Update require permission tag for CarUserManager

Bug: 184292607
Test: atest CarServiceUnitTest:com.android.car.user.CarUserServiceTest
      atest CarServiceUnitTest:com.android.car.user.CarUserManagerUnitTest
      atest CarSecurityPermissionTest:com.android.car.user.CarUserManagerPermissionTest
Change-Id: I5919d0f25e9b4df32cd546bb7e40f219d7faebb0
diff --git a/car-lib/src/android/car/user/CarUserManager.java b/car-lib/src/android/car/user/CarUserManager.java
index 7dc0e7e..dace5a8 100644
--- a/car-lib/src/android/car/user/CarUserManager.java
+++ b/car-lib/src/android/car/user/CarUserManager.java
@@ -345,11 +345,6 @@
             android.Manifest.permission.CREATE_USERS})
     public AsyncFuture<UserSwitchResult> switchUser(@UserIdInt int targetUserId) {
         int uid = myUid();
-
-        if (mUserManager.getUserSwitchability() != UserManager.SWITCHABILITY_STATUS_OK) {
-            return newSwitchResuiltForFailure(UserSwitchResult.STATUS_NOT_SWITCHABLE);
-        }
-
         try {
             AndroidFuture<UserSwitchResult> future = new AndroidFuture<UserSwitchResult>() {
                 @Override
@@ -824,6 +819,8 @@
      *
      * @hide
      */
+    @RequiresPermission(anyOf = {android.Manifest.permission.MANAGE_USERS,
+            android.Manifest.permission.CREATE_USERS})
     public boolean isValidUser(@UserIdInt int userId) {
         List<UserInfo> allUsers = mUserManager.getAliveUsers();
         for (int i = 0; i < allUsers.size(); i++) {
diff --git a/service/src/com/android/car/user/CarUserService.java b/service/src/com/android/car/user/CarUserService.java
index b80be81..685a7ce 100644
--- a/service/src/com/android/car/user/CarUserService.java
+++ b/service/src/com/android/car/user/CarUserService.java
@@ -960,6 +960,10 @@
         Objects.requireNonNull(receiver);
         UserInfo targetUser = mUserManager.getUserInfo(targetUserId);
         Preconditions.checkArgument(targetUser != null, "Target user doesn't exist");
+        if (mUserManager.getUserSwitchability() != UserManager.SWITCHABILITY_STATUS_OK) {
+            sendUserSwitchResult(receiver, UserSwitchResult.STATUS_NOT_SWITCHABLE);
+            return;
+        }
         mHandler.post(()-> switchUserInternal(targetUser, timeoutMs, receiver));
     }
 
diff --git a/tests/CarSecurityPermissionTest/src/com/android/car/user/CarUserManagerPermissionTest.java b/tests/CarSecurityPermissionTest/src/com/android/car/user/CarUserManagerPermissionTest.java
index 5d20577..63c5ece 100644
--- a/tests/CarSecurityPermissionTest/src/com/android/car/user/CarUserManagerPermissionTest.java
+++ b/tests/CarSecurityPermissionTest/src/com/android/car/user/CarUserManagerPermissionTest.java
@@ -29,6 +29,7 @@
 
 import static com.google.common.truth.Truth.assertThat;
 
+import static org.testng.Assert.assertThrows;
 import static org.testng.Assert.expectThrows;
 
 import android.app.Instrumentation;
@@ -160,6 +161,11 @@
     }
 
     @Test
+    public void testIsValidUserPermission() {
+        assertThrows(SecurityException.class, () -> mCarUserManager.isValidUser(42));
+    }
+
+    @Test
     public void testSetUserSwitchUiCallback() {
         Exception e = expectThrows(SecurityException.class,
                 () -> mCarUserManager.getUserIdentificationAssociation(CUSTOM_1));
diff --git a/tests/android_car_api_test/AndroidManifest.xml b/tests/android_car_api_test/AndroidManifest.xml
index fe8ea24..7ae6fde 100644
--- a/tests/android_car_api_test/AndroidManifest.xml
+++ b/tests/android_car_api_test/AndroidManifest.xml
@@ -24,8 +24,6 @@
          android:targetPackage="android.car.apitest"
          android:label="Tests for Car APIs"
          android:debuggable="true"/>
-    <!-- TODO (b/184292607): remove it once bug is fixed. -->
-    <uses-permission android:name="android.permission.READ_PHONE_STATE"/>
 
     <application android:label="CarApiTest"
          android:debuggable="true">
diff --git a/tests/carservice_unit_test/src/com/android/car/user/CarUserManagerUnitTest.java b/tests/carservice_unit_test/src/com/android/car/user/CarUserManagerUnitTest.java
index 557d5c3..92182fd 100644
--- a/tests/carservice_unit_test/src/com/android/car/user/CarUserManagerUnitTest.java
+++ b/tests/carservice_unit_test/src/com/android/car/user/CarUserManagerUnitTest.java
@@ -222,19 +222,6 @@
     }
 
     @Test
-    public void testSwitchUser_noUserSwitchability() throws Exception {
-        when(mUserManager.getUserSwitchability())
-                .thenReturn(UserManager.SWITCHABILITY_STATUS_SYSTEM_USER_LOCKED);
-
-        AsyncFuture<UserSwitchResult> future = mMgr.switchUser(11);
-
-        assertThat(future).isNotNull();
-        UserSwitchResult result = getResult(future);
-        assertThat(result.getStatus()).isEqualTo(UserSwitchResult.STATUS_NOT_SWITCHABLE);
-        assertThat(result.getErrorMessage()).isNull();
-    }
-
-    @Test
     public void testSwitchUser_remoteException() throws Exception {
         expectServiceSwitchUserFails(11, new RemoteException("D'OH!"));
         mockHandleRemoteExceptionFromCarServiceWithDefaultValue(mCar);
diff --git a/tests/carservice_unit_test/src/com/android/car/user/CarUserServiceTest.java b/tests/carservice_unit_test/src/com/android/car/user/CarUserServiceTest.java
index e54437d..adafb57 100644
--- a/tests/carservice_unit_test/src/com/android/car/user/CarUserServiceTest.java
+++ b/tests/carservice_unit_test/src/com/android/car/user/CarUserServiceTest.java
@@ -1015,6 +1015,19 @@
     }
 
     @Test
+    public void testSwitchUser_noUserSwitchability() throws Exception {
+        UserInfo currentUser = mAdminUser;
+        mockExistingUsersAndCurrentUser(mExistingUsers, currentUser);
+        doReturn(UserManager.SWITCHABILITY_STATUS_SYSTEM_USER_LOCKED).when(mMockedUserManager)
+                .getUserSwitchability();
+
+        switchUser(mGuestUser.id, mAsyncCallTimeoutMs, mUserSwitchFuture);
+
+        assertThat(getUserSwitchResult().getStatus())
+                .isEqualTo(UserSwitchResult.STATUS_NOT_SWITCHABLE);
+    }
+
+    @Test
     public void testSwitchUser_targetSameAsCurrentUser() throws Exception {
         mockExistingUsersAndCurrentUser(mAdminUser);