Mark block device as read-only before mounting.

Mounting a block device as read-only still allows the filesystem to
write to the block device, while keeping the user-facing filesystem
interface "read-only". This behavior will make dm-verity to fail after
reboot if any block is modified during postinstall.

This patch marks the block device as read-only before mounting it, and
marks them read-only or read-write before using them during the update.

Bug: 27859604
TEST=Added logging and deployed an update to brillo, devices are marked RO/RW as needed during a delta update.

Change-Id: I781293cc0b3447dac708470ba6efad4103bf2a58
diff --git a/payload_consumer/postinstall_runner_action.cc b/payload_consumer/postinstall_runner_action.cc
index bb9ffe4..fa89857 100644
--- a/payload_consumer/postinstall_runner_action.cc
+++ b/payload_consumer/postinstall_runner_action.cc
@@ -134,6 +134,18 @@
     return CompletePostinstall(ErrorCode::kPostinstallRunnerError);
   }
 
+#ifdef __ANDROID__
+  // In Chromium OS, the postinstall step is allowed to write to the block
+  // device on the target image, so we don't mark it as read-only and should
+  // be read-write since we just wrote to it during the update.
+
+  // Mark the block device as read-only before mounting for post-install.
+  if (!utils::SetBlockDeviceReadOnly(mountable_device, true)) {
+    return CompletePartitionPostinstall(
+        1, "Error marking the device " + mountable_device + " read only.");
+  }
+#endif  // __ANDROID__
+
   if (!utils::MountFilesystem(mountable_device,
                               fs_mount_dir_,
                               MS_RDONLY,