Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 1713d9e97aada3dc695800c18b1025238a11629d / . / services / core / java / com / android / server / pm / permission / DefaultPermissionGrantPolicy.java
blob: e2123c25dd81590276d8d1faea5d651fac8e8738 [file] [log] [blame]
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.pm.permission;
18
Todd Kennedy7c4c55d2017-11-02 10:01:39 -0700[diff] [blame]19import static com.android.server.pm.PackageManagerServiceUtils.compareSignatures;
20
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]21import android.Manifest;
22import android.annotation.NonNull;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]23import android.annotation.Nullable;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]24import android.app.ActivityManager;
25import android.app.DownloadManager;
26import android.app.admin.DevicePolicyManager;
27import android.companion.CompanionDeviceManager;
28import android.content.Context;
29import android.content.Intent;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]30import android.content.pm.ApplicationInfo;
31import android.content.pm.IPackageManager;
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]32import android.content.pm.PackageList;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]33import android.content.pm.PackageManager;
34import android.content.pm.PackageManagerInternal;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]35import android.content.pm.PackageParser;
36import android.content.pm.ProviderInfo;
37import android.content.pm.ResolveInfo;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]38import android.content.pm.PackageManagerInternal.PackagesProvider;
39import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]40import android.media.RingtoneManager;
41import android.net.Uri;
42import android.os.Binder;
43import android.os.Build;
44import android.os.Environment;
45import android.os.Handler;
46import android.os.Looper;
47import android.os.Message;
48import android.os.UserHandle;
49import android.os.storage.StorageManager;
50import android.print.PrintManager;
51import android.provider.CalendarContract;
52import android.provider.ContactsContract;
53import android.provider.MediaStore;
54import android.provider.Telephony.Sms.Intents;
55import android.telephony.TelephonyManager;
56import android.security.Credentials;
57import android.util.ArrayMap;
58import android.util.ArraySet;
59import android.util.Log;
60import android.util.Slog;
61import android.util.Xml;
62import com.android.internal.util.XmlUtils;
63import com.android.server.LocalServices;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]64
65import org.xmlpull.v1.XmlPullParser;
66import org.xmlpull.v1.XmlPullParserException;
67
68import java.io.BufferedInputStream;
69import java.io.File;
70import java.io.FileInputStream;
71import java.io.IOException;
72import java.io.InputStream;
73import java.util.ArrayList;
74import java.util.Collection;
75import java.util.Collections;
76import java.util.List;
77import java.util.Map;
78import java.util.Set;
79
80import static android.os.Process.FIRST_APPLICATION_UID;
81
82/**
83 * This class is the policy for granting runtime permissions to
84 * platform components and default handlers in the system such
85 * that the device is usable out-of-the-box. For example, the
86 * shell UID is a part of the system and the Phone app should
87 * have phone related permission by default.
88 * <p>
89 * NOTE: This class is at the wrong abstraction level. It is a part of the package manager
90 * service but knows about lots of higher level subsystems. The correct way to do this is
91 * to have an interface defined in the package manager but have the impl next to other
92 * policy stuff like PhoneWindowManager
93 */
94public final class DefaultPermissionGrantPolicy {
95 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars
96 private static final boolean DEBUG = false;
97
98 private static final int DEFAULT_FLAGS =
99 PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE
100 | PackageManager.MATCH_UNINSTALLED_PACKAGES;
101
102 private static final String AUDIO_MIME_TYPE = "audio/mpeg";
103
104 private static final String TAG_EXCEPTIONS = "exceptions";
105 private static final String TAG_EXCEPTION = "exception";
106 private static final String TAG_PERMISSION = "permission";
107 private static final String ATTR_PACKAGE = "package";
108 private static final String ATTR_NAME = "name";
109 private static final String ATTR_FIXED = "fixed";
110
111 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>();
112 static {
113 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE);
114 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE);
115 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG);
116 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG);
117 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL);
118 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP);
119 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS);
120 }
121
122 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>();
123 static {
124 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS);
125 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS);
126 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS);
127 }
128
129 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>();
130 static {
131 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION);
132 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);
133 }
134
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]135 private static final Set<String> COARSE_LOCATION_PERMISSIONS = new ArraySet<>();
136 static {
137 COARSE_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);
138 }
139
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]140 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>();
141 static {
142 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR);
143 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR);
144 }
145
146 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>();
147 static {
148 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS);
149 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS);
150 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS);
151 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH);
152 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS);
153 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS);
154 }
155
156 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>();
157 static {
158 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO);
159 }
160
161 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>();
162 static {
163 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA);
164 }
165
166 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>();
167 static {
168 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS);
169 }
170
171 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>();
172 static {
173 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE);
174 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE);
175 }
176
177 private static final int MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS = 1;
178
179 private static final String ACTION_TRACK = "com.android.fitness.TRACK";
180
181 private final Handler mHandler;
182
183 private PackagesProvider mLocationPackagesProvider;
184 private PackagesProvider mVoiceInteractionPackagesProvider;
185 private PackagesProvider mSmsAppPackagesProvider;
186 private PackagesProvider mDialerAppPackagesProvider;
187 private PackagesProvider mSimCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]188 private PackagesProvider mUseOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]189 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider;
190
191 private ArrayMap<String, List<DefaultPermissionGrant>> mGrantExceptions;
192 private final Context mContext;
193 private final Object mLock = new Object();
194 private final PackageManagerInternal mServiceInternal;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]195 private final PermissionManagerService mPermissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]196 private final DefaultPermissionGrantedCallback mPermissionGrantedCallback;
197 public interface DefaultPermissionGrantedCallback {
198 /** Callback when permissions have been granted */
199 public void onDefaultRuntimePermissionsGranted(int userId);
200 }
201
202 public DefaultPermissionGrantPolicy(Context context, Looper looper,
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]203 @Nullable DefaultPermissionGrantedCallback callback,
204 @NonNull PermissionManagerService permissionManager) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]205 mContext = context;
206 mHandler = new Handler(looper) {
207 @Override
208 public void handleMessage(Message msg) {
209 if (msg.what == MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS) {
210 synchronized (mLock) {
211 if (mGrantExceptions == null) {
212 mGrantExceptions = readDefaultPermissionExceptionsLocked();
213 }
214 }
215 }
216 }
217 };
218 mPermissionGrantedCallback = callback;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]219 mPermissionManager = permissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]220 mServiceInternal = LocalServices.getService(PackageManagerInternal.class);
221 }
222
223 public void setLocationPackagesProvider(PackagesProvider provider) {
224 synchronized (mLock) {
225 mLocationPackagesProvider = provider;
226 }
227 }
228
229 public void setVoiceInteractionPackagesProvider(PackagesProvider provider) {
230 synchronized (mLock) {
231 mVoiceInteractionPackagesProvider = provider;
232 }
233 }
234
235 public void setSmsAppPackagesProvider(PackagesProvider provider) {
236 synchronized (mLock) {
237 mSmsAppPackagesProvider = provider;
238 }
239 }
240
241 public void setDialerAppPackagesProvider(PackagesProvider provider) {
242 synchronized (mLock) {
243 mDialerAppPackagesProvider = provider;
244 }
245 }
246
247 public void setSimCallManagerPackagesProvider(PackagesProvider provider) {
248 synchronized (mLock) {
249 mSimCallManagerPackagesProvider = provider;
250 }
251 }
252
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]253 public void setUseOpenWifiAppPackagesProvider(PackagesProvider provider) {
254 synchronized (mLock) {
255 mUseOpenWifiAppPackagesProvider = provider;
256 }
257 }
258
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]259 public void setSyncAdapterPackagesProvider(SyncAdapterPackagesProvider provider) {
260 synchronized (mLock) {
261 mSyncAdapterPackagesProvider = provider;
262 }
263 }
264
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]265 public void grantDefaultPermissions(int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]266 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) {
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]267 grantAllRuntimePermissions(userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]268 } else {
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]269 grantPermissionsToSysComponentsAndPrivApps(userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]270 grantDefaultSystemHandlerPermissions(userId);
271 grantDefaultPermissionExceptions(userId);
272 }
273 }
274
275 private void grantRuntimePermissionsForPackage(int userId, PackageParser.Package pkg) {
276 Set<String> permissions = new ArraySet<>();
277 for (String permission : pkg.requestedPermissions) {
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]278 final BasePermission bp = mPermissionManager.getPermission(permission);
279 if (bp == null) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]280 continue;
281 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]282 if (bp.isRuntime()) {
283 permissions.add(permission);
284 }
285 }
286 if (!permissions.isEmpty()) {
287 grantRuntimePermissions(pkg, permissions, true, userId);
288 }
289 }
290
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]291 private void grantAllRuntimePermissions(int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]292 Log.i(TAG, "Granting all runtime permissions for user " + userId);
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]293 final PackageList packageList = mServiceInternal.getPackageList();
294 for (String packageName : packageList.getPackageNames()) {
295 final PackageParser.Package pkg = mServiceInternal.getPackage(packageName);
296 if (pkg == null) {
297 continue;
298 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]299 grantRuntimePermissionsForPackage(userId, pkg);
300 }
301 }
302
303 public void scheduleReadDefaultPermissionExceptions() {
304 mHandler.sendEmptyMessage(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
305 }
306
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]307 private void grantPermissionsToSysComponentsAndPrivApps(int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]308 Log.i(TAG, "Granting permissions to platform components for user " + userId);
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]309 final PackageList packageList = mServiceInternal.getPackageList();
310 for (String packageName : packageList.getPackageNames()) {
311 final PackageParser.Package pkg = mServiceInternal.getPackage(packageName);
312 if (pkg == null) {
313 continue;
314 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]315 if (!isSysComponentOrPersistentPlatformSignedPrivApp(pkg)
316 || !doesPackageSupportRuntimePermissions(pkg)
317 || pkg.requestedPermissions.isEmpty()) {
318 continue;
319 }
320 grantRuntimePermissionsForPackage(userId, pkg);
321 }
322 }
323
324 private void grantDefaultSystemHandlerPermissions(int userId) {
325 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId);
326
327 final PackagesProvider locationPackagesProvider;
328 final PackagesProvider voiceInteractionPackagesProvider;
329 final PackagesProvider smsAppPackagesProvider;
330 final PackagesProvider dialerAppPackagesProvider;
331 final PackagesProvider simCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]332 final PackagesProvider useOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]333 final SyncAdapterPackagesProvider syncAdapterPackagesProvider;
334
335 synchronized (mLock) {
336 locationPackagesProvider = mLocationPackagesProvider;
337 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider;
338 smsAppPackagesProvider = mSmsAppPackagesProvider;
339 dialerAppPackagesProvider = mDialerAppPackagesProvider;
340 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]341 useOpenWifiAppPackagesProvider = mUseOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]342 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider;
343 }
344
345 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null)
346 ? voiceInteractionPackagesProvider.getPackages(userId) : null;
347 String[] locationPackageNames = (locationPackagesProvider != null)
348 ? locationPackagesProvider.getPackages(userId) : null;
349 String[] smsAppPackageNames = (smsAppPackagesProvider != null)
350 ? smsAppPackagesProvider.getPackages(userId) : null;
351 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null)
352 ? dialerAppPackagesProvider.getPackages(userId) : null;
353 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null)
354 ? simCallManagerPackagesProvider.getPackages(userId) : null;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]355 String[] useOpenWifiAppPackageNames = (useOpenWifiAppPackagesProvider != null)
356 ? useOpenWifiAppPackagesProvider.getPackages(userId) : null;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]357 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
358 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null;
359 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
360 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null;
361
362 // Installer
363 final String installerPackageName = mServiceInternal.getKnownPackageName(
364 PackageManagerInternal.PACKAGE_INSTALLER, userId);
365 PackageParser.Package installerPackage = getSystemPackage(installerPackageName);
366 if (installerPackage != null
367 && doesPackageSupportRuntimePermissions(installerPackage)) {
368 grantRuntimePermissions(installerPackage, STORAGE_PERMISSIONS, true, userId);
369 }
370
371 // Verifier
372 final String verifierPackageName = mServiceInternal.getKnownPackageName(
373 PackageManagerInternal.PACKAGE_VERIFIER, userId);
374 PackageParser.Package verifierPackage = getSystemPackage(verifierPackageName);
375 if (verifierPackage != null
376 && doesPackageSupportRuntimePermissions(verifierPackage)) {
377 grantRuntimePermissions(verifierPackage, STORAGE_PERMISSIONS, true, userId);
378 grantRuntimePermissions(verifierPackage, PHONE_PERMISSIONS, false, userId);
379 grantRuntimePermissions(verifierPackage, SMS_PERMISSIONS, false, userId);
380 }
381
382 // SetupWizard
383 final String setupWizardPackageName = mServiceInternal.getKnownPackageName(
384 PackageManagerInternal.PACKAGE_SETUP_WIZARD, userId);
385 PackageParser.Package setupPackage = getSystemPackage(setupWizardPackageName);
386 if (setupPackage != null
387 && doesPackageSupportRuntimePermissions(setupPackage)) {
388 grantRuntimePermissions(setupPackage, PHONE_PERMISSIONS, userId);
389 grantRuntimePermissions(setupPackage, CONTACTS_PERMISSIONS, userId);
390 grantRuntimePermissions(setupPackage, LOCATION_PERMISSIONS, userId);
391 grantRuntimePermissions(setupPackage, CAMERA_PERMISSIONS, userId);
392 }
393
394 // Camera
395 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE);
396 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackage(
397 cameraIntent, userId);
398 if (cameraPackage != null
399 && doesPackageSupportRuntimePermissions(cameraPackage)) {
400 grantRuntimePermissions(cameraPackage, CAMERA_PERMISSIONS, userId);
401 grantRuntimePermissions(cameraPackage, MICROPHONE_PERMISSIONS, userId);
402 grantRuntimePermissions(cameraPackage, STORAGE_PERMISSIONS, userId);
403 }
404
405 // Media provider
406 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackage(
407 MediaStore.AUTHORITY, userId);
408 if (mediaStorePackage != null) {
409 grantRuntimePermissions(mediaStorePackage, STORAGE_PERMISSIONS, true, userId);
Jerry Zhang27067df2017-10-18 11:51:54 -0700[diff] [blame]410 grantRuntimePermissions(mediaStorePackage, PHONE_PERMISSIONS, true, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]411 }
412
413 // Downloads provider
414 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackage(
415 "downloads", userId);
416 if (downloadsPackage != null) {
417 grantRuntimePermissions(downloadsPackage, STORAGE_PERMISSIONS, true, userId);
418 }
419
420 // Downloads UI
421 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS);
422 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackage(
423 downloadsUiIntent, userId);
424 if (downloadsUiPackage != null
425 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) {
426 grantRuntimePermissions(downloadsUiPackage, STORAGE_PERMISSIONS, true, userId);
427 }
428
429 // Storage provider
430 PackageParser.Package storagePackage = getDefaultProviderAuthorityPackage(
431 "com.android.externalstorage.documents", userId);
432 if (storagePackage != null) {
433 grantRuntimePermissions(storagePackage, STORAGE_PERMISSIONS, true, userId);
434 }
435
436 // CertInstaller
437 Intent certInstallerIntent = new Intent(Credentials.INSTALL_ACTION);
438 PackageParser.Package certInstallerPackage = getDefaultSystemHandlerActivityPackage(
439 certInstallerIntent, userId);
440 if (certInstallerPackage != null
441 && doesPackageSupportRuntimePermissions(certInstallerPackage)) {
442 grantRuntimePermissions(certInstallerPackage, STORAGE_PERMISSIONS, true, userId);
443 }
444
445 // Dialer
446 if (dialerAppPackageNames == null) {
447 Intent dialerIntent = new Intent(Intent.ACTION_DIAL);
448 PackageParser.Package dialerPackage = getDefaultSystemHandlerActivityPackage(
449 dialerIntent, userId);
450 if (dialerPackage != null) {
451 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId);
452 }
453 } else {
454 for (String dialerAppPackageName : dialerAppPackageNames) {
455 PackageParser.Package dialerPackage = getSystemPackage(dialerAppPackageName);
456 if (dialerPackage != null) {
457 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId);
458 }
459 }
460 }
461
462 // Sim call manager
463 if (simCallManagerPackageNames != null) {
464 for (String simCallManagerPackageName : simCallManagerPackageNames) {
465 PackageParser.Package simCallManagerPackage =
466 getSystemPackage(simCallManagerPackageName);
467 if (simCallManagerPackage != null) {
468 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage,
469 userId);
470 }
471 }
472 }
473
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]474 // Use Open Wifi
475 if (useOpenWifiAppPackageNames != null) {
476 for (String useOpenWifiPackageName : useOpenWifiAppPackageNames) {
477 PackageParser.Package useOpenWifiPackage =
478 getSystemPackage(useOpenWifiPackageName);
479 if (useOpenWifiPackage != null) {
480 grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(useOpenWifiPackage,
481 userId);
482 }
483 }
484 }
485
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]486 // SMS
487 if (smsAppPackageNames == null) {
488 Intent smsIntent = new Intent(Intent.ACTION_MAIN);
489 smsIntent.addCategory(Intent.CATEGORY_APP_MESSAGING);
490 PackageParser.Package smsPackage = getDefaultSystemHandlerActivityPackage(
491 smsIntent, userId);
492 if (smsPackage != null) {
493 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
494 }
495 } else {
496 for (String smsPackageName : smsAppPackageNames) {
497 PackageParser.Package smsPackage = getSystemPackage(smsPackageName);
498 if (smsPackage != null) {
499 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
500 }
501 }
502 }
503
504 // Cell Broadcast Receiver
505 Intent cbrIntent = new Intent(Intents.SMS_CB_RECEIVED_ACTION);
506 PackageParser.Package cbrPackage =
507 getDefaultSystemHandlerActivityPackage(cbrIntent, userId);
508 if (cbrPackage != null && doesPackageSupportRuntimePermissions(cbrPackage)) {
509 grantRuntimePermissions(cbrPackage, SMS_PERMISSIONS, userId);
510 }
511
512 // Carrier Provisioning Service
513 Intent carrierProvIntent = new Intent(Intents.SMS_CARRIER_PROVISION_ACTION);
514 PackageParser.Package carrierProvPackage =
515 getDefaultSystemHandlerServicePackage(carrierProvIntent, userId);
516 if (carrierProvPackage != null
517 && doesPackageSupportRuntimePermissions(carrierProvPackage)) {
518 grantRuntimePermissions(carrierProvPackage, SMS_PERMISSIONS, false, userId);
519 }
520
521 // Calendar
522 Intent calendarIntent = new Intent(Intent.ACTION_MAIN);
523 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR);
524 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackage(
525 calendarIntent, userId);
526 if (calendarPackage != null
527 && doesPackageSupportRuntimePermissions(calendarPackage)) {
528 grantRuntimePermissions(calendarPackage, CALENDAR_PERMISSIONS, userId);
529 grantRuntimePermissions(calendarPackage, CONTACTS_PERMISSIONS, userId);
530 }
531
532 // Calendar provider
533 PackageParser.Package calendarProviderPackage = getDefaultProviderAuthorityPackage(
534 CalendarContract.AUTHORITY, userId);
535 if (calendarProviderPackage != null) {
536 grantRuntimePermissions(calendarProviderPackage, CONTACTS_PERMISSIONS, userId);
537 grantRuntimePermissions(calendarProviderPackage, CALENDAR_PERMISSIONS,
538 true, userId);
539 grantRuntimePermissions(calendarProviderPackage, STORAGE_PERMISSIONS, userId);
540 }
541
542 // Calendar provider sync adapters
543 List<PackageParser.Package> calendarSyncAdapters = getHeadlessSyncAdapterPackages(
544 calendarSyncAdapterPackages, userId);
545 final int calendarSyncAdapterCount = calendarSyncAdapters.size();
546 for (int i = 0; i < calendarSyncAdapterCount; i++) {
547 PackageParser.Package calendarSyncAdapter = calendarSyncAdapters.get(i);
548 if (doesPackageSupportRuntimePermissions(calendarSyncAdapter)) {
549 grantRuntimePermissions(calendarSyncAdapter, CALENDAR_PERMISSIONS, userId);
550 }
551 }
552
553 // Contacts
554 Intent contactsIntent = new Intent(Intent.ACTION_MAIN);
555 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS);
556 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackage(
557 contactsIntent, userId);
558 if (contactsPackage != null
559 && doesPackageSupportRuntimePermissions(contactsPackage)) {
560 grantRuntimePermissions(contactsPackage, CONTACTS_PERMISSIONS, userId);
561 grantRuntimePermissions(contactsPackage, PHONE_PERMISSIONS, userId);
562 }
563
564 // Contacts provider sync adapters
565 List<PackageParser.Package> contactsSyncAdapters = getHeadlessSyncAdapterPackages(
566 contactsSyncAdapterPackages, userId);
567 final int contactsSyncAdapterCount = contactsSyncAdapters.size();
568 for (int i = 0; i < contactsSyncAdapterCount; i++) {
569 PackageParser.Package contactsSyncAdapter = contactsSyncAdapters.get(i);
570 if (doesPackageSupportRuntimePermissions(contactsSyncAdapter)) {
571 grantRuntimePermissions(contactsSyncAdapter, CONTACTS_PERMISSIONS, userId);
572 }
573 }
574
575 // Contacts provider
576 PackageParser.Package contactsProviderPackage = getDefaultProviderAuthorityPackage(
577 ContactsContract.AUTHORITY, userId);
578 if (contactsProviderPackage != null) {
579 grantRuntimePermissions(contactsProviderPackage, CONTACTS_PERMISSIONS,
580 true, userId);
581 grantRuntimePermissions(contactsProviderPackage, PHONE_PERMISSIONS,
582 true, userId);
583 grantRuntimePermissions(contactsProviderPackage, STORAGE_PERMISSIONS, userId);
584 }
585
586 // Device provisioning
587 Intent deviceProvisionIntent = new Intent(
588 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE);
589 PackageParser.Package deviceProvisionPackage =
590 getDefaultSystemHandlerActivityPackage(deviceProvisionIntent, userId);
591 if (deviceProvisionPackage != null
592 && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) {
593 grantRuntimePermissions(deviceProvisionPackage, CONTACTS_PERMISSIONS, userId);
594 }
595
596 // Maps
597 Intent mapsIntent = new Intent(Intent.ACTION_MAIN);
598 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS);
599 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackage(
600 mapsIntent, userId);
601 if (mapsPackage != null
602 && doesPackageSupportRuntimePermissions(mapsPackage)) {
603 grantRuntimePermissions(mapsPackage, LOCATION_PERMISSIONS, userId);
604 }
605
606 // Gallery
607 Intent galleryIntent = new Intent(Intent.ACTION_MAIN);
608 galleryIntent.addCategory(Intent.CATEGORY_APP_GALLERY);
609 PackageParser.Package galleryPackage = getDefaultSystemHandlerActivityPackage(
610 galleryIntent, userId);
611 if (galleryPackage != null
612 && doesPackageSupportRuntimePermissions(galleryPackage)) {
613 grantRuntimePermissions(galleryPackage, STORAGE_PERMISSIONS, userId);
614 }
615
616 // Email
617 Intent emailIntent = new Intent(Intent.ACTION_MAIN);
618 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL);
619 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackage(
620 emailIntent, userId);
621 if (emailPackage != null
622 && doesPackageSupportRuntimePermissions(emailPackage)) {
623 grantRuntimePermissions(emailPackage, CONTACTS_PERMISSIONS, userId);
624 grantRuntimePermissions(emailPackage, CALENDAR_PERMISSIONS, userId);
625 }
626
627 // Browser
628 PackageParser.Package browserPackage = null;
629 String defaultBrowserPackage = mServiceInternal.getKnownPackageName(
630 PackageManagerInternal.PACKAGE_BROWSER, userId);
631 if (defaultBrowserPackage != null) {
632 browserPackage = getPackage(defaultBrowserPackage);
633 }
634 if (browserPackage == null) {
635 Intent browserIntent = new Intent(Intent.ACTION_MAIN);
636 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER);
637 browserPackage = getDefaultSystemHandlerActivityPackage(
638 browserIntent, userId);
639 }
640 if (browserPackage != null
641 && doesPackageSupportRuntimePermissions(browserPackage)) {
642 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, userId);
643 }
644
645 // Voice interaction
646 if (voiceInteractPackageNames != null) {
647 for (String voiceInteractPackageName : voiceInteractPackageNames) {
648 PackageParser.Package voiceInteractPackage = getSystemPackage(
649 voiceInteractPackageName);
650 if (voiceInteractPackage != null
651 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) {
652 grantRuntimePermissions(voiceInteractPackage,
653 CONTACTS_PERMISSIONS, userId);
654 grantRuntimePermissions(voiceInteractPackage,
655 CALENDAR_PERMISSIONS, userId);
656 grantRuntimePermissions(voiceInteractPackage,
657 MICROPHONE_PERMISSIONS, userId);
658 grantRuntimePermissions(voiceInteractPackage,
659 PHONE_PERMISSIONS, userId);
660 grantRuntimePermissions(voiceInteractPackage,
661 SMS_PERMISSIONS, userId);
662 grantRuntimePermissions(voiceInteractPackage,
663 LOCATION_PERMISSIONS, userId);
664 }
665 }
666 }
667
668 if (ActivityManager.isLowRamDeviceStatic()) {
669 // Allow voice search on low-ram devices
670 Intent globalSearchIntent = new Intent("android.search.action.GLOBAL_SEARCH");
671 PackageParser.Package globalSearchPickerPackage =
672 getDefaultSystemHandlerActivityPackage(globalSearchIntent, userId);
673
674 if (globalSearchPickerPackage != null
675 && doesPackageSupportRuntimePermissions(globalSearchPickerPackage)) {
676 grantRuntimePermissions(globalSearchPickerPackage,
Ng Zhi An202372d2017-12-19 11:19:30 -0800[diff] [blame]677 MICROPHONE_PERMISSIONS, false, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]678 grantRuntimePermissions(globalSearchPickerPackage,
Ng Zhi An202372d2017-12-19 11:19:30 -0800[diff] [blame]679 LOCATION_PERMISSIONS, false, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]680 }
681 }
682
683 // Voice recognition
684 Intent voiceRecoIntent = new Intent("android.speech.RecognitionService");
685 voiceRecoIntent.addCategory(Intent.CATEGORY_DEFAULT);
686 PackageParser.Package voiceRecoPackage = getDefaultSystemHandlerServicePackage(
687 voiceRecoIntent, userId);
688 if (voiceRecoPackage != null
689 && doesPackageSupportRuntimePermissions(voiceRecoPackage)) {
690 grantRuntimePermissions(voiceRecoPackage, MICROPHONE_PERMISSIONS, userId);
691 }
692
693 // Location
694 if (locationPackageNames != null) {
695 for (String packageName : locationPackageNames) {
696 PackageParser.Package locationPackage = getSystemPackage(packageName);
697 if (locationPackage != null
698 && doesPackageSupportRuntimePermissions(locationPackage)) {
699 grantRuntimePermissions(locationPackage, CONTACTS_PERMISSIONS, userId);
700 grantRuntimePermissions(locationPackage, CALENDAR_PERMISSIONS, userId);
701 grantRuntimePermissions(locationPackage, MICROPHONE_PERMISSIONS, userId);
702 grantRuntimePermissions(locationPackage, PHONE_PERMISSIONS, userId);
703 grantRuntimePermissions(locationPackage, SMS_PERMISSIONS, userId);
704 grantRuntimePermissions(locationPackage, LOCATION_PERMISSIONS,
705 true, userId);
706 grantRuntimePermissions(locationPackage, CAMERA_PERMISSIONS, userId);
707 grantRuntimePermissions(locationPackage, SENSORS_PERMISSIONS, userId);
708 grantRuntimePermissions(locationPackage, STORAGE_PERMISSIONS, userId);
709 }
710 }
711 }
712
713 // Music
714 Intent musicIntent = new Intent(Intent.ACTION_VIEW);
715 musicIntent.addCategory(Intent.CATEGORY_DEFAULT);
716 musicIntent.setDataAndType(Uri.fromFile(new File("foo.mp3")),
717 AUDIO_MIME_TYPE);
718 PackageParser.Package musicPackage = getDefaultSystemHandlerActivityPackage(
719 musicIntent, userId);
720 if (musicPackage != null
721 && doesPackageSupportRuntimePermissions(musicPackage)) {
722 grantRuntimePermissions(musicPackage, STORAGE_PERMISSIONS, userId);
723 }
724
725 // Home
726 Intent homeIntent = new Intent(Intent.ACTION_MAIN);
727 homeIntent.addCategory(Intent.CATEGORY_HOME);
728 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER_APP);
729 PackageParser.Package homePackage = getDefaultSystemHandlerActivityPackage(
730 homeIntent, userId);
731 if (homePackage != null
732 && doesPackageSupportRuntimePermissions(homePackage)) {
733 grantRuntimePermissions(homePackage, LOCATION_PERMISSIONS, false, userId);
734 }
735
736 // Watches
737 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0)) {
738 // Home application on watches
739 Intent wearHomeIntent = new Intent(Intent.ACTION_MAIN);
740 wearHomeIntent.addCategory(Intent.CATEGORY_HOME_MAIN);
741
742 PackageParser.Package wearHomePackage = getDefaultSystemHandlerActivityPackage(
743 wearHomeIntent, userId);
744
745 if (wearHomePackage != null
746 && doesPackageSupportRuntimePermissions(wearHomePackage)) {
747 grantRuntimePermissions(wearHomePackage, CONTACTS_PERMISSIONS, false,
748 userId);
749 grantRuntimePermissions(wearHomePackage, PHONE_PERMISSIONS, true, userId);
750 grantRuntimePermissions(wearHomePackage, MICROPHONE_PERMISSIONS, false,
751 userId);
752 grantRuntimePermissions(wearHomePackage, LOCATION_PERMISSIONS, false,
753 userId);
754 }
755
756 // Fitness tracking on watches
757 Intent trackIntent = new Intent(ACTION_TRACK);
758 PackageParser.Package trackPackage = getDefaultSystemHandlerActivityPackage(
759 trackIntent, userId);
760 if (trackPackage != null
761 && doesPackageSupportRuntimePermissions(trackPackage)) {
762 grantRuntimePermissions(trackPackage, SENSORS_PERMISSIONS, false, userId);
763 grantRuntimePermissions(trackPackage, LOCATION_PERMISSIONS, false, userId);
764 }
765 }
766
767 // Print Spooler
768 PackageParser.Package printSpoolerPackage = getSystemPackage(
769 PrintManager.PRINT_SPOOLER_PACKAGE_NAME);
770 if (printSpoolerPackage != null
771 && doesPackageSupportRuntimePermissions(printSpoolerPackage)) {
772 grantRuntimePermissions(printSpoolerPackage, LOCATION_PERMISSIONS, true, userId);
773 }
774
775 // EmergencyInfo
776 Intent emergencyInfoIntent = new Intent(TelephonyManager.ACTION_EMERGENCY_ASSISTANCE);
777 PackageParser.Package emergencyInfoPckg = getDefaultSystemHandlerActivityPackage(
778 emergencyInfoIntent, userId);
779 if (emergencyInfoPckg != null
780 && doesPackageSupportRuntimePermissions(emergencyInfoPckg)) {
781 grantRuntimePermissions(emergencyInfoPckg, CONTACTS_PERMISSIONS, true, userId);
782 grantRuntimePermissions(emergencyInfoPckg, PHONE_PERMISSIONS, true, userId);
783 }
784
785 // NFC Tag viewer
786 Intent nfcTagIntent = new Intent(Intent.ACTION_VIEW);
787 nfcTagIntent.setType("vnd.android.cursor.item/ndef_msg");
788 PackageParser.Package nfcTagPkg = getDefaultSystemHandlerActivityPackage(
789 nfcTagIntent, userId);
790 if (nfcTagPkg != null
791 && doesPackageSupportRuntimePermissions(nfcTagPkg)) {
792 grantRuntimePermissions(nfcTagPkg, CONTACTS_PERMISSIONS, false, userId);
793 grantRuntimePermissions(nfcTagPkg, PHONE_PERMISSIONS, false, userId);
794 }
795
796 // Storage Manager
797 Intent storageManagerIntent = new Intent(StorageManager.ACTION_MANAGE_STORAGE);
798 PackageParser.Package storageManagerPckg = getDefaultSystemHandlerActivityPackage(
799 storageManagerIntent, userId);
800 if (storageManagerPckg != null
801 && doesPackageSupportRuntimePermissions(storageManagerPckg)) {
802 grantRuntimePermissions(storageManagerPckg, STORAGE_PERMISSIONS, true, userId);
803 }
804
805 // Companion devices
806 PackageParser.Package companionDeviceDiscoveryPackage = getSystemPackage(
807 CompanionDeviceManager.COMPANION_DEVICE_DISCOVERY_PACKAGE_NAME);
808 if (companionDeviceDiscoveryPackage != null
809 && doesPackageSupportRuntimePermissions(companionDeviceDiscoveryPackage)) {
810 grantRuntimePermissions(companionDeviceDiscoveryPackage,
811 LOCATION_PERMISSIONS, true, userId);
812 }
813
814 // Ringtone Picker
815 Intent ringtonePickerIntent = new Intent(RingtoneManager.ACTION_RINGTONE_PICKER);
816 PackageParser.Package ringtonePickerPackage =
817 getDefaultSystemHandlerActivityPackage(ringtonePickerIntent, userId);
818 if (ringtonePickerPackage != null
819 && doesPackageSupportRuntimePermissions(ringtonePickerPackage)) {
820 grantRuntimePermissions(ringtonePickerPackage,
821 STORAGE_PERMISSIONS, true, userId);
822 }
823
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]824 if (mPermissionGrantedCallback != null) {
825 mPermissionGrantedCallback.onDefaultRuntimePermissionsGranted(userId);
826 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]827 }
828
829 private void grantDefaultPermissionsToDefaultSystemDialerApp(
830 PackageParser.Package dialerPackage, int userId) {
831 if (doesPackageSupportRuntimePermissions(dialerPackage)) {
832 boolean isPhonePermFixed =
833 mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0);
834 grantRuntimePermissions(
835 dialerPackage, PHONE_PERMISSIONS, isPhonePermFixed, userId);
836 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, userId);
837 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, userId);
838 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, userId);
839 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, userId);
840 }
841 }
842
843 private void grantDefaultPermissionsToDefaultSystemSmsApp(
844 PackageParser.Package smsPackage, int userId) {
845 if (doesPackageSupportRuntimePermissions(smsPackage)) {
846 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, userId);
847 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, userId);
848 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, userId);
849 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, userId);
850 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, userId);
851 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, userId);
852 }
853 }
854
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]855 private void grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(
856 PackageParser.Package useOpenWifiPackage, int userId) {
857 if (doesPackageSupportRuntimePermissions(useOpenWifiPackage)) {
858 grantRuntimePermissions(useOpenWifiPackage, COARSE_LOCATION_PERMISSIONS, userId);
859 }
860 }
861
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]862 public void grantDefaultPermissionsToDefaultSmsApp(String packageName, int userId) {
863 Log.i(TAG, "Granting permissions to default sms app for user:" + userId);
864 if (packageName == null) {
865 return;
866 }
867 PackageParser.Package smsPackage = getPackage(packageName);
868 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) {
869 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, false, true, userId);
870 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, false, true, userId);
871 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, false, true, userId);
872 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, false, true, userId);
873 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, false, true, userId);
874 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, false, true, userId);
875 }
876 }
877
878 public void grantDefaultPermissionsToDefaultDialerApp(String packageName, int userId) {
879 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId);
880 if (packageName == null) {
881 return;
882 }
883 PackageParser.Package dialerPackage = getPackage(packageName);
884 if (dialerPackage != null
885 && doesPackageSupportRuntimePermissions(dialerPackage)) {
886 grantRuntimePermissions(dialerPackage, PHONE_PERMISSIONS, false, true, userId);
887 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, false, true, userId);
888 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, false, true, userId);
889 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, false, true, userId);
890 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, false, true, userId);
891 }
892 }
893
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]894 public void grantDefaultPermissionsToDefaultUseOpenWifiApp(String packageName, int userId) {
895 Log.i(TAG, "Granting permissions to default Use Open WiFi app for user:" + userId);
896 if (packageName == null) {
897 return;
898 }
899 PackageParser.Package useOpenWifiPackage = getPackage(packageName);
900 if (useOpenWifiPackage != null
901 && doesPackageSupportRuntimePermissions(useOpenWifiPackage)) {
902 grantRuntimePermissions(
903 useOpenWifiPackage, COARSE_LOCATION_PERMISSIONS, false, true, userId);
904 }
905 }
906
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]907 private void grantDefaultPermissionsToDefaultSimCallManager(
908 PackageParser.Package simCallManagerPackage, int userId) {
909 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId);
910 if (doesPackageSupportRuntimePermissions(simCallManagerPackage)) {
911 grantRuntimePermissions(simCallManagerPackage, PHONE_PERMISSIONS, userId);
912 grantRuntimePermissions(simCallManagerPackage, MICROPHONE_PERMISSIONS, userId);
913 }
914 }
915
916 public void grantDefaultPermissionsToDefaultSimCallManager(String packageName, int userId) {
917 if (packageName == null) {
918 return;
919 }
920 PackageParser.Package simCallManagerPackage = getPackage(packageName);
921 if (simCallManagerPackage != null) {
922 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage, userId);
923 }
924 }
925
926 public void grantDefaultPermissionsToEnabledCarrierApps(String[] packageNames, int userId) {
927 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId);
928 if (packageNames == null) {
929 return;
930 }
931 for (String packageName : packageNames) {
932 PackageParser.Package carrierPackage = getSystemPackage(packageName);
933 if (carrierPackage != null
934 && doesPackageSupportRuntimePermissions(carrierPackage)) {
935 grantRuntimePermissions(carrierPackage, PHONE_PERMISSIONS, userId);
936 grantRuntimePermissions(carrierPackage, LOCATION_PERMISSIONS, userId);
937 grantRuntimePermissions(carrierPackage, SMS_PERMISSIONS, userId);
938 }
939 }
940 }
941
942 public void grantDefaultPermissionsToEnabledImsServices(String[] packageNames, int userId) {
943 Log.i(TAG, "Granting permissions to enabled ImsServices for user:" + userId);
944 if (packageNames == null) {
945 return;
946 }
947 for (String packageName : packageNames) {
948 PackageParser.Package imsServicePackage = getSystemPackage(packageName);
949 if (imsServicePackage != null
950 && doesPackageSupportRuntimePermissions(imsServicePackage)) {
951 grantRuntimePermissions(imsServicePackage, PHONE_PERMISSIONS, userId);
952 grantRuntimePermissions(imsServicePackage, MICROPHONE_PERMISSIONS, userId);
953 grantRuntimePermissions(imsServicePackage, LOCATION_PERMISSIONS, userId);
954 grantRuntimePermissions(imsServicePackage, CAMERA_PERMISSIONS, userId);
955 }
956 }
957 }
958
959 public void grantDefaultPermissionsToDefaultBrowser(String packageName, int userId) {
960 Log.i(TAG, "Granting permissions to default browser for user:" + userId);
961 if (packageName == null) {
962 return;
963 }
964 PackageParser.Package browserPackage = getSystemPackage(packageName);
965 if (browserPackage != null
966 && doesPackageSupportRuntimePermissions(browserPackage)) {
967 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, false, false, userId);
968 }
969 }
970
971 private PackageParser.Package getDefaultSystemHandlerActivityPackage(
972 Intent intent, int userId) {
973 ResolveInfo handler = mServiceInternal.resolveIntent(intent,
974 intent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS, userId, false);
975 if (handler == null || handler.activityInfo == null) {
976 return null;
977 }
978 if (mServiceInternal.isResolveActivityComponent(handler.activityInfo)) {
979 return null;
980 }
981 return getSystemPackage(handler.activityInfo.packageName);
982 }
983
984 private PackageParser.Package getDefaultSystemHandlerServicePackage(
985 Intent intent, int userId) {
986 List<ResolveInfo> handlers = mServiceInternal.queryIntentServices(
987 intent, DEFAULT_FLAGS, Binder.getCallingUid(), userId);
988 if (handlers == null) {
989 return null;
990 }
991 final int handlerCount = handlers.size();
992 for (int i = 0; i < handlerCount; i++) {
993 ResolveInfo handler = handlers.get(i);
994 PackageParser.Package handlerPackage = getSystemPackage(
995 handler.serviceInfo.packageName);
996 if (handlerPackage != null) {
997 return handlerPackage;
998 }
999 }
1000 return null;
1001 }
1002
1003 private List<PackageParser.Package> getHeadlessSyncAdapterPackages(
1004 String[] syncAdapterPackageNames, int userId) {
1005 List<PackageParser.Package> syncAdapterPackages = new ArrayList<>();
1006
1007 Intent homeIntent = new Intent(Intent.ACTION_MAIN);
1008 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER);
1009
1010 for (String syncAdapterPackageName : syncAdapterPackageNames) {
1011 homeIntent.setPackage(syncAdapterPackageName);
1012
1013 ResolveInfo homeActivity = mServiceInternal.resolveIntent(homeIntent,
1014 homeIntent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS,
1015 userId, false);
1016 if (homeActivity != null) {
1017 continue;
1018 }
1019
1020 PackageParser.Package syncAdapterPackage = getSystemPackage(syncAdapterPackageName);
1021 if (syncAdapterPackage != null) {
1022 syncAdapterPackages.add(syncAdapterPackage);
1023 }
1024 }
1025
1026 return syncAdapterPackages;
1027 }
1028
1029 private PackageParser.Package getDefaultProviderAuthorityPackage(
1030 String authority, int userId) {
1031 ProviderInfo provider =
1032 mServiceInternal.resolveContentProvider(authority, DEFAULT_FLAGS, userId);
1033 if (provider != null) {
1034 return getSystemPackage(provider.packageName);
1035 }
1036 return null;
1037 }
1038
1039 private PackageParser.Package getPackage(String packageName) {
1040 return mServiceInternal.getPackage(packageName);
1041 }
1042
1043 private PackageParser.Package getSystemPackage(String packageName) {
1044 PackageParser.Package pkg = getPackage(packageName);
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1045 if (pkg != null && pkg.isSystem()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1046 return !isSysComponentOrPersistentPlatformSignedPrivApp(pkg) ? pkg : null;
1047 }
1048 return null;
1049 }
1050
1051 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
1052 int userId) {
1053 grantRuntimePermissions(pkg, permissions, false, false, userId);
1054 }
1055
1056 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
1057 boolean systemFixed, int userId) {
1058 grantRuntimePermissions(pkg, permissions, systemFixed, false, userId);
1059 }
1060
1061 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1062 boolean systemFixed, boolean ignoreSystemPackage, int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1063 if (pkg.requestedPermissions.isEmpty()) {
1064 return;
1065 }
1066
1067 List<String> requestedPermissions = pkg.requestedPermissions;
1068 Set<String> grantablePermissions = null;
1069
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1070 // In some cases, like for the Phone or SMS app, we grant permissions regardless
1071 // of if the version on the system image declares the permission as used since
1072 // selecting the app as the default for that function the user makes a deliberate
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1073 // choice to grant this app the permissions needed to function. For all other
1074 // apps, (default grants on first boot and user creation) we don't grant default
1075 // permissions if the version on the system image does not declare them.
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1076 if (!ignoreSystemPackage && pkg.isUpdatedSystemApp()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1077 final PackageParser.Package disabledPkg =
1078 mServiceInternal.getDisabledPackage(pkg.packageName);
1079 if (disabledPkg != null) {
1080 if (disabledPkg.requestedPermissions.isEmpty()) {
1081 return;
1082 }
1083 if (!requestedPermissions.equals(disabledPkg.requestedPermissions)) {
1084 grantablePermissions = new ArraySet<>(requestedPermissions);
1085 requestedPermissions = disabledPkg.requestedPermissions;
1086 }
1087 }
1088 }
1089
1090 final int grantablePermissionCount = requestedPermissions.size();
1091 for (int i = 0; i < grantablePermissionCount; i++) {
1092 String permission = requestedPermissions.get(i);
1093
1094 // If there is a disabled system app it may request a permission the updated
1095 // version ot the data partition doesn't, In this case skip the permission.
1096 if (grantablePermissions != null && !grantablePermissions.contains(permission)) {
1097 continue;
1098 }
1099
1100 if (permissions.contains(permission)) {
1101 final int flags = mServiceInternal.getPermissionFlagsTEMP(
1102 permission, pkg.packageName, userId);
1103
1104 // If any flags are set to the permission, then it is either set in
1105 // its current state by the system or device/profile owner or the user.
1106 // In all these cases we do not want to clobber the current state.
1107 // Unless the caller wants to override user choices. The override is
1108 // to make sure we can grant the needed permission to the default
1109 // sms and phone apps after the user chooses this in the UI.
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1110 if (flags == 0 || ignoreSystemPackage) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1111 // Never clobber policy or system.
1112 final int fixedFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED
1113 | PackageManager.FLAG_PERMISSION_POLICY_FIXED;
1114 if ((flags & fixedFlags) != 0) {
1115 continue;
1116 }
1117
1118 mServiceInternal.grantRuntimePermission(
1119 pkg.packageName, permission, userId, false);
1120 if (DEBUG) {
1121 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ")
1122 + permission + " to default handler " + pkg.packageName);
1123 }
1124
1125 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT;
1126 if (systemFixed) {
1127 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
1128 }
1129
1130 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName,
1131 newFlags, newFlags, userId);
1132 }
1133
1134 // If a component gets a permission for being the default handler A
1135 // and also default handler B, we grant the weaker grant form.
1136 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
1137 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0
1138 && !systemFixed) {
1139 if (DEBUG) {
1140 Log.i(TAG, "Granted not fixed " + permission + " to default handler "
1141 + pkg.packageName);
1142 }
1143 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName,
1144 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, userId);
1145 }
1146 }
1147 }
1148 }
1149
1150 private boolean isSysComponentOrPersistentPlatformSignedPrivApp(PackageParser.Package pkg) {
1151 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) {
1152 return true;
1153 }
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1154 if (!pkg.isPrivileged()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1155 return false;
1156 }
1157 final PackageParser.Package disabledPkg =
1158 mServiceInternal.getDisabledPackage(pkg.packageName);
1159 if (disabledPkg != null) {
1160 if ((disabledPkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
1161 return false;
1162 }
1163 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
1164 return false;
1165 }
1166 final String systemPackageName = mServiceInternal.getKnownPackageName(
1167 PackageManagerInternal.PACKAGE_SYSTEM, UserHandle.USER_SYSTEM);
1168 final PackageParser.Package systemPackage = getPackage(systemPackageName);
Patrick Baumann420d58a2017-12-19 10:17:21 -0800[diff] [blame]1169 return compareSignatures(systemPackage.mSigningDetails.signatures,
1170 pkg.mSigningDetails.signatures)
Todd Kennedy7c4c55d2017-11-02 10:01:39 -0700[diff] [blame]1171 == PackageManager.SIGNATURE_MATCH;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1172 }
1173
1174 private void grantDefaultPermissionExceptions(int userId) {
1175 mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
1176
1177 synchronized (mLock) {
1178 // mGrantExceptions is null only before the first read and then
1179 // it serves as a cache of the default grants that should be
1180 // performed for every user. If there is an entry then the app
1181 // is on the system image and supports runtime permissions.
1182 if (mGrantExceptions == null) {
1183 mGrantExceptions = readDefaultPermissionExceptionsLocked();
1184 }
1185 }
1186
1187 Set<String> permissions = null;
1188 final int exceptionCount = mGrantExceptions.size();
1189 for (int i = 0; i < exceptionCount; i++) {
1190 String packageName = mGrantExceptions.keyAt(i);
1191 PackageParser.Package pkg = getSystemPackage(packageName);
1192 List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i);
1193 final int permissionGrantCount = permissionGrants.size();
1194 for (int j = 0; j < permissionGrantCount; j++) {
1195 DefaultPermissionGrant permissionGrant = permissionGrants.get(j);
1196 if (permissions == null) {
1197 permissions = new ArraySet<>();
1198 } else {
1199 permissions.clear();
1200 }
1201 permissions.add(permissionGrant.name);
1202 grantRuntimePermissions(pkg, permissions,
1203 permissionGrant.fixed, userId);
1204 }
1205 }
1206 }
1207
1208 private File[] getDefaultPermissionFiles() {
1209 ArrayList<File> ret = new ArrayList<File>();
1210 File dir = new File(Environment.getRootDirectory(), "etc/default-permissions");
1211 if (dir.isDirectory() && dir.canRead()) {
1212 Collections.addAll(ret, dir.listFiles());
1213 }
1214 dir = new File(Environment.getVendorDirectory(), "etc/default-permissions");
1215 if (dir.isDirectory() && dir.canRead()) {
1216 Collections.addAll(ret, dir.listFiles());
1217 }
Jaekyun Seok1713d9e2018-01-12 21:47:26 +0900[diff] [blame^]1218 dir = new File(Environment.getProductDirectory(), "etc/default-permissions");
1219 if (dir.isDirectory() && dir.canRead()) {
1220 Collections.addAll(ret, dir.listFiles());
1221 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1222 return ret.isEmpty() ? null : ret.toArray(new File[0]);
1223 }
1224
1225 private @NonNull ArrayMap<String, List<DefaultPermissionGrant>>
1226 readDefaultPermissionExceptionsLocked() {
1227 File[] files = getDefaultPermissionFiles();
1228 if (files == null) {
1229 return new ArrayMap<>(0);
1230 }
1231
1232 ArrayMap<String, List<DefaultPermissionGrant>> grantExceptions = new ArrayMap<>();
1233
1234 // Iterate over the files in the directory and scan .xml files
1235 for (File file : files) {
1236 if (!file.getPath().endsWith(".xml")) {
1237 Slog.i(TAG, "Non-xml file " + file
1238 + " in " + file.getParent() + " directory, ignoring");
1239 continue;
1240 }
1241 if (!file.canRead()) {
1242 Slog.w(TAG, "Default permissions file " + file + " cannot be read");
1243 continue;
1244 }
1245 try (
1246 InputStream str = new BufferedInputStream(new FileInputStream(file))
1247 ) {
1248 XmlPullParser parser = Xml.newPullParser();
1249 parser.setInput(str, null);
1250 parse(parser, grantExceptions);
1251 } catch (XmlPullParserException | IOException e) {
1252 Slog.w(TAG, "Error reading default permissions file " + file, e);
1253 }
1254 }
1255
1256 return grantExceptions;
1257 }
1258
1259 private void parse(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1260 outGrantExceptions) throws IOException, XmlPullParserException {
1261 final int outerDepth = parser.getDepth();
1262 int type;
1263 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1264 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1265 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1266 continue;
1267 }
1268 if (TAG_EXCEPTIONS.equals(parser.getName())) {
1269 parseExceptions(parser, outGrantExceptions);
1270 } else {
1271 Log.e(TAG, "Unknown tag " + parser.getName());
1272 }
1273 }
1274 }
1275
1276 private void parseExceptions(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1277 outGrantExceptions) throws IOException, XmlPullParserException {
1278 final int outerDepth = parser.getDepth();
1279 int type;
1280 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1281 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1282 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1283 continue;
1284 }
1285 if (TAG_EXCEPTION.equals(parser.getName())) {
1286 String packageName = parser.getAttributeValue(null, ATTR_PACKAGE);
1287
1288 List<DefaultPermissionGrant> packageExceptions =
1289 outGrantExceptions.get(packageName);
1290 if (packageExceptions == null) {
1291 // The package must be on the system image
1292 PackageParser.Package pkg = getSystemPackage(packageName);
1293 if (pkg == null) {
1294 Log.w(TAG, "Unknown package:" + packageName);
1295 XmlUtils.skipCurrentTag(parser);
1296 continue;
1297 }
1298
1299 // The package must support runtime permissions
1300 if (!doesPackageSupportRuntimePermissions(pkg)) {
1301 Log.w(TAG, "Skipping non supporting runtime permissions package:"
1302 + packageName);
1303 XmlUtils.skipCurrentTag(parser);
1304 continue;
1305 }
1306 packageExceptions = new ArrayList<>();
1307 outGrantExceptions.put(packageName, packageExceptions);
1308 }
1309
1310 parsePermission(parser, packageExceptions);
1311 } else {
1312 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exceptions>");
1313 }
1314 }
1315 }
1316
1317 private void parsePermission(XmlPullParser parser, List<DefaultPermissionGrant>
1318 outPackageExceptions) throws IOException, XmlPullParserException {
1319 final int outerDepth = parser.getDepth();
1320 int type;
1321 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1322 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1323 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1324 continue;
1325 }
1326
1327 if (TAG_PERMISSION.contains(parser.getName())) {
1328 String name = parser.getAttributeValue(null, ATTR_NAME);
1329 if (name == null) {
1330 Log.w(TAG, "Mandatory name attribute missing for permission tag");
1331 XmlUtils.skipCurrentTag(parser);
1332 continue;
1333 }
1334
1335 final boolean fixed = XmlUtils.readBooleanAttribute(parser, ATTR_FIXED);
1336
1337 DefaultPermissionGrant exception = new DefaultPermissionGrant(name, fixed);
1338 outPackageExceptions.add(exception);
1339 } else {
1340 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exception>");
1341 }
1342 }
1343 }
1344
1345 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) {
1346 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1;
1347 }
1348
1349 private static final class DefaultPermissionGrant {
1350 final String name;
1351 final boolean fixed;
1352
1353 public DefaultPermissionGrant(String name, boolean fixed) {
1354 this.name = name;
1355 this.fixed = fixed;
1356 }
1357 }
1358}