vintf: Disable kernel compat check at boot time.

Before this change, if the kernel has a set of CONFIGs
that is not compatible with the system image, a dialog
is displayed for user / userdebug builds at boot time.

This check has been doing more harm than good because:

- This check is already enforced at build time and during
  VTS tests (See vts_treble_vintf_framework_test).
- The dialog blocks UI automation for tests. For these UI
  automation tests, they need to respond to the dialog.
- GKI has been enforced ecosystem-wide except for a few
  low-end devices of other verticals. For these non-GKI
  devices, the check enforced by VTS should guard this.
  Hence, the check does not give us any signal.
- During development, a kernel that corresponds to the latest
  release (android15 as of now) might not have valid kernel
  config requirements in userspace. Kernel development schedule
  is usually ahead of the userspace development schedule.
  It does not always carry the string "-mainline-", because
  it is not a mainline kernel. To unblock test automation on
  these latest, bleeding-edge kernels, this kernel check should
  go away.
- This is a small steps towards dropping the dependency on libvintf
  on libandroid_runtime. libvintf links to libselinux, which is
  huge. libandroid_runtime loads this, and the memory stays there
  forever. Ideally, we should disable the whole VINTF check at
  boot time, but let's do this one step at a time.

Bug: 272479887
Bug: 270169217
Test: TH
Change-Id: If24cdca9fb535b8f443c0d21f9a46c7ea25c1f9f

3 files changed, 11 insertions, 12 deletions

diff --git a/core/java/android/os/Build.java b/core/java/android/os/Build.java
index a9b7257a5406..58717179d64d 100755
--- a/core/java/android/os/Build.java
+++ b/core/java/android/os/Build.java
@@ -1315,9 +1315,7 @@ public class Build {
         if (IS_ENG) return true;
 
         if (IS_TREBLE_ENABLED) {
-            // If we can run this code, the device should already pass AVB.
-            // So, we don't need to check AVB here.
-            int result = VintfObject.verifyWithoutAvb();
+            int result = VintfObject.verifyBuildAtBoot();
 
             if (result != 0) {
                 Slog.e(TAG, "Vendor interface is incompatible, error="
diff --git a/core/java/android/os/VintfObject.java b/core/java/android/os/VintfObject.java
index 207dace75dfa..4fc5131617b2 100644
--- a/core/java/android/os/VintfObject.java
+++ b/core/java/android/os/VintfObject.java
@@ -43,9 +43,8 @@ public class VintfObject {
     public static native String[] report();
 
     /**
-     * Verify Vintf compatibility on the device without checking AVB
-     * (Android Verified Boot). It is useful to verify a running system
-     * image where AVB check is irrelevant.
+     * Verify Vintf compatibility on the device at boot time. Certain checks
+     * like kernel checks, AVB checks are disabled.
      *
      * @return = 0 if success (compatible)
      *         > 0 if incompatible
@@ -53,7 +52,7 @@ public class VintfObject {
      *
      * @hide
      */
-    public static native int verifyWithoutAvb();
+    public static native int verifyBuildAtBoot();
 
     /**
      * @return a list of HAL names and versions that is supported by this
diff --git a/core/jni/android_os_VintfObject.cpp b/core/jni/android_os_VintfObject.cpp
index 1baea2aecc3c..b6517117ca62 100644
--- a/core/jni/android_os_VintfObject.cpp
+++ b/core/jni/android_os_VintfObject.cpp
@@ -46,6 +46,7 @@ using vintf::toXml;
 using vintf::Version;
 using vintf::VintfObject;
 using vintf::Vndk;
+using vintf::CheckFlags::ENABLE_ALL_CHECKS;
 
 template<typename V>
 static inline jobjectArray toJavaStringArray(JNIEnv* env, const V& v) {
@@ -93,12 +94,13 @@ static jobjectArray android_os_VintfObject_report(JNIEnv* env, jclass)
     return toJavaStringArray(env, cStrings);
 }
 
-static jint android_os_VintfObject_verifyWithoutAvb(JNIEnv* env, jclass) {
+static jint android_os_VintfObject_verifyBuildAtBoot(JNIEnv* env, jclass) {
     std::string error;
-    int32_t status = VintfObject::GetInstance()->checkCompatibility(&error,
-            ::android::vintf::CheckFlags::DISABLE_AVB_CHECK);
+    int32_t status =
+            VintfObject::GetInstance()
+                    ->checkCompatibility(&error, ENABLE_ALL_CHECKS.disableAvb().disableKernel());
     if (status)
-        LOG(WARNING) << "VintfObject.verifyWithoutAvb() returns " << status << ": " << error;
+        LOG(WARNING) << "VintfObject.verifyBuildAtBoot() returns " << status << ": " << error;
     return status;
 }
 
@@ -170,7 +172,7 @@ static jobject android_os_VintfObject_getTargetFrameworkCompatibilityMatrixVersi
 
 static const JNINativeMethod gVintfObjectMethods[] = {
         {"report", "()[Ljava/lang/String;", (void*)android_os_VintfObject_report},
-        {"verifyWithoutAvb", "()I", (void*)android_os_VintfObject_verifyWithoutAvb},
+        {"verifyBuildAtBoot", "()I", (void*)android_os_VintfObject_verifyBuildAtBoot},
         {"getHalNamesAndVersions", "()[Ljava/lang/String;",
          (void*)android_os_VintfObject_getHalNamesAndVersions},
         {"getSepolicyVersion", "()Ljava/lang/String;",