Effective in 2026, to align with our trunk stable development model and ensure platform stability for the ecosystem, we will publish source code to AOSP in Q2 and Q4. For building and contributing to AOSP, we recommend utilizing android-latest-release instead of aosp-main. The android-latest-release manifest branch will always reference the most recent release pushed to AOSP. For more information, see Changes to AOSP.

Overview

The software-defined vehicle (SDV) platform provides an authorization framework to allow OEM control access to some resources.

Android has a permission model where every app declares its own permissions in the manifest file to describe its capabilities. The SDV authorization model is similar. SDV service bundles define permissions to declare the actions they can perform, such as publish, subscribe, serve, and call.

Permission types

The following permission types are supported:

Client: Authorized to call methods on an RPC interface, identified by service type and channel.
Server: Authorized to implement and serve an RPC interface, identified by service type and channel.
Publisher: Authorized to publish messages into a data topic, identified by message type and topic.
Subscriber: Authorized to receive messages from a data topic, identified by message type and topic.

Authorization policy file

The authorization policy file is a single source of truth for the SDV communications stack authorization configuration for an SDV service bundle.

Example

# Allows this SB to register publication of TireStatus type with "left-tire" topic only.
publisher {
  message: "com.sdv.TireStatus"
  topic: "left-tire"
}

# Allows this SB to subscribe to publication of TireStatus type with "left-tire" topic only.
subscriber {
  message: "com.sdv.TireStatus"
  topic: "left-tire"
}

# Allows this SB to implement and serve UserPreferencesManager service.
server {
  service: "com.sdv.UserPreferencesManager"
  channel: "default"
}

# Allows this SB to discover and call UserPreferencesManager service.
client {
  service: "com.sdv.UserPreferencesManager"
  channel: "default"
}

See Deployment to determine which service a specific authorization policy file belongs to. For more information about the proto schema, see Authorization policy.

VM-level permissions

VM-level permissions define authorization policies for communication between different VMs in the mesh network. This provides defense-in-depth security in case one VM is compromised. For more information, see VM-level permissions.

Mesh network

The Service Discovery architecture is set up so that all authorization policies are shared across VMs in the mesh network. No user intervention is required.

Service Discovery does a local cache lookup to discover service units on a remote VM. All authorization policies are shared among VMs to check whether the Service Discovery caller is authorized for the discovered service units.

Each node within the mesh network caches authorization policies from all other nodes. When a new node is introduced, its authorization policies are replicated to every other node. If a node connection is lost, such as during a reboot or crash, all cached authorization policies from that node are deleted.

Overview Stay organized with collections Save and categorize content based on your preferences.