commit 18b98714e554bea6e7acadf2285fb80f1ce2b424
author Wenhao Wang <wenhaowang@google.com> Sat Oct 26 10:00:03 2024 -0700
committer Wenhao Wang <wenhaowang@google.com> Wed Nov 13 14:49:25 2024 -0800
tree 867296586c77017a3e5785ef7c8d87c317cec44d
parent 2c44495acb9dfe5ce0ca35c9d6870ceca4abd4a4

[Forensic] Add ForensicManager and permissions

The ForensicManager serves as client lib to communicate with the
ForensicService.

The following 3 permissions are introduced to guard the ForensicService:
READ_FORENSIC_STATE: Allows an application to monitor the state
of the ForensicService.
MANAGE_FORENSIC_STATE: Allows an application to change the state
of the ForensicService.
BIND_FORENSIC_BACKUP_SERVICE:Must be required by any
ForensicBackupService to ensure that only the system can bind to it.

Bug: 365994454
Test: atest ForensicServiceTest ForensicManagerTest
Flag: android.security.afl_api
Ignore-AOSP-First: security feature

Change-Id: Icc196812fd85da1c3f0b7860aab7b3c2e08e9046

packages/Shell/AndroidManifest.xml

diff --git a/packages/Shell/AndroidManifest.xml b/packages/Shell/AndroidManifest.xml
index 7b6321d..859445e 100644
--- a/packages/Shell/AndroidManifest.xml
+++ b/packages/Shell/AndroidManifest.xml
@@ -953,6 +953,13 @@
     <uses-permission android:name="android.permission.QUERY_ADVANCED_PROTECTION_MODE"
         android:featureFlag="android.security.aapm_api"/>
 
+    <!-- Permission required for CTS test - ForensicManagerTest -->
+    <uses-permission android:name="android.permission.READ_FORENSIC_STATE"
+        android:featureFlag="android.security.afl_api"/>
+    <uses-permission android:name="android.permission.MANAGE_FORENSIC_STATE"
+        android:featureFlag="android.security.afl_api"/>
+
+
     <!-- Permission required for CTS test - CtsAppTestCases -->
     <uses-permission android:name="android.permission.KILL_UID" />