Hide storage perm if restriced

The storage perm behaves as if hard restricted when taregtSDK<29. This
should include hiding it from the UI if not whitelisted.

Bug: 131188778
Test: Looked at UI and did not see non-whitelisted storage perms
Change-Id: I829232ceb68a27f174515f9fe8f6cf7c4e2e6176

3 files changed, 75 insertions, 2 deletions

diff --git a/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java b/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java
index 41483c0f..da527777 100644
--- a/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java
+++ b/src/com/android/packageinstaller/permission/model/AppPermissionGroup.java
@@ -47,6 +47,7 @@ import androidx.annotation.StringRes;
 import com.android.packageinstaller.permission.service.LocationAccessCheck;
 import com.android.packageinstaller.permission.utils.ArrayUtils;
 import com.android.packageinstaller.permission.utils.LocationUtils;
+import com.android.packageinstaller.permission.utils.SoftRestrictedPermissionPolicy;
 import com.android.packageinstaller.permission.utils.Utils;
 import com.android.permissioncontroller.R;
 
@@ -341,8 +342,10 @@ public final class AppPermissionGroup implements Comparable<AppPermissionGroup>
 
                 group.getBackgroundPermissions().addPermission(permission);
             } else {
-                if (!permission.isHardRestricted()
-                            || whitelistedRestrictedPermissions.contains(permission.getName())) {
+                if ((!permission.isHardRestricted()
+                        || whitelistedRestrictedPermissions.contains(permission.getName()))
+                        && (!permission.isSoftRestricted()
+                        || SoftRestrictedPermissionPolicy.shouldShow(packageInfo, permission))) {
                     group.addPermission(permission);
                 }
             }
diff --git a/src/com/android/packageinstaller/permission/model/Permission.java b/src/com/android/packageinstaller/permission/model/Permission.java
index 18f1e2ab..463c3479 100644
--- a/src/com/android/packageinstaller/permission/model/Permission.java
+++ b/src/com/android/packageinstaller/permission/model/Permission.java
@@ -99,6 +99,10 @@ public final class Permission {
         return (mPermissionInfo.flags & PermissionInfo.FLAG_HARD_RESTRICTED) != 0;
     }
 
+    boolean isSoftRestricted() {
+        return (mPermissionInfo.flags & PermissionInfo.FLAG_SOFT_RESTRICTED) != 0;
+    }
+
     /**
      * Does this permission affect app ops.
      *
diff --git a/src/com/android/packageinstaller/permission/utils/SoftRestrictedPermissionPolicy.java b/src/com/android/packageinstaller/permission/utils/SoftRestrictedPermissionPolicy.java
new file mode 100644
index 00000000..cad3d3b4
--- /dev/null
+++ b/src/com/android/packageinstaller/permission/utils/SoftRestrictedPermissionPolicy.java
@@ -0,0 +1,66 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.packageinstaller.permission.utils;
+
+import static android.Manifest.permission.READ_EXTERNAL_STORAGE;
+import static android.Manifest.permission.WRITE_EXTERNAL_STORAGE;
+import static android.content.pm.PackageManager.FLAG_PERMISSION_RESTRICTION_INSTALLER_EXEMPT;
+import static android.content.pm.PackageManager.FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT;
+import static android.content.pm.PackageManager.FLAG_PERMISSION_RESTRICTION_UPGRADE_EXEMPT;
+
+import android.content.pm.PackageInfo;
+import android.os.Build;
+
+import androidx.annotation.NonNull;
+
+import com.android.packageinstaller.permission.model.Permission;
+
+/**
+ * The behavior of soft restricted permissions is different for each permission. This class collects
+ * the policies in one place.
+ *
+ * This is the twin of {@link com.android.server.policy.SoftRestrictedPermissionPolicy}
+ */
+public abstract class SoftRestrictedPermissionPolicy {
+    private static final int FLAGS_PERMISSION_RESTRICTION_ANY_EXEMPT =
+            FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT
+                    | FLAG_PERMISSION_RESTRICTION_UPGRADE_EXEMPT
+                    | FLAG_PERMISSION_RESTRICTION_INSTALLER_EXEMPT;
+
+    /**
+     * Check if the permission should be shown in the UI.
+     *
+     * @param pkg the package the permission belongs to
+     * @param permission the permission
+     *
+     * @return {@code true} iff the permission should be shown in the UI.
+     */
+    public static boolean shouldShow(@NonNull PackageInfo pkg, @NonNull Permission permission) {
+        switch (permission.getName()) {
+            case READ_EXTERNAL_STORAGE:
+            case WRITE_EXTERNAL_STORAGE: {
+                boolean isWhiteListed =
+                        (permission.getFlags() & FLAGS_PERMISSION_RESTRICTION_ANY_EXEMPT) != 0;
+                int targetSDK = pkg.applicationInfo.targetSdkVersion;
+
+                return isWhiteListed || targetSDK >= Build.VERSION_CODES.Q;
+            }
+            default:
+                return true;
+        }
+    }
+}