Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 0faa8012ad9c279bed480045d45d21c0bf02239b / . / services / core / java / com / android / server / pm / permission / DefaultPermissionGrantPolicy.java
blob: 447234ed290b489362884ed56a8abbc5ec4ccf70 [file] [log] [blame]
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.pm.permission;
18
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]19import static android.os.Process.FIRST_APPLICATION_UID;
Todd Kennedy7c4c55d2017-11-02 10:01:39 -0700[diff] [blame]20
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]21import android.Manifest;
22import android.annotation.NonNull;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]23import android.annotation.Nullable;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]24import android.app.ActivityManager;
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]25import android.app.AppOpsManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]26import android.app.DownloadManager;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]27import android.app.SearchManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]28import android.app.admin.DevicePolicyManager;
29import android.companion.CompanionDeviceManager;
30import android.content.Context;
31import android.content.Intent;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]32import android.content.pm.ApplicationInfo;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]33import android.content.pm.PackageInfo;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]34import android.content.pm.PackageManager;
Jeff Sharkey7a807602018-10-18 13:21:55 -0600[diff] [blame]35import android.content.pm.PackageManager.NameNotFoundException;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]36import android.content.pm.PackageManagerInternal;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]37import android.content.pm.PackageManagerInternal.PackagesProvider;
38import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider;
Jeff Sharkey7a807602018-10-18 13:21:55 -0600[diff] [blame]39import android.content.pm.PermissionInfo;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]40import android.content.pm.ProviderInfo;
41import android.content.pm.ResolveInfo;
42import android.media.RingtoneManager;
43import android.net.Uri;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]44import android.os.Build;
45import android.os.Environment;
46import android.os.Handler;
47import android.os.Looper;
48import android.os.Message;
49import android.os.UserHandle;
50import android.os.storage.StorageManager;
Philip P. Moltmann039678e2018-09-18 13:04:38 -0700[diff] [blame]51import android.permission.PermissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]52import android.print.PrintManager;
53import android.provider.CalendarContract;
54import android.provider.ContactsContract;
55import android.provider.MediaStore;
56import android.provider.Telephony.Sms.Intents;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]57import android.security.Credentials;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]58import android.speech.RecognitionService;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]59import android.telephony.TelephonyManager;
Ye Wen8e8b2d52018-03-14 11:48:24 -0700[diff] [blame]60import android.text.TextUtils;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]61import android.util.ArrayMap;
62import android.util.ArraySet;
63import android.util.Log;
64import android.util.Slog;
65import android.util.Xml;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]66
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]67import com.android.internal.util.ArrayUtils;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]68import com.android.internal.util.XmlUtils;
69import com.android.server.LocalServices;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]70
71import org.xmlpull.v1.XmlPullParser;
72import org.xmlpull.v1.XmlPullParserException;
73
74import java.io.BufferedInputStream;
75import java.io.File;
76import java.io.FileInputStream;
77import java.io.IOException;
78import java.io.InputStream;
79import java.util.ArrayList;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]80import java.util.Arrays;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]81import java.util.Collections;
82import java.util.List;
83import java.util.Map;
84import java.util.Set;
85
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]86/**
87 * This class is the policy for granting runtime permissions to
88 * platform components and default handlers in the system such
89 * that the device is usable out-of-the-box. For example, the
90 * shell UID is a part of the system and the Phone app should
91 * have phone related permission by default.
92 * <p>
93 * NOTE: This class is at the wrong abstraction level. It is a part of the package manager
94 * service but knows about lots of higher level subsystems. The correct way to do this is
95 * to have an interface defined in the package manager but have the impl next to other
96 * policy stuff like PhoneWindowManager
97 */
98public final class DefaultPermissionGrantPolicy {
99 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars
100 private static final boolean DEBUG = false;
101
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]102 @PackageManager.ResolveInfoFlags
103 private static final int DEFAULT_INTENT_QUERY_FLAGS =
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]104 PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE
105 | PackageManager.MATCH_UNINSTALLED_PACKAGES;
106
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]107 @PackageManager.PackageInfoFlags
108 private static final int DEFAULT_PACKAGE_INFO_QUERY_FLAGS =
109 PackageManager.MATCH_UNINSTALLED_PACKAGES | PackageManager.GET_PERMISSIONS;
110
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]111 private static final String AUDIO_MIME_TYPE = "audio/mpeg";
112
113 private static final String TAG_EXCEPTIONS = "exceptions";
114 private static final String TAG_EXCEPTION = "exception";
115 private static final String TAG_PERMISSION = "permission";
116 private static final String ATTR_PACKAGE = "package";
117 private static final String ATTR_NAME = "name";
118 private static final String ATTR_FIXED = "fixed";
119
120 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>();
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]121
122
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]123 static {
124 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE);
125 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE);
126 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG);
127 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG);
128 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL);
129 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP);
130 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS);
131 }
132
133 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>();
134 static {
135 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS);
136 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS);
137 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS);
138 }
139
140 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>();
141 static {
142 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION);
143 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);
144 }
145
Calvin On5eda9dd2018-12-12 15:43:28 -0800[diff] [blame]146 private static final Set<String> ALWAYS_LOCATION_PERMISSIONS = new ArraySet<>();
147 static {
148 ALWAYS_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION);
149 ALWAYS_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);
150 ALWAYS_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_BACKGROUND_LOCATION);
151 }
152
Zimuzo5ac1eb92018-11-29 12:51:14 +0000[diff] [blame]153 private static final Set<String> ACTIVITY_RECOGNITION_PERMISSIONS = new ArraySet<>();
154 static {
155 ACTIVITY_RECOGNITION_PERMISSIONS.add(Manifest.permission.ACTIVITY_RECOGNITION);
156 }
157
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]158 private static final Set<String> COARSE_LOCATION_PERMISSIONS = new ArraySet<>();
159 static {
160 COARSE_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);
161 }
162
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]163 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>();
164 static {
165 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR);
166 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR);
167 }
168
169 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>();
170 static {
171 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS);
172 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS);
173 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS);
174 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH);
175 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS);
176 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS);
177 }
178
179 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>();
180 static {
181 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO);
182 }
183
184 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>();
185 static {
186 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA);
187 }
188
189 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>();
190 static {
191 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS);
192 }
193
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame]194 @Deprecated
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]195 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>();
196 static {
Jeff Sharkeyb1629092018-08-24 10:33:12 -0600[diff] [blame]197 // STOPSHIP(b/112545973): remove once feature enabled by default
Jeff Sharkey10ec9d82018-11-28 14:52:45 -0700[diff] [blame]198 if (!StorageManager.hasIsolatedStorage()) {
Jeff Sharkeyb1629092018-08-24 10:33:12 -0600[diff] [blame]199 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE);
200 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE);
201 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]202 }
203
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame]204 private static final Set<String> MEDIA_AURAL_PERMISSIONS = new ArraySet<>();
205 static {
206 // STOPSHIP(b/112545973): remove once feature enabled by default
Jeff Sharkey10ec9d82018-11-28 14:52:45 -0700[diff] [blame]207 if (StorageManager.hasIsolatedStorage()) {
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame]208 MEDIA_AURAL_PERMISSIONS.add(Manifest.permission.READ_MEDIA_AUDIO);
Jeff Sharkey62078972019-02-20 18:10:01 -0700[diff] [blame]209
210 // STOPSHIP(b/124466734): remove these manual grants once the legacy
211 // permission logic is unified with PermissionController
212 MEDIA_AURAL_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE);
213 MEDIA_AURAL_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE);
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame]214 }
215 }
216
217 private static final Set<String> MEDIA_VISUAL_PERMISSIONS = new ArraySet<>();
218 static {
219 // STOPSHIP(b/112545973): remove once feature enabled by default
Jeff Sharkey10ec9d82018-11-28 14:52:45 -0700[diff] [blame]220 if (StorageManager.hasIsolatedStorage()) {
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame]221 MEDIA_VISUAL_PERMISSIONS.add(Manifest.permission.READ_MEDIA_VIDEO);
Jeff Sharkey9787a9452018-11-18 17:53:02 -0700[diff] [blame]222 MEDIA_VISUAL_PERMISSIONS.add(Manifest.permission.READ_MEDIA_IMAGES);
Jeff Sharkey62078972019-02-20 18:10:01 -0700[diff] [blame]223
224 // STOPSHIP(b/124466734): remove these manual grants once the legacy
225 // permission logic is unified with PermissionController
226 MEDIA_VISUAL_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE);
227 MEDIA_VISUAL_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE);
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame]228 }
229 }
230
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]231 private static final int MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS = 1;
232
233 private static final String ACTION_TRACK = "com.android.fitness.TRACK";
234
235 private final Handler mHandler;
236
237 private PackagesProvider mLocationPackagesProvider;
Wei Wangffb94e62019-01-14 00:05:45 -0800[diff] [blame]238 private PackagesProvider mLocationExtraPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]239 private PackagesProvider mVoiceInteractionPackagesProvider;
240 private PackagesProvider mSmsAppPackagesProvider;
241 private PackagesProvider mDialerAppPackagesProvider;
242 private PackagesProvider mSimCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]243 private PackagesProvider mUseOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]244 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider;
245
246 private ArrayMap<String, List<DefaultPermissionGrant>> mGrantExceptions;
247 private final Context mContext;
248 private final Object mLock = new Object();
249 private final PackageManagerInternal mServiceInternal;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]250 private final PermissionManagerService mPermissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]251 private final DefaultPermissionGrantedCallback mPermissionGrantedCallback;
252 public interface DefaultPermissionGrantedCallback {
253 /** Callback when permissions have been granted */
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]254 void onDefaultRuntimePermissionsGranted(int userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]255 }
256
257 public DefaultPermissionGrantPolicy(Context context, Looper looper,
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]258 @Nullable DefaultPermissionGrantedCallback callback,
259 @NonNull PermissionManagerService permissionManager) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]260 mContext = context;
261 mHandler = new Handler(looper) {
262 @Override
263 public void handleMessage(Message msg) {
264 if (msg.what == MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS) {
265 synchronized (mLock) {
266 if (mGrantExceptions == null) {
267 mGrantExceptions = readDefaultPermissionExceptionsLocked();
268 }
269 }
270 }
271 }
272 };
273 mPermissionGrantedCallback = callback;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]274 mPermissionManager = permissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]275 mServiceInternal = LocalServices.getService(PackageManagerInternal.class);
276 }
277
278 public void setLocationPackagesProvider(PackagesProvider provider) {
279 synchronized (mLock) {
280 mLocationPackagesProvider = provider;
281 }
282 }
283
Wei Wangffb94e62019-01-14 00:05:45 -0800[diff] [blame]284 /** Sets the provider for loction extra packages. */
285 public void setLocationExtraPackagesProvider(PackagesProvider provider) {
286 synchronized (mLock) {
287 mLocationExtraPackagesProvider = provider;
288 }
289 }
290
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]291 public void setVoiceInteractionPackagesProvider(PackagesProvider provider) {
292 synchronized (mLock) {
293 mVoiceInteractionPackagesProvider = provider;
294 }
295 }
296
297 public void setSmsAppPackagesProvider(PackagesProvider provider) {
298 synchronized (mLock) {
299 mSmsAppPackagesProvider = provider;
300 }
301 }
302
303 public void setDialerAppPackagesProvider(PackagesProvider provider) {
304 synchronized (mLock) {
305 mDialerAppPackagesProvider = provider;
306 }
307 }
308
309 public void setSimCallManagerPackagesProvider(PackagesProvider provider) {
310 synchronized (mLock) {
311 mSimCallManagerPackagesProvider = provider;
312 }
313 }
314
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]315 public void setUseOpenWifiAppPackagesProvider(PackagesProvider provider) {
316 synchronized (mLock) {
317 mUseOpenWifiAppPackagesProvider = provider;
318 }
319 }
320
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]321 public void setSyncAdapterPackagesProvider(SyncAdapterPackagesProvider provider) {
322 synchronized (mLock) {
323 mSyncAdapterPackagesProvider = provider;
324 }
325 }
326
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]327 public void grantDefaultPermissions(int userId) {
Ralph Nathanbd111582018-03-21 14:53:23 -0700[diff] [blame]328 grantPermissionsToSysComponentsAndPrivApps(userId);
329 grantDefaultSystemHandlerPermissions(userId);
330 grantDefaultPermissionExceptions(userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]331 }
332
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]333 private void grantRuntimePermissionsForSystemPackage(int userId, PackageInfo pkg) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]334 Set<String> permissions = new ArraySet<>();
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]335 for (String permission : pkg.requestedPermissions) {
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]336 final BasePermission bp = mPermissionManager.getPermission(permission);
337 if (bp == null) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]338 continue;
339 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]340 if (bp.isRuntime()) {
341 permissions.add(permission);
342 }
343 }
344 if (!permissions.isEmpty()) {
345 grantRuntimePermissions(pkg, permissions, true, userId);
346 }
347 }
348
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]349 public void scheduleReadDefaultPermissionExceptions() {
350 mHandler.sendEmptyMessage(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
351 }
352
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]353 private void grantPermissionsToSysComponentsAndPrivApps(int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]354 Log.i(TAG, "Granting permissions to platform components for user " + userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]355 List<PackageInfo> packages = mContext.getPackageManager().getInstalledPackagesAsUser(
356 DEFAULT_PACKAGE_INFO_QUERY_FLAGS, UserHandle.USER_SYSTEM);
357 for (PackageInfo pkg : packages) {
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]358 if (pkg == null) {
359 continue;
360 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]361 if (!isSysComponentOrPersistentPlatformSignedPrivApp(pkg)
362 || !doesPackageSupportRuntimePermissions(pkg)
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]363 || ArrayUtils.isEmpty(pkg.requestedPermissions)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]364 continue;
365 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]366 grantRuntimePermissionsForSystemPackage(userId, pkg);
367 }
368 }
369
370 @SafeVarargs
371 private final void grantIgnoringSystemPackage(String packageName, int userId,
372 Set<String>... permissionGroups) {
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]373 grantPermissionsToPackage(
374 packageName, userId, true /* ignoreSystemPackage */, permissionGroups);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]375 }
376
377 @SafeVarargs
378 private final void grantSystemFixedPermissionsToSystemPackage(String packageName, int userId,
379 Set<String>... permissionGroups) {
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]380 grantPermissionsToSystemPackage(
381 packageName, userId, true /* systemFixed */, permissionGroups);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]382 }
383
384 @SafeVarargs
385 private final void grantPermissionsToSystemPackage(
386 String packageName, int userId, Set<String>... permissionGroups) {
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]387 grantPermissionsToSystemPackage(
388 packageName, userId, false /* systemFixed */, permissionGroups);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]389 }
390
391 @SafeVarargs
392 private final void grantPermissionsToSystemPackage(String packageName, int userId,
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]393 boolean systemFixed, Set<String>... permissionGroups) {
394 if (!isSystemPackage(packageName)) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]395 return;
396 }
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]397 grantPermissionsToPackage(getSystemPackageInfo(packageName),
398 userId, systemFixed, false /* ignoreSystemPackage */, permissionGroups);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]399 }
400
401 @SafeVarargs
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]402 private final void grantPermissionsToPackage(String packageName, int userId,
403 boolean ignoreSystemPackage, Set<String>... permissionGroups) {
404 grantPermissionsToPackage(getPackageInfo(packageName),
405 userId, false /* systemFixed */, ignoreSystemPackage, permissionGroups);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]406 }
407
408 @SafeVarargs
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]409 private final void grantPermissionsToPackage(PackageInfo packageName, int userId,
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]410 boolean systemFixed, boolean ignoreSystemPackage, Set<String>... permissionGroups) {
411 if (packageName == null) return;
412 if (doesPackageSupportRuntimePermissions(packageName)) {
413 for (Set<String> permissionGroup : permissionGroups) {
414 grantRuntimePermissions(packageName, permissionGroup, systemFixed,
415 ignoreSystemPackage, userId);
416 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]417 }
418 }
419
420 private void grantDefaultSystemHandlerPermissions(int userId) {
421 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId);
422
423 final PackagesProvider locationPackagesProvider;
Wei Wangffb94e62019-01-14 00:05:45 -0800[diff] [blame]424 final PackagesProvider locationExtraPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]425 final PackagesProvider voiceInteractionPackagesProvider;
426 final PackagesProvider smsAppPackagesProvider;
427 final PackagesProvider dialerAppPackagesProvider;
428 final PackagesProvider simCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]429 final PackagesProvider useOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]430 final SyncAdapterPackagesProvider syncAdapterPackagesProvider;
431
432 synchronized (mLock) {
433 locationPackagesProvider = mLocationPackagesProvider;
Wei Wangffb94e62019-01-14 00:05:45 -0800[diff] [blame]434 locationExtraPackagesProvider = mLocationExtraPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]435 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider;
436 smsAppPackagesProvider = mSmsAppPackagesProvider;
437 dialerAppPackagesProvider = mDialerAppPackagesProvider;
438 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]439 useOpenWifiAppPackagesProvider = mUseOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]440 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider;
441 }
442
443 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null)
444 ? voiceInteractionPackagesProvider.getPackages(userId) : null;
445 String[] locationPackageNames = (locationPackagesProvider != null)
446 ? locationPackagesProvider.getPackages(userId) : null;
Wei Wangffb94e62019-01-14 00:05:45 -0800[diff] [blame]447 String[] locationExtraPackageNames = (locationExtraPackagesProvider != null)
448 ? locationExtraPackagesProvider.getPackages(userId) : null;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]449 String[] smsAppPackageNames = (smsAppPackagesProvider != null)
450 ? smsAppPackagesProvider.getPackages(userId) : null;
451 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null)
452 ? dialerAppPackagesProvider.getPackages(userId) : null;
453 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null)
454 ? simCallManagerPackagesProvider.getPackages(userId) : null;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]455 String[] useOpenWifiAppPackageNames = (useOpenWifiAppPackagesProvider != null)
456 ? useOpenWifiAppPackagesProvider.getPackages(userId) : null;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]457 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
458 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null;
459 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
460 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null;
461
462 // Installer
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]463 grantSystemFixedPermissionsToSystemPackage(
464 getKnownPackage(PackageManagerInternal.PACKAGE_INSTALLER, userId),
465 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]466
467 // Verifier
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]468 final String verifier = getKnownPackage(PackageManagerInternal.PACKAGE_VERIFIER, userId);
469 grantSystemFixedPermissionsToSystemPackage(verifier, userId, STORAGE_PERMISSIONS);
470 grantPermissionsToSystemPackage(verifier, userId, PHONE_PERMISSIONS, SMS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]471
472 // SetupWizard
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]473 grantPermissionsToSystemPackage(
474 getKnownPackage(PackageManagerInternal.PACKAGE_SETUP_WIZARD, userId), userId,
475 PHONE_PERMISSIONS, CONTACTS_PERMISSIONS, LOCATION_PERMISSIONS, CAMERA_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]476
477 // Camera
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]478 grantPermissionsToSystemPackage(
479 getDefaultSystemHandlerActivityPackage(MediaStore.ACTION_IMAGE_CAPTURE, userId),
480 userId, CAMERA_PERMISSIONS, MICROPHONE_PERMISSIONS, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]481
482 // Media provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]483 grantSystemFixedPermissionsToSystemPackage(
484 getDefaultProviderAuthorityPackage(MediaStore.AUTHORITY, userId), userId,
485 STORAGE_PERMISSIONS, MEDIA_AURAL_PERMISSIONS, MEDIA_VISUAL_PERMISSIONS,
486 PHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]487
488 // Downloads provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]489 grantSystemFixedPermissionsToSystemPackage(
490 getDefaultProviderAuthorityPackage("downloads", userId), userId,
491 STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]492
493 // Downloads UI
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]494 grantSystemFixedPermissionsToSystemPackage(
495 getDefaultSystemHandlerActivityPackage(
496 DownloadManager.ACTION_VIEW_DOWNLOADS, userId),
497 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]498
499 // Storage provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]500 grantSystemFixedPermissionsToSystemPackage(
501 getDefaultProviderAuthorityPackage("com.android.externalstorage.documents", userId),
502 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]503
504 // CertInstaller
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]505 grantSystemFixedPermissionsToSystemPackage(
506 getDefaultSystemHandlerActivityPackage(Credentials.INSTALL_ACTION, userId), userId,
507 STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]508
509 // Dialer
510 if (dialerAppPackageNames == null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]511 String dialerPackage =
512 getDefaultSystemHandlerActivityPackage(Intent.ACTION_DIAL, userId);
513 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]514 } else {
515 for (String dialerAppPackageName : dialerAppPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]516 grantDefaultPermissionsToDefaultSystemDialerApp(dialerAppPackageName, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]517 }
518 }
519
520 // Sim call manager
521 if (simCallManagerPackageNames != null) {
522 for (String simCallManagerPackageName : simCallManagerPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]523 grantDefaultPermissionsToDefaultSystemSimCallManager(
524 simCallManagerPackageName, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]525 }
526 }
527
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]528 // Use Open Wifi
529 if (useOpenWifiAppPackageNames != null) {
530 for (String useOpenWifiPackageName : useOpenWifiAppPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]531 grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(
532 useOpenWifiPackageName, userId);
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]533 }
534 }
535
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]536 // SMS
537 if (smsAppPackageNames == null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]538 String smsPackage = getDefaultSystemHandlerActivityPackageForCategory(
539 Intent.CATEGORY_APP_MESSAGING, userId);
540 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]541 } else {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]542 for (String smsPackage : smsAppPackageNames) {
543 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]544 }
545 }
546
547 // Cell Broadcast Receiver
Edward Savage-Jonesf3979b82018-10-15 09:38:53 +0200[diff] [blame]548 grantSystemFixedPermissionsToSystemPackage(
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]549 getDefaultSystemHandlerActivityPackage(Intents.SMS_CB_RECEIVED_ACTION, userId),
550 userId, SMS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]551
552 // Carrier Provisioning Service
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]553 grantPermissionsToSystemPackage(
554 getDefaultSystemHandlerServicePackage(Intents.SMS_CARRIER_PROVISION_ACTION, userId),
555 userId, SMS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]556
557 // Calendar
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]558 grantPermissionsToSystemPackage(
559 getDefaultSystemHandlerActivityPackageForCategory(
560 Intent.CATEGORY_APP_CALENDAR, userId),
561 userId, CALENDAR_PERMISSIONS, CONTACTS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]562
563 // Calendar provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]564 String calendarProvider =
565 getDefaultProviderAuthorityPackage(CalendarContract.AUTHORITY, userId);
566 grantPermissionsToSystemPackage(calendarProvider, userId,
567 CONTACTS_PERMISSIONS, STORAGE_PERMISSIONS);
568 grantSystemFixedPermissionsToSystemPackage(calendarProvider, userId, CALENDAR_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]569
570 // Calendar provider sync adapters
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]571 grantPermissionToEachSystemPackage(
572 getHeadlessSyncAdapterPackages(calendarSyncAdapterPackages, userId),
573 userId, CALENDAR_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]574
575 // Contacts
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]576 grantPermissionsToSystemPackage(
577 getDefaultSystemHandlerActivityPackageForCategory(
578 Intent.CATEGORY_APP_CONTACTS, userId),
579 userId, CONTACTS_PERMISSIONS, PHONE_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]580
581 // Contacts provider sync adapters
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]582 grantPermissionToEachSystemPackage(
583 getHeadlessSyncAdapterPackages(contactsSyncAdapterPackages, userId),
584 userId, CONTACTS_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]585
586 // Contacts provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]587 String contactsProviderPackage =
588 getDefaultProviderAuthorityPackage(ContactsContract.AUTHORITY, userId);
589 grantSystemFixedPermissionsToSystemPackage(contactsProviderPackage, userId,
590 CONTACTS_PERMISSIONS, PHONE_PERMISSIONS);
591 grantPermissionsToSystemPackage(contactsProviderPackage, userId, STORAGE_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]592
593 // Device provisioning
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]594 grantPermissionsToSystemPackage(
595 getDefaultSystemHandlerActivityPackage(
596 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE, userId),
597 userId, CONTACTS_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]598
599 // Maps
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]600 grantPermissionsToSystemPackage(
601 getDefaultSystemHandlerActivityPackageForCategory(Intent.CATEGORY_APP_MAPS, userId),
602 userId, LOCATION_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]603
604 // Gallery
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]605 grantPermissionsToSystemPackage(
606 getDefaultSystemHandlerActivityPackageForCategory(
607 Intent.CATEGORY_APP_GALLERY, userId),
608 userId, STORAGE_PERMISSIONS, MEDIA_VISUAL_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]609
610 // Email
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]611 grantPermissionsToSystemPackage(
612 getDefaultSystemHandlerActivityPackageForCategory(
613 Intent.CATEGORY_APP_EMAIL, userId),
614 userId, CONTACTS_PERMISSIONS, CALENDAR_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]615
616 // Browser
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]617 String browserPackage = getKnownPackage(PackageManagerInternal.PACKAGE_BROWSER, userId);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]618 if (browserPackage == null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]619 browserPackage = getDefaultSystemHandlerActivityPackageForCategory(
620 Intent.CATEGORY_APP_BROWSER, userId);
621 if (!isSystemPackage(browserPackage)) {
622 browserPackage = null;
623 }
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]624 }
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]625 grantPermissionsToPackage(browserPackage, userId,
626 false /* ignoreSystemPackage */, LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]627
628 // Voice interaction
629 if (voiceInteractPackageNames != null) {
630 for (String voiceInteractPackageName : voiceInteractPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]631 grantPermissionsToSystemPackage(voiceInteractPackageName, userId,
632 CONTACTS_PERMISSIONS, CALENDAR_PERMISSIONS, MICROPHONE_PERMISSIONS,
633 PHONE_PERMISSIONS, SMS_PERMISSIONS, LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]634 }
635 }
636
637 if (ActivityManager.isLowRamDeviceStatic()) {
638 // Allow voice search on low-ram devices
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]639 grantPermissionsToSystemPackage(
640 getDefaultSystemHandlerActivityPackage(
641 SearchManager.INTENT_ACTION_GLOBAL_SEARCH, userId),
642 userId, MICROPHONE_PERMISSIONS, LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]643 }
644
645 // Voice recognition
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]646 Intent voiceRecoIntent = new Intent(RecognitionService.SERVICE_INTERFACE)
647 .addCategory(Intent.CATEGORY_DEFAULT);
648 grantPermissionsToSystemPackage(
649 getDefaultSystemHandlerServicePackage(voiceRecoIntent, userId), userId,
650 MICROPHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]651
652 // Location
653 if (locationPackageNames != null) {
654 for (String packageName : locationPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]655 grantPermissionsToSystemPackage(packageName, userId,
656 CONTACTS_PERMISSIONS, CALENDAR_PERMISSIONS, MICROPHONE_PERMISSIONS,
657 PHONE_PERMISSIONS, SMS_PERMISSIONS, CAMERA_PERMISSIONS,
Jeff Sharkey62078972019-02-20 18:10:01 -0700[diff] [blame]658 SENSORS_PERMISSIONS, STORAGE_PERMISSIONS, MEDIA_AURAL_PERMISSIONS);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]659 grantSystemFixedPermissionsToSystemPackage(packageName, userId,
Zimuzo5ac1eb92018-11-29 12:51:14 +0000[diff] [blame]660 LOCATION_PERMISSIONS, ACTIVITY_RECOGNITION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]661 }
662 }
Wei Wangffb94e62019-01-14 00:05:45 -0800[diff] [blame]663 if (locationExtraPackageNames != null) {
664 // Also grant location permission to location extra packages.
665 for (String packageName : locationExtraPackageNames) {
666 grantPermissionsToSystemPackage(packageName, userId, LOCATION_PERMISSIONS);
667 }
668 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]669
670 // Music
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]671 Intent musicIntent = new Intent(Intent.ACTION_VIEW)
672 .addCategory(Intent.CATEGORY_DEFAULT)
673 .setDataAndType(Uri.fromFile(new File("foo.mp3")), AUDIO_MIME_TYPE);
674 grantPermissionsToSystemPackage(
675 getDefaultSystemHandlerActivityPackage(musicIntent, userId), userId,
676 STORAGE_PERMISSIONS, MEDIA_AURAL_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]677
678 // Home
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]679 Intent homeIntent = new Intent(Intent.ACTION_MAIN)
680 .addCategory(Intent.CATEGORY_HOME)
681 .addCategory(Intent.CATEGORY_LAUNCHER_APP);
682 grantPermissionsToSystemPackage(
683 getDefaultSystemHandlerActivityPackage(homeIntent, userId), userId,
684 LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]685
686 // Watches
687 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0)) {
688 // Home application on watches
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]689
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]690 String wearPackage = getDefaultSystemHandlerActivityPackageForCategory(
691 Intent.CATEGORY_HOME_MAIN, userId);
692 grantPermissionsToSystemPackage(wearPackage, userId,
693 CONTACTS_PERMISSIONS, MICROPHONE_PERMISSIONS, LOCATION_PERMISSIONS);
694 grantSystemFixedPermissionsToSystemPackage(wearPackage, userId, PHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]695
696 // Fitness tracking on watches
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]697 grantPermissionsToSystemPackage(
698 getDefaultSystemHandlerActivityPackage(ACTION_TRACK, userId), userId,
699 SENSORS_PERMISSIONS, LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]700 }
701
702 // Print Spooler
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]703 grantSystemFixedPermissionsToSystemPackage(PrintManager.PRINT_SPOOLER_PACKAGE_NAME, userId,
704 LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]705
706 // EmergencyInfo
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]707 grantSystemFixedPermissionsToSystemPackage(
708 getDefaultSystemHandlerActivityPackage(
709 TelephonyManager.ACTION_EMERGENCY_ASSISTANCE, userId),
710 userId, CONTACTS_PERMISSIONS, PHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]711
712 // NFC Tag viewer
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]713 Intent nfcTagIntent = new Intent(Intent.ACTION_VIEW)
714 .setType("vnd.android.cursor.item/ndef_msg");
715 grantPermissionsToSystemPackage(
716 getDefaultSystemHandlerActivityPackage(nfcTagIntent, userId), userId,
717 CONTACTS_PERMISSIONS, PHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]718
719 // Storage Manager
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]720 grantSystemFixedPermissionsToSystemPackage(
721 getDefaultSystemHandlerActivityPackage(
722 StorageManager.ACTION_MANAGE_STORAGE, userId),
723 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]724
725 // Companion devices
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]726 grantSystemFixedPermissionsToSystemPackage(
727 CompanionDeviceManager.COMPANION_DEVICE_DISCOVERY_PACKAGE_NAME, userId,
Calvin On5eda9dd2018-12-12 15:43:28 -0800[diff] [blame]728 ALWAYS_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]729
730 // Ringtone Picker
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]731 grantSystemFixedPermissionsToSystemPackage(
732 getDefaultSystemHandlerActivityPackage(
733 RingtoneManager.ACTION_RINGTONE_PICKER, userId),
Jeff Sharkey55a17dc2019-02-13 15:30:17 -0700[diff] [blame]734 userId, STORAGE_PERMISSIONS, MEDIA_AURAL_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]735
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]736 // TextClassifier Service
Ye Wen8e8b2d52018-03-14 11:48:24 -0700[diff] [blame]737 String textClassifierPackageName =
738 mContext.getPackageManager().getSystemTextClassifierPackageName();
739 if (!TextUtils.isEmpty(textClassifierPackageName)) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]740 grantPermissionsToSystemPackage(textClassifierPackageName, userId,
741 PHONE_PERMISSIONS, SMS_PERMISSIONS, CALENDAR_PERMISSIONS,
742 LOCATION_PERMISSIONS, CONTACTS_PERMISSIONS);
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]743 }
744
Anton Philippov4b3a1f52018-05-04 14:46:44 +0100[diff] [blame]745 // There is no real "marker" interface to identify the shared storage backup, it is
746 // hardcoded in BackupManagerService.SHARED_BACKUP_AGENT_PACKAGE.
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]747 grantSystemFixedPermissionsToSystemPackage("com.android.sharedstoragebackup", userId,
748 STORAGE_PERMISSIONS);
Anton Philippov4b3a1f52018-05-04 14:46:44 +0100[diff] [blame]749
Nadav Bar6d79ab72019-01-10 10:52:11 +0200[diff] [blame]750 // Content Capture Service
751 String contentCaptureServicePackageName =
752 mContext.getPackageManager().getContentCaptureServicePackageName();
753 if (!TextUtils.isEmpty(contentCaptureServicePackageName)) {
754 grantPermissionsToSystemPackage(contentCaptureServicePackageName, userId,
755 MICROPHONE_PERMISSIONS);
756 }
757
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]758 if (mPermissionGrantedCallback != null) {
759 mPermissionGrantedCallback.onDefaultRuntimePermissionsGranted(userId);
760 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]761 }
762
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]763 private String getDefaultSystemHandlerActivityPackageForCategory(String category, int userId) {
764 return getDefaultSystemHandlerActivityPackage(
765 new Intent(Intent.ACTION_MAIN).addCategory(category), userId);
766 }
767
768 @SafeVarargs
769 private final void grantPermissionToEachSystemPackage(
770 ArrayList<String> packages, int userId, Set<String>... permissions) {
771 if (packages == null) return;
772 final int count = packages.size();
773 for (int i = 0; i < count; i++) {
774 grantPermissionsToSystemPackage(packages.get(i), userId, permissions);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]775 }
Eugene Susla47e88202018-07-02 18:48:55 -0700[diff] [blame]776 }
777
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]778 private String getKnownPackage(int knownPkgId, int userId) {
779 return mServiceInternal.getKnownPackageName(knownPkgId, userId);
780 }
781
782 private void grantDefaultPermissionsToDefaultSystemDialerApp(
783 String dialerPackage, int userId) {
784 if (dialerPackage == null) {
785 return;
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]786 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]787 boolean isPhonePermFixed =
788 mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0);
789 if (isPhonePermFixed) {
790 grantSystemFixedPermissionsToSystemPackage(dialerPackage, userId, PHONE_PERMISSIONS);
791 } else {
792 grantPermissionsToSystemPackage(dialerPackage, userId, PHONE_PERMISSIONS);
793 }
794 grantPermissionsToSystemPackage(dialerPackage, userId,
795 CONTACTS_PERMISSIONS, SMS_PERMISSIONS, MICROPHONE_PERMISSIONS, CAMERA_PERMISSIONS);
796 }
797
798 private void grantDefaultPermissionsToDefaultSystemSmsApp(String smsPackage, int userId) {
799 grantPermissionsToSystemPackage(smsPackage, userId,
800 PHONE_PERMISSIONS, CONTACTS_PERMISSIONS, SMS_PERMISSIONS,
801 STORAGE_PERMISSIONS, MICROPHONE_PERMISSIONS, CAMERA_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]802 }
803
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]804 private void grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]805 String useOpenWifiPackage, int userId) {
806 grantPermissionsToSystemPackage(
807 useOpenWifiPackage, userId, COARSE_LOCATION_PERMISSIONS);
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]808 }
809
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]810 public void grantDefaultPermissionsToDefaultSmsApp(String packageName, int userId) {
811 Log.i(TAG, "Granting permissions to default sms app for user:" + userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]812 grantIgnoringSystemPackage(packageName, userId,
813 PHONE_PERMISSIONS, CONTACTS_PERMISSIONS, SMS_PERMISSIONS, STORAGE_PERMISSIONS,
814 MICROPHONE_PERMISSIONS, CAMERA_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]815 }
816
817 public void grantDefaultPermissionsToDefaultDialerApp(String packageName, int userId) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]818 mServiceInternal.onDefaultDialerAppChanged(packageName, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]819 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]820 grantIgnoringSystemPackage(packageName, userId,
821 PHONE_PERMISSIONS, CONTACTS_PERMISSIONS, SMS_PERMISSIONS,
822 MICROPHONE_PERMISSIONS, CAMERA_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]823 }
824
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]825 public void grantDefaultPermissionsToDefaultUseOpenWifiApp(String packageName, int userId) {
826 Log.i(TAG, "Granting permissions to default Use Open WiFi app for user:" + userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]827 grantIgnoringSystemPackage(packageName, userId, COARSE_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]828 }
829
830 public void grantDefaultPermissionsToDefaultSimCallManager(String packageName, int userId) {
831 if (packageName == null) {
832 return;
833 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]834 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId);
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]835 grantPermissionsToPackage(packageName, userId, false /* ignoreSystemPackage */,
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]836 PHONE_PERMISSIONS, MICROPHONE_PERMISSIONS);
837 }
838
839 private void grantDefaultPermissionsToDefaultSystemSimCallManager(
840 String packageName, int userId) {
841 if (isSystemPackage(packageName)) {
842 grantDefaultPermissionsToDefaultSimCallManager(packageName, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]843 }
844 }
845
846 public void grantDefaultPermissionsToEnabledCarrierApps(String[] packageNames, int userId) {
847 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId);
848 if (packageNames == null) {
849 return;
850 }
851 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]852 grantPermissionsToSystemPackage(packageName, userId,
Ginelle Gan Gaisano80646b62019-02-21 14:27:32 -0800[diff] [blame]853 PHONE_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS, SMS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]854 }
855 }
856
857 public void grantDefaultPermissionsToEnabledImsServices(String[] packageNames, int userId) {
858 Log.i(TAG, "Granting permissions to enabled ImsServices for user:" + userId);
859 if (packageNames == null) {
860 return;
861 }
862 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]863 grantPermissionsToSystemPackage(packageName, userId,
864 PHONE_PERMISSIONS, MICROPHONE_PERMISSIONS, LOCATION_PERMISSIONS,
865 CAMERA_PERMISSIONS, CONTACTS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]866 }
867 }
868
Nathan Harold76ad1a32018-02-20 14:31:09 -0800[diff] [blame]869 public void grantDefaultPermissionsToEnabledTelephonyDataServices(
870 String[] packageNames, int userId) {
871 Log.i(TAG, "Granting permissions to enabled data services for user:" + userId);
872 if (packageNames == null) {
873 return;
874 }
875 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]876 // Grant these permissions as system-fixed, so that nobody can accidentally
877 // break cellular data.
878 grantSystemFixedPermissionsToSystemPackage(packageName, userId,
879 PHONE_PERMISSIONS, LOCATION_PERMISSIONS);
Nathan Harold76ad1a32018-02-20 14:31:09 -0800[diff] [blame]880 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]881
Nathan Harold76ad1a32018-02-20 14:31:09 -0800[diff] [blame]882 }
883
884 public void revokeDefaultPermissionsFromDisabledTelephonyDataServices(
885 String[] packageNames, int userId) {
886 Log.i(TAG, "Revoking permissions from disabled data services for user:" + userId);
887 if (packageNames == null) {
888 return;
889 }
890 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]891 PackageInfo pkg = getSystemPackageInfo(packageName);
892 if (isSystemPackage(pkg) && doesPackageSupportRuntimePermissions(pkg)) {
893 revokeRuntimePermissions(packageName, PHONE_PERMISSIONS, true, userId);
894 revokeRuntimePermissions(packageName, LOCATION_PERMISSIONS, true, userId);
Nathan Harold76ad1a32018-02-20 14:31:09 -0800[diff] [blame]895 }
896 }
897 }
898
Holly Jiuyu Sun349e2142018-03-26 15:29:42 -0700[diff] [blame]899 public void grantDefaultPermissionsToActiveLuiApp(String packageName, int userId) {
900 Log.i(TAG, "Granting permissions to active LUI app for user:" + userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]901 grantSystemFixedPermissionsToSystemPackage(packageName, userId, CAMERA_PERMISSIONS);
Holly Jiuyu Sun349e2142018-03-26 15:29:42 -0700[diff] [blame]902 }
903
904 public void revokeDefaultPermissionsFromLuiApps(String[] packageNames, int userId) {
905 Log.i(TAG, "Revoke permissions from LUI apps for user:" + userId);
906 if (packageNames == null) {
907 return;
908 }
909 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]910 PackageInfo pkg = getSystemPackageInfo(packageName);
911 if (isSystemPackage(pkg) && doesPackageSupportRuntimePermissions(pkg)) {
912 revokeRuntimePermissions(packageName, CAMERA_PERMISSIONS, true, userId);
Holly Jiuyu Sun349e2142018-03-26 15:29:42 -0700[diff] [blame]913 }
914 }
915 }
916
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]917 public void grantDefaultPermissionsToDefaultBrowser(String packageName, int userId) {
918 Log.i(TAG, "Granting permissions to default browser for user:" + userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]919 grantPermissionsToSystemPackage(packageName, userId, LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]920 }
921
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]922 private String getDefaultSystemHandlerActivityPackage(String intentAction, int userId) {
923 return getDefaultSystemHandlerActivityPackage(new Intent(intentAction), userId);
924 }
925
926 private String getDefaultSystemHandlerActivityPackage(Intent intent, int userId) {
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]927 ResolveInfo handler = mContext.getPackageManager().resolveActivityAsUser(
928 intent, DEFAULT_INTENT_QUERY_FLAGS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]929 if (handler == null || handler.activityInfo == null) {
930 return null;
931 }
932 if (mServiceInternal.isResolveActivityComponent(handler.activityInfo)) {
933 return null;
934 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]935 String packageName = handler.activityInfo.packageName;
936 return isSystemPackage(packageName) ? packageName : null;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]937 }
938
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]939 private String getDefaultSystemHandlerServicePackage(String intentAction, int userId) {
940 return getDefaultSystemHandlerServicePackage(new Intent(intentAction), userId);
941 }
942
943 private String getDefaultSystemHandlerServicePackage(
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]944 Intent intent, int userId) {
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]945 List<ResolveInfo> handlers = mContext.getPackageManager().queryIntentServicesAsUser(
946 intent, DEFAULT_INTENT_QUERY_FLAGS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]947 if (handlers == null) {
948 return null;
949 }
950 final int handlerCount = handlers.size();
951 for (int i = 0; i < handlerCount; i++) {
952 ResolveInfo handler = handlers.get(i);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]953 String handlerPackage = handler.serviceInfo.packageName;
954 if (isSystemPackage(handlerPackage)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]955 return handlerPackage;
956 }
957 }
958 return null;
959 }
960
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]961 private ArrayList<String> getHeadlessSyncAdapterPackages(
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]962 String[] syncAdapterPackageNames, int userId) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]963 ArrayList<String> syncAdapterPackages = new ArrayList<>();
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]964
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]965 Intent homeIntent = new Intent(Intent.ACTION_MAIN).addCategory(Intent.CATEGORY_LAUNCHER);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]966
967 for (String syncAdapterPackageName : syncAdapterPackageNames) {
968 homeIntent.setPackage(syncAdapterPackageName);
969
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]970 ResolveInfo homeActivity = mContext.getPackageManager().resolveActivityAsUser(
971 homeIntent, DEFAULT_INTENT_QUERY_FLAGS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]972 if (homeActivity != null) {
973 continue;
974 }
975
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]976 if (isSystemPackage(syncAdapterPackageName)) {
977 syncAdapterPackages.add(syncAdapterPackageName);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]978 }
979 }
980
981 return syncAdapterPackages;
982 }
983
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]984 private String getDefaultProviderAuthorityPackage(String authority, int userId) {
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]985 ProviderInfo provider = mContext.getPackageManager().resolveContentProviderAsUser(
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]986 authority, DEFAULT_INTENT_QUERY_FLAGS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]987 if (provider != null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]988 return provider.packageName;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]989 }
990 return null;
991 }
992
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]993 private boolean isSystemPackage(String packageName) {
Philip P. Moltmannc701e7e2018-09-18 16:22:54 -0700[diff] [blame]994 return isSystemPackage(getPackageInfo(packageName));
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]995 }
996
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]997 private boolean isSystemPackage(PackageInfo pkg) {
998 if (pkg == null) {
999 return false;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1000 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1001 return pkg.applicationInfo.isSystemApp()
1002 && !isSysComponentOrPersistentPlatformSignedPrivApp(pkg);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1003 }
1004
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1005 private void grantRuntimePermissions(PackageInfo pkg, Set<String> permissions,
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1006 boolean systemFixed, int userId) {
1007 grantRuntimePermissions(pkg, permissions, systemFixed, false, userId);
1008 }
1009
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1010 private void revokeRuntimePermissions(String packageName, Set<String> permissions,
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1011 boolean systemFixed, int userId) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1012 PackageInfo pkg = getSystemPackageInfo(packageName);
1013 if (ArrayUtils.isEmpty(pkg.requestedPermissions)) {
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1014 return;
1015 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1016 Set<String> revokablePermissions = new ArraySet<>(Arrays.asList(pkg.requestedPermissions));
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1017
1018 for (String permission : permissions) {
1019 // We can't revoke what wasn't requested.
1020 if (!revokablePermissions.contains(permission)) {
1021 continue;
1022 }
1023
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]1024 UserHandle user = UserHandle.of(userId);
1025 final int flags = mContext.getPackageManager()
1026 .getPermissionFlags(permission, packageName, user);
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1027
1028 // We didn't get this through the default grant policy. Move along.
1029 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) == 0) {
1030 continue;
1031 }
1032 // We aren't going to clobber device policy with a DefaultGrant.
1033 if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) {
1034 continue;
1035 }
1036 // Do not revoke system fixed permissions unless caller set them that way;
1037 // there is no refcount for the number of sources of this, so there
1038 // should be at most one grantor doing SYSTEM_FIXED for any given package.
1039 if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 && !systemFixed) {
1040 continue;
1041 }
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]1042 mContext.getPackageManager().revokeRuntimePermission(packageName, permission, user);
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1043
1044 if (DEBUG) {
1045 Log.i(TAG, "revoked " + (systemFixed ? "fixed " : "not fixed ")
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1046 + permission + " to " + packageName);
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1047 }
1048
1049 // Remove the GRANTED_BY_DEFAULT flag without touching the others.
1050 // Note that we do not revoke FLAG_PERMISSION_SYSTEM_FIXED. That bit remains
1051 // sticky once set.
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]1052 mContext.getPackageManager().updatePermissionFlags(permission, packageName,
1053 PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT, 0, user);
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1054 }
1055 }
1056
Philip P. Moltmann17f65af2018-10-18 15:32:29 -0700[diff] [blame]1057 /**
1058 * Check if a permission is already fixed or is set by the user.
1059 *
1060 * <p>A permission should not be set by the default policy if the user or other policies already
1061 * set the permission.
1062 *
1063 * @param flags The flags of the permission
1064 *
1065 * @return {@code true} iff the permission can be set without violating a policy of the users
1066 * intention
1067 */
1068 private boolean isFixedOrUserSet(int flags) {
1069 return (flags & (PackageManager.FLAG_PERMISSION_USER_SET
1070 | PackageManager.FLAG_PERMISSION_USER_FIXED
1071 | PackageManager.FLAG_PERMISSION_POLICY_FIXED
1072 | PackageManager.FLAG_PERMISSION_SYSTEM_FIXED)) != 0;
1073 }
1074
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1075 /**
1076 * Return the background permission for a permission.
1077 *
1078 * @param permission The name of the foreground permission
1079 *
1080 * @return The name of the background permission or {@code null} if the permission has no
1081 * background permission
1082 */
1083 private @Nullable String getBackgroundPermission(@NonNull String permission) {
1084 try {
1085 return mContext.getPackageManager().getPermissionInfo(permission,
1086 0).backgroundPermission;
1087 } catch (NameNotFoundException e) {
1088 return null;
1089 }
1090 }
1091
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1092 private void grantRuntimePermissions(PackageInfo pkg,
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1093 Set<String> permissionsWithoutSplits, boolean systemFixed, boolean ignoreSystemPackage,
1094 int userId) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1095 if (pkg == null) {
1096 return;
1097 }
1098
1099 String[] requestedPermissions = pkg.requestedPermissions;
1100 if (ArrayUtils.isEmpty(requestedPermissions)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1101 return;
1102 }
1103
Eugene Susla31c9cd12018-12-03 15:41:31 -0800[diff] [blame]1104 // Intersect the requestedPermissions for a factory image with that of its current update
1105 // in case the latter one removed a <uses-permission>
1106 String[] requestedByNonSystemPackage = getPackageInfo(pkg.packageName).requestedPermissions;
1107 int size = requestedPermissions.length;
1108 for (int i = 0; i < size; i++) {
1109 if (!ArrayUtils.contains(requestedByNonSystemPackage, requestedPermissions[i])) {
1110 requestedPermissions[i] = null;
1111 }
1112 }
1113 requestedPermissions = ArrayUtils.filterNotNull(requestedPermissions, String[]::new);
1114
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1115 PackageManager pm = mContext.getPackageManager();
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1116 final ArraySet<String> permissions = new ArraySet<>(permissionsWithoutSplits);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1117 ApplicationInfo applicationInfo = pkg.applicationInfo;
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1118
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1119 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT;
1120 if (systemFixed) {
1121 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
1122 }
1123
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1124 // Automatically attempt to grant split permissions to older APKs
Philip P. Moltmann039678e2018-09-18 13:04:38 -0700[diff] [blame]1125 final List<PermissionManager.SplitPermissionInfo> splitPermissions =
1126 mContext.getSystemService(PermissionManager.class).getSplitPermissions();
1127 final int numSplitPerms = splitPermissions.size();
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1128 for (int splitPermNum = 0; splitPermNum < numSplitPerms; splitPermNum++) {
Philip P. Moltmann039678e2018-09-18 13:04:38 -0700[diff] [blame]1129 final PermissionManager.SplitPermissionInfo splitPerm =
1130 splitPermissions.get(splitPermNum);
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1131
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1132 if (applicationInfo != null
Philip P. Moltmann039678e2018-09-18 13:04:38 -0700[diff] [blame]1133 && applicationInfo.targetSdkVersion < splitPerm.getTargetSdk()
Philip P. Moltmanna3ba4d92018-10-08 11:50:07 -0700[diff] [blame]1134 && permissionsWithoutSplits.contains(splitPerm.getSplitPermission())) {
1135 permissions.addAll(splitPerm.getNewPermissions());
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1136 }
1137 }
1138
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1139 Set<String> grantablePermissions = null;
1140
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1141 // In some cases, like for the Phone or SMS app, we grant permissions regardless
1142 // of if the version on the system image declares the permission as used since
1143 // selecting the app as the default for that function the user makes a deliberate
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1144 // choice to grant this app the permissions needed to function. For all other
1145 // apps, (default grants on first boot and user creation) we don't grant default
1146 // permissions if the version on the system image does not declare them.
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1147 if (!ignoreSystemPackage
1148 && applicationInfo != null
1149 && applicationInfo.isUpdatedSystemApp()) {
1150 final PackageInfo disabledPkg = getSystemPackageInfo(
1151 mServiceInternal.getDisabledSystemPackageName(pkg.packageName));
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1152 if (disabledPkg != null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1153 if (ArrayUtils.isEmpty(disabledPkg.requestedPermissions)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1154 return;
1155 }
1156 if (!requestedPermissions.equals(disabledPkg.requestedPermissions)) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1157 grantablePermissions = new ArraySet<>(Arrays.asList(requestedPermissions));
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1158 requestedPermissions = disabledPkg.requestedPermissions;
1159 }
1160 }
1161 }
1162
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1163 final int numRequestedPermissions = requestedPermissions.length;
1164
1165 // Sort requested permissions so that all permissions that are a foreground permission (i.e.
1166 // permisions that have background permission) are before their background permissions.
1167 final String[] sortedRequestedPermissions = new String[numRequestedPermissions];
1168 int numForeground = 0;
1169 int numOther = 0;
1170 for (int i = 0; i < numRequestedPermissions; i++) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1171 String permission = requestedPermissions[i];
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1172 if (getBackgroundPermission(permission) != null) {
1173 sortedRequestedPermissions[numForeground] = permission;
1174 numForeground++;
1175 } else {
1176 sortedRequestedPermissions[numRequestedPermissions - 1 - numOther] =
1177 permission;
1178 numOther++;
1179 }
1180 }
1181
1182 for (int requestedPermissionNum = 0; requestedPermissionNum < numRequestedPermissions;
1183 requestedPermissionNum++) {
1184 String permission = requestedPermissions[requestedPermissionNum];
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1185
1186 // If there is a disabled system app it may request a permission the updated
1187 // version ot the data partition doesn't, In this case skip the permission.
1188 if (grantablePermissions != null && !grantablePermissions.contains(permission)) {
1189 continue;
1190 }
1191
1192 if (permissions.contains(permission)) {
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]1193 UserHandle user = UserHandle.of(userId);
1194 final int flags = mContext.getPackageManager().getPermissionFlags(
1195 permission, pkg.packageName, user);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1196
Philip P. Moltmann17f65af2018-10-18 15:32:29 -0700[diff] [blame]1197 // Certain flags imply that the permission's current state by the system or
1198 // device/profile owner or the user. In these cases we do not want to clobber the
1199 // current state.
1200 //
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1201 // Unless the caller wants to override user choices. The override is
1202 // to make sure we can grant the needed permission to the default
1203 // sms and phone apps after the user chooses this in the UI.
Philip P. Moltmann17f65af2018-10-18 15:32:29 -0700[diff] [blame]1204 if (!isFixedOrUserSet(flags) || ignoreSystemPackage) {
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1205 // Never clobber policy fixed permissions.
1206 // We must allow the grant of a system-fixed permission because
1207 // system-fixed is sticky, but the permission itself may be revoked.
1208 if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1209 continue;
1210 }
1211
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1212 int uid = UserHandle.getUid(userId,
1213 UserHandle.getAppId(pkg.applicationInfo.uid));
1214 String op = AppOpsManager.permissionToOp(permission);
1215
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]1216 mContext.getPackageManager()
1217 .grantRuntimePermission(pkg.packageName, permission, user);
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1218
1219 mContext.getPackageManager().updatePermissionFlags(permission, pkg.packageName,
1220 newFlags, newFlags, user);
1221
1222 List<String> fgPerms = mPermissionManager.getBackgroundPermissions()
1223 .get(permission);
1224 if (fgPerms != null) {
1225 int numFgPerms = fgPerms.size();
1226 for (int fgPermNum = 0; fgPermNum < numFgPerms; fgPermNum++) {
1227 String fgPerm = fgPerms.get(fgPermNum);
1228
1229 if (pm.checkPermission(fgPerm, pkg.packageName)
1230 == PackageManager.PERMISSION_GRANTED) {
1231 // Upgrade the app-op state of the fg permission to allow bg access
Philip P. Moltmann159d98b2018-12-20 08:30:53 -0800[diff] [blame]1232 mContext.getSystemService(AppOpsManager.class).setUidMode(
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1233 AppOpsManager.permissionToOp(fgPerm), uid,
Philip P. Moltmann159d98b2018-12-20 08:30:53 -0800[diff] [blame]1234 AppOpsManager.MODE_ALLOWED);
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1235
1236 break;
1237 }
1238 }
1239 }
1240
1241 String bgPerm = getBackgroundPermission(permission);
1242 if (bgPerm == null) {
1243 if (op != null) {
Philip P. Moltmann159d98b2018-12-20 08:30:53 -0800[diff] [blame]1244 mContext.getSystemService(AppOpsManager.class).setUidMode(op, uid,
1245 AppOpsManager.MODE_ALLOWED);
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1246 }
1247 } else {
1248 int mode;
1249 if (pm.checkPermission(bgPerm, pkg.packageName)
1250 == PackageManager.PERMISSION_GRANTED) {
1251 mode = AppOpsManager.MODE_ALLOWED;
1252 } else {
1253 mode = AppOpsManager.MODE_FOREGROUND;
1254 }
1255
Philip P. Moltmann159d98b2018-12-20 08:30:53 -0800[diff] [blame]1256 mContext.getSystemService(AppOpsManager.class).setUidMode(op, uid, mode);
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1257 }
1258
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1259 if (DEBUG) {
1260 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ")
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1261 + permission + " to default handler " + pkg);
Eugene Suslae4ee2c22018-11-05 12:23:30 -0800[diff] [blame]1262
1263 int appOp = AppOpsManager.permissionToOpCode(permission);
1264 if (appOp != AppOpsManager.OP_NONE
1265 && AppOpsManager.opToDefaultMode(appOp)
1266 != AppOpsManager.MODE_ALLOWED) {
1267 // Permission has a corresponding appop which is not allowed by default
1268 // We must allow it as well, as it's usually checked alongside the
1269 // permission
1270 if (DEBUG) {
1271 Log.i(TAG, "Granting OP_" + AppOpsManager.opToName(appOp)
1272 + " to " + pkg.packageName);
1273 }
1274 mContext.getSystemService(AppOpsManager.class).setUidMode(
1275 appOp, pkg.applicationInfo.uid, AppOpsManager.MODE_ALLOWED);
1276 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1277 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1278 }
1279
1280 // If a component gets a permission for being the default handler A
1281 // and also default handler B, we grant the weaker grant form.
1282 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
1283 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0
1284 && !systemFixed) {
1285 if (DEBUG) {
1286 Log.i(TAG, "Granted not fixed " + permission + " to default handler "
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1287 + pkg);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1288 }
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]1289 mContext.getPackageManager().updatePermissionFlags(permission, pkg.packageName,
1290 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, user);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1291 }
1292 }
1293 }
1294 }
1295
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1296 private PackageInfo getSystemPackageInfo(String pkg) {
1297 //TODO not MATCH_SYSTEM_ONLY?
1298 return getPackageInfo(pkg, PackageManager.MATCH_FACTORY_ONLY);
1299 }
1300
1301 private PackageInfo getPackageInfo(String pkg) {
1302 return getPackageInfo(pkg, 0 /* extraFlags */);
1303 }
1304
1305 private PackageInfo getPackageInfo(String pkg,
1306 @PackageManager.PackageInfoFlags int extraFlags) {
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]1307 try {
1308 return mContext.getPackageManager().getPackageInfo(pkg,
1309 DEFAULT_PACKAGE_INFO_QUERY_FLAGS | extraFlags);
1310 } catch (NameNotFoundException e) {
Eugene Susla12523ab2019-01-22 17:46:54 -0800[diff] [blame]1311 Slog.e(TAG, "PackageNot found: " + pkg, e);
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]1312 return null;
1313 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1314 }
1315
1316 private boolean isSysComponentOrPersistentPlatformSignedPrivApp(PackageInfo pkg) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1317 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) {
1318 return true;
1319 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1320 if (!pkg.applicationInfo.isPrivilegedApp()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1321 return false;
1322 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1323 final PackageInfo disabledPkg = getSystemPackageInfo(
1324 mServiceInternal.getDisabledSystemPackageName(pkg.applicationInfo.packageName));
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1325 if (disabledPkg != null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1326 ApplicationInfo disabledPackageAppInfo = disabledPkg.applicationInfo;
1327 if (disabledPackageAppInfo != null
1328 && (disabledPackageAppInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1329 return false;
1330 }
1331 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
1332 return false;
1333 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1334 return mServiceInternal.isPlatformSigned(pkg.packageName);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1335 }
1336
1337 private void grantDefaultPermissionExceptions(int userId) {
1338 mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
1339
1340 synchronized (mLock) {
1341 // mGrantExceptions is null only before the first read and then
1342 // it serves as a cache of the default grants that should be
1343 // performed for every user. If there is an entry then the app
1344 // is on the system image and supports runtime permissions.
1345 if (mGrantExceptions == null) {
1346 mGrantExceptions = readDefaultPermissionExceptionsLocked();
1347 }
1348 }
1349
1350 Set<String> permissions = null;
1351 final int exceptionCount = mGrantExceptions.size();
1352 for (int i = 0; i < exceptionCount; i++) {
1353 String packageName = mGrantExceptions.keyAt(i);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1354 PackageInfo pkg = getSystemPackageInfo(packageName);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1355 List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i);
1356 final int permissionGrantCount = permissionGrants.size();
1357 for (int j = 0; j < permissionGrantCount; j++) {
1358 DefaultPermissionGrant permissionGrant = permissionGrants.get(j);
Jeff Sharkey7a807602018-10-18 13:21:55 -0600[diff] [blame]1359 if (!isPermissionDangerous(permissionGrant.name)) {
1360 Log.w(TAG, "Ignoring permission " + permissionGrant.name
1361 + " which isn't dangerous");
1362 continue;
1363 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1364 if (permissions == null) {
1365 permissions = new ArraySet<>();
1366 } else {
1367 permissions.clear();
1368 }
Jeff Sharkey9d4654c2018-10-25 09:52:57 -0600[diff] [blame]1369 permissions.add(permissionGrant.name);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1370 grantRuntimePermissions(pkg, permissions, permissionGrant.fixed, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1371 }
1372 }
1373 }
1374
1375 private File[] getDefaultPermissionFiles() {
1376 ArrayList<File> ret = new ArrayList<File>();
1377 File dir = new File(Environment.getRootDirectory(), "etc/default-permissions");
1378 if (dir.isDirectory() && dir.canRead()) {
1379 Collections.addAll(ret, dir.listFiles());
1380 }
1381 dir = new File(Environment.getVendorDirectory(), "etc/default-permissions");
1382 if (dir.isDirectory() && dir.canRead()) {
1383 Collections.addAll(ret, dir.listFiles());
1384 }
Jiyong Park0989e382018-03-13 10:26:47 +0900[diff] [blame]1385 dir = new File(Environment.getOdmDirectory(), "etc/default-permissions");
1386 if (dir.isDirectory() && dir.canRead()) {
1387 Collections.addAll(ret, dir.listFiles());
1388 }
Jaekyun Seok1713d9e2018-01-12 21:47:26 +0900[diff] [blame]1389 dir = new File(Environment.getProductDirectory(), "etc/default-permissions");
1390 if (dir.isDirectory() && dir.canRead()) {
1391 Collections.addAll(ret, dir.listFiles());
1392 }
Dario Freni1ae46d72018-08-17 15:56:43 +0100[diff] [blame]1393 dir = new File(Environment.getProductServicesDirectory(),
1394 "etc/default-permissions");
1395 if (dir.isDirectory() && dir.canRead()) {
1396 Collections.addAll(ret, dir.listFiles());
1397 }
Ralph Nathanbd111582018-03-21 14:53:23 -0700[diff] [blame]1398 // For IoT devices, we check the oem partition for default permissions for each app.
1399 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) {
1400 dir = new File(Environment.getOemDirectory(), "etc/default-permissions");
1401 if (dir.isDirectory() && dir.canRead()) {
1402 Collections.addAll(ret, dir.listFiles());
1403 }
1404 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1405 return ret.isEmpty() ? null : ret.toArray(new File[0]);
1406 }
1407
1408 private @NonNull ArrayMap<String, List<DefaultPermissionGrant>>
1409 readDefaultPermissionExceptionsLocked() {
1410 File[] files = getDefaultPermissionFiles();
1411 if (files == null) {
1412 return new ArrayMap<>(0);
1413 }
1414
1415 ArrayMap<String, List<DefaultPermissionGrant>> grantExceptions = new ArrayMap<>();
1416
1417 // Iterate over the files in the directory and scan .xml files
1418 for (File file : files) {
1419 if (!file.getPath().endsWith(".xml")) {
1420 Slog.i(TAG, "Non-xml file " + file
1421 + " in " + file.getParent() + " directory, ignoring");
1422 continue;
1423 }
1424 if (!file.canRead()) {
1425 Slog.w(TAG, "Default permissions file " + file + " cannot be read");
1426 continue;
1427 }
1428 try (
1429 InputStream str = new BufferedInputStream(new FileInputStream(file))
1430 ) {
1431 XmlPullParser parser = Xml.newPullParser();
1432 parser.setInput(str, null);
1433 parse(parser, grantExceptions);
1434 } catch (XmlPullParserException | IOException e) {
1435 Slog.w(TAG, "Error reading default permissions file " + file, e);
1436 }
1437 }
1438
1439 return grantExceptions;
1440 }
1441
1442 private void parse(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1443 outGrantExceptions) throws IOException, XmlPullParserException {
1444 final int outerDepth = parser.getDepth();
1445 int type;
1446 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1447 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1448 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1449 continue;
1450 }
1451 if (TAG_EXCEPTIONS.equals(parser.getName())) {
1452 parseExceptions(parser, outGrantExceptions);
1453 } else {
1454 Log.e(TAG, "Unknown tag " + parser.getName());
1455 }
1456 }
1457 }
1458
1459 private void parseExceptions(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1460 outGrantExceptions) throws IOException, XmlPullParserException {
1461 final int outerDepth = parser.getDepth();
1462 int type;
1463 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1464 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1465 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1466 continue;
1467 }
1468 if (TAG_EXCEPTION.equals(parser.getName())) {
1469 String packageName = parser.getAttributeValue(null, ATTR_PACKAGE);
1470
1471 List<DefaultPermissionGrant> packageExceptions =
1472 outGrantExceptions.get(packageName);
1473 if (packageExceptions == null) {
1474 // The package must be on the system image
Hai Zhangb157ef82018-10-04 14:53:04 -0700[diff] [blame]1475 PackageInfo packageInfo = getSystemPackageInfo(packageName);
1476 if (!isSystemPackage(packageInfo)) {
1477 Log.w(TAG, "Unknown system package:" + packageName);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1478 XmlUtils.skipCurrentTag(parser);
1479 continue;
1480 }
1481
1482 // The package must support runtime permissions
Hai Zhangb157ef82018-10-04 14:53:04 -0700[diff] [blame]1483 if (!doesPackageSupportRuntimePermissions(packageInfo)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1484 Log.w(TAG, "Skipping non supporting runtime permissions package:"
1485 + packageName);
1486 XmlUtils.skipCurrentTag(parser);
1487 continue;
1488 }
1489 packageExceptions = new ArrayList<>();
1490 outGrantExceptions.put(packageName, packageExceptions);
1491 }
1492
1493 parsePermission(parser, packageExceptions);
1494 } else {
1495 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exceptions>");
1496 }
1497 }
1498 }
1499
1500 private void parsePermission(XmlPullParser parser, List<DefaultPermissionGrant>
1501 outPackageExceptions) throws IOException, XmlPullParserException {
1502 final int outerDepth = parser.getDepth();
1503 int type;
1504 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1505 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1506 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1507 continue;
1508 }
1509
1510 if (TAG_PERMISSION.contains(parser.getName())) {
1511 String name = parser.getAttributeValue(null, ATTR_NAME);
1512 if (name == null) {
1513 Log.w(TAG, "Mandatory name attribute missing for permission tag");
1514 XmlUtils.skipCurrentTag(parser);
1515 continue;
1516 }
1517
1518 final boolean fixed = XmlUtils.readBooleanAttribute(parser, ATTR_FIXED);
1519
1520 DefaultPermissionGrant exception = new DefaultPermissionGrant(name, fixed);
1521 outPackageExceptions.add(exception);
1522 } else {
1523 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exception>");
1524 }
1525 }
1526 }
1527
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1528 private static boolean doesPackageSupportRuntimePermissions(PackageInfo pkg) {
1529 return pkg.applicationInfo != null
1530 && pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1531 }
1532
Jeff Sharkey7a807602018-10-18 13:21:55 -0600[diff] [blame]1533 private boolean isPermissionDangerous(String name) {
1534 try {
1535 final PermissionInfo pi = mContext.getPackageManager().getPermissionInfo(name, 0);
Jeff Sharkey9d4654c2018-10-25 09:52:57 -0600[diff] [blame]1536 return (pi.getProtection() == PermissionInfo.PROTECTION_DANGEROUS);
Jeff Sharkey7a807602018-10-18 13:21:55 -0600[diff] [blame]1537 } catch (NameNotFoundException e) {
1538 // When unknown assume it's dangerous to be on the safe side
1539 return true;
1540 }
1541 }
1542
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1543 private static final class DefaultPermissionGrant {
1544 final String name;
1545 final boolean fixed;
1546
1547 public DefaultPermissionGrant(String name, boolean fixed) {
1548 this.name = name;
1549 this.fixed = fixed;
1550 }
1551 }
1552}