Add a new app API to enable watchdog behavior restarts in kiosk apps

extensions/browser/api/runtime/runtime_api.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "extensions/browser/api/runtime/runtime_api.h"
 
 #include <memory>
 #include <utility>
 
 #include "base/lazy_instance.h"
 #include "base/logging.h"
 #include "base/metrics/histogram.h"
+#include "base/strings/string_number_conversions.h"
 #include "base/values.h"
 #include "base/version.h"
 #include "content/public/browser/browser_context.h"
 #include "content/public/browser/child_process_security_policy.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/render_process_host.h"
 #include "extensions/browser/api/runtime/runtime_api_delegate.h"
 #include "extensions/browser/event_router.h"
 #include "extensions/browser/extension_host.h"
 #include "extensions/browser/extension_prefs.h"
 #include "extensions/browser/extension_registry.h"
 #include "extensions/browser/extension_system.h"
 #include "extensions/browser/extension_util.h"
 #include "extensions/browser/extensions_browser_client.h"
 #include "extensions/browser/lazy_background_task_queue.h"
 #include "extensions/browser/notification_types.h"
 #include "extensions/browser/process_manager_factory.h"
+#include "extensions/browser/state_store.h"
 #include "extensions/common/api/runtime.h"
 #include "extensions/common/error_utils.h"
 #include "extensions/common/extension.h"
 #include "extensions/common/manifest_handlers/background_info.h"
 #include "extensions/common/manifest_handlers/shared_module_info.h"
 #include "storage/browser/fileapi/isolated_context.h"
 #include "url/gurl.h"
 
 using content::BrowserContext;
 
@@ skipping 28 matching lines @@
     "pending_on_installed_event_dispatch_info";
 
 // Previously installed version number.
 const char kPrefPreviousVersion[] = "previous_version";
 
 // The name of the directory to be returned by getPackageDirectoryEntry. This
 // particular value does not matter to user code, but is chosen for consistency
 // with the equivalent Pepper API.
 const char kPackageDirectoryPath[] = "crxfs";
 
+// Preference key for storing the last successful restart on watchdog requests.
+const char kPrefRestartOnWatchdogTime[] = "last_restart_on_watchdog_time";
+
+const int kMinDurationBetweenSuccessiveRestartsHours = 3;

[xiyuan, 2016/05/17 21:23:55]

nit: const -> constexpr and maybe update the other "const" as well.

Learned from my other review, constexpr is preferred style.

[afakhry, 2016/05/17 23:59:44]

Done.

+
+// This is used for browsertests, so that we can test the restartOnWatchdog
+// API without a kiost app.
+bool g_allow_non_kiost_apps_restart_api = false;

[xiyuan, 2016/05/17 21:23:55]

nit: remove "g_" prefix since it is not really a global and add a _"for_test"
suffix.

 g_allow_non_kiost_apps_restart_api -> 
allow_non_kiost_apps_restart_api_for_test

[afakhry, 2016/05/17 23:59:45]

Done.

+
 void DispatchOnStartupEventImpl(BrowserContext* browser_context,
                                 const std::string& extension_id,
                                 bool first_call,
                                 ExtensionHost* host) {
   // A NULL host from the LazyBackgroundTaskQueue means the page failed to
   // load. Give up.
   if (!host && !first_call)
     return;
 
   // Don't send onStartup events to incognito browser contexts.
@@ skipping 60 matching lines @@
 
 template <>
 void BrowserContextKeyedAPIFactory<RuntimeAPI>::DeclareFactoryDependencies() {
   DependsOn(ProcessManagerFactory::GetInstance());
 }
 
 RuntimeAPI::RuntimeAPI(content::BrowserContext* context)
     : browser_context_(context),
       dispatch_chrome_updated_event_(false),
       extension_registry_observer_(this),
-      process_manager_observer_(this) {
+      process_manager_observer_(this),
+      minimum_duration_between_restarts_(base::TimeDelta::FromHours(
+          kMinDurationBetweenSuccessiveRestartsHours)),
+      weak_ptr_factory_(this) {
   // RuntimeAPI is redirected in incognito, so |browser_context_| is never
   // incognito.
   DCHECK(!browser_context_->IsOffTheRecord());
 
   registrar_.Add(this,
                  extensions::NOTIFICATION_EXTENSIONS_READY_DEPRECATED,
                  content::Source<BrowserContext>(context));
   extension_registry_observer_.Add(ExtensionRegistry::Get(browser_context_));
   process_manager_observer_.Add(ProcessManager::Get(browser_context_));
 
@@ skipping 144 matching lines @@
 }
 
 bool RuntimeAPI::GetPlatformInfo(runtime::PlatformInfo* info) {
   return delegate_->GetPlatformInfo(info);
 }
 
 bool RuntimeAPI::RestartDevice(std::string* error_message) {
   return delegate_->RestartDevice(error_message);
 }
 
+RuntimeAPI::RestartOnWatchdogStatus RuntimeAPI::RestartDeviceOnWatchdogTimeout(
+    const std::string& extension_id,
+    int seconds_from_now,
+    const OnWatchdogTimeoutCallback& callback) {
+  // To achieve as much accuracy as possible, record the time of the call as
+  // |now| here.
+  const base::Time now = base::Time::NowFromSystemTime();
+
+  if (schedule_restart_first_extension_id_.empty()) {
+    schedule_restart_first_extension_id_ = extension_id;
+  } else if (extension_id != schedule_restart_first_extension_id_) {
+    // We only allow the first extension to call this API to call it repeatedly.
+    // Any other extension will fail.
+    return RestartOnWatchdogStatus::FAILED_NOT_FIRST_EXTENSION;
+  }
+
+  if (seconds_from_now == -1) {
+    MaybeCancelRunningWatchdogTimer();
+    return RestartOnWatchdogStatus::SUCCESS_RESTART_CANCELLED;
+  }
+
+  // Try to read any previously recorded restart request time.
+  StateStore* storage = ExtensionSystem::Get(browser_context_)->state_store();
+  if (storage) {
+    storage->GetExtensionValue(
+        extension_id, kPrefRestartOnWatchdogTime,
+        base::Bind(&RuntimeAPI::ScheduleDelayedRestart,
+                   weak_ptr_factory_.GetWeakPtr(), extension_id, now,
+                   seconds_from_now, callback));
+  } else {
+    std::unique_ptr<base::Value> stored_last_restart(
+        new base::FundamentalValue(0.0));
+    ScheduleDelayedRestart(extension_id, now, seconds_from_now, callback,
+                           std::move(stored_last_restart));
+  }
+
+  return RestartOnWatchdogStatus::SUCCESS_RESTART_SCHEDULED;
+}
+
 bool RuntimeAPI::OpenOptionsPage(const Extension* extension) {
   return delegate_->OpenOptionsPage(extension);
 }
 
+void RuntimeAPI::MaybeCancelRunningWatchdogTimer() {
+  if (!watchdog_timer_.IsRunning())
+    return;
+
+  if (!current_watchdog_request_callback_.is_null()) {
+    current_watchdog_request_callback_.Run(false,
+                                           "Restart request was cancelled.");
+    current_watchdog_request_callback_.Reset();
+  }
+}
+
+void RuntimeAPI::ScheduleDelayedRestart(
+    const std::string& extension_id,
+    const base::Time& now,
+    int seconds_from_now,
+    const OnWatchdogTimeoutCallback& callback,
+    std::unique_ptr<base::Value> stored_last_restart) {
+  base::TimeDelta delay_till_restart =
+      base::TimeDelta::FromSeconds(seconds_from_now);
+
+  // Read the last restart  time, and throttle restart requests that are
+  // received too soon successively.
+  double last_restart_time_double = 0.0;
+  if (stored_last_restart &&
+      stored_last_restart->GetAsDouble(&last_restart_time_double)) {
+    base::Time last_restart_time =
+        base::Time::FromDoubleT(last_restart_time_double);
+
+    base::Time future_restart_time = now + delay_till_restart;
+    base::TimeDelta future_time_since_last_restart =
+        future_restart_time > last_restart_time
+            ? future_restart_time - last_restart_time
+            : base::TimeDelta();
+    if (future_time_since_last_restart < minimum_duration_between_restarts_) {
+      // Schedule the restart after |minimum_duration_between_restarts_| has
+      // passed.
+      delay_till_restart =
+          minimum_duration_between_restarts_ - (now - last_restart_time);
+    }
+  }
+
+  MaybeCancelRunningWatchdogTimer();
+  current_watchdog_request_callback_ = callback;
+  watchdog_timer_.Start(
+      FROM_HERE, delay_till_restart,
+      base::Bind(&RuntimeAPI::OnRestartWatchdogTimeout,
+                 weak_ptr_factory_.GetWeakPtr(), extension_id));
+}
+
+void RuntimeAPI::OnRestartWatchdogTimeout(const std::string& extension_id) {
+  // We can persist "now" as the last successful restart time, assuming that the
+  // following restart request will succeed, since it can only fail if requested
+  // by non kiost apps, and we prevent that from the beginning (unless in

[xiyuan, 2016/05/17 21:23:55]

kiost -> kiosk

[afakhry, 2016/05/17 23:59:45]

Done.

+  // browsertests).
+  // This assumption is important, since once restart is requested, we might not
+  // have enough time to persist the data to disk.
+  StateStore* storage = ExtensionSystem::Get(browser_context_)->state_store();
+  if (storage) {
+    base::Time now = base::Time::NowFromSystemTime();
+    std::unique_ptr<base::Value> restart_time(
+        new base::FundamentalValue(now.ToDoubleT()));
+    storage->SetExtensionValue(extension_id, kPrefRestartOnWatchdogTime,
+                               std::move(restart_time));
+  }
+
+  std::string error_message;
+  const bool success = delegate_->RestartDevice(&error_message);
+
+  current_watchdog_request_callback_.Run(success, error_message);
+  current_watchdog_request_callback_.Reset();
+
+  if (!success && !g_allow_non_kiost_apps_restart_api) {
+    // This is breaking our above assumption and should never be reached.
+    NOTREACHED();
+  }
+}
+
+void RuntimeAPI::AllowNonKiostAppsInRestartOnWatchdogForTesting() {
+  g_allow_non_kiost_apps_restart_api = true;
+}
+
 ///////////////////////////////////////////////////////////////////////////////
 
 // static
 void RuntimeEventRouter::DispatchOnStartupEvent(
     content::BrowserContext* context,
     const std::string& extension_id) {
   DispatchOnStartupEventImpl(context, extension_id, true, NULL);
 }
 
 // static
@@ skipping 206 matching lines @@
   std::string message;
   bool result =
       RuntimeAPI::GetFactoryInstance()->Get(browser_context())->RestartDevice(
           &message);
   if (!result) {
     return RespondNow(Error(message));
   }
   return RespondNow(NoArguments());
 }
 
+ExtensionFunction::ResponseAction RuntimeRestartOnWatchdogFunction::Run() {
+  if (!g_allow_non_kiost_apps_restart_api &&
+      !ExtensionsBrowserClient::Get()->IsRunningInForcedAppMode()) {
+    return RespondNow(Error("API available only for ChromeOS kiosk mode."));
+  }
+
+  std::unique_ptr<api::runtime::RestartOnWatchdog::Params> params(
+      api::runtime::RestartOnWatchdog::Params::Create(*args_));
+  EXTENSION_FUNCTION_VALIDATE(params.get());
+  int seconds = params->seconds;
+
+  if (seconds < -1) {
+    return RespondNow(
+        Error("Invalid argument: *.", base::IntToString(seconds)));
+  }
+
+  RuntimeAPI::RestartOnWatchdogStatus request_status =
+      RuntimeAPI::GetFactoryInstance()
+          ->Get(browser_context())
+          ->RestartDeviceOnWatchdogTimeout(
+              extension()->id(), seconds,
+              base::Bind(&RuntimeRestartOnWatchdogFunction::OnWatchdogTimeout,
+                         this));
+
+  switch (request_status) {
+    case RuntimeAPI::RestartOnWatchdogStatus::FAILED_NOT_FIRST_EXTENSION:
+      return RespondNow(Error("Not the first extension to call this API."));

[xiyuan, 2016/05/17 21:23:55]

nit: Use a kErrorXXX for error string literals, here and other places.

[afakhry, 2016/05/17 23:59:45]

Done.

+
+    case RuntimeAPI::RestartOnWatchdogStatus::SUCCESS_RESTART_CANCELLED:
+      return RespondNow(
+          ArgumentList(api::runtime::RestartOnWatchdog::Results::Create(
+              true, "No more restarts are scheduled.")));
+      ;

[xiyuan, 2016/05/17 21:23:55]

nit: remove?

[afakhry, 2016/05/17 23:59:44]

Done. Not sure where that came from!

+
+    case RuntimeAPI::RestartOnWatchdogStatus::SUCCESS_RESTART_SCHEDULED:
+      return RespondLater();
+  }
+
+  NOTREACHED();
+  return RespondLater();

[xiyuan, 2016/05/17 21:23:55]

nit: RespondNow with an error.

[afakhry, 2016/05/17 23:59:44]

Done.

+}
+
+void RuntimeRestartOnWatchdogFunction::OnWatchdogTimeout(
+    bool success,
+    const std::string& message) {
+  if (!success)
+    WriteToConsole(content::CONSOLE_MESSAGE_LEVEL_ERROR, message);
+
+  Respond(ArgumentList(
+      api::runtime::RestartOnWatchdog::Results::Create(success, message)));
+}
+
 ExtensionFunction::ResponseAction RuntimeGetPlatformInfoFunction::Run() {
   runtime::PlatformInfo info;
   if (!RuntimeAPI::GetFactoryInstance()
            ->Get(browser_context())
            ->GetPlatformInfo(&info)) {
     return RespondNow(Error(kPlatformInfoUnavailable));
   }
   return RespondNow(
       ArgumentList(runtime::GetPlatformInfo::Results::Create(info)));
 }
@@ skipping 13 matching lines @@
   content::ChildProcessSecurityPolicy* policy =
       content::ChildProcessSecurityPolicy::GetInstance();
   policy->GrantReadFileSystem(renderer_id, filesystem_id);
   base::DictionaryValue* dict = new base::DictionaryValue();
   dict->SetString("fileSystemId", filesystem_id);
   dict->SetString("baseName", relative_path);
   return RespondNow(OneArgument(dict));
 }
 
 }  // namespace extensions