[PM-19108] Add privileged app management screen

Allow users to manage trusted privileged applications and view
privileged applications that are trusted by external sources.

Author: SaintPatrck

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/di/Fido2ProviderModule.kt

@@ -87,12 +87,16 @@ object Fido2ProviderModule {
 
     @Provides
     @Singleton
-    fun provideFido2PrivilegedAppRepository(
+    fun providePrivilegedAppRepository(
         fido2PrivilegedAppDiskSource: Fido2PrivilegedAppDiskSource,
+        assetManager: AssetManager,
+        dispatcherManager: DispatcherManager,
         json: Json,
     ): PrivilegedAppRepository =
         PrivilegedAppRepositoryImpl(
             fido2PrivilegedAppDiskSource = fido2PrivilegedAppDiskSource,
+            assetManager = assetManager,
+            dispatcherManager = dispatcherManager,
             json = json,
         )
 

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/model/PrivilegedAppData.kt

@@ -0,0 +1,10 @@
+package com.x8bit.bitwarden.data.autofill.fido2.model
+
+/**
+ * Represents privileged applications that are trusted by various sources.
+ */
+data class PrivilegedAppData(
+    val googleTrustedApps: PrivilegedAppAllowListJson,
+    val communityTrustedApps: PrivilegedAppAllowListJson,
+    val userTrustedApps: PrivilegedAppAllowListJson,
+)

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/repository/PrivilegedAppRepository.kt

@@ -1,27 +1,49 @@
 package com.x8bit.bitwarden.data.autofill.fido2.repository
 
 import com.x8bit.bitwarden.data.autofill.fido2.model.PrivilegedAppAllowListJson
-import kotlinx.coroutines.flow.Flow
+import com.x8bit.bitwarden.data.autofill.fido2.model.PrivilegedAppData
+import com.x8bit.bitwarden.data.platform.repository.model.DataState
+import kotlinx.coroutines.flow.StateFlow
 
 /**
  * Repository for managing privileged apps trusted by the user.
  */
 interface PrivilegedAppRepository {
 
+    /**
+     * Flow that represents the trusted privileged apps data.
+     */
+    val trustedAppDataStateFlow: StateFlow<DataState<PrivilegedAppData>>
+
     /**
      * Flow of the user's trusted privileged apps.
      */
-    val userTrustedPrivilegedAppsFlow: Flow<PrivilegedAppAllowListJson>
+    val userTrustedAppsFlow: StateFlow<DataState<PrivilegedAppAllowListJson>>
+
+    /**
+     * Flow of the Google's trusted privileged apps.
+     */
+    val googleTrustedPrivilegedAppsFlow: StateFlow<DataState<PrivilegedAppAllowListJson>>
+
+    /**
+     * Flow of the community's trusted privileged apps.
+     */
+    val communityTrustedAppsFlow: StateFlow<DataState<PrivilegedAppAllowListJson>>
 
     /**
      * List the user's trusted privileged apps.
      */
-    suspend fun getAllUserTrustedPrivilegedApps(): PrivilegedAppAllowListJson
+    suspend fun getUserTrustedPrivilegedAppsOrNull(): PrivilegedAppAllowListJson?
+
+    /**
+     * List Google's trusted privileged apps.
+     */
+    suspend fun getGoogleTrustedPrivilegedAppsOrNull(): PrivilegedAppAllowListJson?
 
     /**
-     * Returns true if the given [packageName] and [signature] are trusted.
+     * List community's trusted privileged apps.
      */
-    suspend fun isPrivilegedAppAllowed(packageName: String, signature: String): Boolean
+    suspend fun getCommunityTrustedPrivilegedAppsOrNull(): PrivilegedAppAllowListJson?
 
     /**
      * Adds the given [packageName] and [signature] to the list of trusted privileged apps.

app/src/main/java/com/x8bit/bitwarden/data/autofill/fido2/repository/PrivilegedAppRepositoryImpl.kt

@@ -3,10 +3,33 @@ package com.x8bit.bitwarden.data.autofill.fido2.repository
 import com.x8bit.bitwarden.data.autofill.fido2.datasource.disk.Fido2PrivilegedAppDiskSource
 import com.x8bit.bitwarden.data.autofill.fido2.datasource.disk.entity.Fido2PrivilegedAppInfoEntity
 import com.x8bit.bitwarden.data.autofill.fido2.model.PrivilegedAppAllowListJson
-import kotlinx.coroutines.flow.Flow
+import com.x8bit.bitwarden.data.autofill.fido2.model.PrivilegedAppData
+import com.x8bit.bitwarden.data.platform.manager.AssetManager
+import com.x8bit.bitwarden.data.platform.manager.dispatcher.DispatcherManager
+import com.x8bit.bitwarden.data.platform.repository.model.DataState
+import com.x8bit.bitwarden.data.platform.repository.util.combineDataStates
+import com.x8bit.bitwarden.data.platform.util.decodeFromStringOrNull
+import kotlinx.coroutines.CoroutineScope
+import kotlinx.coroutines.flow.MutableStateFlow
+import kotlinx.coroutines.flow.SharingStarted
+import kotlinx.coroutines.flow.StateFlow
+import kotlinx.coroutines.flow.asStateFlow
+import kotlinx.coroutines.flow.combine
+import kotlinx.coroutines.flow.launchIn
 import kotlinx.coroutines.flow.map
+import kotlinx.coroutines.flow.onEach
+import kotlinx.coroutines.flow.stateIn
+import kotlinx.coroutines.launch
+import kotlinx.coroutines.withContext
 import kotlinx.serialization.json.Json
 
+/**
+ * A "stop timeout delay" in milliseconds used to let a shared coroutine continue to run for the
+ * specified period of time after it no longer has subscribers.
+ */
+private const val STOP_TIMEOUT_DELAY_MS: Long = 1000L
+private const val GOOGLE_ALLOW_LIST_FILE_NAME = "fido2_privileged_google.json"
+private const val COMMUNITY_ALLOW_LIST_FILE_NAME = "fido2_privileged_community.json"
 private const val ANDROID_TYPE = "android"
 private const val RELEASE_BUILD = "release"
 
@@ -15,25 +38,104 @@ private const val RELEASE_BUILD = "release"
  */
 class PrivilegedAppRepositoryImpl(
     private val fido2PrivilegedAppDiskSource: Fido2PrivilegedAppDiskSource,
+    private val assetManager: AssetManager,
+    dispatcherManager: DispatcherManager,
     private val json: Json,
 ) : PrivilegedAppRepository {
 
-    override val userTrustedPrivilegedAppsFlow: Flow<PrivilegedAppAllowListJson> =
-        fido2PrivilegedAppDiskSource.userTrustedPrivilegedAppsFlow
-            .map { it.toFido2PrivilegedAppAllowListJson() }
+    private val unconfinedScope = CoroutineScope(dispatcherManager.unconfined)
+    private val ioScope = CoroutineScope(dispatcherManager.io)
+
+    private val mutableUserTrustedAppsFlow =
+        MutableStateFlow<DataState<PrivilegedAppAllowListJson>>(DataState.Loading)
+    private val mutableGoogleTrustedAppsFlow =
+        MutableStateFlow<DataState<PrivilegedAppAllowListJson>>(DataState.Loading)
+    private val mutableCommunityTrustedPrivilegedAppsFlow =
+        MutableStateFlow<DataState<PrivilegedAppAllowListJson>>(DataState.Loading)
+
+    override val trustedAppDataStateFlow: StateFlow<DataState<PrivilegedAppData>> =
+        combine(
+            userTrustedAppsFlow,
+            googleTrustedPrivilegedAppsFlow,
+            communityTrustedAppsFlow,
+        ) { userAppsState, googleAppsState, communityAppsState ->
+            combineDataStates(
+                userAppsState,
+                googleAppsState,
+                communityAppsState,
+            ) { userApps, googleApps, communityApps ->
+                PrivilegedAppData(
+                    googleTrustedApps = googleApps,
+                    communityTrustedApps = communityApps,
+                    userTrustedApps = userApps,
+                )
+            }
+        }
+            .stateIn(
+                scope = unconfinedScope,
+                started = SharingStarted.WhileSubscribed(stopTimeoutMillis = STOP_TIMEOUT_DELAY_MS),
+                initialValue = DataState.Loading,
+            )
+
+    override val userTrustedAppsFlow: StateFlow<DataState<PrivilegedAppAllowListJson>>
+        get() = mutableUserTrustedAppsFlow.asStateFlow()
+
+    override val googleTrustedPrivilegedAppsFlow: StateFlow<DataState<PrivilegedAppAllowListJson>>
+        get() = mutableGoogleTrustedAppsFlow.asStateFlow()
+
+    override val communityTrustedAppsFlow: StateFlow<DataState<PrivilegedAppAllowListJson>>
+        get() = mutableCommunityTrustedPrivilegedAppsFlow.asStateFlow()
+
+    init {
+        ioScope.launch {
+            val googleAppsDataState = assetManager.readAsset(fileName = GOOGLE_ALLOW_LIST_FILE_NAME)
+                .map { json.decodeFromString<PrivilegedAppAllowListJson>(it) }
+                .fold(
+                    onSuccess = { DataState.Loaded(it) },
+                    onFailure = { DataState.Error(it) },
+                )
+
+            val communityAppsDataState =
+                assetManager.readAsset(fileName = COMMUNITY_ALLOW_LIST_FILE_NAME)
+                    .map { json.decodeFromString<PrivilegedAppAllowListJson>(it) }
+                    .fold(
+                        onSuccess = { DataState.Loaded(it) },
+                        onFailure = { DataState.Error(it) },
+                    )
 
-    override suspend fun getAllUserTrustedPrivilegedApps(): PrivilegedAppAllowListJson =
-        fido2PrivilegedAppDiskSource.getAllUserTrustedPrivilegedApps()
+            mutableGoogleTrustedAppsFlow.value = googleAppsDataState
+            mutableCommunityTrustedPrivilegedAppsFlow.value = communityAppsDataState
+
+            fido2PrivilegedAppDiskSource.userTrustedPrivilegedAppsFlow
+                .map { DataState.Loaded(it.toFido2PrivilegedAppAllowListJson()) }
+                .onEach {
+                    mutableUserTrustedAppsFlow.value = it
+                }
+                .launchIn(ioScope)
+        }
+    }
+
+    override suspend fun getUserTrustedPrivilegedAppsOrNull(): PrivilegedAppAllowListJson =
+        fido2PrivilegedAppDiskSource
+            .getAllUserTrustedPrivilegedApps()
             .toFido2PrivilegedAppAllowListJson()
 
-    override suspend fun isPrivilegedAppAllowed(
-        packageName: String,
-        signature: String,
-    ): Boolean = fido2PrivilegedAppDiskSource
-        .isPrivilegedAppTrustedByUser(
-            packageName = packageName,
-            signature = signature,
-        )
+    override suspend fun getGoogleTrustedPrivilegedAppsOrNull(): PrivilegedAppAllowListJson? =
+        withContext(ioScope.coroutineContext) {
+            assetManager
+                .readAsset(fileName = GOOGLE_ALLOW_LIST_FILE_NAME)
+                .map { json.decodeFromStringOrNull<PrivilegedAppAllowListJson>(it) }
+                .getOrNull()
+        }
+
+    override suspend fun getCommunityTrustedPrivilegedAppsOrNull(): PrivilegedAppAllowListJson? {
+        return withContext(ioScope.coroutineContext) {
+            assetManager
+                .readAsset(fileName = COMMUNITY_ALLOW_LIST_FILE_NAME)
+                .map { json.decodeFromStringOrNull<PrivilegedAppAllowListJson>(it) }
+                .getOrNull()
+        }
+    }
 
     override suspend fun addTrustedPrivilegedApp(
         packageName: String,

app/src/main/java/com/x8bit/bitwarden/ui/platform/feature/settings/SettingsNavigation.kt

@@ -14,6 +14,8 @@ import com.x8bit.bitwarden.ui.platform.feature.settings.appearance.navigateToApp
 import com.x8bit.bitwarden.ui.platform.feature.settings.autofill.autoFillDestination
 import com.x8bit.bitwarden.ui.platform.feature.settings.autofill.blockautofill.blockAutoFillDestination
 import com.x8bit.bitwarden.ui.platform.feature.settings.autofill.blockautofill.navigateToBlockAutoFillScreen
+import com.x8bit.bitwarden.ui.platform.feature.settings.autofill.privilegedappslist.privilegedAppsListDestination
+import com.x8bit.bitwarden.ui.platform.feature.settings.autofill.privilegedappslist.navigateToPrivilegedAppsList
 import com.x8bit.bitwarden.ui.platform.feature.settings.autofill.navigateToAutoFill
 import com.x8bit.bitwarden.ui.platform.feature.settings.other.navigateToOther
 import com.x8bit.bitwarden.ui.platform.feature.settings.other.otherDestination
@@ -66,6 +68,7 @@ fun NavGraphBuilder.settingsGraph(
             onNavigateBack = { navController.popBackStack() },
             onNavigateToBlockAutoFillScreen = { navController.navigateToBlockAutoFillScreen() },
             onNavigateToSetupAutofill = onNavigateToSetupAutoFillScreen,
+            onNavigateToTrustedAppsScreen = { navController.navigateToPrivilegedAppsList() },
         )
         otherDestination(onNavigateBack = { navController.popBackStack() })
         vaultSettingsDestination(
@@ -75,6 +78,7 @@ fun NavGraphBuilder.settingsGraph(
             onNavigateToImportLogins = onNavigateToImportLogins,
         )
         blockAutoFillDestination(onNavigateBack = { navController.popBackStack() })
+        privilegedAppsListDestination(onNavigateBack = { navController.popBackStack() })
     }
 }
 

app/src/main/java/com/x8bit/bitwarden/ui/platform/feature/settings/autofill/AutoFillNavigation.kt

@@ -14,6 +14,7 @@ fun NavGraphBuilder.autoFillDestination(
     onNavigateBack: () -> Unit,
     onNavigateToBlockAutoFillScreen: () -> Unit,
     onNavigateToSetupAutofill: () -> Unit,
+    onNavigateToTrustedAppsScreen: () -> Unit,
 ) {
     composableWithPushTransitions(
         route = AUTO_FILL_ROUTE,
@@ -22,6 +23,7 @@ fun NavGraphBuilder.autoFillDestination(
             onNavigateBack = onNavigateBack,
             onNavigateToBlockAutoFillScreen = onNavigateToBlockAutoFillScreen,
             onNavigateToSetupAutofill = onNavigateToSetupAutofill,
+            onNavigateToPrivilegedAppsScreen = onNavigateToTrustedAppsScreen,
         )
     }
 }

app/src/main/java/com/x8bit/bitwarden/ui/platform/feature/settings/autofill/AutoFillScreen.kt

@@ -9,9 +9,11 @@ import androidx.compose.foundation.layout.fillMaxSize
 import androidx.compose.foundation.layout.fillMaxWidth
 import androidx.compose.foundation.layout.height
 import androidx.compose.foundation.layout.padding
+import androidx.compose.foundation.layout.size
 import androidx.compose.foundation.rememberScrollState
 import androidx.compose.foundation.verticalScroll
 import androidx.compose.material3.ExperimentalMaterial3Api
+import androidx.compose.material3.Icon
 import androidx.compose.material3.TopAppBarDefaults
 import androidx.compose.material3.rememberTopAppBarState
 import androidx.compose.runtime.Composable
@@ -31,6 +33,9 @@ import androidx.lifecycle.compose.collectAsStateWithLifecycle
 import com.x8bit.bitwarden.R
 import com.x8bit.bitwarden.data.platform.repository.model.UriMatchType
 import com.x8bit.bitwarden.ui.platform.base.util.EventsEffect
+import com.x8bit.bitwarden.ui.platform.base.util.Text
+import com.x8bit.bitwarden.ui.platform.base.util.asText
+import com.x8bit.bitwarden.ui.platform.base.util.mirrorIfRtl
 import com.x8bit.bitwarden.ui.platform.base.util.standardHorizontalMargin
 import com.x8bit.bitwarden.ui.platform.components.appbar.BitwardenTopAppBar
 import com.x8bit.bitwarden.ui.platform.components.badge.NotificationBadge
@@ -50,6 +55,7 @@ import com.x8bit.bitwarden.ui.platform.composition.LocalIntentManager
 import com.x8bit.bitwarden.ui.platform.feature.settings.autofill.chrome.ChromeAutofillSettingsCard
 import com.x8bit.bitwarden.ui.platform.feature.settings.autofill.util.displayLabel
 import com.x8bit.bitwarden.ui.platform.manager.intent.IntentManager
+import com.x8bit.bitwarden.ui.platform.theme.BitwardenTheme
 import kotlinx.collections.immutable.toImmutableList
 
 /**
@@ -64,6 +70,7 @@ fun AutoFillScreen(
     intentManager: IntentManager = LocalIntentManager.current,
     onNavigateToBlockAutoFillScreen: () -> Unit,
     onNavigateToSetupAutofill: () -> Unit,
+    onNavigateToPrivilegedAppsScreen: () -> Unit,
 ) {
     val state by viewModel.stateFlow.collectAsStateWithLifecycle()
     val context = LocalContext.current
@@ -101,6 +108,9 @@ fun AutoFillScreen(
                     releaseChannel = event.releaseChannel,
                 )
             }
+            AutoFillEvent.NavigateToPrivilegedApps -> {
+                onNavigateToPrivilegedAppsScreen()
+            }
         }
     }
 
@@ -230,12 +240,21 @@ fun AutoFillScreen(
                         id = R.string.set_bitwarden_as_passkey_manager_description,
                     ),
                     withDivider = false,
-                    cardStyle = CardStyle.Full,
+                    cardStyle = CardStyle.Top(hasDivider = true),
                     modifier = Modifier
                         .fillMaxWidth()
                         .standardHorizontalMargin(),
                 )
-                Spacer(modifier = Modifier.height(height = 8.dp))
+                PrivilegedAppsRow(
+                    text = R.string.privileged_apps.asText(),
+                    onClick = remember(viewModel) {
+                        { viewModel.trySendAction(AutoFillAction.TrustedAppsClick) }
+                    },
+                    modifier = Modifier
+                        .standardHorizontalMargin()
+                        .fillMaxWidth(),
+                )
+                Spacer(modifier = Modifier.height(8.dp))
             }
             AccessibilityAutofillSwitch(
                 isAccessibilityAutoFillEnabled = state.isAccessibilityAutofillEnabled,
@@ -373,3 +392,27 @@ private fun DefaultUriMatchTypeRow(
         modifier = modifier,
     )
 }
+
+@Composable
+private fun PrivilegedAppsRow(
+    text: Text,
+    onClick: () -> Unit,
+    modifier: Modifier = Modifier,
+) {
+    BitwardenTextRow(
+        text = text(),
+        description = stringResource(R.string.privileged_apps_description),
+        onClick = onClick,
+        cardStyle = CardStyle.Bottom,
+        modifier = modifier,
+    ) {
+        Icon(
+            painter = rememberVectorPainter(id = R.drawable.ic_chevron_right),
+            contentDescription = null,
+            tint = BitwardenTheme.colorScheme.icon.primary,
+            modifier = Modifier
+                .mirrorIfRtl()
+                .size(size = 16.dp),
+        )
+    }
+}