Merge "Move dropping implicit UPGRADE_EXEMPT into permission policy."

        }

        }

    }

    }

    override fun MutateStateScope.onPackageInstalled(packageState: PackageState, userId: Int) {

        // Clear UPGRADE_EXEMPT for all permissions requested by this package since there's

        // an installer and the installer has made a decision.

        clearRestrictedPermissionImplicitExemption(packageState, userId)

    }

    private fun MutateStateScope.clearRestrictedPermissionImplicitExemption(

        packageState: PackageState,

        userId: Int

    ) {

        // System apps can always retain their UPGRADE_EXEMPT.

        if (packageState.isSystem) {

            return

        }

        val androidPackage = packageState.androidPackage ?: return

        val appId = packageState.appId

        androidPackage.requestedPermissions.forEachIndexed { _, permissionName ->

            val permission = newState.systemState.permissions[permissionName]

                ?: return@forEachIndexed

            if (!permission.isHardOrSoftRestricted) {

                return@forEachIndexed

            }

            val isRequestedBySystemPackage =

                anyRequestingPackageInAppId(appId, permissionName) { it.isSystem }

            if (isRequestedBySystemPackage) {

                return@forEachIndexed

            }

            val oldFlags = getPermissionFlags(appId, userId, permissionName)

            var newFlags = oldFlags andInv PermissionFlags.UPGRADE_EXEMPT

            val isExempt = newFlags.hasAnyBit(PermissionFlags.MASK_EXEMPT)

            newFlags = if (permission.isHardRestricted && !isExempt) {

                newFlags or PermissionFlags.RESTRICTION_REVOKED

            } else {

                newFlags andInv PermissionFlags.RESTRICTION_REVOKED

            }

            newFlags = if (permission.isSoftRestricted && !isExempt) {

                newFlags or PermissionFlags.SOFT_RESTRICTED

            } else {

                newFlags andInv PermissionFlags.SOFT_RESTRICTED

            }

            setPermissionFlags(appId, userId, permissionName, newFlags)

        }

    }

    override fun MutateStateScope.onPackageUninstalled(

    override fun MutateStateScope.onPackageUninstalled(

        packageName: String,

        packageName: String,

        appId: Int,

        appId: Int,

                packageManagerInternal.getPackageStateInternal(androidPackage.packageName)!!

                packageManagerInternal.getPackageStateInternal(androidPackage.packageName)!!

            addAllowlistedRestrictedPermissionsUnchecked(androidPackage, packageState.appId,

            addAllowlistedRestrictedPermissionsUnchecked(androidPackage, packageState.appId,

                params.allowlistedRestrictedPermissions, userId)

                params.allowlistedRestrictedPermissions, userId)

            if (!packageState.isSystem()) {

                // Drop UPGRADE_EXEMPT for all permissions requested by this package since there's

                // an installer and the installer has made a decision.

                setAllowlistedRestrictedPermissionsUnchecked(

                    androidPackage, packageState.appId, emptyList(),

                    PackageManager.FLAG_PERMISSION_WHITELIST_UPGRADE, userId

                )

            }

            setRequestedPermissionStates(packageState, userId, params.permissionStates)

            setRequestedPermissionStates(packageState, userId, params.permissionStates)

        }

        }

    }

    }