Ensure turning off photo picker flag doesn't allow permission expansion

This change ensures that READ_MEDIA_VISUAL_USER_SELECTED is considered a "partial grant", no matter if the feature is enabled or disabled Bug: 288144265 Fixes: 294596364 Relnote: prevent permission expansion if a device config flag is flipped Test: manual Change-Id: I1a419b95743bd43b084a4e28c8e82e579d67a0fd
author: Nate Myren <ntmyren@google.com> 2023-08-03 16:20:00 -0700
committer: Nate Myren <ntmyren@google.com> 2023-08-04 21:25:37 +0000
commit: 47c1924d053251d7ffefd21e9f37cd2123d67ebd (patch)
tree: 7073b20a3ffec3830f444ba2c3bb7ce6dfaa76c1
parent: 95556ef7b8aa0a8e1ec37c1c850a7b23adb99b5b (diff)
3 files changed, 20 insertions, 6 deletions
diff --git a/PermissionController/src/com/android/permissioncontroller/permission/ui/model/GrantPermissionsViewModel.kt b/PermissionController/src/com/android/permissioncontroller/permission/ui/model/GrantPermissionsViewModel.kt
index d773b5ff7..8a2216469 100644
--- a/PermissionController/src/com/android/permissioncontroller/permission/ui/model/GrantPermissionsViewModel.kt
+++ b/PermissionController/src/com/android/permissioncontroller/permission/ui/model/GrantPermissionsViewModel.kt
@@ -124,6 +124,7 @@ import com.android.permissioncontroller.permission.utils.KotlinUtils.getDefaultP
 import com.android.permissioncontroller.permission.utils.KotlinUtils.grantBackgroundRuntimePermissions
 import com.android.permissioncontroller.permission.utils.KotlinUtils.grantForegroundRuntimePermissions
 import com.android.permissioncontroller.permission.utils.KotlinUtils.isLocationAccuracyEnabled
+import com.android.permissioncontroller.permission.utils.KotlinUtils.isPhotoPickerPromptSupported
 import com.android.permissioncontroller.permission.utils.KotlinUtils.revokeBackgroundRuntimePermissions
 import com.android.permissioncontroller.permission.utils.KotlinUtils.revokeForegroundRuntimePermissions
 import com.android.permissioncontroller.permission.utils.PermissionMapping
@@ -886,7 +887,7 @@ class GrantPermissionsViewModel(
      * ACCESS_MEDIA_LOCATION granted
      */
     private fun isPartialStorageGrant(group: LightAppPermGroup): Boolean {
-        if (!KotlinUtils.isPhotoPickerPromptEnabled() || group.permGroupName != READ_MEDIA_VISUAL) {
+        if (!isPhotoPickerPromptSupported() || group.permGroupName != READ_MEDIA_VISUAL) {
             return false
         }
 
diff --git a/PermissionController/src/com/android/permissioncontroller/permission/utils/KotlinUtils.kt b/PermissionController/src/com/android/permissioncontroller/permission/utils/KotlinUtils.kt
index 49a35cadf..358f86f4b 100644
--- a/PermissionController/src/com/android/permissioncontroller/permission/utils/KotlinUtils.kt
+++ b/PermissionController/src/com/android/permissioncontroller/permission/utils/KotlinUtils.kt
@@ -289,11 +289,7 @@ object KotlinUtils {
      */
     @ChecksSdkIntAtLeast(api = Build.VERSION_CODES.UPSIDE_DOWN_CAKE, codename = "UpsideDownCake")
     fun isPhotoPickerPromptEnabled(): Boolean {
-        val app = PermissionControllerApplication.get()
-        return SdkLevel.isAtLeastU() &&
-            !DeviceUtils.isAuto(app) &&
-            !DeviceUtils.isTelevision(app) &&
-            !DeviceUtils.isWear(app) &&
+        return isPhotoPickerPromptSupported() &&
             DeviceConfig.getBoolean(
                 DeviceConfig.NAMESPACE_PRIVACY,
                 PROPERTY_PHOTO_PICKER_PROMPT_ENABLED,
@@ -301,6 +297,19 @@ object KotlinUtils {
             )
     }
 
+    /**
+     * Whether the Photo Picker Prompt is supported by the device
+     *
+     */
+    @ChecksSdkIntAtLeast(api = Build.VERSION_CODES.UPSIDE_DOWN_CAKE, codename = "UpsideDownCake")
+    fun isPhotoPickerPromptSupported(): Boolean {
+        val app = PermissionControllerApplication.get()
+        return SdkLevel.isAtLeastU() &&
+                !DeviceUtils.isAuto(app) &&
+                !DeviceUtils.isTelevision(app) &&
+                !DeviceUtils.isWear(app)
+    }
+
     /*
      * Whether we should enable the permission rationale in permission settings and grant dialog
      *
diff --git a/PermissionController/src/com/android/permissioncontroller/permission/utils/PermissionMapping.kt b/PermissionController/src/com/android/permissioncontroller/permission/utils/PermissionMapping.kt
index b06a09b28..32d3a5325 100644
--- a/PermissionController/src/com/android/permissioncontroller/permission/utils/PermissionMapping.kt
+++ b/PermissionController/src/com/android/permissioncontroller/permission/utils/PermissionMapping.kt
@@ -334,6 +334,10 @@ object PermissionMapping {
      * grant. Otherwise, ACCESS_MEDIA_LOCATION is considered a full grant (for compatibility).
      */
     fun getPartialStorageGrantPermissionsForGroup(group: LightAppPermGroup): Set<String> {
+        if (!KotlinUtils.isPhotoPickerPromptSupported()) {
+            return emptySet()
+        }
+
         val appSupportsPickerPrompt = group
             .permissions[Manifest.permission.READ_MEDIA_VISUAL_USER_SELECTED]?.isImplicit == false
author	Nate Myren <ntmyren@google.com>	2023-08-03 16:20:00 -0700
committer	Nate Myren <ntmyren@google.com>	2023-08-04 21:25:37 +0000
commit	47c1924d053251d7ffefd21e9f37cd2123d67ebd (patch)
tree	7073b20a3ffec3830f444ba2c3bb7ce6dfaa76c1
parent	95556ef7b8aa0a8e1ec37c1c850a7b23adb99b5b (diff)