Add emmc_optimized flag

Bug: 144046242
Test: atest libfscrypt_unit_test
Test: Change fstab on Cuttlefish with patched kernel, check dir policy
Change-Id: I362f9a55fa28bb25afe992c8b0bae48546fc9ab0

3 files changed, 35 insertions, 0 deletions

diff --git a/libfscrypt/fscrypt.cpp b/libfscrypt/fscrypt.cpp
index 622b4cdb..a52ed90c 100644
--- a/libfscrypt/fscrypt.cpp
+++ b/libfscrypt/fscrypt.cpp
@@ -153,6 +153,9 @@ bool OptionsToStringForApiLevel(unsigned int first_api_level, const EncryptionOp
     if ((options.flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64)) {
         *options_string += "+inlinecrypt_optimized";
     }
+    if ((options.flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32)) {
+        *options_string += "+emmc_optimized";
+    }
     if (options.use_hw_wrapped_key) {
         *options_string += "+wrappedkey_v0";
     }
@@ -214,6 +217,8 @@ bool ParseOptionsForApiLevel(unsigned int first_api_level, const std::string& op
                 options->version = 2;
             } else if (flag == "inlinecrypt_optimized") {
                 options->flags |= FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64;
+            } else if (flag == "emmc_optimized") {
+                options->flags |= FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32;
             } else if (flag == "wrappedkey_v0") {
                 options->use_hw_wrapped_key = true;
             } else {
@@ -248,6 +253,18 @@ bool ParseOptionsForApiLevel(unsigned int first_api_level, const std::string& op
         LOG(ERROR) << "Adiantum must be both contents and filenames mode or neither, invalid options: " << options_string;
         return false;
     }
+
+    // IV generation methods are mutually exclusive
+    int iv_methods = 0;
+    iv_methods += !!(options->flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64);
+    iv_methods += !!(options->flags & FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32);
+    iv_methods += !!(options->flags & FSCRYPT_POLICY_FLAG_DIRECT_KEY);
+    if (iv_methods > 1) {
+        LOG(ERROR) << "At most one IV generation method can be set, invalid options: "
+                   << options_string;
+        return false;
+    }
+
     return true;
 }
 
diff --git a/libfscrypt/include/fscrypt/fscrypt.h b/libfscrypt/include/fscrypt/fscrypt.h
index 78b12560..b1ba1dfe 100644
--- a/libfscrypt/include/fscrypt/fscrypt.h
+++ b/libfscrypt/include/fscrypt/fscrypt.h
@@ -19,6 +19,12 @@
 
 #include <string>
 
+#ifndef FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32
+// When FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32 is added to Bionic's linux/fscrypt.h
+// then this whole stanza should be removed.
+#define FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32 0x10
+#endif
+
 bool fscrypt_is_native();
 
 static const char* fscrypt_unencrypted_folder = "/unencrypted";
diff --git a/libfscrypt/tests/fscrypt_test.cpp b/libfscrypt/tests/fscrypt_test.cpp
index 457ac684..4fbd742c 100644
--- a/libfscrypt/tests/fscrypt_test.cpp
+++ b/libfscrypt/tests/fscrypt_test.cpp
@@ -156,6 +156,18 @@ TEST(fscrypt, ParseOptions) {
         EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_16 | FSCRYPT_POLICY_FLAG_IV_INO_LBLK_64, options.flags);
     }
 
+    {
+        TEST_STRING(30, "::emmc_optimized", "aes-256-xts:aes-256-cts:v2+emmc_optimized");
+        EXPECT_EQ(2, options.version);
+        EXPECT_EQ(FSCRYPT_MODE_AES_256_XTS, options.contents_mode);
+        EXPECT_EQ(FSCRYPT_MODE_AES_256_CTS, options.filenames_mode);
+        EXPECT_EQ(FSCRYPT_POLICY_FLAGS_PAD_16 | FSCRYPT_POLICY_FLAG_IV_INO_LBLK_32, options.flags);
+    }
+    EXPECT_FALSE(
+            ParseOptionsForApiLevel(30, "::inlinecrypt_optimized+emmc_optimized", &dummy_options));
+    EXPECT_FALSE(ParseOptionsForApiLevel(30, "adiantum::inlinecrypt_optimized", &dummy_options));
+    EXPECT_FALSE(ParseOptionsForApiLevel(30, "adiantum::emmc_optimized", &dummy_options));
+
     EXPECT_FALSE(ParseOptionsForApiLevel(29, "aes-256-xts:aes-256-cts:v2:", &dummy_options));
     EXPECT_FALSE(ParseOptionsForApiLevel(29, "aes-256-xts:aes-256-cts:v2:foo", &dummy_options));
     EXPECT_FALSE(ParseOptionsForApiLevel(29, "aes-256-xts:aes-256-cts:blah", &dummy_options));