update_manager/chromeos_policy.cc - chromiumos/platform/update_engine - Git at Google

 // Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "update_engine/update_manager/chromeos_policy.h"

 #include <algorithm>
 #include <set>
 #include <string>

 #include <base/logging.h>
 #include <base/time/time.h>

 #include "update_engine/update_manager/device_policy_provider.h"
 #include "update_engine/update_manager/policy_utils.h"
 #include "update_engine/update_manager/shill_provider.h"

 using base::Time;
 using base::TimeDelta;
 using std::min;
 using std::set;
 using std::string;

 namespace chromeos_update_manager {

 EvalStatus ChromeOSPolicy::UpdateCheckAllowed(
     EvaluationContext* ec, State* state, string* error,
     UpdateCheckParams* result) const {
   Time next_update_check;
   if (NextUpdateCheckTime(ec, state, error, &next_update_check) !=
       EvalStatus::kSucceeded) {
     return EvalStatus::kFailed;
   }

   if (!ec->IsTimeGreaterThan(next_update_check))
     return EvalStatus::kAskMeAgainLater;

   // It is time to check for an update.
   result->updates_enabled = true;
   return EvalStatus::kSucceeded;
 }

 EvalStatus ChromeOSPolicy::UpdateCanStart(
     EvaluationContext* ec,
     State* state,
     string* error,
     UpdateCanStartResult* result,
     const bool interactive,
     const UpdateState& update_state) const {
   // Set the default return values.
   result->update_can_start = true;
   result->http_allowed = true;
   result->p2p_allowed = false;
   result->target_channel.clear();
   result->cannot_start_reason = UpdateCannotStartReason::kUndefined;
   result->scatter_wait_period = kZeroInterval;
   result->scatter_check_threshold = 0;

   // Make sure that we're not due for an update check.
   UpdateCheckParams check_result;
   EvalStatus check_status = UpdateCheckAllowed(ec, state, error, &check_result);
   if (check_status == EvalStatus::kFailed)
     return EvalStatus::kFailed;
   if (check_status == EvalStatus::kSucceeded &&
       check_result.updates_enabled == true) {
     result->update_can_start = false;
     result->cannot_start_reason = UpdateCannotStartReason::kCheckDue;
     return EvalStatus::kSucceeded;
   }

   DevicePolicyProvider* const dp_provider = state->device_policy_provider();
   SystemProvider* const system_provider = state->system_provider();

   const bool* device_policy_is_loaded_p = ec->GetValue(
       dp_provider->var_device_policy_is_loaded());
   if (device_policy_is_loaded_p && *device_policy_is_loaded_p) {
     // Ensure that update is enabled.
     const bool* update_disabled_p = ec->GetValue(
         dp_provider->var_update_disabled());
     if (update_disabled_p && *update_disabled_p) {
       result->update_can_start = false;
       result->cannot_start_reason = UpdateCannotStartReason::kDisabledByPolicy;
       return EvalStatus::kAskMeAgainLater;
     }

     // Check whether scattering applies to this update attempt. We should not be
     // scattering if this is an interactive update check, or if OOBE is enabled
     // but not completed.
     //
     // Note: current code further suppresses scattering if a "deadline"
     // attribute is found in the Omaha response. However, it appears that the
     // presence of this attribute is merely indicative of an OOBE update, during
     // which we suppress scattering anyway.
     bool scattering_applies = false;
     if (!interactive) {
       const bool* is_oobe_enabled_p = ec->GetValue(
           state->config_provider()->var_is_oobe_enabled());
       if (is_oobe_enabled_p && !(*is_oobe_enabled_p)) {
         scattering_applies = true;
       } else {
         const bool* is_oobe_complete_p = ec->GetValue(
             system_provider->var_is_oobe_complete());
         scattering_applies = (is_oobe_complete_p && *is_oobe_complete_p);
       }
     }

     // Compute scattering values.
     if (scattering_applies) {
       UpdateScatteringResult scatter_result;
       EvalStatus scattering_status = UpdateScattering(
           ec, state, error, &scatter_result, update_state);
       if (scattering_status != EvalStatus::kSucceeded ||
           scatter_result.is_scattering) {
         if (scattering_status != EvalStatus::kFailed) {
           result->update_can_start = false;
           result->cannot_start_reason = UpdateCannotStartReason::kScattering;
           result->scatter_wait_period = scatter_result.wait_period;
           result->scatter_check_threshold = scatter_result.check_threshold;
         }
         return scattering_status;
       }
     }

     // Determine whether HTTP downloads are forbidden by policy. This only
     // applies to official system builds; otherwise, HTTP is always enabled.
     const bool* is_official_build_p = ec->GetValue(
         system_provider->var_is_official_build());
     if (is_official_build_p && *is_official_build_p) {
       const bool* policy_http_downloads_enabled_p = ec->GetValue(
           dp_provider->var_http_downloads_enabled());
       result->http_allowed =
           !policy_http_downloads_enabled_p || *policy_http_downloads_enabled_p;
     }

     // Determine whether use of P2P is allowed by policy.
     const bool* policy_au_p2p_enabled_p = ec->GetValue(
         dp_provider->var_au_p2p_enabled());
     result->p2p_allowed = policy_au_p2p_enabled_p && *policy_au_p2p_enabled_p;

     // Determine whether a target channel is dictated by policy.
     const bool* release_channel_delegated_p = ec->GetValue(
         dp_provider->var_release_channel_delegated());
     if (release_channel_delegated_p && !(*release_channel_delegated_p)) {
       const string* release_channel_p = ec->GetValue(
           dp_provider->var_release_channel());
       if (release_channel_p)
         result->target_channel = *release_channel_p;
     }
   }

   // Enable P2P, if so mandated by the updater configuration.
   if (!result->p2p_allowed) {
     const bool* updater_p2p_enabled_p = ec->GetValue(
         state->updater_provider()->var_p2p_enabled());
     result->p2p_allowed = updater_p2p_enabled_p && *updater_p2p_enabled_p;
   }

   return EvalStatus::kSucceeded;
 }

 EvalStatus ChromeOSPolicy::NextUpdateCheckTime(EvaluationContext* ec,
                                                State* state, string* error,
                                                Time* next_update_check) const {
   // Don't check for updates too often. We limit the update checks to once every
   // some interval. The interval is kTimeoutInitialInterval the first time and
   // kTimeoutPeriodicInterval for the subsequent update checks. If the update
   // check fails, we increase the interval between the update checks
   // exponentially until kTimeoutMaxBackoffInterval. Finally, to avoid having
   // many chromebooks running update checks at the exact same time, we add some
   // fuzz to the interval.
   const Time* updater_started_time =
       ec->GetValue(state->updater_provider()->var_updater_started_time());
   POLICY_CHECK_VALUE_AND_FAIL(updater_started_time, error);

   const base::Time* last_checked_time =
       ec->GetValue(state->updater_provider()->var_last_checked_time());

   const uint64_t* seed = ec->GetValue(state->random_provider()->var_seed());
   POLICY_CHECK_VALUE_AND_FAIL(seed, error);

   PRNG prng(*seed);

   if (!last_checked_time || *last_checked_time < *updater_started_time) {
     // First attempt.
     *next_update_check = *updater_started_time + FuzzedInterval(
         &prng, kTimeoutInitialInterval, kTimeoutRegularFuzz);
     return EvalStatus::kSucceeded;
   }
   // Check for previous failed attempts to implement the exponential backoff.
   const unsigned int* consecutive_failed_update_checks = ec->GetValue(
       state->updater_provider()->var_consecutive_failed_update_checks());
   POLICY_CHECK_VALUE_AND_FAIL(consecutive_failed_update_checks, error);

   int interval = kTimeoutInitialInterval;
   for (unsigned int i = 0; i < *consecutive_failed_update_checks; ++i) {
     interval *= 2;
     if (interval > kTimeoutMaxBackoffInterval) {
       interval = kTimeoutMaxBackoffInterval;
       break;
     }
   }

   *next_update_check = *last_checked_time + FuzzedInterval(
       &prng, interval, kTimeoutRegularFuzz);
   return EvalStatus::kSucceeded;
 }

 TimeDelta ChromeOSPolicy::FuzzedInterval(PRNG* prng, int interval, int fuzz) {
   DCHECK_GE(interval, 0);
   DCHECK_GE(fuzz, 0);
   int half_fuzz = fuzz / 2;
   // This guarantees the output interval is non negative.
   int interval_min = std::max(interval - half_fuzz, 0);
   int interval_max = interval + half_fuzz;
   return TimeDelta::FromSeconds(prng->RandMinMax(interval_min, interval_max));
 }

 EvalStatus ChromeOSPolicy::UpdateScattering(
     EvaluationContext* ec,
     State* state,
     string* error,
     UpdateScatteringResult* result,
     const UpdateState& update_state) const {
   // Preconditions. These stem from the postconditions and usage contract.
   DCHECK(update_state.scatter_wait_period >= kZeroInterval);
   DCHECK_GE(update_state.scatter_check_threshold, 0);

   // Set default result values.
   result->is_scattering = false;
   result->wait_period = kZeroInterval;
   result->check_threshold = 0;

   DevicePolicyProvider* const dp_provider = state->device_policy_provider();

   // Ensure that a device policy is loaded.
   const bool* device_policy_is_loaded_p = ec->GetValue(
       dp_provider->var_device_policy_is_loaded());
   if (!(device_policy_is_loaded_p && *device_policy_is_loaded_p))
     return EvalStatus::kSucceeded;

   // Is scattering enabled by policy?
   const TimeDelta* scatter_factor_p = ec->GetValue(
       dp_provider->var_scatter_factor());
   if (!scatter_factor_p || *scatter_factor_p == kZeroInterval)
     return EvalStatus::kSucceeded;

   // Obtain a pseudo-random number generator.
   const uint64_t* seed = ec->GetValue(state->random_provider()->var_seed());
   POLICY_CHECK_VALUE_AND_FAIL(seed, error);
   PRNG prng(*seed);

   // Step 1: Maintain the scattering wait period.
   //
   // If no wait period was previously determined, or it no longer fits in the
   // scatter factor, then generate a new one. Otherwise, keep the one we have.
   TimeDelta wait_period = update_state.scatter_wait_period;
   if (wait_period == kZeroInterval || wait_period > *scatter_factor_p) {
     wait_period = TimeDelta::FromSeconds(
         prng.RandMinMax(1, scatter_factor_p->InSeconds()));
   }

   // If we surpass the wait period or the max scatter period associated with
   // the update, then no wait is needed.
   Time wait_expires = (update_state.first_seen +
                        min(wait_period, update_state.scatter_wait_period_max));
   if (ec->IsTimeGreaterThan(wait_expires))
     wait_period = kZeroInterval;

   // Step 2: Maintain the update check threshold count.
   //
   // If an update check threshold is not specified then generate a new
   // one.
   int check_threshold = update_state.scatter_check_threshold;
   if (check_threshold == 0) {
     check_threshold = prng.RandMinMax(
         update_state.scatter_check_threshold_min,
         update_state.scatter_check_threshold_max);
   }

   // If the update check threshold is not within allowed range then nullify it.
   // TODO(garnold) This is compliant with current logic found in
   // OmahaRequestAction::IsUpdateCheckCountBasedWaitingSatisfied(). We may want
   // to change it so that it behaves similarly to the wait period case, namely
   // if the current value exceeds the maximum, we set a new one within range.
   if (check_threshold > update_state.scatter_check_threshold_max)
     check_threshold = 0;

   // If the update check threshold is non-zero and satisfied, then nullify it.
   if (check_threshold > 0 && update_state.num_checks >= check_threshold)
     check_threshold = 0;

   bool is_scattering = (wait_period != kZeroInterval || check_threshold);
   EvalStatus ret = EvalStatus::kSucceeded;
   if (is_scattering && wait_period == update_state.scatter_wait_period &&
       check_threshold == update_state.scatter_check_threshold)
     ret = EvalStatus::kAskMeAgainLater;
   result->is_scattering = is_scattering;
   result->wait_period = wait_period;
   result->check_threshold = check_threshold;
   return ret;
 }

 // TODO(garnold) Logic in this method is based on
 // ConnectionManager::IsUpdateAllowedOver(); be sure to deprecate the latter.
 //
 // TODO(garnold) The current logic generally treats the list of allowed
 // connections coming from the device policy as a whitelist, meaning that it
 // can only be used for enabling connections, but not disable them. Further,
 // certain connection types (like Bluetooth) cannot be enabled even by policy.
 // In effect, the only thing that device policy can change is to enable
 // updates over a cellular network (disabled by default). We may want to
 // revisit this semantics, allowing greater flexibility in defining specific
 // permissions over all types of networks.
 EvalStatus ChromeOSPolicy::UpdateCurrentConnectionAllowed(
     EvaluationContext* ec,
     State* state,
     string* error,
     bool* result) const {
   // Get the current connection type.
   ShillProvider* const shill_provider = state->shill_provider();
   const ConnectionType* conn_type_p = ec->GetValue(
       shill_provider->var_conn_type());
   POLICY_CHECK_VALUE_AND_FAIL(conn_type_p, error);
   ConnectionType conn_type = *conn_type_p;

   // If we're tethering, treat it as a cellular connection.
   if (conn_type != ConnectionType::kCellular) {
     const ConnectionTethering* conn_tethering_p = ec->GetValue(
         shill_provider->var_conn_tethering());
     POLICY_CHECK_VALUE_AND_FAIL(conn_tethering_p, error);
     if (*conn_tethering_p == ConnectionTethering::kConfirmed)
       conn_type = ConnectionType::kCellular;
   }

   // By default, we allow updates for all connection types, with exceptions as
   // noted below. This also determines whether a device policy can override the
   // default.
   *result = true;
   bool device_policy_can_override = false;
   switch (conn_type) {
     case ConnectionType::kBluetooth:
       *result = false;
       break;

     case ConnectionType::kCellular:
       *result = false;
       device_policy_can_override = true;
       break;

     case ConnectionType::kUnknown:
       if (error)
         *error = "Unknown connection type";
       return EvalStatus::kFailed;

     default:
       break;  // Nothing to do.
   }

   // If update is allowed, we're done.
   if (*result)
     return EvalStatus::kSucceeded;

   // Check whether the device policy specifically allows this connection.
   bool user_settings_can_override = false;
   if (device_policy_can_override) {
     DevicePolicyProvider* const dp_provider = state->device_policy_provider();
     const bool* device_policy_is_loaded_p = ec->GetValue(
         dp_provider->var_device_policy_is_loaded());
     if (device_policy_is_loaded_p && *device_policy_is_loaded_p) {
       const set<ConnectionType>* allowed_conn_types_p = ec->GetValue(
           dp_provider->var_allowed_connection_types_for_update());
       if (allowed_conn_types_p) {
         if (allowed_conn_types_p->count(conn_type)) {
           *result = true;
           return EvalStatus::kSucceeded;
         }
       } else {
         user_settings_can_override = true;
       }
     }
   }

   // Local user settings can allow updates iff a policy was loaded but no
   // allowed connections were specified in it. In all other cases, we either
   // stick with the default or use the values determined by the policy.
   if (user_settings_can_override) {
     const bool* update_over_cellular_allowed_p = ec->GetValue(
         state->updater_provider()->var_cellular_enabled());
     if (update_over_cellular_allowed_p && *update_over_cellular_allowed_p)
       *result = true;
   }

   return EvalStatus::kSucceeded;
 }

 }  // namespace chromeos_update_manager
	// Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "update_engine/update_manager/chromeos_policy.h"

	#include <algorithm>
	#include <set>
	#include <string>

	#include <base/logging.h>
	#include <base/time/time.h>

	#include "update_engine/update_manager/device_policy_provider.h"
	#include "update_engine/update_manager/policy_utils.h"
	#include "update_engine/update_manager/shill_provider.h"

	using base::Time;
	using base::TimeDelta;
	using std::min;
	using std::set;
	using std::string;

	namespace chromeos_update_manager {

	EvalStatus ChromeOSPolicy::UpdateCheckAllowed(
	EvaluationContext* ec, State* state, string* error,
	UpdateCheckParams* result) const {
	Time next_update_check;
	if (NextUpdateCheckTime(ec, state, error, &next_update_check) !=
	EvalStatus::kSucceeded) {
	return EvalStatus::kFailed;
	}

	if (!ec->IsTimeGreaterThan(next_update_check))
	return EvalStatus::kAskMeAgainLater;

	// It is time to check for an update.
	result->updates_enabled = true;
	return EvalStatus::kSucceeded;
	}

	EvalStatus ChromeOSPolicy::UpdateCanStart(
	EvaluationContext* ec,
	State* state,
	string* error,
	UpdateCanStartResult* result,
	const bool interactive,
	const UpdateState& update_state) const {
	// Set the default return values.
	result->update_can_start = true;
	result->http_allowed = true;
	result->p2p_allowed = false;
	result->target_channel.clear();
	result->cannot_start_reason = UpdateCannotStartReason::kUndefined;
	result->scatter_wait_period = kZeroInterval;
	result->scatter_check_threshold = 0;

	// Make sure that we're not due for an update check.
	UpdateCheckParams check_result;
	EvalStatus check_status = UpdateCheckAllowed(ec, state, error, &check_result);
	if (check_status == EvalStatus::kFailed)
	return EvalStatus::kFailed;
	if (check_status == EvalStatus::kSucceeded &&
	check_result.updates_enabled == true) {
	result->update_can_start = false;
	result->cannot_start_reason = UpdateCannotStartReason::kCheckDue;
	return EvalStatus::kSucceeded;
	}

	DevicePolicyProvider* const dp_provider = state->device_policy_provider();
	SystemProvider* const system_provider = state->system_provider();

	const bool* device_policy_is_loaded_p = ec->GetValue(
	dp_provider->var_device_policy_is_loaded());
	if (device_policy_is_loaded_p && *device_policy_is_loaded_p) {
	// Ensure that update is enabled.
	const bool* update_disabled_p = ec->GetValue(
	dp_provider->var_update_disabled());
	if (update_disabled_p && *update_disabled_p) {
	result->update_can_start = false;
	result->cannot_start_reason = UpdateCannotStartReason::kDisabledByPolicy;
	return EvalStatus::kAskMeAgainLater;
	}

	// Check whether scattering applies to this update attempt. We should not be
	// scattering if this is an interactive update check, or if OOBE is enabled
	// but not completed.
	//
	// Note: current code further suppresses scattering if a "deadline"
	// attribute is found in the Omaha response. However, it appears that the
	// presence of this attribute is merely indicative of an OOBE update, during
	// which we suppress scattering anyway.
	bool scattering_applies = false;
	if (!interactive) {
	const bool* is_oobe_enabled_p = ec->GetValue(
	state->config_provider()->var_is_oobe_enabled());
	if (is_oobe_enabled_p && !(*is_oobe_enabled_p)) {
	scattering_applies = true;
	} else {
	const bool* is_oobe_complete_p = ec->GetValue(
	system_provider->var_is_oobe_complete());
	scattering_applies = (is_oobe_complete_p && *is_oobe_complete_p);
	}
	}

	// Compute scattering values.
	if (scattering_applies) {
	UpdateScatteringResult scatter_result;
	EvalStatus scattering_status = UpdateScattering(
	ec, state, error, &scatter_result, update_state);
	if (scattering_status != EvalStatus::kSucceeded \|\|
	scatter_result.is_scattering) {
	if (scattering_status != EvalStatus::kFailed) {
	result->update_can_start = false;
	result->cannot_start_reason = UpdateCannotStartReason::kScattering;
	result->scatter_wait_period = scatter_result.wait_period;
	result->scatter_check_threshold = scatter_result.check_threshold;
	}
	return scattering_status;
	}
	}

	// Determine whether HTTP downloads are forbidden by policy. This only
	// applies to official system builds; otherwise, HTTP is always enabled.
	const bool* is_official_build_p = ec->GetValue(
	system_provider->var_is_official_build());
	if (is_official_build_p && *is_official_build_p) {
	const bool* policy_http_downloads_enabled_p = ec->GetValue(
	dp_provider->var_http_downloads_enabled());
	result->http_allowed =
	!policy_http_downloads_enabled_p \|\| *policy_http_downloads_enabled_p;
	}

	// Determine whether use of P2P is allowed by policy.
	const bool* policy_au_p2p_enabled_p = ec->GetValue(
	dp_provider->var_au_p2p_enabled());
	result->p2p_allowed = policy_au_p2p_enabled_p && *policy_au_p2p_enabled_p;

	// Determine whether a target channel is dictated by policy.
	const bool* release_channel_delegated_p = ec->GetValue(
	dp_provider->var_release_channel_delegated());
	if (release_channel_delegated_p && !(*release_channel_delegated_p)) {
	const string* release_channel_p = ec->GetValue(
	dp_provider->var_release_channel());
	if (release_channel_p)
	result->target_channel = *release_channel_p;
	}
	}

	// Enable P2P, if so mandated by the updater configuration.
	if (!result->p2p_allowed) {
	const bool* updater_p2p_enabled_p = ec->GetValue(
	state->updater_provider()->var_p2p_enabled());
	result->p2p_allowed = updater_p2p_enabled_p && *updater_p2p_enabled_p;
	}

	return EvalStatus::kSucceeded;
	}

	EvalStatus ChromeOSPolicy::NextUpdateCheckTime(EvaluationContext* ec,
	State* state, string* error,
	Time* next_update_check) const {
	// Don't check for updates too often. We limit the update checks to once every
	// some interval. The interval is kTimeoutInitialInterval the first time and
	// kTimeoutPeriodicInterval for the subsequent update checks. If the update
	// check fails, we increase the interval between the update checks
	// exponentially until kTimeoutMaxBackoffInterval. Finally, to avoid having
	// many chromebooks running update checks at the exact same time, we add some
	// fuzz to the interval.
	const Time* updater_started_time =
	ec->GetValue(state->updater_provider()->var_updater_started_time());
	POLICY_CHECK_VALUE_AND_FAIL(updater_started_time, error);

	const base::Time* last_checked_time =
	ec->GetValue(state->updater_provider()->var_last_checked_time());

	const uint64_t* seed = ec->GetValue(state->random_provider()->var_seed());
	POLICY_CHECK_VALUE_AND_FAIL(seed, error);

	PRNG prng(*seed);

	if (!last_checked_time \|\| last_checked_time < updater_started_time) {
	// First attempt.
	next_update_check = updater_started_time + FuzzedInterval(
	&prng, kTimeoutInitialInterval, kTimeoutRegularFuzz);
	return EvalStatus::kSucceeded;
	}
	// Check for previous failed attempts to implement the exponential backoff.
	const unsigned int* consecutive_failed_update_checks = ec->GetValue(
	state->updater_provider()->var_consecutive_failed_update_checks());
	POLICY_CHECK_VALUE_AND_FAIL(consecutive_failed_update_checks, error);

	int interval = kTimeoutInitialInterval;
	for (unsigned int i = 0; i < *consecutive_failed_update_checks; ++i) {
	interval *= 2;
	if (interval > kTimeoutMaxBackoffInterval) {
	interval = kTimeoutMaxBackoffInterval;
	break;
	}
	}

	next_update_check = last_checked_time + FuzzedInterval(
	&prng, interval, kTimeoutRegularFuzz);
	return EvalStatus::kSucceeded;
	}

	TimeDelta ChromeOSPolicy::FuzzedInterval(PRNG* prng, int interval, int fuzz) {
	DCHECK_GE(interval, 0);
	DCHECK_GE(fuzz, 0);
	int half_fuzz = fuzz / 2;
	// This guarantees the output interval is non negative.
	int interval_min = std::max(interval - half_fuzz, 0);
	int interval_max = interval + half_fuzz;
	return TimeDelta::FromSeconds(prng->RandMinMax(interval_min, interval_max));
	}

	EvalStatus ChromeOSPolicy::UpdateScattering(
	EvaluationContext* ec,
	State* state,
	string* error,
	UpdateScatteringResult* result,
	const UpdateState& update_state) const {
	// Preconditions. These stem from the postconditions and usage contract.
	DCHECK(update_state.scatter_wait_period >= kZeroInterval);
	DCHECK_GE(update_state.scatter_check_threshold, 0);

	// Set default result values.
	result->is_scattering = false;
	result->wait_period = kZeroInterval;
	result->check_threshold = 0;

	DevicePolicyProvider* const dp_provider = state->device_policy_provider();

	// Ensure that a device policy is loaded.
	const bool* device_policy_is_loaded_p = ec->GetValue(
	dp_provider->var_device_policy_is_loaded());
	if (!(device_policy_is_loaded_p && *device_policy_is_loaded_p))
	return EvalStatus::kSucceeded;

	// Is scattering enabled by policy?
	const TimeDelta* scatter_factor_p = ec->GetValue(
	dp_provider->var_scatter_factor());
	if (!scatter_factor_p \|\| *scatter_factor_p == kZeroInterval)
	return EvalStatus::kSucceeded;

	// Obtain a pseudo-random number generator.
	const uint64_t* seed = ec->GetValue(state->random_provider()->var_seed());
	POLICY_CHECK_VALUE_AND_FAIL(seed, error);
	PRNG prng(*seed);

	// Step 1: Maintain the scattering wait period.
	//
	// If no wait period was previously determined, or it no longer fits in the
	// scatter factor, then generate a new one. Otherwise, keep the one we have.
	TimeDelta wait_period = update_state.scatter_wait_period;
	if (wait_period == kZeroInterval \|\| wait_period > *scatter_factor_p) {
	wait_period = TimeDelta::FromSeconds(
	prng.RandMinMax(1, scatter_factor_p->InSeconds()));
	}

	// If we surpass the wait period or the max scatter period associated with
	// the update, then no wait is needed.
	Time wait_expires = (update_state.first_seen +
	min(wait_period, update_state.scatter_wait_period_max));
	if (ec->IsTimeGreaterThan(wait_expires))
	wait_period = kZeroInterval;

	// Step 2: Maintain the update check threshold count.
	//
	// If an update check threshold is not specified then generate a new
	// one.
	int check_threshold = update_state.scatter_check_threshold;
	if (check_threshold == 0) {
	check_threshold = prng.RandMinMax(
	update_state.scatter_check_threshold_min,
	update_state.scatter_check_threshold_max);
	}

	// If the update check threshold is not within allowed range then nullify it.
	// TODO(garnold) This is compliant with current logic found in
	// OmahaRequestAction::IsUpdateCheckCountBasedWaitingSatisfied(). We may want
	// to change it so that it behaves similarly to the wait period case, namely
	// if the current value exceeds the maximum, we set a new one within range.
	if (check_threshold > update_state.scatter_check_threshold_max)
	check_threshold = 0;

	// If the update check threshold is non-zero and satisfied, then nullify it.
	if (check_threshold > 0 && update_state.num_checks >= check_threshold)
	check_threshold = 0;

	bool is_scattering = (wait_period != kZeroInterval \|\| check_threshold);
	EvalStatus ret = EvalStatus::kSucceeded;
	if (is_scattering && wait_period == update_state.scatter_wait_period &&
	check_threshold == update_state.scatter_check_threshold)
	ret = EvalStatus::kAskMeAgainLater;
	result->is_scattering = is_scattering;
	result->wait_period = wait_period;
	result->check_threshold = check_threshold;
	return ret;
	}

	// TODO(garnold) Logic in this method is based on
	// ConnectionManager::IsUpdateAllowedOver(); be sure to deprecate the latter.
	//
	// TODO(garnold) The current logic generally treats the list of allowed
	// connections coming from the device policy as a whitelist, meaning that it
	// can only be used for enabling connections, but not disable them. Further,
	// certain connection types (like Bluetooth) cannot be enabled even by policy.
	// In effect, the only thing that device policy can change is to enable
	// updates over a cellular network (disabled by default). We may want to
	// revisit this semantics, allowing greater flexibility in defining specific
	// permissions over all types of networks.
	EvalStatus ChromeOSPolicy::UpdateCurrentConnectionAllowed(
	EvaluationContext* ec,
	State* state,
	string* error,
	bool* result) const {
	// Get the current connection type.
	ShillProvider* const shill_provider = state->shill_provider();
	const ConnectionType* conn_type_p = ec->GetValue(
	shill_provider->var_conn_type());
	POLICY_CHECK_VALUE_AND_FAIL(conn_type_p, error);
	ConnectionType conn_type = *conn_type_p;

	// If we're tethering, treat it as a cellular connection.
	if (conn_type != ConnectionType::kCellular) {
	const ConnectionTethering* conn_tethering_p = ec->GetValue(
	shill_provider->var_conn_tethering());
	POLICY_CHECK_VALUE_AND_FAIL(conn_tethering_p, error);
	if (*conn_tethering_p == ConnectionTethering::kConfirmed)
	conn_type = ConnectionType::kCellular;
	}

	// By default, we allow updates for all connection types, with exceptions as
	// noted below. This also determines whether a device policy can override the
	// default.
	*result = true;
	bool device_policy_can_override = false;
	switch (conn_type) {
	case ConnectionType::kBluetooth:
	*result = false;
	break;

	case ConnectionType::kCellular:
	*result = false;
	device_policy_can_override = true;
	break;

	case ConnectionType::kUnknown:
	if (error)
	*error = "Unknown connection type";
	return EvalStatus::kFailed;

	default:
	break; // Nothing to do.
	}

	// If update is allowed, we're done.
	if (*result)
	return EvalStatus::kSucceeded;

	// Check whether the device policy specifically allows this connection.
	bool user_settings_can_override = false;
	if (device_policy_can_override) {
	DevicePolicyProvider* const dp_provider = state->device_policy_provider();
	const bool* device_policy_is_loaded_p = ec->GetValue(
	dp_provider->var_device_policy_is_loaded());
	if (device_policy_is_loaded_p && *device_policy_is_loaded_p) {
	const set<ConnectionType>* allowed_conn_types_p = ec->GetValue(
	dp_provider->var_allowed_connection_types_for_update());
	if (allowed_conn_types_p) {
	if (allowed_conn_types_p->count(conn_type)) {
	*result = true;
	return EvalStatus::kSucceeded;
	}
	} else {
	user_settings_can_override = true;
	}
	}
	}

	// Local user settings can allow updates iff a policy was loaded but no
	// allowed connections were specified in it. In all other cases, we either
	// stick with the default or use the values determined by the policy.
	if (user_settings_can_override) {
	const bool* update_over_cellular_allowed_p = ec->GetValue(
	state->updater_provider()->var_cellular_enabled());
	if (update_over_cellular_allowed_p && *update_over_cellular_allowed_p)
	*result = true;
	}

	return EvalStatus::kSucceeded;
	}

	} // namespace chromeos_update_manager