authfs: expose fsverity digest via xattr Due to the FUSE uapi limitation in the kernel (b/196264590), we can't simply implement the standard fs-verity ioctls with FUSE. Until it's possible, implement getxattr as a non-standard API. Currently, only allow retrieving fsverity digest. In the future, we may need to get signature, but xattr won't be big enough for the Merkle tree. Bug: 161471326 Bug: 196635431 Test: retrieve xattr in compsvc Change-Id: I152284015f1860f19ed60ca632cba141c51b44c4

commit: 71f10033050448c427c2f5654140958f37fcfee0 [log] [tgz]
author: Victor Hsieh <victorhsieh@google.com> Fri Aug 13 11:24:02 2021 -0700
committer: Victor Hsieh <victorhsieh@google.com> Mon Aug 16 15:23:36 2021 +0000
tree: a816731a25ff5e01ecbe390e063f2083ebeb6d1b
parent: fc51f0e2b0a93ebdf264e7683b88b2886fa96252 [diff]
diff --git a/authfs/src/fsverity/editor.rs b/authfs/src/fsverity/editor.rs
index 86ff4d6..f1e7529 100644
--- a/authfs/src/fsverity/editor.rs
+++ b/authfs/src/fsverity/editor.rs

@@ -88,8 +88,12 @@
         Self { file, merkle_tree: Arc::new(RwLock::new(MerkleLeaves::new())) }
     }
 
+    /// Returns the fs-verity digest size in bytes.
+    pub fn get_fsverity_digest_size(&self) -> usize {
+        Sha256Hasher::HASH_SIZE
+    }
+
     /// Calculates the fs-verity digest of the current file.
-    #[allow(dead_code)]
     pub fn calculate_fsverity_digest(&self) -> io::Result<Sha256Hash> {
         let merkle_tree = self.merkle_tree.read().unwrap();
         merkle_tree.calculate_fsverity_digest().map_err(|e| io::Error::new(io::ErrorKind::Other, e))
commit	71f10033050448c427c2f5654140958f37fcfee0	[log] [tgz]
author	Victor Hsieh <victorhsieh@google.com>	Fri Aug 13 11:24:02 2021 -0700
committer	Victor Hsieh <victorhsieh@google.com>	Mon Aug 16 15:23:36 2021 +0000
tree	a816731a25ff5e01ecbe390e063f2083ebeb6d1b
parent	fc51f0e2b0a93ebdf264e7683b88b2886fa96252 [diff]