fs_mgr: Don't parse encryption options, just keep string
We now defer parsing encryption options to the fscrypt library. To avoid
adding a dependency, we simply record the options string in the fstab
and defer parsing until it's needed.
Bug: 143307095
Test: cuttlefish still boots
Change-Id: Ied13ea2f731c63b0524aed11db6983a86dab9fa1
diff --git a/fs_mgr/fs_mgr_fstab.cpp b/fs_mgr/fs_mgr_fstab.cpp
index 2ff5243..d216458 100644
--- a/fs_mgr/fs_mgr_fstab.cpp
+++ b/fs_mgr/fs_mgr_fstab.cpp
@@ -99,71 +99,9 @@
return false;
}
-const std::array<const char*, 3> kFileContentsEncryptionMode = {
- "aes-256-xts",
- "adiantum",
- "ice",
-};
-
-const std::array<const char*, 3> kFileNamesEncryptionMode = {
- "aes-256-cts",
- "aes-256-heh",
- "adiantum",
-};
-
void ParseFileEncryption(const std::string& arg, FstabEntry* entry) {
- // The fileencryption flag is followed by an = and 1 to 3 colon-separated fields:
- //
- // 1. Contents encryption mode
- // 2. Filenames encryption mode (defaults to "aes-256-cts" or "adiantum"
- // depending on the contents encryption mode)
- // 3. Encryption policy version (defaults to "v1". Use "v2" on new devices.)
entry->fs_mgr_flags.file_encryption = true;
-
- auto parts = Split(arg, ":");
- if (parts.empty() || parts.size() > 3) {
- LWARNING << "Warning: fileencryption= flag malformed: " << arg;
- return;
- }
-
- // Alias for backwards compatibility.
- if (parts[0] == "software") {
- parts[0] = "aes-256-xts";
- }
-
- if (std::find(kFileContentsEncryptionMode.begin(), kFileContentsEncryptionMode.end(),
- parts[0]) == kFileContentsEncryptionMode.end()) {
- LWARNING << "fileencryption= flag malformed, file contents encryption mode not found: "
- << arg;
- return;
- }
-
- entry->file_contents_mode = parts[0];
-
- if (parts.size() >= 2) {
- if (std::find(kFileNamesEncryptionMode.begin(), kFileNamesEncryptionMode.end(), parts[1]) ==
- kFileNamesEncryptionMode.end()) {
- LWARNING << "fileencryption= flag malformed, file names encryption mode not found: "
- << arg;
- return;
- }
-
- entry->file_names_mode = parts[1];
- } else if (entry->file_contents_mode == "adiantum") {
- entry->file_names_mode = "adiantum";
- } else {
- entry->file_names_mode = "aes-256-cts";
- }
-
- if (parts.size() >= 3) {
- if (!android::base::StartsWith(parts[2], 'v') ||
- !android::base::ParseInt(&parts[2][1], &entry->file_policy_version)) {
- LWARNING << "fileencryption= flag malformed, unknown options: " << arg;
- return;
- }
- } else {
- entry->file_policy_version = 1;
- }
+ entry->encryption_options = arg;
}
bool SetMountFlag(const std::string& flag, FstabEntry* entry) {
@@ -299,9 +237,7 @@
// return it.
entry->fs_mgr_flags.force_fde_or_fbe = true;
entry->key_loc = arg;
- entry->file_contents_mode = "aes-256-xts";
- entry->file_names_mode = "aes-256-cts";
- entry->file_policy_version = 1;
+ entry->encryption_options = "aes-256-xts:aes-256-cts";
} else if (StartsWith(flag, "max_comp_streams=")) {
if (!ParseInt(arg, &entry->max_comp_streams)) {
LWARNING << "Warning: max_comp_streams= flag malformed: " << arg;
diff --git a/fs_mgr/include_fstab/fstab/fstab.h b/fs_mgr/include_fstab/fstab/fstab.h
index 3c517dc..c6a16e3 100644
--- a/fs_mgr/include_fstab/fstab/fstab.h
+++ b/fs_mgr/include_fstab/fstab/fstab.h
@@ -45,9 +45,7 @@
int max_comp_streams = 0;
off64_t zram_size = 0;
off64_t reserved_size = 0;
- std::string file_contents_mode;
- std::string file_names_mode;
- int file_policy_version = 0;
+ std::string encryption_options;
off64_t erase_blk_size = 0;
off64_t logical_blk_size = 0;
std::string sysfs_path;
diff --git a/fs_mgr/tests/fs_mgr_test.cpp b/fs_mgr/tests/fs_mgr_test.cpp
index a7ea817..68764fc 100644
--- a/fs_mgr/tests/fs_mgr_test.cpp
+++ b/fs_mgr/tests/fs_mgr_test.cpp
@@ -420,8 +420,7 @@
EXPECT_EQ(0, entry->max_comp_streams);
EXPECT_EQ(0, entry->zram_size);
EXPECT_EQ(0, entry->reserved_size);
- EXPECT_EQ("", entry->file_contents_mode);
- EXPECT_EQ("", entry->file_names_mode);
+ EXPECT_EQ("", entry->encryption_options);
EXPECT_EQ(0, entry->erase_blk_size);
EXPECT_EQ(0, entry->logical_blk_size);
EXPECT_EQ("", entry->sysfs_path);
@@ -448,8 +447,7 @@
EXPECT_EQ(0, entry->max_comp_streams);
EXPECT_EQ(0, entry->zram_size);
EXPECT_EQ(0, entry->reserved_size);
- EXPECT_EQ("", entry->file_contents_mode);
- EXPECT_EQ("", entry->file_names_mode);
+ EXPECT_EQ("", entry->encryption_options);
EXPECT_EQ(0, entry->erase_blk_size);
EXPECT_EQ(0, entry->logical_blk_size);
EXPECT_EQ("", entry->sysfs_path);
@@ -458,16 +456,14 @@
EXPECT_EQ("", entry->zram_backing_dev_path);
entry++;
- // forcefdeorfbe sets file_contents_mode and file_names_mode by default, so test it separately.
+ // forcefdeorfbe has its own encryption_options defaults, so test it separately.
EXPECT_EQ("none2", entry->mount_point);
{
FstabEntry::FsMgrFlags flags = {};
flags.force_fde_or_fbe = true;
EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
}
- EXPECT_EQ("aes-256-xts", entry->file_contents_mode);
- EXPECT_EQ("aes-256-cts", entry->file_names_mode);
- EXPECT_EQ(1, entry->file_policy_version);
+ EXPECT_EQ("aes-256-xts:aes-256-cts", entry->encryption_options);
EXPECT_EQ("", entry->key_loc);
}
@@ -681,37 +677,21 @@
EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
EXPECT_EQ("/dir/key", entry->key_loc);
- EXPECT_EQ("aes-256-xts", entry->file_contents_mode);
- EXPECT_EQ("aes-256-cts", entry->file_names_mode);
- EXPECT_EQ(1, entry->file_policy_version);
+ EXPECT_EQ("aes-256-xts:aes-256-cts", entry->encryption_options);
}
TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_FileEncryption) {
TemporaryFile tf;
ASSERT_TRUE(tf.fd != -1);
std::string fstab_contents = R"fs(
-source none0 swap defaults fileencryption=blah
-source none1 swap defaults fileencryption=software
-source none2 swap defaults fileencryption=aes-256-xts
-source none3 swap defaults fileencryption=adiantum
-source none4 swap defaults fileencryption=adiantum:aes-256-heh
-source none5 swap defaults fileencryption=ice
-source none6 swap defaults fileencryption=ice:blah
-source none7 swap defaults fileencryption=ice:aes-256-cts
-source none8 swap defaults fileencryption=ice:aes-256-heh
-source none9 swap defaults fileencryption=ice:adiantum
-source none10 swap defaults fileencryption=aes-256-xts:aes-256-cts:v1
-source none11 swap defaults fileencryption=aes-256-xts:aes-256-cts:v2
-source none12 swap defaults fileencryption=aes-256-xts:aes-256-cts:v2:
-source none13 swap defaults fileencryption=aes-256-xts:aes-256-cts:blah
-source none14 swap defaults fileencryption=aes-256-xts:aes-256-cts:vblah
+source none0 swap defaults fileencryption=aes-256-xts:aes-256-cts:v1
)fs";
ASSERT_TRUE(android::base::WriteStringToFile(fstab_contents, tf.path));
Fstab fstab;
EXPECT_TRUE(ReadFstabFromFile(tf.path, &fstab));
- ASSERT_EQ(15U, fstab.size());
+ ASSERT_EQ(1U, fstab.size());
FstabEntry::FsMgrFlags flags = {};
flags.file_encryption = true;
@@ -719,107 +699,7 @@
auto entry = fstab.begin();
EXPECT_EQ("none0", entry->mount_point);
EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
- EXPECT_EQ("", entry->file_contents_mode);
- EXPECT_EQ("", entry->file_names_mode);
- EXPECT_EQ(0, entry->file_policy_version);
-
- entry++;
- EXPECT_EQ("none1", entry->mount_point);
- EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
- EXPECT_EQ("aes-256-xts", entry->file_contents_mode);
- EXPECT_EQ("aes-256-cts", entry->file_names_mode);
- EXPECT_EQ(1, entry->file_policy_version);
-
- entry++;
- EXPECT_EQ("none2", entry->mount_point);
- EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
- EXPECT_EQ("aes-256-xts", entry->file_contents_mode);
- EXPECT_EQ("aes-256-cts", entry->file_names_mode);
- EXPECT_EQ(1, entry->file_policy_version);
-
- entry++;
- EXPECT_EQ("none3", entry->mount_point);
- EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
- EXPECT_EQ("adiantum", entry->file_contents_mode);
- EXPECT_EQ("adiantum", entry->file_names_mode);
- EXPECT_EQ(1, entry->file_policy_version);
-
- entry++;
- EXPECT_EQ("none4", entry->mount_point);
- EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
- EXPECT_EQ("adiantum", entry->file_contents_mode);
- EXPECT_EQ("aes-256-heh", entry->file_names_mode);
- EXPECT_EQ(1, entry->file_policy_version);
-
- entry++;
- EXPECT_EQ("none5", entry->mount_point);
- EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
- EXPECT_EQ("ice", entry->file_contents_mode);
- EXPECT_EQ("aes-256-cts", entry->file_names_mode);
- EXPECT_EQ(1, entry->file_policy_version);
-
- entry++;
- EXPECT_EQ("none6", entry->mount_point);
- EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
- EXPECT_EQ("ice", entry->file_contents_mode);
- EXPECT_EQ("", entry->file_names_mode);
- EXPECT_EQ(0, entry->file_policy_version);
-
- entry++;
- EXPECT_EQ("none7", entry->mount_point);
- EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
- EXPECT_EQ("ice", entry->file_contents_mode);
- EXPECT_EQ("aes-256-cts", entry->file_names_mode);
- EXPECT_EQ(1, entry->file_policy_version);
-
- entry++;
- EXPECT_EQ("none8", entry->mount_point);
- EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
- EXPECT_EQ("ice", entry->file_contents_mode);
- EXPECT_EQ("aes-256-heh", entry->file_names_mode);
- EXPECT_EQ(1, entry->file_policy_version);
-
- entry++;
- EXPECT_EQ("none9", entry->mount_point);
- EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
- EXPECT_EQ("ice", entry->file_contents_mode);
- EXPECT_EQ("adiantum", entry->file_names_mode);
- EXPECT_EQ(1, entry->file_policy_version);
-
- entry++;
- EXPECT_EQ("none10", entry->mount_point);
- EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
- EXPECT_EQ("aes-256-xts", entry->file_contents_mode);
- EXPECT_EQ("aes-256-cts", entry->file_names_mode);
- EXPECT_EQ(1, entry->file_policy_version);
-
- entry++;
- EXPECT_EQ("none11", entry->mount_point);
- EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
- EXPECT_EQ("aes-256-xts", entry->file_contents_mode);
- EXPECT_EQ("aes-256-cts", entry->file_names_mode);
- EXPECT_EQ(2, entry->file_policy_version);
-
- entry++;
- EXPECT_EQ("none12", entry->mount_point);
- EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
- EXPECT_EQ("", entry->file_contents_mode);
- EXPECT_EQ("", entry->file_names_mode);
- EXPECT_EQ(0, entry->file_policy_version);
-
- entry++;
- EXPECT_EQ("none13", entry->mount_point);
- EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
- EXPECT_EQ("aes-256-xts", entry->file_contents_mode);
- EXPECT_EQ("aes-256-cts", entry->file_names_mode);
- EXPECT_EQ(0, entry->file_policy_version);
-
- entry++;
- EXPECT_EQ("none14", entry->mount_point);
- EXPECT_TRUE(CompareFlags(flags, entry->fs_mgr_flags));
- EXPECT_EQ("aes-256-xts", entry->file_contents_mode);
- EXPECT_EQ("aes-256-cts", entry->file_names_mode);
- EXPECT_EQ(0, entry->file_policy_version);
+ EXPECT_EQ("aes-256-xts:aes-256-cts:v1", entry->encryption_options);
}
TEST(fs_mgr, ReadFstabFromFile_FsMgrOptions_MaxCompStreams) {