Merge "Consolidate fs-verity wrapper in libfsverity_rs" am: 93302519d4 am: 6df71858ac am: 232cdde7e4

Original change: https://android-review.googlesource.com/c/platform/system/security/+/2492595

Change-Id: I34f1d6321246ac61ca3866a3be57d9c9bf3162ed
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

3 files changed, 143 insertions, 0 deletions

diff --git a/fsverity/libfsverity_rs/Android.bp b/fsverity/libfsverity_rs/Android.bp
new file mode 100644
index 00000000..91b12486
--- /dev/null
+++ b/fsverity/libfsverity_rs/Android.bp
@@ -0,0 +1,17 @@
+package {
+    default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+rust_library {
+    name: "libfsverity_rs",
+    crate_name: "fsverity",
+    srcs: ["lib.rs"],
+    edition: "2021",
+    rustlibs: [
+        "libnix",
+    ],
+    apex_available: [
+        "com.android.compos",
+        "com.android.virt",
+    ],
+}
diff --git a/fsverity/libfsverity_rs/lib.rs b/fsverity/libfsverity_rs/lib.rs
new file mode 100644
index 00000000..473b2d5c
--- /dev/null
+++ b/fsverity/libfsverity_rs/lib.rs
@@ -0,0 +1,68 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! A wrapper library to use fs-verity
+
+mod sys;
+
+use crate::sys::*;
+use std::io;
+use std::os::fd::AsRawFd;
+use std::os::unix::io::BorrowedFd;
+
+fn read_metadata(fd: i32, metadata_type: u64, offset: u64, buf: &mut [u8]) -> io::Result<usize> {
+    let mut arg = fsverity_read_metadata_arg {
+        metadata_type,
+        offset,
+        length: buf.len() as u64,
+        buf_ptr: buf.as_mut_ptr() as u64,
+        __reserved: 0,
+    };
+    // SAFETY: the ioctl doesn't change the sematics in the current process
+    Ok(unsafe { read_verity_metadata(fd, &mut arg) }? as usize)
+}
+
+/// Read the raw Merkle tree from the fd, if it exists. The API semantics is similar to a regular
+/// pread(2), and may not return full requested buffer.
+pub fn read_merkle_tree(fd: i32, offset: u64, buf: &mut [u8]) -> io::Result<usize> {
+    read_metadata(fd, FS_VERITY_METADATA_TYPE_MERKLE_TREE, offset, buf)
+}
+
+/// Read the fs-verity signature from the fd (if exists). The returned signature should be complete.
+pub fn read_signature(fd: i32, buf: &mut [u8]) -> io::Result<usize> {
+    read_metadata(fd, FS_VERITY_METADATA_TYPE_SIGNATURE, 0 /* offset */, buf)
+}
+
+/// Enable fs-verity to the `fd`, with sha256 hash algorithm and 4KB block size.
+pub fn enable(fd: BorrowedFd) -> io::Result<()> {
+    let arg = fsverity_enable_arg {
+        version: 1,
+        hash_algorithm: FS_VERITY_HASH_ALG_SHA256,
+        block_size: 4096,
+        salt_size: 0,
+        salt_ptr: 0,
+        sig_size: 0,
+        __reserved1: 0,
+        sig_ptr: 0,
+        __reserved2: [0; 11],
+    };
+    // SAFETY: the ioctl doesn't change the sematics in the current process
+    if unsafe { enable_verity(fd.as_raw_fd(), &arg) } == Ok(0) {
+        Ok(())
+    } else {
+        Err(io::Error::last_os_error())
+    }
+}
diff --git a/fsverity/libfsverity_rs/sys.rs b/fsverity/libfsverity_rs/sys.rs
new file mode 100644
index 00000000..8ce0836d
--- /dev/null
+++ b/fsverity/libfsverity_rs/sys.rs
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! Stable API definition copied from uapi/linux/fsverity.h
+
+use nix::{ioctl_readwrite, ioctl_write_ptr};
+
+const FS_IOCTL_MAGIC: u8 = b'f';
+const FS_IOC_ENABLE_VERITY: u8 = 133;
+const FS_IOCTL_READ_VERITY_METADATA: u8 = 135;
+
+pub const FS_VERITY_HASH_ALG_SHA256: u32 = 1;
+pub const FS_VERITY_METADATA_TYPE_MERKLE_TREE: u64 = 1;
+pub const FS_VERITY_METADATA_TYPE_SIGNATURE: u64 = 3;
+
+#[repr(C)]
+pub struct fsverity_read_metadata_arg {
+    pub metadata_type: u64,
+    pub offset: u64,
+    pub length: u64,
+    pub buf_ptr: u64,
+    pub __reserved: u64,
+}
+
+ioctl_readwrite!(
+    read_verity_metadata,
+    FS_IOCTL_MAGIC,
+    FS_IOCTL_READ_VERITY_METADATA,
+    fsverity_read_metadata_arg
+);
+
+#[repr(C)]
+pub struct fsverity_enable_arg {
+    pub version: u32,
+    pub hash_algorithm: u32,
+    pub block_size: u32,
+    pub salt_size: u32,
+    pub salt_ptr: u64,
+    pub sig_size: u32,
+    pub __reserved1: u32,
+    pub sig_ptr: u64,
+    pub __reserved2: [u64; 11],
+}
+
+ioctl_write_ptr!(enable_verity, FS_IOCTL_MAGIC, FS_IOC_ENABLE_VERITY, fsverity_enable_arg);