Unset even restricted permissions

We do not create AppPermissionGroup objects for restricted permissions
as the user cannot change those.

If a permission is restricted, but needs a review we still need to mark
it as reviewed as otherwise the app won't start. As the user cannot
change it, leaving the permission in the default state without review is
fine.

Test: Installed pre-23 app with restricted permissions and reviewed
      permissions -> app started after review
Fixes: 134500512
Change-Id: If458e739ecf980d2521e87828b75b879aec289c5

1 files changed, 17 insertions, 7 deletions

diff --git a/src/com/android/packageinstaller/permission/ui/handheld/ReviewPermissionsFragment.java b/src/com/android/packageinstaller/permission/ui/handheld/ReviewPermissionsFragment.java
index 77705b87..f8134944 100644
--- a/src/com/android/packageinstaller/permission/ui/handheld/ReviewPermissionsFragment.java
+++ b/src/com/android/packageinstaller/permission/ui/handheld/ReviewPermissionsFragment.java
@@ -16,10 +16,13 @@
 
 package com.android.packageinstaller.permission.ui.handheld;
 
+import static android.content.pm.PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED;
+
 import android.app.Activity;
 import android.content.Intent;
 import android.content.IntentSender;
 import android.content.pm.PackageInfo;
+import android.content.pm.PackageManager;
 import android.graphics.drawable.Drawable;
 import android.os.Bundle;
 import android.os.RemoteCallback;
@@ -99,11 +102,6 @@ public final class ReviewPermissionsFragment extends PreferenceFragmentCompat
         mAppPermissions = new AppPermissions(activity, packageInfo, false, true,
                 () -> getActivity().finish());
 
-        if (mAppPermissions.getPermissionGroups().isEmpty()) {
-            activity.finish();
-            return;
-        }
-
         boolean reviewRequired = false;
         for (AppPermissionGroup group : mAppPermissions.getPermissionGroups()) {
             if (group.isReviewRequired() || (group.getBackgroundPermissions() != null
@@ -114,6 +112,9 @@ public final class ReviewPermissionsFragment extends PreferenceFragmentCompat
         }
 
         if (!reviewRequired) {
+            // If the system called for a review but no groups are found, this means that all groups
+            // are restricted. Hence there is nothing to review and instantly continue.
+            confirmPermissionsReview();
             activity.finish();
         }
     }
@@ -200,7 +201,6 @@ public final class ReviewPermissionsFragment extends PreferenceFragmentCompat
                     if (group.isReviewRequired() && !permPreference.wasChanged()) {
                         grantReviewedPermission(group);
                     }
-                    group.unsetReviewRequired();
 
                     AppPermissionGroup backgroundGroup = group.getBackgroundPermissions();
                     if (backgroundGroup != null) {
@@ -208,13 +208,23 @@ public final class ReviewPermissionsFragment extends PreferenceFragmentCompat
                         if (backgroundGroup.isReviewRequired() && !permPreference.wasChanged()) {
                             grantReviewedPermission(backgroundGroup);
                         }
-                        backgroundGroup.unsetReviewRequired();
                     }
                 }
             }
         }
 
         mAppPermissions.persistChanges(true);
+
+        // Some permission might be restricted and hence there is no AppPermissionGroup for it.
+        // Manually unset all review-required flags, regardless of restriction.
+        PackageManager pm = getContext().getPackageManager();
+        PackageInfo pkg = mAppPermissions.getPackageInfo();
+        UserHandle user = UserHandle.getUserHandleForUid(pkg.applicationInfo.uid);
+
+        for (String perm : pkg.requestedPermissions) {
+            pm.updatePermissionFlags(perm, pkg.packageName, FLAG_PERMISSION_REVIEW_REQUIRED,
+                    0, user);
+        }
     }
 
     private void bindUi() {