Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 1acbb9c031c6eebde0fc5d84e3d939c2596a9de4 / . / services / core / java / com / android / server / pm / permission / DefaultPermissionGrantPolicy.java
blob: 5870986a264ff3934c2b580d4083231fc7b76fd6 [file] [log] [blame]
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.pm.permission;
18
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]19import static android.os.Process.FIRST_APPLICATION_UID;
Todd Kennedy7c4c55d2017-11-02 10:01:39 -0700[diff] [blame]20
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]21import android.Manifest;
22import android.annotation.NonNull;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]23import android.annotation.Nullable;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]24import android.app.ActivityManager;
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]25import android.app.AppOpsManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]26import android.app.DownloadManager;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]27import android.app.SearchManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]28import android.app.admin.DevicePolicyManager;
29import android.companion.CompanionDeviceManager;
30import android.content.Context;
31import android.content.Intent;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]32import android.content.pm.ApplicationInfo;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]33import android.content.pm.PackageInfo;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]34import android.content.pm.PackageManager;
Jeff Sharkey7a807602018-10-18 13:21:55 -0600[diff] [blame]35import android.content.pm.PackageManager.NameNotFoundException;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]36import android.content.pm.PackageManagerInternal;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]37import android.content.pm.PackageManagerInternal.PackagesProvider;
38import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider;
Jeff Sharkey7a807602018-10-18 13:21:55 -0600[diff] [blame]39import android.content.pm.PermissionInfo;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]40import android.content.pm.ProviderInfo;
41import android.content.pm.ResolveInfo;
42import android.media.RingtoneManager;
43import android.net.Uri;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]44import android.os.Build;
45import android.os.Environment;
46import android.os.Handler;
47import android.os.Looper;
48import android.os.Message;
49import android.os.UserHandle;
50import android.os.storage.StorageManager;
Philip P. Moltmann039678e2018-09-18 13:04:38 -0700[diff] [blame]51import android.permission.PermissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]52import android.print.PrintManager;
53import android.provider.CalendarContract;
54import android.provider.ContactsContract;
55import android.provider.MediaStore;
56import android.provider.Telephony.Sms.Intents;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]57import android.security.Credentials;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]58import android.speech.RecognitionService;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]59import android.telephony.TelephonyManager;
Ye Wen8e8b2d52018-03-14 11:48:24 -0700[diff] [blame]60import android.text.TextUtils;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]61import android.util.ArrayMap;
62import android.util.ArraySet;
63import android.util.Log;
64import android.util.Slog;
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]65import android.util.SparseIntArray;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]66import android.util.Xml;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]67
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]68import com.android.internal.annotations.GuardedBy;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]69import com.android.internal.util.ArrayUtils;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]70import com.android.internal.util.XmlUtils;
71import com.android.server.LocalServices;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]72
73import org.xmlpull.v1.XmlPullParser;
74import org.xmlpull.v1.XmlPullParserException;
75
76import java.io.BufferedInputStream;
77import java.io.File;
78import java.io.FileInputStream;
79import java.io.IOException;
80import java.io.InputStream;
81import java.util.ArrayList;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]82import java.util.Arrays;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]83import java.util.Collections;
84import java.util.List;
85import java.util.Map;
86import java.util.Set;
87
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]88/**
89 * This class is the policy for granting runtime permissions to
90 * platform components and default handlers in the system such
91 * that the device is usable out-of-the-box. For example, the
92 * shell UID is a part of the system and the Phone app should
93 * have phone related permission by default.
94 * <p>
95 * NOTE: This class is at the wrong abstraction level. It is a part of the package manager
96 * service but knows about lots of higher level subsystems. The correct way to do this is
97 * to have an interface defined in the package manager but have the impl next to other
98 * policy stuff like PhoneWindowManager
99 */
100public final class DefaultPermissionGrantPolicy {
101 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars
102 private static final boolean DEBUG = false;
103
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]104 @PackageManager.ResolveInfoFlags
105 private static final int DEFAULT_INTENT_QUERY_FLAGS =
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]106 PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE
107 | PackageManager.MATCH_UNINSTALLED_PACKAGES;
108
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]109 @PackageManager.PackageInfoFlags
110 private static final int DEFAULT_PACKAGE_INFO_QUERY_FLAGS =
Eugene Suslaa8d1a452019-04-10 18:00:35 -0700[diff] [blame]111 PackageManager.MATCH_UNINSTALLED_PACKAGES
112 | PackageManager.MATCH_DISABLED_UNTIL_USED_COMPONENTS
113 | PackageManager.MATCH_HIDDEN_UNTIL_INSTALLED_COMPONENTS
114 | PackageManager.GET_PERMISSIONS;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]115
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]116 private static final String AUDIO_MIME_TYPE = "audio/mpeg";
117
118 private static final String TAG_EXCEPTIONS = "exceptions";
119 private static final String TAG_EXCEPTION = "exception";
120 private static final String TAG_PERMISSION = "permission";
121 private static final String ATTR_PACKAGE = "package";
122 private static final String ATTR_NAME = "name";
123 private static final String ATTR_FIXED = "fixed";
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]124 private static final String ATTR_WHITELISTED = "whitelisted";
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]125
126 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>();
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]127
128
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]129 static {
130 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE);
131 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE);
132 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG);
133 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG);
134 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL);
135 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP);
136 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS);
137 }
138
139 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>();
140 static {
141 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS);
142 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS);
143 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS);
144 }
145
Calvin On5eda9dd2018-12-12 15:43:28 -0800[diff] [blame]146 private static final Set<String> ALWAYS_LOCATION_PERMISSIONS = new ArraySet<>();
147 static {
148 ALWAYS_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION);
149 ALWAYS_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);
150 ALWAYS_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_BACKGROUND_LOCATION);
151 }
152
Zimuzo5ac1eb92018-11-29 12:51:14 +0000[diff] [blame]153 private static final Set<String> ACTIVITY_RECOGNITION_PERMISSIONS = new ArraySet<>();
154 static {
155 ACTIVITY_RECOGNITION_PERMISSIONS.add(Manifest.permission.ACTIVITY_RECOGNITION);
156 }
157
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]158 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>();
159 static {
160 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR);
161 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR);
162 }
163
164 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>();
165 static {
166 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS);
167 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS);
168 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS);
169 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH);
170 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS);
171 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS);
172 }
173
174 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>();
175 static {
176 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO);
177 }
178
179 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>();
180 static {
181 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA);
182 }
183
184 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>();
185 static {
186 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS);
187 }
188
189 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>();
190 static {
Philip P. Moltmannccc8add2019-03-22 12:21:56 -0700[diff] [blame]191 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE);
192 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]193 }
194
195 private static final int MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS = 1;
196
197 private static final String ACTION_TRACK = "com.android.fitness.TRACK";
198
199 private final Handler mHandler;
200
201 private PackagesProvider mLocationPackagesProvider;
Wei Wangffb94e62019-01-14 00:05:45 -0800[diff] [blame]202 private PackagesProvider mLocationExtraPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]203 private PackagesProvider mVoiceInteractionPackagesProvider;
204 private PackagesProvider mSmsAppPackagesProvider;
205 private PackagesProvider mDialerAppPackagesProvider;
206 private PackagesProvider mSimCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]207 private PackagesProvider mUseOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]208 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider;
209
210 private ArrayMap<String, List<DefaultPermissionGrant>> mGrantExceptions;
211 private final Context mContext;
212 private final Object mLock = new Object();
213 private final PackageManagerInternal mServiceInternal;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]214 private final PermissionManagerService mPermissionManager;
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]215
216 @GuardedBy("mLock")
217 private SparseIntArray mDefaultPermissionsGrantedUsers = new SparseIntArray();
218
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]219 DefaultPermissionGrantPolicy(Context context, Looper looper,
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]220 @NonNull PermissionManagerService permissionManager) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]221 mContext = context;
222 mHandler = new Handler(looper) {
223 @Override
224 public void handleMessage(Message msg) {
225 if (msg.what == MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS) {
226 synchronized (mLock) {
227 if (mGrantExceptions == null) {
228 mGrantExceptions = readDefaultPermissionExceptionsLocked();
229 }
230 }
231 }
232 }
233 };
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]234 mPermissionManager = permissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]235 mServiceInternal = LocalServices.getService(PackageManagerInternal.class);
236 }
237
238 public void setLocationPackagesProvider(PackagesProvider provider) {
239 synchronized (mLock) {
240 mLocationPackagesProvider = provider;
241 }
242 }
243
Wei Wangffb94e62019-01-14 00:05:45 -0800[diff] [blame]244 /** Sets the provider for loction extra packages. */
245 public void setLocationExtraPackagesProvider(PackagesProvider provider) {
246 synchronized (mLock) {
247 mLocationExtraPackagesProvider = provider;
248 }
249 }
250
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]251 public void setVoiceInteractionPackagesProvider(PackagesProvider provider) {
252 synchronized (mLock) {
253 mVoiceInteractionPackagesProvider = provider;
254 }
255 }
256
257 public void setSmsAppPackagesProvider(PackagesProvider provider) {
258 synchronized (mLock) {
259 mSmsAppPackagesProvider = provider;
260 }
261 }
262
263 public void setDialerAppPackagesProvider(PackagesProvider provider) {
264 synchronized (mLock) {
265 mDialerAppPackagesProvider = provider;
266 }
267 }
268
269 public void setSimCallManagerPackagesProvider(PackagesProvider provider) {
270 synchronized (mLock) {
271 mSimCallManagerPackagesProvider = provider;
272 }
273 }
274
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]275 public void setUseOpenWifiAppPackagesProvider(PackagesProvider provider) {
276 synchronized (mLock) {
277 mUseOpenWifiAppPackagesProvider = provider;
278 }
279 }
280
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]281 public void setSyncAdapterPackagesProvider(SyncAdapterPackagesProvider provider) {
282 synchronized (mLock) {
283 mSyncAdapterPackagesProvider = provider;
284 }
285 }
286
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]287 public boolean wereDefaultPermissionsGrantedSinceBoot(int userId) {
288 synchronized (mLock) {
289 return mDefaultPermissionsGrantedUsers.indexOfKey(userId) >= 0;
290 }
291 }
292
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]293 public void grantDefaultPermissions(int userId) {
Ralph Nathanbd111582018-03-21 14:53:23 -0700[diff] [blame]294 grantPermissionsToSysComponentsAndPrivApps(userId);
295 grantDefaultSystemHandlerPermissions(userId);
296 grantDefaultPermissionExceptions(userId);
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]297 synchronized (mLock) {
298 mDefaultPermissionsGrantedUsers.put(userId, userId);
299 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]300 }
301
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]302 private void grantRuntimePermissionsForSystemPackage(int userId, PackageInfo pkg) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]303 Set<String> permissions = new ArraySet<>();
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]304 for (String permission : pkg.requestedPermissions) {
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]305 final BasePermission bp = mPermissionManager.getPermission(permission);
306 if (bp == null) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]307 continue;
308 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]309 if (bp.isRuntime()) {
310 permissions.add(permission);
311 }
312 }
313 if (!permissions.isEmpty()) {
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]314 grantRuntimePermissions(pkg, permissions, true /*systemFixed*/, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]315 }
316 }
317
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]318 public void scheduleReadDefaultPermissionExceptions() {
319 mHandler.sendEmptyMessage(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
320 }
321
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]322 private void grantPermissionsToSysComponentsAndPrivApps(int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]323 Log.i(TAG, "Granting permissions to platform components for user " + userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]324 List<PackageInfo> packages = mContext.getPackageManager().getInstalledPackagesAsUser(
325 DEFAULT_PACKAGE_INFO_QUERY_FLAGS, UserHandle.USER_SYSTEM);
326 for (PackageInfo pkg : packages) {
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]327 if (pkg == null) {
328 continue;
329 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]330 if (!isSysComponentOrPersistentPlatformSignedPrivApp(pkg)
331 || !doesPackageSupportRuntimePermissions(pkg)
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]332 || ArrayUtils.isEmpty(pkg.requestedPermissions)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]333 continue;
334 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]335 grantRuntimePermissionsForSystemPackage(userId, pkg);
336 }
337 }
338
339 @SafeVarargs
340 private final void grantIgnoringSystemPackage(String packageName, int userId,
341 Set<String>... permissionGroups) {
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]342 grantPermissionsToPackage(packageName, userId, true /* ignoreSystemPackage */,
343 true /*whitelistRestrictedPermissions*/, permissionGroups);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]344 }
345
346 @SafeVarargs
347 private final void grantSystemFixedPermissionsToSystemPackage(String packageName, int userId,
348 Set<String>... permissionGroups) {
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]349 grantPermissionsToSystemPackage(
350 packageName, userId, true /* systemFixed */, permissionGroups);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]351 }
352
353 @SafeVarargs
354 private final void grantPermissionsToSystemPackage(
355 String packageName, int userId, Set<String>... permissionGroups) {
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]356 grantPermissionsToSystemPackage(
357 packageName, userId, false /* systemFixed */, permissionGroups);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]358 }
359
360 @SafeVarargs
361 private final void grantPermissionsToSystemPackage(String packageName, int userId,
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]362 boolean systemFixed, Set<String>... permissionGroups) {
363 if (!isSystemPackage(packageName)) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]364 return;
365 }
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]366 grantPermissionsToPackage(getSystemPackageInfo(packageName),
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]367 userId, systemFixed, false /* ignoreSystemPackage */,
368 true /*whitelistRestrictedPermissions*/, permissionGroups);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]369 }
370
371 @SafeVarargs
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]372 private final void grantPermissionsToPackage(String packageName, int userId,
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]373 boolean ignoreSystemPackage, boolean whitelistRestrictedPermissions,
374 Set<String>... permissionGroups) {
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]375 grantPermissionsToPackage(getPackageInfo(packageName),
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]376 userId, false /* systemFixed */, ignoreSystemPackage,
377 whitelistRestrictedPermissions, permissionGroups);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]378 }
379
380 @SafeVarargs
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]381 private final void grantPermissionsToPackage(PackageInfo packageInfo, int userId,
382 boolean systemFixed, boolean ignoreSystemPackage,
383 boolean whitelistRestrictedPermissions, Set<String>... permissionGroups) {
384 if (packageInfo == null) {
385 return;
386 }
387 if (doesPackageSupportRuntimePermissions(packageInfo)) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]388 for (Set<String> permissionGroup : permissionGroups) {
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]389 grantRuntimePermissions(packageInfo, permissionGroup, systemFixed,
390 ignoreSystemPackage, whitelistRestrictedPermissions, userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]391 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]392 }
393 }
394
395 private void grantDefaultSystemHandlerPermissions(int userId) {
396 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId);
397
398 final PackagesProvider locationPackagesProvider;
Wei Wangffb94e62019-01-14 00:05:45 -0800[diff] [blame]399 final PackagesProvider locationExtraPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]400 final PackagesProvider voiceInteractionPackagesProvider;
401 final PackagesProvider smsAppPackagesProvider;
402 final PackagesProvider dialerAppPackagesProvider;
403 final PackagesProvider simCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]404 final PackagesProvider useOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]405 final SyncAdapterPackagesProvider syncAdapterPackagesProvider;
406
407 synchronized (mLock) {
408 locationPackagesProvider = mLocationPackagesProvider;
Wei Wangffb94e62019-01-14 00:05:45 -0800[diff] [blame]409 locationExtraPackagesProvider = mLocationExtraPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]410 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider;
411 smsAppPackagesProvider = mSmsAppPackagesProvider;
412 dialerAppPackagesProvider = mDialerAppPackagesProvider;
413 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]414 useOpenWifiAppPackagesProvider = mUseOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]415 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider;
416 }
417
418 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null)
419 ? voiceInteractionPackagesProvider.getPackages(userId) : null;
420 String[] locationPackageNames = (locationPackagesProvider != null)
421 ? locationPackagesProvider.getPackages(userId) : null;
Wei Wangffb94e62019-01-14 00:05:45 -0800[diff] [blame]422 String[] locationExtraPackageNames = (locationExtraPackagesProvider != null)
423 ? locationExtraPackagesProvider.getPackages(userId) : null;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]424 String[] smsAppPackageNames = (smsAppPackagesProvider != null)
425 ? smsAppPackagesProvider.getPackages(userId) : null;
426 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null)
427 ? dialerAppPackagesProvider.getPackages(userId) : null;
428 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null)
429 ? simCallManagerPackagesProvider.getPackages(userId) : null;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]430 String[] useOpenWifiAppPackageNames = (useOpenWifiAppPackagesProvider != null)
431 ? useOpenWifiAppPackagesProvider.getPackages(userId) : null;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]432 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
433 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null;
434 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
435 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null;
436
437 // Installer
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]438 grantSystemFixedPermissionsToSystemPackage(
Chen Xuda02e072019-10-07 00:24:41 -0700[diff] [blame]439 ArrayUtils.firstOrNull(getKnownPackages(
440 PackageManagerInternal.PACKAGE_INSTALLER, userId)),
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]441 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]442
443 // Verifier
Chen Xuda02e072019-10-07 00:24:41 -0700[diff] [blame]444 final String verifier = ArrayUtils.firstOrNull(getKnownPackages(
445 PackageManagerInternal.PACKAGE_VERIFIER, userId));
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]446 grantSystemFixedPermissionsToSystemPackage(verifier, userId, STORAGE_PERMISSIONS);
447 grantPermissionsToSystemPackage(verifier, userId, PHONE_PERMISSIONS, SMS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]448
449 // SetupWizard
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]450 grantPermissionsToSystemPackage(
Chen Xuda02e072019-10-07 00:24:41 -0700[diff] [blame]451 ArrayUtils.firstOrNull(getKnownPackages(
452 PackageManagerInternal.PACKAGE_SETUP_WIZARD, userId)), userId,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]453 PHONE_PERMISSIONS, CONTACTS_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS,
454 CAMERA_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]455
456 // Camera
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]457 grantPermissionsToSystemPackage(
458 getDefaultSystemHandlerActivityPackage(MediaStore.ACTION_IMAGE_CAPTURE, userId),
459 userId, CAMERA_PERMISSIONS, MICROPHONE_PERMISSIONS, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]460
Justin Klaassend1410c02019-03-14 08:45:06 -0700[diff] [blame]461 // Sound recorder
462 grantPermissionsToSystemPackage(
463 getDefaultSystemHandlerActivityPackage(
464 MediaStore.Audio.Media.RECORD_SOUND_ACTION, userId),
465 userId, MICROPHONE_PERMISSIONS);
466
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]467 // Media provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]468 grantSystemFixedPermissionsToSystemPackage(
469 getDefaultProviderAuthorityPackage(MediaStore.AUTHORITY, userId), userId,
Philip P. Moltmann129a0b02019-03-27 12:24:45 -0700[diff] [blame]470 STORAGE_PERMISSIONS, PHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]471
472 // Downloads provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]473 grantSystemFixedPermissionsToSystemPackage(
474 getDefaultProviderAuthorityPackage("downloads", userId), userId,
475 STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]476
477 // Downloads UI
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]478 grantSystemFixedPermissionsToSystemPackage(
479 getDefaultSystemHandlerActivityPackage(
480 DownloadManager.ACTION_VIEW_DOWNLOADS, userId),
481 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]482
483 // Storage provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]484 grantSystemFixedPermissionsToSystemPackage(
485 getDefaultProviderAuthorityPackage("com.android.externalstorage.documents", userId),
486 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]487
488 // CertInstaller
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]489 grantSystemFixedPermissionsToSystemPackage(
490 getDefaultSystemHandlerActivityPackage(Credentials.INSTALL_ACTION, userId), userId,
491 STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]492
493 // Dialer
494 if (dialerAppPackageNames == null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]495 String dialerPackage =
496 getDefaultSystemHandlerActivityPackage(Intent.ACTION_DIAL, userId);
497 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]498 } else {
499 for (String dialerAppPackageName : dialerAppPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]500 grantDefaultPermissionsToDefaultSystemDialerApp(dialerAppPackageName, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]501 }
502 }
503
504 // Sim call manager
505 if (simCallManagerPackageNames != null) {
506 for (String simCallManagerPackageName : simCallManagerPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]507 grantDefaultPermissionsToDefaultSystemSimCallManager(
508 simCallManagerPackageName, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]509 }
510 }
511
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]512 // Use Open Wifi
513 if (useOpenWifiAppPackageNames != null) {
514 for (String useOpenWifiPackageName : useOpenWifiAppPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]515 grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(
516 useOpenWifiPackageName, userId);
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]517 }
518 }
519
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]520 // SMS
521 if (smsAppPackageNames == null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]522 String smsPackage = getDefaultSystemHandlerActivityPackageForCategory(
523 Intent.CATEGORY_APP_MESSAGING, userId);
524 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]525 } else {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]526 for (String smsPackage : smsAppPackageNames) {
527 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]528 }
529 }
530
531 // Cell Broadcast Receiver
Edward Savage-Jonesf3979b82018-10-15 09:38:53 +0200[diff] [blame]532 grantSystemFixedPermissionsToSystemPackage(
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]533 getDefaultSystemHandlerActivityPackage(Intents.SMS_CB_RECEIVED_ACTION, userId),
534 userId, SMS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]535
536 // Carrier Provisioning Service
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]537 grantPermissionsToSystemPackage(
538 getDefaultSystemHandlerServicePackage(Intents.SMS_CARRIER_PROVISION_ACTION, userId),
539 userId, SMS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]540
541 // Calendar
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]542 grantPermissionsToSystemPackage(
543 getDefaultSystemHandlerActivityPackageForCategory(
544 Intent.CATEGORY_APP_CALENDAR, userId),
545 userId, CALENDAR_PERMISSIONS, CONTACTS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]546
547 // Calendar provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]548 String calendarProvider =
549 getDefaultProviderAuthorityPackage(CalendarContract.AUTHORITY, userId);
550 grantPermissionsToSystemPackage(calendarProvider, userId,
551 CONTACTS_PERMISSIONS, STORAGE_PERMISSIONS);
552 grantSystemFixedPermissionsToSystemPackage(calendarProvider, userId, CALENDAR_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]553
554 // Calendar provider sync adapters
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]555 grantPermissionToEachSystemPackage(
556 getHeadlessSyncAdapterPackages(calendarSyncAdapterPackages, userId),
557 userId, CALENDAR_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]558
559 // Contacts
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]560 grantPermissionsToSystemPackage(
561 getDefaultSystemHandlerActivityPackageForCategory(
562 Intent.CATEGORY_APP_CONTACTS, userId),
563 userId, CONTACTS_PERMISSIONS, PHONE_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]564
565 // Contacts provider sync adapters
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]566 grantPermissionToEachSystemPackage(
567 getHeadlessSyncAdapterPackages(contactsSyncAdapterPackages, userId),
568 userId, CONTACTS_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]569
570 // Contacts provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]571 String contactsProviderPackage =
572 getDefaultProviderAuthorityPackage(ContactsContract.AUTHORITY, userId);
573 grantSystemFixedPermissionsToSystemPackage(contactsProviderPackage, userId,
574 CONTACTS_PERMISSIONS, PHONE_PERMISSIONS);
575 grantPermissionsToSystemPackage(contactsProviderPackage, userId, STORAGE_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]576
577 // Device provisioning
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]578 grantPermissionsToSystemPackage(
579 getDefaultSystemHandlerActivityPackage(
580 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE, userId),
581 userId, CONTACTS_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]582
583 // Maps
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]584 grantPermissionsToSystemPackage(
585 getDefaultSystemHandlerActivityPackageForCategory(Intent.CATEGORY_APP_MAPS, userId),
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]586 userId, ALWAYS_LOCATION_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]587
588 // Gallery
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]589 grantPermissionsToSystemPackage(
590 getDefaultSystemHandlerActivityPackageForCategory(
591 Intent.CATEGORY_APP_GALLERY, userId),
Philip P. Moltmann129a0b02019-03-27 12:24:45 -0700[diff] [blame]592 userId, STORAGE_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]593
594 // Email
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]595 grantPermissionsToSystemPackage(
596 getDefaultSystemHandlerActivityPackageForCategory(
597 Intent.CATEGORY_APP_EMAIL, userId),
598 userId, CONTACTS_PERMISSIONS, CALENDAR_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]599
600 // Browser
Chen Xuda02e072019-10-07 00:24:41 -0700[diff] [blame]601 String browserPackage = ArrayUtils.firstOrNull(getKnownPackages(
602 PackageManagerInternal.PACKAGE_BROWSER, userId));
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]603 if (browserPackage == null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]604 browserPackage = getDefaultSystemHandlerActivityPackageForCategory(
605 Intent.CATEGORY_APP_BROWSER, userId);
606 if (!isSystemPackage(browserPackage)) {
607 browserPackage = null;
608 }
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]609 }
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]610 grantPermissionsToPackage(browserPackage, userId, false /* ignoreSystemPackage */,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]611 true /*whitelistRestrictedPermissions*/, ALWAYS_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]612
613 // Voice interaction
614 if (voiceInteractPackageNames != null) {
615 for (String voiceInteractPackageName : voiceInteractPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]616 grantPermissionsToSystemPackage(voiceInteractPackageName, userId,
617 CONTACTS_PERMISSIONS, CALENDAR_PERMISSIONS, MICROPHONE_PERMISSIONS,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]618 PHONE_PERMISSIONS, SMS_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]619 }
620 }
621
622 if (ActivityManager.isLowRamDeviceStatic()) {
623 // Allow voice search on low-ram devices
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]624 grantPermissionsToSystemPackage(
625 getDefaultSystemHandlerActivityPackage(
626 SearchManager.INTENT_ACTION_GLOBAL_SEARCH, userId),
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]627 userId, MICROPHONE_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]628 }
629
630 // Voice recognition
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]631 Intent voiceRecoIntent = new Intent(RecognitionService.SERVICE_INTERFACE)
632 .addCategory(Intent.CATEGORY_DEFAULT);
633 grantPermissionsToSystemPackage(
634 getDefaultSystemHandlerServicePackage(voiceRecoIntent, userId), userId,
635 MICROPHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]636
637 // Location
638 if (locationPackageNames != null) {
639 for (String packageName : locationPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]640 grantPermissionsToSystemPackage(packageName, userId,
641 CONTACTS_PERMISSIONS, CALENDAR_PERMISSIONS, MICROPHONE_PERMISSIONS,
642 PHONE_PERMISSIONS, SMS_PERMISSIONS, CAMERA_PERMISSIONS,
Philip P. Moltmann129a0b02019-03-27 12:24:45 -0700[diff] [blame]643 SENSORS_PERMISSIONS, STORAGE_PERMISSIONS);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]644 grantSystemFixedPermissionsToSystemPackage(packageName, userId,
Soonil Nagarkar9f48f212019-03-07 11:15:12 -0800[diff] [blame]645 ALWAYS_LOCATION_PERMISSIONS, ACTIVITY_RECOGNITION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]646 }
647 }
Wei Wangffb94e62019-01-14 00:05:45 -0800[diff] [blame]648 if (locationExtraPackageNames != null) {
649 // Also grant location permission to location extra packages.
650 for (String packageName : locationExtraPackageNames) {
Soonil Nagarkar9f48f212019-03-07 11:15:12 -0800[diff] [blame]651 grantPermissionsToSystemPackage(packageName, userId, ALWAYS_LOCATION_PERMISSIONS);
Wei Wangffb94e62019-01-14 00:05:45 -0800[diff] [blame]652 }
653 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]654
655 // Music
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]656 Intent musicIntent = new Intent(Intent.ACTION_VIEW)
657 .addCategory(Intent.CATEGORY_DEFAULT)
658 .setDataAndType(Uri.fromFile(new File("foo.mp3")), AUDIO_MIME_TYPE);
659 grantPermissionsToSystemPackage(
660 getDefaultSystemHandlerActivityPackage(musicIntent, userId), userId,
Philip P. Moltmann129a0b02019-03-27 12:24:45 -0700[diff] [blame]661 STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]662
663 // Home
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]664 Intent homeIntent = new Intent(Intent.ACTION_MAIN)
665 .addCategory(Intent.CATEGORY_HOME)
666 .addCategory(Intent.CATEGORY_LAUNCHER_APP);
667 grantPermissionsToSystemPackage(
668 getDefaultSystemHandlerActivityPackage(homeIntent, userId), userId,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]669 ALWAYS_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]670
671 // Watches
672 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0)) {
673 // Home application on watches
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]674
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]675 String wearPackage = getDefaultSystemHandlerActivityPackageForCategory(
676 Intent.CATEGORY_HOME_MAIN, userId);
677 grantPermissionsToSystemPackage(wearPackage, userId,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]678 CONTACTS_PERMISSIONS, MICROPHONE_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]679 grantSystemFixedPermissionsToSystemPackage(wearPackage, userId, PHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]680
681 // Fitness tracking on watches
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]682 grantPermissionsToSystemPackage(
683 getDefaultSystemHandlerActivityPackage(ACTION_TRACK, userId), userId,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]684 SENSORS_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]685 }
686
687 // Print Spooler
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]688 grantSystemFixedPermissionsToSystemPackage(PrintManager.PRINT_SPOOLER_PACKAGE_NAME, userId,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]689 ALWAYS_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]690
691 // EmergencyInfo
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]692 grantSystemFixedPermissionsToSystemPackage(
693 getDefaultSystemHandlerActivityPackage(
694 TelephonyManager.ACTION_EMERGENCY_ASSISTANCE, userId),
695 userId, CONTACTS_PERMISSIONS, PHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]696
697 // NFC Tag viewer
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]698 Intent nfcTagIntent = new Intent(Intent.ACTION_VIEW)
699 .setType("vnd.android.cursor.item/ndef_msg");
700 grantPermissionsToSystemPackage(
701 getDefaultSystemHandlerActivityPackage(nfcTagIntent, userId), userId,
702 CONTACTS_PERMISSIONS, PHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]703
704 // Storage Manager
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]705 grantSystemFixedPermissionsToSystemPackage(
706 getDefaultSystemHandlerActivityPackage(
707 StorageManager.ACTION_MANAGE_STORAGE, userId),
708 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]709
710 // Companion devices
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]711 grantSystemFixedPermissionsToSystemPackage(
712 CompanionDeviceManager.COMPANION_DEVICE_DISCOVERY_PACKAGE_NAME, userId,
Calvin On5eda9dd2018-12-12 15:43:28 -0800[diff] [blame]713 ALWAYS_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]714
715 // Ringtone Picker
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]716 grantSystemFixedPermissionsToSystemPackage(
717 getDefaultSystemHandlerActivityPackage(
718 RingtoneManager.ACTION_RINGTONE_PICKER, userId),
Philip P. Moltmann129a0b02019-03-27 12:24:45 -0700[diff] [blame]719 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]720
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]721 // TextClassifier Service
Ye Wen8e8b2d52018-03-14 11:48:24 -0700[diff] [blame]722 String textClassifierPackageName =
723 mContext.getPackageManager().getSystemTextClassifierPackageName();
724 if (!TextUtils.isEmpty(textClassifierPackageName)) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]725 grantPermissionsToSystemPackage(textClassifierPackageName, userId,
726 PHONE_PERMISSIONS, SMS_PERMISSIONS, CALENDAR_PERMISSIONS,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]727 ALWAYS_LOCATION_PERMISSIONS, CONTACTS_PERMISSIONS);
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]728 }
729
Yi Jiang8915b352019-03-21 12:02:53 -0700[diff] [blame]730 // Atthention Service
731 String attentionServicePackageName =
732 mContext.getPackageManager().getAttentionServicePackageName();
733 if (!TextUtils.isEmpty(attentionServicePackageName)) {
734 grantPermissionsToSystemPackage(attentionServicePackageName, userId,
735 CAMERA_PERMISSIONS);
736 }
737
Anton Philippov4b3a1f52018-05-04 14:46:44 +0100[diff] [blame]738 // There is no real "marker" interface to identify the shared storage backup, it is
739 // hardcoded in BackupManagerService.SHARED_BACKUP_AGENT_PACKAGE.
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]740 grantSystemFixedPermissionsToSystemPackage("com.android.sharedstoragebackup", userId,
741 STORAGE_PERMISSIONS);
Anton Philippov4b3a1f52018-05-04 14:46:44 +0100[diff] [blame]742
Nadav Bar1a1f5a212019-03-17 16:15:14 +0200[diff] [blame]743 // System Captions Service
744 String systemCaptionsServicePackageName =
745 mContext.getPackageManager().getSystemCaptionsServicePackageName();
746 if (!TextUtils.isEmpty(systemCaptionsServicePackageName)) {
747 grantPermissionsToSystemPackage(systemCaptionsServicePackageName, userId,
Nadav Bar6d79ab72019-01-10 10:52:11 +0200[diff] [blame]748 MICROPHONE_PERMISSIONS);
749 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]750 }
751
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]752 private String getDefaultSystemHandlerActivityPackageForCategory(String category, int userId) {
753 return getDefaultSystemHandlerActivityPackage(
754 new Intent(Intent.ACTION_MAIN).addCategory(category), userId);
755 }
756
757 @SafeVarargs
758 private final void grantPermissionToEachSystemPackage(
759 ArrayList<String> packages, int userId, Set<String>... permissions) {
760 if (packages == null) return;
761 final int count = packages.size();
762 for (int i = 0; i < count; i++) {
763 grantPermissionsToSystemPackage(packages.get(i), userId, permissions);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]764 }
Eugene Susla47e88202018-07-02 18:48:55 -0700[diff] [blame]765 }
766
Chen Xuda02e072019-10-07 00:24:41 -0700[diff] [blame]767 private @NonNull String[] getKnownPackages(int knownPkgId, int userId) {
768 return mServiceInternal.getKnownPackageNames(knownPkgId, userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]769 }
770
771 private void grantDefaultPermissionsToDefaultSystemDialerApp(
772 String dialerPackage, int userId) {
773 if (dialerPackage == null) {
774 return;
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]775 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]776 boolean isPhonePermFixed =
777 mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0);
778 if (isPhonePermFixed) {
779 grantSystemFixedPermissionsToSystemPackage(dialerPackage, userId, PHONE_PERMISSIONS);
780 } else {
781 grantPermissionsToSystemPackage(dialerPackage, userId, PHONE_PERMISSIONS);
782 }
783 grantPermissionsToSystemPackage(dialerPackage, userId,
784 CONTACTS_PERMISSIONS, SMS_PERMISSIONS, MICROPHONE_PERMISSIONS, CAMERA_PERMISSIONS);
785 }
786
787 private void grantDefaultPermissionsToDefaultSystemSmsApp(String smsPackage, int userId) {
788 grantPermissionsToSystemPackage(smsPackage, userId,
789 PHONE_PERMISSIONS, CONTACTS_PERMISSIONS, SMS_PERMISSIONS,
790 STORAGE_PERMISSIONS, MICROPHONE_PERMISSIONS, CAMERA_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]791 }
792
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]793 private void grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]794 String useOpenWifiPackage, int userId) {
Varun Anandd5d359d2019-02-15 10:08:33 -0800[diff] [blame]795 grantPermissionsToSystemPackage(useOpenWifiPackage, userId, ALWAYS_LOCATION_PERMISSIONS);
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]796 }
797
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]798 public void grantDefaultPermissionsToDefaultUseOpenWifiApp(String packageName, int userId) {
799 Log.i(TAG, "Granting permissions to default Use Open WiFi app for user:" + userId);
Varun Anandd5d359d2019-02-15 10:08:33 -0800[diff] [blame]800 grantIgnoringSystemPackage(packageName, userId, ALWAYS_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]801 }
802
803 public void grantDefaultPermissionsToDefaultSimCallManager(String packageName, int userId) {
804 if (packageName == null) {
805 return;
806 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]807 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId);
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]808 grantPermissionsToPackage(packageName, userId, false /* ignoreSystemPackage */,
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]809 true /*whitelistRestrictedPermissions*/, PHONE_PERMISSIONS, MICROPHONE_PERMISSIONS);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]810 }
811
812 private void grantDefaultPermissionsToDefaultSystemSimCallManager(
813 String packageName, int userId) {
814 if (isSystemPackage(packageName)) {
815 grantDefaultPermissionsToDefaultSimCallManager(packageName, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]816 }
817 }
818
819 public void grantDefaultPermissionsToEnabledCarrierApps(String[] packageNames, int userId) {
820 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId);
821 if (packageNames == null) {
822 return;
823 }
824 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]825 grantPermissionsToSystemPackage(packageName, userId,
Ginelle Gan Gaisano80646b62019-02-21 14:27:32 -0800[diff] [blame]826 PHONE_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS, SMS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]827 }
828 }
829
830 public void grantDefaultPermissionsToEnabledImsServices(String[] packageNames, int userId) {
831 Log.i(TAG, "Granting permissions to enabled ImsServices for user:" + userId);
832 if (packageNames == null) {
833 return;
834 }
835 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]836 grantPermissionsToSystemPackage(packageName, userId,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]837 PHONE_PERMISSIONS, MICROPHONE_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS,
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]838 CAMERA_PERMISSIONS, CONTACTS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]839 }
840 }
841
Nathan Harold76ad1a32018-02-20 14:31:09 -0800[diff] [blame]842 public void grantDefaultPermissionsToEnabledTelephonyDataServices(
843 String[] packageNames, int userId) {
844 Log.i(TAG, "Granting permissions to enabled data services for user:" + userId);
845 if (packageNames == null) {
846 return;
847 }
848 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]849 // Grant these permissions as system-fixed, so that nobody can accidentally
850 // break cellular data.
851 grantSystemFixedPermissionsToSystemPackage(packageName, userId,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]852 PHONE_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS);
Nathan Harold76ad1a32018-02-20 14:31:09 -0800[diff] [blame]853 }
854 }
855
856 public void revokeDefaultPermissionsFromDisabledTelephonyDataServices(
857 String[] packageNames, int userId) {
858 Log.i(TAG, "Revoking permissions from disabled data services for user:" + userId);
859 if (packageNames == null) {
860 return;
861 }
862 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]863 PackageInfo pkg = getSystemPackageInfo(packageName);
864 if (isSystemPackage(pkg) && doesPackageSupportRuntimePermissions(pkg)) {
865 revokeRuntimePermissions(packageName, PHONE_PERMISSIONS, true, userId);
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]866 revokeRuntimePermissions(packageName, ALWAYS_LOCATION_PERMISSIONS, true, userId);
Nathan Harold76ad1a32018-02-20 14:31:09 -0800[diff] [blame]867 }
868 }
869 }
870
Holly Jiuyu Sun349e2142018-03-26 15:29:42 -0700[diff] [blame]871 public void grantDefaultPermissionsToActiveLuiApp(String packageName, int userId) {
872 Log.i(TAG, "Granting permissions to active LUI app for user:" + userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]873 grantSystemFixedPermissionsToSystemPackage(packageName, userId, CAMERA_PERMISSIONS);
Holly Jiuyu Sun349e2142018-03-26 15:29:42 -0700[diff] [blame]874 }
875
876 public void revokeDefaultPermissionsFromLuiApps(String[] packageNames, int userId) {
877 Log.i(TAG, "Revoke permissions from LUI apps for user:" + userId);
878 if (packageNames == null) {
879 return;
880 }
881 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]882 PackageInfo pkg = getSystemPackageInfo(packageName);
883 if (isSystemPackage(pkg) && doesPackageSupportRuntimePermissions(pkg)) {
884 revokeRuntimePermissions(packageName, CAMERA_PERMISSIONS, true, userId);
Holly Jiuyu Sun349e2142018-03-26 15:29:42 -0700[diff] [blame]885 }
886 }
887 }
888
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]889 public void grantDefaultPermissionsToDefaultBrowser(String packageName, int userId) {
890 Log.i(TAG, "Granting permissions to default browser for user:" + userId);
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]891 grantPermissionsToSystemPackage(packageName, userId, ALWAYS_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]892 }
893
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]894 private String getDefaultSystemHandlerActivityPackage(String intentAction, int userId) {
895 return getDefaultSystemHandlerActivityPackage(new Intent(intentAction), userId);
896 }
897
898 private String getDefaultSystemHandlerActivityPackage(Intent intent, int userId) {
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]899 ResolveInfo handler = mContext.getPackageManager().resolveActivityAsUser(
900 intent, DEFAULT_INTENT_QUERY_FLAGS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]901 if (handler == null || handler.activityInfo == null) {
902 return null;
903 }
904 if (mServiceInternal.isResolveActivityComponent(handler.activityInfo)) {
905 return null;
906 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]907 String packageName = handler.activityInfo.packageName;
908 return isSystemPackage(packageName) ? packageName : null;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]909 }
910
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]911 private String getDefaultSystemHandlerServicePackage(String intentAction, int userId) {
912 return getDefaultSystemHandlerServicePackage(new Intent(intentAction), userId);
913 }
914
915 private String getDefaultSystemHandlerServicePackage(
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]916 Intent intent, int userId) {
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]917 List<ResolveInfo> handlers = mContext.getPackageManager().queryIntentServicesAsUser(
918 intent, DEFAULT_INTENT_QUERY_FLAGS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]919 if (handlers == null) {
920 return null;
921 }
922 final int handlerCount = handlers.size();
923 for (int i = 0; i < handlerCount; i++) {
924 ResolveInfo handler = handlers.get(i);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]925 String handlerPackage = handler.serviceInfo.packageName;
926 if (isSystemPackage(handlerPackage)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]927 return handlerPackage;
928 }
929 }
930 return null;
931 }
932
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]933 private ArrayList<String> getHeadlessSyncAdapterPackages(
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]934 String[] syncAdapterPackageNames, int userId) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]935 ArrayList<String> syncAdapterPackages = new ArrayList<>();
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]936
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]937 Intent homeIntent = new Intent(Intent.ACTION_MAIN).addCategory(Intent.CATEGORY_LAUNCHER);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]938
939 for (String syncAdapterPackageName : syncAdapterPackageNames) {
940 homeIntent.setPackage(syncAdapterPackageName);
941
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]942 ResolveInfo homeActivity = mContext.getPackageManager().resolveActivityAsUser(
943 homeIntent, DEFAULT_INTENT_QUERY_FLAGS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]944 if (homeActivity != null) {
945 continue;
946 }
947
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]948 if (isSystemPackage(syncAdapterPackageName)) {
949 syncAdapterPackages.add(syncAdapterPackageName);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]950 }
951 }
952
953 return syncAdapterPackages;
954 }
955
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]956 private String getDefaultProviderAuthorityPackage(String authority, int userId) {
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]957 ProviderInfo provider = mContext.getPackageManager().resolveContentProviderAsUser(
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]958 authority, DEFAULT_INTENT_QUERY_FLAGS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]959 if (provider != null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]960 return provider.packageName;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]961 }
962 return null;
963 }
964
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]965 private boolean isSystemPackage(String packageName) {
Philip P. Moltmannc701e7e2018-09-18 16:22:54 -0700[diff] [blame]966 return isSystemPackage(getPackageInfo(packageName));
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]967 }
968
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]969 private boolean isSystemPackage(PackageInfo pkg) {
970 if (pkg == null) {
971 return false;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]972 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]973 return pkg.applicationInfo.isSystemApp()
974 && !isSysComponentOrPersistentPlatformSignedPrivApp(pkg);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]975 }
976
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]977 private void grantRuntimePermissions(PackageInfo pkg, Set<String> permissions,
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]978 boolean systemFixed, int userId) {
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]979 grantRuntimePermissions(pkg, permissions, systemFixed, false,
980 true /*whitelistRestrictedPermissions*/, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]981 }
982
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]983 private void revokeRuntimePermissions(String packageName, Set<String> permissions,
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]984 boolean systemFixed, int userId) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]985 PackageInfo pkg = getSystemPackageInfo(packageName);
986 if (ArrayUtils.isEmpty(pkg.requestedPermissions)) {
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]987 return;
988 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]989 Set<String> revokablePermissions = new ArraySet<>(Arrays.asList(pkg.requestedPermissions));
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]990
991 for (String permission : permissions) {
992 // We can't revoke what wasn't requested.
993 if (!revokablePermissions.contains(permission)) {
994 continue;
995 }
996
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]997 UserHandle user = UserHandle.of(userId);
998 final int flags = mContext.getPackageManager()
999 .getPermissionFlags(permission, packageName, user);
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1000
1001 // We didn't get this through the default grant policy. Move along.
1002 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) == 0) {
1003 continue;
1004 }
1005 // We aren't going to clobber device policy with a DefaultGrant.
1006 if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) {
1007 continue;
1008 }
1009 // Do not revoke system fixed permissions unless caller set them that way;
1010 // there is no refcount for the number of sources of this, so there
1011 // should be at most one grantor doing SYSTEM_FIXED for any given package.
1012 if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 && !systemFixed) {
1013 continue;
1014 }
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]1015 mContext.getPackageManager().revokeRuntimePermission(packageName, permission, user);
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1016
1017 if (DEBUG) {
1018 Log.i(TAG, "revoked " + (systemFixed ? "fixed " : "not fixed ")
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1019 + permission + " to " + packageName);
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1020 }
1021
1022 // Remove the GRANTED_BY_DEFAULT flag without touching the others.
1023 // Note that we do not revoke FLAG_PERMISSION_SYSTEM_FIXED. That bit remains
1024 // sticky once set.
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]1025 mContext.getPackageManager().updatePermissionFlags(permission, packageName,
1026 PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT, 0, user);
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1027 }
1028 }
1029
Philip P. Moltmann17f65af2018-10-18 15:32:29 -0700[diff] [blame]1030 /**
1031 * Check if a permission is already fixed or is set by the user.
1032 *
1033 * <p>A permission should not be set by the default policy if the user or other policies already
1034 * set the permission.
1035 *
1036 * @param flags The flags of the permission
1037 *
1038 * @return {@code true} iff the permission can be set without violating a policy of the users
1039 * intention
1040 */
1041 private boolean isFixedOrUserSet(int flags) {
1042 return (flags & (PackageManager.FLAG_PERMISSION_USER_SET
1043 | PackageManager.FLAG_PERMISSION_USER_FIXED
1044 | PackageManager.FLAG_PERMISSION_POLICY_FIXED
1045 | PackageManager.FLAG_PERMISSION_SYSTEM_FIXED)) != 0;
1046 }
1047
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1048 /**
1049 * Return the background permission for a permission.
1050 *
1051 * @param permission The name of the foreground permission
1052 *
1053 * @return The name of the background permission or {@code null} if the permission has no
1054 * background permission
1055 */
1056 private @Nullable String getBackgroundPermission(@NonNull String permission) {
1057 try {
1058 return mContext.getPackageManager().getPermissionInfo(permission,
1059 0).backgroundPermission;
1060 } catch (NameNotFoundException e) {
1061 return null;
1062 }
1063 }
1064
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]1065 private void grantRuntimePermissions(PackageInfo pkg, Set<String> permissionsWithoutSplits,
1066 boolean systemFixed, boolean ignoreSystemPackage,
1067 boolean whitelistRestrictedPermissions, int userId) {
Svet Ganov83a3a4a2019-05-03 18:50:43 -0700[diff] [blame]1068 UserHandle user = UserHandle.of(userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1069 if (pkg == null) {
1070 return;
1071 }
1072
1073 String[] requestedPermissions = pkg.requestedPermissions;
1074 if (ArrayUtils.isEmpty(requestedPermissions)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1075 return;
1076 }
1077
Eugene Susla31c9cd12018-12-03 15:41:31 -0800[diff] [blame]1078 // Intersect the requestedPermissions for a factory image with that of its current update
1079 // in case the latter one removed a <uses-permission>
1080 String[] requestedByNonSystemPackage = getPackageInfo(pkg.packageName).requestedPermissions;
1081 int size = requestedPermissions.length;
1082 for (int i = 0; i < size; i++) {
1083 if (!ArrayUtils.contains(requestedByNonSystemPackage, requestedPermissions[i])) {
1084 requestedPermissions[i] = null;
1085 }
1086 }
1087 requestedPermissions = ArrayUtils.filterNotNull(requestedPermissions, String[]::new);
1088
Philip P. Moltmanneb82d652019-03-26 16:17:26 -0700[diff] [blame]1089 PackageManager pm;
1090 try {
1091 pm = mContext.createPackageContextAsUser(mContext.getPackageName(), 0,
1092 user).getPackageManager();
1093 } catch (NameNotFoundException doesNotHappen) {
1094 throw new IllegalStateException(doesNotHappen);
1095 }
1096
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1097 final ArraySet<String> permissions = new ArraySet<>(permissionsWithoutSplits);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1098 ApplicationInfo applicationInfo = pkg.applicationInfo;
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1099
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1100 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT;
1101 if (systemFixed) {
1102 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
1103 }
1104
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1105 // Automatically attempt to grant split permissions to older APKs
Philip P. Moltmann039678e2018-09-18 13:04:38 -0700[diff] [blame]1106 final List<PermissionManager.SplitPermissionInfo> splitPermissions =
1107 mContext.getSystemService(PermissionManager.class).getSplitPermissions();
1108 final int numSplitPerms = splitPermissions.size();
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1109 for (int splitPermNum = 0; splitPermNum < numSplitPerms; splitPermNum++) {
Philip P. Moltmann039678e2018-09-18 13:04:38 -0700[diff] [blame]1110 final PermissionManager.SplitPermissionInfo splitPerm =
1111 splitPermissions.get(splitPermNum);
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1112
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1113 if (applicationInfo != null
Philip P. Moltmann039678e2018-09-18 13:04:38 -0700[diff] [blame]1114 && applicationInfo.targetSdkVersion < splitPerm.getTargetSdk()
Philip P. Moltmanna3ba4d92018-10-08 11:50:07 -0700[diff] [blame]1115 && permissionsWithoutSplits.contains(splitPerm.getSplitPermission())) {
1116 permissions.addAll(splitPerm.getNewPermissions());
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1117 }
1118 }
1119
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1120 Set<String> grantablePermissions = null;
1121
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1122 // In some cases, like for the Phone or SMS app, we grant permissions regardless
1123 // of if the version on the system image declares the permission as used since
1124 // selecting the app as the default for that function the user makes a deliberate
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1125 // choice to grant this app the permissions needed to function. For all other
1126 // apps, (default grants on first boot and user creation) we don't grant default
1127 // permissions if the version on the system image does not declare them.
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1128 if (!ignoreSystemPackage
1129 && applicationInfo != null
1130 && applicationInfo.isUpdatedSystemApp()) {
1131 final PackageInfo disabledPkg = getSystemPackageInfo(
1132 mServiceInternal.getDisabledSystemPackageName(pkg.packageName));
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1133 if (disabledPkg != null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1134 if (ArrayUtils.isEmpty(disabledPkg.requestedPermissions)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1135 return;
1136 }
Svet Ganov83a3a4a2019-05-03 18:50:43 -0700[diff] [blame]1137 if (!Arrays.equals(requestedPermissions, disabledPkg.requestedPermissions)) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1138 grantablePermissions = new ArraySet<>(Arrays.asList(requestedPermissions));
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1139 requestedPermissions = disabledPkg.requestedPermissions;
1140 }
1141 }
1142 }
1143
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1144 final int numRequestedPermissions = requestedPermissions.length;
1145
1146 // Sort requested permissions so that all permissions that are a foreground permission (i.e.
Svet Ganov83a3a4a2019-05-03 18:50:43 -0700[diff] [blame]1147 // permissions that have a background permission) are before their background permissions.
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1148 final String[] sortedRequestedPermissions = new String[numRequestedPermissions];
1149 int numForeground = 0;
1150 int numOther = 0;
1151 for (int i = 0; i < numRequestedPermissions; i++) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1152 String permission = requestedPermissions[i];
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1153 if (getBackgroundPermission(permission) != null) {
1154 sortedRequestedPermissions[numForeground] = permission;
1155 numForeground++;
1156 } else {
1157 sortedRequestedPermissions[numRequestedPermissions - 1 - numOther] =
1158 permission;
1159 numOther++;
1160 }
1161 }
1162
1163 for (int requestedPermissionNum = 0; requestedPermissionNum < numRequestedPermissions;
1164 requestedPermissionNum++) {
1165 String permission = requestedPermissions[requestedPermissionNum];
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1166
1167 // If there is a disabled system app it may request a permission the updated
1168 // version ot the data partition doesn't, In this case skip the permission.
1169 if (grantablePermissions != null && !grantablePermissions.contains(permission)) {
1170 continue;
1171 }
1172
1173 if (permissions.contains(permission)) {
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]1174 final int flags = mContext.getPackageManager().getPermissionFlags(
1175 permission, pkg.packageName, user);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1176
Svet Ganov359a9d92019-07-26 17:45:56 -0700[diff] [blame]1177 // If we are trying to grant as system fixed and already system fixed
1178 // then the system can change the system fixed grant state.
1179 final boolean changingGrantForSystemFixed = systemFixed
1180 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0;
1181
Philip P. Moltmann17f65af2018-10-18 15:32:29 -0700[diff] [blame]1182 // Certain flags imply that the permission's current state by the system or
1183 // device/profile owner or the user. In these cases we do not want to clobber the
1184 // current state.
1185 //
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1186 // Unless the caller wants to override user choices. The override is
1187 // to make sure we can grant the needed permission to the default
1188 // sms and phone apps after the user chooses this in the UI.
Svet Ganov359a9d92019-07-26 17:45:56 -0700[diff] [blame]1189 if (!isFixedOrUserSet(flags) || ignoreSystemPackage
1190 || changingGrantForSystemFixed) {
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1191 // Never clobber policy fixed permissions.
1192 // We must allow the grant of a system-fixed permission because
1193 // system-fixed is sticky, but the permission itself may be revoked.
1194 if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1195 continue;
1196 }
1197
Svet Ganov83a3a4a2019-05-03 18:50:43 -0700[diff] [blame]1198 // Preserve whitelisting flags.
1199 newFlags |= (flags & PackageManager.FLAGS_PERMISSION_RESTRICTION_ANY_EXEMPT);
1200
1201 // If we are whitelisting the permission, update the exempt flag before grant.
1202 if (whitelistRestrictedPermissions && isPermissionRestricted(permission)) {
1203 mContext.getPackageManager().updatePermissionFlags(permission,
1204 pkg.packageName,
1205 PackageManager.FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT,
1206 PackageManager.FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT, user);
1207 }
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1208
Svet Ganov359a9d92019-07-26 17:45:56 -0700[diff] [blame]1209 // If the system tries to change a system fixed permission from one fixed
1210 // state to another we need to drop the fixed flag to allow the grant.
1211 if (changingGrantForSystemFixed) {
1212 mContext.getPackageManager().updatePermissionFlags(permission,
1213 pkg.packageName, flags,
1214 flags & ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, user);
1215 }
1216
Philip P. Moltmanneb82d652019-03-26 16:17:26 -0700[diff] [blame]1217 if (pm.checkPermission(permission, pkg.packageName)
1218 != PackageManager.PERMISSION_GRANTED) {
1219 mContext.getPackageManager()
1220 .grantRuntimePermission(pkg.packageName, permission, user);
1221 }
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1222
1223 mContext.getPackageManager().updatePermissionFlags(permission, pkg.packageName,
1224 newFlags, newFlags, user);
1225
Svet Ganov83a3a4a2019-05-03 18:50:43 -0700[diff] [blame]1226 int uid = UserHandle.getUid(userId,
1227 UserHandle.getAppId(pkg.applicationInfo.uid));
1228
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1229 List<String> fgPerms = mPermissionManager.getBackgroundPermissions()
1230 .get(permission);
1231 if (fgPerms != null) {
1232 int numFgPerms = fgPerms.size();
1233 for (int fgPermNum = 0; fgPermNum < numFgPerms; fgPermNum++) {
1234 String fgPerm = fgPerms.get(fgPermNum);
1235
1236 if (pm.checkPermission(fgPerm, pkg.packageName)
1237 == PackageManager.PERMISSION_GRANTED) {
1238 // Upgrade the app-op state of the fg permission to allow bg access
Svet Ganov83a3a4a2019-05-03 18:50:43 -0700[diff] [blame]1239 // TODO: Dont' call app ops from package manager code.
Philip P. Moltmann159d98b2018-12-20 08:30:53 -0800[diff] [blame]1240 mContext.getSystemService(AppOpsManager.class).setUidMode(
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1241 AppOpsManager.permissionToOp(fgPerm), uid,
Philip P. Moltmann159d98b2018-12-20 08:30:53 -0800[diff] [blame]1242 AppOpsManager.MODE_ALLOWED);
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1243
1244 break;
1245 }
1246 }
1247 }
1248
1249 String bgPerm = getBackgroundPermission(permission);
Svet Ganov83a3a4a2019-05-03 18:50:43 -0700[diff] [blame]1250 String op = AppOpsManager.permissionToOp(permission);
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1251 if (bgPerm == null) {
1252 if (op != null) {
Svet Ganov83a3a4a2019-05-03 18:50:43 -0700[diff] [blame]1253 // TODO: Dont' call app ops from package manager code.
Philip P. Moltmann159d98b2018-12-20 08:30:53 -0800[diff] [blame]1254 mContext.getSystemService(AppOpsManager.class).setUidMode(op, uid,
1255 AppOpsManager.MODE_ALLOWED);
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1256 }
1257 } else {
1258 int mode;
1259 if (pm.checkPermission(bgPerm, pkg.packageName)
1260 == PackageManager.PERMISSION_GRANTED) {
1261 mode = AppOpsManager.MODE_ALLOWED;
1262 } else {
1263 mode = AppOpsManager.MODE_FOREGROUND;
1264 }
1265
Philip P. Moltmann159d98b2018-12-20 08:30:53 -0800[diff] [blame]1266 mContext.getSystemService(AppOpsManager.class).setUidMode(op, uid, mode);
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1267 }
1268
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1269 if (DEBUG) {
1270 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ")
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1271 + permission + " to default handler " + pkg);
Eugene Suslae4ee2c22018-11-05 12:23:30 -0800[diff] [blame]1272
1273 int appOp = AppOpsManager.permissionToOpCode(permission);
1274 if (appOp != AppOpsManager.OP_NONE
1275 && AppOpsManager.opToDefaultMode(appOp)
1276 != AppOpsManager.MODE_ALLOWED) {
1277 // Permission has a corresponding appop which is not allowed by default
1278 // We must allow it as well, as it's usually checked alongside the
1279 // permission
1280 if (DEBUG) {
1281 Log.i(TAG, "Granting OP_" + AppOpsManager.opToName(appOp)
1282 + " to " + pkg.packageName);
1283 }
1284 mContext.getSystemService(AppOpsManager.class).setUidMode(
1285 appOp, pkg.applicationInfo.uid, AppOpsManager.MODE_ALLOWED);
1286 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1287 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1288 }
1289
1290 // If a component gets a permission for being the default handler A
1291 // and also default handler B, we grant the weaker grant form.
1292 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
1293 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0
1294 && !systemFixed) {
1295 if (DEBUG) {
1296 Log.i(TAG, "Granted not fixed " + permission + " to default handler "
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1297 + pkg);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1298 }
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]1299 mContext.getPackageManager().updatePermissionFlags(permission, pkg.packageName,
1300 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, user);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1301 }
1302 }
1303 }
1304 }
1305
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1306 private PackageInfo getSystemPackageInfo(String pkg) {
Eugene Suslaa8d1a452019-04-10 18:00:35 -0700[diff] [blame]1307 return getPackageInfo(pkg, PackageManager.MATCH_SYSTEM_ONLY);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1308 }
1309
1310 private PackageInfo getPackageInfo(String pkg) {
1311 return getPackageInfo(pkg, 0 /* extraFlags */);
1312 }
1313
1314 private PackageInfo getPackageInfo(String pkg,
1315 @PackageManager.PackageInfoFlags int extraFlags) {
Eugene Suslacc6b8a32019-04-09 14:08:09 -0700[diff] [blame]1316 if (pkg == null) {
1317 return null;
1318 }
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]1319 try {
1320 return mContext.getPackageManager().getPackageInfo(pkg,
1321 DEFAULT_PACKAGE_INFO_QUERY_FLAGS | extraFlags);
1322 } catch (NameNotFoundException e) {
Eugene Susla12523ab2019-01-22 17:46:54 -0800[diff] [blame]1323 Slog.e(TAG, "PackageNot found: " + pkg, e);
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]1324 return null;
1325 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1326 }
1327
1328 private boolean isSysComponentOrPersistentPlatformSignedPrivApp(PackageInfo pkg) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1329 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) {
1330 return true;
1331 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1332 if (!pkg.applicationInfo.isPrivilegedApp()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1333 return false;
1334 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1335 final PackageInfo disabledPkg = getSystemPackageInfo(
1336 mServiceInternal.getDisabledSystemPackageName(pkg.applicationInfo.packageName));
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1337 if (disabledPkg != null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1338 ApplicationInfo disabledPackageAppInfo = disabledPkg.applicationInfo;
1339 if (disabledPackageAppInfo != null
1340 && (disabledPackageAppInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1341 return false;
1342 }
1343 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
1344 return false;
1345 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1346 return mServiceInternal.isPlatformSigned(pkg.packageName);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1347 }
1348
1349 private void grantDefaultPermissionExceptions(int userId) {
1350 mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
1351
1352 synchronized (mLock) {
1353 // mGrantExceptions is null only before the first read and then
1354 // it serves as a cache of the default grants that should be
1355 // performed for every user. If there is an entry then the app
1356 // is on the system image and supports runtime permissions.
1357 if (mGrantExceptions == null) {
1358 mGrantExceptions = readDefaultPermissionExceptionsLocked();
1359 }
1360 }
1361
1362 Set<String> permissions = null;
1363 final int exceptionCount = mGrantExceptions.size();
1364 for (int i = 0; i < exceptionCount; i++) {
1365 String packageName = mGrantExceptions.keyAt(i);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1366 PackageInfo pkg = getSystemPackageInfo(packageName);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1367 List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i);
1368 final int permissionGrantCount = permissionGrants.size();
1369 for (int j = 0; j < permissionGrantCount; j++) {
1370 DefaultPermissionGrant permissionGrant = permissionGrants.get(j);
Jeff Sharkey7a807602018-10-18 13:21:55 -0600[diff] [blame]1371 if (!isPermissionDangerous(permissionGrant.name)) {
1372 Log.w(TAG, "Ignoring permission " + permissionGrant.name
1373 + " which isn't dangerous");
1374 continue;
1375 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1376 if (permissions == null) {
1377 permissions = new ArraySet<>();
1378 } else {
1379 permissions.clear();
1380 }
Jeff Sharkey9d4654c2018-10-25 09:52:57 -0600[diff] [blame]1381 permissions.add(permissionGrant.name);
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]1382
1383
1384 grantRuntimePermissions(pkg, permissions, permissionGrant.fixed,
1385 permissionGrant.whitelisted, true /*whitelistRestrictedPermissions*/,
1386 userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1387 }
1388 }
1389 }
1390
1391 private File[] getDefaultPermissionFiles() {
1392 ArrayList<File> ret = new ArrayList<File>();
1393 File dir = new File(Environment.getRootDirectory(), "etc/default-permissions");
1394 if (dir.isDirectory() && dir.canRead()) {
1395 Collections.addAll(ret, dir.listFiles());
1396 }
1397 dir = new File(Environment.getVendorDirectory(), "etc/default-permissions");
1398 if (dir.isDirectory() && dir.canRead()) {
1399 Collections.addAll(ret, dir.listFiles());
1400 }
Jiyong Park0989e382018-03-13 10:26:47 +0900[diff] [blame]1401 dir = new File(Environment.getOdmDirectory(), "etc/default-permissions");
1402 if (dir.isDirectory() && dir.canRead()) {
1403 Collections.addAll(ret, dir.listFiles());
1404 }
Jaekyun Seok1713d9e2018-01-12 21:47:26 +0900[diff] [blame]1405 dir = new File(Environment.getProductDirectory(), "etc/default-permissions");
1406 if (dir.isDirectory() && dir.canRead()) {
1407 Collections.addAll(ret, dir.listFiles());
1408 }
Jeongik Chaf6629832019-07-04 21:12:06 +0900[diff] [blame]1409 dir = new File(Environment.getSystemExtDirectory(), "etc/default-permissions");
Dario Freni1ae46d72018-08-17 15:56:43 +0100[diff] [blame]1410 if (dir.isDirectory() && dir.canRead()) {
1411 Collections.addAll(ret, dir.listFiles());
1412 }
Ralph Nathanbd111582018-03-21 14:53:23 -0700[diff] [blame]1413 // For IoT devices, we check the oem partition for default permissions for each app.
1414 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) {
1415 dir = new File(Environment.getOemDirectory(), "etc/default-permissions");
1416 if (dir.isDirectory() && dir.canRead()) {
1417 Collections.addAll(ret, dir.listFiles());
1418 }
1419 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1420 return ret.isEmpty() ? null : ret.toArray(new File[0]);
1421 }
1422
1423 private @NonNull ArrayMap<String, List<DefaultPermissionGrant>>
1424 readDefaultPermissionExceptionsLocked() {
1425 File[] files = getDefaultPermissionFiles();
1426 if (files == null) {
1427 return new ArrayMap<>(0);
1428 }
1429
1430 ArrayMap<String, List<DefaultPermissionGrant>> grantExceptions = new ArrayMap<>();
1431
1432 // Iterate over the files in the directory and scan .xml files
1433 for (File file : files) {
1434 if (!file.getPath().endsWith(".xml")) {
1435 Slog.i(TAG, "Non-xml file " + file
1436 + " in " + file.getParent() + " directory, ignoring");
1437 continue;
1438 }
1439 if (!file.canRead()) {
1440 Slog.w(TAG, "Default permissions file " + file + " cannot be read");
1441 continue;
1442 }
1443 try (
1444 InputStream str = new BufferedInputStream(new FileInputStream(file))
1445 ) {
1446 XmlPullParser parser = Xml.newPullParser();
1447 parser.setInput(str, null);
1448 parse(parser, grantExceptions);
1449 } catch (XmlPullParserException | IOException e) {
1450 Slog.w(TAG, "Error reading default permissions file " + file, e);
1451 }
1452 }
1453
1454 return grantExceptions;
1455 }
1456
1457 private void parse(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1458 outGrantExceptions) throws IOException, XmlPullParserException {
1459 final int outerDepth = parser.getDepth();
1460 int type;
1461 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1462 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1463 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1464 continue;
1465 }
1466 if (TAG_EXCEPTIONS.equals(parser.getName())) {
1467 parseExceptions(parser, outGrantExceptions);
1468 } else {
1469 Log.e(TAG, "Unknown tag " + parser.getName());
1470 }
1471 }
1472 }
1473
1474 private void parseExceptions(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1475 outGrantExceptions) throws IOException, XmlPullParserException {
1476 final int outerDepth = parser.getDepth();
1477 int type;
1478 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1479 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1480 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1481 continue;
1482 }
1483 if (TAG_EXCEPTION.equals(parser.getName())) {
1484 String packageName = parser.getAttributeValue(null, ATTR_PACKAGE);
1485
1486 List<DefaultPermissionGrant> packageExceptions =
1487 outGrantExceptions.get(packageName);
1488 if (packageExceptions == null) {
1489 // The package must be on the system image
Hai Zhangb157ef82018-10-04 14:53:04 -0700[diff] [blame]1490 PackageInfo packageInfo = getSystemPackageInfo(packageName);
Eugene Suslaf25013c2019-03-01 15:17:54 -0800[diff] [blame]1491
1492 if (packageInfo == null) {
1493 Log.w(TAG, "No such package:" + packageName);
1494 XmlUtils.skipCurrentTag(parser);
1495 continue;
1496 }
1497
Hai Zhangb157ef82018-10-04 14:53:04 -0700[diff] [blame]1498 if (!isSystemPackage(packageInfo)) {
1499 Log.w(TAG, "Unknown system package:" + packageName);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1500 XmlUtils.skipCurrentTag(parser);
1501 continue;
1502 }
1503
1504 // The package must support runtime permissions
Hai Zhangb157ef82018-10-04 14:53:04 -0700[diff] [blame]1505 if (!doesPackageSupportRuntimePermissions(packageInfo)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1506 Log.w(TAG, "Skipping non supporting runtime permissions package:"
1507 + packageName);
1508 XmlUtils.skipCurrentTag(parser);
1509 continue;
1510 }
1511 packageExceptions = new ArrayList<>();
1512 outGrantExceptions.put(packageName, packageExceptions);
1513 }
1514
1515 parsePermission(parser, packageExceptions);
1516 } else {
1517 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exceptions>");
1518 }
1519 }
1520 }
1521
1522 private void parsePermission(XmlPullParser parser, List<DefaultPermissionGrant>
1523 outPackageExceptions) throws IOException, XmlPullParserException {
1524 final int outerDepth = parser.getDepth();
1525 int type;
1526 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1527 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1528 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1529 continue;
1530 }
1531
1532 if (TAG_PERMISSION.contains(parser.getName())) {
1533 String name = parser.getAttributeValue(null, ATTR_NAME);
1534 if (name == null) {
1535 Log.w(TAG, "Mandatory name attribute missing for permission tag");
1536 XmlUtils.skipCurrentTag(parser);
1537 continue;
1538 }
1539
1540 final boolean fixed = XmlUtils.readBooleanAttribute(parser, ATTR_FIXED);
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]1541 final boolean whitelisted = XmlUtils.readBooleanAttribute(parser, ATTR_WHITELISTED);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1542
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]1543 DefaultPermissionGrant exception = new DefaultPermissionGrant(
1544 name, fixed, whitelisted);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1545 outPackageExceptions.add(exception);
1546 } else {
1547 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exception>");
1548 }
1549 }
1550 }
1551
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1552 private static boolean doesPackageSupportRuntimePermissions(PackageInfo pkg) {
1553 return pkg.applicationInfo != null
1554 && pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1555 }
1556
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]1557 private boolean isPermissionRestricted(String name) {
1558 try {
1559 return mContext.getPackageManager().getPermissionInfo(name, 0).isRestricted();
1560 } catch (NameNotFoundException e) {
1561 return false;
1562 }
1563 }
1564
Jeff Sharkey7a807602018-10-18 13:21:55 -0600[diff] [blame]1565 private boolean isPermissionDangerous(String name) {
1566 try {
1567 final PermissionInfo pi = mContext.getPackageManager().getPermissionInfo(name, 0);
Jeff Sharkey9d4654c2018-10-25 09:52:57 -0600[diff] [blame]1568 return (pi.getProtection() == PermissionInfo.PROTECTION_DANGEROUS);
Jeff Sharkey7a807602018-10-18 13:21:55 -0600[diff] [blame]1569 } catch (NameNotFoundException e) {
1570 // When unknown assume it's dangerous to be on the safe side
1571 return true;
1572 }
1573 }
1574
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1575 private static final class DefaultPermissionGrant {
1576 final String name;
1577 final boolean fixed;
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]1578 final boolean whitelisted;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1579
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]1580 public DefaultPermissionGrant(String name, boolean fixed,
1581 boolean whitelisted) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1582 this.name = name;
1583 this.fixed = fixed;
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]1584 this.whitelisted = whitelisted;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1585 }
1586 }
1587}