Allow untrusted app to use virtualizationservice - even on user builds

This only makes it difficult to run (test/demo) apps using AVF. They have to be pre-installed on the device which is infeasible on user-build devices. Removing the guard so that untrusted apps can use virtualizationservice even on user builds. Note that the use is still gated by the MANAGE_VIRTUAL_MACHINE permission, which can be granted only by pre-installing or explicitly via `adb shell pm grant`. So there's no risk of 3p apps downloaded from the net having its own VM. Ignore-AOSP-First: will cherry-pick to AOSP Bug: 231080171 Test: run MicrodroidDemoApp on a user build Change-Id: Ie0b1b9801dd7726633f97456a38bc0ea349013db
2022-05-02 12:54:48 +09:00 · 2022-05-02 12:54:48 +09:00 · 0dda188cad
commit 0dda188cad
parent e8d8d4cb89
1 changed files with 1 additions and 3 deletions
--- a/private/untrusted_app_all.te
+++ b/private/untrusted_app_all.te
@ -176,9 +176,7 @@ userdebug_or_eng(`
 # permission. The protection level of the permission is `signature|development`
 # so that it can only be granted to either platform-key signed apps or
 # test-only apps having `android:testOnly="true"` in its manifest.
-userdebug_or_eng(`
-  virtualizationservice_use(untrusted_app_all)
-')
+virtualizationservice_use(untrusted_app_all)

 with_native_coverage(`
  # Allow writing coverage information to /data/misc/trace