Support per-partition timestamps
update_engine is heading toward supporting partial updates, which an OTA
update can update just a subset of all partitions. In this context, a
single max_timestamp in OTA manifest is insufficient for checking
potential downgrades, as different partitions can have different
timestamps. This CL adds per-partition timestamp support on
update_engine side. update_engine will accept a payload with
per-partition timestamps and reject the update if any partition has an
older timestamp.
Changes made:
1. Add new version field to PartitionUpdate protobuf message.
2. Add new methods to HardwareInterface for fetching/checking
timestamp of each partition.
3. Update delta_performer to invoke new APIs in 2 properly.
4. Add relevant testcases.
Test: unittest
Bug: 162553432
Change-Id: I767343e003fd35ce0d22197b15040488cf30be30
diff --git a/common/fake_hardware.h b/common/fake_hardware.h
index 2a8e81d..30c0897 100644
--- a/common/fake_hardware.h
+++ b/common/fake_hardware.h
@@ -19,10 +19,12 @@
#include <map>
#include <string>
+#include <utility>
#include <base/time/time.h>
#include "update_engine/common/hardware_interface.h"
+#include "update_engine/common/utils.h"
namespace chromeos_update_engine {
@@ -207,6 +209,18 @@
bool GetIsRollbackPowerwashScheduled() const {
return powerwash_scheduled_ && save_rollback_data_;
}
+ std::string GetVersionForLogging(
+ const std::string& partition_name) const override {
+ return partition_timestamps_[partition_name];
+ }
+ void SetVersion(const std::string& partition_name, std::string timestamp) {
+ partition_timestamps_[partition_name] = std::move(timestamp);
+ }
+ bool IsPartitionUpdateValid(const std::string& partition_name,
+ const std::string& new_version) const override {
+ const auto old_version = GetVersionForLogging(partition_name);
+ return utils::IsTimestampNewer(old_version, new_version);
+ }
private:
bool is_official_build_{true};
@@ -230,6 +244,7 @@
int64_t build_timestamp_{0};
bool first_active_omaha_ping_sent_{false};
bool warm_reset_{false};
+ mutable std::map<std::string, std::string> partition_timestamps_;
DISALLOW_COPY_AND_ASSIGN(FakeHardware);
};
diff --git a/common/hardware_interface.h b/common/hardware_interface.h
index 4f0305f..0fffbfb 100644
--- a/common/hardware_interface.h
+++ b/common/hardware_interface.h
@@ -142,6 +142,19 @@
// If |warm_reset| is true, sets the warm reset to indicate a warm reset is
// needed on the next reboot. Otherwise, clears the flag.
virtual void SetWarmReset(bool warm_reset) = 0;
+
+ // Return the version/timestamp for partition `partition_name`.
+ // Don't make any assumption about the formatting of returned string.
+ // Only used for logging/debugging purposes.
+ virtual std::string GetVersionForLogging(
+ const std::string& partition_name) const = 0;
+
+ // Return true if and only if `new_version` is "newer" than the
+ // version number of partition `partition_name`. The notion of
+ // "newer" is defined by this function. Caller should not make
+ // any assumption about the underlying logic.
+ virtual bool IsPartitionUpdateValid(const std::string& partition_name,
+ const std::string& new_version) const = 0;
};
} // namespace chromeos_update_engine
diff --git a/common/utils.cc b/common/utils.cc
index 3e3d830..bbb155f 100644
--- a/common/utils.cc
+++ b/common/utils.cc
@@ -820,7 +820,7 @@
return base_code;
}
-string StringVectorToString(const vector<string> &vec_str) {
+string StringVectorToString(const vector<string>& vec_str) {
string str = "[";
for (vector<string>::const_iterator i = vec_str.begin(); i != vec_str.end();
++i) {
@@ -849,7 +849,7 @@
encoded_hash.c_str());
}
-bool ConvertToOmahaInstallDate(Time time, int *out_num_days) {
+bool ConvertToOmahaInstallDate(Time time, int* out_num_days) {
time_t unix_time = time.ToTimeT();
// Output of: date +"%s" --date="Jan 1, 2007 0:00 PST".
const time_t kOmahaEpoch = 1167638400;
@@ -982,6 +982,29 @@
return base::NumberToString(base::StringPieceHash()(str_to_convert));
}
+static bool ParseTimestamp(const std::string& str, int64_t* out) {
+ if (!base::StringToInt64(str, out)) {
+ LOG(WARNING) << "Invalid timestamp: " << str;
+ return false;
+ }
+ return true;
+}
+
+bool IsTimestampNewer(const std::string& old_version,
+ const std::string& new_version) {
+ if (old_version.empty() || new_version.empty()) {
+ LOG(WARNING)
+ << "One of old/new timestamp is empty, permit update anyway. Old: "
+ << old_version << " New: " << new_version;
+ return true;
+ }
+ int64_t old_ver = 0;
+ TEST_AND_RETURN_FALSE(ParseTimestamp(old_version, &old_ver));
+ int64_t new_ver = 0;
+ TEST_AND_RETURN_FALSE(ParseTimestamp(new_version, &new_ver));
+ return old_ver <= new_ver;
+}
+
} // namespace utils
} // namespace chromeos_update_engine
diff --git a/common/utils.h b/common/utils.h
index 23ac03d..5dfee3b 100644
--- a/common/utils.h
+++ b/common/utils.h
@@ -323,6 +323,12 @@
// with |Excluder| as the exclusion name.
std::string GetExclusionName(const std::string& str_to_convert);
+// Parse `old_version` and `new_version` as integer timestamps and
+// return true if `new_version` is larger/newer.
+// Returns true if either one is empty. Return false if
+bool IsTimestampNewer(const std::string& old_version,
+ const std::string& new_version);
+
} // namespace utils
// Utility class to close a file descriptor
diff --git a/common/utils_unittest.cc b/common/utils_unittest.cc
index ebcc548..37871d2 100644
--- a/common/utils_unittest.cc
+++ b/common/utils_unittest.cc
@@ -481,4 +481,12 @@
IGNORE_EINTR(close(fd));
}
+TEST(UtilsTest, ValidatePerPartitionTimestamp) {
+ ASSERT_FALSE(utils::IsTimestampNewer("10", "5"));
+ ASSERT_TRUE(utils::IsTimestampNewer("10", "11"));
+ ASSERT_FALSE(utils::IsTimestampNewer("10", "lol"));
+ ASSERT_FALSE(utils::IsTimestampNewer("lol", "ZZZ"));
+ ASSERT_TRUE(utils::IsTimestampNewer("10", ""));
+}
+
} // namespace chromeos_update_engine