Merge "Create AppOpsPermissionController" into 24D1-dev

/*

 * Copyright (C) 2024 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package com.android.settingslib.spaprivileged.model.app

import android.app.AppOpsManager

import android.content.Context

import android.content.pm.ApplicationInfo

import android.util.Log

import kotlinx.coroutines.Dispatchers

import kotlinx.coroutines.flow.Flow

import kotlinx.coroutines.flow.conflate

import kotlinx.coroutines.flow.flowOn

import kotlinx.coroutines.flow.map

import kotlinx.coroutines.flow.onEach

interface IAppOpsPermissionController {

    val isAllowedFlow: Flow<Boolean>

    fun setAllowed(allowed: Boolean)

}

class AppOpsPermissionController(

    context: Context,

    private val app: ApplicationInfo,

    appOps: AppOps,

    private val permission: String,

    private val packageManagers: IPackageManagers = PackageManagers,

    private val appOpsController: IAppOpsController = AppOpsController(context, app, appOps),

) : IAppOpsPermissionController {

    override val isAllowedFlow: Flow<Boolean> = appOpsController.modeFlow.map { mode ->

        when (mode) {

            AppOpsManager.MODE_ALLOWED -> true

            AppOpsManager.MODE_DEFAULT -> {

                with(packageManagers) { app.hasGrantPermission(permission) }

            }

            else -> false

        }

    }.conflate().onEach { Log.d(TAG, "isAllowed: $it") }.flowOn(Dispatchers.Default)

    override fun setAllowed(allowed: Boolean) {

        appOpsController.setAllowed(allowed)

    }

    private companion object {

        private const val TAG = "AppOpsPermissionControl"

    }

}

import android.content.Context

import android.content.pm.ApplicationInfo

import androidx.compose.runtime.Composable

import androidx.compose.runtime.getValue

import androidx.lifecycle.compose.collectAsStateWithLifecycle

import com.android.settingslib.spa.framework.util.asyncMapItem

import com.android.settingslib.spa.framework.util.filterItem

import com.android.settingslib.spaprivileged.model.app.AppOps

import com.android.settingslib.spaprivileged.model.app.AppOpsController

import com.android.settingslib.spaprivileged.model.app.AppOpsPermissionController

import com.android.settingslib.spaprivileged.model.app.AppRecord

import com.android.settingslib.spaprivileged.model.app.IAppOpsController

import com.android.settingslib.spaprivileged.model.app.IAppOpsPermissionController

import com.android.settingslib.spaprivileged.model.app.IPackageManagers

import com.android.settingslib.spaprivileged.model.app.PackageManagers

import kotlinx.coroutines.flow.Flow

    override val app: ApplicationInfo,

    val hasRequestBroaderPermission: Boolean,

    val hasRequestPermission: Boolean,

    var appOpsController: IAppOpsController,

    var appOpsPermissionController: IAppOpsPermissionController,

) : AppRecord

abstract class AppOpPermissionListModel(

    private val notChangeablePackages =

        setOf("android", "com.android.systemui", context.packageName)

    private fun createAppOpsController(app: ApplicationInfo) =

        AppOpsController(context, app, appOps)

    private fun createAppOpsPermissionController(app: ApplicationInfo) =

        AppOpsPermissionController(context, app, appOps, permission)

    private fun createRecord(

        app: ApplicationInfo,

                    app.hasRequestPermission(it)

                } ?: false,

                hasRequestPermission = hasRequestPermission,

                appOpsController = createAppOpsController(app),

                appOpsPermissionController = createAppOpsPermissionController(app),

            )

        }

    override fun filter(userIdFlow: Flow<Int>, recordListFlow: Flow<List<AppOpPermissionRecord>>) =

        recordListFlow.filterItem(::isChangeable)

    @Composable

    override fun isAllowed(record: AppOpPermissionRecord): () -> Boolean? =

        isAllowed(

            record = record,

            appOpsController = record.appOpsController,

            permission = permission,

            packageManagers = packageManagers,

        )

    override fun isChangeable(record: AppOpPermissionRecord) =

        record.hasRequestPermission &&

            !record.hasRequestBroaderPermission &&

            record.app.packageName !in notChangeablePackages

    override fun setAllowed(record: AppOpPermissionRecord, newAllowed: Boolean) {

        record.appOpsController.setAllowed(newAllowed)

    }

}

    /**

     * Defining the default behavior as permissible as long as the package requested this permission

     * (This means pre-M gets approval during install time; M apps gets approval during runtime).

     */

    @Composable

internal fun isAllowed(

    record: AppOpPermissionRecord,

    appOpsController: IAppOpsController,

    permission: String,

    packageManagers: IPackageManagers = PackageManagers,

): () -> Boolean? {

    override fun isAllowed(record: AppOpPermissionRecord): () -> Boolean? {

        if (record.hasRequestBroaderPermission) {

            // Broader permission trumps the specific permission.

            return { true }

        }

    val mode = appOpsController.modeFlow.collectAsStateWithLifecycle(initialValue = null)

    return {

        when (mode.value) {

            null -> null

            AppOpsManager.MODE_ALLOWED -> true

            AppOpsManager.MODE_DEFAULT -> {

                with(packageManagers) { record.app.hasGrantPermission(permission) }

        val isAllowed by record.appOpsPermissionController.isAllowedFlow

            .collectAsStateWithLifecycle(initialValue = null)

        return { isAllowed }

    }

            else -> false

        }

    override fun isChangeable(record: AppOpPermissionRecord) =

        record.hasRequestPermission &&

            !record.hasRequestBroaderPermission &&

            record.app.packageName !in notChangeablePackages

    override fun setAllowed(record: AppOpPermissionRecord, newAllowed: Boolean) {

        record.appOpsPermissionController.setAllowed(newAllowed)

    }

}

/*

 * Copyright (C) 2024 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package com.android.settingslib.spaprivileged.model.app

import android.app.AppOpsManager

import android.content.Context

import android.content.pm.ApplicationInfo

import android.content.pm.PackageManager

import androidx.test.core.app.ApplicationProvider

import androidx.test.ext.junit.runners.AndroidJUnit4

import com.android.settingslib.spa.testutils.firstWithTimeoutOrNull

import com.android.settingslib.spaprivileged.framework.common.appOpsManager

import com.google.common.truth.Truth.assertThat

import kotlinx.coroutines.flow.flowOf

import kotlinx.coroutines.runBlocking

import org.junit.Test

import org.junit.runner.RunWith

import org.mockito.kotlin.doReturn

import org.mockito.kotlin.mock

import org.mockito.kotlin.spy

import org.mockito.kotlin.stub

import org.mockito.kotlin.verify

@RunWith(AndroidJUnit4::class)

class AppOpsPermissionControllerTest {

    private val appOpsManager = mock<AppOpsManager>()

    private val packageManager = mock<PackageManager>()

    private val packageManagers = mock<IPackageManagers>()

    private val appOpsController = mock<IAppOpsController>()

    private val context: Context = spy(ApplicationProvider.getApplicationContext()) {

        on { appOpsManager } doReturn appOpsManager

        on { packageManager } doReturn packageManager

    }

    @Test

    fun isAllowedFlow_appOpsAllowed_returnTrue() = runBlocking {

        appOpsController.stub {

            on { modeFlow } doReturn flowOf(AppOpsManager.MODE_ALLOWED)

        }

        val controller = AppOpsPermissionController(

            context = context,

            app = APP,

            appOps = AppOps(op = OP),

            permission = PERMISSION,

            appOpsController = appOpsController,

        )

        val isAllowed = controller.isAllowedFlow.firstWithTimeoutOrNull()

        assertThat(isAllowed).isTrue()

    }

    @Test

    fun isAllowedFlow_appOpsDefaultAndPermissionGranted_returnTrue() = runBlocking {

        appOpsController.stub {

            on { modeFlow } doReturn flowOf(AppOpsManager.MODE_DEFAULT)

        }

        packageManagers.stub {

            on { APP.hasGrantPermission(PERMISSION) } doReturn true

        }

        val controller = AppOpsPermissionController(

            context = context,

            app = APP,

            appOps = AppOps(op = OP),

            permission = PERMISSION,

            packageManagers = packageManagers,

            appOpsController = appOpsController,

        )

        val isAllowed = controller.isAllowedFlow.firstWithTimeoutOrNull()

        assertThat(isAllowed).isTrue()

    }

    @Test

    fun isAllowedFlow_appOpsDefaultAndPermissionNotGranted_returnFalse() = runBlocking {

        appOpsController.stub {

            on { modeFlow } doReturn flowOf(AppOpsManager.MODE_DEFAULT)

        }

        packageManagers.stub {

            on { APP.hasGrantPermission(PERMISSION) } doReturn false

        }

        val controller = AppOpsPermissionController(

            context = context,

            app = APP,

            appOps = AppOps(op = OP),

            permission = PERMISSION,

            packageManagers = packageManagers,

            appOpsController = appOpsController,

        )

        val isAllowed = controller.isAllowedFlow.firstWithTimeoutOrNull()

        assertThat(isAllowed).isFalse()

    }

    @Test

    fun isAllowedFlow_appOpsError_returnFalse() = runBlocking {

        appOpsController.stub {

            on { modeFlow } doReturn flowOf(AppOpsManager.MODE_ERRORED)

        }

        val controller = AppOpsPermissionController(

            context = context,

            app = APP,

            appOps = AppOps(op = OP),

            permission = PERMISSION,

            appOpsController = appOpsController,

        )

        val isAllowed = controller.isAllowedFlow.firstWithTimeoutOrNull()

        assertThat(isAllowed).isFalse()

    }

    @Test

    fun setAllowed_notSetModeByUid() {

        val controller = AppOpsPermissionController(

            context = context,

            app = APP,

            appOps = AppOps(op = OP, setModeByUid = false),

            permission = PERMISSION,

        )

        controller.setAllowed(true)

        verify(appOpsManager).setMode(OP, APP.uid, APP.packageName, AppOpsManager.MODE_ALLOWED)

    }

    @Test

    fun setAllowed_setModeByUid() {

        val controller = AppOpsPermissionController(

            context = context,

            app = APP,

            appOps = AppOps(op = OP, setModeByUid = true),

            permission = PERMISSION,

        )

        controller.setAllowed(true)

        verify(appOpsManager).setUidMode(OP, APP.uid, AppOpsManager.MODE_ALLOWED)

    }

    private companion object {

        const val OP = 1

        const val PERMISSION = "Permission"

        val APP = ApplicationInfo().apply {

            packageName = "package.name"

            uid = 123

        }

    }

}

import com.android.settingslib.spa.testutils.firstWithTimeoutOrNull

import com.android.settingslib.spaprivileged.framework.common.appOpsManager

import com.android.settingslib.spaprivileged.model.app.AppOps

import com.android.settingslib.spaprivileged.model.app.IAppOpsController

import com.android.settingslib.spaprivileged.model.app.IAppOpsPermissionController

import com.android.settingslib.spaprivileged.model.app.IPackageManagers

import com.android.settingslib.spaprivileged.test.R

import com.google.common.truth.Truth.assertThat

                app = APP,

                hasRequestBroaderPermission = false,

                hasRequestPermission = false,

                appOpsController = FakeAppOpsController(fakeMode = AppOpsManager.MODE_DEFAULT),

                appOpsPermissionController = FakeAppOpsPermissionController(false),

            )

        val recordListFlow = listModel.filter(flowOf(USER_ID), flowOf(listOf(record)))

                app = APP,

                hasRequestBroaderPermission = false,

                hasRequestPermission = true,

                appOpsController = FakeAppOpsController(fakeMode = AppOpsManager.MODE_ALLOWED),

                appOpsPermissionController = FakeAppOpsPermissionController(true),

            )

        val isAllowed = getIsAllowed(record)

        assertThat(isAllowed).isTrue()

    }

    @Test

    fun isAllowed_defaultAndHasGrantPermission() {

        with(packageManagers) { whenever(APP.hasGrantPermission(PERMISSION)).thenReturn(true) }

        val record =

            AppOpPermissionRecord(

                app = APP,

                hasRequestBroaderPermission = false,

                hasRequestPermission = true,

                appOpsController = FakeAppOpsController(fakeMode = AppOpsManager.MODE_DEFAULT),

            )

        val isAllowed = getIsAllowed(record)

        assertThat(isAllowed).isTrue()

    }

    @Test

    fun isAllowed_defaultAndNotGrantPermission() {

        with(packageManagers) { whenever(APP.hasGrantPermission(PERMISSION)).thenReturn(false) }

        val record =

            AppOpPermissionRecord(

                app = APP,

                hasRequestBroaderPermission = false,

                hasRequestPermission = true,

                appOpsController = FakeAppOpsController(fakeMode = AppOpsManager.MODE_DEFAULT),

            )

        val isAllowed = getIsAllowed(record)

        assertThat(isAllowed).isFalse()

    }

    @Test

    fun isAllowed_broaderPermissionTrumps() {

        listModel.broaderPermission = BROADER_PERMISSION

                app = APP,

                hasRequestBroaderPermission = true,

                hasRequestPermission = false,

                appOpsController = FakeAppOpsController(fakeMode = AppOpsManager.MODE_ERRORED),

                appOpsPermissionController = FakeAppOpsPermissionController(false),

            )

        val isAllowed = getIsAllowed(record)

                app = APP,

                hasRequestBroaderPermission = false,

                hasRequestPermission = true,

                appOpsController = FakeAppOpsController(fakeMode = AppOpsManager.MODE_ERRORED),

                appOpsPermissionController = FakeAppOpsPermissionController(false),

            )

        val isAllowed = getIsAllowed(record)

                app = APP,

                hasRequestBroaderPermission = false,

                hasRequestPermission = false,

                appOpsController = FakeAppOpsController(fakeMode = AppOpsManager.MODE_DEFAULT),

                appOpsPermissionController = FakeAppOpsPermissionController(false),

            )

        val isChangeable = listModel.isChangeable(record)

                app = NOT_CHANGEABLE_APP,

                hasRequestBroaderPermission = false,

                hasRequestPermission = true,

                appOpsController = FakeAppOpsController(fakeMode = AppOpsManager.MODE_DEFAULT),

                appOpsPermissionController = FakeAppOpsPermissionController(false),

            )

        val isChangeable = listModel.isChangeable(record)

                app = APP,

                hasRequestBroaderPermission = false,

                hasRequestPermission = true,

                appOpsController = FakeAppOpsController(fakeMode = AppOpsManager.MODE_DEFAULT),

                appOpsPermissionController = FakeAppOpsPermissionController(false),

            )

        val isChangeable = listModel.isChangeable(record)

                app = APP,

                hasRequestBroaderPermission = true,

                hasRequestPermission = true,

                appOpsController = FakeAppOpsController(fakeMode = AppOpsManager.MODE_DEFAULT),

                appOpsPermissionController = FakeAppOpsPermissionController(false),

            )

        val isChangeable = listModel.isChangeable(record)

    @Test

    fun setAllowed() {

        val appOpsController = FakeAppOpsController(fakeMode = AppOpsManager.MODE_DEFAULT)

        val appOpsPermissionController = FakeAppOpsPermissionController(false)

        val record =

            AppOpPermissionRecord(

                app = APP,

                hasRequestBroaderPermission = false,

                hasRequestPermission = true,

                appOpsController = appOpsController,

                appOpsPermissionController = appOpsPermissionController,

            )

        listModel.setAllowed(record = record, newAllowed = true)

        assertThat(appOpsController.setAllowedCalledWith).isTrue()

        assertThat(appOpsPermissionController.setAllowedCalledWith).isTrue()

    }

    private fun getIsAllowed(record: AppOpPermissionRecord): Boolean? {

    }

}

private class FakeAppOpsController(private val fakeMode: Int) : IAppOpsController {

private class FakeAppOpsPermissionController(allowed: Boolean) : IAppOpsPermissionController {

    var setAllowedCalledWith: Boolean? = null

    override val modeFlow = flowOf(fakeMode)

    override val isAllowedFlow = flowOf(allowed)

    override fun setAllowed(allowed: Boolean) {

        setAllowedCalledWith = allowed

    }

    override fun getMode() = fakeMode

}