Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 82b0842051a93764e96a68072da1a220f00c2c27 / . / services / core / java / com / android / server / pm / permission / DefaultPermissionGrantPolicy.java
blob: 4e68f58ad142611dd96d27a4cbf0439de61b87e1 [file] [log] [blame]
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame^]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.pm.permission;
18
19import android.Manifest;
20import android.annotation.NonNull;
21import android.app.ActivityManager;
22import android.app.DownloadManager;
23import android.app.admin.DevicePolicyManager;
24import android.companion.CompanionDeviceManager;
25import android.content.Context;
26import android.content.Intent;
27import android.content.pm.ActivityInfo;
28import android.content.pm.ApplicationInfo;
29import android.content.pm.IPackageManager;
30import android.content.pm.PackageManager;
31import android.content.pm.PackageManagerInternal;
32import android.content.pm.PackageManagerInternal.PackagesProvider;
33import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider;
34import android.content.pm.PackageParser;
35import android.content.pm.ProviderInfo;
36import android.content.pm.ResolveInfo;
37import android.media.RingtoneManager;
38import android.net.Uri;
39import android.os.Binder;
40import android.os.Build;
41import android.os.Environment;
42import android.os.Handler;
43import android.os.Looper;
44import android.os.Message;
45import android.os.UserHandle;
46import android.os.storage.StorageManager;
47import android.print.PrintManager;
48import android.provider.CalendarContract;
49import android.provider.ContactsContract;
50import android.provider.MediaStore;
51import android.provider.Telephony.Sms.Intents;
52import android.telephony.TelephonyManager;
53import android.security.Credentials;
54import android.util.ArrayMap;
55import android.util.ArraySet;
56import android.util.Log;
57import android.util.Slog;
58import android.util.Xml;
59import com.android.internal.util.XmlUtils;
60import com.android.server.LocalServices;
61import com.android.server.pm.PackageManagerService;
62import com.android.server.pm.PackageSetting;
63
64import org.xmlpull.v1.XmlPullParser;
65import org.xmlpull.v1.XmlPullParserException;
66
67import java.io.BufferedInputStream;
68import java.io.File;
69import java.io.FileInputStream;
70import java.io.IOException;
71import java.io.InputStream;
72import java.util.ArrayList;
73import java.util.Collection;
74import java.util.Collections;
75import java.util.List;
76import java.util.Map;
77import java.util.Set;
78
79import static android.os.Process.FIRST_APPLICATION_UID;
80
81/**
82 * This class is the policy for granting runtime permissions to
83 * platform components and default handlers in the system such
84 * that the device is usable out-of-the-box. For example, the
85 * shell UID is a part of the system and the Phone app should
86 * have phone related permission by default.
87 * <p>
88 * NOTE: This class is at the wrong abstraction level. It is a part of the package manager
89 * service but knows about lots of higher level subsystems. The correct way to do this is
90 * to have an interface defined in the package manager but have the impl next to other
91 * policy stuff like PhoneWindowManager
92 */
93public final class DefaultPermissionGrantPolicy {
94 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars
95 private static final boolean DEBUG = false;
96
97 private static final int DEFAULT_FLAGS =
98 PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE
99 | PackageManager.MATCH_UNINSTALLED_PACKAGES;
100
101 private static final String AUDIO_MIME_TYPE = "audio/mpeg";
102
103 private static final String TAG_EXCEPTIONS = "exceptions";
104 private static final String TAG_EXCEPTION = "exception";
105 private static final String TAG_PERMISSION = "permission";
106 private static final String ATTR_PACKAGE = "package";
107 private static final String ATTR_NAME = "name";
108 private static final String ATTR_FIXED = "fixed";
109
110 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>();
111 static {
112 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE);
113 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE);
114 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG);
115 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG);
116 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL);
117 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP);
118 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS);
119 }
120
121 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>();
122 static {
123 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS);
124 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS);
125 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS);
126 }
127
128 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>();
129 static {
130 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION);
131 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);
132 }
133
134 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>();
135 static {
136 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR);
137 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR);
138 }
139
140 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>();
141 static {
142 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS);
143 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS);
144 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS);
145 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH);
146 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS);
147 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS);
148 }
149
150 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>();
151 static {
152 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO);
153 }
154
155 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>();
156 static {
157 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA);
158 }
159
160 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>();
161 static {
162 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS);
163 }
164
165 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>();
166 static {
167 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE);
168 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE);
169 }
170
171 private static final int MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS = 1;
172
173 private static final String ACTION_TRACK = "com.android.fitness.TRACK";
174
175 private final Handler mHandler;
176
177 private PackagesProvider mLocationPackagesProvider;
178 private PackagesProvider mVoiceInteractionPackagesProvider;
179 private PackagesProvider mSmsAppPackagesProvider;
180 private PackagesProvider mDialerAppPackagesProvider;
181 private PackagesProvider mSimCallManagerPackagesProvider;
182 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider;
183
184 private ArrayMap<String, List<DefaultPermissionGrant>> mGrantExceptions;
185 private final Context mContext;
186 private final Object mLock = new Object();
187 private final PackageManagerInternal mServiceInternal;
188 private final DefaultPermissionGrantedCallback mPermissionGrantedCallback;
189 public interface DefaultPermissionGrantedCallback {
190 /** Callback when permissions have been granted */
191 public void onDefaultRuntimePermissionsGranted(int userId);
192 }
193
194 public DefaultPermissionGrantPolicy(Context context, Looper looper,
195 DefaultPermissionGrantedCallback callback) {
196 mContext = context;
197 mHandler = new Handler(looper) {
198 @Override
199 public void handleMessage(Message msg) {
200 if (msg.what == MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS) {
201 synchronized (mLock) {
202 if (mGrantExceptions == null) {
203 mGrantExceptions = readDefaultPermissionExceptionsLocked();
204 }
205 }
206 }
207 }
208 };
209 mPermissionGrantedCallback = callback;
210 mServiceInternal = LocalServices.getService(PackageManagerInternal.class);
211 }
212
213 public void setLocationPackagesProvider(PackagesProvider provider) {
214 synchronized (mLock) {
215 mLocationPackagesProvider = provider;
216 }
217 }
218
219 public void setVoiceInteractionPackagesProvider(PackagesProvider provider) {
220 synchronized (mLock) {
221 mVoiceInteractionPackagesProvider = provider;
222 }
223 }
224
225 public void setSmsAppPackagesProvider(PackagesProvider provider) {
226 synchronized (mLock) {
227 mSmsAppPackagesProvider = provider;
228 }
229 }
230
231 public void setDialerAppPackagesProvider(PackagesProvider provider) {
232 synchronized (mLock) {
233 mDialerAppPackagesProvider = provider;
234 }
235 }
236
237 public void setSimCallManagerPackagesProvider(PackagesProvider provider) {
238 synchronized (mLock) {
239 mSimCallManagerPackagesProvider = provider;
240 }
241 }
242
243 public void setSyncAdapterPackagesProvider(SyncAdapterPackagesProvider provider) {
244 synchronized (mLock) {
245 mSyncAdapterPackagesProvider = provider;
246 }
247 }
248
249 public void grantDefaultPermissions(Collection<PackageParser.Package> packages, int userId) {
250 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) {
251 grantAllRuntimePermissions(packages, userId);
252 } else {
253 grantPermissionsToSysComponentsAndPrivApps(packages, userId);
254 grantDefaultSystemHandlerPermissions(userId);
255 grantDefaultPermissionExceptions(userId);
256 }
257 }
258
259 private void grantRuntimePermissionsForPackage(int userId, PackageParser.Package pkg) {
260 Set<String> permissions = new ArraySet<>();
261 for (String permission : pkg.requestedPermissions) {
262 final Object obj = mServiceInternal.getPermissionTEMP(permission);
263 if (obj == null || !(obj instanceof BasePermission)) {
264 continue;
265 }
266 final BasePermission bp = (BasePermission) obj;
267 if (bp.isRuntime()) {
268 permissions.add(permission);
269 }
270 }
271 if (!permissions.isEmpty()) {
272 grantRuntimePermissions(pkg, permissions, true, userId);
273 }
274 }
275
276 private void grantAllRuntimePermissions(
277 Collection<PackageParser.Package> packages, int userId) {
278 Log.i(TAG, "Granting all runtime permissions for user " + userId);
279 for (PackageParser.Package pkg : packages) {
280 grantRuntimePermissionsForPackage(userId, pkg);
281 }
282 }
283
284 public void scheduleReadDefaultPermissionExceptions() {
285 mHandler.sendEmptyMessage(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
286 }
287
288 private void grantPermissionsToSysComponentsAndPrivApps(
289 Collection<PackageParser.Package> packages, int userId) {
290 Log.i(TAG, "Granting permissions to platform components for user " + userId);
291 for (PackageParser.Package pkg : packages) {
292 if (!isSysComponentOrPersistentPlatformSignedPrivApp(pkg)
293 || !doesPackageSupportRuntimePermissions(pkg)
294 || pkg.requestedPermissions.isEmpty()) {
295 continue;
296 }
297 grantRuntimePermissionsForPackage(userId, pkg);
298 }
299 }
300
301 private void grantDefaultSystemHandlerPermissions(int userId) {
302 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId);
303
304 final PackagesProvider locationPackagesProvider;
305 final PackagesProvider voiceInteractionPackagesProvider;
306 final PackagesProvider smsAppPackagesProvider;
307 final PackagesProvider dialerAppPackagesProvider;
308 final PackagesProvider simCallManagerPackagesProvider;
309 final SyncAdapterPackagesProvider syncAdapterPackagesProvider;
310
311 synchronized (mLock) {
312 locationPackagesProvider = mLocationPackagesProvider;
313 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider;
314 smsAppPackagesProvider = mSmsAppPackagesProvider;
315 dialerAppPackagesProvider = mDialerAppPackagesProvider;
316 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider;
317 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider;
318 }
319
320 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null)
321 ? voiceInteractionPackagesProvider.getPackages(userId) : null;
322 String[] locationPackageNames = (locationPackagesProvider != null)
323 ? locationPackagesProvider.getPackages(userId) : null;
324 String[] smsAppPackageNames = (smsAppPackagesProvider != null)
325 ? smsAppPackagesProvider.getPackages(userId) : null;
326 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null)
327 ? dialerAppPackagesProvider.getPackages(userId) : null;
328 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null)
329 ? simCallManagerPackagesProvider.getPackages(userId) : null;
330 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
331 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null;
332 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
333 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null;
334
335 // Installer
336 final String installerPackageName = mServiceInternal.getKnownPackageName(
337 PackageManagerInternal.PACKAGE_INSTALLER, userId);
338 PackageParser.Package installerPackage = getSystemPackage(installerPackageName);
339 if (installerPackage != null
340 && doesPackageSupportRuntimePermissions(installerPackage)) {
341 grantRuntimePermissions(installerPackage, STORAGE_PERMISSIONS, true, userId);
342 }
343
344 // Verifier
345 final String verifierPackageName = mServiceInternal.getKnownPackageName(
346 PackageManagerInternal.PACKAGE_VERIFIER, userId);
347 PackageParser.Package verifierPackage = getSystemPackage(verifierPackageName);
348 if (verifierPackage != null
349 && doesPackageSupportRuntimePermissions(verifierPackage)) {
350 grantRuntimePermissions(verifierPackage, STORAGE_PERMISSIONS, true, userId);
351 grantRuntimePermissions(verifierPackage, PHONE_PERMISSIONS, false, userId);
352 grantRuntimePermissions(verifierPackage, SMS_PERMISSIONS, false, userId);
353 }
354
355 // SetupWizard
356 final String setupWizardPackageName = mServiceInternal.getKnownPackageName(
357 PackageManagerInternal.PACKAGE_SETUP_WIZARD, userId);
358 PackageParser.Package setupPackage = getSystemPackage(setupWizardPackageName);
359 if (setupPackage != null
360 && doesPackageSupportRuntimePermissions(setupPackage)) {
361 grantRuntimePermissions(setupPackage, PHONE_PERMISSIONS, userId);
362 grantRuntimePermissions(setupPackage, CONTACTS_PERMISSIONS, userId);
363 grantRuntimePermissions(setupPackage, LOCATION_PERMISSIONS, userId);
364 grantRuntimePermissions(setupPackage, CAMERA_PERMISSIONS, userId);
365 }
366
367 // Camera
368 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE);
369 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackage(
370 cameraIntent, userId);
371 if (cameraPackage != null
372 && doesPackageSupportRuntimePermissions(cameraPackage)) {
373 grantRuntimePermissions(cameraPackage, CAMERA_PERMISSIONS, userId);
374 grantRuntimePermissions(cameraPackage, MICROPHONE_PERMISSIONS, userId);
375 grantRuntimePermissions(cameraPackage, STORAGE_PERMISSIONS, userId);
376 }
377
378 // Media provider
379 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackage(
380 MediaStore.AUTHORITY, userId);
381 if (mediaStorePackage != null) {
382 grantRuntimePermissions(mediaStorePackage, STORAGE_PERMISSIONS, true, userId);
383 }
384
385 // Downloads provider
386 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackage(
387 "downloads", userId);
388 if (downloadsPackage != null) {
389 grantRuntimePermissions(downloadsPackage, STORAGE_PERMISSIONS, true, userId);
390 }
391
392 // Downloads UI
393 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS);
394 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackage(
395 downloadsUiIntent, userId);
396 if (downloadsUiPackage != null
397 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) {
398 grantRuntimePermissions(downloadsUiPackage, STORAGE_PERMISSIONS, true, userId);
399 }
400
401 // Storage provider
402 PackageParser.Package storagePackage = getDefaultProviderAuthorityPackage(
403 "com.android.externalstorage.documents", userId);
404 if (storagePackage != null) {
405 grantRuntimePermissions(storagePackage, STORAGE_PERMISSIONS, true, userId);
406 }
407
408 // CertInstaller
409 Intent certInstallerIntent = new Intent(Credentials.INSTALL_ACTION);
410 PackageParser.Package certInstallerPackage = getDefaultSystemHandlerActivityPackage(
411 certInstallerIntent, userId);
412 if (certInstallerPackage != null
413 && doesPackageSupportRuntimePermissions(certInstallerPackage)) {
414 grantRuntimePermissions(certInstallerPackage, STORAGE_PERMISSIONS, true, userId);
415 }
416
417 // Dialer
418 if (dialerAppPackageNames == null) {
419 Intent dialerIntent = new Intent(Intent.ACTION_DIAL);
420 PackageParser.Package dialerPackage = getDefaultSystemHandlerActivityPackage(
421 dialerIntent, userId);
422 if (dialerPackage != null) {
423 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId);
424 }
425 } else {
426 for (String dialerAppPackageName : dialerAppPackageNames) {
427 PackageParser.Package dialerPackage = getSystemPackage(dialerAppPackageName);
428 if (dialerPackage != null) {
429 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId);
430 }
431 }
432 }
433
434 // Sim call manager
435 if (simCallManagerPackageNames != null) {
436 for (String simCallManagerPackageName : simCallManagerPackageNames) {
437 PackageParser.Package simCallManagerPackage =
438 getSystemPackage(simCallManagerPackageName);
439 if (simCallManagerPackage != null) {
440 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage,
441 userId);
442 }
443 }
444 }
445
446 // SMS
447 if (smsAppPackageNames == null) {
448 Intent smsIntent = new Intent(Intent.ACTION_MAIN);
449 smsIntent.addCategory(Intent.CATEGORY_APP_MESSAGING);
450 PackageParser.Package smsPackage = getDefaultSystemHandlerActivityPackage(
451 smsIntent, userId);
452 if (smsPackage != null) {
453 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
454 }
455 } else {
456 for (String smsPackageName : smsAppPackageNames) {
457 PackageParser.Package smsPackage = getSystemPackage(smsPackageName);
458 if (smsPackage != null) {
459 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
460 }
461 }
462 }
463
464 // Cell Broadcast Receiver
465 Intent cbrIntent = new Intent(Intents.SMS_CB_RECEIVED_ACTION);
466 PackageParser.Package cbrPackage =
467 getDefaultSystemHandlerActivityPackage(cbrIntent, userId);
468 if (cbrPackage != null && doesPackageSupportRuntimePermissions(cbrPackage)) {
469 grantRuntimePermissions(cbrPackage, SMS_PERMISSIONS, userId);
470 }
471
472 // Carrier Provisioning Service
473 Intent carrierProvIntent = new Intent(Intents.SMS_CARRIER_PROVISION_ACTION);
474 PackageParser.Package carrierProvPackage =
475 getDefaultSystemHandlerServicePackage(carrierProvIntent, userId);
476 if (carrierProvPackage != null
477 && doesPackageSupportRuntimePermissions(carrierProvPackage)) {
478 grantRuntimePermissions(carrierProvPackage, SMS_PERMISSIONS, false, userId);
479 }
480
481 // Calendar
482 Intent calendarIntent = new Intent(Intent.ACTION_MAIN);
483 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR);
484 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackage(
485 calendarIntent, userId);
486 if (calendarPackage != null
487 && doesPackageSupportRuntimePermissions(calendarPackage)) {
488 grantRuntimePermissions(calendarPackage, CALENDAR_PERMISSIONS, userId);
489 grantRuntimePermissions(calendarPackage, CONTACTS_PERMISSIONS, userId);
490 }
491
492 // Calendar provider
493 PackageParser.Package calendarProviderPackage = getDefaultProviderAuthorityPackage(
494 CalendarContract.AUTHORITY, userId);
495 if (calendarProviderPackage != null) {
496 grantRuntimePermissions(calendarProviderPackage, CONTACTS_PERMISSIONS, userId);
497 grantRuntimePermissions(calendarProviderPackage, CALENDAR_PERMISSIONS,
498 true, userId);
499 grantRuntimePermissions(calendarProviderPackage, STORAGE_PERMISSIONS, userId);
500 }
501
502 // Calendar provider sync adapters
503 List<PackageParser.Package> calendarSyncAdapters = getHeadlessSyncAdapterPackages(
504 calendarSyncAdapterPackages, userId);
505 final int calendarSyncAdapterCount = calendarSyncAdapters.size();
506 for (int i = 0; i < calendarSyncAdapterCount; i++) {
507 PackageParser.Package calendarSyncAdapter = calendarSyncAdapters.get(i);
508 if (doesPackageSupportRuntimePermissions(calendarSyncAdapter)) {
509 grantRuntimePermissions(calendarSyncAdapter, CALENDAR_PERMISSIONS, userId);
510 }
511 }
512
513 // Contacts
514 Intent contactsIntent = new Intent(Intent.ACTION_MAIN);
515 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS);
516 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackage(
517 contactsIntent, userId);
518 if (contactsPackage != null
519 && doesPackageSupportRuntimePermissions(contactsPackage)) {
520 grantRuntimePermissions(contactsPackage, CONTACTS_PERMISSIONS, userId);
521 grantRuntimePermissions(contactsPackage, PHONE_PERMISSIONS, userId);
522 }
523
524 // Contacts provider sync adapters
525 List<PackageParser.Package> contactsSyncAdapters = getHeadlessSyncAdapterPackages(
526 contactsSyncAdapterPackages, userId);
527 final int contactsSyncAdapterCount = contactsSyncAdapters.size();
528 for (int i = 0; i < contactsSyncAdapterCount; i++) {
529 PackageParser.Package contactsSyncAdapter = contactsSyncAdapters.get(i);
530 if (doesPackageSupportRuntimePermissions(contactsSyncAdapter)) {
531 grantRuntimePermissions(contactsSyncAdapter, CONTACTS_PERMISSIONS, userId);
532 }
533 }
534
535 // Contacts provider
536 PackageParser.Package contactsProviderPackage = getDefaultProviderAuthorityPackage(
537 ContactsContract.AUTHORITY, userId);
538 if (contactsProviderPackage != null) {
539 grantRuntimePermissions(contactsProviderPackage, CONTACTS_PERMISSIONS,
540 true, userId);
541 grantRuntimePermissions(contactsProviderPackage, PHONE_PERMISSIONS,
542 true, userId);
543 grantRuntimePermissions(contactsProviderPackage, STORAGE_PERMISSIONS, userId);
544 }
545
546 // Device provisioning
547 Intent deviceProvisionIntent = new Intent(
548 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE);
549 PackageParser.Package deviceProvisionPackage =
550 getDefaultSystemHandlerActivityPackage(deviceProvisionIntent, userId);
551 if (deviceProvisionPackage != null
552 && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) {
553 grantRuntimePermissions(deviceProvisionPackage, CONTACTS_PERMISSIONS, userId);
554 }
555
556 // Maps
557 Intent mapsIntent = new Intent(Intent.ACTION_MAIN);
558 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS);
559 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackage(
560 mapsIntent, userId);
561 if (mapsPackage != null
562 && doesPackageSupportRuntimePermissions(mapsPackage)) {
563 grantRuntimePermissions(mapsPackage, LOCATION_PERMISSIONS, userId);
564 }
565
566 // Gallery
567 Intent galleryIntent = new Intent(Intent.ACTION_MAIN);
568 galleryIntent.addCategory(Intent.CATEGORY_APP_GALLERY);
569 PackageParser.Package galleryPackage = getDefaultSystemHandlerActivityPackage(
570 galleryIntent, userId);
571 if (galleryPackage != null
572 && doesPackageSupportRuntimePermissions(galleryPackage)) {
573 grantRuntimePermissions(galleryPackage, STORAGE_PERMISSIONS, userId);
574 }
575
576 // Email
577 Intent emailIntent = new Intent(Intent.ACTION_MAIN);
578 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL);
579 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackage(
580 emailIntent, userId);
581 if (emailPackage != null
582 && doesPackageSupportRuntimePermissions(emailPackage)) {
583 grantRuntimePermissions(emailPackage, CONTACTS_PERMISSIONS, userId);
584 grantRuntimePermissions(emailPackage, CALENDAR_PERMISSIONS, userId);
585 }
586
587 // Browser
588 PackageParser.Package browserPackage = null;
589 String defaultBrowserPackage = mServiceInternal.getKnownPackageName(
590 PackageManagerInternal.PACKAGE_BROWSER, userId);
591 if (defaultBrowserPackage != null) {
592 browserPackage = getPackage(defaultBrowserPackage);
593 }
594 if (browserPackage == null) {
595 Intent browserIntent = new Intent(Intent.ACTION_MAIN);
596 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER);
597 browserPackage = getDefaultSystemHandlerActivityPackage(
598 browserIntent, userId);
599 }
600 if (browserPackage != null
601 && doesPackageSupportRuntimePermissions(browserPackage)) {
602 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, userId);
603 }
604
605 // Voice interaction
606 if (voiceInteractPackageNames != null) {
607 for (String voiceInteractPackageName : voiceInteractPackageNames) {
608 PackageParser.Package voiceInteractPackage = getSystemPackage(
609 voiceInteractPackageName);
610 if (voiceInteractPackage != null
611 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) {
612 grantRuntimePermissions(voiceInteractPackage,
613 CONTACTS_PERMISSIONS, userId);
614 grantRuntimePermissions(voiceInteractPackage,
615 CALENDAR_PERMISSIONS, userId);
616 grantRuntimePermissions(voiceInteractPackage,
617 MICROPHONE_PERMISSIONS, userId);
618 grantRuntimePermissions(voiceInteractPackage,
619 PHONE_PERMISSIONS, userId);
620 grantRuntimePermissions(voiceInteractPackage,
621 SMS_PERMISSIONS, userId);
622 grantRuntimePermissions(voiceInteractPackage,
623 LOCATION_PERMISSIONS, userId);
624 }
625 }
626 }
627
628 if (ActivityManager.isLowRamDeviceStatic()) {
629 // Allow voice search on low-ram devices
630 Intent globalSearchIntent = new Intent("android.search.action.GLOBAL_SEARCH");
631 PackageParser.Package globalSearchPickerPackage =
632 getDefaultSystemHandlerActivityPackage(globalSearchIntent, userId);
633
634 if (globalSearchPickerPackage != null
635 && doesPackageSupportRuntimePermissions(globalSearchPickerPackage)) {
636 grantRuntimePermissions(globalSearchPickerPackage,
637 MICROPHONE_PERMISSIONS, true, userId);
638 grantRuntimePermissions(globalSearchPickerPackage,
639 LOCATION_PERMISSIONS, true, userId);
640 }
641 }
642
643 // Voice recognition
644 Intent voiceRecoIntent = new Intent("android.speech.RecognitionService");
645 voiceRecoIntent.addCategory(Intent.CATEGORY_DEFAULT);
646 PackageParser.Package voiceRecoPackage = getDefaultSystemHandlerServicePackage(
647 voiceRecoIntent, userId);
648 if (voiceRecoPackage != null
649 && doesPackageSupportRuntimePermissions(voiceRecoPackage)) {
650 grantRuntimePermissions(voiceRecoPackage, MICROPHONE_PERMISSIONS, userId);
651 }
652
653 // Location
654 if (locationPackageNames != null) {
655 for (String packageName : locationPackageNames) {
656 PackageParser.Package locationPackage = getSystemPackage(packageName);
657 if (locationPackage != null
658 && doesPackageSupportRuntimePermissions(locationPackage)) {
659 grantRuntimePermissions(locationPackage, CONTACTS_PERMISSIONS, userId);
660 grantRuntimePermissions(locationPackage, CALENDAR_PERMISSIONS, userId);
661 grantRuntimePermissions(locationPackage, MICROPHONE_PERMISSIONS, userId);
662 grantRuntimePermissions(locationPackage, PHONE_PERMISSIONS, userId);
663 grantRuntimePermissions(locationPackage, SMS_PERMISSIONS, userId);
664 grantRuntimePermissions(locationPackage, LOCATION_PERMISSIONS,
665 true, userId);
666 grantRuntimePermissions(locationPackage, CAMERA_PERMISSIONS, userId);
667 grantRuntimePermissions(locationPackage, SENSORS_PERMISSIONS, userId);
668 grantRuntimePermissions(locationPackage, STORAGE_PERMISSIONS, userId);
669 }
670 }
671 }
672
673 // Music
674 Intent musicIntent = new Intent(Intent.ACTION_VIEW);
675 musicIntent.addCategory(Intent.CATEGORY_DEFAULT);
676 musicIntent.setDataAndType(Uri.fromFile(new File("foo.mp3")),
677 AUDIO_MIME_TYPE);
678 PackageParser.Package musicPackage = getDefaultSystemHandlerActivityPackage(
679 musicIntent, userId);
680 if (musicPackage != null
681 && doesPackageSupportRuntimePermissions(musicPackage)) {
682 grantRuntimePermissions(musicPackage, STORAGE_PERMISSIONS, userId);
683 }
684
685 // Home
686 Intent homeIntent = new Intent(Intent.ACTION_MAIN);
687 homeIntent.addCategory(Intent.CATEGORY_HOME);
688 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER_APP);
689 PackageParser.Package homePackage = getDefaultSystemHandlerActivityPackage(
690 homeIntent, userId);
691 if (homePackage != null
692 && doesPackageSupportRuntimePermissions(homePackage)) {
693 grantRuntimePermissions(homePackage, LOCATION_PERMISSIONS, false, userId);
694 }
695
696 // Watches
697 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0)) {
698 // Home application on watches
699 Intent wearHomeIntent = new Intent(Intent.ACTION_MAIN);
700 wearHomeIntent.addCategory(Intent.CATEGORY_HOME_MAIN);
701
702 PackageParser.Package wearHomePackage = getDefaultSystemHandlerActivityPackage(
703 wearHomeIntent, userId);
704
705 if (wearHomePackage != null
706 && doesPackageSupportRuntimePermissions(wearHomePackage)) {
707 grantRuntimePermissions(wearHomePackage, CONTACTS_PERMISSIONS, false,
708 userId);
709 grantRuntimePermissions(wearHomePackage, PHONE_PERMISSIONS, true, userId);
710 grantRuntimePermissions(wearHomePackage, MICROPHONE_PERMISSIONS, false,
711 userId);
712 grantRuntimePermissions(wearHomePackage, LOCATION_PERMISSIONS, false,
713 userId);
714 }
715
716 // Fitness tracking on watches
717 Intent trackIntent = new Intent(ACTION_TRACK);
718 PackageParser.Package trackPackage = getDefaultSystemHandlerActivityPackage(
719 trackIntent, userId);
720 if (trackPackage != null
721 && doesPackageSupportRuntimePermissions(trackPackage)) {
722 grantRuntimePermissions(trackPackage, SENSORS_PERMISSIONS, false, userId);
723 grantRuntimePermissions(trackPackage, LOCATION_PERMISSIONS, false, userId);
724 }
725 }
726
727 // Print Spooler
728 PackageParser.Package printSpoolerPackage = getSystemPackage(
729 PrintManager.PRINT_SPOOLER_PACKAGE_NAME);
730 if (printSpoolerPackage != null
731 && doesPackageSupportRuntimePermissions(printSpoolerPackage)) {
732 grantRuntimePermissions(printSpoolerPackage, LOCATION_PERMISSIONS, true, userId);
733 }
734
735 // EmergencyInfo
736 Intent emergencyInfoIntent = new Intent(TelephonyManager.ACTION_EMERGENCY_ASSISTANCE);
737 PackageParser.Package emergencyInfoPckg = getDefaultSystemHandlerActivityPackage(
738 emergencyInfoIntent, userId);
739 if (emergencyInfoPckg != null
740 && doesPackageSupportRuntimePermissions(emergencyInfoPckg)) {
741 grantRuntimePermissions(emergencyInfoPckg, CONTACTS_PERMISSIONS, true, userId);
742 grantRuntimePermissions(emergencyInfoPckg, PHONE_PERMISSIONS, true, userId);
743 }
744
745 // NFC Tag viewer
746 Intent nfcTagIntent = new Intent(Intent.ACTION_VIEW);
747 nfcTagIntent.setType("vnd.android.cursor.item/ndef_msg");
748 PackageParser.Package nfcTagPkg = getDefaultSystemHandlerActivityPackage(
749 nfcTagIntent, userId);
750 if (nfcTagPkg != null
751 && doesPackageSupportRuntimePermissions(nfcTagPkg)) {
752 grantRuntimePermissions(nfcTagPkg, CONTACTS_PERMISSIONS, false, userId);
753 grantRuntimePermissions(nfcTagPkg, PHONE_PERMISSIONS, false, userId);
754 }
755
756 // Storage Manager
757 Intent storageManagerIntent = new Intent(StorageManager.ACTION_MANAGE_STORAGE);
758 PackageParser.Package storageManagerPckg = getDefaultSystemHandlerActivityPackage(
759 storageManagerIntent, userId);
760 if (storageManagerPckg != null
761 && doesPackageSupportRuntimePermissions(storageManagerPckg)) {
762 grantRuntimePermissions(storageManagerPckg, STORAGE_PERMISSIONS, true, userId);
763 }
764
765 // Companion devices
766 PackageParser.Package companionDeviceDiscoveryPackage = getSystemPackage(
767 CompanionDeviceManager.COMPANION_DEVICE_DISCOVERY_PACKAGE_NAME);
768 if (companionDeviceDiscoveryPackage != null
769 && doesPackageSupportRuntimePermissions(companionDeviceDiscoveryPackage)) {
770 grantRuntimePermissions(companionDeviceDiscoveryPackage,
771 LOCATION_PERMISSIONS, true, userId);
772 }
773
774 // Ringtone Picker
775 Intent ringtonePickerIntent = new Intent(RingtoneManager.ACTION_RINGTONE_PICKER);
776 PackageParser.Package ringtonePickerPackage =
777 getDefaultSystemHandlerActivityPackage(ringtonePickerIntent, userId);
778 if (ringtonePickerPackage != null
779 && doesPackageSupportRuntimePermissions(ringtonePickerPackage)) {
780 grantRuntimePermissions(ringtonePickerPackage,
781 STORAGE_PERMISSIONS, true, userId);
782 }
783
784 mPermissionGrantedCallback.onDefaultRuntimePermissionsGranted(userId);
785 }
786
787 private void grantDefaultPermissionsToDefaultSystemDialerApp(
788 PackageParser.Package dialerPackage, int userId) {
789 if (doesPackageSupportRuntimePermissions(dialerPackage)) {
790 boolean isPhonePermFixed =
791 mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0);
792 grantRuntimePermissions(
793 dialerPackage, PHONE_PERMISSIONS, isPhonePermFixed, userId);
794 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, userId);
795 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, userId);
796 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, userId);
797 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, userId);
798 }
799 }
800
801 private void grantDefaultPermissionsToDefaultSystemSmsApp(
802 PackageParser.Package smsPackage, int userId) {
803 if (doesPackageSupportRuntimePermissions(smsPackage)) {
804 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, userId);
805 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, userId);
806 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, userId);
807 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, userId);
808 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, userId);
809 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, userId);
810 }
811 }
812
813 public void grantDefaultPermissionsToDefaultSmsApp(String packageName, int userId) {
814 Log.i(TAG, "Granting permissions to default sms app for user:" + userId);
815 if (packageName == null) {
816 return;
817 }
818 PackageParser.Package smsPackage = getPackage(packageName);
819 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) {
820 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, false, true, userId);
821 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, false, true, userId);
822 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, false, true, userId);
823 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, false, true, userId);
824 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, false, true, userId);
825 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, false, true, userId);
826 }
827 }
828
829 public void grantDefaultPermissionsToDefaultDialerApp(String packageName, int userId) {
830 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId);
831 if (packageName == null) {
832 return;
833 }
834 PackageParser.Package dialerPackage = getPackage(packageName);
835 if (dialerPackage != null
836 && doesPackageSupportRuntimePermissions(dialerPackage)) {
837 grantRuntimePermissions(dialerPackage, PHONE_PERMISSIONS, false, true, userId);
838 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, false, true, userId);
839 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, false, true, userId);
840 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, false, true, userId);
841 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, false, true, userId);
842 }
843 }
844
845 private void grantDefaultPermissionsToDefaultSimCallManager(
846 PackageParser.Package simCallManagerPackage, int userId) {
847 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId);
848 if (doesPackageSupportRuntimePermissions(simCallManagerPackage)) {
849 grantRuntimePermissions(simCallManagerPackage, PHONE_PERMISSIONS, userId);
850 grantRuntimePermissions(simCallManagerPackage, MICROPHONE_PERMISSIONS, userId);
851 }
852 }
853
854 public void grantDefaultPermissionsToDefaultSimCallManager(String packageName, int userId) {
855 if (packageName == null) {
856 return;
857 }
858 PackageParser.Package simCallManagerPackage = getPackage(packageName);
859 if (simCallManagerPackage != null) {
860 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage, userId);
861 }
862 }
863
864 public void grantDefaultPermissionsToEnabledCarrierApps(String[] packageNames, int userId) {
865 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId);
866 if (packageNames == null) {
867 return;
868 }
869 for (String packageName : packageNames) {
870 PackageParser.Package carrierPackage = getSystemPackage(packageName);
871 if (carrierPackage != null
872 && doesPackageSupportRuntimePermissions(carrierPackage)) {
873 grantRuntimePermissions(carrierPackage, PHONE_PERMISSIONS, userId);
874 grantRuntimePermissions(carrierPackage, LOCATION_PERMISSIONS, userId);
875 grantRuntimePermissions(carrierPackage, SMS_PERMISSIONS, userId);
876 }
877 }
878 }
879
880 public void grantDefaultPermissionsToEnabledImsServices(String[] packageNames, int userId) {
881 Log.i(TAG, "Granting permissions to enabled ImsServices for user:" + userId);
882 if (packageNames == null) {
883 return;
884 }
885 for (String packageName : packageNames) {
886 PackageParser.Package imsServicePackage = getSystemPackage(packageName);
887 if (imsServicePackage != null
888 && doesPackageSupportRuntimePermissions(imsServicePackage)) {
889 grantRuntimePermissions(imsServicePackage, PHONE_PERMISSIONS, userId);
890 grantRuntimePermissions(imsServicePackage, MICROPHONE_PERMISSIONS, userId);
891 grantRuntimePermissions(imsServicePackage, LOCATION_PERMISSIONS, userId);
892 grantRuntimePermissions(imsServicePackage, CAMERA_PERMISSIONS, userId);
893 }
894 }
895 }
896
897 public void grantDefaultPermissionsToDefaultBrowser(String packageName, int userId) {
898 Log.i(TAG, "Granting permissions to default browser for user:" + userId);
899 if (packageName == null) {
900 return;
901 }
902 PackageParser.Package browserPackage = getSystemPackage(packageName);
903 if (browserPackage != null
904 && doesPackageSupportRuntimePermissions(browserPackage)) {
905 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, false, false, userId);
906 }
907 }
908
909 private PackageParser.Package getDefaultSystemHandlerActivityPackage(
910 Intent intent, int userId) {
911 ResolveInfo handler = mServiceInternal.resolveIntent(intent,
912 intent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS, userId, false);
913 if (handler == null || handler.activityInfo == null) {
914 return null;
915 }
916 if (mServiceInternal.isResolveActivityComponent(handler.activityInfo)) {
917 return null;
918 }
919 return getSystemPackage(handler.activityInfo.packageName);
920 }
921
922 private PackageParser.Package getDefaultSystemHandlerServicePackage(
923 Intent intent, int userId) {
924 List<ResolveInfo> handlers = mServiceInternal.queryIntentServices(
925 intent, DEFAULT_FLAGS, Binder.getCallingUid(), userId);
926 if (handlers == null) {
927 return null;
928 }
929 final int handlerCount = handlers.size();
930 for (int i = 0; i < handlerCount; i++) {
931 ResolveInfo handler = handlers.get(i);
932 PackageParser.Package handlerPackage = getSystemPackage(
933 handler.serviceInfo.packageName);
934 if (handlerPackage != null) {
935 return handlerPackage;
936 }
937 }
938 return null;
939 }
940
941 private List<PackageParser.Package> getHeadlessSyncAdapterPackages(
942 String[] syncAdapterPackageNames, int userId) {
943 List<PackageParser.Package> syncAdapterPackages = new ArrayList<>();
944
945 Intent homeIntent = new Intent(Intent.ACTION_MAIN);
946 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER);
947
948 for (String syncAdapterPackageName : syncAdapterPackageNames) {
949 homeIntent.setPackage(syncAdapterPackageName);
950
951 ResolveInfo homeActivity = mServiceInternal.resolveIntent(homeIntent,
952 homeIntent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS,
953 userId, false);
954 if (homeActivity != null) {
955 continue;
956 }
957
958 PackageParser.Package syncAdapterPackage = getSystemPackage(syncAdapterPackageName);
959 if (syncAdapterPackage != null) {
960 syncAdapterPackages.add(syncAdapterPackage);
961 }
962 }
963
964 return syncAdapterPackages;
965 }
966
967 private PackageParser.Package getDefaultProviderAuthorityPackage(
968 String authority, int userId) {
969 ProviderInfo provider =
970 mServiceInternal.resolveContentProvider(authority, DEFAULT_FLAGS, userId);
971 if (provider != null) {
972 return getSystemPackage(provider.packageName);
973 }
974 return null;
975 }
976
977 private PackageParser.Package getPackage(String packageName) {
978 return mServiceInternal.getPackage(packageName);
979 }
980
981 private PackageParser.Package getSystemPackage(String packageName) {
982 PackageParser.Package pkg = getPackage(packageName);
983 if (pkg != null && pkg.isSystemApp()) {
984 return !isSysComponentOrPersistentPlatformSignedPrivApp(pkg) ? pkg : null;
985 }
986 return null;
987 }
988
989 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
990 int userId) {
991 grantRuntimePermissions(pkg, permissions, false, false, userId);
992 }
993
994 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
995 boolean systemFixed, int userId) {
996 grantRuntimePermissions(pkg, permissions, systemFixed, false, userId);
997 }
998
999 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
1000 boolean systemFixed, boolean isDefaultPhoneOrSms, int userId) {
1001 if (pkg.requestedPermissions.isEmpty()) {
1002 return;
1003 }
1004
1005 List<String> requestedPermissions = pkg.requestedPermissions;
1006 Set<String> grantablePermissions = null;
1007
1008 // If this is the default Phone or SMS app we grant permissions regardless
1009 // whether the version on the system image declares the permission as used since
1010 // selecting the app as the default Phone or SMS the user makes a deliberate
1011 // choice to grant this app the permissions needed to function. For all other
1012 // apps, (default grants on first boot and user creation) we don't grant default
1013 // permissions if the version on the system image does not declare them.
1014 if (!isDefaultPhoneOrSms && pkg.isUpdatedSystemApp()) {
1015 final PackageParser.Package disabledPkg =
1016 mServiceInternal.getDisabledPackage(pkg.packageName);
1017 if (disabledPkg != null) {
1018 if (disabledPkg.requestedPermissions.isEmpty()) {
1019 return;
1020 }
1021 if (!requestedPermissions.equals(disabledPkg.requestedPermissions)) {
1022 grantablePermissions = new ArraySet<>(requestedPermissions);
1023 requestedPermissions = disabledPkg.requestedPermissions;
1024 }
1025 }
1026 }
1027
1028 final int grantablePermissionCount = requestedPermissions.size();
1029 for (int i = 0; i < grantablePermissionCount; i++) {
1030 String permission = requestedPermissions.get(i);
1031
1032 // If there is a disabled system app it may request a permission the updated
1033 // version ot the data partition doesn't, In this case skip the permission.
1034 if (grantablePermissions != null && !grantablePermissions.contains(permission)) {
1035 continue;
1036 }
1037
1038 if (permissions.contains(permission)) {
1039 final int flags = mServiceInternal.getPermissionFlagsTEMP(
1040 permission, pkg.packageName, userId);
1041
1042 // If any flags are set to the permission, then it is either set in
1043 // its current state by the system or device/profile owner or the user.
1044 // In all these cases we do not want to clobber the current state.
1045 // Unless the caller wants to override user choices. The override is
1046 // to make sure we can grant the needed permission to the default
1047 // sms and phone apps after the user chooses this in the UI.
1048 if (flags == 0 || isDefaultPhoneOrSms) {
1049 // Never clobber policy or system.
1050 final int fixedFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED
1051 | PackageManager.FLAG_PERMISSION_POLICY_FIXED;
1052 if ((flags & fixedFlags) != 0) {
1053 continue;
1054 }
1055
1056 mServiceInternal.grantRuntimePermission(
1057 pkg.packageName, permission, userId, false);
1058 if (DEBUG) {
1059 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ")
1060 + permission + " to default handler " + pkg.packageName);
1061 }
1062
1063 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT;
1064 if (systemFixed) {
1065 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
1066 }
1067
1068 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName,
1069 newFlags, newFlags, userId);
1070 }
1071
1072 // If a component gets a permission for being the default handler A
1073 // and also default handler B, we grant the weaker grant form.
1074 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
1075 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0
1076 && !systemFixed) {
1077 if (DEBUG) {
1078 Log.i(TAG, "Granted not fixed " + permission + " to default handler "
1079 + pkg.packageName);
1080 }
1081 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName,
1082 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, userId);
1083 }
1084 }
1085 }
1086 }
1087
1088 private boolean isSysComponentOrPersistentPlatformSignedPrivApp(PackageParser.Package pkg) {
1089 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) {
1090 return true;
1091 }
1092 if (!pkg.isPrivilegedApp()) {
1093 return false;
1094 }
1095 final PackageParser.Package disabledPkg =
1096 mServiceInternal.getDisabledPackage(pkg.packageName);
1097 if (disabledPkg != null) {
1098 if ((disabledPkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
1099 return false;
1100 }
1101 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
1102 return false;
1103 }
1104 final String systemPackageName = mServiceInternal.getKnownPackageName(
1105 PackageManagerInternal.PACKAGE_SYSTEM, UserHandle.USER_SYSTEM);
1106 final PackageParser.Package systemPackage = getPackage(systemPackageName);
1107 return PackageManagerService.compareSignatures(systemPackage.mSignatures,
1108 pkg.mSignatures) == PackageManager.SIGNATURE_MATCH;
1109 }
1110
1111 private void grantDefaultPermissionExceptions(int userId) {
1112 mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
1113
1114 synchronized (mLock) {
1115 // mGrantExceptions is null only before the first read and then
1116 // it serves as a cache of the default grants that should be
1117 // performed for every user. If there is an entry then the app
1118 // is on the system image and supports runtime permissions.
1119 if (mGrantExceptions == null) {
1120 mGrantExceptions = readDefaultPermissionExceptionsLocked();
1121 }
1122 }
1123
1124 Set<String> permissions = null;
1125 final int exceptionCount = mGrantExceptions.size();
1126 for (int i = 0; i < exceptionCount; i++) {
1127 String packageName = mGrantExceptions.keyAt(i);
1128 PackageParser.Package pkg = getSystemPackage(packageName);
1129 List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i);
1130 final int permissionGrantCount = permissionGrants.size();
1131 for (int j = 0; j < permissionGrantCount; j++) {
1132 DefaultPermissionGrant permissionGrant = permissionGrants.get(j);
1133 if (permissions == null) {
1134 permissions = new ArraySet<>();
1135 } else {
1136 permissions.clear();
1137 }
1138 permissions.add(permissionGrant.name);
1139 grantRuntimePermissions(pkg, permissions,
1140 permissionGrant.fixed, userId);
1141 }
1142 }
1143 }
1144
1145 private File[] getDefaultPermissionFiles() {
1146 ArrayList<File> ret = new ArrayList<File>();
1147 File dir = new File(Environment.getRootDirectory(), "etc/default-permissions");
1148 if (dir.isDirectory() && dir.canRead()) {
1149 Collections.addAll(ret, dir.listFiles());
1150 }
1151 dir = new File(Environment.getVendorDirectory(), "etc/default-permissions");
1152 if (dir.isDirectory() && dir.canRead()) {
1153 Collections.addAll(ret, dir.listFiles());
1154 }
1155 return ret.isEmpty() ? null : ret.toArray(new File[0]);
1156 }
1157
1158 private @NonNull ArrayMap<String, List<DefaultPermissionGrant>>
1159 readDefaultPermissionExceptionsLocked() {
1160 File[] files = getDefaultPermissionFiles();
1161 if (files == null) {
1162 return new ArrayMap<>(0);
1163 }
1164
1165 ArrayMap<String, List<DefaultPermissionGrant>> grantExceptions = new ArrayMap<>();
1166
1167 // Iterate over the files in the directory and scan .xml files
1168 for (File file : files) {
1169 if (!file.getPath().endsWith(".xml")) {
1170 Slog.i(TAG, "Non-xml file " + file
1171 + " in " + file.getParent() + " directory, ignoring");
1172 continue;
1173 }
1174 if (!file.canRead()) {
1175 Slog.w(TAG, "Default permissions file " + file + " cannot be read");
1176 continue;
1177 }
1178 try (
1179 InputStream str = new BufferedInputStream(new FileInputStream(file))
1180 ) {
1181 XmlPullParser parser = Xml.newPullParser();
1182 parser.setInput(str, null);
1183 parse(parser, grantExceptions);
1184 } catch (XmlPullParserException | IOException e) {
1185 Slog.w(TAG, "Error reading default permissions file " + file, e);
1186 }
1187 }
1188
1189 return grantExceptions;
1190 }
1191
1192 private void parse(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1193 outGrantExceptions) throws IOException, XmlPullParserException {
1194 final int outerDepth = parser.getDepth();
1195 int type;
1196 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1197 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1198 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1199 continue;
1200 }
1201 if (TAG_EXCEPTIONS.equals(parser.getName())) {
1202 parseExceptions(parser, outGrantExceptions);
1203 } else {
1204 Log.e(TAG, "Unknown tag " + parser.getName());
1205 }
1206 }
1207 }
1208
1209 private void parseExceptions(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1210 outGrantExceptions) throws IOException, XmlPullParserException {
1211 final int outerDepth = parser.getDepth();
1212 int type;
1213 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1214 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1215 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1216 continue;
1217 }
1218 if (TAG_EXCEPTION.equals(parser.getName())) {
1219 String packageName = parser.getAttributeValue(null, ATTR_PACKAGE);
1220
1221 List<DefaultPermissionGrant> packageExceptions =
1222 outGrantExceptions.get(packageName);
1223 if (packageExceptions == null) {
1224 // The package must be on the system image
1225 PackageParser.Package pkg = getSystemPackage(packageName);
1226 if (pkg == null) {
1227 Log.w(TAG, "Unknown package:" + packageName);
1228 XmlUtils.skipCurrentTag(parser);
1229 continue;
1230 }
1231
1232 // The package must support runtime permissions
1233 if (!doesPackageSupportRuntimePermissions(pkg)) {
1234 Log.w(TAG, "Skipping non supporting runtime permissions package:"
1235 + packageName);
1236 XmlUtils.skipCurrentTag(parser);
1237 continue;
1238 }
1239 packageExceptions = new ArrayList<>();
1240 outGrantExceptions.put(packageName, packageExceptions);
1241 }
1242
1243 parsePermission(parser, packageExceptions);
1244 } else {
1245 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exceptions>");
1246 }
1247 }
1248 }
1249
1250 private void parsePermission(XmlPullParser parser, List<DefaultPermissionGrant>
1251 outPackageExceptions) throws IOException, XmlPullParserException {
1252 final int outerDepth = parser.getDepth();
1253 int type;
1254 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1255 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1256 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1257 continue;
1258 }
1259
1260 if (TAG_PERMISSION.contains(parser.getName())) {
1261 String name = parser.getAttributeValue(null, ATTR_NAME);
1262 if (name == null) {
1263 Log.w(TAG, "Mandatory name attribute missing for permission tag");
1264 XmlUtils.skipCurrentTag(parser);
1265 continue;
1266 }
1267
1268 final boolean fixed = XmlUtils.readBooleanAttribute(parser, ATTR_FIXED);
1269
1270 DefaultPermissionGrant exception = new DefaultPermissionGrant(name, fixed);
1271 outPackageExceptions.add(exception);
1272 } else {
1273 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exception>");
1274 }
1275 }
1276 }
1277
1278 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) {
1279 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1;
1280 }
1281
1282 private static final class DefaultPermissionGrant {
1283 final String name;
1284 final boolean fixed;
1285
1286 public DefaultPermissionGrant(String name, boolean fixed) {
1287 this.name = name;
1288 this.fixed = fixed;
1289 }
1290 }
1291}