Merge "Don't mark odsign as oneshot." into sc-dev
diff --git a/ondevice-signing/odsign.rc b/ondevice-signing/odsign.rc
index 044bae7..de09fc0 100644
--- a/ondevice-signing/odsign.rc
+++ b/ondevice-signing/odsign.rc
@@ -2,5 +2,8 @@
class core
user root
group system
- oneshot
disabled # does not start with the core class
+
+# Note that odsign is not oneshot, but stopped manually when it exits. This
+# ensures that if odsign crashes during a module update, apexd will detect
+# those crashes and roll back the update.
diff --git a/ondevice-signing/odsign_main.cpp b/ondevice-signing/odsign_main.cpp
index 0991704..c443340 100644
--- a/ondevice-signing/odsign_main.cpp
+++ b/ondevice-signing/odsign_main.cpp
@@ -64,6 +64,8 @@
static const char* kOdsignVerificationStatusValid = "1";
static const char* kOdsignVerificationStatusError = "0";
+static const char* kStopServiceProp = "ctl.stop";
+
Result<void> verifyExistingCert(const SigningKey& key) {
if (access(kSigningKeyCert.c_str(), F_OK) < 0) {
return ErrnoError() << "Key certificate not found: " << kSigningKeyCert;
@@ -288,8 +290,10 @@
// Tell init we don't need to use our key anymore
SetProperty(kOdsignKeyDoneProp, "1");
// Tell init we're done with verification, and that it was an error
- SetProperty(kOdsignVerificationDoneProp, "1");
SetProperty(kOdsignVerificationStatusProp, kOdsignVerificationStatusError);
+ SetProperty(kOdsignVerificationDoneProp, "1");
+ // Tell init it shouldn't try to restart us - see odsign.rc
+ SetProperty(kStopServiceProp, "odsign");
};
auto scope_guard = android::base::make_scope_guard(errorScopeGuard);
@@ -385,7 +389,10 @@
// At this point, we're done with the key for sure
SetProperty(kOdsignKeyDoneProp, "1");
// And we did a successful verification
- SetProperty(kOdsignVerificationDoneProp, "1");
SetProperty(kOdsignVerificationStatusProp, kOdsignVerificationStatusValid);
+ SetProperty(kOdsignVerificationDoneProp, "1");
+
+ // Tell init it shouldn't try to restart us - see odsign.rc
+ SetProperty(kStopServiceProp, "odsign");
return 0;
}