From 78934c9b8bf0f1ba75f47a42893f3f04f19ba744 Mon Sep 17 00:00:00 2001
From: Bowgo Tsai <bowgotsai@google.com>
Date: Fri, 17 Nov 2017 17:18:50 +0800
Subject: [PATCH] Disable AVB check in runtime vintf

GSI disables AVB by overriding vbmeta partition.
When a device can run runtime vintf checking, it should already
pass AVB, so we don't need to check AVB in runtime vintf.

We cannot change the original VintfObject.verify() because AVB check is
still needed for android.os.RecoverySystem to verify a newly downloaded
OTA package.

Bug: 68016134
Test: Boot with GSI and there is no Android System dialog
Change-Id: Ie1efa6f1abd8fa8f495aededd145c0ab2c0c1fae
Merged-In: Ie1efa6f1abd8fa8f495aededd145c0ab2c0c1fae
---
 core/java/android/os/Build.java       |  4 +++-
 core/java/android/os/VintfObject.java | 14 +++++++++++--
 core/jni/android_os_VintfObject.cpp   | 30 +++++++++++++++++++--------
 3 files changed, 36 insertions(+), 12 deletions(-)

diff --git a/core/java/android/os/Build.java b/core/java/android/os/Build.java
index a2fb9db8c64bb..cfc343b4dcab4 100644
--- a/core/java/android/os/Build.java
+++ b/core/java/android/os/Build.java
@@ -832,7 +832,9 @@ public class Build {
         if (IS_ENG) return true;
 
         if (IS_TREBLE_ENABLED) {
-            int result = VintfObject.verify(new String[0]);
+            // If we can run this code, the device should already pass AVB.
+            // So, we don't need to check AVB here.
+            int result = VintfObject.verifyWithoutAvb();
 
             if (result != 0) {
                 Slog.e(TAG, "Vendor interface is incompatible, error="
diff --git a/core/java/android/os/VintfObject.java b/core/java/android/os/VintfObject.java
index 65b33e59aa047..340f3fb8cd258 100644
--- a/core/java/android/os/VintfObject.java
+++ b/core/java/android/os/VintfObject.java
@@ -18,7 +18,6 @@ package android.os;
 
 import java.util.Map;
 
-import android.util.Log;
 
 /**
  * Java API for libvintf.
@@ -40,7 +39,7 @@ public class VintfObject {
      * Verify that the given metadata for an OTA package is compatible with
      * this device.
      *
-     * @param packageInfo a list of serialized form of HalMaanifest's /
+     * @param packageInfo a list of serialized form of HalManifest's /
      * CompatibilityMatri'ces (XML).
      * @return = 0 if success (compatible)
      *         > 0 if incompatible
@@ -48,6 +47,17 @@ public class VintfObject {
      */
     public static native int verify(String[] packageInfo);
 
+    /**
+     * Verify Vintf compatibility on the device without checking AVB
+     * (Android Verified Boot). It is useful to verify a running system
+     * image where AVB check is irrelevant.
+     *
+     * @return = 0 if success (compatible)
+     *         > 0 if incompatible
+     *         < 0 if any error (mount partition fails, illformed XML, etc.)
+     */
+    public static native int verifyWithoutAvb();
+
     /// ---------- CTS Device Info
 
     /**
diff --git a/core/jni/android_os_VintfObject.cpp b/core/jni/android_os_VintfObject.cpp
index 5ef2a9e6465c0..1eeea517cd785 100644
--- a/core/jni/android_os_VintfObject.cpp
+++ b/core/jni/android_os_VintfObject.cpp
@@ -93,22 +93,33 @@ static jobjectArray android_os_VintfObject_report(JNIEnv* env, jclass)
     return toJavaStringArray(env, cStrings);
 }
 
-static jint android_os_VintfObject_verify(JNIEnv* env, jclass, jobjectArray packageInfo) {
-    size_t count = env->GetArrayLength(packageInfo);
-    std::vector<std::string> cPackageInfo{count};
-    for (size_t i = 0; i < count; ++i) {
-        jstring element = (jstring)env->GetObjectArrayElement(packageInfo, i);
-        const char *cString = env->GetStringUTFChars(element, NULL /* isCopy */);
-        cPackageInfo[i] = cString;
-        env->ReleaseStringUTFChars(element, cString);
+static jint verify(JNIEnv* env, jobjectArray packageInfo, android::vintf::DisabledChecks checks) {
+    std::vector<std::string> cPackageInfo;
+    if (packageInfo) {
+        size_t count = env->GetArrayLength(packageInfo);
+        cPackageInfo.resize(count);
+        for (size_t i = 0; i < count; ++i) {
+            jstring element = (jstring)env->GetObjectArrayElement(packageInfo, i);
+            const char *cString = env->GetStringUTFChars(element, NULL /* isCopy */);
+            cPackageInfo[i] = cString;
+            env->ReleaseStringUTFChars(element, cString);
+        }
     }
     std::string error;
-    int32_t status = VintfObject::CheckCompatibility(cPackageInfo, &error);
+    int32_t status = VintfObject::CheckCompatibility(cPackageInfo, &error, checks);
     if (status)
         LOG(WARNING) << "VintfObject.verify() returns " << status << ": " << error;
     return status;
 }
 
+static jint android_os_VintfObject_verify(JNIEnv* env, jclass, jobjectArray packageInfo) {
+    return verify(env, packageInfo, ::android::vintf::ENABLE_ALL_CHECKS);
+}
+
+static jint android_os_VintfObject_verifyWithoutAvb(JNIEnv* env, jclass) {
+    return verify(env, nullptr, ::android::vintf::DISABLE_AVB_CHECK);
+}
+
 static jobjectArray android_os_VintfObject_getHalNamesAndVersions(JNIEnv* env, jclass) {
     std::set<std::string> halNames;
     tryAddHalNamesAndVersions(VintfObject::GetDeviceHalManifest(),
@@ -148,6 +159,7 @@ static jobject android_os_VintfObject_getVndkSnapshots(JNIEnv* env, jclass) {
 static const JNINativeMethod gVintfObjectMethods[] = {
     {"report", "()[Ljava/lang/String;", (void*)android_os_VintfObject_report},
     {"verify", "([Ljava/lang/String;)I", (void*)android_os_VintfObject_verify},
+    {"verifyWithoutAvb", "()I", (void*)android_os_VintfObject_verifyWithoutAvb},
     {"getHalNamesAndVersions", "()[Ljava/lang/String;", (void*)android_os_VintfObject_getHalNamesAndVersions},
     {"getSepolicyVersion", "()Ljava/lang/String;", (void*)android_os_VintfObject_getSepolicyVersion},
     {"getVndkSnapshots", "()Ljava/util/Map;", (void*)android_os_VintfObject_getVndkSnapshots},