1 //
2 // Copyright (C) 2011 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16 
17 #ifndef UPDATE_ENGINE_PAYLOAD_CONSUMER_INSTALL_PLAN_H_
18 #define UPDATE_ENGINE_PAYLOAD_CONSUMER_INSTALL_PLAN_H_
19 
20 #include <string>
21 #include <vector>
22 
23 #include <base/macros.h>
24 #include <brillo/secure_blob.h>
25 
26 #include "update_engine/common/action.h"
27 #include "update_engine/common/boot_control_interface.h"
28 
29 // InstallPlan is a simple struct that contains relevant info for many
30 // parts of the update system about the install that should happen.
31 namespace chromeos_update_engine {
32 
33 enum class InstallPayloadType {
34   kUnknown,
35   kFull,
36   kDelta,
37 };
38 
39 std::string InstallPayloadTypeToString(InstallPayloadType type);
40 
41 struct InstallPlan {
42   InstallPlan() = default;
43 
44   bool operator==(const InstallPlan& that) const;
45   bool operator!=(const InstallPlan& that) const;
46 
47   void Dump() const;
48   std::string ToString() const;
49 
50  private:
51   // Loads the |source_path| and |target_path| of all |partitions| based on the
52   // |source_slot| and |target_slot| if available. Returns whether it succeeded
53   // to load all the partitions for the valid slots.
54   bool LoadPartitionsFromSlots(BootControlInterface* boot_control);
55   template <typename PartitinoUpdateArray>
56   static bool ParseManifestToInstallPlan(const PartitinoUpdateArray& partitions,
57                                          BootControlInterface* boot_control,
58                                          size_t block_size,
59                                          InstallPlan* install_plan,
60                                          ErrorCode* error);
61 
62  public:
63   // Load all partitions in |partitions| into this install plan, will also
64   // populate |source_path|, |target_pathh|, fec information, partition sizes.
65   bool ParsePartitions(const std::vector<PartitionUpdate>& partitions,
66                        BootControlInterface* boot_control,
67                        size_t block_size,
68                        ErrorCode* error);
69   bool ParsePartitions(
70       const google::protobuf::RepeatedPtrField<PartitionUpdate>& partitions,
71       BootControlInterface* boot_control,
72       size_t block_size,
73       ErrorCode* error);
74 
75   bool is_resume{false};
76   bool vabc_none{false};
77   bool disable_vabc{false};
78   std::string download_url;  // url to download from
79   std::string version;       // version we are installing.
80 
81   struct Payload {
82     std::vector<std::string> payload_urls;  // URLs to download the payload
83     uint64_t size = 0;                      // size of the payload
84     uint64_t metadata_size = 0;             // size of the metadata
85     std::string metadata_signature;  // signature of the metadata in base64
86     brillo::Blob hash;               // SHA256 hash of the payload
87     InstallPayloadType type{InstallPayloadType::kUnknown};
88     std::string fp;      // fingerprint value unique to the payload
89     std::string app_id;  // App ID of the payload
90     // Only download manifest and fill in partitions in install plan without
91     // apply the payload if true. Will be set by DownloadAction when resuming
92     // multi-payload.
93     bool already_applied = false;
94 
95     bool operator==(const Payload& that) const {
96       return payload_urls == that.payload_urls && size == that.size &&
97              metadata_size == that.metadata_size &&
98              metadata_signature == that.metadata_signature &&
99              hash == that.hash && type == that.type &&
100              already_applied == that.already_applied && fp == that.fp &&
101              app_id == that.app_id;
102     }
103   };
104   std::vector<Payload> payloads;
105 
106   // The partition slots used for the update.
107   BootControlInterface::Slot source_slot{BootControlInterface::kInvalidSlot};
108   BootControlInterface::Slot target_slot{BootControlInterface::kInvalidSlot};
109 
110   // The vector below is used for partition verification. The flow is:
111   //
112   // 1. DownloadAction fills in the expected source and target partition sizes
113   // and hashes based on the manifest.
114   //
115   // 2. FilesystemVerifierAction computes and verifies the partition sizes and
116   // hashes against the expected values.
117   struct Partition {
118     bool operator==(const Partition& that) const;
119 
120     // The name of the partition.
121     std::string name;
122 
123     std::string source_path;
124     uint64_t source_size{0};
125     brillo::Blob source_hash;
126 
127     // |target_path| is intended to be a path to block device, which you can
128     // open with |open| syscall and perform regular unix style read/write.
129     // For VABC, this will be empty. As you can't read/write VABC devices with
130     // regular syscall.
131     std::string target_path;
132     // |mountable_target_device| is intended to be a path to block device which
133     // can be used for mounting this block device's underlying filesystem.
134     std::string readonly_target_path;
135     uint64_t target_size{0};
136     brillo::Blob target_hash;
137 
138     uint32_t block_size{0};
139 
140     // Whether we should run the postinstall script from this partition and the
141     // postinstall parameters.
142     bool run_postinstall{false};
143     std::string postinstall_path;
144     std::string filesystem_type;
145     bool postinstall_optional{false};
146 
147     // Verity hash tree and FEC config. See update_metadata.proto for details.
148     // All offsets and sizes are in bytes.
149     uint64_t hash_tree_data_offset{0};
150     uint64_t hash_tree_data_size{0};
151     uint64_t hash_tree_offset{0};
152     uint64_t hash_tree_size{0};
153     std::string hash_tree_algorithm;
154     brillo::Blob hash_tree_salt;
155 
156     uint64_t fec_data_offset{0};
157     uint64_t fec_data_size{0};
158     uint64_t fec_offset{0};
159     uint64_t fec_size{0};
160     uint32_t fec_roots{0};
161 
162     bool ParseVerityConfig(const PartitionUpdate&);
163   };
164   std::vector<Partition> partitions;
165 
166   // True if payload hash checks are mandatory based on the system state and
167   // the Omaha response.
168   bool hash_checks_mandatory{false};
169 
170   // True if Powerwash is required on reboot after applying the payload.
171   // False otherwise.
172   bool powerwash_required{false};
173 
174   // True if and only if this is an SPL downgrade OTA
175   bool spl_downgrade{false};
176 
177   // True if the updated slot should be marked active on success.
178   // False otherwise.
179   bool switch_slot_on_reboot{true};
180 
181   // True if the update should run its post-install step.
182   // False otherwise.
183   bool run_post_install{true};
184 
185   // True if this update is a rollback.
186   bool is_rollback{false};
187 
188   // True if this rollback should preserve some system data.
189   bool rollback_data_save_requested{false};
190 
191   // True if the update should write verity.
192   // False otherwise.
193   bool write_verity{true};
194 
195   // If not blank, a base-64 encoded representation of the PEM-encoded
196   // public key in the response.
197   std::string public_key_rsa;
198 
199   // The name of dynamic partitions not included in the payload. Only used
200   // for partial updates.
201   std::vector<std::string> untouched_dynamic_partitions;
202 
203   // Whether to batch write operations for COW
204   bool batched_writes = false;
205 
206   // Whether to enable multi-threaded compression on COW writes
207   std::optional<bool> enable_threading;
208 };
209 
210 class InstallPlanAction;
211 
212 template <>
213 class ActionTraits<InstallPlanAction> {
214  public:
215   // Takes the install plan as input
216   typedef InstallPlan InputObjectType;
217   // Passes the install plan as output
218   typedef InstallPlan OutputObjectType;
219 };
220 
221 // Basic action that only receives and sends Install Plans.
222 // Can be used to construct an Install Plan to send to any other Action that
223 // accept an InstallPlan.
224 class InstallPlanAction : public Action<InstallPlanAction> {
225  public:
InstallPlanAction()226   InstallPlanAction() {}
InstallPlanAction(const InstallPlan & install_plan)227   explicit InstallPlanAction(const InstallPlan& install_plan)
228       : install_plan_(install_plan) {}
229 
PerformAction()230   void PerformAction() override {
231     if (HasOutputPipe()) {
232       SetOutputObject(install_plan_);
233     }
234     processor_->ActionComplete(this, ErrorCode::kSuccess);
235   }
236 
install_plan()237   InstallPlan* install_plan() { return &install_plan_; }
238 
StaticType()239   static std::string StaticType() { return "InstallPlanAction"; }
Type()240   std::string Type() const override { return StaticType(); }
241 
242   typedef ActionTraits<InstallPlanAction>::InputObjectType InputObjectType;
243   typedef ActionTraits<InstallPlanAction>::OutputObjectType OutputObjectType;
244 
245  protected:
246   InstallPlan install_plan_;
247 
248  private:
249   DISALLOW_COPY_AND_ASSIGN(InstallPlanAction);
250 };
251 
252 }  // namespace chromeos_update_engine
253 
254 #endif  // UPDATE_ENGINE_PAYLOAD_CONSUMER_INSTALL_PLAN_H_
255