Fix get_status api in COS policy manager

GetStatus was deprecated in Update Engine. This broke the get_status api
in COS Policy Manager. Changing the implementation to use
GetStatusAdvanced api instead.

TEST=presubmit and manually tested on VM
RELEASE_NOTES=Fix get_status api in COS Policy Manager

Change-Id: Ia0d0db2f5552cf528fb0863da1011aa1365a5a34
9 files changed
tree: 75f388af0374e5cad0648c10d5cd442eaf31693b
  1. src/
  2. .gitignore
  6. PRESUBMIT.cfg

Policy Manager for COS(Container-Optimized OS) Image


Policy Manager is the client for the COS control plane. It is responsible for reporting current instance status and fetching device update config.

It is designed to be a system daemon that's started immediately after boot. It sends status update to an update manager, which will respond with the appropriate update config.

Using the update config, it will generate the appropriate update policy blobs to enforce the update strategy set by the user.

How to run

  • Policy Manager must be run with root privileges in order to access update_engine status and control device policy.
  • Run modes:
    • Daemon Mode Continuously reports status and fetches update policy from metadata server.
    • Non-Daemon Mode Prints the current status to stdout.
    • Init Device Policy Mode Initializes the device policy file along with the necessary keys.

What's up with update [policy, strategy, config]?

Part of Policy Manager's features is to allow users to control the OS update behavior of their COS instances.

COS has defined 2 update stategies that users can choose:

  1. All Updates Instances will receive all OS updates.

  2. Critical Updates Only Instances will only receive updates within their major release version. For example, if both 12.1.0 and 13.0.0 are available, an instance running 12.0.0 will only get updated to 12.1.0 if it has this strategy.

The update manager generates update config that is fetched by Policy Manager when it reports its status to the update manager. The config depends on the instance‘s status and the user’s update strategy.

The actual enforcement of the strategies are done by the update policy, which is a Chrome OS feature. An update policy is a protobuf blob that contains the parameters that will be used to fetch updates from Omaha. Policy Manager is responsible for generating the update policy blobs from update config.


  • To build and test Policy Manager, please run FEATURES=test emerge-lakitu spiny


  • Policy Manager relies on the gomock package and mockgen binary from to generate mocks for interfaces.
  • To mock a new interface, add the file containing the interface to
  • Note that the Policy Manager binary can be built without the mocks.
  • Do NOT submit the generated mocks into the repo.


  • To compile protobuf definitions, run ./
  • Do NOT submit the generated protobufs into the repo.