Effective in 2026, to align with our trunk stable development model and ensure platform stability for the ecosystem, we will publish source code to AOSP in Q2 and Q4. For building and contributing to AOSP, we recommend utilizing android-latest-release instead of aosp-main. The android-latest-release manifest branch will always reference the most recent release pushed to AOSP. For more information, see Changes to AOSP.

Enforcement

Authorization is a key required component of the software-defined vehicle (SDV) communications stack security model.

When authorization is enabled, access is granted only if corresponding permissions allow access.

When authorization is disabled, access is granted regardless of the corresponding permissions.

SDV authorization enforcement is per VM and controls authorization decisions performed on a local VM. Given the distributed nature of SDV architecture, we recommend syncing the authorization enforcement configuration among all VMs in the mesh network.

SDV authorization enforcement is applied to all SDV platforms: core, IVI, and legacy IVI.

User build

SDV authorization is enforced in the user build and can't be disabled.

Properties that are used to control authorization enforcement are ignored.

Non-user builds

Enforcement is enabled by default.

For development purpose, you might want to enable or disable enforcement on non-user builds.

System property

sdv.authz.enable is a system property that controls authorization enforcement on non-user builds.

Change this property at run time to change authorization enforcement. Use disabled or permissions_only:

(root) setprop sdv.authz.enable disabled
(root) setprop sdv.authz.enable permissions_only

This system property isn't persistent, so authorization enforcement resets to the default value after VM reboot.

Boot time system property

Controlling the system property at run time can introduce race conditions into the system, so it's important to control authorization at boot time before starting any agents and third-party services.

ro.boot.sdv.authz.enable is a boolean boot system property that is used to set the sdv.authz.enable system property at the beginning of the SDV boot.

After boot, you still can change the sdv.authz.enable system property and thus change authorization enforcement.

The system property isn't global across all VMs; it affects only a specific VM. However, permissions are global. Enabling the system property on some VMs while disabling it on others can result in split enforcement, where enforcement occurs on only some VMs. This can lead to unexpected behavior.

You can set the ro.boot.sdv.authz.enable system property using the bootconfig or the kernel cmdline ro-boot-property.

Test support

Use the atest framework to run a command to prepare a VM for the test, and then run your test and clean up. You can take advance of the atest framework to control authorization enforcement for your integration and e2e tests.

Use AndroidTest.xml to configure the setup, assigning proper system property value.

Use authz_enforcement_flag_disabled_config_template.xml for Rust targets:

<configuration description="Config to run {MODULE} device tests.">

    {EXTRA_CONFIGS}

    <!-- NOTE: To run tests using this template in a local dev env, use:

         NOTIFY_AS_NATIVE=<Test device serial #> atest <test target>

         For example,
           NOTIFY_AS_NATIVE=0.0.0.0:6520 atest sdv_core_middleware_unit_comms_rs_sdk_test
    -->
    <target_preparer class="com.android.tradefed.targetprep.DeviceSetup">
        <!-- Needed to prevent DeviceSetup from trying to set device features,
             unsupported on minimal SDV device. -->
        <option name="force-skip-settings" value="true" />
        <!-- Ensure authz is set to "disabled" for this test -->
        <option name="set-property" key="sdv.authz.enable" value="disabled" />
        <!-- Restore default authz setting on teardown -->
        <option name="restore-properties" value="true" />
        <!-- Needed to prevent DeviceSetup from trying to list device features,
             unsupported on minimal SDV device. -->
        <option name="screen-always-on" value="IGNORE" />
        <!-- Add this line to disable the external storage space check -->
        <option name="min-external-storage-kb" value="0" />
    </target_preparer>

    <target_preparer class="com.android.tradefed.targetprep.PushFilePreparer">
        <option name="cleanup" value="true" />
        <option name="push" value="{MODULE}->/data/local/tmp/{MODULE}" />
    </target_preparer>

    <test class="com.android.tradefed.testtype.rust.RustBinaryTest" >
        <option name="test-device-path" value="/data/local/tmp" />
        <option name="module-name" value="{MODULE}" />
    </test>

</configuration>

Use authz_enforcement_flag_disabled_gtest_config_template.xml for C++ targets:

<configuration description="Config to run {MODULE} device tests.">

    {EXTRA_CONFIGS}

    <!-- NOTE: To run tests using this template in a local dev env, use:
        NOTIFY_AS_NATIVE=<Test device serial #> atest <test target>
    -->
    <target_preparer class="com.android.tradefed.targetprep.DeviceSetup">
        <!-- Needed to prevent DeviceSetup from trying to set device features,
             unsupported on minimal SDV device. -->
        <option name="force-skip-settings" value="true" />
        <!-- Ensure authz is set to "disabled" for this test -->
        <option name="set-property" key="sdv.authz.enable" value="disabled" />
        <!-- Restore default authz setting on teardown -->
        <option name="restore-properties" value="true" />
        <!-- Needed to prevent DeviceSetup from trying to list device features,
             unsupported on minimal SDV device. -->
        <option name="screen-always-on" value="IGNORE" />
        <!-- Add this line to disable the external storage space check -->
        <option name="min-external-storage-kb" value="0" />
    </target_preparer>

    <target_preparer class="com.android.tradefed.targetprep.PushFilePreparer">
        <option name="cleanup" value="true" />
        <option name="push" value="{MODULE}->/data/local/tmp/{MODULE}" />
    </target_preparer>

    <test class="com.android.tradefed.testtype.GTest" >
        <option name="native-test-device-path" value="/data/local/tmp" />
        <option name="module-name" value="{MODULE}" />
    </test>

</configuration>

Use Android.bp to declare Rust targets, C++ targets, and file groups.

filegroup {
    name: "sdv_authz_enforcement_flag_disabled_config_template",
    srcs: ["test_configs/authz_enforcement_flag_disabled_config_template.xml"],
}

rust_test {
    name: "sdv_authz_enforcement_flag_disabled_test",
    srcs: ["tests/authz_enforcement_flag_disabled_test.rs"],
    defaults: ["sdv_authz_enforcement_flag@rust_defaults"],
    test_suites: [
        "automotive-sdv-tests",
        "general-tests",
    ],
    test_options: {
        unit_test: false,
    },
    require_root: true,
    auto_gen_config: true,
    test_config_template: ":sdv_authz_enforcement_flag_disabled_config_template",
    compile_multilib: "first",
    rustlibs: [
        "libsdv_authz_enforcement_flag",
    ],
}

filegroup {
    name: "sdv_authz_enforcement_flag_disabled_gtest_config_template",
    srcs: ["authz_enforcement_flag_disabled_gtest_config_template.xml"],
}

cc_test {
    name: "sdv_comms_cpp_sdk_tests",
    srcs: ["cpp/**/*_test.cpp"],
    defaults: ["sdv_comms_cpp_sdk_test_defaults"],
    test_options: {
        unit_test: true,
    },
    test_config_template: ":sdv_authz_enforcement_flag_disabled_gtest_config_template",
    test_suites: [
        "automotive-sdv-tests",
        "general-tests",
    ],
}