Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / b162909dd614f5b37fa4d90a62dbd709b7fdb0d3 / . / services / core / java / com / android / server / pm / permission / DefaultPermissionGrantPolicy.java
blob: 5befc1f99cf38a847ea7ea0869a8c4f9d3e23775 [file] [log] [blame]
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.pm.permission;
18
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]19import static android.os.Process.FIRST_APPLICATION_UID;
Todd Kennedy7c4c55d2017-11-02 10:01:39 -0700[diff] [blame]20
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]21import android.Manifest;
22import android.annotation.NonNull;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]23import android.annotation.Nullable;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]24import android.app.ActivityManager;
25import android.app.DownloadManager;
26import android.app.admin.DevicePolicyManager;
27import android.companion.CompanionDeviceManager;
28import android.content.Context;
29import android.content.Intent;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]30import android.content.pm.ApplicationInfo;
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]31import android.content.pm.PackageList;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]32import android.content.pm.PackageManager;
33import android.content.pm.PackageManagerInternal;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]34import android.content.pm.PackageManagerInternal.PackagesProvider;
35import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]36import android.content.pm.PackageParser;
37import android.content.pm.ProviderInfo;
38import android.content.pm.ResolveInfo;
39import android.media.RingtoneManager;
40import android.net.Uri;
41import android.os.Binder;
42import android.os.Build;
43import android.os.Environment;
44import android.os.Handler;
45import android.os.Looper;
46import android.os.Message;
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame]47import android.os.SystemProperties;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]48import android.os.UserHandle;
49import android.os.storage.StorageManager;
50import android.print.PrintManager;
51import android.provider.CalendarContract;
52import android.provider.ContactsContract;
53import android.provider.MediaStore;
54import android.provider.Telephony.Sms.Intents;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]55import android.security.Credentials;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]56import android.telephony.TelephonyManager;
Ye Wen8e8b2d52018-03-14 11:48:24 -0700[diff] [blame]57import android.text.TextUtils;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]58import android.util.ArrayMap;
59import android.util.ArraySet;
60import android.util.Log;
61import android.util.Slog;
62import android.util.Xml;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]63
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]64import com.android.internal.util.XmlUtils;
65import com.android.server.LocalServices;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]66import com.android.server.pm.PackageManagerService;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]67
68import org.xmlpull.v1.XmlPullParser;
69import org.xmlpull.v1.XmlPullParserException;
70
71import java.io.BufferedInputStream;
72import java.io.File;
73import java.io.FileInputStream;
74import java.io.IOException;
75import java.io.InputStream;
76import java.util.ArrayList;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]77import java.util.Collections;
78import java.util.List;
79import java.util.Map;
80import java.util.Set;
81
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]82/**
83 * This class is the policy for granting runtime permissions to
84 * platform components and default handlers in the system such
85 * that the device is usable out-of-the-box. For example, the
86 * shell UID is a part of the system and the Phone app should
87 * have phone related permission by default.
88 * <p>
89 * NOTE: This class is at the wrong abstraction level. It is a part of the package manager
90 * service but knows about lots of higher level subsystems. The correct way to do this is
91 * to have an interface defined in the package manager but have the impl next to other
92 * policy stuff like PhoneWindowManager
93 */
94public final class DefaultPermissionGrantPolicy {
95 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars
96 private static final boolean DEBUG = false;
97
98 private static final int DEFAULT_FLAGS =
99 PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE
100 | PackageManager.MATCH_UNINSTALLED_PACKAGES;
101
102 private static final String AUDIO_MIME_TYPE = "audio/mpeg";
103
104 private static final String TAG_EXCEPTIONS = "exceptions";
105 private static final String TAG_EXCEPTION = "exception";
106 private static final String TAG_PERMISSION = "permission";
107 private static final String ATTR_PACKAGE = "package";
108 private static final String ATTR_NAME = "name";
109 private static final String ATTR_FIXED = "fixed";
110
111 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>();
112 static {
113 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE);
114 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE);
115 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG);
116 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG);
117 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL);
118 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP);
119 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS);
120 }
121
122 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>();
123 static {
124 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS);
125 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS);
126 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS);
127 }
128
129 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>();
130 static {
131 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION);
132 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);
133 }
134
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]135 private static final Set<String> COARSE_LOCATION_PERMISSIONS = new ArraySet<>();
136 static {
137 COARSE_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);
138 }
139
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]140 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>();
141 static {
142 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR);
143 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR);
144 }
145
146 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>();
147 static {
148 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS);
149 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS);
150 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS);
151 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH);
152 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS);
153 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS);
154 }
155
156 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>();
157 static {
158 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO);
159 }
160
161 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>();
162 static {
163 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA);
164 }
165
166 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>();
167 static {
168 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS);
169 }
170
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame]171 @Deprecated
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]172 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>();
173 static {
Jeff Sharkeyb1629092018-08-24 10:33:12 -0600[diff] [blame^]174 // STOPSHIP(b/112545973): remove once feature enabled by default
175 if (!SystemProperties.getBoolean(StorageManager.PROP_ISOLATED_STORAGE, false)) {
176 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE);
177 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE);
178 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]179 }
180
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame]181 private static final Set<String> MEDIA_AURAL_PERMISSIONS = new ArraySet<>();
182 static {
183 // STOPSHIP(b/112545973): remove once feature enabled by default
184 if (SystemProperties.getBoolean(StorageManager.PROP_ISOLATED_STORAGE, false)) {
185 MEDIA_AURAL_PERMISSIONS.add(Manifest.permission.READ_MEDIA_AUDIO);
186 MEDIA_AURAL_PERMISSIONS.add(Manifest.permission.WRITE_MEDIA_AUDIO);
187 }
188 }
189
190 private static final Set<String> MEDIA_VISUAL_PERMISSIONS = new ArraySet<>();
191 static {
192 // STOPSHIP(b/112545973): remove once feature enabled by default
193 if (SystemProperties.getBoolean(StorageManager.PROP_ISOLATED_STORAGE, false)) {
194 MEDIA_VISUAL_PERMISSIONS.add(Manifest.permission.READ_MEDIA_IMAGES);
195 MEDIA_VISUAL_PERMISSIONS.add(Manifest.permission.WRITE_MEDIA_IMAGES);
196 MEDIA_VISUAL_PERMISSIONS.add(Manifest.permission.READ_MEDIA_VIDEO);
197 MEDIA_VISUAL_PERMISSIONS.add(Manifest.permission.WRITE_MEDIA_VIDEO);
198 }
199 }
200
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]201 private static final int MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS = 1;
202
203 private static final String ACTION_TRACK = "com.android.fitness.TRACK";
204
205 private final Handler mHandler;
206
207 private PackagesProvider mLocationPackagesProvider;
208 private PackagesProvider mVoiceInteractionPackagesProvider;
209 private PackagesProvider mSmsAppPackagesProvider;
210 private PackagesProvider mDialerAppPackagesProvider;
211 private PackagesProvider mSimCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]212 private PackagesProvider mUseOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]213 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider;
214
215 private ArrayMap<String, List<DefaultPermissionGrant>> mGrantExceptions;
216 private final Context mContext;
217 private final Object mLock = new Object();
218 private final PackageManagerInternal mServiceInternal;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]219 private final PermissionManagerService mPermissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]220 private final DefaultPermissionGrantedCallback mPermissionGrantedCallback;
221 public interface DefaultPermissionGrantedCallback {
222 /** Callback when permissions have been granted */
223 public void onDefaultRuntimePermissionsGranted(int userId);
224 }
225
226 public DefaultPermissionGrantPolicy(Context context, Looper looper,
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]227 @Nullable DefaultPermissionGrantedCallback callback,
228 @NonNull PermissionManagerService permissionManager) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]229 mContext = context;
230 mHandler = new Handler(looper) {
231 @Override
232 public void handleMessage(Message msg) {
233 if (msg.what == MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS) {
234 synchronized (mLock) {
235 if (mGrantExceptions == null) {
236 mGrantExceptions = readDefaultPermissionExceptionsLocked();
237 }
238 }
239 }
240 }
241 };
242 mPermissionGrantedCallback = callback;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]243 mPermissionManager = permissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]244 mServiceInternal = LocalServices.getService(PackageManagerInternal.class);
245 }
246
247 public void setLocationPackagesProvider(PackagesProvider provider) {
248 synchronized (mLock) {
249 mLocationPackagesProvider = provider;
250 }
251 }
252
253 public void setVoiceInteractionPackagesProvider(PackagesProvider provider) {
254 synchronized (mLock) {
255 mVoiceInteractionPackagesProvider = provider;
256 }
257 }
258
259 public void setSmsAppPackagesProvider(PackagesProvider provider) {
260 synchronized (mLock) {
261 mSmsAppPackagesProvider = provider;
262 }
263 }
264
265 public void setDialerAppPackagesProvider(PackagesProvider provider) {
266 synchronized (mLock) {
267 mDialerAppPackagesProvider = provider;
268 }
269 }
270
271 public void setSimCallManagerPackagesProvider(PackagesProvider provider) {
272 synchronized (mLock) {
273 mSimCallManagerPackagesProvider = provider;
274 }
275 }
276
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]277 public void setUseOpenWifiAppPackagesProvider(PackagesProvider provider) {
278 synchronized (mLock) {
279 mUseOpenWifiAppPackagesProvider = provider;
280 }
281 }
282
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]283 public void setSyncAdapterPackagesProvider(SyncAdapterPackagesProvider provider) {
284 synchronized (mLock) {
285 mSyncAdapterPackagesProvider = provider;
286 }
287 }
288
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]289 public void grantDefaultPermissions(int userId) {
Ralph Nathanbd111582018-03-21 14:53:23 -0700[diff] [blame]290 grantPermissionsToSysComponentsAndPrivApps(userId);
291 grantDefaultSystemHandlerPermissions(userId);
292 grantDefaultPermissionExceptions(userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]293 }
294
295 private void grantRuntimePermissionsForPackage(int userId, PackageParser.Package pkg) {
296 Set<String> permissions = new ArraySet<>();
297 for (String permission : pkg.requestedPermissions) {
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]298 final BasePermission bp = mPermissionManager.getPermission(permission);
299 if (bp == null) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]300 continue;
301 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]302 if (bp.isRuntime()) {
303 permissions.add(permission);
304 }
305 }
306 if (!permissions.isEmpty()) {
307 grantRuntimePermissions(pkg, permissions, true, userId);
308 }
309 }
310
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]311 private void grantAllRuntimePermissions(int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]312 Log.i(TAG, "Granting all runtime permissions for user " + userId);
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]313 final PackageList packageList = mServiceInternal.getPackageList();
314 for (String packageName : packageList.getPackageNames()) {
315 final PackageParser.Package pkg = mServiceInternal.getPackage(packageName);
316 if (pkg == null) {
317 continue;
318 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]319 grantRuntimePermissionsForPackage(userId, pkg);
320 }
321 }
322
323 public void scheduleReadDefaultPermissionExceptions() {
324 mHandler.sendEmptyMessage(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
325 }
326
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]327 private void grantPermissionsToSysComponentsAndPrivApps(int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]328 Log.i(TAG, "Granting permissions to platform components for user " + userId);
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]329 final PackageList packageList = mServiceInternal.getPackageList();
330 for (String packageName : packageList.getPackageNames()) {
331 final PackageParser.Package pkg = mServiceInternal.getPackage(packageName);
332 if (pkg == null) {
333 continue;
334 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]335 if (!isSysComponentOrPersistentPlatformSignedPrivApp(pkg)
336 || !doesPackageSupportRuntimePermissions(pkg)
337 || pkg.requestedPermissions.isEmpty()) {
338 continue;
339 }
340 grantRuntimePermissionsForPackage(userId, pkg);
341 }
342 }
343
344 private void grantDefaultSystemHandlerPermissions(int userId) {
345 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId);
346
347 final PackagesProvider locationPackagesProvider;
348 final PackagesProvider voiceInteractionPackagesProvider;
349 final PackagesProvider smsAppPackagesProvider;
350 final PackagesProvider dialerAppPackagesProvider;
351 final PackagesProvider simCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]352 final PackagesProvider useOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]353 final SyncAdapterPackagesProvider syncAdapterPackagesProvider;
354
355 synchronized (mLock) {
356 locationPackagesProvider = mLocationPackagesProvider;
357 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider;
358 smsAppPackagesProvider = mSmsAppPackagesProvider;
359 dialerAppPackagesProvider = mDialerAppPackagesProvider;
360 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]361 useOpenWifiAppPackagesProvider = mUseOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]362 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider;
363 }
364
365 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null)
366 ? voiceInteractionPackagesProvider.getPackages(userId) : null;
367 String[] locationPackageNames = (locationPackagesProvider != null)
368 ? locationPackagesProvider.getPackages(userId) : null;
369 String[] smsAppPackageNames = (smsAppPackagesProvider != null)
370 ? smsAppPackagesProvider.getPackages(userId) : null;
371 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null)
372 ? dialerAppPackagesProvider.getPackages(userId) : null;
373 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null)
374 ? simCallManagerPackagesProvider.getPackages(userId) : null;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]375 String[] useOpenWifiAppPackageNames = (useOpenWifiAppPackagesProvider != null)
376 ? useOpenWifiAppPackagesProvider.getPackages(userId) : null;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]377 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
378 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null;
379 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
380 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null;
381
382 // Installer
383 final String installerPackageName = mServiceInternal.getKnownPackageName(
384 PackageManagerInternal.PACKAGE_INSTALLER, userId);
385 PackageParser.Package installerPackage = getSystemPackage(installerPackageName);
386 if (installerPackage != null
387 && doesPackageSupportRuntimePermissions(installerPackage)) {
388 grantRuntimePermissions(installerPackage, STORAGE_PERMISSIONS, true, userId);
389 }
390
391 // Verifier
392 final String verifierPackageName = mServiceInternal.getKnownPackageName(
393 PackageManagerInternal.PACKAGE_VERIFIER, userId);
394 PackageParser.Package verifierPackage = getSystemPackage(verifierPackageName);
395 if (verifierPackage != null
396 && doesPackageSupportRuntimePermissions(verifierPackage)) {
397 grantRuntimePermissions(verifierPackage, STORAGE_PERMISSIONS, true, userId);
398 grantRuntimePermissions(verifierPackage, PHONE_PERMISSIONS, false, userId);
399 grantRuntimePermissions(verifierPackage, SMS_PERMISSIONS, false, userId);
400 }
401
402 // SetupWizard
403 final String setupWizardPackageName = mServiceInternal.getKnownPackageName(
404 PackageManagerInternal.PACKAGE_SETUP_WIZARD, userId);
405 PackageParser.Package setupPackage = getSystemPackage(setupWizardPackageName);
406 if (setupPackage != null
407 && doesPackageSupportRuntimePermissions(setupPackage)) {
408 grantRuntimePermissions(setupPackage, PHONE_PERMISSIONS, userId);
409 grantRuntimePermissions(setupPackage, CONTACTS_PERMISSIONS, userId);
410 grantRuntimePermissions(setupPackage, LOCATION_PERMISSIONS, userId);
411 grantRuntimePermissions(setupPackage, CAMERA_PERMISSIONS, userId);
412 }
413
414 // Camera
415 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE);
416 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackage(
417 cameraIntent, userId);
418 if (cameraPackage != null
419 && doesPackageSupportRuntimePermissions(cameraPackage)) {
420 grantRuntimePermissions(cameraPackage, CAMERA_PERMISSIONS, userId);
421 grantRuntimePermissions(cameraPackage, MICROPHONE_PERMISSIONS, userId);
422 grantRuntimePermissions(cameraPackage, STORAGE_PERMISSIONS, userId);
423 }
424
425 // Media provider
426 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackage(
427 MediaStore.AUTHORITY, userId);
428 if (mediaStorePackage != null) {
429 grantRuntimePermissions(mediaStorePackage, STORAGE_PERMISSIONS, true, userId);
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame]430 grantRuntimePermissions(mediaStorePackage, MEDIA_AURAL_PERMISSIONS, true, userId);
431 grantRuntimePermissions(mediaStorePackage, MEDIA_VISUAL_PERMISSIONS, true, userId);
Jerry Zhang27067df2017-10-18 11:51:54 -0700[diff] [blame]432 grantRuntimePermissions(mediaStorePackage, PHONE_PERMISSIONS, true, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]433 }
434
435 // Downloads provider
436 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackage(
437 "downloads", userId);
438 if (downloadsPackage != null) {
439 grantRuntimePermissions(downloadsPackage, STORAGE_PERMISSIONS, true, userId);
440 }
441
442 // Downloads UI
443 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS);
444 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackage(
445 downloadsUiIntent, userId);
446 if (downloadsUiPackage != null
447 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) {
448 grantRuntimePermissions(downloadsUiPackage, STORAGE_PERMISSIONS, true, userId);
449 }
450
451 // Storage provider
452 PackageParser.Package storagePackage = getDefaultProviderAuthorityPackage(
453 "com.android.externalstorage.documents", userId);
454 if (storagePackage != null) {
455 grantRuntimePermissions(storagePackage, STORAGE_PERMISSIONS, true, userId);
456 }
457
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]458 // Container service
459 PackageParser.Package containerPackage = getSystemPackage(
460 PackageManagerService.DEFAULT_CONTAINER_PACKAGE);
461 if (containerPackage != null) {
462 grantRuntimePermissions(containerPackage, STORAGE_PERMISSIONS, true, userId);
463 }
464
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]465 // CertInstaller
466 Intent certInstallerIntent = new Intent(Credentials.INSTALL_ACTION);
467 PackageParser.Package certInstallerPackage = getDefaultSystemHandlerActivityPackage(
468 certInstallerIntent, userId);
469 if (certInstallerPackage != null
470 && doesPackageSupportRuntimePermissions(certInstallerPackage)) {
471 grantRuntimePermissions(certInstallerPackage, STORAGE_PERMISSIONS, true, userId);
472 }
473
474 // Dialer
475 if (dialerAppPackageNames == null) {
476 Intent dialerIntent = new Intent(Intent.ACTION_DIAL);
477 PackageParser.Package dialerPackage = getDefaultSystemHandlerActivityPackage(
478 dialerIntent, userId);
479 if (dialerPackage != null) {
480 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId);
481 }
482 } else {
483 for (String dialerAppPackageName : dialerAppPackageNames) {
484 PackageParser.Package dialerPackage = getSystemPackage(dialerAppPackageName);
485 if (dialerPackage != null) {
486 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId);
487 }
488 }
489 }
490
491 // Sim call manager
492 if (simCallManagerPackageNames != null) {
493 for (String simCallManagerPackageName : simCallManagerPackageNames) {
494 PackageParser.Package simCallManagerPackage =
495 getSystemPackage(simCallManagerPackageName);
496 if (simCallManagerPackage != null) {
497 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage,
498 userId);
499 }
500 }
501 }
502
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]503 // Use Open Wifi
504 if (useOpenWifiAppPackageNames != null) {
505 for (String useOpenWifiPackageName : useOpenWifiAppPackageNames) {
506 PackageParser.Package useOpenWifiPackage =
507 getSystemPackage(useOpenWifiPackageName);
508 if (useOpenWifiPackage != null) {
509 grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(useOpenWifiPackage,
510 userId);
511 }
512 }
513 }
514
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]515 // SMS
516 if (smsAppPackageNames == null) {
517 Intent smsIntent = new Intent(Intent.ACTION_MAIN);
518 smsIntent.addCategory(Intent.CATEGORY_APP_MESSAGING);
519 PackageParser.Package smsPackage = getDefaultSystemHandlerActivityPackage(
520 smsIntent, userId);
521 if (smsPackage != null) {
522 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
523 }
524 } else {
525 for (String smsPackageName : smsAppPackageNames) {
526 PackageParser.Package smsPackage = getSystemPackage(smsPackageName);
527 if (smsPackage != null) {
528 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
529 }
530 }
531 }
532
533 // Cell Broadcast Receiver
534 Intent cbrIntent = new Intent(Intents.SMS_CB_RECEIVED_ACTION);
535 PackageParser.Package cbrPackage =
536 getDefaultSystemHandlerActivityPackage(cbrIntent, userId);
537 if (cbrPackage != null && doesPackageSupportRuntimePermissions(cbrPackage)) {
538 grantRuntimePermissions(cbrPackage, SMS_PERMISSIONS, userId);
539 }
540
541 // Carrier Provisioning Service
542 Intent carrierProvIntent = new Intent(Intents.SMS_CARRIER_PROVISION_ACTION);
543 PackageParser.Package carrierProvPackage =
544 getDefaultSystemHandlerServicePackage(carrierProvIntent, userId);
545 if (carrierProvPackage != null
546 && doesPackageSupportRuntimePermissions(carrierProvPackage)) {
547 grantRuntimePermissions(carrierProvPackage, SMS_PERMISSIONS, false, userId);
548 }
549
550 // Calendar
551 Intent calendarIntent = new Intent(Intent.ACTION_MAIN);
552 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR);
553 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackage(
554 calendarIntent, userId);
555 if (calendarPackage != null
556 && doesPackageSupportRuntimePermissions(calendarPackage)) {
557 grantRuntimePermissions(calendarPackage, CALENDAR_PERMISSIONS, userId);
558 grantRuntimePermissions(calendarPackage, CONTACTS_PERMISSIONS, userId);
559 }
560
561 // Calendar provider
562 PackageParser.Package calendarProviderPackage = getDefaultProviderAuthorityPackage(
563 CalendarContract.AUTHORITY, userId);
564 if (calendarProviderPackage != null) {
565 grantRuntimePermissions(calendarProviderPackage, CONTACTS_PERMISSIONS, userId);
566 grantRuntimePermissions(calendarProviderPackage, CALENDAR_PERMISSIONS,
567 true, userId);
568 grantRuntimePermissions(calendarProviderPackage, STORAGE_PERMISSIONS, userId);
569 }
570
571 // Calendar provider sync adapters
572 List<PackageParser.Package> calendarSyncAdapters = getHeadlessSyncAdapterPackages(
573 calendarSyncAdapterPackages, userId);
574 final int calendarSyncAdapterCount = calendarSyncAdapters.size();
575 for (int i = 0; i < calendarSyncAdapterCount; i++) {
576 PackageParser.Package calendarSyncAdapter = calendarSyncAdapters.get(i);
577 if (doesPackageSupportRuntimePermissions(calendarSyncAdapter)) {
578 grantRuntimePermissions(calendarSyncAdapter, CALENDAR_PERMISSIONS, userId);
579 }
580 }
581
582 // Contacts
583 Intent contactsIntent = new Intent(Intent.ACTION_MAIN);
584 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS);
585 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackage(
586 contactsIntent, userId);
587 if (contactsPackage != null
588 && doesPackageSupportRuntimePermissions(contactsPackage)) {
589 grantRuntimePermissions(contactsPackage, CONTACTS_PERMISSIONS, userId);
590 grantRuntimePermissions(contactsPackage, PHONE_PERMISSIONS, userId);
591 }
592
593 // Contacts provider sync adapters
594 List<PackageParser.Package> contactsSyncAdapters = getHeadlessSyncAdapterPackages(
595 contactsSyncAdapterPackages, userId);
596 final int contactsSyncAdapterCount = contactsSyncAdapters.size();
597 for (int i = 0; i < contactsSyncAdapterCount; i++) {
598 PackageParser.Package contactsSyncAdapter = contactsSyncAdapters.get(i);
599 if (doesPackageSupportRuntimePermissions(contactsSyncAdapter)) {
600 grantRuntimePermissions(contactsSyncAdapter, CONTACTS_PERMISSIONS, userId);
601 }
602 }
603
604 // Contacts provider
605 PackageParser.Package contactsProviderPackage = getDefaultProviderAuthorityPackage(
606 ContactsContract.AUTHORITY, userId);
607 if (contactsProviderPackage != null) {
608 grantRuntimePermissions(contactsProviderPackage, CONTACTS_PERMISSIONS,
609 true, userId);
610 grantRuntimePermissions(contactsProviderPackage, PHONE_PERMISSIONS,
611 true, userId);
612 grantRuntimePermissions(contactsProviderPackage, STORAGE_PERMISSIONS, userId);
613 }
614
615 // Device provisioning
616 Intent deviceProvisionIntent = new Intent(
617 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE);
618 PackageParser.Package deviceProvisionPackage =
619 getDefaultSystemHandlerActivityPackage(deviceProvisionIntent, userId);
620 if (deviceProvisionPackage != null
621 && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) {
622 grantRuntimePermissions(deviceProvisionPackage, CONTACTS_PERMISSIONS, userId);
623 }
624
625 // Maps
626 Intent mapsIntent = new Intent(Intent.ACTION_MAIN);
627 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS);
628 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackage(
629 mapsIntent, userId);
630 if (mapsPackage != null
631 && doesPackageSupportRuntimePermissions(mapsPackage)) {
632 grantRuntimePermissions(mapsPackage, LOCATION_PERMISSIONS, userId);
633 }
634
635 // Gallery
636 Intent galleryIntent = new Intent(Intent.ACTION_MAIN);
637 galleryIntent.addCategory(Intent.CATEGORY_APP_GALLERY);
638 PackageParser.Package galleryPackage = getDefaultSystemHandlerActivityPackage(
639 galleryIntent, userId);
640 if (galleryPackage != null
641 && doesPackageSupportRuntimePermissions(galleryPackage)) {
642 grantRuntimePermissions(galleryPackage, STORAGE_PERMISSIONS, userId);
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame]643 grantRuntimePermissions(galleryPackage, MEDIA_VISUAL_PERMISSIONS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]644 }
645
646 // Email
647 Intent emailIntent = new Intent(Intent.ACTION_MAIN);
648 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL);
649 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackage(
650 emailIntent, userId);
651 if (emailPackage != null
652 && doesPackageSupportRuntimePermissions(emailPackage)) {
653 grantRuntimePermissions(emailPackage, CONTACTS_PERMISSIONS, userId);
654 grantRuntimePermissions(emailPackage, CALENDAR_PERMISSIONS, userId);
655 }
656
657 // Browser
658 PackageParser.Package browserPackage = null;
659 String defaultBrowserPackage = mServiceInternal.getKnownPackageName(
660 PackageManagerInternal.PACKAGE_BROWSER, userId);
661 if (defaultBrowserPackage != null) {
662 browserPackage = getPackage(defaultBrowserPackage);
663 }
664 if (browserPackage == null) {
665 Intent browserIntent = new Intent(Intent.ACTION_MAIN);
666 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER);
667 browserPackage = getDefaultSystemHandlerActivityPackage(
668 browserIntent, userId);
669 }
670 if (browserPackage != null
671 && doesPackageSupportRuntimePermissions(browserPackage)) {
672 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, userId);
673 }
674
675 // Voice interaction
676 if (voiceInteractPackageNames != null) {
677 for (String voiceInteractPackageName : voiceInteractPackageNames) {
678 PackageParser.Package voiceInteractPackage = getSystemPackage(
679 voiceInteractPackageName);
680 if (voiceInteractPackage != null
681 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) {
682 grantRuntimePermissions(voiceInteractPackage,
683 CONTACTS_PERMISSIONS, userId);
684 grantRuntimePermissions(voiceInteractPackage,
685 CALENDAR_PERMISSIONS, userId);
686 grantRuntimePermissions(voiceInteractPackage,
687 MICROPHONE_PERMISSIONS, userId);
688 grantRuntimePermissions(voiceInteractPackage,
689 PHONE_PERMISSIONS, userId);
690 grantRuntimePermissions(voiceInteractPackage,
691 SMS_PERMISSIONS, userId);
692 grantRuntimePermissions(voiceInteractPackage,
693 LOCATION_PERMISSIONS, userId);
694 }
695 }
696 }
697
698 if (ActivityManager.isLowRamDeviceStatic()) {
699 // Allow voice search on low-ram devices
700 Intent globalSearchIntent = new Intent("android.search.action.GLOBAL_SEARCH");
701 PackageParser.Package globalSearchPickerPackage =
702 getDefaultSystemHandlerActivityPackage(globalSearchIntent, userId);
703
704 if (globalSearchPickerPackage != null
705 && doesPackageSupportRuntimePermissions(globalSearchPickerPackage)) {
706 grantRuntimePermissions(globalSearchPickerPackage,
Ng Zhi An202372d2017-12-19 11:19:30 -0800[diff] [blame]707 MICROPHONE_PERMISSIONS, false, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]708 grantRuntimePermissions(globalSearchPickerPackage,
Ng Zhi An202372d2017-12-19 11:19:30 -0800[diff] [blame]709 LOCATION_PERMISSIONS, false, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]710 }
711 }
712
713 // Voice recognition
714 Intent voiceRecoIntent = new Intent("android.speech.RecognitionService");
715 voiceRecoIntent.addCategory(Intent.CATEGORY_DEFAULT);
716 PackageParser.Package voiceRecoPackage = getDefaultSystemHandlerServicePackage(
717 voiceRecoIntent, userId);
718 if (voiceRecoPackage != null
719 && doesPackageSupportRuntimePermissions(voiceRecoPackage)) {
720 grantRuntimePermissions(voiceRecoPackage, MICROPHONE_PERMISSIONS, userId);
721 }
722
723 // Location
724 if (locationPackageNames != null) {
725 for (String packageName : locationPackageNames) {
726 PackageParser.Package locationPackage = getSystemPackage(packageName);
727 if (locationPackage != null
728 && doesPackageSupportRuntimePermissions(locationPackage)) {
729 grantRuntimePermissions(locationPackage, CONTACTS_PERMISSIONS, userId);
730 grantRuntimePermissions(locationPackage, CALENDAR_PERMISSIONS, userId);
731 grantRuntimePermissions(locationPackage, MICROPHONE_PERMISSIONS, userId);
732 grantRuntimePermissions(locationPackage, PHONE_PERMISSIONS, userId);
733 grantRuntimePermissions(locationPackage, SMS_PERMISSIONS, userId);
734 grantRuntimePermissions(locationPackage, LOCATION_PERMISSIONS,
735 true, userId);
736 grantRuntimePermissions(locationPackage, CAMERA_PERMISSIONS, userId);
737 grantRuntimePermissions(locationPackage, SENSORS_PERMISSIONS, userId);
738 grantRuntimePermissions(locationPackage, STORAGE_PERMISSIONS, userId);
739 }
740 }
741 }
742
743 // Music
744 Intent musicIntent = new Intent(Intent.ACTION_VIEW);
745 musicIntent.addCategory(Intent.CATEGORY_DEFAULT);
746 musicIntent.setDataAndType(Uri.fromFile(new File("foo.mp3")),
747 AUDIO_MIME_TYPE);
748 PackageParser.Package musicPackage = getDefaultSystemHandlerActivityPackage(
749 musicIntent, userId);
750 if (musicPackage != null
751 && doesPackageSupportRuntimePermissions(musicPackage)) {
752 grantRuntimePermissions(musicPackage, STORAGE_PERMISSIONS, userId);
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame]753 grantRuntimePermissions(musicPackage, MEDIA_AURAL_PERMISSIONS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]754 }
755
756 // Home
757 Intent homeIntent = new Intent(Intent.ACTION_MAIN);
758 homeIntent.addCategory(Intent.CATEGORY_HOME);
759 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER_APP);
760 PackageParser.Package homePackage = getDefaultSystemHandlerActivityPackage(
761 homeIntent, userId);
762 if (homePackage != null
763 && doesPackageSupportRuntimePermissions(homePackage)) {
764 grantRuntimePermissions(homePackage, LOCATION_PERMISSIONS, false, userId);
765 }
766
767 // Watches
768 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0)) {
769 // Home application on watches
770 Intent wearHomeIntent = new Intent(Intent.ACTION_MAIN);
771 wearHomeIntent.addCategory(Intent.CATEGORY_HOME_MAIN);
772
773 PackageParser.Package wearHomePackage = getDefaultSystemHandlerActivityPackage(
774 wearHomeIntent, userId);
775
776 if (wearHomePackage != null
777 && doesPackageSupportRuntimePermissions(wearHomePackage)) {
778 grantRuntimePermissions(wearHomePackage, CONTACTS_PERMISSIONS, false,
779 userId);
780 grantRuntimePermissions(wearHomePackage, PHONE_PERMISSIONS, true, userId);
781 grantRuntimePermissions(wearHomePackage, MICROPHONE_PERMISSIONS, false,
782 userId);
783 grantRuntimePermissions(wearHomePackage, LOCATION_PERMISSIONS, false,
784 userId);
785 }
786
787 // Fitness tracking on watches
788 Intent trackIntent = new Intent(ACTION_TRACK);
789 PackageParser.Package trackPackage = getDefaultSystemHandlerActivityPackage(
790 trackIntent, userId);
791 if (trackPackage != null
792 && doesPackageSupportRuntimePermissions(trackPackage)) {
793 grantRuntimePermissions(trackPackage, SENSORS_PERMISSIONS, false, userId);
794 grantRuntimePermissions(trackPackage, LOCATION_PERMISSIONS, false, userId);
795 }
796 }
797
798 // Print Spooler
799 PackageParser.Package printSpoolerPackage = getSystemPackage(
800 PrintManager.PRINT_SPOOLER_PACKAGE_NAME);
801 if (printSpoolerPackage != null
802 && doesPackageSupportRuntimePermissions(printSpoolerPackage)) {
803 grantRuntimePermissions(printSpoolerPackage, LOCATION_PERMISSIONS, true, userId);
804 }
805
806 // EmergencyInfo
807 Intent emergencyInfoIntent = new Intent(TelephonyManager.ACTION_EMERGENCY_ASSISTANCE);
808 PackageParser.Package emergencyInfoPckg = getDefaultSystemHandlerActivityPackage(
809 emergencyInfoIntent, userId);
810 if (emergencyInfoPckg != null
811 && doesPackageSupportRuntimePermissions(emergencyInfoPckg)) {
812 grantRuntimePermissions(emergencyInfoPckg, CONTACTS_PERMISSIONS, true, userId);
813 grantRuntimePermissions(emergencyInfoPckg, PHONE_PERMISSIONS, true, userId);
814 }
815
816 // NFC Tag viewer
817 Intent nfcTagIntent = new Intent(Intent.ACTION_VIEW);
818 nfcTagIntent.setType("vnd.android.cursor.item/ndef_msg");
819 PackageParser.Package nfcTagPkg = getDefaultSystemHandlerActivityPackage(
820 nfcTagIntent, userId);
821 if (nfcTagPkg != null
822 && doesPackageSupportRuntimePermissions(nfcTagPkg)) {
823 grantRuntimePermissions(nfcTagPkg, CONTACTS_PERMISSIONS, false, userId);
824 grantRuntimePermissions(nfcTagPkg, PHONE_PERMISSIONS, false, userId);
825 }
826
827 // Storage Manager
828 Intent storageManagerIntent = new Intent(StorageManager.ACTION_MANAGE_STORAGE);
829 PackageParser.Package storageManagerPckg = getDefaultSystemHandlerActivityPackage(
830 storageManagerIntent, userId);
831 if (storageManagerPckg != null
832 && doesPackageSupportRuntimePermissions(storageManagerPckg)) {
833 grantRuntimePermissions(storageManagerPckg, STORAGE_PERMISSIONS, true, userId);
834 }
835
836 // Companion devices
837 PackageParser.Package companionDeviceDiscoveryPackage = getSystemPackage(
838 CompanionDeviceManager.COMPANION_DEVICE_DISCOVERY_PACKAGE_NAME);
839 if (companionDeviceDiscoveryPackage != null
840 && doesPackageSupportRuntimePermissions(companionDeviceDiscoveryPackage)) {
841 grantRuntimePermissions(companionDeviceDiscoveryPackage,
842 LOCATION_PERMISSIONS, true, userId);
843 }
844
845 // Ringtone Picker
846 Intent ringtonePickerIntent = new Intent(RingtoneManager.ACTION_RINGTONE_PICKER);
847 PackageParser.Package ringtonePickerPackage =
848 getDefaultSystemHandlerActivityPackage(ringtonePickerIntent, userId);
849 if (ringtonePickerPackage != null
850 && doesPackageSupportRuntimePermissions(ringtonePickerPackage)) {
851 grantRuntimePermissions(ringtonePickerPackage,
852 STORAGE_PERMISSIONS, true, userId);
853 }
854
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]855 // TextClassifier Service
Ye Wen8e8b2d52018-03-14 11:48:24 -0700[diff] [blame]856 String textClassifierPackageName =
857 mContext.getPackageManager().getSystemTextClassifierPackageName();
858 if (!TextUtils.isEmpty(textClassifierPackageName)) {
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]859 PackageParser.Package textClassifierPackage =
Ye Wen8e8b2d52018-03-14 11:48:24 -0700[diff] [blame]860 getSystemPackage(textClassifierPackageName);
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]861 if (textClassifierPackage != null
862 && doesPackageSupportRuntimePermissions(textClassifierPackage)) {
Eugene Susla4b870112018-06-08 21:39:58 +0000[diff] [blame]863 grantRuntimePermissions(textClassifierPackage, PHONE_PERMISSIONS, false, userId);
864 grantRuntimePermissions(textClassifierPackage, SMS_PERMISSIONS, false, userId);
865 grantRuntimePermissions(textClassifierPackage, CALENDAR_PERMISSIONS, false, userId);
866 grantRuntimePermissions(textClassifierPackage, LOCATION_PERMISSIONS, false, userId);
867 grantRuntimePermissions(textClassifierPackage, CONTACTS_PERMISSIONS, false, userId);
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]868 }
869 }
870
Anton Philippov4b3a1f52018-05-04 14:46:44 +0100[diff] [blame]871 // There is no real "marker" interface to identify the shared storage backup, it is
872 // hardcoded in BackupManagerService.SHARED_BACKUP_AGENT_PACKAGE.
873 PackageParser.Package sharedStorageBackupPackage = getSystemPackage(
874 "com.android.sharedstoragebackup");
875 if (sharedStorageBackupPackage != null) {
876 grantRuntimePermissions(sharedStorageBackupPackage, STORAGE_PERMISSIONS, true, userId);
877 }
878
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]879 if (mPermissionGrantedCallback != null) {
880 mPermissionGrantedCallback.onDefaultRuntimePermissionsGranted(userId);
881 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]882 }
883
884 private void grantDefaultPermissionsToDefaultSystemDialerApp(
885 PackageParser.Package dialerPackage, int userId) {
886 if (doesPackageSupportRuntimePermissions(dialerPackage)) {
887 boolean isPhonePermFixed =
888 mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0);
889 grantRuntimePermissions(
890 dialerPackage, PHONE_PERMISSIONS, isPhonePermFixed, userId);
891 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, userId);
892 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, userId);
893 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, userId);
894 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, userId);
895 }
896 }
897
898 private void grantDefaultPermissionsToDefaultSystemSmsApp(
899 PackageParser.Package smsPackage, int userId) {
900 if (doesPackageSupportRuntimePermissions(smsPackage)) {
901 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, userId);
902 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, userId);
903 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, userId);
904 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, userId);
905 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, userId);
906 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, userId);
907 }
908 }
909
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]910 private void grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(
911 PackageParser.Package useOpenWifiPackage, int userId) {
912 if (doesPackageSupportRuntimePermissions(useOpenWifiPackage)) {
913 grantRuntimePermissions(useOpenWifiPackage, COARSE_LOCATION_PERMISSIONS, userId);
914 }
915 }
916
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]917 public void grantDefaultPermissionsToDefaultSmsApp(String packageName, int userId) {
918 Log.i(TAG, "Granting permissions to default sms app for user:" + userId);
919 if (packageName == null) {
920 return;
921 }
922 PackageParser.Package smsPackage = getPackage(packageName);
923 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) {
924 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, false, true, userId);
925 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, false, true, userId);
926 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, false, true, userId);
927 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, false, true, userId);
928 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, false, true, userId);
929 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, false, true, userId);
930 }
931 }
932
933 public void grantDefaultPermissionsToDefaultDialerApp(String packageName, int userId) {
934 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId);
935 if (packageName == null) {
936 return;
937 }
938 PackageParser.Package dialerPackage = getPackage(packageName);
939 if (dialerPackage != null
940 && doesPackageSupportRuntimePermissions(dialerPackage)) {
941 grantRuntimePermissions(dialerPackage, PHONE_PERMISSIONS, false, true, userId);
942 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, false, true, userId);
943 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, false, true, userId);
944 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, false, true, userId);
945 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, false, true, userId);
946 }
947 }
948
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]949 public void grantDefaultPermissionsToDefaultUseOpenWifiApp(String packageName, int userId) {
950 Log.i(TAG, "Granting permissions to default Use Open WiFi app for user:" + userId);
951 if (packageName == null) {
952 return;
953 }
954 PackageParser.Package useOpenWifiPackage = getPackage(packageName);
955 if (useOpenWifiPackage != null
956 && doesPackageSupportRuntimePermissions(useOpenWifiPackage)) {
957 grantRuntimePermissions(
958 useOpenWifiPackage, COARSE_LOCATION_PERMISSIONS, false, true, userId);
959 }
960 }
961
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]962 private void grantDefaultPermissionsToDefaultSimCallManager(
963 PackageParser.Package simCallManagerPackage, int userId) {
964 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId);
965 if (doesPackageSupportRuntimePermissions(simCallManagerPackage)) {
966 grantRuntimePermissions(simCallManagerPackage, PHONE_PERMISSIONS, userId);
967 grantRuntimePermissions(simCallManagerPackage, MICROPHONE_PERMISSIONS, userId);
968 }
969 }
970
971 public void grantDefaultPermissionsToDefaultSimCallManager(String packageName, int userId) {
972 if (packageName == null) {
973 return;
974 }
975 PackageParser.Package simCallManagerPackage = getPackage(packageName);
976 if (simCallManagerPackage != null) {
977 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage, userId);
978 }
979 }
980
981 public void grantDefaultPermissionsToEnabledCarrierApps(String[] packageNames, int userId) {
982 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId);
983 if (packageNames == null) {
984 return;
985 }
986 for (String packageName : packageNames) {
987 PackageParser.Package carrierPackage = getSystemPackage(packageName);
988 if (carrierPackage != null
989 && doesPackageSupportRuntimePermissions(carrierPackage)) {
990 grantRuntimePermissions(carrierPackage, PHONE_PERMISSIONS, userId);
991 grantRuntimePermissions(carrierPackage, LOCATION_PERMISSIONS, userId);
992 grantRuntimePermissions(carrierPackage, SMS_PERMISSIONS, userId);
993 }
994 }
995 }
996
997 public void grantDefaultPermissionsToEnabledImsServices(String[] packageNames, int userId) {
998 Log.i(TAG, "Granting permissions to enabled ImsServices for user:" + userId);
999 if (packageNames == null) {
1000 return;
1001 }
1002 for (String packageName : packageNames) {
1003 PackageParser.Package imsServicePackage = getSystemPackage(packageName);
1004 if (imsServicePackage != null
1005 && doesPackageSupportRuntimePermissions(imsServicePackage)) {
1006 grantRuntimePermissions(imsServicePackage, PHONE_PERMISSIONS, userId);
1007 grantRuntimePermissions(imsServicePackage, MICROPHONE_PERMISSIONS, userId);
1008 grantRuntimePermissions(imsServicePackage, LOCATION_PERMISSIONS, userId);
1009 grantRuntimePermissions(imsServicePackage, CAMERA_PERMISSIONS, userId);
Mohamed Abdalkaderd6d55742018-03-12 14:36:14 -0700[diff] [blame]1010 grantRuntimePermissions(imsServicePackage, CONTACTS_PERMISSIONS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1011 }
1012 }
1013 }
1014
Nathan Harold76ad1a32018-02-20 14:31:09 -0800[diff] [blame]1015 public void grantDefaultPermissionsToEnabledTelephonyDataServices(
1016 String[] packageNames, int userId) {
1017 Log.i(TAG, "Granting permissions to enabled data services for user:" + userId);
1018 if (packageNames == null) {
1019 return;
1020 }
1021 for (String packageName : packageNames) {
1022 PackageParser.Package dataServicePackage = getSystemPackage(packageName);
1023 if (dataServicePackage != null
1024 && doesPackageSupportRuntimePermissions(dataServicePackage)) {
1025 // Grant these permissions as system-fixed, so that nobody can accidentally
1026 // break cellular data.
1027 grantRuntimePermissions(dataServicePackage, PHONE_PERMISSIONS, true, userId);
1028 grantRuntimePermissions(dataServicePackage, LOCATION_PERMISSIONS, true, userId);
1029 }
1030 }
1031 }
1032
1033 public void revokeDefaultPermissionsFromDisabledTelephonyDataServices(
1034 String[] packageNames, int userId) {
1035 Log.i(TAG, "Revoking permissions from disabled data services for user:" + userId);
1036 if (packageNames == null) {
1037 return;
1038 }
1039 for (String packageName : packageNames) {
1040 PackageParser.Package dataServicePackage = getSystemPackage(packageName);
1041 if (dataServicePackage != null
1042 && doesPackageSupportRuntimePermissions(dataServicePackage)) {
1043 revokeRuntimePermissions(dataServicePackage, PHONE_PERMISSIONS, true, userId);
1044 revokeRuntimePermissions(dataServicePackage, LOCATION_PERMISSIONS, true, userId);
1045 }
1046 }
1047 }
1048
Holly Jiuyu Sun349e2142018-03-26 15:29:42 -0700[diff] [blame]1049 public void grantDefaultPermissionsToActiveLuiApp(String packageName, int userId) {
1050 Log.i(TAG, "Granting permissions to active LUI app for user:" + userId);
1051 if (packageName == null) {
1052 return;
1053 }
1054 PackageParser.Package luiAppPackage = getSystemPackage(packageName);
1055 if (luiAppPackage != null
1056 && doesPackageSupportRuntimePermissions(luiAppPackage)) {
1057 grantRuntimePermissions(luiAppPackage, CAMERA_PERMISSIONS, true, userId);
1058 }
1059 }
1060
1061 public void revokeDefaultPermissionsFromLuiApps(String[] packageNames, int userId) {
1062 Log.i(TAG, "Revoke permissions from LUI apps for user:" + userId);
1063 if (packageNames == null) {
1064 return;
1065 }
1066 for (String packageName : packageNames) {
1067 PackageParser.Package luiAppPackage = getSystemPackage(packageName);
1068 if (luiAppPackage != null
1069 && doesPackageSupportRuntimePermissions(luiAppPackage)) {
1070 revokeRuntimePermissions(luiAppPackage, CAMERA_PERMISSIONS, true, userId);
1071 }
1072 }
1073 }
1074
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1075 public void grantDefaultPermissionsToDefaultBrowser(String packageName, int userId) {
1076 Log.i(TAG, "Granting permissions to default browser for user:" + userId);
1077 if (packageName == null) {
1078 return;
1079 }
1080 PackageParser.Package browserPackage = getSystemPackage(packageName);
1081 if (browserPackage != null
1082 && doesPackageSupportRuntimePermissions(browserPackage)) {
1083 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, false, false, userId);
1084 }
1085 }
1086
1087 private PackageParser.Package getDefaultSystemHandlerActivityPackage(
1088 Intent intent, int userId) {
1089 ResolveInfo handler = mServiceInternal.resolveIntent(intent,
Patrick Baumann78380272018-04-04 10:41:01 -0700[diff] [blame]1090 intent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS, userId, false,
1091 Binder.getCallingUid());
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1092 if (handler == null || handler.activityInfo == null) {
1093 return null;
1094 }
1095 if (mServiceInternal.isResolveActivityComponent(handler.activityInfo)) {
1096 return null;
1097 }
1098 return getSystemPackage(handler.activityInfo.packageName);
1099 }
1100
1101 private PackageParser.Package getDefaultSystemHandlerServicePackage(
1102 Intent intent, int userId) {
1103 List<ResolveInfo> handlers = mServiceInternal.queryIntentServices(
1104 intent, DEFAULT_FLAGS, Binder.getCallingUid(), userId);
1105 if (handlers == null) {
1106 return null;
1107 }
1108 final int handlerCount = handlers.size();
1109 for (int i = 0; i < handlerCount; i++) {
1110 ResolveInfo handler = handlers.get(i);
1111 PackageParser.Package handlerPackage = getSystemPackage(
1112 handler.serviceInfo.packageName);
1113 if (handlerPackage != null) {
1114 return handlerPackage;
1115 }
1116 }
1117 return null;
1118 }
1119
1120 private List<PackageParser.Package> getHeadlessSyncAdapterPackages(
1121 String[] syncAdapterPackageNames, int userId) {
1122 List<PackageParser.Package> syncAdapterPackages = new ArrayList<>();
1123
1124 Intent homeIntent = new Intent(Intent.ACTION_MAIN);
1125 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER);
1126
1127 for (String syncAdapterPackageName : syncAdapterPackageNames) {
1128 homeIntent.setPackage(syncAdapterPackageName);
1129
1130 ResolveInfo homeActivity = mServiceInternal.resolveIntent(homeIntent,
1131 homeIntent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS,
Patrick Baumann78380272018-04-04 10:41:01 -0700[diff] [blame]1132 userId, false, Binder.getCallingUid());
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1133 if (homeActivity != null) {
1134 continue;
1135 }
1136
1137 PackageParser.Package syncAdapterPackage = getSystemPackage(syncAdapterPackageName);
1138 if (syncAdapterPackage != null) {
1139 syncAdapterPackages.add(syncAdapterPackage);
1140 }
1141 }
1142
1143 return syncAdapterPackages;
1144 }
1145
1146 private PackageParser.Package getDefaultProviderAuthorityPackage(
1147 String authority, int userId) {
1148 ProviderInfo provider =
1149 mServiceInternal.resolveContentProvider(authority, DEFAULT_FLAGS, userId);
1150 if (provider != null) {
1151 return getSystemPackage(provider.packageName);
1152 }
1153 return null;
1154 }
1155
1156 private PackageParser.Package getPackage(String packageName) {
1157 return mServiceInternal.getPackage(packageName);
1158 }
1159
1160 private PackageParser.Package getSystemPackage(String packageName) {
1161 PackageParser.Package pkg = getPackage(packageName);
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1162 if (pkg != null && pkg.isSystem()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1163 return !isSysComponentOrPersistentPlatformSignedPrivApp(pkg) ? pkg : null;
1164 }
1165 return null;
1166 }
1167
1168 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
1169 int userId) {
1170 grantRuntimePermissions(pkg, permissions, false, false, userId);
1171 }
1172
1173 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
1174 boolean systemFixed, int userId) {
1175 grantRuntimePermissions(pkg, permissions, systemFixed, false, userId);
1176 }
1177
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1178 private void revokeRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
1179 boolean systemFixed, int userId) {
1180 if (pkg.requestedPermissions.isEmpty()) {
1181 return;
1182 }
1183 Set<String> revokablePermissions = new ArraySet<>(pkg.requestedPermissions);
1184
1185 for (String permission : permissions) {
1186 // We can't revoke what wasn't requested.
1187 if (!revokablePermissions.contains(permission)) {
1188 continue;
1189 }
1190
1191 final int flags = mServiceInternal.getPermissionFlagsTEMP(
1192 permission, pkg.packageName, userId);
1193
1194 // We didn't get this through the default grant policy. Move along.
1195 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) == 0) {
1196 continue;
1197 }
1198 // We aren't going to clobber device policy with a DefaultGrant.
1199 if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) {
1200 continue;
1201 }
1202 // Do not revoke system fixed permissions unless caller set them that way;
1203 // there is no refcount for the number of sources of this, so there
1204 // should be at most one grantor doing SYSTEM_FIXED for any given package.
1205 if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 && !systemFixed) {
1206 continue;
1207 }
1208 mServiceInternal.revokeRuntimePermission(pkg.packageName, permission, userId, false);
1209
1210 if (DEBUG) {
1211 Log.i(TAG, "revoked " + (systemFixed ? "fixed " : "not fixed ")
1212 + permission + " to " + pkg.packageName);
1213 }
1214
1215 // Remove the GRANTED_BY_DEFAULT flag without touching the others.
1216 // Note that we do not revoke FLAG_PERMISSION_SYSTEM_FIXED. That bit remains
1217 // sticky once set.
1218 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName,
1219 PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT, 0, userId);
1220 }
1221 }
1222
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1223 private void grantRuntimePermissions(PackageParser.Package pkg,
1224 Set<String> permissionsWithoutSplits, boolean systemFixed, boolean ignoreSystemPackage,
1225 int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1226 if (pkg.requestedPermissions.isEmpty()) {
1227 return;
1228 }
1229
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1230 final ArraySet<String> permissions = new ArraySet<>(permissionsWithoutSplits);
1231
1232 // Automatically attempt to grant split permissions to older APKs
1233 final int numSplitPerms = PackageParser.SPLIT_PERMISSIONS.length;
1234 for (int splitPermNum = 0; splitPermNum < numSplitPerms; splitPermNum++) {
1235 final PackageParser.SplitPermissionInfo splitPerm =
1236 PackageParser.SPLIT_PERMISSIONS[splitPermNum];
1237
1238 if (pkg.applicationInfo.targetSdkVersion < splitPerm.targetSdk
1239 && permissionsWithoutSplits.contains(splitPerm.rootPerm)) {
1240 Collections.addAll(permissions, splitPerm.newPerms);
1241 }
1242 }
1243
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1244 List<String> requestedPermissions = pkg.requestedPermissions;
1245 Set<String> grantablePermissions = null;
1246
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1247 // In some cases, like for the Phone or SMS app, we grant permissions regardless
1248 // of if the version on the system image declares the permission as used since
1249 // selecting the app as the default for that function the user makes a deliberate
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1250 // choice to grant this app the permissions needed to function. For all other
1251 // apps, (default grants on first boot and user creation) we don't grant default
1252 // permissions if the version on the system image does not declare them.
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1253 if (!ignoreSystemPackage && pkg.isUpdatedSystemApp()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1254 final PackageParser.Package disabledPkg =
1255 mServiceInternal.getDisabledPackage(pkg.packageName);
1256 if (disabledPkg != null) {
1257 if (disabledPkg.requestedPermissions.isEmpty()) {
1258 return;
1259 }
1260 if (!requestedPermissions.equals(disabledPkg.requestedPermissions)) {
1261 grantablePermissions = new ArraySet<>(requestedPermissions);
1262 requestedPermissions = disabledPkg.requestedPermissions;
1263 }
1264 }
1265 }
1266
1267 final int grantablePermissionCount = requestedPermissions.size();
1268 for (int i = 0; i < grantablePermissionCount; i++) {
1269 String permission = requestedPermissions.get(i);
1270
1271 // If there is a disabled system app it may request a permission the updated
1272 // version ot the data partition doesn't, In this case skip the permission.
1273 if (grantablePermissions != null && !grantablePermissions.contains(permission)) {
1274 continue;
1275 }
1276
1277 if (permissions.contains(permission)) {
1278 final int flags = mServiceInternal.getPermissionFlagsTEMP(
1279 permission, pkg.packageName, userId);
1280
1281 // If any flags are set to the permission, then it is either set in
1282 // its current state by the system or device/profile owner or the user.
1283 // In all these cases we do not want to clobber the current state.
1284 // Unless the caller wants to override user choices. The override is
1285 // to make sure we can grant the needed permission to the default
1286 // sms and phone apps after the user chooses this in the UI.
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1287 if (flags == 0 || ignoreSystemPackage) {
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1288 // Never clobber policy fixed permissions.
1289 // We must allow the grant of a system-fixed permission because
1290 // system-fixed is sticky, but the permission itself may be revoked.
1291 if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1292 continue;
1293 }
1294
1295 mServiceInternal.grantRuntimePermission(
1296 pkg.packageName, permission, userId, false);
1297 if (DEBUG) {
1298 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ")
1299 + permission + " to default handler " + pkg.packageName);
1300 }
1301
1302 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT;
1303 if (systemFixed) {
1304 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
1305 }
1306
1307 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName,
1308 newFlags, newFlags, userId);
1309 }
1310
1311 // If a component gets a permission for being the default handler A
1312 // and also default handler B, we grant the weaker grant form.
1313 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
1314 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0
1315 && !systemFixed) {
1316 if (DEBUG) {
1317 Log.i(TAG, "Granted not fixed " + permission + " to default handler "
1318 + pkg.packageName);
1319 }
1320 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName,
1321 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, userId);
1322 }
1323 }
1324 }
1325 }
1326
1327 private boolean isSysComponentOrPersistentPlatformSignedPrivApp(PackageParser.Package pkg) {
1328 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) {
1329 return true;
1330 }
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1331 if (!pkg.isPrivileged()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1332 return false;
1333 }
1334 final PackageParser.Package disabledPkg =
1335 mServiceInternal.getDisabledPackage(pkg.packageName);
1336 if (disabledPkg != null) {
1337 if ((disabledPkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
1338 return false;
1339 }
1340 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
1341 return false;
1342 }
1343 final String systemPackageName = mServiceInternal.getKnownPackageName(
1344 PackageManagerInternal.PACKAGE_SYSTEM, UserHandle.USER_SYSTEM);
1345 final PackageParser.Package systemPackage = getPackage(systemPackageName);
Dan Cashman1dbe6d02018-01-23 11:18:28 -0800[diff] [blame]1346 return pkg.mSigningDetails.hasAncestorOrSelf(systemPackage.mSigningDetails)
1347 || systemPackage.mSigningDetails.checkCapability(pkg.mSigningDetails,
1348 PackageParser.SigningDetails.CertCapabilities.PERMISSION);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1349 }
1350
1351 private void grantDefaultPermissionExceptions(int userId) {
1352 mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
1353
1354 synchronized (mLock) {
1355 // mGrantExceptions is null only before the first read and then
1356 // it serves as a cache of the default grants that should be
1357 // performed for every user. If there is an entry then the app
1358 // is on the system image and supports runtime permissions.
1359 if (mGrantExceptions == null) {
1360 mGrantExceptions = readDefaultPermissionExceptionsLocked();
1361 }
1362 }
1363
1364 Set<String> permissions = null;
1365 final int exceptionCount = mGrantExceptions.size();
1366 for (int i = 0; i < exceptionCount; i++) {
1367 String packageName = mGrantExceptions.keyAt(i);
1368 PackageParser.Package pkg = getSystemPackage(packageName);
1369 List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i);
1370 final int permissionGrantCount = permissionGrants.size();
1371 for (int j = 0; j < permissionGrantCount; j++) {
1372 DefaultPermissionGrant permissionGrant = permissionGrants.get(j);
1373 if (permissions == null) {
1374 permissions = new ArraySet<>();
1375 } else {
1376 permissions.clear();
1377 }
1378 permissions.add(permissionGrant.name);
1379 grantRuntimePermissions(pkg, permissions,
1380 permissionGrant.fixed, userId);
1381 }
1382 }
1383 }
1384
1385 private File[] getDefaultPermissionFiles() {
1386 ArrayList<File> ret = new ArrayList<File>();
1387 File dir = new File(Environment.getRootDirectory(), "etc/default-permissions");
1388 if (dir.isDirectory() && dir.canRead()) {
1389 Collections.addAll(ret, dir.listFiles());
1390 }
1391 dir = new File(Environment.getVendorDirectory(), "etc/default-permissions");
1392 if (dir.isDirectory() && dir.canRead()) {
1393 Collections.addAll(ret, dir.listFiles());
1394 }
Jiyong Park0989e382018-03-13 10:26:47 +0900[diff] [blame]1395 dir = new File(Environment.getOdmDirectory(), "etc/default-permissions");
1396 if (dir.isDirectory() && dir.canRead()) {
1397 Collections.addAll(ret, dir.listFiles());
1398 }
Jaekyun Seok1713d9e2018-01-12 21:47:26 +0900[diff] [blame]1399 dir = new File(Environment.getProductDirectory(), "etc/default-permissions");
1400 if (dir.isDirectory() && dir.canRead()) {
1401 Collections.addAll(ret, dir.listFiles());
1402 }
Dario Freni1ae46d72018-08-17 15:56:43 +0100[diff] [blame]1403 dir = new File(Environment.getProductServicesDirectory(),
1404 "etc/default-permissions");
1405 if (dir.isDirectory() && dir.canRead()) {
1406 Collections.addAll(ret, dir.listFiles());
1407 }
Ralph Nathanbd111582018-03-21 14:53:23 -0700[diff] [blame]1408 // For IoT devices, we check the oem partition for default permissions for each app.
1409 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) {
1410 dir = new File(Environment.getOemDirectory(), "etc/default-permissions");
1411 if (dir.isDirectory() && dir.canRead()) {
1412 Collections.addAll(ret, dir.listFiles());
1413 }
1414 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1415 return ret.isEmpty() ? null : ret.toArray(new File[0]);
1416 }
1417
1418 private @NonNull ArrayMap<String, List<DefaultPermissionGrant>>
1419 readDefaultPermissionExceptionsLocked() {
1420 File[] files = getDefaultPermissionFiles();
1421 if (files == null) {
1422 return new ArrayMap<>(0);
1423 }
1424
1425 ArrayMap<String, List<DefaultPermissionGrant>> grantExceptions = new ArrayMap<>();
1426
1427 // Iterate over the files in the directory and scan .xml files
1428 for (File file : files) {
1429 if (!file.getPath().endsWith(".xml")) {
1430 Slog.i(TAG, "Non-xml file " + file
1431 + " in " + file.getParent() + " directory, ignoring");
1432 continue;
1433 }
1434 if (!file.canRead()) {
1435 Slog.w(TAG, "Default permissions file " + file + " cannot be read");
1436 continue;
1437 }
1438 try (
1439 InputStream str = new BufferedInputStream(new FileInputStream(file))
1440 ) {
1441 XmlPullParser parser = Xml.newPullParser();
1442 parser.setInput(str, null);
1443 parse(parser, grantExceptions);
1444 } catch (XmlPullParserException | IOException e) {
1445 Slog.w(TAG, "Error reading default permissions file " + file, e);
1446 }
1447 }
1448
1449 return grantExceptions;
1450 }
1451
1452 private void parse(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1453 outGrantExceptions) throws IOException, XmlPullParserException {
1454 final int outerDepth = parser.getDepth();
1455 int type;
1456 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1457 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1458 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1459 continue;
1460 }
1461 if (TAG_EXCEPTIONS.equals(parser.getName())) {
1462 parseExceptions(parser, outGrantExceptions);
1463 } else {
1464 Log.e(TAG, "Unknown tag " + parser.getName());
1465 }
1466 }
1467 }
1468
1469 private void parseExceptions(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1470 outGrantExceptions) throws IOException, XmlPullParserException {
1471 final int outerDepth = parser.getDepth();
1472 int type;
1473 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1474 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1475 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1476 continue;
1477 }
1478 if (TAG_EXCEPTION.equals(parser.getName())) {
1479 String packageName = parser.getAttributeValue(null, ATTR_PACKAGE);
1480
1481 List<DefaultPermissionGrant> packageExceptions =
1482 outGrantExceptions.get(packageName);
1483 if (packageExceptions == null) {
1484 // The package must be on the system image
1485 PackageParser.Package pkg = getSystemPackage(packageName);
1486 if (pkg == null) {
1487 Log.w(TAG, "Unknown package:" + packageName);
1488 XmlUtils.skipCurrentTag(parser);
1489 continue;
1490 }
1491
1492 // The package must support runtime permissions
1493 if (!doesPackageSupportRuntimePermissions(pkg)) {
1494 Log.w(TAG, "Skipping non supporting runtime permissions package:"
1495 + packageName);
1496 XmlUtils.skipCurrentTag(parser);
1497 continue;
1498 }
1499 packageExceptions = new ArrayList<>();
1500 outGrantExceptions.put(packageName, packageExceptions);
1501 }
1502
1503 parsePermission(parser, packageExceptions);
1504 } else {
1505 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exceptions>");
1506 }
1507 }
1508 }
1509
1510 private void parsePermission(XmlPullParser parser, List<DefaultPermissionGrant>
1511 outPackageExceptions) throws IOException, XmlPullParserException {
1512 final int outerDepth = parser.getDepth();
1513 int type;
1514 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1515 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1516 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1517 continue;
1518 }
1519
1520 if (TAG_PERMISSION.contains(parser.getName())) {
1521 String name = parser.getAttributeValue(null, ATTR_NAME);
1522 if (name == null) {
1523 Log.w(TAG, "Mandatory name attribute missing for permission tag");
1524 XmlUtils.skipCurrentTag(parser);
1525 continue;
1526 }
1527
1528 final boolean fixed = XmlUtils.readBooleanAttribute(parser, ATTR_FIXED);
1529
1530 DefaultPermissionGrant exception = new DefaultPermissionGrant(name, fixed);
1531 outPackageExceptions.add(exception);
1532 } else {
1533 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exception>");
1534 }
1535 }
1536 }
1537
1538 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) {
1539 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1;
1540 }
1541
1542 private static final class DefaultPermissionGrant {
1543 final String name;
1544 final boolean fixed;
1545
1546 public DefaultPermissionGrant(String name, boolean fixed) {
1547 this.name = name;
1548 this.fixed = fixed;
1549 }
1550 }
1551}