aconfig: add invariant checks for is_fixed_read_only

Update parsed_flag::verify_fields to verify that the invariant "if a
parsed flag is_fixed_read_only, its permission must be READ_ONLY".

Note: commands.rs will ensure that no value files are used to create an
invalid parsed flag when flag declarations and values are parsed, but
the invariant check should still be added for completeness sake, and to
make sure no invalid hand-crafted test data exists.

Also fix invalid test data found by adding this invariant.

Bug: 298935897
Test: atest aconfig.test
Change-Id: I8cea5c4d28c458525b7034d78ecb34dd09272771

tools/aconfig/src/protos.rs

@@ -215,6 +215,17 @@ pub mod parsed_flag {
             super::tracepoint::verify_fields(tp)?;
         }
         ensure!(pf.bug.len() == 1, "bad flag declaration: exactly one bug required");
+        if pf.is_fixed_read_only() {
+            ensure!(
+                pf.permission() == ProtoFlagPermission::READ_ONLY,
+                "bad parsed flag: flag is is_fixed_read_only but permission is not READ_ONLY"
+            );
+            for tp in pf.trace.iter() {
+                ensure!(tp.permission() == ProtoFlagPermission::READ_ONLY,
+                "bad parsed flag: flag is is_fixed_read_only but a tracepoint's permission is not READ_ONLY"
+                );
+            }
+        }
 
         Ok(())
     }
@@ -547,7 +558,7 @@ parsed_flag {
     description: "This is the description of the second flag."
     bug: "SOME_BUG"
     state: ENABLED
-    permission: READ_WRITE
+    permission: READ_ONLY
     trace {
         source: "flags.declarations"
         state: DISABLED
@@ -556,7 +567,7 @@ parsed_flag {
     trace {
         source: "flags.values"
         state: ENABLED
-        permission: READ_WRITE
+        permission: READ_ONLY
     }
     is_fixed_read_only: true
 }
@@ -570,14 +581,14 @@ parsed_flag {
         assert_eq!(second.description(), "This is the description of the second flag.");
         assert_eq!(second.bug, vec!["SOME_BUG"]);
         assert_eq!(second.state(), ProtoFlagState::ENABLED);
-        assert_eq!(second.permission(), ProtoFlagPermission::READ_WRITE);
+        assert_eq!(second.permission(), ProtoFlagPermission::READ_ONLY);
         assert_eq!(2, second.trace.len());
         assert_eq!(second.trace[0].source(), "flags.declarations");
         assert_eq!(second.trace[0].state(), ProtoFlagState::DISABLED);
         assert_eq!(second.trace[0].permission(), ProtoFlagPermission::READ_ONLY);
         assert_eq!(second.trace[1].source(), "flags.values");
         assert_eq!(second.trace[1].state(), ProtoFlagState::ENABLED);
-        assert_eq!(second.trace[1].permission(), ProtoFlagPermission::READ_WRITE);
+        assert_eq!(second.trace[1].permission(), ProtoFlagPermission::READ_ONLY);
         assert!(second.is_fixed_read_only());
 
         // valid input: empty