commit 0da66a553772a194f704877e5c4c59d42d6bbd2b
author Victor Hsieh <victorhsieh@google.com> Mon Oct 16 16:15:59 2023 -0700
committer Victor Hsieh <victorhsieh@google.com> Tue Oct 17 10:54:28 2023 -0700
tree 34e3ae1afeb9b2a5f16878f3f921e2258c7ed5e5
parent b6d1dfbe0b83dfdca36adbb0bafd8db8258bea9d

Flag guard to make fsverity_init a no-op

As early as fsverity_init, the flag can only be static (thus
is_fixed_read_only). It is now a constant/false and will be flipped
during the ramp up at build time.

Bug: 290064770
Test: mma
Test: Inspect the generated code
Change-Id: I4bd1addb996705f6e6b9f75313bf22b9ecd3e11c

fsverity_init/Android.bp

diff --git a/fsverity_init/Android.bp b/fsverity_init/Android.bp
index 07eaf6a..d9bff3b 100644
--- a/fsverity_init/Android.bp
+++ b/fsverity_init/Android.bp
@@ -13,6 +13,7 @@
         "fsverity_init.cpp",
     ],
     static_libs: [
+        "aconfig_fsverity_init_c_lib",
         "libc++fs",
         "libmini_keyctl_static",
     ],
@@ -23,3 +24,14 @@
     ],
     cflags: ["-Werror", "-Wall", "-Wextra"],
 }
+
+aconfig_declarations {
+    name: "aconfig_fsverity_init",
+    package: "android.security.flag",
+    srcs: ["flags.aconfig"],
+}
+
+cc_aconfig_library {
+    name: "aconfig_fsverity_init_c_lib",
+    aconfig_declarations: "aconfig_fsverity_init",
+}

fsverity_init/flags.aconfig

diff --git a/fsverity_init/flags.aconfig b/fsverity_init/flags.aconfig
new file mode 100644
index 0000000..20640d7
--- /dev/null
+++ b/fsverity_init/flags.aconfig
@@ -0,0 +1,9 @@
+package: "android.security.flag"
+
+flag {
+    name: "deprecate_fsverity_init"
+    namespace: "hardware_backed_security"
+    description: "Feature flag for deprecate fsverity_init"
+    bug: "290064770"
+    is_fixed_read_only: true
+}

fsverity_init/fsverity_init.cpp

diff --git a/fsverity_init/fsverity_init.cpp b/fsverity_init/fsverity_init.cpp
index 797118d..717beeb 100644
--- a/fsverity_init/fsverity_init.cpp
+++ b/fsverity_init/fsverity_init.cpp
@@ -43,6 +43,7 @@
 #include <android-base/file.h>
 #include <android-base/logging.h>
 #include <android-base/strings.h>
+#include <android_security_flag.h>
 #include <log/log.h>
 #include <mini_keyctl_utils.h>
 
@@ -79,6 +80,13 @@
 }
 
 int main(int argc, const char** argv) {
+    if (android::security::flag::deprecate_fsverity_init()) {
+        // Don't load keys to the built-in fs-verity keyring in kernel. This will make existing
+        // files not readable. We expect to only enable the flag when there are no such files or
+        // when failure is ok (e.g. with a fallback).
+        return 0;
+    }
+
     if (argc < 2) {
         LOG(ERROR) << "Not enough arguments";
         return -1;