Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 4aacd8b6685f5879f1fc9137961edbff46d29471 / . / services / core / java / com / android / server / pm / permission / DefaultPermissionGrantPolicy.java
blob: 843cd8a1ba0f15b6b2e751ab32fb5bdd43966bec [file] [log] [blame]
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.pm.permission;
18
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]19import static android.os.Process.FIRST_APPLICATION_UID;
Todd Kennedy7c4c55d2017-11-02 10:01:39 -0700[diff] [blame]20
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]21import android.Manifest;
22import android.annotation.NonNull;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]23import android.annotation.Nullable;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]24import android.app.ActivityManager;
25import android.app.DownloadManager;
26import android.app.admin.DevicePolicyManager;
27import android.companion.CompanionDeviceManager;
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]28import android.content.ComponentName;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]29import android.content.Context;
30import android.content.Intent;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]31import android.content.pm.ApplicationInfo;
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]32import android.content.pm.PackageList;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]33import android.content.pm.PackageManager;
34import android.content.pm.PackageManagerInternal;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]35import android.content.pm.PackageManagerInternal.PackagesProvider;
36import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]37import android.content.pm.PackageParser;
38import android.content.pm.ProviderInfo;
39import android.content.pm.ResolveInfo;
40import android.media.RingtoneManager;
41import android.net.Uri;
42import android.os.Binder;
43import android.os.Build;
44import android.os.Environment;
45import android.os.Handler;
46import android.os.Looper;
47import android.os.Message;
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame^]48import android.os.SystemProperties;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]49import android.os.UserHandle;
50import android.os.storage.StorageManager;
51import android.print.PrintManager;
52import android.provider.CalendarContract;
53import android.provider.ContactsContract;
54import android.provider.MediaStore;
55import android.provider.Telephony.Sms.Intents;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]56import android.security.Credentials;
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]57import android.service.textclassifier.TextClassifierService;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]58import android.telephony.TelephonyManager;
Ye Wen8e8b2d52018-03-14 11:48:24 -0700[diff] [blame]59import android.text.TextUtils;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]60import android.util.ArrayMap;
61import android.util.ArraySet;
62import android.util.Log;
63import android.util.Slog;
64import android.util.Xml;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]65
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]66import com.android.internal.util.XmlUtils;
67import com.android.server.LocalServices;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]68import com.android.server.pm.PackageManagerService;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]69
70import org.xmlpull.v1.XmlPullParser;
71import org.xmlpull.v1.XmlPullParserException;
72
73import java.io.BufferedInputStream;
74import java.io.File;
75import java.io.FileInputStream;
76import java.io.IOException;
77import java.io.InputStream;
78import java.util.ArrayList;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]79import java.util.Collections;
80import java.util.List;
81import java.util.Map;
82import java.util.Set;
83
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]84/**
85 * This class is the policy for granting runtime permissions to
86 * platform components and default handlers in the system such
87 * that the device is usable out-of-the-box. For example, the
88 * shell UID is a part of the system and the Phone app should
89 * have phone related permission by default.
90 * <p>
91 * NOTE: This class is at the wrong abstraction level. It is a part of the package manager
92 * service but knows about lots of higher level subsystems. The correct way to do this is
93 * to have an interface defined in the package manager but have the impl next to other
94 * policy stuff like PhoneWindowManager
95 */
96public final class DefaultPermissionGrantPolicy {
97 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars
98 private static final boolean DEBUG = false;
99
100 private static final int DEFAULT_FLAGS =
101 PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE
102 | PackageManager.MATCH_UNINSTALLED_PACKAGES;
103
104 private static final String AUDIO_MIME_TYPE = "audio/mpeg";
105
106 private static final String TAG_EXCEPTIONS = "exceptions";
107 private static final String TAG_EXCEPTION = "exception";
108 private static final String TAG_PERMISSION = "permission";
109 private static final String ATTR_PACKAGE = "package";
110 private static final String ATTR_NAME = "name";
111 private static final String ATTR_FIXED = "fixed";
112
113 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>();
114 static {
115 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE);
116 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE);
117 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG);
118 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG);
119 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL);
120 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP);
121 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS);
122 }
123
124 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>();
125 static {
126 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS);
127 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS);
128 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS);
129 }
130
131 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>();
132 static {
133 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION);
134 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);
135 }
136
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]137 private static final Set<String> COARSE_LOCATION_PERMISSIONS = new ArraySet<>();
138 static {
139 COARSE_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);
140 }
141
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]142 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>();
143 static {
144 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR);
145 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR);
146 }
147
148 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>();
149 static {
150 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS);
151 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS);
152 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS);
153 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH);
154 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS);
155 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS);
156 }
157
158 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>();
159 static {
160 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO);
161 }
162
163 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>();
164 static {
165 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA);
166 }
167
168 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>();
169 static {
170 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS);
171 }
172
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame^]173 @Deprecated
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]174 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>();
175 static {
176 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE);
177 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE);
178 }
179
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame^]180 private static final Set<String> MEDIA_AURAL_PERMISSIONS = new ArraySet<>();
181 static {
182 // STOPSHIP(b/112545973): remove once feature enabled by default
183 if (SystemProperties.getBoolean(StorageManager.PROP_ISOLATED_STORAGE, false)) {
184 MEDIA_AURAL_PERMISSIONS.add(Manifest.permission.READ_MEDIA_AUDIO);
185 MEDIA_AURAL_PERMISSIONS.add(Manifest.permission.WRITE_MEDIA_AUDIO);
186 }
187 }
188
189 private static final Set<String> MEDIA_VISUAL_PERMISSIONS = new ArraySet<>();
190 static {
191 // STOPSHIP(b/112545973): remove once feature enabled by default
192 if (SystemProperties.getBoolean(StorageManager.PROP_ISOLATED_STORAGE, false)) {
193 MEDIA_VISUAL_PERMISSIONS.add(Manifest.permission.READ_MEDIA_IMAGES);
194 MEDIA_VISUAL_PERMISSIONS.add(Manifest.permission.WRITE_MEDIA_IMAGES);
195 MEDIA_VISUAL_PERMISSIONS.add(Manifest.permission.READ_MEDIA_VIDEO);
196 MEDIA_VISUAL_PERMISSIONS.add(Manifest.permission.WRITE_MEDIA_VIDEO);
197 }
198 }
199
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]200 private static final int MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS = 1;
201
202 private static final String ACTION_TRACK = "com.android.fitness.TRACK";
203
204 private final Handler mHandler;
205
206 private PackagesProvider mLocationPackagesProvider;
207 private PackagesProvider mVoiceInteractionPackagesProvider;
208 private PackagesProvider mSmsAppPackagesProvider;
209 private PackagesProvider mDialerAppPackagesProvider;
210 private PackagesProvider mSimCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]211 private PackagesProvider mUseOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]212 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider;
213
214 private ArrayMap<String, List<DefaultPermissionGrant>> mGrantExceptions;
215 private final Context mContext;
216 private final Object mLock = new Object();
217 private final PackageManagerInternal mServiceInternal;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]218 private final PermissionManagerService mPermissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]219 private final DefaultPermissionGrantedCallback mPermissionGrantedCallback;
220 public interface DefaultPermissionGrantedCallback {
221 /** Callback when permissions have been granted */
222 public void onDefaultRuntimePermissionsGranted(int userId);
223 }
224
225 public DefaultPermissionGrantPolicy(Context context, Looper looper,
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]226 @Nullable DefaultPermissionGrantedCallback callback,
227 @NonNull PermissionManagerService permissionManager) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]228 mContext = context;
229 mHandler = new Handler(looper) {
230 @Override
231 public void handleMessage(Message msg) {
232 if (msg.what == MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS) {
233 synchronized (mLock) {
234 if (mGrantExceptions == null) {
235 mGrantExceptions = readDefaultPermissionExceptionsLocked();
236 }
237 }
238 }
239 }
240 };
241 mPermissionGrantedCallback = callback;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]242 mPermissionManager = permissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]243 mServiceInternal = LocalServices.getService(PackageManagerInternal.class);
244 }
245
246 public void setLocationPackagesProvider(PackagesProvider provider) {
247 synchronized (mLock) {
248 mLocationPackagesProvider = provider;
249 }
250 }
251
252 public void setVoiceInteractionPackagesProvider(PackagesProvider provider) {
253 synchronized (mLock) {
254 mVoiceInteractionPackagesProvider = provider;
255 }
256 }
257
258 public void setSmsAppPackagesProvider(PackagesProvider provider) {
259 synchronized (mLock) {
260 mSmsAppPackagesProvider = provider;
261 }
262 }
263
264 public void setDialerAppPackagesProvider(PackagesProvider provider) {
265 synchronized (mLock) {
266 mDialerAppPackagesProvider = provider;
267 }
268 }
269
270 public void setSimCallManagerPackagesProvider(PackagesProvider provider) {
271 synchronized (mLock) {
272 mSimCallManagerPackagesProvider = provider;
273 }
274 }
275
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]276 public void setUseOpenWifiAppPackagesProvider(PackagesProvider provider) {
277 synchronized (mLock) {
278 mUseOpenWifiAppPackagesProvider = provider;
279 }
280 }
281
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]282 public void setSyncAdapterPackagesProvider(SyncAdapterPackagesProvider provider) {
283 synchronized (mLock) {
284 mSyncAdapterPackagesProvider = provider;
285 }
286 }
287
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]288 public void grantDefaultPermissions(int userId) {
Ralph Nathanbd111582018-03-21 14:53:23 -0700[diff] [blame]289 grantPermissionsToSysComponentsAndPrivApps(userId);
290 grantDefaultSystemHandlerPermissions(userId);
291 grantDefaultPermissionExceptions(userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]292 }
293
294 private void grantRuntimePermissionsForPackage(int userId, PackageParser.Package pkg) {
295 Set<String> permissions = new ArraySet<>();
296 for (String permission : pkg.requestedPermissions) {
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]297 final BasePermission bp = mPermissionManager.getPermission(permission);
298 if (bp == null) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]299 continue;
300 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]301 if (bp.isRuntime()) {
302 permissions.add(permission);
303 }
304 }
305 if (!permissions.isEmpty()) {
306 grantRuntimePermissions(pkg, permissions, true, userId);
307 }
308 }
309
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]310 private void grantAllRuntimePermissions(int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]311 Log.i(TAG, "Granting all runtime permissions for user " + userId);
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]312 final PackageList packageList = mServiceInternal.getPackageList();
313 for (String packageName : packageList.getPackageNames()) {
314 final PackageParser.Package pkg = mServiceInternal.getPackage(packageName);
315 if (pkg == null) {
316 continue;
317 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]318 grantRuntimePermissionsForPackage(userId, pkg);
319 }
320 }
321
322 public void scheduleReadDefaultPermissionExceptions() {
323 mHandler.sendEmptyMessage(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
324 }
325
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]326 private void grantPermissionsToSysComponentsAndPrivApps(int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]327 Log.i(TAG, "Granting permissions to platform components for user " + userId);
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]328 final PackageList packageList = mServiceInternal.getPackageList();
329 for (String packageName : packageList.getPackageNames()) {
330 final PackageParser.Package pkg = mServiceInternal.getPackage(packageName);
331 if (pkg == null) {
332 continue;
333 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]334 if (!isSysComponentOrPersistentPlatformSignedPrivApp(pkg)
335 || !doesPackageSupportRuntimePermissions(pkg)
336 || pkg.requestedPermissions.isEmpty()) {
337 continue;
338 }
339 grantRuntimePermissionsForPackage(userId, pkg);
340 }
341 }
342
343 private void grantDefaultSystemHandlerPermissions(int userId) {
344 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId);
345
346 final PackagesProvider locationPackagesProvider;
347 final PackagesProvider voiceInteractionPackagesProvider;
348 final PackagesProvider smsAppPackagesProvider;
349 final PackagesProvider dialerAppPackagesProvider;
350 final PackagesProvider simCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]351 final PackagesProvider useOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]352 final SyncAdapterPackagesProvider syncAdapterPackagesProvider;
353
354 synchronized (mLock) {
355 locationPackagesProvider = mLocationPackagesProvider;
356 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider;
357 smsAppPackagesProvider = mSmsAppPackagesProvider;
358 dialerAppPackagesProvider = mDialerAppPackagesProvider;
359 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]360 useOpenWifiAppPackagesProvider = mUseOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]361 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider;
362 }
363
364 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null)
365 ? voiceInteractionPackagesProvider.getPackages(userId) : null;
366 String[] locationPackageNames = (locationPackagesProvider != null)
367 ? locationPackagesProvider.getPackages(userId) : null;
368 String[] smsAppPackageNames = (smsAppPackagesProvider != null)
369 ? smsAppPackagesProvider.getPackages(userId) : null;
370 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null)
371 ? dialerAppPackagesProvider.getPackages(userId) : null;
372 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null)
373 ? simCallManagerPackagesProvider.getPackages(userId) : null;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]374 String[] useOpenWifiAppPackageNames = (useOpenWifiAppPackagesProvider != null)
375 ? useOpenWifiAppPackagesProvider.getPackages(userId) : null;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]376 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
377 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null;
378 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
379 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null;
380
381 // Installer
382 final String installerPackageName = mServiceInternal.getKnownPackageName(
383 PackageManagerInternal.PACKAGE_INSTALLER, userId);
384 PackageParser.Package installerPackage = getSystemPackage(installerPackageName);
385 if (installerPackage != null
386 && doesPackageSupportRuntimePermissions(installerPackage)) {
387 grantRuntimePermissions(installerPackage, STORAGE_PERMISSIONS, true, userId);
388 }
389
390 // Verifier
391 final String verifierPackageName = mServiceInternal.getKnownPackageName(
392 PackageManagerInternal.PACKAGE_VERIFIER, userId);
393 PackageParser.Package verifierPackage = getSystemPackage(verifierPackageName);
394 if (verifierPackage != null
395 && doesPackageSupportRuntimePermissions(verifierPackage)) {
396 grantRuntimePermissions(verifierPackage, STORAGE_PERMISSIONS, true, userId);
397 grantRuntimePermissions(verifierPackage, PHONE_PERMISSIONS, false, userId);
398 grantRuntimePermissions(verifierPackage, SMS_PERMISSIONS, false, userId);
399 }
400
401 // SetupWizard
402 final String setupWizardPackageName = mServiceInternal.getKnownPackageName(
403 PackageManagerInternal.PACKAGE_SETUP_WIZARD, userId);
404 PackageParser.Package setupPackage = getSystemPackage(setupWizardPackageName);
405 if (setupPackage != null
406 && doesPackageSupportRuntimePermissions(setupPackage)) {
407 grantRuntimePermissions(setupPackage, PHONE_PERMISSIONS, userId);
408 grantRuntimePermissions(setupPackage, CONTACTS_PERMISSIONS, userId);
409 grantRuntimePermissions(setupPackage, LOCATION_PERMISSIONS, userId);
410 grantRuntimePermissions(setupPackage, CAMERA_PERMISSIONS, userId);
411 }
412
413 // Camera
414 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE);
415 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackage(
416 cameraIntent, userId);
417 if (cameraPackage != null
418 && doesPackageSupportRuntimePermissions(cameraPackage)) {
419 grantRuntimePermissions(cameraPackage, CAMERA_PERMISSIONS, userId);
420 grantRuntimePermissions(cameraPackage, MICROPHONE_PERMISSIONS, userId);
421 grantRuntimePermissions(cameraPackage, STORAGE_PERMISSIONS, userId);
422 }
423
424 // Media provider
425 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackage(
426 MediaStore.AUTHORITY, userId);
427 if (mediaStorePackage != null) {
428 grantRuntimePermissions(mediaStorePackage, STORAGE_PERMISSIONS, true, userId);
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame^]429 grantRuntimePermissions(mediaStorePackage, MEDIA_AURAL_PERMISSIONS, true, userId);
430 grantRuntimePermissions(mediaStorePackage, MEDIA_VISUAL_PERMISSIONS, true, userId);
Jerry Zhang27067df2017-10-18 11:51:54 -0700[diff] [blame]431 grantRuntimePermissions(mediaStorePackage, PHONE_PERMISSIONS, true, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]432 }
433
434 // Downloads provider
435 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackage(
436 "downloads", userId);
437 if (downloadsPackage != null) {
438 grantRuntimePermissions(downloadsPackage, STORAGE_PERMISSIONS, true, userId);
439 }
440
441 // Downloads UI
442 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS);
443 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackage(
444 downloadsUiIntent, userId);
445 if (downloadsUiPackage != null
446 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) {
447 grantRuntimePermissions(downloadsUiPackage, STORAGE_PERMISSIONS, true, userId);
448 }
449
450 // Storage provider
451 PackageParser.Package storagePackage = getDefaultProviderAuthorityPackage(
452 "com.android.externalstorage.documents", userId);
453 if (storagePackage != null) {
454 grantRuntimePermissions(storagePackage, STORAGE_PERMISSIONS, true, userId);
455 }
456
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]457 // Container service
458 PackageParser.Package containerPackage = getSystemPackage(
459 PackageManagerService.DEFAULT_CONTAINER_PACKAGE);
460 if (containerPackage != null) {
461 grantRuntimePermissions(containerPackage, STORAGE_PERMISSIONS, true, userId);
462 }
463
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]464 // CertInstaller
465 Intent certInstallerIntent = new Intent(Credentials.INSTALL_ACTION);
466 PackageParser.Package certInstallerPackage = getDefaultSystemHandlerActivityPackage(
467 certInstallerIntent, userId);
468 if (certInstallerPackage != null
469 && doesPackageSupportRuntimePermissions(certInstallerPackage)) {
470 grantRuntimePermissions(certInstallerPackage, STORAGE_PERMISSIONS, true, userId);
471 }
472
473 // Dialer
474 if (dialerAppPackageNames == null) {
475 Intent dialerIntent = new Intent(Intent.ACTION_DIAL);
476 PackageParser.Package dialerPackage = getDefaultSystemHandlerActivityPackage(
477 dialerIntent, userId);
478 if (dialerPackage != null) {
479 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId);
480 }
481 } else {
482 for (String dialerAppPackageName : dialerAppPackageNames) {
483 PackageParser.Package dialerPackage = getSystemPackage(dialerAppPackageName);
484 if (dialerPackage != null) {
485 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId);
486 }
487 }
488 }
489
490 // Sim call manager
491 if (simCallManagerPackageNames != null) {
492 for (String simCallManagerPackageName : simCallManagerPackageNames) {
493 PackageParser.Package simCallManagerPackage =
494 getSystemPackage(simCallManagerPackageName);
495 if (simCallManagerPackage != null) {
496 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage,
497 userId);
498 }
499 }
500 }
501
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]502 // Use Open Wifi
503 if (useOpenWifiAppPackageNames != null) {
504 for (String useOpenWifiPackageName : useOpenWifiAppPackageNames) {
505 PackageParser.Package useOpenWifiPackage =
506 getSystemPackage(useOpenWifiPackageName);
507 if (useOpenWifiPackage != null) {
508 grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(useOpenWifiPackage,
509 userId);
510 }
511 }
512 }
513
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]514 // SMS
515 if (smsAppPackageNames == null) {
516 Intent smsIntent = new Intent(Intent.ACTION_MAIN);
517 smsIntent.addCategory(Intent.CATEGORY_APP_MESSAGING);
518 PackageParser.Package smsPackage = getDefaultSystemHandlerActivityPackage(
519 smsIntent, userId);
520 if (smsPackage != null) {
521 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
522 }
523 } else {
524 for (String smsPackageName : smsAppPackageNames) {
525 PackageParser.Package smsPackage = getSystemPackage(smsPackageName);
526 if (smsPackage != null) {
527 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
528 }
529 }
530 }
531
532 // Cell Broadcast Receiver
533 Intent cbrIntent = new Intent(Intents.SMS_CB_RECEIVED_ACTION);
534 PackageParser.Package cbrPackage =
535 getDefaultSystemHandlerActivityPackage(cbrIntent, userId);
536 if (cbrPackage != null && doesPackageSupportRuntimePermissions(cbrPackage)) {
537 grantRuntimePermissions(cbrPackage, SMS_PERMISSIONS, userId);
538 }
539
540 // Carrier Provisioning Service
541 Intent carrierProvIntent = new Intent(Intents.SMS_CARRIER_PROVISION_ACTION);
542 PackageParser.Package carrierProvPackage =
543 getDefaultSystemHandlerServicePackage(carrierProvIntent, userId);
544 if (carrierProvPackage != null
545 && doesPackageSupportRuntimePermissions(carrierProvPackage)) {
546 grantRuntimePermissions(carrierProvPackage, SMS_PERMISSIONS, false, userId);
547 }
548
549 // Calendar
550 Intent calendarIntent = new Intent(Intent.ACTION_MAIN);
551 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR);
552 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackage(
553 calendarIntent, userId);
554 if (calendarPackage != null
555 && doesPackageSupportRuntimePermissions(calendarPackage)) {
556 grantRuntimePermissions(calendarPackage, CALENDAR_PERMISSIONS, userId);
557 grantRuntimePermissions(calendarPackage, CONTACTS_PERMISSIONS, userId);
558 }
559
560 // Calendar provider
561 PackageParser.Package calendarProviderPackage = getDefaultProviderAuthorityPackage(
562 CalendarContract.AUTHORITY, userId);
563 if (calendarProviderPackage != null) {
564 grantRuntimePermissions(calendarProviderPackage, CONTACTS_PERMISSIONS, userId);
565 grantRuntimePermissions(calendarProviderPackage, CALENDAR_PERMISSIONS,
566 true, userId);
567 grantRuntimePermissions(calendarProviderPackage, STORAGE_PERMISSIONS, userId);
568 }
569
570 // Calendar provider sync adapters
571 List<PackageParser.Package> calendarSyncAdapters = getHeadlessSyncAdapterPackages(
572 calendarSyncAdapterPackages, userId);
573 final int calendarSyncAdapterCount = calendarSyncAdapters.size();
574 for (int i = 0; i < calendarSyncAdapterCount; i++) {
575 PackageParser.Package calendarSyncAdapter = calendarSyncAdapters.get(i);
576 if (doesPackageSupportRuntimePermissions(calendarSyncAdapter)) {
577 grantRuntimePermissions(calendarSyncAdapter, CALENDAR_PERMISSIONS, userId);
578 }
579 }
580
581 // Contacts
582 Intent contactsIntent = new Intent(Intent.ACTION_MAIN);
583 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS);
584 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackage(
585 contactsIntent, userId);
586 if (contactsPackage != null
587 && doesPackageSupportRuntimePermissions(contactsPackage)) {
588 grantRuntimePermissions(contactsPackage, CONTACTS_PERMISSIONS, userId);
589 grantRuntimePermissions(contactsPackage, PHONE_PERMISSIONS, userId);
590 }
591
592 // Contacts provider sync adapters
593 List<PackageParser.Package> contactsSyncAdapters = getHeadlessSyncAdapterPackages(
594 contactsSyncAdapterPackages, userId);
595 final int contactsSyncAdapterCount = contactsSyncAdapters.size();
596 for (int i = 0; i < contactsSyncAdapterCount; i++) {
597 PackageParser.Package contactsSyncAdapter = contactsSyncAdapters.get(i);
598 if (doesPackageSupportRuntimePermissions(contactsSyncAdapter)) {
599 grantRuntimePermissions(contactsSyncAdapter, CONTACTS_PERMISSIONS, userId);
600 }
601 }
602
603 // Contacts provider
604 PackageParser.Package contactsProviderPackage = getDefaultProviderAuthorityPackage(
605 ContactsContract.AUTHORITY, userId);
606 if (contactsProviderPackage != null) {
607 grantRuntimePermissions(contactsProviderPackage, CONTACTS_PERMISSIONS,
608 true, userId);
609 grantRuntimePermissions(contactsProviderPackage, PHONE_PERMISSIONS,
610 true, userId);
611 grantRuntimePermissions(contactsProviderPackage, STORAGE_PERMISSIONS, userId);
612 }
613
614 // Device provisioning
615 Intent deviceProvisionIntent = new Intent(
616 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE);
617 PackageParser.Package deviceProvisionPackage =
618 getDefaultSystemHandlerActivityPackage(deviceProvisionIntent, userId);
619 if (deviceProvisionPackage != null
620 && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) {
621 grantRuntimePermissions(deviceProvisionPackage, CONTACTS_PERMISSIONS, userId);
622 }
623
624 // Maps
625 Intent mapsIntent = new Intent(Intent.ACTION_MAIN);
626 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS);
627 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackage(
628 mapsIntent, userId);
629 if (mapsPackage != null
630 && doesPackageSupportRuntimePermissions(mapsPackage)) {
631 grantRuntimePermissions(mapsPackage, LOCATION_PERMISSIONS, userId);
632 }
633
634 // Gallery
635 Intent galleryIntent = new Intent(Intent.ACTION_MAIN);
636 galleryIntent.addCategory(Intent.CATEGORY_APP_GALLERY);
637 PackageParser.Package galleryPackage = getDefaultSystemHandlerActivityPackage(
638 galleryIntent, userId);
639 if (galleryPackage != null
640 && doesPackageSupportRuntimePermissions(galleryPackage)) {
641 grantRuntimePermissions(galleryPackage, STORAGE_PERMISSIONS, userId);
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame^]642 grantRuntimePermissions(galleryPackage, MEDIA_VISUAL_PERMISSIONS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]643 }
644
645 // Email
646 Intent emailIntent = new Intent(Intent.ACTION_MAIN);
647 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL);
648 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackage(
649 emailIntent, userId);
650 if (emailPackage != null
651 && doesPackageSupportRuntimePermissions(emailPackage)) {
652 grantRuntimePermissions(emailPackage, CONTACTS_PERMISSIONS, userId);
653 grantRuntimePermissions(emailPackage, CALENDAR_PERMISSIONS, userId);
654 }
655
656 // Browser
657 PackageParser.Package browserPackage = null;
658 String defaultBrowserPackage = mServiceInternal.getKnownPackageName(
659 PackageManagerInternal.PACKAGE_BROWSER, userId);
660 if (defaultBrowserPackage != null) {
661 browserPackage = getPackage(defaultBrowserPackage);
662 }
663 if (browserPackage == null) {
664 Intent browserIntent = new Intent(Intent.ACTION_MAIN);
665 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER);
666 browserPackage = getDefaultSystemHandlerActivityPackage(
667 browserIntent, userId);
668 }
669 if (browserPackage != null
670 && doesPackageSupportRuntimePermissions(browserPackage)) {
671 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, userId);
672 }
673
674 // Voice interaction
675 if (voiceInteractPackageNames != null) {
676 for (String voiceInteractPackageName : voiceInteractPackageNames) {
677 PackageParser.Package voiceInteractPackage = getSystemPackage(
678 voiceInteractPackageName);
679 if (voiceInteractPackage != null
680 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) {
681 grantRuntimePermissions(voiceInteractPackage,
682 CONTACTS_PERMISSIONS, userId);
683 grantRuntimePermissions(voiceInteractPackage,
684 CALENDAR_PERMISSIONS, userId);
685 grantRuntimePermissions(voiceInteractPackage,
686 MICROPHONE_PERMISSIONS, userId);
687 grantRuntimePermissions(voiceInteractPackage,
688 PHONE_PERMISSIONS, userId);
689 grantRuntimePermissions(voiceInteractPackage,
690 SMS_PERMISSIONS, userId);
691 grantRuntimePermissions(voiceInteractPackage,
692 LOCATION_PERMISSIONS, userId);
693 }
694 }
695 }
696
697 if (ActivityManager.isLowRamDeviceStatic()) {
698 // Allow voice search on low-ram devices
699 Intent globalSearchIntent = new Intent("android.search.action.GLOBAL_SEARCH");
700 PackageParser.Package globalSearchPickerPackage =
701 getDefaultSystemHandlerActivityPackage(globalSearchIntent, userId);
702
703 if (globalSearchPickerPackage != null
704 && doesPackageSupportRuntimePermissions(globalSearchPickerPackage)) {
705 grantRuntimePermissions(globalSearchPickerPackage,
Ng Zhi An202372d2017-12-19 11:19:30 -0800[diff] [blame]706 MICROPHONE_PERMISSIONS, false, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]707 grantRuntimePermissions(globalSearchPickerPackage,
Ng Zhi An202372d2017-12-19 11:19:30 -0800[diff] [blame]708 LOCATION_PERMISSIONS, false, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]709 }
710 }
711
712 // Voice recognition
713 Intent voiceRecoIntent = new Intent("android.speech.RecognitionService");
714 voiceRecoIntent.addCategory(Intent.CATEGORY_DEFAULT);
715 PackageParser.Package voiceRecoPackage = getDefaultSystemHandlerServicePackage(
716 voiceRecoIntent, userId);
717 if (voiceRecoPackage != null
718 && doesPackageSupportRuntimePermissions(voiceRecoPackage)) {
719 grantRuntimePermissions(voiceRecoPackage, MICROPHONE_PERMISSIONS, userId);
720 }
721
722 // Location
723 if (locationPackageNames != null) {
724 for (String packageName : locationPackageNames) {
725 PackageParser.Package locationPackage = getSystemPackage(packageName);
726 if (locationPackage != null
727 && doesPackageSupportRuntimePermissions(locationPackage)) {
728 grantRuntimePermissions(locationPackage, CONTACTS_PERMISSIONS, userId);
729 grantRuntimePermissions(locationPackage, CALENDAR_PERMISSIONS, userId);
730 grantRuntimePermissions(locationPackage, MICROPHONE_PERMISSIONS, userId);
731 grantRuntimePermissions(locationPackage, PHONE_PERMISSIONS, userId);
732 grantRuntimePermissions(locationPackage, SMS_PERMISSIONS, userId);
733 grantRuntimePermissions(locationPackage, LOCATION_PERMISSIONS,
734 true, userId);
735 grantRuntimePermissions(locationPackage, CAMERA_PERMISSIONS, userId);
736 grantRuntimePermissions(locationPackage, SENSORS_PERMISSIONS, userId);
737 grantRuntimePermissions(locationPackage, STORAGE_PERMISSIONS, userId);
738 }
739 }
740 }
741
742 // Music
743 Intent musicIntent = new Intent(Intent.ACTION_VIEW);
744 musicIntent.addCategory(Intent.CATEGORY_DEFAULT);
745 musicIntent.setDataAndType(Uri.fromFile(new File("foo.mp3")),
746 AUDIO_MIME_TYPE);
747 PackageParser.Package musicPackage = getDefaultSystemHandlerActivityPackage(
748 musicIntent, userId);
749 if (musicPackage != null
750 && doesPackageSupportRuntimePermissions(musicPackage)) {
751 grantRuntimePermissions(musicPackage, STORAGE_PERMISSIONS, userId);
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame^]752 grantRuntimePermissions(musicPackage, MEDIA_AURAL_PERMISSIONS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]753 }
754
755 // Home
756 Intent homeIntent = new Intent(Intent.ACTION_MAIN);
757 homeIntent.addCategory(Intent.CATEGORY_HOME);
758 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER_APP);
759 PackageParser.Package homePackage = getDefaultSystemHandlerActivityPackage(
760 homeIntent, userId);
761 if (homePackage != null
762 && doesPackageSupportRuntimePermissions(homePackage)) {
763 grantRuntimePermissions(homePackage, LOCATION_PERMISSIONS, false, userId);
764 }
765
766 // Watches
767 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0)) {
768 // Home application on watches
769 Intent wearHomeIntent = new Intent(Intent.ACTION_MAIN);
770 wearHomeIntent.addCategory(Intent.CATEGORY_HOME_MAIN);
771
772 PackageParser.Package wearHomePackage = getDefaultSystemHandlerActivityPackage(
773 wearHomeIntent, userId);
774
775 if (wearHomePackage != null
776 && doesPackageSupportRuntimePermissions(wearHomePackage)) {
777 grantRuntimePermissions(wearHomePackage, CONTACTS_PERMISSIONS, false,
778 userId);
779 grantRuntimePermissions(wearHomePackage, PHONE_PERMISSIONS, true, userId);
780 grantRuntimePermissions(wearHomePackage, MICROPHONE_PERMISSIONS, false,
781 userId);
782 grantRuntimePermissions(wearHomePackage, LOCATION_PERMISSIONS, false,
783 userId);
784 }
785
786 // Fitness tracking on watches
787 Intent trackIntent = new Intent(ACTION_TRACK);
788 PackageParser.Package trackPackage = getDefaultSystemHandlerActivityPackage(
789 trackIntent, userId);
790 if (trackPackage != null
791 && doesPackageSupportRuntimePermissions(trackPackage)) {
792 grantRuntimePermissions(trackPackage, SENSORS_PERMISSIONS, false, userId);
793 grantRuntimePermissions(trackPackage, LOCATION_PERMISSIONS, false, userId);
794 }
795 }
796
797 // Print Spooler
798 PackageParser.Package printSpoolerPackage = getSystemPackage(
799 PrintManager.PRINT_SPOOLER_PACKAGE_NAME);
800 if (printSpoolerPackage != null
801 && doesPackageSupportRuntimePermissions(printSpoolerPackage)) {
802 grantRuntimePermissions(printSpoolerPackage, LOCATION_PERMISSIONS, true, userId);
803 }
804
805 // EmergencyInfo
806 Intent emergencyInfoIntent = new Intent(TelephonyManager.ACTION_EMERGENCY_ASSISTANCE);
807 PackageParser.Package emergencyInfoPckg = getDefaultSystemHandlerActivityPackage(
808 emergencyInfoIntent, userId);
809 if (emergencyInfoPckg != null
810 && doesPackageSupportRuntimePermissions(emergencyInfoPckg)) {
811 grantRuntimePermissions(emergencyInfoPckg, CONTACTS_PERMISSIONS, true, userId);
812 grantRuntimePermissions(emergencyInfoPckg, PHONE_PERMISSIONS, true, userId);
813 }
814
815 // NFC Tag viewer
816 Intent nfcTagIntent = new Intent(Intent.ACTION_VIEW);
817 nfcTagIntent.setType("vnd.android.cursor.item/ndef_msg");
818 PackageParser.Package nfcTagPkg = getDefaultSystemHandlerActivityPackage(
819 nfcTagIntent, userId);
820 if (nfcTagPkg != null
821 && doesPackageSupportRuntimePermissions(nfcTagPkg)) {
822 grantRuntimePermissions(nfcTagPkg, CONTACTS_PERMISSIONS, false, userId);
823 grantRuntimePermissions(nfcTagPkg, PHONE_PERMISSIONS, false, userId);
824 }
825
826 // Storage Manager
827 Intent storageManagerIntent = new Intent(StorageManager.ACTION_MANAGE_STORAGE);
828 PackageParser.Package storageManagerPckg = getDefaultSystemHandlerActivityPackage(
829 storageManagerIntent, userId);
830 if (storageManagerPckg != null
831 && doesPackageSupportRuntimePermissions(storageManagerPckg)) {
832 grantRuntimePermissions(storageManagerPckg, STORAGE_PERMISSIONS, true, userId);
833 }
834
835 // Companion devices
836 PackageParser.Package companionDeviceDiscoveryPackage = getSystemPackage(
837 CompanionDeviceManager.COMPANION_DEVICE_DISCOVERY_PACKAGE_NAME);
838 if (companionDeviceDiscoveryPackage != null
839 && doesPackageSupportRuntimePermissions(companionDeviceDiscoveryPackage)) {
840 grantRuntimePermissions(companionDeviceDiscoveryPackage,
841 LOCATION_PERMISSIONS, true, userId);
842 }
843
844 // Ringtone Picker
845 Intent ringtonePickerIntent = new Intent(RingtoneManager.ACTION_RINGTONE_PICKER);
846 PackageParser.Package ringtonePickerPackage =
847 getDefaultSystemHandlerActivityPackage(ringtonePickerIntent, userId);
848 if (ringtonePickerPackage != null
849 && doesPackageSupportRuntimePermissions(ringtonePickerPackage)) {
850 grantRuntimePermissions(ringtonePickerPackage,
851 STORAGE_PERMISSIONS, true, userId);
852 }
853
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]854 // TextClassifier Service
Ye Wen8e8b2d52018-03-14 11:48:24 -0700[diff] [blame]855 String textClassifierPackageName =
856 mContext.getPackageManager().getSystemTextClassifierPackageName();
857 if (!TextUtils.isEmpty(textClassifierPackageName)) {
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]858 PackageParser.Package textClassifierPackage =
Ye Wen8e8b2d52018-03-14 11:48:24 -0700[diff] [blame]859 getSystemPackage(textClassifierPackageName);
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]860 if (textClassifierPackage != null
861 && doesPackageSupportRuntimePermissions(textClassifierPackage)) {
Eugene Susla4b870112018-06-08 21:39:58 +0000[diff] [blame]862 grantRuntimePermissions(textClassifierPackage, PHONE_PERMISSIONS, false, userId);
863 grantRuntimePermissions(textClassifierPackage, SMS_PERMISSIONS, false, userId);
864 grantRuntimePermissions(textClassifierPackage, CALENDAR_PERMISSIONS, false, userId);
865 grantRuntimePermissions(textClassifierPackage, LOCATION_PERMISSIONS, false, userId);
866 grantRuntimePermissions(textClassifierPackage, CONTACTS_PERMISSIONS, false, userId);
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]867 }
868 }
869
Anton Philippov4b3a1f52018-05-04 14:46:44 +0100[diff] [blame]870 // There is no real "marker" interface to identify the shared storage backup, it is
871 // hardcoded in BackupManagerService.SHARED_BACKUP_AGENT_PACKAGE.
872 PackageParser.Package sharedStorageBackupPackage = getSystemPackage(
873 "com.android.sharedstoragebackup");
874 if (sharedStorageBackupPackage != null) {
875 grantRuntimePermissions(sharedStorageBackupPackage, STORAGE_PERMISSIONS, true, userId);
876 }
877
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]878 if (mPermissionGrantedCallback != null) {
879 mPermissionGrantedCallback.onDefaultRuntimePermissionsGranted(userId);
880 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]881 }
882
883 private void grantDefaultPermissionsToDefaultSystemDialerApp(
884 PackageParser.Package dialerPackage, int userId) {
885 if (doesPackageSupportRuntimePermissions(dialerPackage)) {
886 boolean isPhonePermFixed =
887 mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0);
888 grantRuntimePermissions(
889 dialerPackage, PHONE_PERMISSIONS, isPhonePermFixed, userId);
890 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, userId);
891 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, userId);
892 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, userId);
893 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, userId);
894 }
895 }
896
897 private void grantDefaultPermissionsToDefaultSystemSmsApp(
898 PackageParser.Package smsPackage, int userId) {
899 if (doesPackageSupportRuntimePermissions(smsPackage)) {
900 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, userId);
901 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, userId);
902 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, userId);
903 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, userId);
904 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, userId);
905 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, userId);
906 }
907 }
908
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]909 private void grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(
910 PackageParser.Package useOpenWifiPackage, int userId) {
911 if (doesPackageSupportRuntimePermissions(useOpenWifiPackage)) {
912 grantRuntimePermissions(useOpenWifiPackage, COARSE_LOCATION_PERMISSIONS, userId);
913 }
914 }
915
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]916 public void grantDefaultPermissionsToDefaultSmsApp(String packageName, int userId) {
917 Log.i(TAG, "Granting permissions to default sms app for user:" + userId);
918 if (packageName == null) {
919 return;
920 }
921 PackageParser.Package smsPackage = getPackage(packageName);
922 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) {
923 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, false, true, userId);
924 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, false, true, userId);
925 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, false, true, userId);
926 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, false, true, userId);
927 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, false, true, userId);
928 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, false, true, userId);
929 }
930 }
931
932 public void grantDefaultPermissionsToDefaultDialerApp(String packageName, int userId) {
933 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId);
934 if (packageName == null) {
935 return;
936 }
937 PackageParser.Package dialerPackage = getPackage(packageName);
938 if (dialerPackage != null
939 && doesPackageSupportRuntimePermissions(dialerPackage)) {
940 grantRuntimePermissions(dialerPackage, PHONE_PERMISSIONS, false, true, userId);
941 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, false, true, userId);
942 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, false, true, userId);
943 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, false, true, userId);
944 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, false, true, userId);
945 }
946 }
947
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]948 public void grantDefaultPermissionsToDefaultUseOpenWifiApp(String packageName, int userId) {
949 Log.i(TAG, "Granting permissions to default Use Open WiFi app for user:" + userId);
950 if (packageName == null) {
951 return;
952 }
953 PackageParser.Package useOpenWifiPackage = getPackage(packageName);
954 if (useOpenWifiPackage != null
955 && doesPackageSupportRuntimePermissions(useOpenWifiPackage)) {
956 grantRuntimePermissions(
957 useOpenWifiPackage, COARSE_LOCATION_PERMISSIONS, false, true, userId);
958 }
959 }
960
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]961 private void grantDefaultPermissionsToDefaultSimCallManager(
962 PackageParser.Package simCallManagerPackage, int userId) {
963 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId);
964 if (doesPackageSupportRuntimePermissions(simCallManagerPackage)) {
965 grantRuntimePermissions(simCallManagerPackage, PHONE_PERMISSIONS, userId);
966 grantRuntimePermissions(simCallManagerPackage, MICROPHONE_PERMISSIONS, userId);
967 }
968 }
969
970 public void grantDefaultPermissionsToDefaultSimCallManager(String packageName, int userId) {
971 if (packageName == null) {
972 return;
973 }
974 PackageParser.Package simCallManagerPackage = getPackage(packageName);
975 if (simCallManagerPackage != null) {
976 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage, userId);
977 }
978 }
979
980 public void grantDefaultPermissionsToEnabledCarrierApps(String[] packageNames, int userId) {
981 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId);
982 if (packageNames == null) {
983 return;
984 }
985 for (String packageName : packageNames) {
986 PackageParser.Package carrierPackage = getSystemPackage(packageName);
987 if (carrierPackage != null
988 && doesPackageSupportRuntimePermissions(carrierPackage)) {
989 grantRuntimePermissions(carrierPackage, PHONE_PERMISSIONS, userId);
990 grantRuntimePermissions(carrierPackage, LOCATION_PERMISSIONS, userId);
991 grantRuntimePermissions(carrierPackage, SMS_PERMISSIONS, userId);
992 }
993 }
994 }
995
996 public void grantDefaultPermissionsToEnabledImsServices(String[] packageNames, int userId) {
997 Log.i(TAG, "Granting permissions to enabled ImsServices for user:" + userId);
998 if (packageNames == null) {
999 return;
1000 }
1001 for (String packageName : packageNames) {
1002 PackageParser.Package imsServicePackage = getSystemPackage(packageName);
1003 if (imsServicePackage != null
1004 && doesPackageSupportRuntimePermissions(imsServicePackage)) {
1005 grantRuntimePermissions(imsServicePackage, PHONE_PERMISSIONS, userId);
1006 grantRuntimePermissions(imsServicePackage, MICROPHONE_PERMISSIONS, userId);
1007 grantRuntimePermissions(imsServicePackage, LOCATION_PERMISSIONS, userId);
1008 grantRuntimePermissions(imsServicePackage, CAMERA_PERMISSIONS, userId);
Mohamed Abdalkaderd6d55742018-03-12 14:36:14 -0700[diff] [blame]1009 grantRuntimePermissions(imsServicePackage, CONTACTS_PERMISSIONS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1010 }
1011 }
1012 }
1013
Nathan Harold76ad1a32018-02-20 14:31:09 -0800[diff] [blame]1014 public void grantDefaultPermissionsToEnabledTelephonyDataServices(
1015 String[] packageNames, int userId) {
1016 Log.i(TAG, "Granting permissions to enabled data services for user:" + userId);
1017 if (packageNames == null) {
1018 return;
1019 }
1020 for (String packageName : packageNames) {
1021 PackageParser.Package dataServicePackage = getSystemPackage(packageName);
1022 if (dataServicePackage != null
1023 && doesPackageSupportRuntimePermissions(dataServicePackage)) {
1024 // Grant these permissions as system-fixed, so that nobody can accidentally
1025 // break cellular data.
1026 grantRuntimePermissions(dataServicePackage, PHONE_PERMISSIONS, true, userId);
1027 grantRuntimePermissions(dataServicePackage, LOCATION_PERMISSIONS, true, userId);
1028 }
1029 }
1030 }
1031
1032 public void revokeDefaultPermissionsFromDisabledTelephonyDataServices(
1033 String[] packageNames, int userId) {
1034 Log.i(TAG, "Revoking permissions from disabled data services for user:" + userId);
1035 if (packageNames == null) {
1036 return;
1037 }
1038 for (String packageName : packageNames) {
1039 PackageParser.Package dataServicePackage = getSystemPackage(packageName);
1040 if (dataServicePackage != null
1041 && doesPackageSupportRuntimePermissions(dataServicePackage)) {
1042 revokeRuntimePermissions(dataServicePackage, PHONE_PERMISSIONS, true, userId);
1043 revokeRuntimePermissions(dataServicePackage, LOCATION_PERMISSIONS, true, userId);
1044 }
1045 }
1046 }
1047
Holly Jiuyu Sun349e2142018-03-26 15:29:42 -0700[diff] [blame]1048 public void grantDefaultPermissionsToActiveLuiApp(String packageName, int userId) {
1049 Log.i(TAG, "Granting permissions to active LUI app for user:" + userId);
1050 if (packageName == null) {
1051 return;
1052 }
1053 PackageParser.Package luiAppPackage = getSystemPackage(packageName);
1054 if (luiAppPackage != null
1055 && doesPackageSupportRuntimePermissions(luiAppPackage)) {
1056 grantRuntimePermissions(luiAppPackage, CAMERA_PERMISSIONS, true, userId);
1057 }
1058 }
1059
1060 public void revokeDefaultPermissionsFromLuiApps(String[] packageNames, int userId) {
1061 Log.i(TAG, "Revoke permissions from LUI apps for user:" + userId);
1062 if (packageNames == null) {
1063 return;
1064 }
1065 for (String packageName : packageNames) {
1066 PackageParser.Package luiAppPackage = getSystemPackage(packageName);
1067 if (luiAppPackage != null
1068 && doesPackageSupportRuntimePermissions(luiAppPackage)) {
1069 revokeRuntimePermissions(luiAppPackage, CAMERA_PERMISSIONS, true, userId);
1070 }
1071 }
1072 }
1073
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1074 public void grantDefaultPermissionsToDefaultBrowser(String packageName, int userId) {
1075 Log.i(TAG, "Granting permissions to default browser for user:" + userId);
1076 if (packageName == null) {
1077 return;
1078 }
1079 PackageParser.Package browserPackage = getSystemPackage(packageName);
1080 if (browserPackage != null
1081 && doesPackageSupportRuntimePermissions(browserPackage)) {
1082 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, false, false, userId);
1083 }
1084 }
1085
1086 private PackageParser.Package getDefaultSystemHandlerActivityPackage(
1087 Intent intent, int userId) {
1088 ResolveInfo handler = mServiceInternal.resolveIntent(intent,
Patrick Baumann78380272018-04-04 10:41:01 -0700[diff] [blame]1089 intent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS, userId, false,
1090 Binder.getCallingUid());
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1091 if (handler == null || handler.activityInfo == null) {
1092 return null;
1093 }
1094 if (mServiceInternal.isResolveActivityComponent(handler.activityInfo)) {
1095 return null;
1096 }
1097 return getSystemPackage(handler.activityInfo.packageName);
1098 }
1099
1100 private PackageParser.Package getDefaultSystemHandlerServicePackage(
1101 Intent intent, int userId) {
1102 List<ResolveInfo> handlers = mServiceInternal.queryIntentServices(
1103 intent, DEFAULT_FLAGS, Binder.getCallingUid(), userId);
1104 if (handlers == null) {
1105 return null;
1106 }
1107 final int handlerCount = handlers.size();
1108 for (int i = 0; i < handlerCount; i++) {
1109 ResolveInfo handler = handlers.get(i);
1110 PackageParser.Package handlerPackage = getSystemPackage(
1111 handler.serviceInfo.packageName);
1112 if (handlerPackage != null) {
1113 return handlerPackage;
1114 }
1115 }
1116 return null;
1117 }
1118
1119 private List<PackageParser.Package> getHeadlessSyncAdapterPackages(
1120 String[] syncAdapterPackageNames, int userId) {
1121 List<PackageParser.Package> syncAdapterPackages = new ArrayList<>();
1122
1123 Intent homeIntent = new Intent(Intent.ACTION_MAIN);
1124 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER);
1125
1126 for (String syncAdapterPackageName : syncAdapterPackageNames) {
1127 homeIntent.setPackage(syncAdapterPackageName);
1128
1129 ResolveInfo homeActivity = mServiceInternal.resolveIntent(homeIntent,
1130 homeIntent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS,
Patrick Baumann78380272018-04-04 10:41:01 -0700[diff] [blame]1131 userId, false, Binder.getCallingUid());
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1132 if (homeActivity != null) {
1133 continue;
1134 }
1135
1136 PackageParser.Package syncAdapterPackage = getSystemPackage(syncAdapterPackageName);
1137 if (syncAdapterPackage != null) {
1138 syncAdapterPackages.add(syncAdapterPackage);
1139 }
1140 }
1141
1142 return syncAdapterPackages;
1143 }
1144
1145 private PackageParser.Package getDefaultProviderAuthorityPackage(
1146 String authority, int userId) {
1147 ProviderInfo provider =
1148 mServiceInternal.resolveContentProvider(authority, DEFAULT_FLAGS, userId);
1149 if (provider != null) {
1150 return getSystemPackage(provider.packageName);
1151 }
1152 return null;
1153 }
1154
1155 private PackageParser.Package getPackage(String packageName) {
1156 return mServiceInternal.getPackage(packageName);
1157 }
1158
1159 private PackageParser.Package getSystemPackage(String packageName) {
1160 PackageParser.Package pkg = getPackage(packageName);
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1161 if (pkg != null && pkg.isSystem()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1162 return !isSysComponentOrPersistentPlatformSignedPrivApp(pkg) ? pkg : null;
1163 }
1164 return null;
1165 }
1166
1167 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
1168 int userId) {
1169 grantRuntimePermissions(pkg, permissions, false, false, userId);
1170 }
1171
1172 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
1173 boolean systemFixed, int userId) {
1174 grantRuntimePermissions(pkg, permissions, systemFixed, false, userId);
1175 }
1176
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1177 private void revokeRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
1178 boolean systemFixed, int userId) {
1179 if (pkg.requestedPermissions.isEmpty()) {
1180 return;
1181 }
1182 Set<String> revokablePermissions = new ArraySet<>(pkg.requestedPermissions);
1183
1184 for (String permission : permissions) {
1185 // We can't revoke what wasn't requested.
1186 if (!revokablePermissions.contains(permission)) {
1187 continue;
1188 }
1189
1190 final int flags = mServiceInternal.getPermissionFlagsTEMP(
1191 permission, pkg.packageName, userId);
1192
1193 // We didn't get this through the default grant policy. Move along.
1194 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) == 0) {
1195 continue;
1196 }
1197 // We aren't going to clobber device policy with a DefaultGrant.
1198 if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) {
1199 continue;
1200 }
1201 // Do not revoke system fixed permissions unless caller set them that way;
1202 // there is no refcount for the number of sources of this, so there
1203 // should be at most one grantor doing SYSTEM_FIXED for any given package.
1204 if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 && !systemFixed) {
1205 continue;
1206 }
1207 mServiceInternal.revokeRuntimePermission(pkg.packageName, permission, userId, false);
1208
1209 if (DEBUG) {
1210 Log.i(TAG, "revoked " + (systemFixed ? "fixed " : "not fixed ")
1211 + permission + " to " + pkg.packageName);
1212 }
1213
1214 // Remove the GRANTED_BY_DEFAULT flag without touching the others.
1215 // Note that we do not revoke FLAG_PERMISSION_SYSTEM_FIXED. That bit remains
1216 // sticky once set.
1217 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName,
1218 PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT, 0, userId);
1219 }
1220 }
1221
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1222 private void grantRuntimePermissions(PackageParser.Package pkg,
1223 Set<String> permissionsWithoutSplits, boolean systemFixed, boolean ignoreSystemPackage,
1224 int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1225 if (pkg.requestedPermissions.isEmpty()) {
1226 return;
1227 }
1228
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1229 final ArraySet<String> permissions = new ArraySet<>(permissionsWithoutSplits);
1230
1231 // Automatically attempt to grant split permissions to older APKs
1232 final int numSplitPerms = PackageParser.SPLIT_PERMISSIONS.length;
1233 for (int splitPermNum = 0; splitPermNum < numSplitPerms; splitPermNum++) {
1234 final PackageParser.SplitPermissionInfo splitPerm =
1235 PackageParser.SPLIT_PERMISSIONS[splitPermNum];
1236
1237 if (pkg.applicationInfo.targetSdkVersion < splitPerm.targetSdk
1238 && permissionsWithoutSplits.contains(splitPerm.rootPerm)) {
1239 Collections.addAll(permissions, splitPerm.newPerms);
1240 }
1241 }
1242
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1243 List<String> requestedPermissions = pkg.requestedPermissions;
1244 Set<String> grantablePermissions = null;
1245
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1246 // In some cases, like for the Phone or SMS app, we grant permissions regardless
1247 // of if the version on the system image declares the permission as used since
1248 // selecting the app as the default for that function the user makes a deliberate
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1249 // choice to grant this app the permissions needed to function. For all other
1250 // apps, (default grants on first boot and user creation) we don't grant default
1251 // permissions if the version on the system image does not declare them.
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1252 if (!ignoreSystemPackage && pkg.isUpdatedSystemApp()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1253 final PackageParser.Package disabledPkg =
1254 mServiceInternal.getDisabledPackage(pkg.packageName);
1255 if (disabledPkg != null) {
1256 if (disabledPkg.requestedPermissions.isEmpty()) {
1257 return;
1258 }
1259 if (!requestedPermissions.equals(disabledPkg.requestedPermissions)) {
1260 grantablePermissions = new ArraySet<>(requestedPermissions);
1261 requestedPermissions = disabledPkg.requestedPermissions;
1262 }
1263 }
1264 }
1265
1266 final int grantablePermissionCount = requestedPermissions.size();
1267 for (int i = 0; i < grantablePermissionCount; i++) {
1268 String permission = requestedPermissions.get(i);
1269
1270 // If there is a disabled system app it may request a permission the updated
1271 // version ot the data partition doesn't, In this case skip the permission.
1272 if (grantablePermissions != null && !grantablePermissions.contains(permission)) {
1273 continue;
1274 }
1275
1276 if (permissions.contains(permission)) {
1277 final int flags = mServiceInternal.getPermissionFlagsTEMP(
1278 permission, pkg.packageName, userId);
1279
1280 // If any flags are set to the permission, then it is either set in
1281 // its current state by the system or device/profile owner or the user.
1282 // In all these cases we do not want to clobber the current state.
1283 // Unless the caller wants to override user choices. The override is
1284 // to make sure we can grant the needed permission to the default
1285 // sms and phone apps after the user chooses this in the UI.
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1286 if (flags == 0 || ignoreSystemPackage) {
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1287 // Never clobber policy fixed permissions.
1288 // We must allow the grant of a system-fixed permission because
1289 // system-fixed is sticky, but the permission itself may be revoked.
1290 if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1291 continue;
1292 }
1293
1294 mServiceInternal.grantRuntimePermission(
1295 pkg.packageName, permission, userId, false);
1296 if (DEBUG) {
1297 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ")
1298 + permission + " to default handler " + pkg.packageName);
1299 }
1300
1301 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT;
1302 if (systemFixed) {
1303 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
1304 }
1305
1306 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName,
1307 newFlags, newFlags, userId);
1308 }
1309
1310 // If a component gets a permission for being the default handler A
1311 // and also default handler B, we grant the weaker grant form.
1312 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
1313 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0
1314 && !systemFixed) {
1315 if (DEBUG) {
1316 Log.i(TAG, "Granted not fixed " + permission + " to default handler "
1317 + pkg.packageName);
1318 }
1319 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName,
1320 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, userId);
1321 }
1322 }
1323 }
1324 }
1325
1326 private boolean isSysComponentOrPersistentPlatformSignedPrivApp(PackageParser.Package pkg) {
1327 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) {
1328 return true;
1329 }
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1330 if (!pkg.isPrivileged()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1331 return false;
1332 }
1333 final PackageParser.Package disabledPkg =
1334 mServiceInternal.getDisabledPackage(pkg.packageName);
1335 if (disabledPkg != null) {
1336 if ((disabledPkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
1337 return false;
1338 }
1339 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
1340 return false;
1341 }
1342 final String systemPackageName = mServiceInternal.getKnownPackageName(
1343 PackageManagerInternal.PACKAGE_SYSTEM, UserHandle.USER_SYSTEM);
1344 final PackageParser.Package systemPackage = getPackage(systemPackageName);
Dan Cashman1dbe6d02018-01-23 11:18:28 -0800[diff] [blame]1345 return pkg.mSigningDetails.hasAncestorOrSelf(systemPackage.mSigningDetails)
1346 || systemPackage.mSigningDetails.checkCapability(pkg.mSigningDetails,
1347 PackageParser.SigningDetails.CertCapabilities.PERMISSION);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1348 }
1349
1350 private void grantDefaultPermissionExceptions(int userId) {
1351 mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
1352
1353 synchronized (mLock) {
1354 // mGrantExceptions is null only before the first read and then
1355 // it serves as a cache of the default grants that should be
1356 // performed for every user. If there is an entry then the app
1357 // is on the system image and supports runtime permissions.
1358 if (mGrantExceptions == null) {
1359 mGrantExceptions = readDefaultPermissionExceptionsLocked();
1360 }
1361 }
1362
1363 Set<String> permissions = null;
1364 final int exceptionCount = mGrantExceptions.size();
1365 for (int i = 0; i < exceptionCount; i++) {
1366 String packageName = mGrantExceptions.keyAt(i);
1367 PackageParser.Package pkg = getSystemPackage(packageName);
1368 List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i);
1369 final int permissionGrantCount = permissionGrants.size();
1370 for (int j = 0; j < permissionGrantCount; j++) {
1371 DefaultPermissionGrant permissionGrant = permissionGrants.get(j);
1372 if (permissions == null) {
1373 permissions = new ArraySet<>();
1374 } else {
1375 permissions.clear();
1376 }
1377 permissions.add(permissionGrant.name);
1378 grantRuntimePermissions(pkg, permissions,
1379 permissionGrant.fixed, userId);
1380 }
1381 }
1382 }
1383
1384 private File[] getDefaultPermissionFiles() {
1385 ArrayList<File> ret = new ArrayList<File>();
1386 File dir = new File(Environment.getRootDirectory(), "etc/default-permissions");
1387 if (dir.isDirectory() && dir.canRead()) {
1388 Collections.addAll(ret, dir.listFiles());
1389 }
1390 dir = new File(Environment.getVendorDirectory(), "etc/default-permissions");
1391 if (dir.isDirectory() && dir.canRead()) {
1392 Collections.addAll(ret, dir.listFiles());
1393 }
Jiyong Park0989e382018-03-13 10:26:47 +0900[diff] [blame]1394 dir = new File(Environment.getOdmDirectory(), "etc/default-permissions");
1395 if (dir.isDirectory() && dir.canRead()) {
1396 Collections.addAll(ret, dir.listFiles());
1397 }
Jaekyun Seok1713d9e2018-01-12 21:47:26 +0900[diff] [blame]1398 dir = new File(Environment.getProductDirectory(), "etc/default-permissions");
1399 if (dir.isDirectory() && dir.canRead()) {
1400 Collections.addAll(ret, dir.listFiles());
1401 }
Ralph Nathanbd111582018-03-21 14:53:23 -0700[diff] [blame]1402 // For IoT devices, we check the oem partition for default permissions for each app.
1403 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) {
1404 dir = new File(Environment.getOemDirectory(), "etc/default-permissions");
1405 if (dir.isDirectory() && dir.canRead()) {
1406 Collections.addAll(ret, dir.listFiles());
1407 }
1408 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1409 return ret.isEmpty() ? null : ret.toArray(new File[0]);
1410 }
1411
1412 private @NonNull ArrayMap<String, List<DefaultPermissionGrant>>
1413 readDefaultPermissionExceptionsLocked() {
1414 File[] files = getDefaultPermissionFiles();
1415 if (files == null) {
1416 return new ArrayMap<>(0);
1417 }
1418
1419 ArrayMap<String, List<DefaultPermissionGrant>> grantExceptions = new ArrayMap<>();
1420
1421 // Iterate over the files in the directory and scan .xml files
1422 for (File file : files) {
1423 if (!file.getPath().endsWith(".xml")) {
1424 Slog.i(TAG, "Non-xml file " + file
1425 + " in " + file.getParent() + " directory, ignoring");
1426 continue;
1427 }
1428 if (!file.canRead()) {
1429 Slog.w(TAG, "Default permissions file " + file + " cannot be read");
1430 continue;
1431 }
1432 try (
1433 InputStream str = new BufferedInputStream(new FileInputStream(file))
1434 ) {
1435 XmlPullParser parser = Xml.newPullParser();
1436 parser.setInput(str, null);
1437 parse(parser, grantExceptions);
1438 } catch (XmlPullParserException | IOException e) {
1439 Slog.w(TAG, "Error reading default permissions file " + file, e);
1440 }
1441 }
1442
1443 return grantExceptions;
1444 }
1445
1446 private void parse(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1447 outGrantExceptions) throws IOException, XmlPullParserException {
1448 final int outerDepth = parser.getDepth();
1449 int type;
1450 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1451 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1452 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1453 continue;
1454 }
1455 if (TAG_EXCEPTIONS.equals(parser.getName())) {
1456 parseExceptions(parser, outGrantExceptions);
1457 } else {
1458 Log.e(TAG, "Unknown tag " + parser.getName());
1459 }
1460 }
1461 }
1462
1463 private void parseExceptions(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1464 outGrantExceptions) throws IOException, XmlPullParserException {
1465 final int outerDepth = parser.getDepth();
1466 int type;
1467 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1468 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1469 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1470 continue;
1471 }
1472 if (TAG_EXCEPTION.equals(parser.getName())) {
1473 String packageName = parser.getAttributeValue(null, ATTR_PACKAGE);
1474
1475 List<DefaultPermissionGrant> packageExceptions =
1476 outGrantExceptions.get(packageName);
1477 if (packageExceptions == null) {
1478 // The package must be on the system image
1479 PackageParser.Package pkg = getSystemPackage(packageName);
1480 if (pkg == null) {
1481 Log.w(TAG, "Unknown package:" + packageName);
1482 XmlUtils.skipCurrentTag(parser);
1483 continue;
1484 }
1485
1486 // The package must support runtime permissions
1487 if (!doesPackageSupportRuntimePermissions(pkg)) {
1488 Log.w(TAG, "Skipping non supporting runtime permissions package:"
1489 + packageName);
1490 XmlUtils.skipCurrentTag(parser);
1491 continue;
1492 }
1493 packageExceptions = new ArrayList<>();
1494 outGrantExceptions.put(packageName, packageExceptions);
1495 }
1496
1497 parsePermission(parser, packageExceptions);
1498 } else {
1499 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exceptions>");
1500 }
1501 }
1502 }
1503
1504 private void parsePermission(XmlPullParser parser, List<DefaultPermissionGrant>
1505 outPackageExceptions) throws IOException, XmlPullParserException {
1506 final int outerDepth = parser.getDepth();
1507 int type;
1508 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1509 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1510 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1511 continue;
1512 }
1513
1514 if (TAG_PERMISSION.contains(parser.getName())) {
1515 String name = parser.getAttributeValue(null, ATTR_NAME);
1516 if (name == null) {
1517 Log.w(TAG, "Mandatory name attribute missing for permission tag");
1518 XmlUtils.skipCurrentTag(parser);
1519 continue;
1520 }
1521
1522 final boolean fixed = XmlUtils.readBooleanAttribute(parser, ATTR_FIXED);
1523
1524 DefaultPermissionGrant exception = new DefaultPermissionGrant(name, fixed);
1525 outPackageExceptions.add(exception);
1526 } else {
1527 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exception>");
1528 }
1529 }
1530 }
1531
1532 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) {
1533 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1;
1534 }
1535
1536 private static final class DefaultPermissionGrant {
1537 final String name;
1538 final boolean fixed;
1539
1540 public DefaultPermissionGrant(String name, boolean fixed) {
1541 this.name = name;
1542 this.fixed = fixed;
1543 }
1544 }
1545}