Merge tag 'android-security-11.0.0_r65' of...

import android.os.Looper;

import android.os.Process;

import android.os.UserHandle;

import android.os.UserManager;

import android.permission.PermissionManager;

import android.permission.RuntimePermissionPresentationInfo;

import android.permission.RuntimePermissionUsageInfo;

import com.android.permissioncontroller.permission.model.livedatatypes.AppPermGroupUiInfo.PermGrantState;

import com.android.permissioncontroller.permission.ui.AutoGrantPermissionsNotifier;

import com.android.permissioncontroller.permission.utils.ArrayUtils;

import com.android.permissioncontroller.permission.utils.AdminRestrictedPermissionsUtils;

import com.android.permissioncontroller.permission.utils.KotlinUtils;

import com.android.permissioncontroller.permission.utils.UserSensitiveFlagsUtils;

import com.android.permissioncontroller.permission.utils.Utils;

        AutoGrantPermissionsNotifier autoGrantPermissionsNotifier =

                new AutoGrantPermissionsNotifier(this, pkgInfo);

        final boolean isManagedProfile = getSystemService(UserManager.class).isManagedProfile();

        int numPerms = expandedPermissions.size();

        for (int i = 0; i < numPerms; i++) {

            String permName = expandedPermissions.get(i);

            switch (grantState) {

                case PERMISSION_GRANT_STATE_GRANTED:

                    if (AdminRestrictedPermissionsUtils.mayAdminGrantPermission(perm.getName(),

                            isManagedProfile)) {

                        perm.setPolicyFixed(true);

                        group.grantRuntimePermissions(false, false, new String[]{permName});

                        autoGrantPermissionsNotifier.onPermissionAutoGranted(permName);

                    } else {

                        // similar to PERMISSION_GRANT_STATE_DEFAULT

                        perm.setPolicyFixed(false);

                    }

                    break;

                case PERMISSION_GRANT_STATE_DENIED:

                    perm.setPolicyFixed(true);

/*

 * Copyright (C) 2022 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package com.android.permissioncontroller.permission.utils;

import android.Manifest;

import android.util.ArraySet;

/**

 * A class for dealing with permissions that the admin may not grant in certain configurations.

 */

public final class AdminRestrictedPermissionsUtils {

    /**

     * A set of permissions that the managed Profile Owner cannot grant.

     */

    private static final ArraySet<String> MANAGED_PROFILE_OWNER_RESTRICTED_PERMISSIONS =

            new ArraySet<>();

    static {

        MANAGED_PROFILE_OWNER_RESTRICTED_PERMISSIONS.add(Manifest.permission.READ_SMS);

    }

    /**

     * Returns true if the admin may grant this permission, false otherwise.

     */

    public static boolean mayAdminGrantPermission(String permission, boolean isManagedProfile) {

        return !isManagedProfile

                || !MANAGED_PROFILE_OWNER_RESTRICTED_PERMISSIONS.contains(permission);

    }

}