The cross-user check was requesting both interact across users and
interact across users all permissions which is too restrictive. Each
one is sufficient. Further, if the app has one of these premissions
but specifies a given user not current or current-self, the code
was throwing while the correct actions is to return the requested
user id as we alreay vetted the caller's permissions.
bug:16398152
Change-Id: I1a4863eb7b05dababb66bac6e143b78dfad42b81
194db6ad91