Update intent resolution logic with new rules

import android.content.pm.IntentFilterVerificationInfo;

import android.content.pm.KeySet;

import android.content.pm.ModuleInfo;

import android.content.pm.overlay.OverlayPaths;

import android.content.pm.PackageChangeEvent;

import android.content.pm.PackageInfo;

import android.content.pm.PackageInfoLite;

import java.util.concurrent.atomic.AtomicInteger;

import java.util.function.BiConsumer;

import java.util.function.Consumer;

import java.util.function.Function;

import java.util.function.Predicate;

/**

                Intent intent, int matchFlags, List<ResolveInfo> candidates,

                CrossProfileDomainInfo xpDomainInfo, int userId, boolean debug) {

            final ArrayList<ResolveInfo> result = new ArrayList<>();

            final ArrayList<ResolveInfo> alwaysList = new ArrayList<>();

            final ArrayList<ResolveInfo> undefinedList = new ArrayList<>();

            final ArrayList<ResolveInfo> matchAllList = new ArrayList<>();

            final int count = candidates.size();

            // First, try to use linked apps. Partition the candidates into four lists:

            // one for the final results, one for the "do not use ever", one for "undefined status"

            // and finally one for "browser app type".

            // First, try to use approved apps.

            for (int n = 0; n < count; n++) {

                ResolveInfo info = candidates.get(n);

                String packageName = info.activityInfo.packageName;

                PackageSetting ps = mSettings.getPackageLPr(packageName);

                if (ps != null) {

                // Add to the special match all list (Browser use case)

                if (info.handleAllWebDataURI) {

                    matchAllList.add(info);

                        continue;

                    }

                    boolean isAlways = mDomainVerificationManager

                            .isApprovedForDomain(ps, intent, userId);

                    if (isAlways) {

                        alwaysList.add(info);

                    } else {

                        undefinedList.add(info);

                    }

                    continue;

                }

            }

            Pair<List<ResolveInfo>, Integer> infosAndLevel = mDomainVerificationManager

                    .filterToApprovedApp(intent, candidates, userId, mSettings::getPackageLPr);

            List<ResolveInfo> approvedInfos = infosAndLevel.first;

            Integer highestApproval = infosAndLevel.second;

            // We'll want to include browser possibilities in a few cases

            boolean includeBrowser = false;

            // First try to add the "always" resolution(s) for the current user, if any

            if (alwaysList.size() > 0) {

                result.addAll(alwaysList);

            // If no apps are approved for the domain, resolve only to browsers

            if (approvedInfos.isEmpty()) {

                // If the other profile has a result, include that and delegate to ResolveActivity

                if (xpDomainInfo != null && xpDomainInfo.highestApprovalLevel

                        > DomainVerificationManagerInternal.APPROVAL_LEVEL_NONE) {

                    result.add(xpDomainInfo.resolveInfo);

                } else {

                    includeBrowser = true;

                }

            } else {

                // Add all undefined apps as we want them to appear in the disambiguation dialog.

                result.addAll(undefinedList);

                // Maybe add one for the other profile.

                if (xpDomainInfo != null && xpDomainInfo.wereAnyDomainsVerificationApproved) {

                result.addAll(approvedInfos);

                // If the other profile has an app that's of equal or higher approval, add it

                if (xpDomainInfo != null && xpDomainInfo.highestApprovalLevel >= highestApproval) {

                    result.add(xpDomainInfo.resolveInfo);

                }

                includeBrowser = true;

            }

            if (includeBrowser) {

                    }

                }

                // If there is nothing selected, add all candidates and remove the ones that the

                //user

                // has explicitly put into the INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_NEVER state

                // If there is nothing selected, add all candidates

                if (result.size() == 0) {

                    result.addAll(candidates);

                }

                            sourceUserId, parentUserId);

                }

                result.wereAnyDomainsVerificationApproved |= mDomainVerificationManager

                        .isApprovedForDomain(ps, intent, riTargetUser.targetUserId);

                result.highestApprovalLevel = Math.max(mDomainVerificationManager

                        .approvalLevelForDomain(ps, intent, riTargetUser.targetUserId),

                        result.highestApprovalLevel);

            }

            if (result != null && !result.wereAnyDomainsVerificationApproved) {

            if (result != null && result.highestApprovalLevel

                    <= DomainVerificationManagerInternal.APPROVAL_LEVEL_NONE) {

                return null;

            }

            return result;

                    final String packageName = info.activityInfo.packageName;

                    final PackageSetting ps = mSettings.getPackageLPr(packageName);

                    if (ps.getInstantApp(userId)) {

                        if (mDomainVerificationManager.isApprovedForDomain(ps, intent, userId)) {

                        if (hasAnyDomainApproval(mDomainVerificationManager, ps, intent,

                                userId)) {

                            if (DEBUG_INSTANT) {

                                Slog.v(TAG, "Instant app approvd for intent; pkg: "

                                Slog.v(TAG, "Instant app approved for intent; pkg: "

                                        + packageName);

                            }

                            localInstantApp = info;

                if (ps != null) {

                    // only check domain verification status if the app is not a browser

                    if (!info.handleAllWebDataURI) {

                        if (mDomainVerificationManager.isApprovedForDomain(ps, intent, userId)) {

                        if (hasAnyDomainApproval(mDomainVerificationManager, ps, intent,

                                userId)) {

                            if (DEBUG_INSTANT) {

                                Slog.v(TAG, "DENY instant app;" + " pkg: " + packageName

                                        + ", approved");

                    if (ri.activityInfo.applicationInfo.isInstantApp()) {

                        final String packageName = ri.activityInfo.packageName;

                        final PackageSetting ps = mSettings.getPackageLPr(packageName);

                        if (ps != null && mDomainVerificationManager

                                .isApprovedForDomain(ps, intent, userId)) {

                        if (ps != null && hasAnyDomainApproval(mDomainVerificationManager, ps,

                                intent, userId)) {

                            return ri;

                        }

                    }

        return null;

    }

    /**

     * Do NOT use for intent resolution filtering. That should be done with

     * {@link DomainVerificationManagerInternal#filterToApprovedApp(Intent, List, int, Function)}.

     *

     * @return if the package is approved at any non-zero level for the domain in the intent

     */

    private static boolean hasAnyDomainApproval(

            @NonNull DomainVerificationManagerInternal manager, @NonNull PackageSetting pkgSetting,

            @NonNull Intent intent, @UserIdInt int userId) {

        return manager.approvalLevelForDomain(pkgSetting, intent, userId)

                > DomainVerificationManagerInternal.APPROVAL_LEVEL_NONE;

    }

    /**

     * Return true if the given list is not empty and all of its contents have

     * an activityInfo with the given package name.

    private static class CrossProfileDomainInfo {

        /* ResolveInfo for IntentForwarderActivity to send the intent to the other profile */

        ResolveInfo resolveInfo;

        boolean wereAnyDomainsVerificationApproved;

        int highestApprovalLevel = DomainVerificationManagerInternal.APPROVAL_LEVEL_NONE;

    }

    private CrossProfileDomainInfo getCrossProfileDomainPreferredLpr(Intent intent,

        incrementalStates.onStorageHealthStatusChanged(status);

    }

    public long getFirstInstallTime() {

        return firstInstallTime;

    }

    protected PackageSettingBase updateFrom(PackageSettingBase other) {

        super.copyFrom(other);

        setPath(other.getPath());

package com.android.server.pm.verify.domain;

import android.annotation.IntDef;

import android.annotation.NonNull;

import android.annotation.Nullable;

import android.annotation.RequiresPermission;

import android.annotation.UserIdInt;

import android.content.Intent;

import android.content.pm.IntentFilterVerificationInfo;

import android.content.pm.PackageManager;

import android.content.pm.PackageManager.NameNotFoundException;

import android.content.pm.ResolveInfo;

import android.content.pm.verify.domain.DomainVerificationInfo;

import android.content.pm.verify.domain.DomainVerificationManager;

import android.os.Binder;

import android.os.UserHandle;

import android.util.IndentingPrintWriter;

import android.util.Pair;

import android.util.TypedXmlPullParser;

import android.util.TypedXmlSerializer;

import org.xmlpull.v1.XmlPullParserException;

import java.io.IOException;

import java.util.List;

import java.util.Set;

import java.util.UUID;

import java.util.function.Function;

    UUID DISABLED_ID = new UUID(0, 0);

    /**

     * The app has not been approved for this domain and should never be able to open it through

     * an implicit web intent.

     */

    int APPROVAL_LEVEL_NONE = 0;

    /**

     * The app has been approved through the legacy

     * {@link PackageManager#updateIntentVerificationStatusAsUser(String, int, int)} API, which has

     * been preserved for migration purposes, but is otherwise ignored. Corresponds to

     * {@link PackageManager#INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ASK} and

     * {@link PackageManager#INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS_ASK}.

     *

     * This should be used as the cutoff for showing a picker if no better approved app exists

     * during the legacy transition period.

     *

     * TODO(b/177923646): The legacy values can be removed once the Settings API changes are

     *  shipped. These values are not stable, so just deleting the constant and shifting others is

     *  fine.

     */

    int APPROVAL_LEVEL_LEGACY_ASK = 1;

    /**

     * The app has been approved through the legacy

     * {@link PackageManager#updateIntentVerificationStatusAsUser(String, int, int)} API, which has

     * been preserved for migration purposes, but is otherwise ignored. Corresponds to

     * {@link PackageManager#INTENT_FILTER_DOMAIN_VERIFICATION_STATUS_ALWAYS}.

     */

    int APPROVAL_LEVEL_LEGACY_ALWAYS = 1;

    /**

     * The app has been chosen by the user through

     * {@link #setDomainVerificationUserSelection(UUID, Set, boolean)}, indictag an explicit

     * choice to use this app to open an unverified domain.

     */

    int APPROVAL_LEVEL_SELECTION = 2;

    /**

     * The app is approved through the digital asset link statement being hosted at the domain

     * it is capturing. This is set through {@link #setDomainVerificationStatus(UUID, Set, int)} by

     * the domain verification agent on device.

     */

    int APPROVAL_LEVEL_VERIFIED = 3;

    /**

     * The app has been installed as an instant app, which grants it total authority on the domains

     * that it declares. It is expected that the package installer validate the domains the app

     * declares against the digital asset link statements before allowing it to be installed.

     *

     * The user is still able to disable instant app link handling through

     * {@link #setDomainVerificationLinkHandlingAllowed(String, boolean)}.

     */

    int APPROVAL_LEVEL_INSTANT_APP = 4;

    /**

     * Defines the possible values for {@link #approvalLevelForDomain(PackageSetting, Intent, int)}

     * which sorts packages by approval priority. A higher numerical value means the package should

     * override all lower values. This means that comparison using less/greater than IS valid.

     *

     * Negative values are possible, although not implemented, reserved if explicit disable of a

     * package for a domain needs to be tracked.

     */

    @IntDef({

            APPROVAL_LEVEL_NONE,

            APPROVAL_LEVEL_LEGACY_ASK,

            APPROVAL_LEVEL_LEGACY_ALWAYS,

            APPROVAL_LEVEL_SELECTION,

            APPROVAL_LEVEL_VERIFIED,

            APPROVAL_LEVEL_INSTANT_APP

    })

    @interface ApprovalLevel{}

    /**

     * Generate a new domain set ID to be used for attaching new packages.

     */

    DomainVerificationCollector getCollector();

    /**

     * Check if a resolving URI is approved to takeover the domain as the sole resolved target.

     * Filters the provided list down to the {@link ResolveInfo} objects that should be allowed

     * to open the domain inside the {@link Intent}. It is possible for no packages represented in

     * the list to be approved, in which case an empty list will be returned.

     *

     * @return the filtered list and the corresponding approval level

     */

    @NonNull

    Pair<List<ResolveInfo>, Integer> filterToApprovedApp(@NonNull Intent intent,

            @NonNull List<ResolveInfo> infos, @UserIdInt int userId,

            @NonNull Function<String, PackageSetting> pkgSettingFunction);

    /**

     * Check at what precedence a package resolving a URI is approved to takeover the domain.

     * This can be because the domain was auto-verified for the package, or if the user manually

     * chose to enable the domain for the package.

     * chose to enable the domain for the package. If an app is auto-verified, it will be

     * preferred over apps that were manually selected.

     *

     * NOTE: This should not be used for filtering intent resolution. See

     * {@link #filterToApprovedApp(Intent, List, int, Function)} for that.

     */

    boolean isApprovedForDomain(@NonNull PackageSetting pkgSetting, @NonNull Intent intent,

    @ApprovalLevel

    int approvalLevelForDomain(@NonNull PackageSetting pkgSetting, @NonNull Intent intent,

            @UserIdInt int userId);

    /**

            throws IllegalArgumentException, NameNotFoundException;

    interface Connection extends DomainVerificationEnforcer.Callback,

            Function<String, PackageSetting> {

    interface Connection extends DomainVerificationEnforcer.Callback {

        /**

         * Notify that a settings change has been made and that eventually

        @Nullable

        AndroidPackage getPackageLocked(@NonNull String pkgName);

        @Override

        default PackageSetting apply(@NonNull String pkgName) {

            return getPackageSettingLocked(pkgName);

        }

    }

}