From bf16066bfea083bbc6c773f8dfbbe86945cd0584 Mon Sep 17 00:00:00 2001
From: Jing Ji <jji@google.com>
Date: Thu, 1 Dec 2022 21:52:11 -0800
Subject: Only evaluate the appops when the preflight check says soft denied

.. in the permission check of the foreground service type policy.

Bug: 254662522
Bug: 246792057
Test: atest CtsAppFgsTestCases
Change-Id: I83c6bd370481b1404ba12fa1c7b6d99d3daabca8
---
 core/java/android/app/ForegroundServiceTypePolicy.java | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/core/java/android/app/ForegroundServiceTypePolicy.java b/core/java/android/app/ForegroundServiceTypePolicy.java
index 63fdc2e1b686..332aaddef950 100644
--- a/core/java/android/app/ForegroundServiceTypePolicy.java
+++ b/core/java/android/app/ForegroundServiceTypePolicy.java
@@ -58,6 +58,7 @@ import android.hardware.usb.UsbManager;
 import android.healthconnect.HealthConnectManager;
 import android.os.RemoteException;
 import android.os.ServiceManager;
+import android.permission.PermissionCheckerManager;
 import android.util.ArraySet;
 import android.util.SparseArray;
 
@@ -880,11 +881,12 @@ public abstract class ForegroundServiceTypePolicy {
         int checkPermission(@NonNull Context context, @NonNull String name, int callerUid,
                 int callerPid, String packageName, boolean allowWhileInUse) {
             // Simple case, check if it's already granted.
-            if (PermissionChecker.checkPermissionForPreflight(context, name,
-                    callerPid, callerUid, packageName) == PERMISSION_GRANTED) {
+            @PackageManager.PermissionResult int result;
+            if ((result = PermissionChecker.checkPermissionForPreflight(context, name,
+                    callerPid, callerUid, packageName)) == PERMISSION_GRANTED) {
                 return PERMISSION_GRANTED;
             }
-            if (allowWhileInUse) {
+            if (allowWhileInUse && result == PermissionCheckerManager.PERMISSION_SOFT_DENIED) {
                 // Check its appops
                 final int opCode = AppOpsManager.permissionToOpCode(name);
                 final AppOpsManager appOpsManager = context.getSystemService(AppOpsManager.class);
-- 
cgit v1.2.3-59-g8ed1b