Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 78934c9b authored by Bowgo Tsai's avatar Bowgo Tsai
Browse files

Disable AVB check in runtime vintf 

GSI disables AVB by overriding vbmeta partition.
When a device can run runtime vintf checking, it should already
pass AVB, so we don't need to check AVB in runtime vintf.

We cannot change the original VintfObject.verify() because AVB check is
still needed for android.os.RecoverySystem to verify a newly downloaded
OTA package.

Bug: 68016134
Test: Boot with GSI and there is no Android System dialog
Change-Id: Ie1efa6f1abd8fa8f495aededd145c0ab2c0c1fae
Merged-In: Ie1efa6f1abd8fa8f495aededd145c0ab2c0c1fae
parent dc98d6e4

core/java/android/os/Build.java

+3 −1
Original line number Diff line number Diff line
@@ -832,7 +832,9 @@ public class Build { 
        if (IS_ENG) return true;



        if (IS_TREBLE_ENABLED) {

            int result = VintfObject.verify(new String[0]);

            // If we can run this code, the device should already pass AVB.

            // So, we don't need to check AVB here.

            int result = VintfObject.verifyWithoutAvb();



            if (result != 0) {

                Slog.e(TAG, "Vendor interface is incompatible, error="

core/java/android/os/VintfObject.java

+12 −2
Original line number Diff line number Diff line
@@ -18,7 +18,6 @@ package android.os; 


import java.util.Map;



import android.util.Log;



/**

 * Java API for libvintf.
@@ -40,7 +39,7 @@ public class VintfObject { 
     * Verify that the given metadata for an OTA package is compatible with

     * this device.

     *

     * @param packageInfo a list of serialized form of HalMaanifest's /

     * @param packageInfo a list of serialized form of HalManifest's /

     * CompatibilityMatri'ces (XML).

     * @return = 0 if success (compatible)

     *         > 0 if incompatible
@@ -48,6 +47,17 @@ public class VintfObject { 
     */

    public static native int verify(String[] packageInfo);



    /**

     * Verify Vintf compatibility on the device without checking AVB

     * (Android Verified Boot). It is useful to verify a running system

     * image where AVB check is irrelevant.

     *

     * @return = 0 if success (compatible)

     *         > 0 if incompatible

     *         < 0 if any error (mount partition fails, illformed XML, etc.)

     */

    public static native int verifyWithoutAvb();



    /// ---------- CTS Device Info



    /**

core/jni/android_os_VintfObject.cpp

+21 −9
Original line number Diff line number Diff line
@@ -93,22 +93,33 @@ static jobjectArray android_os_VintfObject_report(JNIEnv* env, jclass) 
    return toJavaStringArray(env, cStrings);

}



static jint android_os_VintfObject_verify(JNIEnv* env, jclass, jobjectArray packageInfo) {

static jint verify(JNIEnv* env, jobjectArray packageInfo, android::vintf::DisabledChecks checks) {

    std::vector<std::string> cPackageInfo;

    if (packageInfo) {

        size_t count = env->GetArrayLength(packageInfo);

    std::vector<std::string> cPackageInfo{count};

        cPackageInfo.resize(count);

        for (size_t i = 0; i < count; ++i) {

            jstring element = (jstring)env->GetObjectArrayElement(packageInfo, i);

            const char *cString = env->GetStringUTFChars(element, NULL /* isCopy */);

            cPackageInfo[i] = cString;

            env->ReleaseStringUTFChars(element, cString);

        }

    }

    std::string error;

    int32_t status = VintfObject::CheckCompatibility(cPackageInfo, &error);

    int32_t status = VintfObject::CheckCompatibility(cPackageInfo, &error, checks);

    if (status)

        LOG(WARNING) << "VintfObject.verify() returns " << status << ": " << error;

    return status;

}



static jint android_os_VintfObject_verify(JNIEnv* env, jclass, jobjectArray packageInfo) {

    return verify(env, packageInfo, ::android::vintf::ENABLE_ALL_CHECKS);

}



static jint android_os_VintfObject_verifyWithoutAvb(JNIEnv* env, jclass) {

    return verify(env, nullptr, ::android::vintf::DISABLE_AVB_CHECK);

}



static jobjectArray android_os_VintfObject_getHalNamesAndVersions(JNIEnv* env, jclass) {

    std::set<std::string> halNames;

    tryAddHalNamesAndVersions(VintfObject::GetDeviceHalManifest(),
@@ -148,6 +159,7 @@ static jobject android_os_VintfObject_getVndkSnapshots(JNIEnv* env, jclass) { 
static const JNINativeMethod gVintfObjectMethods[] = {

    {"report", "()[Ljava/lang/String;", (void*)android_os_VintfObject_report},

    {"verify", "([Ljava/lang/String;)I", (void*)android_os_VintfObject_verify},

    {"verifyWithoutAvb", "()I", (void*)android_os_VintfObject_verifyWithoutAvb},

    {"getHalNamesAndVersions", "()[Ljava/lang/String;", (void*)android_os_VintfObject_getHalNamesAndVersions},

    {"getSepolicyVersion", "()Ljava/lang/String;", (void*)android_os_VintfObject_getSepolicyVersion},

    {"getVndkSnapshots", "()Ljava/util/Map;", (void*)android_os_VintfObject_getVndkSnapshots},