Access control for virtualizationservice The access to the virtualizationservice is now controlled via Android permissions: * android.permission.MANAGE_VIRTUAL_MACHINE * android.permission.DEBUG_VIRTUAL_MACHINE The two permissions are defined in a resource-only APK android.system.virtualmachine.res. Virtualizationservice is modified to do the permission check by using the permission controller service. Bug: 168588769 Test: /apex/com.android.virt/bin/vm run-app --log /dev/null /data/local/tmp/virt/MicrodroidDemoApp.apk /data/local/tmp/virt/MicrodroidDemoApp.apk.idsig assets/vm_config.json Change-Id: Id210d2a55bc57bf03200c3c8546e3c63aa2a4c52

commit: 753553bdb8a6ba8b04f40bef77fa19bd0b360ab1 [log] [tgz]
author: Jiyong Park <jiyong@google.com> Mon Jul 12 21:21:09 2021 +0900
committer: Jiyong Park <jiyong@google.com> Tue Jul 13 22:02:32 2021 +0900
tree: 845ce4605f918dbc5b32392d7fc7b9cb45109fa3
parent: 22eed3bc425ac6bc93b4d5017ade014167721482 [diff] [blame]
diff --git a/javalib/Android.bp b/javalib/Android.bp
index f920175..26ad848 100644
--- a/javalib/Android.bp
+++ b/javalib/Android.bp

@@ -20,3 +20,10 @@
     // TODO(jiyong): remove the below once this gets public
     unsafe_ignore_missing_latest_api: true,
 }
+
+android_app {
+    name: "android.system.virtualmachine.res",
+    installable: true,
+    apex_available: ["com.android.virt"],
+    sdk_version: "current",
+}
commit	753553bdb8a6ba8b04f40bef77fa19bd0b360ab1	[log] [tgz]
author	Jiyong Park <jiyong@google.com>	Mon Jul 12 21:21:09 2021 +0900
committer	Jiyong Park <jiyong@google.com>	Tue Jul 13 22:02:32 2021 +0900
tree	845ce4605f918dbc5b32392d7fc7b9cb45109fa3
parent	22eed3bc425ac6bc93b4d5017ade014167721482 [diff] [blame]