Snap for 11847214 from ab17b46c51 to 24Q3-release

Change-Id: Id969f480868fbd9f08ead7b3f9d94798ca9dfa0b

conf/Android.bp

@@ -14,16 +14,6 @@
  * limitations under the License.
  */
 
-// By default this device uses hardware-wrapped keys for storage encryption,
-// which is intended to offer increased security over the traditional method
-// (software keys).  However, hardware-wrapped keys aren't compatible with
-// FIPS-140 certification of the encryption hardware, and hence we have to
-// disable the use of them in FIPS mode.  This requires having two fstab files:
-// one for the default mode, and one for FIPS mode selectable via
-// androidboot.fstab_suffix on the kernel command line.  These fstabs should be
-// identical with the exception of the encryption settings, so to keep them in
-// sync the rules below generate them from a template file.
-
 package {
     // See: http://go/android-license-faq
     // A large-scale-change added 'default_applicable_licenses' to import
@@ -33,52 +23,7 @@ package {
     default_applicable_licenses: ["device_google_zuma_license"],
 }
 
-genrule {
+filegroup {
-    name: "gen_fstab.zuma-hw-encrypt",
+    name: "fstab.zuma.common",
-    srcs: ["fstab.zuma.in"],
+    srcs: ["fstab.zuma.common"],
-    out: ["fstab.zuma"],
-    cmd: "sed -e s/@fileencryption@/fileencryption=:aes-256-hctr2:inlinecrypt_optimized+wrappedkey_v0/" +
-        " -e s/@inlinecrypt@/inlinecrypt/ " +
-        " -e s/@metadata_encryption@/metadata_encryption=:wrappedkey_v0/ $(in) > $(out)",
-}
-
-genrule {
-    name: "gen_fstab.zuma-sw-encrypt",
-    srcs: ["fstab.zuma.in"],
-    out: ["fstab.zuma"],
-    cmd: "sed -e s/@fileencryption@/fileencryption=aes-256-xts:aes-256-hctr2/" +
-        " -e s/@inlinecrypt@// " +
-        " -e s/@metadata_encryption@/metadata_encryption=/ $(in) > $(out)",
-}
-
-genrule {
-    name: "gen_fstab.zuma-no-encrypt",
-    srcs: ["fstab.zuma.in"],
-    out: ["fstab.zuma"],
-    cmd: "sed -e s/@fileencryption@//" +
-        " -e s/@inlinecrypt@// " +
-        " -e s/@metadata_encryption@// $(in) > $(out)",
-}
-
-genrule {
-    name: "gen_fstab.zuma-fips",
-    srcs: ["fstab.zuma.in"],
-    out: ["fstab.zuma-fips"],
-    cmd: "sed -e s/@fileencryption@/fileencryption=aes-256-xts/" +
-        " -e s/@inlinecrypt@/inlinecrypt/ " +
-        " -e s/@metadata_encryption@/metadata_encryption=aes-256-xts/ $(in) > $(out)",
-}
-
-prebuilt_etc {
-    name: "fstab.zuma",
-    src: ":gen_fstab.zuma-hw-encrypt",
-    vendor: true,
-    vendor_ramdisk_available: true,
-}
-
-prebuilt_etc {
-    name: "fstab.zuma-fips",
-    src: ":gen_fstab.zuma-fips",
-    vendor: true,
-    vendor_ramdisk_available: true,
 }

conf/ext4/Android.bp

@@ -0,0 +1,102 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// By default this device uses hardware-wrapped keys for storage encryption,
+// which is intended to offer increased security over the traditional method
+// (software keys).  However, hardware-wrapped keys aren't compatible with
+// FIPS-140 certification of the encryption hardware, and hence we have to
+// disable the use of them in FIPS mode.  This requires having two fstab files:
+// one for the default mode, and one for FIPS mode selectable via
+// androidboot.fstab_suffix on the kernel command line.  These fstabs should be
+// identical with the exception of the encryption settings, so to keep them in
+// sync the rules below generate them from a template file.
+
+soong_namespace {
+    imports: [
+        "device/google/zuma",
+    ],
+}
+
+package {
+    // See: http://go/android-license-faq
+    // A large-scale-change added 'default_applicable_licenses' to import
+    // all of the 'license_kinds' from "device_google_zuma_license"
+    // to get the below license kinds:
+    //   SPDX-license-identifier-Apache-2.0
+    default_applicable_licenses: ["device_google_zuma_license"],
+}
+
+genrule {
+    name: "gen_fstab.zuma-hw-encrypt",
+    srcs: [
+        ":fstab.zuma.common",
+        "fstab.zuma.ext4",
+    ],
+    out: ["fstab.zuma"],
+    cmd: "sed -e s/@fileencryption@/fileencryption=:aes-256-hctr2:inlinecrypt_optimized+wrappedkey_v0/" +
+        " -e s/@inlinecrypt@/inlinecrypt/ " +
+        " -e s/@metadata_encryption@/metadata_encryption=:wrappedkey_v0/ $(in) > $(out)",
+}
+
+genrule {
+    name: "gen_fstab.zuma-sw-encrypt",
+    srcs: [
+        ":fstab.zuma.common",
+        "fstab.zuma.ext4",
+    ],
+    out: ["fstab.zuma"],
+    cmd: "sed -e s/@fileencryption@/fileencryption=aes-256-xts:aes-256-hctr2/" +
+        " -e s/@inlinecrypt@// " +
+        " -e s/@metadata_encryption@/metadata_encryption=/ $(in) > $(out)",
+}
+
+genrule {
+    name: "gen_fstab.zuma-no-encrypt",
+    srcs: [
+        ":fstab.zuma.common",
+        "fstab.zuma.ext4",
+    ],
+    out: ["fstab.zuma"],
+    cmd: "sed -e s/@fileencryption@//" +
+        " -e s/@inlinecrypt@// " +
+        " -e s/@metadata_encryption@// $(in) > $(out)",
+}
+
+genrule {
+    name: "gen_fstab.zuma-fips",
+    srcs: [
+        ":fstab.zuma.common",
+        "fstab.zuma.ext4",
+    ],
+    out: ["fstab.zuma-fips"],
+    cmd: "sed -e s/@fileencryption@/fileencryption=aes-256-xts/" +
+        " -e s/@inlinecrypt@/inlinecrypt/ " +
+        " -e s/@metadata_encryption@/metadata_encryption=aes-256-xts/ $(in) > $(out)",
+}
+
+prebuilt_etc {
+    name: "fstab.zuma",
+    src: ":gen_fstab.zuma-hw-encrypt",
+    vendor: true,
+    vendor_ramdisk_available: true,
+}
+
+prebuilt_etc {
+    name: "fstab.zuma-fips",
+    src: ":gen_fstab.zuma-fips",
+    vendor: true,
+    vendor_ramdisk_available: true,
+}

conf/ext4/fstab.zuma.ext4

@@ -0,0 +1,10 @@
+# Android fstab file.
+#
+# The filesystem that contains the filesystem checker binary (typically /system) cannot
+# specify MF_CHECK, and must come before any filesystems that do specify MF_CHECK
+#
+#<src>                                                   <mnt_point>                 <type>  <mnt_flags and options>  <fs_mgr_flags>
+/dev/block/platform/13200000.ufs/by-name/userdata        /data                       ext4     noatime,nosuid,nodev,@inlinecrypt@    latemount,wait,check,quota,formattable,reservedsize=128M,readahead_size_kb=128,@fileencryption@,@metadata_encryption@,keydirectory=/metadata/vold/metadata_encryption
+/dev/block/platform/13200000.ufs/by-name/userdata        /data                       f2fs    noatime,nosuid,nodev,discard,reserve_root=32768,resgid=1065,fsync_mode=nobarrier,compress_extension=apk,compress_extension=so,compress_extension=vdex,compress_extension=odex,@inlinecrypt@,atgc,checkpoint_merge,compress_cache    latemount,wait,check,quota,sysfs_path=/dev/sys/block/bootdevice,checkpoint=fs,reservedsize=128M,fscompress,readahead_size_kb=128,@fileencryption@,@metadata_encryption@,keydirectory=/metadata/vold/metadata_encryption,device=zoned:/dev/block/by-name/zoned_device
+/dev/block/platform/13200000.ufs/by-name/metadata        /metadata                   ext4    noatime,nosuid,nodev,data=journal,commit=1    wait,check,formattable,first_stage_mount,metadata_csum
+/dev/block/platform/13200000.ufs/by-name/metadata        /metadata                   f2fs    noatime,nosuid,nodev,sync  wait,check,first_stage_mount

conf/f2fs/Android.bp

@@ -0,0 +1,102 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// By default this device uses hardware-wrapped keys for storage encryption,
+// which is intended to offer increased security over the traditional method
+// (software keys).  However, hardware-wrapped keys aren't compatible with
+// FIPS-140 certification of the encryption hardware, and hence we have to
+// disable the use of them in FIPS mode.  This requires having two fstab files:
+// one for the default mode, and one for FIPS mode selectable via
+// androidboot.fstab_suffix on the kernel command line.  These fstabs should be
+// identical with the exception of the encryption settings, so to keep them in
+// sync the rules below generate them from a template file.
+
+soong_namespace {
+    imports: [
+        "device/google/zuma",
+    ],
+}
+
+package {
+    // See: http://go/android-license-faq
+    // A large-scale-change added 'default_applicable_licenses' to import
+    // all of the 'license_kinds' from "device_google_zuma_license"
+    // to get the below license kinds:
+    //   SPDX-license-identifier-Apache-2.0
+    default_applicable_licenses: ["device_google_zuma_license"],
+}
+
+genrule {
+    name: "gen_fstab.zuma-hw-encrypt",
+    srcs: [
+        ":fstab.zuma.common",
+        "fstab.zuma.f2fs",
+    ],
+    out: ["fstab.zuma"],
+    cmd: "sed -e s/@fileencryption@/fileencryption=:aes-256-hctr2:inlinecrypt_optimized+wrappedkey_v0/" +
+        " -e s/@inlinecrypt@/inlinecrypt/ " +
+        " -e s/@metadata_encryption@/metadata_encryption=:wrappedkey_v0/ $(in) > $(out)",
+}
+
+genrule {
+    name: "gen_fstab.zuma-sw-encrypt",
+    srcs: [
+        ":fstab.zuma.common",
+        "fstab.zuma.f2fs",
+    ],
+    out: ["fstab.zuma"],
+    cmd: "sed -e s/@fileencryption@/fileencryption=aes-256-xts:aes-256-hctr2/" +
+        " -e s/@inlinecrypt@// " +
+        " -e s/@metadata_encryption@/metadata_encryption=/ $(in) > $(out)",
+}
+
+genrule {
+    name: "gen_fstab.zuma-no-encrypt",
+    srcs: [
+        ":fstab.zuma.common",
+        "fstab.zuma.f2fs",
+    ],
+    out: ["fstab.zuma"],
+    cmd: "sed -e s/@fileencryption@//" +
+        " -e s/@inlinecrypt@// " +
+        " -e s/@metadata_encryption@// $(in) > $(out)",
+}
+
+genrule {
+    name: "gen_fstab.zuma-fips",
+    srcs: [
+        ":fstab.zuma.common",
+        "fstab.zuma.f2fs",
+    ],
+    out: ["fstab.zuma-fips"],
+    cmd: "sed -e s/@fileencryption@/fileencryption=aes-256-xts/" +
+        " -e s/@inlinecrypt@/inlinecrypt/ " +
+        " -e s/@metadata_encryption@/metadata_encryption=aes-256-xts/ $(in) > $(out)",
+}
+
+prebuilt_etc {
+    name: "fstab.zuma",
+    src: ":gen_fstab.zuma-hw-encrypt",
+    vendor: true,
+    vendor_ramdisk_available: true,
+}
+
+prebuilt_etc {
+    name: "fstab.zuma-fips",
+    src: ":gen_fstab.zuma-fips",
+    vendor: true,
+    vendor_ramdisk_available: true,
+}

conf/f2fs/fstab.zuma.f2fs

@@ -0,0 +1,10 @@
+# Android fstab file.
+#
+# The filesystem that contains the filesystem checker binary (typically /system) cannot
+# specify MF_CHECK, and must come before any filesystems that do specify MF_CHECK
+#
+#<src>                                                   <mnt_point>                 <type>  <mnt_flags and options>  <fs_mgr_flags>
+/dev/block/platform/13200000.ufs/by-name/userdata        /data                       f2fs    noatime,nosuid,nodev,discard,reserve_root=32768,resgid=1065,fsync_mode=nobarrier,compress_extension=apk,compress_extension=so,compress_extension=vdex,compress_extension=odex,@inlinecrypt@,atgc,checkpoint_merge,compress_cache    latemount,wait,check,quota,formattable,sysfs_path=/dev/sys/block/bootdevice,checkpoint=fs,reservedsize=128M,fscompress,readahead_size_kb=128,@fileencryption@,@metadata_encryption@,keydirectory=/metadata/vold/metadata_encryption,device=zoned:/dev/block/by-name/zoned_device
+/dev/block/platform/13200000.ufs/by-name/userdata        /data                       ext4     noatime,nosuid,nodev,@inlinecrypt@    latemount,wait,check,quota,reservedsize=128M,readahead_size_kb=128,@fileencryption@,@metadata_encryption@,keydirectory=/metadata/vold/metadata_encryption
+/dev/block/platform/13200000.ufs/by-name/metadata        /metadata                   f2fs    noatime,nosuid,nodev,sync  wait,check,formattable,first_stage_mount
+/dev/block/platform/13200000.ufs/by-name/metadata        /metadata                   ext4    noatime,nosuid,nodev,data=journal,commit=1    wait,check,first_stage_mount,metadata_csum

conf/fstab.zuma.common

@@ -15,10 +15,6 @@ vendor_dlkm                                              /vendor_dlkm
 /dev/block/platform/13200000.ufs/by-name/boot            /boot                       emmc    defaults                 slotselect,avb=boot,first_stage_mount
 /dev/block/platform/13200000.ufs/by-name/init_boot       /init_boot                  emmc    defaults                 slotselect,avb=init_boot,first_stage_mount
 /dev/block/platform/13200000.ufs/by-name/misc            /misc                       emmc    defaults                 wait
-/dev/block/platform/13200000.ufs/by-name/metadata        /metadata                   f2fs    noatime,nosuid,nodev,sync  wait,check,formattable,first_stage_mount
-/dev/block/platform/13200000.ufs/by-name/metadata        /metadata                   ext4    noatime,nosuid,nodev,data=journal,commit=1    wait,check,first_stage_mount,metadata_csum
 #/dev/block/platform/13200000.ufs/by-name/pvmfw           /pvmfw                      emmc    defaults                 wait,slotselect,avb=pvmfw,first_stage_mount
-/dev/block/platform/13200000.ufs/by-name/userdata        /data                       f2fs    noatime,nosuid,nodev,discard,reserve_root=32768,resgid=1065,fsync_mode=nobarrier,compress_extension=apk,compress_extension=so,compress_extension=vdex,compress_extension=odex,@inlinecrypt@,atgc,checkpoint_merge,compress_cache    latemount,wait,check,quota,formattable,sysfs_path=/dev/sys/block/bootdevice,checkpoint=fs,reservedsize=128M,fscompress,readahead_size_kb=128,@fileencryption@,@metadata_encryption@,keydirectory=/metadata/vold/metadata_encryption,device=zoned:/dev/block/by-name/zoned_device
-/dev/block/platform/13200000.ufs/by-name/userdata        /data                       ext4     noatime,nosuid,nodev,@inlinecrypt@    latemount,wait,check,quota,reservedsize=128M,readahead_size_kb=128,@fileencryption@,@metadata_encryption@,keydirectory=/metadata/vold/metadata_encryption
 /dev/block/platform/13200000.ufs/by-name/vbmeta          /vbmeta                     emmc    defaults                 slotselect,first_stage_mount
 /devices/platform/11210000.usb*                          auto                        vfat    defaults                 voldmanaged=usb:auto

device.mk

@@ -383,6 +383,14 @@ PRODUCT_COPY_FILES += \
 	device/google/zuma/conf/init.recovery.device.rc:$(TARGET_COPY_OUT_RECOVERY)/root/init.recovery.zuma.rc
 
 # Fstab files
+ifeq (ext4,$(TARGET_RW_FILE_SYSTEM_TYPE))
+PRODUCT_SOONG_NAMESPACES += \
+        device/google/zuma/conf/ext4
+else
+PRODUCT_SOONG_NAMESPACES += \
+        device/google/zuma/conf/f2fs
+endif
+
 PRODUCT_PACKAGES += \
 	fstab.zuma \
 	fstab.zuma.vendor_ramdisk \