Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 753553bdb8a6ba8b04f40bef77fa19bd0b360ab1^! / . / javalib
commit753553bdb8a6ba8b04f40bef77fa19bd0b360ab1[log] [tgz]
authorJiyong Park <jiyong@google.com>Mon Jul 12 21:21:09 2021 +0900
committerJiyong Park <jiyong@google.com>Tue Jul 13 22:02:32 2021 +0900
tree845ce4605f918dbc5b32392d7fc7b9cb45109fa3
parent22eed3bc425ac6bc93b4d5017ade014167721482 [diff]
Access control for virtualizationservice

The access to the virtualizationservice is now controlled via Android
permissions:

* android.permission.MANAGE_VIRTUAL_MACHINE
* android.permission.DEBUG_VIRTUAL_MACHINE

The two permissions are defined in a resource-only APK
android.system.virtualmachine.res. Virtualizationservice is modified to
do the permission check by using the permission controller service.

Bug: 168588769
Test: /apex/com.android.virt/bin/vm run-app --log /dev/null
/data/local/tmp/virt/MicrodroidDemoApp.apk
/data/local/tmp/virt/MicrodroidDemoApp.apk.idsig assets/vm_config.json

Change-Id: Id210d2a55bc57bf03200c3c8546e3c63aa2a4c52

diff --git a/javalib/Android.bp b/javalib/Android.bp
index f920175..26ad848 100644
--- a/javalib/Android.bp
+++ b/javalib/Android.bp

@@ -20,3 +20,10 @@
     // TODO(jiyong): remove the below once this gets public
     unsafe_ignore_missing_latest_api: true,
 }
+
+android_app {
+    name: "android.system.virtualmachine.res",
+    installable: true,
+    apex_available: ["com.android.virt"],
+    sdk_version: "current",
+}

diff --git a/javalib/AndroidManifest.xml b/javalib/AndroidManifest.xml
new file mode 100644
index 0000000..21857f8
--- /dev/null
+++ b/javalib/AndroidManifest.xml

@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ -->
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+  package="com.android.virtualmachine.res">
+
+  <permission android:name="android.permission.MANAGE_VIRTUAL_MACHINE"
+      android:protectionLevel="normal" />
+
+  <permission android:name="android.permission.DEBUG_VIRTUAL_MACHINE"
+      android:protectionLevel="signature" />
+
+  <application android:hasCode="false" />
+</manifest>