Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / d7647c1b6685dbf03ff096fd73424163f2468e4e / . / services / core / java / com / android / server / pm / permission / DefaultPermissionGrantPolicy.java
blob: c9aa1ef1c00791339ef6de3b4987a8beb0a1fd32 [file] [log] [blame]
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.pm.permission;
18
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]19import static android.os.Process.FIRST_APPLICATION_UID;
Todd Kennedy7c4c55d2017-11-02 10:01:39 -0700[diff] [blame]20
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]21import android.Manifest;
22import android.annotation.NonNull;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]23import android.annotation.Nullable;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]24import android.app.ActivityManager;
25import android.app.DownloadManager;
26import android.app.admin.DevicePolicyManager;
27import android.companion.CompanionDeviceManager;
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]28import android.content.ComponentName;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]29import android.content.Context;
30import android.content.Intent;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]31import android.content.pm.ApplicationInfo;
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]32import android.content.pm.PackageList;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]33import android.content.pm.PackageManager;
34import android.content.pm.PackageManagerInternal;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]35import android.content.pm.PackageManagerInternal.PackagesProvider;
36import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]37import android.content.pm.PackageParser;
38import android.content.pm.ProviderInfo;
39import android.content.pm.ResolveInfo;
40import android.media.RingtoneManager;
41import android.net.Uri;
42import android.os.Binder;
43import android.os.Build;
44import android.os.Environment;
45import android.os.Handler;
46import android.os.Looper;
47import android.os.Message;
48import android.os.UserHandle;
49import android.os.storage.StorageManager;
50import android.print.PrintManager;
51import android.provider.CalendarContract;
52import android.provider.ContactsContract;
53import android.provider.MediaStore;
54import android.provider.Telephony.Sms.Intents;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]55import android.security.Credentials;
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]56import android.service.textclassifier.TextClassifierService;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]57import android.telephony.TelephonyManager;
Ye Wen8e8b2d52018-03-14 11:48:24 -0700[diff] [blame]58import android.text.TextUtils;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]59import android.util.ArrayMap;
60import android.util.ArraySet;
61import android.util.Log;
62import android.util.Slog;
63import android.util.Xml;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]64
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]65import com.android.internal.util.XmlUtils;
66import com.android.server.LocalServices;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]67import com.android.server.pm.PackageManagerService;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]68
69import org.xmlpull.v1.XmlPullParser;
70import org.xmlpull.v1.XmlPullParserException;
71
72import java.io.BufferedInputStream;
73import java.io.File;
74import java.io.FileInputStream;
75import java.io.IOException;
76import java.io.InputStream;
77import java.util.ArrayList;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]78import java.util.Collections;
79import java.util.List;
80import java.util.Map;
81import java.util.Set;
82
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]83/**
84 * This class is the policy for granting runtime permissions to
85 * platform components and default handlers in the system such
86 * that the device is usable out-of-the-box. For example, the
87 * shell UID is a part of the system and the Phone app should
88 * have phone related permission by default.
89 * <p>
90 * NOTE: This class is at the wrong abstraction level. It is a part of the package manager
91 * service but knows about lots of higher level subsystems. The correct way to do this is
92 * to have an interface defined in the package manager but have the impl next to other
93 * policy stuff like PhoneWindowManager
94 */
95public final class DefaultPermissionGrantPolicy {
96 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars
97 private static final boolean DEBUG = false;
98
99 private static final int DEFAULT_FLAGS =
100 PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE
101 | PackageManager.MATCH_UNINSTALLED_PACKAGES;
102
103 private static final String AUDIO_MIME_TYPE = "audio/mpeg";
104
105 private static final String TAG_EXCEPTIONS = "exceptions";
106 private static final String TAG_EXCEPTION = "exception";
107 private static final String TAG_PERMISSION = "permission";
108 private static final String ATTR_PACKAGE = "package";
109 private static final String ATTR_NAME = "name";
110 private static final String ATTR_FIXED = "fixed";
111
112 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>();
113 static {
114 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE);
115 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE);
116 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG);
117 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG);
118 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL);
119 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP);
120 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS);
121 }
122
123 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>();
124 static {
125 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS);
126 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS);
127 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS);
128 }
129
130 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>();
131 static {
132 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION);
133 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);
134 }
135
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]136 private static final Set<String> COARSE_LOCATION_PERMISSIONS = new ArraySet<>();
137 static {
138 COARSE_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);
139 }
140
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]141 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>();
142 static {
143 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR);
144 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR);
145 }
146
147 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>();
148 static {
149 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS);
150 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS);
151 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS);
152 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH);
153 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS);
154 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS);
155 }
156
157 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>();
158 static {
159 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO);
160 }
161
162 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>();
163 static {
164 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA);
165 }
166
167 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>();
168 static {
169 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS);
170 }
171
172 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>();
173 static {
174 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE);
175 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE);
176 }
177
178 private static final int MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS = 1;
179
180 private static final String ACTION_TRACK = "com.android.fitness.TRACK";
181
182 private final Handler mHandler;
183
184 private PackagesProvider mLocationPackagesProvider;
185 private PackagesProvider mVoiceInteractionPackagesProvider;
186 private PackagesProvider mSmsAppPackagesProvider;
187 private PackagesProvider mDialerAppPackagesProvider;
188 private PackagesProvider mSimCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]189 private PackagesProvider mUseOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]190 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider;
191
192 private ArrayMap<String, List<DefaultPermissionGrant>> mGrantExceptions;
193 private final Context mContext;
194 private final Object mLock = new Object();
195 private final PackageManagerInternal mServiceInternal;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]196 private final PermissionManagerService mPermissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]197 private final DefaultPermissionGrantedCallback mPermissionGrantedCallback;
198 public interface DefaultPermissionGrantedCallback {
199 /** Callback when permissions have been granted */
200 public void onDefaultRuntimePermissionsGranted(int userId);
201 }
202
203 public DefaultPermissionGrantPolicy(Context context, Looper looper,
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]204 @Nullable DefaultPermissionGrantedCallback callback,
205 @NonNull PermissionManagerService permissionManager) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]206 mContext = context;
207 mHandler = new Handler(looper) {
208 @Override
209 public void handleMessage(Message msg) {
210 if (msg.what == MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS) {
211 synchronized (mLock) {
212 if (mGrantExceptions == null) {
213 mGrantExceptions = readDefaultPermissionExceptionsLocked();
214 }
215 }
216 }
217 }
218 };
219 mPermissionGrantedCallback = callback;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]220 mPermissionManager = permissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]221 mServiceInternal = LocalServices.getService(PackageManagerInternal.class);
222 }
223
224 public void setLocationPackagesProvider(PackagesProvider provider) {
225 synchronized (mLock) {
226 mLocationPackagesProvider = provider;
227 }
228 }
229
230 public void setVoiceInteractionPackagesProvider(PackagesProvider provider) {
231 synchronized (mLock) {
232 mVoiceInteractionPackagesProvider = provider;
233 }
234 }
235
236 public void setSmsAppPackagesProvider(PackagesProvider provider) {
237 synchronized (mLock) {
238 mSmsAppPackagesProvider = provider;
239 }
240 }
241
242 public void setDialerAppPackagesProvider(PackagesProvider provider) {
243 synchronized (mLock) {
244 mDialerAppPackagesProvider = provider;
245 }
246 }
247
248 public void setSimCallManagerPackagesProvider(PackagesProvider provider) {
249 synchronized (mLock) {
250 mSimCallManagerPackagesProvider = provider;
251 }
252 }
253
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]254 public void setUseOpenWifiAppPackagesProvider(PackagesProvider provider) {
255 synchronized (mLock) {
256 mUseOpenWifiAppPackagesProvider = provider;
257 }
258 }
259
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]260 public void setSyncAdapterPackagesProvider(SyncAdapterPackagesProvider provider) {
261 synchronized (mLock) {
262 mSyncAdapterPackagesProvider = provider;
263 }
264 }
265
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]266 public void grantDefaultPermissions(int userId) {
Ralph Nathanbd111582018-03-21 14:53:23 -0700[diff] [blame]267 grantPermissionsToSysComponentsAndPrivApps(userId);
268 grantDefaultSystemHandlerPermissions(userId);
269 grantDefaultPermissionExceptions(userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]270 }
271
272 private void grantRuntimePermissionsForPackage(int userId, PackageParser.Package pkg) {
273 Set<String> permissions = new ArraySet<>();
274 for (String permission : pkg.requestedPermissions) {
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]275 final BasePermission bp = mPermissionManager.getPermission(permission);
276 if (bp == null) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]277 continue;
278 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]279 if (bp.isRuntime()) {
280 permissions.add(permission);
281 }
282 }
283 if (!permissions.isEmpty()) {
284 grantRuntimePermissions(pkg, permissions, true, userId);
285 }
286 }
287
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]288 private void grantAllRuntimePermissions(int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]289 Log.i(TAG, "Granting all runtime permissions for user " + userId);
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]290 final PackageList packageList = mServiceInternal.getPackageList();
291 for (String packageName : packageList.getPackageNames()) {
292 final PackageParser.Package pkg = mServiceInternal.getPackage(packageName);
293 if (pkg == null) {
294 continue;
295 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]296 grantRuntimePermissionsForPackage(userId, pkg);
297 }
298 }
299
300 public void scheduleReadDefaultPermissionExceptions() {
301 mHandler.sendEmptyMessage(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
302 }
303
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]304 private void grantPermissionsToSysComponentsAndPrivApps(int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]305 Log.i(TAG, "Granting permissions to platform components for user " + userId);
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]306 final PackageList packageList = mServiceInternal.getPackageList();
307 for (String packageName : packageList.getPackageNames()) {
308 final PackageParser.Package pkg = mServiceInternal.getPackage(packageName);
309 if (pkg == null) {
310 continue;
311 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]312 if (!isSysComponentOrPersistentPlatformSignedPrivApp(pkg)
313 || !doesPackageSupportRuntimePermissions(pkg)
314 || pkg.requestedPermissions.isEmpty()) {
315 continue;
316 }
317 grantRuntimePermissionsForPackage(userId, pkg);
318 }
319 }
320
321 private void grantDefaultSystemHandlerPermissions(int userId) {
322 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId);
323
324 final PackagesProvider locationPackagesProvider;
325 final PackagesProvider voiceInteractionPackagesProvider;
326 final PackagesProvider smsAppPackagesProvider;
327 final PackagesProvider dialerAppPackagesProvider;
328 final PackagesProvider simCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]329 final PackagesProvider useOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]330 final SyncAdapterPackagesProvider syncAdapterPackagesProvider;
331
332 synchronized (mLock) {
333 locationPackagesProvider = mLocationPackagesProvider;
334 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider;
335 smsAppPackagesProvider = mSmsAppPackagesProvider;
336 dialerAppPackagesProvider = mDialerAppPackagesProvider;
337 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]338 useOpenWifiAppPackagesProvider = mUseOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]339 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider;
340 }
341
342 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null)
343 ? voiceInteractionPackagesProvider.getPackages(userId) : null;
344 String[] locationPackageNames = (locationPackagesProvider != null)
345 ? locationPackagesProvider.getPackages(userId) : null;
346 String[] smsAppPackageNames = (smsAppPackagesProvider != null)
347 ? smsAppPackagesProvider.getPackages(userId) : null;
348 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null)
349 ? dialerAppPackagesProvider.getPackages(userId) : null;
350 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null)
351 ? simCallManagerPackagesProvider.getPackages(userId) : null;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]352 String[] useOpenWifiAppPackageNames = (useOpenWifiAppPackagesProvider != null)
353 ? useOpenWifiAppPackagesProvider.getPackages(userId) : null;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]354 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
355 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null;
356 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
357 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null;
358
359 // Installer
360 final String installerPackageName = mServiceInternal.getKnownPackageName(
361 PackageManagerInternal.PACKAGE_INSTALLER, userId);
362 PackageParser.Package installerPackage = getSystemPackage(installerPackageName);
363 if (installerPackage != null
364 && doesPackageSupportRuntimePermissions(installerPackage)) {
365 grantRuntimePermissions(installerPackage, STORAGE_PERMISSIONS, true, userId);
366 }
367
368 // Verifier
369 final String verifierPackageName = mServiceInternal.getKnownPackageName(
370 PackageManagerInternal.PACKAGE_VERIFIER, userId);
371 PackageParser.Package verifierPackage = getSystemPackage(verifierPackageName);
372 if (verifierPackage != null
373 && doesPackageSupportRuntimePermissions(verifierPackage)) {
374 grantRuntimePermissions(verifierPackage, STORAGE_PERMISSIONS, true, userId);
375 grantRuntimePermissions(verifierPackage, PHONE_PERMISSIONS, false, userId);
376 grantRuntimePermissions(verifierPackage, SMS_PERMISSIONS, false, userId);
377 }
378
379 // SetupWizard
380 final String setupWizardPackageName = mServiceInternal.getKnownPackageName(
381 PackageManagerInternal.PACKAGE_SETUP_WIZARD, userId);
382 PackageParser.Package setupPackage = getSystemPackage(setupWizardPackageName);
383 if (setupPackage != null
384 && doesPackageSupportRuntimePermissions(setupPackage)) {
385 grantRuntimePermissions(setupPackage, PHONE_PERMISSIONS, userId);
386 grantRuntimePermissions(setupPackage, CONTACTS_PERMISSIONS, userId);
387 grantRuntimePermissions(setupPackage, LOCATION_PERMISSIONS, userId);
388 grantRuntimePermissions(setupPackage, CAMERA_PERMISSIONS, userId);
389 }
390
391 // Camera
392 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE);
393 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackage(
394 cameraIntent, userId);
395 if (cameraPackage != null
396 && doesPackageSupportRuntimePermissions(cameraPackage)) {
397 grantRuntimePermissions(cameraPackage, CAMERA_PERMISSIONS, userId);
398 grantRuntimePermissions(cameraPackage, MICROPHONE_PERMISSIONS, userId);
399 grantRuntimePermissions(cameraPackage, STORAGE_PERMISSIONS, userId);
400 }
401
402 // Media provider
403 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackage(
404 MediaStore.AUTHORITY, userId);
405 if (mediaStorePackage != null) {
406 grantRuntimePermissions(mediaStorePackage, STORAGE_PERMISSIONS, true, userId);
Jerry Zhang27067df2017-10-18 11:51:54 -0700[diff] [blame]407 grantRuntimePermissions(mediaStorePackage, PHONE_PERMISSIONS, true, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]408 }
409
410 // Downloads provider
411 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackage(
412 "downloads", userId);
413 if (downloadsPackage != null) {
414 grantRuntimePermissions(downloadsPackage, STORAGE_PERMISSIONS, true, userId);
415 }
416
417 // Downloads UI
418 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS);
419 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackage(
420 downloadsUiIntent, userId);
421 if (downloadsUiPackage != null
422 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) {
423 grantRuntimePermissions(downloadsUiPackage, STORAGE_PERMISSIONS, true, userId);
424 }
425
426 // Storage provider
427 PackageParser.Package storagePackage = getDefaultProviderAuthorityPackage(
428 "com.android.externalstorage.documents", userId);
429 if (storagePackage != null) {
430 grantRuntimePermissions(storagePackage, STORAGE_PERMISSIONS, true, userId);
431 }
432
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]433 // Container service
434 PackageParser.Package containerPackage = getSystemPackage(
435 PackageManagerService.DEFAULT_CONTAINER_PACKAGE);
436 if (containerPackage != null) {
437 grantRuntimePermissions(containerPackage, STORAGE_PERMISSIONS, true, userId);
438 }
439
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]440 // CertInstaller
441 Intent certInstallerIntent = new Intent(Credentials.INSTALL_ACTION);
442 PackageParser.Package certInstallerPackage = getDefaultSystemHandlerActivityPackage(
443 certInstallerIntent, userId);
444 if (certInstallerPackage != null
445 && doesPackageSupportRuntimePermissions(certInstallerPackage)) {
446 grantRuntimePermissions(certInstallerPackage, STORAGE_PERMISSIONS, true, userId);
447 }
448
449 // Dialer
450 if (dialerAppPackageNames == null) {
451 Intent dialerIntent = new Intent(Intent.ACTION_DIAL);
452 PackageParser.Package dialerPackage = getDefaultSystemHandlerActivityPackage(
453 dialerIntent, userId);
454 if (dialerPackage != null) {
455 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId);
456 }
457 } else {
458 for (String dialerAppPackageName : dialerAppPackageNames) {
459 PackageParser.Package dialerPackage = getSystemPackage(dialerAppPackageName);
460 if (dialerPackage != null) {
461 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId);
462 }
463 }
464 }
465
466 // Sim call manager
467 if (simCallManagerPackageNames != null) {
468 for (String simCallManagerPackageName : simCallManagerPackageNames) {
469 PackageParser.Package simCallManagerPackage =
470 getSystemPackage(simCallManagerPackageName);
471 if (simCallManagerPackage != null) {
472 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage,
473 userId);
474 }
475 }
476 }
477
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]478 // Use Open Wifi
479 if (useOpenWifiAppPackageNames != null) {
480 for (String useOpenWifiPackageName : useOpenWifiAppPackageNames) {
481 PackageParser.Package useOpenWifiPackage =
482 getSystemPackage(useOpenWifiPackageName);
483 if (useOpenWifiPackage != null) {
484 grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(useOpenWifiPackage,
485 userId);
486 }
487 }
488 }
489
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]490 // SMS
491 if (smsAppPackageNames == null) {
492 Intent smsIntent = new Intent(Intent.ACTION_MAIN);
493 smsIntent.addCategory(Intent.CATEGORY_APP_MESSAGING);
494 PackageParser.Package smsPackage = getDefaultSystemHandlerActivityPackage(
495 smsIntent, userId);
496 if (smsPackage != null) {
497 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
498 }
499 } else {
500 for (String smsPackageName : smsAppPackageNames) {
501 PackageParser.Package smsPackage = getSystemPackage(smsPackageName);
502 if (smsPackage != null) {
503 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
504 }
505 }
506 }
507
508 // Cell Broadcast Receiver
509 Intent cbrIntent = new Intent(Intents.SMS_CB_RECEIVED_ACTION);
510 PackageParser.Package cbrPackage =
511 getDefaultSystemHandlerActivityPackage(cbrIntent, userId);
512 if (cbrPackage != null && doesPackageSupportRuntimePermissions(cbrPackage)) {
513 grantRuntimePermissions(cbrPackage, SMS_PERMISSIONS, userId);
514 }
515
516 // Carrier Provisioning Service
517 Intent carrierProvIntent = new Intent(Intents.SMS_CARRIER_PROVISION_ACTION);
518 PackageParser.Package carrierProvPackage =
519 getDefaultSystemHandlerServicePackage(carrierProvIntent, userId);
520 if (carrierProvPackage != null
521 && doesPackageSupportRuntimePermissions(carrierProvPackage)) {
522 grantRuntimePermissions(carrierProvPackage, SMS_PERMISSIONS, false, userId);
523 }
524
525 // Calendar
526 Intent calendarIntent = new Intent(Intent.ACTION_MAIN);
527 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR);
528 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackage(
529 calendarIntent, userId);
530 if (calendarPackage != null
531 && doesPackageSupportRuntimePermissions(calendarPackage)) {
532 grantRuntimePermissions(calendarPackage, CALENDAR_PERMISSIONS, userId);
533 grantRuntimePermissions(calendarPackage, CONTACTS_PERMISSIONS, userId);
534 }
535
536 // Calendar provider
537 PackageParser.Package calendarProviderPackage = getDefaultProviderAuthorityPackage(
538 CalendarContract.AUTHORITY, userId);
539 if (calendarProviderPackage != null) {
540 grantRuntimePermissions(calendarProviderPackage, CONTACTS_PERMISSIONS, userId);
541 grantRuntimePermissions(calendarProviderPackage, CALENDAR_PERMISSIONS,
542 true, userId);
543 grantRuntimePermissions(calendarProviderPackage, STORAGE_PERMISSIONS, userId);
544 }
545
546 // Calendar provider sync adapters
547 List<PackageParser.Package> calendarSyncAdapters = getHeadlessSyncAdapterPackages(
548 calendarSyncAdapterPackages, userId);
549 final int calendarSyncAdapterCount = calendarSyncAdapters.size();
550 for (int i = 0; i < calendarSyncAdapterCount; i++) {
551 PackageParser.Package calendarSyncAdapter = calendarSyncAdapters.get(i);
552 if (doesPackageSupportRuntimePermissions(calendarSyncAdapter)) {
553 grantRuntimePermissions(calendarSyncAdapter, CALENDAR_PERMISSIONS, userId);
554 }
555 }
556
557 // Contacts
558 Intent contactsIntent = new Intent(Intent.ACTION_MAIN);
559 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS);
560 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackage(
561 contactsIntent, userId);
562 if (contactsPackage != null
563 && doesPackageSupportRuntimePermissions(contactsPackage)) {
564 grantRuntimePermissions(contactsPackage, CONTACTS_PERMISSIONS, userId);
565 grantRuntimePermissions(contactsPackage, PHONE_PERMISSIONS, userId);
566 }
567
568 // Contacts provider sync adapters
569 List<PackageParser.Package> contactsSyncAdapters = getHeadlessSyncAdapterPackages(
570 contactsSyncAdapterPackages, userId);
571 final int contactsSyncAdapterCount = contactsSyncAdapters.size();
572 for (int i = 0; i < contactsSyncAdapterCount; i++) {
573 PackageParser.Package contactsSyncAdapter = contactsSyncAdapters.get(i);
574 if (doesPackageSupportRuntimePermissions(contactsSyncAdapter)) {
575 grantRuntimePermissions(contactsSyncAdapter, CONTACTS_PERMISSIONS, userId);
576 }
577 }
578
579 // Contacts provider
580 PackageParser.Package contactsProviderPackage = getDefaultProviderAuthorityPackage(
581 ContactsContract.AUTHORITY, userId);
582 if (contactsProviderPackage != null) {
583 grantRuntimePermissions(contactsProviderPackage, CONTACTS_PERMISSIONS,
584 true, userId);
585 grantRuntimePermissions(contactsProviderPackage, PHONE_PERMISSIONS,
586 true, userId);
587 grantRuntimePermissions(contactsProviderPackage, STORAGE_PERMISSIONS, userId);
588 }
589
590 // Device provisioning
591 Intent deviceProvisionIntent = new Intent(
592 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE);
593 PackageParser.Package deviceProvisionPackage =
594 getDefaultSystemHandlerActivityPackage(deviceProvisionIntent, userId);
595 if (deviceProvisionPackage != null
596 && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) {
597 grantRuntimePermissions(deviceProvisionPackage, CONTACTS_PERMISSIONS, userId);
598 }
599
600 // Maps
601 Intent mapsIntent = new Intent(Intent.ACTION_MAIN);
602 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS);
603 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackage(
604 mapsIntent, userId);
605 if (mapsPackage != null
606 && doesPackageSupportRuntimePermissions(mapsPackage)) {
607 grantRuntimePermissions(mapsPackage, LOCATION_PERMISSIONS, userId);
608 }
609
610 // Gallery
611 Intent galleryIntent = new Intent(Intent.ACTION_MAIN);
612 galleryIntent.addCategory(Intent.CATEGORY_APP_GALLERY);
613 PackageParser.Package galleryPackage = getDefaultSystemHandlerActivityPackage(
614 galleryIntent, userId);
615 if (galleryPackage != null
616 && doesPackageSupportRuntimePermissions(galleryPackage)) {
617 grantRuntimePermissions(galleryPackage, STORAGE_PERMISSIONS, userId);
618 }
619
620 // Email
621 Intent emailIntent = new Intent(Intent.ACTION_MAIN);
622 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL);
623 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackage(
624 emailIntent, userId);
625 if (emailPackage != null
626 && doesPackageSupportRuntimePermissions(emailPackage)) {
627 grantRuntimePermissions(emailPackage, CONTACTS_PERMISSIONS, userId);
628 grantRuntimePermissions(emailPackage, CALENDAR_PERMISSIONS, userId);
629 }
630
631 // Browser
632 PackageParser.Package browserPackage = null;
633 String defaultBrowserPackage = mServiceInternal.getKnownPackageName(
634 PackageManagerInternal.PACKAGE_BROWSER, userId);
635 if (defaultBrowserPackage != null) {
636 browserPackage = getPackage(defaultBrowserPackage);
637 }
638 if (browserPackage == null) {
639 Intent browserIntent = new Intent(Intent.ACTION_MAIN);
640 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER);
641 browserPackage = getDefaultSystemHandlerActivityPackage(
642 browserIntent, userId);
643 }
644 if (browserPackage != null
645 && doesPackageSupportRuntimePermissions(browserPackage)) {
646 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, userId);
647 }
648
649 // Voice interaction
650 if (voiceInteractPackageNames != null) {
651 for (String voiceInteractPackageName : voiceInteractPackageNames) {
652 PackageParser.Package voiceInteractPackage = getSystemPackage(
653 voiceInteractPackageName);
654 if (voiceInteractPackage != null
655 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) {
656 grantRuntimePermissions(voiceInteractPackage,
657 CONTACTS_PERMISSIONS, userId);
658 grantRuntimePermissions(voiceInteractPackage,
659 CALENDAR_PERMISSIONS, userId);
660 grantRuntimePermissions(voiceInteractPackage,
661 MICROPHONE_PERMISSIONS, userId);
662 grantRuntimePermissions(voiceInteractPackage,
663 PHONE_PERMISSIONS, userId);
664 grantRuntimePermissions(voiceInteractPackage,
665 SMS_PERMISSIONS, userId);
666 grantRuntimePermissions(voiceInteractPackage,
667 LOCATION_PERMISSIONS, userId);
668 }
669 }
670 }
671
672 if (ActivityManager.isLowRamDeviceStatic()) {
673 // Allow voice search on low-ram devices
674 Intent globalSearchIntent = new Intent("android.search.action.GLOBAL_SEARCH");
675 PackageParser.Package globalSearchPickerPackage =
676 getDefaultSystemHandlerActivityPackage(globalSearchIntent, userId);
677
678 if (globalSearchPickerPackage != null
679 && doesPackageSupportRuntimePermissions(globalSearchPickerPackage)) {
680 grantRuntimePermissions(globalSearchPickerPackage,
Ng Zhi An202372d2017-12-19 11:19:30 -0800[diff] [blame]681 MICROPHONE_PERMISSIONS, false, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]682 grantRuntimePermissions(globalSearchPickerPackage,
Ng Zhi An202372d2017-12-19 11:19:30 -0800[diff] [blame]683 LOCATION_PERMISSIONS, false, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]684 }
685 }
686
687 // Voice recognition
688 Intent voiceRecoIntent = new Intent("android.speech.RecognitionService");
689 voiceRecoIntent.addCategory(Intent.CATEGORY_DEFAULT);
690 PackageParser.Package voiceRecoPackage = getDefaultSystemHandlerServicePackage(
691 voiceRecoIntent, userId);
692 if (voiceRecoPackage != null
693 && doesPackageSupportRuntimePermissions(voiceRecoPackage)) {
694 grantRuntimePermissions(voiceRecoPackage, MICROPHONE_PERMISSIONS, userId);
695 }
696
697 // Location
698 if (locationPackageNames != null) {
699 for (String packageName : locationPackageNames) {
700 PackageParser.Package locationPackage = getSystemPackage(packageName);
701 if (locationPackage != null
702 && doesPackageSupportRuntimePermissions(locationPackage)) {
703 grantRuntimePermissions(locationPackage, CONTACTS_PERMISSIONS, userId);
704 grantRuntimePermissions(locationPackage, CALENDAR_PERMISSIONS, userId);
705 grantRuntimePermissions(locationPackage, MICROPHONE_PERMISSIONS, userId);
706 grantRuntimePermissions(locationPackage, PHONE_PERMISSIONS, userId);
707 grantRuntimePermissions(locationPackage, SMS_PERMISSIONS, userId);
708 grantRuntimePermissions(locationPackage, LOCATION_PERMISSIONS,
709 true, userId);
710 grantRuntimePermissions(locationPackage, CAMERA_PERMISSIONS, userId);
711 grantRuntimePermissions(locationPackage, SENSORS_PERMISSIONS, userId);
712 grantRuntimePermissions(locationPackage, STORAGE_PERMISSIONS, userId);
713 }
714 }
715 }
716
717 // Music
718 Intent musicIntent = new Intent(Intent.ACTION_VIEW);
719 musicIntent.addCategory(Intent.CATEGORY_DEFAULT);
720 musicIntent.setDataAndType(Uri.fromFile(new File("foo.mp3")),
721 AUDIO_MIME_TYPE);
722 PackageParser.Package musicPackage = getDefaultSystemHandlerActivityPackage(
723 musicIntent, userId);
724 if (musicPackage != null
725 && doesPackageSupportRuntimePermissions(musicPackage)) {
726 grantRuntimePermissions(musicPackage, STORAGE_PERMISSIONS, userId);
727 }
728
729 // Home
730 Intent homeIntent = new Intent(Intent.ACTION_MAIN);
731 homeIntent.addCategory(Intent.CATEGORY_HOME);
732 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER_APP);
733 PackageParser.Package homePackage = getDefaultSystemHandlerActivityPackage(
734 homeIntent, userId);
735 if (homePackage != null
736 && doesPackageSupportRuntimePermissions(homePackage)) {
737 grantRuntimePermissions(homePackage, LOCATION_PERMISSIONS, false, userId);
738 }
739
740 // Watches
741 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0)) {
742 // Home application on watches
743 Intent wearHomeIntent = new Intent(Intent.ACTION_MAIN);
744 wearHomeIntent.addCategory(Intent.CATEGORY_HOME_MAIN);
745
746 PackageParser.Package wearHomePackage = getDefaultSystemHandlerActivityPackage(
747 wearHomeIntent, userId);
748
749 if (wearHomePackage != null
750 && doesPackageSupportRuntimePermissions(wearHomePackage)) {
751 grantRuntimePermissions(wearHomePackage, CONTACTS_PERMISSIONS, false,
752 userId);
753 grantRuntimePermissions(wearHomePackage, PHONE_PERMISSIONS, true, userId);
754 grantRuntimePermissions(wearHomePackage, MICROPHONE_PERMISSIONS, false,
755 userId);
756 grantRuntimePermissions(wearHomePackage, LOCATION_PERMISSIONS, false,
757 userId);
758 }
759
760 // Fitness tracking on watches
761 Intent trackIntent = new Intent(ACTION_TRACK);
762 PackageParser.Package trackPackage = getDefaultSystemHandlerActivityPackage(
763 trackIntent, userId);
764 if (trackPackage != null
765 && doesPackageSupportRuntimePermissions(trackPackage)) {
766 grantRuntimePermissions(trackPackage, SENSORS_PERMISSIONS, false, userId);
767 grantRuntimePermissions(trackPackage, LOCATION_PERMISSIONS, false, userId);
768 }
769 }
770
771 // Print Spooler
772 PackageParser.Package printSpoolerPackage = getSystemPackage(
773 PrintManager.PRINT_SPOOLER_PACKAGE_NAME);
774 if (printSpoolerPackage != null
775 && doesPackageSupportRuntimePermissions(printSpoolerPackage)) {
776 grantRuntimePermissions(printSpoolerPackage, LOCATION_PERMISSIONS, true, userId);
777 }
778
779 // EmergencyInfo
780 Intent emergencyInfoIntent = new Intent(TelephonyManager.ACTION_EMERGENCY_ASSISTANCE);
781 PackageParser.Package emergencyInfoPckg = getDefaultSystemHandlerActivityPackage(
782 emergencyInfoIntent, userId);
783 if (emergencyInfoPckg != null
784 && doesPackageSupportRuntimePermissions(emergencyInfoPckg)) {
785 grantRuntimePermissions(emergencyInfoPckg, CONTACTS_PERMISSIONS, true, userId);
786 grantRuntimePermissions(emergencyInfoPckg, PHONE_PERMISSIONS, true, userId);
787 }
788
789 // NFC Tag viewer
790 Intent nfcTagIntent = new Intent(Intent.ACTION_VIEW);
791 nfcTagIntent.setType("vnd.android.cursor.item/ndef_msg");
792 PackageParser.Package nfcTagPkg = getDefaultSystemHandlerActivityPackage(
793 nfcTagIntent, userId);
794 if (nfcTagPkg != null
795 && doesPackageSupportRuntimePermissions(nfcTagPkg)) {
796 grantRuntimePermissions(nfcTagPkg, CONTACTS_PERMISSIONS, false, userId);
797 grantRuntimePermissions(nfcTagPkg, PHONE_PERMISSIONS, false, userId);
798 }
799
800 // Storage Manager
801 Intent storageManagerIntent = new Intent(StorageManager.ACTION_MANAGE_STORAGE);
802 PackageParser.Package storageManagerPckg = getDefaultSystemHandlerActivityPackage(
803 storageManagerIntent, userId);
804 if (storageManagerPckg != null
805 && doesPackageSupportRuntimePermissions(storageManagerPckg)) {
806 grantRuntimePermissions(storageManagerPckg, STORAGE_PERMISSIONS, true, userId);
807 }
808
809 // Companion devices
810 PackageParser.Package companionDeviceDiscoveryPackage = getSystemPackage(
811 CompanionDeviceManager.COMPANION_DEVICE_DISCOVERY_PACKAGE_NAME);
812 if (companionDeviceDiscoveryPackage != null
813 && doesPackageSupportRuntimePermissions(companionDeviceDiscoveryPackage)) {
814 grantRuntimePermissions(companionDeviceDiscoveryPackage,
815 LOCATION_PERMISSIONS, true, userId);
816 }
817
818 // Ringtone Picker
819 Intent ringtonePickerIntent = new Intent(RingtoneManager.ACTION_RINGTONE_PICKER);
820 PackageParser.Package ringtonePickerPackage =
821 getDefaultSystemHandlerActivityPackage(ringtonePickerIntent, userId);
822 if (ringtonePickerPackage != null
823 && doesPackageSupportRuntimePermissions(ringtonePickerPackage)) {
824 grantRuntimePermissions(ringtonePickerPackage,
825 STORAGE_PERMISSIONS, true, userId);
826 }
827
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]828 // TextClassifier Service
Ye Wen8e8b2d52018-03-14 11:48:24 -0700[diff] [blame]829 String textClassifierPackageName =
830 mContext.getPackageManager().getSystemTextClassifierPackageName();
831 if (!TextUtils.isEmpty(textClassifierPackageName)) {
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]832 PackageParser.Package textClassifierPackage =
Ye Wen8e8b2d52018-03-14 11:48:24 -0700[diff] [blame]833 getSystemPackage(textClassifierPackageName);
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]834 if (textClassifierPackage != null
835 && doesPackageSupportRuntimePermissions(textClassifierPackage)) {
Eugene Susla0988f242018-06-05 17:06:02 -0700[diff] [blame]836 grantRuntimePermissions(textClassifierPackage, PHONE_PERMISSIONS, true, userId);
837 grantRuntimePermissions(textClassifierPackage, SMS_PERMISSIONS, true, userId);
838 grantRuntimePermissions(textClassifierPackage, CALENDAR_PERMISSIONS, true, userId);
839 grantRuntimePermissions(textClassifierPackage, LOCATION_PERMISSIONS, true, userId);
840 grantRuntimePermissions(textClassifierPackage, CONTACTS_PERMISSIONS, true, userId);
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]841 }
842 }
843
Anton Philippov4b3a1f52018-05-04 14:46:44 +0100[diff] [blame]844 // There is no real "marker" interface to identify the shared storage backup, it is
845 // hardcoded in BackupManagerService.SHARED_BACKUP_AGENT_PACKAGE.
846 PackageParser.Package sharedStorageBackupPackage = getSystemPackage(
847 "com.android.sharedstoragebackup");
848 if (sharedStorageBackupPackage != null) {
849 grantRuntimePermissions(sharedStorageBackupPackage, STORAGE_PERMISSIONS, true, userId);
850 }
851
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]852 if (mPermissionGrantedCallback != null) {
853 mPermissionGrantedCallback.onDefaultRuntimePermissionsGranted(userId);
854 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]855 }
856
857 private void grantDefaultPermissionsToDefaultSystemDialerApp(
858 PackageParser.Package dialerPackage, int userId) {
859 if (doesPackageSupportRuntimePermissions(dialerPackage)) {
860 boolean isPhonePermFixed =
861 mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0);
862 grantRuntimePermissions(
863 dialerPackage, PHONE_PERMISSIONS, isPhonePermFixed, userId);
864 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, userId);
865 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, userId);
866 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, userId);
867 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, userId);
868 }
869 }
870
871 private void grantDefaultPermissionsToDefaultSystemSmsApp(
872 PackageParser.Package smsPackage, int userId) {
873 if (doesPackageSupportRuntimePermissions(smsPackage)) {
874 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, userId);
875 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, userId);
876 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, userId);
877 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, userId);
878 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, userId);
879 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, userId);
880 }
881 }
882
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]883 private void grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(
884 PackageParser.Package useOpenWifiPackage, int userId) {
885 if (doesPackageSupportRuntimePermissions(useOpenWifiPackage)) {
886 grantRuntimePermissions(useOpenWifiPackage, COARSE_LOCATION_PERMISSIONS, userId);
887 }
888 }
889
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]890 public void grantDefaultPermissionsToDefaultSmsApp(String packageName, int userId) {
891 Log.i(TAG, "Granting permissions to default sms app for user:" + userId);
892 if (packageName == null) {
893 return;
894 }
895 PackageParser.Package smsPackage = getPackage(packageName);
896 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) {
897 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, false, true, userId);
898 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, false, true, userId);
899 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, false, true, userId);
900 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, false, true, userId);
901 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, false, true, userId);
902 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, false, true, userId);
903 }
904 }
905
906 public void grantDefaultPermissionsToDefaultDialerApp(String packageName, int userId) {
907 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId);
908 if (packageName == null) {
909 return;
910 }
911 PackageParser.Package dialerPackage = getPackage(packageName);
912 if (dialerPackage != null
913 && doesPackageSupportRuntimePermissions(dialerPackage)) {
914 grantRuntimePermissions(dialerPackage, PHONE_PERMISSIONS, false, true, userId);
915 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, false, true, userId);
916 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, false, true, userId);
917 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, false, true, userId);
918 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, false, true, userId);
919 }
920 }
921
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]922 public void grantDefaultPermissionsToDefaultUseOpenWifiApp(String packageName, int userId) {
923 Log.i(TAG, "Granting permissions to default Use Open WiFi app for user:" + userId);
924 if (packageName == null) {
925 return;
926 }
927 PackageParser.Package useOpenWifiPackage = getPackage(packageName);
928 if (useOpenWifiPackage != null
929 && doesPackageSupportRuntimePermissions(useOpenWifiPackage)) {
930 grantRuntimePermissions(
931 useOpenWifiPackage, COARSE_LOCATION_PERMISSIONS, false, true, userId);
932 }
933 }
934
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]935 private void grantDefaultPermissionsToDefaultSimCallManager(
936 PackageParser.Package simCallManagerPackage, int userId) {
937 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId);
938 if (doesPackageSupportRuntimePermissions(simCallManagerPackage)) {
939 grantRuntimePermissions(simCallManagerPackage, PHONE_PERMISSIONS, userId);
940 grantRuntimePermissions(simCallManagerPackage, MICROPHONE_PERMISSIONS, userId);
941 }
942 }
943
944 public void grantDefaultPermissionsToDefaultSimCallManager(String packageName, int userId) {
945 if (packageName == null) {
946 return;
947 }
948 PackageParser.Package simCallManagerPackage = getPackage(packageName);
949 if (simCallManagerPackage != null) {
950 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage, userId);
951 }
952 }
953
954 public void grantDefaultPermissionsToEnabledCarrierApps(String[] packageNames, int userId) {
955 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId);
956 if (packageNames == null) {
957 return;
958 }
959 for (String packageName : packageNames) {
960 PackageParser.Package carrierPackage = getSystemPackage(packageName);
961 if (carrierPackage != null
962 && doesPackageSupportRuntimePermissions(carrierPackage)) {
963 grantRuntimePermissions(carrierPackage, PHONE_PERMISSIONS, userId);
964 grantRuntimePermissions(carrierPackage, LOCATION_PERMISSIONS, userId);
965 grantRuntimePermissions(carrierPackage, SMS_PERMISSIONS, userId);
966 }
967 }
968 }
969
970 public void grantDefaultPermissionsToEnabledImsServices(String[] packageNames, int userId) {
971 Log.i(TAG, "Granting permissions to enabled ImsServices for user:" + userId);
972 if (packageNames == null) {
973 return;
974 }
975 for (String packageName : packageNames) {
976 PackageParser.Package imsServicePackage = getSystemPackage(packageName);
977 if (imsServicePackage != null
978 && doesPackageSupportRuntimePermissions(imsServicePackage)) {
979 grantRuntimePermissions(imsServicePackage, PHONE_PERMISSIONS, userId);
980 grantRuntimePermissions(imsServicePackage, MICROPHONE_PERMISSIONS, userId);
981 grantRuntimePermissions(imsServicePackage, LOCATION_PERMISSIONS, userId);
982 grantRuntimePermissions(imsServicePackage, CAMERA_PERMISSIONS, userId);
Mohamed Abdalkaderd6d55742018-03-12 14:36:14 -0700[diff] [blame]983 grantRuntimePermissions(imsServicePackage, CONTACTS_PERMISSIONS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]984 }
985 }
986 }
987
Nathan Harold76ad1a32018-02-20 14:31:09 -0800[diff] [blame]988 public void grantDefaultPermissionsToEnabledTelephonyDataServices(
989 String[] packageNames, int userId) {
990 Log.i(TAG, "Granting permissions to enabled data services for user:" + userId);
991 if (packageNames == null) {
992 return;
993 }
994 for (String packageName : packageNames) {
995 PackageParser.Package dataServicePackage = getSystemPackage(packageName);
996 if (dataServicePackage != null
997 && doesPackageSupportRuntimePermissions(dataServicePackage)) {
998 // Grant these permissions as system-fixed, so that nobody can accidentally
999 // break cellular data.
1000 grantRuntimePermissions(dataServicePackage, PHONE_PERMISSIONS, true, userId);
1001 grantRuntimePermissions(dataServicePackage, LOCATION_PERMISSIONS, true, userId);
1002 }
1003 }
1004 }
1005
1006 public void revokeDefaultPermissionsFromDisabledTelephonyDataServices(
1007 String[] packageNames, int userId) {
1008 Log.i(TAG, "Revoking permissions from disabled data services for user:" + userId);
1009 if (packageNames == null) {
1010 return;
1011 }
1012 for (String packageName : packageNames) {
1013 PackageParser.Package dataServicePackage = getSystemPackage(packageName);
1014 if (dataServicePackage != null
1015 && doesPackageSupportRuntimePermissions(dataServicePackage)) {
1016 revokeRuntimePermissions(dataServicePackage, PHONE_PERMISSIONS, true, userId);
1017 revokeRuntimePermissions(dataServicePackage, LOCATION_PERMISSIONS, true, userId);
1018 }
1019 }
1020 }
1021
Holly Jiuyu Sun349e2142018-03-26 15:29:42 -0700[diff] [blame]1022 public void grantDefaultPermissionsToActiveLuiApp(String packageName, int userId) {
1023 Log.i(TAG, "Granting permissions to active LUI app for user:" + userId);
1024 if (packageName == null) {
1025 return;
1026 }
1027 PackageParser.Package luiAppPackage = getSystemPackage(packageName);
1028 if (luiAppPackage != null
1029 && doesPackageSupportRuntimePermissions(luiAppPackage)) {
1030 grantRuntimePermissions(luiAppPackage, CAMERA_PERMISSIONS, true, userId);
1031 }
1032 }
1033
1034 public void revokeDefaultPermissionsFromLuiApps(String[] packageNames, int userId) {
1035 Log.i(TAG, "Revoke permissions from LUI apps for user:" + userId);
1036 if (packageNames == null) {
1037 return;
1038 }
1039 for (String packageName : packageNames) {
1040 PackageParser.Package luiAppPackage = getSystemPackage(packageName);
1041 if (luiAppPackage != null
1042 && doesPackageSupportRuntimePermissions(luiAppPackage)) {
1043 revokeRuntimePermissions(luiAppPackage, CAMERA_PERMISSIONS, true, userId);
1044 }
1045 }
1046 }
1047
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1048 public void grantDefaultPermissionsToDefaultBrowser(String packageName, int userId) {
1049 Log.i(TAG, "Granting permissions to default browser for user:" + userId);
1050 if (packageName == null) {
1051 return;
1052 }
1053 PackageParser.Package browserPackage = getSystemPackage(packageName);
1054 if (browserPackage != null
1055 && doesPackageSupportRuntimePermissions(browserPackage)) {
1056 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, false, false, userId);
1057 }
1058 }
1059
1060 private PackageParser.Package getDefaultSystemHandlerActivityPackage(
1061 Intent intent, int userId) {
1062 ResolveInfo handler = mServiceInternal.resolveIntent(intent,
Patrick Baumann78380272018-04-04 10:41:01 -0700[diff] [blame]1063 intent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS, userId, false,
1064 Binder.getCallingUid());
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1065 if (handler == null || handler.activityInfo == null) {
1066 return null;
1067 }
1068 if (mServiceInternal.isResolveActivityComponent(handler.activityInfo)) {
1069 return null;
1070 }
1071 return getSystemPackage(handler.activityInfo.packageName);
1072 }
1073
1074 private PackageParser.Package getDefaultSystemHandlerServicePackage(
1075 Intent intent, int userId) {
1076 List<ResolveInfo> handlers = mServiceInternal.queryIntentServices(
1077 intent, DEFAULT_FLAGS, Binder.getCallingUid(), userId);
1078 if (handlers == null) {
1079 return null;
1080 }
1081 final int handlerCount = handlers.size();
1082 for (int i = 0; i < handlerCount; i++) {
1083 ResolveInfo handler = handlers.get(i);
1084 PackageParser.Package handlerPackage = getSystemPackage(
1085 handler.serviceInfo.packageName);
1086 if (handlerPackage != null) {
1087 return handlerPackage;
1088 }
1089 }
1090 return null;
1091 }
1092
1093 private List<PackageParser.Package> getHeadlessSyncAdapterPackages(
1094 String[] syncAdapterPackageNames, int userId) {
1095 List<PackageParser.Package> syncAdapterPackages = new ArrayList<>();
1096
1097 Intent homeIntent = new Intent(Intent.ACTION_MAIN);
1098 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER);
1099
1100 for (String syncAdapterPackageName : syncAdapterPackageNames) {
1101 homeIntent.setPackage(syncAdapterPackageName);
1102
1103 ResolveInfo homeActivity = mServiceInternal.resolveIntent(homeIntent,
1104 homeIntent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS,
Patrick Baumann78380272018-04-04 10:41:01 -0700[diff] [blame]1105 userId, false, Binder.getCallingUid());
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1106 if (homeActivity != null) {
1107 continue;
1108 }
1109
1110 PackageParser.Package syncAdapterPackage = getSystemPackage(syncAdapterPackageName);
1111 if (syncAdapterPackage != null) {
1112 syncAdapterPackages.add(syncAdapterPackage);
1113 }
1114 }
1115
1116 return syncAdapterPackages;
1117 }
1118
1119 private PackageParser.Package getDefaultProviderAuthorityPackage(
1120 String authority, int userId) {
1121 ProviderInfo provider =
1122 mServiceInternal.resolveContentProvider(authority, DEFAULT_FLAGS, userId);
1123 if (provider != null) {
1124 return getSystemPackage(provider.packageName);
1125 }
1126 return null;
1127 }
1128
1129 private PackageParser.Package getPackage(String packageName) {
1130 return mServiceInternal.getPackage(packageName);
1131 }
1132
1133 private PackageParser.Package getSystemPackage(String packageName) {
1134 PackageParser.Package pkg = getPackage(packageName);
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1135 if (pkg != null && pkg.isSystem()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1136 return !isSysComponentOrPersistentPlatformSignedPrivApp(pkg) ? pkg : null;
1137 }
1138 return null;
1139 }
1140
1141 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
1142 int userId) {
1143 grantRuntimePermissions(pkg, permissions, false, false, userId);
1144 }
1145
1146 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
1147 boolean systemFixed, int userId) {
1148 grantRuntimePermissions(pkg, permissions, systemFixed, false, userId);
1149 }
1150
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1151 private void revokeRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
1152 boolean systemFixed, int userId) {
1153 if (pkg.requestedPermissions.isEmpty()) {
1154 return;
1155 }
1156 Set<String> revokablePermissions = new ArraySet<>(pkg.requestedPermissions);
1157
1158 for (String permission : permissions) {
1159 // We can't revoke what wasn't requested.
1160 if (!revokablePermissions.contains(permission)) {
1161 continue;
1162 }
1163
1164 final int flags = mServiceInternal.getPermissionFlagsTEMP(
1165 permission, pkg.packageName, userId);
1166
1167 // We didn't get this through the default grant policy. Move along.
1168 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) == 0) {
1169 continue;
1170 }
1171 // We aren't going to clobber device policy with a DefaultGrant.
1172 if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) {
1173 continue;
1174 }
1175 // Do not revoke system fixed permissions unless caller set them that way;
1176 // there is no refcount for the number of sources of this, so there
1177 // should be at most one grantor doing SYSTEM_FIXED for any given package.
1178 if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 && !systemFixed) {
1179 continue;
1180 }
1181 mServiceInternal.revokeRuntimePermission(pkg.packageName, permission, userId, false);
1182
1183 if (DEBUG) {
1184 Log.i(TAG, "revoked " + (systemFixed ? "fixed " : "not fixed ")
1185 + permission + " to " + pkg.packageName);
1186 }
1187
1188 // Remove the GRANTED_BY_DEFAULT flag without touching the others.
1189 // Note that we do not revoke FLAG_PERMISSION_SYSTEM_FIXED. That bit remains
1190 // sticky once set.
1191 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName,
1192 PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT, 0, userId);
1193 }
1194 }
1195
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1196 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions,
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1197 boolean systemFixed, boolean ignoreSystemPackage, int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1198 if (pkg.requestedPermissions.isEmpty()) {
1199 return;
1200 }
1201
1202 List<String> requestedPermissions = pkg.requestedPermissions;
1203 Set<String> grantablePermissions = null;
1204
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1205 // In some cases, like for the Phone or SMS app, we grant permissions regardless
1206 // of if the version on the system image declares the permission as used since
1207 // selecting the app as the default for that function the user makes a deliberate
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1208 // choice to grant this app the permissions needed to function. For all other
1209 // apps, (default grants on first boot and user creation) we don't grant default
1210 // permissions if the version on the system image does not declare them.
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1211 if (!ignoreSystemPackage && pkg.isUpdatedSystemApp()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1212 final PackageParser.Package disabledPkg =
1213 mServiceInternal.getDisabledPackage(pkg.packageName);
1214 if (disabledPkg != null) {
1215 if (disabledPkg.requestedPermissions.isEmpty()) {
1216 return;
1217 }
1218 if (!requestedPermissions.equals(disabledPkg.requestedPermissions)) {
1219 grantablePermissions = new ArraySet<>(requestedPermissions);
1220 requestedPermissions = disabledPkg.requestedPermissions;
1221 }
1222 }
1223 }
1224
1225 final int grantablePermissionCount = requestedPermissions.size();
1226 for (int i = 0; i < grantablePermissionCount; i++) {
1227 String permission = requestedPermissions.get(i);
1228
1229 // If there is a disabled system app it may request a permission the updated
1230 // version ot the data partition doesn't, In this case skip the permission.
1231 if (grantablePermissions != null && !grantablePermissions.contains(permission)) {
1232 continue;
1233 }
1234
1235 if (permissions.contains(permission)) {
1236 final int flags = mServiceInternal.getPermissionFlagsTEMP(
1237 permission, pkg.packageName, userId);
1238
1239 // If any flags are set to the permission, then it is either set in
1240 // its current state by the system or device/profile owner or the user.
1241 // In all these cases we do not want to clobber the current state.
1242 // Unless the caller wants to override user choices. The override is
1243 // to make sure we can grant the needed permission to the default
1244 // sms and phone apps after the user chooses this in the UI.
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1245 if (flags == 0 || ignoreSystemPackage) {
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1246 // Never clobber policy fixed permissions.
1247 // We must allow the grant of a system-fixed permission because
1248 // system-fixed is sticky, but the permission itself may be revoked.
1249 if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1250 continue;
1251 }
1252
1253 mServiceInternal.grantRuntimePermission(
1254 pkg.packageName, permission, userId, false);
1255 if (DEBUG) {
1256 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ")
1257 + permission + " to default handler " + pkg.packageName);
1258 }
1259
1260 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT;
1261 if (systemFixed) {
1262 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
1263 }
1264
1265 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName,
1266 newFlags, newFlags, userId);
1267 }
1268
1269 // If a component gets a permission for being the default handler A
1270 // and also default handler B, we grant the weaker grant form.
1271 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
1272 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0
1273 && !systemFixed) {
1274 if (DEBUG) {
1275 Log.i(TAG, "Granted not fixed " + permission + " to default handler "
1276 + pkg.packageName);
1277 }
1278 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName,
1279 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, userId);
1280 }
1281 }
1282 }
1283 }
1284
1285 private boolean isSysComponentOrPersistentPlatformSignedPrivApp(PackageParser.Package pkg) {
1286 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) {
1287 return true;
1288 }
Todd Kennedyc29b11a2017-10-23 15:55:59 -0700[diff] [blame]1289 if (!pkg.isPrivileged()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1290 return false;
1291 }
1292 final PackageParser.Package disabledPkg =
1293 mServiceInternal.getDisabledPackage(pkg.packageName);
1294 if (disabledPkg != null) {
1295 if ((disabledPkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
1296 return false;
1297 }
1298 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
1299 return false;
1300 }
1301 final String systemPackageName = mServiceInternal.getKnownPackageName(
1302 PackageManagerInternal.PACKAGE_SYSTEM, UserHandle.USER_SYSTEM);
1303 final PackageParser.Package systemPackage = getPackage(systemPackageName);
Dan Cashman1dbe6d02018-01-23 11:18:28 -0800[diff] [blame]1304 return pkg.mSigningDetails.hasAncestorOrSelf(systemPackage.mSigningDetails)
1305 || systemPackage.mSigningDetails.checkCapability(pkg.mSigningDetails,
1306 PackageParser.SigningDetails.CertCapabilities.PERMISSION);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1307 }
1308
1309 private void grantDefaultPermissionExceptions(int userId) {
1310 mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
1311
1312 synchronized (mLock) {
1313 // mGrantExceptions is null only before the first read and then
1314 // it serves as a cache of the default grants that should be
1315 // performed for every user. If there is an entry then the app
1316 // is on the system image and supports runtime permissions.
1317 if (mGrantExceptions == null) {
1318 mGrantExceptions = readDefaultPermissionExceptionsLocked();
1319 }
1320 }
1321
1322 Set<String> permissions = null;
1323 final int exceptionCount = mGrantExceptions.size();
1324 for (int i = 0; i < exceptionCount; i++) {
1325 String packageName = mGrantExceptions.keyAt(i);
1326 PackageParser.Package pkg = getSystemPackage(packageName);
1327 List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i);
1328 final int permissionGrantCount = permissionGrants.size();
1329 for (int j = 0; j < permissionGrantCount; j++) {
1330 DefaultPermissionGrant permissionGrant = permissionGrants.get(j);
1331 if (permissions == null) {
1332 permissions = new ArraySet<>();
1333 } else {
1334 permissions.clear();
1335 }
1336 permissions.add(permissionGrant.name);
1337 grantRuntimePermissions(pkg, permissions,
1338 permissionGrant.fixed, userId);
1339 }
1340 }
1341 }
1342
1343 private File[] getDefaultPermissionFiles() {
1344 ArrayList<File> ret = new ArrayList<File>();
1345 File dir = new File(Environment.getRootDirectory(), "etc/default-permissions");
1346 if (dir.isDirectory() && dir.canRead()) {
1347 Collections.addAll(ret, dir.listFiles());
1348 }
1349 dir = new File(Environment.getVendorDirectory(), "etc/default-permissions");
1350 if (dir.isDirectory() && dir.canRead()) {
1351 Collections.addAll(ret, dir.listFiles());
1352 }
Jiyong Park0989e382018-03-13 10:26:47 +0900[diff] [blame]1353 dir = new File(Environment.getOdmDirectory(), "etc/default-permissions");
1354 if (dir.isDirectory() && dir.canRead()) {
1355 Collections.addAll(ret, dir.listFiles());
1356 }
Jaekyun Seok1713d9e2018-01-12 21:47:26 +0900[diff] [blame]1357 dir = new File(Environment.getProductDirectory(), "etc/default-permissions");
1358 if (dir.isDirectory() && dir.canRead()) {
1359 Collections.addAll(ret, dir.listFiles());
1360 }
Ralph Nathanbd111582018-03-21 14:53:23 -0700[diff] [blame]1361 // For IoT devices, we check the oem partition for default permissions for each app.
1362 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) {
1363 dir = new File(Environment.getOemDirectory(), "etc/default-permissions");
1364 if (dir.isDirectory() && dir.canRead()) {
1365 Collections.addAll(ret, dir.listFiles());
1366 }
1367 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1368 return ret.isEmpty() ? null : ret.toArray(new File[0]);
1369 }
1370
1371 private @NonNull ArrayMap<String, List<DefaultPermissionGrant>>
1372 readDefaultPermissionExceptionsLocked() {
1373 File[] files = getDefaultPermissionFiles();
1374 if (files == null) {
1375 return new ArrayMap<>(0);
1376 }
1377
1378 ArrayMap<String, List<DefaultPermissionGrant>> grantExceptions = new ArrayMap<>();
1379
1380 // Iterate over the files in the directory and scan .xml files
1381 for (File file : files) {
1382 if (!file.getPath().endsWith(".xml")) {
1383 Slog.i(TAG, "Non-xml file " + file
1384 + " in " + file.getParent() + " directory, ignoring");
1385 continue;
1386 }
1387 if (!file.canRead()) {
1388 Slog.w(TAG, "Default permissions file " + file + " cannot be read");
1389 continue;
1390 }
1391 try (
1392 InputStream str = new BufferedInputStream(new FileInputStream(file))
1393 ) {
1394 XmlPullParser parser = Xml.newPullParser();
1395 parser.setInput(str, null);
1396 parse(parser, grantExceptions);
1397 } catch (XmlPullParserException | IOException e) {
1398 Slog.w(TAG, "Error reading default permissions file " + file, e);
1399 }
1400 }
1401
1402 return grantExceptions;
1403 }
1404
1405 private void parse(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1406 outGrantExceptions) throws IOException, XmlPullParserException {
1407 final int outerDepth = parser.getDepth();
1408 int type;
1409 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1410 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1411 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1412 continue;
1413 }
1414 if (TAG_EXCEPTIONS.equals(parser.getName())) {
1415 parseExceptions(parser, outGrantExceptions);
1416 } else {
1417 Log.e(TAG, "Unknown tag " + parser.getName());
1418 }
1419 }
1420 }
1421
1422 private void parseExceptions(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1423 outGrantExceptions) throws IOException, XmlPullParserException {
1424 final int outerDepth = parser.getDepth();
1425 int type;
1426 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1427 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1428 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1429 continue;
1430 }
1431 if (TAG_EXCEPTION.equals(parser.getName())) {
1432 String packageName = parser.getAttributeValue(null, ATTR_PACKAGE);
1433
1434 List<DefaultPermissionGrant> packageExceptions =
1435 outGrantExceptions.get(packageName);
1436 if (packageExceptions == null) {
1437 // The package must be on the system image
1438 PackageParser.Package pkg = getSystemPackage(packageName);
1439 if (pkg == null) {
1440 Log.w(TAG, "Unknown package:" + packageName);
1441 XmlUtils.skipCurrentTag(parser);
1442 continue;
1443 }
1444
1445 // The package must support runtime permissions
1446 if (!doesPackageSupportRuntimePermissions(pkg)) {
1447 Log.w(TAG, "Skipping non supporting runtime permissions package:"
1448 + packageName);
1449 XmlUtils.skipCurrentTag(parser);
1450 continue;
1451 }
1452 packageExceptions = new ArrayList<>();
1453 outGrantExceptions.put(packageName, packageExceptions);
1454 }
1455
1456 parsePermission(parser, packageExceptions);
1457 } else {
1458 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exceptions>");
1459 }
1460 }
1461 }
1462
1463 private void parsePermission(XmlPullParser parser, List<DefaultPermissionGrant>
1464 outPackageExceptions) throws IOException, XmlPullParserException {
1465 final int outerDepth = parser.getDepth();
1466 int type;
1467 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1468 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1469 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1470 continue;
1471 }
1472
1473 if (TAG_PERMISSION.contains(parser.getName())) {
1474 String name = parser.getAttributeValue(null, ATTR_NAME);
1475 if (name == null) {
1476 Log.w(TAG, "Mandatory name attribute missing for permission tag");
1477 XmlUtils.skipCurrentTag(parser);
1478 continue;
1479 }
1480
1481 final boolean fixed = XmlUtils.readBooleanAttribute(parser, ATTR_FIXED);
1482
1483 DefaultPermissionGrant exception = new DefaultPermissionGrant(name, fixed);
1484 outPackageExceptions.add(exception);
1485 } else {
1486 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exception>");
1487 }
1488 }
1489 }
1490
1491 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) {
1492 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1;
1493 }
1494
1495 private static final class DefaultPermissionGrant {
1496 final String name;
1497 final boolean fixed;
1498
1499 public DefaultPermissionGrant(String name, boolean fixed) {
1500 this.name = name;
1501 this.fixed = fixed;
1502 }
1503 }
1504}