Add flag for restricting downloads
This adds a flag that can be used to turn off the ability to download
and apply updates from the API. This value applies to all future
update checks that the update_engine performs. Changing this value
during an update check has no effect on the current update check.
Bug: 66016687
Test: unit-tests, manual OTA
Change-Id: I655adf23cae44c63079bfa9dc18ba8ca65d7a304
(cherry picked from commit e22f2ddfec92623d38efbf17c17917f68e52907a)
diff --git a/update_manager/android_things_policy.cc b/update_manager/android_things_policy.cc
index 2304f12..3af93cc 100644
--- a/update_manager/android_things_policy.cc
+++ b/update_manager/android_things_policy.cc
@@ -22,6 +22,7 @@
#include <base/logging.h>
#include <base/time/time.h>
+#include "update_engine/update_manager/api_restricted_downloads_policy_impl.h"
#include "update_engine/update_manager/enough_slots_ab_updates_policy_impl.h"
#include "update_engine/update_manager/interactive_update_policy_impl.h"
#include "update_engine/update_manager/official_build_check_policy_impl.h"
@@ -96,15 +97,43 @@
}
}
-// Always returns |EvalStatus::kSucceeded|
+// Uses the |UpdateRestrictions| to determine if the download and apply can
+// occur at this time.
EvalStatus AndroidThingsPolicy::UpdateCanBeApplied(
EvaluationContext* ec,
State* state,
string* error,
- chromeos_update_engine::ErrorCode* result,
+ ErrorCode* result,
chromeos_update_engine::InstallPlan* install_plan) const {
- *result = ErrorCode::kSuccess;
- return EvalStatus::kSucceeded;
+ // Build a list of policies to consult. Note that each policy may modify the
+ // result structure, even if it signals kContinue.
+ ApiRestrictedDownloadsPolicyImpl api_restricted_downloads_policy;
+
+ vector<Policy const*> policies_to_consult = {
+
+ // Do not apply the update if all updates are restricted by the API.
+ &api_restricted_downloads_policy,
+ };
+
+ // Now that the list of policy implementations, and the order to consult them,
+ // as been setup, do that. If none of the policies make a definitive
+ // decisions about whether or not to check for updates, then allow the update
+ // check to happen.
+ EvalStatus status = ConsultPolicies(policies_to_consult,
+ &Policy::UpdateCanBeApplied,
+ ec,
+ state,
+ error,
+ result,
+ install_plan);
+ if (EvalStatus::kContinue != status) {
+ return status;
+ } else {
+ // The update can proceed.
+ LOG(INFO) << "Allowing update to be applied.";
+ *result = ErrorCode::kSuccess;
+ return EvalStatus::kSucceeded;
+ }
}
// Always returns |EvalStatus::kSucceeded|
diff --git a/update_manager/android_things_policy.h b/update_manager/android_things_policy.h
index 6f8f4ad..b45e955 100644
--- a/update_manager/android_things_policy.h
+++ b/update_manager/android_things_policy.h
@@ -37,7 +37,8 @@
std::string* error,
UpdateCheckParams* result) const override;
- // Always returns |EvalStatus::kSucceeded|
+ // Uses the |UpdateRestrictions| to determine if the download and apply can
+ // occur at this time.
EvalStatus UpdateCanBeApplied(
EvaluationContext* ec,
State* state,
diff --git a/update_manager/android_things_policy_unittest.cc b/update_manager/android_things_policy_unittest.cc
index 8b7d128..04b0e0e 100644
--- a/update_manager/android_things_policy_unittest.cc
+++ b/update_manager/android_things_policy_unittest.cc
@@ -21,6 +21,8 @@
using base::Time;
using base::TimeDelta;
+using chromeos_update_engine::ErrorCode;
+using chromeos_update_engine::InstallPlan;
namespace chromeos_update_manager {
@@ -153,4 +155,30 @@
EXPECT_FALSE(result.is_interactive);
}
+TEST_F(UmAndroidThingsPolicyTest, UpdateCanBeAppliedOk) {
+ // UpdateCanBeApplied should return kSucceeded in the base case
+
+ InstallPlan plan;
+ ErrorCode result;
+ ExpectPolicyStatus(
+ EvalStatus::kSucceeded, &Policy::UpdateCanBeApplied, &result, &plan);
+
+ EXPECT_EQ(ErrorCode::kSuccess, result);
+}
+
+TEST_F(UmAndroidThingsPolicyTest, UpdateCanBeAppliedRestricted) {
+ // UpdateCanBeApplied should return kOmahaUpdateDeferredPerPolicy in
+ // when the restricted flag is set in the Updater.
+
+ fake_state_.updater_provider()->var_update_restrictions()->reset(
+ new UpdateRestrictions(UpdateRestrictions::kRestrictDownloading));
+
+ InstallPlan plan;
+ ErrorCode result;
+ ExpectPolicyStatus(
+ EvalStatus::kSucceeded, &Policy::UpdateCanBeApplied, &result, &plan);
+
+ EXPECT_EQ(ErrorCode::kOmahaUpdateDeferredPerPolicy, result);
+}
+
} // namespace chromeos_update_manager
diff --git a/update_manager/api_restricted_downloads_policy_impl.cc b/update_manager/api_restricted_downloads_policy_impl.cc
new file mode 100644
index 0000000..d413cca
--- /dev/null
+++ b/update_manager/api_restricted_downloads_policy_impl.cc
@@ -0,0 +1,47 @@
+//
+// Copyright (C) 2017 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+#include "update_engine/update_manager/api_restricted_downloads_policy_impl.h"
+
+using chromeos_update_engine::ErrorCode;
+using std::string;
+using std::vector;
+
+namespace chromeos_update_manager {
+
+// Allow the API to restrict the downloading of updates.
+EvalStatus ApiRestrictedDownloadsPolicyImpl::UpdateCanBeApplied(
+ EvaluationContext* ec,
+ State* state,
+ std::string* error,
+ ErrorCode* result,
+ chromeos_update_engine::InstallPlan* install_plan) const {
+ // Next, check to see if updates can be applied (in general).
+ const UpdateRestrictions* update_restrictions_p =
+ ec->GetValue(state->updater_provider()->var_update_restrictions());
+ if (update_restrictions_p) {
+ if (*update_restrictions_p & UpdateRestrictions::kRestrictDownloading) {
+ *result = ErrorCode::kOmahaUpdateDeferredPerPolicy;
+ return EvalStatus::kSucceeded;
+ }
+ }
+
+ // The API isn't restricting downloads, so implicitly allow them to happen
+ // but don't explicitly return success from this policy implementation.
+ return EvalStatus::kContinue;
+}
+
+} // namespace chromeos_update_manager
diff --git a/update_manager/api_restricted_downloads_policy_impl.h b/update_manager/api_restricted_downloads_policy_impl.h
new file mode 100644
index 0000000..69686d6
--- /dev/null
+++ b/update_manager/api_restricted_downloads_policy_impl.h
@@ -0,0 +1,51 @@
+//
+// Copyright (C) 2017 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+#ifndef UPDATE_ENGINE_UPDATE_MANAGER_API_RESTRICTED_DOWNLOADS_POLICY_IMPL_H_
+#define UPDATE_ENGINE_UPDATE_MANAGER_API_RESTRICTED_DOWNLOADS_POLICY_IMPL_H_
+
+#include <string>
+
+#include "update_engine/update_manager/policy_utils.h"
+
+namespace chromeos_update_manager {
+
+// Allow the API to restrict the downloading of updates.
+class ApiRestrictedDownloadsPolicyImpl : public PolicyImplBase {
+ public:
+ ApiRestrictedDownloadsPolicyImpl() = default;
+ ~ApiRestrictedDownloadsPolicyImpl() override = default;
+
+ // Policy overrides.
+ EvalStatus UpdateCanBeApplied(
+ EvaluationContext* ec,
+ State* state,
+ std::string* error,
+ chromeos_update_engine::ErrorCode* result,
+ chromeos_update_engine::InstallPlan* install_plan) const override;
+
+ protected:
+ std::string PolicyName() const override {
+ return "ApiRestrictedDownloadsPolicyImpl";
+ }
+
+ private:
+ DISALLOW_COPY_AND_ASSIGN(ApiRestrictedDownloadsPolicyImpl);
+};
+
+} // namespace chromeos_update_manager
+
+#endif // UPDATE_ENGINE_UPDATE_MANAGER_API_RESTRICTED_DOWNLOADS_POLICY_IMPL_H_
\ No newline at end of file
diff --git a/update_manager/boxed_value.cc b/update_manager/boxed_value.cc
index 9758d33..a437c02 100644
--- a/update_manager/boxed_value.cc
+++ b/update_manager/boxed_value.cc
@@ -176,4 +176,19 @@
return "Unknown";
}
+template <>
+string BoxedValue::ValuePrinter<UpdateRestrictions>(const void* value) {
+ const UpdateRestrictions* val =
+ reinterpret_cast<const UpdateRestrictions*>(value);
+
+ if (*val == UpdateRestrictions::kNone) {
+ return "None";
+ }
+ string retval = "Flags:";
+ if (*val & kRestrictDownloading) {
+ retval += " RestrictDownloading";
+ }
+ return retval;
+}
+
} // namespace chromeos_update_manager
diff --git a/update_manager/boxed_value_unittest.cc b/update_manager/boxed_value_unittest.cc
index 2a086a6..83d8de7 100644
--- a/update_manager/boxed_value_unittest.cc
+++ b/update_manager/boxed_value_unittest.cc
@@ -231,4 +231,14 @@
EXPECT_EQ("DeleterMarker:true", value.ToString());
}
+TEST(UmBoxedValueTest, UpdateRestrictionsToString) {
+ EXPECT_EQ(
+ "None",
+ BoxedValue(new UpdateRestrictions(UpdateRestrictions::kNone)).ToString());
+ EXPECT_EQ("Flags: RestrictDownloading",
+ BoxedValue(new UpdateRestrictions(
+ UpdateRestrictions::kRestrictDownloading))
+ .ToString());
+}
+
} // namespace chromeos_update_manager
diff --git a/update_manager/fake_updater_provider.h b/update_manager/fake_updater_provider.h
index a7c15b5..3e03d43 100644
--- a/update_manager/fake_updater_provider.h
+++ b/update_manager/fake_updater_provider.h
@@ -85,6 +85,10 @@
return &var_forced_update_requested_;
}
+ FakeVariable<UpdateRestrictions>* var_update_restrictions() override {
+ return &var_update_restrictions_;
+ }
+
private:
FakeVariable<base::Time>
var_updater_started_time_{ // NOLINT(whitespace/braces)
@@ -121,6 +125,10 @@
FakeVariable<UpdateRequestStatus>
var_forced_update_requested_{ // NOLINT(whitespace/braces)
"forced_update_requested", kVariableModeAsync};
+ FakeVariable<UpdateRestrictions> var_update_restrictions_{
+ // NOLINT(whitespace/braces)
+ "update_restrictions",
+ kVariableModePoll};
DISALLOW_COPY_AND_ASSIGN(FakeUpdaterProvider);
};
diff --git a/update_manager/real_updater_provider.cc b/update_manager/real_updater_provider.cc
index a085f42..efa3609 100644
--- a/update_manager/real_updater_provider.cc
+++ b/update_manager/real_updater_provider.cc
@@ -38,6 +38,7 @@
using chromeos_update_engine::OmahaRequestParams;
using chromeos_update_engine::SystemState;
using std::string;
+using update_engine::UpdateAttemptFlags;
using update_engine::UpdateEngineStatus;
namespace chromeos_update_manager {
@@ -416,40 +417,66 @@
DISALLOW_COPY_AND_ASSIGN(ForcedUpdateRequestedVariable);
};
+// A variable returning the current update restrictions that are in effect.
+class UpdateRestrictionsVariable
+ : public UpdaterVariableBase<UpdateRestrictions> {
+ public:
+ UpdateRestrictionsVariable(const string& name, SystemState* system_state)
+ : UpdaterVariableBase<UpdateRestrictions>(
+ name, kVariableModePoll, system_state) {}
+
+ private:
+ const UpdateRestrictions* GetValue(TimeDelta /* timeout */,
+ string* /* errmsg */) override {
+ UpdateAttemptFlags attempt_flags =
+ system_state()->update_attempter()->GetCurrentUpdateAttemptFlags();
+ UpdateRestrictions restriction_flags = UpdateRestrictions::kNone;
+ // Don't blindly copy the whole value, test and set bits that should
+ // transfer from one set of flags to the other.
+ if (attempt_flags & UpdateAttemptFlags::kFlagRestrictDownload) {
+ restriction_flags = static_cast<UpdateRestrictions>(
+ restriction_flags | UpdateRestrictions::kRestrictDownloading);
+ }
+
+ return new UpdateRestrictions(restriction_flags);
+ }
+
+ DISALLOW_COPY_AND_ASSIGN(UpdateRestrictionsVariable);
+};
+
// RealUpdaterProvider methods.
RealUpdaterProvider::RealUpdaterProvider(SystemState* system_state)
- : system_state_(system_state),
- var_updater_started_time_("updater_started_time",
- system_state->clock()->GetWallclockTime()),
- var_last_checked_time_(
- new LastCheckedTimeVariable("last_checked_time", system_state_)),
- var_update_completed_time_(
- new UpdateCompletedTimeVariable("update_completed_time",
- system_state_)),
- var_progress_(new ProgressVariable("progress", system_state_)),
- var_stage_(new StageVariable("stage", system_state_)),
- var_new_version_(new NewVersionVariable("new_version", system_state_)),
- var_payload_size_(new PayloadSizeVariable("payload_size", system_state_)),
- var_curr_channel_(new CurrChannelVariable("curr_channel", system_state_)),
- var_new_channel_(new NewChannelVariable("new_channel", system_state_)),
- var_p2p_enabled_(
- new BooleanPrefVariable("p2p_enabled", system_state_->prefs(),
- chromeos_update_engine::kPrefsP2PEnabled,
- false)),
- var_cellular_enabled_(
- new BooleanPrefVariable(
- "cellular_enabled", system_state_->prefs(),
- chromeos_update_engine::kPrefsUpdateOverCellularPermission,
- false)),
- var_consecutive_failed_update_checks_(
- new ConsecutiveFailedUpdateChecksVariable(
- "consecutive_failed_update_checks", system_state_)),
- var_server_dictated_poll_interval_(
- new ServerDictatedPollIntervalVariable(
- "server_dictated_poll_interval", system_state_)),
- var_forced_update_requested_(
- new ForcedUpdateRequestedVariable(
- "forced_update_requested", system_state_)) {}
-
+ : system_state_(system_state),
+ var_updater_started_time_("updater_started_time",
+ system_state->clock()->GetWallclockTime()),
+ var_last_checked_time_(
+ new LastCheckedTimeVariable("last_checked_time", system_state_)),
+ var_update_completed_time_(new UpdateCompletedTimeVariable(
+ "update_completed_time", system_state_)),
+ var_progress_(new ProgressVariable("progress", system_state_)),
+ var_stage_(new StageVariable("stage", system_state_)),
+ var_new_version_(new NewVersionVariable("new_version", system_state_)),
+ var_payload_size_(new PayloadSizeVariable("payload_size", system_state_)),
+ var_curr_channel_(new CurrChannelVariable("curr_channel", system_state_)),
+ var_new_channel_(new NewChannelVariable("new_channel", system_state_)),
+ var_p2p_enabled_(
+ new BooleanPrefVariable("p2p_enabled",
+ system_state_->prefs(),
+ chromeos_update_engine::kPrefsP2PEnabled,
+ false)),
+ var_cellular_enabled_(new BooleanPrefVariable(
+ "cellular_enabled",
+ system_state_->prefs(),
+ chromeos_update_engine::kPrefsUpdateOverCellularPermission,
+ false)),
+ var_consecutive_failed_update_checks_(
+ new ConsecutiveFailedUpdateChecksVariable(
+ "consecutive_failed_update_checks", system_state_)),
+ var_server_dictated_poll_interval_(new ServerDictatedPollIntervalVariable(
+ "server_dictated_poll_interval", system_state_)),
+ var_forced_update_requested_(new ForcedUpdateRequestedVariable(
+ "forced_update_requested", system_state_)),
+ var_update_restrictions_(new UpdateRestrictionsVariable(
+ "update_restrictions", system_state_)) {}
} // namespace chromeos_update_manager
diff --git a/update_manager/real_updater_provider.h b/update_manager/real_updater_provider.h
index eb8b8e6..5e3e27b 100644
--- a/update_manager/real_updater_provider.h
+++ b/update_manager/real_updater_provider.h
@@ -96,6 +96,10 @@
return var_forced_update_requested_.get();
}
+ Variable<UpdateRestrictions>* var_update_restrictions() override {
+ return var_update_restrictions_.get();
+ }
+
private:
// A pointer to the update engine's system state aggregator.
chromeos_update_engine::SystemState* system_state_;
@@ -115,6 +119,7 @@
std::unique_ptr<Variable<unsigned int>> var_consecutive_failed_update_checks_;
std::unique_ptr<Variable<unsigned int>> var_server_dictated_poll_interval_;
std::unique_ptr<Variable<UpdateRequestStatus>> var_forced_update_requested_;
+ std::unique_ptr<Variable<UpdateRestrictions>> var_update_restrictions_;
DISALLOW_COPY_AND_ASSIGN(RealUpdaterProvider);
};
diff --git a/update_manager/real_updater_provider_unittest.cc b/update_manager/real_updater_provider_unittest.cc
index f128c77..72e664b 100644
--- a/update_manager/real_updater_provider_unittest.cc
+++ b/update_manager/real_updater_provider_unittest.cc
@@ -38,10 +38,11 @@
using chromeos_update_engine::OmahaRequestParams;
using std::string;
using std::unique_ptr;
+using testing::_;
using testing::DoAll;
using testing::Return;
using testing::SetArgPointee;
-using testing::_;
+using update_engine::UpdateAttemptFlags;
namespace {
@@ -425,4 +426,20 @@
kPollInterval, provider_->var_server_dictated_poll_interval());
}
+TEST_F(UmRealUpdaterProviderTest, GetUpdateRestrictions) {
+ EXPECT_CALL(*fake_sys_state_.mock_update_attempter(),
+ GetCurrentUpdateAttemptFlags())
+ .WillRepeatedly(Return(UpdateAttemptFlags::kFlagRestrictDownload |
+ UpdateAttemptFlags::kFlagNonInteractive));
+ UmTestUtils::ExpectVariableHasValue(UpdateRestrictions::kRestrictDownloading,
+ provider_->var_update_restrictions());
+}
+
+TEST_F(UmRealUpdaterProviderTest, GetUpdateRestrictionsNone) {
+ EXPECT_CALL(*fake_sys_state_.mock_update_attempter(),
+ GetCurrentUpdateAttemptFlags())
+ .WillRepeatedly(Return(UpdateAttemptFlags::kNone));
+ UmTestUtils::ExpectVariableHasValue(UpdateRestrictions::kNone,
+ provider_->var_update_restrictions());
+}
} // namespace chromeos_update_manager
diff --git a/update_manager/updater_provider.h b/update_manager/updater_provider.h
index 549aea9..cb62623 100644
--- a/update_manager/updater_provider.h
+++ b/update_manager/updater_provider.h
@@ -44,6 +44,12 @@
kPeriodic,
};
+// These enum values are a bit-field.
+enum UpdateRestrictions : int {
+ kNone,
+ kRestrictDownloading = (1 << 0),
+};
+
// Provider for Chrome OS update related information.
class UpdaterProvider : public Provider {
public:
@@ -105,6 +111,10 @@
// scheduled update.
virtual Variable<UpdateRequestStatus>* var_forced_update_requested() = 0;
+ // A variable that returns the update restriction flags that are set
+ // for all updates.
+ virtual Variable<UpdateRestrictions>* var_update_restrictions() = 0;
+
protected:
UpdaterProvider() {}