1 // 2 // Copyright (C) 2011 The Android Open Source Project 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 // 16 17 #include "update_engine/omaha_response_handler_action.h" 18 19 #include <limits> 20 #include <string> 21 22 #include <base/logging.h> 23 #include <base/strings/string_number_conversions.h> 24 #include <policy/device_policy.h> 25 26 #include "update_engine/common/constants.h" 27 #include "update_engine/common/hardware_interface.h" 28 #include "update_engine/common/prefs_interface.h" 29 #include "update_engine/common/utils.h" 30 #include "update_engine/connection_manager_interface.h" 31 #include "update_engine/omaha_request_params.h" 32 #include "update_engine/payload_consumer/delta_performer.h" 33 #include "update_engine/payload_state_interface.h" 34 #include "update_engine/update_manager/policy.h" 35 #include "update_engine/update_manager/update_manager.h" 36 37 using chromeos_update_manager::Policy; 38 using chromeos_update_manager::UpdateManager; 39 using std::numeric_limits; 40 using std::string; 41 42 namespace chromeos_update_engine { 43 44 OmahaResponseHandlerAction::OmahaResponseHandlerAction( 45 SystemState* system_state) 46 : system_state_(system_state), 47 deadline_file_(constants::kOmahaResponseDeadlineFile) {} 48 49 void OmahaResponseHandlerAction::PerformAction() { 50 CHECK(HasInputObject()); 51 ScopedActionCompleter completer(processor_, this); 52 const OmahaResponse& response = GetInputObject(); 53 if (!response.update_exists) { 54 LOG(INFO) << "There are no updates. Aborting."; 55 completer.set_code(ErrorCode::kNoUpdate); 56 return; 57 } 58 59 // All decisions as to which URL should be used have already been done. So, 60 // make the current URL as the download URL. 61 string current_url = system_state_->payload_state()->GetCurrentUrl(); 62 if (current_url.empty()) { 63 // This shouldn't happen as we should always supply the HTTPS backup URL. 64 // Handling this anyway, just in case. 65 LOG(ERROR) << "There are no suitable URLs in the response to use."; 66 completer.set_code(ErrorCode::kOmahaResponseInvalid); 67 return; 68 } 69 70 // This is the url to the first package, not all packages. 71 install_plan_.download_url = current_url; 72 install_plan_.version = response.version; 73 install_plan_.system_version = response.system_version; 74 75 OmahaRequestParams* const params = system_state_->request_params(); 76 PayloadStateInterface* const payload_state = system_state_->payload_state(); 77 78 // If we're using p2p to download and there is a local peer, use it. 79 if (payload_state->GetUsingP2PForDownloading() && 80 !payload_state->GetP2PUrl().empty()) { 81 LOG(INFO) << "Replacing URL " << install_plan_.download_url 82 << " with local URL " << payload_state->GetP2PUrl() 83 << " since p2p is enabled."; 84 install_plan_.download_url = payload_state->GetP2PUrl(); 85 payload_state->SetUsingP2PForDownloading(true); 86 } 87 88 // Fill up the other properties based on the response. 89 string update_check_response_hash; 90 for (const auto& package : response.packages) { 91 brillo::Blob raw_hash; 92 if (!base::HexStringToBytes(package.hash, &raw_hash)) { 93 LOG(ERROR) << "Failed to convert payload hash from hex string to bytes: " 94 << package.hash; 95 completer.set_code(ErrorCode::kOmahaResponseInvalid); 96 return; 97 } 98 install_plan_.payloads.push_back( 99 {.size = package.size, 100 .metadata_size = package.metadata_size, 101 .metadata_signature = package.metadata_signature, 102 .hash = raw_hash, 103 .type = package.is_delta ? InstallPayloadType::kDelta 104 : InstallPayloadType::kFull}); 105 update_check_response_hash += package.hash + ":"; 106 } 107 install_plan_.public_key_rsa = response.public_key_rsa; 108 install_plan_.hash_checks_mandatory = AreHashChecksMandatory(response); 109 install_plan_.is_resume = DeltaPerformer::CanResumeUpdate( 110 system_state_->prefs(), update_check_response_hash); 111 if (install_plan_.is_resume) { 112 payload_state->UpdateResumed(); 113 } else { 114 payload_state->UpdateRestarted(); 115 LOG_IF(WARNING, 116 !DeltaPerformer::ResetUpdateProgress(system_state_->prefs(), false)) 117 << "Unable to reset the update progress."; 118 LOG_IF(WARNING, 119 !system_state_->prefs()->SetString(kPrefsUpdateCheckResponseHash, 120 update_check_response_hash)) 121 << "Unable to save the update check response hash."; 122 } 123 124 if (params->is_install()) { 125 install_plan_.target_slot = system_state_->boot_control()->GetCurrentSlot(); 126 install_plan_.source_slot = BootControlInterface::kInvalidSlot; 127 } else { 128 install_plan_.source_slot = system_state_->boot_control()->GetCurrentSlot(); 129 install_plan_.target_slot = install_plan_.source_slot == 0 ? 1 : 0; 130 } 131 132 // The Omaha response doesn't include the channel name for this image, so we 133 // use the download_channel we used during the request to tag the target slot. 134 // This will be used in the next boot to know the channel the image was 135 // downloaded from. 136 string current_channel_key = 137 kPrefsChannelOnSlotPrefix + std::to_string(install_plan_.target_slot); 138 system_state_->prefs()->SetString(current_channel_key, 139 params->download_channel()); 140 141 // Checking whether device is able to boot up the returned rollback image. 142 if (response.is_rollback) { 143 if (!params->rollback_allowed()) { 144 LOG(ERROR) << "Received rollback image but rollback is not allowed."; 145 completer.set_code(ErrorCode::kOmahaResponseInvalid); 146 return; 147 } 148 auto min_kernel_key_version = static_cast<uint32_t>( 149 system_state_->hardware()->GetMinKernelKeyVersion()); 150 auto min_firmware_key_version = static_cast<uint32_t>( 151 system_state_->hardware()->GetMinFirmwareKeyVersion()); 152 uint32_t kernel_key_version = 153 static_cast<uint32_t>(response.rollback_key_version.kernel_key) << 16 | 154 static_cast<uint32_t>(response.rollback_key_version.kernel); 155 uint32_t firmware_key_version = 156 static_cast<uint32_t>(response.rollback_key_version.firmware_key) 157 << 16 | 158 static_cast<uint32_t>(response.rollback_key_version.firmware); 159 160 // Don't attempt a rollback if the versions are incompatible or the 161 // target image does not specify the version information. 162 if (kernel_key_version == numeric_limits<uint32_t>::max() || 163 firmware_key_version == numeric_limits<uint32_t>::max() || 164 kernel_key_version < min_kernel_key_version || 165 firmware_key_version < min_firmware_key_version) { 166 LOG(ERROR) << "Device won't be able to boot up the rollback image."; 167 completer.set_code(ErrorCode::kRollbackNotPossible); 168 return; 169 } 170 install_plan_.is_rollback = true; 171 } 172 173 if (response.powerwash_required || params->ShouldPowerwash()) 174 install_plan_.powerwash_required = true; 175 176 TEST_AND_RETURN(HasOutputPipe()); 177 if (HasOutputPipe()) 178 SetOutputObject(install_plan_); 179 LOG(INFO) << "Using this install plan:"; 180 install_plan_.Dump(); 181 182 // Send the deadline data (if any) to Chrome through a file. This is a pretty 183 // hacky solution but should be OK for now. 184 // 185 // TODO(petkov): Re-architect this to avoid communication through a 186 // file. Ideally, we would include this information in D-Bus's GetStatus 187 // method and UpdateStatus signal. A potential issue is that update_engine may 188 // be unresponsive during an update download. 189 if (!deadline_file_.empty()) { 190 if (payload_state->GetRollbackHappened()) { 191 // Don't do forced update if rollback has happened since the last update 192 // check where policy was present. 193 LOG(INFO) << "Not forcing update because a rollback happened."; 194 utils::WriteFile(deadline_file_.c_str(), nullptr, 0); 195 } else { 196 utils::WriteFile(deadline_file_.c_str(), 197 response.deadline.data(), 198 response.deadline.size()); 199 } 200 chmod(deadline_file_.c_str(), S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); 201 } 202 203 // Check the generated install-plan with the Policy to confirm that 204 // it can be applied at this time (or at all). 205 UpdateManager* const update_manager = system_state_->update_manager(); 206 CHECK(update_manager); 207 auto ec = ErrorCode::kSuccess; 208 update_manager->PolicyRequest( 209 &Policy::UpdateCanBeApplied, &ec, &install_plan_); 210 completer.set_code(ec); 211 } 212 213 bool OmahaResponseHandlerAction::AreHashChecksMandatory( 214 const OmahaResponse& response) { 215 // We sometimes need to waive the hash checks in order to download from 216 // sources that don't provide hashes, such as dev server. 217 // At this point UpdateAttempter::IsAnyUpdateSourceAllowed() has already been 218 // checked, so an unofficial update URL won't get this far unless it's OK to 219 // use without a hash. Additionally, we want to always waive hash checks on 220 // unofficial builds (i.e. dev/test images). 221 // The end result is this: 222 // * Base image: 223 // - Official URLs require a hash. 224 // - Unofficial URLs only get this far if the IsAnyUpdateSourceAllowed() 225 // devmode/debugd checks pass, in which case the hash is waived. 226 // * Dev/test image: 227 // - Any URL is allowed through with no hash checking. 228 if (!system_state_->request_params()->IsUpdateUrlOfficial() || 229 !system_state_->hardware()->IsOfficialBuild()) { 230 // Still do a hash check if a public key is included. 231 if (!response.public_key_rsa.empty()) { 232 // The autoupdate_CatchBadSignatures test checks for this string 233 // in log-files. Keep in sync. 234 LOG(INFO) << "Mandating payload hash checks since Omaha Response " 235 << "for unofficial build includes public RSA key."; 236 return true; 237 } else { 238 LOG(INFO) << "Waiving payload hash checks for unofficial update URL."; 239 return false; 240 } 241 } 242 243 LOG(INFO) << "Mandating hash checks for official URL on official build."; 244 return true; 245 } 246 247 } // namespace chromeos_update_engine 248