commit 3624ed78fdec4fe07446547f678da86e073acbfd
author TreeHugger Robot <treehugger-gerrit@google.com> Thu Jun 24 06:51:19 2021 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Thu Jun 24 06:51:19 2021 +0000
tree 5ac13e6db649fc2d09fa2a90906a44b65f248acc
parent 61d2be2dd0e34fe9416bf84e9049217e0c5f25ee
parent 29f69e43bb3e07407f2ee06a6f8379c37d473b65

Merge "Enforce permissions check in getLastTimeAnyComponentUsed" into sc-dev am: dbdd7012bc am: 29f69e43bb

Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/base/+/15084728

Change-Id: Ib176042519dd83be639f7fb5ee87c83297123c0f

core/java/android/app/usage/IUsageStatsManager.aidl

diff --git a/core/java/android/app/usage/IUsageStatsManager.aidl b/core/java/android/app/usage/IUsageStatsManager.aidl
index eb4c624..585eb61 100644
--- a/core/java/android/app/usage/IUsageStatsManager.aidl
+++ b/core/java/android/app/usage/IUsageStatsManager.aidl
@@ -68,5 +68,5 @@
     void reportUserInteraction(String packageName, int userId);
     int getUsageSource();
     void forceUsageSourceSettingRead();
-    long getLastTimeAnyComponentUsed(String packageName);
+    long getLastTimeAnyComponentUsed(String packageName, String callingPackage);
 }

core/java/android/app/usage/UsageStatsManager.java

diff --git a/core/java/android/app/usage/UsageStatsManager.java b/core/java/android/app/usage/UsageStatsManager.java
index e8175c7..ac7a318 100644
--- a/core/java/android/app/usage/UsageStatsManager.java
+++ b/core/java/android/app/usage/UsageStatsManager.java
@@ -1287,7 +1287,7 @@
             android.Manifest.permission.PACKAGE_USAGE_STATS})
     public long getLastTimeAnyComponentUsed(@NonNull String packageName) {
         try {
-            return mService.getLastTimeAnyComponentUsed(packageName);
+            return mService.getLastTimeAnyComponentUsed(packageName, mContext.getOpPackageName());
         } catch (RemoteException re) {
             throw re.rethrowFromSystemServer();
         }

services/usage/java/com/android/server/usage/UsageStatsService.java

diff --git a/services/usage/java/com/android/server/usage/UsageStatsService.java b/services/usage/java/com/android/server/usage/UsageStatsService.java
index 128602d..1b84927 100644
--- a/services/usage/java/com/android/server/usage/UsageStatsService.java
+++ b/services/usage/java/com/android/server/usage/UsageStatsService.java
@@ -2226,7 +2226,14 @@
         }
 
         @Override
-        public long getLastTimeAnyComponentUsed(String packageName) {
+        public long getLastTimeAnyComponentUsed(String packageName, String callingPackage) {
+            if (!hasPermissions(
+                    callingPackage, android.Manifest.permission.INTERACT_ACROSS_USERS)) {
+                throw new SecurityException("Caller doesn't have INTERACT_ACROSS_USERS permission");
+            }
+            if (!hasPermission(callingPackage)) {
+                throw new SecurityException("Don't have permission to query usage stats");
+            }
             synchronized (mLock) {
                 // Truncate the returned milliseconds to the boundary of the last day before exact
                 // time for privacy reasons.