Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_base / 75342ef50b3a70b285473bd201502c6172581ff1^! / . / packages / Shell
commit75342ef50b3a70b285473bd201502c6172581ff1[log] [tgz]
authorHani Kazmi <hanikazmi@google.com>Thu Aug 15 10:44:37 2024 +0000
committerHani Kazmi <hanikazmi@google.com>Thu Oct 17 15:18:38 2024 +0000
tree155d2cff814aeee5af374e518a4c81082e773957
parenta3bea3e2d78087b81726503bc1dae1f302a03994 [diff]
[AAPM] Introduce new Service for Android Advanced Protection Mode

We add a new service and manager, behind a feature flag. This service
will be used to enroll devices into a security conscious protection
mode, and to allow clients to customise behaviour based on the state of
this mode.

Both the query API and callback are protected by a install permission.
This may be revisited as the feature evolves.

AAPM can be turned on for testing via

adb shell cmd advanced_protection set-protection-enabled true

Bug: 352420507
Test: atest AdvancedProtectionServiceTest AdvancedProtectionManagerTest
Flag: android.security.aapm_api
Change-Id: Ibf8478235b147e9f844d80d083a5e04819e1b052

diff --git a/packages/Shell/Android.bp b/packages/Shell/Android.bp
index 2531454..3350efc 100644
--- a/packages/Shell/Android.bp
+++ b/packages/Shell/Android.bp

@@ -8,7 +8,10 @@
 }
 
 // used both for the android_app and android_library
-shell_srcs = ["src/**/*.java",":dumpstate_aidl"]
+shell_srcs = [
+    "src/**/*.java",
+    ":dumpstate_aidl",
+]
 shell_static_libs = ["androidx.legacy_legacy-support-v4"]
 
 android_app {
@@ -22,6 +25,9 @@
     libs: [
         "device_policy_aconfig_flags_lib",
     ],
+    flags_packages: [
+        "android.security.flags-aconfig",
+    ],
     platform_apis: true,
     certificate: "platform",
     privileged: true,
@@ -43,4 +49,7 @@
     static_libs: shell_static_libs,
     platform_apis: true,
     manifest: "AndroidManifest.xml",
+    flags_packages: [
+        "android.security.flags-aconfig",
+    ],
 }

diff --git a/packages/Shell/AndroidManifest.xml b/packages/Shell/AndroidManifest.xml
index 456fedf..03c06bb 100644
--- a/packages/Shell/AndroidManifest.xml
+++ b/packages/Shell/AndroidManifest.xml

@@ -947,6 +947,11 @@
 
     <!-- Permission required for CTS test - CtsNfcTestCases -->
     <uses-permission android:name="android.permission.NFC_SET_CONTROLLER_ALWAYS_ON" />
+    <!-- Permission required for CTS test - AdvancedProtectionManagerTest -->
+    <uses-permission android:name="android.permission.SET_ADVANCED_PROTECTION_MODE"
+        android:featureFlag="android.security.aapm_api"/>
+    <uses-permission android:name="android.permission.QUERY_ADVANCED_PROTECTION_MODE"
+        android:featureFlag="android.security.aapm_api"/>
 
     <!-- Permission required for CTS test - CtsAppTestCases -->
     <uses-permission android:name="android.permission.KILL_UID" />