Enforce permissions check in getLastTimeAnyComponentUsed

Enforce the permission check for both INTERACT_ACROSS_USERS and PACKAGE_USAGE_STATS permissions. Bug: 191382775 Test: atest CtsUsageStatsTestCases:UsageStatsTest Change-Id: I1371070478306005b2b4a59a1bc794bc368ae0c4
author: Zhen Zhang <zzhen@google.com> 2021-06-23 15:50:10 -0700
committer: Zhen Zhang <zzhen@google.com> 2021-06-23 16:34:50 -0700
commit: bdac90593f7afc44b42faacd75b28b7da68681a5 (patch)
tree: 4e5729b7688379800df8dd8c244e6bba3b3136b2
parent: a6689c521a4e9160aa0187423deecb1b17dc99c8 (diff)
3 files changed, 10 insertions, 3 deletions
diff --git a/core/java/android/app/usage/IUsageStatsManager.aidl b/core/java/android/app/usage/IUsageStatsManager.aidl
index eb4c624be0b2..585eb61b6f57 100644
--- a/core/java/android/app/usage/IUsageStatsManager.aidl
+++ b/core/java/android/app/usage/IUsageStatsManager.aidl
@@ -68,5 +68,5 @@ interface IUsageStatsManager {
     void reportUserInteraction(String packageName, int userId);
     int getUsageSource();
     void forceUsageSourceSettingRead();
-    long getLastTimeAnyComponentUsed(String packageName);
+    long getLastTimeAnyComponentUsed(String packageName, String callingPackage);
 }
diff --git a/core/java/android/app/usage/UsageStatsManager.java b/core/java/android/app/usage/UsageStatsManager.java
index e8175c709d85..ac7a31874682 100644
--- a/core/java/android/app/usage/UsageStatsManager.java
+++ b/core/java/android/app/usage/UsageStatsManager.java
@@ -1287,7 +1287,7 @@ public final class UsageStatsManager {
             android.Manifest.permission.PACKAGE_USAGE_STATS})
     public long getLastTimeAnyComponentUsed(@NonNull String packageName) {
         try {
-            return mService.getLastTimeAnyComponentUsed(packageName);
+            return mService.getLastTimeAnyComponentUsed(packageName, mContext.getOpPackageName());
         } catch (RemoteException re) {
             throw re.rethrowFromSystemServer();
         }
diff --git a/services/usage/java/com/android/server/usage/UsageStatsService.java b/services/usage/java/com/android/server/usage/UsageStatsService.java
index 128602d5acbd..1b8492722c10 100644
--- a/services/usage/java/com/android/server/usage/UsageStatsService.java
+++ b/services/usage/java/com/android/server/usage/UsageStatsService.java
@@ -2226,7 +2226,14 @@ public class UsageStatsService extends SystemService implements
         }
 
         @Override
-        public long getLastTimeAnyComponentUsed(String packageName) {
+        public long getLastTimeAnyComponentUsed(String packageName, String callingPackage) {
+            if (!hasPermissions(
+                    callingPackage, android.Manifest.permission.INTERACT_ACROSS_USERS)) {
+                throw new SecurityException("Caller doesn't have INTERACT_ACROSS_USERS permission");
+            }
+            if (!hasPermission(callingPackage)) {
+                throw new SecurityException("Don't have permission to query usage stats");
+            }
             synchronized (mLock) {
                 // Truncate the returned milliseconds to the boundary of the last day before exact
                 // time for privacy reasons.
author	Zhen Zhang <zzhen@google.com>	2021-06-23 15:50:10 -0700
committer	Zhen Zhang <zzhen@google.com>	2021-06-23 16:34:50 -0700
commit	bdac90593f7afc44b42faacd75b28b7da68681a5 (patch)
tree	4e5729b7688379800df8dd8c244e6bba3b3136b2
parent	a6689c521a4e9160aa0187423deecb1b17dc99c8 (diff)