fs_mgr: differentiate if fs_mgr_set_verity() was skipped or disabled

In case of non-secure builds (eng variant) fs_mgr_setup_verity() skips
verity checks regardless of fstab options. This is slightly different
than 'adb disable-verity' where it would first read the verity metadata
to check if verity is disabled.

So, this change adds a new return value of FS_MGR_SETUP_VERITY_SKIPPED
instead of piggy backing on the FS_MGR_SETUP_VERITY_DISABLED.

Bug: 62864413
Test: Boot sailfish

Change-Id: I42bf2bdce0ecb18b4c3b568e2bc96bf1590dfb35
Signed-off-by: Sandeep Patil <sspatil@google.com>

fs_mgr/fs_mgr.cpp

@@ -847,7 +847,9 @@ int fs_mgr_mount_all(struct fstab *fstab, int mount_mode)
             }
         } else if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && is_device_secure()) {
             int rc = fs_mgr_setup_verity(&fstab->recs[i], true);
-            if (__android_log_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) {
+            if (__android_log_is_debuggable() &&
+                    (rc == FS_MGR_SETUP_VERITY_DISABLED ||
+                     rc == FS_MGR_SETUP_VERITY_SKIPPED)) {
                 LINFO << "Verity disabled";
             } else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) {
                 LERROR << "Could not set up verified partition, skipping!";
@@ -1061,7 +1063,9 @@ int fs_mgr_do_mount(struct fstab *fstab, const char *n_name, char *n_blk_device,
             }
         } else if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && is_device_secure()) {
             int rc = fs_mgr_setup_verity(&fstab->recs[i], true);
-            if (__android_log_is_debuggable() && rc == FS_MGR_SETUP_VERITY_DISABLED) {
+            if (__android_log_is_debuggable() &&
+                    (rc == FS_MGR_SETUP_VERITY_DISABLED ||
+                     rc == FS_MGR_SETUP_VERITY_SKIPPED)) {
                 LINFO << "Verity disabled";
             } else if (rc != FS_MGR_SETUP_VERITY_SUCCESS) {
                 LERROR << "Could not set up verified partition, skipping!";

fs_mgr/fs_mgr_verity.cpp

@@ -766,7 +766,7 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab, bool wait_for_verity_dev)
     // setup is needed at all.
     if (!is_device_secure()) {
         LINFO << "Verity setup skipped for " << mount_point;
-        return FS_MGR_SETUP_VERITY_SUCCESS;
+        return FS_MGR_SETUP_VERITY_SKIPPED;
     }
 
     if (fec_open(&f, fstab->blk_device, O_RDONLY, FEC_VERITY_DISABLE,

fs_mgr/include/fs_mgr.h

@@ -140,6 +140,7 @@ int fs_mgr_swapon_all(struct fstab *fstab);
 
 int fs_mgr_do_format(struct fstab_rec *fstab, bool reserve_footer);
 
+#define FS_MGR_SETUP_VERITY_SKIPPED  (-3)
 #define FS_MGR_SETUP_VERITY_DISABLED (-2)
 #define FS_MGR_SETUP_VERITY_FAIL (-1)
 #define FS_MGR_SETUP_VERITY_SUCCESS 0

init/init_first_stage.cpp

@@ -286,13 +286,17 @@ bool FirstStageMountVBootV1::GetRequiredDevices() {
 bool FirstStageMountVBootV1::SetUpDmVerity(fstab_rec* fstab_rec) {
     if (fs_mgr_is_verified(fstab_rec)) {
         int ret = fs_mgr_setup_verity(fstab_rec, false /* wait_for_verity_dev */);
-        if (ret == FS_MGR_SETUP_VERITY_DISABLED) {
-            LOG(INFO) << "Verity disabled for '" << fstab_rec->mount_point << "'";
-        } else if (ret == FS_MGR_SETUP_VERITY_SUCCESS) {
+        switch (ret) {
+        case FS_MGR_SETUP_VERITY_SKIPPED:
+        case FS_MGR_SETUP_VERITY_DISABLED:
+            LOG(INFO) << "Verity disabled/skipped for '" << fstab_rec->mount_point << "'";
+            break;
+        case FS_MGR_SETUP_VERITY_SUCCESS:
             // The exact block device name (fstab_rec->blk_device) is changed to "/dev/block/dm-XX".
             // Needs to create it because ueventd isn't started in init first stage.
             InitVerityDevice(fstab_rec->blk_device);
-        } else {
+            break;
+        default:
             return false;
         }
     }