1 // 2 // Copyright (C) 2014 The Android Open Source Project 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 // 16 17 #ifndef UPDATE_ENGINE_UPDATE_MANAGER_POLICY_H_ 18 #define UPDATE_ENGINE_UPDATE_MANAGER_POLICY_H_ 19 20 #include <memory> 21 #include <string> 22 #include <tuple> 23 #include <vector> 24 25 #include "update_engine/common/error_code.h" 26 #include "update_engine/payload_consumer/install_plan.h" 27 #include "update_engine/update_manager/evaluation_context.h" 28 #include "update_engine/update_manager/rollback_prefs.h" 29 #include "update_engine/update_manager/state.h" 30 31 namespace chromeos_update_manager { 32 33 // The three different results of a policy request. 34 enum class EvalStatus { 35 kFailed, 36 kSucceeded, 37 kAskMeAgainLater, 38 kContinue, 39 }; 40 41 std::string ToString(EvalStatus status); 42 43 // Parameters of an update check. These parameters are determined by the 44 // UpdateCheckAllowed policy. 45 struct UpdateCheckParams { 46 bool updates_enabled; // Whether the auto-updates are enabled on this build. 47 48 // Attributes pertaining to the case where update checks are allowed. 49 // 50 // A target version prefix, if imposed by policy; otherwise, an empty string. 51 std::string target_version_prefix; 52 // Specifies whether rollback images are allowed by device policy. 53 bool rollback_allowed; 54 // Specifies if rollbacks should attempt to preserve some system state. 55 bool rollback_data_save_requested; 56 // Specifies the number of Chrome milestones rollback should be allowed, 57 // starting from the stable version at any time. Value is -1 if unspecified 58 // (e.g. no device policy is available yet), in this case no version 59 // roll-forward should happen. 60 int rollback_allowed_milestones; 61 // A target channel, if so imposed by policy; otherwise, an empty string. 62 std::string target_channel; 63 64 // Whether the allowed update is interactive (user-initiated) or periodic. 65 bool interactive; 66 }; 67 68 // Input arguments to UpdateCanStart. 69 // 70 // A snapshot of the state of the current update process. This includes 71 // everything that a policy might need and that occurred since the first time 72 // the current payload was first seen and attempted (consecutively). 73 struct UpdateState { 74 // Information pertaining to the current update payload and/or check. 75 // 76 // Whether the current update check is an interactive one. The caller should 77 // feed the value returned by the preceding call to UpdateCheckAllowed(). 78 bool interactive; 79 // Whether it is a delta payload. 80 bool is_delta_payload; 81 // Wallclock time when payload was first (consecutively) offered by Omaha. 82 base::Time first_seen; 83 // Number of consecutive update checks returning the current update. 84 int num_checks; 85 // Number of update payload failures and the wallclock time when it was last 86 // updated by the updater. These should both be nullified whenever a new 87 // update is seen; they are updated at the policy's descretion (via 88 // UpdateDownloadParams.do_increment_failures) once all of the usable download 89 // URLs for the payload have been used without success. They should be 90 // persisted across reboots. 91 int num_failures; 92 base::Time failures_last_updated; 93 94 // Information pertaining to downloading and applying of the current update. 95 // 96 // An array of download URLs provided by Omaha. 97 std::vector<std::string> download_urls; 98 // Max number of errors allowed per download URL. 99 int download_errors_max; 100 // The index of the URL to download from, as determined in the previous call 101 // to the policy. For a newly seen payload, this should be -1. 102 int last_download_url_idx; 103 // The number of successive download errors pertaining to this last URL, as 104 // determined in the previous call to the policy. For a newly seen payload, 105 // this should be zero. 106 int last_download_url_num_errors; 107 // An array of errors that occurred while trying to download this update since 108 // the previous call to this policy has returned, or since this payload was 109 // first seen, or since the updater process has started (whichever is later). 110 // Includes the URL index attempted, the error code, and the wallclock-based 111 // timestamp when it occurred. 112 std::vector<std::tuple<int, chromeos_update_engine::ErrorCode, base::Time>> 113 download_errors; 114 // Whether Omaha forbids use of P2P for downloading and/or sharing. 115 bool p2p_downloading_disabled; 116 bool p2p_sharing_disabled; 117 // The number of P2P download attempts and wallclock-based time when P2P 118 // download was first attempted. 119 int p2p_num_attempts; 120 base::Time p2p_first_attempted; 121 122 // Information pertaining to update backoff mechanism. 123 // 124 // The currently known (persisted) wallclock-based backoff expiration time; 125 // zero if none. 126 base::Time backoff_expiry; 127 // Whether backoff is disabled by Omaha. 128 bool is_backoff_disabled; 129 130 // Information pertaining to update scattering. 131 // 132 // The currently known (persisted) scattering wallclock-based wait period and 133 // update check threshold; zero if none. 134 base::TimeDelta scatter_wait_period; 135 int scatter_check_threshold; 136 // Maximum wait period allowed for this update, as determined by Omaha. 137 base::TimeDelta scatter_wait_period_max; 138 // Minimum/maximum check threshold values. 139 // TODO(garnold) These appear to not be related to the current update and so 140 // should probably be obtained as variables via UpdaterProvider. 141 int scatter_check_threshold_min; 142 int scatter_check_threshold_max; 143 }; 144 145 // Results regarding the downloading and applying of an update, as determined by 146 // UpdateCanStart. 147 // 148 // An enumerator for the reasons of not allowing an update to start. 149 enum class UpdateCannotStartReason { 150 kUndefined, 151 kCheckDue, 152 kScattering, 153 kBackoff, 154 kCannotDownload, 155 }; 156 157 struct UpdateDownloadParams { 158 // Whether the update attempt is allowed to proceed. 159 bool update_can_start; 160 // If update cannot proceed, a reason code for why it cannot do so. 161 UpdateCannotStartReason cannot_start_reason; 162 163 // Download related attributes. The update engine uses them to choose the 164 // means for downloading and applying an update. 165 // 166 // The index of the download URL to use (-1 means no suitable URL was found) 167 // and whether it can be used. Even if there's no URL or its use is not 168 // allowed (backoff, scattering) there may still be other means for download 169 // (like P2P). The URL index needs to be persisted and handed back to the 170 // policy on the next time it is called. 171 int download_url_idx; 172 bool download_url_allowed; 173 // The number of download errors associated with this download URL. This value 174 // needs to be persisted and handed back to the policy on the next time it is 175 // called. 176 int download_url_num_errors; 177 // Whether P2P download and sharing are allowed. 178 bool p2p_downloading_allowed; 179 bool p2p_sharing_allowed; 180 181 // Other values that need to be persisted and handed to the policy as need on 182 // the next call. 183 // 184 // Whether an update failure has been identified by the policy. The client 185 // should increment and persist its update failure count, and record the time 186 // when this was done; it needs to hand these values back to the policy 187 // (UpdateState.{num_failures,failures_last_updated}) on the next time it is 188 // called. 189 bool do_increment_failures; 190 // The current backof expiry. 191 base::Time backoff_expiry; 192 // The scattering wait period and check threshold. 193 base::TimeDelta scatter_wait_period; 194 int scatter_check_threshold; 195 }; 196 197 // The Policy class is an interface to the ensemble of policy requests that the 198 // client can make. A derived class includes the policy implementations of 199 // these. 200 // 201 // When compile-time selection of the policy is required due to missing or extra 202 // parts in a given platform, a different Policy subclass can be used. 203 class Policy { 204 public: ~Policy()205 virtual ~Policy() {} 206 207 // Returns the name of a public policy request. 208 // IMPORTANT: Be sure to add a conditional for each new public policy that is 209 // being added to this class in the future. 210 template <typename R, typename... Args> PolicyRequestName(EvalStatus (Policy::* policy_method)(EvaluationContext *,State *,std::string *,R *,Args...)const)211 std::string PolicyRequestName(EvalStatus (Policy::*policy_method)( 212 EvaluationContext*, State*, std::string*, R*, Args...) const) const { 213 std::string class_name = PolicyName() + "::"; 214 215 if (reinterpret_cast<typeof(&Policy::UpdateCheckAllowed)>(policy_method) == 216 &Policy::UpdateCheckAllowed) 217 return class_name + "UpdateCheckAllowed"; 218 if (reinterpret_cast<typeof(&Policy::UpdateCanBeApplied)>(policy_method) == 219 &Policy::UpdateCanBeApplied) 220 return class_name + "UpdateCanBeApplied"; 221 if (reinterpret_cast<typeof(&Policy::UpdateCanStart)>(policy_method) == 222 &Policy::UpdateCanStart) 223 return class_name + "UpdateCanStart"; 224 if (reinterpret_cast<typeof(&Policy::UpdateDownloadAllowed)>( 225 policy_method) == &Policy::UpdateDownloadAllowed) 226 return class_name + "UpdateDownloadAllowed"; 227 if (reinterpret_cast<typeof(&Policy::P2PEnabled)>(policy_method) == 228 &Policy::P2PEnabled) 229 return class_name + "P2PEnabled"; 230 if (reinterpret_cast<typeof(&Policy::P2PEnabledChanged)>(policy_method) == 231 &Policy::P2PEnabledChanged) 232 return class_name + "P2PEnabledChanged"; 233 234 NOTREACHED(); 235 return class_name + "(unknown)"; 236 } 237 238 // List of policy requests. A policy request takes an EvaluationContext as the 239 // first argument, a State instance, a returned error message, a returned 240 // value and optionally followed by one or more arbitrary constant arguments. 241 // 242 // When the implementation fails, the method returns EvalStatus::kFailed and 243 // sets the |error| string. 244 245 // UpdateCheckAllowed returns whether it is allowed to request an update check 246 // to Omaha. 247 virtual EvalStatus UpdateCheckAllowed(EvaluationContext* ec, 248 State* state, 249 std::string* error, 250 UpdateCheckParams* result) const = 0; 251 252 // UpdateCanBeApplied returns whether the given |install_plan| can be acted 253 // on at this time. The reason for not applying is returned in |result|. 254 // The Policy may modify the passed-in |install_plan|, based on the 255 // implementation in the Policy and values provided by the EvaluationContext. 256 virtual EvalStatus UpdateCanBeApplied( 257 EvaluationContext* ec, 258 State* state, 259 std::string* error, 260 chromeos_update_engine::ErrorCode* result, 261 chromeos_update_engine::InstallPlan* install_plan) const = 0; 262 263 // Returns EvalStatus::kSucceeded if either an update can start being 264 // processed, or the attempt needs to be aborted. In cases where the update 265 // needs to wait for some condition to be satisfied, but none of the values 266 // that need to be persisted has changed, returns 267 // EvalStatus::kAskMeAgainLater. Arguments include an |update_state| that 268 // encapsulates data pertaining to the current ongoing update process. 269 virtual EvalStatus UpdateCanStart(EvaluationContext* ec, 270 State* state, 271 std::string* error, 272 UpdateDownloadParams* result, 273 UpdateState update_state) const = 0; 274 275 // Checks whether downloading of an update is allowed; currently, this checks 276 // whether the network connection type is suitable for updating over. May 277 // consult the shill provider as well as the device policy (if available). 278 // Returns |EvalStatus::kSucceeded|, setting |result| according to whether or 279 // not the current connection can be used; on error, returns 280 // |EvalStatus::kFailed| and sets |error| accordingly. 281 virtual EvalStatus UpdateDownloadAllowed(EvaluationContext* ec, 282 State* state, 283 std::string* error, 284 bool* result) const = 0; 285 286 // Checks whether P2P is enabled. This may consult device policy and other 287 // global settings. 288 virtual EvalStatus P2PEnabled(EvaluationContext* ec, 289 State* state, 290 std::string* error, 291 bool* result) const = 0; 292 293 // Checks whether P2P is enabled, but blocks (returns 294 // |EvalStatus::kAskMeAgainLater|) until it is different from |prev_result|. 295 // If the P2P enabled status is not expected to change, will return 296 // immediately with |EvalStatus::kSucceeded|. This internally uses the 297 // P2PEnabled() policy above. 298 virtual EvalStatus P2PEnabledChanged(EvaluationContext* ec, 299 State* state, 300 std::string* error, 301 bool* result, 302 bool prev_result) const = 0; 303 304 protected: Policy()305 Policy() {} 306 307 // Returns the name of the actual policy class. 308 virtual std::string PolicyName() const = 0; 309 310 private: 311 DISALLOW_COPY_AND_ASSIGN(Policy); 312 }; 313 314 // Get system dependent (Chrome OS vs. Android) policy 315 // implementation. Implementations can be found in chromeos_policy.cc and 316 // android_things_policy.cc. 317 std::unique_ptr<Policy> GetSystemPolicy(); 318 319 } // namespace chromeos_update_manager 320 321 #endif // UPDATE_ENGINE_UPDATE_MANAGER_POLICY_H_ 322