (status_ == UpdateStatus::UPDATED_NEED_REBOOT) {
283     // Although we have applied an update, we still want to ping Omaha
284     // to ensure the number of active statistics is accurate.
285     //
286     // Also convey to the UpdateEngine.Check.Result metric that we're
287     // not performing an update check because of this.
288     LOG(INFO) << "Not updating b/c we already updated and we're waiting for "
289               << "reboot, we'll ping Omaha instead";
290     SystemState::Get()->metrics_reporter()->ReportUpdateCheckMetrics(
291         metrics::CheckResult::kRebootPending,
292         metrics::CheckReaction::kUnset,
293         metrics::DownloadErrorCode::kUnset);
294     PingOmaha();
295     return;
296   }
297   if (status_ != UpdateStatus::IDLE) {
298     // Update in progress. Do nothing
299     return;
300   }
301 
302   if (!CalculateUpdateParams(params)) {
303     return;
304   }
305 
306   BuildUpdateActions(params.interactive);
307 
308   SetStatusAndNotify(UpdateStatus::CHECKING_FOR_UPDATE);
309 
310   // Update the last check time here; it may be re-updated when an Omaha
311   // response is received, but this will prevent us from repeatedly scheduling
312   // checks in the case where a response is not received.
313   UpdateLastCheckedTime();
314 
315   ScheduleProcessingStart();
316 }
317 
RefreshDevicePolicy()318 void UpdateAttempter::RefreshDevicePolicy() {
319   // Lazy initialize the policy provider, or reload the latest policy data.
320   if (!policy_provider_.get())
321     policy_provider_.reset(new policy::PolicyProvider());
322   policy_provider_->Reload();
323 
324   const policy::DevicePolicy* device_policy = nullptr;
325   if (policy_provider_->device_policy_is_loaded())
326     device_policy = &policy_provider_->GetDevicePolicy();
327 
328   if (device_policy)
329     LOG(INFO) << "Device policies/settings present";
330   else
331     LOG(INFO) << "No device policies/settings present.";
332 
333   SystemState::Get()->set_device_policy(device_policy);
334   SystemState::Get()->p2p_manager()->SetDevicePolicy(device_policy);
335 }
336 
CalculateP2PParams(bool interactive)337 void UpdateAttempter::CalculateP2PParams(bool interactive) {
338   bool use_p2p_for_downloading = false;
339   bool use_p2p_for_sharing = false;
340 
341   // Never use p2p for downloading in interactive checks unless the developer
342   // has opted in for it via a marker file.
343   //
344   // (Why would a developer want to opt in? If they are working on the
345   // update_engine or p2p codebases so they can actually test their code.)
346 
347   if (!SystemState::Get()->p2p_manager()->IsP2PEnabled()) {
348     LOG(INFO) << "p2p is not enabled - disallowing p2p for both"
349               << " downloading and sharing.";
350   } else {
351     // Allow p2p for sharing, even in interactive checks.
352     use_p2p_for_sharing = true;
353     if (!interactive) {
354       LOG(INFO) << "Non-interactive check - allowing p2p for downloading";
355       use_p2p_for_downloading = true;
356     } else {
357       LOG(INFO) << "Forcibly disabling use of p2p for downloading "
358                 << "since this update attempt is interactive.";
359     }
360   }
361 
362   PayloadStateInterface* const payload_state =
363       SystemState::Get()->payload_state();
364   payload_state->SetUsingP2PForDownloading(use_p2p_for_downloading);
365   payload_state->SetUsingP2PForSharing(use_p2p_for_sharing);
366 }
367 
CalculateUpdateParams(const UpdateCheckParams & params)368 bool UpdateAttempter::CalculateUpdateParams(const UpdateCheckParams& params) {
369   http_response_code_ = 0;
370   PayloadStateInterface* const payload_state =
371       SystemState::Get()->payload_state();
372 
373   // Refresh the policy before computing all the update parameters.
374   RefreshDevicePolicy();
375 
376   // Check whether we need to clear the rollback-happened preference after
377   // policy is available again.
378   UpdateRollbackHappened();
379 
380   CalculateStagingParams(params.interactive);
381   // If staging_wait_time_ wasn't set, staging is off, use scattering instead.
382   if (staging_wait_time_.InSeconds() == 0) {
383     CalculateScatteringParams(params.interactive);
384   }
385 
386   CalculateP2PParams(params.interactive);
387   if (payload_state->GetUsingP2PForDownloading() ||
388       payload_state->GetUsingP2PForSharing()) {
389     // OK, p2p is to be used - start it and perform housekeeping.
390     if (!StartP2PAndPerformHousekeeping()) {
391       // If this fails, disable p2p for this attempt
392       LOG(INFO) << "Forcibly disabling use of p2p since starting p2p or "
393                 << "performing housekeeping failed.";
394       payload_state->SetUsingP2PForDownloading(false);
395       payload_state->SetUsingP2PForSharing(false);
396     }
397   }
398 
399   if (!omaha_request_params_->Init(
400           forced_app_version_, forced_omaha_url_, params)) {
401     LOG(ERROR) << "Unable to initialize Omaha request params.";
402     return false;
403   }
404 
405   // The function |CalculateDlcParams| makes use of the function |GetAppId| from
406   // |OmahaRequestParams|, so to ensure that the return from |GetAppId|
407   // doesn't change, no changes to the values |download_channel_|,
408   // |image_props_.product_id| and |image_props_.canary_product_id| from
409   // |omaha_request_params_| shall be made below this line.
410   CalculateDlcParams();
411 
412   LOG(INFO) << "target_version_prefix = "
413             << omaha_request_params_->target_version_prefix()
414             << ", rollback_allowed = "
415             << omaha_request_params_->rollback_allowed()
416             << ", scatter_factor_in_seconds = "
417             << utils::FormatSecs(scatter_factor_.InSeconds());
418 
419   LOG(INFO) << "Wall Clock Based Wait Enabled = "
420             << omaha_request_params_->wall_clock_based_wait_enabled()
421             << ", Update Check Count Wait Enabled = "
422             << omaha_request_params_->update_check_count_wait_enabled()
423             << ", Waiting Period = "
424             << utils::FormatSecs(
425                    omaha_request_params_->waiting_period().InSeconds());
426 
427   LOG(INFO) << "Use p2p For Downloading = "
428             << payload_state->GetUsingP2PForDownloading()
429             << ", Use p2p For Sharing = "
430             << payload_state->GetUsingP2PForSharing();
431 
432   obeying_proxies_ = true;
433   if (proxy_manual_checks_ == 0) {
434     LOG(INFO) << "forced to obey proxies";
435     // If forced to obey proxies, every 20th request will not use proxies
436     proxy_manual_checks_++;
437     LOG(INFO) << "proxy manual checks: " << proxy_manual_checks_;
438     if (proxy_manual_checks_ >= kMaxConsecutiveObeyProxyRequests) {
439       proxy_manual_checks_ = 0;
440       obeying_proxies_ = false;
441     }
442   } else if (base::RandInt(0, 4) == 0) {
443     obeying_proxies_ = false;
444   }
445   LOG_IF(INFO, !obeying_proxies_)
446       << "To help ensure updates work, this update check we are ignoring the "
447       << "proxy settings and using direct connections.";
448 
449   DisableDeltaUpdateIfNeeded();
450   return true;
451 }
452 
CalculateScatteringParams(bool interactive)453 void UpdateAttempter::CalculateScatteringParams(bool interactive) {
454   // Take a copy of the old scatter value before we update it, as
455   // we need to update the waiting period if this value changes.
456   TimeDelta old_scatter_factor = scatter_factor_;
457   const policy::DevicePolicy* device_policy =
458       SystemState::Get()->device_policy();
459   if (device_policy) {
460     int64_t new_scatter_factor_in_secs = 0;
461     device_policy->GetScatterFactorInSeconds(&new_scatter_factor_in_secs);
462     if (new_scatter_factor_in_secs < 0)  // sanitize input, just in case.
463       new_scatter_factor_in_secs = 0;
464     scatter_factor_ = TimeDelta::FromSeconds(new_scatter_factor_in_secs);
465   }
466 
467   bool is_scatter_enabled = false;
468   if (scatter_factor_.InSeconds() == 0) {
469     LOG(INFO) << "Scattering disabled since scatter factor is set to 0";
470   } else if (interactive) {
471     LOG(INFO) << "Scattering disabled as this is an interactive update check";
472   } else if (SystemState::Get()->hardware()->IsOOBEEnabled() &&
473              !SystemState::Get()->hardware()->IsOOBEComplete(nullptr)) {
474     LOG(INFO) << "Scattering disabled since OOBE is enabled but not complete "
475                  "yet";
476   } else {
477     is_scatter_enabled = true;
478     LOG(INFO) << "Scattering is enabled";
479   }
480 
481   if (is_scatter_enabled) {
482     // This means the scattering policy is turned on.
483     // Now check if we need to update the waiting period. The two cases
484     // in which we'd need to update the waiting period are:
485     // 1. First time in process or a scheduled check after a user-initiated one.
486     //    (omaha_request_params_->waiting_period will be zero in this case).
487     // 2. Admin has changed the scattering policy value.
488     //    (new scattering value will be different from old one in this case).
489     int64_t wait_period_in_secs = 0;
490     if (omaha_request_params_->waiting_period().InSeconds() == 0) {
491       // First case. Check if we have a suitable value to set for
492       // the waiting period.
493       if (prefs_->GetInt64(kPrefsWallClockScatteringWaitPeriod,
494                            &wait_period_in_secs) &&
495           wait_period_in_secs > 0 &&
496           wait_period_in_secs <= scatter_factor_.InSeconds()) {
497         // This means:
498         // 1. There's a persisted value for the waiting period available.
499         // 2. And that persisted value is still valid.
500         // So, in this case, we should reuse the persisted value instead of
501         // generating a new random value to improve the chances of a good
502         // distribution for scattering.
503         omaha_request_params_->set_waiting_period(
504             TimeDelta::FromSeconds(wait_period_in_secs));
505         LOG(INFO) << "Using persisted wall-clock waiting period: "
506                   << utils::FormatSecs(
507                          omaha_request_params_->waiting_period().InSeconds());
508       } else {
509         // This means there's no persisted value for the waiting period
510         // available or its value is invalid given the new scatter_factor value.
511         // So, we should go ahead and regenerate a new value for the
512         // waiting period.
513         LOG(INFO) << "Persisted value not present or not valid ("
514                   << utils::FormatSecs(wait_period_in_secs)
515                   << ") for wall-clock waiting period.";
516         GenerateNewWaitingPeriod();
517       }
518     } else if (scatter_factor_ != old_scatter_factor) {
519       // This means there's already a waiting period value, but we detected
520       // a change in the scattering policy value. So, we should regenerate the
521       // waiting period to make sure it's within the bounds of the new scatter
522       // factor value.
523       GenerateNewWaitingPeriod();
524     } else {
525       // Neither the first time scattering is enabled nor the scattering value
526       // changed. Nothing to do.
527       LOG(INFO) << "Keeping current wall-clock waiting period: "
528                 << utils::FormatSecs(
529                        omaha_request_params_->waiting_period().InSeconds());
530     }
531 
532     // The invariant at this point is that omaha_request_params_->waiting_period
533     // is non-zero no matter which path we took above.
534     LOG_IF(ERROR, omaha_request_params_->waiting_period().InSeconds() == 0)
535         << "Waiting Period should NOT be zero at this point!!!";
536 
537     // Since scattering is enabled, wall clock based wait will always be
538     // enabled.
539     omaha_request_params_->set_wall_clock_based_wait_enabled(true);
540 
541     // If we don't have any issues in accessing the file system to update
542     // the update check count value, we'll turn that on as well.
543     bool decrement_succeeded = DecrementUpdateCheckCount();
544     omaha_request_params_->set_update_check_count_wait_enabled(
545         decrement_succeeded);
546   } else {
547     // This means the scattering feature is turned off or disabled for
548     // this particular update check. Make sure to disable
549     // all the knobs and artifacts so that we don't invoke any scattering
550     // related code.
551     omaha_request_params_->set_wall_clock_based_wait_enabled(false);
552     omaha_request_params_->set_update_check_count_wait_enabled(false);
553     omaha_request_params_->set_waiting_period(TimeDelta::FromSeconds(0));
554     prefs_->Delete(kPrefsWallClockScatteringWaitPeriod);
555     prefs_->Delete(kPrefsUpdateCheckCount);
556     // Don't delete the UpdateFirstSeenAt file as we don't want manual checks
557     // that result in no-updates (e.g. due to server side throttling) to
558     // cause update starvation by having the client generate a new
559     // UpdateFirstSeenAt for each scheduled check that follows a manual check.
560   }
561 }
562 
GenerateNewWaitingPeriod()563 void UpdateAttempter::GenerateNewWaitingPeriod() {
564   omaha_request_params_->set_waiting_period(
565       TimeDelta::FromSeconds(base::RandInt(1, scatter_factor_.InSeconds())));
566 
567   LOG(INFO) << "Generated new wall-clock waiting period: "
568             << utils::FormatSecs(
569                    omaha_request_params_->waiting_period().InSeconds());
570 
571   // Do a best-effort to persist this in all cases. Even if the persistence
572   // fails, we'll still be able to scatter based on our in-memory value.
573   // The persistence only helps in ensuring a good overall distribution
574   // across multiple devices if they tend to reboot too often.
575   SystemState::Get()->payload_state()->SetScatteringWaitPeriod(
576       omaha_request_params_->waiting_period());
577 }
578 
CalculateStagingParams(bool interactive)579 void UpdateAttempter::CalculateStagingParams(bool interactive) {
580   bool oobe_complete = SystemState::Get()->hardware()->IsOOBEEnabled() &&
581                        SystemState::Get()->hardware()->IsOOBEComplete(nullptr);
582   auto device_policy = SystemState::Get()->device_policy();
583   StagingCase staging_case = StagingCase::kOff;
584   if (device_policy && !interactive && oobe_complete) {
585     staging_wait_time_ = omaha_request_params_->waiting_period();
586     staging_case = CalculateStagingCase(
587         device_policy, &staging_wait_time_, &staging_schedule_);
588   }
589   switch (staging_case) {
590     case StagingCase::kOff:
591       // Staging is off, get rid of persisted value.
592       prefs_->Delete(kPrefsWallClockStagingWaitPeriod);
593       // Set |staging_wait_time_| to its default value so scattering can still
594       // be turned on
595       staging_wait_time_ = TimeDelta();
596       break;
597     // Let the cases fall through since they just add, and never remove, steps
598     // to turning staging on.
599     case StagingCase::kNoSavedValue:
600       prefs_->SetInt64(kPrefsWallClockStagingWaitPeriod,
601                        staging_wait_time_.InDays());
602       FALLTHROUGH;
603     case StagingCase::kSetStagingFromPref:
604       omaha_request_params_->set_waiting_period(staging_wait_time_);
605       FALLTHROUGH;
606     case StagingCase::kNoAction:
607       // Staging is on, enable wallclock based wait so that its values get used.
608       omaha_request_params_->set_wall_clock_based_wait_enabled(true);
609       // Use UpdateCheckCount if possible to prevent devices updating all at
610       // once.
611       omaha_request_params_->set_update_check_count_wait_enabled(
612           DecrementUpdateCheckCount());
613       // Scattering should not be turned on if staging is on, delete the
614       // existing scattering configuration.
615       prefs_->Delete(kPrefsWallClockScatteringWaitPeriod);
616       scatter_factor_ = TimeDelta();
617   }
618 }
619 
ResetDlcPrefs(const string & dlc_id)620 bool UpdateAttempter::ResetDlcPrefs(const string& dlc_id) {
621   vector<string> failures;
622   for (auto& sub_key :
623        {kPrefsPingActive, kPrefsPingLastActive, kPrefsPingLastRollcall}) {
624     auto key = prefs_->CreateSubKey({kDlcPrefsSubDir, dlc_id, sub_key});
625     if (!prefs_->Delete(key))
626       failures.emplace_back(sub_key);
627   }
628   if (failures.size() != 0)
629     PLOG(ERROR) << "Failed to delete prefs (" << base::JoinString(failures, ",")
630                 << " for DLC (" << dlc_id << ").";
631 
632   return failures.size() == 0;
633 }
634 
SetPref(const string & pref_key,const string & pref_value,const string & payload_id)635 void UpdateAttempter::SetPref(const string& pref_key,
636                               const string& pref_value,
637                               const string& payload_id) {
638   string dlc_id;
639   if (!omaha_request_params_->GetDlcId(payload_id, &dlc_id)) {
640     // Not a DLC ID, set fingerprint in perf for platform ID.
641     prefs_->SetString(pref_key, pref_value);
642   } else {
643     // Set fingerprint in pref for DLC ID.
644     auto key = prefs_->CreateSubKey({kDlcPrefsSubDir, dlc_id, pref_key});
645     prefs_->SetString(key, pref_value);
646   }
647 }
648 
SetDlcActiveValue(bool is_active,const string & dlc_id)649 bool UpdateAttempter::SetDlcActiveValue(bool is_active, const string& dlc_id) {
650   if (dlc_id.empty()) {
651     LOG(ERROR) << "Empty DLC ID passed.";
652     return false;
653   }
654   LOG(INFO) << "Set DLC (" << dlc_id << ") to "
655             << (is_active ? "Active" : "Inactive");
656   if (is_active) {
657     auto ping_active_key =
658         prefs_->CreateSubKey({kDlcPrefsSubDir, dlc_id, kPrefsPingActive});
659     if (!prefs_->SetInt64(ping_active_key, kPingActiveValue)) {
660       LOG(ERROR) << "Failed to set the value of ping metadata '"
661                  << kPrefsPingActive << "'.";
662       return false;
663     }
664   } else {
665     return ResetDlcPrefs(dlc_id);
666   }
667   return true;
668 }
669 
GetPingMetadata(const string & metadata_key) const670 int64_t UpdateAttempter::GetPingMetadata(const string& metadata_key) const {
671   // The first time a ping is sent, the metadata files containing the values
672   // sent back by the server still don't exist. A value of -1 is used to
673   // indicate this.
674   if (!SystemState::Get()->prefs()->Exists(metadata_key))
675     return kPingNeverPinged;
676 
677   int64_t value;
678   if (SystemState::Get()->prefs()->GetInt64(metadata_key, &value))
679     return value;
680 
681   // Return -2 when the file exists and there is a problem reading from it, or
682   // the value cannot be converted to an integer.
683   return kPingUnknownValue;
684 }
685 
CalculateDlcParams()686 void UpdateAttempter::CalculateDlcParams() {
687   // Set the |dlc_ids_| only for an update. This is required to get the
688   // currently installed DLC(s).
689   if (!is_install_ &&
690       !SystemState::Get()->dlcservice()->GetDlcsToUpdate(&dlc_ids_)) {
691     LOG(INFO) << "Failed to retrieve DLC module IDs from dlcservice. Check the "
692                  "state of dlcservice, will not update DLC modules.";
693   }
694   map<string, OmahaRequestParams::AppParams> dlc_apps_params;
695   for (const auto& dlc_id : dlc_ids_) {
696     OmahaRequestParams::AppParams dlc_params{
697         .active_counting_type = OmahaRequestParams::kDateBased,
698         .name = dlc_id,
699         .send_ping = false};
700     if (is_install_) {
701       // In some cases, |SetDlcActiveValue| might fail to reset the DLC prefs
702       // when a DLC is uninstalled. To avoid having stale values from that
703       // scenario, we reset the metadata values on a new install request.
704       // Ignore failure to delete stale prefs.
705       ResetDlcPrefs(dlc_id);
706       SetDlcActiveValue(true, dlc_id);
707     } else {
708       // Only send the ping when the request is to update DLCs. When installing
709       // DLCs, we don't want to send the ping yet, since the DLCs might fail to
710       // install or might not really be active yet.
711       dlc_params.ping_active = kPingActiveValue;
712       auto ping_active_key =
713           prefs_->CreateSubKey({kDlcPrefsSubDir, dlc_id, kPrefsPingActive});
714       if (!prefs_->GetInt64(ping_active_key, &dlc_params.ping_active) ||
715           dlc_params.ping_active != kPingActiveValue) {
716         dlc_params.ping_active = kPingInactiveValue;
717       }
718       auto ping_last_active_key =
719           prefs_->CreateSubKey({kDlcPrefsSubDir, dlc_id, kPrefsPingLastActive});
720       dlc_params.ping_date_last_active = GetPingMetadata(ping_last_active_key);
721 
722       auto ping_last_rollcall_key = prefs_->CreateSubKey(
723           {kDlcPrefsSubDir, dlc_id, kPrefsPingLastRollcall});
724       dlc_params.ping_date_last_rollcall =
725           GetPingMetadata(ping_last_rollcall_key);
726 
727       dlc_params.send_ping = true;
728     }
729     dlc_apps_params[omaha_request_params_->GetDlcAppId(dlc_id)] = dlc_params;
730   }
731   omaha_request_params_->set_dlc_apps_params(dlc_apps_params);
732   omaha_request_params_->set_is_install(is_install_);
733 }
734 
BuildUpdateActions(bool interactive)735 void UpdateAttempter::BuildUpdateActions(bool interactive) {
736   CHECK(!processor_->IsRunning());
737   processor_->set_delegate(this);
738 
739   // The session ID needs to be kept throughout the update flow. The value
740   // of the session ID will reset/update only when it is a new update flow.
741   session_id_ = base::GenerateGUID();
742 
743   // Actions:
744   auto update_check_fetcher = std::make_unique<LibcurlHttpFetcher>(
745       GetProxyResolver(), SystemState::Get()->hardware());
746   update_check_fetcher->set_server_to_check(ServerToCheck::kUpdate);
747   // Try harder to connect to the network, esp when not interactive.
748   // See comment in libcurl_http_fetcher.cc.
749   update_check_fetcher->set_no_network_max_retries(interactive ? 1 : 3);
750   update_check_fetcher->set_is_update_check(true);
751   auto update_check_action = std::make_unique<OmahaRequestAction>(
752       nullptr, std::move(update_check_fetcher), false, session_id_);
753   auto response_handler_action = std::make_unique<OmahaResponseHandlerAction>();
754   auto update_boot_flags_action = std::make_unique<UpdateBootFlagsAction>(
755       SystemState::Get()->boot_control());
756   auto download_started_action = std::make_unique<OmahaRequestAction>(
757       new OmahaEvent(OmahaEvent::kTypeUpdateDownloadStarted),
758       std::make_unique<LibcurlHttpFetcher>(GetProxyResolver(),
759                                            SystemState::Get()->hardware()),
760       false,
761       session_id_);
762 
763   LibcurlHttpFetcher* download_fetcher = new LibcurlHttpFetcher(
764       GetProxyResolver(), SystemState::Get()->hardware());
765   download_fetcher->set_server_to_check(ServerToCheck::kDownload);
766   if (interactive)
767     download_fetcher->set_max_retry_count(kDownloadMaxRetryCountInteractive);
768   download_fetcher->SetHeader(kXGoogleUpdateSessionId, session_id_);
769   auto download_action = std::make_unique<DownloadActionChromeos>(
770       prefs_,
771       SystemState::Get()->boot_control(),
772       SystemState::Get()->hardware(),
773       download_fetcher,  // passes ownership
774       interactive);
775   download_action->set_delegate(this);
776 
777   auto download_finished_action = std::make_unique<OmahaRequestAction>(
778       new OmahaEvent(OmahaEvent::kTypeUpdateDownloadFinished),
779       std::make_unique<LibcurlHttpFetcher>(GetProxyResolver(),
780                                            SystemState::Get()->hardware()),
781       false,
782       session_id_);
783   auto filesystem_verifier_action = std::make_unique<FilesystemVerifierAction>(
784       SystemState::Get()->boot_control()->GetDynamicPartitionControl());
785   auto update_complete_action = std::make_unique<OmahaRequestAction>(
786       new OmahaEvent(OmahaEvent::kTypeUpdateComplete),
787       std::make_unique<LibcurlHttpFetcher>(GetProxyResolver(),
788                                            SystemState::Get()->hardware()),
789       false,
790       session_id_);
791 
792   auto postinstall_runner_action = std::make_unique<PostinstallRunnerAction>(
793       SystemState::Get()->boot_control(), SystemState::Get()->hardware());
794   postinstall_runner_action->set_delegate(this);
795 
796   // Bond them together. We have to use the leaf-types when calling
797   // BondActions().
798   BondActions(update_check_action.get(), response_handler_action.get());
799   BondActions(response_handler_action.get(), download_action.get());
800   BondActions(download_action.get(), filesystem_verifier_action.get());
801   BondActions(filesystem_verifier_action.get(),
802               postinstall_runner_action.get());
803 
804   processor_->EnqueueAction(std::move(update_check_action));
805   processor_->EnqueueAction(std::move(response_handler_action));
806   processor_->EnqueueAction(std::move(update_boot_flags_action));
807   processor_->EnqueueAction(std::move(download_started_action));
808   processor_->EnqueueAction(std::move(download_action));
809   processor_->EnqueueAction(std::move(download_finished_action));
810   processor_->EnqueueAction(std::move(filesystem_verifier_action));
811   processor_->EnqueueAction(std::move(postinstall_runner_action));
812   processor_->EnqueueAction(std::move(update_complete_action));
813 }
814 
Rollback(bool powerwash)815 bool UpdateAttempter::Rollback(bool powerwash) {
816   is_install_ = false;
817   if (!CanRollback()) {
818     return false;
819   }
820 
821   // Extra check for enterprise-enrolled devices since they don't support
822   // powerwash.
823   if (powerwash) {
824     // Enterprise-enrolled devices have an empty owner in their device policy.
825     string owner;
826     RefreshDevicePolicy();
827     const policy::DevicePolicy* device_policy =
828         SystemState::Get()->device_policy();
829     if (device_policy && (!device_policy->GetOwner(&owner) || owner.empty())) {
830       LOG(ERROR) << "Enterprise device detected. "
831                  << "Cannot perform a powerwash for enterprise devices.";
832       return false;
833     }
834   }
835 
836   processor_->set_delegate(this);
837 
838   // Initialize the default request params.
839   if (!omaha_request_params_->Init("", "", {.interactive = true})) {
840     LOG(ERROR) << "Unable to initialize Omaha request params.";
841     return false;
842   }
843 
844   LOG(INFO) << "Setting rollback options.";
845   install_plan_.reset(new InstallPlan());
846   install_plan_->target_slot = GetRollbackSlot();
847   install_plan_->source_slot =
848       SystemState::Get()->boot_control()->GetCurrentSlot();
849 
850   TEST_AND_RETURN_FALSE(install_plan_->LoadPartitionsFromSlots(
851       SystemState::Get()->boot_control()));
852   install_plan_->powerwash_required = powerwash;
853 
854   install_plan_->Dump();
855 
856   auto install_plan_action =
857       std::make_unique<InstallPlanAction>(*install_plan_);
858   auto postinstall_runner_action = std::make_unique<PostinstallRunnerAction>(
859       SystemState::Get()->boot_control(), SystemState::Get()->hardware());
860   postinstall_runner_action->set_delegate(this);
861   BondActions(install_plan_action.get(), postinstall_runner_action.get());
862   processor_->EnqueueAction(std::move(install_plan_action));
863   processor_->EnqueueAction(std::move(postinstall_runner_action));
864 
865   // Update the payload state for Rollback.
866   SystemState::Get()->payload_state()->Rollback();
867 
868   SetStatusAndNotify(UpdateStatus::ATTEMPTING_ROLLBACK);
869 
870   ScheduleProcessingStart();
871   return true;
872 }
873 
CanRollback() const874 bool UpdateAttempter::CanRollback() const {
875   // We can only rollback if the update_engine isn't busy and we have a valid
876   // rollback partition.
877   return (status_ == UpdateStatus::IDLE &&
878           GetRollbackSlot() != BootControlInterface::kInvalidSlot);
879 }
880 
GetRollbackSlot() const881 BootControlInterface::Slot UpdateAttempter::GetRollbackSlot() const {
882   LOG(INFO) << "UpdateAttempter::GetRollbackSlot";
883   const unsigned int num_slots =
884       SystemState::Get()->boot_control()->GetNumSlots();
885   const BootControlInterface::Slot current_slot =
886       SystemState::Get()->boot_control()->GetCurrentSlot();
887 
888   LOG(INFO) << "  Installed slots: " << num_slots;
889   LOG(INFO) << "  Booted from slot: "
890             << BootControlInterface::SlotName(current_slot);
891 
892   if (current_slot == BootControlInterface::kInvalidSlot || num_slots < 2) {
893     LOG(INFO) << "Device is not updateable.";
894     return BootControlInterface::kInvalidSlot;
895   }
896 
897   vector<BootControlInterface::Slot> bootable_slots;
898   for (BootControlInterface::Slot slot = 0; slot < num_slots; slot++) {
899     if (slot != current_slot &&
900         SystemState::Get()->boot_control()->IsSlotBootable(slot)) {
901       LOG(INFO) << "Found bootable slot "
902                 << BootControlInterface::SlotName(slot);
903       return slot;
904     }
905   }
906   LOG(INFO) << "No other bootable slot found.";
907   return BootControlInterface::kInvalidSlot;
908 }
909 
CheckForUpdate(const string & app_version,const string & omaha_url,UpdateAttemptFlags flags)910 bool UpdateAttempter::CheckForUpdate(const string& app_version,
911                                      const string& omaha_url,
912                                      UpdateAttemptFlags flags) {
913   if (status_ != UpdateStatus::IDLE) {
914     LOG(INFO) << "Refusing to do an update as there is an "
915               << (is_install_ ? "install" : "update")
916               << " already in progress.";
917     return false;
918   }
919 
920   bool interactive = !(flags & UpdateAttemptFlags::kFlagNonInteractive);
921   is_install_ = false;
922 
923   LOG(INFO) << "Forced update check requested.";
924   forced_app_version_.clear();
925   forced_omaha_url_.clear();
926 
927   // Certain conditions must be met to allow setting custom version and update
928   // server URLs. However, kScheduledAUTestURLRequest and kAUTestURLRequest are
929   // always allowed regardless of device state.
930   if (IsAnyUpdateSourceAllowed()) {
931     forced_app_version_ = app_version;
932     forced_omaha_url_ = omaha_url;
933   }
934   if (omaha_url == kScheduledAUTestURLRequest) {
935     forced_omaha_url_ = constants::kOmahaDefaultAUTestURL;
936     // Pretend that it's not user-initiated even though it is,
937     // so as to test scattering logic, etc. which get kicked off
938     // only in scheduled update checks.
939     interactive = false;
940   } else if (omaha_url == kAUTestURLRequest) {
941     forced_omaha_url_ = constants::kOmahaDefaultAUTestURL;
942   }
943 
944   if (interactive) {
945     // Use the passed-in update attempt flags for this update attempt instead
946     // of the previously set ones.
947     current_update_attempt_flags_ = flags;
948     // Note: The caching for non-interactive update checks happens in
949     // |OnUpdateScheduled()|.
950   }
951 
952   // |forced_update_pending_callback_| should always be set, but even in the
953   // case that it is not, we still return true indicating success because the
954   // scheduled periodic check will pick up these changes.
955   if (forced_update_pending_callback_.get()) {
956     // Always call |ScheduleUpdates()| before forcing an update. This is because
957     // we need an update to be scheduled for the
958     // |forced_update_pending_callback_| to have an effect. Here we don't need
959     // to care about the return value from |ScheduleUpdate()|.
960     ScheduleUpdates();
961     forced_update_pending_callback_->Run(true, interactive);
962   }
963   return true;
964 }
965 
CheckForInstall(const vector<string> & dlc_ids,const string & omaha_url)966 bool UpdateAttempter::CheckForInstall(const vector<string>& dlc_ids,
967                                       const string& omaha_url) {
968   if (status_ != UpdateStatus::IDLE) {
969     LOG(INFO) << "Refusing to do an install as there is an "
970               << (is_install_ ? "install" : "update")
971               << " already in progress.";
972     return false;
973   }
974 
975   dlc_ids_ = dlc_ids;
976   is_install_ = true;
977   forced_omaha_url_.clear();
978 
979   // Certain conditions must be met to allow setting custom version and update
980   // server URLs. However, kScheduledAUTestURLRequest and kAUTestURLRequest are
981   // always allowed regardless of device state.
982   if (IsAnyUpdateSourceAllowed()) {
983     forced_omaha_url_ = omaha_url;
984   }
985 
986   if (omaha_url == kScheduledAUTestURLRequest ||
987       omaha_url == kAUTestURLRequest) {
988     forced_omaha_url_ = constants::kOmahaDefaultAUTestURL;
989   }
990 
991   // |forced_update_pending_callback_| should always be set, but even in the
992   // case that it is not, we still return true indicating success because the
993   // scheduled periodic check will pick up these changes.
994   if (forced_update_pending_callback_.get()) {
995     // Always call |ScheduleUpdates()| before forcing an update. This is because
996     // we need an update to be scheduled for the
997     // |forced_update_pending_callback_| to have an effect. Here we don't need
998     // to care about the return value from |ScheduleUpdate()|.
999     ScheduleUpdates();
1000     forced_update_pending_callback_->Run(true, true);
1001   }
1002   return true;
1003 }
1004 
RebootIfNeeded()1005 bool UpdateAttempter::RebootIfNeeded() {
1006   if (SystemState::Get()->power_manager()->RequestReboot())
1007     return true;
1008 
1009   return RebootDirectly();
1010 }
1011 
WriteUpdateCompletedMarker()1012 void UpdateAttempter::WriteUpdateCompletedMarker() {
1013   string boot_id;
1014   if (!utils::GetBootId(&boot_id))
1015     return;
1016   prefs_->SetString(kPrefsUpdateCompletedOnBootId, boot_id);
1017 
1018   int64_t value = SystemState::Get()->clock()->GetBootTime().ToInternalValue();
1019   prefs_->SetInt64(kPrefsUpdateCompletedBootTime, value);
1020 }
1021 
RebootDirectly()1022 bool UpdateAttempter::RebootDirectly() {
1023   vector<string> command = {"/sbin/shutdown", "-r", "now"};
1024   int rc = 0;
1025   Subprocess::SynchronousExec(command, &rc, nullptr, nullptr);
1026   return rc == 0;
1027 }
1028 
OnUpdateScheduled(EvalStatus status,const UpdateCheckParams & params)1029 void UpdateAttempter::OnUpdateScheduled(EvalStatus status,
1030                                         const UpdateCheckParams& params) {
1031   waiting_for_scheduled_check_ = false;
1032 
1033   if (status == EvalStatus::kSucceeded) {
1034     if (!params.updates_enabled) {
1035       LOG(WARNING) << "Updates permanently disabled.";
1036       // Signal disabled status, then switch right back to idle. This is
1037       // necessary for ensuring that observers waiting for a signal change will
1038       // actually notice one on subsequent calls. Note that we don't need to
1039       // re-schedule a check in this case as updates are permanently disabled;
1040       // further (forced) checks may still initiate a scheduling call.
1041       SetStatusAndNotify(UpdateStatus::DISABLED);
1042       SetStatusAndNotify(UpdateStatus::IDLE);
1043       return;
1044     }
1045 
1046     LOG(INFO) << "Running " << (params.interactive ? "interactive" : "periodic")
1047               << " update.";
1048 
1049     if (!params.interactive) {
1050       // Cache the update attempt flags that will be used by this update attempt
1051       // so that they can't be changed mid-way through.
1052       current_update_attempt_flags_ = update_attempt_flags_;
1053     }
1054 
1055     LOG(INFO) << "Update attempt flags in use = 0x" << std::hex
1056               << current_update_attempt_flags_;
1057 
1058     Update(params);
1059     // Always clear the forced app_version and omaha_url after an update attempt
1060     // so the next update uses the defaults.
1061     forced_app_version_.clear();
1062     forced_omaha_url_.clear();
1063   } else {
1064     LOG(WARNING)
1065         << "Update check scheduling failed (possibly timed out); retrying.";
1066     ScheduleUpdates();
1067   }
1068 
1069   // This check ensures that future update checks will be or are already
1070   // scheduled. The check should never fail. A check failure means that there's
1071   // a bug that will most likely prevent further automatic update checks. It
1072   // seems better to crash in such cases and restart the update_engine daemon
1073   // into, hopefully, a known good state.
1074   CHECK(IsBusyOrUpdateScheduled());
1075 }
1076 
UpdateLastCheckedTime()1077 void UpdateAttempter::UpdateLastCheckedTime() {
1078   last_checked_time_ =
1079       SystemState::Get()->clock()->GetWallclockTime().ToTimeT();
1080 }
1081 
UpdateRollbackHappened()1082 void UpdateAttempter::UpdateRollbackHappened() {
1083   DCHECK(SystemState::Get()->payload_state());
1084   DCHECK(policy_provider_);
1085   if (SystemState::Get()->payload_state()->GetRollbackHappened() &&
1086       (policy_provider_->device_policy_is_loaded() ||
1087        policy_provider_->IsConsumerDevice())) {
1088     // Rollback happened, but we already went through OOBE and policy is
1089     // present or it's a consumer device.
1090     SystemState::Get()->payload_state()->SetRollbackHappened(false);
1091   }
1092 }
1093 
ProcessingDoneInternal(const ActionProcessor * processor,ErrorCode code)1094 void UpdateAttempter::ProcessingDoneInternal(const ActionProcessor* processor,
1095                                              ErrorCode code) {
1096   // Reset cpu shares back to normal.
1097   cpu_limiter_.StopLimiter();
1098 
1099   ResetInteractivityFlags();
1100 
1101   if (status_ == UpdateStatus::REPORTING_ERROR_EVENT) {
1102     LOG(INFO) << "Error event sent.";
1103 
1104     // Inform scheduler of new status.
1105     SetStatusAndNotify(UpdateStatus::IDLE);
1106     ScheduleUpdates();
1107 
1108     if (!fake_update_success_) {
1109       return;
1110     }
1111     LOG(INFO) << "Booted from FW B and tried to install new firmware, "
1112                  "so requesting reboot from user.";
1113   }
1114 
1115   attempt_error_code_ = utils::GetBaseErrorCode(code);
1116 
1117   if (code != ErrorCode::kSuccess) {
1118     if (ScheduleErrorEventAction()) {
1119       return;
1120     }
1121     LOG(INFO) << "No update.";
1122     SetStatusAndNotify(UpdateStatus::IDLE);
1123     ScheduleUpdates();
1124     return;
1125   }
1126 
1127   ReportTimeToUpdateAppliedMetric();
1128   prefs_->SetInt64(kPrefsDeltaUpdateFailures, 0);
1129   prefs_->SetString(kPrefsPreviousVersion,
1130                     omaha_request_params_->app_version());
1131   DeltaPerformer::ResetUpdateProgress(prefs_, false);
1132 
1133   SystemState::Get()->payload_state()->UpdateSucceeded();
1134 
1135   // Since we're done with scattering fully at this point, this is the
1136   // safest point delete the state files, as we're sure that the status is
1137   // set to reboot (which means no more updates will be applied until reboot)
1138   // This deletion is required for correctness as we want the next update
1139   // check to re-create a new random number for the update check count.
1140   // Similarly, we also delete the wall-clock-wait period that was persisted
1141   // so that we start with a new random value for the next update check
1142   // after reboot so that the same device is not favored or punished in any
1143   // way.
1144   prefs_->Delete(kPrefsUpdateCheckCount);
1145   SystemState::Get()->payload_state()->SetScatteringWaitPeriod(TimeDelta());
1146   SystemState::Get()->payload_state()->SetStagingWaitPeriod(TimeDelta());
1147   prefs_->Delete(kPrefsUpdateFirstSeenAt);
1148 
1149   // Note: below this comment should only be on |ErrorCode::kSuccess|.
1150   if (is_install_) {
1151     ProcessingDoneInstall(processor, code);
1152   } else {
1153     ProcessingDoneUpdate(processor, code);
1154   }
1155 }
1156 
GetSuccessfulDlcIds()1157 vector<string> UpdateAttempter::GetSuccessfulDlcIds() {
1158   vector<string> dlc_ids;
1159   for (const auto& pr : omaha_request_params_->dlc_apps_params())
1160     if (pr.second.updated)
1161       dlc_ids.push_back(pr.second.name);
1162   return dlc_ids;
1163 }
1164 
ProcessingDoneInstall(const ActionProcessor * processor,ErrorCode code)1165 void UpdateAttempter::ProcessingDoneInstall(const ActionProcessor* processor,
1166                                             ErrorCode code) {
1167   if (!SystemState::Get()->dlcservice()->InstallCompleted(
1168           GetSuccessfulDlcIds()))
1169     LOG(WARNING) << "dlcservice didn't successfully handle install completion.";
1170   SetStatusAndNotify(UpdateStatus::IDLE);
1171   ScheduleUpdates();
1172   LOG(INFO) << "DLC successfully installed, no reboot needed.";
1173 }
1174 
ProcessingDoneUpdate(const ActionProcessor * processor,ErrorCode code)1175 void UpdateAttempter::ProcessingDoneUpdate(const ActionProcessor* processor,
1176                                            ErrorCode code) {
1177   WriteUpdateCompletedMarker();
1178 
1179   if (!SystemState::Get()->dlcservice()->UpdateCompleted(GetSuccessfulDlcIds()))
1180     LOG(WARNING) << "dlcservice didn't successfully handle update completion.";
1181   SetStatusAndNotify(UpdateStatus::UPDATED_NEED_REBOOT);
1182   ScheduleUpdates();
1183   LOG(INFO) << "Update successfully applied, waiting to reboot.";
1184 
1185   // |install_plan_| is null during rollback operations, and the stats don't
1186   // make much sense then anyway.
1187   if (install_plan_) {
1188     // Generate an unique payload identifier.
1189     string target_version_uid;
1190     for (const auto& payload : install_plan_->payloads) {
1191       target_version_uid += brillo::data_encoding::Base64Encode(payload.hash) +
1192                             ":" + payload.metadata_signature + ":";
1193       // Set fingerprint value for updates only.
1194       if (!is_install_)
1195         SetPref(kPrefsLastFp, payload.fp, payload.app_id);
1196     }
1197 
1198     // If we just downloaded a rollback image, we should preserve this fact
1199     // over the following powerwash.
1200     if (install_plan_->is_rollback) {
1201       SystemState::Get()->payload_state()->SetRollbackHappened(true);
1202       SystemState::Get()->metrics_reporter()->ReportEnterpriseRollbackMetrics(
1203           /*success=*/true, install_plan_->version);
1204     }
1205 
1206     // Expect to reboot into the new version to send the proper metric during
1207     // next boot.
1208     SystemState::Get()->payload_state()->ExpectRebootInNewVersion(
1209         target_version_uid);
1210   } else {
1211     // If we just finished a rollback, then we expect to have no Omaha
1212     // response. Otherwise, it's an error.
1213     if (SystemState::Get()->payload_state()->GetRollbackVersion().empty()) {
1214       LOG(ERROR) << "Can't send metrics because there was no Omaha response";
1215     }
1216   }
1217 }
1218 
1219 // Delegate methods:
ProcessingDone(const ActionProcessor * processor,ErrorCode code)1220 void UpdateAttempter::ProcessingDone(const ActionProcessor* processor,
1221                                      ErrorCode code) {
1222   LOG(INFO) << "Processing Done.";
1223   ProcessingDoneInternal(processor, code);
1224 
1225   // Note: do cleanups here for any variables that need to be reset after a
1226   // failure, error, update, or install.
1227   is_install_ = false;
1228 }
1229 
ProcessingStopped(const ActionProcessor * processor)1230 void UpdateAttempter::ProcessingStopped(const ActionProcessor* processor) {
1231   // Reset cpu shares back to normal.
1232   cpu_limiter_.StopLimiter();
1233   download_progress_ = 0.0;
1234 
1235   ResetInteractivityFlags();
1236 
1237   SetStatusAndNotify(UpdateStatus::IDLE);
1238   ScheduleUpdates();
1239   error_event_.reset(nullptr);
1240 }
1241 
1242 // Called whenever an action has finished processing, either successfully
1243 // or otherwise.
ActionCompleted(ActionProcessor * processor,AbstractAction * action,ErrorCode code)1244 void UpdateAttempter::ActionCompleted(ActionProcessor* processor,
1245                                       AbstractAction* action,
1246                                       ErrorCode code) {
1247   // Reset download progress regardless of whether or not the download
1248   // action succeeded. Also, get the response code from HTTP request
1249   // actions (update download as well as the initial update check
1250   // actions).
1251   const string type = action->Type();
1252   if (type == DownloadActionChromeos::StaticType()) {
1253     download_progress_ = 0.0;
1254     DownloadActionChromeos* download_action =
1255         static_cast<DownloadActionChromeos*>(action);
1256     http_response_code_ = download_action->GetHTTPResponseCode();
1257   } else if (type == OmahaRequestAction::StaticType()) {
1258     OmahaRequestAction* omaha_request_action =
1259         static_cast<OmahaRequestAction*>(action);
1260     // If the request is not an event, then it's the update-check.
1261     if (!omaha_request_action->IsEvent()) {
1262       http_response_code_ = omaha_request_action->GetHTTPResponseCode();
1263 
1264       // Record the number of consecutive failed update checks.
1265       if (http_response_code_ == kHttpResponseInternalServerError ||
1266           http_response_code_ == kHttpResponseServiceUnavailable) {
1267         consecutive_failed_update_checks_++;
1268       } else {
1269         consecutive_failed_update_checks_ = 0;
1270       }
1271 
1272       const OmahaResponse& omaha_response =
1273           omaha_request_action->GetOutputObject();
1274       // Store the server-dictated poll interval, if any.
1275       server_dictated_poll_interval_ =
1276           std::max(0, omaha_response.poll_interval);
1277 
1278       // This update is ignored by omaha request action because update over
1279       // cellular connection is not allowed. Needs to ask for user's permissions
1280       // to update.
1281       if (code == ErrorCode::kOmahaUpdateIgnoredOverCellular) {
1282         new_version_ = omaha_response.version;
1283         new_payload_size_ = 0;
1284         for (const auto& package : omaha_response.packages) {
1285           new_payload_size_ += package.size;
1286         }
1287         SetStatusAndNotify(UpdateStatus::NEED_PERMISSION_TO_UPDATE);
1288       }
1289     }
1290   } else if (type == OmahaResponseHandlerAction::StaticType()) {
1291     // Depending on the returned error code, note that an update is available.
1292     if (code == ErrorCode::kOmahaUpdateDeferredPerPolicy ||
1293         code == ErrorCode::kSuccess) {
1294       // Note that the status will be updated to DOWNLOADING when some bytes
1295       // get actually downloaded from the server and the BytesReceived
1296       // callback is invoked. This avoids notifying the user that a download
1297       // has started in cases when the server and the client are unable to
1298       // initiate the download.
1299       auto omaha_response_handler_action =
1300           static_cast<OmahaResponseHandlerAction*>(action);
1301       install_plan_.reset(
1302           new InstallPlan(omaha_response_handler_action->install_plan()));
1303       UpdateLastCheckedTime();
1304       new_version_ = install_plan_->version;
1305       new_payload_size_ = 0;
1306       for (const auto& payload : install_plan_->payloads)
1307         new_payload_size_ += payload.size;
1308       cpu_limiter_.StartLimiter();
1309       SetStatusAndNotify(UpdateStatus::UPDATE_AVAILABLE);
1310     }
1311   }
1312   // General failure cases.
1313   if (code != ErrorCode::kSuccess) {
1314     // If the current state is at or past the download phase, count the failure
1315     // in case a switch to full update becomes necessary. Ignore network
1316     // transfer timeouts and failures.
1317     if (code != ErrorCode::kDownloadTransferError) {
1318       switch (status_) {
1319         case UpdateStatus::IDLE:
1320         case UpdateStatus::CHECKING_FOR_UPDATE:
1321         case UpdateStatus::UPDATE_AVAILABLE:
1322         case UpdateStatus::NEED_PERMISSION_TO_UPDATE:
1323           break;
1324         case UpdateStatus::DOWNLOADING:
1325         case UpdateStatus::VERIFYING:
1326         case UpdateStatus::FINALIZING:
1327         case UpdateStatus::UPDATED_NEED_REBOOT:
1328         case UpdateStatus::REPORTING_ERROR_EVENT:
1329         case UpdateStatus::ATTEMPTING_ROLLBACK:
1330         case UpdateStatus::DISABLED:
1331         case UpdateStatus::CLEANUP_PREVIOUS_UPDATE:
1332           MarkDeltaUpdateFailure();
1333           break;
1334       }
1335     }
1336     if (code != ErrorCode::kNoUpdate) {
1337       // On failure, schedule an error event to be sent to Omaha.
1338       CreatePendingErrorEvent(action, code);
1339     }
1340     return;
1341   }
1342   // Find out which action completed (successfully).
1343   if (type == DownloadAction::StaticType()) {
1344     SetStatusAndNotify(UpdateStatus::FINALIZING);
1345   } else if (type == FilesystemVerifierAction::StaticType()) {
1346     // Log the system properties before the postinst and after the file system
1347     // is verified. It used to be done in the postinst itself. But postinst
1348     // cannot do this anymore. On the other hand, these logs are frequently
1349     // looked at and it is preferable not to scatter them in random location in
1350     // the log and rather log it right before the postinst. The reason not do
1351     // this in the |PostinstallRunnerAction| is to prevent dependency from
1352     // libpayload_consumer to libupdate_engine.
1353     LogImageProperties();
1354   }
1355 }
1356 
BytesReceived(uint64_t bytes_progressed,uint64_t bytes_received,uint64_t total)1357 void UpdateAttempter::BytesReceived(uint64_t bytes_progressed,
1358                                     uint64_t bytes_received,
1359                                     uint64_t total) {
1360   // The PayloadState keeps track of how many bytes were actually downloaded
1361   // from a given URL for the URL skipping logic.
1362   SystemState::Get()->payload_state()->DownloadProgress(bytes_progressed);
1363 
1364   double progress = 0;
1365   if (total)
1366     progress = static_cast<double>(bytes_received) / static_cast<double>(total);
1367   if (status_ != UpdateStatus::DOWNLOADING || bytes_received == total) {
1368     download_progress_ = progress;
1369     SetStatusAndNotify(UpdateStatus::DOWNLOADING);
1370   } else {
1371     ProgressUpdate(progress);
1372   }
1373 }
1374 
DownloadComplete()1375 void UpdateAttempter::DownloadComplete() {
1376   SystemState::Get()->payload_state()->DownloadComplete();
1377 }
1378 
ProgressUpdate(double progress)1379 void UpdateAttempter::ProgressUpdate(double progress) {
1380   // Self throttle based on progress. Also send notifications if progress is
1381   // too slow.
1382   if (progress == 1.0 ||
1383       progress - download_progress_ >= kBroadcastThresholdProgress ||
1384       TimeTicks::Now() - last_notify_time_ >=
1385           TimeDelta::FromSeconds(kBroadcastThresholdSeconds)) {
1386     download_progress_ = progress;
1387     BroadcastStatus();
1388   }
1389 }
1390 
ResetInteractivityFlags()1391 void UpdateAttempter::ResetInteractivityFlags() {
1392   // Reset the state that's only valid for a single update pass.
1393   current_update_attempt_flags_ = UpdateAttemptFlags::kNone;
1394 
1395   if (forced_update_pending_callback_.get())
1396     // Clear prior interactive requests once the processor is done.
1397     forced_update_pending_callback_->Run(false, false);
1398 }
1399 
ResetStatus()1400 bool UpdateAttempter::ResetStatus() {
1401   LOG(INFO) << "Attempting to reset state from "
1402             << UpdateStatusToString(status_) << " to UpdateStatus::IDLE";
1403 
1404   switch (status_) {
1405     case UpdateStatus::IDLE:
1406       // no-op.
1407       return true;
1408 
1409     case UpdateStatus::UPDATED_NEED_REBOOT: {
1410       bool ret_value = true;
1411       status_ = UpdateStatus::IDLE;
1412 
1413       // Remove the reboot marker so that if the machine is rebooted
1414       // after resetting to idle state, it doesn't go back to
1415       // UpdateStatus::UPDATED_NEED_REBOOT state.
1416       ret_value = prefs_->Delete(kPrefsUpdateCompletedOnBootId) && ret_value;
1417       ret_value = prefs_->Delete(kPrefsUpdateCompletedBootTime) && ret_value;
1418       ret_value = prefs_->Delete(kPrefsLastFp, {kDlcPrefsSubDir}) && ret_value;
1419 
1420       // Update the boot flags so the current slot has higher priority.
1421       BootControlInterface* boot_control = SystemState::Get()->boot_control();
1422       if (!boot_control->SetActiveBootSlot(boot_control->GetCurrentSlot()))
1423         ret_value = false;
1424 
1425       // Mark the current slot as successful again, since marking it as active
1426       // may reset the successful bit. We ignore the result of whether marking
1427       // the current slot as successful worked.
1428       if (!boot_control->MarkBootSuccessfulAsync(Bind([](bool successful) {})))
1429         ret_value = false;
1430 
1431       // Notify the PayloadState that the successful payload was canceled.
1432       SystemState::Get()->payload_state()->ResetUpdateStatus();
1433 
1434       // The previous version is used to report back to omaha after reboot that
1435       // we actually rebooted into the new version from this "prev-version". We
1436       // need to clear out this value now to prevent it being sent on the next
1437       // updatecheck request.
1438       ret_value = prefs_->SetString(kPrefsPreviousVersion, "") && ret_value;
1439 
1440       LOG(INFO) << "Reset status " << (ret_value ? "successful" : "failed");
1441       return ret_value;
1442     }
1443 
1444     default:
1445       LOG(ERROR) << "Reset not allowed in this state.";
1446       return false;
1447   }
1448 }
1449 
GetStatus(UpdateEngineStatus * out_status)1450 bool UpdateAttempter::GetStatus(UpdateEngineStatus* out_status) {
1451   out_status->last_checked_time = last_checked_time_;
1452   out_status->status = status_;
1453   out_status->current_version = omaha_request_params_->app_version();
1454   out_status->progress = download_progress_;
1455   out_status->new_size_bytes = new_payload_size_;
1456   out_status->new_version = new_version_;
1457   out_status->is_enterprise_rollback =
1458       install_plan_ && install_plan_->is_rollback;
1459   out_status->is_install = is_install_;
1460 
1461   string str_eol_date;
1462   if (SystemState::Get()->prefs()->Exists(kPrefsOmahaEolDate) &&
1463       !SystemState::Get()->prefs()->GetString(kPrefsOmahaEolDate,
1464                                               &str_eol_date))
1465     LOG(ERROR) << "Failed to retrieve kPrefsOmahaEolDate pref.";
1466   out_status->eol_date = StringToEolDate(str_eol_date);
1467 
1468   // A powerwash will take place either if the install plan says it is required
1469   // or if an enterprise rollback is happening.
1470   out_status->will_powerwash_after_reboot =
1471       install_plan_ &&
1472       (install_plan_->powerwash_required || install_plan_->is_rollback);
1473 
1474   return true;
1475 }
1476 
BroadcastStatus()1477 void UpdateAttempter::BroadcastStatus() {
1478   UpdateEngineStatus broadcast_status;
1479   // Use common method for generating the current status.
1480   GetStatus(&broadcast_status);
1481 
1482   for (const auto& observer : service_observers_) {
1483     observer->SendStatusUpdate(broadcast_status);
1484   }
1485   last_notify_time_ = TimeTicks::Now();
1486 }
1487 
GetErrorCodeFlags()1488 uint32_t UpdateAttempter::GetErrorCodeFlags() {
1489   uint32_t flags = 0;
1490 
1491   if (!SystemState::Get()->hardware()->IsNormalBootMode())
1492     flags |= static_cast<uint32_t>(ErrorCode::kDevModeFlag);
1493 
1494   if (install_plan_ && install_plan_->is_resume)
1495     flags |= static_cast<uint32_t>(ErrorCode::kResumedFlag);
1496 
1497   if (!SystemState::Get()->hardware()->IsOfficialBuild())
1498     flags |= static_cast<uint32_t>(ErrorCode::kTestImageFlag);
1499 
1500   if (!omaha_request_params_->IsUpdateUrlOfficial()) {
1501     flags |= static_cast<uint32_t>(ErrorCode::kTestOmahaUrlFlag);
1502   }
1503 
1504   return flags;
1505 }
1506 
ShouldCancel(ErrorCode * cancel_reason)1507 bool UpdateAttempter::ShouldCancel(ErrorCode* cancel_reason) {
1508   // Check if the channel we're attempting to update to is the same as the
1509   // target channel currently chosen by the user.
1510   OmahaRequestParams* params = SystemState::Get()->request_params();
1511   if (params->download_channel() != params->target_channel()) {
1512     LOG(ERROR) << "Aborting download as target channel: "
1513                << params->target_channel()
1514                << " is different from the download channel: "
1515                << params->download_channel();
1516     *cancel_reason = ErrorCode::kUpdateCanceledByChannelChange;
1517     return true;
1518   }
1519 
1520   return false;
1521 }
1522 
SetStatusAndNotify(UpdateStatus status)1523 void UpdateAttempter::SetStatusAndNotify(UpdateStatus status) {
1524   status_ = status;
1525   BroadcastStatus();
1526 }
1527 
CreatePendingErrorEvent(AbstractAction * action,ErrorCode code)1528 void UpdateAttempter::CreatePendingErrorEvent(AbstractAction* action,
1529                                               ErrorCode code) {
1530   if (error_event_.get() || status_ == UpdateStatus::REPORTING_ERROR_EVENT) {
1531     // This shouldn't really happen.
1532     LOG(WARNING) << "There's already an existing pending error event.";
1533     return;
1534   }
1535 
1536   // Classify the code to generate the appropriate result so that
1537   // the Borgmon charts show up the results correctly.
1538   // Do this before calling GetErrorCodeForAction which could potentially
1539   // augment the bit representation of code and thus cause no matches for
1540   // the switch cases below.
1541   OmahaEvent::Result event_result;
1542   switch (code) {
1543     case ErrorCode::kOmahaUpdateIgnoredPerPolicy:
1544     case ErrorCode::kOmahaUpdateDeferredPerPolicy:
1545     case ErrorCode::kOmahaUpdateDeferredForBackoff:
1546       event_result = OmahaEvent::kResultUpdateDeferred;
1547       break;
1548     default:
1549       event_result = OmahaEvent::kResultError;
1550       break;
1551   }
1552 
1553   code = GetErrorCodeForAction(action, code);
1554   fake_update_success_ = code == ErrorCode::kPostinstallBootedFromFirmwareB;
1555 
1556   // Compute the final error code with all the bit flags to be sent to Omaha.
1557   code =
1558       static_cast<ErrorCode>(static_cast<uint32_t>(code) | GetErrorCodeFlags());
1559   error_event_.reset(
1560       new OmahaEvent(OmahaEvent::kTypeUpdateComplete, event_result, code));
1561 }
1562 
ScheduleErrorEventAction()1563 bool UpdateAttempter::ScheduleErrorEventAction() {
1564   if (error_event_.get() == nullptr)
1565     return false;
1566 
1567   LOG(ERROR) << "Update failed.";
1568   SystemState::Get()->payload_state()->UpdateFailed(error_event_->error_code);
1569 
1570   // Send metrics if it was a rollback.
1571   if (install_plan_ && install_plan_->is_rollback) {
1572     SystemState::Get()->metrics_reporter()->ReportEnterpriseRollbackMetrics(
1573         /*success=*/false, install_plan_->version);
1574   }
1575 
1576   // Send it to Omaha.
1577   LOG(INFO) << "Reporting the error event";
1578   auto error_event_action = std::make_unique<OmahaRequestAction>(
1579       error_event_.release(),  // Pass ownership.
1580       std::make_unique<LibcurlHttpFetcher>(GetProxyResolver(),
1581                                            SystemState::Get()->hardware()),
1582       false,
1583       session_id_);
1584   processor_->EnqueueAction(std::move(error_event_action));
1585   SetStatusAndNotify(UpdateStatus::REPORTING_ERROR_EVENT);
1586   processor_->StartProcessing();
1587   return true;
1588 }
1589 
ScheduleProcessingStart()1590 void UpdateAttempter::ScheduleProcessingStart() {
1591   LOG(INFO) << "Scheduling an action processor start.";
1592   MessageLoop::current()->PostTask(
1593       FROM_HERE,
1594       Bind([](ActionProcessor* processor) { processor->StartProcessing(); },
1595            base::Unretained(processor_.get())));
1596 }
1597 
DisableDeltaUpdateIfNeeded()1598 void UpdateAttempter::DisableDeltaUpdateIfNeeded() {
1599   int64_t delta_failures;
1600   if (omaha_request_params_->delta_okay() &&
1601       prefs_->GetInt64(kPrefsDeltaUpdateFailures, &delta_failures) &&
1602       delta_failures >= kMaxDeltaUpdateFailures) {
1603     LOG(WARNING) << "Too many delta update failures, forcing full update.";
1604     omaha_request_params_->set_delta_okay(false);
1605   }
1606 }
1607 
MarkDeltaUpdateFailure()1608 void UpdateAttempter::MarkDeltaUpdateFailure() {
1609   // Don't try to resume a failed delta update.
1610   DeltaPerformer::ResetUpdateProgress(prefs_, false);
1611   int64_t delta_failures;
1612   if (!prefs_->GetInt64(kPrefsDeltaUpdateFailures, &delta_failures) ||
1613       delta_failures < 0) {
1614     delta_failures = 0;
1615   }
1616   prefs_->SetInt64(kPrefsDeltaUpdateFailures, ++delta_failures);
1617 }
1618 
PingOmaha()1619 void UpdateAttempter::PingOmaha() {
1620   if (!processor_->IsRunning()) {
1621     ResetInteractivityFlags();
1622 
1623     auto ping_action = std::make_unique<OmahaRequestAction>(
1624         nullptr,
1625         std::make_unique<LibcurlHttpFetcher>(GetProxyResolver(),
1626                                              SystemState::Get()->hardware()),
1627         true,
1628         "" /* session_id */);
1629     processor_->set_delegate(nullptr);
1630     processor_->EnqueueAction(std::move(ping_action));
1631     // Call StartProcessing() synchronously here to avoid any race conditions
1632     // caused by multiple outstanding ping Omaha requests.  If we call
1633     // StartProcessing() asynchronously, the device can be suspended before we
1634     // get a chance to callback to StartProcessing().  When the device resumes
1635     // (assuming the device sleeps longer than the next update check period),
1636     // StartProcessing() is called back and at the same time, the next update
1637     // check is fired which eventually invokes StartProcessing().  A crash
1638     // can occur because StartProcessing() checks to make sure that the
1639     // processor is idle which it isn't due to the two concurrent ping Omaha
1640     // requests.
1641     processor_->StartProcessing();
1642   } else {
1643     LOG(WARNING) << "Action processor running, Omaha ping suppressed.";
1644   }
1645 
1646   // Update the last check time here; it may be re-updated when an Omaha
1647   // response is received, but this will prevent us from repeatedly scheduling
1648   // checks in the case where a response is not received.
1649   UpdateLastCheckedTime();
1650 
1651   // Update the status which will schedule the next update check
1652   SetStatusAndNotify(UpdateStatus::UPDATED_NEED_REBOOT);
1653   ScheduleUpdates();
1654 }
1655 
DecrementUpdateCheckCount()1656 bool UpdateAttempter::DecrementUpdateCheckCount() {
1657   int64_t update_check_count_value;
1658 
1659   if (!prefs_->Exists(kPrefsUpdateCheckCount)) {
1660     // This file does not exist. This means we haven't started our update
1661     // check count down yet, so nothing more to do. This file will be created
1662     // later when we first satisfy the wall-clock-based-wait period.
1663     LOG(INFO) << "No existing update check count. That's normal.";
1664     return true;
1665   }
1666 
1667   if (prefs_->GetInt64(kPrefsUpdateCheckCount, &update_check_count_value)) {
1668     // Only if we're able to read a proper integer value, then go ahead
1669     // and decrement and write back the result in the same file, if needed.
1670     LOG(INFO) << "Update check count = " << update_check_count_value;
1671 
1672     if (update_check_count_value == 0) {
1673       // It could be 0, if, for some reason, the file didn't get deleted
1674       // when we set our status to waiting for reboot. so we just leave it
1675       // as is so that we can prevent another update_check wait for this client.
1676       LOG(INFO) << "Not decrementing update check count as it's already 0.";
1677       return true;
1678     }
1679 
1680     if (update_check_count_value > 0)
1681       update_check_count_value--;
1682     else
1683       update_check_count_value = 0;
1684 
1685     // Write out the new value of update_check_count_value.
1686     if (prefs_->SetInt64(kPrefsUpdateCheckCount, update_check_count_value)) {
1687       // We successfully wrote out the new value, so enable the
1688       // update check based wait.
1689       LOG(INFO) << "New update check count = " << update_check_count_value;
1690       return true;
1691     }
1692   }
1693 
1694   LOG(INFO) << "Deleting update check count state due to read/write errors.";
1695 
1696   // We cannot read/write to the file, so disable the update check based wait
1697   // so that we don't get stuck in this OS version by any chance (which could
1698   // happen if there's some bug that causes to read/write incorrectly).
1699   // Also attempt to delete the file to do our best effort to cleanup.
1700   prefs_->Delete(kPrefsUpdateCheckCount);
1701   return false;
1702 }
1703 
UpdateEngineStarted()1704 void UpdateAttempter::UpdateEngineStarted() {
1705   // If we just booted into a new update, keep the previous OS version
1706   // in case we rebooted because of a crash of the old version, so we
1707   // can do a proper crash report with correct information.
1708   // This must be done before calling
1709   // SystemState::Get()->payload_state()->UpdateEngineStarted() since it will
1710   // delete SystemUpdated marker file.
1711   if (SystemState::Get()->system_rebooted() &&
1712       prefs_->Exists(kPrefsSystemUpdatedMarker)) {
1713     if (!prefs_->GetString(kPrefsPreviousVersion, &prev_version_)) {
1714       // If we fail to get the version string, make sure it stays empty.
1715       prev_version_.clear();
1716     }
1717   }
1718 
1719   MoveToPrefs({kPrefsLastRollCallPingDay, kPrefsLastActivePingDay});
1720 
1721   SystemState::Get()->payload_state()->UpdateEngineStarted();
1722   StartP2PAtStartup();
1723 
1724   excluder_ = CreateExcluder();
1725 }
1726 
MoveToPrefs(const vector<string> & keys)1727 void UpdateAttempter::MoveToPrefs(const vector<string>& keys) {
1728   auto* powerwash_safe_prefs = SystemState::Get()->powerwash_safe_prefs();
1729   for (const auto& key : keys) {
1730     // Do not overwrite existing pref key with powerwash prefs.
1731     if (!prefs_->Exists(key) && powerwash_safe_prefs->Exists(key)) {
1732       string value;
1733       if (!powerwash_safe_prefs->GetString(key, &value) ||
1734           !prefs_->SetString(key, value)) {
1735         PLOG(ERROR) << "Unable to add powerwash safe key " << key
1736                     << " to prefs. Powerwash safe key will be deleted.";
1737       }
1738     }
1739     // Delete keys regardless of operation success to preserve privacy.
1740     powerwash_safe_prefs->Delete(key);
1741   }
1742 }
1743 
StartP2PAtStartup()1744 bool UpdateAttempter::StartP2PAtStartup() {
1745   if (!SystemState::Get()->p2p_manager()->IsP2PEnabled()) {
1746     LOG(INFO) << "Not starting p2p at startup since it's not enabled.";
1747     return false;
1748   }
1749 
1750   if (SystemState::Get()->p2p_manager()->CountSharedFiles() < 1) {
1751     LOG(INFO) << "Not starting p2p at startup since our application "
1752               << "is not sharing any files.";
1753     return false;
1754   }
1755 
1756   return StartP2PAndPerformHousekeeping();
1757 }
1758 
StartP2PAndPerformHousekeeping()1759 bool UpdateAttempter::StartP2PAndPerformHousekeeping() {
1760   if (!SystemState::Get()->p2p_manager()->IsP2PEnabled()) {
1761     LOG(INFO) << "Not starting p2p since it's not enabled.";
1762     return false;
1763   }
1764 
1765   LOG(INFO) << "Ensuring that p2p is running.";
1766   if (!SystemState::Get()->p2p_manager()->EnsureP2PRunning()) {
1767     LOG(ERROR) << "Error starting p2p.";
1768     return false;
1769   }
1770 
1771   LOG(INFO) << "Performing p2p housekeeping.";
1772   if (!SystemState::Get()->p2p_manager()->PerformHousekeeping()) {
1773     LOG(ERROR) << "Error performing housekeeping for p2p.";
1774     return false;
1775   }
1776 
1777   LOG(INFO) << "Done performing p2p housekeeping.";
1778   return true;
1779 }
1780 
GetBootTimeAtUpdate(Time * out_boot_time)1781 bool UpdateAttempter::GetBootTimeAtUpdate(Time* out_boot_time) {
1782   // In case of an update_engine restart without a reboot, we stored the boot_id
1783   // when the update was completed by setting a pref, so we can check whether
1784   // the last update was on this boot or a previous one.
1785   string boot_id;
1786   TEST_AND_RETURN_FALSE(utils::GetBootId(&boot_id));
1787 
1788   string update_completed_on_boot_id;
1789   if (!prefs_->Exists(kPrefsUpdateCompletedOnBootId) ||
1790       !prefs_->GetString(kPrefsUpdateCompletedOnBootId,
1791                          &update_completed_on_boot_id) ||
1792       update_completed_on_boot_id != boot_id)
1793     return false;
1794 
1795   // Short-circuit avoiding the read in case out_boot_time is nullptr.
1796   if (out_boot_time) {
1797     int64_t boot_time = 0;
1798     // Since the kPrefsUpdateCompletedOnBootId was correctly set, this pref
1799     // should not fail.
1800     TEST_AND_RETURN_FALSE(
1801         prefs_->GetInt64(kPrefsUpdateCompletedBootTime, &boot_time));
1802     *out_boot_time = Time::FromInternalValue(boot_time);
1803   }
1804   return true;
1805 }
1806 
IsBusyOrUpdateScheduled()1807 bool UpdateAttempter::IsBusyOrUpdateScheduled() {
1808   return ((status_ != UpdateStatus::IDLE &&
1809            status_ != UpdateStatus::UPDATED_NEED_REBOOT) ||
1810           waiting_for_scheduled_check_);
1811 }
1812 
IsAnyUpdateSourceAllowed() const1813 bool UpdateAttempter::IsAnyUpdateSourceAllowed() const {
1814   // We allow updates from any source if either of these are true:
1815   //  * The device is running an unofficial (dev/test) image.
1816   //  * The debugd dev features are accessible (i.e. in devmode with no owner).
1817   // This protects users running a base image, while still allowing a specific
1818   // window (gated by the debug dev features) where `cros flash` is usable.
1819   if (!SystemState::Get()->hardware()->IsOfficialBuild()) {
1820     LOG(INFO) << "Non-official build; allowing any update source.";
1821     return true;
1822   }
1823 
1824   if (SystemState::Get()->hardware()->AreDevFeaturesEnabled()) {
1825     LOG(INFO) << "Developer features enabled; allowing custom update sources.";
1826     return true;
1827   }
1828 
1829   LOG(INFO)
1830       << "Developer features disabled; disallowing custom update sources.";
1831   return false;
1832 }
1833 
ReportTimeToUpdateAppliedMetric()1834 void UpdateAttempter::ReportTimeToUpdateAppliedMetric() {
1835   const policy::DevicePolicy* device_policy =
1836       SystemState::Get()->device_policy();
1837   if (device_policy && device_policy->IsEnterpriseEnrolled()) {
1838     vector<policy::DevicePolicy::WeeklyTimeInterval> parsed_intervals;
1839     bool has_time_restrictions =
1840         device_policy->GetDisallowedTimeIntervals(&parsed_intervals);
1841 
1842     int64_t update_first_seen_at_int;
1843     if (SystemState::Get()->prefs()->Exists(kPrefsUpdateFirstSeenAt)) {
1844       if (SystemState::Get()->prefs()->GetInt64(kPrefsUpdateFirstSeenAt,
1845                                                 &update_first_seen_at_int)) {
1846         TimeDelta update_delay =
1847             SystemState::Get()->clock()->GetWallclockTime() -
1848             Time::FromInternalValue(update_first_seen_at_int);
1849         SystemState::Get()
1850             ->metrics_reporter()
1851             ->ReportEnterpriseUpdateSeenToDownloadDays(has_time_restrictions,
1852                                                        update_delay.InDays());
1853       }
1854     }
1855   }
1856 }
1857 
1858 }  // namespace chromeos_update_engine
1859