Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_update_engine / 1f899d57c3d10f10f2d1324c116d3edd73ed6d7d^! / . / omaha_request_action.h
commit1f899d57c3d10f10f2d1324c116d3edd73ed6d7d[log] [tgz]
authorZentaro Kavanagh <zentaro@chromium.org>Tue Feb 27 15:02:47 2018 -0800
committerchrome-bot <chrome-bot@chromium.org>Thu Apr 26 13:01:50 2018 -0700
tree5d5b18dfd7f33d00669796754a738655dd3625be
parent2abda314107852176a85008cb94953abbb7f909d [diff] [blame]
update_engine: Set min kernel version based on rollback policy.

- Sets max_kernel_rollforward to tpm_kernver for enterprise enrolled
  devices if number of allowed rollback versions is > 0, or if
  no policy is available.
- Sets max_kernel_rollforward to 0xfffffffe for consumer devices.
- This just holds the rollback window open for enterprise customers
  while the server side piece of the feature is implemented.
- In future max_kernel_rollforward will be set based on the number
  of allowed rollback versions to the lowest version that still
  allows those rollbacks, and will progressively increase as the
  versions age out of the rollback window.

BUG=chromium:814090
TEST=emerges
Change-Id: I7c192092183dd398f74d34b41bbc65dc2595d081
Reviewed-on: https://chromium-review.googlesource.com/940567
Commit-Ready: Zentaro Kavanagh <zentaro@chromium.org>
Tested-by: Zentaro Kavanagh <zentaro@chromium.org>
Reviewed-by: Zentaro Kavanagh <zentaro@chromium.org>

diff --git a/omaha_request_action.h b/omaha_request_action.h
index f1c4a02..7f526ec 100644
--- a/omaha_request_action.h
+++ b/omaha_request_action.h

@@ -39,6 +39,10 @@
 // The Omaha Request action makes a request to Omaha and can output
 // the response on the output ActionPipe.
 
+namespace policy {
+class PolicyProvider;
+}
+
 namespace chromeos_update_engine {
 
 // Encodes XML entities in a given string. Input must be ASCII-7 valid. If
@@ -172,6 +176,7 @@
   bool IsEvent() const { return event_.get() != nullptr; }
 
  private:
+  friend class OmahaRequestActionTest;
   FRIEND_TEST(OmahaRequestActionTest, GetInstallDateWhenNoPrefsNorOOBE);
   FRIEND_TEST(OmahaRequestActionTest,
               GetInstallDateWhenOOBECompletedWithInvalidDate);
@@ -303,6 +308,14 @@
   bool IsUpdateAllowedOverCurrentConnection(
       ErrorCode* error, const OmahaResponse& response) const;
 
+  // Returns true if rollback is enabled. Always returns false for consumer
+  // devices.
+  bool IsRollbackEnabled() const;
+
+  // Sets the appropriate max kernel key version based on whether rollback is
+  // enabled.
+  void SetMaxKernelKeyVersionForRollback() const;
+
   // Global system context.
   SystemState* system_state_;
 
@@ -315,6 +328,9 @@
   // pointer to the HttpFetcher that does the http work
   std::unique_ptr<HttpFetcher> http_fetcher_;
 
+  // Used for fetching information about the device policy.
+  std::unique_ptr<policy::PolicyProvider> policy_provider_;
+
   // If true, only include the <ping> element in the request.
   bool ping_only_;