commit e546e8a78bd27c5c730c65bc13a442b25c2a8b1b
author Martijn Coenen <maco@google.com> Wed Jul 28 15:16:36 2021 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Wed Jul 28 15:16:36 2021 +0000
tree f18a20ca302f644b5e1b732260abc049a7a21245
parent 89dfe8190d80c4a134d71dea0bea8112b86955f4
parent 301d13c4ce39390538d2b604b7d72f858a112252

Merge "Don't mark odsign as oneshot." into sc-dev am: 301d13c4ce

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/security/+/15393113

Change-Id: Ic65e1d89fa60d2e4fa9d753f422be8c4c9d82862

ondevice-signing/odsign.rc

diff --git a/ondevice-signing/odsign.rc b/ondevice-signing/odsign.rc
index 044bae7..de09fc0 100644
--- a/ondevice-signing/odsign.rc
+++ b/ondevice-signing/odsign.rc
@@ -2,5 +2,8 @@
     class core
     user root
     group system
-    oneshot
     disabled # does not start with the core class
+
+# Note that odsign is not oneshot, but stopped manually when it exits. This
+# ensures that if odsign crashes during a module update, apexd will detect
+# those crashes and roll back the update.

ondevice-signing/odsign_main.cpp

diff --git a/ondevice-signing/odsign_main.cpp b/ondevice-signing/odsign_main.cpp
index 0991704..c443340 100644
--- a/ondevice-signing/odsign_main.cpp
+++ b/ondevice-signing/odsign_main.cpp
@@ -64,6 +64,8 @@
 static const char* kOdsignVerificationStatusValid = "1";
 static const char* kOdsignVerificationStatusError = "0";
 
+static const char* kStopServiceProp = "ctl.stop";
+
 Result<void> verifyExistingCert(const SigningKey& key) {
     if (access(kSigningKeyCert.c_str(), F_OK) < 0) {
         return ErrnoError() << "Key certificate not found: " << kSigningKeyCert;
@@ -288,8 +290,10 @@
         // Tell init we don't need to use our key anymore
         SetProperty(kOdsignKeyDoneProp, "1");
         // Tell init we're done with verification, and that it was an error
-        SetProperty(kOdsignVerificationDoneProp, "1");
         SetProperty(kOdsignVerificationStatusProp, kOdsignVerificationStatusError);
+        SetProperty(kOdsignVerificationDoneProp, "1");
+        // Tell init it shouldn't try to restart us - see odsign.rc
+        SetProperty(kStopServiceProp, "odsign");
     };
     auto scope_guard = android::base::make_scope_guard(errorScopeGuard);
 
@@ -385,7 +389,10 @@
     // At this point, we're done with the key for sure
     SetProperty(kOdsignKeyDoneProp, "1");
     // And we did a successful verification
-    SetProperty(kOdsignVerificationDoneProp, "1");
     SetProperty(kOdsignVerificationStatusProp, kOdsignVerificationStatusValid);
+    SetProperty(kOdsignVerificationDoneProp, "1");
+
+    // Tell init it shouldn't try to restart us - see odsign.rc
+    SetProperty(kStopServiceProp, "odsign");
     return 0;
 }