diff options
| author | Paul Crowley <paulcrowley@google.com> | 2018-02-13 17:09:08 -0800 |
|---|---|---|
| committer | Paul Crowley <paulcrowley@google.com> | 2018-02-15 10:23:52 -0800 |
| commit | 959b05553576ffc15da4334a5917ce763611ab82 (patch) | |
| tree | c293ae0483137406d401de6874785466bfac3210 /init/builtins.cpp | |
| parent | 0ce76f910b1794d422f8d45d77a3ee2b95ec3d3e (diff) | |
| download | system_core-959b05553576ffc15da4334a5917ce763611ab82.tar.gz system_core-959b05553576ffc15da4334a5917ce763611ab82.tar.bz2 system_core-959b05553576ffc15da4334a5917ce763611ab82.zip | |
If enablefilecrypto or init_user0 fails, reboot into recovery.
Test: Roll back PLATFORM_SECURITY_PATCH, ensure recovery dialog is seen
Bug: 70487538
Change-Id: Iceb6af3f9d6aea6bc646dbb4b5d29dffcb284736
Diffstat (limited to 'init/builtins.cpp')
| -rw-r--r-- | init/builtins.cpp | 35 |
1 files changed, 24 insertions, 11 deletions
diff --git a/init/builtins.cpp b/init/builtins.cpp index 413d11eb0..0d7762229 100644 --- a/init/builtins.cpp +++ b/init/builtins.cpp @@ -285,11 +285,8 @@ static Result<Success> do_mkdir(const BuiltinArguments& args) { if (e4crypt_is_native()) { if (e4crypt_set_directory_policy(args[1].c_str())) { - const std::vector<std::string> options = { - "--prompt_and_wipe_data", - "--reason=set_policy_failed:"s + args[1]}; - reboot_into_recovery(options); - return Success(); + reboot_into_recovery( + {"--prompt_and_wipe_data", "--reason=set_policy_failed:"s + args[1]}); } } return Success(); @@ -985,6 +982,24 @@ static bool is_file_crypto() { return android::base::GetProperty("ro.crypto.type", "") == "file"; } +static Result<Success> ExecWithRebootOnFailure(const std::string& reboot_reason, + const std::vector<std::string>& args) { + auto service = Service::MakeTemporaryOneshotService(args); + if (!service) { + return Error() << "Could not create exec service"; + } + service->AddReapCallback([reboot_reason](const siginfo_t& siginfo) { + if (siginfo.si_code != CLD_EXITED || siginfo.si_status != 0) { + reboot_into_recovery({"--prompt_and_wipe_data", "--reason="s + reboot_reason}); + } + }); + if (auto result = service->ExecStart(); !result) { + return Error() << "Could not start exec service: " << result.error(); + } + ServiceList::GetInstance().AddService(std::move(service)); + return Success(); +} + static Result<Success> do_installkey(const BuiltinArguments& args) { if (!is_file_crypto()) return Success(); @@ -992,15 +1007,13 @@ static Result<Success> do_installkey(const BuiltinArguments& args) { if (!make_dir(unencrypted_dir, 0700) && errno != EEXIST) { return ErrnoError() << "Failed to create " << unencrypted_dir; } - std::vector<std::string> exec_args = {"exec", "/system/bin/vdc", "--wait", "cryptfs", - "enablefilecrypto"}; - return do_exec({std::move(exec_args), args.context}); + return ExecWithRebootOnFailure("enablefilecrypto_failed", {"exec", "/system/bin/vdc", "--wait", + "cryptfs", "enablefilecrypto"}); } static Result<Success> do_init_user0(const BuiltinArguments& args) { - std::vector<std::string> exec_args = {"exec", "/system/bin/vdc", "--wait", "cryptfs", - "init_user0"}; - return do_exec({std::move(exec_args), args.context}); + return ExecWithRebootOnFailure("init_user0_failed", + {"exec", "/system/bin/vdc", "--wait", "cryptfs", "init_user0"}); } const BuiltinFunctionMap::Map& BuiltinFunctionMap::map() const { |