Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 7c4c55dcb6d386fb3843069a02c177df66df09c7 / . / services / core / java / com / android / server / pm / permission / DefaultPermissionGrantPolicy.java
blob: b9383f337757ec791ee4829f096df6dc0a48931e [file] [log] [blame]
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.pm.permission;
18
Todd Kennedy7c4c55d2017-11-02 10:01:39 -0700[diff] [blame^]19import static com.android.server.pm.PackageManagerServiceUtils.compareSignatures;
20
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]21import android.Manifest;
22import android.annotation.NonNull;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]23import android.annotation.Nullable;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]24import android.app.ActivityManager;
25import android.app.DownloadManager;
26import android.app.admin.DevicePolicyManager;
27import android.companion.CompanionDeviceManager;
28import android.content.Context;
29import android.content.Intent;
30import android.content.pm.ActivityInfo;
31import android.content.pm.ApplicationInfo;
32import android.content.pm.IPackageManager;
33import android.content.pm.PackageManager;
34import android.content.pm.PackageManagerInternal;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]35import android.content.pm.PackageParser;
36import android.content.pm.ProviderInfo;
37import android.content.pm.ResolveInfo;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]38import android.content.pm.PackageManagerInternal.PackagesProvider;
39import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]40import android.media.RingtoneManager;
41import android.net.Uri;
42import android.os.Binder;
43import android.os.Build;
44import android.os.Environment;
45import android.os.Handler;
46import android.os.Looper;
47import android.os.Message;
48import android.os.UserHandle;
49import android.os.storage.StorageManager;
50import android.print.PrintManager;
51import android.provider.CalendarContract;
52import android.provider.ContactsContract;
53import android.provider.MediaStore;
54import android.provider.Telephony.Sms.Intents;
55import android.telephony.TelephonyManager;
56import android.security.Credentials;
57import android.util.ArrayMap;
58import android.util.ArraySet;
59import android.util.Log;
60import android.util.Slog;
61import android.util.Xml;
62import com.android.internal.util.XmlUtils;
63import com.android.server.LocalServices;
64import com.android.server.pm.PackageManagerService;
65import com.android.server.pm.PackageSetting;
66
67import org.xmlpull.v1.XmlPullParser;
68import org.xmlpull.v1.XmlPullParserException;
69
70import java.io.BufferedInputStream;
71import java.io.File;
72import java.io.FileInputStream;
73import java.io.IOException;
74import java.io.InputStream;
75import java.util.ArrayList;
76import java.util.Collection;
77import java.util.Collections;
78import java.util.List;
79import java.util.Map;
80import java.util.Set;
81
82import static android.os.Process.FIRST_APPLICATION_UID;
83
84/**
85 * This class is the policy for granting runtime permissions to
86 * platform components and default handlers in the system such
87 * that the device is usable out-of-the-box. For example, the
88 * shell UID is a part of the system and the Phone app should
89 * have phone related permission by default.
90 * <p>
91 * NOTE: This class is at the wrong abstraction level. It is a part of the package manager
92 * service but knows about lots of higher level subsystems. The correct way to do this is
93 * to have an interface defined in the package manager but have the impl next to other
94 * policy stuff like PhoneWindowManager
95 */
96public final class DefaultPermissionGrantPolicy {
97 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars
98 private static final boolean DEBUG = false;
99
100 private static final int DEFAULT_FLAGS =
101 PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE
102 | PackageManager.MATCH_UNINSTALLED_PACKAGES;
103
104 private static final String AUDIO_MIME_TYPE = "audio/mpeg";
105
106 private static final String TAG_EXCEPTIONS = "exceptions";
107 private static final String TAG_EXCEPTION = "exception";
108 private static final String TAG_PERMISSION = "permission";
109 private static final String ATTR_PACKAGE = "package";
110 private static final String ATTR_NAME = "name";
111 private static final String ATTR_FIXED = "fixed";
112
113 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>();
114 static {
115 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE);
116 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE);
117 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG);
118 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG);
119 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL);
120 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP);
121 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS);
122 }
123
124 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>();
125 static {
126 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS);
127 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS);
128 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS);
129 }
130
131 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>();
132 static {
133 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION);
134 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);
135 }
136
137 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>();
138 static {
139 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR);
140 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR);
141 }
142
143 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>();
144 static {
145 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS);
146 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS);
147 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS);
148 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH);
149 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS);
150 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS);
151 }
152
153 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>();
154 static {
155 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO);
156 }
157
158 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>();
159 static {
160 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA);
161 }
162
163 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>();
164 static {
165 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS);
166 }
167
168 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>();
169 static {
170 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE);
171 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE);
172 }
173
174 private static final int MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS = 1;
175
176 private static final String ACTION_TRACK = "com.android.fitness.TRACK";
177
178 private final Handler mHandler;
179
180 private PackagesProvider mLocationPackagesProvider;
181 private PackagesProvider mVoiceInteractionPackagesProvider;
182 private PackagesProvider mSmsAppPackagesProvider;
183 private PackagesProvider mDialerAppPackagesProvider;
184 private PackagesProvider mSimCallManagerPackagesProvider;
185 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider;
186
187 private ArrayMap<String, List<DefaultPermissionGrant>> mGrantExceptions;
188 private final Context mContext;
189 private final Object mLock = new Object();
190 private final PackageManagerInternal mServiceInternal;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]191 private final PermissionManagerService mPermissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]192 private final DefaultPermissionGrantedCallback mPermissionGrantedCallback;
193 public interface DefaultPermissionGrantedCallback {
194 /** Callback when permissions have been granted */
195 public void onDefaultRuntimePermissionsGranted(int userId);
196 }
197
198 public DefaultPermissionGrantPolicy(Context context, Looper looper,
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]199 @Nullable DefaultPermissionGrantedCallback callback,
200 @NonNull PermissionManagerService permissionManager) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]201 mContext = context;
202 mHandler = new Handler(looper) {
203 @Override
204 public void handleMessage(Message msg) {
205 if (msg.what == MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS) {
206 synchronized (mLock) {
207 if (mGrantExceptions == null) {
208 mGrantExceptions = readDefaultPermissionExceptionsLocked();
209 }
210 }
211 }
212 }
213 };
214 mPermissionGrantedCallback = callback;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]215 mPermissionManager = permissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]216 mServiceInternal = LocalServices.getService(PackageManagerInternal.class);
217 }
218
219 public void setLocationPackagesProvider(PackagesProvider provider) {
220 synchronized (mLock) {
221 mLocationPackagesProvider = provider;
222 }
223 }
224
225 public void setVoiceInteractionPackagesProvider(PackagesProvider provider) {
226 synchronized (mLock) {
227 mVoiceInteractionPackagesProvider = provider;
228 }
229 }
230
231 public void setSmsAppPackagesProvider(PackagesProvider provider) {
232 synchronized (mLock) {
233 mSmsAppPackagesProvider = provider;
234 }
235 }
236
237 public void setDialerAppPackagesProvider(PackagesProvider provider) {
238 synchronized (mLock) {
239 mDialerAppPackagesProvider = provider;
240 }
241 }
242
243 public void setSimCallManagerPackagesProvider(PackagesProvider provider) {
244 synchronized (mLock) {
245 mSimCallManagerPackagesProvider = provider;
246 }
247 }
248
249 public void setSyncAdapterPackagesProvider(SyncAdapterPackagesProvider provider) {
250 synchronized (mLock) {
251 mSyncAdapterPackagesProvider = provider;
252 }
253 }
254
255 public void grantDefaultPermissions(Collection<PackageParser.Package> packages, int userId) {
256 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) {
257 grantAllRuntimePermissions(packages, userId);
258 } else {
259 grantPermissionsToSysComponentsAndPrivApps(packages, userId);
260 grantDefaultSystemHandlerPermissions(userId);
261 grantDefaultPermissionExceptions(userId);
262 }
263 }
264
265 private void grantRuntimePermissionsForPackage(int userId, PackageParser.Package pkg) {
266 Set<String> permissions = new ArraySet<>();
267 for (String permission : pkg.requestedPermissions) {
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]268 final BasePermission bp = mPermissionManager.getPermission(permission);
269 if (bp == null) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]270 continue;
271 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]272 if (bp.isRuntime()) {
273 permissions.add(permission);
274 }
275 }
276 if (!permissions.isEmpty()) {
277 grantRuntimePermissions(pkg, permissions, true, userId);
278 }
279 }
280
281 private void grantAllRuntimePermissions(
282 Collection<PackageParser.Package> packages, int userId) {
283 Log.i(TAG, "Granting all runtime permissions for user " + userId);
284 for (PackageParser.Package pkg : packages) {
285 grantRuntimePermissionsForPackage(userId, pkg);
286 }
287 }
288
289 public void scheduleReadDefaultPermissionExceptions() {
290 mHandler.sendEmptyMessage(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
291 }
292
293 private void grantPermissionsToSysComponentsAndPrivApps(
294 Collection<PackageParser.Package> packages, int userId) {
295 Log.i(TAG, "Granting permissions to platform components for user " + userId);
296 for (PackageParser.Package pkg : packages) {
297 if (!isSysComponentOrPersistentPlatformSignedPrivApp(pkg)
298 || !doesPackageSupportRuntimePermissions(pkg)
299 || pkg.requestedPermissions.isEmpty()) {
300 continue;
301 }
302 grantRuntimePermissionsForPackage(userId, pkg);
303 }
304 }
305
306 private void grantDefaultSystemHandlerPermissions(int userId) {
307 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId);
308
309 final PackagesProvider locationPackagesProvider;
310 final PackagesProvider voiceInteractionPackagesProvider;
311 final PackagesProvider smsAppPackagesProvider;
312 final PackagesProvider dialerAppPackagesProvider;
313 final PackagesProvider simCallManagerPackagesProvider;
314 final SyncAdapterPackagesProvider syncAdapterPackagesProvider;
315
316 synchronized (mLock) {
317 locationPackagesProvider = mLocationPackagesProvider;
318 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider;
319 smsAppPackagesProvider = mSmsAppPackagesProvider;
320 dialerAppPackagesProvider = mDialerAppPackagesProvider;
321 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider;
322 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider;
323 }
324
325 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null)
326 ? voiceInteractionPackagesProvider.getPackages(userId) : null;
327 String[] locationPackageNames = (locationPackagesProvider != null)
328 ? locationPackagesProvider.getPackages(userId) : null;
329 String[] smsAppPackageNames = (smsAppPackagesProvider != null)
330 ? smsAppPackagesProvider.getPackages(userId) : null;
331 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null)
332 ? dialerAppPackagesProvider.getPackages(userId) : null;
333 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null)
334 ? simCallManagerPackagesProvider.getPackages(userId) : null;
335 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
336 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null;
337 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
338 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null;
339
340 // Installer
341 final String installerPackageName = mServiceInternal.getKnownPackageName(
342 PackageManagerInternal.PACKAGE_INSTALLER, userId);
343 PackageParser.Package installerPackage = getSystemPackage(installerPackageName);
344 if (installerPackage != null
345 && doesPackageSupportRuntimePermissions(installerPackage)) {
346 grantRuntimePermissions(installerPackage, STORAGE_PERMISSIONS, true, userId);
347 }
348
349 // Verifier
350 final String verifierPackageName = mServiceInternal.getKnownPackageName(
351 PackageManagerInternal.PACKAGE_VERIFIER, userId);
352 PackageParser.Package verifierPackage = getSystemPackage(verifierPackageName);
353 if (verifierPackage != null
354 && doesPackageSupportRuntimePermissions(verifierPackage)) {
355 grantRuntimePermissions(verifierPackage, STORAGE_PERMISSIONS, true, userId);
356 grantRuntimePermissions(verifierPackage, PHONE_PERMISSIONS, false, userId);
357 grantRuntimePermissions(verifierPackage, SMS_PERMISSIONS, false, userId);
358 }
359
360 // SetupWizard
361 final String setupWizardPackageName = mServiceInternal.getKnownPackageName(
362 PackageManagerInternal.PACKAGE_SETUP_WIZARD, userId);
363 PackageParser.Package setupPackage = getSystemPackage(setupWizardPackageName);
364 if (setupPackage != null
365 && doesPackageSupportRuntimePermissions(setupPackage)) {
366 grantRuntimePermissions(setupPackage, PHONE_PERMISSIONS, userId);
367 grantRuntimePermissions(setupPackage, CONTACTS_PERMISSIONS, userId);
368 grantRuntimePermissions(setupPackage, LOCATION_PERMISSIONS, userId);
369 grantRuntimePermissions(setupPackage, CAMERA_PERMISSIONS, userId);
370 }
371
372 // Camera
373 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE);
374 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackage(
375 cameraIntent, userId);
376 if (cameraPackage != null
377 && doesPackageSupportRuntimePermissions(cameraPackage)) {
378 grantRuntimePermissions(cameraPackage, CAMERA_PERMISSIONS, userId);
379 grantRuntimePermissions(cameraPackage, MICROPHONE_PERMISSIONS, userId);
380 grantRuntimePermissions(cameraPackage, STORAGE_PERMISSIONS, userId);
381 }
382
383 // Media provider
384 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackage(
385 MediaStore.AUTHORITY, userId);
386 if (mediaStorePackage != null) {
387 grantRuntimePermissions(mediaStorePackage, STORAGE_PERMISSIONS, true, userId);
388 }
389
390 // Downloads provider
391 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackage(
392 "downloads", userId);
393 if (downloadsPackage != null) {
394 grantRuntimePermissions(downloadsPackage, STORAGE_PERMISSIONS, true, userId);
395 }
396
397 // Downloads UI
398 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS);
399 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackage(
400 downloadsUiIntent, userId);
401 if (downloadsUiPackage != null
402 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) {
403 grantRuntimePermissions(downloadsUiPackage, STORAGE_PERMISSIONS, true, userId);
404 }
405
406 // Storage provider
407 PackageParser.Package storagePackage = getDefaultProviderAuthorityPackage(
408 "com.android.externalstorage.documents", userId);
409 if (storagePackage != null) {
410 grantRuntimePermissions(storagePackage, STORAGE_PERMISSIONS, true, userId);
411 }
412
413 // CertInstaller
414 Intent certInstallerIntent = new Intent(Credentials.INSTALL_ACTION);
415 PackageParser.Package certInstallerPackage = getDefaultSystemHandlerActivityPackage(
416 certInstallerIntent, userId);
417 if (certInstallerPackage != null
418 && doesPackageSupportRuntimePermissions(certInstallerPackage)) {
419 grantRuntimePermissions(certInstallerPackage, STORAGE_PERMISSIONS, true, userId);
420 }
421
422 // Dialer
423 if (dialerAppPackageNames == null) {
424 Intent dialerIntent = new Intent(Intent.ACTION_DIAL);
425 PackageParser.Package dialerPackage = getDefaultSystemHandlerActivityPackage(
426 dialerIntent, userId);
427 if (dialerPackage != null) {
428 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId);
429 }
430 } else {
431 for (String dialerAppPackageName : dialerAppPackageNames) {
432 PackageParser.Package dialerPackage = getSystemPackage(dialerAppPackageName);
433 if (dialerPackage != null) {
434 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId);
435 }
436 }
437 }
438
439 // Sim call manager
440 if (simCallManagerPackageNames != null) {
441 for (String simCallManagerPackageName : simCallManagerPackageNames) {
442 PackageParser.Package simCallManagerPackage =
443 getSystemPackage(simCallManagerPackageName);
444 if (simCallManagerPackage != null) {
445 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage,
446 userId);
447 }
448 }
449 }
450
451 // SMS
452 if (smsAppPackageNames == null) {
453 Intent smsIntent = new Intent(Intent.ACTION_MAIN);
454 smsIntent.addCategory(Intent.CATEGORY_APP_MESSAGING);
455 PackageParser.Package smsPackage = getDefaultSystemHandlerActivityPackage(
456 smsIntent, userId);
457 if (smsPackage != null) {
458 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
459 }
460 } else {
461 for (String smsPackageName : smsAppPackageNames) {
462 PackageParser.Package smsPackage = getSystemPackage(smsPackageName);
463 if (smsPackage != null) {
464 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
465 }
466 }
467 }
468
469 // Cell Broadcast Receiver
470 Intent cbrIntent = new Intent(Intents.SMS_CB_RECEIVED_ACTION);
471 PackageParser.Package cbrPackage =
472 getDefaultSystemHandlerActivityPackage(cbrIntent, userId);
473 if (cbrPackage != null && doesPackageSupportRuntimePermissions(cbrPackage)) {
474 grantRuntimePermissions(cbrPackage, SMS_PERMISSIONS, userId);
475 }
476
477 // Carrier Provisioning Service
478 Intent carrierProvIntent = new Intent(Intents.SMS_CARRIER_PROVISION_ACTION);
479 PackageParser.Package carrierProvPackage =
480 getDefaultSystemHandlerServicePackage(carrierProvIntent, userId);
481 if (carrierProvPackage != null
482 && doesPackageSupportRuntimePermissions(carrierProvPackage)) {
483 grantRuntimePermissions(carrierProvPackage, SMS_PERMISSIONS, false, userId);
484 }
485
486 // Calendar
487 Intent calendarIntent = new Intent(Intent.ACTION_MAIN);
488 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR);
489 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackage(
490 calendarIntent, userId);
491 if (calendarPackage != null
492 && doesPackageSupportRuntimePermissions(calendarPackage)) {
493 grantRuntimePermissions(calendarPackage, CALENDAR_PERMISSIONS, userId);
494 grantRuntimePermissions(calendarPackage, CONTACTS_PERMISSIONS, userId);
495 }
496
497 // Calendar provider
498 PackageParser.Package calendarProviderPackage = getDefaultProviderAuthorityPackage(
499 CalendarContract.AUTHORITY, userId);
500 if (calendarProviderPackage != null) {
501 grantRuntimePermissions(calendarProviderPackage, CONTACTS_PERMISSIONS, userId);
502 grantRuntimePermissions(calendarProviderPackage, CALENDAR_PERMISSIONS,
503 true, userId);
504 grantRuntimePermissions(calendarProviderPackage, STORAGE_PERMISSIONS, userId);
505 }
506
507 // Calendar provider sync adapters
508 List<PackageParser.Package> calendarSyncAdapters = getHeadlessSyncAdapterPackages(
509 calendarSyncAdapterPackages, userId);
510 final int calendarSyncAdapterCount = calendarSyncAdapters.size();
511 for (int i = 0; i < calendarSyncAdapterCount; i++) {
512 PackageParser.Package calendarSyncAdapter = calendarSyncAdapters.get(i);
513 if (doesPackageSupportRuntimePermissions(calendarSyncAdapter)) {
514 grantRuntimePermissions(calendarSyncAdapter, CALENDAR_PERMISSIONS, userId);
515 }
516 }
517
518 // Contacts
519 Intent contactsIntent = new Intent(Intent.ACTION_MAIN);
520 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS);
521 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackage(
522 contactsIntent, userId);
523 if (contactsPackage != null
524 && doesPackageSupportRuntimePermissions(contactsPackage)) {
525 grantRuntimePermissions(contactsPackage, CONTACTS_PERMISSIONS, userId);
526 grantRuntimePermissions(contactsPackage, PHONE_PERMISSIONS, userId);
527 }
528
529 // Contacts provider sync adapters
530 List<PackageParser.Package> contactsSyncAdapters = getHeadlessSyncAdapterPackages(
531 contactsSyncAdapterPackages, userId);
532 final int contactsSyncAdapterCount = contactsSyncAdapters.size();
533 for (int i = 0; i < contactsSyncAdapterCount; i++) {
534 PackageParser.Package contactsSyncAdapter = contactsSyncAdapters.get(i);
535 if (doesPackageSupportRuntimePermissions(contactsSyncAdapter)) {
536 grantRuntimePermissions(contactsSyncAdapter, CONTACTS_PERMISSIONS, userId);
537 }
538 }
539
540 // Contacts provider
541 PackageParser.Package contactsProviderPackage = getDefaultProviderAuthorityPackage(
542 ContactsContract.AUTHORITY, userId);
543 if (contactsProviderPackage != null) {
544 grantRuntimePermissions(contactsProviderPackage, CONTACTS_PERMISSIONS,
545 true, userId);
546 grantRuntimePermissions(contactsProviderPackage, PHONE_PERMISSIONS,
547 true, userId);
548 grantRuntimePermissions(contactsProviderPackage, STORAGE_PERMISSIONS, userId);
549 }
550
551 // Device provisioning
552 Intent deviceProvisionIntent = new Intent(
553 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE);
554 PackageParser.Package deviceProvisionPackage =
555 getDefaultSystemHandlerActivityPackage(deviceProvisionIntent, userId);
556 if (deviceProvisionPackage != null
557 && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) {
558 grantRuntimePermissions(deviceProvisionPackage, CONTACTS_PERMISSIONS, userId);
559 }
560
561 // Maps
562 Intent mapsIntent = new Intent(Intent.ACTION_MAIN);
563 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS);
564 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackage(
565 mapsIntent, userId);
566 if (mapsPackage != null
567 && doesPackageSupportRuntimePermissions(mapsPackage)) {
568 grantRuntimePermissions(mapsPackage, LOCATION_PERMISSIONS, userId);
569 }
570
571 // Gallery
572 Intent galleryIntent = new Intent(Intent.ACTION_MAIN);
573 galleryIntent.addCategory(Intent.CATEGORY_APP_GALLERY);
574 PackageParser.Package galleryPackage = getDefaultSystemHandlerActivityPackage(
575 galleryIntent, userId);
576 if (galleryPackage != null
577 && doesPackageSupportRuntimePermissions(galleryPackage)) {
578 grantRuntimePermissions(galleryPackage, STORAGE_PERMISSIONS, userId);
579 }
580
581 // Email
582 Intent emailIntent = new Intent(Intent.ACTION_MAIN);
583 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL);
584 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackage(
585 emailIntent, userId);
586 if (emailPackage != null
587 && doesPackageSupportRuntimePermissions(emailPackage)) {
588 grantRuntimePermissions(emailPackage, CONTACTS_PERMISSIONS, userId);
589 grantRuntimePermissions(emailPackage, CALENDAR_PERMISSIONS, userId);
590 }
591
592 // Browser
593 PackageParser.Package browserPackage = null;
594 String defaultBrowserPackage = mServiceInternal.getKnownPackageName(
595 PackageManagerInternal.PACKAGE_BROWSER, userId);
596 if (defaultBrowserPackage != null) {
597 browserPackage = getPackage(defaultBrowserPackage);
598 }
599 if (browserPackage == null) {
600 Intent browserIntent = new Intent(Intent.ACTION_MAIN);
601 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER);
602 browserPackage = getDefaultSystemHandlerActivityPackage(
603 browserIntent, userId);
604 }
605 if (browserPackage != null
606 && doesPackageSupportRuntimePermissions(browserPackage)) {
607 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, userId);
608 }
609
610 // Voice interaction
611 if (voiceInteractPackageNames != null) {
612 for (String voiceInteractPackageName : voiceInteractPackageNames) {
613 PackageParser.Package voiceInteractPackage = getSystemPackage(
614 voiceInteractPackageName);
615 if (voiceInteractPackage != null
616 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) {
617 grantRuntimePermissions(voiceInteractPackage,
618 CONTACTS_PERMISSIONS, userId);
619 grantRuntimePermissions(voiceInteractPackage,
620 CALENDAR_PERMISSIONS, userId);
621 grantRuntimePermissions(voiceInteractPackage,
622 MICROPHONE_PERMISSIONS, userId);
623 grantRuntimePermissions(voiceInteractPackage,
624 PHONE_PERMISSIONS, userId);
625 grantRuntimePermissions(voiceInteractPackage,
626 SMS_PERMISSIONS, userId);
627 grantRuntimePermissions(voiceInteractPackage,
628 LOCATION_PERMISSIONS, userId);
629 }
630 }
631 }
632
633 if (ActivityManager.isLowRamDeviceStatic()) {
634 // Allow voice search on low-ram devices
635 Intent globalSearchIntent = new Intent("android.search.action.GLOBAL_SEARCH");
636 PackageParser.Package globalSearchPickerPackage =
637 getDefaultSystemHandlerActivityPackage(globalSearchIntent, userId);
638
639 if (globalSearchPickerPackage != null
640 && doesPackageSupportRuntimePermissions(globalSearchPickerPackage)) {
641 grantRuntimePermissions(globalSearchPickerPackage,
642 MICROPHONE_PERMISSIONS, true, userId);
643 grantRuntimePermissions(globalSearchPickerPackage,
644 LOCATION_PERMISSIONS, true, userId);
645 }
646 }
647
648 // Voice recognition
649 Intent voiceRecoIntent = new Intent("android.speech.RecognitionService");
650 voiceRecoIntent.addCategory(Intent.CATEGORY_DEFAULT);
651 PackageParser.Package voiceRecoPackage = getDefaultSystemHandlerServicePackage(
652 voiceRecoIntent, userId);
653 if (voiceRecoPackage != null
654 && doesPackageSupportRuntimePermissions(voiceRecoPackage)) {
655 grantRuntimePermissions(voiceRecoPackage, MICROPHONE_PERMISSIONS, userId);
656 }
657
658 // Location
659 if (locationPackageNames != null) {
660 for (String packageName : locationPackageNames) {
661 PackageParser.Package locationPackage = getSystemPackage(packageName);
662 if (locationPackage != null
663 && doesPackageSupportRuntimePermissions(locationPackage)) {
664 grantRuntimePermissions(locationPackage, CONTACTS_PERMISSIONS, userId);
665 grantRuntimePermissions(locationPackage, CALENDAR_PERMISSIONS, userId);
666 grantRuntimePermissions(locationPackage, MICROPHONE_PERMISSIONS, userId);
667 grantRuntimePermissions(locationPackage, PHONE_PERMISSIONS, userId);
668 grantRuntimePermissions(locationPackage, SMS_PERMISSIONS, userId);
669 grantRuntimePermissions(locationPackage, LOCATION_PERMISSIONS,
670 true, userId);
671 grantRuntimePermissions(locationPackage, CAMERA_PERMISSIONS, userId);
672 grantRuntimePermissions(locationPackage, SENSORS_PERMISSIONS, userId);
673 grantRuntimePermissions(locationPackage, STORAGE_PERMISSIONS, userId);
674 }
675 }
676 }
677
678 // Music
679 Intent musicIntent = new Intent(Intent.ACTION_VIEW);
680 musicIntent.addCategory(Intent.CATEGORY_DEFAULT);
681 musicIntent.setDataAndType(Uri.fromFile(new File("foo.mp3")),
682 AUDIO_MIME_TYPE);
683 PackageParser.Package musicPackage = getDefaultSystemHandlerActivityPackage(
684 musicIntent, userId);
685 if (musicPackage != null
686 && doesPackageSupportRuntimePermissions(musicPackage)) {
687 grantRuntimePermissions(musicPackage, STORAGE_PERMISSIONS, userId);
688 }
689
690 // Home
691 Intent homeIntent = new Intent(Intent.ACTION_MAIN);
692 homeIntent.addCategory(Intent.CATEGORY_HOME);
693 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER_APP);
694 PackageParser.Package homePackage = getDefaultSystemHandlerActivityPackage(
695 homeIntent, userId);
696 if (homePackage != null
697 && doesPackageSupportRuntimePermissions(homePackage)) {
698 grantRuntimePermissions(homePackage, LOCATION_PERMISSIONS, false, userId);
699 }
700
701 // Watches
702 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0)) {
703 // Home application on watches
704 Intent wearHomeIntent = new Intent(Intent.ACTION_MAIN);
705 wearHomeIntent.addCategory(Intent.CATEGORY_HOME_MAIN);
706
707 PackageParser.Package wearHomePackage = getDefaultSystemHandlerActivityPackage(
708 wearHomeIntent, userId);
709
710 if (wearHomePackage != null
711 && doesPackageSupportRuntimePermissions(wearHomePackage)) {
712 grantRuntimePermissions(wearHomePackage, CONTACTS_PERMISSIONS, false,
713 userId);
714 grantRuntimePermissions(wearHomePackage, PHONE_PERMISSIONS, true, userId);
715 grantRuntimePermissions(wearHomePackage, MICROPHONE_PERMISSIONS, false,
716 userId);
717 grantRuntimePermissions(wearHomePackage, LOCATION_PERMISSIONS, false,
718 userId);
719 }
720
721 // Fitness tracking on watches
722 Intent trackIntent = new Intent(ACTION_TRACK);
723 PackageParser.Package trackPackage = getDefaultSystemHandlerActivityPackage(
724 trackIntent, userId);
725 if (trackPackage != null
726 && doesPackageSupportRuntimePermissions(trackPackage)) {
727 grantRuntimePermissions(trackPackage, SENSORS_PERMISSIONS, false, userId);
728 grantRuntimePermissions(trackPackage, LOCATION_PERMISSIONS, false, userId);
729 }
730 }
731
732 // Print Spooler
733 PackageParser.Package printSpoolerPackage = getSystemPackage(
734 PrintManager.PRINT_SPOOLER_PACKAGE_NAME);
735 if (printSpoolerPackage != null
736 && doesPackageSupportRuntimePermissions(printSpoolerPackage)) {
737 grantRuntimePermissions(printSpoolerPackage, LOCATION_PERMISSIONS, true, userId);
738 }
739
740 // EmergencyInfo
741 Intent emergencyInfoIntent = new Intent(TelephonyManager.ACTION_EMERGENCY_ASSISTANCE);
742 PackageParser.Package emergencyInfoPckg = getDefaultSystemHandlerActivityPackage(
743 emergencyInfoIntent, userId);
744 if (emergencyInfoPckg != null
745 && doesPackageSupportRuntimePermissions(emergencyInfoPckg)) {
746 grantRuntimePermissions(emergencyInfoPckg, CONTACTS_PERMISSIONS, true, userId);
747 grantRuntimePermissions(emergencyInfoPckg, PHONE_PERMISSIONS, true, userId);
748 }
749
750 // NFC Tag viewer
751 Intent nfcTagIntent = new Intent(Intent.ACTION_VIEW);
752 nfcTagIntent.setType("vnd.android.cursor.item/ndef_msg");
753 PackageParser.Package nfcTagPkg = getDefaultSystemHandlerActivityPackage(
754 nfcTagIntent, userId);
755 if (nfcTagPkg != null
756 && doesPackageSupportRuntimePermissions(nfcTagPkg)) {
757 grantRuntimePermissions(nfcTagPkg, CONTACTS_PERMISSIONS, false, userId);
758 grantRuntimePermissions(nfcTagPkg, PHONE_PERMISSIONS, false, userId);
759 }
760
761 // Storage Manager
762 Intent storageManagerIntent = new Intent(StorageManager.ACTION_MANAGE_STORAGE);
763 PackageParser.Package storageManagerPckg = getDefaultSystemHandlerActivityPackage(
764 storageManagerIntent, userId);
765 if (storageManagerPckg != null
766 && doesPackageSupportRuntimePermissions(storageManagerPckg)) {
767 grantRuntimePermissions(storageManagerPckg, STORAGE_PERMISSIONS, true, userId);
768 }
769
770 // Companion devices
771 PackageParser.Package companionDeviceDiscoveryPackage = getSystemPackage(
772 CompanionDeviceManager.COMPANION_DEVICE_DISCOVERY_PACKAGE_NAME);
773 if (companionDeviceDiscoveryPackage != null
774 && doesPackageSupportRuntimePermissions(companionDeviceDiscoveryPackage)) {
775 grantRuntimePermissions(companionDeviceDiscoveryPackage,
776 LOCATION_PERMISSIONS, true, userId);
777 }
778
779 // Ringtone Picker
780 Intent ringtonePickerIntent = new Intent(RingtoneManager.ACTION_RINGTONE_PICKER);
781 PackageParser.Package ringtonePickerPackage =
782 getDefaultSystemHandlerActivityPackage(ringtonePickerIntent, userId);
783 if (ringtonePickerPackage != null
784 && doesPackageSupportRuntimePermissions(ringtonePickerPackage)) {
785 grantRuntimePermissions(ringtonePickerPackage,
786 STORAGE_PERMISSIONS, true, userId);
787 }
788
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]789 if (mPermissionGrantedCallback != null) {
790 mPermissionGrantedCallback.onDefaultRuntimePermissionsGranted(userId);
791 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]792 }
793
794 private void grantDefaultPermissionsToDefaultSystemDialerApp(
795 PackageParser.Package dialerPackage, int userId) {
796 if (doesPackageSupportRuntimePermissions(dialerPackage)) {
797 boolean isPhonePermFixed =
798 mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0);
799 grantRuntimePermissions(
800 dialerPackage, PHONE_PERMISSIONS, isPhonePermFixed, userId);
801 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, userId);
802 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, userId);
803 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, userId);
804 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, userId);
805 }
806 }
807
808 private void grantDefaultPermissionsToDefaultSystemSmsApp(
809 PackageParser.Package smsPackage, int userId) {
810 if (doesPackageSupportRuntimePermissions(smsPackage)) {
811 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, userId);
812 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, userId);
813 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, userId);
814 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, userId);
815 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, userId);
816 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, userId);
817 }
818 }
819
820 public void grantDefaultPermissionsToDefaultSmsApp(String packageName, int userId) {
821 Log.i(TAG, "Granting permissions to default sms app for user:" + userId);
822 if (packageName == null) {
823 return;
824 }
825 PackageParser.Package smsPackage = getPackage(packageName);
826 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) {
827 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, false, true, userId);
828 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, false, true, userId);
829 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, false, true, userId);
830 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, false, true, userId);
831 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, false, true, userId);
832 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, false, true, userId);
833 }
834 }
835
836 public void grantDefaultPermissionsToDefaultDialerApp(String packageName, int userId) {
837 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId);
838 if (packageName == null) {
839 return;
840 }
841 PackageParser.Package dialerPackage = getPackage(packageName);
842 if (dialerPackage != null
843 && doesPackageSupportRuntimePermissions(dialerPackage)) {
844 grantRuntimePermissions(dialerPackage, PHONE_PERMISSIONS, false, true, userId);
845 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, false, true, userId);
846 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, false, true, userId);
847 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, false, true, userId);
848 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, false, true, userId);
849 }
850 }
851
852 private void grantDefaultPermissionsToDefaultSimCallManager(
853 PackageParser.Package simCallManagerPackage, int userId) {
854 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId);
855 if (doesPackageSupportRuntimePermissions(simCallManagerPackage)) {
856 grantRuntimePermissions(simCallManagerPackage, PHONE_PERMISSIONS, userId);
857 grantRuntimePermissions(simCallManagerPackage, MICROPHONE_PERMISSIONS, userId);
858 }
859 }
860
861 public void grantDefaultPermissionsToDefaultSimCallManager(String packageName, int userId) {
862 if (packageName == null) {
863 return;
864 }
865 PackageParser.Package simCallManagerPackage = getPackage(packageName);
866 if (simCallManagerPackage != null) {
867 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage, userId);
868 }
869 }
870
871 public void grantDefaultPermissionsToEnabledCarrierApps(String[] packageNames, int userId) {
872 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId);
873 if (packageNames == null) {
874 return;
875 }
876 for (String packageName : packageNames) {
877 PackageParser.Package carrierPackage = getSystemPackage(packageName);
878 if (carrierPackage != null
879 && doesPackageSupportRuntimePermissions(carrierPackage)) {
880 grantRuntimePermissions(carrierPackage, PHONE_PERMISSIONS, userId);
881 grantRuntimePermissions(carrierPackage, LOCATION_PERMISSIONS, userId);
882 grantRuntimePermissions(carrierPackage, SMS_PERMISSIONS, userId);
883 }
884 }
885 }
886
887 public void grantDefaultPermissionsToEnabledImsServices(String[] packageNames, int userId) {
888 Log.i(TAG, "Granting permissions to enabled ImsServices for user:" + userId);
889 if (packageNames == null) {
890 return;
891 }
892 for (String packageName : packageNames) {
893 PackageParser.Package imsServicePackage = getSystemPackage(packageName);
894 if (imsServicePackage != null
895 && doesPackageSupportRuntimePermissions(imsServicePackage)) {
896 grantRuntimePermissions(imsServicePackage, PHONE_PERMISSIONS, userId);
897 grantRuntimePermissions(imsServicePackage, MICROPHONE_PERMISSIONS, userId);
898 grantRuntimePermissions(imsServicePackage, LOCATION_PERMISSIONS, userId);
899 grantRuntimePermissions(imsServicePackage, CAMERA_PERMISSIONS, userId);
900 }
901 }
902 }
903
904 public void grantDefaultPermissionsToDefaultBrowser(String packageName, int userId) {
905 Log.i(TAG, "Granting permissions to default browser for user:" + userId);
906 if (packageName == null) {
907 return;
908 }
909 PackageParser.Package browserPackage = getSystemPackage(packageName);
910 if (browserPackage != null
911 && doesPackageSupportRuntimePermissions(browserPackage)) {
912 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, false, false, userId);
913 }
914 }
915
916 private PackageParser.Package getDefaultSystemHandlerActivityPackage(
917 Intent intent, int userId) {
918 ResolveInfo handler = mServiceInternal.resolveIntent(intent,
919 intent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS, userId, false);
920 if (handler == null || handler.activityInfo == null) {
921 return null;
922 }
923 if (mServiceInternal.isResolveActivityComponent(handler.activityInfo)) {
924 return null;
925 }
926 return getSystemPackage(handler.activityInfo.packageName);
927 }
928
929 private PackageParser.Package getDefaultSystemHandlerServicePackage(
930 Intent intent, int userId) {
931 List<ResolveInfo> handlers = mServiceInternal.queryIntentServices(
932 intent, DEFAULT_FLAGS, Binder.getCallingUid(), userId);
933 if (handlers == null) {
934 return null;
935 }
936 final int handlerCount = handlers.size();
937 for (int i = 0; i < handlerCount; i++) {
938 ResolveInfo handler = handlers.get(i);
939 PackageParser.Package handlerPackage = getSystemPackage(
940 handler.serviceInfo.packageName);
941 if (handlerPackage != null) {
942 return handlerPackage;
943 }
944 }
945 return null;
946 }
947
948 private List<PackageParser.Package> getHeadlessSyncAdapterPackages(
949 String[] syncAdapterPackageNames, int userId) {
950 List<PackageParser.Package> syncAdapterPackages = new ArrayList<>();
951
952 Intent homeIntent = new Intent(Intent.ACTION_MAIN);
953 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER);
954
955 for (String syncAdapterPackageName : syncAdapterPackageNames) {
956 homeIntent.setPackage(syncAdapterPackageName);
957
958 ResolveInfo homeActivity = mServiceInternal.resolveIntent(homeIntent,
959 homeIntent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS,
960 userId, false);
961 if (homeActivity != null) {
962 continue;
963 }
964
965 PackageParser.Package syncAdapterPackage = getSystemPackage(syncAdapterPackageName);
966 if (syncAdapterPackage != null) {
967 syncAdapterPackages.add(syncAdapterPackage);
968 }
969 }
970
971 return syncAdapterPackages;
972 }
973
974 private PackageParser.Package getDefaultProviderAuthorityPackage(
975 String authority, int userId) {
976 ProviderInfo provider =
977 mServiceInternal.resolveContentProvider(authority, DEFAULT_FLAGS, userId);
978 if (provider != null) {
979 return getSystemPackage(provider.packageName);
980 }
981 return null;
982 }
983
984 private PackageParser.Package getPackage(String packageName) {
985 return mServiceInternal.getPackage(packageName);
986 }
987
988 private PackageParser.Package getSystemPackage(String packageName) {
989 PackageParser.Package pkg = getPackage(packageName);
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]990 if (pkg != null && pkg.isSystem()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]991 return !isSysComponentOrPersistentPlatformSignedPrivApp(pkg) ? pkg : null;
992 }
993 return null;
994 }
995
996 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
997 int userId) {
998 grantRuntimePermissions(pkg, permissions, false, false, userId);
999 }
1000
1001 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
1002 boolean systemFixed, int userId) {
1003 grantRuntimePermissions(pkg, permissions, systemFixed, false, userId);
1004 }
1005
1006 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
1007 boolean systemFixed, boolean isDefaultPhoneOrSms, int userId) {
1008 if (pkg.requestedPermissions.isEmpty()) {
1009 return;
1010 }
1011
1012 List<String> requestedPermissions = pkg.requestedPermissions;
1013 Set<String> grantablePermissions = null;
1014
1015 // If this is the default Phone or SMS app we grant permissions regardless
1016 // whether the version on the system image declares the permission as used since
1017 // selecting the app as the default Phone or SMS the user makes a deliberate
1018 // choice to grant this app the permissions needed to function. For all other
1019 // apps, (default grants on first boot and user creation) we don't grant default
1020 // permissions if the version on the system image does not declare them.
1021 if (!isDefaultPhoneOrSms && pkg.isUpdatedSystemApp()) {
1022 final PackageParser.Package disabledPkg =
1023 mServiceInternal.getDisabledPackage(pkg.packageName);
1024 if (disabledPkg != null) {
1025 if (disabledPkg.requestedPermissions.isEmpty()) {
1026 return;
1027 }
1028 if (!requestedPermissions.equals(disabledPkg.requestedPermissions)) {
1029 grantablePermissions = new ArraySet<>(requestedPermissions);
1030 requestedPermissions = disabledPkg.requestedPermissions;
1031 }
1032 }
1033 }
1034
1035 final int grantablePermissionCount = requestedPermissions.size();
1036 for (int i = 0; i < grantablePermissionCount; i++) {
1037 String permission = requestedPermissions.get(i);
1038
1039 // If there is a disabled system app it may request a permission the updated
1040 // version ot the data partition doesn't, In this case skip the permission.
1041 if (grantablePermissions != null && !grantablePermissions.contains(permission)) {
1042 continue;
1043 }
1044
1045 if (permissions.contains(permission)) {
1046 final int flags = mServiceInternal.getPermissionFlagsTEMP(
1047 permission, pkg.packageName, userId);
1048
1049 // If any flags are set to the permission, then it is either set in
1050 // its current state by the system or device/profile owner or the user.
1051 // In all these cases we do not want to clobber the current state.
1052 // Unless the caller wants to override user choices. The override is
1053 // to make sure we can grant the needed permission to the default
1054 // sms and phone apps after the user chooses this in the UI.
1055 if (flags == 0 || isDefaultPhoneOrSms) {
1056 // Never clobber policy or system.
1057 final int fixedFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED
1058 | PackageManager.FLAG_PERMISSION_POLICY_FIXED;
1059 if ((flags & fixedFlags) != 0) {
1060 continue;
1061 }
1062
1063 mServiceInternal.grantRuntimePermission(
1064 pkg.packageName, permission, userId, false);
1065 if (DEBUG) {
1066 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ")
1067 + permission + " to default handler " + pkg.packageName);
1068 }
1069
1070 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT;
1071 if (systemFixed) {
1072 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
1073 }
1074
1075 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName,
1076 newFlags, newFlags, userId);
1077 }
1078
1079 // If a component gets a permission for being the default handler A
1080 // and also default handler B, we grant the weaker grant form.
1081 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
1082 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0
1083 && !systemFixed) {
1084 if (DEBUG) {
1085 Log.i(TAG, "Granted not fixed " + permission + " to default handler "
1086 + pkg.packageName);
1087 }
1088 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName,
1089 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, userId);
1090 }
1091 }
1092 }
1093 }
1094
1095 private boolean isSysComponentOrPersistentPlatformSignedPrivApp(PackageParser.Package pkg) {
1096 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) {
1097 return true;
1098 }
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1099 if (!pkg.isPrivileged()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1100 return false;
1101 }
1102 final PackageParser.Package disabledPkg =
1103 mServiceInternal.getDisabledPackage(pkg.packageName);
1104 if (disabledPkg != null) {
1105 if ((disabledPkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
1106 return false;
1107 }
1108 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
1109 return false;
1110 }
1111 final String systemPackageName = mServiceInternal.getKnownPackageName(
1112 PackageManagerInternal.PACKAGE_SYSTEM, UserHandle.USER_SYSTEM);
1113 final PackageParser.Package systemPackage = getPackage(systemPackageName);
Todd Kennedy7c4c55d2017-11-02 10:01:39 -0700[diff] [blame^]1114 return compareSignatures(systemPackage.mSignatures, pkg.mSignatures)
1115 == PackageManager.SIGNATURE_MATCH;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1116 }
1117
1118 private void grantDefaultPermissionExceptions(int userId) {
1119 mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
1120
1121 synchronized (mLock) {
1122 // mGrantExceptions is null only before the first read and then
1123 // it serves as a cache of the default grants that should be
1124 // performed for every user. If there is an entry then the app
1125 // is on the system image and supports runtime permissions.
1126 if (mGrantExceptions == null) {
1127 mGrantExceptions = readDefaultPermissionExceptionsLocked();
1128 }
1129 }
1130
1131 Set<String> permissions = null;
1132 final int exceptionCount = mGrantExceptions.size();
1133 for (int i = 0; i < exceptionCount; i++) {
1134 String packageName = mGrantExceptions.keyAt(i);
1135 PackageParser.Package pkg = getSystemPackage(packageName);
1136 List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i);
1137 final int permissionGrantCount = permissionGrants.size();
1138 for (int j = 0; j < permissionGrantCount; j++) {
1139 DefaultPermissionGrant permissionGrant = permissionGrants.get(j);
1140 if (permissions == null) {
1141 permissions = new ArraySet<>();
1142 } else {
1143 permissions.clear();
1144 }
1145 permissions.add(permissionGrant.name);
1146 grantRuntimePermissions(pkg, permissions,
1147 permissionGrant.fixed, userId);
1148 }
1149 }
1150 }
1151
1152 private File[] getDefaultPermissionFiles() {
1153 ArrayList<File> ret = new ArrayList<File>();
1154 File dir = new File(Environment.getRootDirectory(), "etc/default-permissions");
1155 if (dir.isDirectory() && dir.canRead()) {
1156 Collections.addAll(ret, dir.listFiles());
1157 }
1158 dir = new File(Environment.getVendorDirectory(), "etc/default-permissions");
1159 if (dir.isDirectory() && dir.canRead()) {
1160 Collections.addAll(ret, dir.listFiles());
1161 }
1162 return ret.isEmpty() ? null : ret.toArray(new File[0]);
1163 }
1164
1165 private @NonNull ArrayMap<String, List<DefaultPermissionGrant>>
1166 readDefaultPermissionExceptionsLocked() {
1167 File[] files = getDefaultPermissionFiles();
1168 if (files == null) {
1169 return new ArrayMap<>(0);
1170 }
1171
1172 ArrayMap<String, List<DefaultPermissionGrant>> grantExceptions = new ArrayMap<>();
1173
1174 // Iterate over the files in the directory and scan .xml files
1175 for (File file : files) {
1176 if (!file.getPath().endsWith(".xml")) {
1177 Slog.i(TAG, "Non-xml file " + file
1178 + " in " + file.getParent() + " directory, ignoring");
1179 continue;
1180 }
1181 if (!file.canRead()) {
1182 Slog.w(TAG, "Default permissions file " + file + " cannot be read");
1183 continue;
1184 }
1185 try (
1186 InputStream str = new BufferedInputStream(new FileInputStream(file))
1187 ) {
1188 XmlPullParser parser = Xml.newPullParser();
1189 parser.setInput(str, null);
1190 parse(parser, grantExceptions);
1191 } catch (XmlPullParserException | IOException e) {
1192 Slog.w(TAG, "Error reading default permissions file " + file, e);
1193 }
1194 }
1195
1196 return grantExceptions;
1197 }
1198
1199 private void parse(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1200 outGrantExceptions) throws IOException, XmlPullParserException {
1201 final int outerDepth = parser.getDepth();
1202 int type;
1203 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1204 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1205 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1206 continue;
1207 }
1208 if (TAG_EXCEPTIONS.equals(parser.getName())) {
1209 parseExceptions(parser, outGrantExceptions);
1210 } else {
1211 Log.e(TAG, "Unknown tag " + parser.getName());
1212 }
1213 }
1214 }
1215
1216 private void parseExceptions(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1217 outGrantExceptions) throws IOException, XmlPullParserException {
1218 final int outerDepth = parser.getDepth();
1219 int type;
1220 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1221 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1222 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1223 continue;
1224 }
1225 if (TAG_EXCEPTION.equals(parser.getName())) {
1226 String packageName = parser.getAttributeValue(null, ATTR_PACKAGE);
1227
1228 List<DefaultPermissionGrant> packageExceptions =
1229 outGrantExceptions.get(packageName);
1230 if (packageExceptions == null) {
1231 // The package must be on the system image
1232 PackageParser.Package pkg = getSystemPackage(packageName);
1233 if (pkg == null) {
1234 Log.w(TAG, "Unknown package:" + packageName);
1235 XmlUtils.skipCurrentTag(parser);
1236 continue;
1237 }
1238
1239 // The package must support runtime permissions
1240 if (!doesPackageSupportRuntimePermissions(pkg)) {
1241 Log.w(TAG, "Skipping non supporting runtime permissions package:"
1242 + packageName);
1243 XmlUtils.skipCurrentTag(parser);
1244 continue;
1245 }
1246 packageExceptions = new ArrayList<>();
1247 outGrantExceptions.put(packageName, packageExceptions);
1248 }
1249
1250 parsePermission(parser, packageExceptions);
1251 } else {
1252 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exceptions>");
1253 }
1254 }
1255 }
1256
1257 private void parsePermission(XmlPullParser parser, List<DefaultPermissionGrant>
1258 outPackageExceptions) throws IOException, XmlPullParserException {
1259 final int outerDepth = parser.getDepth();
1260 int type;
1261 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1262 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1263 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1264 continue;
1265 }
1266
1267 if (TAG_PERMISSION.contains(parser.getName())) {
1268 String name = parser.getAttributeValue(null, ATTR_NAME);
1269 if (name == null) {
1270 Log.w(TAG, "Mandatory name attribute missing for permission tag");
1271 XmlUtils.skipCurrentTag(parser);
1272 continue;
1273 }
1274
1275 final boolean fixed = XmlUtils.readBooleanAttribute(parser, ATTR_FIXED);
1276
1277 DefaultPermissionGrant exception = new DefaultPermissionGrant(name, fixed);
1278 outPackageExceptions.add(exception);
1279 } else {
1280 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exception>");
1281 }
1282 }
1283 }
1284
1285 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) {
1286 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1;
1287 }
1288
1289 private static final class DefaultPermissionGrant {
1290 final String name;
1291 final boolean fixed;
1292
1293 public DefaultPermissionGrant(String name, boolean fixed) {
1294 this.name = name;
1295 this.fixed = fixed;
1296 }
1297 }
1298}