Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 0095a82b14e22cb5283abf210d1e7f106f53aca5 / . / services / core / java / com / android / server / pm / permission / DefaultPermissionGrantPolicy.java
blob: c5cfb8e0ef9bd166c7aaa78096e3191f4a9c7c83 [file] [log] [blame]
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.pm.permission;
18
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame^]19import static android.os.Process.FIRST_APPLICATION_UID;
Todd Kennedy7c4c55d2017-11-02 10:01:39 -0700[diff] [blame]20
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]21import android.Manifest;
22import android.annotation.NonNull;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]23import android.annotation.Nullable;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]24import android.app.ActivityManager;
25import android.app.DownloadManager;
26import android.app.admin.DevicePolicyManager;
27import android.companion.CompanionDeviceManager;
28import android.content.Context;
29import android.content.Intent;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]30import android.content.pm.ApplicationInfo;
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]31import android.content.pm.PackageList;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]32import android.content.pm.PackageManager;
33import android.content.pm.PackageManagerInternal;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame^]34import android.content.pm.PackageManagerInternal.PackagesProvider;
35import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]36import android.content.pm.PackageParser;
37import android.content.pm.ProviderInfo;
38import android.content.pm.ResolveInfo;
39import android.media.RingtoneManager;
40import android.net.Uri;
41import android.os.Binder;
42import android.os.Build;
43import android.os.Environment;
44import android.os.Handler;
45import android.os.Looper;
46import android.os.Message;
47import android.os.UserHandle;
48import android.os.storage.StorageManager;
49import android.print.PrintManager;
50import android.provider.CalendarContract;
51import android.provider.ContactsContract;
52import android.provider.MediaStore;
53import android.provider.Telephony.Sms.Intents;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]54import android.security.Credentials;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame^]55import android.telephony.TelephonyManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]56import android.util.ArrayMap;
57import android.util.ArraySet;
58import android.util.Log;
59import android.util.Slog;
60import android.util.Xml;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame^]61
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]62import com.android.internal.util.XmlUtils;
63import com.android.server.LocalServices;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame^]64import com.android.server.pm.PackageManagerService;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]65
66import org.xmlpull.v1.XmlPullParser;
67import org.xmlpull.v1.XmlPullParserException;
68
69import java.io.BufferedInputStream;
70import java.io.File;
71import java.io.FileInputStream;
72import java.io.IOException;
73import java.io.InputStream;
74import java.util.ArrayList;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]75import java.util.Collections;
76import java.util.List;
77import java.util.Map;
78import java.util.Set;
79
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]80/**
81 * This class is the policy for granting runtime permissions to
82 * platform components and default handlers in the system such
83 * that the device is usable out-of-the-box. For example, the
84 * shell UID is a part of the system and the Phone app should
85 * have phone related permission by default.
86 * <p>
87 * NOTE: This class is at the wrong abstraction level. It is a part of the package manager
88 * service but knows about lots of higher level subsystems. The correct way to do this is
89 * to have an interface defined in the package manager but have the impl next to other
90 * policy stuff like PhoneWindowManager
91 */
92public final class DefaultPermissionGrantPolicy {
93 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars
94 private static final boolean DEBUG = false;
95
96 private static final int DEFAULT_FLAGS =
97 PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE
98 | PackageManager.MATCH_UNINSTALLED_PACKAGES;
99
100 private static final String AUDIO_MIME_TYPE = "audio/mpeg";
101
102 private static final String TAG_EXCEPTIONS = "exceptions";
103 private static final String TAG_EXCEPTION = "exception";
104 private static final String TAG_PERMISSION = "permission";
105 private static final String ATTR_PACKAGE = "package";
106 private static final String ATTR_NAME = "name";
107 private static final String ATTR_FIXED = "fixed";
108
109 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>();
110 static {
111 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE);
112 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE);
113 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG);
114 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG);
115 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL);
116 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP);
117 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS);
118 }
119
120 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>();
121 static {
122 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS);
123 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS);
124 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS);
125 }
126
127 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>();
128 static {
129 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION);
130 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);
131 }
132
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]133 private static final Set<String> COARSE_LOCATION_PERMISSIONS = new ArraySet<>();
134 static {
135 COARSE_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);
136 }
137
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]138 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>();
139 static {
140 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR);
141 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR);
142 }
143
144 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>();
145 static {
146 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS);
147 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS);
148 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS);
149 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH);
150 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS);
151 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS);
152 }
153
154 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>();
155 static {
156 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO);
157 }
158
159 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>();
160 static {
161 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA);
162 }
163
164 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>();
165 static {
166 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS);
167 }
168
169 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>();
170 static {
171 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE);
172 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE);
173 }
174
175 private static final int MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS = 1;
176
177 private static final String ACTION_TRACK = "com.android.fitness.TRACK";
178
179 private final Handler mHandler;
180
181 private PackagesProvider mLocationPackagesProvider;
182 private PackagesProvider mVoiceInteractionPackagesProvider;
183 private PackagesProvider mSmsAppPackagesProvider;
184 private PackagesProvider mDialerAppPackagesProvider;
185 private PackagesProvider mSimCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]186 private PackagesProvider mUseOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]187 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider;
188
189 private ArrayMap<String, List<DefaultPermissionGrant>> mGrantExceptions;
190 private final Context mContext;
191 private final Object mLock = new Object();
192 private final PackageManagerInternal mServiceInternal;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]193 private final PermissionManagerService mPermissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]194 private final DefaultPermissionGrantedCallback mPermissionGrantedCallback;
195 public interface DefaultPermissionGrantedCallback {
196 /** Callback when permissions have been granted */
197 public void onDefaultRuntimePermissionsGranted(int userId);
198 }
199
200 public DefaultPermissionGrantPolicy(Context context, Looper looper,
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]201 @Nullable DefaultPermissionGrantedCallback callback,
202 @NonNull PermissionManagerService permissionManager) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]203 mContext = context;
204 mHandler = new Handler(looper) {
205 @Override
206 public void handleMessage(Message msg) {
207 if (msg.what == MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS) {
208 synchronized (mLock) {
209 if (mGrantExceptions == null) {
210 mGrantExceptions = readDefaultPermissionExceptionsLocked();
211 }
212 }
213 }
214 }
215 };
216 mPermissionGrantedCallback = callback;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]217 mPermissionManager = permissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]218 mServiceInternal = LocalServices.getService(PackageManagerInternal.class);
219 }
220
221 public void setLocationPackagesProvider(PackagesProvider provider) {
222 synchronized (mLock) {
223 mLocationPackagesProvider = provider;
224 }
225 }
226
227 public void setVoiceInteractionPackagesProvider(PackagesProvider provider) {
228 synchronized (mLock) {
229 mVoiceInteractionPackagesProvider = provider;
230 }
231 }
232
233 public void setSmsAppPackagesProvider(PackagesProvider provider) {
234 synchronized (mLock) {
235 mSmsAppPackagesProvider = provider;
236 }
237 }
238
239 public void setDialerAppPackagesProvider(PackagesProvider provider) {
240 synchronized (mLock) {
241 mDialerAppPackagesProvider = provider;
242 }
243 }
244
245 public void setSimCallManagerPackagesProvider(PackagesProvider provider) {
246 synchronized (mLock) {
247 mSimCallManagerPackagesProvider = provider;
248 }
249 }
250
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]251 public void setUseOpenWifiAppPackagesProvider(PackagesProvider provider) {
252 synchronized (mLock) {
253 mUseOpenWifiAppPackagesProvider = provider;
254 }
255 }
256
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]257 public void setSyncAdapterPackagesProvider(SyncAdapterPackagesProvider provider) {
258 synchronized (mLock) {
259 mSyncAdapterPackagesProvider = provider;
260 }
261 }
262
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]263 public void grantDefaultPermissions(int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]264 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) {
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]265 grantAllRuntimePermissions(userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]266 } else {
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]267 grantPermissionsToSysComponentsAndPrivApps(userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]268 grantDefaultSystemHandlerPermissions(userId);
269 grantDefaultPermissionExceptions(userId);
270 }
271 }
272
273 private void grantRuntimePermissionsForPackage(int userId, PackageParser.Package pkg) {
274 Set<String> permissions = new ArraySet<>();
275 for (String permission : pkg.requestedPermissions) {
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]276 final BasePermission bp = mPermissionManager.getPermission(permission);
277 if (bp == null) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]278 continue;
279 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]280 if (bp.isRuntime()) {
281 permissions.add(permission);
282 }
283 }
284 if (!permissions.isEmpty()) {
285 grantRuntimePermissions(pkg, permissions, true, userId);
286 }
287 }
288
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]289 private void grantAllRuntimePermissions(int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]290 Log.i(TAG, "Granting all runtime permissions for user " + userId);
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]291 final PackageList packageList = mServiceInternal.getPackageList();
292 for (String packageName : packageList.getPackageNames()) {
293 final PackageParser.Package pkg = mServiceInternal.getPackage(packageName);
294 if (pkg == null) {
295 continue;
296 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]297 grantRuntimePermissionsForPackage(userId, pkg);
298 }
299 }
300
301 public void scheduleReadDefaultPermissionExceptions() {
302 mHandler.sendEmptyMessage(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
303 }
304
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]305 private void grantPermissionsToSysComponentsAndPrivApps(int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]306 Log.i(TAG, "Granting permissions to platform components for user " + userId);
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]307 final PackageList packageList = mServiceInternal.getPackageList();
308 for (String packageName : packageList.getPackageNames()) {
309 final PackageParser.Package pkg = mServiceInternal.getPackage(packageName);
310 if (pkg == null) {
311 continue;
312 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]313 if (!isSysComponentOrPersistentPlatformSignedPrivApp(pkg)
314 || !doesPackageSupportRuntimePermissions(pkg)
315 || pkg.requestedPermissions.isEmpty()) {
316 continue;
317 }
318 grantRuntimePermissionsForPackage(userId, pkg);
319 }
320 }
321
322 private void grantDefaultSystemHandlerPermissions(int userId) {
323 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId);
324
325 final PackagesProvider locationPackagesProvider;
326 final PackagesProvider voiceInteractionPackagesProvider;
327 final PackagesProvider smsAppPackagesProvider;
328 final PackagesProvider dialerAppPackagesProvider;
329 final PackagesProvider simCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]330 final PackagesProvider useOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]331 final SyncAdapterPackagesProvider syncAdapterPackagesProvider;
332
333 synchronized (mLock) {
334 locationPackagesProvider = mLocationPackagesProvider;
335 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider;
336 smsAppPackagesProvider = mSmsAppPackagesProvider;
337 dialerAppPackagesProvider = mDialerAppPackagesProvider;
338 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]339 useOpenWifiAppPackagesProvider = mUseOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]340 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider;
341 }
342
343 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null)
344 ? voiceInteractionPackagesProvider.getPackages(userId) : null;
345 String[] locationPackageNames = (locationPackagesProvider != null)
346 ? locationPackagesProvider.getPackages(userId) : null;
347 String[] smsAppPackageNames = (smsAppPackagesProvider != null)
348 ? smsAppPackagesProvider.getPackages(userId) : null;
349 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null)
350 ? dialerAppPackagesProvider.getPackages(userId) : null;
351 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null)
352 ? simCallManagerPackagesProvider.getPackages(userId) : null;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]353 String[] useOpenWifiAppPackageNames = (useOpenWifiAppPackagesProvider != null)
354 ? useOpenWifiAppPackagesProvider.getPackages(userId) : null;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]355 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
356 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null;
357 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
358 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null;
359
360 // Installer
361 final String installerPackageName = mServiceInternal.getKnownPackageName(
362 PackageManagerInternal.PACKAGE_INSTALLER, userId);
363 PackageParser.Package installerPackage = getSystemPackage(installerPackageName);
364 if (installerPackage != null
365 && doesPackageSupportRuntimePermissions(installerPackage)) {
366 grantRuntimePermissions(installerPackage, STORAGE_PERMISSIONS, true, userId);
367 }
368
369 // Verifier
370 final String verifierPackageName = mServiceInternal.getKnownPackageName(
371 PackageManagerInternal.PACKAGE_VERIFIER, userId);
372 PackageParser.Package verifierPackage = getSystemPackage(verifierPackageName);
373 if (verifierPackage != null
374 && doesPackageSupportRuntimePermissions(verifierPackage)) {
375 grantRuntimePermissions(verifierPackage, STORAGE_PERMISSIONS, true, userId);
376 grantRuntimePermissions(verifierPackage, PHONE_PERMISSIONS, false, userId);
377 grantRuntimePermissions(verifierPackage, SMS_PERMISSIONS, false, userId);
378 }
379
380 // SetupWizard
381 final String setupWizardPackageName = mServiceInternal.getKnownPackageName(
382 PackageManagerInternal.PACKAGE_SETUP_WIZARD, userId);
383 PackageParser.Package setupPackage = getSystemPackage(setupWizardPackageName);
384 if (setupPackage != null
385 && doesPackageSupportRuntimePermissions(setupPackage)) {
386 grantRuntimePermissions(setupPackage, PHONE_PERMISSIONS, userId);
387 grantRuntimePermissions(setupPackage, CONTACTS_PERMISSIONS, userId);
388 grantRuntimePermissions(setupPackage, LOCATION_PERMISSIONS, userId);
389 grantRuntimePermissions(setupPackage, CAMERA_PERMISSIONS, userId);
390 }
391
392 // Camera
393 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE);
394 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackage(
395 cameraIntent, userId);
396 if (cameraPackage != null
397 && doesPackageSupportRuntimePermissions(cameraPackage)) {
398 grantRuntimePermissions(cameraPackage, CAMERA_PERMISSIONS, userId);
399 grantRuntimePermissions(cameraPackage, MICROPHONE_PERMISSIONS, userId);
400 grantRuntimePermissions(cameraPackage, STORAGE_PERMISSIONS, userId);
401 }
402
403 // Media provider
404 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackage(
405 MediaStore.AUTHORITY, userId);
406 if (mediaStorePackage != null) {
407 grantRuntimePermissions(mediaStorePackage, STORAGE_PERMISSIONS, true, userId);
Jerry Zhang27067df2017-10-18 11:51:54 -0700[diff] [blame]408 grantRuntimePermissions(mediaStorePackage, PHONE_PERMISSIONS, true, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]409 }
410
411 // Downloads provider
412 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackage(
413 "downloads", userId);
414 if (downloadsPackage != null) {
415 grantRuntimePermissions(downloadsPackage, STORAGE_PERMISSIONS, true, userId);
416 }
417
418 // Downloads UI
419 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS);
420 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackage(
421 downloadsUiIntent, userId);
422 if (downloadsUiPackage != null
423 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) {
424 grantRuntimePermissions(downloadsUiPackage, STORAGE_PERMISSIONS, true, userId);
425 }
426
427 // Storage provider
428 PackageParser.Package storagePackage = getDefaultProviderAuthorityPackage(
429 "com.android.externalstorage.documents", userId);
430 if (storagePackage != null) {
431 grantRuntimePermissions(storagePackage, STORAGE_PERMISSIONS, true, userId);
432 }
433
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame^]434 // Container service
435 PackageParser.Package containerPackage = getSystemPackage(
436 PackageManagerService.DEFAULT_CONTAINER_PACKAGE);
437 if (containerPackage != null) {
438 grantRuntimePermissions(containerPackage, STORAGE_PERMISSIONS, true, userId);
439 }
440
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]441 // CertInstaller
442 Intent certInstallerIntent = new Intent(Credentials.INSTALL_ACTION);
443 PackageParser.Package certInstallerPackage = getDefaultSystemHandlerActivityPackage(
444 certInstallerIntent, userId);
445 if (certInstallerPackage != null
446 && doesPackageSupportRuntimePermissions(certInstallerPackage)) {
447 grantRuntimePermissions(certInstallerPackage, STORAGE_PERMISSIONS, true, userId);
448 }
449
450 // Dialer
451 if (dialerAppPackageNames == null) {
452 Intent dialerIntent = new Intent(Intent.ACTION_DIAL);
453 PackageParser.Package dialerPackage = getDefaultSystemHandlerActivityPackage(
454 dialerIntent, userId);
455 if (dialerPackage != null) {
456 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId);
457 }
458 } else {
459 for (String dialerAppPackageName : dialerAppPackageNames) {
460 PackageParser.Package dialerPackage = getSystemPackage(dialerAppPackageName);
461 if (dialerPackage != null) {
462 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId);
463 }
464 }
465 }
466
467 // Sim call manager
468 if (simCallManagerPackageNames != null) {
469 for (String simCallManagerPackageName : simCallManagerPackageNames) {
470 PackageParser.Package simCallManagerPackage =
471 getSystemPackage(simCallManagerPackageName);
472 if (simCallManagerPackage != null) {
473 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage,
474 userId);
475 }
476 }
477 }
478
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]479 // Use Open Wifi
480 if (useOpenWifiAppPackageNames != null) {
481 for (String useOpenWifiPackageName : useOpenWifiAppPackageNames) {
482 PackageParser.Package useOpenWifiPackage =
483 getSystemPackage(useOpenWifiPackageName);
484 if (useOpenWifiPackage != null) {
485 grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(useOpenWifiPackage,
486 userId);
487 }
488 }
489 }
490
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]491 // SMS
492 if (smsAppPackageNames == null) {
493 Intent smsIntent = new Intent(Intent.ACTION_MAIN);
494 smsIntent.addCategory(Intent.CATEGORY_APP_MESSAGING);
495 PackageParser.Package smsPackage = getDefaultSystemHandlerActivityPackage(
496 smsIntent, userId);
497 if (smsPackage != null) {
498 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
499 }
500 } else {
501 for (String smsPackageName : smsAppPackageNames) {
502 PackageParser.Package smsPackage = getSystemPackage(smsPackageName);
503 if (smsPackage != null) {
504 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
505 }
506 }
507 }
508
509 // Cell Broadcast Receiver
510 Intent cbrIntent = new Intent(Intents.SMS_CB_RECEIVED_ACTION);
511 PackageParser.Package cbrPackage =
512 getDefaultSystemHandlerActivityPackage(cbrIntent, userId);
513 if (cbrPackage != null && doesPackageSupportRuntimePermissions(cbrPackage)) {
514 grantRuntimePermissions(cbrPackage, SMS_PERMISSIONS, userId);
515 }
516
517 // Carrier Provisioning Service
518 Intent carrierProvIntent = new Intent(Intents.SMS_CARRIER_PROVISION_ACTION);
519 PackageParser.Package carrierProvPackage =
520 getDefaultSystemHandlerServicePackage(carrierProvIntent, userId);
521 if (carrierProvPackage != null
522 && doesPackageSupportRuntimePermissions(carrierProvPackage)) {
523 grantRuntimePermissions(carrierProvPackage, SMS_PERMISSIONS, false, userId);
524 }
525
526 // Calendar
527 Intent calendarIntent = new Intent(Intent.ACTION_MAIN);
528 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR);
529 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackage(
530 calendarIntent, userId);
531 if (calendarPackage != null
532 && doesPackageSupportRuntimePermissions(calendarPackage)) {
533 grantRuntimePermissions(calendarPackage, CALENDAR_PERMISSIONS, userId);
534 grantRuntimePermissions(calendarPackage, CONTACTS_PERMISSIONS, userId);
535 }
536
537 // Calendar provider
538 PackageParser.Package calendarProviderPackage = getDefaultProviderAuthorityPackage(
539 CalendarContract.AUTHORITY, userId);
540 if (calendarProviderPackage != null) {
541 grantRuntimePermissions(calendarProviderPackage, CONTACTS_PERMISSIONS, userId);
542 grantRuntimePermissions(calendarProviderPackage, CALENDAR_PERMISSIONS,
543 true, userId);
544 grantRuntimePermissions(calendarProviderPackage, STORAGE_PERMISSIONS, userId);
545 }
546
547 // Calendar provider sync adapters
548 List<PackageParser.Package> calendarSyncAdapters = getHeadlessSyncAdapterPackages(
549 calendarSyncAdapterPackages, userId);
550 final int calendarSyncAdapterCount = calendarSyncAdapters.size();
551 for (int i = 0; i < calendarSyncAdapterCount; i++) {
552 PackageParser.Package calendarSyncAdapter = calendarSyncAdapters.get(i);
553 if (doesPackageSupportRuntimePermissions(calendarSyncAdapter)) {
554 grantRuntimePermissions(calendarSyncAdapter, CALENDAR_PERMISSIONS, userId);
555 }
556 }
557
558 // Contacts
559 Intent contactsIntent = new Intent(Intent.ACTION_MAIN);
560 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS);
561 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackage(
562 contactsIntent, userId);
563 if (contactsPackage != null
564 && doesPackageSupportRuntimePermissions(contactsPackage)) {
565 grantRuntimePermissions(contactsPackage, CONTACTS_PERMISSIONS, userId);
566 grantRuntimePermissions(contactsPackage, PHONE_PERMISSIONS, userId);
567 }
568
569 // Contacts provider sync adapters
570 List<PackageParser.Package> contactsSyncAdapters = getHeadlessSyncAdapterPackages(
571 contactsSyncAdapterPackages, userId);
572 final int contactsSyncAdapterCount = contactsSyncAdapters.size();
573 for (int i = 0; i < contactsSyncAdapterCount; i++) {
574 PackageParser.Package contactsSyncAdapter = contactsSyncAdapters.get(i);
575 if (doesPackageSupportRuntimePermissions(contactsSyncAdapter)) {
576 grantRuntimePermissions(contactsSyncAdapter, CONTACTS_PERMISSIONS, userId);
577 }
578 }
579
580 // Contacts provider
581 PackageParser.Package contactsProviderPackage = getDefaultProviderAuthorityPackage(
582 ContactsContract.AUTHORITY, userId);
583 if (contactsProviderPackage != null) {
584 grantRuntimePermissions(contactsProviderPackage, CONTACTS_PERMISSIONS,
585 true, userId);
586 grantRuntimePermissions(contactsProviderPackage, PHONE_PERMISSIONS,
587 true, userId);
588 grantRuntimePermissions(contactsProviderPackage, STORAGE_PERMISSIONS, userId);
589 }
590
591 // Device provisioning
592 Intent deviceProvisionIntent = new Intent(
593 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE);
594 PackageParser.Package deviceProvisionPackage =
595 getDefaultSystemHandlerActivityPackage(deviceProvisionIntent, userId);
596 if (deviceProvisionPackage != null
597 && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) {
598 grantRuntimePermissions(deviceProvisionPackage, CONTACTS_PERMISSIONS, userId);
599 }
600
601 // Maps
602 Intent mapsIntent = new Intent(Intent.ACTION_MAIN);
603 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS);
604 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackage(
605 mapsIntent, userId);
606 if (mapsPackage != null
607 && doesPackageSupportRuntimePermissions(mapsPackage)) {
608 grantRuntimePermissions(mapsPackage, LOCATION_PERMISSIONS, userId);
609 }
610
611 // Gallery
612 Intent galleryIntent = new Intent(Intent.ACTION_MAIN);
613 galleryIntent.addCategory(Intent.CATEGORY_APP_GALLERY);
614 PackageParser.Package galleryPackage = getDefaultSystemHandlerActivityPackage(
615 galleryIntent, userId);
616 if (galleryPackage != null
617 && doesPackageSupportRuntimePermissions(galleryPackage)) {
618 grantRuntimePermissions(galleryPackage, STORAGE_PERMISSIONS, userId);
619 }
620
621 // Email
622 Intent emailIntent = new Intent(Intent.ACTION_MAIN);
623 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL);
624 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackage(
625 emailIntent, userId);
626 if (emailPackage != null
627 && doesPackageSupportRuntimePermissions(emailPackage)) {
628 grantRuntimePermissions(emailPackage, CONTACTS_PERMISSIONS, userId);
629 grantRuntimePermissions(emailPackage, CALENDAR_PERMISSIONS, userId);
630 }
631
632 // Browser
633 PackageParser.Package browserPackage = null;
634 String defaultBrowserPackage = mServiceInternal.getKnownPackageName(
635 PackageManagerInternal.PACKAGE_BROWSER, userId);
636 if (defaultBrowserPackage != null) {
637 browserPackage = getPackage(defaultBrowserPackage);
638 }
639 if (browserPackage == null) {
640 Intent browserIntent = new Intent(Intent.ACTION_MAIN);
641 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER);
642 browserPackage = getDefaultSystemHandlerActivityPackage(
643 browserIntent, userId);
644 }
645 if (browserPackage != null
646 && doesPackageSupportRuntimePermissions(browserPackage)) {
647 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, userId);
648 }
649
650 // Voice interaction
651 if (voiceInteractPackageNames != null) {
652 for (String voiceInteractPackageName : voiceInteractPackageNames) {
653 PackageParser.Package voiceInteractPackage = getSystemPackage(
654 voiceInteractPackageName);
655 if (voiceInteractPackage != null
656 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) {
657 grantRuntimePermissions(voiceInteractPackage,
658 CONTACTS_PERMISSIONS, userId);
659 grantRuntimePermissions(voiceInteractPackage,
660 CALENDAR_PERMISSIONS, userId);
661 grantRuntimePermissions(voiceInteractPackage,
662 MICROPHONE_PERMISSIONS, userId);
663 grantRuntimePermissions(voiceInteractPackage,
664 PHONE_PERMISSIONS, userId);
665 grantRuntimePermissions(voiceInteractPackage,
666 SMS_PERMISSIONS, userId);
667 grantRuntimePermissions(voiceInteractPackage,
668 LOCATION_PERMISSIONS, userId);
669 }
670 }
671 }
672
673 if (ActivityManager.isLowRamDeviceStatic()) {
674 // Allow voice search on low-ram devices
675 Intent globalSearchIntent = new Intent("android.search.action.GLOBAL_SEARCH");
676 PackageParser.Package globalSearchPickerPackage =
677 getDefaultSystemHandlerActivityPackage(globalSearchIntent, userId);
678
679 if (globalSearchPickerPackage != null
680 && doesPackageSupportRuntimePermissions(globalSearchPickerPackage)) {
681 grantRuntimePermissions(globalSearchPickerPackage,
Ng Zhi An202372d2017-12-19 11:19:30 -0800[diff] [blame]682 MICROPHONE_PERMISSIONS, false, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]683 grantRuntimePermissions(globalSearchPickerPackage,
Ng Zhi An202372d2017-12-19 11:19:30 -0800[diff] [blame]684 LOCATION_PERMISSIONS, false, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]685 }
686 }
687
688 // Voice recognition
689 Intent voiceRecoIntent = new Intent("android.speech.RecognitionService");
690 voiceRecoIntent.addCategory(Intent.CATEGORY_DEFAULT);
691 PackageParser.Package voiceRecoPackage = getDefaultSystemHandlerServicePackage(
692 voiceRecoIntent, userId);
693 if (voiceRecoPackage != null
694 && doesPackageSupportRuntimePermissions(voiceRecoPackage)) {
695 grantRuntimePermissions(voiceRecoPackage, MICROPHONE_PERMISSIONS, userId);
696 }
697
698 // Location
699 if (locationPackageNames != null) {
700 for (String packageName : locationPackageNames) {
701 PackageParser.Package locationPackage = getSystemPackage(packageName);
702 if (locationPackage != null
703 && doesPackageSupportRuntimePermissions(locationPackage)) {
704 grantRuntimePermissions(locationPackage, CONTACTS_PERMISSIONS, userId);
705 grantRuntimePermissions(locationPackage, CALENDAR_PERMISSIONS, userId);
706 grantRuntimePermissions(locationPackage, MICROPHONE_PERMISSIONS, userId);
707 grantRuntimePermissions(locationPackage, PHONE_PERMISSIONS, userId);
708 grantRuntimePermissions(locationPackage, SMS_PERMISSIONS, userId);
709 grantRuntimePermissions(locationPackage, LOCATION_PERMISSIONS,
710 true, userId);
711 grantRuntimePermissions(locationPackage, CAMERA_PERMISSIONS, userId);
712 grantRuntimePermissions(locationPackage, SENSORS_PERMISSIONS, userId);
713 grantRuntimePermissions(locationPackage, STORAGE_PERMISSIONS, userId);
714 }
715 }
716 }
717
718 // Music
719 Intent musicIntent = new Intent(Intent.ACTION_VIEW);
720 musicIntent.addCategory(Intent.CATEGORY_DEFAULT);
721 musicIntent.setDataAndType(Uri.fromFile(new File("foo.mp3")),
722 AUDIO_MIME_TYPE);
723 PackageParser.Package musicPackage = getDefaultSystemHandlerActivityPackage(
724 musicIntent, userId);
725 if (musicPackage != null
726 && doesPackageSupportRuntimePermissions(musicPackage)) {
727 grantRuntimePermissions(musicPackage, STORAGE_PERMISSIONS, userId);
728 }
729
730 // Home
731 Intent homeIntent = new Intent(Intent.ACTION_MAIN);
732 homeIntent.addCategory(Intent.CATEGORY_HOME);
733 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER_APP);
734 PackageParser.Package homePackage = getDefaultSystemHandlerActivityPackage(
735 homeIntent, userId);
736 if (homePackage != null
737 && doesPackageSupportRuntimePermissions(homePackage)) {
738 grantRuntimePermissions(homePackage, LOCATION_PERMISSIONS, false, userId);
739 }
740
741 // Watches
742 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0)) {
743 // Home application on watches
744 Intent wearHomeIntent = new Intent(Intent.ACTION_MAIN);
745 wearHomeIntent.addCategory(Intent.CATEGORY_HOME_MAIN);
746
747 PackageParser.Package wearHomePackage = getDefaultSystemHandlerActivityPackage(
748 wearHomeIntent, userId);
749
750 if (wearHomePackage != null
751 && doesPackageSupportRuntimePermissions(wearHomePackage)) {
752 grantRuntimePermissions(wearHomePackage, CONTACTS_PERMISSIONS, false,
753 userId);
754 grantRuntimePermissions(wearHomePackage, PHONE_PERMISSIONS, true, userId);
755 grantRuntimePermissions(wearHomePackage, MICROPHONE_PERMISSIONS, false,
756 userId);
757 grantRuntimePermissions(wearHomePackage, LOCATION_PERMISSIONS, false,
758 userId);
759 }
760
761 // Fitness tracking on watches
762 Intent trackIntent = new Intent(ACTION_TRACK);
763 PackageParser.Package trackPackage = getDefaultSystemHandlerActivityPackage(
764 trackIntent, userId);
765 if (trackPackage != null
766 && doesPackageSupportRuntimePermissions(trackPackage)) {
767 grantRuntimePermissions(trackPackage, SENSORS_PERMISSIONS, false, userId);
768 grantRuntimePermissions(trackPackage, LOCATION_PERMISSIONS, false, userId);
769 }
770 }
771
772 // Print Spooler
773 PackageParser.Package printSpoolerPackage = getSystemPackage(
774 PrintManager.PRINT_SPOOLER_PACKAGE_NAME);
775 if (printSpoolerPackage != null
776 && doesPackageSupportRuntimePermissions(printSpoolerPackage)) {
777 grantRuntimePermissions(printSpoolerPackage, LOCATION_PERMISSIONS, true, userId);
778 }
779
780 // EmergencyInfo
781 Intent emergencyInfoIntent = new Intent(TelephonyManager.ACTION_EMERGENCY_ASSISTANCE);
782 PackageParser.Package emergencyInfoPckg = getDefaultSystemHandlerActivityPackage(
783 emergencyInfoIntent, userId);
784 if (emergencyInfoPckg != null
785 && doesPackageSupportRuntimePermissions(emergencyInfoPckg)) {
786 grantRuntimePermissions(emergencyInfoPckg, CONTACTS_PERMISSIONS, true, userId);
787 grantRuntimePermissions(emergencyInfoPckg, PHONE_PERMISSIONS, true, userId);
788 }
789
790 // NFC Tag viewer
791 Intent nfcTagIntent = new Intent(Intent.ACTION_VIEW);
792 nfcTagIntent.setType("vnd.android.cursor.item/ndef_msg");
793 PackageParser.Package nfcTagPkg = getDefaultSystemHandlerActivityPackage(
794 nfcTagIntent, userId);
795 if (nfcTagPkg != null
796 && doesPackageSupportRuntimePermissions(nfcTagPkg)) {
797 grantRuntimePermissions(nfcTagPkg, CONTACTS_PERMISSIONS, false, userId);
798 grantRuntimePermissions(nfcTagPkg, PHONE_PERMISSIONS, false, userId);
799 }
800
801 // Storage Manager
802 Intent storageManagerIntent = new Intent(StorageManager.ACTION_MANAGE_STORAGE);
803 PackageParser.Package storageManagerPckg = getDefaultSystemHandlerActivityPackage(
804 storageManagerIntent, userId);
805 if (storageManagerPckg != null
806 && doesPackageSupportRuntimePermissions(storageManagerPckg)) {
807 grantRuntimePermissions(storageManagerPckg, STORAGE_PERMISSIONS, true, userId);
808 }
809
810 // Companion devices
811 PackageParser.Package companionDeviceDiscoveryPackage = getSystemPackage(
812 CompanionDeviceManager.COMPANION_DEVICE_DISCOVERY_PACKAGE_NAME);
813 if (companionDeviceDiscoveryPackage != null
814 && doesPackageSupportRuntimePermissions(companionDeviceDiscoveryPackage)) {
815 grantRuntimePermissions(companionDeviceDiscoveryPackage,
816 LOCATION_PERMISSIONS, true, userId);
817 }
818
819 // Ringtone Picker
820 Intent ringtonePickerIntent = new Intent(RingtoneManager.ACTION_RINGTONE_PICKER);
821 PackageParser.Package ringtonePickerPackage =
822 getDefaultSystemHandlerActivityPackage(ringtonePickerIntent, userId);
823 if (ringtonePickerPackage != null
824 && doesPackageSupportRuntimePermissions(ringtonePickerPackage)) {
825 grantRuntimePermissions(ringtonePickerPackage,
826 STORAGE_PERMISSIONS, true, userId);
827 }
828
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]829 if (mPermissionGrantedCallback != null) {
830 mPermissionGrantedCallback.onDefaultRuntimePermissionsGranted(userId);
831 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]832 }
833
834 private void grantDefaultPermissionsToDefaultSystemDialerApp(
835 PackageParser.Package dialerPackage, int userId) {
836 if (doesPackageSupportRuntimePermissions(dialerPackage)) {
837 boolean isPhonePermFixed =
838 mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0);
839 grantRuntimePermissions(
840 dialerPackage, PHONE_PERMISSIONS, isPhonePermFixed, userId);
841 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, userId);
842 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, userId);
843 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, userId);
844 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, userId);
845 }
846 }
847
848 private void grantDefaultPermissionsToDefaultSystemSmsApp(
849 PackageParser.Package smsPackage, int userId) {
850 if (doesPackageSupportRuntimePermissions(smsPackage)) {
851 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, userId);
852 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, userId);
853 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, userId);
854 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, userId);
855 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, userId);
856 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, userId);
857 }
858 }
859
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]860 private void grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(
861 PackageParser.Package useOpenWifiPackage, int userId) {
862 if (doesPackageSupportRuntimePermissions(useOpenWifiPackage)) {
863 grantRuntimePermissions(useOpenWifiPackage, COARSE_LOCATION_PERMISSIONS, userId);
864 }
865 }
866
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]867 public void grantDefaultPermissionsToDefaultSmsApp(String packageName, int userId) {
868 Log.i(TAG, "Granting permissions to default sms app for user:" + userId);
869 if (packageName == null) {
870 return;
871 }
872 PackageParser.Package smsPackage = getPackage(packageName);
873 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) {
874 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, false, true, userId);
875 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, false, true, userId);
876 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, false, true, userId);
877 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, false, true, userId);
878 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, false, true, userId);
879 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, false, true, userId);
880 }
881 }
882
883 public void grantDefaultPermissionsToDefaultDialerApp(String packageName, int userId) {
884 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId);
885 if (packageName == null) {
886 return;
887 }
888 PackageParser.Package dialerPackage = getPackage(packageName);
889 if (dialerPackage != null
890 && doesPackageSupportRuntimePermissions(dialerPackage)) {
891 grantRuntimePermissions(dialerPackage, PHONE_PERMISSIONS, false, true, userId);
892 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, false, true, userId);
893 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, false, true, userId);
894 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, false, true, userId);
895 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, false, true, userId);
896 }
897 }
898
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]899 public void grantDefaultPermissionsToDefaultUseOpenWifiApp(String packageName, int userId) {
900 Log.i(TAG, "Granting permissions to default Use Open WiFi app for user:" + userId);
901 if (packageName == null) {
902 return;
903 }
904 PackageParser.Package useOpenWifiPackage = getPackage(packageName);
905 if (useOpenWifiPackage != null
906 && doesPackageSupportRuntimePermissions(useOpenWifiPackage)) {
907 grantRuntimePermissions(
908 useOpenWifiPackage, COARSE_LOCATION_PERMISSIONS, false, true, userId);
909 }
910 }
911
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]912 private void grantDefaultPermissionsToDefaultSimCallManager(
913 PackageParser.Package simCallManagerPackage, int userId) {
914 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId);
915 if (doesPackageSupportRuntimePermissions(simCallManagerPackage)) {
916 grantRuntimePermissions(simCallManagerPackage, PHONE_PERMISSIONS, userId);
917 grantRuntimePermissions(simCallManagerPackage, MICROPHONE_PERMISSIONS, userId);
918 }
919 }
920
921 public void grantDefaultPermissionsToDefaultSimCallManager(String packageName, int userId) {
922 if (packageName == null) {
923 return;
924 }
925 PackageParser.Package simCallManagerPackage = getPackage(packageName);
926 if (simCallManagerPackage != null) {
927 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage, userId);
928 }
929 }
930
931 public void grantDefaultPermissionsToEnabledCarrierApps(String[] packageNames, int userId) {
932 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId);
933 if (packageNames == null) {
934 return;
935 }
936 for (String packageName : packageNames) {
937 PackageParser.Package carrierPackage = getSystemPackage(packageName);
938 if (carrierPackage != null
939 && doesPackageSupportRuntimePermissions(carrierPackage)) {
940 grantRuntimePermissions(carrierPackage, PHONE_PERMISSIONS, userId);
941 grantRuntimePermissions(carrierPackage, LOCATION_PERMISSIONS, userId);
942 grantRuntimePermissions(carrierPackage, SMS_PERMISSIONS, userId);
943 }
944 }
945 }
946
947 public void grantDefaultPermissionsToEnabledImsServices(String[] packageNames, int userId) {
948 Log.i(TAG, "Granting permissions to enabled ImsServices for user:" + userId);
949 if (packageNames == null) {
950 return;
951 }
952 for (String packageName : packageNames) {
953 PackageParser.Package imsServicePackage = getSystemPackage(packageName);
954 if (imsServicePackage != null
955 && doesPackageSupportRuntimePermissions(imsServicePackage)) {
956 grantRuntimePermissions(imsServicePackage, PHONE_PERMISSIONS, userId);
957 grantRuntimePermissions(imsServicePackage, MICROPHONE_PERMISSIONS, userId);
958 grantRuntimePermissions(imsServicePackage, LOCATION_PERMISSIONS, userId);
959 grantRuntimePermissions(imsServicePackage, CAMERA_PERMISSIONS, userId);
960 }
961 }
962 }
963
964 public void grantDefaultPermissionsToDefaultBrowser(String packageName, int userId) {
965 Log.i(TAG, "Granting permissions to default browser for user:" + userId);
966 if (packageName == null) {
967 return;
968 }
969 PackageParser.Package browserPackage = getSystemPackage(packageName);
970 if (browserPackage != null
971 && doesPackageSupportRuntimePermissions(browserPackage)) {
972 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, false, false, userId);
973 }
974 }
975
976 private PackageParser.Package getDefaultSystemHandlerActivityPackage(
977 Intent intent, int userId) {
978 ResolveInfo handler = mServiceInternal.resolveIntent(intent,
979 intent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS, userId, false);
980 if (handler == null || handler.activityInfo == null) {
981 return null;
982 }
983 if (mServiceInternal.isResolveActivityComponent(handler.activityInfo)) {
984 return null;
985 }
986 return getSystemPackage(handler.activityInfo.packageName);
987 }
988
989 private PackageParser.Package getDefaultSystemHandlerServicePackage(
990 Intent intent, int userId) {
991 List<ResolveInfo> handlers = mServiceInternal.queryIntentServices(
992 intent, DEFAULT_FLAGS, Binder.getCallingUid(), userId);
993 if (handlers == null) {
994 return null;
995 }
996 final int handlerCount = handlers.size();
997 for (int i = 0; i < handlerCount; i++) {
998 ResolveInfo handler = handlers.get(i);
999 PackageParser.Package handlerPackage = getSystemPackage(
1000 handler.serviceInfo.packageName);
1001 if (handlerPackage != null) {
1002 return handlerPackage;
1003 }
1004 }
1005 return null;
1006 }
1007
1008 private List<PackageParser.Package> getHeadlessSyncAdapterPackages(
1009 String[] syncAdapterPackageNames, int userId) {
1010 List<PackageParser.Package> syncAdapterPackages = new ArrayList<>();
1011
1012 Intent homeIntent = new Intent(Intent.ACTION_MAIN);
1013 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER);
1014
1015 for (String syncAdapterPackageName : syncAdapterPackageNames) {
1016 homeIntent.setPackage(syncAdapterPackageName);
1017
1018 ResolveInfo homeActivity = mServiceInternal.resolveIntent(homeIntent,
1019 homeIntent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS,
1020 userId, false);
1021 if (homeActivity != null) {
1022 continue;
1023 }
1024
1025 PackageParser.Package syncAdapterPackage = getSystemPackage(syncAdapterPackageName);
1026 if (syncAdapterPackage != null) {
1027 syncAdapterPackages.add(syncAdapterPackage);
1028 }
1029 }
1030
1031 return syncAdapterPackages;
1032 }
1033
1034 private PackageParser.Package getDefaultProviderAuthorityPackage(
1035 String authority, int userId) {
1036 ProviderInfo provider =
1037 mServiceInternal.resolveContentProvider(authority, DEFAULT_FLAGS, userId);
1038 if (provider != null) {
1039 return getSystemPackage(provider.packageName);
1040 }
1041 return null;
1042 }
1043
1044 private PackageParser.Package getPackage(String packageName) {
1045 return mServiceInternal.getPackage(packageName);
1046 }
1047
1048 private PackageParser.Package getSystemPackage(String packageName) {
1049 PackageParser.Package pkg = getPackage(packageName);
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1050 if (pkg != null && pkg.isSystem()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1051 return !isSysComponentOrPersistentPlatformSignedPrivApp(pkg) ? pkg : null;
1052 }
1053 return null;
1054 }
1055
1056 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
1057 int userId) {
1058 grantRuntimePermissions(pkg, permissions, false, false, userId);
1059 }
1060
1061 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
1062 boolean systemFixed, int userId) {
1063 grantRuntimePermissions(pkg, permissions, systemFixed, false, userId);
1064 }
1065
1066 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1067 boolean systemFixed, boolean ignoreSystemPackage, int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1068 if (pkg.requestedPermissions.isEmpty()) {
1069 return;
1070 }
1071
1072 List<String> requestedPermissions = pkg.requestedPermissions;
1073 Set<String> grantablePermissions = null;
1074
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1075 // In some cases, like for the Phone or SMS app, we grant permissions regardless
1076 // of if the version on the system image declares the permission as used since
1077 // selecting the app as the default for that function the user makes a deliberate
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1078 // choice to grant this app the permissions needed to function. For all other
1079 // apps, (default grants on first boot and user creation) we don't grant default
1080 // permissions if the version on the system image does not declare them.
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1081 if (!ignoreSystemPackage && pkg.isUpdatedSystemApp()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1082 final PackageParser.Package disabledPkg =
1083 mServiceInternal.getDisabledPackage(pkg.packageName);
1084 if (disabledPkg != null) {
1085 if (disabledPkg.requestedPermissions.isEmpty()) {
1086 return;
1087 }
1088 if (!requestedPermissions.equals(disabledPkg.requestedPermissions)) {
1089 grantablePermissions = new ArraySet<>(requestedPermissions);
1090 requestedPermissions = disabledPkg.requestedPermissions;
1091 }
1092 }
1093 }
1094
1095 final int grantablePermissionCount = requestedPermissions.size();
1096 for (int i = 0; i < grantablePermissionCount; i++) {
1097 String permission = requestedPermissions.get(i);
1098
1099 // If there is a disabled system app it may request a permission the updated
1100 // version ot the data partition doesn't, In this case skip the permission.
1101 if (grantablePermissions != null && !grantablePermissions.contains(permission)) {
1102 continue;
1103 }
1104
1105 if (permissions.contains(permission)) {
1106 final int flags = mServiceInternal.getPermissionFlagsTEMP(
1107 permission, pkg.packageName, userId);
1108
1109 // If any flags are set to the permission, then it is either set in
1110 // its current state by the system or device/profile owner or the user.
1111 // In all these cases we do not want to clobber the current state.
1112 // Unless the caller wants to override user choices. The override is
1113 // to make sure we can grant the needed permission to the default
1114 // sms and phone apps after the user chooses this in the UI.
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1115 if (flags == 0 || ignoreSystemPackage) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1116 // Never clobber policy or system.
1117 final int fixedFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED
1118 | PackageManager.FLAG_PERMISSION_POLICY_FIXED;
1119 if ((flags & fixedFlags) != 0) {
1120 continue;
1121 }
1122
1123 mServiceInternal.grantRuntimePermission(
1124 pkg.packageName, permission, userId, false);
1125 if (DEBUG) {
1126 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ")
1127 + permission + " to default handler " + pkg.packageName);
1128 }
1129
1130 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT;
1131 if (systemFixed) {
1132 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
1133 }
1134
1135 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName,
1136 newFlags, newFlags, userId);
1137 }
1138
1139 // If a component gets a permission for being the default handler A
1140 // and also default handler B, we grant the weaker grant form.
1141 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
1142 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0
1143 && !systemFixed) {
1144 if (DEBUG) {
1145 Log.i(TAG, "Granted not fixed " + permission + " to default handler "
1146 + pkg.packageName);
1147 }
1148 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName,
1149 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, userId);
1150 }
1151 }
1152 }
1153 }
1154
1155 private boolean isSysComponentOrPersistentPlatformSignedPrivApp(PackageParser.Package pkg) {
1156 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) {
1157 return true;
1158 }
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1159 if (!pkg.isPrivileged()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1160 return false;
1161 }
1162 final PackageParser.Package disabledPkg =
1163 mServiceInternal.getDisabledPackage(pkg.packageName);
1164 if (disabledPkg != null) {
1165 if ((disabledPkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
1166 return false;
1167 }
1168 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
1169 return false;
1170 }
1171 final String systemPackageName = mServiceInternal.getKnownPackageName(
1172 PackageManagerInternal.PACKAGE_SYSTEM, UserHandle.USER_SYSTEM);
1173 final PackageParser.Package systemPackage = getPackage(systemPackageName);
Dan Cashman1dbe6d02018-01-23 11:18:28 -0800[diff] [blame]1174 return pkg.mSigningDetails.hasAncestorOrSelf(systemPackage.mSigningDetails)
1175 || systemPackage.mSigningDetails.checkCapability(pkg.mSigningDetails,
1176 PackageParser.SigningDetails.CertCapabilities.PERMISSION);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1177 }
1178
1179 private void grantDefaultPermissionExceptions(int userId) {
1180 mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
1181
1182 synchronized (mLock) {
1183 // mGrantExceptions is null only before the first read and then
1184 // it serves as a cache of the default grants that should be
1185 // performed for every user. If there is an entry then the app
1186 // is on the system image and supports runtime permissions.
1187 if (mGrantExceptions == null) {
1188 mGrantExceptions = readDefaultPermissionExceptionsLocked();
1189 }
1190 }
1191
1192 Set<String> permissions = null;
1193 final int exceptionCount = mGrantExceptions.size();
1194 for (int i = 0; i < exceptionCount; i++) {
1195 String packageName = mGrantExceptions.keyAt(i);
1196 PackageParser.Package pkg = getSystemPackage(packageName);
1197 List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i);
1198 final int permissionGrantCount = permissionGrants.size();
1199 for (int j = 0; j < permissionGrantCount; j++) {
1200 DefaultPermissionGrant permissionGrant = permissionGrants.get(j);
1201 if (permissions == null) {
1202 permissions = new ArraySet<>();
1203 } else {
1204 permissions.clear();
1205 }
1206 permissions.add(permissionGrant.name);
1207 grantRuntimePermissions(pkg, permissions,
1208 permissionGrant.fixed, userId);
1209 }
1210 }
1211 }
1212
1213 private File[] getDefaultPermissionFiles() {
1214 ArrayList<File> ret = new ArrayList<File>();
1215 File dir = new File(Environment.getRootDirectory(), "etc/default-permissions");
1216 if (dir.isDirectory() && dir.canRead()) {
1217 Collections.addAll(ret, dir.listFiles());
1218 }
1219 dir = new File(Environment.getVendorDirectory(), "etc/default-permissions");
1220 if (dir.isDirectory() && dir.canRead()) {
1221 Collections.addAll(ret, dir.listFiles());
1222 }
Jaekyun Seok1713d9e2018-01-12 21:47:26 +0900[diff] [blame]1223 dir = new File(Environment.getProductDirectory(), "etc/default-permissions");
1224 if (dir.isDirectory() && dir.canRead()) {
1225 Collections.addAll(ret, dir.listFiles());
1226 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1227 return ret.isEmpty() ? null : ret.toArray(new File[0]);
1228 }
1229
1230 private @NonNull ArrayMap<String, List<DefaultPermissionGrant>>
1231 readDefaultPermissionExceptionsLocked() {
1232 File[] files = getDefaultPermissionFiles();
1233 if (files == null) {
1234 return new ArrayMap<>(0);
1235 }
1236
1237 ArrayMap<String, List<DefaultPermissionGrant>> grantExceptions = new ArrayMap<>();
1238
1239 // Iterate over the files in the directory and scan .xml files
1240 for (File file : files) {
1241 if (!file.getPath().endsWith(".xml")) {
1242 Slog.i(TAG, "Non-xml file " + file
1243 + " in " + file.getParent() + " directory, ignoring");
1244 continue;
1245 }
1246 if (!file.canRead()) {
1247 Slog.w(TAG, "Default permissions file " + file + " cannot be read");
1248 continue;
1249 }
1250 try (
1251 InputStream str = new BufferedInputStream(new FileInputStream(file))
1252 ) {
1253 XmlPullParser parser = Xml.newPullParser();
1254 parser.setInput(str, null);
1255 parse(parser, grantExceptions);
1256 } catch (XmlPullParserException | IOException e) {
1257 Slog.w(TAG, "Error reading default permissions file " + file, e);
1258 }
1259 }
1260
1261 return grantExceptions;
1262 }
1263
1264 private void parse(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1265 outGrantExceptions) throws IOException, XmlPullParserException {
1266 final int outerDepth = parser.getDepth();
1267 int type;
1268 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1269 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1270 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1271 continue;
1272 }
1273 if (TAG_EXCEPTIONS.equals(parser.getName())) {
1274 parseExceptions(parser, outGrantExceptions);
1275 } else {
1276 Log.e(TAG, "Unknown tag " + parser.getName());
1277 }
1278 }
1279 }
1280
1281 private void parseExceptions(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1282 outGrantExceptions) throws IOException, XmlPullParserException {
1283 final int outerDepth = parser.getDepth();
1284 int type;
1285 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1286 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1287 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1288 continue;
1289 }
1290 if (TAG_EXCEPTION.equals(parser.getName())) {
1291 String packageName = parser.getAttributeValue(null, ATTR_PACKAGE);
1292
1293 List<DefaultPermissionGrant> packageExceptions =
1294 outGrantExceptions.get(packageName);
1295 if (packageExceptions == null) {
1296 // The package must be on the system image
1297 PackageParser.Package pkg = getSystemPackage(packageName);
1298 if (pkg == null) {
1299 Log.w(TAG, "Unknown package:" + packageName);
1300 XmlUtils.skipCurrentTag(parser);
1301 continue;
1302 }
1303
1304 // The package must support runtime permissions
1305 if (!doesPackageSupportRuntimePermissions(pkg)) {
1306 Log.w(TAG, "Skipping non supporting runtime permissions package:"
1307 + packageName);
1308 XmlUtils.skipCurrentTag(parser);
1309 continue;
1310 }
1311 packageExceptions = new ArrayList<>();
1312 outGrantExceptions.put(packageName, packageExceptions);
1313 }
1314
1315 parsePermission(parser, packageExceptions);
1316 } else {
1317 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exceptions>");
1318 }
1319 }
1320 }
1321
1322 private void parsePermission(XmlPullParser parser, List<DefaultPermissionGrant>
1323 outPackageExceptions) throws IOException, XmlPullParserException {
1324 final int outerDepth = parser.getDepth();
1325 int type;
1326 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1327 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1328 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1329 continue;
1330 }
1331
1332 if (TAG_PERMISSION.contains(parser.getName())) {
1333 String name = parser.getAttributeValue(null, ATTR_NAME);
1334 if (name == null) {
1335 Log.w(TAG, "Mandatory name attribute missing for permission tag");
1336 XmlUtils.skipCurrentTag(parser);
1337 continue;
1338 }
1339
1340 final boolean fixed = XmlUtils.readBooleanAttribute(parser, ATTR_FIXED);
1341
1342 DefaultPermissionGrant exception = new DefaultPermissionGrant(name, fixed);
1343 outPackageExceptions.add(exception);
1344 } else {
1345 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exception>");
1346 }
1347 }
1348 }
1349
1350 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) {
1351 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1;
1352 }
1353
1354 private static final class DefaultPermissionGrant {
1355 final String name;
1356 final boolean fixed;
1357
1358 public DefaultPermissionGrant(String name, boolean fixed) {
1359 this.name = name;
1360 this.fixed = fixed;
1361 }
1362 }
1363}