Policy Manager is the client for the COS control plane. It is responsible for reporting current instance status and fetching device update config.
It is designed to be a system daemon that's started immediately after boot. It sends status update to an update manager, which will respond with the appropriate update config.
Using the update config, it will generate the appropriate update policy blobs to enforce the update strategy set by the user.
Part of Policy Manager's features is to allow users to control the OS update behavior of their COS instances.
COS has defined 2 update stategies that users can choose:
All Updates Instances will receive all OS updates.
Critical Updates Only Instances will only receive updates within their major release version. For example, if both 12.1.0 and 13.0.0 are available, an instance running 12.0.0 will only get updated to 12.1.0 if it has this strategy.
The update manager generates update config that is fetched by Policy Manager when it reports its status to the update manager. The config depends on the instance‘s status and the user’s update strategy.
The actual enforcement of the strategies are done by the update policy, which is a Chrome OS feature. An update policy is a protobuf blob that contains the parameters that will be used to fetch updates from Omaha. Policy Manager is responsible for generating the update policy blobs from update config.
FEATURES=test emerge-lakitu policymanager