Alex Deymo | aea4c1c | 2015-08-19 20:24:43 -0700 | [diff] [blame] | 1 | // |
| 2 | // Copyright (C) 2011 The Android Open Source Project |
| 3 | // |
| 4 | // Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | // you may not use this file except in compliance with the License. |
| 6 | // You may obtain a copy of the License at |
| 7 | // |
| 8 | // http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | // |
| 10 | // Unless required by applicable law or agreed to in writing, software |
| 11 | // distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | // See the License for the specific language governing permissions and |
| 14 | // limitations under the License. |
| 15 | // |
adlr@google.com | 3defe6a | 2009-12-04 20:57:17 +0000 | [diff] [blame] | 16 | |
| 17 | #include "update_engine/omaha_response_handler_action.h" |
Darin Petkov | 73058b4 | 2010-10-06 16:32:19 -0700 | [diff] [blame] | 18 | |
adlr@google.com | 3defe6a | 2009-12-04 20:57:17 +0000 | [diff] [blame] | 19 | #include <string> |
Darin Petkov | 73058b4 | 2010-10-06 16:32:19 -0700 | [diff] [blame] | 20 | |
| 21 | #include <base/logging.h> |
Sen Jiang | 2703ef4 | 2017-03-16 13:36:21 -0700 | [diff] [blame] | 22 | #include <base/strings/string_number_conversions.h> |
Alex Vakulenko | 75039d7 | 2014-03-25 12:36:28 -0700 | [diff] [blame] | 23 | #include <base/strings/string_util.h> |
Gilad Arnold | 1f84723 | 2014-04-07 12:07:49 -0700 | [diff] [blame] | 24 | #include <policy/device_policy.h> |
Darin Petkov | 73058b4 | 2010-10-06 16:32:19 -0700 | [diff] [blame] | 25 | |
Alex Deymo | 39910dc | 2015-11-09 17:04:30 -0800 | [diff] [blame] | 26 | #include "update_engine/common/constants.h" |
| 27 | #include "update_engine/common/hardware_interface.h" |
| 28 | #include "update_engine/common/prefs_interface.h" |
| 29 | #include "update_engine/common/utils.h" |
Alex Deymo | f6ee016 | 2015-07-31 12:35:22 -0700 | [diff] [blame] | 30 | #include "update_engine/connection_manager_interface.h" |
Gilad Arnold | 1f84723 | 2014-04-07 12:07:49 -0700 | [diff] [blame] | 31 | #include "update_engine/omaha_request_params.h" |
Alex Deymo | 39910dc | 2015-11-09 17:04:30 -0800 | [diff] [blame] | 32 | #include "update_engine/payload_consumer/delta_performer.h" |
Jay Srinivasan | 55f50c2 | 2013-01-10 19:24:35 -0800 | [diff] [blame] | 33 | #include "update_engine/payload_state_interface.h" |
Aaron Wood | 23bd339 | 2017-10-06 14:48:25 -0700 | [diff] [blame] | 34 | #include "update_engine/update_manager/policy.h" |
| 35 | #include "update_engine/update_manager/update_manager.h" |
adlr@google.com | 3defe6a | 2009-12-04 20:57:17 +0000 | [diff] [blame] | 36 | |
Aaron Wood | 23bd339 | 2017-10-06 14:48:25 -0700 | [diff] [blame] | 37 | using chromeos_update_manager::Policy; |
| 38 | using chromeos_update_manager::UpdateManager; |
adlr@google.com | 3defe6a | 2009-12-04 20:57:17 +0000 | [diff] [blame] | 39 | using std::string; |
| 40 | |
| 41 | namespace chromeos_update_engine { |
| 42 | |
Jay Srinivasan | 6f6ea00 | 2012-12-14 11:26:28 -0800 | [diff] [blame] | 43 | OmahaResponseHandlerAction::OmahaResponseHandlerAction( |
| 44 | SystemState* system_state) |
Alex Deymo | 6dd160a | 2015-10-09 18:45:14 -0700 | [diff] [blame] | 45 | : OmahaResponseHandlerAction(system_state, |
| 46 | constants::kOmahaResponseDeadlineFile) {} |
Gilad Arnold | 4dbd47e | 2013-07-22 05:39:26 -0700 | [diff] [blame] | 47 | |
| 48 | OmahaResponseHandlerAction::OmahaResponseHandlerAction( |
| 49 | SystemState* system_state, const string& deadline_file) |
| 50 | : system_state_(system_state), |
Alex Deymo | e6fc8e1 | 2015-09-28 14:02:17 -0700 | [diff] [blame] | 51 | key_path_(constants::kUpdatePayloadPublicKeyPath), |
Gilad Arnold | 4dbd47e | 2013-07-22 05:39:26 -0700 | [diff] [blame] | 52 | deadline_file_(deadline_file) {} |
Darin Petkov | abc7bc0 | 2011-02-23 14:39:43 -0800 | [diff] [blame] | 53 | |
adlr@google.com | 3defe6a | 2009-12-04 20:57:17 +0000 | [diff] [blame] | 54 | void OmahaResponseHandlerAction::PerformAction() { |
| 55 | CHECK(HasInputObject()); |
| 56 | ScopedActionCompleter completer(processor_, this); |
Darin Petkov | 6a5b322 | 2010-07-13 14:55:28 -0700 | [diff] [blame] | 57 | const OmahaResponse& response = GetInputObject(); |
adlr@google.com | 3defe6a | 2009-12-04 20:57:17 +0000 | [diff] [blame] | 58 | if (!response.update_exists) { |
| 59 | LOG(INFO) << "There are no updates. Aborting."; |
Sen Jiang | 89e24c1 | 2018-03-22 18:05:44 -0700 | [diff] [blame] | 60 | completer.set_code(ErrorCode::kNoUpdate); |
adlr@google.com | 3defe6a | 2009-12-04 20:57:17 +0000 | [diff] [blame] | 61 | return; |
| 62 | } |
Jay Srinivasan | 6f6ea00 | 2012-12-14 11:26:28 -0800 | [diff] [blame] | 63 | |
| 64 | // All decisions as to which URL should be used have already been done. So, |
Jay Srinivasan | 53173b9 | 2013-05-17 17:13:01 -0700 | [diff] [blame] | 65 | // make the current URL as the download URL. |
| 66 | string current_url = system_state_->payload_state()->GetCurrentUrl(); |
| 67 | if (current_url.empty()) { |
| 68 | // This shouldn't happen as we should always supply the HTTPS backup URL. |
| 69 | // Handling this anyway, just in case. |
| 70 | LOG(ERROR) << "There are no suitable URLs in the response to use."; |
Gilad Arnold | d1c4d2d | 2014-06-05 14:07:53 -0700 | [diff] [blame] | 71 | completer.set_code(ErrorCode::kOmahaResponseInvalid); |
Jay Srinivasan | 53173b9 | 2013-05-17 17:13:01 -0700 | [diff] [blame] | 72 | return; |
| 73 | } |
| 74 | |
Aaron Wood | 7f92e2b | 2017-08-28 14:51:21 -0700 | [diff] [blame] | 75 | // This is the url to the first package, not all packages. |
Jay Srinivasan | 53173b9 | 2013-05-17 17:13:01 -0700 | [diff] [blame] | 76 | install_plan_.download_url = current_url; |
Chris Sosa | fb1020e | 2013-07-29 17:27:33 -0700 | [diff] [blame] | 77 | install_plan_.version = response.version; |
Aaron Wood | 7dcdedf | 2017-09-06 17:17:41 -0700 | [diff] [blame] | 78 | install_plan_.system_version = response.system_version; |
Jay Srinivasan | 6f6ea00 | 2012-12-14 11:26:28 -0800 | [diff] [blame] | 79 | |
Gilad Arnold | 74b5f55 | 2014-10-07 08:17:16 -0700 | [diff] [blame] | 80 | OmahaRequestParams* const params = system_state_->request_params(); |
| 81 | PayloadStateInterface* const payload_state = system_state_->payload_state(); |
David Zeuthen | 8f191b2 | 2013-08-06 12:27:50 -0700 | [diff] [blame] | 82 | |
| 83 | // If we're using p2p to download and there is a local peer, use it. |
Gilad Arnold | 74b5f55 | 2014-10-07 08:17:16 -0700 | [diff] [blame] | 84 | if (payload_state->GetUsingP2PForDownloading() && |
| 85 | !payload_state->GetP2PUrl().empty()) { |
David Zeuthen | 8f191b2 | 2013-08-06 12:27:50 -0700 | [diff] [blame] | 86 | LOG(INFO) << "Replacing URL " << install_plan_.download_url |
Gilad Arnold | 74b5f55 | 2014-10-07 08:17:16 -0700 | [diff] [blame] | 87 | << " with local URL " << payload_state->GetP2PUrl() |
David Zeuthen | 8f191b2 | 2013-08-06 12:27:50 -0700 | [diff] [blame] | 88 | << " since p2p is enabled."; |
Gilad Arnold | 74b5f55 | 2014-10-07 08:17:16 -0700 | [diff] [blame] | 89 | install_plan_.download_url = payload_state->GetP2PUrl(); |
| 90 | payload_state->SetUsingP2PForDownloading(true); |
David Zeuthen | 8f191b2 | 2013-08-06 12:27:50 -0700 | [diff] [blame] | 91 | } |
| 92 | |
Jay Srinivasan | 6f6ea00 | 2012-12-14 11:26:28 -0800 | [diff] [blame] | 93 | // Fill up the other properties based on the response. |
Sen Jiang | 0affc2c | 2017-02-10 15:55:05 -0800 | [diff] [blame] | 94 | string update_check_response_hash; |
| 95 | for (const auto& package : response.packages) { |
| 96 | brillo::Blob raw_hash; |
| 97 | if (!base::HexStringToBytes(package.hash, &raw_hash)) { |
| 98 | LOG(ERROR) << "Failed to convert payload hash from hex string to bytes: " |
| 99 | << package.hash; |
| 100 | completer.set_code(ErrorCode::kOmahaResponseInvalid); |
| 101 | return; |
| 102 | } |
| 103 | install_plan_.payloads.push_back( |
| 104 | {.size = package.size, |
| 105 | .metadata_size = package.metadata_size, |
| 106 | .metadata_signature = package.metadata_signature, |
Sen Jiang | cdd5206 | 2017-05-18 15:33:10 -0700 | [diff] [blame] | 107 | .hash = raw_hash, |
| 108 | .type = package.is_delta ? InstallPayloadType::kDelta |
| 109 | : InstallPayloadType::kFull}); |
Sen Jiang | 0affc2c | 2017-02-10 15:55:05 -0800 | [diff] [blame] | 110 | update_check_response_hash += package.hash + ":"; |
Sen Jiang | 2703ef4 | 2017-03-16 13:36:21 -0700 | [diff] [blame] | 111 | } |
David Zeuthen | e7f8917 | 2013-10-31 10:21:04 -0700 | [diff] [blame] | 112 | install_plan_.public_key_rsa = response.public_key_rsa; |
Jay Srinivasan | 738fdf3 | 2012-12-07 17:40:54 -0800 | [diff] [blame] | 113 | install_plan_.hash_checks_mandatory = AreHashChecksMandatory(response); |
Sen Jiang | 0affc2c | 2017-02-10 15:55:05 -0800 | [diff] [blame] | 114 | install_plan_.is_resume = DeltaPerformer::CanResumeUpdate( |
| 115 | system_state_->prefs(), update_check_response_hash); |
Chris Sosa | be45bef | 2013-04-09 18:25:12 -0700 | [diff] [blame] | 116 | if (install_plan_.is_resume) { |
Gilad Arnold | 74b5f55 | 2014-10-07 08:17:16 -0700 | [diff] [blame] | 117 | payload_state->UpdateResumed(); |
Chris Sosa | be45bef | 2013-04-09 18:25:12 -0700 | [diff] [blame] | 118 | } else { |
Gilad Arnold | 74b5f55 | 2014-10-07 08:17:16 -0700 | [diff] [blame] | 119 | payload_state->UpdateRestarted(); |
Sen Jiang | 0affc2c | 2017-02-10 15:55:05 -0800 | [diff] [blame] | 120 | LOG_IF(WARNING, |
| 121 | !DeltaPerformer::ResetUpdateProgress(system_state_->prefs(), false)) |
Darin Petkov | 0406e40 | 2010-10-06 21:33:11 -0700 | [diff] [blame] | 122 | << "Unable to reset the update progress."; |
Sen Jiang | 0affc2c | 2017-02-10 15:55:05 -0800 | [diff] [blame] | 123 | LOG_IF(WARNING, |
| 124 | !system_state_->prefs()->SetString(kPrefsUpdateCheckResponseHash, |
| 125 | update_check_response_hash)) |
Darin Petkov | 0406e40 | 2010-10-06 21:33:11 -0700 | [diff] [blame] | 126 | << "Unable to save the update check response hash."; |
| 127 | } |
| 128 | |
Alex Deymo | 763e7db | 2015-08-27 21:08:08 -0700 | [diff] [blame] | 129 | install_plan_.source_slot = system_state_->boot_control()->GetCurrentSlot(); |
| 130 | install_plan_.target_slot = install_plan_.source_slot == 0 ? 1 : 0; |
adlr@google.com | 3defe6a | 2009-12-04 20:57:17 +0000 | [diff] [blame] | 131 | |
Alex Deymo | 8561665 | 2015-10-15 18:48:31 -0700 | [diff] [blame] | 132 | // The Omaha response doesn't include the channel name for this image, so we |
| 133 | // use the download_channel we used during the request to tag the target slot. |
| 134 | // This will be used in the next boot to know the channel the image was |
| 135 | // downloaded from. |
| 136 | string current_channel_key = |
| 137 | kPrefsChannelOnSlotPrefix + std::to_string(install_plan_.target_slot); |
| 138 | system_state_->prefs()->SetString(current_channel_key, |
| 139 | params->download_channel()); |
| 140 | |
Sen Jiang | fe28440 | 2018-03-21 14:03:50 -0700 | [diff] [blame] | 141 | if (response.powerwash_required || params->ShouldPowerwash()) |
Jay Srinivasan | ae4697c | 2013-03-18 17:08:08 -0700 | [diff] [blame] | 142 | install_plan_.powerwash_required = true; |
Jay Srinivasan | 1c0fe79 | 2013-03-28 16:45:25 -0700 | [diff] [blame] | 143 | |
Andrew de los Reyes | f98bff8 | 2010-05-06 13:33:25 -0700 | [diff] [blame] | 144 | TEST_AND_RETURN(HasOutputPipe()); |
adlr@google.com | 3defe6a | 2009-12-04 20:57:17 +0000 | [diff] [blame] | 145 | if (HasOutputPipe()) |
Andrew de los Reyes | 63b96d7 | 2010-05-10 13:08:54 -0700 | [diff] [blame] | 146 | SetOutputObject(install_plan_); |
adlr@google.com | 3defe6a | 2009-12-04 20:57:17 +0000 | [diff] [blame] | 147 | LOG(INFO) << "Using this install plan:"; |
Andrew de los Reyes | 63b96d7 | 2010-05-10 13:08:54 -0700 | [diff] [blame] | 148 | install_plan_.Dump(); |
Darin Petkov | 6a5b322 | 2010-07-13 14:55:28 -0700 | [diff] [blame] | 149 | |
Darin Petkov | 6c11864 | 2010-10-21 12:06:30 -0700 | [diff] [blame] | 150 | // Send the deadline data (if any) to Chrome through a file. This is a pretty |
| 151 | // hacky solution but should be OK for now. |
| 152 | // |
Alex Vakulenko | 072359c | 2014-07-18 11:41:07 -0700 | [diff] [blame] | 153 | // TODO(petkov): Re-architect this to avoid communication through a |
Chris Sosa | be45bef | 2013-04-09 18:25:12 -0700 | [diff] [blame] | 154 | // file. Ideally, we would include this information in D-Bus's GetStatus |
Darin Petkov | 6c11864 | 2010-10-21 12:06:30 -0700 | [diff] [blame] | 155 | // method and UpdateStatus signal. A potential issue is that update_engine may |
| 156 | // be unresponsive during an update download. |
Alex Deymo | 6dd160a | 2015-10-09 18:45:14 -0700 | [diff] [blame] | 157 | if (!deadline_file_.empty()) { |
| 158 | utils::WriteFile(deadline_file_.c_str(), |
| 159 | response.deadline.data(), |
| 160 | response.deadline.size()); |
| 161 | chmod(deadline_file_.c_str(), S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
| 162 | } |
Darin Petkov | 6c11864 | 2010-10-21 12:06:30 -0700 | [diff] [blame] | 163 | |
Aaron Wood | 23bd339 | 2017-10-06 14:48:25 -0700 | [diff] [blame] | 164 | // Check the generated install-plan with the Policy to confirm that |
| 165 | // it can be applied at this time (or at all). |
| 166 | UpdateManager* const update_manager = system_state_->update_manager(); |
| 167 | CHECK(update_manager); |
| 168 | auto ec = ErrorCode::kSuccess; |
| 169 | update_manager->PolicyRequest( |
| 170 | &Policy::UpdateCanBeApplied, &ec, &install_plan_); |
| 171 | completer.set_code(ec); |
adlr@google.com | 3defe6a | 2009-12-04 20:57:17 +0000 | [diff] [blame] | 172 | } |
| 173 | |
Jay Srinivasan | 738fdf3 | 2012-12-07 17:40:54 -0800 | [diff] [blame] | 174 | bool OmahaResponseHandlerAction::AreHashChecksMandatory( |
| 175 | const OmahaResponse& response) { |
David Pursell | 907b4fa | 2015-01-27 10:27:38 -0800 | [diff] [blame] | 176 | // We sometimes need to waive the hash checks in order to download from |
| 177 | // sources that don't provide hashes, such as dev server. |
| 178 | // At this point UpdateAttempter::IsAnyUpdateSourceAllowed() has already been |
| 179 | // checked, so an unofficial update URL won't get this far unless it's OK to |
| 180 | // use without a hash. Additionally, we want to always waive hash checks on |
| 181 | // unofficial builds (i.e. dev/test images). |
| 182 | // The end result is this: |
| 183 | // * Base image: |
| 184 | // - Official URLs require a hash. |
| 185 | // - Unofficial URLs only get this far if the IsAnyUpdateSourceAllowed() |
| 186 | // devmode/debugd checks pass, in which case the hash is waived. |
| 187 | // * Dev/test image: |
| 188 | // - Any URL is allowed through with no hash checking. |
| 189 | if (!system_state_->request_params()->IsUpdateUrlOfficial() || |
| 190 | !system_state_->hardware()->IsOfficialBuild()) { |
David Pursell | 02c1864 | 2014-11-06 11:26:11 -0800 | [diff] [blame] | 191 | // Still do a hash check if a public key is included. |
David Zeuthen | e7f8917 | 2013-10-31 10:21:04 -0700 | [diff] [blame] | 192 | if (!response.public_key_rsa.empty()) { |
David Zeuthen | bc27aac | 2013-11-26 11:17:48 -0800 | [diff] [blame] | 193 | // The autoupdate_CatchBadSignatures test checks for this string |
| 194 | // in log-files. Keep in sync. |
David Zeuthen | e7f8917 | 2013-10-31 10:21:04 -0700 | [diff] [blame] | 195 | LOG(INFO) << "Mandating payload hash checks since Omaha Response " |
| 196 | << "for unofficial build includes public RSA key."; |
| 197 | return true; |
| 198 | } else { |
David Pursell | 02c1864 | 2014-11-06 11:26:11 -0800 | [diff] [blame] | 199 | LOG(INFO) << "Waiving payload hash checks for unofficial update URL."; |
David Zeuthen | e7f8917 | 2013-10-31 10:21:04 -0700 | [diff] [blame] | 200 | return false; |
| 201 | } |
Jay Srinivasan | 738fdf3 | 2012-12-07 17:40:54 -0800 | [diff] [blame] | 202 | } |
| 203 | |
David Zeuthen | 8f191b2 | 2013-08-06 12:27:50 -0700 | [diff] [blame] | 204 | // If we're using p2p, |install_plan_.download_url| may contain a |
| 205 | // HTTP URL even if |response.payload_urls| contain only HTTPS URLs. |
Alex Vakulenko | 0103c36 | 2016-01-20 07:56:15 -0800 | [diff] [blame] | 206 | if (!base::StartsWith(install_plan_.download_url, "https://", |
| 207 | base::CompareCase::INSENSITIVE_ASCII)) { |
David Zeuthen | 8f191b2 | 2013-08-06 12:27:50 -0700 | [diff] [blame] | 208 | LOG(INFO) << "Mandating hash checks since download_url is not HTTPS."; |
| 209 | return true; |
| 210 | } |
| 211 | |
Jay Srinivasan | 738fdf3 | 2012-12-07 17:40:54 -0800 | [diff] [blame] | 212 | // TODO(jaysri): VALIDATION: For official builds, we currently waive hash |
| 213 | // checks for HTTPS until we have rolled out at least once and are confident |
| 214 | // nothing breaks. chromium-os:37082 tracks turning this on for HTTPS |
| 215 | // eventually. |
Jay Srinivasan | 6f6ea00 | 2012-12-14 11:26:28 -0800 | [diff] [blame] | 216 | |
| 217 | // Even if there's a single non-HTTPS URL, make the hash checks as |
| 218 | // mandatory because we could be downloading the payload from any URL later |
| 219 | // on. It's really hard to do book-keeping based on each byte being |
| 220 | // downloaded to see whether we only used HTTPS throughout. |
Sen Jiang | 0affc2c | 2017-02-10 15:55:05 -0800 | [diff] [blame] | 221 | for (const auto& package : response.packages) { |
| 222 | for (const string& payload_url : package.payload_urls) { |
| 223 | if (!base::StartsWith( |
| 224 | payload_url, "https://", base::CompareCase::INSENSITIVE_ASCII)) { |
| 225 | LOG(INFO) << "Mandating payload hash checks since Omaha response " |
| 226 | << "contains non-HTTPS URL(s)"; |
| 227 | return true; |
| 228 | } |
Jay Srinivasan | 6f6ea00 | 2012-12-14 11:26:28 -0800 | [diff] [blame] | 229 | } |
Jay Srinivasan | 738fdf3 | 2012-12-07 17:40:54 -0800 | [diff] [blame] | 230 | } |
| 231 | |
Jay Srinivasan | 6f6ea00 | 2012-12-14 11:26:28 -0800 | [diff] [blame] | 232 | LOG(INFO) << "Waiving payload hash checks since Omaha response " |
| 233 | << "only has HTTPS URL(s)"; |
| 234 | return false; |
Jay Srinivasan | 738fdf3 | 2012-12-07 17:40:54 -0800 | [diff] [blame] | 235 | } |
| 236 | |
adlr@google.com | 3defe6a | 2009-12-04 20:57:17 +0000 | [diff] [blame] | 237 | } // namespace chromeos_update_engine |