diff --git a/services/core/java/com/android/server/recoverysystem/RecoverySystemService.java b/services/core/java/com/android/server/recoverysystem/RecoverySystemService.java
index ed4a7bf107d1..f72adb609f6f 100644
--- a/services/core/java/com/android/server/recoverysystem/RecoverySystemService.java
+++ b/services/core/java/com/android/server/recoverysystem/RecoverySystemService.java
@@ -961,11 +961,13 @@ public class RecoverySystemService extends IRecoverySystem.Stub implements Reboo
 
     @Override
     public boolean allocateSpaceForUpdate(String packageFile) {
+        mContext.enforceCallingOrSelfPermission(android.Manifest.permission.RECOVERY, null);
         if (!isUpdatableApexSupported()) {
             Log.i(TAG, "Updatable Apex not supported, "
                     + "allocateSpaceForUpdate does nothing.");
             return true;
         }
+        final long token = Binder.clearCallingIdentity();
         try {
             CompressedApexInfoList apexInfoList = getCompressedApexInfoList(packageFile);
             ApexManager apexManager = ApexManager.getInstance();
@@ -975,6 +977,8 @@ public class RecoverySystemService extends IRecoverySystem.Stub implements Reboo
             e.rethrowAsRuntimeException();
         } catch (IOException | UnsupportedOperationException e) {
             Slog.e(TAG, "Failed to reserve space for compressed apex: ", e);
+        } finally {
+            Binder.restoreCallingIdentity(token);
         }
         return false;
     }