Keep exempt permissions out of revokable groups list

If all permissions in a permission group are not revokable, we should not add the permission group to the list of revokable groups Bug: 297987468 Test: manual Change-Id: I27649f08da7461563cb526e2d33dcb7df36c579c
author: Nate Myren <ntmyren@google.com> 2023-09-01 11:18:15 -0700
committer: Nate Myren <ntmyren@google.com> 2023-09-01 18:21:26 +0000
commit: eac22a8f58c4981e4f864c1a0650f901ad574887 (patch)
tree: 82aa37939eff681e28b094310e5b1b775c6e0ab6 /PermissionController/src/com
parent: 1fcd92de12cf42026c66b12a1d8e35e50faf1660 (diff)
download: Permission-eac22a8f58c4981e4f864c1a0650f901ad574887.tar.gz
2 files changed, 7 insertions, 3 deletions
diff --git a/PermissionController/src/com/android/permissioncontroller/permission/data/HibernationSettingStateLiveData.kt b/PermissionController/src/com/android/permissioncontroller/permission/data/HibernationSettingStateLiveData.kt
index 606562641..f764988c7 100644
--- a/PermissionController/src/com/android/permissioncontroller/permission/data/HibernationSettingStateLiveData.kt
+++ b/PermissionController/src/com/android/permissioncontroller/permission/data/HibernationSettingStateLiveData.kt
@@ -34,6 +34,7 @@ import com.android.permissioncontroller.hibernation.isPackageHibernationExemptBy
 import com.android.permissioncontroller.hibernation.isPackageHibernationExemptByUser
 import com.android.permissioncontroller.permission.data.PackagePermissionsLiveData.Companion.NON_RUNTIME_NORMAL_PERMS
 import com.android.permissioncontroller.permission.model.livedatatypes.HibernationSettingState
+import com.android.permissioncontroller.permission.service.AUTO_REVOKE_EXEMPT_PERMISSIONS
 import kotlinx.coroutines.Job
 
 /**
@@ -117,7 +118,10 @@ class HibernationSettingStateLiveData private constructor(
                     permState.permFlags and (FLAG_PERMISSION_GRANTED_BY_DEFAULT or
                             FLAG_PERMISSION_GRANTED_BY_ROLE) != 0
                 } ?: false
-                if (!default) {
+                val allExempt = liveData.value?.all { (permName, _) ->
+                    permName in AUTO_REVOKE_EXEMPT_PERMISSIONS
+                } ?: false
+                if (!default && !allExempt) {
                     revocableGroups.add(groupName)
                 }
             }
diff --git a/PermissionController/src/com/android/permissioncontroller/permission/service/AutoRevokePermissions.kt b/PermissionController/src/com/android/permissioncontroller/permission/service/AutoRevokePermissions.kt
index 52e89e972..ec14951ae 100644
--- a/PermissionController/src/com/android/permissioncontroller/permission/service/AutoRevokePermissions.kt
+++ b/PermissionController/src/com/android/permissioncontroller/permission/service/AutoRevokePermissions.kt
@@ -49,7 +49,7 @@ import java.util.concurrent.atomic.AtomicBoolean
 private const val LOG_TAG = "AutoRevokePermissions"
 const val DEBUG_AUTO_REVOKE = true
 
-private val EXEMPT_PERMISSIONS = listOf(
+val AUTO_REVOKE_EXEMPT_PERMISSIONS = listOf(
         Manifest.permission.ACTIVITY_RECOGNITION,
         Manifest.permission.POST_NOTIFICATIONS)
 
@@ -115,7 +115,7 @@ suspend fun revokeAppPermissions(
                         .getInitializedValue() ?: continue
                 val fixed = group.isBackgroundFixed || group.isForegroundFixed
                 val granted = group.permissions.any { (_, perm) ->
-                    perm.isGrantedIncludingAppOp && perm.name !in EXEMPT_PERMISSIONS
+                    perm.isGrantedIncludingAppOp && perm.name !in AUTO_REVOKE_EXEMPT_PERMISSIONS
                 }
                 if (!fixed && granted &&
                     !group.isGrantedByDefault &&
author	Nate Myren <ntmyren@google.com>	2023-09-01 11:18:15 -0700
committer	Nate Myren <ntmyren@google.com>	2023-09-01 18:21:26 +0000
commit	eac22a8f58c4981e4f864c1a0650f901ad574887 (patch)
tree	82aa37939eff681e28b094310e5b1b775c6e0ab6 /PermissionController/src/com
parent	1fcd92de12cf42026c66b12a1d8e35e50faf1660 (diff)
download	Permission-eac22a8f58c4981e4f864c1a0650f901ad574887.tar.gz