Set system property if 'updatable' process crashes too frequently
Critical processes currently cause the device to reboot into recovery when they
crash 4 times in 4mins.
We extend this feature to a new 'updatable' class of init services.
If these services crash 4 times in 4mins, instead of rebooting into bootloader,
we set ro.init.updatable_crashing to '1'. apexd and update_verifier will
listen to that property and try to abort and rollback updates, staged apex
modules and new slots respectively.
Test: Tested manually by marking zygote as updatable and killing zygote
frequently, verified that property is set.
Bug: 120598832
Change-Id: I7d47ea1223f7792a834981c729694242ab3f28c9
diff --git a/init/service.cpp b/init/service.cpp
index 5aa3764..272809f 100644
--- a/init/service.cpp
+++ b/init/service.cpp
@@ -367,12 +367,19 @@
return;
}
- // If we crash > 4 times in 4 minutes, reboot into bootloader.
+ // If we crash > 4 times in 4 minutes, reboot into bootloader or set crashing property
boot_clock::time_point now = boot_clock::now();
- if ((flags_ & SVC_CRITICAL) && !(flags_ & SVC_RESTART)) {
+ if (((flags_ & SVC_CRITICAL) || classnames_.count("updatable")) && !(flags_ & SVC_RESTART)) {
if (now < time_crashed_ + 4min) {
if (++crash_count_ > 4) {
- LOG(FATAL) << "critical process '" << name_ << "' exited 4 times in 4 minutes";
+ if (flags_ & SVC_CRITICAL) {
+ // Aborts into bootloader
+ LOG(FATAL) << "critical process '" << name_ << "' exited 4 times in 4 minutes";
+ } else {
+ LOG(ERROR) << "updatable process '" << name_ << "' exited 4 times in 4 minutes";
+ // Notifies update_verifier and apexd
+ property_set("ro.init.updatable_crashing", "1");
+ }
}
} else {
time_crashed_ = now;