commit 8db52491584d597c2c13710d8ab0c308d49ac365
author Miriam Polzer <mpolzer@google.com> Thu Sep 17 14:06:46 2020 +0200
committer Commit Bot <commit-bot@chromium.org> Tue Sep 29 18:58:49 2020 +0000
tree ac0d3df7806990eb824ef73e0792b9c6dbd09963
parent 582d8fec6c5fbb8b65c1f37579f5f71b88694a7e

update_engine: Fall back to DeviceMinimumVersion

If the kiosk's required Chrome OS version can not be read several times
and DeviceMinimumVersionis set, update only if the current version is
below the DeviceMinimumVersion.

This a very conservative approach at preventing kiosks from updating
randomly:
- It only affects kiosk devices.
- It only affects devices that have DeviceMinimumVersion set, others
will still simply update once the kiosk version could not be fetched
several times.

BUG=chromium:1084453
TEST=FEATURES=test emerge-amd64-generic update_engine
TEST=Set policies on DUT and check behavior

Change-Id: I82caf4bf4969959e461a218a916f057ea73946ad
Reviewed-on: https://chromium-review.googlesource.com/c/aosp/platform/system/update_engine/+/2416628
Tested-by: Miriam Polzer <mpolzer@google.com>
Commit-Queue: Miriam Polzer <mpolzer@google.com>
Reviewed-by: Amin Hassani <ahassani@chromium.org>

update_manager/real_system_provider.h

diff --git a/update_manager/real_system_provider.h b/update_manager/real_system_provider.h
index 114c6ea..0e68997 100644
--- a/update_manager/real_system_provider.h
+++ b/update_manager/real_system_provider.h
@@ -20,8 +20,9 @@
 #include <memory>
 #include <string>
 
-#include "update_engine/common/boot_control_interface.h"
-#include "update_engine/common/hardware_interface.h"
+#include <base/version.h>
+
+#include "update_engine/system_state.h"
 #include "update_engine/update_manager/system_provider.h"
 
 namespace org {
@@ -36,16 +37,13 @@
 class RealSystemProvider : public SystemProvider {
  public:
   RealSystemProvider(
-      chromeos_update_engine::HardwareInterface* hardware,
-      chromeos_update_engine::BootControlInterface* boot_control,
+      chromeos_update_engine::SystemState* system_state,
       org::chromium::KioskAppServiceInterfaceProxyInterface* kiosk_app_proxy)
-      : hardware_(hardware),
 #if USE_CHROME_KIOSK_APP
-        boot_control_(boot_control),
-        kiosk_app_proxy_(kiosk_app_proxy) {
+      : system_state_(system_state), kiosk_app_proxy_(kiosk_app_proxy) {
   }
 #else
-        boot_control_(boot_control) {
+      system_state_(system_state) {
   }
 #endif  // USE_CHROME_KIOSK_APP
 
@@ -72,6 +70,10 @@
     return var_kiosk_required_platform_version_.get();
   }
 
+  Variable<base::Version>* var_chromeos_version() override {
+    return var_chromeos_version_.get();
+  }
+
  private:
   bool GetKioskAppRequiredPlatformVersion(
       std::string* required_platform_version);
@@ -81,9 +83,9 @@
   std::unique_ptr<Variable<bool>> var_is_oobe_complete_;
   std::unique_ptr<Variable<unsigned int>> var_num_slots_;
   std::unique_ptr<Variable<std::string>> var_kiosk_required_platform_version_;
+  std::unique_ptr<Variable<base::Version>> var_chromeos_version_;
 
-  chromeos_update_engine::HardwareInterface* const hardware_;
-  chromeos_update_engine::BootControlInterface* const boot_control_;
+  chromeos_update_engine::SystemState* const system_state_;
 #if USE_CHROME_KIOSK_APP
   org::chromium::KioskAppServiceInterfaceProxyInterface* const kiosk_app_proxy_;
 #endif  // USE_CHROME_KIOSK_APP