Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a76bfb2d authored by Tom Cherry's avatar Tom Cherry
Browse files

Simply reboot if the boringssl self test fails 

If this check fails and an OTA or mainline module update has recently
happened, we want to rollback the recent change.  The easiest way to
handle this is to reboot, which will trigger the fallback mechanisms
that are already in place.

Bug: 141082587
Test: device reboots if self test fails
Test: device rolls back a recently applied OTA with failing self test
Test: device rolls back a recently applied conscrypt apex update with
      failing self test
Change-Id: Iff879deff09d347262dc7a2acadb9164a5029d4a
parent 2436e6b1

bootstat/bootstat.cpp

+1 −0
Original line number Diff line number Diff line
@@ -311,6 +311,7 @@ const std::map<std::string, int32_t> kBootReasonMap = { 
    {"shutdown,userrequested,recovery", 182},

    {"reboot,unknown[0-9]*", 183},

    {"reboot,longkey,.*", 184},

    {"reboot,boringssl-self-check-failed", 185},

};



// Converts a string value representing the reason the system booted to an

rootdir/init.rc

+4 −4
Original line number Diff line number Diff line
@@ -68,19 +68,19 @@ on property:apexd.status=ready && property:ro.product.cpu.abilist64=* 


service boringssl_self_test32 /system/bin/boringssl_self_test32

    setenv BORINGSSL_SELF_TEST_CREATE_FLAG true # Any nonempty value counts as true

    reboot_on_failure reboot,bootloader,boringssl-self-check-failed

    reboot_on_failure reboot,boringssl-self-check-failed



service boringssl_self_test64 /system/bin/boringssl_self_test64

    setenv BORINGSSL_SELF_TEST_CREATE_FLAG true # Any nonempty value counts as true

    reboot_on_failure reboot,bootloader,boringssl-self-check-failed

    reboot_on_failure reboot,boringssl-self-check-failed



service boringssl_self_test_apex32 /apex/com.android.conscrypt/bin/boringssl_self_test32

    setenv BORINGSSL_SELF_TEST_CREATE_FLAG true # Any nonempty value counts as true

    reboot_on_failure reboot,bootloader,boringssl-self-check-failed

    reboot_on_failure reboot,boringssl-self-check-failed



service boringssl_self_test_apex64 /apex/com.android.conscrypt/bin/boringssl_self_test64

    setenv BORINGSSL_SELF_TEST_CREATE_FLAG true # Any nonempty value counts as true

    reboot_on_failure reboot,bootloader,boringssl-self-check-failed

    reboot_on_failure reboot,boringssl-self-check-failed



on init

    sysclktz 0