Mark fs-verity support for ext4 userdata if first_api_level >= R
fs-verity is required for new devices launched with R. This change
remove a manual setup for vendors going forward. The original fs mgr
flag still allows old devices to opt in, which can only to be done
manually because of kernel dependency.
Test: build
Bug: 150034150
Change-Id: I152b63d7889153d41f29677f72074afb1881b65d
Merged-In: I152b63d7889153d41f29677f72074afb1881b65d
diff --git a/fs_mgr/fs_mgr_fstab.cpp b/fs_mgr/fs_mgr_fstab.cpp
index e4bb092..a36934a 100644
--- a/fs_mgr/fs_mgr_fstab.cpp
+++ b/fs_mgr/fs_mgr_fstab.cpp
@@ -30,6 +30,7 @@
#include <android-base/file.h>
#include <android-base/parseint.h>
+#include <android-base/properties.h>
#include <android-base/stringprintf.h>
#include <android-base/strings.h>
#include <libgsi/libgsi.h>
@@ -654,6 +655,21 @@
}
}
+void EnableMandatoryFlags(Fstab* fstab) {
+ // Devices launched in R and after should enable fs_verity on userdata. The flag causes tune2fs
+ // to enable the feature. A better alternative would be to enable on mkfs at the beginning.
+ if (android::base::GetIntProperty("ro.product.first_api_level", 0) >= 30) {
+ std::vector<FstabEntry*> data_entries = GetEntriesForMountPoint(fstab, "/data");
+ for (auto&& entry : data_entries) {
+ // Besides ext4, f2fs is also supported. But the image is already created with verity
+ // turned on when it was first introduced.
+ if (entry->fs_type == "ext4") {
+ entry->fs_mgr_flags.fs_verity = true;
+ }
+ }
+ }
+}
+
bool ReadFstabFromFile(const std::string& path, Fstab* fstab) {
auto fstab_file = std::unique_ptr<FILE, decltype(&fclose)>{fopen(path.c_str(), "re"), fclose};
if (!fstab_file) {
@@ -674,6 +690,7 @@
}
SkipMountingPartitions(fstab);
+ EnableMandatoryFlags(fstab);
return true;
}