Disable verification for fully installed apps

When the overload of IncFsFileMap::Create that allows verification
enable status to be specified is used, only enable verification if the
the APK is actually incrementally installed.

Also creates a new IncFsFileMap::CreateForceVerification to force
verification on or off for testing/benchmarks.

Bug: 187220960
Test: atest ResourcesHardeningTest
Test: atest hardening-benchmark
Change-Id: I8e1a53cf3b57e61c4de3de62c967435875d7e58b

3 files changed, 35 insertions, 14 deletions

diff --git a/incfs/tests/hardening_benchmark.cpp b/incfs/tests/hardening_benchmark.cpp
index 298198b..8e4f047 100644
--- a/incfs/tests/hardening_benchmark.cpp
+++ b/incfs/tests/hardening_benchmark.cpp
@@ -73,7 +73,7 @@ BENCHMARK(TestRead);
 static void TestMapPtrRaw(benchmark::State& state) {
     auto tmp = makeFile();
     android::incfs::IncFsFileMap map;
-    map.Create(tmp->fd, 0, 1, tmp->path, true);
+    map.CreateForceVerification(tmp->fd, 0, 1, tmp->path, true);
     int val = 0;
     const uint8_t* prev_block = nullptr;
     for (auto _ : state) {
@@ -87,7 +87,7 @@ BENCHMARK(TestMapPtrRaw);
 static void TestMapPtr(benchmark::State& state) {
     auto tmp = makeFile();
     android::incfs::IncFsFileMap map;
-    map.Create(tmp->fd, 0, 1, tmp->path, true);
+    map.CreateForceVerification(tmp->fd, 0, 1, tmp->path, true);
     int val = 0;
     for (auto _ : state) {
         val += map.data<char>().verify();
diff --git a/incfs/util/include/util/map_ptr.h b/incfs/util/include/util/map_ptr.h
index d1bfb40..304540f 100644
--- a/incfs/util/include/util/map_ptr.h
+++ b/incfs/util/include/util/map_ptr.h
@@ -66,9 +66,16 @@ public:
     // Returns whether or not the file was able to be memory-mapped.
     bool Create(int fd, off64_t offset, size_t length, const char* file_name);
 
-    // Same thing, but allows for manual verification enablement
+    // Same thing, but allows verification to be disabled when `verify` is `false`, and enabled when
+    // `verify` is true and the file resides on IncFs.
     bool Create(int fd, off64_t offset, size_t length, const char* file_name, bool verify);
 
+    // Same thing, but allows verification to be disabled when `verify` is `false`, and enabled when
+    // `verify` is true regardless of whether the file resides on IncFs (used for benchmarks and
+    // testing).
+    bool CreateForceVerification(int fd, off64_t offset, size_t length, const char* file_name,
+                                 bool verify);
+
     template <typename T = void>
     map_ptr<T> data() const {
         return map_ptr<T>(verification_enabled_ ? this : nullptr,
diff --git a/incfs/util/map_ptr.cpp b/incfs/util/map_ptr.cpp
index 3ae09c3..f391506 100644
--- a/incfs/util/map_ptr.cpp
+++ b/incfs/util/map_ptr.cpp
@@ -46,19 +46,29 @@ const char* IncFsFileMap::file_name() const {
     return map_->getFileName();
 }
 
+bool IncFsFileMap::Create(int fd, off64_t offset, size_t length, const char* file_name) {
+    return Create(fd, offset, length, file_name, true /* verify */);
+}
+
 #ifdef __ANDROID__
-bool IsVerificationEnabled(int fd) {
+static bool IsVerificationEnabled(int fd) {
     return isIncFsFd(fd) && isFullyLoaded(fd) != LoadingState::Full;
 }
 
 using data_block_index_t = uint32_t;
 
-data_block_index_t get_block_index(const uint8_t* ptr, const uint8_t* start_block_ptr) {
+static data_block_index_t get_block_index(const uint8_t* ptr, const uint8_t* start_block_ptr) {
     return (ptr - start_block_ptr) / INCFS_DATA_FILE_BLOCK_SIZE;
 }
 
 bool IncFsFileMap::Create(int fd, off64_t offset, size_t length, const char* file_name,
                           bool verify) {
+    return CreateForceVerification(fd, offset, length, file_name,
+                                   verify && IsVerificationEnabled(fd));
+}
+
+bool IncFsFileMap::CreateForceVerification(int fd, off64_t offset, size_t length,
+                                           const char* file_name, bool verify) {
     map_ = std::make_unique<android::FileMap>();
     if (!map_->create(file_name, fd, offset, length, true /* readOnly */)) {
         return false;
@@ -80,15 +90,8 @@ bool IncFsFileMap::Create(int fd, off64_t offset, size_t length, const char* fil
     return true;
 }
 
-bool IncFsFileMap::Create(int fd, off64_t offset, size_t length, const char* file_name) {
-    return Create(fd, offset, length, file_name, IsVerificationEnabled(fd));
-}
-
 bool IncFsFileMap::Verify(const uint8_t* const& data_start, const uint8_t* const& data_end,
                           const uint8_t** prev_verified_block) const {
-#ifndef __ANDROID__
-    return true;
-#else
     const data_block_index_t start_index = get_block_index(data_start, start_block_ptr_);
     const data_block_index_t end_index = get_block_index(data_end - 1U, start_block_ptr_);
 
@@ -130,14 +133,25 @@ bool IncFsFileMap::Verify(const uint8_t* const& data_start, const uint8_t* const
     // Update the previous verified block pointer to optimize repeated verifies on the same block.
     *prev_verified_block = start_block_ptr_ + (end_index * INCFS_DATA_FILE_BLOCK_SIZE);
     return true;
-#endif
 }
 
 #else
-bool IncFsFileMap::Create(int fd, off64_t offset, size_t length, const char* file_name) {
+bool IncFsFileMap::Create(int fd, off64_t offset, size_t length, const char* file_name,
+                          bool verify) {
+    return CreateForceVerification(fd, offset, length, file_name, verify);
+}
+
+bool IncFsFileMap::CreateForceVerification(int fd, off64_t offset, size_t length,
+                                           const char* file_name, bool /* verify */) {
     map_ = std::make_unique<android::FileMap>();
     return map_->create(file_name, fd, offset, length, true /* readOnly */);
 }
+
+bool IncFsFileMap::Verify(const uint8_t* const& /* data_start */,
+                          const uint8_t* const& /* data_end */,
+                          const uint8_t** /* prev_verified_block */) const {
+    return true;
+}
 #endif
 
 } // namespace android::incfs
\ No newline at end of file