fscrypt option parsing depends on ro.product.first_api_level

We'd like to change what the defaults are for fscrypt as we get new
and better things, but we don't want to break old devices. So we
arrange for the behavior to depend on the API version the device
launched with.

In addition, we can now supply a default if any of the three fields
are blank, meaning that clients like get_volume_file_encryption_options
don't have to separately specify defaults.

Right now we use the API level to choose between version 1 and version
2 being default, and as a further guard against anyone using the
deprecated FSCRYPT_POLICY_FLAGS_PAD_4 on new devices.

Bug: 147107322
Test: atest fscrypt
Test: Various Cuttlefish configurations
Change-Id: I43c94c1051c61d2b051355dcd428c44c279a3c75

1 files changed, 8 insertions, 0 deletions

diff --git a/libfscrypt/include/fscrypt/fscrypt.h b/libfscrypt/include/fscrypt/fscrypt.h
index 18fb4fc3..c780c7ce 100644
--- a/libfscrypt/include/fscrypt/fscrypt.h
+++ b/libfscrypt/include/fscrypt/fscrypt.h
@@ -47,10 +47,18 @@ struct EncryptionPolicy {
 
 void BytesToHex(const std::string& bytes, std::string* hex);
 
+unsigned int GetFirstApiLevel();
+
 bool OptionsToString(const EncryptionOptions& options, std::string* options_string);
 
+bool OptionsToStringForApiLevel(unsigned int first_api_level, const EncryptionOptions& options,
+                                std::string* options_string);
+
 bool ParseOptions(const std::string& options_string, EncryptionOptions* options);
 
+bool ParseOptionsForApiLevel(unsigned int first_api_level, const std::string& options_string,
+                             EncryptionOptions* options);
+
 bool EnsurePolicy(const EncryptionPolicy& policy, const std::string& directory);
 
 }  // namespace fscrypt