feat: add wallet_revokePermissions rpc call (#14091)

<!--
Please submit this PR as a draft initially.
Do not mark it as "Ready for review" until the template has been
completely filled out, and PR status checks have passed at least once.
-->

## **Description**

`wallet_revokePermissions` has been live on extension for ~1 year. We
did not add it to Mobile at the time because of controllers versions
being behind. We are adding it now.

<!--
Write a short description of the changes included in this pull request,
also include relevant motivation and context. Have in mind the following
questions:
1. What is the reason for the change?
2. What is the improvement/solution?
-->

## **Related issues**

Fixes: MetaMask/MetaMask-planning#4426

## **Manual testing steps**

1. Go to a dapp (example used in this case was https://app.uniswap.org)
2. Connect wallet to dapp via dapp UI
3. Disconnect wallet from dapp via dapp UI
4. Make sure permissions have been revoked (either through mobile wallet
UI or console sending a
[wallet_getPermissions](https://docs.metamask.io/wallet/reference/json-rpc-methods/wallet_getpermissions/)
request)

## **Screenshots/Recordings**

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

### **Before**


https://github.com/user-attachments/assets/a27be969-2b40-4ab1-8557-ffeea55f2df0

### **After**


https://github.com/user-attachments/assets/cff4d39e-3868-41db-864a-8ff60ec9791b

## **Pre-merge author checklist**

- [x] I’ve followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask Mobile
Coding
Standards](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/CODING_GUIDELINES.md).
- [x] I've completed the PR template to the best of my ability
- [x] I’ve included tests if applicable
- [x] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [x] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-mobile/blob/main/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

## **Pre-merge reviewer checklist**

- [x] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [x] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

Author: ffmcgee725

Diff for: app/core/Permissions/specifications.js

@@ -383,6 +383,7 @@ export const unrestrictedMethods = Object.freeze([
   // Define unrestricted methods below to bypass PermissionController. These are eventually handled by RPCMethodMiddleware (User facing RPC methods)
   'wallet_getPermissions',
   'wallet_requestPermissions',
+  'wallet_revokePermissions',
   'eth_getTransactionByHash',
   'eth_getTransactionByBlockHashAndIndex',
   'eth_getTransactionByBlockNumberAndIndex',

Diff for: app/core/RPCMethods/RPCMethodMiddleware.test.ts

@@ -57,6 +57,7 @@ jest.mock('../Engine', () => ({
     PermissionController: {
       requestPermissions: jest.fn(),
       getPermissions: jest.fn(),
+      revokePermissions: jest.fn(),
     },
     NetworkController: {
       getNetworkClientById: () => ({
@@ -578,6 +579,133 @@ describe('getRpcMethodMiddleware', () => {
     });
   }
 
+  describe('wallet_revokePermissions', () => {
+    it('revokes eth_accounts and endowment:permitted-chains permissions if eth_accounts permission key is passed', async () => {
+      const hostname = 'example.metamask.io';
+      const middleware = getRpcMethodMiddleware({
+        ...getMinimalOptions(),
+        hostname,
+      });
+      const request = {
+        jsonrpc,
+        id: 1,
+        method: 'wallet_revokePermissions',
+        params: [{ eth_accounts: {} }],
+      };
+      await callMiddleware({ middleware, request });
+      expect(
+        MockEngine.context.PermissionController.revokePermissions,
+      ).toHaveBeenCalledWith({
+        [hostname]: ['eth_accounts', 'endowment:permitted-chains'],
+      });
+    });
+
+    it('revokes eth_accounts and endowment:permitted-chains permissions if endowment:permitted-chains permission key is passed', async () => {
+      const hostname = 'example.metamask.io';
+      const middleware = getRpcMethodMiddleware({
+        ...getMinimalOptions(),
+        hostname,
+      });
+      const request = {
+        jsonrpc,
+        id: 1,
+        method: 'wallet_revokePermissions',
+        params: [{ 'endowment:permitted-chains': {} }],
+      };
+      await callMiddleware({ middleware, request });
+      expect(
+        MockEngine.context.PermissionController.revokePermissions,
+      ).toHaveBeenCalledWith({
+        [hostname]: ['eth_accounts', 'endowment:permitted-chains'],
+      });
+    });
+
+    it('revokes eth_accounts and endowment:permitted-chains permissions if both permission keys are passed', async () => {
+      const hostname = 'example.metamask.io';
+      const middleware = getRpcMethodMiddleware({
+        ...getMinimalOptions(),
+        hostname,
+      });
+      const request = {
+        jsonrpc,
+        id: 1,
+        method: 'wallet_revokePermissions',
+        params: [{ eth_accounts: {}, 'endowment:permitted-chains': {} }],
+      };
+      await callMiddleware({ middleware, request });
+      expect(
+        MockEngine.context.PermissionController.revokePermissions,
+      ).toHaveBeenCalledWith({
+        [hostname]: ['eth_accounts', 'endowment:permitted-chains'],
+      });
+    });
+
+    it('revokes eth_accounts, endowment:permitted-chains, and other permissions, either is passed alongside other permissions', async () => {
+      const hostname = 'example.metamask.io';
+      const middleware = getRpcMethodMiddleware({
+        ...getMinimalOptions(),
+        hostname,
+      });
+      const request = {
+        jsonrpc,
+        id: 1,
+        method: 'wallet_revokePermissions',
+        params: [{ 'endowment:permitted-chains': {}, a: {}, b: {} }],
+      };
+      await callMiddleware({ middleware, request });
+      expect(
+        MockEngine.context.PermissionController.revokePermissions,
+      ).toHaveBeenCalledWith({
+        [hostname]: ['eth_accounts', 'endowment:permitted-chains', 'a', 'b'],
+      });
+    });
+
+    it('will revoke other permissions if neither eth_accounts or endowment:permitted-chains keys are passed', async () => {
+      const hostname = 'example.metamask.io';
+      const middleware = getRpcMethodMiddleware({
+        ...getMinimalOptions(),
+        hostname,
+      });
+      const request = {
+        jsonrpc,
+        id: 1,
+        method: 'wallet_revokePermissions',
+        params: [{ a: {}, b: {} }],
+      };
+      await callMiddleware({ middleware, request });
+      expect(
+        MockEngine.context.PermissionController.revokePermissions,
+      ).toHaveBeenCalledWith({
+        [hostname]: ['a', 'b'],
+      });
+    });
+
+    it('returns null result if PermissionController throws an error', async () => {
+      MockEngine.context.PermissionController.revokePermissions.mockImplementation(
+        () => {
+          throw new Error('permission error');
+        },
+      );
+      const hostname = 'example.metamask.io';
+      const middleware = getRpcMethodMiddleware({
+        ...getMinimalOptions(),
+        hostname,
+      });
+      const request = {
+        jsonrpc,
+        id: 1,
+        method: 'wallet_revokePermissions',
+        params: [{ eth_accounts: {} }],
+      };
+
+      expect(await callMiddleware({ middleware, request })).toEqual({
+        result: null,
+        jsonrpc,
+        id: 1,
+      });
+    });
+  });
+
   describe('wallet_requestPermissions', () => {
     it('can requestPermissions for eth_accounts', async () => {
       const mockOrigin = 'example.metamask.io';
@@ -1124,10 +1252,11 @@ describe('getRpcMethodMiddleware', () => {
       expect((response as JsonRpcFailure).error.message).toBe(
         expectedError.message,
       );
-      // eslint-disable-next-line @typescript-eslint/no-explicit-any
-      expect(((response as JsonRpcFailure).error as JsonRpcError<any>).data.cause.message).toBe(
-        expectedError.message,
-      );
+      expect(
+        //@ts-expect-error {JsonRpcError} will be fixed by a future bump. [Reference](https://github.com/MetaMask/metamask-mobile/pull/14091/files#r2009831015)
+        ((response as JsonRpcFailure).error as JsonRpcError<unknown>).data.cause
+          .message,
+      ).toBe(expectedError.message);
     });
 
     it('returns a JSON-RPC error if an error is thrown after approval', async () => {

Diff for: app/core/RPCMethods/RPCMethodMiddleware.ts

@@ -48,6 +48,7 @@ import {
   MessageParamsTyped,
   SignatureController,
 } from '@metamask/signature-controller';
+import { PermissionKeys } from '../Permissions/specifications.js';
 
 // TODO: Replace "any" with type
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
@@ -397,12 +398,61 @@ export const getRpcMethodMiddleware = ({
       return responseData;
     };
 
-    const [requestPermissionsHandler, getPermissionsHandler] =
-      permissionRpcMethods.handlers;
+    const [
+      requestPermissionsHandler,
+      getPermissionsHandler,
+      revokePermissionsHandler,
+    ] = permissionRpcMethods.handlers;
 
     // TODO: Replace "any" with type
     // eslint-disable-next-line @typescript-eslint/no-explicit-any
     const rpcMethods: any = {
+      wallet_revokePermissions: async () =>
+        await revokePermissionsHandler.implementation(
+          req,
+          res,
+          next,
+          (err) => {
+            if (err) {
+              throw err;
+            }
+          },
+          {
+            revokePermissionsForOrigin: (permissionKeys) => {
+              try {
+                /**
+                 * For now, we check if either eth_accounts or endowment:permitted-chains are sent. If either of those is sent, we revoke both.
+                 * This manual filtering will be handled / refactored once we implement [CAIP-25 permissions](https://github.com/MetaMask/MetaMask-planning/issues/4129)
+                 */
+                const caip25EquivalentPermissions: string[] = [
+                  PermissionKeys.eth_accounts,
+                  PermissionKeys.permittedChains,
+                ];
+
+                const keysToRevoke = permissionKeys.some((key) =>
+                  caip25EquivalentPermissions.includes(key),
+                )
+                  ? Array.from(
+                      new Set([
+                        ...caip25EquivalentPermissions,
+                        ...permissionKeys,
+                      ]),
+                    )
+                  : permissionKeys;
+
+                Engine.context.PermissionController.revokePermissions({
+                  [origin]: keysToRevoke,
+                });
+              } catch (e) {
+                // we dont want to handle errors here because
+                // the revokePermissions api method should just
+                // return `null` if the permissions were not
+                // successfully revoked or if the permissions
+                // for the origin do not exist
+              }
+            },
+          },
+        ),
       wallet_getPermissions: async () =>
         // TODO: Replace "any" with type
         // eslint-disable-next-line @typescript-eslint/no-explicit-any

Diff for: app/core/SDKConnect/SDKConnectConstants.ts

@@ -23,6 +23,7 @@ export const RPC_METHODS = {
   WALLET_SWITCHETHEREUMCHAIN: 'wallet_switchEthereumChain',
   WALLET_REQUESTPERMISSIONS: 'wallet_requestPermissions',
   WALLET_GETPERMISSIONS: 'wallet_getPermissions',
+  WALLET_REVOKEPERMISSIONS: 'wallet_revokePermissions',
   ETH_ACCOUNTS: 'eth_accounts',
   ETH_CHAINID: 'eth_chainId',
 };
@@ -41,6 +42,7 @@ export const METHODS_TO_REDIRECT: { [method: string]: boolean } = {
   [RPC_METHODS.WALLET_SWITCHETHEREUMCHAIN]: true,
   [RPC_METHODS.WALLET_REQUESTPERMISSIONS]: true,
   [RPC_METHODS.WALLET_GETPERMISSIONS]: true,
+  [RPC_METHODS.WALLET_REVOKEPERMISSIONS]: true,
   [RPC_METHODS.METAMASK_CONNECTSIGN]: true,
   [RPC_METHODS.METAMASK_BATCH]: true,
 };

Diff for: bitrise.yml

@@ -444,16 +444,16 @@ workflows:
               #!/usr/bin/env bash
               # Define label data
               LABELS_JSON='{"labels":["bitrise-result-ready"]}'
-              	
+
               # API URL to add labels to a PR
               API_URL="https://api.github.com/repos/$BITRISEIO_GIT_REPOSITORY_OWNER/$BITRISEIO_GIT_REPOSITORY_SLUG/issues/$GITHUB_PR_NUMBER/labels"
 
               # Perform the curl request and capture the HTTP status code
               HTTP_RESPONSE=$(curl -s -o response.txt -w "%{http_code}" -X POST -H "Authorization: token $GITHUB_ACCESS_TOKEN" -H "Accept: application/vnd.github.v3+json" -d "$LABELS_JSON" "$API_URL")
-              	
+
               # Output the HTTP status code
-              echo "HTTP Response Code: $HTTP_RESPONSE"	
-              
+              echo "HTTP Response Code: $HTTP_RESPONSE"
+
               # Optionally check the response
               echo "HTTP Response Code: $HTTP_RESPONSE"
 
@@ -466,7 +466,7 @@ workflows:
 
               # Clean up the response file
               rm response.txt
-                	
+
 
   # Send a Slack message when workflow fails
   notify_failure:
@@ -1570,9 +1570,9 @@ workflows:
             - pipeline_intermediate_files: sourcemaps/ios/index.js.map:BITRISE_APP_STORE_SOURCEMAP_PATH
             - deploy_path: sourcemaps/ios/index.js.map
           title: Deploy Source Map
-    meta: 
-      bitrise.io: 
-        stack: osx-xcode-15.0.x 
+    meta:
+      bitrise.io:
+        stack: osx-xcode-15.0.x
         machine_type_id: g2.mac.large
   build_ios_release_and_upload_sourcemaps:
     envs:

Diff for: e2e/api-specs/ConfirmationsRejectionRule.js

@@ -7,6 +7,8 @@ import Gestures from '../utils/Gestures';
 import ConnectBottomSheet from '../pages/Browser/ConnectBottomSheet';
 import AssetWatchBottomSheet from '../pages/Transactions/AssetWatchBottomSheet';
 import SpamFilterModal from '../pages/Browser/SpamFilterModal';
+import BrowserView from '../pages/Browser/BrowserView';
+import ConnectedAccountsModal from '../pages/Browser/ConnectedAccountsModal';
 
 // eslint-disable-next-line import/no-nodejs-modules
 import fs from 'fs';
@@ -24,10 +26,12 @@ export default class ConfirmationsRejectRule {
     this.driver = options.driver; // Pass element for detox instead of all the driver
     this.only = options.only;
     this.allCapsCancel = ['wallet_watchAsset'];
+    this.permissionConnectionSheet = ['wallet_revokePermissions'];
     this.requiresEthAccountsPermission = [
       'personal_sign',
       'eth_signTypedData_v4',
       'eth_getEncryptionPublicKey',
+      'wallet_revokePermissions',
     ];
   }
 
@@ -153,6 +157,9 @@ export default class ConfirmationsRejectRule {
           await TestHelpers.delay(3000);
           if (this.allCapsCancel.includes(call.methodName)) {
             await AssetWatchBottomSheet.tapCancelButton();
+          } else if (call.methodName === 'wallet_revokePermissions') {
+            await BrowserView.tapLocalHostDefaultAvatar();
+            await Assertions.checkIfNotVisible(ConnectedAccountsModal.title);
           } else {
             cancelButton = await Matchers.getElementByText('Cancel');
             await Gestures.waitAndTap(cancelButton);

Diff for: e2e/api-specs/json-rpc-coverage.js

@@ -181,7 +181,7 @@ const main = async () => {
 
       const methodsWithConfirmations = [
         'wallet_requestPermissions',
-        // 'eth_requestAccounts', // mobile is missing revokePermissions to reset this to prompt and cancel
+        'eth_requestAccounts',
         'wallet_watchAsset',
         'personal_sign', // requires permissions for eth_accounts
         'wallet_addEthereumChain',
@@ -211,7 +211,6 @@ const main = async () => {
         .map((m) => m.name);
 
       const skip = [
-        'wallet_revokePermissions', // mobile is missing revokePermissions
         'eth_coinbase',
         'wallet_registerOnboarding',
         'eth_getEncryptionPublicKey',

Diff for: e2e/pages/Browser/BrowserView.js

@@ -87,6 +87,10 @@ class Browser {
     return Matchers.getElementByID(BrowserViewSelectorsIDs.ADD_NEW_TAB);
   }
 
+  get DefaultAvatarImageForLocalHost() {
+    return Matchers.getElementByLabel('L');
+  }
+
   get networkAvatarButton() {
     return device.getPlatform() === 'ios'
       ? Matchers.getElementByID(BrowserViewSelectorsIDs.AVATAR_IMAGE)
@@ -125,6 +129,10 @@ class Browser {
     await Gestures.waitAndTap(this.addressBar);
   }
 
+  async tapLocalHostDefaultAvatar() {
+    await Gestures.waitAndTap(this.DefaultAvatarImageForLocalHost);
+  }
+
   async tapBottomSearchBar() {
     await Gestures.waitAndTap(this.searchButton);
   }

Diff for: e2e/pages/Browser/ConnectedAccountsModal.js

@@ -7,6 +7,10 @@ import Gestures from '../../utils/Gestures';
 import TestHelpers from '../../helpers';
 
 class ConnectedAccountsModal {
+  get container() {
+    return Matchers.getElementByID(ConnectedAccountsSelectorsIDs.CONTAINER);
+  }
+
   get permissionsButton() {
     return Matchers.getElementByText(
       ConnectedAccountModalSelectorsText.PERMISSION_LINK,

Diff for: e2e/pages/Browser/TestDApp.js

@@ -15,10 +15,6 @@ const CONFIRM_BUTTON_TEXT = enContent.confirmation_modal.confirm_cta;
 const APPROVE_BUTTON_TEXT = enContent.transactions.tx_review_approve;
 
 class TestDApp {
-  get androidContainer() {
-    return BrowserViewSelectorsIDs.ANDROID_CONTAINER;
-  }
-
   get confirmButtonText() {
     return Matchers.getElementByText(CONFIRM_BUTTON_TEXT);
   }