commit 959b05553576ffc15da4334a5917ce763611ab82
author Paul Crowley <paulcrowley@google.com> Tue Feb 13 17:09:08 2018 -0800
committer Paul Crowley <paulcrowley@google.com> Thu Feb 15 10:23:52 2018 -0800
tree c293ae0483137406d401de6874785466bfac3210
parent 0ce76f910b1794d422f8d45d77a3ee2b95ec3d3e

If enablefilecrypto or init_user0 fails, reboot into recovery.

Test: Roll back PLATFORM_SECURITY_PATCH, ensure recovery dialog is seen
Bug: 70487538
Change-Id: Iceb6af3f9d6aea6bc646dbb4b5d29dffcb284736

init/builtins.cpp

diff --git a/init/builtins.cpp b/init/builtins.cpp
index 413d11e..0d77622 100644
--- a/init/builtins.cpp
+++ b/init/builtins.cpp
@@ -285,11 +285,8 @@
 
     if (e4crypt_is_native()) {
         if (e4crypt_set_directory_policy(args[1].c_str())) {
-            const std::vector<std::string> options = {
-                "--prompt_and_wipe_data",
-                "--reason=set_policy_failed:"s + args[1]};
-            reboot_into_recovery(options);
-            return Success();
+            reboot_into_recovery(
+                {"--prompt_and_wipe_data", "--reason=set_policy_failed:"s + args[1]});
         }
     }
     return Success();
@@ -985,6 +982,24 @@
     return android::base::GetProperty("ro.crypto.type", "") == "file";
 }
 
+static Result<Success> ExecWithRebootOnFailure(const std::string& reboot_reason,
+                                               const std::vector<std::string>& args) {
+    auto service = Service::MakeTemporaryOneshotService(args);
+    if (!service) {
+        return Error() << "Could not create exec service";
+    }
+    service->AddReapCallback([reboot_reason](const siginfo_t& siginfo) {
+        if (siginfo.si_code != CLD_EXITED || siginfo.si_status != 0) {
+            reboot_into_recovery({"--prompt_and_wipe_data", "--reason="s + reboot_reason});
+        }
+    });
+    if (auto result = service->ExecStart(); !result) {
+        return Error() << "Could not start exec service: " << result.error();
+    }
+    ServiceList::GetInstance().AddService(std::move(service));
+    return Success();
+}
+
 static Result<Success> do_installkey(const BuiltinArguments& args) {
     if (!is_file_crypto()) return Success();
 
@@ -992,15 +1007,13 @@
     if (!make_dir(unencrypted_dir, 0700) && errno != EEXIST) {
         return ErrnoError() << "Failed to create " << unencrypted_dir;
     }
-    std::vector<std::string> exec_args = {"exec", "/system/bin/vdc", "--wait", "cryptfs",
-                                          "enablefilecrypto"};
-    return do_exec({std::move(exec_args), args.context});
+    return ExecWithRebootOnFailure("enablefilecrypto_failed", {"exec", "/system/bin/vdc", "--wait",
+                                                               "cryptfs", "enablefilecrypto"});
 }
 
 static Result<Success> do_init_user0(const BuiltinArguments& args) {
-    std::vector<std::string> exec_args = {"exec", "/system/bin/vdc", "--wait", "cryptfs",
-                                          "init_user0"};
-    return do_exec({std::move(exec_args), args.context});
+    return ExecWithRebootOnFailure("init_user0_failed",
+                                   {"exec", "/system/bin/vdc", "--wait", "cryptfs", "init_user0"});
 }
 
 const BuiltinFunctionMap::Map& BuiltinFunctionMap::map() const {