1 files changed, 45 insertions, 21 deletions

diff --git a/src/components/policy/policy_external/src/policy_helper.cc b/src/components/policy/policy_external/src/policy_helper.cc
index ed12cdde3a..e1a72c3f6a 100644
--- a/src/components/policy/policy_external/src/policy_helper.cc
+++ b/src/components/policy/policy_external/src/policy_helper.cc
@@ -620,26 +620,36 @@ void FillNotificationData::UpdateParameters(
   ParametersConstItr it_parameters = in_parameters.begin();
   ParametersConstItr it_parameters_end = in_parameters.end();
 
-  // Due to APPLINK-24201 SDL must consider cases when 'parameters' section is
-  // not present for RPC or present, but is empty.
-
-  // If 'parameters' section is like: 'parameters' : []
-  if (in_parameters.is_initialized() && in_parameters.empty()) {
-    if (!does_require_user_consent_) {
-      out_parameter.any_parameter_disallowed_by_policy = true;
-    }
-    if (does_require_user_consent_ && kAllowedKey == current_key_) {
-      out_parameter.any_parameter_disallowed_by_user = true;
+  // From AppLink Policies Manager specification:
+  // To determine consent for a particular RPC in a particular HMI level with
+  // particular parameters (if applicable), the system shall find all of the
+  // functional groups the RPC is included in. If user consent is needed as
+  // listed within the functional group in the policy table, the system shall
+  // use a logical AND: backend permissions AND User permissions. If the RPC is
+  // listed under more than one group, the system shall perform a logical OR
+  // amongst all of the possible allowed permissions scenarios for the RPC (and
+  // parameter/or HMI level) defined by each of the functional groups.
+
+  if (!IsSomeParametersAllowed(out_parameter)) {
+    // Due to APPLINK-24201 SDL must consider cases when 'parameters' section is
+    // not present for RPC or present, but is empty.
+
+    // If 'parameters' section is like: 'parameters' : []
+    if (in_parameters.is_initialized() && in_parameters.empty()) {
+      if (!does_require_user_consent_) {
+        out_parameter.any_parameter_disallowed_by_policy = true;
+      }
+      if (does_require_user_consent_ && kAllowedKey == current_key_) {
+        out_parameter.any_parameter_disallowed_by_user = true;
+      }
     }
-  }
 
-  // If 'parameters' section is omitted
-  if (!in_parameters.is_initialized()) {
-    if (!does_require_user_consent_) {
-      out_parameter.any_parameter_allowed = true;
-    }
-    if (does_require_user_consent_ && kAllowedKey == current_key_) {
-      out_parameter.any_parameter_allowed = true;
+    // If 'parameters' section is omitted
+    if (!in_parameters.is_initialized()) {
+      if (!does_require_user_consent_ ||
+          (does_require_user_consent_ && kAllowedKey == current_key_)) {
+        out_parameter.any_parameter_allowed = true;
+      }
     }
   }
 
@@ -647,6 +657,13 @@ void FillNotificationData::UpdateParameters(
     out_parameter[current_key_].insert(
         policy_table::EnumToJsonString(*it_parameters));
   }
+
+  // We should reset ALL DISALLOWED flags if at least one parameter is allowed
+  // due to a logical OR permissions check
+  if (IsSomeParametersAllowed(out_parameter)) {
+    out_parameter.any_parameter_disallowed_by_policy = false;
+    out_parameter.any_parameter_disallowed_by_user = false;
+  }
 }
 
 void FillNotificationData::ExcludeSame(RpcPermissions& rpc) {
@@ -769,16 +786,23 @@ bool FillNotificationData::RpcParametersEmpty(RpcPermissions& rpc) {
          no_user_disallowed_parameters;
 }
 
-bool FillNotificationData::IsSectionEmpty(ParameterPermissions& permissions,
-                                          const std::string& section) {
+bool FillNotificationData::IsSectionEmpty(
+    const ParameterPermissions& permissions, const std::string& section) const {
   ParameterPermissions::const_iterator it_section = permissions.find(section);
   ParameterPermissions::const_iterator end = permissions.end();
   if (end != it_section) {
-    return permissions[section].empty();
+    return it_section->second.empty();
   }
   return true;
 }
 
+bool FillNotificationData::IsSomeParametersAllowed(
+    const ParameterPermissions& permissions) const {
+  return permissions.any_parameter_allowed ||
+         (kAllowedKey == current_key_ &&
+          !IsSectionEmpty(permissions, kAllowedKey));
+}
+
 ProcessFunctionalGroup::ProcessFunctionalGroup(
     const policy_table::FunctionalGroupings& fg,
     const std::vector<FunctionalGroupPermission>& group_permissions,