Implement permission check for virtualizationservice For the service to be able to check permission, the AIDL interface is exported to the virt APEX where virtualizationservice is in. In addition, the VM permissions are granted to shell so that developers can use the 'vm' tool on the shell. Bug: 168588769 Test: /apex/com.android.virt/bin/vm run-app --log /dev/null /data/local/tmp/virt/MicrodroidDemoApp.apk /data/local/tmp/virt/MicrodroidDemoApp.apk.idsig assets/vm_config.json Change-Id: I00db58ba9cef3b83f43db68ef86f062b59a0e6e1

commit: a8cc7f17bf25e085137c448a1ffd120553ae55cf [log] [tgz]
author: Jiyong Park <jiyong@google.com> Mon Jul 12 21:19:13 2021 +0900
committer: Jiyong Park <jiyong@google.com> Tue Jul 13 08:25:28 2021 +0900
tree: 85261d3a01fb0892df3f3b259d44e297c24c3f55
parent: 1f5ba0b268614e0c209fae170a7d40d953d739f7 [diff]
diff --git a/packages/Shell/AndroidManifest.xml b/packages/Shell/AndroidManifest.xml
index 2b7a579..10600e3 100644
--- a/packages/Shell/AndroidManifest.xml
+++ b/packages/Shell/AndroidManifest.xml

@@ -480,6 +480,10 @@
     <uses-permission android:name="android.permission.MANAGE_HOTWORD_DETECTION" />
     <uses-permission android:name="android.permission.BIND_HOTWORD_DETECTION_SERVICE" />
 
+    <!-- Permission required to run the `vm` tool which manages on-device virtual machines -->
+    <uses-permission android:name="android.permission.MANAGE_VIRTUAL_MACHINE" />
+    <uses-permission android:name="android.permission.DEBUG_VIRTUAL_MACHINE" />
+
     <application android:label="@string/app_label"
                 android:theme="@android:style/Theme.DeviceDefault.DayNight"
                 android:defaultToDeviceProtectedStorage="true"
commit	a8cc7f17bf25e085137c448a1ffd120553ae55cf	[log] [tgz]
author	Jiyong Park <jiyong@google.com>	Mon Jul 12 21:19:13 2021 +0900
committer	Jiyong Park <jiyong@google.com>	Tue Jul 13 08:25:28 2021 +0900
tree	85261d3a01fb0892df3f3b259d44e297c24c3f55
parent	1f5ba0b268614e0c209fae170a7d40d953d739f7 [diff]