Revoke storage on SDK downgrade or new full storage request

                    if (hasOldPkg) {

                        mPermissionManager.revokeRuntimePermissionsIfGroupChanged(pkg, oldPkg,

                                allPackageNames, mPermissionCallback);

                        mPermissionManager.revokeStoragePermissionsIfScopeExpanded(pkg, oldPkg,

                                mPermissionCallback);

                    }

                    if (hasPermissionDefinitionChanges) {

                        mPermissionManager.revokeRuntimePermissionsIfPermissionDefinitionChanged(

    private static final int USER_PERMISSION_FLAGS = FLAG_PERMISSION_USER_SET

            | FLAG_PERMISSION_USER_FIXED;

    /** All storage permissions */

    private static final List<String> STORAGE_PERMISSIONS = new ArrayList<>();

    /** If the permission of the value is granted, so is the key */

    private static final Map<String, String> FULLER_PERMISSION_MAP = new HashMap<>();

                Manifest.permission.ACCESS_FINE_LOCATION);

        FULLER_PERMISSION_MAP.put(Manifest.permission.INTERACT_ACROSS_USERS,

                Manifest.permission.INTERACT_ACROSS_USERS_FULL);

        STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE);

        STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE);

        STORAGE_PERMISSIONS.add(Manifest.permission.ACCESS_MEDIA_LOCATION);

    }

    /** Lock to protect internal data access */

        return protectionLevel;

    }

    /**

     * If the app is updated, and has scoped storage permissions, then it is possible that the

     * app updated in an attempt to get unscoped storage. If so, revoke all storage permissions.

     * @param newPackage The new package that was installed

     * @param oldPackage The old package that was updated

     */

    private void revokeStoragePermissionsIfScopeExpanded(

            @NonNull PackageParser.Package newPackage,

            @NonNull PackageParser.Package oldPackage,

            @NonNull PermissionCallback permissionCallback) {

        boolean downgradedSdk = oldPackage.applicationInfo.targetSdkVersion >= Build.VERSION_CODES.Q

                && newPackage.applicationInfo.targetSdkVersion < Build.VERSION_CODES.Q;

        boolean upgradedSdk = oldPackage.applicationInfo.targetSdkVersion < Build.VERSION_CODES.Q

                && newPackage.applicationInfo.targetSdkVersion >= Build.VERSION_CODES.Q;

        boolean newlyRequestsLegacy = !upgradedSdk

                && !oldPackage.applicationInfo.hasRequestedLegacyExternalStorage()

                && newPackage.applicationInfo.hasRequestedLegacyExternalStorage();

        if (!newlyRequestsLegacy && !downgradedSdk) {

            return;

        }

        final int callingUid = Binder.getCallingUid();

        final int userId = UserHandle.getUserId(newPackage.applicationInfo.uid);

        int numRequestedPermissions = newPackage.requestedPermissions.size();

        for (int i = 0; i < numRequestedPermissions; i++) {

            PermissionInfo permInfo = getPermissionInfo(newPackage.requestedPermissions.get(i),

                    newPackage.packageName, 0, callingUid);

            if (permInfo == null || !STORAGE_PERMISSIONS.contains(permInfo.name)) {

                continue;

            }

            EventLog.writeEvent(0x534e4554, "171430330", newPackage.applicationInfo.uid,

                    "Revoking permission " + permInfo.name + " from package "

                            + newPackage.packageName + " as either the sdk downgraded "

                            + downgradedSdk + " or newly requested legacy full storage "

                            + newlyRequestsLegacy);

            revokeRuntimePermission(permInfo.name, newPackage.packageName,

                    false, userId, permissionCallback);

        }

    }

    /**

     * We might auto-grant permissions if any permission of the group is already granted. Hence if

     * the group of a granted permission changes we need to revoke it to avoid having permissions of

        public boolean isPermissionsReviewRequired(@NonNull Package pkg, @UserIdInt int userId) {

            return PermissionManagerService.this.isPermissionsReviewRequired(pkg, userId);

        }

        /**

         * If the app is updated, and has scoped storage permissions, then it is possible that the

         * app updated in an attempt to get unscoped storage. If so, revoke all storage permissions.

         * @param newPackage The new package that was installed

         * @param oldPackage The old package that was updated

         */

        public void revokeStoragePermissionsIfScopeExpanded(

                @NonNull PackageParser.Package newPackage,

                @NonNull PackageParser.Package oldPackage,

                @NonNull PermissionCallback permissionCallback) {

            PermissionManagerService.this.revokeStoragePermissionsIfScopeExpanded(newPackage,

                    oldPackage, permissionCallback);

        }

        @Override

        public void revokeRuntimePermissionsIfGroupChanged(

                @NonNull PackageParser.Package newPackage,

            @NonNull ArrayList<String> allPackageNames,

            @NonNull PermissionCallback permissionCallback);

    /**

     * If the app is updated, and has scoped storage permissions, then it is possible that the

     * app updated in an attempt to get unscoped storage. If so, revoke all storage permissions.

     * @param newPackage The new package that was installed

     * @param oldPackage The old package that was updated

     */

    public abstract void revokeStoragePermissionsIfScopeExpanded(

            @NonNull PackageParser.Package newPackage,

            @NonNull PackageParser.Package oldPackage,

            @NonNull PermissionCallback permissionCallback);

    /**

     * Add all permissions in the given package.

     * <p>