AU: Don't allow stateful /etc/lsb-release override in normal boot mode...

omaha_request_params.cc

 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "update_engine/omaha_request_params.h"
 
 #include <errno.h>
 #include <fcntl.h>
 #include <sys/utsname.h>
 
@@ skipping 20 matching lines @@
 const char* const OmahaRequestParams::kAppId(
     "{87efface-864d-49a5-9bb3-4b050a7c227a}");
 const char* const OmahaRequestParams::kOsPlatform("Chrome OS");
 const char* const OmahaRequestParams::kOsVersion("Indy");
 const char* const OmahaRequestParams::kUpdateUrl(
     "https://tools.google.com/service/update2");
 
 static const char kHWIDPath[] = "/sys/devices/platform/chromeos_acpi/HWID";
 
 OmahaRequestDeviceParams::OmahaRequestDeviceParams() :
-    force_build_type_(false),
-    forced_official_build_(false) {}
+    force_lock_down_(false),
+    forced_lock_down_(false) {}
 
 bool OmahaRequestDeviceParams::Init(const std::string& in_app_version,
                                     const std::string& in_update_url) {
+  bool stateful_override = !ShouldLockDown();
   os_platform = OmahaRequestParams::kOsPlatform;
   os_version = OmahaRequestParams::kOsVersion;
   app_version = in_app_version.empty() ?
-      GetLsbValue("CHROMEOS_RELEASE_VERSION", "", NULL, true) : in_app_version;
+      GetLsbValue("CHROMEOS_RELEASE_VERSION", "", NULL, stateful_override) :
+      in_app_version;
   os_sp = app_version + "_" + GetMachineType();
-  os_board = GetLsbValue("CHROMEOS_RELEASE_BOARD", "", NULL, true);
+  os_board = GetLsbValue("CHROMEOS_RELEASE_BOARD", "", NULL, stateful_override);
   app_id = GetLsbValue("CHROMEOS_RELEASE_APPID",
                        OmahaRequestParams::kAppId,
                        NULL,
-                       true);
+                       stateful_override);
   app_lang = "en-US";
   app_track = GetLsbValue(
       kUpdateTrackKey,
       "",
       &chromeos_update_engine::OmahaRequestDeviceParams::IsValidTrack,
-      true);
+      true);  // stateful_override
   hardware_class = GetHardwareClass();
   struct stat stbuf;
 
   // Deltas are only okay if the /.nodelta file does not exist.  If we don't
   // know (i.e. stat() returns some unexpected error), then err on the side of
   // caution and say deltas are not okay.
   delta_okay = (stat((root_ + "/.nodelta").c_str(), &stbuf) < 0) &&
                (errno == ENOENT);
 
   // For now, disable delta updates if the rootfs track is different than the
   // track that we're sending to the update server because such updates are
   // destined to fail -- the source rootfs hash will be different than the
   // expected hash due to the different track in /etc/lsb-release.
   //
   // Longer term we should consider an alternative: (a) clients can send
   // (current_version, current_channel, new_channel) information, or (b) the
   // build process can make sure releases on separate tracks are identical (i.e,
   // by not stamping the release with the channel), or (c) the release process
   // can ensure that different channels get different version numbers.
   const string rootfs_track = GetLsbValue(
       kUpdateTrackKey,
       "",
-      &chromeos_update_engine::OmahaRequestDeviceParams::IsValidTrack,
-      false);
+      NULL,  // No need to validate the read-only rootfs track.
+      false);  // stateful_override
   delta_okay = delta_okay && rootfs_track == app_track;
 
   update_url = in_update_url.empty() ?
       GetLsbValue("CHROMEOS_AUSERVER",
                   OmahaRequestParams::kUpdateUrl,
                   NULL,
-                  true) :
+                  stateful_override) :
       in_update_url;
   return true;
 }
 
 bool OmahaRequestDeviceParams::SetTrack(const std::string& track) {
   TEST_AND_RETURN_FALSE(IsValidTrack(track));
   FilePath kFile(root_ + utils::kStatefulPartition + "/etc/lsb-release");
   string file_data;
   map<string, string> data;
   if (file_util::ReadFileToString(kFile, &file_data)) {
@@ skipping 63 matching lines @@
 string OmahaRequestDeviceParams::GetHardwareClass() const {
   string hwid;
   if (!file_util::ReadFileToString(FilePath(root_ + kHWIDPath), &hwid)) {
     LOG(ERROR) << "Unable to determine the system hardware qualification ID.";
     return "";
   }
   TrimWhitespaceASCII(hwid, TRIM_ALL, &hwid);
   return hwid;
 }
 
-bool OmahaRequestDeviceParams::IsOfficialBuild() const {
-  return force_build_type_ ? forced_official_build_ : utils::IsOfficialBuild();
+bool OmahaRequestDeviceParams::ShouldLockDown() const {
+  if (force_lock_down_) {
+    return forced_lock_down_;
+  }
+  return utils::IsOfficialBuild() && utils::IsNormalBootMode();
 }
 
 bool OmahaRequestDeviceParams::IsValidTrack(const std::string& track) const {
   static const char* kValidTracks[] = {
     "canary-channel",
     "beta-channel",
     "dev-channel",
   };
-  if (!IsOfficialBuild()) {
+  if (!ShouldLockDown()) {
     return true;
   }
   for (size_t t = 0; t < arraysize(kValidTracks); ++t) {
     if (track == kValidTracks[t]) {
       return true;
     }
   }
   return false;
 }
 
-void OmahaRequestDeviceParams::SetBuildTypeOfficial(bool is_official) {
-  force_build_type_ = true;
-  forced_official_build_ = is_official;
+void OmahaRequestDeviceParams::SetLockDown(bool lock) {
+  force_lock_down_ = true;
+  forced_lock_down_ = lock;
 }
 
 }  // namespace chromeos_update_engine