Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / c701e7e6f89182f2c6d09d1deded96ad4272add8 / . / services / core / java / com / android / server / pm / permission / DefaultPermissionGrantPolicy.java
blob: 3c9dd636e12ba9d32f5bdd59cc0e5ac7e63509b7 [file] [log] [blame]
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.pm.permission;
18
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]19import static android.os.Process.FIRST_APPLICATION_UID;
Todd Kennedy7c4c55d2017-11-02 10:01:39 -0700[diff] [blame]20
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]21import android.Manifest;
22import android.annotation.NonNull;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]23import android.annotation.Nullable;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]24import android.app.ActivityManager;
25import android.app.DownloadManager;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]26import android.app.SearchManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]27import android.app.admin.DevicePolicyManager;
28import android.companion.CompanionDeviceManager;
29import android.content.Context;
30import android.content.Intent;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]31import android.content.pm.ApplicationInfo;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]32import android.content.pm.PackageInfo;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]33import android.content.pm.PackageManager;
34import android.content.pm.PackageManagerInternal;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]35import android.content.pm.PackageManagerInternal.PackagesProvider;
36import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]37import android.content.pm.PackageParser;
38import android.content.pm.ProviderInfo;
39import android.content.pm.ResolveInfo;
40import android.media.RingtoneManager;
41import android.net.Uri;
42import android.os.Binder;
43import android.os.Build;
44import android.os.Environment;
45import android.os.Handler;
46import android.os.Looper;
47import android.os.Message;
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame]48import android.os.SystemProperties;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]49import android.os.UserHandle;
50import android.os.storage.StorageManager;
51import android.print.PrintManager;
52import android.provider.CalendarContract;
53import android.provider.ContactsContract;
54import android.provider.MediaStore;
55import android.provider.Telephony.Sms.Intents;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]56import android.security.Credentials;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]57import android.speech.RecognitionService;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]58import android.telephony.TelephonyManager;
Ye Wen8e8b2d52018-03-14 11:48:24 -0700[diff] [blame]59import android.text.TextUtils;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]60import android.util.ArrayMap;
61import android.util.ArraySet;
62import android.util.Log;
63import android.util.Slog;
64import android.util.Xml;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]65
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]66import com.android.internal.util.ArrayUtils;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]67import com.android.internal.util.XmlUtils;
68import com.android.server.LocalServices;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]69
70import org.xmlpull.v1.XmlPullParser;
71import org.xmlpull.v1.XmlPullParserException;
72
73import java.io.BufferedInputStream;
74import java.io.File;
75import java.io.FileInputStream;
76import java.io.IOException;
77import java.io.InputStream;
78import java.util.ArrayList;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]79import java.util.Arrays;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]80import java.util.Collections;
81import java.util.List;
82import java.util.Map;
83import java.util.Set;
84
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]85/**
86 * This class is the policy for granting runtime permissions to
87 * platform components and default handlers in the system such
88 * that the device is usable out-of-the-box. For example, the
89 * shell UID is a part of the system and the Phone app should
90 * have phone related permission by default.
91 * <p>
92 * NOTE: This class is at the wrong abstraction level. It is a part of the package manager
93 * service but knows about lots of higher level subsystems. The correct way to do this is
94 * to have an interface defined in the package manager but have the impl next to other
95 * policy stuff like PhoneWindowManager
96 */
97public final class DefaultPermissionGrantPolicy {
98 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars
99 private static final boolean DEBUG = false;
100
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]101 @PackageManager.ResolveInfoFlags
102 private static final int DEFAULT_INTENT_QUERY_FLAGS =
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]103 PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE
104 | PackageManager.MATCH_UNINSTALLED_PACKAGES;
105
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]106 @PackageManager.PackageInfoFlags
107 private static final int DEFAULT_PACKAGE_INFO_QUERY_FLAGS =
108 PackageManager.MATCH_UNINSTALLED_PACKAGES | PackageManager.GET_PERMISSIONS;
109
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]110 private static final String AUDIO_MIME_TYPE = "audio/mpeg";
111
112 private static final String TAG_EXCEPTIONS = "exceptions";
113 private static final String TAG_EXCEPTION = "exception";
114 private static final String TAG_PERMISSION = "permission";
115 private static final String ATTR_PACKAGE = "package";
116 private static final String ATTR_NAME = "name";
117 private static final String ATTR_FIXED = "fixed";
118
119 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>();
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]120
121
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]122 static {
123 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE);
124 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE);
125 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG);
126 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG);
127 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL);
128 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP);
129 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS);
130 }
131
132 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>();
133 static {
134 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS);
135 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS);
136 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS);
137 }
138
139 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>();
140 static {
141 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION);
142 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);
143 }
144
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]145 private static final Set<String> COARSE_LOCATION_PERMISSIONS = new ArraySet<>();
146 static {
147 COARSE_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);
148 }
149
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]150 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>();
151 static {
152 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR);
153 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR);
154 }
155
156 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>();
157 static {
158 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS);
159 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS);
160 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS);
161 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH);
162 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS);
163 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS);
164 }
165
166 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>();
167 static {
168 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO);
169 }
170
171 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>();
172 static {
173 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA);
174 }
175
176 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>();
177 static {
178 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS);
179 }
180
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame]181 @Deprecated
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]182 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>();
183 static {
Jeff Sharkeyb1629092018-08-24 10:33:12 -0600[diff] [blame]184 // STOPSHIP(b/112545973): remove once feature enabled by default
185 if (!SystemProperties.getBoolean(StorageManager.PROP_ISOLATED_STORAGE, false)) {
186 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE);
187 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE);
188 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]189 }
190
Jeff Sharkey4aacd8b2018-07-24 15:24:21 -0600[diff] [blame]191 private static final Set<String> MEDIA_AURAL_PERMISSIONS = new ArraySet<>();
192 static {
193 // STOPSHIP(b/112545973): remove once feature enabled by default
194 if (SystemProperties.getBoolean(StorageManager.PROP_ISOLATED_STORAGE, false)) {
195 MEDIA_AURAL_PERMISSIONS.add(Manifest.permission.READ_MEDIA_AUDIO);
196 MEDIA_AURAL_PERMISSIONS.add(Manifest.permission.WRITE_MEDIA_AUDIO);
197 }
198 }
199
200 private static final Set<String> MEDIA_VISUAL_PERMISSIONS = new ArraySet<>();
201 static {
202 // STOPSHIP(b/112545973): remove once feature enabled by default
203 if (SystemProperties.getBoolean(StorageManager.PROP_ISOLATED_STORAGE, false)) {
204 MEDIA_VISUAL_PERMISSIONS.add(Manifest.permission.READ_MEDIA_IMAGES);
205 MEDIA_VISUAL_PERMISSIONS.add(Manifest.permission.WRITE_MEDIA_IMAGES);
206 MEDIA_VISUAL_PERMISSIONS.add(Manifest.permission.READ_MEDIA_VIDEO);
207 MEDIA_VISUAL_PERMISSIONS.add(Manifest.permission.WRITE_MEDIA_VIDEO);
208 }
209 }
210
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]211 private static final int MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS = 1;
212
213 private static final String ACTION_TRACK = "com.android.fitness.TRACK";
214
215 private final Handler mHandler;
216
217 private PackagesProvider mLocationPackagesProvider;
218 private PackagesProvider mVoiceInteractionPackagesProvider;
219 private PackagesProvider mSmsAppPackagesProvider;
220 private PackagesProvider mDialerAppPackagesProvider;
221 private PackagesProvider mSimCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]222 private PackagesProvider mUseOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]223 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider;
224
225 private ArrayMap<String, List<DefaultPermissionGrant>> mGrantExceptions;
226 private final Context mContext;
227 private final Object mLock = new Object();
228 private final PackageManagerInternal mServiceInternal;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]229 private final PermissionManagerService mPermissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]230 private final DefaultPermissionGrantedCallback mPermissionGrantedCallback;
231 public interface DefaultPermissionGrantedCallback {
232 /** Callback when permissions have been granted */
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]233 void onDefaultRuntimePermissionsGranted(int userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]234 }
235
236 public DefaultPermissionGrantPolicy(Context context, Looper looper,
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]237 @Nullable DefaultPermissionGrantedCallback callback,
238 @NonNull PermissionManagerService permissionManager) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]239 mContext = context;
240 mHandler = new Handler(looper) {
241 @Override
242 public void handleMessage(Message msg) {
243 if (msg.what == MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS) {
244 synchronized (mLock) {
245 if (mGrantExceptions == null) {
246 mGrantExceptions = readDefaultPermissionExceptionsLocked();
247 }
248 }
249 }
250 }
251 };
252 mPermissionGrantedCallback = callback;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]253 mPermissionManager = permissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]254 mServiceInternal = LocalServices.getService(PackageManagerInternal.class);
255 }
256
257 public void setLocationPackagesProvider(PackagesProvider provider) {
258 synchronized (mLock) {
259 mLocationPackagesProvider = provider;
260 }
261 }
262
263 public void setVoiceInteractionPackagesProvider(PackagesProvider provider) {
264 synchronized (mLock) {
265 mVoiceInteractionPackagesProvider = provider;
266 }
267 }
268
269 public void setSmsAppPackagesProvider(PackagesProvider provider) {
270 synchronized (mLock) {
271 mSmsAppPackagesProvider = provider;
272 }
273 }
274
275 public void setDialerAppPackagesProvider(PackagesProvider provider) {
276 synchronized (mLock) {
277 mDialerAppPackagesProvider = provider;
278 }
279 }
280
281 public void setSimCallManagerPackagesProvider(PackagesProvider provider) {
282 synchronized (mLock) {
283 mSimCallManagerPackagesProvider = provider;
284 }
285 }
286
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]287 public void setUseOpenWifiAppPackagesProvider(PackagesProvider provider) {
288 synchronized (mLock) {
289 mUseOpenWifiAppPackagesProvider = provider;
290 }
291 }
292
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]293 public void setSyncAdapterPackagesProvider(SyncAdapterPackagesProvider provider) {
294 synchronized (mLock) {
295 mSyncAdapterPackagesProvider = provider;
296 }
297 }
298
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]299 public void grantDefaultPermissions(int userId) {
Ralph Nathanbd111582018-03-21 14:53:23 -0700[diff] [blame]300 grantPermissionsToSysComponentsAndPrivApps(userId);
301 grantDefaultSystemHandlerPermissions(userId);
302 grantDefaultPermissionExceptions(userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]303 }
304
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]305 private void grantRuntimePermissionsForSystemPackage(int userId, PackageInfo pkg) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]306 Set<String> permissions = new ArraySet<>();
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]307 for (String permission : pkg.requestedPermissions) {
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]308 final BasePermission bp = mPermissionManager.getPermission(permission);
309 if (bp == null) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]310 continue;
311 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]312 if (bp.isRuntime()) {
313 permissions.add(permission);
314 }
315 }
316 if (!permissions.isEmpty()) {
317 grantRuntimePermissions(pkg, permissions, true, userId);
318 }
319 }
320
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]321 public void scheduleReadDefaultPermissionExceptions() {
322 mHandler.sendEmptyMessage(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
323 }
324
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]325 private void grantPermissionsToSysComponentsAndPrivApps(int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]326 Log.i(TAG, "Granting permissions to platform components for user " + userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]327 List<PackageInfo> packages = mContext.getPackageManager().getInstalledPackagesAsUser(
328 DEFAULT_PACKAGE_INFO_QUERY_FLAGS, UserHandle.USER_SYSTEM);
329 for (PackageInfo pkg : packages) {
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]330 if (pkg == null) {
331 continue;
332 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]333 if (!isSysComponentOrPersistentPlatformSignedPrivApp(pkg)
334 || !doesPackageSupportRuntimePermissions(pkg)
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]335 || ArrayUtils.isEmpty(pkg.requestedPermissions)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]336 continue;
337 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]338 grantRuntimePermissionsForSystemPackage(userId, pkg);
339 }
340 }
341
342 @SafeVarargs
343 private final void grantIgnoringSystemPackage(String packageName, int userId,
344 Set<String>... permissionGroups) {
345 grantPermissionsToSystemPackage(packageName, userId, false, true, permissionGroups);
346 }
347
348 @SafeVarargs
349 private final void grantSystemFixedPermissionsToSystemPackage(String packageName, int userId,
350 Set<String>... permissionGroups) {
351 grantPermissionsToSystemPackage(packageName, userId, true, false, permissionGroups);
352 }
353
354 @SafeVarargs
355 private final void grantPermissionsToSystemPackage(
356 String packageName, int userId, Set<String>... permissionGroups) {
357 grantPermissionsToSystemPackage(packageName, userId, false, false, permissionGroups);
358 }
359
360 @SafeVarargs
361 private final void grantPermissionsToSystemPackage(String packageName, int userId,
362 boolean systemFixed, boolean ignoreSystemPackage, Set<String>... permissionGroups) {
363 if (!ignoreSystemPackage && !isSystemPackage(packageName)) {
364 return;
365 }
366 grantRuntimePermissionsToPackage(getSystemPackageInfo(packageName),
367 userId, systemFixed, ignoreSystemPackage, permissionGroups);
368 }
369
370 @SafeVarargs
371 private final void grantRuntimePermissionsToPackage(String packageName, int userId,
372 boolean systemFixed, boolean ignoreSystemPackage, Set<String>... permissionGroups) {
373 grantRuntimePermissionsToPackage(getPackageInfo(packageName),
374 userId, systemFixed, ignoreSystemPackage, permissionGroups);
375 }
376
377 @SafeVarargs
378 private final void grantRuntimePermissionsToPackage(PackageInfo packageName, int userId,
379 boolean systemFixed, boolean ignoreSystemPackage, Set<String>... permissionGroups) {
380 if (packageName == null) return;
381 if (doesPackageSupportRuntimePermissions(packageName)) {
382 for (Set<String> permissionGroup : permissionGroups) {
383 grantRuntimePermissions(packageName, permissionGroup, systemFixed,
384 ignoreSystemPackage, userId);
385 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]386 }
387 }
388
389 private void grantDefaultSystemHandlerPermissions(int userId) {
390 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId);
391
392 final PackagesProvider locationPackagesProvider;
393 final PackagesProvider voiceInteractionPackagesProvider;
394 final PackagesProvider smsAppPackagesProvider;
395 final PackagesProvider dialerAppPackagesProvider;
396 final PackagesProvider simCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]397 final PackagesProvider useOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]398 final SyncAdapterPackagesProvider syncAdapterPackagesProvider;
399
400 synchronized (mLock) {
401 locationPackagesProvider = mLocationPackagesProvider;
402 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider;
403 smsAppPackagesProvider = mSmsAppPackagesProvider;
404 dialerAppPackagesProvider = mDialerAppPackagesProvider;
405 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]406 useOpenWifiAppPackagesProvider = mUseOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]407 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider;
408 }
409
410 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null)
411 ? voiceInteractionPackagesProvider.getPackages(userId) : null;
412 String[] locationPackageNames = (locationPackagesProvider != null)
413 ? locationPackagesProvider.getPackages(userId) : null;
414 String[] smsAppPackageNames = (smsAppPackagesProvider != null)
415 ? smsAppPackagesProvider.getPackages(userId) : null;
416 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null)
417 ? dialerAppPackagesProvider.getPackages(userId) : null;
418 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null)
419 ? simCallManagerPackagesProvider.getPackages(userId) : null;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]420 String[] useOpenWifiAppPackageNames = (useOpenWifiAppPackagesProvider != null)
421 ? useOpenWifiAppPackagesProvider.getPackages(userId) : null;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]422 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
423 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null;
424 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
425 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null;
426
427 // Installer
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]428 grantSystemFixedPermissionsToSystemPackage(
429 getKnownPackage(PackageManagerInternal.PACKAGE_INSTALLER, userId),
430 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]431
432 // Verifier
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]433 final String verifier = getKnownPackage(PackageManagerInternal.PACKAGE_VERIFIER, userId);
434 grantSystemFixedPermissionsToSystemPackage(verifier, userId, STORAGE_PERMISSIONS);
435 grantPermissionsToSystemPackage(verifier, userId, PHONE_PERMISSIONS, SMS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]436
437 // SetupWizard
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]438 grantPermissionsToSystemPackage(
439 getKnownPackage(PackageManagerInternal.PACKAGE_SETUP_WIZARD, userId), userId,
440 PHONE_PERMISSIONS, CONTACTS_PERMISSIONS, LOCATION_PERMISSIONS, CAMERA_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]441
442 // Camera
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]443 grantPermissionsToSystemPackage(
444 getDefaultSystemHandlerActivityPackage(MediaStore.ACTION_IMAGE_CAPTURE, userId),
445 userId, CAMERA_PERMISSIONS, MICROPHONE_PERMISSIONS, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]446
447 // Media provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]448 grantSystemFixedPermissionsToSystemPackage(
449 getDefaultProviderAuthorityPackage(MediaStore.AUTHORITY, userId), userId,
450 STORAGE_PERMISSIONS, MEDIA_AURAL_PERMISSIONS, MEDIA_VISUAL_PERMISSIONS,
451 PHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]452
453 // Downloads provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]454 grantSystemFixedPermissionsToSystemPackage(
455 getDefaultProviderAuthorityPackage("downloads", userId), userId,
456 STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]457
458 // Downloads UI
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]459 grantSystemFixedPermissionsToSystemPackage(
460 getDefaultSystemHandlerActivityPackage(
461 DownloadManager.ACTION_VIEW_DOWNLOADS, userId),
462 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]463
464 // Storage provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]465 grantSystemFixedPermissionsToSystemPackage(
466 getDefaultProviderAuthorityPackage("com.android.externalstorage.documents", userId),
467 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]468
469 // CertInstaller
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]470 grantSystemFixedPermissionsToSystemPackage(
471 getDefaultSystemHandlerActivityPackage(Credentials.INSTALL_ACTION, userId), userId,
472 STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]473
474 // Dialer
475 if (dialerAppPackageNames == null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]476 String dialerPackage =
477 getDefaultSystemHandlerActivityPackage(Intent.ACTION_DIAL, userId);
478 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]479 } else {
480 for (String dialerAppPackageName : dialerAppPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]481 grantDefaultPermissionsToDefaultSystemDialerApp(dialerAppPackageName, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]482 }
483 }
484
485 // Sim call manager
486 if (simCallManagerPackageNames != null) {
487 for (String simCallManagerPackageName : simCallManagerPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]488 grantDefaultPermissionsToDefaultSystemSimCallManager(
489 simCallManagerPackageName, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]490 }
491 }
492
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]493 // Use Open Wifi
494 if (useOpenWifiAppPackageNames != null) {
495 for (String useOpenWifiPackageName : useOpenWifiAppPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]496 grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(
497 useOpenWifiPackageName, userId);
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]498 }
499 }
500
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]501 // SMS
502 if (smsAppPackageNames == null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]503 String smsPackage = getDefaultSystemHandlerActivityPackageForCategory(
504 Intent.CATEGORY_APP_MESSAGING, userId);
505 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]506 } else {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]507 for (String smsPackage : smsAppPackageNames) {
508 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]509 }
510 }
511
512 // Cell Broadcast Receiver
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]513 grantPermissionsToSystemPackage(
514 getDefaultSystemHandlerActivityPackage(Intents.SMS_CB_RECEIVED_ACTION, userId),
515 userId, SMS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]516
517 // Carrier Provisioning Service
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]518 grantPermissionsToSystemPackage(
519 getDefaultSystemHandlerServicePackage(Intents.SMS_CARRIER_PROVISION_ACTION, userId),
520 userId, SMS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]521
522 // Calendar
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]523 grantPermissionsToSystemPackage(
524 getDefaultSystemHandlerActivityPackageForCategory(
525 Intent.CATEGORY_APP_CALENDAR, userId),
526 userId, CALENDAR_PERMISSIONS, CONTACTS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]527
528 // Calendar provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]529 String calendarProvider =
530 getDefaultProviderAuthorityPackage(CalendarContract.AUTHORITY, userId);
531 grantPermissionsToSystemPackage(calendarProvider, userId,
532 CONTACTS_PERMISSIONS, STORAGE_PERMISSIONS);
533 grantSystemFixedPermissionsToSystemPackage(calendarProvider, userId, CALENDAR_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]534
535 // Calendar provider sync adapters
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]536 grantPermissionToEachSystemPackage(
537 getHeadlessSyncAdapterPackages(calendarSyncAdapterPackages, userId),
538 userId, CALENDAR_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]539
540 // Contacts
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]541 grantPermissionsToSystemPackage(
542 getDefaultSystemHandlerActivityPackageForCategory(
543 Intent.CATEGORY_APP_CONTACTS, userId),
544 userId, CONTACTS_PERMISSIONS, PHONE_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]545
546 // Contacts provider sync adapters
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]547 grantPermissionToEachSystemPackage(
548 getHeadlessSyncAdapterPackages(contactsSyncAdapterPackages, userId),
549 userId, CONTACTS_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]550
551 // Contacts provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]552 String contactsProviderPackage =
553 getDefaultProviderAuthorityPackage(ContactsContract.AUTHORITY, userId);
554 grantSystemFixedPermissionsToSystemPackage(contactsProviderPackage, userId,
555 CONTACTS_PERMISSIONS, PHONE_PERMISSIONS);
556 grantPermissionsToSystemPackage(contactsProviderPackage, userId, STORAGE_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]557
558 // Device provisioning
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]559 grantPermissionsToSystemPackage(
560 getDefaultSystemHandlerActivityPackage(
561 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE, userId),
562 userId, CONTACTS_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]563
564 // Maps
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]565 grantPermissionsToSystemPackage(
566 getDefaultSystemHandlerActivityPackageForCategory(Intent.CATEGORY_APP_MAPS, userId),
567 userId, LOCATION_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]568
569 // Gallery
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]570 grantPermissionsToSystemPackage(
571 getDefaultSystemHandlerActivityPackageForCategory(
572 Intent.CATEGORY_APP_GALLERY, userId),
573 userId, STORAGE_PERMISSIONS, MEDIA_VISUAL_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]574
575 // Email
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]576 grantPermissionsToSystemPackage(
577 getDefaultSystemHandlerActivityPackageForCategory(
578 Intent.CATEGORY_APP_EMAIL, userId),
579 userId, CONTACTS_PERMISSIONS, CALENDAR_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]580
581 // Browser
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]582 String browserPackage = getKnownPackage(PackageManagerInternal.PACKAGE_BROWSER, userId);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]583 if (browserPackage == null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]584 browserPackage = getDefaultSystemHandlerActivityPackageForCategory(
585 Intent.CATEGORY_APP_BROWSER, userId);
586 if (!isSystemPackage(browserPackage)) {
587 browserPackage = null;
588 }
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]589 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]590 grantRuntimePermissionsToPackage(browserPackage, userId,
591 false /* systemFixed */, false /* ignoreSystemPackage */,
592 LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]593
594 // Voice interaction
595 if (voiceInteractPackageNames != null) {
596 for (String voiceInteractPackageName : voiceInteractPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]597 grantPermissionsToSystemPackage(voiceInteractPackageName, userId,
598 CONTACTS_PERMISSIONS, CALENDAR_PERMISSIONS, MICROPHONE_PERMISSIONS,
599 PHONE_PERMISSIONS, SMS_PERMISSIONS, LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]600 }
601 }
602
603 if (ActivityManager.isLowRamDeviceStatic()) {
604 // Allow voice search on low-ram devices
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]605 grantPermissionsToSystemPackage(
606 getDefaultSystemHandlerActivityPackage(
607 SearchManager.INTENT_ACTION_GLOBAL_SEARCH, userId),
608 userId, MICROPHONE_PERMISSIONS, LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]609 }
610
611 // Voice recognition
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]612 Intent voiceRecoIntent = new Intent(RecognitionService.SERVICE_INTERFACE)
613 .addCategory(Intent.CATEGORY_DEFAULT);
614 grantPermissionsToSystemPackage(
615 getDefaultSystemHandlerServicePackage(voiceRecoIntent, userId), userId,
616 MICROPHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]617
618 // Location
619 if (locationPackageNames != null) {
620 for (String packageName : locationPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]621 grantPermissionsToSystemPackage(packageName, userId,
622 CONTACTS_PERMISSIONS, CALENDAR_PERMISSIONS, MICROPHONE_PERMISSIONS,
623 PHONE_PERMISSIONS, SMS_PERMISSIONS, CAMERA_PERMISSIONS,
624 SENSORS_PERMISSIONS, STORAGE_PERMISSIONS);
625 grantSystemFixedPermissionsToSystemPackage(packageName, userId,
626 LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]627 }
628 }
629
630 // Music
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]631 Intent musicIntent = new Intent(Intent.ACTION_VIEW)
632 .addCategory(Intent.CATEGORY_DEFAULT)
633 .setDataAndType(Uri.fromFile(new File("foo.mp3")), AUDIO_MIME_TYPE);
634 grantPermissionsToSystemPackage(
635 getDefaultSystemHandlerActivityPackage(musicIntent, userId), userId,
636 STORAGE_PERMISSIONS, MEDIA_AURAL_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]637
638 // Home
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]639 Intent homeIntent = new Intent(Intent.ACTION_MAIN)
640 .addCategory(Intent.CATEGORY_HOME)
641 .addCategory(Intent.CATEGORY_LAUNCHER_APP);
642 grantPermissionsToSystemPackage(
643 getDefaultSystemHandlerActivityPackage(homeIntent, userId), userId,
644 LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]645
646 // Watches
647 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0)) {
648 // Home application on watches
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]649
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]650 String wearPackage = getDefaultSystemHandlerActivityPackageForCategory(
651 Intent.CATEGORY_HOME_MAIN, userId);
652 grantPermissionsToSystemPackage(wearPackage, userId,
653 CONTACTS_PERMISSIONS, MICROPHONE_PERMISSIONS, LOCATION_PERMISSIONS);
654 grantSystemFixedPermissionsToSystemPackage(wearPackage, userId, PHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]655
656 // Fitness tracking on watches
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]657 grantPermissionsToSystemPackage(
658 getDefaultSystemHandlerActivityPackage(ACTION_TRACK, userId), userId,
659 SENSORS_PERMISSIONS, LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]660 }
661
662 // Print Spooler
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]663 grantSystemFixedPermissionsToSystemPackage(PrintManager.PRINT_SPOOLER_PACKAGE_NAME, userId,
664 LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]665
666 // EmergencyInfo
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]667 grantSystemFixedPermissionsToSystemPackage(
668 getDefaultSystemHandlerActivityPackage(
669 TelephonyManager.ACTION_EMERGENCY_ASSISTANCE, userId),
670 userId, CONTACTS_PERMISSIONS, PHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]671
672 // NFC Tag viewer
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]673 Intent nfcTagIntent = new Intent(Intent.ACTION_VIEW)
674 .setType("vnd.android.cursor.item/ndef_msg");
675 grantPermissionsToSystemPackage(
676 getDefaultSystemHandlerActivityPackage(nfcTagIntent, userId), userId,
677 CONTACTS_PERMISSIONS, PHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]678
679 // Storage Manager
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]680 grantSystemFixedPermissionsToSystemPackage(
681 getDefaultSystemHandlerActivityPackage(
682 StorageManager.ACTION_MANAGE_STORAGE, userId),
683 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]684
685 // Companion devices
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]686 grantSystemFixedPermissionsToSystemPackage(
687 CompanionDeviceManager.COMPANION_DEVICE_DISCOVERY_PACKAGE_NAME, userId,
688 LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]689
690 // Ringtone Picker
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]691 grantSystemFixedPermissionsToSystemPackage(
692 getDefaultSystemHandlerActivityPackage(
693 RingtoneManager.ACTION_RINGTONE_PICKER, userId),
694 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]695
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]696 // TextClassifier Service
Ye Wen8e8b2d52018-03-14 11:48:24 -0700[diff] [blame]697 String textClassifierPackageName =
698 mContext.getPackageManager().getSystemTextClassifierPackageName();
699 if (!TextUtils.isEmpty(textClassifierPackageName)) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]700 grantPermissionsToSystemPackage(textClassifierPackageName, userId,
701 PHONE_PERMISSIONS, SMS_PERMISSIONS, CALENDAR_PERMISSIONS,
702 LOCATION_PERMISSIONS, CONTACTS_PERMISSIONS);
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]703 }
704
Anton Philippov4b3a1f52018-05-04 14:46:44 +0100[diff] [blame]705 // There is no real "marker" interface to identify the shared storage backup, it is
706 // hardcoded in BackupManagerService.SHARED_BACKUP_AGENT_PACKAGE.
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]707 grantSystemFixedPermissionsToSystemPackage("com.android.sharedstoragebackup", userId,
708 STORAGE_PERMISSIONS);
Anton Philippov4b3a1f52018-05-04 14:46:44 +0100[diff] [blame]709
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]710 if (mPermissionGrantedCallback != null) {
711 mPermissionGrantedCallback.onDefaultRuntimePermissionsGranted(userId);
712 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]713 }
714
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]715 private String getDefaultSystemHandlerActivityPackageForCategory(String category, int userId) {
716 return getDefaultSystemHandlerActivityPackage(
717 new Intent(Intent.ACTION_MAIN).addCategory(category), userId);
718 }
719
720 @SafeVarargs
721 private final void grantPermissionToEachSystemPackage(
722 ArrayList<String> packages, int userId, Set<String>... permissions) {
723 if (packages == null) return;
724 final int count = packages.size();
725 for (int i = 0; i < count; i++) {
726 grantPermissionsToSystemPackage(packages.get(i), userId, permissions);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]727 }
Eugene Susla47e88202018-07-02 18:48:55 -0700[diff] [blame]728 }
729
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]730 private String getKnownPackage(int knownPkgId, int userId) {
731 return mServiceInternal.getKnownPackageName(knownPkgId, userId);
732 }
733
734 private void grantDefaultPermissionsToDefaultSystemDialerApp(
735 String dialerPackage, int userId) {
736 if (dialerPackage == null) {
737 return;
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]738 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]739 boolean isPhonePermFixed =
740 mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0);
741 if (isPhonePermFixed) {
742 grantSystemFixedPermissionsToSystemPackage(dialerPackage, userId, PHONE_PERMISSIONS);
743 } else {
744 grantPermissionsToSystemPackage(dialerPackage, userId, PHONE_PERMISSIONS);
745 }
746 grantPermissionsToSystemPackage(dialerPackage, userId,
747 CONTACTS_PERMISSIONS, SMS_PERMISSIONS, MICROPHONE_PERMISSIONS, CAMERA_PERMISSIONS);
748 }
749
750 private void grantDefaultPermissionsToDefaultSystemSmsApp(String smsPackage, int userId) {
751 grantPermissionsToSystemPackage(smsPackage, userId,
752 PHONE_PERMISSIONS, CONTACTS_PERMISSIONS, SMS_PERMISSIONS,
753 STORAGE_PERMISSIONS, MICROPHONE_PERMISSIONS, CAMERA_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]754 }
755
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]756 private void grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]757 String useOpenWifiPackage, int userId) {
758 grantPermissionsToSystemPackage(
759 useOpenWifiPackage, userId, COARSE_LOCATION_PERMISSIONS);
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]760 }
761
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]762 public void grantDefaultPermissionsToDefaultSmsApp(String packageName, int userId) {
763 Log.i(TAG, "Granting permissions to default sms app for user:" + userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]764 grantIgnoringSystemPackage(packageName, userId,
765 PHONE_PERMISSIONS, CONTACTS_PERMISSIONS, SMS_PERMISSIONS, STORAGE_PERMISSIONS,
766 MICROPHONE_PERMISSIONS, CAMERA_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]767 }
768
769 public void grantDefaultPermissionsToDefaultDialerApp(String packageName, int userId) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]770 mServiceInternal.onDefaultDialerAppChanged(packageName, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]771 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]772 grantIgnoringSystemPackage(packageName, userId,
773 PHONE_PERMISSIONS, CONTACTS_PERMISSIONS, SMS_PERMISSIONS,
774 MICROPHONE_PERMISSIONS, CAMERA_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]775 }
776
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]777 public void grantDefaultPermissionsToDefaultUseOpenWifiApp(String packageName, int userId) {
778 Log.i(TAG, "Granting permissions to default Use Open WiFi app for user:" + userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]779 grantIgnoringSystemPackage(packageName, userId, COARSE_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]780 }
781
782 public void grantDefaultPermissionsToDefaultSimCallManager(String packageName, int userId) {
783 if (packageName == null) {
784 return;
785 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]786 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId);
787 grantRuntimePermissionsToPackage(packageName, userId, false, false,
788 PHONE_PERMISSIONS, MICROPHONE_PERMISSIONS);
789 }
790
791 private void grantDefaultPermissionsToDefaultSystemSimCallManager(
792 String packageName, int userId) {
793 if (isSystemPackage(packageName)) {
794 grantDefaultPermissionsToDefaultSimCallManager(packageName, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]795 }
796 }
797
798 public void grantDefaultPermissionsToEnabledCarrierApps(String[] packageNames, int userId) {
799 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId);
800 if (packageNames == null) {
801 return;
802 }
803 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]804 grantPermissionsToSystemPackage(packageName, userId,
805 PHONE_PERMISSIONS, LOCATION_PERMISSIONS, SMS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]806 }
807 }
808
809 public void grantDefaultPermissionsToEnabledImsServices(String[] packageNames, int userId) {
810 Log.i(TAG, "Granting permissions to enabled ImsServices for user:" + userId);
811 if (packageNames == null) {
812 return;
813 }
814 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]815 grantPermissionsToSystemPackage(packageName, userId,
816 PHONE_PERMISSIONS, MICROPHONE_PERMISSIONS, LOCATION_PERMISSIONS,
817 CAMERA_PERMISSIONS, CONTACTS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]818 }
819 }
820
Nathan Harold76ad1a32018-02-20 14:31:09 -0800[diff] [blame]821 public void grantDefaultPermissionsToEnabledTelephonyDataServices(
822 String[] packageNames, int userId) {
823 Log.i(TAG, "Granting permissions to enabled data services for user:" + userId);
824 if (packageNames == null) {
825 return;
826 }
827 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]828 // Grant these permissions as system-fixed, so that nobody can accidentally
829 // break cellular data.
830 grantSystemFixedPermissionsToSystemPackage(packageName, userId,
831 PHONE_PERMISSIONS, LOCATION_PERMISSIONS);
Nathan Harold76ad1a32018-02-20 14:31:09 -0800[diff] [blame]832 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]833
Nathan Harold76ad1a32018-02-20 14:31:09 -0800[diff] [blame]834 }
835
836 public void revokeDefaultPermissionsFromDisabledTelephonyDataServices(
837 String[] packageNames, int userId) {
838 Log.i(TAG, "Revoking permissions from disabled data services for user:" + userId);
839 if (packageNames == null) {
840 return;
841 }
842 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]843 PackageInfo pkg = getSystemPackageInfo(packageName);
844 if (isSystemPackage(pkg) && doesPackageSupportRuntimePermissions(pkg)) {
845 revokeRuntimePermissions(packageName, PHONE_PERMISSIONS, true, userId);
846 revokeRuntimePermissions(packageName, LOCATION_PERMISSIONS, true, userId);
Nathan Harold76ad1a32018-02-20 14:31:09 -0800[diff] [blame]847 }
848 }
849 }
850
Holly Jiuyu Sun349e2142018-03-26 15:29:42 -0700[diff] [blame]851 public void grantDefaultPermissionsToActiveLuiApp(String packageName, int userId) {
852 Log.i(TAG, "Granting permissions to active LUI app for user:" + userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]853 grantSystemFixedPermissionsToSystemPackage(packageName, userId, CAMERA_PERMISSIONS);
Holly Jiuyu Sun349e2142018-03-26 15:29:42 -0700[diff] [blame]854 }
855
856 public void revokeDefaultPermissionsFromLuiApps(String[] packageNames, int userId) {
857 Log.i(TAG, "Revoke permissions from LUI apps for user:" + userId);
858 if (packageNames == null) {
859 return;
860 }
861 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]862 PackageInfo pkg = getSystemPackageInfo(packageName);
863 if (isSystemPackage(pkg) && doesPackageSupportRuntimePermissions(pkg)) {
864 revokeRuntimePermissions(packageName, CAMERA_PERMISSIONS, true, userId);
Holly Jiuyu Sun349e2142018-03-26 15:29:42 -0700[diff] [blame]865 }
866 }
867 }
868
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]869 public void grantDefaultPermissionsToDefaultBrowser(String packageName, int userId) {
870 Log.i(TAG, "Granting permissions to default browser for user:" + userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]871 grantPermissionsToSystemPackage(packageName, userId, LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]872 }
873
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]874 private String getDefaultSystemHandlerActivityPackage(String intentAction, int userId) {
875 return getDefaultSystemHandlerActivityPackage(new Intent(intentAction), userId);
876 }
877
878 private String getDefaultSystemHandlerActivityPackage(Intent intent, int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]879 ResolveInfo handler = mServiceInternal.resolveIntent(intent,
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]880 intent.resolveType(mContext.getContentResolver()), DEFAULT_INTENT_QUERY_FLAGS,
881 userId, false, Binder.getCallingUid());
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]882 if (handler == null || handler.activityInfo == null) {
883 return null;
884 }
885 if (mServiceInternal.isResolveActivityComponent(handler.activityInfo)) {
886 return null;
887 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]888 String packageName = handler.activityInfo.packageName;
889 return isSystemPackage(packageName) ? packageName : null;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]890 }
891
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]892 private String getDefaultSystemHandlerServicePackage(String intentAction, int userId) {
893 return getDefaultSystemHandlerServicePackage(new Intent(intentAction), userId);
894 }
895
896 private String getDefaultSystemHandlerServicePackage(
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]897 Intent intent, int userId) {
898 List<ResolveInfo> handlers = mServiceInternal.queryIntentServices(
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]899 intent, DEFAULT_INTENT_QUERY_FLAGS, Binder.getCallingUid(), userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]900 if (handlers == null) {
901 return null;
902 }
903 final int handlerCount = handlers.size();
904 for (int i = 0; i < handlerCount; i++) {
905 ResolveInfo handler = handlers.get(i);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]906 String handlerPackage = handler.serviceInfo.packageName;
907 if (isSystemPackage(handlerPackage)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]908 return handlerPackage;
909 }
910 }
911 return null;
912 }
913
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]914 private ArrayList<String> getHeadlessSyncAdapterPackages(
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]915 String[] syncAdapterPackageNames, int userId) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]916 ArrayList<String> syncAdapterPackages = new ArrayList<>();
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]917
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]918 Intent homeIntent = new Intent(Intent.ACTION_MAIN).addCategory(Intent.CATEGORY_LAUNCHER);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]919
920 for (String syncAdapterPackageName : syncAdapterPackageNames) {
921 homeIntent.setPackage(syncAdapterPackageName);
922
923 ResolveInfo homeActivity = mServiceInternal.resolveIntent(homeIntent,
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]924 homeIntent.resolveType(mContext.getContentResolver()),
925 DEFAULT_INTENT_QUERY_FLAGS,
Patrick Baumann78380272018-04-04 10:41:01 -0700[diff] [blame]926 userId, false, Binder.getCallingUid());
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]927 if (homeActivity != null) {
928 continue;
929 }
930
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]931 if (isSystemPackage(syncAdapterPackageName)) {
932 syncAdapterPackages.add(syncAdapterPackageName);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]933 }
934 }
935
936 return syncAdapterPackages;
937 }
938
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]939 private String getDefaultProviderAuthorityPackage(String authority, int userId) {
940 ProviderInfo provider = mServiceInternal.resolveContentProvider(
941 authority, DEFAULT_INTENT_QUERY_FLAGS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]942 if (provider != null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]943 return provider.packageName;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]944 }
945 return null;
946 }
947
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]948 private boolean isSystemPackage(String packageName) {
Philip P. Moltmannc701e7e2018-09-18 16:22:54 -0700[diff] [blame^]949 return isSystemPackage(getPackageInfo(packageName));
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]950 }
951
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]952 private boolean isSystemPackage(PackageInfo pkg) {
953 if (pkg == null) {
954 return false;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]955 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]956 return pkg.applicationInfo.isSystemApp()
957 && !isSysComponentOrPersistentPlatformSignedPrivApp(pkg);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]958 }
959
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]960 private void grantRuntimePermissions(PackageInfo pkg, Set<String> permissions,
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]961 boolean systemFixed, int userId) {
962 grantRuntimePermissions(pkg, permissions, systemFixed, false, userId);
963 }
964
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]965 private void revokeRuntimePermissions(String packageName, Set<String> permissions,
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]966 boolean systemFixed, int userId) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]967 PackageInfo pkg = getSystemPackageInfo(packageName);
968 if (ArrayUtils.isEmpty(pkg.requestedPermissions)) {
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]969 return;
970 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]971 Set<String> revokablePermissions = new ArraySet<>(Arrays.asList(pkg.requestedPermissions));
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]972
973 for (String permission : permissions) {
974 // We can't revoke what wasn't requested.
975 if (!revokablePermissions.contains(permission)) {
976 continue;
977 }
978
979 final int flags = mServiceInternal.getPermissionFlagsTEMP(
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]980 permission, packageName, userId);
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]981
982 // We didn't get this through the default grant policy. Move along.
983 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) == 0) {
984 continue;
985 }
986 // We aren't going to clobber device policy with a DefaultGrant.
987 if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) {
988 continue;
989 }
990 // Do not revoke system fixed permissions unless caller set them that way;
991 // there is no refcount for the number of sources of this, so there
992 // should be at most one grantor doing SYSTEM_FIXED for any given package.
993 if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 && !systemFixed) {
994 continue;
995 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]996 mServiceInternal.revokeRuntimePermission(packageName, permission, userId, false);
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]997
998 if (DEBUG) {
999 Log.i(TAG, "revoked " + (systemFixed ? "fixed " : "not fixed ")
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1000 + permission + " to " + packageName);
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1001 }
1002
1003 // Remove the GRANTED_BY_DEFAULT flag without touching the others.
1004 // Note that we do not revoke FLAG_PERMISSION_SYSTEM_FIXED. That bit remains
1005 // sticky once set.
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1006 mServiceInternal.updatePermissionFlagsTEMP(permission, packageName,
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1007 PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT, 0, userId);
1008 }
1009 }
1010
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1011 private void grantRuntimePermissions(PackageInfo pkg,
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1012 Set<String> permissionsWithoutSplits, boolean systemFixed, boolean ignoreSystemPackage,
1013 int userId) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1014 if (pkg == null) {
1015 return;
1016 }
1017
1018 String[] requestedPermissions = pkg.requestedPermissions;
1019 if (ArrayUtils.isEmpty(requestedPermissions)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1020 return;
1021 }
1022
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1023 final ArraySet<String> permissions = new ArraySet<>(permissionsWithoutSplits);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1024 ApplicationInfo applicationInfo = pkg.applicationInfo;
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1025
1026 // Automatically attempt to grant split permissions to older APKs
1027 final int numSplitPerms = PackageParser.SPLIT_PERMISSIONS.length;
1028 for (int splitPermNum = 0; splitPermNum < numSplitPerms; splitPermNum++) {
1029 final PackageParser.SplitPermissionInfo splitPerm =
1030 PackageParser.SPLIT_PERMISSIONS[splitPermNum];
1031
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1032 if (applicationInfo != null
1033 && applicationInfo.targetSdkVersion < splitPerm.targetSdk
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1034 && permissionsWithoutSplits.contains(splitPerm.rootPerm)) {
1035 Collections.addAll(permissions, splitPerm.newPerms);
1036 }
1037 }
1038
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1039 Set<String> grantablePermissions = null;
1040
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1041 // In some cases, like for the Phone or SMS app, we grant permissions regardless
1042 // of if the version on the system image declares the permission as used since
1043 // selecting the app as the default for that function the user makes a deliberate
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1044 // choice to grant this app the permissions needed to function. For all other
1045 // apps, (default grants on first boot and user creation) we don't grant default
1046 // permissions if the version on the system image does not declare them.
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1047 if (!ignoreSystemPackage
1048 && applicationInfo != null
1049 && applicationInfo.isUpdatedSystemApp()) {
1050 final PackageInfo disabledPkg = getSystemPackageInfo(
1051 mServiceInternal.getDisabledSystemPackageName(pkg.packageName));
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1052 if (disabledPkg != null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1053 if (ArrayUtils.isEmpty(disabledPkg.requestedPermissions)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1054 return;
1055 }
1056 if (!requestedPermissions.equals(disabledPkg.requestedPermissions)) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1057 grantablePermissions = new ArraySet<>(Arrays.asList(requestedPermissions));
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1058 requestedPermissions = disabledPkg.requestedPermissions;
1059 }
1060 }
1061 }
1062
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1063 final int grantablePermissionCount = requestedPermissions.length;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1064 for (int i = 0; i < grantablePermissionCount; i++) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1065 String permission = requestedPermissions[i];
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1066
1067 // If there is a disabled system app it may request a permission the updated
1068 // version ot the data partition doesn't, In this case skip the permission.
1069 if (grantablePermissions != null && !grantablePermissions.contains(permission)) {
1070 continue;
1071 }
1072
1073 if (permissions.contains(permission)) {
1074 final int flags = mServiceInternal.getPermissionFlagsTEMP(
1075 permission, pkg.packageName, userId);
1076
1077 // If any flags are set to the permission, then it is either set in
1078 // its current state by the system or device/profile owner or the user.
1079 // In all these cases we do not want to clobber the current state.
1080 // Unless the caller wants to override user choices. The override is
1081 // to make sure we can grant the needed permission to the default
1082 // sms and phone apps after the user chooses this in the UI.
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1083 if (flags == 0 || ignoreSystemPackage) {
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1084 // Never clobber policy fixed permissions.
1085 // We must allow the grant of a system-fixed permission because
1086 // system-fixed is sticky, but the permission itself may be revoked.
1087 if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1088 continue;
1089 }
1090
1091 mServiceInternal.grantRuntimePermission(
1092 pkg.packageName, permission, userId, false);
1093 if (DEBUG) {
1094 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ")
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1095 + permission + " to default handler " + pkg);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1096 }
1097
1098 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT;
1099 if (systemFixed) {
1100 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
1101 }
1102
1103 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName,
1104 newFlags, newFlags, userId);
1105 }
1106
1107 // If a component gets a permission for being the default handler A
1108 // and also default handler B, we grant the weaker grant form.
1109 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
1110 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0
1111 && !systemFixed) {
1112 if (DEBUG) {
1113 Log.i(TAG, "Granted not fixed " + permission + " to default handler "
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1114 + pkg);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1115 }
1116 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName,
1117 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, userId);
1118 }
1119 }
1120 }
1121 }
1122
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1123 private PackageInfo getSystemPackageInfo(String pkg) {
1124 //TODO not MATCH_SYSTEM_ONLY?
1125 return getPackageInfo(pkg, PackageManager.MATCH_FACTORY_ONLY);
1126 }
1127
1128 private PackageInfo getPackageInfo(String pkg) {
1129 return getPackageInfo(pkg, 0 /* extraFlags */);
1130 }
1131
1132 private PackageInfo getPackageInfo(String pkg,
1133 @PackageManager.PackageInfoFlags int extraFlags) {
1134 return mServiceInternal.getPackageInfo(pkg,
1135 DEFAULT_PACKAGE_INFO_QUERY_FLAGS | extraFlags,
1136 //TODO is this the right filterCallingUid?
1137 UserHandle.USER_SYSTEM, UserHandle.USER_SYSTEM);
1138 }
1139
1140 private boolean isSysComponentOrPersistentPlatformSignedPrivApp(PackageInfo pkg) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1141 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) {
1142 return true;
1143 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1144 if (!pkg.applicationInfo.isPrivilegedApp()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1145 return false;
1146 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1147 final PackageInfo disabledPkg = getSystemPackageInfo(
1148 mServiceInternal.getDisabledSystemPackageName(pkg.applicationInfo.packageName));
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1149 if (disabledPkg != null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1150 ApplicationInfo disabledPackageAppInfo = disabledPkg.applicationInfo;
1151 if (disabledPackageAppInfo != null
1152 && (disabledPackageAppInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1153 return false;
1154 }
1155 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
1156 return false;
1157 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1158 return mServiceInternal.isPlatformSigned(pkg.packageName);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1159 }
1160
1161 private void grantDefaultPermissionExceptions(int userId) {
1162 mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
1163
1164 synchronized (mLock) {
1165 // mGrantExceptions is null only before the first read and then
1166 // it serves as a cache of the default grants that should be
1167 // performed for every user. If there is an entry then the app
1168 // is on the system image and supports runtime permissions.
1169 if (mGrantExceptions == null) {
1170 mGrantExceptions = readDefaultPermissionExceptionsLocked();
1171 }
1172 }
1173
1174 Set<String> permissions = null;
1175 final int exceptionCount = mGrantExceptions.size();
1176 for (int i = 0; i < exceptionCount; i++) {
1177 String packageName = mGrantExceptions.keyAt(i);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1178 PackageInfo pkg = getSystemPackageInfo(packageName);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1179 List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i);
1180 final int permissionGrantCount = permissionGrants.size();
1181 for (int j = 0; j < permissionGrantCount; j++) {
1182 DefaultPermissionGrant permissionGrant = permissionGrants.get(j);
1183 if (permissions == null) {
1184 permissions = new ArraySet<>();
1185 } else {
1186 permissions.clear();
1187 }
1188 permissions.add(permissionGrant.name);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1189 grantRuntimePermissions(pkg, permissions, permissionGrant.fixed, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1190 }
1191 }
1192 }
1193
1194 private File[] getDefaultPermissionFiles() {
1195 ArrayList<File> ret = new ArrayList<File>();
1196 File dir = new File(Environment.getRootDirectory(), "etc/default-permissions");
1197 if (dir.isDirectory() && dir.canRead()) {
1198 Collections.addAll(ret, dir.listFiles());
1199 }
1200 dir = new File(Environment.getVendorDirectory(), "etc/default-permissions");
1201 if (dir.isDirectory() && dir.canRead()) {
1202 Collections.addAll(ret, dir.listFiles());
1203 }
Jiyong Park0989e382018-03-13 10:26:47 +0900[diff] [blame]1204 dir = new File(Environment.getOdmDirectory(), "etc/default-permissions");
1205 if (dir.isDirectory() && dir.canRead()) {
1206 Collections.addAll(ret, dir.listFiles());
1207 }
Jaekyun Seok1713d9e2018-01-12 21:47:26 +0900[diff] [blame]1208 dir = new File(Environment.getProductDirectory(), "etc/default-permissions");
1209 if (dir.isDirectory() && dir.canRead()) {
1210 Collections.addAll(ret, dir.listFiles());
1211 }
Dario Freni1ae46d72018-08-17 15:56:43 +0100[diff] [blame]1212 dir = new File(Environment.getProductServicesDirectory(),
1213 "etc/default-permissions");
1214 if (dir.isDirectory() && dir.canRead()) {
1215 Collections.addAll(ret, dir.listFiles());
1216 }
Ralph Nathanbd111582018-03-21 14:53:23 -0700[diff] [blame]1217 // For IoT devices, we check the oem partition for default permissions for each app.
1218 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) {
1219 dir = new File(Environment.getOemDirectory(), "etc/default-permissions");
1220 if (dir.isDirectory() && dir.canRead()) {
1221 Collections.addAll(ret, dir.listFiles());
1222 }
1223 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1224 return ret.isEmpty() ? null : ret.toArray(new File[0]);
1225 }
1226
1227 private @NonNull ArrayMap<String, List<DefaultPermissionGrant>>
1228 readDefaultPermissionExceptionsLocked() {
1229 File[] files = getDefaultPermissionFiles();
1230 if (files == null) {
1231 return new ArrayMap<>(0);
1232 }
1233
1234 ArrayMap<String, List<DefaultPermissionGrant>> grantExceptions = new ArrayMap<>();
1235
1236 // Iterate over the files in the directory and scan .xml files
1237 for (File file : files) {
1238 if (!file.getPath().endsWith(".xml")) {
1239 Slog.i(TAG, "Non-xml file " + file
1240 + " in " + file.getParent() + " directory, ignoring");
1241 continue;
1242 }
1243 if (!file.canRead()) {
1244 Slog.w(TAG, "Default permissions file " + file + " cannot be read");
1245 continue;
1246 }
1247 try (
1248 InputStream str = new BufferedInputStream(new FileInputStream(file))
1249 ) {
1250 XmlPullParser parser = Xml.newPullParser();
1251 parser.setInput(str, null);
1252 parse(parser, grantExceptions);
1253 } catch (XmlPullParserException | IOException e) {
1254 Slog.w(TAG, "Error reading default permissions file " + file, e);
1255 }
1256 }
1257
1258 return grantExceptions;
1259 }
1260
1261 private void parse(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1262 outGrantExceptions) throws IOException, XmlPullParserException {
1263 final int outerDepth = parser.getDepth();
1264 int type;
1265 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1266 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1267 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1268 continue;
1269 }
1270 if (TAG_EXCEPTIONS.equals(parser.getName())) {
1271 parseExceptions(parser, outGrantExceptions);
1272 } else {
1273 Log.e(TAG, "Unknown tag " + parser.getName());
1274 }
1275 }
1276 }
1277
1278 private void parseExceptions(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1279 outGrantExceptions) throws IOException, XmlPullParserException {
1280 final int outerDepth = parser.getDepth();
1281 int type;
1282 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1283 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1284 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1285 continue;
1286 }
1287 if (TAG_EXCEPTION.equals(parser.getName())) {
1288 String packageName = parser.getAttributeValue(null, ATTR_PACKAGE);
1289
1290 List<DefaultPermissionGrant> packageExceptions =
1291 outGrantExceptions.get(packageName);
1292 if (packageExceptions == null) {
1293 // The package must be on the system image
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1294 if (!isSystemPackage(packageName)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1295 Log.w(TAG, "Unknown package:" + packageName);
1296 XmlUtils.skipCurrentTag(parser);
1297 continue;
1298 }
1299
1300 // The package must support runtime permissions
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1301 if (!doesPackageSupportRuntimePermissions(getSystemPackageInfo(packageName))) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1302 Log.w(TAG, "Skipping non supporting runtime permissions package:"
1303 + packageName);
1304 XmlUtils.skipCurrentTag(parser);
1305 continue;
1306 }
1307 packageExceptions = new ArrayList<>();
1308 outGrantExceptions.put(packageName, packageExceptions);
1309 }
1310
1311 parsePermission(parser, packageExceptions);
1312 } else {
1313 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exceptions>");
1314 }
1315 }
1316 }
1317
1318 private void parsePermission(XmlPullParser parser, List<DefaultPermissionGrant>
1319 outPackageExceptions) throws IOException, XmlPullParserException {
1320 final int outerDepth = parser.getDepth();
1321 int type;
1322 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1323 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1324 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1325 continue;
1326 }
1327
1328 if (TAG_PERMISSION.contains(parser.getName())) {
1329 String name = parser.getAttributeValue(null, ATTR_NAME);
1330 if (name == null) {
1331 Log.w(TAG, "Mandatory name attribute missing for permission tag");
1332 XmlUtils.skipCurrentTag(parser);
1333 continue;
1334 }
1335
1336 final boolean fixed = XmlUtils.readBooleanAttribute(parser, ATTR_FIXED);
1337
1338 DefaultPermissionGrant exception = new DefaultPermissionGrant(name, fixed);
1339 outPackageExceptions.add(exception);
1340 } else {
1341 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exception>");
1342 }
1343 }
1344 }
1345
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1346 private static boolean doesPackageSupportRuntimePermissions(PackageInfo pkg) {
1347 return pkg.applicationInfo != null
1348 && pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1349 }
1350
1351 private static final class DefaultPermissionGrant {
1352 final String name;
1353 final boolean fixed;
1354
1355 public DefaultPermissionGrant(String name, boolean fixed) {
1356 this.name = name;
1357 this.fixed = fixed;
1358 }
1359 }
1360}