[AAPM] Introduce new Service for Android Advanced Protection Mode
We add a new service and manager, behind a feature flag. This service
will be used to enroll devices into a security conscious protection
mode, and to allow clients to customise behaviour based on the state of
this mode.
Both the query API and callback are protected by a install permission.
This may be revisited as the feature evolves.
AAPM can be turned on for testing via
adb shell cmd advanced_protection set-protection-enabled true
Bug: 352420507
Test: atest AdvancedProtectionServiceTest AdvancedProtectionManagerTest
Flag: android.security.aapm_api
Change-Id: Ibf8478235b147e9f844d80d083a5e04819e1b052
diff --git a/packages/Shell/Android.bp b/packages/Shell/Android.bp
index 2531454..3350efc 100644
--- a/packages/Shell/Android.bp
+++ b/packages/Shell/Android.bp
@@ -8,7 +8,10 @@
}
// used both for the android_app and android_library
-shell_srcs = ["src/**/*.java",":dumpstate_aidl"]
+shell_srcs = [
+ "src/**/*.java",
+ ":dumpstate_aidl",
+]
shell_static_libs = ["androidx.legacy_legacy-support-v4"]
android_app {
@@ -22,6 +25,9 @@
libs: [
"device_policy_aconfig_flags_lib",
],
+ flags_packages: [
+ "android.security.flags-aconfig",
+ ],
platform_apis: true,
certificate: "platform",
privileged: true,
@@ -43,4 +49,7 @@
static_libs: shell_static_libs,
platform_apis: true,
manifest: "AndroidManifest.xml",
+ flags_packages: [
+ "android.security.flags-aconfig",
+ ],
}