vold: only allow emmc_optimized on eMMC storage am: 006eed8e3a am: 65aa48c810

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/vold/+/12098822

Change-Id: I8c417d6e1a66f987717624afbea64608c65e7980
diff --git a/FsCrypt.cpp b/FsCrypt.cpp
index 4d5cd33..e21524a 100644
--- a/FsCrypt.cpp
+++ b/FsCrypt.cpp
@@ -52,6 +52,7 @@
 
 #include <fscrypt/fscrypt.h>
 #include <keyutils.h>
+#include <libdm/dm.h>
 
 #include <android-base/file.h>
 #include <android-base/logging.h>
@@ -60,6 +61,9 @@
 #include <android-base/strings.h>
 #include <android-base/unique_fd.h>
 
+using android::base::Basename;
+using android::base::Realpath;
+using android::base::StartsWith;
 using android::base::StringPrintf;
 using android::fs_mgr::GetEntryForMountPoint;
 using android::vold::BuildDataPath;
@@ -73,6 +77,7 @@
 using android::vold::SetQuotaProjectId;
 using android::vold::writeStringToFile;
 using namespace android::fscrypt;
+using namespace android::dm;
 
 namespace {
 
@@ -203,6 +208,26 @@
     return false;
 }
 
+static bool IsEmmcStorage(const std::string& blk_device) {
+    // Handle symlinks.
+    std::string real_path;
+    if (!Realpath(blk_device, &real_path)) {
+        real_path = blk_device;
+    }
+
+    // Handle logical volumes.
+    auto& dm = DeviceMapper::Instance();
+    for (;;) {
+        auto parent = dm.GetParentBlockDeviceByPath(real_path);
+        if (!parent.has_value()) break;
+        real_path = *parent;
+    }
+
+    // Now we should have the "real" block device.
+    LOG(DEBUG) << "IsEmmcStorage(): blk_device = " << blk_device << ", real_path=" << real_path;
+    return StartsWith(Basename(real_path), "mmcblk");
+}
+
 // Retrieve the options to use for encryption policies on the /data filesystem.
 static bool get_data_file_encryption_options(EncryptionOptions* options) {
     auto entry = GetEntryForMountPoint(&fstab_default, DATA_MNT_POINT);
@@ -215,6 +240,12 @@
                    << entry->encryption_options;
         return false;
     }
+    if ((options->flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32) &&
+        !IsEmmcStorage(entry->blk_device)) {
+        LOG(ERROR) << "The emmc_optimized encryption flag is only allowed on eMMC storage.  Remove "
+                      "this flag from the device's fstab";
+        return false;
+    }
     return true;
 }
 
@@ -248,6 +279,11 @@
         LOG(ERROR) << "Unable to parse volume encryption options: " << options_string;
         return false;
     }
+    if (options->flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32) {
+        LOG(ERROR) << "The emmc_optimized encryption flag is only allowed on eMMC storage.  Remove "
+                      "this flag from ro.crypto.volume.options";
+        return false;
+    }
     return true;
 }