Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 1e423b950abc044d2f18a1771af19e42a5ea2022 / . / services / core / java / com / android / server / pm / permission / DefaultPermissionGrantPolicy.java
blob: 34c3ce359e863c189e35455e2c14df6ac430cdcb [file] [log] [blame]
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.pm.permission;
18
Todd Kennedy7c4c55d2017-11-02 10:01:39 -0700[diff] [blame]19import static com.android.server.pm.PackageManagerServiceUtils.compareSignatures;
20
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]21import android.Manifest;
22import android.annotation.NonNull;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]23import android.annotation.Nullable;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]24import android.app.ActivityManager;
25import android.app.DownloadManager;
26import android.app.admin.DevicePolicyManager;
27import android.companion.CompanionDeviceManager;
28import android.content.Context;
29import android.content.Intent;
30import android.content.pm.ActivityInfo;
31import android.content.pm.ApplicationInfo;
32import android.content.pm.IPackageManager;
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]33import android.content.pm.PackageList;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]34import android.content.pm.PackageManager;
35import android.content.pm.PackageManagerInternal;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]36import android.content.pm.PackageParser;
37import android.content.pm.ProviderInfo;
38import android.content.pm.ResolveInfo;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]39import android.content.pm.PackageManagerInternal.PackagesProvider;
40import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]41import android.media.RingtoneManager;
42import android.net.Uri;
43import android.os.Binder;
44import android.os.Build;
45import android.os.Environment;
46import android.os.Handler;
47import android.os.Looper;
48import android.os.Message;
49import android.os.UserHandle;
50import android.os.storage.StorageManager;
51import android.print.PrintManager;
52import android.provider.CalendarContract;
53import android.provider.ContactsContract;
54import android.provider.MediaStore;
55import android.provider.Telephony.Sms.Intents;
56import android.telephony.TelephonyManager;
57import android.security.Credentials;
58import android.util.ArrayMap;
59import android.util.ArraySet;
60import android.util.Log;
61import android.util.Slog;
62import android.util.Xml;
63import com.android.internal.util.XmlUtils;
64import com.android.server.LocalServices;
65import com.android.server.pm.PackageManagerService;
66import com.android.server.pm.PackageSetting;
67
68import org.xmlpull.v1.XmlPullParser;
69import org.xmlpull.v1.XmlPullParserException;
70
71import java.io.BufferedInputStream;
72import java.io.File;
73import java.io.FileInputStream;
74import java.io.IOException;
75import java.io.InputStream;
76import java.util.ArrayList;
77import java.util.Collection;
78import java.util.Collections;
79import java.util.List;
80import java.util.Map;
81import java.util.Set;
82
83import static android.os.Process.FIRST_APPLICATION_UID;
84
85/**
86 * This class is the policy for granting runtime permissions to
87 * platform components and default handlers in the system such
88 * that the device is usable out-of-the-box. For example, the
89 * shell UID is a part of the system and the Phone app should
90 * have phone related permission by default.
91 * <p>
92 * NOTE: This class is at the wrong abstraction level. It is a part of the package manager
93 * service but knows about lots of higher level subsystems. The correct way to do this is
94 * to have an interface defined in the package manager but have the impl next to other
95 * policy stuff like PhoneWindowManager
96 */
97public final class DefaultPermissionGrantPolicy {
98 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars
99 private static final boolean DEBUG = false;
100
101 private static final int DEFAULT_FLAGS =
102 PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE
103 | PackageManager.MATCH_UNINSTALLED_PACKAGES;
104
105 private static final String AUDIO_MIME_TYPE = "audio/mpeg";
106
107 private static final String TAG_EXCEPTIONS = "exceptions";
108 private static final String TAG_EXCEPTION = "exception";
109 private static final String TAG_PERMISSION = "permission";
110 private static final String ATTR_PACKAGE = "package";
111 private static final String ATTR_NAME = "name";
112 private static final String ATTR_FIXED = "fixed";
113
114 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>();
115 static {
116 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE);
117 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE);
118 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG);
119 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG);
120 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL);
121 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP);
122 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS);
123 }
124
125 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>();
126 static {
127 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS);
128 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS);
129 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS);
130 }
131
132 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>();
133 static {
134 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION);
135 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);
136 }
137
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame^]138 private static final Set<String> COARSE_LOCATION_PERMISSIONS = new ArraySet<>();
139 static {
140 COARSE_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);
141 }
142
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]143 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>();
144 static {
145 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR);
146 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR);
147 }
148
149 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>();
150 static {
151 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS);
152 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS);
153 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS);
154 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH);
155 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS);
156 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS);
157 }
158
159 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>();
160 static {
161 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO);
162 }
163
164 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>();
165 static {
166 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA);
167 }
168
169 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>();
170 static {
171 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS);
172 }
173
174 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>();
175 static {
176 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE);
177 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE);
178 }
179
180 private static final int MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS = 1;
181
182 private static final String ACTION_TRACK = "com.android.fitness.TRACK";
183
184 private final Handler mHandler;
185
186 private PackagesProvider mLocationPackagesProvider;
187 private PackagesProvider mVoiceInteractionPackagesProvider;
188 private PackagesProvider mSmsAppPackagesProvider;
189 private PackagesProvider mDialerAppPackagesProvider;
190 private PackagesProvider mSimCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame^]191 private PackagesProvider mUseOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]192 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider;
193
194 private ArrayMap<String, List<DefaultPermissionGrant>> mGrantExceptions;
195 private final Context mContext;
196 private final Object mLock = new Object();
197 private final PackageManagerInternal mServiceInternal;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]198 private final PermissionManagerService mPermissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]199 private final DefaultPermissionGrantedCallback mPermissionGrantedCallback;
200 public interface DefaultPermissionGrantedCallback {
201 /** Callback when permissions have been granted */
202 public void onDefaultRuntimePermissionsGranted(int userId);
203 }
204
205 public DefaultPermissionGrantPolicy(Context context, Looper looper,
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]206 @Nullable DefaultPermissionGrantedCallback callback,
207 @NonNull PermissionManagerService permissionManager) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]208 mContext = context;
209 mHandler = new Handler(looper) {
210 @Override
211 public void handleMessage(Message msg) {
212 if (msg.what == MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS) {
213 synchronized (mLock) {
214 if (mGrantExceptions == null) {
215 mGrantExceptions = readDefaultPermissionExceptionsLocked();
216 }
217 }
218 }
219 }
220 };
221 mPermissionGrantedCallback = callback;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]222 mPermissionManager = permissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]223 mServiceInternal = LocalServices.getService(PackageManagerInternal.class);
224 }
225
226 public void setLocationPackagesProvider(PackagesProvider provider) {
227 synchronized (mLock) {
228 mLocationPackagesProvider = provider;
229 }
230 }
231
232 public void setVoiceInteractionPackagesProvider(PackagesProvider provider) {
233 synchronized (mLock) {
234 mVoiceInteractionPackagesProvider = provider;
235 }
236 }
237
238 public void setSmsAppPackagesProvider(PackagesProvider provider) {
239 synchronized (mLock) {
240 mSmsAppPackagesProvider = provider;
241 }
242 }
243
244 public void setDialerAppPackagesProvider(PackagesProvider provider) {
245 synchronized (mLock) {
246 mDialerAppPackagesProvider = provider;
247 }
248 }
249
250 public void setSimCallManagerPackagesProvider(PackagesProvider provider) {
251 synchronized (mLock) {
252 mSimCallManagerPackagesProvider = provider;
253 }
254 }
255
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame^]256 public void setUseOpenWifiAppPackagesProvider(PackagesProvider provider) {
257 synchronized (mLock) {
258 mUseOpenWifiAppPackagesProvider = provider;
259 }
260 }
261
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]262 public void setSyncAdapterPackagesProvider(SyncAdapterPackagesProvider provider) {
263 synchronized (mLock) {
264 mSyncAdapterPackagesProvider = provider;
265 }
266 }
267
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]268 public void grantDefaultPermissions(int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]269 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) {
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]270 grantAllRuntimePermissions(userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]271 } else {
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]272 grantPermissionsToSysComponentsAndPrivApps(userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]273 grantDefaultSystemHandlerPermissions(userId);
274 grantDefaultPermissionExceptions(userId);
275 }
276 }
277
278 private void grantRuntimePermissionsForPackage(int userId, PackageParser.Package pkg) {
279 Set<String> permissions = new ArraySet<>();
280 for (String permission : pkg.requestedPermissions) {
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]281 final BasePermission bp = mPermissionManager.getPermission(permission);
282 if (bp == null) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]283 continue;
284 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]285 if (bp.isRuntime()) {
286 permissions.add(permission);
287 }
288 }
289 if (!permissions.isEmpty()) {
290 grantRuntimePermissions(pkg, permissions, true, userId);
291 }
292 }
293
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]294 private void grantAllRuntimePermissions(int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]295 Log.i(TAG, "Granting all runtime permissions for user " + userId);
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]296 final PackageList packageList = mServiceInternal.getPackageList();
297 for (String packageName : packageList.getPackageNames()) {
298 final PackageParser.Package pkg = mServiceInternal.getPackage(packageName);
299 if (pkg == null) {
300 continue;
301 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]302 grantRuntimePermissionsForPackage(userId, pkg);
303 }
304 }
305
306 public void scheduleReadDefaultPermissionExceptions() {
307 mHandler.sendEmptyMessage(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
308 }
309
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]310 private void grantPermissionsToSysComponentsAndPrivApps(int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]311 Log.i(TAG, "Granting permissions to platform components for user " + userId);
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]312 final PackageList packageList = mServiceInternal.getPackageList();
313 for (String packageName : packageList.getPackageNames()) {
314 final PackageParser.Package pkg = mServiceInternal.getPackage(packageName);
315 if (pkg == null) {
316 continue;
317 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]318 if (!isSysComponentOrPersistentPlatformSignedPrivApp(pkg)
319 || !doesPackageSupportRuntimePermissions(pkg)
320 || pkg.requestedPermissions.isEmpty()) {
321 continue;
322 }
323 grantRuntimePermissionsForPackage(userId, pkg);
324 }
325 }
326
327 private void grantDefaultSystemHandlerPermissions(int userId) {
328 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId);
329
330 final PackagesProvider locationPackagesProvider;
331 final PackagesProvider voiceInteractionPackagesProvider;
332 final PackagesProvider smsAppPackagesProvider;
333 final PackagesProvider dialerAppPackagesProvider;
334 final PackagesProvider simCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame^]335 final PackagesProvider useOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]336 final SyncAdapterPackagesProvider syncAdapterPackagesProvider;
337
338 synchronized (mLock) {
339 locationPackagesProvider = mLocationPackagesProvider;
340 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider;
341 smsAppPackagesProvider = mSmsAppPackagesProvider;
342 dialerAppPackagesProvider = mDialerAppPackagesProvider;
343 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame^]344 useOpenWifiAppPackagesProvider = mUseOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]345 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider;
346 }
347
348 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null)
349 ? voiceInteractionPackagesProvider.getPackages(userId) : null;
350 String[] locationPackageNames = (locationPackagesProvider != null)
351 ? locationPackagesProvider.getPackages(userId) : null;
352 String[] smsAppPackageNames = (smsAppPackagesProvider != null)
353 ? smsAppPackagesProvider.getPackages(userId) : null;
354 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null)
355 ? dialerAppPackagesProvider.getPackages(userId) : null;
356 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null)
357 ? simCallManagerPackagesProvider.getPackages(userId) : null;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame^]358 String[] useOpenWifiAppPackageNames = (useOpenWifiAppPackagesProvider != null)
359 ? useOpenWifiAppPackagesProvider.getPackages(userId) : null;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]360 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
361 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null;
362 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
363 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null;
364
365 // Installer
366 final String installerPackageName = mServiceInternal.getKnownPackageName(
367 PackageManagerInternal.PACKAGE_INSTALLER, userId);
368 PackageParser.Package installerPackage = getSystemPackage(installerPackageName);
369 if (installerPackage != null
370 && doesPackageSupportRuntimePermissions(installerPackage)) {
371 grantRuntimePermissions(installerPackage, STORAGE_PERMISSIONS, true, userId);
372 }
373
374 // Verifier
375 final String verifierPackageName = mServiceInternal.getKnownPackageName(
376 PackageManagerInternal.PACKAGE_VERIFIER, userId);
377 PackageParser.Package verifierPackage = getSystemPackage(verifierPackageName);
378 if (verifierPackage != null
379 && doesPackageSupportRuntimePermissions(verifierPackage)) {
380 grantRuntimePermissions(verifierPackage, STORAGE_PERMISSIONS, true, userId);
381 grantRuntimePermissions(verifierPackage, PHONE_PERMISSIONS, false, userId);
382 grantRuntimePermissions(verifierPackage, SMS_PERMISSIONS, false, userId);
383 }
384
385 // SetupWizard
386 final String setupWizardPackageName = mServiceInternal.getKnownPackageName(
387 PackageManagerInternal.PACKAGE_SETUP_WIZARD, userId);
388 PackageParser.Package setupPackage = getSystemPackage(setupWizardPackageName);
389 if (setupPackage != null
390 && doesPackageSupportRuntimePermissions(setupPackage)) {
391 grantRuntimePermissions(setupPackage, PHONE_PERMISSIONS, userId);
392 grantRuntimePermissions(setupPackage, CONTACTS_PERMISSIONS, userId);
393 grantRuntimePermissions(setupPackage, LOCATION_PERMISSIONS, userId);
394 grantRuntimePermissions(setupPackage, CAMERA_PERMISSIONS, userId);
395 }
396
397 // Camera
398 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE);
399 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackage(
400 cameraIntent, userId);
401 if (cameraPackage != null
402 && doesPackageSupportRuntimePermissions(cameraPackage)) {
403 grantRuntimePermissions(cameraPackage, CAMERA_PERMISSIONS, userId);
404 grantRuntimePermissions(cameraPackage, MICROPHONE_PERMISSIONS, userId);
405 grantRuntimePermissions(cameraPackage, STORAGE_PERMISSIONS, userId);
406 }
407
408 // Media provider
409 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackage(
410 MediaStore.AUTHORITY, userId);
411 if (mediaStorePackage != null) {
412 grantRuntimePermissions(mediaStorePackage, STORAGE_PERMISSIONS, true, userId);
Jerry Zhang27067df2017-10-18 11:51:54 -0700[diff] [blame]413 grantRuntimePermissions(mediaStorePackage, PHONE_PERMISSIONS, true, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]414 }
415
416 // Downloads provider
417 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackage(
418 "downloads", userId);
419 if (downloadsPackage != null) {
420 grantRuntimePermissions(downloadsPackage, STORAGE_PERMISSIONS, true, userId);
421 }
422
423 // Downloads UI
424 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS);
425 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackage(
426 downloadsUiIntent, userId);
427 if (downloadsUiPackage != null
428 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) {
429 grantRuntimePermissions(downloadsUiPackage, STORAGE_PERMISSIONS, true, userId);
430 }
431
432 // Storage provider
433 PackageParser.Package storagePackage = getDefaultProviderAuthorityPackage(
434 "com.android.externalstorage.documents", userId);
435 if (storagePackage != null) {
436 grantRuntimePermissions(storagePackage, STORAGE_PERMISSIONS, true, userId);
437 }
438
439 // CertInstaller
440 Intent certInstallerIntent = new Intent(Credentials.INSTALL_ACTION);
441 PackageParser.Package certInstallerPackage = getDefaultSystemHandlerActivityPackage(
442 certInstallerIntent, userId);
443 if (certInstallerPackage != null
444 && doesPackageSupportRuntimePermissions(certInstallerPackage)) {
445 grantRuntimePermissions(certInstallerPackage, STORAGE_PERMISSIONS, true, userId);
446 }
447
448 // Dialer
449 if (dialerAppPackageNames == null) {
450 Intent dialerIntent = new Intent(Intent.ACTION_DIAL);
451 PackageParser.Package dialerPackage = getDefaultSystemHandlerActivityPackage(
452 dialerIntent, userId);
453 if (dialerPackage != null) {
454 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId);
455 }
456 } else {
457 for (String dialerAppPackageName : dialerAppPackageNames) {
458 PackageParser.Package dialerPackage = getSystemPackage(dialerAppPackageName);
459 if (dialerPackage != null) {
460 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId);
461 }
462 }
463 }
464
465 // Sim call manager
466 if (simCallManagerPackageNames != null) {
467 for (String simCallManagerPackageName : simCallManagerPackageNames) {
468 PackageParser.Package simCallManagerPackage =
469 getSystemPackage(simCallManagerPackageName);
470 if (simCallManagerPackage != null) {
471 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage,
472 userId);
473 }
474 }
475 }
476
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame^]477 // Use Open Wifi
478 if (useOpenWifiAppPackageNames != null) {
479 for (String useOpenWifiPackageName : useOpenWifiAppPackageNames) {
480 PackageParser.Package useOpenWifiPackage =
481 getSystemPackage(useOpenWifiPackageName);
482 if (useOpenWifiPackage != null) {
483 grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(useOpenWifiPackage,
484 userId);
485 }
486 }
487 }
488
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]489 // SMS
490 if (smsAppPackageNames == null) {
491 Intent smsIntent = new Intent(Intent.ACTION_MAIN);
492 smsIntent.addCategory(Intent.CATEGORY_APP_MESSAGING);
493 PackageParser.Package smsPackage = getDefaultSystemHandlerActivityPackage(
494 smsIntent, userId);
495 if (smsPackage != null) {
496 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
497 }
498 } else {
499 for (String smsPackageName : smsAppPackageNames) {
500 PackageParser.Package smsPackage = getSystemPackage(smsPackageName);
501 if (smsPackage != null) {
502 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
503 }
504 }
505 }
506
507 // Cell Broadcast Receiver
508 Intent cbrIntent = new Intent(Intents.SMS_CB_RECEIVED_ACTION);
509 PackageParser.Package cbrPackage =
510 getDefaultSystemHandlerActivityPackage(cbrIntent, userId);
511 if (cbrPackage != null && doesPackageSupportRuntimePermissions(cbrPackage)) {
512 grantRuntimePermissions(cbrPackage, SMS_PERMISSIONS, userId);
513 }
514
515 // Carrier Provisioning Service
516 Intent carrierProvIntent = new Intent(Intents.SMS_CARRIER_PROVISION_ACTION);
517 PackageParser.Package carrierProvPackage =
518 getDefaultSystemHandlerServicePackage(carrierProvIntent, userId);
519 if (carrierProvPackage != null
520 && doesPackageSupportRuntimePermissions(carrierProvPackage)) {
521 grantRuntimePermissions(carrierProvPackage, SMS_PERMISSIONS, false, userId);
522 }
523
524 // Calendar
525 Intent calendarIntent = new Intent(Intent.ACTION_MAIN);
526 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR);
527 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackage(
528 calendarIntent, userId);
529 if (calendarPackage != null
530 && doesPackageSupportRuntimePermissions(calendarPackage)) {
531 grantRuntimePermissions(calendarPackage, CALENDAR_PERMISSIONS, userId);
532 grantRuntimePermissions(calendarPackage, CONTACTS_PERMISSIONS, userId);
533 }
534
535 // Calendar provider
536 PackageParser.Package calendarProviderPackage = getDefaultProviderAuthorityPackage(
537 CalendarContract.AUTHORITY, userId);
538 if (calendarProviderPackage != null) {
539 grantRuntimePermissions(calendarProviderPackage, CONTACTS_PERMISSIONS, userId);
540 grantRuntimePermissions(calendarProviderPackage, CALENDAR_PERMISSIONS,
541 true, userId);
542 grantRuntimePermissions(calendarProviderPackage, STORAGE_PERMISSIONS, userId);
543 }
544
545 // Calendar provider sync adapters
546 List<PackageParser.Package> calendarSyncAdapters = getHeadlessSyncAdapterPackages(
547 calendarSyncAdapterPackages, userId);
548 final int calendarSyncAdapterCount = calendarSyncAdapters.size();
549 for (int i = 0; i < calendarSyncAdapterCount; i++) {
550 PackageParser.Package calendarSyncAdapter = calendarSyncAdapters.get(i);
551 if (doesPackageSupportRuntimePermissions(calendarSyncAdapter)) {
552 grantRuntimePermissions(calendarSyncAdapter, CALENDAR_PERMISSIONS, userId);
553 }
554 }
555
556 // Contacts
557 Intent contactsIntent = new Intent(Intent.ACTION_MAIN);
558 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS);
559 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackage(
560 contactsIntent, userId);
561 if (contactsPackage != null
562 && doesPackageSupportRuntimePermissions(contactsPackage)) {
563 grantRuntimePermissions(contactsPackage, CONTACTS_PERMISSIONS, userId);
564 grantRuntimePermissions(contactsPackage, PHONE_PERMISSIONS, userId);
565 }
566
567 // Contacts provider sync adapters
568 List<PackageParser.Package> contactsSyncAdapters = getHeadlessSyncAdapterPackages(
569 contactsSyncAdapterPackages, userId);
570 final int contactsSyncAdapterCount = contactsSyncAdapters.size();
571 for (int i = 0; i < contactsSyncAdapterCount; i++) {
572 PackageParser.Package contactsSyncAdapter = contactsSyncAdapters.get(i);
573 if (doesPackageSupportRuntimePermissions(contactsSyncAdapter)) {
574 grantRuntimePermissions(contactsSyncAdapter, CONTACTS_PERMISSIONS, userId);
575 }
576 }
577
578 // Contacts provider
579 PackageParser.Package contactsProviderPackage = getDefaultProviderAuthorityPackage(
580 ContactsContract.AUTHORITY, userId);
581 if (contactsProviderPackage != null) {
582 grantRuntimePermissions(contactsProviderPackage, CONTACTS_PERMISSIONS,
583 true, userId);
584 grantRuntimePermissions(contactsProviderPackage, PHONE_PERMISSIONS,
585 true, userId);
586 grantRuntimePermissions(contactsProviderPackage, STORAGE_PERMISSIONS, userId);
587 }
588
589 // Device provisioning
590 Intent deviceProvisionIntent = new Intent(
591 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE);
592 PackageParser.Package deviceProvisionPackage =
593 getDefaultSystemHandlerActivityPackage(deviceProvisionIntent, userId);
594 if (deviceProvisionPackage != null
595 && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) {
596 grantRuntimePermissions(deviceProvisionPackage, CONTACTS_PERMISSIONS, userId);
597 }
598
599 // Maps
600 Intent mapsIntent = new Intent(Intent.ACTION_MAIN);
601 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS);
602 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackage(
603 mapsIntent, userId);
604 if (mapsPackage != null
605 && doesPackageSupportRuntimePermissions(mapsPackage)) {
606 grantRuntimePermissions(mapsPackage, LOCATION_PERMISSIONS, userId);
607 }
608
609 // Gallery
610 Intent galleryIntent = new Intent(Intent.ACTION_MAIN);
611 galleryIntent.addCategory(Intent.CATEGORY_APP_GALLERY);
612 PackageParser.Package galleryPackage = getDefaultSystemHandlerActivityPackage(
613 galleryIntent, userId);
614 if (galleryPackage != null
615 && doesPackageSupportRuntimePermissions(galleryPackage)) {
616 grantRuntimePermissions(galleryPackage, STORAGE_PERMISSIONS, userId);
617 }
618
619 // Email
620 Intent emailIntent = new Intent(Intent.ACTION_MAIN);
621 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL);
622 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackage(
623 emailIntent, userId);
624 if (emailPackage != null
625 && doesPackageSupportRuntimePermissions(emailPackage)) {
626 grantRuntimePermissions(emailPackage, CONTACTS_PERMISSIONS, userId);
627 grantRuntimePermissions(emailPackage, CALENDAR_PERMISSIONS, userId);
628 }
629
630 // Browser
631 PackageParser.Package browserPackage = null;
632 String defaultBrowserPackage = mServiceInternal.getKnownPackageName(
633 PackageManagerInternal.PACKAGE_BROWSER, userId);
634 if (defaultBrowserPackage != null) {
635 browserPackage = getPackage(defaultBrowserPackage);
636 }
637 if (browserPackage == null) {
638 Intent browserIntent = new Intent(Intent.ACTION_MAIN);
639 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER);
640 browserPackage = getDefaultSystemHandlerActivityPackage(
641 browserIntent, userId);
642 }
643 if (browserPackage != null
644 && doesPackageSupportRuntimePermissions(browserPackage)) {
645 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, userId);
646 }
647
648 // Voice interaction
649 if (voiceInteractPackageNames != null) {
650 for (String voiceInteractPackageName : voiceInteractPackageNames) {
651 PackageParser.Package voiceInteractPackage = getSystemPackage(
652 voiceInteractPackageName);
653 if (voiceInteractPackage != null
654 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) {
655 grantRuntimePermissions(voiceInteractPackage,
656 CONTACTS_PERMISSIONS, userId);
657 grantRuntimePermissions(voiceInteractPackage,
658 CALENDAR_PERMISSIONS, userId);
659 grantRuntimePermissions(voiceInteractPackage,
660 MICROPHONE_PERMISSIONS, userId);
661 grantRuntimePermissions(voiceInteractPackage,
662 PHONE_PERMISSIONS, userId);
663 grantRuntimePermissions(voiceInteractPackage,
664 SMS_PERMISSIONS, userId);
665 grantRuntimePermissions(voiceInteractPackage,
666 LOCATION_PERMISSIONS, userId);
667 }
668 }
669 }
670
671 if (ActivityManager.isLowRamDeviceStatic()) {
672 // Allow voice search on low-ram devices
673 Intent globalSearchIntent = new Intent("android.search.action.GLOBAL_SEARCH");
674 PackageParser.Package globalSearchPickerPackage =
675 getDefaultSystemHandlerActivityPackage(globalSearchIntent, userId);
676
677 if (globalSearchPickerPackage != null
678 && doesPackageSupportRuntimePermissions(globalSearchPickerPackage)) {
679 grantRuntimePermissions(globalSearchPickerPackage,
Ng Zhi An202372d2017-12-19 11:19:30 -0800[diff] [blame]680 MICROPHONE_PERMISSIONS, false, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]681 grantRuntimePermissions(globalSearchPickerPackage,
Ng Zhi An202372d2017-12-19 11:19:30 -0800[diff] [blame]682 LOCATION_PERMISSIONS, false, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]683 }
684 }
685
686 // Voice recognition
687 Intent voiceRecoIntent = new Intent("android.speech.RecognitionService");
688 voiceRecoIntent.addCategory(Intent.CATEGORY_DEFAULT);
689 PackageParser.Package voiceRecoPackage = getDefaultSystemHandlerServicePackage(
690 voiceRecoIntent, userId);
691 if (voiceRecoPackage != null
692 && doesPackageSupportRuntimePermissions(voiceRecoPackage)) {
693 grantRuntimePermissions(voiceRecoPackage, MICROPHONE_PERMISSIONS, userId);
694 }
695
696 // Location
697 if (locationPackageNames != null) {
698 for (String packageName : locationPackageNames) {
699 PackageParser.Package locationPackage = getSystemPackage(packageName);
700 if (locationPackage != null
701 && doesPackageSupportRuntimePermissions(locationPackage)) {
702 grantRuntimePermissions(locationPackage, CONTACTS_PERMISSIONS, userId);
703 grantRuntimePermissions(locationPackage, CALENDAR_PERMISSIONS, userId);
704 grantRuntimePermissions(locationPackage, MICROPHONE_PERMISSIONS, userId);
705 grantRuntimePermissions(locationPackage, PHONE_PERMISSIONS, userId);
706 grantRuntimePermissions(locationPackage, SMS_PERMISSIONS, userId);
707 grantRuntimePermissions(locationPackage, LOCATION_PERMISSIONS,
708 true, userId);
709 grantRuntimePermissions(locationPackage, CAMERA_PERMISSIONS, userId);
710 grantRuntimePermissions(locationPackage, SENSORS_PERMISSIONS, userId);
711 grantRuntimePermissions(locationPackage, STORAGE_PERMISSIONS, userId);
712 }
713 }
714 }
715
716 // Music
717 Intent musicIntent = new Intent(Intent.ACTION_VIEW);
718 musicIntent.addCategory(Intent.CATEGORY_DEFAULT);
719 musicIntent.setDataAndType(Uri.fromFile(new File("foo.mp3")),
720 AUDIO_MIME_TYPE);
721 PackageParser.Package musicPackage = getDefaultSystemHandlerActivityPackage(
722 musicIntent, userId);
723 if (musicPackage != null
724 && doesPackageSupportRuntimePermissions(musicPackage)) {
725 grantRuntimePermissions(musicPackage, STORAGE_PERMISSIONS, userId);
726 }
727
728 // Home
729 Intent homeIntent = new Intent(Intent.ACTION_MAIN);
730 homeIntent.addCategory(Intent.CATEGORY_HOME);
731 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER_APP);
732 PackageParser.Package homePackage = getDefaultSystemHandlerActivityPackage(
733 homeIntent, userId);
734 if (homePackage != null
735 && doesPackageSupportRuntimePermissions(homePackage)) {
736 grantRuntimePermissions(homePackage, LOCATION_PERMISSIONS, false, userId);
737 }
738
739 // Watches
740 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0)) {
741 // Home application on watches
742 Intent wearHomeIntent = new Intent(Intent.ACTION_MAIN);
743 wearHomeIntent.addCategory(Intent.CATEGORY_HOME_MAIN);
744
745 PackageParser.Package wearHomePackage = getDefaultSystemHandlerActivityPackage(
746 wearHomeIntent, userId);
747
748 if (wearHomePackage != null
749 && doesPackageSupportRuntimePermissions(wearHomePackage)) {
750 grantRuntimePermissions(wearHomePackage, CONTACTS_PERMISSIONS, false,
751 userId);
752 grantRuntimePermissions(wearHomePackage, PHONE_PERMISSIONS, true, userId);
753 grantRuntimePermissions(wearHomePackage, MICROPHONE_PERMISSIONS, false,
754 userId);
755 grantRuntimePermissions(wearHomePackage, LOCATION_PERMISSIONS, false,
756 userId);
757 }
758
759 // Fitness tracking on watches
760 Intent trackIntent = new Intent(ACTION_TRACK);
761 PackageParser.Package trackPackage = getDefaultSystemHandlerActivityPackage(
762 trackIntent, userId);
763 if (trackPackage != null
764 && doesPackageSupportRuntimePermissions(trackPackage)) {
765 grantRuntimePermissions(trackPackage, SENSORS_PERMISSIONS, false, userId);
766 grantRuntimePermissions(trackPackage, LOCATION_PERMISSIONS, false, userId);
767 }
768 }
769
770 // Print Spooler
771 PackageParser.Package printSpoolerPackage = getSystemPackage(
772 PrintManager.PRINT_SPOOLER_PACKAGE_NAME);
773 if (printSpoolerPackage != null
774 && doesPackageSupportRuntimePermissions(printSpoolerPackage)) {
775 grantRuntimePermissions(printSpoolerPackage, LOCATION_PERMISSIONS, true, userId);
776 }
777
778 // EmergencyInfo
779 Intent emergencyInfoIntent = new Intent(TelephonyManager.ACTION_EMERGENCY_ASSISTANCE);
780 PackageParser.Package emergencyInfoPckg = getDefaultSystemHandlerActivityPackage(
781 emergencyInfoIntent, userId);
782 if (emergencyInfoPckg != null
783 && doesPackageSupportRuntimePermissions(emergencyInfoPckg)) {
784 grantRuntimePermissions(emergencyInfoPckg, CONTACTS_PERMISSIONS, true, userId);
785 grantRuntimePermissions(emergencyInfoPckg, PHONE_PERMISSIONS, true, userId);
786 }
787
788 // NFC Tag viewer
789 Intent nfcTagIntent = new Intent(Intent.ACTION_VIEW);
790 nfcTagIntent.setType("vnd.android.cursor.item/ndef_msg");
791 PackageParser.Package nfcTagPkg = getDefaultSystemHandlerActivityPackage(
792 nfcTagIntent, userId);
793 if (nfcTagPkg != null
794 && doesPackageSupportRuntimePermissions(nfcTagPkg)) {
795 grantRuntimePermissions(nfcTagPkg, CONTACTS_PERMISSIONS, false, userId);
796 grantRuntimePermissions(nfcTagPkg, PHONE_PERMISSIONS, false, userId);
797 }
798
799 // Storage Manager
800 Intent storageManagerIntent = new Intent(StorageManager.ACTION_MANAGE_STORAGE);
801 PackageParser.Package storageManagerPckg = getDefaultSystemHandlerActivityPackage(
802 storageManagerIntent, userId);
803 if (storageManagerPckg != null
804 && doesPackageSupportRuntimePermissions(storageManagerPckg)) {
805 grantRuntimePermissions(storageManagerPckg, STORAGE_PERMISSIONS, true, userId);
806 }
807
808 // Companion devices
809 PackageParser.Package companionDeviceDiscoveryPackage = getSystemPackage(
810 CompanionDeviceManager.COMPANION_DEVICE_DISCOVERY_PACKAGE_NAME);
811 if (companionDeviceDiscoveryPackage != null
812 && doesPackageSupportRuntimePermissions(companionDeviceDiscoveryPackage)) {
813 grantRuntimePermissions(companionDeviceDiscoveryPackage,
814 LOCATION_PERMISSIONS, true, userId);
815 }
816
817 // Ringtone Picker
818 Intent ringtonePickerIntent = new Intent(RingtoneManager.ACTION_RINGTONE_PICKER);
819 PackageParser.Package ringtonePickerPackage =
820 getDefaultSystemHandlerActivityPackage(ringtonePickerIntent, userId);
821 if (ringtonePickerPackage != null
822 && doesPackageSupportRuntimePermissions(ringtonePickerPackage)) {
823 grantRuntimePermissions(ringtonePickerPackage,
824 STORAGE_PERMISSIONS, true, userId);
825 }
826
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]827 if (mPermissionGrantedCallback != null) {
828 mPermissionGrantedCallback.onDefaultRuntimePermissionsGranted(userId);
829 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]830 }
831
832 private void grantDefaultPermissionsToDefaultSystemDialerApp(
833 PackageParser.Package dialerPackage, int userId) {
834 if (doesPackageSupportRuntimePermissions(dialerPackage)) {
835 boolean isPhonePermFixed =
836 mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0);
837 grantRuntimePermissions(
838 dialerPackage, PHONE_PERMISSIONS, isPhonePermFixed, userId);
839 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, userId);
840 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, userId);
841 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, userId);
842 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, userId);
843 }
844 }
845
846 private void grantDefaultPermissionsToDefaultSystemSmsApp(
847 PackageParser.Package smsPackage, int userId) {
848 if (doesPackageSupportRuntimePermissions(smsPackage)) {
849 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, userId);
850 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, userId);
851 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, userId);
852 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, userId);
853 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, userId);
854 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, userId);
855 }
856 }
857
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame^]858 private void grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(
859 PackageParser.Package useOpenWifiPackage, int userId) {
860 if (doesPackageSupportRuntimePermissions(useOpenWifiPackage)) {
861 grantRuntimePermissions(useOpenWifiPackage, COARSE_LOCATION_PERMISSIONS, userId);
862 }
863 }
864
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]865 public void grantDefaultPermissionsToDefaultSmsApp(String packageName, int userId) {
866 Log.i(TAG, "Granting permissions to default sms app for user:" + userId);
867 if (packageName == null) {
868 return;
869 }
870 PackageParser.Package smsPackage = getPackage(packageName);
871 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) {
872 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, false, true, userId);
873 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, false, true, userId);
874 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, false, true, userId);
875 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, false, true, userId);
876 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, false, true, userId);
877 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, false, true, userId);
878 }
879 }
880
881 public void grantDefaultPermissionsToDefaultDialerApp(String packageName, int userId) {
882 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId);
883 if (packageName == null) {
884 return;
885 }
886 PackageParser.Package dialerPackage = getPackage(packageName);
887 if (dialerPackage != null
888 && doesPackageSupportRuntimePermissions(dialerPackage)) {
889 grantRuntimePermissions(dialerPackage, PHONE_PERMISSIONS, false, true, userId);
890 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, false, true, userId);
891 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, false, true, userId);
892 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, false, true, userId);
893 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, false, true, userId);
894 }
895 }
896
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame^]897 public void grantDefaultPermissionsToDefaultUseOpenWifiApp(String packageName, int userId) {
898 Log.i(TAG, "Granting permissions to default Use Open WiFi app for user:" + userId);
899 if (packageName == null) {
900 return;
901 }
902 PackageParser.Package useOpenWifiPackage = getPackage(packageName);
903 if (useOpenWifiPackage != null
904 && doesPackageSupportRuntimePermissions(useOpenWifiPackage)) {
905 grantRuntimePermissions(
906 useOpenWifiPackage, COARSE_LOCATION_PERMISSIONS, false, true, userId);
907 }
908 }
909
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]910 private void grantDefaultPermissionsToDefaultSimCallManager(
911 PackageParser.Package simCallManagerPackage, int userId) {
912 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId);
913 if (doesPackageSupportRuntimePermissions(simCallManagerPackage)) {
914 grantRuntimePermissions(simCallManagerPackage, PHONE_PERMISSIONS, userId);
915 grantRuntimePermissions(simCallManagerPackage, MICROPHONE_PERMISSIONS, userId);
916 }
917 }
918
919 public void grantDefaultPermissionsToDefaultSimCallManager(String packageName, int userId) {
920 if (packageName == null) {
921 return;
922 }
923 PackageParser.Package simCallManagerPackage = getPackage(packageName);
924 if (simCallManagerPackage != null) {
925 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage, userId);
926 }
927 }
928
929 public void grantDefaultPermissionsToEnabledCarrierApps(String[] packageNames, int userId) {
930 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId);
931 if (packageNames == null) {
932 return;
933 }
934 for (String packageName : packageNames) {
935 PackageParser.Package carrierPackage = getSystemPackage(packageName);
936 if (carrierPackage != null
937 && doesPackageSupportRuntimePermissions(carrierPackage)) {
938 grantRuntimePermissions(carrierPackage, PHONE_PERMISSIONS, userId);
939 grantRuntimePermissions(carrierPackage, LOCATION_PERMISSIONS, userId);
940 grantRuntimePermissions(carrierPackage, SMS_PERMISSIONS, userId);
941 }
942 }
943 }
944
945 public void grantDefaultPermissionsToEnabledImsServices(String[] packageNames, int userId) {
946 Log.i(TAG, "Granting permissions to enabled ImsServices for user:" + userId);
947 if (packageNames == null) {
948 return;
949 }
950 for (String packageName : packageNames) {
951 PackageParser.Package imsServicePackage = getSystemPackage(packageName);
952 if (imsServicePackage != null
953 && doesPackageSupportRuntimePermissions(imsServicePackage)) {
954 grantRuntimePermissions(imsServicePackage, PHONE_PERMISSIONS, userId);
955 grantRuntimePermissions(imsServicePackage, MICROPHONE_PERMISSIONS, userId);
956 grantRuntimePermissions(imsServicePackage, LOCATION_PERMISSIONS, userId);
957 grantRuntimePermissions(imsServicePackage, CAMERA_PERMISSIONS, userId);
958 }
959 }
960 }
961
962 public void grantDefaultPermissionsToDefaultBrowser(String packageName, int userId) {
963 Log.i(TAG, "Granting permissions to default browser for user:" + userId);
964 if (packageName == null) {
965 return;
966 }
967 PackageParser.Package browserPackage = getSystemPackage(packageName);
968 if (browserPackage != null
969 && doesPackageSupportRuntimePermissions(browserPackage)) {
970 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, false, false, userId);
971 }
972 }
973
974 private PackageParser.Package getDefaultSystemHandlerActivityPackage(
975 Intent intent, int userId) {
976 ResolveInfo handler = mServiceInternal.resolveIntent(intent,
977 intent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS, userId, false);
978 if (handler == null || handler.activityInfo == null) {
979 return null;
980 }
981 if (mServiceInternal.isResolveActivityComponent(handler.activityInfo)) {
982 return null;
983 }
984 return getSystemPackage(handler.activityInfo.packageName);
985 }
986
987 private PackageParser.Package getDefaultSystemHandlerServicePackage(
988 Intent intent, int userId) {
989 List<ResolveInfo> handlers = mServiceInternal.queryIntentServices(
990 intent, DEFAULT_FLAGS, Binder.getCallingUid(), userId);
991 if (handlers == null) {
992 return null;
993 }
994 final int handlerCount = handlers.size();
995 for (int i = 0; i < handlerCount; i++) {
996 ResolveInfo handler = handlers.get(i);
997 PackageParser.Package handlerPackage = getSystemPackage(
998 handler.serviceInfo.packageName);
999 if (handlerPackage != null) {
1000 return handlerPackage;
1001 }
1002 }
1003 return null;
1004 }
1005
1006 private List<PackageParser.Package> getHeadlessSyncAdapterPackages(
1007 String[] syncAdapterPackageNames, int userId) {
1008 List<PackageParser.Package> syncAdapterPackages = new ArrayList<>();
1009
1010 Intent homeIntent = new Intent(Intent.ACTION_MAIN);
1011 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER);
1012
1013 for (String syncAdapterPackageName : syncAdapterPackageNames) {
1014 homeIntent.setPackage(syncAdapterPackageName);
1015
1016 ResolveInfo homeActivity = mServiceInternal.resolveIntent(homeIntent,
1017 homeIntent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS,
1018 userId, false);
1019 if (homeActivity != null) {
1020 continue;
1021 }
1022
1023 PackageParser.Package syncAdapterPackage = getSystemPackage(syncAdapterPackageName);
1024 if (syncAdapterPackage != null) {
1025 syncAdapterPackages.add(syncAdapterPackage);
1026 }
1027 }
1028
1029 return syncAdapterPackages;
1030 }
1031
1032 private PackageParser.Package getDefaultProviderAuthorityPackage(
1033 String authority, int userId) {
1034 ProviderInfo provider =
1035 mServiceInternal.resolveContentProvider(authority, DEFAULT_FLAGS, userId);
1036 if (provider != null) {
1037 return getSystemPackage(provider.packageName);
1038 }
1039 return null;
1040 }
1041
1042 private PackageParser.Package getPackage(String packageName) {
1043 return mServiceInternal.getPackage(packageName);
1044 }
1045
1046 private PackageParser.Package getSystemPackage(String packageName) {
1047 PackageParser.Package pkg = getPackage(packageName);
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1048 if (pkg != null && pkg.isSystem()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1049 return !isSysComponentOrPersistentPlatformSignedPrivApp(pkg) ? pkg : null;
1050 }
1051 return null;
1052 }
1053
1054 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
1055 int userId) {
1056 grantRuntimePermissions(pkg, permissions, false, false, userId);
1057 }
1058
1059 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
1060 boolean systemFixed, int userId) {
1061 grantRuntimePermissions(pkg, permissions, systemFixed, false, userId);
1062 }
1063
1064 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame^]1065 boolean systemFixed, boolean ignoreSystemPackage, int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1066 if (pkg.requestedPermissions.isEmpty()) {
1067 return;
1068 }
1069
1070 List<String> requestedPermissions = pkg.requestedPermissions;
1071 Set<String> grantablePermissions = null;
1072
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame^]1073 // In some cases, like for the Phone or SMS app, we grant permissions regardless
1074 // of if the version on the system image declares the permission as used since
1075 // selecting the app as the default for that function the user makes a deliberate
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1076 // choice to grant this app the permissions needed to function. For all other
1077 // apps, (default grants on first boot and user creation) we don't grant default
1078 // permissions if the version on the system image does not declare them.
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame^]1079 if (!ignoreSystemPackage && pkg.isUpdatedSystemApp()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1080 final PackageParser.Package disabledPkg =
1081 mServiceInternal.getDisabledPackage(pkg.packageName);
1082 if (disabledPkg != null) {
1083 if (disabledPkg.requestedPermissions.isEmpty()) {
1084 return;
1085 }
1086 if (!requestedPermissions.equals(disabledPkg.requestedPermissions)) {
1087 grantablePermissions = new ArraySet<>(requestedPermissions);
1088 requestedPermissions = disabledPkg.requestedPermissions;
1089 }
1090 }
1091 }
1092
1093 final int grantablePermissionCount = requestedPermissions.size();
1094 for (int i = 0; i < grantablePermissionCount; i++) {
1095 String permission = requestedPermissions.get(i);
1096
1097 // If there is a disabled system app it may request a permission the updated
1098 // version ot the data partition doesn't, In this case skip the permission.
1099 if (grantablePermissions != null && !grantablePermissions.contains(permission)) {
1100 continue;
1101 }
1102
1103 if (permissions.contains(permission)) {
1104 final int flags = mServiceInternal.getPermissionFlagsTEMP(
1105 permission, pkg.packageName, userId);
1106
1107 // If any flags are set to the permission, then it is either set in
1108 // its current state by the system or device/profile owner or the user.
1109 // In all these cases we do not want to clobber the current state.
1110 // Unless the caller wants to override user choices. The override is
1111 // to make sure we can grant the needed permission to the default
1112 // sms and phone apps after the user chooses this in the UI.
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame^]1113 if (flags == 0 || ignoreSystemPackage) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1114 // Never clobber policy or system.
1115 final int fixedFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED
1116 | PackageManager.FLAG_PERMISSION_POLICY_FIXED;
1117 if ((flags & fixedFlags) != 0) {
1118 continue;
1119 }
1120
1121 mServiceInternal.grantRuntimePermission(
1122 pkg.packageName, permission, userId, false);
1123 if (DEBUG) {
1124 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ")
1125 + permission + " to default handler " + pkg.packageName);
1126 }
1127
1128 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT;
1129 if (systemFixed) {
1130 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
1131 }
1132
1133 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName,
1134 newFlags, newFlags, userId);
1135 }
1136
1137 // If a component gets a permission for being the default handler A
1138 // and also default handler B, we grant the weaker grant form.
1139 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
1140 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0
1141 && !systemFixed) {
1142 if (DEBUG) {
1143 Log.i(TAG, "Granted not fixed " + permission + " to default handler "
1144 + pkg.packageName);
1145 }
1146 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName,
1147 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, userId);
1148 }
1149 }
1150 }
1151 }
1152
1153 private boolean isSysComponentOrPersistentPlatformSignedPrivApp(PackageParser.Package pkg) {
1154 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) {
1155 return true;
1156 }
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1157 if (!pkg.isPrivileged()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1158 return false;
1159 }
1160 final PackageParser.Package disabledPkg =
1161 mServiceInternal.getDisabledPackage(pkg.packageName);
1162 if (disabledPkg != null) {
1163 if ((disabledPkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
1164 return false;
1165 }
1166 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
1167 return false;
1168 }
1169 final String systemPackageName = mServiceInternal.getKnownPackageName(
1170 PackageManagerInternal.PACKAGE_SYSTEM, UserHandle.USER_SYSTEM);
1171 final PackageParser.Package systemPackage = getPackage(systemPackageName);
Todd Kennedy7c4c55d2017-11-02 10:01:39 -0700[diff] [blame]1172 return compareSignatures(systemPackage.mSignatures, pkg.mSignatures)
1173 == PackageManager.SIGNATURE_MATCH;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1174 }
1175
1176 private void grantDefaultPermissionExceptions(int userId) {
1177 mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
1178
1179 synchronized (mLock) {
1180 // mGrantExceptions is null only before the first read and then
1181 // it serves as a cache of the default grants that should be
1182 // performed for every user. If there is an entry then the app
1183 // is on the system image and supports runtime permissions.
1184 if (mGrantExceptions == null) {
1185 mGrantExceptions = readDefaultPermissionExceptionsLocked();
1186 }
1187 }
1188
1189 Set<String> permissions = null;
1190 final int exceptionCount = mGrantExceptions.size();
1191 for (int i = 0; i < exceptionCount; i++) {
1192 String packageName = mGrantExceptions.keyAt(i);
1193 PackageParser.Package pkg = getSystemPackage(packageName);
1194 List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i);
1195 final int permissionGrantCount = permissionGrants.size();
1196 for (int j = 0; j < permissionGrantCount; j++) {
1197 DefaultPermissionGrant permissionGrant = permissionGrants.get(j);
1198 if (permissions == null) {
1199 permissions = new ArraySet<>();
1200 } else {
1201 permissions.clear();
1202 }
1203 permissions.add(permissionGrant.name);
1204 grantRuntimePermissions(pkg, permissions,
1205 permissionGrant.fixed, userId);
1206 }
1207 }
1208 }
1209
1210 private File[] getDefaultPermissionFiles() {
1211 ArrayList<File> ret = new ArrayList<File>();
1212 File dir = new File(Environment.getRootDirectory(), "etc/default-permissions");
1213 if (dir.isDirectory() && dir.canRead()) {
1214 Collections.addAll(ret, dir.listFiles());
1215 }
1216 dir = new File(Environment.getVendorDirectory(), "etc/default-permissions");
1217 if (dir.isDirectory() && dir.canRead()) {
1218 Collections.addAll(ret, dir.listFiles());
1219 }
1220 return ret.isEmpty() ? null : ret.toArray(new File[0]);
1221 }
1222
1223 private @NonNull ArrayMap<String, List<DefaultPermissionGrant>>
1224 readDefaultPermissionExceptionsLocked() {
1225 File[] files = getDefaultPermissionFiles();
1226 if (files == null) {
1227 return new ArrayMap<>(0);
1228 }
1229
1230 ArrayMap<String, List<DefaultPermissionGrant>> grantExceptions = new ArrayMap<>();
1231
1232 // Iterate over the files in the directory and scan .xml files
1233 for (File file : files) {
1234 if (!file.getPath().endsWith(".xml")) {
1235 Slog.i(TAG, "Non-xml file " + file
1236 + " in " + file.getParent() + " directory, ignoring");
1237 continue;
1238 }
1239 if (!file.canRead()) {
1240 Slog.w(TAG, "Default permissions file " + file + " cannot be read");
1241 continue;
1242 }
1243 try (
1244 InputStream str = new BufferedInputStream(new FileInputStream(file))
1245 ) {
1246 XmlPullParser parser = Xml.newPullParser();
1247 parser.setInput(str, null);
1248 parse(parser, grantExceptions);
1249 } catch (XmlPullParserException | IOException e) {
1250 Slog.w(TAG, "Error reading default permissions file " + file, e);
1251 }
1252 }
1253
1254 return grantExceptions;
1255 }
1256
1257 private void parse(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1258 outGrantExceptions) throws IOException, XmlPullParserException {
1259 final int outerDepth = parser.getDepth();
1260 int type;
1261 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1262 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1263 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1264 continue;
1265 }
1266 if (TAG_EXCEPTIONS.equals(parser.getName())) {
1267 parseExceptions(parser, outGrantExceptions);
1268 } else {
1269 Log.e(TAG, "Unknown tag " + parser.getName());
1270 }
1271 }
1272 }
1273
1274 private void parseExceptions(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1275 outGrantExceptions) throws IOException, XmlPullParserException {
1276 final int outerDepth = parser.getDepth();
1277 int type;
1278 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1279 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1280 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1281 continue;
1282 }
1283 if (TAG_EXCEPTION.equals(parser.getName())) {
1284 String packageName = parser.getAttributeValue(null, ATTR_PACKAGE);
1285
1286 List<DefaultPermissionGrant> packageExceptions =
1287 outGrantExceptions.get(packageName);
1288 if (packageExceptions == null) {
1289 // The package must be on the system image
1290 PackageParser.Package pkg = getSystemPackage(packageName);
1291 if (pkg == null) {
1292 Log.w(TAG, "Unknown package:" + packageName);
1293 XmlUtils.skipCurrentTag(parser);
1294 continue;
1295 }
1296
1297 // The package must support runtime permissions
1298 if (!doesPackageSupportRuntimePermissions(pkg)) {
1299 Log.w(TAG, "Skipping non supporting runtime permissions package:"
1300 + packageName);
1301 XmlUtils.skipCurrentTag(parser);
1302 continue;
1303 }
1304 packageExceptions = new ArrayList<>();
1305 outGrantExceptions.put(packageName, packageExceptions);
1306 }
1307
1308 parsePermission(parser, packageExceptions);
1309 } else {
1310 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exceptions>");
1311 }
1312 }
1313 }
1314
1315 private void parsePermission(XmlPullParser parser, List<DefaultPermissionGrant>
1316 outPackageExceptions) throws IOException, XmlPullParserException {
1317 final int outerDepth = parser.getDepth();
1318 int type;
1319 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1320 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1321 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1322 continue;
1323 }
1324
1325 if (TAG_PERMISSION.contains(parser.getName())) {
1326 String name = parser.getAttributeValue(null, ATTR_NAME);
1327 if (name == null) {
1328 Log.w(TAG, "Mandatory name attribute missing for permission tag");
1329 XmlUtils.skipCurrentTag(parser);
1330 continue;
1331 }
1332
1333 final boolean fixed = XmlUtils.readBooleanAttribute(parser, ATTR_FIXED);
1334
1335 DefaultPermissionGrant exception = new DefaultPermissionGrant(name, fixed);
1336 outPackageExceptions.add(exception);
1337 } else {
1338 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exception>");
1339 }
1340 }
1341 }
1342
1343 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) {
1344 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1;
1345 }
1346
1347 private static final class DefaultPermissionGrant {
1348 final String name;
1349 final boolean fixed;
1350
1351 public DefaultPermissionGrant(String name, boolean fixed) {
1352 this.name = name;
1353 this.fixed = fixed;
1354 }
1355 }
1356}