Allow untrusted app to use virtualizationservice - even on user builds This only makes it difficult to run (test/demo) apps using AVF. They have to be pre-installed on the device which is infeasible on user-build devices. Removing the guard so that untrusted apps can use virtualizationservice even on user builds. Note that the use is still gated by the MANAGE_VIRTUAL_MACHINE permission, which can be granted only by pre-installing or explicitly via `adb shell pm grant`. So there's no risk of 3p apps downloaded from the net having its own VM. Bug: 231080171 Test: run MicrodroidDemoApp on a user build Merged-In: Ie0b1b9801dd7726633f97456a38bc0ea349013db Change-Id: Ie0b1b9801dd7726633f97456a38bc0ea349013db

commit: 8a5c1598ca6ff593d2561bb799d7ec88c24a5107 [log] [tgz]
author: Jiyong Park <jiyong@google.com> Mon May 02 12:54:48 2022 +0900
committer: Jiyong Park <jiyong@google.com> Tue May 03 14:38:28 2022 +0900
tree: 4e621d9743571334b1887dd3b23a96916e4942f5
parent: 0d66aff97ff51fe8f3a195920fcb535b331832bb [diff]
diff --git a/private/untrusted_app_all.te b/private/untrusted_app_all.te
index ceee544..26077f3 100644
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te

@@ -176,9 +176,7 @@
 # permission. The protection level of the permission is `signature|development`
 # so that it can only be granted to either platform-key signed apps or
 # test-only apps having `android:testOnly="true"` in its manifest.
-userdebug_or_eng(`
-  virtualizationservice_use(untrusted_app_all)
-')
+virtualizationservice_use(untrusted_app_all)
 
 with_native_coverage(`
   # Allow writing coverage information to /data/misc/trace
commit	8a5c1598ca6ff593d2561bb799d7ec88c24a5107	[log] [tgz]
author	Jiyong Park <jiyong@google.com>	Mon May 02 12:54:48 2022 +0900
committer	Jiyong Park <jiyong@google.com>	Tue May 03 14:38:28 2022 +0900
tree	4e621d9743571334b1887dd3b23a96916e4942f5
parent	0d66aff97ff51fe8f3a195920fcb535b331832bb [diff]