Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 42d61605d803abf5c7d5348b5b4008fb57c41ac5 / . / services / core / java / com / android / server / pm / permission / DefaultPermissionGrantPolicy.java
blob: d38dc9ae55f0018d23ec30598197b2b0e5a55253 [file] [log] [blame]
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.pm.permission;
18
Todd Kennedy7c4c55d2017-11-02 10:01:39 -0700[diff] [blame]19import static com.android.server.pm.PackageManagerServiceUtils.compareSignatures;
20
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]21import android.Manifest;
22import android.annotation.NonNull;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]23import android.annotation.Nullable;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]24import android.app.ActivityManager;
25import android.app.DownloadManager;
26import android.app.admin.DevicePolicyManager;
27import android.companion.CompanionDeviceManager;
28import android.content.Context;
29import android.content.Intent;
30import android.content.pm.ActivityInfo;
31import android.content.pm.ApplicationInfo;
32import android.content.pm.IPackageManager;
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame^]33import android.content.pm.PackageList;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]34import android.content.pm.PackageManager;
35import android.content.pm.PackageManagerInternal;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]36import android.content.pm.PackageParser;
37import android.content.pm.ProviderInfo;
38import android.content.pm.ResolveInfo;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]39import android.content.pm.PackageManagerInternal.PackagesProvider;
40import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]41import android.media.RingtoneManager;
42import android.net.Uri;
43import android.os.Binder;
44import android.os.Build;
45import android.os.Environment;
46import android.os.Handler;
47import android.os.Looper;
48import android.os.Message;
49import android.os.UserHandle;
50import android.os.storage.StorageManager;
51import android.print.PrintManager;
52import android.provider.CalendarContract;
53import android.provider.ContactsContract;
54import android.provider.MediaStore;
55import android.provider.Telephony.Sms.Intents;
56import android.telephony.TelephonyManager;
57import android.security.Credentials;
58import android.util.ArrayMap;
59import android.util.ArraySet;
60import android.util.Log;
61import android.util.Slog;
62import android.util.Xml;
63import com.android.internal.util.XmlUtils;
64import com.android.server.LocalServices;
65import com.android.server.pm.PackageManagerService;
66import com.android.server.pm.PackageSetting;
67
68import org.xmlpull.v1.XmlPullParser;
69import org.xmlpull.v1.XmlPullParserException;
70
71import java.io.BufferedInputStream;
72import java.io.File;
73import java.io.FileInputStream;
74import java.io.IOException;
75import java.io.InputStream;
76import java.util.ArrayList;
77import java.util.Collection;
78import java.util.Collections;
79import java.util.List;
80import java.util.Map;
81import java.util.Set;
82
83import static android.os.Process.FIRST_APPLICATION_UID;
84
85/**
86 * This class is the policy for granting runtime permissions to
87 * platform components and default handlers in the system such
88 * that the device is usable out-of-the-box. For example, the
89 * shell UID is a part of the system and the Phone app should
90 * have phone related permission by default.
91 * <p>
92 * NOTE: This class is at the wrong abstraction level. It is a part of the package manager
93 * service but knows about lots of higher level subsystems. The correct way to do this is
94 * to have an interface defined in the package manager but have the impl next to other
95 * policy stuff like PhoneWindowManager
96 */
97public final class DefaultPermissionGrantPolicy {
98 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars
99 private static final boolean DEBUG = false;
100
101 private static final int DEFAULT_FLAGS =
102 PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE
103 | PackageManager.MATCH_UNINSTALLED_PACKAGES;
104
105 private static final String AUDIO_MIME_TYPE = "audio/mpeg";
106
107 private static final String TAG_EXCEPTIONS = "exceptions";
108 private static final String TAG_EXCEPTION = "exception";
109 private static final String TAG_PERMISSION = "permission";
110 private static final String ATTR_PACKAGE = "package";
111 private static final String ATTR_NAME = "name";
112 private static final String ATTR_FIXED = "fixed";
113
114 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>();
115 static {
116 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE);
117 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE);
118 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG);
119 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG);
120 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL);
121 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP);
122 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS);
123 }
124
125 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>();
126 static {
127 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS);
128 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS);
129 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS);
130 }
131
132 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>();
133 static {
134 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION);
135 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);
136 }
137
138 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>();
139 static {
140 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR);
141 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR);
142 }
143
144 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>();
145 static {
146 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS);
147 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS);
148 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS);
149 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH);
150 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS);
151 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS);
152 }
153
154 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>();
155 static {
156 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO);
157 }
158
159 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>();
160 static {
161 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA);
162 }
163
164 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>();
165 static {
166 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS);
167 }
168
169 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>();
170 static {
171 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE);
172 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE);
173 }
174
175 private static final int MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS = 1;
176
177 private static final String ACTION_TRACK = "com.android.fitness.TRACK";
178
179 private final Handler mHandler;
180
181 private PackagesProvider mLocationPackagesProvider;
182 private PackagesProvider mVoiceInteractionPackagesProvider;
183 private PackagesProvider mSmsAppPackagesProvider;
184 private PackagesProvider mDialerAppPackagesProvider;
185 private PackagesProvider mSimCallManagerPackagesProvider;
186 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider;
187
188 private ArrayMap<String, List<DefaultPermissionGrant>> mGrantExceptions;
189 private final Context mContext;
190 private final Object mLock = new Object();
191 private final PackageManagerInternal mServiceInternal;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]192 private final PermissionManagerService mPermissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]193 private final DefaultPermissionGrantedCallback mPermissionGrantedCallback;
194 public interface DefaultPermissionGrantedCallback {
195 /** Callback when permissions have been granted */
196 public void onDefaultRuntimePermissionsGranted(int userId);
197 }
198
199 public DefaultPermissionGrantPolicy(Context context, Looper looper,
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]200 @Nullable DefaultPermissionGrantedCallback callback,
201 @NonNull PermissionManagerService permissionManager) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]202 mContext = context;
203 mHandler = new Handler(looper) {
204 @Override
205 public void handleMessage(Message msg) {
206 if (msg.what == MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS) {
207 synchronized (mLock) {
208 if (mGrantExceptions == null) {
209 mGrantExceptions = readDefaultPermissionExceptionsLocked();
210 }
211 }
212 }
213 }
214 };
215 mPermissionGrantedCallback = callback;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]216 mPermissionManager = permissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]217 mServiceInternal = LocalServices.getService(PackageManagerInternal.class);
218 }
219
220 public void setLocationPackagesProvider(PackagesProvider provider) {
221 synchronized (mLock) {
222 mLocationPackagesProvider = provider;
223 }
224 }
225
226 public void setVoiceInteractionPackagesProvider(PackagesProvider provider) {
227 synchronized (mLock) {
228 mVoiceInteractionPackagesProvider = provider;
229 }
230 }
231
232 public void setSmsAppPackagesProvider(PackagesProvider provider) {
233 synchronized (mLock) {
234 mSmsAppPackagesProvider = provider;
235 }
236 }
237
238 public void setDialerAppPackagesProvider(PackagesProvider provider) {
239 synchronized (mLock) {
240 mDialerAppPackagesProvider = provider;
241 }
242 }
243
244 public void setSimCallManagerPackagesProvider(PackagesProvider provider) {
245 synchronized (mLock) {
246 mSimCallManagerPackagesProvider = provider;
247 }
248 }
249
250 public void setSyncAdapterPackagesProvider(SyncAdapterPackagesProvider provider) {
251 synchronized (mLock) {
252 mSyncAdapterPackagesProvider = provider;
253 }
254 }
255
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame^]256 public void grantDefaultPermissions(int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]257 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) {
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame^]258 grantAllRuntimePermissions(userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]259 } else {
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame^]260 grantPermissionsToSysComponentsAndPrivApps(userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]261 grantDefaultSystemHandlerPermissions(userId);
262 grantDefaultPermissionExceptions(userId);
263 }
264 }
265
266 private void grantRuntimePermissionsForPackage(int userId, PackageParser.Package pkg) {
267 Set<String> permissions = new ArraySet<>();
268 for (String permission : pkg.requestedPermissions) {
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]269 final BasePermission bp = mPermissionManager.getPermission(permission);
270 if (bp == null) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]271 continue;
272 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]273 if (bp.isRuntime()) {
274 permissions.add(permission);
275 }
276 }
277 if (!permissions.isEmpty()) {
278 grantRuntimePermissions(pkg, permissions, true, userId);
279 }
280 }
281
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame^]282 private void grantAllRuntimePermissions(int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]283 Log.i(TAG, "Granting all runtime permissions for user " + userId);
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame^]284 final PackageList packageList = mServiceInternal.getPackageList();
285 for (String packageName : packageList.getPackageNames()) {
286 final PackageParser.Package pkg = mServiceInternal.getPackage(packageName);
287 if (pkg == null) {
288 continue;
289 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]290 grantRuntimePermissionsForPackage(userId, pkg);
291 }
292 }
293
294 public void scheduleReadDefaultPermissionExceptions() {
295 mHandler.sendEmptyMessage(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
296 }
297
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame^]298 private void grantPermissionsToSysComponentsAndPrivApps(int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]299 Log.i(TAG, "Granting permissions to platform components for user " + userId);
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame^]300 final PackageList packageList = mServiceInternal.getPackageList();
301 for (String packageName : packageList.getPackageNames()) {
302 final PackageParser.Package pkg = mServiceInternal.getPackage(packageName);
303 if (pkg == null) {
304 continue;
305 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]306 if (!isSysComponentOrPersistentPlatformSignedPrivApp(pkg)
307 || !doesPackageSupportRuntimePermissions(pkg)
308 || pkg.requestedPermissions.isEmpty()) {
309 continue;
310 }
311 grantRuntimePermissionsForPackage(userId, pkg);
312 }
313 }
314
315 private void grantDefaultSystemHandlerPermissions(int userId) {
316 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId);
317
318 final PackagesProvider locationPackagesProvider;
319 final PackagesProvider voiceInteractionPackagesProvider;
320 final PackagesProvider smsAppPackagesProvider;
321 final PackagesProvider dialerAppPackagesProvider;
322 final PackagesProvider simCallManagerPackagesProvider;
323 final SyncAdapterPackagesProvider syncAdapterPackagesProvider;
324
325 synchronized (mLock) {
326 locationPackagesProvider = mLocationPackagesProvider;
327 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider;
328 smsAppPackagesProvider = mSmsAppPackagesProvider;
329 dialerAppPackagesProvider = mDialerAppPackagesProvider;
330 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider;
331 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider;
332 }
333
334 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null)
335 ? voiceInteractionPackagesProvider.getPackages(userId) : null;
336 String[] locationPackageNames = (locationPackagesProvider != null)
337 ? locationPackagesProvider.getPackages(userId) : null;
338 String[] smsAppPackageNames = (smsAppPackagesProvider != null)
339 ? smsAppPackagesProvider.getPackages(userId) : null;
340 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null)
341 ? dialerAppPackagesProvider.getPackages(userId) : null;
342 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null)
343 ? simCallManagerPackagesProvider.getPackages(userId) : null;
344 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
345 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null;
346 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
347 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null;
348
349 // Installer
350 final String installerPackageName = mServiceInternal.getKnownPackageName(
351 PackageManagerInternal.PACKAGE_INSTALLER, userId);
352 PackageParser.Package installerPackage = getSystemPackage(installerPackageName);
353 if (installerPackage != null
354 && doesPackageSupportRuntimePermissions(installerPackage)) {
355 grantRuntimePermissions(installerPackage, STORAGE_PERMISSIONS, true, userId);
356 }
357
358 // Verifier
359 final String verifierPackageName = mServiceInternal.getKnownPackageName(
360 PackageManagerInternal.PACKAGE_VERIFIER, userId);
361 PackageParser.Package verifierPackage = getSystemPackage(verifierPackageName);
362 if (verifierPackage != null
363 && doesPackageSupportRuntimePermissions(verifierPackage)) {
364 grantRuntimePermissions(verifierPackage, STORAGE_PERMISSIONS, true, userId);
365 grantRuntimePermissions(verifierPackage, PHONE_PERMISSIONS, false, userId);
366 grantRuntimePermissions(verifierPackage, SMS_PERMISSIONS, false, userId);
367 }
368
369 // SetupWizard
370 final String setupWizardPackageName = mServiceInternal.getKnownPackageName(
371 PackageManagerInternal.PACKAGE_SETUP_WIZARD, userId);
372 PackageParser.Package setupPackage = getSystemPackage(setupWizardPackageName);
373 if (setupPackage != null
374 && doesPackageSupportRuntimePermissions(setupPackage)) {
375 grantRuntimePermissions(setupPackage, PHONE_PERMISSIONS, userId);
376 grantRuntimePermissions(setupPackage, CONTACTS_PERMISSIONS, userId);
377 grantRuntimePermissions(setupPackage, LOCATION_PERMISSIONS, userId);
378 grantRuntimePermissions(setupPackage, CAMERA_PERMISSIONS, userId);
379 }
380
381 // Camera
382 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE);
383 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackage(
384 cameraIntent, userId);
385 if (cameraPackage != null
386 && doesPackageSupportRuntimePermissions(cameraPackage)) {
387 grantRuntimePermissions(cameraPackage, CAMERA_PERMISSIONS, userId);
388 grantRuntimePermissions(cameraPackage, MICROPHONE_PERMISSIONS, userId);
389 grantRuntimePermissions(cameraPackage, STORAGE_PERMISSIONS, userId);
390 }
391
392 // Media provider
393 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackage(
394 MediaStore.AUTHORITY, userId);
395 if (mediaStorePackage != null) {
396 grantRuntimePermissions(mediaStorePackage, STORAGE_PERMISSIONS, true, userId);
Jerry Zhang27067df2017-10-18 11:51:54 -0700[diff] [blame]397 grantRuntimePermissions(mediaStorePackage, PHONE_PERMISSIONS, true, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]398 }
399
400 // Downloads provider
401 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackage(
402 "downloads", userId);
403 if (downloadsPackage != null) {
404 grantRuntimePermissions(downloadsPackage, STORAGE_PERMISSIONS, true, userId);
405 }
406
407 // Downloads UI
408 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS);
409 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackage(
410 downloadsUiIntent, userId);
411 if (downloadsUiPackage != null
412 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) {
413 grantRuntimePermissions(downloadsUiPackage, STORAGE_PERMISSIONS, true, userId);
414 }
415
416 // Storage provider
417 PackageParser.Package storagePackage = getDefaultProviderAuthorityPackage(
418 "com.android.externalstorage.documents", userId);
419 if (storagePackage != null) {
420 grantRuntimePermissions(storagePackage, STORAGE_PERMISSIONS, true, userId);
421 }
422
423 // CertInstaller
424 Intent certInstallerIntent = new Intent(Credentials.INSTALL_ACTION);
425 PackageParser.Package certInstallerPackage = getDefaultSystemHandlerActivityPackage(
426 certInstallerIntent, userId);
427 if (certInstallerPackage != null
428 && doesPackageSupportRuntimePermissions(certInstallerPackage)) {
429 grantRuntimePermissions(certInstallerPackage, STORAGE_PERMISSIONS, true, userId);
430 }
431
432 // Dialer
433 if (dialerAppPackageNames == null) {
434 Intent dialerIntent = new Intent(Intent.ACTION_DIAL);
435 PackageParser.Package dialerPackage = getDefaultSystemHandlerActivityPackage(
436 dialerIntent, userId);
437 if (dialerPackage != null) {
438 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId);
439 }
440 } else {
441 for (String dialerAppPackageName : dialerAppPackageNames) {
442 PackageParser.Package dialerPackage = getSystemPackage(dialerAppPackageName);
443 if (dialerPackage != null) {
444 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId);
445 }
446 }
447 }
448
449 // Sim call manager
450 if (simCallManagerPackageNames != null) {
451 for (String simCallManagerPackageName : simCallManagerPackageNames) {
452 PackageParser.Package simCallManagerPackage =
453 getSystemPackage(simCallManagerPackageName);
454 if (simCallManagerPackage != null) {
455 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage,
456 userId);
457 }
458 }
459 }
460
461 // SMS
462 if (smsAppPackageNames == null) {
463 Intent smsIntent = new Intent(Intent.ACTION_MAIN);
464 smsIntent.addCategory(Intent.CATEGORY_APP_MESSAGING);
465 PackageParser.Package smsPackage = getDefaultSystemHandlerActivityPackage(
466 smsIntent, userId);
467 if (smsPackage != null) {
468 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
469 }
470 } else {
471 for (String smsPackageName : smsAppPackageNames) {
472 PackageParser.Package smsPackage = getSystemPackage(smsPackageName);
473 if (smsPackage != null) {
474 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
475 }
476 }
477 }
478
479 // Cell Broadcast Receiver
480 Intent cbrIntent = new Intent(Intents.SMS_CB_RECEIVED_ACTION);
481 PackageParser.Package cbrPackage =
482 getDefaultSystemHandlerActivityPackage(cbrIntent, userId);
483 if (cbrPackage != null && doesPackageSupportRuntimePermissions(cbrPackage)) {
484 grantRuntimePermissions(cbrPackage, SMS_PERMISSIONS, userId);
485 }
486
487 // Carrier Provisioning Service
488 Intent carrierProvIntent = new Intent(Intents.SMS_CARRIER_PROVISION_ACTION);
489 PackageParser.Package carrierProvPackage =
490 getDefaultSystemHandlerServicePackage(carrierProvIntent, userId);
491 if (carrierProvPackage != null
492 && doesPackageSupportRuntimePermissions(carrierProvPackage)) {
493 grantRuntimePermissions(carrierProvPackage, SMS_PERMISSIONS, false, userId);
494 }
495
496 // Calendar
497 Intent calendarIntent = new Intent(Intent.ACTION_MAIN);
498 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR);
499 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackage(
500 calendarIntent, userId);
501 if (calendarPackage != null
502 && doesPackageSupportRuntimePermissions(calendarPackage)) {
503 grantRuntimePermissions(calendarPackage, CALENDAR_PERMISSIONS, userId);
504 grantRuntimePermissions(calendarPackage, CONTACTS_PERMISSIONS, userId);
505 }
506
507 // Calendar provider
508 PackageParser.Package calendarProviderPackage = getDefaultProviderAuthorityPackage(
509 CalendarContract.AUTHORITY, userId);
510 if (calendarProviderPackage != null) {
511 grantRuntimePermissions(calendarProviderPackage, CONTACTS_PERMISSIONS, userId);
512 grantRuntimePermissions(calendarProviderPackage, CALENDAR_PERMISSIONS,
513 true, userId);
514 grantRuntimePermissions(calendarProviderPackage, STORAGE_PERMISSIONS, userId);
515 }
516
517 // Calendar provider sync adapters
518 List<PackageParser.Package> calendarSyncAdapters = getHeadlessSyncAdapterPackages(
519 calendarSyncAdapterPackages, userId);
520 final int calendarSyncAdapterCount = calendarSyncAdapters.size();
521 for (int i = 0; i < calendarSyncAdapterCount; i++) {
522 PackageParser.Package calendarSyncAdapter = calendarSyncAdapters.get(i);
523 if (doesPackageSupportRuntimePermissions(calendarSyncAdapter)) {
524 grantRuntimePermissions(calendarSyncAdapter, CALENDAR_PERMISSIONS, userId);
525 }
526 }
527
528 // Contacts
529 Intent contactsIntent = new Intent(Intent.ACTION_MAIN);
530 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS);
531 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackage(
532 contactsIntent, userId);
533 if (contactsPackage != null
534 && doesPackageSupportRuntimePermissions(contactsPackage)) {
535 grantRuntimePermissions(contactsPackage, CONTACTS_PERMISSIONS, userId);
536 grantRuntimePermissions(contactsPackage, PHONE_PERMISSIONS, userId);
537 }
538
539 // Contacts provider sync adapters
540 List<PackageParser.Package> contactsSyncAdapters = getHeadlessSyncAdapterPackages(
541 contactsSyncAdapterPackages, userId);
542 final int contactsSyncAdapterCount = contactsSyncAdapters.size();
543 for (int i = 0; i < contactsSyncAdapterCount; i++) {
544 PackageParser.Package contactsSyncAdapter = contactsSyncAdapters.get(i);
545 if (doesPackageSupportRuntimePermissions(contactsSyncAdapter)) {
546 grantRuntimePermissions(contactsSyncAdapter, CONTACTS_PERMISSIONS, userId);
547 }
548 }
549
550 // Contacts provider
551 PackageParser.Package contactsProviderPackage = getDefaultProviderAuthorityPackage(
552 ContactsContract.AUTHORITY, userId);
553 if (contactsProviderPackage != null) {
554 grantRuntimePermissions(contactsProviderPackage, CONTACTS_PERMISSIONS,
555 true, userId);
556 grantRuntimePermissions(contactsProviderPackage, PHONE_PERMISSIONS,
557 true, userId);
558 grantRuntimePermissions(contactsProviderPackage, STORAGE_PERMISSIONS, userId);
559 }
560
561 // Device provisioning
562 Intent deviceProvisionIntent = new Intent(
563 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE);
564 PackageParser.Package deviceProvisionPackage =
565 getDefaultSystemHandlerActivityPackage(deviceProvisionIntent, userId);
566 if (deviceProvisionPackage != null
567 && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) {
568 grantRuntimePermissions(deviceProvisionPackage, CONTACTS_PERMISSIONS, userId);
569 }
570
571 // Maps
572 Intent mapsIntent = new Intent(Intent.ACTION_MAIN);
573 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS);
574 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackage(
575 mapsIntent, userId);
576 if (mapsPackage != null
577 && doesPackageSupportRuntimePermissions(mapsPackage)) {
578 grantRuntimePermissions(mapsPackage, LOCATION_PERMISSIONS, userId);
579 }
580
581 // Gallery
582 Intent galleryIntent = new Intent(Intent.ACTION_MAIN);
583 galleryIntent.addCategory(Intent.CATEGORY_APP_GALLERY);
584 PackageParser.Package galleryPackage = getDefaultSystemHandlerActivityPackage(
585 galleryIntent, userId);
586 if (galleryPackage != null
587 && doesPackageSupportRuntimePermissions(galleryPackage)) {
588 grantRuntimePermissions(galleryPackage, STORAGE_PERMISSIONS, userId);
589 }
590
591 // Email
592 Intent emailIntent = new Intent(Intent.ACTION_MAIN);
593 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL);
594 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackage(
595 emailIntent, userId);
596 if (emailPackage != null
597 && doesPackageSupportRuntimePermissions(emailPackage)) {
598 grantRuntimePermissions(emailPackage, CONTACTS_PERMISSIONS, userId);
599 grantRuntimePermissions(emailPackage, CALENDAR_PERMISSIONS, userId);
600 }
601
602 // Browser
603 PackageParser.Package browserPackage = null;
604 String defaultBrowserPackage = mServiceInternal.getKnownPackageName(
605 PackageManagerInternal.PACKAGE_BROWSER, userId);
606 if (defaultBrowserPackage != null) {
607 browserPackage = getPackage(defaultBrowserPackage);
608 }
609 if (browserPackage == null) {
610 Intent browserIntent = new Intent(Intent.ACTION_MAIN);
611 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER);
612 browserPackage = getDefaultSystemHandlerActivityPackage(
613 browserIntent, userId);
614 }
615 if (browserPackage != null
616 && doesPackageSupportRuntimePermissions(browserPackage)) {
617 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, userId);
618 }
619
620 // Voice interaction
621 if (voiceInteractPackageNames != null) {
622 for (String voiceInteractPackageName : voiceInteractPackageNames) {
623 PackageParser.Package voiceInteractPackage = getSystemPackage(
624 voiceInteractPackageName);
625 if (voiceInteractPackage != null
626 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) {
627 grantRuntimePermissions(voiceInteractPackage,
628 CONTACTS_PERMISSIONS, userId);
629 grantRuntimePermissions(voiceInteractPackage,
630 CALENDAR_PERMISSIONS, userId);
631 grantRuntimePermissions(voiceInteractPackage,
632 MICROPHONE_PERMISSIONS, userId);
633 grantRuntimePermissions(voiceInteractPackage,
634 PHONE_PERMISSIONS, userId);
635 grantRuntimePermissions(voiceInteractPackage,
636 SMS_PERMISSIONS, userId);
637 grantRuntimePermissions(voiceInteractPackage,
638 LOCATION_PERMISSIONS, userId);
639 }
640 }
641 }
642
643 if (ActivityManager.isLowRamDeviceStatic()) {
644 // Allow voice search on low-ram devices
645 Intent globalSearchIntent = new Intent("android.search.action.GLOBAL_SEARCH");
646 PackageParser.Package globalSearchPickerPackage =
647 getDefaultSystemHandlerActivityPackage(globalSearchIntent, userId);
648
649 if (globalSearchPickerPackage != null
650 && doesPackageSupportRuntimePermissions(globalSearchPickerPackage)) {
651 grantRuntimePermissions(globalSearchPickerPackage,
Ng Zhi An202372d2017-12-19 11:19:30 -0800[diff] [blame]652 MICROPHONE_PERMISSIONS, false, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]653 grantRuntimePermissions(globalSearchPickerPackage,
Ng Zhi An202372d2017-12-19 11:19:30 -0800[diff] [blame]654 LOCATION_PERMISSIONS, false, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]655 }
656 }
657
658 // Voice recognition
659 Intent voiceRecoIntent = new Intent("android.speech.RecognitionService");
660 voiceRecoIntent.addCategory(Intent.CATEGORY_DEFAULT);
661 PackageParser.Package voiceRecoPackage = getDefaultSystemHandlerServicePackage(
662 voiceRecoIntent, userId);
663 if (voiceRecoPackage != null
664 && doesPackageSupportRuntimePermissions(voiceRecoPackage)) {
665 grantRuntimePermissions(voiceRecoPackage, MICROPHONE_PERMISSIONS, userId);
666 }
667
668 // Location
669 if (locationPackageNames != null) {
670 for (String packageName : locationPackageNames) {
671 PackageParser.Package locationPackage = getSystemPackage(packageName);
672 if (locationPackage != null
673 && doesPackageSupportRuntimePermissions(locationPackage)) {
674 grantRuntimePermissions(locationPackage, CONTACTS_PERMISSIONS, userId);
675 grantRuntimePermissions(locationPackage, CALENDAR_PERMISSIONS, userId);
676 grantRuntimePermissions(locationPackage, MICROPHONE_PERMISSIONS, userId);
677 grantRuntimePermissions(locationPackage, PHONE_PERMISSIONS, userId);
678 grantRuntimePermissions(locationPackage, SMS_PERMISSIONS, userId);
679 grantRuntimePermissions(locationPackage, LOCATION_PERMISSIONS,
680 true, userId);
681 grantRuntimePermissions(locationPackage, CAMERA_PERMISSIONS, userId);
682 grantRuntimePermissions(locationPackage, SENSORS_PERMISSIONS, userId);
683 grantRuntimePermissions(locationPackage, STORAGE_PERMISSIONS, userId);
684 }
685 }
686 }
687
688 // Music
689 Intent musicIntent = new Intent(Intent.ACTION_VIEW);
690 musicIntent.addCategory(Intent.CATEGORY_DEFAULT);
691 musicIntent.setDataAndType(Uri.fromFile(new File("foo.mp3")),
692 AUDIO_MIME_TYPE);
693 PackageParser.Package musicPackage = getDefaultSystemHandlerActivityPackage(
694 musicIntent, userId);
695 if (musicPackage != null
696 && doesPackageSupportRuntimePermissions(musicPackage)) {
697 grantRuntimePermissions(musicPackage, STORAGE_PERMISSIONS, userId);
698 }
699
700 // Home
701 Intent homeIntent = new Intent(Intent.ACTION_MAIN);
702 homeIntent.addCategory(Intent.CATEGORY_HOME);
703 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER_APP);
704 PackageParser.Package homePackage = getDefaultSystemHandlerActivityPackage(
705 homeIntent, userId);
706 if (homePackage != null
707 && doesPackageSupportRuntimePermissions(homePackage)) {
708 grantRuntimePermissions(homePackage, LOCATION_PERMISSIONS, false, userId);
709 }
710
711 // Watches
712 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0)) {
713 // Home application on watches
714 Intent wearHomeIntent = new Intent(Intent.ACTION_MAIN);
715 wearHomeIntent.addCategory(Intent.CATEGORY_HOME_MAIN);
716
717 PackageParser.Package wearHomePackage = getDefaultSystemHandlerActivityPackage(
718 wearHomeIntent, userId);
719
720 if (wearHomePackage != null
721 && doesPackageSupportRuntimePermissions(wearHomePackage)) {
722 grantRuntimePermissions(wearHomePackage, CONTACTS_PERMISSIONS, false,
723 userId);
724 grantRuntimePermissions(wearHomePackage, PHONE_PERMISSIONS, true, userId);
725 grantRuntimePermissions(wearHomePackage, MICROPHONE_PERMISSIONS, false,
726 userId);
727 grantRuntimePermissions(wearHomePackage, LOCATION_PERMISSIONS, false,
728 userId);
729 }
730
731 // Fitness tracking on watches
732 Intent trackIntent = new Intent(ACTION_TRACK);
733 PackageParser.Package trackPackage = getDefaultSystemHandlerActivityPackage(
734 trackIntent, userId);
735 if (trackPackage != null
736 && doesPackageSupportRuntimePermissions(trackPackage)) {
737 grantRuntimePermissions(trackPackage, SENSORS_PERMISSIONS, false, userId);
738 grantRuntimePermissions(trackPackage, LOCATION_PERMISSIONS, false, userId);
739 }
740 }
741
742 // Print Spooler
743 PackageParser.Package printSpoolerPackage = getSystemPackage(
744 PrintManager.PRINT_SPOOLER_PACKAGE_NAME);
745 if (printSpoolerPackage != null
746 && doesPackageSupportRuntimePermissions(printSpoolerPackage)) {
747 grantRuntimePermissions(printSpoolerPackage, LOCATION_PERMISSIONS, true, userId);
748 }
749
750 // EmergencyInfo
751 Intent emergencyInfoIntent = new Intent(TelephonyManager.ACTION_EMERGENCY_ASSISTANCE);
752 PackageParser.Package emergencyInfoPckg = getDefaultSystemHandlerActivityPackage(
753 emergencyInfoIntent, userId);
754 if (emergencyInfoPckg != null
755 && doesPackageSupportRuntimePermissions(emergencyInfoPckg)) {
756 grantRuntimePermissions(emergencyInfoPckg, CONTACTS_PERMISSIONS, true, userId);
757 grantRuntimePermissions(emergencyInfoPckg, PHONE_PERMISSIONS, true, userId);
758 }
759
760 // NFC Tag viewer
761 Intent nfcTagIntent = new Intent(Intent.ACTION_VIEW);
762 nfcTagIntent.setType("vnd.android.cursor.item/ndef_msg");
763 PackageParser.Package nfcTagPkg = getDefaultSystemHandlerActivityPackage(
764 nfcTagIntent, userId);
765 if (nfcTagPkg != null
766 && doesPackageSupportRuntimePermissions(nfcTagPkg)) {
767 grantRuntimePermissions(nfcTagPkg, CONTACTS_PERMISSIONS, false, userId);
768 grantRuntimePermissions(nfcTagPkg, PHONE_PERMISSIONS, false, userId);
769 }
770
771 // Storage Manager
772 Intent storageManagerIntent = new Intent(StorageManager.ACTION_MANAGE_STORAGE);
773 PackageParser.Package storageManagerPckg = getDefaultSystemHandlerActivityPackage(
774 storageManagerIntent, userId);
775 if (storageManagerPckg != null
776 && doesPackageSupportRuntimePermissions(storageManagerPckg)) {
777 grantRuntimePermissions(storageManagerPckg, STORAGE_PERMISSIONS, true, userId);
778 }
779
780 // Companion devices
781 PackageParser.Package companionDeviceDiscoveryPackage = getSystemPackage(
782 CompanionDeviceManager.COMPANION_DEVICE_DISCOVERY_PACKAGE_NAME);
783 if (companionDeviceDiscoveryPackage != null
784 && doesPackageSupportRuntimePermissions(companionDeviceDiscoveryPackage)) {
785 grantRuntimePermissions(companionDeviceDiscoveryPackage,
786 LOCATION_PERMISSIONS, true, userId);
787 }
788
789 // Ringtone Picker
790 Intent ringtonePickerIntent = new Intent(RingtoneManager.ACTION_RINGTONE_PICKER);
791 PackageParser.Package ringtonePickerPackage =
792 getDefaultSystemHandlerActivityPackage(ringtonePickerIntent, userId);
793 if (ringtonePickerPackage != null
794 && doesPackageSupportRuntimePermissions(ringtonePickerPackage)) {
795 grantRuntimePermissions(ringtonePickerPackage,
796 STORAGE_PERMISSIONS, true, userId);
797 }
798
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]799 if (mPermissionGrantedCallback != null) {
800 mPermissionGrantedCallback.onDefaultRuntimePermissionsGranted(userId);
801 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]802 }
803
804 private void grantDefaultPermissionsToDefaultSystemDialerApp(
805 PackageParser.Package dialerPackage, int userId) {
806 if (doesPackageSupportRuntimePermissions(dialerPackage)) {
807 boolean isPhonePermFixed =
808 mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0);
809 grantRuntimePermissions(
810 dialerPackage, PHONE_PERMISSIONS, isPhonePermFixed, userId);
811 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, userId);
812 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, userId);
813 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, userId);
814 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, userId);
815 }
816 }
817
818 private void grantDefaultPermissionsToDefaultSystemSmsApp(
819 PackageParser.Package smsPackage, int userId) {
820 if (doesPackageSupportRuntimePermissions(smsPackage)) {
821 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, userId);
822 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, userId);
823 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, userId);
824 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, userId);
825 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, userId);
826 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, userId);
827 }
828 }
829
830 public void grantDefaultPermissionsToDefaultSmsApp(String packageName, int userId) {
831 Log.i(TAG, "Granting permissions to default sms app for user:" + userId);
832 if (packageName == null) {
833 return;
834 }
835 PackageParser.Package smsPackage = getPackage(packageName);
836 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) {
837 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, false, true, userId);
838 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, false, true, userId);
839 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, false, true, userId);
840 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, false, true, userId);
841 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, false, true, userId);
842 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, false, true, userId);
843 }
844 }
845
846 public void grantDefaultPermissionsToDefaultDialerApp(String packageName, int userId) {
847 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId);
848 if (packageName == null) {
849 return;
850 }
851 PackageParser.Package dialerPackage = getPackage(packageName);
852 if (dialerPackage != null
853 && doesPackageSupportRuntimePermissions(dialerPackage)) {
854 grantRuntimePermissions(dialerPackage, PHONE_PERMISSIONS, false, true, userId);
855 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, false, true, userId);
856 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, false, true, userId);
857 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, false, true, userId);
858 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, false, true, userId);
859 }
860 }
861
862 private void grantDefaultPermissionsToDefaultSimCallManager(
863 PackageParser.Package simCallManagerPackage, int userId) {
864 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId);
865 if (doesPackageSupportRuntimePermissions(simCallManagerPackage)) {
866 grantRuntimePermissions(simCallManagerPackage, PHONE_PERMISSIONS, userId);
867 grantRuntimePermissions(simCallManagerPackage, MICROPHONE_PERMISSIONS, userId);
868 }
869 }
870
871 public void grantDefaultPermissionsToDefaultSimCallManager(String packageName, int userId) {
872 if (packageName == null) {
873 return;
874 }
875 PackageParser.Package simCallManagerPackage = getPackage(packageName);
876 if (simCallManagerPackage != null) {
877 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage, userId);
878 }
879 }
880
881 public void grantDefaultPermissionsToEnabledCarrierApps(String[] packageNames, int userId) {
882 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId);
883 if (packageNames == null) {
884 return;
885 }
886 for (String packageName : packageNames) {
887 PackageParser.Package carrierPackage = getSystemPackage(packageName);
888 if (carrierPackage != null
889 && doesPackageSupportRuntimePermissions(carrierPackage)) {
890 grantRuntimePermissions(carrierPackage, PHONE_PERMISSIONS, userId);
891 grantRuntimePermissions(carrierPackage, LOCATION_PERMISSIONS, userId);
892 grantRuntimePermissions(carrierPackage, SMS_PERMISSIONS, userId);
893 }
894 }
895 }
896
897 public void grantDefaultPermissionsToEnabledImsServices(String[] packageNames, int userId) {
898 Log.i(TAG, "Granting permissions to enabled ImsServices for user:" + userId);
899 if (packageNames == null) {
900 return;
901 }
902 for (String packageName : packageNames) {
903 PackageParser.Package imsServicePackage = getSystemPackage(packageName);
904 if (imsServicePackage != null
905 && doesPackageSupportRuntimePermissions(imsServicePackage)) {
906 grantRuntimePermissions(imsServicePackage, PHONE_PERMISSIONS, userId);
907 grantRuntimePermissions(imsServicePackage, MICROPHONE_PERMISSIONS, userId);
908 grantRuntimePermissions(imsServicePackage, LOCATION_PERMISSIONS, userId);
909 grantRuntimePermissions(imsServicePackage, CAMERA_PERMISSIONS, userId);
910 }
911 }
912 }
913
914 public void grantDefaultPermissionsToDefaultBrowser(String packageName, int userId) {
915 Log.i(TAG, "Granting permissions to default browser for user:" + userId);
916 if (packageName == null) {
917 return;
918 }
919 PackageParser.Package browserPackage = getSystemPackage(packageName);
920 if (browserPackage != null
921 && doesPackageSupportRuntimePermissions(browserPackage)) {
922 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, false, false, userId);
923 }
924 }
925
926 private PackageParser.Package getDefaultSystemHandlerActivityPackage(
927 Intent intent, int userId) {
928 ResolveInfo handler = mServiceInternal.resolveIntent(intent,
929 intent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS, userId, false);
930 if (handler == null || handler.activityInfo == null) {
931 return null;
932 }
933 if (mServiceInternal.isResolveActivityComponent(handler.activityInfo)) {
934 return null;
935 }
936 return getSystemPackage(handler.activityInfo.packageName);
937 }
938
939 private PackageParser.Package getDefaultSystemHandlerServicePackage(
940 Intent intent, int userId) {
941 List<ResolveInfo> handlers = mServiceInternal.queryIntentServices(
942 intent, DEFAULT_FLAGS, Binder.getCallingUid(), userId);
943 if (handlers == null) {
944 return null;
945 }
946 final int handlerCount = handlers.size();
947 for (int i = 0; i < handlerCount; i++) {
948 ResolveInfo handler = handlers.get(i);
949 PackageParser.Package handlerPackage = getSystemPackage(
950 handler.serviceInfo.packageName);
951 if (handlerPackage != null) {
952 return handlerPackage;
953 }
954 }
955 return null;
956 }
957
958 private List<PackageParser.Package> getHeadlessSyncAdapterPackages(
959 String[] syncAdapterPackageNames, int userId) {
960 List<PackageParser.Package> syncAdapterPackages = new ArrayList<>();
961
962 Intent homeIntent = new Intent(Intent.ACTION_MAIN);
963 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER);
964
965 for (String syncAdapterPackageName : syncAdapterPackageNames) {
966 homeIntent.setPackage(syncAdapterPackageName);
967
968 ResolveInfo homeActivity = mServiceInternal.resolveIntent(homeIntent,
969 homeIntent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS,
970 userId, false);
971 if (homeActivity != null) {
972 continue;
973 }
974
975 PackageParser.Package syncAdapterPackage = getSystemPackage(syncAdapterPackageName);
976 if (syncAdapterPackage != null) {
977 syncAdapterPackages.add(syncAdapterPackage);
978 }
979 }
980
981 return syncAdapterPackages;
982 }
983
984 private PackageParser.Package getDefaultProviderAuthorityPackage(
985 String authority, int userId) {
986 ProviderInfo provider =
987 mServiceInternal.resolveContentProvider(authority, DEFAULT_FLAGS, userId);
988 if (provider != null) {
989 return getSystemPackage(provider.packageName);
990 }
991 return null;
992 }
993
994 private PackageParser.Package getPackage(String packageName) {
995 return mServiceInternal.getPackage(packageName);
996 }
997
998 private PackageParser.Package getSystemPackage(String packageName) {
999 PackageParser.Package pkg = getPackage(packageName);
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1000 if (pkg != null && pkg.isSystem()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1001 return !isSysComponentOrPersistentPlatformSignedPrivApp(pkg) ? pkg : null;
1002 }
1003 return null;
1004 }
1005
1006 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
1007 int userId) {
1008 grantRuntimePermissions(pkg, permissions, false, false, userId);
1009 }
1010
1011 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
1012 boolean systemFixed, int userId) {
1013 grantRuntimePermissions(pkg, permissions, systemFixed, false, userId);
1014 }
1015
1016 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
1017 boolean systemFixed, boolean isDefaultPhoneOrSms, int userId) {
1018 if (pkg.requestedPermissions.isEmpty()) {
1019 return;
1020 }
1021
1022 List<String> requestedPermissions = pkg.requestedPermissions;
1023 Set<String> grantablePermissions = null;
1024
1025 // If this is the default Phone or SMS app we grant permissions regardless
1026 // whether the version on the system image declares the permission as used since
1027 // selecting the app as the default Phone or SMS the user makes a deliberate
1028 // choice to grant this app the permissions needed to function. For all other
1029 // apps, (default grants on first boot and user creation) we don't grant default
1030 // permissions if the version on the system image does not declare them.
1031 if (!isDefaultPhoneOrSms && pkg.isUpdatedSystemApp()) {
1032 final PackageParser.Package disabledPkg =
1033 mServiceInternal.getDisabledPackage(pkg.packageName);
1034 if (disabledPkg != null) {
1035 if (disabledPkg.requestedPermissions.isEmpty()) {
1036 return;
1037 }
1038 if (!requestedPermissions.equals(disabledPkg.requestedPermissions)) {
1039 grantablePermissions = new ArraySet<>(requestedPermissions);
1040 requestedPermissions = disabledPkg.requestedPermissions;
1041 }
1042 }
1043 }
1044
1045 final int grantablePermissionCount = requestedPermissions.size();
1046 for (int i = 0; i < grantablePermissionCount; i++) {
1047 String permission = requestedPermissions.get(i);
1048
1049 // If there is a disabled system app it may request a permission the updated
1050 // version ot the data partition doesn't, In this case skip the permission.
1051 if (grantablePermissions != null && !grantablePermissions.contains(permission)) {
1052 continue;
1053 }
1054
1055 if (permissions.contains(permission)) {
1056 final int flags = mServiceInternal.getPermissionFlagsTEMP(
1057 permission, pkg.packageName, userId);
1058
1059 // If any flags are set to the permission, then it is either set in
1060 // its current state by the system or device/profile owner or the user.
1061 // In all these cases we do not want to clobber the current state.
1062 // Unless the caller wants to override user choices. The override is
1063 // to make sure we can grant the needed permission to the default
1064 // sms and phone apps after the user chooses this in the UI.
1065 if (flags == 0 || isDefaultPhoneOrSms) {
1066 // Never clobber policy or system.
1067 final int fixedFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED
1068 | PackageManager.FLAG_PERMISSION_POLICY_FIXED;
1069 if ((flags & fixedFlags) != 0) {
1070 continue;
1071 }
1072
1073 mServiceInternal.grantRuntimePermission(
1074 pkg.packageName, permission, userId, false);
1075 if (DEBUG) {
1076 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ")
1077 + permission + " to default handler " + pkg.packageName);
1078 }
1079
1080 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT;
1081 if (systemFixed) {
1082 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
1083 }
1084
1085 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName,
1086 newFlags, newFlags, userId);
1087 }
1088
1089 // If a component gets a permission for being the default handler A
1090 // and also default handler B, we grant the weaker grant form.
1091 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
1092 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0
1093 && !systemFixed) {
1094 if (DEBUG) {
1095 Log.i(TAG, "Granted not fixed " + permission + " to default handler "
1096 + pkg.packageName);
1097 }
1098 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName,
1099 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, userId);
1100 }
1101 }
1102 }
1103 }
1104
1105 private boolean isSysComponentOrPersistentPlatformSignedPrivApp(PackageParser.Package pkg) {
1106 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) {
1107 return true;
1108 }
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1109 if (!pkg.isPrivileged()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1110 return false;
1111 }
1112 final PackageParser.Package disabledPkg =
1113 mServiceInternal.getDisabledPackage(pkg.packageName);
1114 if (disabledPkg != null) {
1115 if ((disabledPkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
1116 return false;
1117 }
1118 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
1119 return false;
1120 }
1121 final String systemPackageName = mServiceInternal.getKnownPackageName(
1122 PackageManagerInternal.PACKAGE_SYSTEM, UserHandle.USER_SYSTEM);
1123 final PackageParser.Package systemPackage = getPackage(systemPackageName);
Todd Kennedy7c4c55d2017-11-02 10:01:39 -0700[diff] [blame]1124 return compareSignatures(systemPackage.mSignatures, pkg.mSignatures)
1125 == PackageManager.SIGNATURE_MATCH;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1126 }
1127
1128 private void grantDefaultPermissionExceptions(int userId) {
1129 mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
1130
1131 synchronized (mLock) {
1132 // mGrantExceptions is null only before the first read and then
1133 // it serves as a cache of the default grants that should be
1134 // performed for every user. If there is an entry then the app
1135 // is on the system image and supports runtime permissions.
1136 if (mGrantExceptions == null) {
1137 mGrantExceptions = readDefaultPermissionExceptionsLocked();
1138 }
1139 }
1140
1141 Set<String> permissions = null;
1142 final int exceptionCount = mGrantExceptions.size();
1143 for (int i = 0; i < exceptionCount; i++) {
1144 String packageName = mGrantExceptions.keyAt(i);
1145 PackageParser.Package pkg = getSystemPackage(packageName);
1146 List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i);
1147 final int permissionGrantCount = permissionGrants.size();
1148 for (int j = 0; j < permissionGrantCount; j++) {
1149 DefaultPermissionGrant permissionGrant = permissionGrants.get(j);
1150 if (permissions == null) {
1151 permissions = new ArraySet<>();
1152 } else {
1153 permissions.clear();
1154 }
1155 permissions.add(permissionGrant.name);
1156 grantRuntimePermissions(pkg, permissions,
1157 permissionGrant.fixed, userId);
1158 }
1159 }
1160 }
1161
1162 private File[] getDefaultPermissionFiles() {
1163 ArrayList<File> ret = new ArrayList<File>();
1164 File dir = new File(Environment.getRootDirectory(), "etc/default-permissions");
1165 if (dir.isDirectory() && dir.canRead()) {
1166 Collections.addAll(ret, dir.listFiles());
1167 }
1168 dir = new File(Environment.getVendorDirectory(), "etc/default-permissions");
1169 if (dir.isDirectory() && dir.canRead()) {
1170 Collections.addAll(ret, dir.listFiles());
1171 }
1172 return ret.isEmpty() ? null : ret.toArray(new File[0]);
1173 }
1174
1175 private @NonNull ArrayMap<String, List<DefaultPermissionGrant>>
1176 readDefaultPermissionExceptionsLocked() {
1177 File[] files = getDefaultPermissionFiles();
1178 if (files == null) {
1179 return new ArrayMap<>(0);
1180 }
1181
1182 ArrayMap<String, List<DefaultPermissionGrant>> grantExceptions = new ArrayMap<>();
1183
1184 // Iterate over the files in the directory and scan .xml files
1185 for (File file : files) {
1186 if (!file.getPath().endsWith(".xml")) {
1187 Slog.i(TAG, "Non-xml file " + file
1188 + " in " + file.getParent() + " directory, ignoring");
1189 continue;
1190 }
1191 if (!file.canRead()) {
1192 Slog.w(TAG, "Default permissions file " + file + " cannot be read");
1193 continue;
1194 }
1195 try (
1196 InputStream str = new BufferedInputStream(new FileInputStream(file))
1197 ) {
1198 XmlPullParser parser = Xml.newPullParser();
1199 parser.setInput(str, null);
1200 parse(parser, grantExceptions);
1201 } catch (XmlPullParserException | IOException e) {
1202 Slog.w(TAG, "Error reading default permissions file " + file, e);
1203 }
1204 }
1205
1206 return grantExceptions;
1207 }
1208
1209 private void parse(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1210 outGrantExceptions) throws IOException, XmlPullParserException {
1211 final int outerDepth = parser.getDepth();
1212 int type;
1213 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1214 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1215 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1216 continue;
1217 }
1218 if (TAG_EXCEPTIONS.equals(parser.getName())) {
1219 parseExceptions(parser, outGrantExceptions);
1220 } else {
1221 Log.e(TAG, "Unknown tag " + parser.getName());
1222 }
1223 }
1224 }
1225
1226 private void parseExceptions(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1227 outGrantExceptions) throws IOException, XmlPullParserException {
1228 final int outerDepth = parser.getDepth();
1229 int type;
1230 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1231 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1232 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1233 continue;
1234 }
1235 if (TAG_EXCEPTION.equals(parser.getName())) {
1236 String packageName = parser.getAttributeValue(null, ATTR_PACKAGE);
1237
1238 List<DefaultPermissionGrant> packageExceptions =
1239 outGrantExceptions.get(packageName);
1240 if (packageExceptions == null) {
1241 // The package must be on the system image
1242 PackageParser.Package pkg = getSystemPackage(packageName);
1243 if (pkg == null) {
1244 Log.w(TAG, "Unknown package:" + packageName);
1245 XmlUtils.skipCurrentTag(parser);
1246 continue;
1247 }
1248
1249 // The package must support runtime permissions
1250 if (!doesPackageSupportRuntimePermissions(pkg)) {
1251 Log.w(TAG, "Skipping non supporting runtime permissions package:"
1252 + packageName);
1253 XmlUtils.skipCurrentTag(parser);
1254 continue;
1255 }
1256 packageExceptions = new ArrayList<>();
1257 outGrantExceptions.put(packageName, packageExceptions);
1258 }
1259
1260 parsePermission(parser, packageExceptions);
1261 } else {
1262 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exceptions>");
1263 }
1264 }
1265 }
1266
1267 private void parsePermission(XmlPullParser parser, List<DefaultPermissionGrant>
1268 outPackageExceptions) throws IOException, XmlPullParserException {
1269 final int outerDepth = parser.getDepth();
1270 int type;
1271 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1272 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1273 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1274 continue;
1275 }
1276
1277 if (TAG_PERMISSION.contains(parser.getName())) {
1278 String name = parser.getAttributeValue(null, ATTR_NAME);
1279 if (name == null) {
1280 Log.w(TAG, "Mandatory name attribute missing for permission tag");
1281 XmlUtils.skipCurrentTag(parser);
1282 continue;
1283 }
1284
1285 final boolean fixed = XmlUtils.readBooleanAttribute(parser, ATTR_FIXED);
1286
1287 DefaultPermissionGrant exception = new DefaultPermissionGrant(name, fixed);
1288 outPackageExceptions.add(exception);
1289 } else {
1290 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exception>");
1291 }
1292 }
1293 }
1294
1295 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) {
1296 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1;
1297 }
1298
1299 private static final class DefaultPermissionGrant {
1300 final String name;
1301 final boolean fixed;
1302
1303 public DefaultPermissionGrant(String name, boolean fixed) {
1304 this.name = name;
1305 this.fixed = fixed;
1306 }
1307 }
1308}