Merge "Pre-create userdata metadata encryption device." am: eb3182f040

Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1833056

Change-Id: I9d1b60b1bddeade81238cc971d38a5de76f748d5
diff --git a/KeyStorage.cpp b/KeyStorage.cpp
index ebaefa3..50bba56 100644
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp
@@ -383,7 +383,9 @@
                                    const km::AuthorizationSet& keyParams, const KeyBuffer& message,
                                    std::string* ciphertext) {
     km::AuthorizationSet opParams =
-            km::AuthorizationSetBuilder().Authorization(km::TAG_PURPOSE, km::KeyPurpose::ENCRYPT);
+            km::AuthorizationSetBuilder()
+                    .Authorization(km::TAG_ROLLBACK_RESISTANCE)
+                    .Authorization(km::TAG_PURPOSE, km::KeyPurpose::ENCRYPT);
     km::AuthorizationSet outParams;
     auto opHandle = BeginKeystoreOp(keystore, dir, keyParams, opParams, &outParams);
     if (!opHandle) return false;
@@ -412,6 +414,7 @@
     auto bodyAndMac = ciphertext.substr(GCM_NONCE_BYTES);
     auto opParams = km::AuthorizationSetBuilder()
                             .Authorization(km::TAG_NONCE, nonce)
+                            .Authorization(km::TAG_ROLLBACK_RESISTANCE)
                             .Authorization(km::TAG_PURPOSE, km::KeyPurpose::DECRYPT);
     auto opHandle = BeginKeystoreOp(keystore, dir, keyParams, opParams, nullptr);
     if (!opHandle) return false;
diff --git a/TEST_MAPPING b/TEST_MAPPING
index 4f62642..49b2d60 100644
--- a/TEST_MAPPING
+++ b/TEST_MAPPING
@@ -1,9 +1,15 @@
 {
   "presubmit": [
     {
+      "name": "CtsScopedStorageCoreHostTest"
+    },
+    {
       "name": "CtsScopedStorageHostTest"
     },
     {
+      "name": "CtsScopedStorageDeviceOnlyTest"
+    },
+    {
       "name": "AdoptableHostTest"
     }
   ]
diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp
index da57328..cad92f5 100644
--- a/VoldNativeService.cpp
+++ b/VoldNativeService.cpp
@@ -55,6 +55,7 @@
 namespace {
 
 constexpr const char* kDump = "android.permission.DUMP";
+constexpr auto kIncFsReadNoTimeoutMs = 100;
 
 static binder::Status error(const std::string& msg) {
     PLOG(ERROR) << msg;
@@ -989,6 +990,7 @@
 
 binder::Status VoldNativeService::mountIncFs(
         const std::string& backingPath, const std::string& targetDir, int32_t flags,
+        const std::string& sysfsName,
         ::android::os::incremental::IncrementalFileSystemControlParcel* _aidl_return) {
     ENFORCE_SYSTEM_OR_ROOT;
     CHECK_ARGUMENT_PATH(backingPath);
@@ -996,9 +998,11 @@
 
     auto control = incfs::mount(backingPath, targetDir,
                                 {.flags = IncFsMountFlags(flags),
+                                 // Mount with read timeouts.
                                  .defaultReadTimeoutMs = INCFS_DEFAULT_READ_TIMEOUT_MS,
                                  // Mount with read logs disabled.
-                                 .readLogBufferPages = 0});
+                                 .readLogBufferPages = 0,
+                                 .sysfsName = sysfsName.c_str()});
     if (!control) {
         return translate(-errno);
     }
@@ -1007,6 +1011,9 @@
     _aidl_return->cmd.reset(unique_fd(fds[CMD].release()));
     _aidl_return->pendingReads.reset(unique_fd(fds[PENDING_READS].release()));
     _aidl_return->log.reset(unique_fd(fds[LOGS].release()));
+    if (fds[BLOCKS_WRITTEN].ok()) {
+        _aidl_return->blocksWritten.emplace(unique_fd(fds[BLOCKS_WRITTEN].release()));
+    }
     return Ok();
 }
 
@@ -1019,11 +1026,12 @@
 
 binder::Status VoldNativeService::setIncFsMountOptions(
         const ::android::os::incremental::IncrementalFileSystemControlParcel& control,
-        bool enableReadLogs) {
+        bool enableReadLogs, bool enableReadTimeouts, const std::string& sysfsName) {
     ENFORCE_SYSTEM_OR_ROOT;
 
     auto incfsControl =
-            incfs::createControl(control.cmd.get(), control.pendingReads.get(), control.log.get());
+            incfs::createControl(control.cmd.get(), control.pendingReads.get(), control.log.get(),
+                                 control.blocksWritten ? control.blocksWritten->get() : -1);
     auto cleanupFunc = [](auto incfsControl) {
         for (auto& fd : incfsControl->releaseFds()) {
             (void)fd.release();
@@ -1033,8 +1041,10 @@
             std::unique_ptr<incfs::Control, decltype(cleanupFunc)>(&incfsControl, cleanupFunc);
     if (auto error = incfs::setOptions(
                 incfsControl,
-                {.defaultReadTimeoutMs = INCFS_DEFAULT_READ_TIMEOUT_MS,
-                 .readLogBufferPages = enableReadLogs ? INCFS_DEFAULT_PAGE_READ_BUFFER_PAGES : 0});
+                {.defaultReadTimeoutMs =
+                         enableReadTimeouts ? INCFS_DEFAULT_READ_TIMEOUT_MS : kIncFsReadNoTimeoutMs,
+                 .readLogBufferPages = enableReadLogs ? INCFS_DEFAULT_PAGE_READ_BUFFER_PAGES : 0,
+                 .sysfsName = sysfsName.c_str()});
         error < 0) {
         return binder::Status::fromServiceSpecificError(error);
     }
diff --git a/VoldNativeService.h b/VoldNativeService.h
index 33d0f3a..5fa04f5 100644
--- a/VoldNativeService.h
+++ b/VoldNativeService.h
@@ -162,11 +162,12 @@
     binder::Status incFsEnabled(bool* _aidl_return) override;
     binder::Status mountIncFs(
             const std::string& backingPath, const std::string& targetDir, int32_t flags,
+            const std::string& sysfsName,
             ::android::os::incremental::IncrementalFileSystemControlParcel* _aidl_return) override;
     binder::Status unmountIncFs(const std::string& dir) override;
     binder::Status setIncFsMountOptions(
             const ::android::os::incremental::IncrementalFileSystemControlParcel& control,
-            bool enableReadLogs) override;
+            bool enableReadLogs, bool enableReadTimeouts, const std::string& sysfsName) override;
     binder::Status bindMount(const std::string& sourceDir, const std::string& targetDir) override;
 
     binder::Status destroyDsuMetadataKey(const std::string& dsuSlot) override;
diff --git a/binder/android/os/IVold.aidl b/binder/android/os/IVold.aidl
index 62685e5..606f473 100644
--- a/binder/android/os/IVold.aidl
+++ b/binder/android/os/IVold.aidl
@@ -140,9 +140,9 @@
     FileDescriptor openAppFuseFile(int uid, int mountId, int fileId, int flags);
 
     boolean incFsEnabled();
-    IncrementalFileSystemControlParcel mountIncFs(@utf8InCpp String backingPath, @utf8InCpp String targetDir, int flags);
+    IncrementalFileSystemControlParcel mountIncFs(@utf8InCpp String backingPath, @utf8InCpp String targetDir, int flags, @utf8InCpp String sysfsName);
     void unmountIncFs(@utf8InCpp String dir);
-    void setIncFsMountOptions(in IncrementalFileSystemControlParcel control, boolean enableReadLogs);
+    void setIncFsMountOptions(in IncrementalFileSystemControlParcel control, boolean enableReadLogs, boolean enableReadTimeouts, @utf8InCpp String sysfsName);
     void bindMount(@utf8InCpp String sourceDir, @utf8InCpp String targetDir);
 
     void destroyDsuMetadataKey(@utf8InCpp String dsuSlot);