Merge "fs_mgr: set ext4 fsverity feature bit" am: 2eca761e

#define ZRAM_CONF_MCS   "/sys/block/zram0/max_comp_streams"

#define ZRAM_BACK_DEV   "/sys/block/zram0/backing_dev"

#define SYSFS_EXT4_VERITY "/sys/fs/ext4/features/verity"

#define ARRAY_SIZE(a) (sizeof(a) / sizeof(*(a)))

using android::base::Realpath;

    FS_STAT_TOGGLE_QUOTAS_FAILED = 0x10000,

    FS_STAT_SET_RESERVED_BLOCKS_FAILED = 0x20000,

    FS_STAT_ENABLE_ENCRYPTION_FAILED = 0x40000,

    FS_STAT_ENABLE_VERITY_FAILED = 0x80000,

};

// TODO: switch to inotify()

    }

}

// Enable fs-verity if needed.

static void tune_verity(const std::string& blk_device, const FstabEntry& entry,

                        const struct ext4_super_block* sb, int* fs_stat) {

    bool has_verity = (sb->s_feature_ro_compat & cpu_to_le32(EXT4_FEATURE_RO_COMPAT_VERITY)) != 0;

    bool want_verity = entry.fs_mgr_flags.fs_verity;

    if (has_verity || !want_verity) {

        return;

    }

    std::string verity_support;

    if (!android::base::ReadFileToString(SYSFS_EXT4_VERITY, &verity_support)) {

        LERROR << "Failed to open " << SYSFS_EXT4_VERITY;

        return;

    }

    if (!(android::base::Trim(verity_support) == "supported")) {

        LERROR << "Current ext4 verity not supported by kernel";

        return;

    }

    if (!tune2fs_available()) {

        LERROR << "Unable to enable ext4 verity on " << blk_device

               << " because " TUNE2FS_BIN " is missing";

        return;

    }

    LINFO << "Enabling ext4 verity on " << blk_device;

    const char* argv[] = {TUNE2FS_BIN, "-O", "verity", blk_device.c_str()};

    if (!run_tune2fs(argv, ARRAY_SIZE(argv))) {

        LERROR << "Failed to run " TUNE2FS_BIN " to enable "

               << "ext4 verity on " << blk_device;

        *fs_stat |= FS_STAT_ENABLE_VERITY_FAILED;

    }

}

// Read the primary superblock from an f2fs filesystem.  On failure return

// false.  If it's not an f2fs filesystem, also set FS_STAT_INVALID_MAGIC.

#define F2FS_BLKSIZE 4096

    }

    if (is_extfs(entry.fs_type) &&

        (entry.fs_mgr_flags.reserved_size || entry.fs_mgr_flags.file_encryption)) {

        (entry.fs_mgr_flags.reserved_size || entry.fs_mgr_flags.file_encryption ||

         entry.fs_mgr_flags.fs_verity)) {

        struct ext4_super_block sb;

        if (read_ext4_superblock(blk_device, &sb, &fs_stat)) {

            tune_reserved_size(blk_device, entry, &sb, &fs_stat);

            tune_encrypt(blk_device, entry, &sb, &fs_stat);

            tune_verity(blk_device, entry, &sb, &fs_stat);

        }

    }

        {"zram_loopback_path=", MF_ZRAM_LOOPBACK_PATH},

        {"zram_loopback_size=", MF_ZRAM_LOOPBACK_SIZE},

        {"zram_backing_dev_path=", MF_ZRAM_BACKING_DEV_PATH},

        {"fsverity", MF_FS_VERITY},

        {0, 0},

};

    return fstab->fs_mgr_flags & MF_CHECKPOINT_BLK;

}

int fs_mgr_is_fs_verity(const struct fstab_rec* fstab) {

    return fstab->fs_mgr_flags & MF_FS_VERITY;

}

FstabEntry BuildGsiSystemFstabEntry() {

    FstabEntry system = {

            .blk_device = "system_gsi",

                         0x400000000

#define MF_ZRAM_BACKING_DEV_PATH \

                         0x800000000

#define MF_FS_VERITY  \

                         0x1000000000

// clang-format on

#define DM_BUF_SIZE 4096

int fs_mgr_is_checkpoint_fs(const struct fstab_rec* fstab);

int fs_mgr_is_checkpoint_blk(const struct fstab_rec* fstab);

int fs_mgr_has_sysfs_path(const struct fstab_rec* fstab);

int fs_mgr_is_fs_verity(const struct fstab_rec* fstab);

std::string fs_mgr_get_slot_suffix();

std::set<std::string> fs_mgr_get_boot_devices();

            bool zram_loopback_path : 1;

            bool zram_loopback_size : 1;

            bool zram_backing_dev_path : 1;

            bool fs_verity : 1;

        };

    } fs_mgr_flags;