Role re-evaluation should respect ask every time choice by user

Role evalation respect USER_SET flag when the role is not
supposed to override user choices. Role granting logic
is missing ONE_TIME check, ONE_TIME flag should be considered
a user choice.

Fix: 355411348
Test: tbd
FLAG: EXEMPT bug fix
Relnote: security bug fix
Change-Id: Ie65c2cd62ba3f24e8dd411abca49e397746bc1a9

1 files changed, 4 insertions, 2 deletions

diff --git a/PermissionController/role-controller/java/com/android/role/controller/model/Permissions.java b/PermissionController/role-controller/java/com/android/role/controller/model/Permissions.java
index ed21db7bb..820ff3d4e 100644
--- a/PermissionController/role-controller/java/com/android/role/controller/model/Permissions.java
+++ b/PermissionController/role-controller/java/com/android/role/controller/model/Permissions.java
@@ -263,7 +263,8 @@ public class Permissions {
         if (!wasPermissionOrAppOpGranted) {
             // If we've granted a permission which wasn't granted, it's no longer user set or fixed.
             newMask |= PackageManager.FLAG_PERMISSION_USER_FIXED
-                    | PackageManager.FLAG_PERMISSION_USER_SET;
+                    | PackageManager.FLAG_PERMISSION_USER_SET
+                    | PackageManager.FLAG_PERMISSION_ONE_TIME;
         }
         // If a component gets a permission for being the default handler A and also default handler
         // B, we grant the weaker grant form. This only applies to default permission grant.
@@ -634,7 +635,8 @@ public class Permissions {
         }
         if (!overrideUserSetAndFixed) {
             fixedFlags |= PackageManager.FLAG_PERMISSION_USER_FIXED
-                    | PackageManager.FLAG_PERMISSION_USER_SET;
+                    | PackageManager.FLAG_PERMISSION_USER_SET
+                    | PackageManager.FLAG_PERMISSION_ONE_TIME;
         }
         return (flags & fixedFlags) != 0;
     }