Blame - services/core/java/com/android/server/pm/DefaultPermissionGrantPolicy.java - platform/frameworks/base

Svet Ganov

adc1cf4

2015-06-15 16:36:24 -0700

[diff] [blame]

/*

*

* Licensed under the Apache License, Version 2.0 (the "License");

5

* you may not use this file except in compliance with the License.

6

* You may obtain a copy of the License at

7

*

8

* http://www.apache.org/licenses/LICENSE-2.0

9

*

10

* Unless required by applicable law or agreed to in writing, software

11

* distributed under the License is distributed on an "AS IS" BASIS,

12

* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

13

* See the License for the specific language governing permissions and

14

* limitations under the License.

15

*/

16

17

package com.android.server.pm;

18

19

import android.Manifest;

20

import android.content.Intent;

21

import android.content.pm.ApplicationInfo;

22

import android.content.pm.PackageManager;

23

import android.content.pm.PackageManagerInternal.PackagesProvider;

24

import android.content.pm.PackageParser;

25

import android.content.pm.ResolveInfo;

26

import android.net.Uri;

27

import android.os.Build;

28

import android.os.UserHandle;

29

import android.provider.MediaStore;

30

import android.util.ArraySet;

31

import android.util.Log;

32

33

import java.io.File;

34

import java.util.ArrayList;

35

import java.util.List;

36

import java.util.Set;

37

38

import static android.os.Process.FIRST_APPLICATION_UID;

39

40

/**

41

* This class is the policy for granting runtime permissions to

42

* platform components and default handlers in the system such

43

* that the device is usable out-of-the-box. For example, the

44

* shell UID is a part of the system and the Phone app should

45

* have phone related permission by default.

46

*/

47

final class DefaultPermissionGrantPolicy {

Jeff Davidson

2a88031

2015-06-22 16:54:34 -0700

[diff] [blame]

48

private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars

Svet Ganov

adc1cf4

2015-06-15 16:36:24 -0700

[diff] [blame]

49

private static final boolean DEBUG = false;

50

51

private static final String PACKAGE_MIME_TYPE = "application/vnd.android.package-archive";

52

53

private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>();

54

static {

55

PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE);

56

PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE);

57

PHONE_PERMISSIONS.add( Manifest.permission.READ_CALL_LOG);

58

PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG);

59

PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL);

60

PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP);

61

PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS);

62

}

63

64

private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>();

65

static {

66

CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS);

67

CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS);

68

}

69

70

private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>();

71

static {

72

LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION);

73

LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);

74

}

75

76

private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>();

77

static {

78

CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR);

79

CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR);

80

}

81

82

private static final Set<String> SMS_PERMISSIONS = new ArraySet<>();

83

static {

84

SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS);

85

SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS);

86

SMS_PERMISSIONS.add(Manifest.permission.READ_SMS);

87

SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH);

88

SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS);

89

SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS);

90

}

91

92

private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>();

93

static {

94

MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO);

95

}

96

97

private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>();

98

static {

99

CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA);

100

}

101

102

private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>();

103

static {

104

SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS);

105

}

106

107

private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>();

108

static {

Svet Ganov

975fa47

2015-06-22 20:45:31 -0700

[diff] [blame]

109

STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE);

Svet Ganov

adc1cf4

2015-06-15 16:36:24 -0700

[diff] [blame]

110

STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE);

111

}

112

113

private static final Set<String> SETTINGS_PERMISSIONS = new ArraySet<>();

114

static {

115

SETTINGS_PERMISSIONS.add(Manifest.permission.WRITE_SETTINGS);

116

}

117

118

private static final Set<String> INSTALLER_PERMISSIONS = new ArraySet<>();

119

static {

120

INSTALLER_PERMISSIONS.add(Manifest.permission.GRANT_REVOKE_PERMISSIONS);

121

INSTALLER_PERMISSIONS.add(Manifest.permission.INTERACT_ACROSS_USERS_FULL);

122

INSTALLER_PERMISSIONS.add(Manifest.permission.CLEAR_APP_USER_DATA);

123

INSTALLER_PERMISSIONS.add(Manifest.permission.KILL_UID);

124

}

125

126

private static final Set<String> VERIFIER_PERMISSIONS = new ArraySet<>();

127

static {

128

INSTALLER_PERMISSIONS.add(Manifest.permission.GRANT_REVOKE_PERMISSIONS);

129

}

130

131

private final PackageManagerService mService;

132

133

private PackagesProvider mImePackagesProvider;

134

private PackagesProvider mLocationPackagesProvider;

135

private PackagesProvider mVoiceInteractionPackagesProvider;

Jeff Davidson

2a88031

2015-06-22 16:54:34 -0700

[diff] [blame]

136

private PackagesProvider mCarrierAppPackagesProvider;

Svet Ganov

adc1cf4

2015-06-15 16:36:24 -0700

[diff] [blame]

137

138

public DefaultPermissionGrantPolicy(PackageManagerService service) {

mService = service;

}

public void setImePackagesProviderLPr(PackagesProvider provider) {

143

mImePackagesProvider = provider;

144

}

145

146

public void setLocationPackagesProviderLPw(PackagesProvider provider) {

147

mLocationPackagesProvider = provider;

148

}

149

150

public void setVoiceInteractionPackagesProviderLPw(PackagesProvider provider) {

151

mVoiceInteractionPackagesProvider = provider;

152

}

153

Jeff Davidson

2a88031

2015-06-22 16:54:34 -0700

[diff] [blame]

154

public void setCarrierAppPackagesProviderLPw(PackagesProvider provider) {

155

mCarrierAppPackagesProvider = provider;

156

}

157

Svet Ganov

adc1cf4

2015-06-15 16:36:24 -0700

[diff] [blame]

158

public void grantDefaultPermissions(int userId) {

159

grantPermissionsToSysComponentsAndPrivApps(userId);

160

grantDefaultSystemHandlerPermissions(userId);

161

}

162

163

private void grantPermissionsToSysComponentsAndPrivApps(int userId) {

164

Log.i(TAG, "Granting permissions to platform components");

165

166

synchronized (mService.mPackages) {

167

for (PackageParser.Package pkg : mService.mPackages.values()) {

168

if (!isSysComponentOrPersistentPrivApp(pkg)

169

|| !doesPackageSupportRuntimePermissions(pkg)) {

170

continue;

171

}

172

final int permissionCount = pkg.requestedPermissions.size();

173

for (int i = 0; i < permissionCount; i++) {

174

String permission = pkg.requestedPermissions.get(i);

175

BasePermission bp = mService.mSettings.mPermissions.get(permission);

176

if (bp != null && bp.isRuntime()) {

177

final int flags = mService.getPermissionFlags(permission,

178

pkg.packageName, userId);

179

if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) == 0) {

180

mService.grantRuntimePermission(pkg.packageName, permission, userId);

181

mService.updatePermissionFlags(permission, pkg.packageName,

182

PackageManager.MASK_PERMISSION_FLAGS,

183

PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, userId);

184

if (DEBUG) {

185

Log.i(TAG, "Granted " + permission + " to system component "

+ pkg.packageName);

}

}

}

}

}

}

}

private void grantDefaultSystemHandlerPermissions(int userId) {

196

Log.i(TAG, "Granting permissions to default platform handlers");

197

198

final PackagesProvider imePackagesProvider;

199

final PackagesProvider locationPackagesProvider;

200

final PackagesProvider voiceInteractionPackagesProvider;

Jeff Davidson

2a88031

2015-06-22 16:54:34 -0700

[diff] [blame]

201

final PackagesProvider carrierAppPackagesProvider;

Svet Ganov

adc1cf4

2015-06-15 16:36:24 -0700

[diff] [blame]

202

203

synchronized (mService.mPackages) {

204

imePackagesProvider = mImePackagesProvider;

205

locationPackagesProvider = mLocationPackagesProvider;

206

voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider;

Jeff Davidson

2a88031

2015-06-22 16:54:34 -0700

[diff] [blame]

207

carrierAppPackagesProvider = mCarrierAppPackagesProvider;

Svet Ganov

adc1cf4

2015-06-15 16:36:24 -0700

[diff] [blame]

208

}

209

210

String[] imePackageNames = (imePackagesProvider != null)

211

? imePackagesProvider.getPackages(userId) : null;

212

String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null)

213

? voiceInteractionPackagesProvider.getPackages(userId) : null;

214

String[] locationPackageNames = (locationPackagesProvider != null)

215

? locationPackagesProvider.getPackages(userId) : null;

Jeff Davidson

2a88031

2015-06-22 16:54:34 -0700

[diff] [blame]

216

String[] carrierAppPackageNames = (carrierAppPackagesProvider != null)

217

? carrierAppPackagesProvider.getPackages(userId) : null;

Svet Ganov

adc1cf4

2015-06-15 16:36:24 -0700

[diff] [blame]

218

219

synchronized (mService.mPackages) {

220

// Installers

221

Intent installerIntent = new Intent(Intent.ACTION_INSTALL_PACKAGE);

222

installerIntent.addCategory(Intent.CATEGORY_DEFAULT);

223

installerIntent.setDataAndType(Uri.fromFile(new File("foo.apk")),

224

PACKAGE_MIME_TYPE);

225

List<PackageParser.Package> installerPackages =

226

getPrivilegedHandlerActivityPackagesLPr(installerIntent, userId);

227

final int installerCount = installerPackages.size();

228

for (int i = 0; i < installerCount; i++) {

229

PackageParser.Package installPackage = installerPackages.get(i);

230

grantInstallPermissionsLPw(installPackage, INSTALLER_PERMISSIONS, userId);

}

// Verifiers

Intent verifierIntent = new Intent(Intent.ACTION_PACKAGE_NEEDS_VERIFICATION);

235

verifierIntent.setType(PACKAGE_MIME_TYPE);

236

List<PackageParser.Package> verifierPackages =

237

getPrivilegedHandlerReceiverPackagesLPr(verifierIntent, userId);

238

final int verifierCount = verifierPackages.size();

239

for (int i = 0; i < verifierCount; i++) {

240

PackageParser.Package verifierPackage = verifierPackages.get(i);

241

grantInstallPermissionsLPw(verifierPackage, VERIFIER_PERMISSIONS, userId);

}

// SetupWizard

Intent setupIntent = new Intent(Intent.ACTION_MAIN);

246

setupIntent.addCategory(Intent.CATEGORY_HOME);

247

PackageParser.Package setupPackage = getDefaultSystemHandlerActvityPackageLPr(

248

setupIntent, userId);

249

if (setupPackage != null

250

&& doesPackageSupportRuntimePermissions(setupPackage)) {

251

grantRuntimePermissionsLPw(setupPackage, PHONE_PERMISSIONS, userId);

252

grantRuntimePermissionsLPw(setupPackage, CONTACTS_PERMISSIONS, userId);

253

grantRuntimePermissionsLPw(setupPackage, SETTINGS_PERMISSIONS, userId);

}

// Phone

Intent dialerIntent = new Intent(Intent.ACTION_DIAL);

258

PackageParser.Package dialerPackage = getDefaultSystemHandlerActvityPackageLPr(

259

dialerIntent, userId);

260

if (dialerPackage != null

261

&& doesPackageSupportRuntimePermissions(dialerPackage)) {

262

grantRuntimePermissionsLPw(dialerPackage, PHONE_PERMISSIONS, userId);

263

grantRuntimePermissionsLPw(dialerPackage, CONTACTS_PERMISSIONS, userId);

264

grantRuntimePermissionsLPw(dialerPackage, SMS_PERMISSIONS, userId);

265

grantRuntimePermissionsLPw(dialerPackage, MICROPHONE_PERMISSIONS, userId);

}

// Camera

Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE);

270

PackageParser.Package cameraPackage = getDefaultSystemHandlerActvityPackageLPr(

271

cameraIntent, userId);

272

if (cameraPackage != null

273

&& doesPackageSupportRuntimePermissions(cameraPackage)) {

274

grantRuntimePermissionsLPw(cameraPackage, CAMERA_PERMISSIONS, userId);

275

grantRuntimePermissionsLPw(cameraPackage, MICROPHONE_PERMISSIONS, userId);

}

// Messaging

Intent messagingIntent = new Intent(Intent.ACTION_MAIN);

280

messagingIntent.addCategory(Intent.CATEGORY_APP_MESSAGING);

281

PackageParser.Package messagingPackage = getDefaultSystemHandlerActvityPackageLPr(

282

messagingIntent, userId);

283

if (messagingPackage != null

284

&& doesPackageSupportRuntimePermissions(messagingPackage)) {

285

grantRuntimePermissionsLPw(messagingPackage, PHONE_PERMISSIONS, userId);

286

grantRuntimePermissionsLPw(messagingPackage, CONTACTS_PERMISSIONS, userId);

287

grantRuntimePermissionsLPw(messagingPackage, SMS_PERMISSIONS, userId);

}

// Calendar

Intent calendarIntent = new Intent(Intent.ACTION_MAIN);

292

calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR);

293

PackageParser.Package calendarPackage = getDefaultSystemHandlerActvityPackageLPr(

294

calendarIntent, userId);

295

if (calendarPackage != null

296

&& doesPackageSupportRuntimePermissions(calendarPackage)) {

297

grantRuntimePermissionsLPw(calendarPackage, CALENDAR_PERMISSIONS, userId);

298

grantRuntimePermissionsLPw(calendarPackage, CONTACTS_PERMISSIONS, userId);

}

// Contacts

Intent contactsIntent = new Intent(Intent.ACTION_MAIN);

303

contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS);

304

PackageParser.Package contactsPackage = getDefaultSystemHandlerActvityPackageLPr(

305

contactsIntent, userId);

306

if (contactsPackage != null

307

&& doesPackageSupportRuntimePermissions(contactsPackage)) {

308

grantRuntimePermissionsLPw(contactsPackage, CONTACTS_PERMISSIONS, userId);

309

grantRuntimePermissionsLPw(contactsPackage, PHONE_PERMISSIONS, userId);

}

// Maps

Intent mapsIntent = new Intent(Intent.ACTION_MAIN);

314

mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS);

315

PackageParser.Package mapsPackage = getDefaultSystemHandlerActvityPackageLPr(

316

mapsIntent, userId);

317

if (mapsPackage != null

318

&& doesPackageSupportRuntimePermissions(mapsPackage)) {

319

grantRuntimePermissionsLPw(mapsPackage, LOCATION_PERMISSIONS, userId);

}

// Email

Intent emailIntent = new Intent(Intent.ACTION_MAIN);

324

emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL);

325

PackageParser.Package emailPackage = getDefaultSystemHandlerActvityPackageLPr(

326

emailIntent, userId);

327

if (emailPackage != null

328

&& doesPackageSupportRuntimePermissions(emailPackage)) {

329

grantRuntimePermissionsLPw(emailPackage, CONTACTS_PERMISSIONS, userId);

}

// Browser

Intent browserIntent = new Intent(Intent.ACTION_MAIN);

334

browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER);

335

PackageParser.Package browserPackage = getDefaultSystemHandlerActvityPackageLPr(

336

browserIntent, userId);

337

if (browserPackage != null

338

&& doesPackageSupportRuntimePermissions(browserPackage)) {

339

grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, userId);

}

// IME

if (imePackageNames != null) {

344

for (String imePackageName : imePackageNames) {

345

PackageParser.Package imePackage = getSystemPackageLPr(imePackageName);

346

if (imePackage != null

347

&& doesPackageSupportRuntimePermissions(imePackage)) {

348

grantRuntimePermissionsLPw(imePackage, CONTACTS_PERMISSIONS, userId);

}

}

}

// Voice interaction

if (voiceInteractPackageNames != null) {

355

for (String voiceInteractPackageName : voiceInteractPackageNames) {

356

PackageParser.Package voiceInteractPackage = getSystemPackageLPr(

357

voiceInteractPackageName);

358

if (voiceInteractPackage != null

359

&& doesPackageSupportRuntimePermissions(voiceInteractPackage)) {

360