Verify filesystem image on stage.

The filesystem image inside an APEX could become corrupted, for example
when it's downloaded, or by a malicious attacker. We would not execute
code from such an image because it's protected by dm-verity, but at the
same time we would leave the system in a bad state, because dm-verity
failures result in either I/O errors or reboots.

To prevent this, read the entire filesystem image through dm-verity at
least once during stage, so we can prevent corruption at stage time.

Bug: 126514108
Test: apexservice_test
Change-Id: Ie6681c6c8a072aef0f91c7866b4e6987170e2c7c
3 files changed
tree: 20e3dca8446b9afa70eb34110e55aae2b1c585dd
  1. apexd/
  2. apexer/
  3. proto/
  4. shim/
  5. tests/
  6. CleanSpec.mk
  7. OWNERS
  8. PREUPLOAD.cfg