Enforce BACKUP permission on Service end.

BackupManager runs in the client process, whereas BackupManagerService
runs in the system server process. Therefore, apps permissions need should
be enforced on the service side.

Bug: 158482162
Test: Manually checked that a sample app  encounters SecurityException
      after but not before this CL, when running code similar to the
      sample in http://b/158482162#comment1 to figure out whether
      isBackupServiceActive() for its own uid.
Change-Id: I59693819542a80a065a9c88373393b0ba0dbef65
Merged-In: I59693819542a80a065a9c88373393b0ba0dbef65
(cherry picked from commit b2ab2c414fcac5f68edd8d790d3773f1f9330e3b)

1 files changed, 2 insertions, 0 deletions

diff --git a/services/backup/java/com/android/server/backup/BackupManagerService.java b/services/backup/java/com/android/server/backup/BackupManagerService.java
index b13bef2de151..19ada753f33d 100644
--- a/services/backup/java/com/android/server/backup/BackupManagerService.java
+++ b/services/backup/java/com/android/server/backup/BackupManagerService.java
@@ -506,6 +506,8 @@ public class BackupManagerService extends IBackupManager.Stub {
      */
     @Override
     public boolean isBackupServiceActive(int userId) {
+        mContext.enforceCallingPermission(android.Manifest.permission.BACKUP,
+                "isBackupServiceActive");
         synchronized (mStateLock) {
             return !mGlobalDisable && isBackupActivatedForUser(userId);
         }