Allow devices to pick ext4 as default fs at build time

Products using 16KB kernel may wish to boot into 16KB mode
directly. To do this, these targets would need to use ext4
as their default fs type for /data and /metadata . Add
a build time flag which would install ext4 fstabs.

Test: th
Bug: 339337171
Change-Id: I53de1599bbff583b45ca2bf6d3e3efb83957913e

conf/Android.bp

@@ -14,16 +14,6 @@
  * limitations under the License.
  */
 
-// By default this device uses hardware-wrapped keys for storage encryption,
-// which is intended to offer increased security over the traditional method
-// (software keys).  However, hardware-wrapped keys aren't compatible with
-// FIPS-140 certification of the encryption hardware, and hence we have to
-// disable the use of them in FIPS mode.  This requires having two fstab files:
-// one for the default mode, and one for FIPS mode selectable via
-// androidboot.fstab_suffix on the kernel command line.  These fstabs should be
-// identical with the exception of the encryption settings, so to keep them in
-// sync the rules below generate them from a template file.
-
 package {
     // See: http://go/android-license-faq
     // A large-scale-change added 'default_applicable_licenses' to import
@@ -33,64 +23,7 @@ package {
     default_applicable_licenses: ["device_google_zuma_license"],
 }
 
-genrule {
-    name: "gen_fstab.zuma-hw-encrypt",
-    srcs: [
-        "fstab.zuma.common",
-        "fstab.zuma.f2fs",
-    ],
-    out: ["fstab.zuma"],
-    cmd: "sed -e s/@fileencryption@/fileencryption=:aes-256-hctr2:inlinecrypt_optimized+wrappedkey_v0/" +
-        " -e s/@inlinecrypt@/inlinecrypt/ " +
-        " -e s/@metadata_encryption@/metadata_encryption=:wrappedkey_v0/ $(in) > $(out)",
-}
-
-genrule {
-    name: "gen_fstab.zuma-sw-encrypt",
-    srcs: [
-        "fstab.zuma.common",
-        "fstab.zuma.f2fs",
-    ],
-    out: ["fstab.zuma"],
-    cmd: "sed -e s/@fileencryption@/fileencryption=aes-256-xts:aes-256-hctr2/" +
-        " -e s/@inlinecrypt@// " +
-        " -e s/@metadata_encryption@/metadata_encryption=/ $(in) > $(out)",
-}
-
-genrule {
-    name: "gen_fstab.zuma-no-encrypt",
-    srcs: [
-        "fstab.zuma.common",
-        "fstab.zuma.f2fs",
-    ],
-    out: ["fstab.zuma"],
-    cmd: "sed -e s/@fileencryption@//" +
-        " -e s/@inlinecrypt@// " +
-        " -e s/@metadata_encryption@// $(in) > $(out)",
-}
-
-genrule {
-    name: "gen_fstab.zuma-fips",
-    srcs: [
-        "fstab.zuma.common",
-        "fstab.zuma.f2fs",
-    ],
-    out: ["fstab.zuma-fips"],
-    cmd: "sed -e s/@fileencryption@/fileencryption=aes-256-xts/" +
-        " -e s/@inlinecrypt@/inlinecrypt/ " +
-        " -e s/@metadata_encryption@/metadata_encryption=aes-256-xts/ $(in) > $(out)",
-}
-
-prebuilt_etc {
-    name: "fstab.zuma",
-    src: ":gen_fstab.zuma-hw-encrypt",
-    vendor: true,
-    vendor_ramdisk_available: true,
-}
-
-prebuilt_etc {
-    name: "fstab.zuma-fips",
-    src: ":gen_fstab.zuma-fips",
-    vendor: true,
-    vendor_ramdisk_available: true,
-}
+filegroup {
+    name: "fstab.zuma.common",
+    srcs: ["fstab.zuma.common"],
+}

conf/ext4/Android.bp

@@ -0,0 +1,102 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// By default this device uses hardware-wrapped keys for storage encryption,
+// which is intended to offer increased security over the traditional method
+// (software keys).  However, hardware-wrapped keys aren't compatible with
+// FIPS-140 certification of the encryption hardware, and hence we have to
+// disable the use of them in FIPS mode.  This requires having two fstab files:
+// one for the default mode, and one for FIPS mode selectable via
+// androidboot.fstab_suffix on the kernel command line.  These fstabs should be
+// identical with the exception of the encryption settings, so to keep them in
+// sync the rules below generate them from a template file.
+
+soong_namespace {
+    imports: [
+        "device/google/zuma",
+    ],
+}
+
+package {
+    // See: http://go/android-license-faq
+    // A large-scale-change added 'default_applicable_licenses' to import
+    // all of the 'license_kinds' from "device_google_zuma_license"
+    // to get the below license kinds:
+    //   SPDX-license-identifier-Apache-2.0
+    default_applicable_licenses: ["device_google_zuma_license"],
+}
+
+genrule {
+    name: "gen_fstab.zuma-hw-encrypt",
+    srcs: [
+        ":fstab.zuma.common",
+        "fstab.zuma.ext4",
+    ],
+    out: ["fstab.zuma"],
+    cmd: "sed -e s/@fileencryption@/fileencryption=:aes-256-hctr2:inlinecrypt_optimized+wrappedkey_v0/" +
+        " -e s/@inlinecrypt@/inlinecrypt/ " +
+        " -e s/@metadata_encryption@/metadata_encryption=:wrappedkey_v0/ $(in) > $(out)",
+}
+
+genrule {
+    name: "gen_fstab.zuma-sw-encrypt",
+    srcs: [
+        ":fstab.zuma.common",
+        "fstab.zuma.ext4",
+    ],
+    out: ["fstab.zuma"],
+    cmd: "sed -e s/@fileencryption@/fileencryption=aes-256-xts:aes-256-hctr2/" +
+        " -e s/@inlinecrypt@// " +
+        " -e s/@metadata_encryption@/metadata_encryption=/ $(in) > $(out)",
+}
+
+genrule {
+    name: "gen_fstab.zuma-no-encrypt",
+    srcs: [
+        ":fstab.zuma.common",
+        "fstab.zuma.ext4",
+    ],
+    out: ["fstab.zuma"],
+    cmd: "sed -e s/@fileencryption@//" +
+        " -e s/@inlinecrypt@// " +
+        " -e s/@metadata_encryption@// $(in) > $(out)",
+}
+
+genrule {
+    name: "gen_fstab.zuma-fips",
+    srcs: [
+        ":fstab.zuma.common",
+        "fstab.zuma.ext4",
+    ],
+    out: ["fstab.zuma-fips"],
+    cmd: "sed -e s/@fileencryption@/fileencryption=aes-256-xts/" +
+        " -e s/@inlinecrypt@/inlinecrypt/ " +
+        " -e s/@metadata_encryption@/metadata_encryption=aes-256-xts/ $(in) > $(out)",
+}
+
+prebuilt_etc {
+    name: "fstab.zuma",
+    src: ":gen_fstab.zuma-hw-encrypt",
+    vendor: true,
+    vendor_ramdisk_available: true,
+}
+
+prebuilt_etc {
+    name: "fstab.zuma-fips",
+    src: ":gen_fstab.zuma-fips",
+    vendor: true,
+    vendor_ramdisk_available: true,
+}

conf/ext4/fstab.zuma.ext4

@@ -0,0 +1,10 @@
+# Android fstab file.
+#
+# The filesystem that contains the filesystem checker binary (typically /system) cannot
+# specify MF_CHECK, and must come before any filesystems that do specify MF_CHECK
+#
+#<src>                                                   <mnt_point>                 <type>  <mnt_flags and options>  <fs_mgr_flags>
+/dev/block/platform/13200000.ufs/by-name/userdata        /data                       ext4     noatime,nosuid,nodev,@inlinecrypt@    latemount,wait,check,quota,formattable,reservedsize=128M,readahead_size_kb=128,@fileencryption@,@metadata_encryption@,keydirectory=/metadata/vold/metadata_encryption
+/dev/block/platform/13200000.ufs/by-name/userdata        /data                       f2fs    noatime,nosuid,nodev,discard,reserve_root=32768,resgid=1065,fsync_mode=nobarrier,compress_extension=apk,compress_extension=so,compress_extension=vdex,compress_extension=odex,@inlinecrypt@,atgc,checkpoint_merge,compress_cache    latemount,wait,check,quota,sysfs_path=/dev/sys/block/bootdevice,checkpoint=fs,reservedsize=128M,fscompress,readahead_size_kb=128,@fileencryption@,@metadata_encryption@,keydirectory=/metadata/vold/metadata_encryption,device=zoned:/dev/block/by-name/zoned_device
+/dev/block/platform/13200000.ufs/by-name/metadata        /metadata                   ext4    noatime,nosuid,nodev,data=journal,commit=1    wait,check,formattable,first_stage_mount,metadata_csum
+/dev/block/platform/13200000.ufs/by-name/metadata        /metadata                   f2fs    noatime,nosuid,nodev,sync  wait,check,first_stage_mount

conf/f2fs/Android.bp

@@ -0,0 +1,102 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// By default this device uses hardware-wrapped keys for storage encryption,
+// which is intended to offer increased security over the traditional method
+// (software keys).  However, hardware-wrapped keys aren't compatible with
+// FIPS-140 certification of the encryption hardware, and hence we have to
+// disable the use of them in FIPS mode.  This requires having two fstab files:
+// one for the default mode, and one for FIPS mode selectable via
+// androidboot.fstab_suffix on the kernel command line.  These fstabs should be
+// identical with the exception of the encryption settings, so to keep them in
+// sync the rules below generate them from a template file.
+
+soong_namespace {
+    imports: [
+        "device/google/zuma",
+    ],
+}
+
+package {
+    // See: http://go/android-license-faq
+    // A large-scale-change added 'default_applicable_licenses' to import
+    // all of the 'license_kinds' from "device_google_zuma_license"
+    // to get the below license kinds:
+    //   SPDX-license-identifier-Apache-2.0
+    default_applicable_licenses: ["device_google_zuma_license"],
+}
+
+genrule {
+    name: "gen_fstab.zuma-hw-encrypt",
+    srcs: [
+        ":fstab.zuma.common",
+        "fstab.zuma.f2fs",
+    ],
+    out: ["fstab.zuma"],
+    cmd: "sed -e s/@fileencryption@/fileencryption=:aes-256-hctr2:inlinecrypt_optimized+wrappedkey_v0/" +
+        " -e s/@inlinecrypt@/inlinecrypt/ " +
+        " -e s/@metadata_encryption@/metadata_encryption=:wrappedkey_v0/ $(in) > $(out)",
+}
+
+genrule {
+    name: "gen_fstab.zuma-sw-encrypt",
+    srcs: [
+        ":fstab.zuma.common",
+        "fstab.zuma.f2fs",
+    ],
+    out: ["fstab.zuma"],
+    cmd: "sed -e s/@fileencryption@/fileencryption=aes-256-xts:aes-256-hctr2/" +
+        " -e s/@inlinecrypt@// " +
+        " -e s/@metadata_encryption@/metadata_encryption=/ $(in) > $(out)",
+}
+
+genrule {
+    name: "gen_fstab.zuma-no-encrypt",
+    srcs: [
+        ":fstab.zuma.common",
+        "fstab.zuma.f2fs",
+    ],
+    out: ["fstab.zuma"],
+    cmd: "sed -e s/@fileencryption@//" +
+        " -e s/@inlinecrypt@// " +
+        " -e s/@metadata_encryption@// $(in) > $(out)",
+}
+
+genrule {
+    name: "gen_fstab.zuma-fips",
+    srcs: [
+        ":fstab.zuma.common",
+        "fstab.zuma.f2fs",
+    ],
+    out: ["fstab.zuma-fips"],
+    cmd: "sed -e s/@fileencryption@/fileencryption=aes-256-xts/" +
+        " -e s/@inlinecrypt@/inlinecrypt/ " +
+        " -e s/@metadata_encryption@/metadata_encryption=aes-256-xts/ $(in) > $(out)",
+}
+
+prebuilt_etc {
+    name: "fstab.zuma",
+    src: ":gen_fstab.zuma-hw-encrypt",
+    vendor: true,
+    vendor_ramdisk_available: true,
+}
+
+prebuilt_etc {
+    name: "fstab.zuma-fips",
+    src: ":gen_fstab.zuma-fips",
+    vendor: true,
+    vendor_ramdisk_available: true,
+}

device.mk

@@ -383,6 +383,14 @@ PRODUCT_COPY_FILES += \
 	device/google/zuma/conf/init.recovery.device.rc:$(TARGET_COPY_OUT_RECOVERY)/root/init.recovery.zuma.rc
 
 # Fstab files
+ifeq (ext4,$(TARGET_RW_FILE_SYSTEM_TYPE))
+PRODUCT_SOONG_NAMESPACES += \
+        device/google/zuma/conf/ext4
+else
+PRODUCT_SOONG_NAMESPACES += \
+        device/google/zuma/conf/f2fs
+endif
+
 PRODUCT_PACKAGES += \
 	fstab.zuma \
 	fstab.zuma.vendor_ramdisk \