From 27022ac8c0ce9575afe3dbbb70fd9a86bb2c6cc2 Mon Sep 17 00:00:00 2001
From: Yifan Hong <elsk@google.com>
Date: Tue, 19 Dec 2023 16:51:26 -0800
Subject: vintf: delete deprecated VintfObject.verify.

It is not used anywhere.

Test: TH
Bug: 270169217
Change-Id: Ifcc8412ed3629d2447908513faf1d6f5ed3f483c
---
 core/java/android/os/VintfObject.java | 36 -----------------------------------
 1 file changed, 36 deletions(-)

diff --git a/core/java/android/os/VintfObject.java b/core/java/android/os/VintfObject.java
index 1f11197afeee..207dace75dfa 100644
--- a/core/java/android/os/VintfObject.java
+++ b/core/java/android/os/VintfObject.java
@@ -18,7 +18,6 @@ package android.os;
 
 import android.annotation.NonNull;
 import android.annotation.TestApi;
-import android.util.Slog;
 
 import java.util.Map;
 
@@ -43,41 +42,6 @@ public class VintfObject {
     @TestApi
     public static native String[] report();
 
-    /**
-     * Verify that the given metadata for an OTA package is compatible with
-     * this device.
-     *
-     * @param packageInfo a list of serialized form of HalManifest's /
-     * CompatibilityMatri'ces (XML).
-     * @return = 0 if success (compatible)
-     *         &gt; 0 if incompatible
-     *         &lt; 0 if any error (mount partition fails, illformed XML, etc.)
-     *
-     * @deprecated Checking compatibility against an OTA package is no longer
-     * supported because the format of VINTF metadata in the OTA package may not
-     * be recognized by the current system.
-     *
-     * <p>
-     * <ul>
-     * <li>This function always returns 0 for non-empty {@code packageInfo}.
-     * </li>
-     * <li>This function returns the result of {@link #verifyWithoutAvb} for
-     * null or empty {@code packageInfo}.</li>
-     * </ul>
-     *
-     * @hide
-     */
-    @Deprecated
-    public static int verify(String[] packageInfo) {
-        if (packageInfo != null && packageInfo.length > 0) {
-            Slog.w(LOG_TAG, "VintfObject.verify() with non-empty packageInfo is deprecated. "
-                    + "Skipping compatibility checks for update package.");
-            return 0;
-        }
-        Slog.w(LOG_TAG, "VintfObject.verify() is deprecated. Call verifyWithoutAvb() instead.");
-        return verifyWithoutAvb();
-    }
-
     /**
      * Verify Vintf compatibility on the device without checking AVB
      * (Android Verified Boot). It is useful to verify a running system
-- 
cgit v1.2.3-59-g8ed1b


From 052b036bfda8e18229b6af1cc57aadce8983485d Mon Sep 17 00:00:00 2001
From: Yifan Hong <elsk@google.com>
Date: Tue, 19 Dec 2023 16:55:16 -0800
Subject: vintf: Disable kernel compat check at boot time.

Before this change, if the kernel has a set of CONFIGs
that is not compatible with the system image, a dialog
is displayed for user / userdebug builds at boot time.

This check has been doing more harm than good because:

- This check is already enforced at build time and during
  VTS tests (See vts_treble_vintf_framework_test).
- The dialog blocks UI automation for tests. For these UI
  automation tests, they need to respond to the dialog.
- GKI has been enforced ecosystem-wide except for a few
  low-end devices of other verticals. For these non-GKI
  devices, the check enforced by VTS should guard this.
  Hence, the check does not give us any signal.
- During development, a kernel that corresponds to the latest
  release (android15 as of now) might not have valid kernel
  config requirements in userspace. Kernel development schedule
  is usually ahead of the userspace development schedule.
  It does not always carry the string "-mainline-", because
  it is not a mainline kernel. To unblock test automation on
  these latest, bleeding-edge kernels, this kernel check should
  go away.
- This is a small steps towards dropping the dependency on libvintf
  on libandroid_runtime. libvintf links to libselinux, which is
  huge. libandroid_runtime loads this, and the memory stays there
  forever. Ideally, we should disable the whole VINTF check at
  boot time, but let's do this one step at a time.

Bug: 272479887
Bug: 270169217
Test: TH
Change-Id: If24cdca9fb535b8f443c0d21f9a46c7ea25c1f9f
---
 core/java/android/os/Build.java       |  4 +---
 core/java/android/os/VintfObject.java |  7 +++----
 core/jni/android_os_VintfObject.cpp   | 12 +++++++-----
 3 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/core/java/android/os/Build.java b/core/java/android/os/Build.java
index a9b7257a5406..58717179d64d 100755
--- a/core/java/android/os/Build.java
+++ b/core/java/android/os/Build.java
@@ -1315,9 +1315,7 @@ public class Build {
         if (IS_ENG) return true;
 
         if (IS_TREBLE_ENABLED) {
-            // If we can run this code, the device should already pass AVB.
-            // So, we don't need to check AVB here.
-            int result = VintfObject.verifyWithoutAvb();
+            int result = VintfObject.verifyBuildAtBoot();
 
             if (result != 0) {
                 Slog.e(TAG, "Vendor interface is incompatible, error="
diff --git a/core/java/android/os/VintfObject.java b/core/java/android/os/VintfObject.java
index 207dace75dfa..4fc5131617b2 100644
--- a/core/java/android/os/VintfObject.java
+++ b/core/java/android/os/VintfObject.java
@@ -43,9 +43,8 @@ public class VintfObject {
     public static native String[] report();
 
     /**
-     * Verify Vintf compatibility on the device without checking AVB
-     * (Android Verified Boot). It is useful to verify a running system
-     * image where AVB check is irrelevant.
+     * Verify Vintf compatibility on the device at boot time. Certain checks
+     * like kernel checks, AVB checks are disabled.
      *
      * @return = 0 if success (compatible)
      *         > 0 if incompatible
@@ -53,7 +52,7 @@ public class VintfObject {
      *
      * @hide
      */
-    public static native int verifyWithoutAvb();
+    public static native int verifyBuildAtBoot();
 
     /**
      * @return a list of HAL names and versions that is supported by this
diff --git a/core/jni/android_os_VintfObject.cpp b/core/jni/android_os_VintfObject.cpp
index 1baea2aecc3c..b6517117ca62 100644
--- a/core/jni/android_os_VintfObject.cpp
+++ b/core/jni/android_os_VintfObject.cpp
@@ -46,6 +46,7 @@ using vintf::toXml;
 using vintf::Version;
 using vintf::VintfObject;
 using vintf::Vndk;
+using vintf::CheckFlags::ENABLE_ALL_CHECKS;
 
 template<typename V>
 static inline jobjectArray toJavaStringArray(JNIEnv* env, const V& v) {
@@ -93,12 +94,13 @@ static jobjectArray android_os_VintfObject_report(JNIEnv* env, jclass)
     return toJavaStringArray(env, cStrings);
 }
 
-static jint android_os_VintfObject_verifyWithoutAvb(JNIEnv* env, jclass) {
+static jint android_os_VintfObject_verifyBuildAtBoot(JNIEnv* env, jclass) {
     std::string error;
-    int32_t status = VintfObject::GetInstance()->checkCompatibility(&error,
-            ::android::vintf::CheckFlags::DISABLE_AVB_CHECK);
+    int32_t status =
+            VintfObject::GetInstance()
+                    ->checkCompatibility(&error, ENABLE_ALL_CHECKS.disableAvb().disableKernel());
     if (status)
-        LOG(WARNING) << "VintfObject.verifyWithoutAvb() returns " << status << ": " << error;
+        LOG(WARNING) << "VintfObject.verifyBuildAtBoot() returns " << status << ": " << error;
     return status;
 }
 
@@ -170,7 +172,7 @@ static jobject android_os_VintfObject_getTargetFrameworkCompatibilityMatrixVersi
 
 static const JNINativeMethod gVintfObjectMethods[] = {
         {"report", "()[Ljava/lang/String;", (void*)android_os_VintfObject_report},
-        {"verifyWithoutAvb", "()I", (void*)android_os_VintfObject_verifyWithoutAvb},
+        {"verifyBuildAtBoot", "()I", (void*)android_os_VintfObject_verifyBuildAtBoot},
         {"getHalNamesAndVersions", "()[Ljava/lang/String;",
          (void*)android_os_VintfObject_getHalNamesAndVersions},
         {"getSepolicyVersion", "()Ljava/lang/String;",
-- 
cgit v1.2.3-59-g8ed1b