Update policy to revoke permission when purpose validation fails.
Updating the AppIdPermissionPolicy to revoke permission for App IDs when
valid purposes are not declared in permission requests, if required.
To avoid app compat issues, in the case of shared App ID cases, policy
enforcement is designed to be lenient such that the permission is only
revoked if none of the apps sharing the same app ID declare valid
purposes. Also, if any of the apps are not targeting SDK version that
doesn't support at least Android C, purpose validation check will be
omitted.
Bug: 412443420
Test: atest AppIdPermissionPolicyTest PurposeDeclarationPermissionsTest
Flag: android.permission.flags.purpose_declaration_enabled
Change-Id: I7bb1b8d1d34a5394e8e5d5652e4f04aa5cf82668
6 files changed
