Merge "Migrate DynamicSystemService to @EnforcePermission" am: b845dbac21 am: 746cfb436c am: 3dd695c244

Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1946229

Change-Id: I0f7b30c9241ddf67357ecd65d3997c1bdd579e0b

1 files changed, 15 insertions, 0 deletions

diff --git a/core/java/android/os/image/IDynamicSystemService.aidl b/core/java/android/os/image/IDynamicSystemService.aidl
index a5a40ad55853..4e69952fac2f 100644
--- a/core/java/android/os/image/IDynamicSystemService.aidl
+++ b/core/java/android/os/image/IDynamicSystemService.aidl
@@ -26,6 +26,7 @@ interface IDynamicSystemService
      * @param dsuSlot Name used to identify this installation
      * @return true if the call succeeds
      */
+    @EnforcePermission("MANAGE_DYNAMIC_SYSTEM")
     boolean startInstallation(@utf8InCpp String dsuSlot);
 
     /**
@@ -36,6 +37,7 @@ interface IDynamicSystemService
      * @param readOnly True if this partition is readOnly
      * @return true if the call succeeds
      */
+    @EnforcePermission("MANAGE_DYNAMIC_SYSTEM")
     boolean createPartition(@utf8InCpp String name, long size, boolean readOnly);
 
     /**
@@ -43,12 +45,14 @@ interface IDynamicSystemService
      *
      * @return true if the partition installation completes without error.
      */
+    @EnforcePermission("MANAGE_DYNAMIC_SYSTEM")
     boolean closePartition();
 
     /**
      * Finish a previously started installation. Installations without
      * a cooresponding finishInstallation() will be cleaned up during device boot.
      */
+    @EnforcePermission("MANAGE_DYNAMIC_SYSTEM")
     boolean finishInstallation();
 
     /**
@@ -57,6 +61,7 @@ interface IDynamicSystemService
      *
      * @return GsiProgress
      */
+    @EnforcePermission("MANAGE_DYNAMIC_SYSTEM")
     GsiProgress getInstallationProgress();
 
     /**
@@ -66,21 +71,25 @@ interface IDynamicSystemService
      *
      * @return true if the call succeeds
      */
+    @EnforcePermission("MANAGE_DYNAMIC_SYSTEM")
     boolean abort();
 
     /**
      * @return true if the device is running an DynamicAnroid image
      */
+    @RequiresNoPermission
     boolean isInUse();
 
     /**
      * @return true if the device has an DynamicSystem image installed
      */
+    @RequiresNoPermission
     boolean isInstalled();
 
     /**
      * @return true if the device has an DynamicSystem image enabled
      */
+    @EnforcePermission("MANAGE_DYNAMIC_SYSTEM")
     boolean isEnabled();
 
     /**
@@ -88,6 +97,7 @@ interface IDynamicSystemService
      *
      * @return true if the call succeeds
      */
+    @EnforcePermission("MANAGE_DYNAMIC_SYSTEM")
     boolean remove();
 
     /**
@@ -97,6 +107,7 @@ interface IDynamicSystemService
      *
      * @return true if the call succeeds
      */
+    @EnforcePermission("MANAGE_DYNAMIC_SYSTEM")
     boolean setEnable(boolean enable, boolean oneShot);
 
     /**
@@ -106,6 +117,7 @@ interface IDynamicSystemService
      * @param fd            fd that points to a ashmem
      * @param size          size of the ashmem file
      */
+    @EnforcePermission("MANAGE_DYNAMIC_SYSTEM")
     boolean setAshmem(in ParcelFileDescriptor fd, long size);
 
     /**
@@ -115,6 +127,7 @@ interface IDynamicSystemService
      * @param bytes         number of bytes that can be read from stream.
      * @return              true on success, false otherwise.
      */
+    @EnforcePermission("MANAGE_DYNAMIC_SYSTEM")
     boolean submitFromAshmem(long bytes);
 
     /**
@@ -124,10 +137,12 @@ interface IDynamicSystemService
      * @return              true on success, false if partition doesn't have a
      *                      valid VBMeta block to retrieve the AVB key from.
      */
+    @EnforcePermission("MANAGE_DYNAMIC_SYSTEM")
     boolean getAvbPublicKey(out AvbPublicKey dst);
 
     /**
      * Returns the suggested scratch partition size for overlayFS.
      */
+    @EnforcePermission("MANAGE_DYNAMIC_SYSTEM")
     long suggestScratchSize();
 }