Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / frameworks / base / f7aec5de098167cc66fe398284ae036351b2a2be / . / services / core / java / com / android / server / pm / permission / DefaultPermissionGrantPolicy.java
blob: f76298592c2beab8a6b1961be2abe4aff913af53 [file] [log] [blame]
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package com.android.server.pm.permission;
18
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]19import static android.os.Process.FIRST_APPLICATION_UID;
Todd Kennedy7c4c55d2017-11-02 10:01:39 -0700[diff] [blame]20
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]21import android.Manifest;
22import android.annotation.NonNull;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]23import android.annotation.Nullable;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]24import android.app.ActivityManager;
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]25import android.app.AppOpsManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]26import android.app.DownloadManager;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]27import android.app.SearchManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]28import android.app.admin.DevicePolicyManager;
29import android.companion.CompanionDeviceManager;
30import android.content.Context;
31import android.content.Intent;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]32import android.content.pm.ApplicationInfo;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]33import android.content.pm.PackageInfo;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]34import android.content.pm.PackageManager;
Jeff Sharkey7a807602018-10-18 13:21:55 -0600[diff] [blame]35import android.content.pm.PackageManager.NameNotFoundException;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]36import android.content.pm.PackageManagerInternal;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]37import android.content.pm.PackageManagerInternal.PackagesProvider;
38import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider;
Jeff Sharkey7a807602018-10-18 13:21:55 -0600[diff] [blame]39import android.content.pm.PermissionInfo;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]40import android.content.pm.ProviderInfo;
41import android.content.pm.ResolveInfo;
42import android.media.RingtoneManager;
43import android.net.Uri;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]44import android.os.Build;
45import android.os.Environment;
46import android.os.Handler;
47import android.os.Looper;
48import android.os.Message;
49import android.os.UserHandle;
50import android.os.storage.StorageManager;
Philip P. Moltmann039678e2018-09-18 13:04:38 -0700[diff] [blame]51import android.permission.PermissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]52import android.print.PrintManager;
53import android.provider.CalendarContract;
54import android.provider.ContactsContract;
55import android.provider.MediaStore;
56import android.provider.Telephony.Sms.Intents;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]57import android.security.Credentials;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]58import android.speech.RecognitionService;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]59import android.telephony.TelephonyManager;
Ye Wen8e8b2d52018-03-14 11:48:24 -0700[diff] [blame]60import android.text.TextUtils;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]61import android.util.ArrayMap;
62import android.util.ArraySet;
63import android.util.Log;
64import android.util.Slog;
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]65import android.util.SparseIntArray;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]66import android.util.Xml;
Jeff Sharkey0095a822018-02-15 13:06:53 -0700[diff] [blame]67
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]68import com.android.internal.annotations.GuardedBy;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]69import com.android.internal.util.ArrayUtils;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]70import com.android.internal.util.XmlUtils;
71import com.android.server.LocalServices;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]72
73import org.xmlpull.v1.XmlPullParser;
74import org.xmlpull.v1.XmlPullParserException;
75
76import java.io.BufferedInputStream;
77import java.io.File;
78import java.io.FileInputStream;
79import java.io.IOException;
80import java.io.InputStream;
81import java.util.ArrayList;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]82import java.util.Arrays;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]83import java.util.Collections;
84import java.util.List;
85import java.util.Map;
86import java.util.Set;
87
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]88/**
89 * This class is the policy for granting runtime permissions to
90 * platform components and default handlers in the system such
91 * that the device is usable out-of-the-box. For example, the
92 * shell UID is a part of the system and the Phone app should
93 * have phone related permission by default.
94 * <p>
95 * NOTE: This class is at the wrong abstraction level. It is a part of the package manager
96 * service but knows about lots of higher level subsystems. The correct way to do this is
97 * to have an interface defined in the package manager but have the impl next to other
98 * policy stuff like PhoneWindowManager
99 */
100public final class DefaultPermissionGrantPolicy {
101 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars
102 private static final boolean DEBUG = false;
103
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]104 @PackageManager.ResolveInfoFlags
105 private static final int DEFAULT_INTENT_QUERY_FLAGS =
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]106 PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE
107 | PackageManager.MATCH_UNINSTALLED_PACKAGES;
108
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]109 @PackageManager.PackageInfoFlags
110 private static final int DEFAULT_PACKAGE_INFO_QUERY_FLAGS =
Eugene Suslaa8d1a452019-04-10 18:00:35 -0700[diff] [blame]111 PackageManager.MATCH_UNINSTALLED_PACKAGES
112 | PackageManager.MATCH_DISABLED_UNTIL_USED_COMPONENTS
113 | PackageManager.MATCH_HIDDEN_UNTIL_INSTALLED_COMPONENTS
114 | PackageManager.GET_PERMISSIONS;
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]115
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]116 private static final String AUDIO_MIME_TYPE = "audio/mpeg";
117
118 private static final String TAG_EXCEPTIONS = "exceptions";
119 private static final String TAG_EXCEPTION = "exception";
120 private static final String TAG_PERMISSION = "permission";
121 private static final String ATTR_PACKAGE = "package";
122 private static final String ATTR_NAME = "name";
123 private static final String ATTR_FIXED = "fixed";
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]124 private static final String ATTR_WHITELISTED = "whitelisted";
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]125
126 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>();
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]127
128
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]129 static {
130 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE);
131 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE);
132 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG);
133 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG);
134 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL);
135 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP);
136 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS);
137 }
138
139 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>();
140 static {
141 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS);
142 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS);
143 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS);
144 }
145
Calvin On5eda9dd2018-12-12 15:43:28 -0800[diff] [blame]146 private static final Set<String> ALWAYS_LOCATION_PERMISSIONS = new ArraySet<>();
147 static {
148 ALWAYS_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION);
149 ALWAYS_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);
150 ALWAYS_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_BACKGROUND_LOCATION);
151 }
152
Zimuzo5ac1eb92018-11-29 12:51:14 +0000[diff] [blame]153 private static final Set<String> ACTIVITY_RECOGNITION_PERMISSIONS = new ArraySet<>();
154 static {
155 ACTIVITY_RECOGNITION_PERMISSIONS.add(Manifest.permission.ACTIVITY_RECOGNITION);
156 }
157
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]158 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>();
159 static {
160 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR);
161 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR);
162 }
163
164 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>();
165 static {
166 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS);
167 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS);
168 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS);
169 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH);
170 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS);
171 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS);
172 }
173
174 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>();
175 static {
176 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO);
177 }
178
179 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>();
180 static {
181 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA);
182 }
183
184 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>();
185 static {
186 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS);
187 }
188
189 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>();
190 static {
Philip P. Moltmannccc8add2019-03-22 12:21:56 -0700[diff] [blame]191 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE);
192 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]193 }
194
195 private static final int MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS = 1;
196
197 private static final String ACTION_TRACK = "com.android.fitness.TRACK";
198
199 private final Handler mHandler;
200
201 private PackagesProvider mLocationPackagesProvider;
Wei Wangffb94e62019-01-14 00:05:45 -0800[diff] [blame]202 private PackagesProvider mLocationExtraPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]203 private PackagesProvider mVoiceInteractionPackagesProvider;
204 private PackagesProvider mSmsAppPackagesProvider;
205 private PackagesProvider mDialerAppPackagesProvider;
206 private PackagesProvider mSimCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]207 private PackagesProvider mUseOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]208 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider;
209
210 private ArrayMap<String, List<DefaultPermissionGrant>> mGrantExceptions;
211 private final Context mContext;
212 private final Object mLock = new Object();
213 private final PackageManagerInternal mServiceInternal;
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]214 private final PermissionManagerService mPermissionManager;
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]215
216 @GuardedBy("mLock")
217 private SparseIntArray mDefaultPermissionsGrantedUsers = new SparseIntArray();
218
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]219 DefaultPermissionGrantPolicy(Context context, Looper looper,
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]220 @NonNull PermissionManagerService permissionManager) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]221 mContext = context;
222 mHandler = new Handler(looper) {
223 @Override
224 public void handleMessage(Message msg) {
225 if (msg.what == MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS) {
226 synchronized (mLock) {
227 if (mGrantExceptions == null) {
228 mGrantExceptions = readDefaultPermissionExceptionsLocked();
229 }
230 }
231 }
232 }
233 };
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]234 mPermissionManager = permissionManager;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]235 mServiceInternal = LocalServices.getService(PackageManagerInternal.class);
236 }
237
238 public void setLocationPackagesProvider(PackagesProvider provider) {
239 synchronized (mLock) {
240 mLocationPackagesProvider = provider;
241 }
242 }
243
Wei Wangffb94e62019-01-14 00:05:45 -0800[diff] [blame]244 /** Sets the provider for loction extra packages. */
245 public void setLocationExtraPackagesProvider(PackagesProvider provider) {
246 synchronized (mLock) {
247 mLocationExtraPackagesProvider = provider;
248 }
249 }
250
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]251 public void setVoiceInteractionPackagesProvider(PackagesProvider provider) {
252 synchronized (mLock) {
253 mVoiceInteractionPackagesProvider = provider;
254 }
255 }
256
257 public void setSmsAppPackagesProvider(PackagesProvider provider) {
258 synchronized (mLock) {
259 mSmsAppPackagesProvider = provider;
260 }
261 }
262
263 public void setDialerAppPackagesProvider(PackagesProvider provider) {
264 synchronized (mLock) {
265 mDialerAppPackagesProvider = provider;
266 }
267 }
268
269 public void setSimCallManagerPackagesProvider(PackagesProvider provider) {
270 synchronized (mLock) {
271 mSimCallManagerPackagesProvider = provider;
272 }
273 }
274
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]275 public void setUseOpenWifiAppPackagesProvider(PackagesProvider provider) {
276 synchronized (mLock) {
277 mUseOpenWifiAppPackagesProvider = provider;
278 }
279 }
280
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]281 public void setSyncAdapterPackagesProvider(SyncAdapterPackagesProvider provider) {
282 synchronized (mLock) {
283 mSyncAdapterPackagesProvider = provider;
284 }
285 }
286
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]287 public boolean wereDefaultPermissionsGrantedSinceBoot(int userId) {
288 synchronized (mLock) {
289 return mDefaultPermissionsGrantedUsers.indexOfKey(userId) >= 0;
290 }
291 }
292
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]293 public void grantDefaultPermissions(int userId) {
Ralph Nathanbd111582018-03-21 14:53:23 -0700[diff] [blame]294 grantPermissionsToSysComponentsAndPrivApps(userId);
295 grantDefaultSystemHandlerPermissions(userId);
296 grantDefaultPermissionExceptions(userId);
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]297 synchronized (mLock) {
298 mDefaultPermissionsGrantedUsers.put(userId, userId);
299 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]300 }
301
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]302 private void grantRuntimePermissionsForSystemPackage(int userId, PackageInfo pkg) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]303 Set<String> permissions = new ArraySet<>();
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]304 for (String permission : pkg.requestedPermissions) {
Todd Kennedy0eb97382017-10-03 16:57:22 -0700[diff] [blame]305 final BasePermission bp = mPermissionManager.getPermission(permission);
306 if (bp == null) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]307 continue;
308 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]309 if (bp.isRuntime()) {
310 permissions.add(permission);
311 }
312 }
313 if (!permissions.isEmpty()) {
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]314 grantRuntimePermissions(pkg, permissions, true /*systemFixed*/, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]315 }
316 }
317
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]318 public void scheduleReadDefaultPermissionExceptions() {
319 mHandler.sendEmptyMessage(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
320 }
321
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]322 private void grantPermissionsToSysComponentsAndPrivApps(int userId) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]323 Log.i(TAG, "Granting permissions to platform components for user " + userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]324 List<PackageInfo> packages = mContext.getPackageManager().getInstalledPackagesAsUser(
325 DEFAULT_PACKAGE_INFO_QUERY_FLAGS, UserHandle.USER_SYSTEM);
326 for (PackageInfo pkg : packages) {
Todd Kennedy42d61602017-12-12 14:44:19 -0800[diff] [blame]327 if (pkg == null) {
328 continue;
329 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]330 if (!isSysComponentOrPersistentPlatformSignedPrivApp(pkg)
331 || !doesPackageSupportRuntimePermissions(pkg)
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]332 || ArrayUtils.isEmpty(pkg.requestedPermissions)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]333 continue;
334 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]335 grantRuntimePermissionsForSystemPackage(userId, pkg);
336 }
337 }
338
339 @SafeVarargs
340 private final void grantIgnoringSystemPackage(String packageName, int userId,
341 Set<String>... permissionGroups) {
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]342 grantPermissionsToPackage(packageName, userId, true /* ignoreSystemPackage */,
343 true /*whitelistRestrictedPermissions*/, permissionGroups);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]344 }
345
346 @SafeVarargs
347 private final void grantSystemFixedPermissionsToSystemPackage(String packageName, int userId,
348 Set<String>... permissionGroups) {
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]349 grantPermissionsToSystemPackage(
350 packageName, userId, true /* systemFixed */, permissionGroups);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]351 }
352
353 @SafeVarargs
354 private final void grantPermissionsToSystemPackage(
355 String packageName, int userId, Set<String>... permissionGroups) {
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]356 grantPermissionsToSystemPackage(
357 packageName, userId, false /* systemFixed */, permissionGroups);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]358 }
359
360 @SafeVarargs
361 private final void grantPermissionsToSystemPackage(String packageName, int userId,
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]362 boolean systemFixed, Set<String>... permissionGroups) {
363 if (!isSystemPackage(packageName)) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]364 return;
365 }
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]366 grantPermissionsToPackage(getSystemPackageInfo(packageName),
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]367 userId, systemFixed, false /* ignoreSystemPackage */,
368 true /*whitelistRestrictedPermissions*/, permissionGroups);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]369 }
370
371 @SafeVarargs
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]372 private final void grantPermissionsToPackage(String packageName, int userId,
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]373 boolean ignoreSystemPackage, boolean whitelistRestrictedPermissions,
374 Set<String>... permissionGroups) {
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]375 grantPermissionsToPackage(getPackageInfo(packageName),
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]376 userId, false /* systemFixed */, ignoreSystemPackage,
377 whitelistRestrictedPermissions, permissionGroups);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]378 }
379
380 @SafeVarargs
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]381 private final void grantPermissionsToPackage(PackageInfo packageInfo, int userId,
382 boolean systemFixed, boolean ignoreSystemPackage,
383 boolean whitelistRestrictedPermissions, Set<String>... permissionGroups) {
384 if (packageInfo == null) {
385 return;
386 }
387 if (doesPackageSupportRuntimePermissions(packageInfo)) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]388 for (Set<String> permissionGroup : permissionGroups) {
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]389 grantRuntimePermissions(packageInfo, permissionGroup, systemFixed,
390 ignoreSystemPackage, whitelistRestrictedPermissions, userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]391 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]392 }
393 }
394
395 private void grantDefaultSystemHandlerPermissions(int userId) {
396 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId);
397
398 final PackagesProvider locationPackagesProvider;
Wei Wangffb94e62019-01-14 00:05:45 -0800[diff] [blame]399 final PackagesProvider locationExtraPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]400 final PackagesProvider voiceInteractionPackagesProvider;
401 final PackagesProvider smsAppPackagesProvider;
402 final PackagesProvider dialerAppPackagesProvider;
403 final PackagesProvider simCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]404 final PackagesProvider useOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]405 final SyncAdapterPackagesProvider syncAdapterPackagesProvider;
406
407 synchronized (mLock) {
408 locationPackagesProvider = mLocationPackagesProvider;
Wei Wangffb94e62019-01-14 00:05:45 -0800[diff] [blame]409 locationExtraPackagesProvider = mLocationExtraPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]410 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider;
411 smsAppPackagesProvider = mSmsAppPackagesProvider;
412 dialerAppPackagesProvider = mDialerAppPackagesProvider;
413 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]414 useOpenWifiAppPackagesProvider = mUseOpenWifiAppPackagesProvider;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]415 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider;
416 }
417
418 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null)
419 ? voiceInteractionPackagesProvider.getPackages(userId) : null;
420 String[] locationPackageNames = (locationPackagesProvider != null)
421 ? locationPackagesProvider.getPackages(userId) : null;
Wei Wangffb94e62019-01-14 00:05:45 -0800[diff] [blame]422 String[] locationExtraPackageNames = (locationExtraPackagesProvider != null)
423 ? locationExtraPackagesProvider.getPackages(userId) : null;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]424 String[] smsAppPackageNames = (smsAppPackagesProvider != null)
425 ? smsAppPackagesProvider.getPackages(userId) : null;
426 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null)
427 ? dialerAppPackagesProvider.getPackages(userId) : null;
428 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null)
429 ? simCallManagerPackagesProvider.getPackages(userId) : null;
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]430 String[] useOpenWifiAppPackageNames = (useOpenWifiAppPackagesProvider != null)
431 ? useOpenWifiAppPackagesProvider.getPackages(userId) : null;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]432 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
433 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null;
434 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
435 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null;
436
437 // Installer
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]438 grantSystemFixedPermissionsToSystemPackage(
439 getKnownPackage(PackageManagerInternal.PACKAGE_INSTALLER, userId),
440 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]441
442 // Verifier
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]443 final String verifier = getKnownPackage(PackageManagerInternal.PACKAGE_VERIFIER, userId);
444 grantSystemFixedPermissionsToSystemPackage(verifier, userId, STORAGE_PERMISSIONS);
445 grantPermissionsToSystemPackage(verifier, userId, PHONE_PERMISSIONS, SMS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]446
447 // SetupWizard
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]448 grantPermissionsToSystemPackage(
449 getKnownPackage(PackageManagerInternal.PACKAGE_SETUP_WIZARD, userId), userId,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]450 PHONE_PERMISSIONS, CONTACTS_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS,
451 CAMERA_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]452
453 // Camera
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]454 grantPermissionsToSystemPackage(
455 getDefaultSystemHandlerActivityPackage(MediaStore.ACTION_IMAGE_CAPTURE, userId),
456 userId, CAMERA_PERMISSIONS, MICROPHONE_PERMISSIONS, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]457
Justin Klaassend1410c02019-03-14 08:45:06 -0700[diff] [blame]458 // Sound recorder
459 grantPermissionsToSystemPackage(
460 getDefaultSystemHandlerActivityPackage(
461 MediaStore.Audio.Media.RECORD_SOUND_ACTION, userId),
462 userId, MICROPHONE_PERMISSIONS);
463
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]464 // Media provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]465 grantSystemFixedPermissionsToSystemPackage(
466 getDefaultProviderAuthorityPackage(MediaStore.AUTHORITY, userId), userId,
Philip P. Moltmann129a0b02019-03-27 12:24:45 -0700[diff] [blame]467 STORAGE_PERMISSIONS, PHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]468
469 // Downloads provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]470 grantSystemFixedPermissionsToSystemPackage(
471 getDefaultProviderAuthorityPackage("downloads", userId), userId,
472 STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]473
474 // Downloads UI
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]475 grantSystemFixedPermissionsToSystemPackage(
476 getDefaultSystemHandlerActivityPackage(
477 DownloadManager.ACTION_VIEW_DOWNLOADS, userId),
478 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]479
480 // Storage provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]481 grantSystemFixedPermissionsToSystemPackage(
482 getDefaultProviderAuthorityPackage("com.android.externalstorage.documents", userId),
483 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]484
485 // CertInstaller
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]486 grantSystemFixedPermissionsToSystemPackage(
487 getDefaultSystemHandlerActivityPackage(Credentials.INSTALL_ACTION, userId), userId,
488 STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]489
490 // Dialer
491 if (dialerAppPackageNames == null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]492 String dialerPackage =
493 getDefaultSystemHandlerActivityPackage(Intent.ACTION_DIAL, userId);
494 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]495 } else {
496 for (String dialerAppPackageName : dialerAppPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]497 grantDefaultPermissionsToDefaultSystemDialerApp(dialerAppPackageName, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]498 }
499 }
500
501 // Sim call manager
502 if (simCallManagerPackageNames != null) {
503 for (String simCallManagerPackageName : simCallManagerPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]504 grantDefaultPermissionsToDefaultSystemSimCallManager(
505 simCallManagerPackageName, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]506 }
507 }
508
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]509 // Use Open Wifi
510 if (useOpenWifiAppPackageNames != null) {
511 for (String useOpenWifiPackageName : useOpenWifiAppPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]512 grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(
513 useOpenWifiPackageName, userId);
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]514 }
515 }
516
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]517 // SMS
518 if (smsAppPackageNames == null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]519 String smsPackage = getDefaultSystemHandlerActivityPackageForCategory(
520 Intent.CATEGORY_APP_MESSAGING, userId);
521 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]522 } else {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]523 for (String smsPackage : smsAppPackageNames) {
524 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]525 }
526 }
527
528 // Cell Broadcast Receiver
Edward Savage-Jonesf3979b82018-10-15 09:38:53 +0200[diff] [blame]529 grantSystemFixedPermissionsToSystemPackage(
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]530 getDefaultSystemHandlerActivityPackage(Intents.SMS_CB_RECEIVED_ACTION, userId),
531 userId, SMS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]532
533 // Carrier Provisioning Service
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]534 grantPermissionsToSystemPackage(
535 getDefaultSystemHandlerServicePackage(Intents.SMS_CARRIER_PROVISION_ACTION, userId),
536 userId, SMS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]537
538 // Calendar
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]539 grantPermissionsToSystemPackage(
540 getDefaultSystemHandlerActivityPackageForCategory(
541 Intent.CATEGORY_APP_CALENDAR, userId),
542 userId, CALENDAR_PERMISSIONS, CONTACTS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]543
544 // Calendar provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]545 String calendarProvider =
546 getDefaultProviderAuthorityPackage(CalendarContract.AUTHORITY, userId);
547 grantPermissionsToSystemPackage(calendarProvider, userId,
548 CONTACTS_PERMISSIONS, STORAGE_PERMISSIONS);
549 grantSystemFixedPermissionsToSystemPackage(calendarProvider, userId, CALENDAR_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]550
551 // Calendar provider sync adapters
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]552 grantPermissionToEachSystemPackage(
553 getHeadlessSyncAdapterPackages(calendarSyncAdapterPackages, userId),
554 userId, CALENDAR_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]555
556 // Contacts
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]557 grantPermissionsToSystemPackage(
558 getDefaultSystemHandlerActivityPackageForCategory(
559 Intent.CATEGORY_APP_CONTACTS, userId),
560 userId, CONTACTS_PERMISSIONS, PHONE_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]561
562 // Contacts provider sync adapters
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]563 grantPermissionToEachSystemPackage(
564 getHeadlessSyncAdapterPackages(contactsSyncAdapterPackages, userId),
565 userId, CONTACTS_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]566
567 // Contacts provider
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]568 String contactsProviderPackage =
569 getDefaultProviderAuthorityPackage(ContactsContract.AUTHORITY, userId);
570 grantSystemFixedPermissionsToSystemPackage(contactsProviderPackage, userId,
571 CONTACTS_PERMISSIONS, PHONE_PERMISSIONS);
572 grantPermissionsToSystemPackage(contactsProviderPackage, userId, STORAGE_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]573
574 // Device provisioning
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]575 grantPermissionsToSystemPackage(
576 getDefaultSystemHandlerActivityPackage(
577 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE, userId),
578 userId, CONTACTS_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]579
580 // Maps
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]581 grantPermissionsToSystemPackage(
582 getDefaultSystemHandlerActivityPackageForCategory(Intent.CATEGORY_APP_MAPS, userId),
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]583 userId, ALWAYS_LOCATION_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]584
585 // Gallery
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]586 grantPermissionsToSystemPackage(
587 getDefaultSystemHandlerActivityPackageForCategory(
588 Intent.CATEGORY_APP_GALLERY, userId),
Philip P. Moltmann129a0b02019-03-27 12:24:45 -0700[diff] [blame]589 userId, STORAGE_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]590
591 // Email
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]592 grantPermissionsToSystemPackage(
593 getDefaultSystemHandlerActivityPackageForCategory(
594 Intent.CATEGORY_APP_EMAIL, userId),
595 userId, CONTACTS_PERMISSIONS, CALENDAR_PERMISSIONS);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]596
597 // Browser
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]598 String browserPackage = getKnownPackage(PackageManagerInternal.PACKAGE_BROWSER, userId);
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]599 if (browserPackage == null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]600 browserPackage = getDefaultSystemHandlerActivityPackageForCategory(
601 Intent.CATEGORY_APP_BROWSER, userId);
602 if (!isSystemPackage(browserPackage)) {
603 browserPackage = null;
604 }
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]605 }
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]606 grantPermissionsToPackage(browserPackage, userId, false /* ignoreSystemPackage */,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]607 true /*whitelistRestrictedPermissions*/, ALWAYS_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]608
609 // Voice interaction
610 if (voiceInteractPackageNames != null) {
611 for (String voiceInteractPackageName : voiceInteractPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]612 grantPermissionsToSystemPackage(voiceInteractPackageName, userId,
613 CONTACTS_PERMISSIONS, CALENDAR_PERMISSIONS, MICROPHONE_PERMISSIONS,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]614 PHONE_PERMISSIONS, SMS_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]615 }
616 }
617
618 if (ActivityManager.isLowRamDeviceStatic()) {
619 // Allow voice search on low-ram devices
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]620 grantPermissionsToSystemPackage(
621 getDefaultSystemHandlerActivityPackage(
622 SearchManager.INTENT_ACTION_GLOBAL_SEARCH, userId),
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]623 userId, MICROPHONE_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]624 }
625
626 // Voice recognition
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]627 Intent voiceRecoIntent = new Intent(RecognitionService.SERVICE_INTERFACE)
628 .addCategory(Intent.CATEGORY_DEFAULT);
629 grantPermissionsToSystemPackage(
630 getDefaultSystemHandlerServicePackage(voiceRecoIntent, userId), userId,
631 MICROPHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]632
633 // Location
634 if (locationPackageNames != null) {
635 for (String packageName : locationPackageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]636 grantPermissionsToSystemPackage(packageName, userId,
637 CONTACTS_PERMISSIONS, CALENDAR_PERMISSIONS, MICROPHONE_PERMISSIONS,
638 PHONE_PERMISSIONS, SMS_PERMISSIONS, CAMERA_PERMISSIONS,
Philip P. Moltmann129a0b02019-03-27 12:24:45 -0700[diff] [blame]639 SENSORS_PERMISSIONS, STORAGE_PERMISSIONS);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]640 grantSystemFixedPermissionsToSystemPackage(packageName, userId,
Soonil Nagarkar9f48f212019-03-07 11:15:12 -0800[diff] [blame]641 ALWAYS_LOCATION_PERMISSIONS, ACTIVITY_RECOGNITION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]642 }
643 }
Wei Wangffb94e62019-01-14 00:05:45 -0800[diff] [blame]644 if (locationExtraPackageNames != null) {
645 // Also grant location permission to location extra packages.
646 for (String packageName : locationExtraPackageNames) {
Soonil Nagarkar9f48f212019-03-07 11:15:12 -0800[diff] [blame]647 grantPermissionsToSystemPackage(packageName, userId, ALWAYS_LOCATION_PERMISSIONS);
Wei Wangffb94e62019-01-14 00:05:45 -0800[diff] [blame]648 }
649 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]650
651 // Music
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]652 Intent musicIntent = new Intent(Intent.ACTION_VIEW)
653 .addCategory(Intent.CATEGORY_DEFAULT)
654 .setDataAndType(Uri.fromFile(new File("foo.mp3")), AUDIO_MIME_TYPE);
655 grantPermissionsToSystemPackage(
656 getDefaultSystemHandlerActivityPackage(musicIntent, userId), userId,
Philip P. Moltmann129a0b02019-03-27 12:24:45 -0700[diff] [blame]657 STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]658
659 // Home
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]660 Intent homeIntent = new Intent(Intent.ACTION_MAIN)
661 .addCategory(Intent.CATEGORY_HOME)
662 .addCategory(Intent.CATEGORY_LAUNCHER_APP);
663 grantPermissionsToSystemPackage(
664 getDefaultSystemHandlerActivityPackage(homeIntent, userId), userId,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]665 ALWAYS_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]666
667 // Watches
668 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0)) {
669 // Home application on watches
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]670
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]671 String wearPackage = getDefaultSystemHandlerActivityPackageForCategory(
672 Intent.CATEGORY_HOME_MAIN, userId);
673 grantPermissionsToSystemPackage(wearPackage, userId,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]674 CONTACTS_PERMISSIONS, MICROPHONE_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]675 grantSystemFixedPermissionsToSystemPackage(wearPackage, userId, PHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]676
677 // Fitness tracking on watches
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]678 grantPermissionsToSystemPackage(
679 getDefaultSystemHandlerActivityPackage(ACTION_TRACK, userId), userId,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]680 SENSORS_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]681 }
682
683 // Print Spooler
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]684 grantSystemFixedPermissionsToSystemPackage(PrintManager.PRINT_SPOOLER_PACKAGE_NAME, userId,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]685 ALWAYS_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]686
687 // EmergencyInfo
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]688 grantSystemFixedPermissionsToSystemPackage(
689 getDefaultSystemHandlerActivityPackage(
690 TelephonyManager.ACTION_EMERGENCY_ASSISTANCE, userId),
691 userId, CONTACTS_PERMISSIONS, PHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]692
693 // NFC Tag viewer
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]694 Intent nfcTagIntent = new Intent(Intent.ACTION_VIEW)
695 .setType("vnd.android.cursor.item/ndef_msg");
696 grantPermissionsToSystemPackage(
697 getDefaultSystemHandlerActivityPackage(nfcTagIntent, userId), userId,
698 CONTACTS_PERMISSIONS, PHONE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]699
700 // Storage Manager
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]701 grantSystemFixedPermissionsToSystemPackage(
702 getDefaultSystemHandlerActivityPackage(
703 StorageManager.ACTION_MANAGE_STORAGE, userId),
704 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]705
706 // Companion devices
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]707 grantSystemFixedPermissionsToSystemPackage(
708 CompanionDeviceManager.COMPANION_DEVICE_DISCOVERY_PACKAGE_NAME, userId,
Calvin On5eda9dd2018-12-12 15:43:28 -0800[diff] [blame]709 ALWAYS_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]710
711 // Ringtone Picker
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]712 grantSystemFixedPermissionsToSystemPackage(
713 getDefaultSystemHandlerActivityPackage(
714 RingtoneManager.ACTION_RINGTONE_PICKER, userId),
Philip P. Moltmann129a0b02019-03-27 12:24:45 -0700[diff] [blame]715 userId, STORAGE_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]716
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]717 // TextClassifier Service
Ye Wen8e8b2d52018-03-14 11:48:24 -0700[diff] [blame]718 String textClassifierPackageName =
719 mContext.getPackageManager().getSystemTextClassifierPackageName();
720 if (!TextUtils.isEmpty(textClassifierPackageName)) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]721 grantPermissionsToSystemPackage(textClassifierPackageName, userId,
722 PHONE_PERMISSIONS, SMS_PERMISSIONS, CALENDAR_PERMISSIONS,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]723 ALWAYS_LOCATION_PERMISSIONS, CONTACTS_PERMISSIONS);
Abodunrinwa Toki2c01b6c2018-02-13 17:47:48 +0000[diff] [blame]724 }
725
Yi Jiang8915b352019-03-21 12:02:53 -0700[diff] [blame]726 // Atthention Service
727 String attentionServicePackageName =
728 mContext.getPackageManager().getAttentionServicePackageName();
729 if (!TextUtils.isEmpty(attentionServicePackageName)) {
730 grantPermissionsToSystemPackage(attentionServicePackageName, userId,
731 CAMERA_PERMISSIONS);
732 }
733
Anton Philippov4b3a1f52018-05-04 14:46:44 +0100[diff] [blame]734 // There is no real "marker" interface to identify the shared storage backup, it is
735 // hardcoded in BackupManagerService.SHARED_BACKUP_AGENT_PACKAGE.
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]736 grantSystemFixedPermissionsToSystemPackage("com.android.sharedstoragebackup", userId,
737 STORAGE_PERMISSIONS);
Anton Philippov4b3a1f52018-05-04 14:46:44 +0100[diff] [blame]738
Nadav Bar1a1f5a212019-03-17 16:15:14 +0200[diff] [blame]739 // System Captions Service
740 String systemCaptionsServicePackageName =
741 mContext.getPackageManager().getSystemCaptionsServicePackageName();
742 if (!TextUtils.isEmpty(systemCaptionsServicePackageName)) {
743 grantPermissionsToSystemPackage(systemCaptionsServicePackageName, userId,
Nadav Bar6d79ab72019-01-10 10:52:11 +0200[diff] [blame]744 MICROPHONE_PERMISSIONS);
745 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]746 }
747
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]748 private String getDefaultSystemHandlerActivityPackageForCategory(String category, int userId) {
749 return getDefaultSystemHandlerActivityPackage(
750 new Intent(Intent.ACTION_MAIN).addCategory(category), userId);
751 }
752
753 @SafeVarargs
754 private final void grantPermissionToEachSystemPackage(
755 ArrayList<String> packages, int userId, Set<String>... permissions) {
756 if (packages == null) return;
757 final int count = packages.size();
758 for (int i = 0; i < count; i++) {
759 grantPermissionsToSystemPackage(packages.get(i), userId, permissions);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]760 }
Eugene Susla47e88202018-07-02 18:48:55 -0700[diff] [blame]761 }
762
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]763 private String getKnownPackage(int knownPkgId, int userId) {
764 return mServiceInternal.getKnownPackageName(knownPkgId, userId);
765 }
766
767 private void grantDefaultPermissionsToDefaultSystemDialerApp(
768 String dialerPackage, int userId) {
769 if (dialerPackage == null) {
770 return;
Philip P. Moltmannfa894222018-09-18 21:24:00 +0000[diff] [blame]771 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]772 boolean isPhonePermFixed =
773 mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0);
774 if (isPhonePermFixed) {
775 grantSystemFixedPermissionsToSystemPackage(dialerPackage, userId, PHONE_PERMISSIONS);
776 } else {
777 grantPermissionsToSystemPackage(dialerPackage, userId, PHONE_PERMISSIONS);
778 }
779 grantPermissionsToSystemPackage(dialerPackage, userId,
780 CONTACTS_PERMISSIONS, SMS_PERMISSIONS, MICROPHONE_PERMISSIONS, CAMERA_PERMISSIONS);
781 }
782
783 private void grantDefaultPermissionsToDefaultSystemSmsApp(String smsPackage, int userId) {
784 grantPermissionsToSystemPackage(smsPackage, userId,
785 PHONE_PERMISSIONS, CONTACTS_PERMISSIONS, SMS_PERMISSIONS,
786 STORAGE_PERMISSIONS, MICROPHONE_PERMISSIONS, CAMERA_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]787 }
788
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]789 private void grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]790 String useOpenWifiPackage, int userId) {
Varun Anandd5d359d2019-02-15 10:08:33 -0800[diff] [blame]791 grantPermissionsToSystemPackage(useOpenWifiPackage, userId, ALWAYS_LOCATION_PERMISSIONS);
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]792 }
793
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]794 public void grantDefaultPermissionsToDefaultUseOpenWifiApp(String packageName, int userId) {
795 Log.i(TAG, "Granting permissions to default Use Open WiFi app for user:" + userId);
Varun Anandd5d359d2019-02-15 10:08:33 -0800[diff] [blame]796 grantIgnoringSystemPackage(packageName, userId, ALWAYS_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]797 }
798
799 public void grantDefaultPermissionsToDefaultSimCallManager(String packageName, int userId) {
800 if (packageName == null) {
801 return;
802 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]803 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId);
Eugene Suslae4240e72018-11-02 10:58:11 -0700[diff] [blame]804 grantPermissionsToPackage(packageName, userId, false /* ignoreSystemPackage */,
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]805 true /*whitelistRestrictedPermissions*/, PHONE_PERMISSIONS, MICROPHONE_PERMISSIONS);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]806 }
807
808 private void grantDefaultPermissionsToDefaultSystemSimCallManager(
809 String packageName, int userId) {
810 if (isSystemPackage(packageName)) {
811 grantDefaultPermissionsToDefaultSimCallManager(packageName, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]812 }
813 }
814
815 public void grantDefaultPermissionsToEnabledCarrierApps(String[] packageNames, int userId) {
816 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId);
817 if (packageNames == null) {
818 return;
819 }
820 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]821 grantPermissionsToSystemPackage(packageName, userId,
Ginelle Gan Gaisano80646b62019-02-21 14:27:32 -0800[diff] [blame]822 PHONE_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS, SMS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]823 }
824 }
825
826 public void grantDefaultPermissionsToEnabledImsServices(String[] packageNames, int userId) {
827 Log.i(TAG, "Granting permissions to enabled ImsServices for user:" + userId);
828 if (packageNames == null) {
829 return;
830 }
831 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]832 grantPermissionsToSystemPackage(packageName, userId,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]833 PHONE_PERMISSIONS, MICROPHONE_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS,
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]834 CAMERA_PERMISSIONS, CONTACTS_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]835 }
836 }
837
Nathan Harold76ad1a32018-02-20 14:31:09 -0800[diff] [blame]838 public void grantDefaultPermissionsToEnabledTelephonyDataServices(
839 String[] packageNames, int userId) {
840 Log.i(TAG, "Granting permissions to enabled data services for user:" + userId);
841 if (packageNames == null) {
842 return;
843 }
844 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]845 // Grant these permissions as system-fixed, so that nobody can accidentally
846 // break cellular data.
847 grantSystemFixedPermissionsToSystemPackage(packageName, userId,
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]848 PHONE_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS);
Nathan Harold76ad1a32018-02-20 14:31:09 -0800[diff] [blame]849 }
850 }
851
852 public void revokeDefaultPermissionsFromDisabledTelephonyDataServices(
853 String[] packageNames, int userId) {
854 Log.i(TAG, "Revoking permissions from disabled data services for user:" + userId);
855 if (packageNames == null) {
856 return;
857 }
858 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]859 PackageInfo pkg = getSystemPackageInfo(packageName);
860 if (isSystemPackage(pkg) && doesPackageSupportRuntimePermissions(pkg)) {
861 revokeRuntimePermissions(packageName, PHONE_PERMISSIONS, true, userId);
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]862 revokeRuntimePermissions(packageName, ALWAYS_LOCATION_PERMISSIONS, true, userId);
Nathan Harold76ad1a32018-02-20 14:31:09 -0800[diff] [blame]863 }
864 }
865 }
866
Holly Jiuyu Sun349e2142018-03-26 15:29:42 -0700[diff] [blame]867 public void grantDefaultPermissionsToActiveLuiApp(String packageName, int userId) {
868 Log.i(TAG, "Granting permissions to active LUI app for user:" + userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]869 grantSystemFixedPermissionsToSystemPackage(packageName, userId, CAMERA_PERMISSIONS);
Holly Jiuyu Sun349e2142018-03-26 15:29:42 -0700[diff] [blame]870 }
871
872 public void revokeDefaultPermissionsFromLuiApps(String[] packageNames, int userId) {
873 Log.i(TAG, "Revoke permissions from LUI apps for user:" + userId);
874 if (packageNames == null) {
875 return;
876 }
877 for (String packageName : packageNames) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]878 PackageInfo pkg = getSystemPackageInfo(packageName);
879 if (isSystemPackage(pkg) && doesPackageSupportRuntimePermissions(pkg)) {
880 revokeRuntimePermissions(packageName, CAMERA_PERMISSIONS, true, userId);
Holly Jiuyu Sun349e2142018-03-26 15:29:42 -0700[diff] [blame]881 }
882 }
883 }
884
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]885 public void grantDefaultPermissionsToDefaultBrowser(String packageName, int userId) {
886 Log.i(TAG, "Granting permissions to default browser for user:" + userId);
Eugene Susla88327e92019-06-18 10:47:13 -0700[diff] [blame]887 grantPermissionsToSystemPackage(packageName, userId, ALWAYS_LOCATION_PERMISSIONS);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]888 }
889
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]890 private String getDefaultSystemHandlerActivityPackage(String intentAction, int userId) {
891 return getDefaultSystemHandlerActivityPackage(new Intent(intentAction), userId);
892 }
893
894 private String getDefaultSystemHandlerActivityPackage(Intent intent, int userId) {
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]895 ResolveInfo handler = mContext.getPackageManager().resolveActivityAsUser(
896 intent, DEFAULT_INTENT_QUERY_FLAGS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]897 if (handler == null || handler.activityInfo == null) {
898 return null;
899 }
900 if (mServiceInternal.isResolveActivityComponent(handler.activityInfo)) {
901 return null;
902 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]903 String packageName = handler.activityInfo.packageName;
904 return isSystemPackage(packageName) ? packageName : null;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]905 }
906
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]907 private String getDefaultSystemHandlerServicePackage(String intentAction, int userId) {
908 return getDefaultSystemHandlerServicePackage(new Intent(intentAction), userId);
909 }
910
911 private String getDefaultSystemHandlerServicePackage(
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]912 Intent intent, int userId) {
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]913 List<ResolveInfo> handlers = mContext.getPackageManager().queryIntentServicesAsUser(
914 intent, DEFAULT_INTENT_QUERY_FLAGS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]915 if (handlers == null) {
916 return null;
917 }
918 final int handlerCount = handlers.size();
919 for (int i = 0; i < handlerCount; i++) {
920 ResolveInfo handler = handlers.get(i);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]921 String handlerPackage = handler.serviceInfo.packageName;
922 if (isSystemPackage(handlerPackage)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]923 return handlerPackage;
924 }
925 }
926 return null;
927 }
928
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]929 private ArrayList<String> getHeadlessSyncAdapterPackages(
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]930 String[] syncAdapterPackageNames, int userId) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]931 ArrayList<String> syncAdapterPackages = new ArrayList<>();
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]932
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]933 Intent homeIntent = new Intent(Intent.ACTION_MAIN).addCategory(Intent.CATEGORY_LAUNCHER);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]934
935 for (String syncAdapterPackageName : syncAdapterPackageNames) {
936 homeIntent.setPackage(syncAdapterPackageName);
937
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]938 ResolveInfo homeActivity = mContext.getPackageManager().resolveActivityAsUser(
939 homeIntent, DEFAULT_INTENT_QUERY_FLAGS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]940 if (homeActivity != null) {
941 continue;
942 }
943
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]944 if (isSystemPackage(syncAdapterPackageName)) {
945 syncAdapterPackages.add(syncAdapterPackageName);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]946 }
947 }
948
949 return syncAdapterPackages;
950 }
951
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]952 private String getDefaultProviderAuthorityPackage(String authority, int userId) {
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]953 ProviderInfo provider = mContext.getPackageManager().resolveContentProviderAsUser(
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]954 authority, DEFAULT_INTENT_QUERY_FLAGS, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]955 if (provider != null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]956 return provider.packageName;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]957 }
958 return null;
959 }
960
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]961 private boolean isSystemPackage(String packageName) {
Philip P. Moltmannc701e7e2018-09-18 16:22:54 -0700[diff] [blame]962 return isSystemPackage(getPackageInfo(packageName));
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]963 }
964
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]965 private boolean isSystemPackage(PackageInfo pkg) {
966 if (pkg == null) {
967 return false;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]968 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]969 return pkg.applicationInfo.isSystemApp()
970 && !isSysComponentOrPersistentPlatformSignedPrivApp(pkg);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]971 }
972
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]973 private void grantRuntimePermissions(PackageInfo pkg, Set<String> permissions,
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]974 boolean systemFixed, int userId) {
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]975 grantRuntimePermissions(pkg, permissions, systemFixed, false,
976 true /*whitelistRestrictedPermissions*/, userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]977 }
978
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]979 private void revokeRuntimePermissions(String packageName, Set<String> permissions,
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]980 boolean systemFixed, int userId) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]981 PackageInfo pkg = getSystemPackageInfo(packageName);
982 if (ArrayUtils.isEmpty(pkg.requestedPermissions)) {
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]983 return;
984 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]985 Set<String> revokablePermissions = new ArraySet<>(Arrays.asList(pkg.requestedPermissions));
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]986
987 for (String permission : permissions) {
988 // We can't revoke what wasn't requested.
989 if (!revokablePermissions.contains(permission)) {
990 continue;
991 }
992
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]993 UserHandle user = UserHandle.of(userId);
994 final int flags = mContext.getPackageManager()
995 .getPermissionFlags(permission, packageName, user);
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]996
997 // We didn't get this through the default grant policy. Move along.
998 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) == 0) {
999 continue;
1000 }
1001 // We aren't going to clobber device policy with a DefaultGrant.
1002 if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) {
1003 continue;
1004 }
1005 // Do not revoke system fixed permissions unless caller set them that way;
1006 // there is no refcount for the number of sources of this, so there
1007 // should be at most one grantor doing SYSTEM_FIXED for any given package.
1008 if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 && !systemFixed) {
1009 continue;
1010 }
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]1011 mContext.getPackageManager().revokeRuntimePermission(packageName, permission, user);
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1012
1013 if (DEBUG) {
1014 Log.i(TAG, "revoked " + (systemFixed ? "fixed " : "not fixed ")
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1015 + permission + " to " + packageName);
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1016 }
1017
1018 // Remove the GRANTED_BY_DEFAULT flag without touching the others.
1019 // Note that we do not revoke FLAG_PERMISSION_SYSTEM_FIXED. That bit remains
1020 // sticky once set.
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]1021 mContext.getPackageManager().updatePermissionFlags(permission, packageName,
1022 PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT, 0, user);
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1023 }
1024 }
1025
Philip P. Moltmann17f65af2018-10-18 15:32:29 -0700[diff] [blame]1026 /**
1027 * Check if a permission is already fixed or is set by the user.
1028 *
1029 * <p>A permission should not be set by the default policy if the user or other policies already
1030 * set the permission.
1031 *
1032 * @param flags The flags of the permission
1033 *
1034 * @return {@code true} iff the permission can be set without violating a policy of the users
1035 * intention
1036 */
1037 private boolean isFixedOrUserSet(int flags) {
1038 return (flags & (PackageManager.FLAG_PERMISSION_USER_SET
1039 | PackageManager.FLAG_PERMISSION_USER_FIXED
1040 | PackageManager.FLAG_PERMISSION_POLICY_FIXED
1041 | PackageManager.FLAG_PERMISSION_SYSTEM_FIXED)) != 0;
1042 }
1043
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1044 /**
1045 * Return the background permission for a permission.
1046 *
1047 * @param permission The name of the foreground permission
1048 *
1049 * @return The name of the background permission or {@code null} if the permission has no
1050 * background permission
1051 */
1052 private @Nullable String getBackgroundPermission(@NonNull String permission) {
1053 try {
1054 return mContext.getPackageManager().getPermissionInfo(permission,
1055 0).backgroundPermission;
1056 } catch (NameNotFoundException e) {
1057 return null;
1058 }
1059 }
1060
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]1061 private void grantRuntimePermissions(PackageInfo pkg, Set<String> permissionsWithoutSplits,
1062 boolean systemFixed, boolean ignoreSystemPackage,
1063 boolean whitelistRestrictedPermissions, int userId) {
Svet Ganov83a3a4a2019-05-03 18:50:43 -0700[diff] [blame]1064 UserHandle user = UserHandle.of(userId);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1065 if (pkg == null) {
1066 return;
1067 }
1068
1069 String[] requestedPermissions = pkg.requestedPermissions;
1070 if (ArrayUtils.isEmpty(requestedPermissions)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1071 return;
1072 }
1073
Eugene Susla31c9cd12018-12-03 15:41:31 -0800[diff] [blame]1074 // Intersect the requestedPermissions for a factory image with that of its current update
1075 // in case the latter one removed a <uses-permission>
1076 String[] requestedByNonSystemPackage = getPackageInfo(pkg.packageName).requestedPermissions;
1077 int size = requestedPermissions.length;
1078 for (int i = 0; i < size; i++) {
1079 if (!ArrayUtils.contains(requestedByNonSystemPackage, requestedPermissions[i])) {
1080 requestedPermissions[i] = null;
1081 }
1082 }
1083 requestedPermissions = ArrayUtils.filterNotNull(requestedPermissions, String[]::new);
1084
Philip P. Moltmanneb82d652019-03-26 16:17:26 -0700[diff] [blame]1085 PackageManager pm;
1086 try {
1087 pm = mContext.createPackageContextAsUser(mContext.getPackageName(), 0,
1088 user).getPackageManager();
1089 } catch (NameNotFoundException doesNotHappen) {
1090 throw new IllegalStateException(doesNotHappen);
1091 }
1092
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1093 final ArraySet<String> permissions = new ArraySet<>(permissionsWithoutSplits);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1094 ApplicationInfo applicationInfo = pkg.applicationInfo;
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1095
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1096 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT;
1097 if (systemFixed) {
1098 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
1099 }
1100
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1101 // Automatically attempt to grant split permissions to older APKs
Philip P. Moltmann039678e2018-09-18 13:04:38 -0700[diff] [blame]1102 final List<PermissionManager.SplitPermissionInfo> splitPermissions =
1103 mContext.getSystemService(PermissionManager.class).getSplitPermissions();
1104 final int numSplitPerms = splitPermissions.size();
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1105 for (int splitPermNum = 0; splitPermNum < numSplitPerms; splitPermNum++) {
Philip P. Moltmann039678e2018-09-18 13:04:38 -0700[diff] [blame]1106 final PermissionManager.SplitPermissionInfo splitPerm =
1107 splitPermissions.get(splitPermNum);
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1108
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1109 if (applicationInfo != null
Philip P. Moltmann039678e2018-09-18 13:04:38 -0700[diff] [blame]1110 && applicationInfo.targetSdkVersion < splitPerm.getTargetSdk()
Philip P. Moltmanna3ba4d92018-10-08 11:50:07 -0700[diff] [blame]1111 && permissionsWithoutSplits.contains(splitPerm.getSplitPermission())) {
1112 permissions.addAll(splitPerm.getNewPermissions());
Philip P. Moltmann8b560032018-07-12 09:51:02 -0700[diff] [blame]1113 }
1114 }
1115
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1116 Set<String> grantablePermissions = null;
1117
Eric Enslen1e423b92017-12-18 11:30:21 -0800[diff] [blame]1118 // In some cases, like for the Phone or SMS app, we grant permissions regardless
1119 // of if the version on the system image declares the permission as used since
1120 // selecting the app as the default for that function the user makes a deliberate
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1121 // choice to grant this app the permissions needed to function. For all other
1122 // apps, (default grants on first boot and user creation) we don't grant default
1123 // permissions if the version on the system image does not declare them.
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1124 if (!ignoreSystemPackage
1125 && applicationInfo != null
1126 && applicationInfo.isUpdatedSystemApp()) {
1127 final PackageInfo disabledPkg = getSystemPackageInfo(
1128 mServiceInternal.getDisabledSystemPackageName(pkg.packageName));
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1129 if (disabledPkg != null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1130 if (ArrayUtils.isEmpty(disabledPkg.requestedPermissions)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1131 return;
1132 }
Svet Ganov83a3a4a2019-05-03 18:50:43 -0700[diff] [blame]1133 if (!Arrays.equals(requestedPermissions, disabledPkg.requestedPermissions)) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1134 grantablePermissions = new ArraySet<>(Arrays.asList(requestedPermissions));
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1135 requestedPermissions = disabledPkg.requestedPermissions;
1136 }
1137 }
1138 }
1139
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1140 final int numRequestedPermissions = requestedPermissions.length;
1141
1142 // Sort requested permissions so that all permissions that are a foreground permission (i.e.
Svet Ganov83a3a4a2019-05-03 18:50:43 -0700[diff] [blame]1143 // permissions that have a background permission) are before their background permissions.
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1144 final String[] sortedRequestedPermissions = new String[numRequestedPermissions];
1145 int numForeground = 0;
1146 int numOther = 0;
1147 for (int i = 0; i < numRequestedPermissions; i++) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1148 String permission = requestedPermissions[i];
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1149 if (getBackgroundPermission(permission) != null) {
1150 sortedRequestedPermissions[numForeground] = permission;
1151 numForeground++;
1152 } else {
1153 sortedRequestedPermissions[numRequestedPermissions - 1 - numOther] =
1154 permission;
1155 numOther++;
1156 }
1157 }
1158
1159 for (int requestedPermissionNum = 0; requestedPermissionNum < numRequestedPermissions;
1160 requestedPermissionNum++) {
1161 String permission = requestedPermissions[requestedPermissionNum];
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1162
1163 // If there is a disabled system app it may request a permission the updated
1164 // version ot the data partition doesn't, In this case skip the permission.
1165 if (grantablePermissions != null && !grantablePermissions.contains(permission)) {
1166 continue;
1167 }
1168
1169 if (permissions.contains(permission)) {
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]1170 final int flags = mContext.getPackageManager().getPermissionFlags(
1171 permission, pkg.packageName, user);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1172
Svet Ganov359a9d92019-07-26 17:45:56 -0700[diff] [blame]1173 // If we are trying to grant as system fixed and already system fixed
1174 // then the system can change the system fixed grant state.
1175 final boolean changingGrantForSystemFixed = systemFixed
1176 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0;
1177
Philip P. Moltmann17f65af2018-10-18 15:32:29 -0700[diff] [blame]1178 // Certain flags imply that the permission's current state by the system or
1179 // device/profile owner or the user. In these cases we do not want to clobber the
1180 // current state.
1181 //
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1182 // Unless the caller wants to override user choices. The override is
1183 // to make sure we can grant the needed permission to the default
1184 // sms and phone apps after the user chooses this in the UI.
Svet Ganov359a9d92019-07-26 17:45:56 -0700[diff] [blame]1185 if (!isFixedOrUserSet(flags) || ignoreSystemPackage
1186 || changingGrantForSystemFixed) {
Nathan Haroldd66b9f32018-03-14 19:55:38 -0700[diff] [blame]1187 // Never clobber policy fixed permissions.
1188 // We must allow the grant of a system-fixed permission because
1189 // system-fixed is sticky, but the permission itself may be revoked.
1190 if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1191 continue;
1192 }
1193
Svet Ganov83a3a4a2019-05-03 18:50:43 -0700[diff] [blame]1194 // Preserve whitelisting flags.
1195 newFlags |= (flags & PackageManager.FLAGS_PERMISSION_RESTRICTION_ANY_EXEMPT);
1196
1197 // If we are whitelisting the permission, update the exempt flag before grant.
1198 if (whitelistRestrictedPermissions && isPermissionRestricted(permission)) {
1199 mContext.getPackageManager().updatePermissionFlags(permission,
1200 pkg.packageName,
1201 PackageManager.FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT,
1202 PackageManager.FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT, user);
1203 }
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1204
Svet Ganov359a9d92019-07-26 17:45:56 -0700[diff] [blame]1205 // If the system tries to change a system fixed permission from one fixed
1206 // state to another we need to drop the fixed flag to allow the grant.
1207 if (changingGrantForSystemFixed) {
1208 mContext.getPackageManager().updatePermissionFlags(permission,
1209 pkg.packageName, flags,
1210 flags & ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, user);
1211 }
1212
Philip P. Moltmanneb82d652019-03-26 16:17:26 -0700[diff] [blame]1213 if (pm.checkPermission(permission, pkg.packageName)
1214 != PackageManager.PERMISSION_GRANTED) {
1215 mContext.getPackageManager()
1216 .grantRuntimePermission(pkg.packageName, permission, user);
1217 }
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1218
1219 mContext.getPackageManager().updatePermissionFlags(permission, pkg.packageName,
1220 newFlags, newFlags, user);
1221
Svet Ganov83a3a4a2019-05-03 18:50:43 -0700[diff] [blame]1222 int uid = UserHandle.getUid(userId,
1223 UserHandle.getAppId(pkg.applicationInfo.uid));
1224
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1225 List<String> fgPerms = mPermissionManager.getBackgroundPermissions()
1226 .get(permission);
1227 if (fgPerms != null) {
1228 int numFgPerms = fgPerms.size();
1229 for (int fgPermNum = 0; fgPermNum < numFgPerms; fgPermNum++) {
1230 String fgPerm = fgPerms.get(fgPermNum);
1231
1232 if (pm.checkPermission(fgPerm, pkg.packageName)
1233 == PackageManager.PERMISSION_GRANTED) {
1234 // Upgrade the app-op state of the fg permission to allow bg access
Svet Ganov83a3a4a2019-05-03 18:50:43 -0700[diff] [blame]1235 // TODO: Dont' call app ops from package manager code.
Philip P. Moltmann159d98b2018-12-20 08:30:53 -0800[diff] [blame]1236 mContext.getSystemService(AppOpsManager.class).setUidMode(
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1237 AppOpsManager.permissionToOp(fgPerm), uid,
Philip P. Moltmann159d98b2018-12-20 08:30:53 -0800[diff] [blame]1238 AppOpsManager.MODE_ALLOWED);
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1239
1240 break;
1241 }
1242 }
1243 }
1244
1245 String bgPerm = getBackgroundPermission(permission);
Svet Ganov83a3a4a2019-05-03 18:50:43 -0700[diff] [blame]1246 String op = AppOpsManager.permissionToOp(permission);
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1247 if (bgPerm == null) {
1248 if (op != null) {
Svet Ganov83a3a4a2019-05-03 18:50:43 -0700[diff] [blame]1249 // TODO: Dont' call app ops from package manager code.
Philip P. Moltmann159d98b2018-12-20 08:30:53 -0800[diff] [blame]1250 mContext.getSystemService(AppOpsManager.class).setUidMode(op, uid,
1251 AppOpsManager.MODE_ALLOWED);
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1252 }
1253 } else {
1254 int mode;
1255 if (pm.checkPermission(bgPerm, pkg.packageName)
1256 == PackageManager.PERMISSION_GRANTED) {
1257 mode = AppOpsManager.MODE_ALLOWED;
1258 } else {
1259 mode = AppOpsManager.MODE_FOREGROUND;
1260 }
1261
Philip P. Moltmann159d98b2018-12-20 08:30:53 -0800[diff] [blame]1262 mContext.getSystemService(AppOpsManager.class).setUidMode(op, uid, mode);
Philip P. Moltmann12d0ee02018-10-30 14:47:33 -0700[diff] [blame]1263 }
1264
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1265 if (DEBUG) {
1266 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ")
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1267 + permission + " to default handler " + pkg);
Eugene Suslae4ee2c22018-11-05 12:23:30 -0800[diff] [blame]1268
1269 int appOp = AppOpsManager.permissionToOpCode(permission);
1270 if (appOp != AppOpsManager.OP_NONE
1271 && AppOpsManager.opToDefaultMode(appOp)
1272 != AppOpsManager.MODE_ALLOWED) {
1273 // Permission has a corresponding appop which is not allowed by default
1274 // We must allow it as well, as it's usually checked alongside the
1275 // permission
1276 if (DEBUG) {
1277 Log.i(TAG, "Granting OP_" + AppOpsManager.opToName(appOp)
1278 + " to " + pkg.packageName);
1279 }
1280 mContext.getSystemService(AppOpsManager.class).setUidMode(
1281 appOp, pkg.applicationInfo.uid, AppOpsManager.MODE_ALLOWED);
1282 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1283 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1284 }
1285
1286 // If a component gets a permission for being the default handler A
1287 // and also default handler B, we grant the weaker grant form.
1288 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0
1289 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0
1290 && !systemFixed) {
1291 if (DEBUG) {
1292 Log.i(TAG, "Granted not fixed " + permission + " to default handler "
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1293 + pkg);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1294 }
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]1295 mContext.getPackageManager().updatePermissionFlags(permission, pkg.packageName,
1296 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, user);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1297 }
1298 }
1299 }
1300 }
1301
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1302 private PackageInfo getSystemPackageInfo(String pkg) {
Eugene Suslaa8d1a452019-04-10 18:00:35 -0700[diff] [blame]1303 return getPackageInfo(pkg, PackageManager.MATCH_SYSTEM_ONLY);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1304 }
1305
1306 private PackageInfo getPackageInfo(String pkg) {
1307 return getPackageInfo(pkg, 0 /* extraFlags */);
1308 }
1309
1310 private PackageInfo getPackageInfo(String pkg,
1311 @PackageManager.PackageInfoFlags int extraFlags) {
Eugene Suslacc6b8a32019-04-09 14:08:09 -0700[diff] [blame]1312 if (pkg == null) {
1313 return null;
1314 }
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]1315 try {
1316 return mContext.getPackageManager().getPackageInfo(pkg,
1317 DEFAULT_PACKAGE_INFO_QUERY_FLAGS | extraFlags);
1318 } catch (NameNotFoundException e) {
Eugene Susla12523ab2019-01-22 17:46:54 -0800[diff] [blame]1319 Slog.e(TAG, "PackageNot found: " + pkg, e);
Eugene Susla4abd2e62018-11-02 17:35:07 -0700[diff] [blame]1320 return null;
1321 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1322 }
1323
1324 private boolean isSysComponentOrPersistentPlatformSignedPrivApp(PackageInfo pkg) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1325 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) {
1326 return true;
1327 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1328 if (!pkg.applicationInfo.isPrivilegedApp()) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1329 return false;
1330 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1331 final PackageInfo disabledPkg = getSystemPackageInfo(
1332 mServiceInternal.getDisabledSystemPackageName(pkg.applicationInfo.packageName));
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1333 if (disabledPkg != null) {
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1334 ApplicationInfo disabledPackageAppInfo = disabledPkg.applicationInfo;
1335 if (disabledPackageAppInfo != null
1336 && (disabledPackageAppInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1337 return false;
1338 }
1339 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
1340 return false;
1341 }
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1342 return mServiceInternal.isPlatformSigned(pkg.packageName);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1343 }
1344
1345 private void grantDefaultPermissionExceptions(int userId) {
1346 mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS);
1347
1348 synchronized (mLock) {
1349 // mGrantExceptions is null only before the first read and then
1350 // it serves as a cache of the default grants that should be
1351 // performed for every user. If there is an entry then the app
1352 // is on the system image and supports runtime permissions.
1353 if (mGrantExceptions == null) {
1354 mGrantExceptions = readDefaultPermissionExceptionsLocked();
1355 }
1356 }
1357
1358 Set<String> permissions = null;
1359 final int exceptionCount = mGrantExceptions.size();
1360 for (int i = 0; i < exceptionCount; i++) {
1361 String packageName = mGrantExceptions.keyAt(i);
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1362 PackageInfo pkg = getSystemPackageInfo(packageName);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1363 List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i);
1364 final int permissionGrantCount = permissionGrants.size();
1365 for (int j = 0; j < permissionGrantCount; j++) {
1366 DefaultPermissionGrant permissionGrant = permissionGrants.get(j);
Jeff Sharkey7a807602018-10-18 13:21:55 -0600[diff] [blame]1367 if (!isPermissionDangerous(permissionGrant.name)) {
1368 Log.w(TAG, "Ignoring permission " + permissionGrant.name
1369 + " which isn't dangerous");
1370 continue;
1371 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1372 if (permissions == null) {
1373 permissions = new ArraySet<>();
1374 } else {
1375 permissions.clear();
1376 }
Jeff Sharkey9d4654c2018-10-25 09:52:57 -0600[diff] [blame]1377 permissions.add(permissionGrant.name);
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]1378
1379
1380 grantRuntimePermissions(pkg, permissions, permissionGrant.fixed,
1381 permissionGrant.whitelisted, true /*whitelistRestrictedPermissions*/,
1382 userId);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1383 }
1384 }
1385 }
1386
1387 private File[] getDefaultPermissionFiles() {
1388 ArrayList<File> ret = new ArrayList<File>();
1389 File dir = new File(Environment.getRootDirectory(), "etc/default-permissions");
1390 if (dir.isDirectory() && dir.canRead()) {
1391 Collections.addAll(ret, dir.listFiles());
1392 }
1393 dir = new File(Environment.getVendorDirectory(), "etc/default-permissions");
1394 if (dir.isDirectory() && dir.canRead()) {
1395 Collections.addAll(ret, dir.listFiles());
1396 }
Jiyong Park0989e382018-03-13 10:26:47 +0900[diff] [blame]1397 dir = new File(Environment.getOdmDirectory(), "etc/default-permissions");
1398 if (dir.isDirectory() && dir.canRead()) {
1399 Collections.addAll(ret, dir.listFiles());
1400 }
Jaekyun Seok1713d9e2018-01-12 21:47:26 +0900[diff] [blame]1401 dir = new File(Environment.getProductDirectory(), "etc/default-permissions");
1402 if (dir.isDirectory() && dir.canRead()) {
1403 Collections.addAll(ret, dir.listFiles());
1404 }
Jeongik Chaf6629832019-07-04 21:12:06 +0900[diff] [blame]1405 dir = new File(Environment.getSystemExtDirectory(), "etc/default-permissions");
Dario Freni1ae46d72018-08-17 15:56:43 +0100[diff] [blame]1406 if (dir.isDirectory() && dir.canRead()) {
1407 Collections.addAll(ret, dir.listFiles());
1408 }
Ralph Nathanbd111582018-03-21 14:53:23 -0700[diff] [blame]1409 // For IoT devices, we check the oem partition for default permissions for each app.
1410 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) {
1411 dir = new File(Environment.getOemDirectory(), "etc/default-permissions");
1412 if (dir.isDirectory() && dir.canRead()) {
1413 Collections.addAll(ret, dir.listFiles());
1414 }
1415 }
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1416 return ret.isEmpty() ? null : ret.toArray(new File[0]);
1417 }
1418
1419 private @NonNull ArrayMap<String, List<DefaultPermissionGrant>>
1420 readDefaultPermissionExceptionsLocked() {
1421 File[] files = getDefaultPermissionFiles();
1422 if (files == null) {
1423 return new ArrayMap<>(0);
1424 }
1425
1426 ArrayMap<String, List<DefaultPermissionGrant>> grantExceptions = new ArrayMap<>();
1427
1428 // Iterate over the files in the directory and scan .xml files
1429 for (File file : files) {
1430 if (!file.getPath().endsWith(".xml")) {
1431 Slog.i(TAG, "Non-xml file " + file
1432 + " in " + file.getParent() + " directory, ignoring");
1433 continue;
1434 }
1435 if (!file.canRead()) {
1436 Slog.w(TAG, "Default permissions file " + file + " cannot be read");
1437 continue;
1438 }
1439 try (
1440 InputStream str = new BufferedInputStream(new FileInputStream(file))
1441 ) {
1442 XmlPullParser parser = Xml.newPullParser();
1443 parser.setInput(str, null);
1444 parse(parser, grantExceptions);
1445 } catch (XmlPullParserException | IOException e) {
1446 Slog.w(TAG, "Error reading default permissions file " + file, e);
1447 }
1448 }
1449
1450 return grantExceptions;
1451 }
1452
1453 private void parse(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1454 outGrantExceptions) throws IOException, XmlPullParserException {
1455 final int outerDepth = parser.getDepth();
1456 int type;
1457 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1458 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1459 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1460 continue;
1461 }
1462 if (TAG_EXCEPTIONS.equals(parser.getName())) {
1463 parseExceptions(parser, outGrantExceptions);
1464 } else {
1465 Log.e(TAG, "Unknown tag " + parser.getName());
1466 }
1467 }
1468 }
1469
1470 private void parseExceptions(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>>
1471 outGrantExceptions) throws IOException, XmlPullParserException {
1472 final int outerDepth = parser.getDepth();
1473 int type;
1474 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1475 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1476 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1477 continue;
1478 }
1479 if (TAG_EXCEPTION.equals(parser.getName())) {
1480 String packageName = parser.getAttributeValue(null, ATTR_PACKAGE);
1481
1482 List<DefaultPermissionGrant> packageExceptions =
1483 outGrantExceptions.get(packageName);
1484 if (packageExceptions == null) {
1485 // The package must be on the system image
Hai Zhangb157ef82018-10-04 14:53:04 -0700[diff] [blame]1486 PackageInfo packageInfo = getSystemPackageInfo(packageName);
Eugene Suslaf25013c2019-03-01 15:17:54 -0800[diff] [blame]1487
1488 if (packageInfo == null) {
1489 Log.w(TAG, "No such package:" + packageName);
1490 XmlUtils.skipCurrentTag(parser);
1491 continue;
1492 }
1493
Hai Zhangb157ef82018-10-04 14:53:04 -0700[diff] [blame]1494 if (!isSystemPackage(packageInfo)) {
1495 Log.w(TAG, "Unknown system package:" + packageName);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1496 XmlUtils.skipCurrentTag(parser);
1497 continue;
1498 }
1499
1500 // The package must support runtime permissions
Hai Zhangb157ef82018-10-04 14:53:04 -0700[diff] [blame]1501 if (!doesPackageSupportRuntimePermissions(packageInfo)) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1502 Log.w(TAG, "Skipping non supporting runtime permissions package:"
1503 + packageName);
1504 XmlUtils.skipCurrentTag(parser);
1505 continue;
1506 }
1507 packageExceptions = new ArrayList<>();
1508 outGrantExceptions.put(packageName, packageExceptions);
1509 }
1510
1511 parsePermission(parser, packageExceptions);
1512 } else {
1513 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exceptions>");
1514 }
1515 }
1516 }
1517
1518 private void parsePermission(XmlPullParser parser, List<DefaultPermissionGrant>
1519 outPackageExceptions) throws IOException, XmlPullParserException {
1520 final int outerDepth = parser.getDepth();
1521 int type;
1522 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
1523 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
1524 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
1525 continue;
1526 }
1527
1528 if (TAG_PERMISSION.contains(parser.getName())) {
1529 String name = parser.getAttributeValue(null, ATTR_NAME);
1530 if (name == null) {
1531 Log.w(TAG, "Mandatory name attribute missing for permission tag");
1532 XmlUtils.skipCurrentTag(parser);
1533 continue;
1534 }
1535
1536 final boolean fixed = XmlUtils.readBooleanAttribute(parser, ATTR_FIXED);
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]1537 final boolean whitelisted = XmlUtils.readBooleanAttribute(parser, ATTR_WHITELISTED);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1538
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]1539 DefaultPermissionGrant exception = new DefaultPermissionGrant(
1540 name, fixed, whitelisted);
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1541 outPackageExceptions.add(exception);
1542 } else {
1543 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exception>");
1544 }
1545 }
1546 }
1547
Philip P. Moltmannb0be05c2018-09-19 02:46:56 +0000[diff] [blame]1548 private static boolean doesPackageSupportRuntimePermissions(PackageInfo pkg) {
1549 return pkg.applicationInfo != null
1550 && pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1551 }
1552
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]1553 private boolean isPermissionRestricted(String name) {
1554 try {
1555 return mContext.getPackageManager().getPermissionInfo(name, 0).isRestricted();
1556 } catch (NameNotFoundException e) {
1557 return false;
1558 }
1559 }
1560
Jeff Sharkey7a807602018-10-18 13:21:55 -0600[diff] [blame]1561 private boolean isPermissionDangerous(String name) {
1562 try {
1563 final PermissionInfo pi = mContext.getPackageManager().getPermissionInfo(name, 0);
Jeff Sharkey9d4654c2018-10-25 09:52:57 -0600[diff] [blame]1564 return (pi.getProtection() == PermissionInfo.PROTECTION_DANGEROUS);
Jeff Sharkey7a807602018-10-18 13:21:55 -0600[diff] [blame]1565 } catch (NameNotFoundException e) {
1566 // When unknown assume it's dangerous to be on the safe side
1567 return true;
1568 }
1569 }
1570
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1571 private static final class DefaultPermissionGrant {
1572 final String name;
1573 final boolean fixed;
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]1574 final boolean whitelisted;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1575
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]1576 public DefaultPermissionGrant(String name, boolean fixed,
1577 boolean whitelisted) {
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1578 this.name = name;
1579 this.fixed = fixed;
Svet Ganovd8eb8b22019-04-05 18:52:08 -0700[diff] [blame]1580 this.whitelisted = whitelisted;
Todd Kennedy82b08422017-09-28 13:32:05 -0700[diff] [blame]1581 }
1582 }
1583}