From 42d4ba418e97c6e34fba7b1053d69e92ec32b846 Mon Sep 17 00:00:00 2001
From: Alex Buynytskyy <alexbuy@google.com>
Date: Tue, 12 Jan 2021 11:10:03 -0800
Subject: Require INTERACT_ACROSS_USERS to enable readlogs.

As requested by PWG.

Bug: 177330562
Fixes: 177330562
Test: atest PackageManagerShellCommandTest PackageManagerShellCommandIncrementalTest IncrementalServiceTest PackageManagerServiceTest
Change-Id: I1b03bc1c5b4c3cffaa0f97d864cc088782290bc2
---
 services/incremental/IncrementalService.cpp | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

(limited to 'services/incremental/IncrementalService.cpp')

diff --git a/services/incremental/IncrementalService.cpp b/services/incremental/IncrementalService.cpp
index 45c9ad9b344b..dde70caa797f 100644
--- a/services/incremental/IncrementalService.cpp
+++ b/services/incremental/IncrementalService.cpp
@@ -38,9 +38,11 @@
 
 using namespace std::literals;
 
-constexpr const char* kDataUsageStats = "android.permission.LOADER_USAGE_STATS";
+constexpr const char* kLoaderUsageStats = "android.permission.LOADER_USAGE_STATS";
 constexpr const char* kOpUsage = "android:loader_usage_stats";
 
+constexpr const char* kInteractAcrossUsers = "android.permission.INTERACT_ACROSS_USERS";
+
 namespace android::incremental {
 
 using content::pm::DataLoaderParamsParcel;
@@ -684,10 +686,21 @@ int IncrementalService::setStorageParams(StorageId storageId, bool enableReadLog
             return -EPERM;
         }
 
-        if (auto status = mAppOpsManager->checkPermission(kDataUsageStats, kOpUsage,
+        // Check loader usage stats permission and apop.
+        if (auto status = mAppOpsManager->checkPermission(kLoaderUsageStats, kOpUsage,
+                                                          params.packageName.c_str());
+            !status.isOk()) {
+            LOG(ERROR) << " Permission: " << kLoaderUsageStats
+                       << " check failed: " << status.toString8();
+            return fromBinderStatus(status);
+        }
+
+        // Check multiuser permission.
+        if (auto status = mAppOpsManager->checkPermission(kInteractAcrossUsers, nullptr,
                                                           params.packageName.c_str());
             !status.isOk()) {
-            LOG(ERROR) << "checkPermission failed: " << status.toString8();
+            LOG(ERROR) << " Permission: " << kInteractAcrossUsers
+                       << " check failed: " << status.toString8();
             return fromBinderStatus(status);
         }
     }
-- 
cgit v1.2.3-59-g8ed1b