Draft: Add support for calling package validation
Description
This MR adds the ability for VLC to perform checks on a caller to identify authorized consumers of services published via the app manifest. This is recommended by Google in the Build media apps for cars guide to limit content browsing access to Android Auto, Google Assistant, and Google Search.
Motivation and Context
The change does not limit 3rd party applications that simply wish to control the media session. They are still authorized to connect just as before. It limits browsing of the content hierarchy by other applications running on the phone. This protects the user from applications which may wish to scrape the content of their media library, or become dependent on the organizational structure of the media library itself. In the future it may be applied to ContentProviders to limit access to known callers.
Inspiration for the implementation came from UAMP PackageValidator.kt; however, it is approximately 1/3 the size, with support for fine-grained permission checking removed, JSON used instead of XML, lazy load of the allow list, and refactored as a singleton object. Records are also used internally store the justification for granting (or denying) access, which will assist in debugging the potential issues across multiple Android vendors and system images.
How Has This Been Tested?
This has been tested on an Android Auto Head unit, Android Auto for Phones, Bluetooth w/o Android Auto, and Android TV under emulation.
A Google Pixel 3 running Android 11 was used for testing.
Types of changes
-
New feature (non-breaking change which adds functionality)
Checklist
-
I have read the CONTRIBUTING section of the README document.