Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 4abd2e6d58676fba67a460eace1505954b1e4fdc / . / services / core / java / com / android / server / pm / permission / DefaultPermissionGrantPolicy.java
blob: 9d1a30107d35e9c841d6926748c54ee273957c47 [file] [log] [blame]
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.pm.permission;
18
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]19import static android.os.Process.FIRST_APPLICATION_UID;
Todd Kennedy7c4c55d2017-11-02 10:01:39 -0700[diff] [blame]20
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]21import android.Manifest;
22import android.annotation.NonNull;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]23import android.annotation.Nullable;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]24import android.app.ActivityManager;
25import android.app.DownloadManager;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]26import android.app.SearchManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]27import android.app.admin.DevicePolicyManager;
28import android.companion.CompanionDeviceManager;
29import android.content.Context;
30import android.content.Intent;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]31import android.content.pm.ApplicationInfo;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]32import android.content.pm.PackageInfo;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]33import android.content.pm.PackageManager;
Jeff Sharkey7a807602018-10-18 13:21:55 -0600[diff] [blame]34import android.content.pm.PackageManager.NameNotFoundException;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]35import android.content.pm.PackageManagerInternal;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]36import android.content.pm.PackageManagerInternal.PackagesProvider;
37import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider;
Jeff Sharkey7a807602018-10-18 13:21:55 -0600[diff] [blame]38import android.content.pm.PermissionInfo;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]39import android.content.pm.ProviderInfo;
40import android.content.pm.ResolveInfo;
41import android.media.RingtoneManager;
42import android.net.Uri;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]43import android.os.Build;
44import android.os.Environment;
45import android.os.Handler;
46import android.os.Looper;
47import android.os.Message;
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame]48import android.os.SystemProperties;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]49import android.os.UserHandle;
50import android.os.storage.StorageManager;
Philip P. Moltmann039678e2018-09-18 13:04:38 -0700[diff] [blame]51import android.permission.PermissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]52import android.print.PrintManager;
53import android.provider.CalendarContract;
54import android.provider.ContactsContract;
55import android.provider.MediaStore;
56import android.provider.Telephony.Sms.Intents;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]57import android.security.Credentials;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]58import android.speech.RecognitionService;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]59import android.telephony.TelephonyManager;
Ye Wen8e8b2d52018-03-14 11:48:24 -0700[diff] [blame]60import android.text.TextUtils;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]61import android.util.ArrayMap;
62import android.util.ArraySet;
63import android.util.Log;
64import android.util.Slog;
65import android.util.Xml;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]66
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]67import com.android.internal.util.ArrayUtils;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]68import com.android.internal.util.XmlUtils;
69import com.android.server.LocalServices;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]70
71import org.xmlpull.v1.XmlPullParser;
72import org.xmlpull.v1.XmlPullParserException;
73
74import java.io.BufferedInputStream;
75import java.io.File;
76import java.io.FileInputStream;
77import java.io.IOException;
78import java.io.InputStream;
79import java.util.ArrayList;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]80import java.util.Arrays;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]81import java.util.Collections;
82import java.util.List;
83import java.util.Map;
84import java.util.Set;
85
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]86/**
87 * This class is the policy for granting runtime permissions to
88 * platform components and default handlers in the system such
89 * that the device is usable out-of-the-box. For example, the
90 * shell UID is a part of the system and the Phone app should
91 * have phone related permission by default.
92 * <p>
93 * NOTE: This class is at the wrong abstraction level. It is a part of the package manager
94 * service but knows about lots of higher level subsystems. The correct way to do this is
95 * to have an interface defined in the package manager but have the impl next to other
96 * policy stuff like PhoneWindowManager
97 */
98public final class DefaultPermissionGrantPolicy {
99 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars
100 private static final boolean DEBUG = false;
101
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]102 @PackageManager.ResolveInfoFlags
103 private static final int DEFAULT_INTENT_QUERY_FLAGS =
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]104 PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE
105 | PackageManager.MATCH_UNINSTALLED_PACKAGES;
106
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]107 @PackageManager.PackageInfoFlags
108 private static final int DEFAULT_PACKAGE_INFO_QUERY_FLAGS =
109 PackageManager.MATCH_UNINSTALLED_PACKAGES | PackageManager.GET_PERMISSIONS;
110
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]111 private static final String AUDIO_MIME_TYPE = "audio/mpeg";
112
113 private static final String TAG_EXCEPTIONS = "exceptions";
114 private static final String TAG_EXCEPTION = "exception";
115 private static final String TAG_PERMISSION = "permission";
116 private static final String ATTR_PACKAGE = "package";
117 private static final String ATTR_NAME = "name";
118 private static final String ATTR_FIXED = "fixed";
119
120 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>();
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]121
122
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]123 static {
124 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE);
125 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE);
126 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG);
127 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG);
128 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL);
129 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP);
130 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS);
131 }
132
133 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>();
134 static {
135 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS);
136 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS);
137 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS);
138 }
139
140 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>();
141 static {
142 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION);
143 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);
144 }
145
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]146 private static final Set<String> COARSE_LOCATION_PERMISSIONS = new ArraySet<>();
147 static {
148 COARSE_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);
149 }
150
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]151 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>();
152 static {
153 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR);
154 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR);
155 }
156
157 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>();
158 static {
159 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS);
160 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS);
161 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS);
162 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH);
163 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS);
164 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS);
165 }
166
167 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>();
168 static {
169 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO);
170 }
171
172 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>();
173 static {
174 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA);
175 }
176
177 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>();
178 static {
179 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS);
180 }
181
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame]182 @Deprecated
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]183 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>();
184 static {
Jeff Sharkeyb1629092018-08-24 10:33:12 -0600[diff] [blame]185 // STOPSHIP(b/112545973): remove once feature enabled by default
186 if (!SystemProperties.getBoolean(StorageManager.PROP_ISOLATED_STORAGE, false)) {
187 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE);
188 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE);
189 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]190 }
191
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame]192 private static final Set<String> MEDIA_AURAL_PERMISSIONS = new ArraySet<>();
193 static {
194 // STOPSHIP(b/112545973): remove once feature enabled by default
195 if (SystemProperties.getBoolean(StorageManager.PROP_ISOLATED_STORAGE, false)) {
196 MEDIA_AURAL_PERMISSIONS.add(Manifest.permission.READ_MEDIA_AUDIO);
197 MEDIA_AURAL_PERMISSIONS.add(Manifest.permission.WRITE_MEDIA_AUDIO);
198 }
199 }
200
201 private static final Set<String> MEDIA_VISUAL_PERMISSIONS = new ArraySet<>();
202 static {
203 // STOPSHIP(b/112545973): remove once feature enabled by default
204 if (SystemProperties.getBoolean(StorageManager.PROP_ISOLATED_STORAGE, false)) {
205 MEDIA_VISUAL_PERMISSIONS.add(Manifest.permission.READ_MEDIA_IMAGES);
206 MEDIA_VISUAL_PERMISSIONS.add(Manifest.permission.WRITE_MEDIA_IMAGES);
207 MEDIA_VISUAL_PERMISSIONS.add(Manifest.permission.READ_MEDIA_VIDEO);
208 MEDIA_VISUAL_PERMISSIONS.add(Manifest.permission.WRITE_MEDIA_VIDEO);
209 }
210 }
211
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]212 private static final int MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS = 1;
213
214 private static final String ACTION_TRACK = "com.android.fitness.TRACK";
215
216 private final Handler mHandler;
217
218 private PackagesProvider mLocationPackagesProvider;
219 private PackagesProvider mVoiceInteractionPackagesProvider;
220 private PackagesProvider mSmsAppPackagesProvider;
221 private PackagesProvider mDialerAppPackagesProvider;
222 private PackagesProvider mSimCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]223 private PackagesProvider mUseOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]224 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider;
225
226 private ArrayMap<String, List<DefaultPermissionGrant>> mGrantExceptions;
227 private final Context mContext;
228 private final Object mLock = new Object();
229 private final PackageManagerInternal mServiceInternal;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]230 private final PermissionManagerService mPermissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]231 private final DefaultPermissionGrantedCallback mPermissionGrantedCallback;
232 public interface DefaultPermissionGrantedCallback {
233 /** Callback when permissions have been granted */
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]234 void onDefaultRuntimePermissionsGranted(int userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]235 }
236
237 public DefaultPermissionGrantPolicy(Context context, Looper looper,
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]238 @Nullable DefaultPermissionGrantedCallback callback,
239 @NonNull PermissionManagerService permissionManager) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]240 mContext = context;
241 mHandler = new Handler(looper) {
242 @Override
243 public void handleMessage(Message msg) {
244 if (msg.what == MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS) {
245 synchronized (mLock) {
246 if (mGrantExceptions == null) {
247 mGrantExceptions = readDefaultPermissionExceptionsLocked();
248 }
249 }
250 }
251 }
252 };
253 mPermissionGrantedCallback = callback;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]254 mPermissionManager = permissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]255 mServiceInternal = LocalServices.getService(PackageManagerInternal.class);
256 }
257
258 public void setLocationPackagesProvider(PackagesProvider provider) {
259 synchronized (mLock) {
260 mLocationPackagesProvider = provider;
261 }
262 }
263
264 public void setVoiceInteractionPackagesProvider(PackagesProvider provider) {
265 synchronized (mLock) {
266 mVoiceInteractionPackagesProvider = provider;
267 }
268 }
269
270 public void setSmsAppPackagesProvider(PackagesProvider provider) {
271 synchronized (mLock) {
272 mSmsAppPackagesProvider = provider;
273 }
274 }
275
276 public void setDialerAppPackagesProvider(PackagesProvider provider) {
277 synchronized (mLock) {
278 mDialerAppPackagesProvider = provider;
279 }
280 }
281
282 public void setSimCallManagerPackagesProvider(PackagesProvider provider) {
283 synchronized (mLock) {
284 mSimCallManagerPackagesProvider = provider;
285 }
286 }
287
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]288 public void setUseOpenWifiAppPackagesProvider(PackagesProvider provider) {
289 synchronized (mLock) {
290 mUseOpenWifiAppPackagesProvider = provider;
291 }
292 }
293
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]294 public void setSyncAdapterPackagesProvider(SyncAdapterPackagesProvider provider) {
295 synchronized (mLock) {
296 mSyncAdapterPackagesProvider = provider;
297 }
298 }
299
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]300 public void grantDefaultPermissions(int userId) {
Ralph Nathanbd111582018-03-21 14:53:23 -0700[diff] [blame]301 grantPermissionsToSysComponentsAndPrivApps(userId);
302 grantDefaultSystemHandlerPermissions(userId);
303 grantDefaultPermissionExceptions(userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]304 }
305
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]306 private void grantRuntimePermissionsForSystemPackage(int userId, PackageInfo pkg) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]307 Set<String> permissions = new ArraySet<>();
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]308 for (String permission : pkg.requestedPermissions) {
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]309 final BasePermission bp = mPermissionManager.getPermission(permission);
310 if (bp == null) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]311 continue;
312 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]313 if (bp.isRuntime()) {
314 permissions.add(permission);
315 }
316 }
317 if (!permissions.isEmpty()) {
318 grantRuntimePermissions(pkg, permissions, true, userId);
319 }
320 }
321
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]322 public void scheduleReadDefaultPermissionExceptions() {
323 mHandler.sendEmptyMessage(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
324 }
325
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]326 private void grantPermissionsToSysComponentsAndPrivApps(int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]327 Log.i(TAG, "Granting permissions to platform components for user " + userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]328 List<PackageInfo> packages = mContext.getPackageManager().getInstalledPackagesAsUser(
329 DEFAULT_PACKAGE_INFO_QUERY_FLAGS, UserHandle.USER_SYSTEM);
330 for (PackageInfo pkg : packages) {
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]331 if (pkg == null) {
332 continue;
333 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]334 if (!isSysComponentOrPersistentPlatformSignedPrivApp(pkg)
335 || !doesPackageSupportRuntimePermissions(pkg)
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]336 || ArrayUtils.isEmpty(pkg.requestedPermissions)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]337 continue;
338 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]339 grantRuntimePermissionsForSystemPackage(userId, pkg);
340 }
341 }
342
343 @SafeVarargs
344 private final void grantIgnoringSystemPackage(String packageName, int userId,
345 Set<String>... permissionGroups) {
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]346 grantPermissionsToPackage(
347 packageName, userId, true /* ignoreSystemPackage */, permissionGroups);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]348 }
349
350 @SafeVarargs
351 private final void grantSystemFixedPermissionsToSystemPackage(String packageName, int userId,
352 Set<String>... permissionGroups) {
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]353 grantPermissionsToSystemPackage(
354 packageName, userId, true /* systemFixed */, permissionGroups);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]355 }
356
357 @SafeVarargs
358 private final void grantPermissionsToSystemPackage(
359 String packageName, int userId, Set<String>... permissionGroups) {
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]360 grantPermissionsToSystemPackage(
361 packageName, userId, false /* systemFixed */, permissionGroups);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]362 }
363
364 @SafeVarargs
365 private final void grantPermissionsToSystemPackage(String packageName, int userId,
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]366 boolean systemFixed, Set<String>... permissionGroups) {
367 if (!isSystemPackage(packageName)) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]368 return;
369 }
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]370 grantPermissionsToPackage(getSystemPackageInfo(packageName),
371 userId, systemFixed, false /* ignoreSystemPackage */, permissionGroups);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]372 }
373
374 @SafeVarargs
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]375 private final void grantPermissionsToPackage(String packageName, int userId,
376 boolean ignoreSystemPackage, Set<String>... permissionGroups) {
377 grantPermissionsToPackage(getPackageInfo(packageName),
378 userId, false /* systemFixed */, ignoreSystemPackage, permissionGroups);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]379 }
380
381 @SafeVarargs
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]382 private final void grantPermissionsToPackage(PackageInfo packageName, int userId,
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]383 boolean systemFixed, boolean ignoreSystemPackage, Set<String>... permissionGroups) {
384 if (packageName == null) return;
385 if (doesPackageSupportRuntimePermissions(packageName)) {
386 for (Set<String> permissionGroup : permissionGroups) {
387 grantRuntimePermissions(packageName, permissionGroup, systemFixed,
388 ignoreSystemPackage, userId);
389 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]390 }
391 }
392
393 private void grantDefaultSystemHandlerPermissions(int userId) {
394 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId);
395
396 final PackagesProvider locationPackagesProvider;
397 final PackagesProvider voiceInteractionPackagesProvider;
398 final PackagesProvider smsAppPackagesProvider;
399 final PackagesProvider dialerAppPackagesProvider;
400 final PackagesProvider simCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]401 final PackagesProvider useOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]402 final SyncAdapterPackagesProvider syncAdapterPackagesProvider;
403
404 synchronized (mLock) {
405 locationPackagesProvider = mLocationPackagesProvider;
406 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider;
407 smsAppPackagesProvider = mSmsAppPackagesProvider;
408 dialerAppPackagesProvider = mDialerAppPackagesProvider;
409 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]410 useOpenWifiAppPackagesProvider = mUseOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]411 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider;
412 }
413
414 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null)
415 ? voiceInteractionPackagesProvider.getPackages(userId) : null;
416 String[] locationPackageNames = (locationPackagesProvider != null)
417 ? locationPackagesProvider.getPackages(userId) : null;
418 String[] smsAppPackageNames = (smsAppPackagesProvider != null)
419 ? smsAppPackagesProvider.getPackages(userId) : null;
420 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null)
421 ? dialerAppPackagesProvider.getPackages(userId) : null;
422 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null)
423 ? simCallManagerPackagesProvider.getPackages(userId) : null;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]424 String[] useOpenWifiAppPackageNames = (useOpenWifiAppPackagesProvider != null)
425 ? useOpenWifiAppPackagesProvider.getPackages(userId) : null;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]426 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
427 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null;
428 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
429 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null;
430
431 // Installer
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]432 grantSystemFixedPermissionsToSystemPackage(
433 getKnownPackage(PackageManagerInternal.PACKAGE_INSTALLER, userId),
434 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]435
436 // Verifier
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]437 final String verifier = getKnownPackage(PackageManagerInternal.PACKAGE_VERIFIER, userId);
438 grantSystemFixedPermissionsToSystemPackage(verifier, userId, STORAGE_PERMISSIONS);
439 grantPermissionsToSystemPackage(verifier, userId, PHONE_PERMISSIONS, SMS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]440
441 // SetupWizard
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]442 grantPermissionsToSystemPackage(
443 getKnownPackage(PackageManagerInternal.PACKAGE_SETUP_WIZARD, userId), userId,
444 PHONE_PERMISSIONS, CONTACTS_PERMISSIONS, LOCATION_PERMISSIONS, CAMERA_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]445
446 // Camera
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]447 grantPermissionsToSystemPackage(
448 getDefaultSystemHandlerActivityPackage(MediaStore.ACTION_IMAGE_CAPTURE, userId),
449 userId, CAMERA_PERMISSIONS, MICROPHONE_PERMISSIONS, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]450
451 // Media provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]452 grantSystemFixedPermissionsToSystemPackage(
453 getDefaultProviderAuthorityPackage(MediaStore.AUTHORITY, userId), userId,
454 STORAGE_PERMISSIONS, MEDIA_AURAL_PERMISSIONS, MEDIA_VISUAL_PERMISSIONS,
455 PHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]456
457 // Downloads provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]458 grantSystemFixedPermissionsToSystemPackage(
459 getDefaultProviderAuthorityPackage("downloads", userId), userId,
460 STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]461
462 // Downloads UI
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]463 grantSystemFixedPermissionsToSystemPackage(
464 getDefaultSystemHandlerActivityPackage(
465 DownloadManager.ACTION_VIEW_DOWNLOADS, userId),
466 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]467
468 // Storage provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]469 grantSystemFixedPermissionsToSystemPackage(
470 getDefaultProviderAuthorityPackage("com.android.externalstorage.documents", userId),
471 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]472
473 // CertInstaller
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]474 grantSystemFixedPermissionsToSystemPackage(
475 getDefaultSystemHandlerActivityPackage(Credentials.INSTALL_ACTION, userId), userId,
476 STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]477
478 // Dialer
479 if (dialerAppPackageNames == null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]480 String dialerPackage =
481 getDefaultSystemHandlerActivityPackage(Intent.ACTION_DIAL, userId);
482 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]483 } else {
484 for (String dialerAppPackageName : dialerAppPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]485 grantDefaultPermissionsToDefaultSystemDialerApp(dialerAppPackageName, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]486 }
487 }
488
489 // Sim call manager
490 if (simCallManagerPackageNames != null) {
491 for (String simCallManagerPackageName : simCallManagerPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]492 grantDefaultPermissionsToDefaultSystemSimCallManager(
493 simCallManagerPackageName, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]494 }
495 }
496
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]497 // Use Open Wifi
498 if (useOpenWifiAppPackageNames != null) {
499 for (String useOpenWifiPackageName : useOpenWifiAppPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]500 grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(
501 useOpenWifiPackageName, userId);
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]502 }
503 }
504
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]505 // SMS
506 if (smsAppPackageNames == null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]507 String smsPackage = getDefaultSystemHandlerActivityPackageForCategory(
508 Intent.CATEGORY_APP_MESSAGING, userId);
509 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]510 } else {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]511 for (String smsPackage : smsAppPackageNames) {
512 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]513 }
514 }
515
516 // Cell Broadcast Receiver
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]517 grantPermissionsToSystemPackage(
518 getDefaultSystemHandlerActivityPackage(Intents.SMS_CB_RECEIVED_ACTION, userId),
519 userId, SMS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]520
521 // Carrier Provisioning Service
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]522 grantPermissionsToSystemPackage(
523 getDefaultSystemHandlerServicePackage(Intents.SMS_CARRIER_PROVISION_ACTION, userId),
524 userId, SMS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]525
526 // Calendar
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]527 grantPermissionsToSystemPackage(
528 getDefaultSystemHandlerActivityPackageForCategory(
529 Intent.CATEGORY_APP_CALENDAR, userId),
530 userId, CALENDAR_PERMISSIONS, CONTACTS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]531
532 // Calendar provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]533 String calendarProvider =
534 getDefaultProviderAuthorityPackage(CalendarContract.AUTHORITY, userId);
535 grantPermissionsToSystemPackage(calendarProvider, userId,
536 CONTACTS_PERMISSIONS, STORAGE_PERMISSIONS);
537 grantSystemFixedPermissionsToSystemPackage(calendarProvider, userId, CALENDAR_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]538
539 // Calendar provider sync adapters
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]540 grantPermissionToEachSystemPackage(
541 getHeadlessSyncAdapterPackages(calendarSyncAdapterPackages, userId),
542 userId, CALENDAR_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]543
544 // Contacts
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]545 grantPermissionsToSystemPackage(
546 getDefaultSystemHandlerActivityPackageForCategory(
547 Intent.CATEGORY_APP_CONTACTS, userId),
548 userId, CONTACTS_PERMISSIONS, PHONE_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]549
550 // Contacts provider sync adapters
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]551 grantPermissionToEachSystemPackage(
552 getHeadlessSyncAdapterPackages(contactsSyncAdapterPackages, userId),
553 userId, CONTACTS_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]554
555 // Contacts provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]556 String contactsProviderPackage =
557 getDefaultProviderAuthorityPackage(ContactsContract.AUTHORITY, userId);
558 grantSystemFixedPermissionsToSystemPackage(contactsProviderPackage, userId,
559 CONTACTS_PERMISSIONS, PHONE_PERMISSIONS);
560 grantPermissionsToSystemPackage(contactsProviderPackage, userId, STORAGE_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]561
562 // Device provisioning
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]563 grantPermissionsToSystemPackage(
564 getDefaultSystemHandlerActivityPackage(
565 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE, userId),
566 userId, CONTACTS_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]567
568 // Maps
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]569 grantPermissionsToSystemPackage(
570 getDefaultSystemHandlerActivityPackageForCategory(Intent.CATEGORY_APP_MAPS, userId),
571 userId, LOCATION_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]572
573 // Gallery
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]574 grantPermissionsToSystemPackage(
575 getDefaultSystemHandlerActivityPackageForCategory(
576 Intent.CATEGORY_APP_GALLERY, userId),
577 userId, STORAGE_PERMISSIONS, MEDIA_VISUAL_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]578
579 // Email
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]580 grantPermissionsToSystemPackage(
581 getDefaultSystemHandlerActivityPackageForCategory(
582 Intent.CATEGORY_APP_EMAIL, userId),
583 userId, CONTACTS_PERMISSIONS, CALENDAR_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]584
585 // Browser
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]586 String browserPackage = getKnownPackage(PackageManagerInternal.PACKAGE_BROWSER, userId);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]587 if (browserPackage == null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]588 browserPackage = getDefaultSystemHandlerActivityPackageForCategory(
589 Intent.CATEGORY_APP_BROWSER, userId);
590 if (!isSystemPackage(browserPackage)) {
591 browserPackage = null;
592 }
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]593 }
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]594 grantPermissionsToPackage(browserPackage, userId,
595 false /* ignoreSystemPackage */, LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]596
597 // Voice interaction
598 if (voiceInteractPackageNames != null) {
599 for (String voiceInteractPackageName : voiceInteractPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]600 grantPermissionsToSystemPackage(voiceInteractPackageName, userId,
601 CONTACTS_PERMISSIONS, CALENDAR_PERMISSIONS, MICROPHONE_PERMISSIONS,
602 PHONE_PERMISSIONS, SMS_PERMISSIONS, LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]603 }
604 }
605
606 if (ActivityManager.isLowRamDeviceStatic()) {
607 // Allow voice search on low-ram devices
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]608 grantPermissionsToSystemPackage(
609 getDefaultSystemHandlerActivityPackage(
610 SearchManager.INTENT_ACTION_GLOBAL_SEARCH, userId),
611 userId, MICROPHONE_PERMISSIONS, LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]612 }
613
614 // Voice recognition
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]615 Intent voiceRecoIntent = new Intent(RecognitionService.SERVICE_INTERFACE)
616 .addCategory(Intent.CATEGORY_DEFAULT);
617 grantPermissionsToSystemPackage(
618 getDefaultSystemHandlerServicePackage(voiceRecoIntent, userId), userId,
619 MICROPHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]620
621 // Location
622 if (locationPackageNames != null) {
623 for (String packageName : locationPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]624 grantPermissionsToSystemPackage(packageName, userId,
625 CONTACTS_PERMISSIONS, CALENDAR_PERMISSIONS, MICROPHONE_PERMISSIONS,
626 PHONE_PERMISSIONS, SMS_PERMISSIONS, CAMERA_PERMISSIONS,
627 SENSORS_PERMISSIONS, STORAGE_PERMISSIONS);
628 grantSystemFixedPermissionsToSystemPackage(packageName, userId,
629 LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]630 }
631 }
632
633 // Music
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]634 Intent musicIntent = new Intent(Intent.ACTION_VIEW)
635 .addCategory(Intent.CATEGORY_DEFAULT)
636 .setDataAndType(Uri.fromFile(new File("foo.mp3")), AUDIO_MIME_TYPE);
637 grantPermissionsToSystemPackage(
638 getDefaultSystemHandlerActivityPackage(musicIntent, userId), userId,
639 STORAGE_PERMISSIONS, MEDIA_AURAL_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]640
641 // Home
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]642 Intent homeIntent = new Intent(Intent.ACTION_MAIN)
643 .addCategory(Intent.CATEGORY_HOME)
644 .addCategory(Intent.CATEGORY_LAUNCHER_APP);
645 grantPermissionsToSystemPackage(
646 getDefaultSystemHandlerActivityPackage(homeIntent, userId), userId,
647 LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]648
649 // Watches
650 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0)) {
651 // Home application on watches
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]652
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]653 String wearPackage = getDefaultSystemHandlerActivityPackageForCategory(
654 Intent.CATEGORY_HOME_MAIN, userId);
655 grantPermissionsToSystemPackage(wearPackage, userId,
656 CONTACTS_PERMISSIONS, MICROPHONE_PERMISSIONS, LOCATION_PERMISSIONS);
657 grantSystemFixedPermissionsToSystemPackage(wearPackage, userId, PHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]658
659 // Fitness tracking on watches
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]660 grantPermissionsToSystemPackage(
661 getDefaultSystemHandlerActivityPackage(ACTION_TRACK, userId), userId,
662 SENSORS_PERMISSIONS, LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]663 }
664
665 // Print Spooler
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]666 grantSystemFixedPermissionsToSystemPackage(PrintManager.PRINT_SPOOLER_PACKAGE_NAME, userId,
667 LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]668
669 // EmergencyInfo
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]670 grantSystemFixedPermissionsToSystemPackage(
671 getDefaultSystemHandlerActivityPackage(
672 TelephonyManager.ACTION_EMERGENCY_ASSISTANCE, userId),
673 userId, CONTACTS_PERMISSIONS, PHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]674
675 // NFC Tag viewer
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]676 Intent nfcTagIntent = new Intent(Intent.ACTION_VIEW)
677 .setType("vnd.android.cursor.item/ndef_msg");
678 grantPermissionsToSystemPackage(
679 getDefaultSystemHandlerActivityPackage(nfcTagIntent, userId), userId,
680 CONTACTS_PERMISSIONS, PHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]681
682 // Storage Manager
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]683 grantSystemFixedPermissionsToSystemPackage(
684 getDefaultSystemHandlerActivityPackage(
685 StorageManager.ACTION_MANAGE_STORAGE, userId),
686 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]687
688 // Companion devices
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]689 grantSystemFixedPermissionsToSystemPackage(
690 CompanionDeviceManager.COMPANION_DEVICE_DISCOVERY_PACKAGE_NAME, userId,
691 LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]692
693 // Ringtone Picker
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]694 grantSystemFixedPermissionsToSystemPackage(
695 getDefaultSystemHandlerActivityPackage(
696 RingtoneManager.ACTION_RINGTONE_PICKER, userId),
697 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]698
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]699 // TextClassifier Service
Ye Wen8e8b2d52018-03-14 11:48:24 -0700[diff] [blame]700 String textClassifierPackageName =
701 mContext.getPackageManager().getSystemTextClassifierPackageName();
702 if (!TextUtils.isEmpty(textClassifierPackageName)) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]703 grantPermissionsToSystemPackage(textClassifierPackageName, userId,
704 PHONE_PERMISSIONS, SMS_PERMISSIONS, CALENDAR_PERMISSIONS,
705 LOCATION_PERMISSIONS, CONTACTS_PERMISSIONS);
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]706 }
707
Anton Philippov4b3a1f52018-05-04 14:46:44 +0100[diff] [blame]708 // There is no real "marker" interface to identify the shared storage backup, it is
709 // hardcoded in BackupManagerService.SHARED_BACKUP_AGENT_PACKAGE.
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]710 grantSystemFixedPermissionsToSystemPackage("com.android.sharedstoragebackup", userId,
711 STORAGE_PERMISSIONS);
Anton Philippov4b3a1f52018-05-04 14:46:44 +0100[diff] [blame]712
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]713 if (mPermissionGrantedCallback != null) {
714 mPermissionGrantedCallback.onDefaultRuntimePermissionsGranted(userId);
715 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]716 }
717
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]718 private String getDefaultSystemHandlerActivityPackageForCategory(String category, int userId) {
719 return getDefaultSystemHandlerActivityPackage(
720 new Intent(Intent.ACTION_MAIN).addCategory(category), userId);
721 }
722
723 @SafeVarargs
724 private final void grantPermissionToEachSystemPackage(
725 ArrayList<String> packages, int userId, Set<String>... permissions) {
726 if (packages == null) return;
727 final int count = packages.size();
728 for (int i = 0; i < count; i++) {
729 grantPermissionsToSystemPackage(packages.get(i), userId, permissions);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]730 }
Eugene Susla47e88202018-07-02 18:48:55 -0700[diff] [blame]731 }
732
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]733 private String getKnownPackage(int knownPkgId, int userId) {
734 return mServiceInternal.getKnownPackageName(knownPkgId, userId);
735 }
736
737 private void grantDefaultPermissionsToDefaultSystemDialerApp(
738 String dialerPackage, int userId) {
739 if (dialerPackage == null) {
740 return;
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]741 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]742 boolean isPhonePermFixed =
743 mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0);
744 if (isPhonePermFixed) {
745 grantSystemFixedPermissionsToSystemPackage(dialerPackage, userId, PHONE_PERMISSIONS);
746 } else {
747 grantPermissionsToSystemPackage(dialerPackage, userId, PHONE_PERMISSIONS);
748 }
749 grantPermissionsToSystemPackage(dialerPackage, userId,
750 CONTACTS_PERMISSIONS, SMS_PERMISSIONS, MICROPHONE_PERMISSIONS, CAMERA_PERMISSIONS);
751 }
752
753 private void grantDefaultPermissionsToDefaultSystemSmsApp(String smsPackage, int userId) {
754 grantPermissionsToSystemPackage(smsPackage, userId,
755 PHONE_PERMISSIONS, CONTACTS_PERMISSIONS, SMS_PERMISSIONS,
756 STORAGE_PERMISSIONS, MICROPHONE_PERMISSIONS, CAMERA_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]757 }
758
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]759 private void grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]760 String useOpenWifiPackage, int userId) {
761 grantPermissionsToSystemPackage(
762 useOpenWifiPackage, userId, COARSE_LOCATION_PERMISSIONS);
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]763 }
764
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]765 public void grantDefaultPermissionsToDefaultSmsApp(String packageName, int userId) {
766 Log.i(TAG, "Granting permissions to default sms app for user:" + userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]767 grantIgnoringSystemPackage(packageName, userId,
768 PHONE_PERMISSIONS, CONTACTS_PERMISSIONS, SMS_PERMISSIONS, STORAGE_PERMISSIONS,
769 MICROPHONE_PERMISSIONS, CAMERA_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]770 }
771
772 public void grantDefaultPermissionsToDefaultDialerApp(String packageName, int userId) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]773 mServiceInternal.onDefaultDialerAppChanged(packageName, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]774 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]775 grantIgnoringSystemPackage(packageName, userId,
776 PHONE_PERMISSIONS, CONTACTS_PERMISSIONS, SMS_PERMISSIONS,
777 MICROPHONE_PERMISSIONS, CAMERA_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]778 }
779
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]780 public void grantDefaultPermissionsToDefaultUseOpenWifiApp(String packageName, int userId) {
781 Log.i(TAG, "Granting permissions to default Use Open WiFi app for user:" + userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]782 grantIgnoringSystemPackage(packageName, userId, COARSE_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]783 }
784
785 public void grantDefaultPermissionsToDefaultSimCallManager(String packageName, int userId) {
786 if (packageName == null) {
787 return;
788 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]789 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId);
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]790 grantPermissionsToPackage(packageName, userId, false /* ignoreSystemPackage */,
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]791 PHONE_PERMISSIONS, MICROPHONE_PERMISSIONS);
792 }
793
794 private void grantDefaultPermissionsToDefaultSystemSimCallManager(
795 String packageName, int userId) {
796 if (isSystemPackage(packageName)) {
797 grantDefaultPermissionsToDefaultSimCallManager(packageName, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]798 }
799 }
800
801 public void grantDefaultPermissionsToEnabledCarrierApps(String[] packageNames, int userId) {
802 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId);
803 if (packageNames == null) {
804 return;
805 }
806 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]807 grantPermissionsToSystemPackage(packageName, userId,
808 PHONE_PERMISSIONS, LOCATION_PERMISSIONS, SMS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]809 }
810 }
811
812 public void grantDefaultPermissionsToEnabledImsServices(String[] packageNames, int userId) {
813 Log.i(TAG, "Granting permissions to enabled ImsServices for user:" + userId);
814 if (packageNames == null) {
815 return;
816 }
817 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]818 grantPermissionsToSystemPackage(packageName, userId,
819 PHONE_PERMISSIONS, MICROPHONE_PERMISSIONS, LOCATION_PERMISSIONS,
820 CAMERA_PERMISSIONS, CONTACTS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]821 }
822 }
823
Nathan Harold76ad1a32018-02-20 14:31:09 -0800[diff] [blame]824 public void grantDefaultPermissionsToEnabledTelephonyDataServices(
825 String[] packageNames, int userId) {
826 Log.i(TAG, "Granting permissions to enabled data services for user:" + userId);
827 if (packageNames == null) {
828 return;
829 }
830 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]831 // Grant these permissions as system-fixed, so that nobody can accidentally
832 // break cellular data.
833 grantSystemFixedPermissionsToSystemPackage(packageName, userId,
834 PHONE_PERMISSIONS, LOCATION_PERMISSIONS);
Nathan Harold76ad1a32018-02-20 14:31:09 -0800[diff] [blame]835 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]836
Nathan Harold76ad1a32018-02-20 14:31:09 -0800[diff] [blame]837 }
838
839 public void revokeDefaultPermissionsFromDisabledTelephonyDataServices(
840 String[] packageNames, int userId) {
841 Log.i(TAG, "Revoking permissions from disabled data services for user:" + userId);
842 if (packageNames == null) {
843 return;
844 }
845 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]846 PackageInfo pkg = getSystemPackageInfo(packageName);
847 if (isSystemPackage(pkg) && doesPackageSupportRuntimePermissions(pkg)) {
848 revokeRuntimePermissions(packageName, PHONE_PERMISSIONS, true, userId);
849 revokeRuntimePermissions(packageName, LOCATION_PERMISSIONS, true, userId);
Nathan Harold76ad1a32018-02-20 14:31:09 -0800[diff] [blame]850 }
851 }
852 }
853
Holly Jiuyu Sun349e2142018-03-26 15:29:42 -0700[diff] [blame]854 public void grantDefaultPermissionsToActiveLuiApp(String packageName, int userId) {
855 Log.i(TAG, "Granting permissions to active LUI app for user:" + userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]856 grantSystemFixedPermissionsToSystemPackage(packageName, userId, CAMERA_PERMISSIONS);
Holly Jiuyu Sun349e2142018-03-26 15:29:42 -0700[diff] [blame]857 }
858
859 public void revokeDefaultPermissionsFromLuiApps(String[] packageNames, int userId) {
860 Log.i(TAG, "Revoke permissions from LUI apps for user:" + userId);
861 if (packageNames == null) {
862 return;
863 }
864 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]865 PackageInfo pkg = getSystemPackageInfo(packageName);
866 if (isSystemPackage(pkg) && doesPackageSupportRuntimePermissions(pkg)) {
867 revokeRuntimePermissions(packageName, CAMERA_PERMISSIONS, true, userId);
Holly Jiuyu Sun349e2142018-03-26 15:29:42 -0700[diff] [blame]868 }
869 }
870 }
871
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]872 public void grantDefaultPermissionsToDefaultBrowser(String packageName, int userId) {
873 Log.i(TAG, "Granting permissions to default browser for user:" + userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]874 grantPermissionsToSystemPackage(packageName, userId, LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]875 }
876
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]877 private String getDefaultSystemHandlerActivityPackage(String intentAction, int userId) {
878 return getDefaultSystemHandlerActivityPackage(new Intent(intentAction), userId);
879 }
880
881 private String getDefaultSystemHandlerActivityPackage(Intent intent, int userId) {
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame^]882 ResolveInfo handler = mContext.getPackageManager().resolveActivityAsUser(
883 intent, DEFAULT_INTENT_QUERY_FLAGS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]884 if (handler == null || handler.activityInfo == null) {
885 return null;
886 }
887 if (mServiceInternal.isResolveActivityComponent(handler.activityInfo)) {
888 return null;
889 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]890 String packageName = handler.activityInfo.packageName;
891 return isSystemPackage(packageName) ? packageName : null;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]892 }
893
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]894 private String getDefaultSystemHandlerServicePackage(String intentAction, int userId) {
895 return getDefaultSystemHandlerServicePackage(new Intent(intentAction), userId);
896 }
897
898 private String getDefaultSystemHandlerServicePackage(
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]899 Intent intent, int userId) {
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame^]900 List<ResolveInfo> handlers = mContext.getPackageManager().queryIntentServicesAsUser(
901 intent, DEFAULT_INTENT_QUERY_FLAGS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]902 if (handlers == null) {
903 return null;
904 }
905 final int handlerCount = handlers.size();
906 for (int i = 0; i < handlerCount; i++) {
907 ResolveInfo handler = handlers.get(i);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]908 String handlerPackage = handler.serviceInfo.packageName;
909 if (isSystemPackage(handlerPackage)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]910 return handlerPackage;
911 }
912 }
913 return null;
914 }
915
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]916 private ArrayList<String> getHeadlessSyncAdapterPackages(
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]917 String[] syncAdapterPackageNames, int userId) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]918 ArrayList<String> syncAdapterPackages = new ArrayList<>();
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]919
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]920 Intent homeIntent = new Intent(Intent.ACTION_MAIN).addCategory(Intent.CATEGORY_LAUNCHER);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]921
922 for (String syncAdapterPackageName : syncAdapterPackageNames) {
923 homeIntent.setPackage(syncAdapterPackageName);
924
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame^]925 ResolveInfo homeActivity = mContext.getPackageManager().resolveActivityAsUser(
926 homeIntent, DEFAULT_INTENT_QUERY_FLAGS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]927 if (homeActivity != null) {
928 continue;
929 }
930
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]931 if (isSystemPackage(syncAdapterPackageName)) {
932 syncAdapterPackages.add(syncAdapterPackageName);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]933 }
934 }
935
936 return syncAdapterPackages;
937 }
938
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]939 private String getDefaultProviderAuthorityPackage(String authority, int userId) {
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame^]940 ProviderInfo provider = mContext.getPackageManager().resolveContentProviderAsUser(
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]941 authority, DEFAULT_INTENT_QUERY_FLAGS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]942 if (provider != null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]943 return provider.packageName;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]944 }
945 return null;
946 }
947
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]948 private boolean isSystemPackage(String packageName) {
Philip P. Moltmannc701e7e2018-09-18 16:22:54 -0700[diff] [blame]949 return isSystemPackage(getPackageInfo(packageName));
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]950 }
951
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]952 private boolean isSystemPackage(PackageInfo pkg) {
953 if (pkg == null) {
954 return false;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]955 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]956 return pkg.applicationInfo.isSystemApp()
957 && !isSysComponentOrPersistentPlatformSignedPrivApp(pkg);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]958 }
959
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]960 private void grantRuntimePermissions(PackageInfo pkg, Set<String> permissions,
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]961 boolean systemFixed, int userId) {
962 grantRuntimePermissions(pkg, permissions, systemFixed, false, userId);
963 }
964
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]965 private void revokeRuntimePermissions(String packageName, Set<String> permissions,
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]966 boolean systemFixed, int userId) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]967 PackageInfo pkg = getSystemPackageInfo(packageName);
968 if (ArrayUtils.isEmpty(pkg.requestedPermissions)) {
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]969 return;
970 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]971 Set<String> revokablePermissions = new ArraySet<>(Arrays.asList(pkg.requestedPermissions));
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]972
973 for (String permission : permissions) {
974 // We can't revoke what wasn't requested.
975 if (!revokablePermissions.contains(permission)) {
976 continue;
977 }
978
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame^]979 UserHandle user = UserHandle.of(userId);
980 final int flags = mContext.getPackageManager()
981 .getPermissionFlags(permission, packageName, user);
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]982
983 // We didn't get this through the default grant policy. Move along.
984 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) == 0) {
985 continue;
986 }
987 // We aren't going to clobber device policy with a DefaultGrant.
988 if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) {
989 continue;
990 }
991 // Do not revoke system fixed permissions unless caller set them that way;
992 // there is no refcount for the number of sources of this, so there
993 // should be at most one grantor doing SYSTEM_FIXED for any given package.
994 if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 && !systemFixed) {
995 continue;
996 }
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame^]997 mContext.getPackageManager().revokeRuntimePermission(packageName, permission, user);
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]998
999 if (DEBUG) {
1000 Log.i(TAG, "revoked " + (systemFixed ? "fixed " : "not fixed ")
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1001 + permission + " to " + packageName);
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1002 }
1003
1004 // Remove the GRANTED_BY_DEFAULT flag without touching the others.
1005 // Note that we do not revoke FLAG_PERMISSION_SYSTEM_FIXED. That bit remains
1006 // sticky once set.
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame^]1007 mContext.getPackageManager().updatePermissionFlags(permission, packageName,
1008 PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT, 0, user);
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1009 }
1010 }
1011
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1012 private void grantRuntimePermissions(PackageInfo pkg,
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1013 Set<String> permissionsWithoutSplits, boolean systemFixed, boolean ignoreSystemPackage,
1014 int userId) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1015 if (pkg == null) {
1016 return;
1017 }
1018
1019 String[] requestedPermissions = pkg.requestedPermissions;
1020 if (ArrayUtils.isEmpty(requestedPermissions)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1021 return;
1022 }
1023
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1024 final ArraySet<String> permissions = new ArraySet<>(permissionsWithoutSplits);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1025 ApplicationInfo applicationInfo = pkg.applicationInfo;
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1026
1027 // Automatically attempt to grant split permissions to older APKs
Philip P. Moltmann039678e2018-09-18 13:04:38 -0700[diff] [blame]1028 final List<PermissionManager.SplitPermissionInfo> splitPermissions =
1029 mContext.getSystemService(PermissionManager.class).getSplitPermissions();
1030 final int numSplitPerms = splitPermissions.size();
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1031 for (int splitPermNum = 0; splitPermNum < numSplitPerms; splitPermNum++) {
Philip P. Moltmann039678e2018-09-18 13:04:38 -0700[diff] [blame]1032 final PermissionManager.SplitPermissionInfo splitPerm =
1033 splitPermissions.get(splitPermNum);
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1034
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1035 if (applicationInfo != null
Philip P. Moltmann039678e2018-09-18 13:04:38 -0700[diff] [blame]1036 && applicationInfo.targetSdkVersion < splitPerm.getTargetSdk()
Philip P. Moltmanna3ba4d92018-10-08 11:50:07 -0700[diff] [blame]1037 && permissionsWithoutSplits.contains(splitPerm.getSplitPermission())) {
1038 permissions.addAll(splitPerm.getNewPermissions());
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1039 }
1040 }
1041
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1042 Set<String> grantablePermissions = null;
1043
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1044 // In some cases, like for the Phone or SMS app, we grant permissions regardless
1045 // of if the version on the system image declares the permission as used since
1046 // selecting the app as the default for that function the user makes a deliberate
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1047 // choice to grant this app the permissions needed to function. For all other
1048 // apps, (default grants on first boot and user creation) we don't grant default
1049 // permissions if the version on the system image does not declare them.
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1050 if (!ignoreSystemPackage
1051 && applicationInfo != null
1052 && applicationInfo.isUpdatedSystemApp()) {
1053 final PackageInfo disabledPkg = getSystemPackageInfo(
1054 mServiceInternal.getDisabledSystemPackageName(pkg.packageName));
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1055 if (disabledPkg != null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1056 if (ArrayUtils.isEmpty(disabledPkg.requestedPermissions)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1057 return;
1058 }
1059 if (!requestedPermissions.equals(disabledPkg.requestedPermissions)) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1060 grantablePermissions = new ArraySet<>(Arrays.asList(requestedPermissions));
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1061 requestedPermissions = disabledPkg.requestedPermissions;
1062 }
1063 }
1064 }
1065
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1066 final int grantablePermissionCount = requestedPermissions.length;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1067 for (int i = 0; i < grantablePermissionCount; i++) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1068 String permission = requestedPermissions[i];
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1069
1070 // If there is a disabled system app it may request a permission the updated
1071 // version ot the data partition doesn't, In this case skip the permission.
1072 if (grantablePermissions != null && !grantablePermissions.contains(permission)) {
1073 continue;
1074 }
1075
1076 if (permissions.contains(permission)) {
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame^]1077 UserHandle user = UserHandle.of(userId);
1078 final int flags = mContext.getPackageManager().getPermissionFlags(
1079 permission, pkg.packageName, user);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1080
1081 // If any flags are set to the permission, then it is either set in
1082 // its current state by the system or device/profile owner or the user.
1083 // In all these cases we do not want to clobber the current state.
1084 // Unless the caller wants to override user choices. The override is
1085 // to make sure we can grant the needed permission to the default
1086 // sms and phone apps after the user chooses this in the UI.
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1087 if (flags == 0 || ignoreSystemPackage) {
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1088 // Never clobber policy fixed permissions.
1089 // We must allow the grant of a system-fixed permission because
1090 // system-fixed is sticky, but the permission itself may be revoked.
1091 if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1092 continue;
1093 }
1094
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame^]1095 mContext.getPackageManager()
1096 .grantRuntimePermission(pkg.packageName, permission, user);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1097 if (DEBUG) {
1098 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ")
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1099 + permission + " to default handler " + pkg);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1100 }
1101
1102 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT;
1103 if (systemFixed) {
1104 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
1105 }
1106
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame^]1107 mContext.getPackageManager().updatePermissionFlags(permission, pkg.packageName,
1108 newFlags, newFlags, user);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1109 }
1110
1111 // If a component gets a permission for being the default handler A
1112 // and also default handler B, we grant the weaker grant form.
1113 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
1114 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0
1115 && !systemFixed) {
1116 if (DEBUG) {
1117 Log.i(TAG, "Granted not fixed " + permission + " to default handler "
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1118 + pkg);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1119 }
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame^]1120 mContext.getPackageManager().updatePermissionFlags(permission, pkg.packageName,
1121 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, user);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1122 }
1123 }
1124 }
1125 }
1126
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1127 private PackageInfo getSystemPackageInfo(String pkg) {
1128 //TODO not MATCH_SYSTEM_ONLY?
1129 return getPackageInfo(pkg, PackageManager.MATCH_FACTORY_ONLY);
1130 }
1131
1132 private PackageInfo getPackageInfo(String pkg) {
1133 return getPackageInfo(pkg, 0 /* extraFlags */);
1134 }
1135
1136 private PackageInfo getPackageInfo(String pkg,
1137 @PackageManager.PackageInfoFlags int extraFlags) {
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame^]1138 try {
1139 return mContext.getPackageManager().getPackageInfo(pkg,
1140 DEFAULT_PACKAGE_INFO_QUERY_FLAGS | extraFlags);
1141 } catch (NameNotFoundException e) {
1142 return null;
1143 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1144 }
1145
1146 private boolean isSysComponentOrPersistentPlatformSignedPrivApp(PackageInfo pkg) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1147 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) {
1148 return true;
1149 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1150 if (!pkg.applicationInfo.isPrivilegedApp()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1151 return false;
1152 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1153 final PackageInfo disabledPkg = getSystemPackageInfo(
1154 mServiceInternal.getDisabledSystemPackageName(pkg.applicationInfo.packageName));
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1155 if (disabledPkg != null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1156 ApplicationInfo disabledPackageAppInfo = disabledPkg.applicationInfo;
1157 if (disabledPackageAppInfo != null
1158 && (disabledPackageAppInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1159 return false;
1160 }
1161 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
1162 return false;
1163 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1164 return mServiceInternal.isPlatformSigned(pkg.packageName);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1165 }
1166
1167 private void grantDefaultPermissionExceptions(int userId) {
1168 mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
1169
1170 synchronized (mLock) {
1171 // mGrantExceptions is null only before the first read and then
1172 // it serves as a cache of the default grants that should be
1173 // performed for every user. If there is an entry then the app
1174 // is on the system image and supports runtime permissions.
1175 if (mGrantExceptions == null) {
1176 mGrantExceptions = readDefaultPermissionExceptionsLocked();
1177 }
1178 }
1179
1180 Set<String> permissions = null;
1181 final int exceptionCount = mGrantExceptions.size();
1182 for (int i = 0; i < exceptionCount; i++) {
1183 String packageName = mGrantExceptions.keyAt(i);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1184 PackageInfo pkg = getSystemPackageInfo(packageName);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1185 List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i);
1186 final int permissionGrantCount = permissionGrants.size();
1187 for (int j = 0; j < permissionGrantCount; j++) {
1188 DefaultPermissionGrant permissionGrant = permissionGrants.get(j);
Jeff Sharkey7a807602018-10-18 13:21:55 -0600[diff] [blame]1189 if (!isPermissionDangerous(permissionGrant.name)) {
1190 Log.w(TAG, "Ignoring permission " + permissionGrant.name
1191 + " which isn't dangerous");
1192 continue;
1193 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1194 if (permissions == null) {
1195 permissions = new ArraySet<>();
1196 } else {
1197 permissions.clear();
1198 }
Jeff Sharkey9d4654c2018-10-25 09:52:57 -0600[diff] [blame]1199 permissions.add(permissionGrant.name);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1200 grantRuntimePermissions(pkg, permissions, permissionGrant.fixed, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1201 }
1202 }
1203 }
1204
1205 private File[] getDefaultPermissionFiles() {
1206 ArrayList<File> ret = new ArrayList<File>();
1207 File dir = new File(Environment.getRootDirectory(), "etc/default-permissions");
1208 if (dir.isDirectory() && dir.canRead()) {
1209 Collections.addAll(ret, dir.listFiles());
1210 }
1211 dir = new File(Environment.getVendorDirectory(), "etc/default-permissions");
1212 if (dir.isDirectory() && dir.canRead()) {
1213 Collections.addAll(ret, dir.listFiles());
1214 }
Jiyong Park0989e382018-03-13 10:26:47 +0900[diff] [blame]1215 dir = new File(Environment.getOdmDirectory(), "etc/default-permissions");
1216 if (dir.isDirectory() && dir.canRead()) {
1217 Collections.addAll(ret, dir.listFiles());
1218 }
Jaekyun Seok1713d9e2018-01-12 21:47:26 +0900[diff] [blame]1219 dir = new File(Environment.getProductDirectory(), "etc/default-permissions");
1220 if (dir.isDirectory() && dir.canRead()) {
1221 Collections.addAll(ret, dir.listFiles());
1222 }
Dario Freni1ae46d72018-08-17 15:56:43 +0100[diff] [blame]1223 dir = new File(Environment.getProductServicesDirectory(),
1224 "etc/default-permissions");
1225 if (dir.isDirectory() && dir.canRead()) {
1226 Collections.addAll(ret, dir.listFiles());
1227 }
Ralph Nathanbd111582018-03-21 14:53:23 -0700[diff] [blame]1228 // For IoT devices, we check the oem partition for default permissions for each app.
1229 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) {
1230 dir = new File(Environment.getOemDirectory(), "etc/default-permissions");
1231 if (dir.isDirectory() && dir.canRead()) {
1232 Collections.addAll(ret, dir.listFiles());
1233 }
1234 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1235 return ret.isEmpty() ? null : ret.toArray(new File[0]);
1236 }
1237
1238 private @NonNull ArrayMap<String, List<DefaultPermissionGrant>>
1239 readDefaultPermissionExceptionsLocked() {
1240 File[] files = getDefaultPermissionFiles();
1241 if (files == null) {
1242 return new ArrayMap<>(0);
1243 }
1244
1245 ArrayMap<String, List<DefaultPermissionGrant>> grantExceptions = new ArrayMap<>();
1246
1247 // Iterate over the files in the directory and scan .xml files
1248 for (File file : files) {
1249 if (!file.getPath().endsWith(".xml")) {
1250 Slog.i(TAG, "Non-xml file " + file
1251 + " in " + file.getParent() + " directory, ignoring");
1252 continue;
1253 }
1254 if (!file.canRead()) {
1255 Slog.w(TAG, "Default permissions file " + file + " cannot be read");
1256 continue;
1257 }
1258 try (
1259 InputStream str = new BufferedInputStream(new FileInputStream(file))
1260 ) {
1261 XmlPullParser parser = Xml.newPullParser();
1262 parser.setInput(str, null);
1263 parse(parser, grantExceptions);
1264 } catch (XmlPullParserException | IOException e) {
1265 Slog.w(TAG, "Error reading default permissions file " + file, e);
1266 }
1267 }
1268
1269 return grantExceptions;
1270 }
1271
1272 private void parse(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1273 outGrantExceptions) throws IOException, XmlPullParserException {
1274 final int outerDepth = parser.getDepth();
1275 int type;
1276 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1277 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1278 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1279 continue;
1280 }
1281 if (TAG_EXCEPTIONS.equals(parser.getName())) {
1282 parseExceptions(parser, outGrantExceptions);
1283 } else {
1284 Log.e(TAG, "Unknown tag " + parser.getName());
1285 }
1286 }
1287 }
1288
1289 private void parseExceptions(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1290 outGrantExceptions) throws IOException, XmlPullParserException {
1291 final int outerDepth = parser.getDepth();
1292 int type;
1293 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1294 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1295 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1296 continue;
1297 }
1298 if (TAG_EXCEPTION.equals(parser.getName())) {
1299 String packageName = parser.getAttributeValue(null, ATTR_PACKAGE);
1300
1301 List<DefaultPermissionGrant> packageExceptions =
1302 outGrantExceptions.get(packageName);
1303 if (packageExceptions == null) {
1304 // The package must be on the system image
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1305 if (!isSystemPackage(packageName)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1306 Log.w(TAG, "Unknown package:" + packageName);
1307 XmlUtils.skipCurrentTag(parser);
1308 continue;
1309 }
1310
1311 // The package must support runtime permissions
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1312 if (!doesPackageSupportRuntimePermissions(getSystemPackageInfo(packageName))) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1313 Log.w(TAG, "Skipping non supporting runtime permissions package:"
1314 + packageName);
1315 XmlUtils.skipCurrentTag(parser);
1316 continue;
1317 }
1318 packageExceptions = new ArrayList<>();
1319 outGrantExceptions.put(packageName, packageExceptions);
1320 }
1321
1322 parsePermission(parser, packageExceptions);
1323 } else {
1324 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exceptions>");
1325 }
1326 }
1327 }
1328
1329 private void parsePermission(XmlPullParser parser, List<DefaultPermissionGrant>
1330 outPackageExceptions) throws IOException, XmlPullParserException {
1331 final int outerDepth = parser.getDepth();
1332 int type;
1333 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1334 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1335 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1336 continue;
1337 }
1338
1339 if (TAG_PERMISSION.contains(parser.getName())) {
1340 String name = parser.getAttributeValue(null, ATTR_NAME);
1341 if (name == null) {
1342 Log.w(TAG, "Mandatory name attribute missing for permission tag");
1343 XmlUtils.skipCurrentTag(parser);
1344 continue;
1345 }
1346
1347 final boolean fixed = XmlUtils.readBooleanAttribute(parser, ATTR_FIXED);
1348
1349 DefaultPermissionGrant exception = new DefaultPermissionGrant(name, fixed);
1350 outPackageExceptions.add(exception);
1351 } else {
1352 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exception>");
1353 }
1354 }
1355 }
1356
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1357 private static boolean doesPackageSupportRuntimePermissions(PackageInfo pkg) {
1358 return pkg.applicationInfo != null
1359 && pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1360 }
1361
Jeff Sharkey7a807602018-10-18 13:21:55 -0600[diff] [blame]1362 private boolean isPermissionDangerous(String name) {
1363 try {
1364 final PermissionInfo pi = mContext.getPackageManager().getPermissionInfo(name, 0);
Jeff Sharkey9d4654c2018-10-25 09:52:57 -0600[diff] [blame]1365 return (pi.getProtection() == PermissionInfo.PROTECTION_DANGEROUS);
Jeff Sharkey7a807602018-10-18 13:21:55 -0600[diff] [blame]1366 } catch (NameNotFoundException e) {
1367 // When unknown assume it's dangerous to be on the safe side
1368 return true;
1369 }
1370 }
1371
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1372 private static final class DefaultPermissionGrant {
1373 final String name;
1374 final boolean fixed;
1375
1376 public DefaultPermissionGrant(String name, boolean fixed) {
1377 this.name = name;
1378 this.fixed = fixed;
1379 }
1380 }
1381}