Allow priv apps MANAGE_VIRTUAL_MACHINE permission

Also add comments to all our various permissions. Bug: 255286871 Test: Install demo app to system/priv-app, see it work without explicit grant. Change-Id: I05c89e533b9cb11148cfc477dd25a1f3db5bd9ca
2022-10-24 12:02:35 +01:00 · 2022-10-24 12:02:35 +01:00 · 97a2bfe70c
parent 6f362d2621
commit 97a2bfe70c
2 changed files with 16 additions and 2 deletions
--- a/javalib/Android.bp
+++ b/javalib/Android.bp
@ -7,7 +7,7 @@ android_app {
    name: "android.system.virtualmachine.res",
    installable: true,
    apex_available: ["com.android.virt"],
-    sdk_version: "current",
+    platform_apis: true,
 }

 java_sdk_library {
--- a/javalib/AndroidManifest.xml
+++ b/javalib/AndroidManifest.xml
@ -17,12 +17,26 @@
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
  package="com.android.virtualmachine.res">

+  <!-- @SystemApi Allows an application to create and run a Virtual Machine
+       using the Virtualization Framework APIs
+       (android.system.virtualmachine.*).
+       <p>Protection level: signature|privileged|development
+       @hide
+  -->
  <permission android:name="android.permission.MANAGE_VIRTUAL_MACHINE"
-      android:protectionLevel="signature|development" />
+      android:protectionLevel="signature|privileged|development" />

+  <!-- @hide Allows an application to run a Virtual Machine with a custom
+       kernel or a Microdroid configuration file.
+       <p>Not for use by third-party applications.
+  -->
  <permission android:name="android.permission.USE_CUSTOM_VIRTUAL_MACHINE"
      android:protectionLevel="signature|development" />

+  <!-- @hide Allows an application to access various Virtual Machine debug
+       facilities, e.g. list all running VMs.
+       <p>Not for use by third-party applications.
+  -->
  <permission android:name="android.permission.DEBUG_VIRTUAL_MACHINE"
      android:protectionLevel="signature" />