Update BlobStoreMS to augment storage stats with blobs data.

- Any pending sessions data is attributed to the apps
  which contributed them.
- Any commited blobs data is attributed to the app which
  has a lease on it. If multiple apps have lease on a blob, don't
  attribute the blob to those apps for now.
- Remove StorageStatsAugmenter.augmentStatsForUser as it
  is not used for anything currently.
- Fix an issue in how we override existing committers and leasees.

Bug: 148694869
Test: atest cts/tests/BlobStore/src/com/android/cts/blob/BlobStoreManagerTest.java
Test: atest tests/tests/os/src/android/os/storage/cts/StorageStatsManagerTest.java
Test: atest hostsidetests/appsecurity/src/android/appsecurity/cts/StorageHostTest.java
Test: manual
Change-Id: Ia4af0a2549c75db66741f2d1979de95d2d150bc8

2 files changed, 42 insertions, 22 deletions

diff --git a/services/usage/java/com/android/server/usage/StorageStatsManagerInternal.java b/services/usage/java/com/android/server/usage/StorageStatsManagerInternal.java
index a5325482605d..47760efe2709 100644
--- a/services/usage/java/com/android/server/usage/StorageStatsManagerInternal.java
+++ b/services/usage/java/com/android/server/usage/StorageStatsManagerInternal.java
@@ -34,11 +34,9 @@ public abstract class StorageStatsManagerInternal {
     public interface StorageStatsAugmenter {
         void augmentStatsForPackage(@NonNull PackageStats stats,
                 @NonNull String packageName, @UserIdInt int userId,
-                @NonNull String callingPackage);
+                boolean callerHasStatsPermission);
         void augmentStatsForUid(@NonNull PackageStats stats, int uid,
-                @NonNull String callingPackage);
-        void augmentStatsForUser(@NonNull PackageStats stats, @UserIdInt int userId,
-                @NonNull String callingPackage);
+                boolean callerHasStatsPermission);
     }
 
     /**
diff --git a/services/usage/java/com/android/server/usage/StorageStatsService.java b/services/usage/java/com/android/server/usage/StorageStatsService.java
index 18b640ff6bf5..42ef78c7cec8 100644
--- a/services/usage/java/com/android/server/usage/StorageStatsService.java
+++ b/services/usage/java/com/android/server/usage/StorageStatsService.java
@@ -16,10 +16,13 @@
 
 package com.android.server.usage;
 
+import static android.content.pm.PackageManager.PERMISSION_GRANTED;
+
 import static com.android.internal.util.ArrayUtils.defeatNullable;
 import static com.android.server.pm.PackageManagerService.PLATFORM_PACKAGE_NAME;
 import static com.android.server.usage.StorageStatsManagerInternal.StorageStatsAugmenter;
 
+import android.Manifest;
 import android.annotation.NonNull;
 import android.annotation.Nullable;
 import android.annotation.UserIdInt;
@@ -160,18 +163,33 @@ public class StorageStatsService extends IStorageStatsManager.Stub {
     }
 
     private void enforceStatsPermission(int callingUid, String callingPackage) {
-        final int mode = mAppOps.noteOp(AppOpsManager.OP_GET_USAGE_STATS,
-                callingUid, callingPackage);
+        final String errMsg = checkStatsPermission(callingUid, callingPackage, true);
+        if (errMsg != null) {
+            throw new SecurityException(errMsg);
+        }
+    }
+
+    private String checkStatsPermission(int callingUid, String callingPackage, boolean noteOp) {
+        final int mode;
+        if (noteOp) {
+            mode = mAppOps.noteOp(AppOpsManager.OP_GET_USAGE_STATS, callingUid, callingPackage);
+        } else {
+            mode = mAppOps.checkOp(AppOpsManager.OP_GET_USAGE_STATS, callingUid, callingPackage);
+        }
         switch (mode) {
             case AppOpsManager.MODE_ALLOWED:
-                return;
+                return null;
             case AppOpsManager.MODE_DEFAULT:
-                mContext.enforceCallingOrSelfPermission(
-                        android.Manifest.permission.PACKAGE_USAGE_STATS, TAG);
-                return;
+                if (mContext.checkCallingOrSelfPermission(
+                        Manifest.permission.PACKAGE_USAGE_STATS) == PERMISSION_GRANTED) {
+                    return null;
+                } else {
+                    return "Caller does not have " + Manifest.permission.PACKAGE_USAGE_STATS
+                            + "; callingPackage=" + callingPackage + ", callingUid=" + callingUid;
+                }
             default:
-                throw new SecurityException("Package " + callingPackage + " from UID " + callingUid
-                        + " blocked by mode " + mode);
+                return "Package " + callingPackage + " from UID " + callingUid
+                        + " blocked by mode " + mode;
         }
     }
 
@@ -280,10 +298,15 @@ public class StorageStatsService extends IStorageStatsManager.Stub {
             throw new ParcelableException(e);
         }
 
+        final boolean callerHasStatsPermission;
         if (Binder.getCallingUid() == appInfo.uid) {
-            // No permissions required when asking about themselves
+            // No permissions required when asking about themselves. We still check since it is
+            // needed later on but don't throw if caller doesn't have the permission.
+            callerHasStatsPermission = checkStatsPermission(
+                    Binder.getCallingUid(), callingPackage, false) == null;
         } else {
             enforceStatsPermission(Binder.getCallingUid(), callingPackage);
+            callerHasStatsPermission = true;
         }
 
         if (defeatNullable(mPackage.getPackagesForUid(appInfo.uid)).length == 1) {
@@ -313,7 +336,7 @@ public class StorageStatsService extends IStorageStatsManager.Stub {
             if (volumeUuid == StorageManager.UUID_PRIVATE_INTERNAL) {
                 forEachStorageStatsAugmenter((storageStatsAugmenter) -> {
                     storageStatsAugmenter.augmentStatsForPackage(stats,
-                            packageName, userId, callingPackage);
+                            packageName, userId, callerHasStatsPermission);
                 }, "queryStatsForPackage");
             }
             return translate(stats);
@@ -330,10 +353,15 @@ public class StorageStatsService extends IStorageStatsManager.Stub {
                     android.Manifest.permission.INTERACT_ACROSS_USERS, TAG);
         }
 
+        final boolean callerHasStatsPermission;
         if (Binder.getCallingUid() == uid) {
-            // No permissions required when asking about themselves
+            // No permissions required when asking about themselves. We still check since it is
+            // needed later on but don't throw if caller doesn't have the permission.
+            callerHasStatsPermission = checkStatsPermission(
+                    Binder.getCallingUid(), callingPackage, false) == null;
         } else {
             enforceStatsPermission(Binder.getCallingUid(), callingPackage);
+            callerHasStatsPermission = true;
         }
 
         final String[] packageNames = defeatNullable(mPackage.getPackagesForUid(uid));
@@ -372,7 +400,7 @@ public class StorageStatsService extends IStorageStatsManager.Stub {
 
         if (volumeUuid == StorageManager.UUID_PRIVATE_INTERNAL) {
             forEachStorageStatsAugmenter((storageStatsAugmenter) -> {
-                storageStatsAugmenter.augmentStatsForUid(stats, uid, callingPackage);
+                storageStatsAugmenter.augmentStatsForUid(stats, uid, callerHasStatsPermission);
             }, "queryStatsForUid");
         }
         return translate(stats);
@@ -401,12 +429,6 @@ public class StorageStatsService extends IStorageStatsManager.Stub {
         } catch (InstallerException e) {
             throw new ParcelableException(new IOException(e.getMessage()));
         }
-
-        if (volumeUuid == StorageManager.UUID_PRIVATE_INTERNAL) {
-            forEachStorageStatsAugmenter((storageStatsAugmenter) -> {
-                storageStatsAugmenter.augmentStatsForUser(stats, userId, callingPackage);
-            }, "queryStatsForUser");
-        }
         return translate(stats);
     }