Protect createOrUpdateIdsigFile with permission Bug: 237300229 Test: watch TH Change-Id: Ia69878923eff59a58b32b4b7e14dd4e8a7389bc3

commit: c3ca24fe8ee18709d2d99df0214202ed1139ec52 [log] [tgz]
author: Jiyong Park <jiyong@google.com> Tue Jun 28 10:45:15 2022 +0900
committer: Jiyong Park <jiyong@google.com> Tue Jun 28 10:45:56 2022 +0900
tree: 183f0113642d39dcfccdd2ec02fffa9db1c8dc64
parent: 8548006218597ab45206691a69d2a242a7e91a7a [diff]
diff --git a/virtualizationservice/src/aidl.rs b/virtualizationservice/src/aidl.rs
index 24f3706..d8f0b2e 100644
--- a/virtualizationservice/src/aidl.rs
+++ b/virtualizationservice/src/aidl.rs

@@ -210,6 +210,8 @@
         // TODO(b/193504400): do this only when (1) idsig_fd is empty or (2) the APK digest in
         // idsig_fd is different from APK digest in input_fd
 
+        check_manage_access()?;
+
         let mut input = clone_file(input_fd)?;
         let mut sig = V4Signature::create(&mut input, 4096, &[], HashAlgorithm::SHA256).unwrap();
commit	c3ca24fe8ee18709d2d99df0214202ed1139ec52	[log] [tgz]
author	Jiyong Park <jiyong@google.com>	Tue Jun 28 10:45:15 2022 +0900
committer	Jiyong Park <jiyong@google.com>	Tue Jun 28 10:45:56 2022 +0900
tree	183f0113642d39dcfccdd2ec02fffa9db1c8dc64
parent	8548006218597ab45206691a69d2a242a7e91a7a [diff]