fs_mgr: removing is_device_secure()

Previously there is no vboot 1.0 metadata for ENG builds. It relies on
is_device_secure() to query "ro.secure" and skip setting up dm-verity
if the value is 0 (meaning ENG build).

This change will be submitted together with other changes to add vboot
1.0 metadata for ENG builds with a "disable magic". The resulting
metadata will be the same as triggering an "adb disable-verity" on an
USERDEBUG image.

Bug: 63056044
Test: boot sailfish eng/userdebug builds

Change-Id: I35eef771e1b30bfc6d01b8ed76b40c942fe7b783
diff --git a/fs_mgr/Android.bp b/fs_mgr/Android.bp
index 2f530ef..5a6298e 100644
--- a/fs_mgr/Android.bp
+++ b/fs_mgr/Android.bp
@@ -56,7 +56,6 @@
         "libfstab",
     ],
     cppflags: [
-        "-DALLOW_SKIP_SECURE_CHECK=0",
         "-DALLOW_ADBD_DISABLE_VERITY=0",
     ],
     product_variables: {
@@ -66,12 +65,6 @@
                 "-DALLOW_ADBD_DISABLE_VERITY=1",
             ],
         },
-        eng: {
-            cppflags: [
-                "-UALLOW_SKIP_SECURE_CHECK",
-                "-DALLOW_SKIP_SECURE_CHECK=1",
-            ],
-        },
     },
 }
 
diff --git a/fs_mgr/fs_mgr.cpp b/fs_mgr/fs_mgr.cpp
index 47e3e17..074f838 100644
--- a/fs_mgr/fs_mgr.cpp
+++ b/fs_mgr/fs_mgr.cpp
@@ -761,10 +761,6 @@
     }
 }
 
-bool is_device_secure() {
-    return android::base::GetBoolProperty("ro.secure", ALLOW_SKIP_SECURE_CHECK ? false : true);
-}
-
 /* When multiple fstab records share the same mount_point, it will
  * try to mount each one in turn, and ignore any duplicates after a
  * first successful mount.
@@ -837,7 +833,7 @@
                 /* Skips mounting the device. */
                 continue;
             }
-        } else if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && is_device_secure()) {
+        } else if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY)) {
             int rc = fs_mgr_setup_verity(&fstab->recs[i], true);
             if (__android_log_is_debuggable() &&
                     (rc == FS_MGR_SETUP_VERITY_DISABLED ||
@@ -1044,7 +1040,7 @@
                 /* Skips mounting the device. */
                 continue;
             }
-        } else if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY) && is_device_secure()) {
+        } else if ((fstab->recs[i].fs_mgr_flags & MF_VERIFY)) {
             int rc = fs_mgr_setup_verity(&fstab->recs[i], true);
             if (__android_log_is_debuggable() &&
                     (rc == FS_MGR_SETUP_VERITY_DISABLED ||
diff --git a/fs_mgr/fs_mgr_priv.h b/fs_mgr/fs_mgr_priv.h
index 7423c1f..c3c87fa 100644
--- a/fs_mgr/fs_mgr_priv.h
+++ b/fs_mgr/fs_mgr_priv.h
@@ -121,7 +121,6 @@
 bool fs_mgr_is_device_unlocked();
 const std::string& get_android_dt_dir();
 bool is_dt_compatible();
-bool is_device_secure();
 int load_verity_state(struct fstab_rec* fstab, int* mode);
 
 #endif /* __CORE_FS_MGR_PRIV_H */
diff --git a/fs_mgr/fs_mgr_verity.cpp b/fs_mgr/fs_mgr_verity.cpp
index 7f8e1e2..896b603 100644
--- a/fs_mgr/fs_mgr_verity.cpp
+++ b/fs_mgr/fs_mgr_verity.cpp
@@ -765,13 +765,6 @@
     const std::string mount_point(basename(fstab->mount_point));
     bool verified_at_boot = false;
 
-    // This is a public API and so deserves its own check to see if verity
-    // setup is needed at all.
-    if (!is_device_secure()) {
-        LINFO << "Verity setup skipped for " << mount_point;
-        return FS_MGR_SETUP_VERITY_SKIPPED;
-    }
-
     if (fec_open(&f, fstab->blk_device, O_RDONLY, FEC_VERITY_DISABLE,
             FEC_DEFAULT_ROOTS) < 0) {
         PERROR << "Failed to open '" << fstab->blk_device << "'";
@@ -792,7 +785,7 @@
 #ifdef ALLOW_ADBD_DISABLE_VERITY
     if (verity.disabled) {
         retval = FS_MGR_SETUP_VERITY_DISABLED;
-        LINFO << "Attempt to cleanly disable verity - only works in USERDEBUG";
+        LINFO << "Attempt to cleanly disable verity - only works in USERDEBUG/ENG";
         goto out;
     }
 #endif