Replace auto-revoke whitelist permission flags with appop

Bug: 146513245
Test: presubmit
Change-Id: Id0a04dd32ecf4774d90fc4c0da9c16a055b145d0

5 files changed, 78 insertions, 33 deletions

diff --git a/PermissionController/src/com/android/permissioncontroller/permission/data/AppOpLiveData.kt b/PermissionController/src/com/android/permissioncontroller/permission/data/AppOpLiveData.kt
new file mode 100644
index 000000000..a916cf8e8
--- /dev/null
+++ b/PermissionController/src/com/android/permissioncontroller/permission/data/AppOpLiveData.kt
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.permissioncontroller.permission.data
+
+import android.app.AppOpsManager
+import android.app.Application
+import com.android.permissioncontroller.PermissionControllerApplication
+
+/**
+ * A LiveData which represents the appop state
+ *
+ * @param app The current application
+ * @param packageName The name of the package
+ * @param op The name of the appop
+ * @param uid The uid of the package
+ *
+ * @see AppOpsManager
+ */
+//TODO eugenesusla: observe appops
+//TODO eugenesusla: use for external storage
+class AppOpLiveData private constructor(
+    private val app: Application,
+    private val packageName: String,
+    private val op: String,
+    private val uid: Int
+) : SmartUpdateMediatorLiveData<Int>() {
+
+    val appOpsManager = app.getSystemService(AppOpsManager::class.java)!!
+
+    override fun onUpdate() {
+        value = appOpsManager.unsafeCheckOpNoThrow(op, uid, packageName)
+    }
+
+    /**
+     * Repository for AppOpLiveData.
+     * <p> Key value is a triple of string package name, string appop, and
+     * package uid, value is its corresponding LiveData.
+     */
+    companion object : DataRepository<Triple<String, String, Int>, AppOpLiveData>() {
+        override fun newValue(key: Triple<String, String, Int>): AppOpLiveData {
+            return AppOpLiveData(PermissionControllerApplication.get(),
+                key.first, key.second, key.third)
+        }
+    }
+}
\ No newline at end of file
diff --git a/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java b/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java
index b923b301d..556c664c5 100644
--- a/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java
+++ b/PermissionController/src/com/android/permissioncontroller/permission/model/AppPermissionGroup.java
@@ -1406,11 +1406,7 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
                     | (permission.isPolicyFixed() ? PackageManager.FLAG_PERMISSION_POLICY_FIXED : 0)
                     | (permission.isReviewRequired()
                     ? PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED : 0)
-                    | (permission.isOneTime() ? PackageManager.FLAG_PERMISSION_ONE_TIME : 0)
-                    | (permission.isAutoRevoke()
-                    ? PackageManager.FLAG_PERMISSION_AUTO_REVOKE_IF_UNUSED : 0)
-                    | (permission.isAutoRevokeUserSet()
-                    ? PackageManager.FLAG_PERMISSION_AUTO_REVOKE_USER_SET : 0);
+                    | (permission.isOneTime() ? PackageManager.FLAG_PERMISSION_ONE_TIME : 0);
 
             mPackageManager.updatePermissionFlags(permission.getName(),
                     mPackageInfo.packageName,
diff --git a/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java b/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java
index b5a315993..49381db2b 100644
--- a/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java
+++ b/PermissionController/src/com/android/permissioncontroller/permission/model/Permission.java
@@ -261,20 +261,6 @@ public final class Permission {
         return (mFlags & PackageManager.FLAG_PERMISSION_ONE_TIME) != 0;
     }
 
-    /**
-     * @see PackageManager#FLAG_PERMISSION_AUTO_REVOKE_IF_UNUSED
-     */
-    public boolean isAutoRevoke() {
-        return (mFlags & PackageManager.FLAG_PERMISSION_AUTO_REVOKE_IF_UNUSED) != 0;
-    }
-
-    /**
-     * @see PackageManager#FLAG_PERMISSION_AUTO_REVOKE_USER_SET
-     */
-    public boolean isAutoRevokeUserSet() {
-        return (mFlags & PackageManager.FLAG_PERMISSION_AUTO_REVOKE_USER_SET) != 0;
-    }
-
     public void setUserSet(boolean userSet) {
         if (userSet) {
             mFlags |= PackageManager.FLAG_PERMISSION_USER_SET;
diff --git a/PermissionController/src/com/android/permissioncontroller/permission/model/livedatatypes/LightPermission.kt b/PermissionController/src/com/android/permissioncontroller/permission/model/livedatatypes/LightPermission.kt
index 1fc5f6d32..c94621f19 100644
--- a/PermissionController/src/com/android/permissioncontroller/permission/model/livedatatypes/LightPermission.kt
+++ b/PermissionController/src/com/android/permissioncontroller/permission/model/livedatatypes/LightPermission.kt
@@ -68,10 +68,6 @@ data class LightPermission(
     val isGrantedByDefault = flags and PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT != 0
     /** Whether this permission is granted by role */
     val isGrantedByRole = flags and PackageManager.FLAG_PERMISSION_GRANTED_BY_ROLE != 0
-    /** Whether this permission is not whitelisted from being auto-revoked when app is unused */
-    val isAutoRevokable = flags and PackageManager.FLAG_PERMISSION_AUTO_REVOKE_IF_UNUSED != 0
-    /** Whether [isAutoRevokable] was set by user */
-    val isAutoRevokableUserSet = flags and PackageManager.FLAG_PERMISSION_AUTO_REVOKE_USER_SET != 0
 
     override fun toString() = buildString {
         append(name)
@@ -85,7 +81,5 @@ data class LightPermission(
         if (isOneTime) append(", OneTime")
         if (isGrantedByDefault) append(", GrantedByDefault")
         if (isGrantedByRole) append(", GrantedByRole")
-        if (isAutoRevokable) append(", AutoRevokable")
-        if (isAutoRevokableUserSet) append(", AutoRevokableUserSet")
     }
 }
\ No newline at end of file
diff --git a/PermissionController/src/com/android/permissioncontroller/permission/service/AutoRevokePermissions.kt b/PermissionController/src/com/android/permissioncontroller/permission/service/AutoRevokePermissions.kt
index f92e3e2ea..7f83a2b06 100644
--- a/PermissionController/src/com/android/permissioncontroller/permission/service/AutoRevokePermissions.kt
+++ b/PermissionController/src/com/android/permissioncontroller/permission/service/AutoRevokePermissions.kt
@@ -20,6 +20,8 @@ package com.android.permissioncontroller.permission.service
 
 import android.app.ActivityManager
 import android.app.ActivityManager.RunningAppProcessInfo.IMPORTANCE_TOP_SLEEPING
+import android.app.AppOpsManager
+import android.app.AppOpsManager.OPSTR_AUTO_REVOKE_PERMISSIONS_IF_UNUSED
 import android.app.job.JobInfo
 import android.app.job.JobParameters
 import android.app.job.JobScheduler
@@ -41,10 +43,7 @@ import com.android.permissioncontroller.Constants
 import com.android.permissioncontroller.PermissionControllerStatsLog
 import com.android.permissioncontroller.PermissionControllerStatsLog.PERMISSION_GRANT_REQUEST_RESULT_REPORTED
 import com.android.permissioncontroller.PermissionControllerStatsLog.PERMISSION_GRANT_REQUEST_RESULT_REPORTED__RESULT__AUTO_UNUSED_APP_PERMISSION_REVOKED
-import com.android.permissioncontroller.permission.data.LightAppPermGroupLiveData
-import com.android.permissioncontroller.permission.data.PackagePermissionsLiveData
-import com.android.permissioncontroller.permission.data.UserPackageInfosLiveData
-import com.android.permissioncontroller.permission.data.get
+import com.android.permissioncontroller.permission.data.*
 import com.android.permissioncontroller.permission.model.livedatatypes.LightAppPermGroup
 import com.android.permissioncontroller.permission.model.livedatatypes.LightPackageInfo
 import com.android.permissioncontroller.permission.utils.KotlinUtils
@@ -145,6 +144,20 @@ private suspend fun revokePermissionsOnUnusedApps(context: Context) {
             return@forEachInParallel
         }
 
+        val whitelistAppOpMode =
+            AppOpLiveData[pkg.packageName, OPSTR_AUTO_REVOKE_PERMISSIONS_IF_UNUSED, pkg.uid]
+                .getInitializedValue()
+        if (whitelistAppOpMode == AppOpsManager.MODE_IGNORED) {
+            // User exempt
+            return@forEachInParallel
+        }
+        if (whitelistAppOpMode != AppOpsManager.MODE_ALLOWED) {
+            // Override whitelist exemption when debugging to allow for testing
+            if (!DEBUG) {
+                // TODO eugenesusla: if manifest flag exempt -> return
+            }
+        }
+
         val pkgPermGroups: Map<String, List<String>> =
             PackagePermissionsLiveData[pkg.packageName, myUserHandle()]
                 .getInitializedValue(staleOk = true)
@@ -165,10 +178,7 @@ private suspend fun revokePermissionsOnUnusedApps(context: Context) {
                 !group.isGrantedByDefault &&
                 !group.isGrantedByRole) {
 
-                val revocablePermissions = group.permissions.filter { (_, perm) ->
-                    // Override whitelist with DEBUG to allow testing
-                    DEBUG || perm.isAutoRevokable
-                }.keys.toList()
+                val revocablePermissions = group.permissions.keys.toList()
 
                 if (revocablePermissions.isEmpty()) {
                     return@forEachInParallel