Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 1ae46d72c667664de3faf58a415369dda2ab9580 / . / services / core / java / com / android / server / pm / permission / DefaultPermissionGrantPolicy.java
blob: a78cb3360a4aaa0ca64ace37336a24809ad047af [file] [log] [blame]
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.pm.permission;
18
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]19import static android.os.Process.FIRST_APPLICATION_UID;
Todd Kennedy7c4c55d2017-11-02 10:01:39 -0700[diff] [blame]20
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]21import android.Manifest;
22import android.annotation.NonNull;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]23import android.annotation.Nullable;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]24import android.app.ActivityManager;
25import android.app.DownloadManager;
26import android.app.admin.DevicePolicyManager;
27import android.companion.CompanionDeviceManager;
28import android.content.Context;
29import android.content.Intent;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]30import android.content.pm.ApplicationInfo;
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]31import android.content.pm.PackageList;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]32import android.content.pm.PackageManager;
33import android.content.pm.PackageManagerInternal;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]34import android.content.pm.PackageManagerInternal.PackagesProvider;
35import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]36import android.content.pm.PackageParser;
37import android.content.pm.ProviderInfo;
38import android.content.pm.ResolveInfo;
39import android.media.RingtoneManager;
40import android.net.Uri;
41import android.os.Binder;
42import android.os.Build;
43import android.os.Environment;
44import android.os.Handler;
45import android.os.Looper;
46import android.os.Message;
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame]47import android.os.SystemProperties;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]48import android.os.UserHandle;
49import android.os.storage.StorageManager;
50import android.print.PrintManager;
51import android.provider.CalendarContract;
52import android.provider.ContactsContract;
53import android.provider.MediaStore;
54import android.provider.Telephony.Sms.Intents;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]55import android.security.Credentials;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]56import android.telephony.TelephonyManager;
Ye Wen8e8b2d52018-03-14 11:48:24 -0700[diff] [blame]57import android.text.TextUtils;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]58import android.util.ArrayMap;
59import android.util.ArraySet;
60import android.util.Log;
61import android.util.Slog;
62import android.util.Xml;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]63
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]64import com.android.internal.util.XmlUtils;
65import com.android.server.LocalServices;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]66import com.android.server.pm.PackageManagerService;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]67
68import org.xmlpull.v1.XmlPullParser;
69import org.xmlpull.v1.XmlPullParserException;
70
71import java.io.BufferedInputStream;
72import java.io.File;
73import java.io.FileInputStream;
74import java.io.IOException;
75import java.io.InputStream;
76import java.util.ArrayList;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]77import java.util.Collections;
78import java.util.List;
79import java.util.Map;
80import java.util.Set;
81
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]82/**
83 * This class is the policy for granting runtime permissions to
84 * platform components and default handlers in the system such
85 * that the device is usable out-of-the-box. For example, the
86 * shell UID is a part of the system and the Phone app should
87 * have phone related permission by default.
88 * <p>
89 * NOTE: This class is at the wrong abstraction level. It is a part of the package manager
90 * service but knows about lots of higher level subsystems. The correct way to do this is
91 * to have an interface defined in the package manager but have the impl next to other
92 * policy stuff like PhoneWindowManager
93 */
94public final class DefaultPermissionGrantPolicy {
95 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars
96 private static final boolean DEBUG = false;
97
98 private static final int DEFAULT_FLAGS =
99 PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE
100 | PackageManager.MATCH_UNINSTALLED_PACKAGES;
101
102 private static final String AUDIO_MIME_TYPE = "audio/mpeg";
103
104 private static final String TAG_EXCEPTIONS = "exceptions";
105 private static final String TAG_EXCEPTION = "exception";
106 private static final String TAG_PERMISSION = "permission";
107 private static final String ATTR_PACKAGE = "package";
108 private static final String ATTR_NAME = "name";
109 private static final String ATTR_FIXED = "fixed";
110
111 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>();
112 static {
113 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE);
114 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE);
115 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG);
116 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG);
117 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL);
118 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP);
119 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS);
120 }
121
122 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>();
123 static {
124 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS);
125 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS);
126 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS);
127 }
128
129 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>();
130 static {
131 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION);
132 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);
133 }
134
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]135 private static final Set<String> COARSE_LOCATION_PERMISSIONS = new ArraySet<>();
136 static {
137 COARSE_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);
138 }
139
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]140 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>();
141 static {
142 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR);
143 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR);
144 }
145
146 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>();
147 static {
148 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS);
149 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS);
150 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS);
151 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH);
152 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS);
153 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS);
154 }
155
156 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>();
157 static {
158 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO);
159 }
160
161 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>();
162 static {
163 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA);
164 }
165
166 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>();
167 static {
168 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS);
169 }
170
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame]171 @Deprecated
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]172 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>();
173 static {
174 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE);
175 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE);
176 }
177
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame]178 private static final Set<String> MEDIA_AURAL_PERMISSIONS = new ArraySet<>();
179 static {
180 // STOPSHIP(b/112545973): remove once feature enabled by default
181 if (SystemProperties.getBoolean(StorageManager.PROP_ISOLATED_STORAGE, false)) {
182 MEDIA_AURAL_PERMISSIONS.add(Manifest.permission.READ_MEDIA_AUDIO);
183 MEDIA_AURAL_PERMISSIONS.add(Manifest.permission.WRITE_MEDIA_AUDIO);
184 }
185 }
186
187 private static final Set<String> MEDIA_VISUAL_PERMISSIONS = new ArraySet<>();
188 static {
189 // STOPSHIP(b/112545973): remove once feature enabled by default
190 if (SystemProperties.getBoolean(StorageManager.PROP_ISOLATED_STORAGE, false)) {
191 MEDIA_VISUAL_PERMISSIONS.add(Manifest.permission.READ_MEDIA_IMAGES);
192 MEDIA_VISUAL_PERMISSIONS.add(Manifest.permission.WRITE_MEDIA_IMAGES);
193 MEDIA_VISUAL_PERMISSIONS.add(Manifest.permission.READ_MEDIA_VIDEO);
194 MEDIA_VISUAL_PERMISSIONS.add(Manifest.permission.WRITE_MEDIA_VIDEO);
195 }
196 }
197
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]198 private static final int MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS = 1;
199
200 private static final String ACTION_TRACK = "com.android.fitness.TRACK";
201
202 private final Handler mHandler;
203
204 private PackagesProvider mLocationPackagesProvider;
205 private PackagesProvider mVoiceInteractionPackagesProvider;
206 private PackagesProvider mSmsAppPackagesProvider;
207 private PackagesProvider mDialerAppPackagesProvider;
208 private PackagesProvider mSimCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]209 private PackagesProvider mUseOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]210 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider;
211
212 private ArrayMap<String, List<DefaultPermissionGrant>> mGrantExceptions;
213 private final Context mContext;
214 private final Object mLock = new Object();
215 private final PackageManagerInternal mServiceInternal;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]216 private final PermissionManagerService mPermissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]217 private final DefaultPermissionGrantedCallback mPermissionGrantedCallback;
218 public interface DefaultPermissionGrantedCallback {
219 /** Callback when permissions have been granted */
220 public void onDefaultRuntimePermissionsGranted(int userId);
221 }
222
223 public DefaultPermissionGrantPolicy(Context context, Looper looper,
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]224 @Nullable DefaultPermissionGrantedCallback callback,
225 @NonNull PermissionManagerService permissionManager) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]226 mContext = context;
227 mHandler = new Handler(looper) {
228 @Override
229 public void handleMessage(Message msg) {
230 if (msg.what == MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS) {
231 synchronized (mLock) {
232 if (mGrantExceptions == null) {
233 mGrantExceptions = readDefaultPermissionExceptionsLocked();
234 }
235 }
236 }
237 }
238 };
239 mPermissionGrantedCallback = callback;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]240 mPermissionManager = permissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]241 mServiceInternal = LocalServices.getService(PackageManagerInternal.class);
242 }
243
244 public void setLocationPackagesProvider(PackagesProvider provider) {
245 synchronized (mLock) {
246 mLocationPackagesProvider = provider;
247 }
248 }
249
250 public void setVoiceInteractionPackagesProvider(PackagesProvider provider) {
251 synchronized (mLock) {
252 mVoiceInteractionPackagesProvider = provider;
253 }
254 }
255
256 public void setSmsAppPackagesProvider(PackagesProvider provider) {
257 synchronized (mLock) {
258 mSmsAppPackagesProvider = provider;
259 }
260 }
261
262 public void setDialerAppPackagesProvider(PackagesProvider provider) {
263 synchronized (mLock) {
264 mDialerAppPackagesProvider = provider;
265 }
266 }
267
268 public void setSimCallManagerPackagesProvider(PackagesProvider provider) {
269 synchronized (mLock) {
270 mSimCallManagerPackagesProvider = provider;
271 }
272 }
273
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]274 public void setUseOpenWifiAppPackagesProvider(PackagesProvider provider) {
275 synchronized (mLock) {
276 mUseOpenWifiAppPackagesProvider = provider;
277 }
278 }
279
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]280 public void setSyncAdapterPackagesProvider(SyncAdapterPackagesProvider provider) {
281 synchronized (mLock) {
282 mSyncAdapterPackagesProvider = provider;
283 }
284 }
285
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]286 public void grantDefaultPermissions(int userId) {
Ralph Nathanbd111582018-03-21 14:53:23 -0700[diff] [blame]287 grantPermissionsToSysComponentsAndPrivApps(userId);
288 grantDefaultSystemHandlerPermissions(userId);
289 grantDefaultPermissionExceptions(userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]290 }
291
292 private void grantRuntimePermissionsForPackage(int userId, PackageParser.Package pkg) {
293 Set<String> permissions = new ArraySet<>();
294 for (String permission : pkg.requestedPermissions) {
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]295 final BasePermission bp = mPermissionManager.getPermission(permission);
296 if (bp == null) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]297 continue;
298 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]299 if (bp.isRuntime()) {
300 permissions.add(permission);
301 }
302 }
303 if (!permissions.isEmpty()) {
304 grantRuntimePermissions(pkg, permissions, true, userId);
305 }
306 }
307
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]308 private void grantAllRuntimePermissions(int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]309 Log.i(TAG, "Granting all runtime permissions for user " + userId);
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]310 final PackageList packageList = mServiceInternal.getPackageList();
311 for (String packageName : packageList.getPackageNames()) {
312 final PackageParser.Package pkg = mServiceInternal.getPackage(packageName);
313 if (pkg == null) {
314 continue;
315 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]316 grantRuntimePermissionsForPackage(userId, pkg);
317 }
318 }
319
320 public void scheduleReadDefaultPermissionExceptions() {
321 mHandler.sendEmptyMessage(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
322 }
323
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]324 private void grantPermissionsToSysComponentsAndPrivApps(int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]325 Log.i(TAG, "Granting permissions to platform components for user " + userId);
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]326 final PackageList packageList = mServiceInternal.getPackageList();
327 for (String packageName : packageList.getPackageNames()) {
328 final PackageParser.Package pkg = mServiceInternal.getPackage(packageName);
329 if (pkg == null) {
330 continue;
331 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]332 if (!isSysComponentOrPersistentPlatformSignedPrivApp(pkg)
333 || !doesPackageSupportRuntimePermissions(pkg)
334 || pkg.requestedPermissions.isEmpty()) {
335 continue;
336 }
337 grantRuntimePermissionsForPackage(userId, pkg);
338 }
339 }
340
341 private void grantDefaultSystemHandlerPermissions(int userId) {
342 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId);
343
344 final PackagesProvider locationPackagesProvider;
345 final PackagesProvider voiceInteractionPackagesProvider;
346 final PackagesProvider smsAppPackagesProvider;
347 final PackagesProvider dialerAppPackagesProvider;
348 final PackagesProvider simCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]349 final PackagesProvider useOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]350 final SyncAdapterPackagesProvider syncAdapterPackagesProvider;
351
352 synchronized (mLock) {
353 locationPackagesProvider = mLocationPackagesProvider;
354 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider;
355 smsAppPackagesProvider = mSmsAppPackagesProvider;
356 dialerAppPackagesProvider = mDialerAppPackagesProvider;
357 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]358 useOpenWifiAppPackagesProvider = mUseOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]359 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider;
360 }
361
362 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null)
363 ? voiceInteractionPackagesProvider.getPackages(userId) : null;
364 String[] locationPackageNames = (locationPackagesProvider != null)
365 ? locationPackagesProvider.getPackages(userId) : null;
366 String[] smsAppPackageNames = (smsAppPackagesProvider != null)
367 ? smsAppPackagesProvider.getPackages(userId) : null;
368 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null)
369 ? dialerAppPackagesProvider.getPackages(userId) : null;
370 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null)
371 ? simCallManagerPackagesProvider.getPackages(userId) : null;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]372 String[] useOpenWifiAppPackageNames = (useOpenWifiAppPackagesProvider != null)
373 ? useOpenWifiAppPackagesProvider.getPackages(userId) : null;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]374 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
375 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null;
376 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
377 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null;
378
379 // Installer
380 final String installerPackageName = mServiceInternal.getKnownPackageName(
381 PackageManagerInternal.PACKAGE_INSTALLER, userId);
382 PackageParser.Package installerPackage = getSystemPackage(installerPackageName);
383 if (installerPackage != null
384 && doesPackageSupportRuntimePermissions(installerPackage)) {
385 grantRuntimePermissions(installerPackage, STORAGE_PERMISSIONS, true, userId);
386 }
387
388 // Verifier
389 final String verifierPackageName = mServiceInternal.getKnownPackageName(
390 PackageManagerInternal.PACKAGE_VERIFIER, userId);
391 PackageParser.Package verifierPackage = getSystemPackage(verifierPackageName);
392 if (verifierPackage != null
393 && doesPackageSupportRuntimePermissions(verifierPackage)) {
394 grantRuntimePermissions(verifierPackage, STORAGE_PERMISSIONS, true, userId);
395 grantRuntimePermissions(verifierPackage, PHONE_PERMISSIONS, false, userId);
396 grantRuntimePermissions(verifierPackage, SMS_PERMISSIONS, false, userId);
397 }
398
399 // SetupWizard
400 final String setupWizardPackageName = mServiceInternal.getKnownPackageName(
401 PackageManagerInternal.PACKAGE_SETUP_WIZARD, userId);
402 PackageParser.Package setupPackage = getSystemPackage(setupWizardPackageName);
403 if (setupPackage != null
404 && doesPackageSupportRuntimePermissions(setupPackage)) {
405 grantRuntimePermissions(setupPackage, PHONE_PERMISSIONS, userId);
406 grantRuntimePermissions(setupPackage, CONTACTS_PERMISSIONS, userId);
407 grantRuntimePermissions(setupPackage, LOCATION_PERMISSIONS, userId);
408 grantRuntimePermissions(setupPackage, CAMERA_PERMISSIONS, userId);
409 }
410
411 // Camera
412 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE);
413 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackage(
414 cameraIntent, userId);
415 if (cameraPackage != null
416 && doesPackageSupportRuntimePermissions(cameraPackage)) {
417 grantRuntimePermissions(cameraPackage, CAMERA_PERMISSIONS, userId);
418 grantRuntimePermissions(cameraPackage, MICROPHONE_PERMISSIONS, userId);
419 grantRuntimePermissions(cameraPackage, STORAGE_PERMISSIONS, userId);
420 }
421
422 // Media provider
423 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackage(
424 MediaStore.AUTHORITY, userId);
425 if (mediaStorePackage != null) {
426 grantRuntimePermissions(mediaStorePackage, STORAGE_PERMISSIONS, true, userId);
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame]427 grantRuntimePermissions(mediaStorePackage, MEDIA_AURAL_PERMISSIONS, true, userId);
428 grantRuntimePermissions(mediaStorePackage, MEDIA_VISUAL_PERMISSIONS, true, userId);
Jerry Zhang27067df2017-10-18 11:51:54 -0700[diff] [blame]429 grantRuntimePermissions(mediaStorePackage, PHONE_PERMISSIONS, true, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]430 }
431
432 // Downloads provider
433 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackage(
434 "downloads", userId);
435 if (downloadsPackage != null) {
436 grantRuntimePermissions(downloadsPackage, STORAGE_PERMISSIONS, true, userId);
437 }
438
439 // Downloads UI
440 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS);
441 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackage(
442 downloadsUiIntent, userId);
443 if (downloadsUiPackage != null
444 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) {
445 grantRuntimePermissions(downloadsUiPackage, STORAGE_PERMISSIONS, true, userId);
446 }
447
448 // Storage provider
449 PackageParser.Package storagePackage = getDefaultProviderAuthorityPackage(
450 "com.android.externalstorage.documents", userId);
451 if (storagePackage != null) {
452 grantRuntimePermissions(storagePackage, STORAGE_PERMISSIONS, true, userId);
453 }
454
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]455 // Container service
456 PackageParser.Package containerPackage = getSystemPackage(
457 PackageManagerService.DEFAULT_CONTAINER_PACKAGE);
458 if (containerPackage != null) {
459 grantRuntimePermissions(containerPackage, STORAGE_PERMISSIONS, true, userId);
460 }
461
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]462 // CertInstaller
463 Intent certInstallerIntent = new Intent(Credentials.INSTALL_ACTION);
464 PackageParser.Package certInstallerPackage = getDefaultSystemHandlerActivityPackage(
465 certInstallerIntent, userId);
466 if (certInstallerPackage != null
467 && doesPackageSupportRuntimePermissions(certInstallerPackage)) {
468 grantRuntimePermissions(certInstallerPackage, STORAGE_PERMISSIONS, true, userId);
469 }
470
471 // Dialer
472 if (dialerAppPackageNames == null) {
473 Intent dialerIntent = new Intent(Intent.ACTION_DIAL);
474 PackageParser.Package dialerPackage = getDefaultSystemHandlerActivityPackage(
475 dialerIntent, userId);
476 if (dialerPackage != null) {
477 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId);
478 }
479 } else {
480 for (String dialerAppPackageName : dialerAppPackageNames) {
481 PackageParser.Package dialerPackage = getSystemPackage(dialerAppPackageName);
482 if (dialerPackage != null) {
483 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId);
484 }
485 }
486 }
487
488 // Sim call manager
489 if (simCallManagerPackageNames != null) {
490 for (String simCallManagerPackageName : simCallManagerPackageNames) {
491 PackageParser.Package simCallManagerPackage =
492 getSystemPackage(simCallManagerPackageName);
493 if (simCallManagerPackage != null) {
494 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage,
495 userId);
496 }
497 }
498 }
499
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]500 // Use Open Wifi
501 if (useOpenWifiAppPackageNames != null) {
502 for (String useOpenWifiPackageName : useOpenWifiAppPackageNames) {
503 PackageParser.Package useOpenWifiPackage =
504 getSystemPackage(useOpenWifiPackageName);
505 if (useOpenWifiPackage != null) {
506 grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(useOpenWifiPackage,
507 userId);
508 }
509 }
510 }
511
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]512 // SMS
513 if (smsAppPackageNames == null) {
514 Intent smsIntent = new Intent(Intent.ACTION_MAIN);
515 smsIntent.addCategory(Intent.CATEGORY_APP_MESSAGING);
516 PackageParser.Package smsPackage = getDefaultSystemHandlerActivityPackage(
517 smsIntent, userId);
518 if (smsPackage != null) {
519 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
520 }
521 } else {
522 for (String smsPackageName : smsAppPackageNames) {
523 PackageParser.Package smsPackage = getSystemPackage(smsPackageName);
524 if (smsPackage != null) {
525 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
526 }
527 }
528 }
529
530 // Cell Broadcast Receiver
531 Intent cbrIntent = new Intent(Intents.SMS_CB_RECEIVED_ACTION);
532 PackageParser.Package cbrPackage =
533 getDefaultSystemHandlerActivityPackage(cbrIntent, userId);
534 if (cbrPackage != null && doesPackageSupportRuntimePermissions(cbrPackage)) {
535 grantRuntimePermissions(cbrPackage, SMS_PERMISSIONS, userId);
536 }
537
538 // Carrier Provisioning Service
539 Intent carrierProvIntent = new Intent(Intents.SMS_CARRIER_PROVISION_ACTION);
540 PackageParser.Package carrierProvPackage =
541 getDefaultSystemHandlerServicePackage(carrierProvIntent, userId);
542 if (carrierProvPackage != null
543 && doesPackageSupportRuntimePermissions(carrierProvPackage)) {
544 grantRuntimePermissions(carrierProvPackage, SMS_PERMISSIONS, false, userId);
545 }
546
547 // Calendar
548 Intent calendarIntent = new Intent(Intent.ACTION_MAIN);
549 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR);
550 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackage(
551 calendarIntent, userId);
552 if (calendarPackage != null
553 && doesPackageSupportRuntimePermissions(calendarPackage)) {
554 grantRuntimePermissions(calendarPackage, CALENDAR_PERMISSIONS, userId);
555 grantRuntimePermissions(calendarPackage, CONTACTS_PERMISSIONS, userId);
556 }
557
558 // Calendar provider
559 PackageParser.Package calendarProviderPackage = getDefaultProviderAuthorityPackage(
560 CalendarContract.AUTHORITY, userId);
561 if (calendarProviderPackage != null) {
562 grantRuntimePermissions(calendarProviderPackage, CONTACTS_PERMISSIONS, userId);
563 grantRuntimePermissions(calendarProviderPackage, CALENDAR_PERMISSIONS,
564 true, userId);
565 grantRuntimePermissions(calendarProviderPackage, STORAGE_PERMISSIONS, userId);
566 }
567
568 // Calendar provider sync adapters
569 List<PackageParser.Package> calendarSyncAdapters = getHeadlessSyncAdapterPackages(
570 calendarSyncAdapterPackages, userId);
571 final int calendarSyncAdapterCount = calendarSyncAdapters.size();
572 for (int i = 0; i < calendarSyncAdapterCount; i++) {
573 PackageParser.Package calendarSyncAdapter = calendarSyncAdapters.get(i);
574 if (doesPackageSupportRuntimePermissions(calendarSyncAdapter)) {
575 grantRuntimePermissions(calendarSyncAdapter, CALENDAR_PERMISSIONS, userId);
576 }
577 }
578
579 // Contacts
580 Intent contactsIntent = new Intent(Intent.ACTION_MAIN);
581 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS);
582 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackage(
583 contactsIntent, userId);
584 if (contactsPackage != null
585 && doesPackageSupportRuntimePermissions(contactsPackage)) {
586 grantRuntimePermissions(contactsPackage, CONTACTS_PERMISSIONS, userId);
587 grantRuntimePermissions(contactsPackage, PHONE_PERMISSIONS, userId);
588 }
589
590 // Contacts provider sync adapters
591 List<PackageParser.Package> contactsSyncAdapters = getHeadlessSyncAdapterPackages(
592 contactsSyncAdapterPackages, userId);
593 final int contactsSyncAdapterCount = contactsSyncAdapters.size();
594 for (int i = 0; i < contactsSyncAdapterCount; i++) {
595 PackageParser.Package contactsSyncAdapter = contactsSyncAdapters.get(i);
596 if (doesPackageSupportRuntimePermissions(contactsSyncAdapter)) {
597 grantRuntimePermissions(contactsSyncAdapter, CONTACTS_PERMISSIONS, userId);
598 }
599 }
600
601 // Contacts provider
602 PackageParser.Package contactsProviderPackage = getDefaultProviderAuthorityPackage(
603 ContactsContract.AUTHORITY, userId);
604 if (contactsProviderPackage != null) {
605 grantRuntimePermissions(contactsProviderPackage, CONTACTS_PERMISSIONS,
606 true, userId);
607 grantRuntimePermissions(contactsProviderPackage, PHONE_PERMISSIONS,
608 true, userId);
609 grantRuntimePermissions(contactsProviderPackage, STORAGE_PERMISSIONS, userId);
610 }
611
612 // Device provisioning
613 Intent deviceProvisionIntent = new Intent(
614 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE);
615 PackageParser.Package deviceProvisionPackage =
616 getDefaultSystemHandlerActivityPackage(deviceProvisionIntent, userId);
617 if (deviceProvisionPackage != null
618 && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) {
619 grantRuntimePermissions(deviceProvisionPackage, CONTACTS_PERMISSIONS, userId);
620 }
621
622 // Maps
623 Intent mapsIntent = new Intent(Intent.ACTION_MAIN);
624 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS);
625 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackage(
626 mapsIntent, userId);
627 if (mapsPackage != null
628 && doesPackageSupportRuntimePermissions(mapsPackage)) {
629 grantRuntimePermissions(mapsPackage, LOCATION_PERMISSIONS, userId);
630 }
631
632 // Gallery
633 Intent galleryIntent = new Intent(Intent.ACTION_MAIN);
634 galleryIntent.addCategory(Intent.CATEGORY_APP_GALLERY);
635 PackageParser.Package galleryPackage = getDefaultSystemHandlerActivityPackage(
636 galleryIntent, userId);
637 if (galleryPackage != null
638 && doesPackageSupportRuntimePermissions(galleryPackage)) {
639 grantRuntimePermissions(galleryPackage, STORAGE_PERMISSIONS, userId);
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame]640 grantRuntimePermissions(galleryPackage, MEDIA_VISUAL_PERMISSIONS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]641 }
642
643 // Email
644 Intent emailIntent = new Intent(Intent.ACTION_MAIN);
645 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL);
646 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackage(
647 emailIntent, userId);
648 if (emailPackage != null
649 && doesPackageSupportRuntimePermissions(emailPackage)) {
650 grantRuntimePermissions(emailPackage, CONTACTS_PERMISSIONS, userId);
651 grantRuntimePermissions(emailPackage, CALENDAR_PERMISSIONS, userId);
652 }
653
654 // Browser
655 PackageParser.Package browserPackage = null;
656 String defaultBrowserPackage = mServiceInternal.getKnownPackageName(
657 PackageManagerInternal.PACKAGE_BROWSER, userId);
658 if (defaultBrowserPackage != null) {
659 browserPackage = getPackage(defaultBrowserPackage);
660 }
661 if (browserPackage == null) {
662 Intent browserIntent = new Intent(Intent.ACTION_MAIN);
663 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER);
664 browserPackage = getDefaultSystemHandlerActivityPackage(
665 browserIntent, userId);
666 }
667 if (browserPackage != null
668 && doesPackageSupportRuntimePermissions(browserPackage)) {
669 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, userId);
670 }
671
672 // Voice interaction
673 if (voiceInteractPackageNames != null) {
674 for (String voiceInteractPackageName : voiceInteractPackageNames) {
675 PackageParser.Package voiceInteractPackage = getSystemPackage(
676 voiceInteractPackageName);
677 if (voiceInteractPackage != null
678 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) {
679 grantRuntimePermissions(voiceInteractPackage,
680 CONTACTS_PERMISSIONS, userId);
681 grantRuntimePermissions(voiceInteractPackage,
682 CALENDAR_PERMISSIONS, userId);
683 grantRuntimePermissions(voiceInteractPackage,
684 MICROPHONE_PERMISSIONS, userId);
685 grantRuntimePermissions(voiceInteractPackage,
686 PHONE_PERMISSIONS, userId);
687 grantRuntimePermissions(voiceInteractPackage,
688 SMS_PERMISSIONS, userId);
689 grantRuntimePermissions(voiceInteractPackage,
690 LOCATION_PERMISSIONS, userId);
691 }
692 }
693 }
694
695 if (ActivityManager.isLowRamDeviceStatic()) {
696 // Allow voice search on low-ram devices
697 Intent globalSearchIntent = new Intent("android.search.action.GLOBAL_SEARCH");
698 PackageParser.Package globalSearchPickerPackage =
699 getDefaultSystemHandlerActivityPackage(globalSearchIntent, userId);
700
701 if (globalSearchPickerPackage != null
702 && doesPackageSupportRuntimePermissions(globalSearchPickerPackage)) {
703 grantRuntimePermissions(globalSearchPickerPackage,
Ng Zhi An202372d2017-12-19 11:19:30 -0800[diff] [blame]704 MICROPHONE_PERMISSIONS, false, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]705 grantRuntimePermissions(globalSearchPickerPackage,
Ng Zhi An202372d2017-12-19 11:19:30 -0800[diff] [blame]706 LOCATION_PERMISSIONS, false, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]707 }
708 }
709
710 // Voice recognition
711 Intent voiceRecoIntent = new Intent("android.speech.RecognitionService");
712 voiceRecoIntent.addCategory(Intent.CATEGORY_DEFAULT);
713 PackageParser.Package voiceRecoPackage = getDefaultSystemHandlerServicePackage(
714 voiceRecoIntent, userId);
715 if (voiceRecoPackage != null
716 && doesPackageSupportRuntimePermissions(voiceRecoPackage)) {
717 grantRuntimePermissions(voiceRecoPackage, MICROPHONE_PERMISSIONS, userId);
718 }
719
720 // Location
721 if (locationPackageNames != null) {
722 for (String packageName : locationPackageNames) {
723 PackageParser.Package locationPackage = getSystemPackage(packageName);
724 if (locationPackage != null
725 && doesPackageSupportRuntimePermissions(locationPackage)) {
726 grantRuntimePermissions(locationPackage, CONTACTS_PERMISSIONS, userId);
727 grantRuntimePermissions(locationPackage, CALENDAR_PERMISSIONS, userId);
728 grantRuntimePermissions(locationPackage, MICROPHONE_PERMISSIONS, userId);
729 grantRuntimePermissions(locationPackage, PHONE_PERMISSIONS, userId);
730 grantRuntimePermissions(locationPackage, SMS_PERMISSIONS, userId);
731 grantRuntimePermissions(locationPackage, LOCATION_PERMISSIONS,
732 true, userId);
733 grantRuntimePermissions(locationPackage, CAMERA_PERMISSIONS, userId);
734 grantRuntimePermissions(locationPackage, SENSORS_PERMISSIONS, userId);
735 grantRuntimePermissions(locationPackage, STORAGE_PERMISSIONS, userId);
736 }
737 }
738 }
739
740 // Music
741 Intent musicIntent = new Intent(Intent.ACTION_VIEW);
742 musicIntent.addCategory(Intent.CATEGORY_DEFAULT);
743 musicIntent.setDataAndType(Uri.fromFile(new File("foo.mp3")),
744 AUDIO_MIME_TYPE);
745 PackageParser.Package musicPackage = getDefaultSystemHandlerActivityPackage(
746 musicIntent, userId);
747 if (musicPackage != null
748 && doesPackageSupportRuntimePermissions(musicPackage)) {
749 grantRuntimePermissions(musicPackage, STORAGE_PERMISSIONS, userId);
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame]750 grantRuntimePermissions(musicPackage, MEDIA_AURAL_PERMISSIONS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]751 }
752
753 // Home
754 Intent homeIntent = new Intent(Intent.ACTION_MAIN);
755 homeIntent.addCategory(Intent.CATEGORY_HOME);
756 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER_APP);
757 PackageParser.Package homePackage = getDefaultSystemHandlerActivityPackage(
758 homeIntent, userId);
759 if (homePackage != null
760 && doesPackageSupportRuntimePermissions(homePackage)) {
761 grantRuntimePermissions(homePackage, LOCATION_PERMISSIONS, false, userId);
762 }
763
764 // Watches
765 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0)) {
766 // Home application on watches
767 Intent wearHomeIntent = new Intent(Intent.ACTION_MAIN);
768 wearHomeIntent.addCategory(Intent.CATEGORY_HOME_MAIN);
769
770 PackageParser.Package wearHomePackage = getDefaultSystemHandlerActivityPackage(
771 wearHomeIntent, userId);
772
773 if (wearHomePackage != null
774 && doesPackageSupportRuntimePermissions(wearHomePackage)) {
775 grantRuntimePermissions(wearHomePackage, CONTACTS_PERMISSIONS, false,
776 userId);
777 grantRuntimePermissions(wearHomePackage, PHONE_PERMISSIONS, true, userId);
778 grantRuntimePermissions(wearHomePackage, MICROPHONE_PERMISSIONS, false,
779 userId);
780 grantRuntimePermissions(wearHomePackage, LOCATION_PERMISSIONS, false,
781 userId);
782 }
783
784 // Fitness tracking on watches
785 Intent trackIntent = new Intent(ACTION_TRACK);
786 PackageParser.Package trackPackage = getDefaultSystemHandlerActivityPackage(
787 trackIntent, userId);
788 if (trackPackage != null
789 && doesPackageSupportRuntimePermissions(trackPackage)) {
790 grantRuntimePermissions(trackPackage, SENSORS_PERMISSIONS, false, userId);
791 grantRuntimePermissions(trackPackage, LOCATION_PERMISSIONS, false, userId);
792 }
793 }
794
795 // Print Spooler
796 PackageParser.Package printSpoolerPackage = getSystemPackage(
797 PrintManager.PRINT_SPOOLER_PACKAGE_NAME);
798 if (printSpoolerPackage != null
799 && doesPackageSupportRuntimePermissions(printSpoolerPackage)) {
800 grantRuntimePermissions(printSpoolerPackage, LOCATION_PERMISSIONS, true, userId);
801 }
802
803 // EmergencyInfo
804 Intent emergencyInfoIntent = new Intent(TelephonyManager.ACTION_EMERGENCY_ASSISTANCE);
805 PackageParser.Package emergencyInfoPckg = getDefaultSystemHandlerActivityPackage(
806 emergencyInfoIntent, userId);
807 if (emergencyInfoPckg != null
808 && doesPackageSupportRuntimePermissions(emergencyInfoPckg)) {
809 grantRuntimePermissions(emergencyInfoPckg, CONTACTS_PERMISSIONS, true, userId);
810 grantRuntimePermissions(emergencyInfoPckg, PHONE_PERMISSIONS, true, userId);
811 }
812
813 // NFC Tag viewer
814 Intent nfcTagIntent = new Intent(Intent.ACTION_VIEW);
815 nfcTagIntent.setType("vnd.android.cursor.item/ndef_msg");
816 PackageParser.Package nfcTagPkg = getDefaultSystemHandlerActivityPackage(
817 nfcTagIntent, userId);
818 if (nfcTagPkg != null
819 && doesPackageSupportRuntimePermissions(nfcTagPkg)) {
820 grantRuntimePermissions(nfcTagPkg, CONTACTS_PERMISSIONS, false, userId);
821 grantRuntimePermissions(nfcTagPkg, PHONE_PERMISSIONS, false, userId);
822 }
823
824 // Storage Manager
825 Intent storageManagerIntent = new Intent(StorageManager.ACTION_MANAGE_STORAGE);
826 PackageParser.Package storageManagerPckg = getDefaultSystemHandlerActivityPackage(
827 storageManagerIntent, userId);
828 if (storageManagerPckg != null
829 && doesPackageSupportRuntimePermissions(storageManagerPckg)) {
830 grantRuntimePermissions(storageManagerPckg, STORAGE_PERMISSIONS, true, userId);
831 }
832
833 // Companion devices
834 PackageParser.Package companionDeviceDiscoveryPackage = getSystemPackage(
835 CompanionDeviceManager.COMPANION_DEVICE_DISCOVERY_PACKAGE_NAME);
836 if (companionDeviceDiscoveryPackage != null
837 && doesPackageSupportRuntimePermissions(companionDeviceDiscoveryPackage)) {
838 grantRuntimePermissions(companionDeviceDiscoveryPackage,
839 LOCATION_PERMISSIONS, true, userId);
840 }
841
842 // Ringtone Picker
843 Intent ringtonePickerIntent = new Intent(RingtoneManager.ACTION_RINGTONE_PICKER);
844 PackageParser.Package ringtonePickerPackage =
845 getDefaultSystemHandlerActivityPackage(ringtonePickerIntent, userId);
846 if (ringtonePickerPackage != null
847 && doesPackageSupportRuntimePermissions(ringtonePickerPackage)) {
848 grantRuntimePermissions(ringtonePickerPackage,
849 STORAGE_PERMISSIONS, true, userId);
850 }
851
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]852 // TextClassifier Service
Ye Wen8e8b2d52018-03-14 11:48:24 -0700[diff] [blame]853 String textClassifierPackageName =
854 mContext.getPackageManager().getSystemTextClassifierPackageName();
855 if (!TextUtils.isEmpty(textClassifierPackageName)) {
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]856 PackageParser.Package textClassifierPackage =
Ye Wen8e8b2d52018-03-14 11:48:24 -0700[diff] [blame]857 getSystemPackage(textClassifierPackageName);
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]858 if (textClassifierPackage != null
859 && doesPackageSupportRuntimePermissions(textClassifierPackage)) {
Eugene Susla4b870112018-06-08 21:39:58 +0000[diff] [blame]860 grantRuntimePermissions(textClassifierPackage, PHONE_PERMISSIONS, false, userId);
861 grantRuntimePermissions(textClassifierPackage, SMS_PERMISSIONS, false, userId);
862 grantRuntimePermissions(textClassifierPackage, CALENDAR_PERMISSIONS, false, userId);
863 grantRuntimePermissions(textClassifierPackage, LOCATION_PERMISSIONS, false, userId);
864 grantRuntimePermissions(textClassifierPackage, CONTACTS_PERMISSIONS, false, userId);
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]865 }
866 }
867
Anton Philippov4b3a1f52018-05-04 14:46:44 +0100[diff] [blame]868 // There is no real "marker" interface to identify the shared storage backup, it is
869 // hardcoded in BackupManagerService.SHARED_BACKUP_AGENT_PACKAGE.
870 PackageParser.Package sharedStorageBackupPackage = getSystemPackage(
871 "com.android.sharedstoragebackup");
872 if (sharedStorageBackupPackage != null) {
873 grantRuntimePermissions(sharedStorageBackupPackage, STORAGE_PERMISSIONS, true, userId);
874 }
875
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]876 if (mPermissionGrantedCallback != null) {
877 mPermissionGrantedCallback.onDefaultRuntimePermissionsGranted(userId);
878 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]879 }
880
881 private void grantDefaultPermissionsToDefaultSystemDialerApp(
882 PackageParser.Package dialerPackage, int userId) {
883 if (doesPackageSupportRuntimePermissions(dialerPackage)) {
884 boolean isPhonePermFixed =
885 mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0);
886 grantRuntimePermissions(
887 dialerPackage, PHONE_PERMISSIONS, isPhonePermFixed, userId);
888 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, userId);
889 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, userId);
890 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, userId);
891 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, userId);
892 }
893 }
894
895 private void grantDefaultPermissionsToDefaultSystemSmsApp(
896 PackageParser.Package smsPackage, int userId) {
897 if (doesPackageSupportRuntimePermissions(smsPackage)) {
898 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, userId);
899 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, userId);
900 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, userId);
901 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, userId);
902 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, userId);
903 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, userId);
904 }
905 }
906
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]907 private void grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(
908 PackageParser.Package useOpenWifiPackage, int userId) {
909 if (doesPackageSupportRuntimePermissions(useOpenWifiPackage)) {
910 grantRuntimePermissions(useOpenWifiPackage, COARSE_LOCATION_PERMISSIONS, userId);
911 }
912 }
913
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]914 public void grantDefaultPermissionsToDefaultSmsApp(String packageName, int userId) {
915 Log.i(TAG, "Granting permissions to default sms app for user:" + userId);
916 if (packageName == null) {
917 return;
918 }
919 PackageParser.Package smsPackage = getPackage(packageName);
920 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) {
921 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, false, true, userId);
922 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, false, true, userId);
923 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, false, true, userId);
924 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, false, true, userId);
925 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, false, true, userId);
926 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, false, true, userId);
927 }
928 }
929
930 public void grantDefaultPermissionsToDefaultDialerApp(String packageName, int userId) {
931 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId);
932 if (packageName == null) {
933 return;
934 }
935 PackageParser.Package dialerPackage = getPackage(packageName);
936 if (dialerPackage != null
937 && doesPackageSupportRuntimePermissions(dialerPackage)) {
938 grantRuntimePermissions(dialerPackage, PHONE_PERMISSIONS, false, true, userId);
939 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, false, true, userId);
940 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, false, true, userId);
941 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, false, true, userId);
942 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, false, true, userId);
943 }
944 }
945
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]946 public void grantDefaultPermissionsToDefaultUseOpenWifiApp(String packageName, int userId) {
947 Log.i(TAG, "Granting permissions to default Use Open WiFi app for user:" + userId);
948 if (packageName == null) {
949 return;
950 }
951 PackageParser.Package useOpenWifiPackage = getPackage(packageName);
952 if (useOpenWifiPackage != null
953 && doesPackageSupportRuntimePermissions(useOpenWifiPackage)) {
954 grantRuntimePermissions(
955 useOpenWifiPackage, COARSE_LOCATION_PERMISSIONS, false, true, userId);
956 }
957 }
958
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]959 private void grantDefaultPermissionsToDefaultSimCallManager(
960 PackageParser.Package simCallManagerPackage, int userId) {
961 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId);
962 if (doesPackageSupportRuntimePermissions(simCallManagerPackage)) {
963 grantRuntimePermissions(simCallManagerPackage, PHONE_PERMISSIONS, userId);
964 grantRuntimePermissions(simCallManagerPackage, MICROPHONE_PERMISSIONS, userId);
965 }
966 }
967
968 public void grantDefaultPermissionsToDefaultSimCallManager(String packageName, int userId) {
969 if (packageName == null) {
970 return;
971 }
972 PackageParser.Package simCallManagerPackage = getPackage(packageName);
973 if (simCallManagerPackage != null) {
974 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage, userId);
975 }
976 }
977
978 public void grantDefaultPermissionsToEnabledCarrierApps(String[] packageNames, int userId) {
979 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId);
980 if (packageNames == null) {
981 return;
982 }
983 for (String packageName : packageNames) {
984 PackageParser.Package carrierPackage = getSystemPackage(packageName);
985 if (carrierPackage != null
986 && doesPackageSupportRuntimePermissions(carrierPackage)) {
987 grantRuntimePermissions(carrierPackage, PHONE_PERMISSIONS, userId);
988 grantRuntimePermissions(carrierPackage, LOCATION_PERMISSIONS, userId);
989 grantRuntimePermissions(carrierPackage, SMS_PERMISSIONS, userId);
990 }
991 }
992 }
993
994 public void grantDefaultPermissionsToEnabledImsServices(String[] packageNames, int userId) {
995 Log.i(TAG, "Granting permissions to enabled ImsServices for user:" + userId);
996 if (packageNames == null) {
997 return;
998 }
999 for (String packageName : packageNames) {
1000 PackageParser.Package imsServicePackage = getSystemPackage(packageName);
1001 if (imsServicePackage != null
1002 && doesPackageSupportRuntimePermissions(imsServicePackage)) {
1003 grantRuntimePermissions(imsServicePackage, PHONE_PERMISSIONS, userId);
1004 grantRuntimePermissions(imsServicePackage, MICROPHONE_PERMISSIONS, userId);
1005 grantRuntimePermissions(imsServicePackage, LOCATION_PERMISSIONS, userId);
1006 grantRuntimePermissions(imsServicePackage, CAMERA_PERMISSIONS, userId);
Mohamed Abdalkaderd6d55742018-03-12 14:36:14 -0700[diff] [blame]1007 grantRuntimePermissions(imsServicePackage, CONTACTS_PERMISSIONS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1008 }
1009 }
1010 }
1011
Nathan Harold76ad1a32018-02-20 14:31:09 -0800[diff] [blame]1012 public void grantDefaultPermissionsToEnabledTelephonyDataServices(
1013 String[] packageNames, int userId) {
1014 Log.i(TAG, "Granting permissions to enabled data services for user:" + userId);
1015 if (packageNames == null) {
1016 return;
1017 }
1018 for (String packageName : packageNames) {
1019 PackageParser.Package dataServicePackage = getSystemPackage(packageName);
1020 if (dataServicePackage != null
1021 && doesPackageSupportRuntimePermissions(dataServicePackage)) {
1022 // Grant these permissions as system-fixed, so that nobody can accidentally
1023 // break cellular data.
1024 grantRuntimePermissions(dataServicePackage, PHONE_PERMISSIONS, true, userId);
1025 grantRuntimePermissions(dataServicePackage, LOCATION_PERMISSIONS, true, userId);
1026 }
1027 }
1028 }
1029
1030 public void revokeDefaultPermissionsFromDisabledTelephonyDataServices(
1031 String[] packageNames, int userId) {
1032 Log.i(TAG, "Revoking permissions from disabled data services for user:" + userId);
1033 if (packageNames == null) {
1034 return;
1035 }
1036 for (String packageName : packageNames) {
1037 PackageParser.Package dataServicePackage = getSystemPackage(packageName);
1038 if (dataServicePackage != null
1039 && doesPackageSupportRuntimePermissions(dataServicePackage)) {
1040 revokeRuntimePermissions(dataServicePackage, PHONE_PERMISSIONS, true, userId);
1041 revokeRuntimePermissions(dataServicePackage, LOCATION_PERMISSIONS, true, userId);
1042 }
1043 }
1044 }
1045
Holly Jiuyu Sun349e2142018-03-26 15:29:42 -0700[diff] [blame]1046 public void grantDefaultPermissionsToActiveLuiApp(String packageName, int userId) {
1047 Log.i(TAG, "Granting permissions to active LUI app for user:" + userId);
1048 if (packageName == null) {
1049 return;
1050 }
1051 PackageParser.Package luiAppPackage = getSystemPackage(packageName);
1052 if (luiAppPackage != null
1053 && doesPackageSupportRuntimePermissions(luiAppPackage)) {
1054 grantRuntimePermissions(luiAppPackage, CAMERA_PERMISSIONS, true, userId);
1055 }
1056 }
1057
1058 public void revokeDefaultPermissionsFromLuiApps(String[] packageNames, int userId) {
1059 Log.i(TAG, "Revoke permissions from LUI apps for user:" + userId);
1060 if (packageNames == null) {
1061 return;
1062 }
1063 for (String packageName : packageNames) {
1064 PackageParser.Package luiAppPackage = getSystemPackage(packageName);
1065 if (luiAppPackage != null
1066 && doesPackageSupportRuntimePermissions(luiAppPackage)) {
1067 revokeRuntimePermissions(luiAppPackage, CAMERA_PERMISSIONS, true, userId);
1068 }
1069 }
1070 }
1071
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1072 public void grantDefaultPermissionsToDefaultBrowser(String packageName, int userId) {
1073 Log.i(TAG, "Granting permissions to default browser for user:" + userId);
1074 if (packageName == null) {
1075 return;
1076 }
1077 PackageParser.Package browserPackage = getSystemPackage(packageName);
1078 if (browserPackage != null
1079 && doesPackageSupportRuntimePermissions(browserPackage)) {
1080 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, false, false, userId);
1081 }
1082 }
1083
1084 private PackageParser.Package getDefaultSystemHandlerActivityPackage(
1085 Intent intent, int userId) {
1086 ResolveInfo handler = mServiceInternal.resolveIntent(intent,
Patrick Baumann78380272018-04-04 10:41:01 -0700[diff] [blame]1087 intent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS, userId, false,
1088 Binder.getCallingUid());
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1089 if (handler == null || handler.activityInfo == null) {
1090 return null;
1091 }
1092 if (mServiceInternal.isResolveActivityComponent(handler.activityInfo)) {
1093 return null;
1094 }
1095 return getSystemPackage(handler.activityInfo.packageName);
1096 }
1097
1098 private PackageParser.Package getDefaultSystemHandlerServicePackage(
1099 Intent intent, int userId) {
1100 List<ResolveInfo> handlers = mServiceInternal.queryIntentServices(
1101 intent, DEFAULT_FLAGS, Binder.getCallingUid(), userId);
1102 if (handlers == null) {
1103 return null;
1104 }
1105 final int handlerCount = handlers.size();
1106 for (int i = 0; i < handlerCount; i++) {
1107 ResolveInfo handler = handlers.get(i);
1108 PackageParser.Package handlerPackage = getSystemPackage(
1109 handler.serviceInfo.packageName);
1110 if (handlerPackage != null) {
1111 return handlerPackage;
1112 }
1113 }
1114 return null;
1115 }
1116
1117 private List<PackageParser.Package> getHeadlessSyncAdapterPackages(
1118 String[] syncAdapterPackageNames, int userId) {
1119 List<PackageParser.Package> syncAdapterPackages = new ArrayList<>();
1120
1121 Intent homeIntent = new Intent(Intent.ACTION_MAIN);
1122 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER);
1123
1124 for (String syncAdapterPackageName : syncAdapterPackageNames) {
1125 homeIntent.setPackage(syncAdapterPackageName);
1126
1127 ResolveInfo homeActivity = mServiceInternal.resolveIntent(homeIntent,
1128 homeIntent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS,
Patrick Baumann78380272018-04-04 10:41:01 -0700[diff] [blame]1129 userId, false, Binder.getCallingUid());
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1130 if (homeActivity != null) {
1131 continue;
1132 }
1133
1134 PackageParser.Package syncAdapterPackage = getSystemPackage(syncAdapterPackageName);
1135 if (syncAdapterPackage != null) {
1136 syncAdapterPackages.add(syncAdapterPackage);
1137 }
1138 }
1139
1140 return syncAdapterPackages;
1141 }
1142
1143 private PackageParser.Package getDefaultProviderAuthorityPackage(
1144 String authority, int userId) {
1145 ProviderInfo provider =
1146 mServiceInternal.resolveContentProvider(authority, DEFAULT_FLAGS, userId);
1147 if (provider != null) {
1148 return getSystemPackage(provider.packageName);
1149 }
1150 return null;
1151 }
1152
1153 private PackageParser.Package getPackage(String packageName) {
1154 return mServiceInternal.getPackage(packageName);
1155 }
1156
1157 private PackageParser.Package getSystemPackage(String packageName) {
1158 PackageParser.Package pkg = getPackage(packageName);
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1159 if (pkg != null && pkg.isSystem()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1160 return !isSysComponentOrPersistentPlatformSignedPrivApp(pkg) ? pkg : null;
1161 }
1162 return null;
1163 }
1164
1165 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
1166 int userId) {
1167 grantRuntimePermissions(pkg, permissions, false, false, userId);
1168 }
1169
1170 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
1171 boolean systemFixed, int userId) {
1172 grantRuntimePermissions(pkg, permissions, systemFixed, false, userId);
1173 }
1174
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1175 private void revokeRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
1176 boolean systemFixed, int userId) {
1177 if (pkg.requestedPermissions.isEmpty()) {
1178 return;
1179 }
1180 Set<String> revokablePermissions = new ArraySet<>(pkg.requestedPermissions);
1181
1182 for (String permission : permissions) {
1183 // We can't revoke what wasn't requested.
1184 if (!revokablePermissions.contains(permission)) {
1185 continue;
1186 }
1187
1188 final int flags = mServiceInternal.getPermissionFlagsTEMP(
1189 permission, pkg.packageName, userId);
1190
1191 // We didn't get this through the default grant policy. Move along.
1192 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) == 0) {
1193 continue;
1194 }
1195 // We aren't going to clobber device policy with a DefaultGrant.
1196 if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) {
1197 continue;
1198 }
1199 // Do not revoke system fixed permissions unless caller set them that way;
1200 // there is no refcount for the number of sources of this, so there
1201 // should be at most one grantor doing SYSTEM_FIXED for any given package.
1202 if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 && !systemFixed) {
1203 continue;
1204 }
1205 mServiceInternal.revokeRuntimePermission(pkg.packageName, permission, userId, false);
1206
1207 if (DEBUG) {
1208 Log.i(TAG, "revoked " + (systemFixed ? "fixed " : "not fixed ")
1209 + permission + " to " + pkg.packageName);
1210 }
1211
1212 // Remove the GRANTED_BY_DEFAULT flag without touching the others.
1213 // Note that we do not revoke FLAG_PERMISSION_SYSTEM_FIXED. That bit remains
1214 // sticky once set.
1215 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName,
1216 PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT, 0, userId);
1217 }
1218 }
1219
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1220 private void grantRuntimePermissions(PackageParser.Package pkg,
1221 Set<String> permissionsWithoutSplits, boolean systemFixed, boolean ignoreSystemPackage,
1222 int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1223 if (pkg.requestedPermissions.isEmpty()) {
1224 return;
1225 }
1226
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1227 final ArraySet<String> permissions = new ArraySet<>(permissionsWithoutSplits);
1228
1229 // Automatically attempt to grant split permissions to older APKs
1230 final int numSplitPerms = PackageParser.SPLIT_PERMISSIONS.length;
1231 for (int splitPermNum = 0; splitPermNum < numSplitPerms; splitPermNum++) {
1232 final PackageParser.SplitPermissionInfo splitPerm =
1233 PackageParser.SPLIT_PERMISSIONS[splitPermNum];
1234
1235 if (pkg.applicationInfo.targetSdkVersion < splitPerm.targetSdk
1236 && permissionsWithoutSplits.contains(splitPerm.rootPerm)) {
1237 Collections.addAll(permissions, splitPerm.newPerms);
1238 }
1239 }
1240
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1241 List<String> requestedPermissions = pkg.requestedPermissions;
1242 Set<String> grantablePermissions = null;
1243
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1244 // In some cases, like for the Phone or SMS app, we grant permissions regardless
1245 // of if the version on the system image declares the permission as used since
1246 // selecting the app as the default for that function the user makes a deliberate
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1247 // choice to grant this app the permissions needed to function. For all other
1248 // apps, (default grants on first boot and user creation) we don't grant default
1249 // permissions if the version on the system image does not declare them.
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1250 if (!ignoreSystemPackage && pkg.isUpdatedSystemApp()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1251 final PackageParser.Package disabledPkg =
1252 mServiceInternal.getDisabledPackage(pkg.packageName);
1253 if (disabledPkg != null) {
1254 if (disabledPkg.requestedPermissions.isEmpty()) {
1255 return;
1256 }
1257 if (!requestedPermissions.equals(disabledPkg.requestedPermissions)) {
1258 grantablePermissions = new ArraySet<>(requestedPermissions);
1259 requestedPermissions = disabledPkg.requestedPermissions;
1260 }
1261 }
1262 }
1263
1264 final int grantablePermissionCount = requestedPermissions.size();
1265 for (int i = 0; i < grantablePermissionCount; i++) {
1266 String permission = requestedPermissions.get(i);
1267
1268 // If there is a disabled system app it may request a permission the updated
1269 // version ot the data partition doesn't, In this case skip the permission.
1270 if (grantablePermissions != null && !grantablePermissions.contains(permission)) {
1271 continue;
1272 }
1273
1274 if (permissions.contains(permission)) {
1275 final int flags = mServiceInternal.getPermissionFlagsTEMP(
1276 permission, pkg.packageName, userId);
1277
1278 // If any flags are set to the permission, then it is either set in
1279 // its current state by the system or device/profile owner or the user.
1280 // In all these cases we do not want to clobber the current state.
1281 // Unless the caller wants to override user choices. The override is
1282 // to make sure we can grant the needed permission to the default
1283 // sms and phone apps after the user chooses this in the UI.
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1284 if (flags == 0 || ignoreSystemPackage) {
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1285 // Never clobber policy fixed permissions.
1286 // We must allow the grant of a system-fixed permission because
1287 // system-fixed is sticky, but the permission itself may be revoked.
1288 if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1289 continue;
1290 }
1291
1292 mServiceInternal.grantRuntimePermission(
1293 pkg.packageName, permission, userId, false);
1294 if (DEBUG) {
1295 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ")
1296 + permission + " to default handler " + pkg.packageName);
1297 }
1298
1299 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT;
1300 if (systemFixed) {
1301 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
1302 }
1303
1304 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName,
1305 newFlags, newFlags, userId);
1306 }
1307
1308 // If a component gets a permission for being the default handler A
1309 // and also default handler B, we grant the weaker grant form.
1310 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
1311 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0
1312 && !systemFixed) {
1313 if (DEBUG) {
1314 Log.i(TAG, "Granted not fixed " + permission + " to default handler "
1315 + pkg.packageName);
1316 }
1317 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName,
1318 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, userId);
1319 }
1320 }
1321 }
1322 }
1323
1324 private boolean isSysComponentOrPersistentPlatformSignedPrivApp(PackageParser.Package pkg) {
1325 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) {
1326 return true;
1327 }
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1328 if (!pkg.isPrivileged()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1329 return false;
1330 }
1331 final PackageParser.Package disabledPkg =
1332 mServiceInternal.getDisabledPackage(pkg.packageName);
1333 if (disabledPkg != null) {
1334 if ((disabledPkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
1335 return false;
1336 }
1337 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
1338 return false;
1339 }
1340 final String systemPackageName = mServiceInternal.getKnownPackageName(
1341 PackageManagerInternal.PACKAGE_SYSTEM, UserHandle.USER_SYSTEM);
1342 final PackageParser.Package systemPackage = getPackage(systemPackageName);
Dan Cashman1dbe6d02018-01-23 11:18:28 -0800[diff] [blame]1343 return pkg.mSigningDetails.hasAncestorOrSelf(systemPackage.mSigningDetails)
1344 || systemPackage.mSigningDetails.checkCapability(pkg.mSigningDetails,
1345 PackageParser.SigningDetails.CertCapabilities.PERMISSION);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1346 }
1347
1348 private void grantDefaultPermissionExceptions(int userId) {
1349 mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
1350
1351 synchronized (mLock) {
1352 // mGrantExceptions is null only before the first read and then
1353 // it serves as a cache of the default grants that should be
1354 // performed for every user. If there is an entry then the app
1355 // is on the system image and supports runtime permissions.
1356 if (mGrantExceptions == null) {
1357 mGrantExceptions = readDefaultPermissionExceptionsLocked();
1358 }
1359 }
1360
1361 Set<String> permissions = null;
1362 final int exceptionCount = mGrantExceptions.size();
1363 for (int i = 0; i < exceptionCount; i++) {
1364 String packageName = mGrantExceptions.keyAt(i);
1365 PackageParser.Package pkg = getSystemPackage(packageName);
1366 List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i);
1367 final int permissionGrantCount = permissionGrants.size();
1368 for (int j = 0; j < permissionGrantCount; j++) {
1369 DefaultPermissionGrant permissionGrant = permissionGrants.get(j);
1370 if (permissions == null) {
1371 permissions = new ArraySet<>();
1372 } else {
1373 permissions.clear();
1374 }
1375 permissions.add(permissionGrant.name);
1376 grantRuntimePermissions(pkg, permissions,
1377 permissionGrant.fixed, userId);
1378 }
1379 }
1380 }
1381
1382 private File[] getDefaultPermissionFiles() {
1383 ArrayList<File> ret = new ArrayList<File>();
1384 File dir = new File(Environment.getRootDirectory(), "etc/default-permissions");
1385 if (dir.isDirectory() && dir.canRead()) {
1386 Collections.addAll(ret, dir.listFiles());
1387 }
1388 dir = new File(Environment.getVendorDirectory(), "etc/default-permissions");
1389 if (dir.isDirectory() && dir.canRead()) {
1390 Collections.addAll(ret, dir.listFiles());
1391 }
Jiyong Park0989e382018-03-13 10:26:47 +0900[diff] [blame]1392 dir = new File(Environment.getOdmDirectory(), "etc/default-permissions");
1393 if (dir.isDirectory() && dir.canRead()) {
1394 Collections.addAll(ret, dir.listFiles());
1395 }
Jaekyun Seok1713d9e2018-01-12 21:47:26 +0900[diff] [blame]1396 dir = new File(Environment.getProductDirectory(), "etc/default-permissions");
1397 if (dir.isDirectory() && dir.canRead()) {
1398 Collections.addAll(ret, dir.listFiles());
1399 }
Dario Freni1ae46d72018-08-17 15:56:43 +0100[diff] [blame^]1400 dir = new File(Environment.getProductServicesDirectory(),
1401 "etc/default-permissions");
1402 if (dir.isDirectory() && dir.canRead()) {
1403 Collections.addAll(ret, dir.listFiles());
1404 }
Ralph Nathanbd111582018-03-21 14:53:23 -0700[diff] [blame]1405 // For IoT devices, we check the oem partition for default permissions for each app.
1406 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) {
1407 dir = new File(Environment.getOemDirectory(), "etc/default-permissions");
1408 if (dir.isDirectory() && dir.canRead()) {
1409 Collections.addAll(ret, dir.listFiles());
1410 }
1411 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1412 return ret.isEmpty() ? null : ret.toArray(new File[0]);
1413 }
1414
1415 private @NonNull ArrayMap<String, List<DefaultPermissionGrant>>
1416 readDefaultPermissionExceptionsLocked() {
1417 File[] files = getDefaultPermissionFiles();
1418 if (files == null) {
1419 return new ArrayMap<>(0);
1420 }
1421
1422 ArrayMap<String, List<DefaultPermissionGrant>> grantExceptions = new ArrayMap<>();
1423
1424 // Iterate over the files in the directory and scan .xml files
1425 for (File file : files) {
1426 if (!file.getPath().endsWith(".xml")) {
1427 Slog.i(TAG, "Non-xml file " + file
1428 + " in " + file.getParent() + " directory, ignoring");
1429 continue;
1430 }
1431 if (!file.canRead()) {
1432 Slog.w(TAG, "Default permissions file " + file + " cannot be read");
1433 continue;
1434 }
1435 try (
1436 InputStream str = new BufferedInputStream(new FileInputStream(file))
1437 ) {
1438 XmlPullParser parser = Xml.newPullParser();
1439 parser.setInput(str, null);
1440 parse(parser, grantExceptions);
1441 } catch (XmlPullParserException | IOException e) {
1442 Slog.w(TAG, "Error reading default permissions file " + file, e);
1443 }
1444 }
1445
1446 return grantExceptions;
1447 }
1448
1449 private void parse(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1450 outGrantExceptions) throws IOException, XmlPullParserException {
1451 final int outerDepth = parser.getDepth();
1452 int type;
1453 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1454 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1455 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1456 continue;
1457 }
1458 if (TAG_EXCEPTIONS.equals(parser.getName())) {
1459 parseExceptions(parser, outGrantExceptions);
1460 } else {
1461 Log.e(TAG, "Unknown tag " + parser.getName());
1462 }
1463 }
1464 }
1465
1466 private void parseExceptions(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1467 outGrantExceptions) throws IOException, XmlPullParserException {
1468 final int outerDepth = parser.getDepth();
1469 int type;
1470 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1471 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1472 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1473 continue;
1474 }
1475 if (TAG_EXCEPTION.equals(parser.getName())) {
1476 String packageName = parser.getAttributeValue(null, ATTR_PACKAGE);
1477
1478 List<DefaultPermissionGrant> packageExceptions =
1479 outGrantExceptions.get(packageName);
1480 if (packageExceptions == null) {
1481 // The package must be on the system image
1482 PackageParser.Package pkg = getSystemPackage(packageName);
1483 if (pkg == null) {
1484 Log.w(TAG, "Unknown package:" + packageName);
1485 XmlUtils.skipCurrentTag(parser);
1486 continue;
1487 }
1488
1489 // The package must support runtime permissions
1490 if (!doesPackageSupportRuntimePermissions(pkg)) {
1491 Log.w(TAG, "Skipping non supporting runtime permissions package:"
1492 + packageName);
1493 XmlUtils.skipCurrentTag(parser);
1494 continue;
1495 }
1496 packageExceptions = new ArrayList<>();
1497 outGrantExceptions.put(packageName, packageExceptions);
1498 }
1499
1500 parsePermission(parser, packageExceptions);
1501 } else {
1502 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exceptions>");
1503 }
1504 }
1505 }
1506
1507 private void parsePermission(XmlPullParser parser, List<DefaultPermissionGrant>
1508 outPackageExceptions) throws IOException, XmlPullParserException {
1509 final int outerDepth = parser.getDepth();
1510 int type;
1511 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1512 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1513 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1514 continue;
1515 }
1516
1517 if (TAG_PERMISSION.contains(parser.getName())) {
1518 String name = parser.getAttributeValue(null, ATTR_NAME);
1519 if (name == null) {
1520 Log.w(TAG, "Mandatory name attribute missing for permission tag");
1521 XmlUtils.skipCurrentTag(parser);
1522 continue;
1523 }
1524
1525 final boolean fixed = XmlUtils.readBooleanAttribute(parser, ATTR_FIXED);
1526
1527 DefaultPermissionGrant exception = new DefaultPermissionGrant(name, fixed);
1528 outPackageExceptions.add(exception);
1529 } else {
1530 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exception>");
1531 }
1532 }
1533 }
1534
1535 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) {
1536 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1;
1537 }
1538
1539 private static final class DefaultPermissionGrant {
1540 final String name;
1541 final boolean fixed;
1542
1543 public DefaultPermissionGrant(String name, boolean fixed) {
1544 this.name = name;
1545 this.fixed = fixed;
1546 }
1547 }
1548}