Flag guard to make fsverity_init a no-op

As early as fsverity_init, the flag can only be static (thus
is_fixed_read_only). It is now a constant/false and will be flipped
during the ramp up at build time.

Bug: 290064770
Test: mma
Test: Inspect the generated code
Change-Id: I4bd1addb996705f6e6b9f75313bf22b9ecd3e11c

fsverity_init/Android.bp

@@ -13,6 +13,7 @@ cc_binary {
         "fsverity_init.cpp",
     ],
     static_libs: [
+        "aconfig_fsverity_init_c_lib",
         "libc++fs",
         "libmini_keyctl_static",
     ],
@@ -23,3 +24,14 @@ cc_binary {
     ],
     cflags: ["-Werror", "-Wall", "-Wextra"],
 }
+
+aconfig_declarations {
+    name: "aconfig_fsverity_init",
+    package: "android.security.flag",
+    srcs: ["flags.aconfig"],
+}
+
+cc_aconfig_library {
+    name: "aconfig_fsverity_init_c_lib",
+    aconfig_declarations: "aconfig_fsverity_init",
+}

fsverity_init/flags.aconfig

@@ -0,0 +1,9 @@
+package: "android.security.flag"
+
+flag {
+    name: "deprecate_fsverity_init"
+    namespace: "hardware_backed_security"
+    description: "Feature flag for deprecate fsverity_init"
+    bug: "290064770"
+    is_fixed_read_only: true
+}

fsverity_init/fsverity_init.cpp

@@ -43,6 +43,7 @@
 #include <android-base/file.h>
 #include <android-base/logging.h>
 #include <android-base/strings.h>
+#include <android_security_flag.h>
 #include <log/log.h>
 #include <mini_keyctl_utils.h>
 
@@ -79,6 +80,13 @@ void LoadKeyFromVerifiedPartitions(key_serial_t keyring_id) {
 }
 
 int main(int argc, const char** argv) {
+    if (android::security::flag::deprecate_fsverity_init()) {
+        // Don't load keys to the built-in fs-verity keyring in kernel. This will make existing
+        // files not readable. We expect to only enable the flag when there are no such files or
+        // when failure is ok (e.g. with a fallback).
+        return 0;
+    }
+
     if (argc < 2) {
         LOG(ERROR) << "Not enough arguments";
         return -1;