Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_frameworks_base / 052b036bfda8e18229b6af1cc57aadce8983485d^! / .
commit052b036bfda8e18229b6af1cc57aadce8983485d[log] [tgz]
authorYifan Hong <elsk@google.com>Tue Dec 19 16:55:16 2023 -0800
committerYifan Hong <elsk@google.com>Mon Jan 08 17:51:09 2024 +0000
treed504d6860b70da307c1a6965fb2371b128ce37b9
parent27022ac8c0ce9575afe3dbbb70fd9a86bb2c6cc2 [diff]
vintf: Disable kernel compat check at boot time.

Before this change, if the kernel has a set of CONFIGs
that is not compatible with the system image, a dialog
is displayed for user / userdebug builds at boot time.

This check has been doing more harm than good because:

- This check is already enforced at build time and during
  VTS tests (See vts_treble_vintf_framework_test).
- The dialog blocks UI automation for tests. For these UI
  automation tests, they need to respond to the dialog.
- GKI has been enforced ecosystem-wide except for a few
  low-end devices of other verticals. For these non-GKI
  devices, the check enforced by VTS should guard this.
  Hence, the check does not give us any signal.
- During development, a kernel that corresponds to the latest
  release (android15 as of now) might not have valid kernel
  config requirements in userspace. Kernel development schedule
  is usually ahead of the userspace development schedule.
  It does not always carry the string "-mainline-", because
  it is not a mainline kernel. To unblock test automation on
  these latest, bleeding-edge kernels, this kernel check should
  go away.
- This is a small steps towards dropping the dependency on libvintf
  on libandroid_runtime. libvintf links to libselinux, which is
  huge. libandroid_runtime loads this, and the memory stays there
  forever. Ideally, we should disable the whole VINTF check at
  boot time, but let's do this one step at a time.

Bug: 272479887
Bug: 270169217
Test: TH
Change-Id: If24cdca9fb535b8f443c0d21f9a46c7ea25c1f9f

diff --git a/core/java/android/os/Build.java b/core/java/android/os/Build.java
index a9b7257..5871717 100755
--- a/core/java/android/os/Build.java
+++ b/core/java/android/os/Build.java

@@ -1315,9 +1315,7 @@
         if (IS_ENG) return true;
 
         if (IS_TREBLE_ENABLED) {
-            // If we can run this code, the device should already pass AVB.
-            // So, we don't need to check AVB here.
-            int result = VintfObject.verifyWithoutAvb();
+            int result = VintfObject.verifyBuildAtBoot();
 
             if (result != 0) {
                 Slog.e(TAG, "Vendor interface is incompatible, error="

diff --git a/core/java/android/os/VintfObject.java b/core/java/android/os/VintfObject.java
index 207dace..4fc5131 100644
--- a/core/java/android/os/VintfObject.java
+++ b/core/java/android/os/VintfObject.java

@@ -43,9 +43,8 @@
     public static native String[] report();
 
     /**
-     * Verify Vintf compatibility on the device without checking AVB
-     * (Android Verified Boot). It is useful to verify a running system
-     * image where AVB check is irrelevant.
+     * Verify Vintf compatibility on the device at boot time. Certain checks
+     * like kernel checks, AVB checks are disabled.
      *
      * @return = 0 if success (compatible)
      *         > 0 if incompatible
@@ -53,7 +52,7 @@
      *
      * @hide
      */
-    public static native int verifyWithoutAvb();
+    public static native int verifyBuildAtBoot();
 
     /**
      * @return a list of HAL names and versions that is supported by this

diff --git a/core/jni/android_os_VintfObject.cpp b/core/jni/android_os_VintfObject.cpp
index 1baea2a..b651711 100644
--- a/core/jni/android_os_VintfObject.cpp
+++ b/core/jni/android_os_VintfObject.cpp

@@ -46,6 +46,7 @@
 using vintf::Version;
 using vintf::VintfObject;
 using vintf::Vndk;
+using vintf::CheckFlags::ENABLE_ALL_CHECKS;
 
 template<typename V>
 static inline jobjectArray toJavaStringArray(JNIEnv* env, const V& v) {
@@ -93,12 +94,13 @@
     return toJavaStringArray(env, cStrings);
 }
 
-static jint android_os_VintfObject_verifyWithoutAvb(JNIEnv* env, jclass) {
+static jint android_os_VintfObject_verifyBuildAtBoot(JNIEnv* env, jclass) {
     std::string error;
-    int32_t status = VintfObject::GetInstance()->checkCompatibility(&error,
-            ::android::vintf::CheckFlags::DISABLE_AVB_CHECK);
+    int32_t status =
+            VintfObject::GetInstance()
+                    ->checkCompatibility(&error, ENABLE_ALL_CHECKS.disableAvb().disableKernel());
     if (status)
-        LOG(WARNING) << "VintfObject.verifyWithoutAvb() returns " << status << ": " << error;
+        LOG(WARNING) << "VintfObject.verifyBuildAtBoot() returns " << status << ": " << error;
     return status;
 }
 
@@ -170,7 +172,7 @@
 
 static const JNINativeMethod gVintfObjectMethods[] = {
         {"report", "()[Ljava/lang/String;", (void*)android_os_VintfObject_report},
-        {"verifyWithoutAvb", "()I", (void*)android_os_VintfObject_verifyWithoutAvb},
+        {"verifyBuildAtBoot", "()I", (void*)android_os_VintfObject_verifyBuildAtBoot},
         {"getHalNamesAndVersions", "()[Ljava/lang/String;",
          (void*)android_os_VintfObject_getHalNamesAndVersions},
         {"getSepolicyVersion", "()Ljava/lang/String;",