Set system property if 'updatable' process crashes too frequently

Critical processes currently cause the device to reboot into recovery when they
crash 4 times in 4mins.

We extend this feature to a new 'updatable' class of init services.
If these services crash 4 times in 4mins, instead of rebooting into bootloader,
we set ro.init.updatable_crashing to '1'. apexd and update_verifier will
listen to that property and try to abort and rollback updates, staged apex
modules and new slots respectively.

Test: Tested manually by marking zygote as updatable and killing zygote
frequently, verified that property is set.
Bug: 120598832
Change-Id: I7d47ea1223f7792a834981c729694242ab3f28c9

1 files changed, 10 insertions, 3 deletions

diff --git a/init/service.cpp b/init/service.cpp
index 5aa376450..272809f7c 100644
--- a/init/service.cpp
+++ b/init/service.cpp
@@ -367,12 +367,19 @@ void Service::Reap(const siginfo_t& siginfo) {
         return;
     }
 
-    // If we crash > 4 times in 4 minutes, reboot into bootloader.
+    // If we crash > 4 times in 4 minutes, reboot into bootloader or set crashing property
     boot_clock::time_point now = boot_clock::now();
-    if ((flags_ & SVC_CRITICAL) && !(flags_ & SVC_RESTART)) {
+    if (((flags_ & SVC_CRITICAL) || classnames_.count("updatable")) && !(flags_ & SVC_RESTART)) {
         if (now < time_crashed_ + 4min) {
             if (++crash_count_ > 4) {
-                LOG(FATAL) << "critical process '" << name_ << "' exited 4 times in 4 minutes";
+                if (flags_ & SVC_CRITICAL) {
+                    // Aborts into bootloader
+                    LOG(FATAL) << "critical process '" << name_ << "' exited 4 times in 4 minutes";
+                } else {
+                    LOG(ERROR) << "updatable process '" << name_ << "' exited 4 times in 4 minutes";
+                    // Notifies update_verifier and apexd
+                    property_set("ro.init.updatable_crashing", "1");
+                }
             }
         } else {
             time_crashed_ = now;