Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / 8e708ff38048e75f700365e686898e62942fb2e2 / . / services / core / java / com / android / server / pm / permission / DefaultPermissionGrantPolicy.java
blob: 2eedf0c696e2aed4dc070a63498e8e5948db7b11 [file] [log] [blame]
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.pm.permission;
18
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]19import static android.os.Process.FIRST_APPLICATION_UID;
Todd Kennedy7c4c55d2017-11-02 10:01:39 -0700[diff] [blame]20
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]21import android.Manifest;
22import android.annotation.NonNull;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]23import android.annotation.Nullable;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]24import android.app.ActivityManager;
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]25import android.app.AppOpsManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]26import android.app.DownloadManager;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]27import android.app.SearchManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]28import android.app.admin.DevicePolicyManager;
29import android.companion.CompanionDeviceManager;
30import android.content.Context;
31import android.content.Intent;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]32import android.content.pm.ApplicationInfo;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]33import android.content.pm.PackageInfo;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]34import android.content.pm.PackageManager;
Jeff Sharkey7a807602018-10-18 13:21:55 -0600[diff] [blame]35import android.content.pm.PackageManager.NameNotFoundException;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]36import android.content.pm.PackageManagerInternal;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]37import android.content.pm.PackageManagerInternal.PackagesProvider;
38import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider;
Jeff Sharkey7a807602018-10-18 13:21:55 -0600[diff] [blame]39import android.content.pm.PermissionInfo;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]40import android.content.pm.ProviderInfo;
41import android.content.pm.ResolveInfo;
42import android.media.RingtoneManager;
43import android.net.Uri;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]44import android.os.Build;
45import android.os.Environment;
46import android.os.Handler;
47import android.os.Looper;
48import android.os.Message;
49import android.os.UserHandle;
50import android.os.storage.StorageManager;
Philip P. Moltmann039678e2018-09-18 13:04:38 -0700[diff] [blame]51import android.permission.PermissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]52import android.print.PrintManager;
53import android.provider.CalendarContract;
54import android.provider.ContactsContract;
55import android.provider.MediaStore;
56import android.provider.Telephony.Sms.Intents;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]57import android.security.Credentials;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]58import android.speech.RecognitionService;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]59import android.telephony.TelephonyManager;
Ye Wen8e8b2d52018-03-14 11:48:24 -0700[diff] [blame]60import android.text.TextUtils;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]61import android.util.ArrayMap;
62import android.util.ArraySet;
63import android.util.Log;
64import android.util.Slog;
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]65import android.util.SparseIntArray;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]66import android.util.Xml;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]67
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]68import com.android.internal.annotations.GuardedBy;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]69import com.android.internal.util.ArrayUtils;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]70import com.android.internal.util.XmlUtils;
71import com.android.server.LocalServices;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]72
73import org.xmlpull.v1.XmlPullParser;
74import org.xmlpull.v1.XmlPullParserException;
75
76import java.io.BufferedInputStream;
77import java.io.File;
78import java.io.FileInputStream;
79import java.io.IOException;
80import java.io.InputStream;
81import java.util.ArrayList;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]82import java.util.Arrays;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]83import java.util.Collections;
84import java.util.List;
85import java.util.Map;
86import java.util.Set;
87
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]88/**
89 * This class is the policy for granting runtime permissions to
90 * platform components and default handlers in the system such
91 * that the device is usable out-of-the-box. For example, the
92 * shell UID is a part of the system and the Phone app should
93 * have phone related permission by default.
94 * <p>
95 * NOTE: This class is at the wrong abstraction level. It is a part of the package manager
96 * service but knows about lots of higher level subsystems. The correct way to do this is
97 * to have an interface defined in the package manager but have the impl next to other
98 * policy stuff like PhoneWindowManager
99 */
100public final class DefaultPermissionGrantPolicy {
101 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars
102 private static final boolean DEBUG = false;
103
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]104 @PackageManager.ResolveInfoFlags
105 private static final int DEFAULT_INTENT_QUERY_FLAGS =
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]106 PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE
107 | PackageManager.MATCH_UNINSTALLED_PACKAGES;
108
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]109 @PackageManager.PackageInfoFlags
110 private static final int DEFAULT_PACKAGE_INFO_QUERY_FLAGS =
Eugene Suslaa8d1a452019-04-10 18:00:35 -0700[diff] [blame]111 PackageManager.MATCH_UNINSTALLED_PACKAGES
112 | PackageManager.MATCH_DISABLED_UNTIL_USED_COMPONENTS
113 | PackageManager.MATCH_HIDDEN_UNTIL_INSTALLED_COMPONENTS
114 | PackageManager.GET_PERMISSIONS;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]115
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]116 private static final String AUDIO_MIME_TYPE = "audio/mpeg";
117
118 private static final String TAG_EXCEPTIONS = "exceptions";
119 private static final String TAG_EXCEPTION = "exception";
120 private static final String TAG_PERMISSION = "permission";
121 private static final String ATTR_PACKAGE = "package";
122 private static final String ATTR_NAME = "name";
123 private static final String ATTR_FIXED = "fixed";
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]124 private static final String ATTR_WHITELISTED = "whitelisted";
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]125
126 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>();
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]127
128
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]129 static {
130 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE);
131 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE);
132 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG);
133 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG);
134 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL);
135 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP);
136 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS);
137 }
138
139 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>();
140 static {
141 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS);
142 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS);
143 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS);
144 }
145
Calvin On5eda9dd2018-12-12 15:43:28 -0800[diff] [blame]146 private static final Set<String> ALWAYS_LOCATION_PERMISSIONS = new ArraySet<>();
147 static {
148 ALWAYS_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION);
149 ALWAYS_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);
150 ALWAYS_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_BACKGROUND_LOCATION);
151 }
152
Zimuzo5ac1eb92018-11-29 12:51:14 +0000[diff] [blame]153 private static final Set<String> ACTIVITY_RECOGNITION_PERMISSIONS = new ArraySet<>();
154 static {
155 ACTIVITY_RECOGNITION_PERMISSIONS.add(Manifest.permission.ACTIVITY_RECOGNITION);
156 }
157
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]158 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>();
159 static {
160 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR);
161 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR);
162 }
163
164 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>();
165 static {
166 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS);
167 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS);
168 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS);
169 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH);
170 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS);
171 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS);
172 }
173
174 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>();
175 static {
176 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO);
177 }
178
179 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>();
180 static {
181 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA);
182 }
183
184 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>();
185 static {
186 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS);
187 }
188
189 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>();
190 static {
Philip P. Moltmannccc8add2019-03-22 12:21:56 -0700[diff] [blame]191 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE);
192 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE);
Philip P. Moltmannac7b10c2019-09-13 15:12:34 -0700[diff] [blame]193 STORAGE_PERMISSIONS.add(Manifest.permission.ACCESS_MEDIA_LOCATION);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]194 }
195
196 private static final int MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS = 1;
197
198 private static final String ACTION_TRACK = "com.android.fitness.TRACK";
199
200 private final Handler mHandler;
201
202 private PackagesProvider mLocationPackagesProvider;
Wei Wangffb94e62019-01-14 00:05:45 -0800[diff] [blame]203 private PackagesProvider mLocationExtraPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]204 private PackagesProvider mVoiceInteractionPackagesProvider;
205 private PackagesProvider mSmsAppPackagesProvider;
206 private PackagesProvider mDialerAppPackagesProvider;
207 private PackagesProvider mSimCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]208 private PackagesProvider mUseOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]209 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider;
210
211 private ArrayMap<String, List<DefaultPermissionGrant>> mGrantExceptions;
212 private final Context mContext;
213 private final Object mLock = new Object();
214 private final PackageManagerInternal mServiceInternal;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]215 private final PermissionManagerService mPermissionManager;
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]216
217 @GuardedBy("mLock")
218 private SparseIntArray mDefaultPermissionsGrantedUsers = new SparseIntArray();
219
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]220 DefaultPermissionGrantPolicy(Context context, Looper looper,
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]221 @NonNull PermissionManagerService permissionManager) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]222 mContext = context;
223 mHandler = new Handler(looper) {
224 @Override
225 public void handleMessage(Message msg) {
226 if (msg.what == MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS) {
227 synchronized (mLock) {
228 if (mGrantExceptions == null) {
229 mGrantExceptions = readDefaultPermissionExceptionsLocked();
230 }
231 }
232 }
233 }
234 };
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]235 mPermissionManager = permissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]236 mServiceInternal = LocalServices.getService(PackageManagerInternal.class);
237 }
238
239 public void setLocationPackagesProvider(PackagesProvider provider) {
240 synchronized (mLock) {
241 mLocationPackagesProvider = provider;
242 }
243 }
244
Wei Wangffb94e62019-01-14 00:05:45 -0800[diff] [blame]245 /** Sets the provider for loction extra packages. */
246 public void setLocationExtraPackagesProvider(PackagesProvider provider) {
247 synchronized (mLock) {
248 mLocationExtraPackagesProvider = provider;
249 }
250 }
251
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]252 public void setVoiceInteractionPackagesProvider(PackagesProvider provider) {
253 synchronized (mLock) {
254 mVoiceInteractionPackagesProvider = provider;
255 }
256 }
257
258 public void setSmsAppPackagesProvider(PackagesProvider provider) {
259 synchronized (mLock) {
260 mSmsAppPackagesProvider = provider;
261 }
262 }
263
264 public void setDialerAppPackagesProvider(PackagesProvider provider) {
265 synchronized (mLock) {
266 mDialerAppPackagesProvider = provider;
267 }
268 }
269
270 public void setSimCallManagerPackagesProvider(PackagesProvider provider) {
271 synchronized (mLock) {
272 mSimCallManagerPackagesProvider = provider;
273 }
274 }
275
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]276 public void setUseOpenWifiAppPackagesProvider(PackagesProvider provider) {
277 synchronized (mLock) {
278 mUseOpenWifiAppPackagesProvider = provider;
279 }
280 }
281
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]282 public void setSyncAdapterPackagesProvider(SyncAdapterPackagesProvider provider) {
283 synchronized (mLock) {
284 mSyncAdapterPackagesProvider = provider;
285 }
286 }
287
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]288 public boolean wereDefaultPermissionsGrantedSinceBoot(int userId) {
289 synchronized (mLock) {
290 return mDefaultPermissionsGrantedUsers.indexOfKey(userId) >= 0;
291 }
292 }
293
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]294 public void grantDefaultPermissions(int userId) {
Ralph Nathanbd111582018-03-21 14:53:23 -0700[diff] [blame]295 grantPermissionsToSysComponentsAndPrivApps(userId);
296 grantDefaultSystemHandlerPermissions(userId);
297 grantDefaultPermissionExceptions(userId);
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]298 synchronized (mLock) {
299 mDefaultPermissionsGrantedUsers.put(userId, userId);
300 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]301 }
302
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]303 private void grantRuntimePermissionsForSystemPackage(int userId, PackageInfo pkg) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]304 Set<String> permissions = new ArraySet<>();
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]305 for (String permission : pkg.requestedPermissions) {
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]306 final BasePermission bp = mPermissionManager.getPermission(permission);
307 if (bp == null) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]308 continue;
309 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]310 if (bp.isRuntime()) {
311 permissions.add(permission);
312 }
313 }
314 if (!permissions.isEmpty()) {
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]315 grantRuntimePermissions(pkg, permissions, true /*systemFixed*/, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]316 }
317 }
318
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]319 public void scheduleReadDefaultPermissionExceptions() {
320 mHandler.sendEmptyMessage(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
321 }
322
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]323 private void grantPermissionsToSysComponentsAndPrivApps(int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]324 Log.i(TAG, "Granting permissions to platform components for user " + userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]325 List<PackageInfo> packages = mContext.getPackageManager().getInstalledPackagesAsUser(
326 DEFAULT_PACKAGE_INFO_QUERY_FLAGS, UserHandle.USER_SYSTEM);
327 for (PackageInfo pkg : packages) {
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]328 if (pkg == null) {
329 continue;
330 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]331 if (!isSysComponentOrPersistentPlatformSignedPrivApp(pkg)
332 || !doesPackageSupportRuntimePermissions(pkg)
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]333 || ArrayUtils.isEmpty(pkg.requestedPermissions)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]334 continue;
335 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]336 grantRuntimePermissionsForSystemPackage(userId, pkg);
337 }
338 }
339
340 @SafeVarargs
341 private final void grantIgnoringSystemPackage(String packageName, int userId,
342 Set<String>... permissionGroups) {
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]343 grantPermissionsToPackage(packageName, userId, true /* ignoreSystemPackage */,
344 true /*whitelistRestrictedPermissions*/, permissionGroups);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]345 }
346
347 @SafeVarargs
348 private final void grantSystemFixedPermissionsToSystemPackage(String packageName, int userId,
349 Set<String>... permissionGroups) {
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]350 grantPermissionsToSystemPackage(
351 packageName, userId, true /* systemFixed */, permissionGroups);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]352 }
353
354 @SafeVarargs
355 private final void grantPermissionsToSystemPackage(
356 String packageName, int userId, Set<String>... permissionGroups) {
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]357 grantPermissionsToSystemPackage(
358 packageName, userId, false /* systemFixed */, permissionGroups);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]359 }
360
361 @SafeVarargs
362 private final void grantPermissionsToSystemPackage(String packageName, int userId,
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]363 boolean systemFixed, Set<String>... permissionGroups) {
364 if (!isSystemPackage(packageName)) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]365 return;
366 }
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]367 grantPermissionsToPackage(getSystemPackageInfo(packageName),
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]368 userId, systemFixed, false /* ignoreSystemPackage */,
369 true /*whitelistRestrictedPermissions*/, permissionGroups);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]370 }
371
372 @SafeVarargs
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]373 private final void grantPermissionsToPackage(String packageName, int userId,
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]374 boolean ignoreSystemPackage, boolean whitelistRestrictedPermissions,
375 Set<String>... permissionGroups) {
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]376 grantPermissionsToPackage(getPackageInfo(packageName),
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]377 userId, false /* systemFixed */, ignoreSystemPackage,
378 whitelistRestrictedPermissions, permissionGroups);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]379 }
380
381 @SafeVarargs
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]382 private final void grantPermissionsToPackage(PackageInfo packageInfo, int userId,
383 boolean systemFixed, boolean ignoreSystemPackage,
384 boolean whitelistRestrictedPermissions, Set<String>... permissionGroups) {
385 if (packageInfo == null) {
386 return;
387 }
388 if (doesPackageSupportRuntimePermissions(packageInfo)) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]389 for (Set<String> permissionGroup : permissionGroups) {
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]390 grantRuntimePermissions(packageInfo, permissionGroup, systemFixed,
391 ignoreSystemPackage, whitelistRestrictedPermissions, userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]392 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]393 }
394 }
395
396 private void grantDefaultSystemHandlerPermissions(int userId) {
397 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId);
398
399 final PackagesProvider locationPackagesProvider;
Wei Wangffb94e62019-01-14 00:05:45 -0800[diff] [blame]400 final PackagesProvider locationExtraPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]401 final PackagesProvider voiceInteractionPackagesProvider;
402 final PackagesProvider smsAppPackagesProvider;
403 final PackagesProvider dialerAppPackagesProvider;
404 final PackagesProvider simCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]405 final PackagesProvider useOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]406 final SyncAdapterPackagesProvider syncAdapterPackagesProvider;
407
408 synchronized (mLock) {
409 locationPackagesProvider = mLocationPackagesProvider;
Wei Wangffb94e62019-01-14 00:05:45 -0800[diff] [blame]410 locationExtraPackagesProvider = mLocationExtraPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]411 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider;
412 smsAppPackagesProvider = mSmsAppPackagesProvider;
413 dialerAppPackagesProvider = mDialerAppPackagesProvider;
414 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]415 useOpenWifiAppPackagesProvider = mUseOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]416 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider;
417 }
418
419 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null)
420 ? voiceInteractionPackagesProvider.getPackages(userId) : null;
421 String[] locationPackageNames = (locationPackagesProvider != null)
422 ? locationPackagesProvider.getPackages(userId) : null;
Wei Wangffb94e62019-01-14 00:05:45 -0800[diff] [blame]423 String[] locationExtraPackageNames = (locationExtraPackagesProvider != null)
424 ? locationExtraPackagesProvider.getPackages(userId) : null;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]425 String[] smsAppPackageNames = (smsAppPackagesProvider != null)
426 ? smsAppPackagesProvider.getPackages(userId) : null;
427 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null)
428 ? dialerAppPackagesProvider.getPackages(userId) : null;
429 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null)
430 ? simCallManagerPackagesProvider.getPackages(userId) : null;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]431 String[] useOpenWifiAppPackageNames = (useOpenWifiAppPackagesProvider != null)
432 ? useOpenWifiAppPackagesProvider.getPackages(userId) : null;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]433 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
434 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null;
435 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
436 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null;
437
438 // Installer
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]439 grantSystemFixedPermissionsToSystemPackage(
Chen Xuda02e072019-10-07 00:24:41 -0700[diff] [blame]440 ArrayUtils.firstOrNull(getKnownPackages(
441 PackageManagerInternal.PACKAGE_INSTALLER, userId)),
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]442 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]443
444 // Verifier
Chen Xuda02e072019-10-07 00:24:41 -0700[diff] [blame]445 final String verifier = ArrayUtils.firstOrNull(getKnownPackages(
446 PackageManagerInternal.PACKAGE_VERIFIER, userId));
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]447 grantSystemFixedPermissionsToSystemPackage(verifier, userId, STORAGE_PERMISSIONS);
448 grantPermissionsToSystemPackage(verifier, userId, PHONE_PERMISSIONS, SMS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]449
450 // SetupWizard
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]451 grantPermissionsToSystemPackage(
Chen Xuda02e072019-10-07 00:24:41 -0700[diff] [blame]452 ArrayUtils.firstOrNull(getKnownPackages(
453 PackageManagerInternal.PACKAGE_SETUP_WIZARD, userId)), userId,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]454 PHONE_PERMISSIONS, CONTACTS_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS,
455 CAMERA_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]456
457 // Camera
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]458 grantPermissionsToSystemPackage(
459 getDefaultSystemHandlerActivityPackage(MediaStore.ACTION_IMAGE_CAPTURE, userId),
460 userId, CAMERA_PERMISSIONS, MICROPHONE_PERMISSIONS, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]461
Justin Klaassend1410c02019-03-14 08:45:06 -0700[diff] [blame]462 // Sound recorder
463 grantPermissionsToSystemPackage(
464 getDefaultSystemHandlerActivityPackage(
465 MediaStore.Audio.Media.RECORD_SOUND_ACTION, userId),
466 userId, MICROPHONE_PERMISSIONS);
467
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]468 // Media provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]469 grantSystemFixedPermissionsToSystemPackage(
470 getDefaultProviderAuthorityPackage(MediaStore.AUTHORITY, userId), userId,
Philip P. Moltmann129a0b02019-03-27 12:24:45 -0700[diff] [blame]471 STORAGE_PERMISSIONS, PHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]472
473 // Downloads provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]474 grantSystemFixedPermissionsToSystemPackage(
475 getDefaultProviderAuthorityPackage("downloads", userId), userId,
476 STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]477
478 // Downloads UI
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]479 grantSystemFixedPermissionsToSystemPackage(
480 getDefaultSystemHandlerActivityPackage(
481 DownloadManager.ACTION_VIEW_DOWNLOADS, userId),
482 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]483
484 // Storage provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]485 grantSystemFixedPermissionsToSystemPackage(
486 getDefaultProviderAuthorityPackage("com.android.externalstorage.documents", userId),
487 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]488
489 // CertInstaller
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]490 grantSystemFixedPermissionsToSystemPackage(
491 getDefaultSystemHandlerActivityPackage(Credentials.INSTALL_ACTION, userId), userId,
492 STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]493
494 // Dialer
495 if (dialerAppPackageNames == null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]496 String dialerPackage =
497 getDefaultSystemHandlerActivityPackage(Intent.ACTION_DIAL, userId);
498 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]499 } else {
500 for (String dialerAppPackageName : dialerAppPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]501 grantDefaultPermissionsToDefaultSystemDialerApp(dialerAppPackageName, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]502 }
503 }
504
505 // Sim call manager
506 if (simCallManagerPackageNames != null) {
507 for (String simCallManagerPackageName : simCallManagerPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]508 grantDefaultPermissionsToDefaultSystemSimCallManager(
509 simCallManagerPackageName, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]510 }
511 }
512
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]513 // Use Open Wifi
514 if (useOpenWifiAppPackageNames != null) {
515 for (String useOpenWifiPackageName : useOpenWifiAppPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]516 grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(
517 useOpenWifiPackageName, userId);
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]518 }
519 }
520
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]521 // SMS
522 if (smsAppPackageNames == null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]523 String smsPackage = getDefaultSystemHandlerActivityPackageForCategory(
524 Intent.CATEGORY_APP_MESSAGING, userId);
525 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]526 } else {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]527 for (String smsPackage : smsAppPackageNames) {
528 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]529 }
530 }
531
532 // Cell Broadcast Receiver
Edward Savage-Jonesf3979b82018-10-15 09:38:53 +0200[diff] [blame]533 grantSystemFixedPermissionsToSystemPackage(
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]534 getDefaultSystemHandlerActivityPackage(Intents.SMS_CB_RECEIVED_ACTION, userId),
535 userId, SMS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]536
537 // Carrier Provisioning Service
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]538 grantPermissionsToSystemPackage(
539 getDefaultSystemHandlerServicePackage(Intents.SMS_CARRIER_PROVISION_ACTION, userId),
540 userId, SMS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]541
542 // Calendar
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]543 grantPermissionsToSystemPackage(
544 getDefaultSystemHandlerActivityPackageForCategory(
545 Intent.CATEGORY_APP_CALENDAR, userId),
546 userId, CALENDAR_PERMISSIONS, CONTACTS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]547
548 // Calendar provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]549 String calendarProvider =
550 getDefaultProviderAuthorityPackage(CalendarContract.AUTHORITY, userId);
551 grantPermissionsToSystemPackage(calendarProvider, userId,
552 CONTACTS_PERMISSIONS, STORAGE_PERMISSIONS);
553 grantSystemFixedPermissionsToSystemPackage(calendarProvider, userId, CALENDAR_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]554
555 // Calendar provider sync adapters
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]556 grantPermissionToEachSystemPackage(
557 getHeadlessSyncAdapterPackages(calendarSyncAdapterPackages, userId),
558 userId, CALENDAR_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]559
560 // Contacts
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]561 grantPermissionsToSystemPackage(
562 getDefaultSystemHandlerActivityPackageForCategory(
563 Intent.CATEGORY_APP_CONTACTS, userId),
564 userId, CONTACTS_PERMISSIONS, PHONE_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]565
566 // Contacts provider sync adapters
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]567 grantPermissionToEachSystemPackage(
568 getHeadlessSyncAdapterPackages(contactsSyncAdapterPackages, userId),
569 userId, CONTACTS_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]570
571 // Contacts provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]572 String contactsProviderPackage =
573 getDefaultProviderAuthorityPackage(ContactsContract.AUTHORITY, userId);
574 grantSystemFixedPermissionsToSystemPackage(contactsProviderPackage, userId,
575 CONTACTS_PERMISSIONS, PHONE_PERMISSIONS);
576 grantPermissionsToSystemPackage(contactsProviderPackage, userId, STORAGE_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]577
578 // Device provisioning
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]579 grantPermissionsToSystemPackage(
580 getDefaultSystemHandlerActivityPackage(
581 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE, userId),
582 userId, CONTACTS_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]583
584 // Maps
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]585 grantPermissionsToSystemPackage(
586 getDefaultSystemHandlerActivityPackageForCategory(Intent.CATEGORY_APP_MAPS, userId),
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]587 userId, ALWAYS_LOCATION_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]588
589 // Gallery
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]590 grantPermissionsToSystemPackage(
591 getDefaultSystemHandlerActivityPackageForCategory(
592 Intent.CATEGORY_APP_GALLERY, userId),
Philip P. Moltmann129a0b02019-03-27 12:24:45 -0700[diff] [blame]593 userId, STORAGE_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]594
595 // Email
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]596 grantPermissionsToSystemPackage(
597 getDefaultSystemHandlerActivityPackageForCategory(
598 Intent.CATEGORY_APP_EMAIL, userId),
599 userId, CONTACTS_PERMISSIONS, CALENDAR_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]600
601 // Browser
Chen Xuda02e072019-10-07 00:24:41 -0700[diff] [blame]602 String browserPackage = ArrayUtils.firstOrNull(getKnownPackages(
603 PackageManagerInternal.PACKAGE_BROWSER, userId));
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]604 if (browserPackage == null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]605 browserPackage = getDefaultSystemHandlerActivityPackageForCategory(
606 Intent.CATEGORY_APP_BROWSER, userId);
607 if (!isSystemPackage(browserPackage)) {
608 browserPackage = null;
609 }
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]610 }
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]611 grantPermissionsToPackage(browserPackage, userId, false /* ignoreSystemPackage */,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]612 true /*whitelistRestrictedPermissions*/, ALWAYS_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]613
614 // Voice interaction
615 if (voiceInteractPackageNames != null) {
616 for (String voiceInteractPackageName : voiceInteractPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]617 grantPermissionsToSystemPackage(voiceInteractPackageName, userId,
618 CONTACTS_PERMISSIONS, CALENDAR_PERMISSIONS, MICROPHONE_PERMISSIONS,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]619 PHONE_PERMISSIONS, SMS_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]620 }
621 }
622
623 if (ActivityManager.isLowRamDeviceStatic()) {
624 // Allow voice search on low-ram devices
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]625 grantPermissionsToSystemPackage(
626 getDefaultSystemHandlerActivityPackage(
627 SearchManager.INTENT_ACTION_GLOBAL_SEARCH, userId),
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]628 userId, MICROPHONE_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]629 }
630
631 // Voice recognition
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]632 Intent voiceRecoIntent = new Intent(RecognitionService.SERVICE_INTERFACE)
633 .addCategory(Intent.CATEGORY_DEFAULT);
634 grantPermissionsToSystemPackage(
635 getDefaultSystemHandlerServicePackage(voiceRecoIntent, userId), userId,
636 MICROPHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]637
638 // Location
639 if (locationPackageNames != null) {
640 for (String packageName : locationPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]641 grantPermissionsToSystemPackage(packageName, userId,
642 CONTACTS_PERMISSIONS, CALENDAR_PERMISSIONS, MICROPHONE_PERMISSIONS,
643 PHONE_PERMISSIONS, SMS_PERMISSIONS, CAMERA_PERMISSIONS,
Philip P. Moltmann129a0b02019-03-27 12:24:45 -0700[diff] [blame]644 SENSORS_PERMISSIONS, STORAGE_PERMISSIONS);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]645 grantSystemFixedPermissionsToSystemPackage(packageName, userId,
Soonil Nagarkar9f48f212019-03-07 11:15:12 -0800[diff] [blame]646 ALWAYS_LOCATION_PERMISSIONS, ACTIVITY_RECOGNITION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]647 }
648 }
Wei Wangffb94e62019-01-14 00:05:45 -0800[diff] [blame]649 if (locationExtraPackageNames != null) {
650 // Also grant location permission to location extra packages.
651 for (String packageName : locationExtraPackageNames) {
Soonil Nagarkar9f48f212019-03-07 11:15:12 -0800[diff] [blame]652 grantPermissionsToSystemPackage(packageName, userId, ALWAYS_LOCATION_PERMISSIONS);
Wei Wangffb94e62019-01-14 00:05:45 -0800[diff] [blame]653 }
654 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]655
656 // Music
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]657 Intent musicIntent = new Intent(Intent.ACTION_VIEW)
658 .addCategory(Intent.CATEGORY_DEFAULT)
659 .setDataAndType(Uri.fromFile(new File("foo.mp3")), AUDIO_MIME_TYPE);
660 grantPermissionsToSystemPackage(
661 getDefaultSystemHandlerActivityPackage(musicIntent, userId), userId,
Philip P. Moltmann129a0b02019-03-27 12:24:45 -0700[diff] [blame]662 STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]663
664 // Home
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]665 Intent homeIntent = new Intent(Intent.ACTION_MAIN)
666 .addCategory(Intent.CATEGORY_HOME)
667 .addCategory(Intent.CATEGORY_LAUNCHER_APP);
668 grantPermissionsToSystemPackage(
669 getDefaultSystemHandlerActivityPackage(homeIntent, userId), userId,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]670 ALWAYS_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]671
672 // Watches
673 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0)) {
674 // Home application on watches
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]675
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]676 String wearPackage = getDefaultSystemHandlerActivityPackageForCategory(
677 Intent.CATEGORY_HOME_MAIN, userId);
678 grantPermissionsToSystemPackage(wearPackage, userId,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]679 CONTACTS_PERMISSIONS, MICROPHONE_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]680 grantSystemFixedPermissionsToSystemPackage(wearPackage, userId, PHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]681
682 // Fitness tracking on watches
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]683 grantPermissionsToSystemPackage(
684 getDefaultSystemHandlerActivityPackage(ACTION_TRACK, userId), userId,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]685 SENSORS_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]686 }
687
688 // Print Spooler
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]689 grantSystemFixedPermissionsToSystemPackage(PrintManager.PRINT_SPOOLER_PACKAGE_NAME, userId,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]690 ALWAYS_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]691
692 // EmergencyInfo
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]693 grantSystemFixedPermissionsToSystemPackage(
694 getDefaultSystemHandlerActivityPackage(
695 TelephonyManager.ACTION_EMERGENCY_ASSISTANCE, userId),
696 userId, CONTACTS_PERMISSIONS, PHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]697
698 // NFC Tag viewer
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]699 Intent nfcTagIntent = new Intent(Intent.ACTION_VIEW)
700 .setType("vnd.android.cursor.item/ndef_msg");
701 grantPermissionsToSystemPackage(
702 getDefaultSystemHandlerActivityPackage(nfcTagIntent, userId), userId,
703 CONTACTS_PERMISSIONS, PHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]704
705 // Storage Manager
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]706 grantSystemFixedPermissionsToSystemPackage(
707 getDefaultSystemHandlerActivityPackage(
708 StorageManager.ACTION_MANAGE_STORAGE, userId),
709 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]710
711 // Companion devices
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]712 grantSystemFixedPermissionsToSystemPackage(
713 CompanionDeviceManager.COMPANION_DEVICE_DISCOVERY_PACKAGE_NAME, userId,
Calvin On5eda9dd2018-12-12 15:43:28 -0800[diff] [blame]714 ALWAYS_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]715
716 // Ringtone Picker
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]717 grantSystemFixedPermissionsToSystemPackage(
718 getDefaultSystemHandlerActivityPackage(
719 RingtoneManager.ACTION_RINGTONE_PICKER, userId),
Philip P. Moltmann129a0b02019-03-27 12:24:45 -0700[diff] [blame]720 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]721
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]722 // TextClassifier Service
Ye Wen8e8b2d52018-03-14 11:48:24 -0700[diff] [blame]723 String textClassifierPackageName =
724 mContext.getPackageManager().getSystemTextClassifierPackageName();
725 if (!TextUtils.isEmpty(textClassifierPackageName)) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]726 grantPermissionsToSystemPackage(textClassifierPackageName, userId,
727 PHONE_PERMISSIONS, SMS_PERMISSIONS, CALENDAR_PERMISSIONS,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]728 ALWAYS_LOCATION_PERMISSIONS, CONTACTS_PERMISSIONS);
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]729 }
730
Yi Jiang8915b352019-03-21 12:02:53 -0700[diff] [blame]731 // Atthention Service
732 String attentionServicePackageName =
733 mContext.getPackageManager().getAttentionServicePackageName();
734 if (!TextUtils.isEmpty(attentionServicePackageName)) {
735 grantPermissionsToSystemPackage(attentionServicePackageName, userId,
736 CAMERA_PERMISSIONS);
737 }
738
Anton Philippov4b3a1f52018-05-04 14:46:44 +0100[diff] [blame]739 // There is no real "marker" interface to identify the shared storage backup, it is
740 // hardcoded in BackupManagerService.SHARED_BACKUP_AGENT_PACKAGE.
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]741 grantSystemFixedPermissionsToSystemPackage("com.android.sharedstoragebackup", userId,
742 STORAGE_PERMISSIONS);
Anton Philippov4b3a1f52018-05-04 14:46:44 +0100[diff] [blame]743
Nadav Bar1a1f5a212019-03-17 16:15:14 +0200[diff] [blame]744 // System Captions Service
745 String systemCaptionsServicePackageName =
746 mContext.getPackageManager().getSystemCaptionsServicePackageName();
747 if (!TextUtils.isEmpty(systemCaptionsServicePackageName)) {
748 grantPermissionsToSystemPackage(systemCaptionsServicePackageName, userId,
Nadav Bar6d79ab72019-01-10 10:52:11 +0200[diff] [blame]749 MICROPHONE_PERMISSIONS);
750 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]751 }
752
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]753 private String getDefaultSystemHandlerActivityPackageForCategory(String category, int userId) {
754 return getDefaultSystemHandlerActivityPackage(
755 new Intent(Intent.ACTION_MAIN).addCategory(category), userId);
756 }
757
758 @SafeVarargs
759 private final void grantPermissionToEachSystemPackage(
760 ArrayList<String> packages, int userId, Set<String>... permissions) {
761 if (packages == null) return;
762 final int count = packages.size();
763 for (int i = 0; i < count; i++) {
764 grantPermissionsToSystemPackage(packages.get(i), userId, permissions);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]765 }
Eugene Susla47e88202018-07-02 18:48:55 -0700[diff] [blame]766 }
767
Chen Xuda02e072019-10-07 00:24:41 -0700[diff] [blame]768 private @NonNull String[] getKnownPackages(int knownPkgId, int userId) {
769 return mServiceInternal.getKnownPackageNames(knownPkgId, userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]770 }
771
772 private void grantDefaultPermissionsToDefaultSystemDialerApp(
773 String dialerPackage, int userId) {
774 if (dialerPackage == null) {
775 return;
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]776 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]777 boolean isPhonePermFixed =
778 mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0);
779 if (isPhonePermFixed) {
780 grantSystemFixedPermissionsToSystemPackage(dialerPackage, userId, PHONE_PERMISSIONS);
781 } else {
782 grantPermissionsToSystemPackage(dialerPackage, userId, PHONE_PERMISSIONS);
783 }
784 grantPermissionsToSystemPackage(dialerPackage, userId,
785 CONTACTS_PERMISSIONS, SMS_PERMISSIONS, MICROPHONE_PERMISSIONS, CAMERA_PERMISSIONS);
786 }
787
788 private void grantDefaultPermissionsToDefaultSystemSmsApp(String smsPackage, int userId) {
789 grantPermissionsToSystemPackage(smsPackage, userId,
790 PHONE_PERMISSIONS, CONTACTS_PERMISSIONS, SMS_PERMISSIONS,
791 STORAGE_PERMISSIONS, MICROPHONE_PERMISSIONS, CAMERA_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]792 }
793
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]794 private void grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]795 String useOpenWifiPackage, int userId) {
Varun Anandd5d359d2019-02-15 10:08:33 -0800[diff] [blame]796 grantPermissionsToSystemPackage(useOpenWifiPackage, userId, ALWAYS_LOCATION_PERMISSIONS);
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]797 }
798
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]799 public void grantDefaultPermissionsToDefaultUseOpenWifiApp(String packageName, int userId) {
800 Log.i(TAG, "Granting permissions to default Use Open WiFi app for user:" + userId);
Varun Anandd5d359d2019-02-15 10:08:33 -0800[diff] [blame]801 grantIgnoringSystemPackage(packageName, userId, ALWAYS_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]802 }
803
804 public void grantDefaultPermissionsToDefaultSimCallManager(String packageName, int userId) {
805 if (packageName == null) {
806 return;
807 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]808 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId);
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]809 grantPermissionsToPackage(packageName, userId, false /* ignoreSystemPackage */,
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]810 true /*whitelistRestrictedPermissions*/, PHONE_PERMISSIONS, MICROPHONE_PERMISSIONS);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]811 }
812
813 private void grantDefaultPermissionsToDefaultSystemSimCallManager(
814 String packageName, int userId) {
815 if (isSystemPackage(packageName)) {
816 grantDefaultPermissionsToDefaultSimCallManager(packageName, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]817 }
818 }
819
820 public void grantDefaultPermissionsToEnabledCarrierApps(String[] packageNames, int userId) {
821 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId);
822 if (packageNames == null) {
823 return;
824 }
825 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]826 grantPermissionsToSystemPackage(packageName, userId,
Ginelle Gan Gaisano80646b62019-02-21 14:27:32 -0800[diff] [blame]827 PHONE_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS, SMS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]828 }
829 }
830
831 public void grantDefaultPermissionsToEnabledImsServices(String[] packageNames, int userId) {
832 Log.i(TAG, "Granting permissions to enabled ImsServices for user:" + userId);
833 if (packageNames == null) {
834 return;
835 }
836 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]837 grantPermissionsToSystemPackage(packageName, userId,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]838 PHONE_PERMISSIONS, MICROPHONE_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS,
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]839 CAMERA_PERMISSIONS, CONTACTS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]840 }
841 }
842
Nathan Harold76ad1a32018-02-20 14:31:09 -0800[diff] [blame]843 public void grantDefaultPermissionsToEnabledTelephonyDataServices(
844 String[] packageNames, int userId) {
845 Log.i(TAG, "Granting permissions to enabled data services for user:" + userId);
846 if (packageNames == null) {
847 return;
848 }
849 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]850 // Grant these permissions as system-fixed, so that nobody can accidentally
851 // break cellular data.
852 grantSystemFixedPermissionsToSystemPackage(packageName, userId,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]853 PHONE_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS);
Nathan Harold76ad1a32018-02-20 14:31:09 -0800[diff] [blame]854 }
855 }
856
857 public void revokeDefaultPermissionsFromDisabledTelephonyDataServices(
858 String[] packageNames, int userId) {
859 Log.i(TAG, "Revoking permissions from disabled data services for user:" + userId);
860 if (packageNames == null) {
861 return;
862 }
863 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]864 PackageInfo pkg = getSystemPackageInfo(packageName);
865 if (isSystemPackage(pkg) && doesPackageSupportRuntimePermissions(pkg)) {
866 revokeRuntimePermissions(packageName, PHONE_PERMISSIONS, true, userId);
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]867 revokeRuntimePermissions(packageName, ALWAYS_LOCATION_PERMISSIONS, true, userId);
Nathan Harold76ad1a32018-02-20 14:31:09 -0800[diff] [blame]868 }
869 }
870 }
871
Holly Jiuyu Sun349e2142018-03-26 15:29:42 -0700[diff] [blame]872 public void grantDefaultPermissionsToActiveLuiApp(String packageName, int userId) {
873 Log.i(TAG, "Granting permissions to active LUI app for user:" + userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]874 grantSystemFixedPermissionsToSystemPackage(packageName, userId, CAMERA_PERMISSIONS);
Holly Jiuyu Sun349e2142018-03-26 15:29:42 -0700[diff] [blame]875 }
876
877 public void revokeDefaultPermissionsFromLuiApps(String[] packageNames, int userId) {
878 Log.i(TAG, "Revoke permissions from LUI apps for user:" + userId);
879 if (packageNames == null) {
880 return;
881 }
882 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]883 PackageInfo pkg = getSystemPackageInfo(packageName);
884 if (isSystemPackage(pkg) && doesPackageSupportRuntimePermissions(pkg)) {
885 revokeRuntimePermissions(packageName, CAMERA_PERMISSIONS, true, userId);
Holly Jiuyu Sun349e2142018-03-26 15:29:42 -0700[diff] [blame]886 }
887 }
888 }
889
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]890 public void grantDefaultPermissionsToDefaultBrowser(String packageName, int userId) {
891 Log.i(TAG, "Granting permissions to default browser for user:" + userId);
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]892 grantPermissionsToSystemPackage(packageName, userId, ALWAYS_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]893 }
894
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]895 private String getDefaultSystemHandlerActivityPackage(String intentAction, int userId) {
896 return getDefaultSystemHandlerActivityPackage(new Intent(intentAction), userId);
897 }
898
899 private String getDefaultSystemHandlerActivityPackage(Intent intent, int userId) {
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]900 ResolveInfo handler = mContext.getPackageManager().resolveActivityAsUser(
901 intent, DEFAULT_INTENT_QUERY_FLAGS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]902 if (handler == null || handler.activityInfo == null) {
903 return null;
904 }
905 if (mServiceInternal.isResolveActivityComponent(handler.activityInfo)) {
906 return null;
907 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]908 String packageName = handler.activityInfo.packageName;
909 return isSystemPackage(packageName) ? packageName : null;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]910 }
911
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]912 private String getDefaultSystemHandlerServicePackage(String intentAction, int userId) {
913 return getDefaultSystemHandlerServicePackage(new Intent(intentAction), userId);
914 }
915
916 private String getDefaultSystemHandlerServicePackage(
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]917 Intent intent, int userId) {
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]918 List<ResolveInfo> handlers = mContext.getPackageManager().queryIntentServicesAsUser(
919 intent, DEFAULT_INTENT_QUERY_FLAGS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]920 if (handlers == null) {
921 return null;
922 }
923 final int handlerCount = handlers.size();
924 for (int i = 0; i < handlerCount; i++) {
925 ResolveInfo handler = handlers.get(i);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]926 String handlerPackage = handler.serviceInfo.packageName;
927 if (isSystemPackage(handlerPackage)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]928 return handlerPackage;
929 }
930 }
931 return null;
932 }
933
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]934 private ArrayList<String> getHeadlessSyncAdapterPackages(
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]935 String[] syncAdapterPackageNames, int userId) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]936 ArrayList<String> syncAdapterPackages = new ArrayList<>();
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]937
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]938 Intent homeIntent = new Intent(Intent.ACTION_MAIN).addCategory(Intent.CATEGORY_LAUNCHER);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]939
940 for (String syncAdapterPackageName : syncAdapterPackageNames) {
941 homeIntent.setPackage(syncAdapterPackageName);
942
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]943 ResolveInfo homeActivity = mContext.getPackageManager().resolveActivityAsUser(
944 homeIntent, DEFAULT_INTENT_QUERY_FLAGS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]945 if (homeActivity != null) {
946 continue;
947 }
948
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]949 if (isSystemPackage(syncAdapterPackageName)) {
950 syncAdapterPackages.add(syncAdapterPackageName);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]951 }
952 }
953
954 return syncAdapterPackages;
955 }
956
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]957 private String getDefaultProviderAuthorityPackage(String authority, int userId) {
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]958 ProviderInfo provider = mContext.getPackageManager().resolveContentProviderAsUser(
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]959 authority, DEFAULT_INTENT_QUERY_FLAGS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]960 if (provider != null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]961 return provider.packageName;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]962 }
963 return null;
964 }
965
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]966 private boolean isSystemPackage(String packageName) {
Philip P. Moltmannc701e7e2018-09-18 16:22:54 -0700[diff] [blame]967 return isSystemPackage(getPackageInfo(packageName));
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]968 }
969
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]970 private boolean isSystemPackage(PackageInfo pkg) {
971 if (pkg == null) {
972 return false;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]973 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]974 return pkg.applicationInfo.isSystemApp()
975 && !isSysComponentOrPersistentPlatformSignedPrivApp(pkg);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]976 }
977
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]978 private void grantRuntimePermissions(PackageInfo pkg, Set<String> permissions,
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]979 boolean systemFixed, int userId) {
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]980 grantRuntimePermissions(pkg, permissions, systemFixed, false,
981 true /*whitelistRestrictedPermissions*/, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]982 }
983
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]984 private void revokeRuntimePermissions(String packageName, Set<String> permissions,
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]985 boolean systemFixed, int userId) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]986 PackageInfo pkg = getSystemPackageInfo(packageName);
987 if (ArrayUtils.isEmpty(pkg.requestedPermissions)) {
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]988 return;
989 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]990 Set<String> revokablePermissions = new ArraySet<>(Arrays.asList(pkg.requestedPermissions));
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]991
992 for (String permission : permissions) {
993 // We can't revoke what wasn't requested.
994 if (!revokablePermissions.contains(permission)) {
995 continue;
996 }
997
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]998 UserHandle user = UserHandle.of(userId);
999 final int flags = mContext.getPackageManager()
1000 .getPermissionFlags(permission, packageName, user);
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1001
1002 // We didn't get this through the default grant policy. Move along.
1003 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) == 0) {
1004 continue;
1005 }
1006 // We aren't going to clobber device policy with a DefaultGrant.
1007 if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) {
1008 continue;
1009 }
1010 // Do not revoke system fixed permissions unless caller set them that way;
1011 // there is no refcount for the number of sources of this, so there
1012 // should be at most one grantor doing SYSTEM_FIXED for any given package.
1013 if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 && !systemFixed) {
1014 continue;
1015 }
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]1016 mContext.getPackageManager().revokeRuntimePermission(packageName, permission, user);
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1017
1018 if (DEBUG) {
1019 Log.i(TAG, "revoked " + (systemFixed ? "fixed " : "not fixed ")
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1020 + permission + " to " + packageName);
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1021 }
1022
1023 // Remove the GRANTED_BY_DEFAULT flag without touching the others.
1024 // Note that we do not revoke FLAG_PERMISSION_SYSTEM_FIXED. That bit remains
1025 // sticky once set.
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]1026 mContext.getPackageManager().updatePermissionFlags(permission, packageName,
1027 PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT, 0, user);
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1028 }
1029 }
1030
Philip P. Moltmann17f65af2018-10-18 15:32:29 -0700[diff] [blame]1031 /**
1032 * Check if a permission is already fixed or is set by the user.
1033 *
1034 * <p>A permission should not be set by the default policy if the user or other policies already
1035 * set the permission.
1036 *
1037 * @param flags The flags of the permission
1038 *
1039 * @return {@code true} iff the permission can be set without violating a policy of the users
1040 * intention
1041 */
1042 private boolean isFixedOrUserSet(int flags) {
1043 return (flags & (PackageManager.FLAG_PERMISSION_USER_SET
1044 | PackageManager.FLAG_PERMISSION_USER_FIXED
1045 | PackageManager.FLAG_PERMISSION_POLICY_FIXED
1046 | PackageManager.FLAG_PERMISSION_SYSTEM_FIXED)) != 0;
1047 }
1048
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1049 /**
1050 * Return the background permission for a permission.
1051 *
1052 * @param permission The name of the foreground permission
1053 *
1054 * @return The name of the background permission or {@code null} if the permission has no
1055 * background permission
1056 */
1057 private @Nullable String getBackgroundPermission(@NonNull String permission) {
1058 try {
1059 return mContext.getPackageManager().getPermissionInfo(permission,
1060 0).backgroundPermission;
1061 } catch (NameNotFoundException e) {
1062 return null;
1063 }
1064 }
1065
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]1066 private void grantRuntimePermissions(PackageInfo pkg, Set<String> permissionsWithoutSplits,
1067 boolean systemFixed, boolean ignoreSystemPackage,
1068 boolean whitelistRestrictedPermissions, int userId) {
Svet Ganov83a3a4a2019-05-03 18:50:43 -0700[diff] [blame]1069 UserHandle user = UserHandle.of(userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1070 if (pkg == null) {
1071 return;
1072 }
1073
1074 String[] requestedPermissions = pkg.requestedPermissions;
1075 if (ArrayUtils.isEmpty(requestedPermissions)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1076 return;
1077 }
1078
Eugene Susla31c9cd12018-12-03 15:41:31 -0800[diff] [blame]1079 // Intersect the requestedPermissions for a factory image with that of its current update
1080 // in case the latter one removed a <uses-permission>
1081 String[] requestedByNonSystemPackage = getPackageInfo(pkg.packageName).requestedPermissions;
1082 int size = requestedPermissions.length;
1083 for (int i = 0; i < size; i++) {
1084 if (!ArrayUtils.contains(requestedByNonSystemPackage, requestedPermissions[i])) {
1085 requestedPermissions[i] = null;
1086 }
1087 }
1088 requestedPermissions = ArrayUtils.filterNotNull(requestedPermissions, String[]::new);
1089
Philip P. Moltmanneb82d652019-03-26 16:17:26 -0700[diff] [blame]1090 PackageManager pm;
1091 try {
1092 pm = mContext.createPackageContextAsUser(mContext.getPackageName(), 0,
1093 user).getPackageManager();
1094 } catch (NameNotFoundException doesNotHappen) {
1095 throw new IllegalStateException(doesNotHappen);
1096 }
1097
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1098 final ArraySet<String> permissions = new ArraySet<>(permissionsWithoutSplits);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1099 ApplicationInfo applicationInfo = pkg.applicationInfo;
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1100
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1101 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT;
1102 if (systemFixed) {
1103 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
1104 }
1105
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1106 // Automatically attempt to grant split permissions to older APKs
Philip P. Moltmann039678e2018-09-18 13:04:38 -0700[diff] [blame]1107 final List<PermissionManager.SplitPermissionInfo> splitPermissions =
1108 mContext.getSystemService(PermissionManager.class).getSplitPermissions();
1109 final int numSplitPerms = splitPermissions.size();
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1110 for (int splitPermNum = 0; splitPermNum < numSplitPerms; splitPermNum++) {
Philip P. Moltmann039678e2018-09-18 13:04:38 -0700[diff] [blame]1111 final PermissionManager.SplitPermissionInfo splitPerm =
1112 splitPermissions.get(splitPermNum);
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1113
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1114 if (applicationInfo != null
Philip P. Moltmann039678e2018-09-18 13:04:38 -0700[diff] [blame]1115 && applicationInfo.targetSdkVersion < splitPerm.getTargetSdk()
Philip P. Moltmanna3ba4d92018-10-08 11:50:07 -0700[diff] [blame]1116 && permissionsWithoutSplits.contains(splitPerm.getSplitPermission())) {
1117 permissions.addAll(splitPerm.getNewPermissions());
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1118 }
1119 }
1120
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1121 Set<String> grantablePermissions = null;
1122
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1123 // In some cases, like for the Phone or SMS app, we grant permissions regardless
1124 // of if the version on the system image declares the permission as used since
1125 // selecting the app as the default for that function the user makes a deliberate
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1126 // choice to grant this app the permissions needed to function. For all other
1127 // apps, (default grants on first boot and user creation) we don't grant default
1128 // permissions if the version on the system image does not declare them.
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1129 if (!ignoreSystemPackage
1130 && applicationInfo != null
1131 && applicationInfo.isUpdatedSystemApp()) {
1132 final PackageInfo disabledPkg = getSystemPackageInfo(
1133 mServiceInternal.getDisabledSystemPackageName(pkg.packageName));
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1134 if (disabledPkg != null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1135 if (ArrayUtils.isEmpty(disabledPkg.requestedPermissions)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1136 return;
1137 }
Svet Ganov83a3a4a2019-05-03 18:50:43 -0700[diff] [blame]1138 if (!Arrays.equals(requestedPermissions, disabledPkg.requestedPermissions)) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1139 grantablePermissions = new ArraySet<>(Arrays.asList(requestedPermissions));
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1140 requestedPermissions = disabledPkg.requestedPermissions;
1141 }
1142 }
1143 }
1144
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1145 final int numRequestedPermissions = requestedPermissions.length;
1146
1147 // Sort requested permissions so that all permissions that are a foreground permission (i.e.
Svet Ganov83a3a4a2019-05-03 18:50:43 -0700[diff] [blame]1148 // permissions that have a background permission) are before their background permissions.
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1149 final String[] sortedRequestedPermissions = new String[numRequestedPermissions];
1150 int numForeground = 0;
1151 int numOther = 0;
1152 for (int i = 0; i < numRequestedPermissions; i++) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1153 String permission = requestedPermissions[i];
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1154 if (getBackgroundPermission(permission) != null) {
1155 sortedRequestedPermissions[numForeground] = permission;
1156 numForeground++;
1157 } else {
1158 sortedRequestedPermissions[numRequestedPermissions - 1 - numOther] =
1159 permission;
1160 numOther++;
1161 }
1162 }
1163
1164 for (int requestedPermissionNum = 0; requestedPermissionNum < numRequestedPermissions;
1165 requestedPermissionNum++) {
1166 String permission = requestedPermissions[requestedPermissionNum];
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1167
1168 // If there is a disabled system app it may request a permission the updated
1169 // version ot the data partition doesn't, In this case skip the permission.
1170 if (grantablePermissions != null && !grantablePermissions.contains(permission)) {
1171 continue;
1172 }
1173
1174 if (permissions.contains(permission)) {
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]1175 final int flags = mContext.getPackageManager().getPermissionFlags(
1176 permission, pkg.packageName, user);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1177
Svet Ganov0b41c892019-07-26 17:45:56 -0700[diff] [blame]1178 // If we are trying to grant as system fixed and already system fixed
1179 // then the system can change the system fixed grant state.
1180 final boolean changingGrantForSystemFixed = systemFixed
1181 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0;
1182
Philip P. Moltmann17f65af2018-10-18 15:32:29 -0700[diff] [blame]1183 // Certain flags imply that the permission's current state by the system or
1184 // device/profile owner or the user. In these cases we do not want to clobber the
1185 // current state.
1186 //
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1187 // Unless the caller wants to override user choices. The override is
1188 // to make sure we can grant the needed permission to the default
1189 // sms and phone apps after the user chooses this in the UI.
Svet Ganov0b41c892019-07-26 17:45:56 -0700[diff] [blame]1190 if (!isFixedOrUserSet(flags) || ignoreSystemPackage
1191 || changingGrantForSystemFixed) {
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1192 // Never clobber policy fixed permissions.
1193 // We must allow the grant of a system-fixed permission because
1194 // system-fixed is sticky, but the permission itself may be revoked.
1195 if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1196 continue;
1197 }
1198
Svet Ganov83a3a4a2019-05-03 18:50:43 -0700[diff] [blame]1199 // Preserve whitelisting flags.
1200 newFlags |= (flags & PackageManager.FLAGS_PERMISSION_RESTRICTION_ANY_EXEMPT);
1201
1202 // If we are whitelisting the permission, update the exempt flag before grant.
1203 if (whitelistRestrictedPermissions && isPermissionRestricted(permission)) {
1204 mContext.getPackageManager().updatePermissionFlags(permission,
1205 pkg.packageName,
1206 PackageManager.FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT,
1207 PackageManager.FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT, user);
1208 }
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1209
Svet Ganov0b41c892019-07-26 17:45:56 -0700[diff] [blame]1210 // If the system tries to change a system fixed permission from one fixed
1211 // state to another we need to drop the fixed flag to allow the grant.
1212 if (changingGrantForSystemFixed) {
1213 mContext.getPackageManager().updatePermissionFlags(permission,
1214 pkg.packageName, flags,
1215 flags & ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, user);
1216 }
1217
Philip P. Moltmanneb82d652019-03-26 16:17:26 -0700[diff] [blame]1218 if (pm.checkPermission(permission, pkg.packageName)
1219 != PackageManager.PERMISSION_GRANTED) {
1220 mContext.getPackageManager()
1221 .grantRuntimePermission(pkg.packageName, permission, user);
1222 }
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1223
1224 mContext.getPackageManager().updatePermissionFlags(permission, pkg.packageName,
1225 newFlags, newFlags, user);
1226
Svet Ganov83a3a4a2019-05-03 18:50:43 -0700[diff] [blame]1227 int uid = UserHandle.getUid(userId,
1228 UserHandle.getAppId(pkg.applicationInfo.uid));
1229
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1230 List<String> fgPerms = mPermissionManager.getBackgroundPermissions()
1231 .get(permission);
1232 if (fgPerms != null) {
1233 int numFgPerms = fgPerms.size();
1234 for (int fgPermNum = 0; fgPermNum < numFgPerms; fgPermNum++) {
1235 String fgPerm = fgPerms.get(fgPermNum);
1236
1237 if (pm.checkPermission(fgPerm, pkg.packageName)
1238 == PackageManager.PERMISSION_GRANTED) {
1239 // Upgrade the app-op state of the fg permission to allow bg access
Svet Ganov83a3a4a2019-05-03 18:50:43 -0700[diff] [blame]1240 // TODO: Dont' call app ops from package manager code.
Philip P. Moltmann159d98b2018-12-20 08:30:53 -0800[diff] [blame]1241 mContext.getSystemService(AppOpsManager.class).setUidMode(
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1242 AppOpsManager.permissionToOp(fgPerm), uid,
Philip P. Moltmann159d98b2018-12-20 08:30:53 -0800[diff] [blame]1243 AppOpsManager.MODE_ALLOWED);
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1244
1245 break;
1246 }
1247 }
1248 }
1249
1250 String bgPerm = getBackgroundPermission(permission);
Svet Ganov83a3a4a2019-05-03 18:50:43 -0700[diff] [blame]1251 String op = AppOpsManager.permissionToOp(permission);
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1252 if (bgPerm == null) {
1253 if (op != null) {
Svet Ganov83a3a4a2019-05-03 18:50:43 -0700[diff] [blame]1254 // TODO: Dont' call app ops from package manager code.
Philip P. Moltmann159d98b2018-12-20 08:30:53 -0800[diff] [blame]1255 mContext.getSystemService(AppOpsManager.class).setUidMode(op, uid,
1256 AppOpsManager.MODE_ALLOWED);
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1257 }
1258 } else {
1259 int mode;
1260 if (pm.checkPermission(bgPerm, pkg.packageName)
1261 == PackageManager.PERMISSION_GRANTED) {
1262 mode = AppOpsManager.MODE_ALLOWED;
1263 } else {
1264 mode = AppOpsManager.MODE_FOREGROUND;
1265 }
1266
Philip P. Moltmann159d98b2018-12-20 08:30:53 -0800[diff] [blame]1267 mContext.getSystemService(AppOpsManager.class).setUidMode(op, uid, mode);
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1268 }
1269
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1270 if (DEBUG) {
1271 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ")
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1272 + permission + " to default handler " + pkg);
Eugene Suslae4ee2c22018-11-05 12:23:30 -0800[diff] [blame]1273
1274 int appOp = AppOpsManager.permissionToOpCode(permission);
1275 if (appOp != AppOpsManager.OP_NONE
1276 && AppOpsManager.opToDefaultMode(appOp)
1277 != AppOpsManager.MODE_ALLOWED) {
1278 // Permission has a corresponding appop which is not allowed by default
1279 // We must allow it as well, as it's usually checked alongside the
1280 // permission
1281 if (DEBUG) {
1282 Log.i(TAG, "Granting OP_" + AppOpsManager.opToName(appOp)
1283 + " to " + pkg.packageName);
1284 }
1285 mContext.getSystemService(AppOpsManager.class).setUidMode(
1286 appOp, pkg.applicationInfo.uid, AppOpsManager.MODE_ALLOWED);
1287 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1288 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1289 }
1290
1291 // If a component gets a permission for being the default handler A
1292 // and also default handler B, we grant the weaker grant form.
1293 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
1294 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0
1295 && !systemFixed) {
1296 if (DEBUG) {
1297 Log.i(TAG, "Granted not fixed " + permission + " to default handler "
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1298 + pkg);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1299 }
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]1300 mContext.getPackageManager().updatePermissionFlags(permission, pkg.packageName,
1301 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, user);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1302 }
1303 }
1304 }
1305 }
1306
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1307 private PackageInfo getSystemPackageInfo(String pkg) {
Eugene Suslaa8d1a452019-04-10 18:00:35 -0700[diff] [blame]1308 return getPackageInfo(pkg, PackageManager.MATCH_SYSTEM_ONLY);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1309 }
1310
1311 private PackageInfo getPackageInfo(String pkg) {
1312 return getPackageInfo(pkg, 0 /* extraFlags */);
1313 }
1314
1315 private PackageInfo getPackageInfo(String pkg,
1316 @PackageManager.PackageInfoFlags int extraFlags) {
Eugene Suslacc6b8a32019-04-09 14:08:09 -0700[diff] [blame]1317 if (pkg == null) {
1318 return null;
1319 }
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]1320 try {
1321 return mContext.getPackageManager().getPackageInfo(pkg,
1322 DEFAULT_PACKAGE_INFO_QUERY_FLAGS | extraFlags);
1323 } catch (NameNotFoundException e) {
Eugene Susla12523ab2019-01-22 17:46:54 -0800[diff] [blame]1324 Slog.e(TAG, "PackageNot found: " + pkg, e);
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]1325 return null;
1326 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1327 }
1328
1329 private boolean isSysComponentOrPersistentPlatformSignedPrivApp(PackageInfo pkg) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1330 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) {
1331 return true;
1332 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1333 if (!pkg.applicationInfo.isPrivilegedApp()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1334 return false;
1335 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1336 final PackageInfo disabledPkg = getSystemPackageInfo(
1337 mServiceInternal.getDisabledSystemPackageName(pkg.applicationInfo.packageName));
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1338 if (disabledPkg != null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1339 ApplicationInfo disabledPackageAppInfo = disabledPkg.applicationInfo;
1340 if (disabledPackageAppInfo != null
1341 && (disabledPackageAppInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1342 return false;
1343 }
1344 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
1345 return false;
1346 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1347 return mServiceInternal.isPlatformSigned(pkg.packageName);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1348 }
1349
1350 private void grantDefaultPermissionExceptions(int userId) {
1351 mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
1352
1353 synchronized (mLock) {
1354 // mGrantExceptions is null only before the first read and then
1355 // it serves as a cache of the default grants that should be
1356 // performed for every user. If there is an entry then the app
1357 // is on the system image and supports runtime permissions.
1358 if (mGrantExceptions == null) {
1359 mGrantExceptions = readDefaultPermissionExceptionsLocked();
1360 }
1361 }
1362
1363 Set<String> permissions = null;
1364 final int exceptionCount = mGrantExceptions.size();
1365 for (int i = 0; i < exceptionCount; i++) {
1366 String packageName = mGrantExceptions.keyAt(i);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1367 PackageInfo pkg = getSystemPackageInfo(packageName);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1368 List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i);
1369 final int permissionGrantCount = permissionGrants.size();
1370 for (int j = 0; j < permissionGrantCount; j++) {
1371 DefaultPermissionGrant permissionGrant = permissionGrants.get(j);
Jeff Sharkey7a807602018-10-18 13:21:55 -0600[diff] [blame]1372 if (!isPermissionDangerous(permissionGrant.name)) {
1373 Log.w(TAG, "Ignoring permission " + permissionGrant.name
1374 + " which isn't dangerous");
1375 continue;
1376 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1377 if (permissions == null) {
1378 permissions = new ArraySet<>();
1379 } else {
1380 permissions.clear();
1381 }
Jeff Sharkey9d4654c2018-10-25 09:52:57 -0600[diff] [blame]1382 permissions.add(permissionGrant.name);
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]1383
1384
1385 grantRuntimePermissions(pkg, permissions, permissionGrant.fixed,
1386 permissionGrant.whitelisted, true /*whitelistRestrictedPermissions*/,
1387 userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1388 }
1389 }
1390 }
1391
1392 private File[] getDefaultPermissionFiles() {
1393 ArrayList<File> ret = new ArrayList<File>();
1394 File dir = new File(Environment.getRootDirectory(), "etc/default-permissions");
1395 if (dir.isDirectory() && dir.canRead()) {
1396 Collections.addAll(ret, dir.listFiles());
1397 }
1398 dir = new File(Environment.getVendorDirectory(), "etc/default-permissions");
1399 if (dir.isDirectory() && dir.canRead()) {
1400 Collections.addAll(ret, dir.listFiles());
1401 }
Jiyong Park0989e382018-03-13 10:26:47 +0900[diff] [blame]1402 dir = new File(Environment.getOdmDirectory(), "etc/default-permissions");
1403 if (dir.isDirectory() && dir.canRead()) {
1404 Collections.addAll(ret, dir.listFiles());
1405 }
Jaekyun Seok1713d9e2018-01-12 21:47:26 +0900[diff] [blame]1406 dir = new File(Environment.getProductDirectory(), "etc/default-permissions");
1407 if (dir.isDirectory() && dir.canRead()) {
1408 Collections.addAll(ret, dir.listFiles());
1409 }
Jeongik Chaf6629832019-07-04 21:12:06 +0900[diff] [blame]1410 dir = new File(Environment.getSystemExtDirectory(), "etc/default-permissions");
Dario Freni1ae46d72018-08-17 15:56:43 +0100[diff] [blame]1411 if (dir.isDirectory() && dir.canRead()) {
1412 Collections.addAll(ret, dir.listFiles());
1413 }
Ralph Nathanbd111582018-03-21 14:53:23 -0700[diff] [blame]1414 // For IoT devices, we check the oem partition for default permissions for each app.
1415 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) {
1416 dir = new File(Environment.getOemDirectory(), "etc/default-permissions");
1417 if (dir.isDirectory() && dir.canRead()) {
1418 Collections.addAll(ret, dir.listFiles());
1419 }
1420 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1421 return ret.isEmpty() ? null : ret.toArray(new File[0]);
1422 }
1423
1424 private @NonNull ArrayMap<String, List<DefaultPermissionGrant>>
1425 readDefaultPermissionExceptionsLocked() {
1426 File[] files = getDefaultPermissionFiles();
1427 if (files == null) {
1428 return new ArrayMap<>(0);
1429 }
1430
1431 ArrayMap<String, List<DefaultPermissionGrant>> grantExceptions = new ArrayMap<>();
1432
1433 // Iterate over the files in the directory and scan .xml files
1434 for (File file : files) {
1435 if (!file.getPath().endsWith(".xml")) {
1436 Slog.i(TAG, "Non-xml file " + file
1437 + " in " + file.getParent() + " directory, ignoring");
1438 continue;
1439 }
1440 if (!file.canRead()) {
1441 Slog.w(TAG, "Default permissions file " + file + " cannot be read");
1442 continue;
1443 }
1444 try (
1445 InputStream str = new BufferedInputStream(new FileInputStream(file))
1446 ) {
1447 XmlPullParser parser = Xml.newPullParser();
1448 parser.setInput(str, null);
1449 parse(parser, grantExceptions);
1450 } catch (XmlPullParserException | IOException e) {
1451 Slog.w(TAG, "Error reading default permissions file " + file, e);
1452 }
1453 }
1454
1455 return grantExceptions;
1456 }
1457
1458 private void parse(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1459 outGrantExceptions) throws IOException, XmlPullParserException {
1460 final int outerDepth = parser.getDepth();
1461 int type;
1462 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1463 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1464 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1465 continue;
1466 }
1467 if (TAG_EXCEPTIONS.equals(parser.getName())) {
1468 parseExceptions(parser, outGrantExceptions);
1469 } else {
1470 Log.e(TAG, "Unknown tag " + parser.getName());
1471 }
1472 }
1473 }
1474
1475 private void parseExceptions(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1476 outGrantExceptions) throws IOException, XmlPullParserException {
1477 final int outerDepth = parser.getDepth();
1478 int type;
1479 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1480 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1481 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1482 continue;
1483 }
1484 if (TAG_EXCEPTION.equals(parser.getName())) {
1485 String packageName = parser.getAttributeValue(null, ATTR_PACKAGE);
1486
1487 List<DefaultPermissionGrant> packageExceptions =
1488 outGrantExceptions.get(packageName);
1489 if (packageExceptions == null) {
1490 // The package must be on the system image
Hai Zhangb157ef82018-10-04 14:53:04 -0700[diff] [blame]1491 PackageInfo packageInfo = getSystemPackageInfo(packageName);
Eugene Suslaf25013c2019-03-01 15:17:54 -0800[diff] [blame]1492
1493 if (packageInfo == null) {
1494 Log.w(TAG, "No such package:" + packageName);
1495 XmlUtils.skipCurrentTag(parser);
1496 continue;
1497 }
1498
Hai Zhangb157ef82018-10-04 14:53:04 -0700[diff] [blame]1499 if (!isSystemPackage(packageInfo)) {
1500 Log.w(TAG, "Unknown system package:" + packageName);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1501 XmlUtils.skipCurrentTag(parser);
1502 continue;
1503 }
1504
1505 // The package must support runtime permissions
Hai Zhangb157ef82018-10-04 14:53:04 -0700[diff] [blame]1506 if (!doesPackageSupportRuntimePermissions(packageInfo)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1507 Log.w(TAG, "Skipping non supporting runtime permissions package:"
1508 + packageName);
1509 XmlUtils.skipCurrentTag(parser);
1510 continue;
1511 }
1512 packageExceptions = new ArrayList<>();
1513 outGrantExceptions.put(packageName, packageExceptions);
1514 }
1515
1516 parsePermission(parser, packageExceptions);
1517 } else {
1518 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exceptions>");
1519 }
1520 }
1521 }
1522
1523 private void parsePermission(XmlPullParser parser, List<DefaultPermissionGrant>
1524 outPackageExceptions) throws IOException, XmlPullParserException {
1525 final int outerDepth = parser.getDepth();
1526 int type;
1527 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1528 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1529 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1530 continue;
1531 }
1532
1533 if (TAG_PERMISSION.contains(parser.getName())) {
1534 String name = parser.getAttributeValue(null, ATTR_NAME);
1535 if (name == null) {
1536 Log.w(TAG, "Mandatory name attribute missing for permission tag");
1537 XmlUtils.skipCurrentTag(parser);
1538 continue;
1539 }
1540
1541 final boolean fixed = XmlUtils.readBooleanAttribute(parser, ATTR_FIXED);
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]1542 final boolean whitelisted = XmlUtils.readBooleanAttribute(parser, ATTR_WHITELISTED);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1543
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]1544 DefaultPermissionGrant exception = new DefaultPermissionGrant(
1545 name, fixed, whitelisted);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1546 outPackageExceptions.add(exception);
1547 } else {
1548 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exception>");
1549 }
1550 }
1551 }
1552
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1553 private static boolean doesPackageSupportRuntimePermissions(PackageInfo pkg) {
1554 return pkg.applicationInfo != null
1555 && pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1556 }
1557
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]1558 private boolean isPermissionRestricted(String name) {
1559 try {
1560 return mContext.getPackageManager().getPermissionInfo(name, 0).isRestricted();
1561 } catch (NameNotFoundException e) {
1562 return false;
1563 }
1564 }
1565
Jeff Sharkey7a807602018-10-18 13:21:55 -0600[diff] [blame]1566 private boolean isPermissionDangerous(String name) {
1567 try {
1568 final PermissionInfo pi = mContext.getPackageManager().getPermissionInfo(name, 0);
Jeff Sharkey9d4654c2018-10-25 09:52:57 -0600[diff] [blame]1569 return (pi.getProtection() == PermissionInfo.PROTECTION_DANGEROUS);
Jeff Sharkey7a807602018-10-18 13:21:55 -0600[diff] [blame]1570 } catch (NameNotFoundException e) {
1571 // When unknown assume it's dangerous to be on the safe side
1572 return true;
1573 }
1574 }
1575
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1576 private static final class DefaultPermissionGrant {
1577 final String name;
1578 final boolean fixed;
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]1579 final boolean whitelisted;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1580
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]1581 public DefaultPermissionGrant(String name, boolean fixed,
1582 boolean whitelisted) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1583 this.name = name;
1584 this.fixed = fixed;
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]1585 this.whitelisted = whitelisted;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1586 }
1587 }
1588}