Allow priv apps MANAGE_VIRTUAL_MACHINE permission

Also add comments to all our various permissions.

Bug: 255286871
Test: Install demo app to system/priv-app, see it work without explicit grant.
Change-Id: I05c89e533b9cb11148cfc477dd25a1f3db5bd9ca
diff --git a/javalib/Android.bp b/javalib/Android.bp
index a6c3b80..51dd381 100644
--- a/javalib/Android.bp
+++ b/javalib/Android.bp
@@ -7,7 +7,7 @@
     name: "android.system.virtualmachine.res",
     installable: true,
     apex_available: ["com.android.virt"],
-    sdk_version: "current",
+    platform_apis: true,
 }
 
 java_sdk_library {
diff --git a/javalib/AndroidManifest.xml b/javalib/AndroidManifest.xml
index e68b5a4..95b9cfa 100644
--- a/javalib/AndroidManifest.xml
+++ b/javalib/AndroidManifest.xml
@@ -17,12 +17,26 @@
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
   package="com.android.virtualmachine.res">
 
+  <!-- @SystemApi Allows an application to create and run a Virtual Machine
+       using the Virtualization Framework APIs
+       (android.system.virtualmachine.*).
+       <p>Protection level: signature|privileged|development
+       @hide
+  -->
   <permission android:name="android.permission.MANAGE_VIRTUAL_MACHINE"
-      android:protectionLevel="signature|development" />
+      android:protectionLevel="signature|privileged|development" />
 
+  <!-- @hide Allows an application to run a Virtual Machine with a custom
+       kernel or a Microdroid configuration file.
+       <p>Not for use by third-party applications.
+  -->
   <permission android:name="android.permission.USE_CUSTOM_VIRTUAL_MACHINE"
       android:protectionLevel="signature|development" />
 
+  <!-- @hide Allows an application to access various Virtual Machine debug
+       facilities, e.g. list all running VMs.
+       <p>Not for use by third-party applications.
+  -->
   <permission android:name="android.permission.DEBUG_VIRTUAL_MACHINE"
       android:protectionLevel="signature" />