[AAPM] Introduce new Service for Android Advanced Protection Mode
We add a new service and manager, behind a feature flag. This service
will be used to enroll devices into a security conscious protection
mode, and to allow clients to customise behaviour based on the state of
this mode.
Both the query API and callback are protected by a install permission.
This may be revisited as the feature evolves.
AAPM can be turned on for testing via
adb shell cmd advanced_protection set-protection-enabled true
Bug: 352420507
Test: atest AdvancedProtectionServiceTest AdvancedProtectionManagerTest
Flag: android.security.aapm_api
Change-Id: Ibf8478235b147e9f844d80d083a5e04819e1b052
diff --git a/packages/Shell/AndroidManifest.xml b/packages/Shell/AndroidManifest.xml
index 456fedf..03c06bb 100644
--- a/packages/Shell/AndroidManifest.xml
+++ b/packages/Shell/AndroidManifest.xml
@@ -947,6 +947,11 @@
<!-- Permission required for CTS test - CtsNfcTestCases -->
<uses-permission android:name="android.permission.NFC_SET_CONTROLLER_ALWAYS_ON" />
+ <!-- Permission required for CTS test - AdvancedProtectionManagerTest -->
+ <uses-permission android:name="android.permission.SET_ADVANCED_PROTECTION_MODE"
+ android:featureFlag="android.security.aapm_api"/>
+ <uses-permission android:name="android.permission.QUERY_ADVANCED_PROTECTION_MODE"
+ android:featureFlag="android.security.aapm_api"/>
<!-- Permission required for CTS test - CtsAppTestCases -->
<uses-permission android:name="android.permission.KILL_UID" />