From b4ea73f5dad2ab78dff0fcf836e01aa7632c9256 Mon Sep 17 00:00:00 2001
From: Nate Myren <ntmyren@google.com>
Date: Thu, 25 May 2023 10:18:15 -0700
Subject: If an app doesn't request AML explicitly, do not grant it

When an app supports the photo picker, we are currently granting
ACCESS_MEDIA_LOCATION if the user clicks "select photos", regardless of
if the app included it in the request or not. We should not.

Fixes: 284255155
Test: atest PhotoPickerPermissionTest#testAMLNotGrantedIfNotRequested
Change-Id: Idd54624860b0b218f8e0c18d87102d1a5839f548
---
 .../permission/ui/model/GrantPermissionsViewModel.kt                  | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'PermissionController/src/com/android/permissioncontroller/permission')

diff --git a/PermissionController/src/com/android/permissioncontroller/permission/ui/model/GrantPermissionsViewModel.kt b/PermissionController/src/com/android/permissioncontroller/permission/ui/model/GrantPermissionsViewModel.kt
index 24dc51bdf..0680ffcd2 100644
--- a/PermissionController/src/com/android/permissioncontroller/permission/ui/model/GrantPermissionsViewModel.kt
+++ b/PermissionController/src/com/android/permissioncontroller/permission/ui/model/GrantPermissionsViewModel.kt
@@ -1080,7 +1080,9 @@ class GrantPermissionsViewModel(
             appPermGroup.setSelfRevoked()
             appPermGroup.persistChanges(false, null, nonSelectedPerms.toSet())
         } else {
-            val partialPerms = getPartialStorageGrantPermissionsForGroup(groupState.group)
+            val partialPerms = getPartialStorageGrantPermissionsForGroup(groupState.group).filter {
+                it in groupState.affectedPermissions
+            }
             val nonSelectedPerms = groupState.affectedPermissions.filter { it !in partialPerms }
             val setUserFixed = userSelectedPerm.isUserFixed || userSelectedPerm.isUserSet
             grantForegroundRuntimePermissions(app, groupState.group,
-- 
cgit v1.2.3