| // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| // |
| // This file contains the definitions of the installer functions that build |
| // the WorkItemList used to install the application. |
| |
| #include "chrome/installer/setup/install_worker.h" |
| |
| #include <oaidl.h> |
| #include <shlobj.h> |
| #include <stddef.h> |
| #include <stdint.h> |
| #include <time.h> |
| #include <windows.h> |
| #include <wrl/client.h> |
| |
| #include <memory> |
| #include <vector> |
| |
| #include "base/bind.h" |
| #include "base/callback_helpers.h" |
| #include "base/command_line.h" |
| #include "base/files/file_path.h" |
| #include "base/files/file_util.h" |
| #include "base/logging.h" |
| #include "base/metrics/histogram_functions.h" |
| #include "base/strings/string_util.h" |
| #include "base/strings/utf_string_conversions.h" |
| #include "base/version.h" |
| #include "base/win/registry.h" |
| #include "base/win/security_util.h" |
| #include "base/win/sid.h" |
| #include "base/win/win_util.h" |
| #include "base/win/windows_version.h" |
| #include "build/branding_buildflags.h" |
| #include "chrome/install_static/buildflags.h" |
| #include "chrome/install_static/install_details.h" |
| #include "chrome/install_static/install_modes.h" |
| #include "chrome/install_static/install_util.h" |
| #include "chrome/installer/setup/downgrade_cleanup.h" |
| #include "chrome/installer/setup/install_params.h" |
| #include "chrome/installer/setup/installer_state.h" |
| #include "chrome/installer/setup/last_breaking_installer_version.h" |
| #include "chrome/installer/setup/setup_constants.h" |
| #include "chrome/installer/setup/setup_util.h" |
| #include "chrome/installer/setup/update_active_setup_version_work_item.h" |
| #include "chrome/installer/util/callback_work_item.h" |
| #include "chrome/installer/util/conditional_work_item_list.h" |
| #include "chrome/installer/util/create_reg_key_work_item.h" |
| #include "chrome/installer/util/firewall_manager_win.h" |
| #include "chrome/installer/util/google_update_constants.h" |
| #include "chrome/installer/util/google_update_settings.h" |
| #include "chrome/installer/util/install_service_work_item.h" |
| #include "chrome/installer/util/install_util.h" |
| #include "chrome/installer/util/installation_state.h" |
| #include "chrome/installer/util/l10n_string_util.h" |
| #include "chrome/installer/util/set_reg_value_work_item.h" |
| #include "chrome/installer/util/shell_util.h" |
| #include "chrome/installer/util/util_constants.h" |
| #include "chrome/installer/util/work_item_list.h" |
| |
| #if BUILDFLAG(USE_GOOGLE_UPDATE_INTEGRATION) |
| #include "chrome/installer/setup/channel_override_work_item.h" |
| #endif |
| |
| using base::ASCIIToWide; |
| using base::win::RegKey; |
| |
| namespace installer { |
| |
| namespace { |
| |
| constexpr wchar_t kChromeInstallFilesCapabilitySid[] = |
| L"S-1-15-3-1024-3424233489-972189580-2057154623-747635277-1604371224-" |
| L"316187997-3786583170-1043257646"; |
| constexpr wchar_t kLpacChromeInstallFilesCapabilitySid[] = |
| L"S-1-15-3-1024-2302894289-466761758-1166120688-1039016420-2430351297-" |
| L"4240214049-4028510897-3317428798"; |
| |
| void AddInstallerCopyTasks(const InstallParams& install_params, |
| WorkItemList* install_list) { |
| DCHECK(install_list); |
| |
| const InstallerState& installer_state = install_params.installer_state; |
| const base::FilePath& setup_path = install_params.setup_path; |
| const base::FilePath& archive_path = install_params.archive_path; |
| const base::FilePath& temp_path = install_params.temp_path; |
| const base::Version& new_version = install_params.new_version; |
| |
| base::FilePath installer_dir( |
| installer_state.GetInstallerDirectory(new_version)); |
| install_list->AddCreateDirWorkItem(installer_dir); |
| |
| base::FilePath exe_dst(installer_dir.Append(setup_path.BaseName())); |
| |
| if (exe_dst != setup_path) { |
| install_list->AddCopyTreeWorkItem(setup_path, exe_dst, temp_path, |
| WorkItem::ALWAYS); |
| } |
| |
| if (installer_state.RequiresActiveSetup()) { |
| // Make a copy of setup.exe with a different name so that Active Setup |
| // doesn't require an admin on XP thanks to Application Compatibility. |
| base::FilePath active_setup_exe(installer_dir.Append(kActiveSetupExe)); |
| install_list->AddCopyTreeWorkItem(setup_path, active_setup_exe, temp_path, |
| WorkItem::ALWAYS); |
| } |
| |
| base::FilePath archive_dst(installer_dir.Append(archive_path.BaseName())); |
| if (archive_path != archive_dst) { |
| // In the past, we copied rather than moved for system level installs so |
| // that the permissions of %ProgramFiles% would be picked up. Now that |
| // |temp_path| is in %ProgramFiles% for system level installs (and in |
| // %LOCALAPPDATA% otherwise), there is no need to do this for the archive. |
| // Setup.exe, on the other hand, is created elsewhere so it must always be |
| // copied. |
| if (temp_path.IsParent(archive_path)) { |
| install_list->AddMoveTreeWorkItem(archive_path, archive_dst, temp_path, |
| WorkItem::ALWAYS_MOVE); |
| } else { |
| // This may occur when setup is run out of an existing installation |
| // directory. We cannot remove the system-level archive. |
| install_list->AddCopyTreeWorkItem(archive_path, archive_dst, temp_path, |
| WorkItem::ALWAYS); |
| } |
| } |
| } |
| |
| // A callback invoked by |work_item| that adds firewall rules for Chrome. Rules |
| // are left in-place on rollback unless |remove_on_rollback| is true. This is |
| // the case for new installs only. Updates and overinstalls leave the rule |
| // in-place on rollback since a previous install of Chrome will be used in that |
| // case. |
| bool AddFirewallRulesCallback(const base::FilePath& chrome_path, |
| const CallbackWorkItem& work_item) { |
| std::unique_ptr<FirewallManager> manager = |
| FirewallManager::Create(chrome_path); |
| if (!manager) { |
| LOG(ERROR) << "Failed creating a FirewallManager. Continuing with install."; |
| return true; |
| } |
| |
| // Adding the firewall rule is expected to fail for user-level installs on |
| // Vista+. Try anyway in case the installer is running elevated. |
| if (!manager->AddFirewallRules()) |
| LOG(ERROR) << "Failed creating a firewall rules. Continuing with install."; |
| |
| // Don't abort installation if the firewall rule couldn't be added. |
| return true; |
| } |
| |
| // A callback invoked by |work_item| that removes firewall rules on rollback |
| // if this is a new install. |
| void RemoveFirewallRulesCallback(const base::FilePath& chrome_path, |
| const CallbackWorkItem& work_item) { |
| std::unique_ptr<FirewallManager> manager = |
| FirewallManager::Create(chrome_path); |
| if (!manager) { |
| LOG(ERROR) << "Failed creating a FirewallManager. Continuing rollback."; |
| return; |
| } |
| |
| manager->RemoveFirewallRules(); |
| } |
| |
| // Adds work items to |list| to create firewall rules. |
| void AddFirewallRulesWorkItems(const InstallerState& installer_state, |
| bool is_new_install, |
| WorkItemList* list) { |
| base::FilePath chrome_path = installer_state.target_path().Append(kChromeExe); |
| WorkItem* item = list->AddCallbackWorkItem( |
| base::BindOnce(&AddFirewallRulesCallback, chrome_path), |
| base::BindOnce(&RemoveFirewallRulesCallback, chrome_path)); |
| item->set_rollback_enabled(is_new_install); |
| } |
| |
| // Probes COM machinery to get an instance of notification_helper.exe's |
| // NotificationActivator class. |
| // |
| // This is required so that COM purges its cache of the path to the binary, |
| // which changes on updates. |
| bool ProbeNotificationActivatorCallback(const CLSID& toast_activator_clsid, |
| const CallbackWorkItem& work_item) { |
| DCHECK(toast_activator_clsid != CLSID_NULL); |
| |
| Microsoft::WRL::ComPtr<IUnknown> notification_activator; |
| HRESULT hr = |
| ::CoCreateInstance(toast_activator_clsid, nullptr, CLSCTX_LOCAL_SERVER, |
| IID_PPV_ARGS(¬ification_activator)); |
| |
| if (hr != REGDB_E_CLASSNOTREG) { |
| LOG(ERROR) << "Unexpected result creating NotificationActivator; hr=0x" |
| << std::hex << hr; |
| return false; |
| } |
| |
| return true; |
| } |
| |
| // This is called when an MSI installation is run. It may be that a user is |
| // attempting to install the MSI on top of a non-MSI managed installation. If |
| // so, try and remove any existing "Add/Remove Programs" entry, as we want the |
| // uninstall to be managed entirely by the MSI machinery (accessible via the |
| // Add/Remove programs dialog). |
| void AddDeleteUninstallEntryForMSIWorkItems( |
| const InstallerState& installer_state, |
| WorkItemList* work_item_list) { |
| DCHECK(installer_state.is_msi()) |
| << "This must only be called for MSI installations!"; |
| |
| HKEY reg_root = installer_state.root_key(); |
| std::wstring uninstall_reg = install_static::GetUninstallRegistryPath(); |
| |
| WorkItem* delete_reg_key = work_item_list->AddDeleteRegKeyWorkItem( |
| reg_root, uninstall_reg, KEY_WOW64_32KEY); |
| delete_reg_key->set_best_effort(true); |
| } |
| |
| // Adds Chrome specific install work items to |install_list|. |
| void AddChromeWorkItems(const InstallParams& install_params, |
| WorkItemList* install_list) { |
| const InstallerState& installer_state = install_params.installer_state; |
| const base::FilePath& archive_path = install_params.archive_path; |
| const base::FilePath& src_path = install_params.src_path; |
| const base::FilePath& temp_path = install_params.temp_path; |
| const base::Version& current_version = install_params.current_version; |
| const base::Version& new_version = install_params.new_version; |
| |
| const base::FilePath& target_path = installer_state.target_path(); |
| |
| if (current_version.IsValid()) { |
| // Delete the archive from an existing install to save some disk space. |
| base::FilePath old_installer_dir( |
| installer_state.GetInstallerDirectory(current_version)); |
| base::FilePath old_archive( |
| old_installer_dir.Append(installer::kChromeArchive)); |
| // Don't delete the archive that we are actually installing from. |
| if (archive_path != old_archive) { |
| auto* delete_old_archive_work_item = |
| install_list->AddDeleteTreeWorkItem(old_archive, temp_path); |
| // Don't cause failure of |install_list| if this WorkItem fails. |
| delete_old_archive_work_item->set_best_effort(true); |
| // No need to roll this back; if installation fails we'll be moved to the |
| // "-full" channel anyway. |
| delete_old_archive_work_item->set_rollback_enabled(false); |
| } |
| } |
| |
| // Delete any new_chrome.exe if present (we will end up creating a new one |
| // if required) and then copy chrome.exe |
| base::FilePath new_chrome_exe(target_path.Append(installer::kChromeNewExe)); |
| |
| install_list->AddDeleteTreeWorkItem(new_chrome_exe, temp_path); |
| |
| install_list->AddCopyTreeWorkItem(src_path.Append(installer::kChromeExe), |
| target_path.Append(installer::kChromeExe), |
| temp_path, WorkItem::NEW_NAME_IF_IN_USE, |
| new_chrome_exe); |
| |
| // Install kVisualElementsManifest if it is present in |src_path|. No need to |
| // make this a conditional work item as if the file is not there now, it will |
| // never be. |
| // TODO(grt): Touch the Start Menu shortcut after putting the manifest in |
| // place to force the Start Menu to refresh Chrome's tile. |
| if (base::PathExists(src_path.Append(installer::kVisualElementsManifest))) { |
| install_list->AddMoveTreeWorkItem( |
| src_path.Append(installer::kVisualElementsManifest), |
| target_path.Append(installer::kVisualElementsManifest), temp_path, |
| WorkItem::ALWAYS_MOVE); |
| } else { |
| // We do not want to have an old VisualElementsManifest pointing to an old |
| // version directory. Delete it as there wasn't a new one to replace it. |
| install_list->AddDeleteTreeWorkItem( |
| target_path.Append(installer::kVisualElementsManifest), temp_path); |
| } |
| |
| // In the past, we copied rather than moved for system level installs so that |
| // the permissions of %ProgramFiles% would be picked up. Now that |temp_path| |
| // is in %ProgramFiles% for system level installs (and in %LOCALAPPDATA% |
| // otherwise), there is no need to do this. |
| // Note that we pass true for check_duplicates to avoid failing on in-use |
| // repair runs if the current_version is the same as the new_version. |
| bool check_for_duplicates = |
| (current_version.IsValid() && current_version == new_version); |
| install_list->AddMoveTreeWorkItem( |
| src_path.AppendASCII(new_version.GetString()), |
| target_path.AppendASCII(new_version.GetString()), temp_path, |
| check_for_duplicates ? WorkItem::CHECK_DUPLICATES |
| : WorkItem::ALWAYS_MOVE); |
| |
| // Delete any old_chrome.exe if present (ignore failure if it's in use). |
| install_list |
| ->AddDeleteTreeWorkItem(target_path.Append(installer::kChromeOldExe), |
| temp_path) |
| ->set_best_effort(true); |
| } |
| |
| #if BUILDFLAG(GOOGLE_CHROME_BRANDING) |
| // Adds work items to register the Elevation Service with Windows. Only for |
| // system level installs. |
| void AddElevationServiceWorkItems(const base::FilePath& elevation_service_path, |
| WorkItemList* list) { |
| DCHECK(::IsUserAnAdmin()); |
| |
| if (elevation_service_path.empty()) { |
| LOG(DFATAL) << "The path to elevation_service.exe is invalid."; |
| return; |
| } |
| |
| WorkItem* install_service_work_item = new InstallServiceWorkItem( |
| install_static::GetElevationServiceName(), |
| install_static::GetElevationServiceDisplayName(), |
| base::CommandLine(elevation_service_path), |
| install_static::GetClientStateKeyPath(), |
| {install_static::GetElevatorClsid()}, {install_static::GetElevatorIid()}); |
| install_service_work_item->set_best_effort(true); |
| list->AddWorkItem(install_service_work_item); |
| } |
| |
| // Adds work items to add or remove the "store-dmtoken" command to Chrome's |
| // version key. This method is a no-op if this is anything other than |
| // system-level Chrome. The command is used when enrolling Chrome browser |
| // instances into enterprise management. |new_version| is the version currently |
| // being installed -- can be empty on uninstall. |
| void AddEnterpriseEnrollmentWorkItems(const InstallerState& installer_state, |
| const base::FilePath& setup_path, |
| const base::Version& new_version, |
| WorkItemList* install_list) { |
| if (!installer_state.system_install()) |
| return; |
| |
| const HKEY root_key = installer_state.root_key(); |
| const std::wstring cmd_key(GetCommandKey(kCmdStoreDMToken)); |
| |
| if (installer_state.operation() == InstallerState::UNINSTALL) { |
| install_list->AddDeleteRegKeyWorkItem(root_key, cmd_key, KEY_WOW64_32KEY) |
| ->set_log_message("Removing store DM token command"); |
| } else { |
| // Register a command to allow Chrome to request Google Update to run |
| // setup.exe --store-dmtoken=<token>, which will store the specified token |
| // in the registry. |
| base::CommandLine cmd_line( |
| installer_state.GetInstallerDirectory(new_version) |
| .Append(setup_path.BaseName())); |
| cmd_line.AppendSwitchASCII(switches::kStoreDMToken, "%1"); |
| cmd_line.AppendSwitch(switches::kSystemLevel); |
| cmd_line.AppendSwitch(switches::kVerboseLogging); |
| InstallUtil::AppendModeAndChannelSwitches(&cmd_line); |
| |
| // The substitution for the insert sequence "%1" here is performed safely by |
| // Google Update rather than insecurely by the Windows shell. Disable the |
| // safety check for unsafe insert sequences since the right thing is |
| // happening. Do not blindly copy this pattern in new code. Check with a |
| // member of base/win/OWNERS if in doubt. |
| AppCommand cmd(cmd_line.GetCommandLineStringWithUnsafeInsertSequences()); |
| |
| // TODO(alito): For now setting this command as web accessible is required |
| // by Google Update. Could revisit this should Google Update change the |
| // way permissions are handled for commands. |
| cmd.set_is_web_accessible(true); |
| cmd.AddWorkItems(root_key, cmd_key, install_list); |
| } |
| } |
| |
| #endif // BUILDFLAG(GOOGLE_CHROME_BRANDING) |
| |
| } // namespace |
| |
| // This method adds work items to create (or update) Chrome uninstall entry in |
| // either the Control Panel->Add/Remove Programs list or in the Omaha client |
| // state key if running under an MSI installer. |
| void AddUninstallShortcutWorkItems(const InstallParams& install_params, |
| WorkItemList* install_list) { |
| const InstallerState& installer_state = install_params.installer_state; |
| const base::FilePath& setup_path = install_params.setup_path; |
| const base::Version& new_version = install_params.new_version; |
| |
| HKEY reg_root = installer_state.root_key(); |
| |
| // When we are installed via an MSI, we need to store our uninstall strings |
| // in the Google Update client state key. We do this even for non-MSI |
| // managed installs to avoid breaking the edge case whereby an MSI-managed |
| // install is updated by a non-msi installer (which would confuse the MSI |
| // machinery if these strings were not also updated). The UninstallString |
| // value placed in the client state key is also used by the mini_installer to |
| // locate the setup.exe instance used for binary patching. |
| // Do not quote the command line for the MSI invocation. |
| base::FilePath install_path(installer_state.target_path()); |
| base::FilePath installer_path( |
| installer_state.GetInstallerDirectory(new_version)); |
| installer_path = installer_path.Append(setup_path.BaseName()); |
| |
| base::CommandLine uninstall_arguments(base::CommandLine::NO_PROGRAM); |
| AppendUninstallCommandLineFlags(installer_state, &uninstall_arguments); |
| |
| std::wstring update_state_key(install_static::GetClientStateKeyPath()); |
| install_list->AddCreateRegKeyWorkItem(reg_root, update_state_key, |
| KEY_WOW64_32KEY); |
| install_list->AddSetRegValueWorkItem( |
| reg_root, update_state_key, KEY_WOW64_32KEY, |
| installer::kUninstallStringField, installer_path.value(), true); |
| install_list->AddSetRegValueWorkItem( |
| reg_root, update_state_key, KEY_WOW64_32KEY, |
| installer::kUninstallArgumentsField, |
| uninstall_arguments.GetCommandLineString(), true); |
| |
| // MSI installations will manage their own uninstall shortcuts. |
| if (!installer_state.is_msi()) { |
| // We need to quote the command line for the Add/Remove Programs dialog. |
| base::CommandLine quoted_uninstall_cmd(installer_path); |
| DCHECK_EQ(quoted_uninstall_cmd.GetCommandLineString()[0], '"'); |
| quoted_uninstall_cmd.AppendArguments(uninstall_arguments, false); |
| |
| std::wstring uninstall_reg = install_static::GetUninstallRegistryPath(); |
| install_list->AddCreateRegKeyWorkItem(reg_root, uninstall_reg, |
| KEY_WOW64_32KEY); |
| install_list->AddSetRegValueWorkItem(reg_root, uninstall_reg, |
| KEY_WOW64_32KEY, |
| installer::kUninstallDisplayNameField, |
| InstallUtil::GetDisplayName(), true); |
| install_list->AddSetRegValueWorkItem( |
| reg_root, uninstall_reg, KEY_WOW64_32KEY, |
| installer::kUninstallStringField, |
| quoted_uninstall_cmd.GetCommandLineString(), true); |
| install_list->AddSetRegValueWorkItem(reg_root, uninstall_reg, |
| KEY_WOW64_32KEY, L"InstallLocation", |
| install_path.value(), true); |
| |
| std::wstring chrome_icon = |
| ShellUtil::FormatIconLocation(install_path.Append(kChromeExe), |
| install_static::GetIconResourceIndex()); |
| install_list->AddSetRegValueWorkItem(reg_root, uninstall_reg, |
| KEY_WOW64_32KEY, L"DisplayIcon", |
| chrome_icon, true); |
| install_list->AddSetRegValueWorkItem(reg_root, uninstall_reg, |
| KEY_WOW64_32KEY, L"NoModify", |
| static_cast<DWORD>(1), true); |
| install_list->AddSetRegValueWorkItem(reg_root, uninstall_reg, |
| KEY_WOW64_32KEY, L"NoRepair", |
| static_cast<DWORD>(1), true); |
| |
| install_list->AddSetRegValueWorkItem(reg_root, uninstall_reg, |
| KEY_WOW64_32KEY, L"Publisher", |
| InstallUtil::GetPublisherName(), true); |
| install_list->AddSetRegValueWorkItem( |
| reg_root, uninstall_reg, KEY_WOW64_32KEY, L"Version", |
| ASCIIToWide(new_version.GetString()), true); |
| install_list->AddSetRegValueWorkItem( |
| reg_root, uninstall_reg, KEY_WOW64_32KEY, L"DisplayVersion", |
| ASCIIToWide(new_version.GetString()), true); |
| // TODO(wfh): Ensure that this value is preserved in the 64-bit hive when |
| // 64-bit installs place the uninstall information into the 64-bit registry. |
| install_list->AddSetRegValueWorkItem(reg_root, uninstall_reg, |
| KEY_WOW64_32KEY, L"InstallDate", |
| InstallUtil::GetCurrentDate(), true); |
| |
| const std::vector<uint32_t>& version_components = new_version.components(); |
| if (version_components.size() == 4) { |
| // Our version should be in major.minor.build.rev. |
| install_list->AddSetRegValueWorkItem( |
| reg_root, uninstall_reg, KEY_WOW64_32KEY, L"VersionMajor", |
| static_cast<DWORD>(version_components[2]), true); |
| install_list->AddSetRegValueWorkItem( |
| reg_root, uninstall_reg, KEY_WOW64_32KEY, L"VersionMinor", |
| static_cast<DWORD>(version_components[3]), true); |
| } |
| } |
| } |
| |
| // Create Version key for a product (if not already present) and sets the new |
| // product version as the last step. |
| void AddVersionKeyWorkItems(const InstallParams& install_params, |
| WorkItemList* list) { |
| const InstallerState& installer_state = install_params.installer_state; |
| const HKEY root = installer_state.root_key(); |
| |
| // Only set "lang" for user-level installs since for system-level, the install |
| // language may not be related to a given user's runtime language. |
| const bool add_language_identifier = !installer_state.system_install(); |
| |
| const std::wstring clients_key = install_static::GetClientsKeyPath(); |
| list->AddCreateRegKeyWorkItem(root, clients_key, KEY_WOW64_32KEY); |
| |
| list->AddSetRegValueWorkItem(root, clients_key, KEY_WOW64_32KEY, |
| google_update::kRegNameField, |
| InstallUtil::GetDisplayName(), |
| true); // overwrite name also |
| |
| // Clean up when updating from M85 and older installs. |
| // Can be removed after newer stable builds have been in the wild |
| // enough to have done a reasonable degree of clean up. |
| list->AddDeleteRegValueWorkItem(root, clients_key, KEY_WOW64_32KEY, |
| L"oopcrashes"); |
| |
| if (add_language_identifier) { |
| // Write the language identifier of the current translation. Omaha's set of |
| // languages is a superset of Chrome's set of translations with this one |
| // exception: what Chrome calls "en-us", Omaha calls "en". sigh. |
| std::wstring language(GetCurrentTranslation()); |
| if (base::LowerCaseEqualsASCII(language, "en-us")) |
| language.resize(2); |
| list->AddSetRegValueWorkItem(root, clients_key, KEY_WOW64_32KEY, |
| google_update::kRegLangField, language, |
| false); // do not overwrite language |
| } |
| list->AddSetRegValueWorkItem( |
| root, clients_key, KEY_WOW64_32KEY, google_update::kRegVersionField, |
| ASCIIToWide(install_params.new_version.GetString()), |
| true); // overwrite version |
| } |
| |
| void AddUpdateBrandCodeWorkItem(const InstallerState& installer_state, |
| WorkItemList* install_list) { |
| // Only update specific brand codes needed for enterprise. |
| std::wstring brand; |
| if (!GoogleUpdateSettings::GetBrand(&brand)) |
| return; |
| |
| std::wstring new_brand = GetUpdatedBrandCode(brand); |
| if (new_brand.empty()) |
| return; |
| |
| // Only update if this machine is: |
| // - domain joined, or |
| // - registered with MDM and is not windows home edition |
| bool is_enterprise_version = |
| base::win::OSInfo::GetInstance()->version_type() != base::win::SUITE_HOME; |
| if (!(base::win::IsEnrolledToDomain() || |
| (base::win::IsDeviceRegisteredWithManagement() && |
| is_enterprise_version))) { |
| return; |
| } |
| |
| install_list->AddSetRegValueWorkItem( |
| installer_state.root_key(), install_static::GetClientStateKeyPath(), |
| KEY_WOW64_32KEY, google_update::kRegRLZBrandField, new_brand, true); |
| } |
| |
| std::wstring GetUpdatedBrandCode(const std::wstring& brand_code) { |
| // Brand codes to be remapped on enterprise installs. |
| static constexpr struct EnterpriseBrandRemapping { |
| const wchar_t* old_brand; |
| const wchar_t* new_brand; |
| } kEnterpriseBrandRemapping[] = { |
| {L"GGLS", L"GCEU"}, |
| {L"GGRV", L"GCEV"}, |
| }; |
| |
| for (auto mapping : kEnterpriseBrandRemapping) { |
| if (brand_code == mapping.old_brand) |
| return mapping.new_brand; |
| } |
| return std::wstring(); |
| } |
| |
| bool AppendPostInstallTasks(const InstallParams& install_params, |
| WorkItemList* post_install_task_list) { |
| DCHECK(post_install_task_list); |
| |
| const InstallerState& installer_state = install_params.installer_state; |
| const base::FilePath& setup_path = install_params.setup_path; |
| const base::FilePath& src_path = install_params.src_path; |
| const base::FilePath& temp_path = install_params.temp_path; |
| const base::Version& current_version = install_params.current_version; |
| const base::Version& new_version = install_params.new_version; |
| |
| HKEY root = installer_state.root_key(); |
| const base::FilePath& target_path = installer_state.target_path(); |
| base::FilePath new_chrome_exe(target_path.Append(kChromeNewExe)); |
| const std::wstring clients_key(install_static::GetClientsKeyPath()); |
| |
| base::FilePath installer_path( |
| installer_state.GetInstallerDirectory(new_version) |
| .Append(setup_path.BaseName())); |
| |
| // Append work items that will only be executed if this was an in-use update. |
| // We update the 'opv' value with the current version that is active, |
| // the 'cpv' value with the critical update version (if present), and the |
| // 'cmd' value with the rename command to run. |
| { |
| std::unique_ptr<WorkItemList> in_use_update_work_items( |
| WorkItem::CreateConditionalWorkItemList( |
| new ConditionRunIfFileExists(new_chrome_exe))); |
| in_use_update_work_items->set_log_message("InUseUpdateWorkItemList"); |
| |
| // |critical_version| will be valid only if this in-use update includes a |
| // version considered critical relative to the version being updated. |
| base::Version critical_version( |
| installer_state.DetermineCriticalVersion(current_version, new_version)); |
| |
| if (current_version.IsValid()) { |
| in_use_update_work_items->AddSetRegValueWorkItem( |
| root, clients_key, KEY_WOW64_32KEY, |
| google_update::kRegOldVersionField, |
| ASCIIToWide(current_version.GetString()), true); |
| } |
| if (critical_version.IsValid()) { |
| in_use_update_work_items->AddSetRegValueWorkItem( |
| root, clients_key, KEY_WOW64_32KEY, |
| google_update::kRegCriticalVersionField, |
| ASCIIToWide(critical_version.GetString()), true); |
| } else { |
| in_use_update_work_items->AddDeleteRegValueWorkItem( |
| root, clients_key, KEY_WOW64_32KEY, |
| google_update::kRegCriticalVersionField); |
| } |
| |
| // Form the mode-specific rename command. |
| base::CommandLine product_rename_cmd(installer_path); |
| product_rename_cmd.AppendSwitch(switches::kRenameChromeExe); |
| if (installer_state.system_install()) |
| product_rename_cmd.AppendSwitch(switches::kSystemLevel); |
| if (installer_state.verbose_logging()) |
| product_rename_cmd.AppendSwitch(switches::kVerboseLogging); |
| InstallUtil::AppendModeAndChannelSwitches(&product_rename_cmd); |
| in_use_update_work_items->AddSetRegValueWorkItem( |
| root, clients_key, KEY_WOW64_32KEY, google_update::kRegRenameCmdField, |
| product_rename_cmd.GetCommandLineString(), true); |
| |
| // Delay deploying the new chrome_proxy while chrome is running. |
| in_use_update_work_items->AddCopyTreeWorkItem( |
| src_path.Append(kChromeProxyExe), |
| target_path.Append(kChromeProxyNewExe), temp_path, WorkItem::ALWAYS); |
| |
| post_install_task_list->AddWorkItem(in_use_update_work_items.release()); |
| } |
| |
| // Append work items that will be executed if this was NOT an in-use update. |
| { |
| std::unique_ptr<WorkItemList> regular_update_work_items( |
| WorkItem::CreateConditionalWorkItemList( |
| new Not(new ConditionRunIfFileExists(new_chrome_exe)))); |
| regular_update_work_items->set_log_message("RegularUpdateWorkItemList"); |
| |
| // If a channel was specified by policy, update the "channel" registry value |
| // with it so that the browser knows which channel to use, otherwise delete |
| // whatever value that key holds. |
| AddChannelWorkItems(root, clients_key, regular_update_work_items.get()); |
| AddFinalizeUpdateWorkItems(new_version, installer_state, installer_path, |
| regular_update_work_items.get()); |
| |
| // Since this was not an in-use-update, delete 'opv', 'cpv', |
| // and 'cmd' keys. |
| regular_update_work_items->AddDeleteRegValueWorkItem( |
| root, clients_key, KEY_WOW64_32KEY, google_update::kRegOldVersionField); |
| regular_update_work_items->AddDeleteRegValueWorkItem( |
| root, clients_key, KEY_WOW64_32KEY, |
| google_update::kRegCriticalVersionField); |
| regular_update_work_items->AddDeleteRegValueWorkItem( |
| root, clients_key, KEY_WOW64_32KEY, google_update::kRegRenameCmdField); |
| |
| // Only copy chrome_proxy.exe directly when chrome.exe isn't in use to avoid |
| // different versions getting mixed up between the two binaries. |
| regular_update_work_items->AddCopyTreeWorkItem( |
| src_path.Append(kChromeProxyExe), target_path.Append(kChromeProxyExe), |
| temp_path, WorkItem::ALWAYS); |
| |
| post_install_task_list->AddWorkItem(regular_update_work_items.release()); |
| } |
| |
| // If we're told that we're an MSI install, make sure to set the marker |
| // in the client state key so that future updates do the right thing. |
| if (installer_state.is_msi()) { |
| AddSetMsiMarkerWorkItem(installer_state, true, post_install_task_list); |
| |
| // We want MSI installs to take over the Add/Remove Programs entry. Make a |
| // best-effort attempt to delete any entry left over from previous non-MSI |
| // installations for the same type of install (system or per user). |
| AddDeleteUninstallEntryForMSIWorkItems(installer_state, |
| post_install_task_list); |
| } |
| |
| #if BUILDFLAG(USE_GOOGLE_UPDATE_INTEGRATION) |
| // Add a best-effort item to create the ClientStateMedium key for system-level |
| // installs. This is ordinarily done by Google Update prior to running |
| // Chrome's installer. Do it here as well so that the key exists for manual |
| // installs. |
| if (installer_state.system_install()) { |
| const std::wstring path = install_static::GetClientStateMediumKeyPath(); |
| post_install_task_list |
| ->AddCreateRegKeyWorkItem(HKEY_LOCAL_MACHINE, path, KEY_WOW64_32KEY) |
| ->set_best_effort(true); |
| } |
| |
| // Apply policy-driven channel selection to the "ap" value for subsequent |
| // update checks even if the policy is cleared. |
| AddChannelSelectionWorkItems(installer_state, post_install_task_list); |
| #endif // BUILDFLAG(USE_GOOGLE_UPDATE_INTEGRATION) |
| |
| return true; |
| } |
| |
| void AddInstallWorkItems(const InstallParams& install_params, |
| WorkItemList* install_list) { |
| DCHECK(install_list); |
| |
| const InstallerState& installer_state = install_params.installer_state; |
| const base::FilePath& setup_path = install_params.setup_path; |
| const base::FilePath& temp_path = install_params.temp_path; |
| const base::Version& current_version = install_params.current_version; |
| const base::Version& new_version = install_params.new_version; |
| |
| const base::FilePath& target_path = installer_state.target_path(); |
| |
| // A temp directory that work items need and the actual install directory. |
| install_list->AddCreateDirWorkItem(temp_path); |
| install_list->AddCreateDirWorkItem(target_path); |
| |
| // Set permissions early on both temp and target, since moved files may not |
| // inherit permissions. |
| WorkItem* add_ac_acl_to_install = install_list->AddCallbackWorkItem( |
| base::BindOnce( |
| [](const base::FilePath& target_path, const base::FilePath& temp_path, |
| const CallbackWorkItem& work_item) { |
| auto sids = base::win::Sid::FromSddlStringVector( |
| {kChromeInstallFilesCapabilitySid, |
| kLpacChromeInstallFilesCapabilitySid}); |
| bool success = false; |
| if (sids) { |
| bool success_target = base::win::GrantAccessToPath( |
| target_path, *sids, FILE_GENERIC_READ | FILE_GENERIC_EXECUTE, |
| CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE); |
| bool success_temp = base::win::GrantAccessToPath( |
| temp_path, *sids, FILE_GENERIC_READ | FILE_GENERIC_EXECUTE, |
| CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE); |
| success = success_target && success_temp; |
| } |
| |
| base::UmaHistogramBoolean("Setup.Install.AddAppContainerAce", |
| success); |
| return success; |
| }, |
| target_path, temp_path), |
| base::DoNothing()); |
| add_ac_acl_to_install->set_best_effort(true); |
| add_ac_acl_to_install->set_rollback_enabled(false); |
| |
| // Create the directory in which persistent metrics will be stored. |
| const base::FilePath histogram_storage_dir( |
| target_path.AppendASCII(kSetupHistogramAllocatorName)); |
| install_list->AddCreateDirWorkItem(histogram_storage_dir); |
| |
| if (installer_state.system_install()) { |
| WorkItem* add_acl_to_histogram_storage_dir_work_item = |
| install_list->AddCallbackWorkItem( |
| base::BindOnce( |
| [](const base::FilePath& histogram_storage_dir, |
| const CallbackWorkItem& work_item) { |
| auto sid = base::win::Sid::FromKnownSid( |
| base::win::WellKnownSid::kAuthenticatedUser); |
| if (!sid) |
| return false; |
| std::vector<base::win::Sid> sids; |
| sids.push_back(std::move(*sid)); |
| return base::win::GrantAccessToPath( |
| histogram_storage_dir, sids, |
| FILE_GENERIC_READ | FILE_DELETE_CHILD, |
| CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE); |
| }, |
| histogram_storage_dir), |
| base::DoNothing()); |
| add_acl_to_histogram_storage_dir_work_item->set_best_effort(true); |
| add_acl_to_histogram_storage_dir_work_item->set_rollback_enabled(false); |
| } |
| |
| AddChromeWorkItems(install_params, install_list); |
| |
| // Copy installer in install directory |
| AddInstallerCopyTasks(install_params, install_list); |
| |
| AddUninstallShortcutWorkItems(install_params, install_list); |
| |
| AddVersionKeyWorkItems(install_params, install_list); |
| |
| AddCleanupDeprecatedPerUserRegistrationsWorkItems(install_list); |
| |
| AddActiveSetupWorkItems(installer_state, new_version, install_list); |
| |
| AddOsUpgradeWorkItems(installer_state, setup_path, new_version, install_list); |
| #if BUILDFLAG(GOOGLE_CHROME_BRANDING) |
| AddEnterpriseEnrollmentWorkItems(installer_state, setup_path, new_version, |
| install_list); |
| #endif // BUILDFLAG(GOOGLE_CHROME_BRANDING |
| AddFirewallRulesWorkItems(installer_state, !current_version.IsValid(), |
| install_list); |
| |
| // We don't have a version check for Win10+ here so that Windows upgrades |
| // work. |
| AddNativeNotificationWorkItems( |
| installer_state.root_key(), |
| GetNotificationHelperPath(target_path, new_version), install_list); |
| |
| #if BUILDFLAG(GOOGLE_CHROME_BRANDING) |
| if (installer_state.system_install()) { |
| AddElevationServiceWorkItems( |
| GetElevationServicePath(target_path, new_version), install_list); |
| } |
| #endif // BUILDFLAG(GOOGLE_CHROME_BRANDING |
| |
| AddUpdateDowngradeVersionItem(installer_state.root_key(), current_version, |
| new_version, install_list); |
| |
| AddUpdateBrandCodeWorkItem(installer_state, install_list); |
| |
| // Append the tasks that run after the installation. |
| AppendPostInstallTasks(install_params, install_list); |
| } |
| |
| void AddNativeNotificationWorkItems( |
| HKEY root, |
| const base::FilePath& notification_helper_path, |
| WorkItemList* list) { |
| if (notification_helper_path.empty()) { |
| LOG(DFATAL) << "The path to notification_helper.exe is invalid."; |
| return; |
| } |
| |
| std::wstring toast_activator_reg_path = |
| InstallUtil::GetToastActivatorRegistryPath(); |
| |
| if (toast_activator_reg_path.empty()) { |
| LOG(DFATAL) << "Cannot retrieve the toast activator registry path"; |
| return; |
| } |
| |
| // Delete the old registration before adding in the new key to ensure that the |
| // COM probe/flush below does its job. Delete both 64-bit and 32-bit keys to |
| // handle 32-bit -> 64-bit or 64-bit -> 32-bit migration. |
| list->AddDeleteRegKeyWorkItem(root, toast_activator_reg_path, |
| KEY_WOW64_32KEY); |
| |
| list->AddDeleteRegKeyWorkItem(root, toast_activator_reg_path, |
| KEY_WOW64_64KEY); |
| |
| // Force COM to flush its cache containing the path to the old handler. |
| WorkItem* item = list->AddCallbackWorkItem( |
| base::BindOnce(&ProbeNotificationActivatorCallback, |
| install_static::GetToastActivatorClsid()), |
| base::BindOnce(base::IgnoreResult(&ProbeNotificationActivatorCallback), |
| install_static::GetToastActivatorClsid())); |
| item->set_best_effort(true); |
| |
| std::wstring toast_activator_server_path = |
| toast_activator_reg_path + L"\\LocalServer32"; |
| |
| // Command-line featuring the quoted path to the exe. |
| std::wstring command(1, L'"'); |
| command.append(notification_helper_path.value()).append(1, L'"'); |
| |
| list->AddCreateRegKeyWorkItem(root, toast_activator_server_path, |
| WorkItem::kWow64Default); |
| |
| list->AddSetRegValueWorkItem(root, toast_activator_server_path, |
| WorkItem::kWow64Default, L"", command, true); |
| |
| list->AddSetRegValueWorkItem(root, toast_activator_server_path, |
| WorkItem::kWow64Default, L"ServerExecutable", |
| notification_helper_path.value(), true); |
| } |
| |
| void AddSetMsiMarkerWorkItem(const InstallerState& installer_state, |
| bool set, |
| WorkItemList* work_item_list) { |
| DCHECK(work_item_list); |
| DWORD msi_value = set ? 1 : 0; |
| WorkItem* set_msi_work_item = work_item_list->AddSetRegValueWorkItem( |
| installer_state.root_key(), install_static::GetClientStateKeyPath(), |
| KEY_WOW64_32KEY, google_update::kRegMSIField, msi_value, true); |
| DCHECK(set_msi_work_item); |
| set_msi_work_item->set_best_effort(true); |
| set_msi_work_item->set_log_message("Could not write MSI marker!"); |
| } |
| |
| void AddCleanupDeprecatedPerUserRegistrationsWorkItems(WorkItemList* list) { |
| // This cleanup was added in M49. There are still enough active users on M48 |
| // and earlier today (M55 timeframe) to justify keeping this cleanup in-place. |
| // Remove this when that population stops shrinking. |
| VLOG(1) << "Adding unregistration items for per-user Metro keys."; |
| list->AddDeleteRegKeyWorkItem(HKEY_CURRENT_USER, |
| install_static::GetRegistryPath() + L"\\Metro", |
| KEY_WOW64_32KEY); |
| list->AddDeleteRegKeyWorkItem(HKEY_CURRENT_USER, |
| install_static::GetRegistryPath() + L"\\Metro", |
| KEY_WOW64_64KEY); |
| } |
| |
| void AddActiveSetupWorkItems(const InstallerState& installer_state, |
| const base::Version& new_version, |
| WorkItemList* list) { |
| DCHECK(installer_state.operation() != InstallerState::UNINSTALL); |
| |
| if (!installer_state.system_install()) { |
| VLOG(1) << "No Active Setup processing to do for user-level Chrome"; |
| return; |
| } |
| DCHECK(installer_state.RequiresActiveSetup()); |
| |
| const HKEY root = HKEY_LOCAL_MACHINE; |
| const std::wstring active_setup_path(install_static::GetActiveSetupPath()); |
| |
| VLOG(1) << "Adding registration items for Active Setup."; |
| list->AddCreateRegKeyWorkItem(root, active_setup_path, |
| WorkItem::kWow64Default); |
| list->AddSetRegValueWorkItem(root, active_setup_path, WorkItem::kWow64Default, |
| L"", InstallUtil::GetDisplayName(), true); |
| |
| base::FilePath active_setup_exe( |
| installer_state.GetInstallerDirectory(new_version) |
| .Append(kActiveSetupExe)); |
| base::CommandLine cmd(active_setup_exe); |
| cmd.AppendSwitch(installer::switches::kConfigureUserSettings); |
| cmd.AppendSwitch(installer::switches::kVerboseLogging); |
| cmd.AppendSwitch(installer::switches::kSystemLevel); |
| InstallUtil::AppendModeAndChannelSwitches(&cmd); |
| list->AddSetRegValueWorkItem(root, active_setup_path, WorkItem::kWow64Default, |
| L"StubPath", cmd.GetCommandLineString(), true); |
| |
| // TODO(grt): http://crbug.com/75152 Write a reference to a localized |
| // resource. |
| list->AddSetRegValueWorkItem(root, active_setup_path, WorkItem::kWow64Default, |
| L"Localized Name", InstallUtil::GetDisplayName(), |
| true); |
| |
| list->AddSetRegValueWorkItem(root, active_setup_path, WorkItem::kWow64Default, |
| L"IsInstalled", static_cast<DWORD>(1U), true); |
| |
| list->AddWorkItem(new UpdateActiveSetupVersionWorkItem( |
| active_setup_path, UpdateActiveSetupVersionWorkItem::UPDATE)); |
| } |
| |
| void AppendUninstallCommandLineFlags(const InstallerState& installer_state, |
| base::CommandLine* uninstall_cmd) { |
| DCHECK(uninstall_cmd); |
| |
| uninstall_cmd->AppendSwitch(installer::switches::kUninstall); |
| |
| InstallUtil::AppendModeAndChannelSwitches(uninstall_cmd); |
| if (installer_state.is_msi()) |
| uninstall_cmd->AppendSwitch(installer::switches::kMsi); |
| if (installer_state.system_install()) |
| uninstall_cmd->AppendSwitch(installer::switches::kSystemLevel); |
| if (installer_state.verbose_logging()) |
| uninstall_cmd->AppendSwitch(installer::switches::kVerboseLogging); |
| } |
| |
| void AddOsUpgradeWorkItems(const InstallerState& installer_state, |
| const base::FilePath& setup_path, |
| const base::Version& new_version, |
| WorkItemList* install_list) { |
| const HKEY root_key = installer_state.root_key(); |
| const std::wstring cmd_key(GetCommandKey(kCmdOnOsUpgrade)); |
| |
| if (installer_state.operation() == InstallerState::UNINSTALL) { |
| install_list->AddDeleteRegKeyWorkItem(root_key, cmd_key, KEY_WOW64_32KEY) |
| ->set_log_message("Removing OS upgrade command"); |
| } else { |
| // Register with Google Update to have setup.exe --on-os-upgrade called on |
| // OS upgrade. |
| base::CommandLine cmd_line( |
| installer_state.GetInstallerDirectory(new_version) |
| .Append(setup_path.BaseName())); |
| // Add the main option to indicate OS upgrade flow. |
| cmd_line.AppendSwitch(installer::switches::kOnOsUpgrade); |
| InstallUtil::AppendModeAndChannelSwitches(&cmd_line); |
| if (installer_state.system_install()) |
| cmd_line.AppendSwitch(installer::switches::kSystemLevel); |
| // Log everything for now. |
| cmd_line.AppendSwitch(installer::switches::kVerboseLogging); |
| |
| AppCommand cmd(cmd_line.GetCommandLineString()); |
| cmd.set_is_auto_run_on_os_upgrade(true); |
| cmd.AddWorkItems(installer_state.root_key(), cmd_key, install_list); |
| } |
| } |
| |
| void AddChannelWorkItems(HKEY root, |
| const std::wstring& clients_key, |
| WorkItemList* list) { |
| const auto& install_details = install_static::InstallDetails::Get(); |
| if (install_details.channel_origin() == |
| install_static::ChannelOrigin::kPolicy) { |
| // Use channel_override rather than simply channel so that extended stable |
| // is differentiated from regular. |
| list->AddSetRegValueWorkItem(root, clients_key, KEY_WOW64_32KEY, |
| google_update::kRegChannelField, |
| install_details.channel_override(), |
| /*overwrite=*/true); |
| } else { |
| list->AddDeleteRegValueWorkItem(root, clients_key, KEY_WOW64_32KEY, |
| google_update::kRegChannelField); |
| } |
| } |
| |
| #if BUILDFLAG(USE_GOOGLE_UPDATE_INTEGRATION) |
| void AddChannelSelectionWorkItems(const InstallerState& installer_state, |
| WorkItemList* list) { |
| const auto& install_details = install_static::InstallDetails::Get(); |
| |
| // Nothing to do if the channel wasn't selected via the command line switch. |
| if (install_details.channel_origin() != |
| install_static::ChannelOrigin::kPolicy) { |
| return; |
| } |
| |
| auto item = std::make_unique<ChannelOverrideWorkItem>(); |
| item->set_best_effort(true); |
| list->AddWorkItem(item.release()); |
| } |
| #endif // BUILDFLAG(USE_GOOGLE_UPDATE_INTEGRATION) |
| |
| void AddFinalizeUpdateWorkItems(const base::Version& new_version, |
| const InstallerState& installer_state, |
| const base::FilePath& setup_path, |
| WorkItemList* list) { |
| // Cleanup for breaking downgrade first in the post install to avoid |
| // overwriting any of the following post-install tasks. |
| AddDowngradeCleanupItems(new_version, list); |
| |
| const std::wstring client_state_key = install_static::GetClientStateKeyPath(); |
| |
| // Adds the command that needs to be used in order to cleanup any breaking |
| // changes the installer of this version may have added. |
| list->AddSetRegValueWorkItem( |
| installer_state.root_key(), client_state_key, KEY_WOW64_32KEY, |
| google_update::kRegDowngradeCleanupCommandField, |
| GetDowngradeCleanupCommandWithPlaceholders(setup_path, installer_state), |
| true); |
| |
| // Write the latest installer's breaking version so that future downgrades |
| // know if they need to do a clean install. This isn't done for in-use since |
| // it is done at the the executable's rename. |
| list->AddSetRegValueWorkItem( |
| installer_state.root_key(), client_state_key, KEY_WOW64_32KEY, |
| google_update::kRegCleanInstallRequiredForVersionBelowField, |
| kLastBreakingInstallerVersion, true); |
| } |
| |
| } // namespace installer |