From 46db55c94f2d851d78976f189d0dcd92a396ff51 Mon Sep 17 00:00:00 2001
From: Scarlett Song <scarlettsong@google.com>
Date: Fri, 14 Mar 2025 21:22:52 +0000
Subject: Support health split permission check for targetSdk<23 apps

Test: atest HealthConnectAppPermissionFragmentTest
Bug: 403337565
Flag: android.permission.flags.replace_body_sensor_permission_enabled
Relnote: Health permission split BODY_SENSORS to READ_HEART_RATE
LOW_COVERAGE_REASON=b/405152547
Change-Id: I770fdf9a551bb53a6e0d7adccd39ea6bf285c57b
---
 .../permission/utils/Utils.java                    | 46 ++++++++--------------
 PermissionController/tests/permissionui/Android.bp |  1 +
 .../tests/permissionui/AndroidTest.xml             |  2 +
 .../Android.bp                                     | 34 ++++++++++++++++
 .../AndroidManifest.xml                            | 25 ++++++++++++
 .../ui/HealthConnectAppPermissionFragmentTest.kt   | 14 +++++++
 .../permissionui/ui/TestAppUtils.kt                |  4 ++
 7 files changed, 96 insertions(+), 30 deletions(-)
 create mode 100644 PermissionController/tests/permissionui/PermissionUiUseLegacyBodySensorsPermissionTargetSdk22App/Android.bp
 create mode 100644 PermissionController/tests/permissionui/PermissionUiUseLegacyBodySensorsPermissionTargetSdk22App/AndroidManifest.xml

diff --git a/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java b/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java
index 327142896..675a1049f 100644
--- a/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java
+++ b/PermissionController/src/com/android/permissioncontroller/permission/utils/Utils.java
@@ -39,6 +39,7 @@ import static android.content.Intent.EXTRA_REASON;
 import static android.content.pm.PackageManager.FLAG_PERMISSION_RESTRICTION_INSTALLER_EXEMPT;
 import static android.content.pm.PackageManager.FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT;
 import static android.content.pm.PackageManager.FLAG_PERMISSION_RESTRICTION_UPGRADE_EXEMPT;
+import static android.content.pm.PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED;
 import static android.content.pm.PackageManager.FLAG_PERMISSION_REVOKE_WHEN_REQUESTED;
 import static android.content.pm.PackageManager.FLAG_PERMISSION_USER_SENSITIVE_WHEN_DENIED;
 import static android.content.pm.PackageManager.FLAG_PERMISSION_USER_SENSITIVE_WHEN_GRANTED;
@@ -82,6 +83,7 @@ import android.health.connect.HealthConnectManager;
 import android.health.connect.HealthPermissions;
 import android.os.Binder;
 import android.os.Build;
+import android.os.Build.VERSION_CODES;
 import android.os.Parcelable;
 import android.os.UserHandle;
 import android.os.UserManager;
@@ -1171,45 +1173,29 @@ public final class Utils {
             }
         }
 
-        // Split permission only applies to READ_HEART_RATE.
-        if (!requestedHealthPermissions.contains(HealthPermissions.READ_HEART_RATE)) {
+        if (!isValidSplitHealthPermissions(requestedHealthPermissions)) {
             return false;
         }
 
-        // If there are other health permissions (other than READ_HEALTH_DATA_IN_BACKGROUND)
-        // don't consider this a pure split-permission request.
-        if (requestedHealthPermissions.size() > 2) {
-            return false;
-        }
-
-        boolean isBackgroundPermissionRequested =
-            requestedHealthPermissions.contains(
-                HealthPermissions.READ_HEALTH_DATA_IN_BACKGROUND);
-        // If there are two health permissions declared, make sure the other is
-        // READ_HEALTH_DATA_IN_BACKGROUND.
-        if (requestedHealthPermissions.size() == 2 && !isBackgroundPermissionRequested) {
-            return false;
-        }
-
-        // If READ_HEALTH_DATA_IN_BACKGROUND is requested, check permission flag to see if is from
-        // split permission.
-        if (isBackgroundPermissionRequested) {
-            int readHealthDataInBackgroundFlag =
-                pm.getPermissionFlags(
-                    HealthPermissions.READ_HEALTH_DATA_IN_BACKGROUND, packageName, user);
-            if (!isFromSplitPermission(readHealthDataInBackgroundFlag)) {
+        int targetSdk = packageInfo.getTargetSdkVersion();
+        for (String perm : requestedHealthPermissions) {
+            if (!isFromSplitPermission(pm.getPermissionFlags(perm, packageName, user), targetSdk)) {
                 return false;
             }
         }
+        return true;
+    }
 
-        // Check READ_HEART_RATE permission flag to see if is from split permission.
-        int readHeartRateFlag =
-            pm.getPermissionFlags(HealthPermissions.READ_HEART_RATE, packageName, user);
-        return isFromSplitPermission(readHeartRateFlag);
+    private static boolean isValidSplitHealthPermissions(List<String> permissions) {
+        return (permissions.size() == 1 && permissions.contains(HealthPermissions.READ_HEART_RATE))
+            || (permissions.size() == 2 && permissions.contains(HealthPermissions.READ_HEART_RATE)
+            && permissions.contains(HealthPermissions.READ_HEALTH_DATA_IN_BACKGROUND));
     }
 
-    private static boolean isFromSplitPermission(int permissionFlag) {
-        return (permissionFlag & FLAG_PERMISSION_REVOKE_WHEN_REQUESTED) != 0;
+    private static boolean isFromSplitPermission(int permissionFlag, int targetSdk) {
+        return (targetSdk >= Build.VERSION_CODES.M)
+            ? (permissionFlag & PackageManager.FLAG_PERMISSION_REVOKE_WHEN_REQUESTED) != 0
+            : (permissionFlag & PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED) != 0;
     }
 
     /**
diff --git a/PermissionController/tests/permissionui/Android.bp b/PermissionController/tests/permissionui/Android.bp
index 8cc91bd99..e289e2c58 100644
--- a/PermissionController/tests/permissionui/Android.bp
+++ b/PermissionController/tests/permissionui/Android.bp
@@ -74,6 +74,7 @@ android_test {
         ":PermissionUiReadCalendarPermissionApp",
         ":PermissionUiUseLegacyBodySensorsPermissionApp",
         ":PermissionUiUseReadHeartRatePermissionApp",
+        ":PermissionUiUseLegacyBodySensorsPermissionTargetSdk22App",
     ],
     per_testcase_directory: true,
 }
diff --git a/PermissionController/tests/permissionui/AndroidTest.xml b/PermissionController/tests/permissionui/AndroidTest.xml
index 2462dc4c7..85dc4925a 100644
--- a/PermissionController/tests/permissionui/AndroidTest.xml
+++ b/PermissionController/tests/permissionui/AndroidTest.xml
@@ -61,6 +61,8 @@
             value="/data/local/tmp/pc-permissionui/PermissionUiUseLegacyBodySensorsPermissionApp.apk" />
         <option name="push-file" key="PermissionUiUseReadHeartRatePermissionApp.apk"
             value="/data/local/tmp/pc-permissionui/PermissionUiUseReadHeartRatePermissionApp.apk" />
+        <option name="push-file" key="PermissionUiUseLegacyBodySensorsPermissionTargetSdk22App.apk"
+            value="/data/local/tmp/pc-permissionui/PermissionUiUseLegacyBodySensorsPermissionTargetSdk22App.apk" />
     </target_preparer>
 
     <!-- Wake the screen, and dismiss keyguard -->
diff --git a/PermissionController/tests/permissionui/PermissionUiUseLegacyBodySensorsPermissionTargetSdk22App/Android.bp b/PermissionController/tests/permissionui/PermissionUiUseLegacyBodySensorsPermissionTargetSdk22App/Android.bp
new file mode 100644
index 000000000..539fb2686
--- /dev/null
+++ b/PermissionController/tests/permissionui/PermissionUiUseLegacyBodySensorsPermissionTargetSdk22App/Android.bp
@@ -0,0 +1,34 @@
+//
+// Copyright (C) 2025 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+package {
+    // See: http://go/android-license-faq
+    // A large-scale-change added 'default_applicable_licenses' to import
+    // all of the 'license_kinds' from "packages_modules_Permission_PermissionController_license"
+    // to get the below license kinds:
+    //   SPDX-license-identifier-Apache-2.0
+    default_applicable_licenses: [
+        "packages_modules_Permission_PermissionController_license",
+    ],
+}
+
+android_test_helper_app {
+    name: "PermissionUiUseLegacyBodySensorsPermissionTargetSdk22App",
+
+    srcs: ["src/**/*.kt"],
+
+    sdk_version: "22",
+}
diff --git a/PermissionController/tests/permissionui/PermissionUiUseLegacyBodySensorsPermissionTargetSdk22App/AndroidManifest.xml b/PermissionController/tests/permissionui/PermissionUiUseLegacyBodySensorsPermissionTargetSdk22App/AndroidManifest.xml
new file mode 100644
index 000000000..2a08d47ae
--- /dev/null
+++ b/PermissionController/tests/permissionui/PermissionUiUseLegacyBodySensorsPermissionTargetSdk22App/AndroidManifest.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+  ~ Copyright (C) 2025 The Android Open Source Project
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~      http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    package="com.android.permissioncontroller.tests.appthatrequestpermission">
+
+  <uses-permission android:name="android.permission.BODY_SENSORS" />
+  <uses-permission android:name="android.permission.BODY_SENSORS_BACKGROUND" />
+
+  <application />
+</manifest>
diff --git a/PermissionController/tests/permissionui/src/com/android/permissioncontroller/permissionui/ui/HealthConnectAppPermissionFragmentTest.kt b/PermissionController/tests/permissionui/src/com/android/permissioncontroller/permissionui/ui/HealthConnectAppPermissionFragmentTest.kt
index 8fc2fdc1b..48d14a967 100644
--- a/PermissionController/tests/permissionui/src/com/android/permissioncontroller/permissionui/ui/HealthConnectAppPermissionFragmentTest.kt
+++ b/PermissionController/tests/permissionui/src/com/android/permissioncontroller/permissionui/ui/HealthConnectAppPermissionFragmentTest.kt
@@ -143,6 +143,20 @@ class HealthConnectAppPermissionFragmentTest : BasePermissionUiTest() {
         eventually { waitFindObject(By.text(HEALTH_FITNESS_LABEL)) }
     }
 
+    @SdkSuppress(minSdkVersion = Build.VERSION_CODES.BAKLAVA, codeName = "Baklava")
+    @RequiresFlagsEnabled(FLAG_REPLACE_BODY_SENSOR_PERMISSION_ENABLED)
+    @Test
+    @Ignore("b/405152547")
+    fun startManageAppPermissionsActivity_handHeldDevices_requestLegacyBodySensorsTargetSdk22Ungranted_healthConnectShowsUp() {
+        assumeFalse(context.packageManager.hasSystemFeature(PackageManager.FEATURE_WATCH))
+        installTestAppThatUsesLegacyBodySensorsPermissionsTargetSdk22()
+
+        startManageAppPermissionsActivity()
+
+        eventually { waitFindObject(By.text(HEALTH_FITNESS_LABEL)) }
+    }
+
+
     @SdkSuppress(minSdkVersion = Build.VERSION_CODES.BAKLAVA, codeName = "Baklava")
     @RequiresFlagsEnabled(FLAG_REPLACE_BODY_SENSOR_PERMISSION_ENABLED)
     @Test
diff --git a/PermissionController/tests/permissionui/src/com/android/permissioncontroller/permissionui/ui/TestAppUtils.kt b/PermissionController/tests/permissionui/src/com/android/permissioncontroller/permissionui/ui/TestAppUtils.kt
index 8eef11e73..c3799c4c1 100644
--- a/PermissionController/tests/permissionui/src/com/android/permissioncontroller/permissionui/ui/TestAppUtils.kt
+++ b/PermissionController/tests/permissionui/src/com/android/permissioncontroller/permissionui/ui/TestAppUtils.kt
@@ -40,6 +40,8 @@ private const val LEGACY_BODY_SENSORS_APK =
     "$APK_DIRECTORY/PermissionUiUseLegacyBodySensorsPermissionApp.apk"
 private const val READ_HEART_RATE_APK =
     "$APK_DIRECTORY/PermissionUiUseReadHeartRatePermissionApp.apk"
+private const val LEGACY_BODY_SENSORS_TARGET_SDK_22_APK =
+    "$APK_DIRECTORY/PermissionUiUseLegacyBodySensorsPermissionTargetSdk22App.apk"
 
 // All 4 of the AppThatUses_X_Permission(s) applications share the same package name.
 private const val PERM_DEFINER_PACKAGE =
@@ -77,6 +79,8 @@ fun installTestAppThatUsesLegacyBodySensorsPermissions() = install(LEGACY_BODY_S
 
 fun installTestAppThatUsesReadHeartRatePermissions() = install(READ_HEART_RATE_APK)
 
+fun installTestAppThatUsesLegacyBodySensorsPermissionsTargetSdk22() = install(LEGACY_BODY_SENSORS_TARGET_SDK_22_APK)
+
 fun uninstallTestApps() {
     uninstallApp(PERM_USER_PACKAGE)
     uninstallApp(PERM_DEFINER_PACKAGE)
-- 
cgit v1.2.3-59-g8ed1b