From 98296fcf2a400bd8bea504514b4b39502997e18f Mon Sep 17 00:00:00 2001 From: Victor Hsieh Date: Mon, 24 Feb 2020 16:02:32 -0800 Subject: [PATCH] Mark fs-verity support for ext4 userdata if first_api_level >= R fs-verity is required for new devices launched with R. This change remove a manual setup for vendors going forward. The original fs mgr flag still allows old devices to opt in, which can only to be done manually because of kernel dependency. Test: build Bug: 150034150 Change-Id: I152b63d7889153d41f29677f72074afb1881b65d --- fs_mgr/fs_mgr_fstab.cpp | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/fs_mgr/fs_mgr_fstab.cpp b/fs_mgr/fs_mgr_fstab.cpp index 65f710a33..4ebe0855c 100644 --- a/fs_mgr/fs_mgr_fstab.cpp +++ b/fs_mgr/fs_mgr_fstab.cpp @@ -30,6 +30,7 @@ #include #include +#include #include #include #include @@ -659,6 +660,21 @@ void TransformFstabForDsu(Fstab* fstab, const std::vector& dsu_part } } +void EnableMandatoryFlags(Fstab* fstab) { + // Devices launched in R and after should enable fs_verity on userdata. The flag causes tune2fs + // to enable the feature. A better alternative would be to enable on mkfs at the beginning. + if (android::base::GetIntProperty("ro.product.first_api_level", 0) >= 30) { + std::vector data_entries = GetEntriesForMountPoint(fstab, "/data"); + for (auto&& entry : data_entries) { + // Besides ext4, f2fs is also supported. But the image is already created with verity + // turned on when it was first introduced. + if (entry->fs_type == "ext4") { + entry->fs_mgr_flags.fs_verity = true; + } + } + } +} + bool ReadFstabFromFile(const std::string& path, Fstab* fstab) { auto fstab_file = std::unique_ptr{fopen(path.c_str(), "re"), fclose}; if (!fstab_file) { @@ -679,6 +695,7 @@ bool ReadFstabFromFile(const std::string& path, Fstab* fstab) { } SkipMountingPartitions(fstab); + EnableMandatoryFlags(fstab); return true; }