From 6a7f37264755e226c8dc9a933a04b15078a9439a Mon Sep 17 00:00:00 2001
From: Hai Zhang <zhanghai@google.com>
Date: Thu, 21 Sep 2023 00:03:14 +0000
Subject: [PATCH] Add missing permission checks for adding permission
 listeners.

They were in the old PermissionManagerServiceImpl but missing in
ag/20684040. The new subsystem is only enabled in V+ so we can just fix
it directly.

Also added the permission check for removing despite that the old method
was only enforcing not instant app, because the removing API is
annotated with requiring the permission, and anyone currently able to
add will still remain able to remove since it's the same permission.

Bug: 263504888
Test: presubmit
Change-Id: Ie5688abdbc4d9039c3f7c42f3d253e69f7cc899d
---
 .../permission/access/permission/PermissionService.kt    | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt b/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt
index 8279600629833..1e052c037b3c6 100644
--- a/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt
+++ b/services/permission/java/com/android/server/permission/access/permission/PermissionService.kt
@@ -1753,10 +1753,19 @@ class PermissionService(
     }
 
     override fun addOnPermissionsChangeListener(listener: IOnPermissionsChangeListener) {
+        context.enforceCallingOrSelfPermission(
+            Manifest.permission.OBSERVE_GRANT_REVOKE_PERMISSIONS, "addOnPermissionsChangeListener"
+        )
+
         onPermissionsChangeListeners.addListener(listener)
     }
 
     override fun removeOnPermissionsChangeListener(listener: IOnPermissionsChangeListener) {
+        context.enforceCallingOrSelfPermission(
+            Manifest.permission.OBSERVE_GRANT_REVOKE_PERMISSIONS,
+            "removeOnPermissionsChangeListener"
+        )
+
         onPermissionsChangeListeners.removeListener(listener)
     }
 
-- 
GitLab