sagit: add assertion for FBE

Change-Id: Ib845e35c0ff6c2506e8e8ce49665e90688ccf26f

BoardConfig.mk

@@ -237,7 +237,6 @@ TARGET_POWERHAL_VARIANT := none
 TARGET_RECOVERY_FSTAB := $(DEVICE_PATH)/rootdir/etc/fstab.qcom
 TARGET_RECOVERY_PIXEL_FORMAT := "RGBX_8888"
 TARGET_USERIMAGES_USE_EXT4 := true
-#TARGET_USERIMAGES_USE_F2FS := true
 
 # Releasetools
 TARGET_RECOVERY_UPDATER_LIBS := librecovery_updater_sagit

device.mk

@@ -294,6 +294,10 @@ PRODUCT_COPY_FILES += \
 PRODUCT_PACKAGES += \
     librecovery_updater_sagit
 
+# Releasetools
+PRODUCT_COPY_FILES += \
+    $(LOCAL_PATH)/fbe_check.sh:install/bin/fbe_check.sh
+
 # RIL
 PRODUCT_PACKAGES += \
     librmnetctl \

fbe_check.sh

@@ -0,0 +1,36 @@
+#!/sbin/sh
+#
+# Copyright (C) 2017 The MoKee Open Source Project
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+ENCRYPTION="/data/unencrypted/mode"
+
+# Data partition is just formatted and empty
+if [[ ! -d "/data/data" ]]; then
+    return 0
+fi
+
+# No encryption mode file
+if [[ ! -f $ENCRYPTION ]]; then
+    return 1
+fi
+
+# Encryption is not FBE
+if [[ "$(cat $ENCRYPTION)" != "ice" ]]; then
+    return 2
+fi
+
+return 0

releasetools.py

@@ -20,10 +20,12 @@
 
 def FullOTA_Assertions(info):
   AddModemAssertion(info, info.input_zip)
+  AddFileEncryptionAssertion(info)
   return
 
 def IncrementalOTA_Assertions(info):
   AddModemAssertion(info, info.target_zip)
+  AddFileEncryptionAssertion(info)
   return
 
 def AddModemAssertion(info, input_zip):
@@ -35,3 +37,25 @@ def AddModemAssertion(info, input_zip):
       cmd = 'assert(sagit.verify_modem(' + ','.join(['"%s"' % modem for modem in versions]) + ') == "1");'
       info.script.AppendExtra(cmd)
   return
+
+def AddFileEncryptionAssertion(info):
+  info.script.AppendExtra('package_extract_file("install/bin/fbe_check.sh", "/tmp/fbe_check.sh");');
+  info.script.AppendExtra('set_metadata("/tmp/fbe_check.sh", "uid", 0, "gid", 0, "mode", 0755);');
+  info.script.AppendExtra('if !is_mounted("/data") then');
+  info.script.Mount("/data");
+  info.script.AppendExtra('endif;');
+  info.script.AppendExtra('if run_program("/tmp/fbe_check.sh") != 0 then');
+  info.script.AppendExtra('ui_print("===========================================");');
+  info.script.AppendExtra('ui_print("|              !!! ERROR !!!               ");');
+  info.script.AppendExtra('ui_print("|                                          ");');
+  info.script.AppendExtra('ui_print("| File-based Encryption is required.       ");');
+  info.script.AppendExtra('ui_print("|                                          ");');
+  info.script.AppendExtra('ui_print("| Backup your data (including internal     ");');
+  info.script.AppendExtra('ui_print("| storage) and format the data partition.  ");');
+  info.script.AppendExtra('ui_print("|                                          ");');
+  info.script.AppendExtra('ui_print("| Chinese: http://t.cn/R92kLm3             ");');
+  info.script.AppendExtra('ui_print("| English: https://t.co/7jDlsf2y6v         ");');
+  info.script.AppendExtra('ui_print("===========================================");');
+  info.script.AppendExtra('abort("FBE check failed.");');
+  info.script.AppendExtra('endif;');
+  info.script.Unmount("/data");