DefaultPermissionGrantPolicy.java revision 0010b70beae6fafd3faf06e1b02291f59f9f85db
1/* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.pm; 18 19import android.Manifest; 20import android.app.DownloadManager; 21import android.app.admin.DevicePolicyManager; 22import android.content.Intent; 23import android.content.pm.ApplicationInfo; 24import android.content.pm.PackageManager; 25import android.content.pm.PackageManagerInternal.PackagesProvider; 26import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider; 27import android.content.pm.PackageParser; 28import android.content.pm.ProviderInfo; 29import android.content.pm.ResolveInfo; 30import android.net.Uri; 31import android.os.Build; 32import android.os.UserHandle; 33import android.provider.CalendarContract; 34import android.provider.ContactsContract; 35import android.provider.MediaStore; 36import android.util.ArraySet; 37import android.util.Log; 38 39import java.io.File; 40import java.util.ArrayList; 41import java.util.List; 42import java.util.Set; 43 44import static android.os.Process.FIRST_APPLICATION_UID; 45 46/** 47 * This class is the policy for granting runtime permissions to 48 * platform components and default handlers in the system such 49 * that the device is usable out-of-the-box. For example, the 50 * shell UID is a part of the system and the Phone app should 51 * have phone related permission by default. 52 */ 53final class DefaultPermissionGrantPolicy { 54 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars 55 private static final boolean DEBUG = false; 56 57 private static final String PACKAGE_MIME_TYPE = "application/vnd.android.package-archive"; 58 private static final String AUDIO_MIME_TYPE = "audio/mpeg"; 59 60 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>(); 61 static { 62 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE); 63 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE); 64 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG); 65 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG); 66 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL); 67 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP); 68 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS); 69 } 70 71 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>(); 72 static { 73 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS); 74 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS); 75 } 76 77 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>(); 78 static { 79 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION); 80 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION); 81 } 82 83 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>(); 84 static { 85 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR); 86 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR); 87 } 88 89 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>(); 90 static { 91 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS); 92 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS); 93 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS); 94 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH); 95 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS); 96 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS); 97 } 98 99 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>(); 100 static { 101 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO); 102 } 103 104 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>(); 105 static { 106 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA); 107 } 108 109 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>(); 110 static { 111 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS); 112 } 113 114 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>(); 115 static { 116 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE); 117 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE); 118 } 119 120 private static final Set<String> ACCOUNTS_PERMISSIONS = new ArraySet<>(); 121 static { 122 //ACCOUNTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS); 123 } 124 125 private static final Set<String> SETTINGS_PERMISSIONS = new ArraySet<>(); 126 static { 127 SETTINGS_PERMISSIONS.add(Manifest.permission.WRITE_SETTINGS); 128 } 129 130 private static final Set<String> INSTALLER_PERMISSIONS = new ArraySet<>(); 131 static { 132 INSTALLER_PERMISSIONS.add(Manifest.permission.GRANT_REVOKE_PERMISSIONS); 133 INSTALLER_PERMISSIONS.add(Manifest.permission.INTERACT_ACROSS_USERS_FULL); 134 INSTALLER_PERMISSIONS.add(Manifest.permission.CLEAR_APP_USER_DATA); 135 INSTALLER_PERMISSIONS.add(Manifest.permission.KILL_UID); 136 } 137 138 private static final Set<String> VERIFIER_PERMISSIONS = new ArraySet<>(); 139 static { 140 INSTALLER_PERMISSIONS.add(Manifest.permission.GRANT_REVOKE_PERMISSIONS); 141 } 142 143 private final PackageManagerService mService; 144 145 private PackagesProvider mImePackagesProvider; 146 private PackagesProvider mLocationPackagesProvider; 147 private PackagesProvider mVoiceInteractionPackagesProvider; 148 private PackagesProvider mSmsAppPackagesProvider; 149 private PackagesProvider mDialerAppPackagesProvider; 150 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider; 151 152 public DefaultPermissionGrantPolicy(PackageManagerService service) { 153 mService = service; 154 } 155 156 public void setImePackagesProviderLPr(PackagesProvider provider) { 157 mImePackagesProvider = provider; 158 } 159 160 public void setLocationPackagesProviderLPw(PackagesProvider provider) { 161 mLocationPackagesProvider = provider; 162 } 163 164 public void setVoiceInteractionPackagesProviderLPw(PackagesProvider provider) { 165 mVoiceInteractionPackagesProvider = provider; 166 } 167 168 public void setSmsAppPackagesProviderLPw(PackagesProvider provider) { 169 mSmsAppPackagesProvider = provider; 170 } 171 172 public void setDialerAppPackagesProviderLPw(PackagesProvider provider) { 173 mDialerAppPackagesProvider = provider; 174 } 175 176 public void setSyncAdapterPackagesProviderrLPw(SyncAdapterPackagesProvider provider) { 177 mSyncAdapterPackagesProvider = provider; 178 } 179 180 public void grantDefaultPermissions(int userId) { 181 grantPermissionsToSysComponentsAndPrivApps(userId); 182 grantDefaultSystemHandlerPermissions(userId); 183 } 184 185 private void grantPermissionsToSysComponentsAndPrivApps(int userId) { 186 Log.i(TAG, "Granting permissions to platform components for user " + userId); 187 188 synchronized (mService.mPackages) { 189 for (PackageParser.Package pkg : mService.mPackages.values()) { 190 if (!isSysComponentOrPersistentPrivApp(pkg) 191 || !doesPackageSupportRuntimePermissions(pkg)) { 192 continue; 193 } 194 final int permissionCount = pkg.requestedPermissions.size(); 195 for (int i = 0; i < permissionCount; i++) { 196 String permission = pkg.requestedPermissions.get(i); 197 BasePermission bp = mService.mSettings.mPermissions.get(permission); 198 if (bp != null && bp.isRuntime()) { 199 final int flags = mService.getPermissionFlags(permission, 200 pkg.packageName, userId); 201 if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) == 0) { 202 mService.grantRuntimePermission(pkg.packageName, permission, userId); 203 mService.updatePermissionFlags(permission, pkg.packageName, 204 PackageManager.MASK_PERMISSION_FLAGS, 205 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, userId); 206 if (DEBUG) { 207 Log.i(TAG, "Granted " + permission + " to system component " 208 + pkg.packageName); 209 } 210 } 211 } 212 } 213 } 214 } 215 } 216 217 private void grantDefaultSystemHandlerPermissions(int userId) { 218 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId); 219 220 final PackagesProvider imePackagesProvider; 221 final PackagesProvider locationPackagesProvider; 222 final PackagesProvider voiceInteractionPackagesProvider; 223 final PackagesProvider smsAppPackagesProvider; 224 final PackagesProvider dialerAppPackagesProvider; 225 final SyncAdapterPackagesProvider syncAdapterPackagesProvider; 226 227 synchronized (mService.mPackages) { 228 imePackagesProvider = mImePackagesProvider; 229 locationPackagesProvider = mLocationPackagesProvider; 230 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider; 231 smsAppPackagesProvider = mSmsAppPackagesProvider; 232 dialerAppPackagesProvider = mDialerAppPackagesProvider; 233 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider; 234 } 235 236 String[] imePackageNames = (imePackagesProvider != null) 237 ? imePackagesProvider.getPackages(userId) : null; 238 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null) 239 ? voiceInteractionPackagesProvider.getPackages(userId) : null; 240 String[] locationPackageNames = (locationPackagesProvider != null) 241 ? locationPackagesProvider.getPackages(userId) : null; 242 String[] smsAppPackageNames = (smsAppPackagesProvider != null) 243 ? smsAppPackagesProvider.getPackages(userId) : null; 244 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null) 245 ? dialerAppPackagesProvider.getPackages(userId) : null; 246 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 247 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null; 248 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 249 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null; 250 251 synchronized (mService.mPackages) { 252 // Installers 253 Intent installerIntent = new Intent(Intent.ACTION_INSTALL_PACKAGE); 254 installerIntent.addCategory(Intent.CATEGORY_DEFAULT); 255 installerIntent.setDataAndType(Uri.fromFile(new File("foo.apk")), 256 PACKAGE_MIME_TYPE); 257 List<PackageParser.Package> installerPackages = 258 getPrivilegedHandlerActivityPackagesLPr(installerIntent, userId); 259 final int installerCount = installerPackages.size(); 260 for (int i = 0; i < installerCount; i++) { 261 PackageParser.Package installPackage = installerPackages.get(i); 262 grantInstallPermissionsLPw(installPackage, INSTALLER_PERMISSIONS, userId); 263 grantRuntimePermissionsLPw(installPackage, STORAGE_PERMISSIONS, true, userId); 264 } 265 266 // Verifiers 267 Intent verifierIntent = new Intent(Intent.ACTION_PACKAGE_NEEDS_VERIFICATION); 268 verifierIntent.setType(PACKAGE_MIME_TYPE); 269 List<PackageParser.Package> verifierPackages = 270 getPrivilegedHandlerReceiverPackagesLPr(verifierIntent, userId); 271 final int verifierCount = verifierPackages.size(); 272 for (int i = 0; i < verifierCount; i++) { 273 PackageParser.Package verifierPackage = verifierPackages.get(i); 274 grantInstallPermissionsLPw(verifierPackage, VERIFIER_PERMISSIONS, userId); 275 grantRuntimePermissionsLPw(verifierPackage, STORAGE_PERMISSIONS, userId); 276 } 277 278 // SetupWizard 279 Intent setupIntent = new Intent(Intent.ACTION_MAIN); 280 setupIntent.addCategory(Intent.CATEGORY_HOME); 281 PackageParser.Package setupPackage = getDefaultSystemHandlerActivityPackageLPr( 282 setupIntent, userId); 283 if (setupPackage != null 284 && doesPackageSupportRuntimePermissions(setupPackage)) { 285 grantRuntimePermissionsLPw(setupPackage, PHONE_PERMISSIONS, userId); 286 grantRuntimePermissionsLPw(setupPackage, CONTACTS_PERMISSIONS, userId); 287 grantRuntimePermissionsLPw(setupPackage, SETTINGS_PERMISSIONS, userId); 288 } 289 290 // Dialer 291 if (dialerAppPackageNames != null) { 292 for (String dialerAppPackageName : dialerAppPackageNames) { 293 PackageParser.Package dialerPackage = getPackageLPr(dialerAppPackageName); 294 if (dialerPackage != null 295 && doesPackageSupportRuntimePermissions(dialerPackage)) { 296 grantRuntimePermissionsLPw(dialerPackage, PHONE_PERMISSIONS, userId); 297 grantRuntimePermissionsLPw(dialerPackage, CONTACTS_PERMISSIONS, userId); 298 grantRuntimePermissionsLPw(dialerPackage, SMS_PERMISSIONS, userId); 299 grantRuntimePermissionsLPw(dialerPackage, MICROPHONE_PERMISSIONS, userId); 300 } 301 } 302 } 303 304 // Camera 305 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE); 306 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackageLPr( 307 cameraIntent, userId); 308 if (cameraPackage != null 309 && doesPackageSupportRuntimePermissions(cameraPackage)) { 310 grantRuntimePermissionsLPw(cameraPackage, CAMERA_PERMISSIONS, userId); 311 grantRuntimePermissionsLPw(cameraPackage, MICROPHONE_PERMISSIONS, userId); 312 grantRuntimePermissionsLPw(cameraPackage, STORAGE_PERMISSIONS, userId); 313 } 314 315 // Media provider 316 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackageLPr( 317 MediaStore.AUTHORITY, userId); 318 if (mediaStorePackage != null) { 319 grantRuntimePermissionsLPw(mediaStorePackage, STORAGE_PERMISSIONS, true, userId); 320 } 321 322 // Downloads provider 323 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackageLPr( 324 "downloads", userId); 325 if (downloadsPackage != null) { 326 grantRuntimePermissionsLPw(downloadsPackage, STORAGE_PERMISSIONS, true, userId); 327 } 328 329 // Downloads UI 330 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS); 331 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackageLPr( 332 downloadsUiIntent, userId); 333 if (downloadsUiPackage != null 334 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) { 335 grantRuntimePermissionsLPw(downloadsUiPackage, STORAGE_PERMISSIONS, true, userId); 336 } 337 338 // Storage provider 339 PackageParser.Package storagePackage = getDefaultProviderAuthorityPackageLPr( 340 "com.android.externalstorage.documents", userId); 341 if (storagePackage != null) { 342 grantRuntimePermissionsLPw(storagePackage, STORAGE_PERMISSIONS, userId); 343 } 344 345 // SMS 346 if (smsAppPackageNames != null) { 347 for (String smsPackageName : smsAppPackageNames) { 348 PackageParser.Package smsPackage = getPackageLPr(smsPackageName); 349 if (smsPackage != null 350 && doesPackageSupportRuntimePermissions(smsPackage)) { 351 grantRuntimePermissionsLPw(smsPackage, PHONE_PERMISSIONS, userId); 352 grantRuntimePermissionsLPw(smsPackage, CONTACTS_PERMISSIONS, userId); 353 grantRuntimePermissionsLPw(smsPackage, SMS_PERMISSIONS, userId); 354 } 355 } 356 } 357 358 // Calendar 359 Intent calendarIntent = new Intent(Intent.ACTION_MAIN); 360 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR); 361 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackageLPr( 362 calendarIntent, userId); 363 if (calendarPackage != null 364 && doesPackageSupportRuntimePermissions(calendarPackage)) { 365 grantRuntimePermissionsLPw(calendarPackage, CALENDAR_PERMISSIONS, userId); 366 grantRuntimePermissionsLPw(calendarPackage, CONTACTS_PERMISSIONS, userId); 367 grantRuntimePermissionsLPw(calendarPackage, ACCOUNTS_PERMISSIONS, userId); 368 } 369 370 // Calendar provider 371 PackageParser.Package calendarProviderPackage = getDefaultProviderAuthorityPackageLPr( 372 CalendarContract.AUTHORITY, userId); 373 if (calendarProviderPackage != null) { 374 grantRuntimePermissionsLPw(calendarProviderPackage, CONTACTS_PERMISSIONS, userId); 375 grantRuntimePermissionsLPw(calendarProviderPackage, CALENDAR_PERMISSIONS, 376 true, userId); 377 grantRuntimePermissionsLPw(calendarProviderPackage, ACCOUNTS_PERMISSIONS, userId); 378 grantRuntimePermissionsLPw(calendarProviderPackage, STORAGE_PERMISSIONS, userId); 379 } 380 381 // Calendar provider sync adapters 382 List<PackageParser.Package> calendarSyncAdapters = 383 getHeadlessSyncAdapterPackagesLPr(calendarSyncAdapterPackages, 384 userId); 385 final int calendarSyncAdapterCount = calendarSyncAdapters.size(); 386 for (int i = 0; i < calendarSyncAdapterCount; i++) { 387 PackageParser.Package calendarSyncAdapter = calendarSyncAdapters.get(i); 388 if (doesPackageSupportRuntimePermissions(calendarSyncAdapter)) { 389 grantRuntimePermissionsLPw(calendarSyncAdapter, CALENDAR_PERMISSIONS, userId); 390 } 391 } 392 393 // Contacts 394 Intent contactsIntent = new Intent(Intent.ACTION_MAIN); 395 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS); 396 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackageLPr( 397 contactsIntent, userId); 398 if (contactsPackage != null 399 && doesPackageSupportRuntimePermissions(contactsPackage)) { 400 grantRuntimePermissionsLPw(contactsPackage, CONTACTS_PERMISSIONS, userId); 401 grantRuntimePermissionsLPw(contactsPackage, PHONE_PERMISSIONS, userId); 402 grantRuntimePermissionsLPw(contactsPackage, ACCOUNTS_PERMISSIONS, userId); 403 } 404 405 // Contacts provider sync adapters 406 List<PackageParser.Package> contactsSyncAdapters = 407 getHeadlessSyncAdapterPackagesLPr(contactsSyncAdapterPackages, 408 userId); 409 final int contactsSyncAdapterCount = contactsSyncAdapters.size(); 410 for (int i = 0; i < contactsSyncAdapterCount; i++) { 411 PackageParser.Package contactsSyncAdapter = contactsSyncAdapters.get(i); 412 if (doesPackageSupportRuntimePermissions(contactsSyncAdapter)) { 413 grantRuntimePermissionsLPw(contactsSyncAdapter, CONTACTS_PERMISSIONS, userId); 414 } 415 } 416 417 // Contacts provider 418 PackageParser.Package contactsProviderPackage = getDefaultProviderAuthorityPackageLPr( 419 ContactsContract.AUTHORITY, userId); 420 if (contactsProviderPackage != null) { 421 grantRuntimePermissionsLPw(contactsProviderPackage, CONTACTS_PERMISSIONS, 422 true, userId); 423 grantRuntimePermissionsLPw(contactsProviderPackage, ACCOUNTS_PERMISSIONS, userId); 424 grantRuntimePermissionsLPw(contactsProviderPackage, STORAGE_PERMISSIONS, userId); 425 } 426 427 // Device provisioning 428 Intent deviceProvisionIntent = new Intent( 429 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE); 430 PackageParser.Package deviceProvisionPackage = 431 getDefaultSystemHandlerActivityPackageLPr(deviceProvisionIntent, userId); 432 if (deviceProvisionPackage != null 433 && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) { 434 grantRuntimePermissionsLPw(contactsPackage, ACCOUNTS_PERMISSIONS, userId); 435 } 436 437 // Maps 438 Intent mapsIntent = new Intent(Intent.ACTION_MAIN); 439 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS); 440 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackageLPr( 441 mapsIntent, userId); 442 if (mapsPackage != null 443 && doesPackageSupportRuntimePermissions(mapsPackage)) { 444 grantRuntimePermissionsLPw(mapsPackage, LOCATION_PERMISSIONS, userId); 445 } 446 447 // Email 448 Intent emailIntent = new Intent(Intent.ACTION_MAIN); 449 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL); 450 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackageLPr( 451 emailIntent, userId); 452 if (emailPackage != null 453 && doesPackageSupportRuntimePermissions(emailPackage)) { 454 grantRuntimePermissionsLPw(emailPackage, CONTACTS_PERMISSIONS, userId); 455 } 456 457 // Browser 458 PackageParser.Package browserPackage = null; 459 String defaultBrowserPackage = mService.getDefaultBrowserPackageName(userId); 460 if (defaultBrowserPackage != null) { 461 browserPackage = getPackageLPr(defaultBrowserPackage); 462 } 463 if (browserPackage == null) { 464 Intent browserIntent = new Intent(Intent.ACTION_MAIN); 465 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER); 466 browserPackage = getDefaultSystemHandlerActivityPackageLPr( 467 browserIntent, userId); 468 } 469 if (browserPackage != null 470 && doesPackageSupportRuntimePermissions(browserPackage)) { 471 grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, userId); 472 } 473 474 // IME 475 if (imePackageNames != null) { 476 for (String imePackageName : imePackageNames) { 477 PackageParser.Package imePackage = getSystemPackageLPr(imePackageName); 478 if (imePackage != null 479 && doesPackageSupportRuntimePermissions(imePackage)) { 480 grantRuntimePermissionsLPw(imePackage, CONTACTS_PERMISSIONS, userId); 481 } 482 } 483 } 484 485 // Voice interaction 486 if (voiceInteractPackageNames != null) { 487 for (String voiceInteractPackageName : voiceInteractPackageNames) { 488 PackageParser.Package voiceInteractPackage = getSystemPackageLPr( 489 voiceInteractPackageName); 490 if (voiceInteractPackage != null 491 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) { 492 grantRuntimePermissionsLPw(voiceInteractPackage, 493 CONTACTS_PERMISSIONS, userId); 494 grantRuntimePermissionsLPw(voiceInteractPackage, 495 CALENDAR_PERMISSIONS, userId); 496 grantRuntimePermissionsLPw(voiceInteractPackage, 497 MICROPHONE_PERMISSIONS, userId); 498 grantRuntimePermissionsLPw(voiceInteractPackage, 499 PHONE_PERMISSIONS, userId); 500 grantRuntimePermissionsLPw(voiceInteractPackage, 501 SMS_PERMISSIONS, userId); 502 grantRuntimePermissionsLPw(voiceInteractPackage, 503 LOCATION_PERMISSIONS, userId); 504 } 505 } 506 } 507 508 // Location 509 if (locationPackageNames != null) { 510 for (String packageName : locationPackageNames) { 511 PackageParser.Package locationPackage = getSystemPackageLPr(packageName); 512 if (locationPackage != null 513 && doesPackageSupportRuntimePermissions(locationPackage)) { 514 grantRuntimePermissionsLPw(locationPackage, CONTACTS_PERMISSIONS, userId); 515 grantRuntimePermissionsLPw(locationPackage, CALENDAR_PERMISSIONS, userId); 516 grantRuntimePermissionsLPw(locationPackage, MICROPHONE_PERMISSIONS, userId); 517 grantRuntimePermissionsLPw(locationPackage, PHONE_PERMISSIONS, userId); 518 grantRuntimePermissionsLPw(locationPackage, SMS_PERMISSIONS, userId); 519 grantRuntimePermissionsLPw(locationPackage, LOCATION_PERMISSIONS, 520 true, userId); 521 grantRuntimePermissionsLPw(locationPackage, CAMERA_PERMISSIONS, userId); 522 grantRuntimePermissionsLPw(locationPackage, SENSORS_PERMISSIONS, userId); 523 grantRuntimePermissionsLPw(locationPackage, STORAGE_PERMISSIONS, userId); 524 } 525 } 526 } 527 528 // Music 529 Intent musicIntent = new Intent(Intent.ACTION_VIEW); 530 musicIntent.addCategory(Intent.CATEGORY_DEFAULT); 531 musicIntent.setDataAndType(Uri.fromFile(new File("foo.mp3")), 532 AUDIO_MIME_TYPE); 533 PackageParser.Package musicPackage = getDefaultSystemHandlerActivityPackageLPr( 534 musicIntent, userId); 535 if (musicPackage != null 536 && doesPackageSupportRuntimePermissions(musicPackage)) { 537 grantRuntimePermissionsLPw(musicPackage, STORAGE_PERMISSIONS, userId); 538 } 539 540 mService.mSettings.onDefaultRuntimePermissionsGrantedLPr(userId); 541 } 542 } 543 544 public void grantDefaultPermissionsToDefaultSmsAppLPr(String packageName, int userId) { 545 Log.i(TAG, "Granting permissions to default sms app for user:" + userId); 546 if (packageName == null) { 547 return; 548 } 549 PackageParser.Package smsPackage = getPackageLPr(packageName); 550 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) { 551 grantRuntimePermissionsLPw(smsPackage, PHONE_PERMISSIONS, userId); 552 grantRuntimePermissionsLPw(smsPackage, CONTACTS_PERMISSIONS, userId); 553 grantRuntimePermissionsLPw(smsPackage, SMS_PERMISSIONS, userId); 554 } 555 } 556 557 public void grantDefaultPermissionsToDefaultDialerAppLPr(String packageName, int userId) { 558 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId); 559 if (packageName == null) { 560 return; 561 } 562 PackageParser.Package dialerPackage = getPackageLPr(packageName); 563 if (dialerPackage != null 564 && doesPackageSupportRuntimePermissions(dialerPackage)) { 565 grantRuntimePermissionsLPw(dialerPackage, PHONE_PERMISSIONS, userId); 566 grantRuntimePermissionsLPw(dialerPackage, CONTACTS_PERMISSIONS, userId); 567 grantRuntimePermissionsLPw(dialerPackage, SMS_PERMISSIONS, userId); 568 grantRuntimePermissionsLPw(dialerPackage, MICROPHONE_PERMISSIONS, userId); 569 } 570 } 571 572 public void grantDefaultPermissionsToEnabledCarrierAppsLPr(String[] packageNames, int userId) { 573 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId); 574 if (packageNames == null) { 575 return; 576 } 577 for (String packageName : packageNames) { 578 PackageParser.Package carrierPackage = getSystemPackageLPr(packageName); 579 if (carrierPackage != null 580 && doesPackageSupportRuntimePermissions(carrierPackage)) { 581 grantRuntimePermissionsLPw(carrierPackage, PHONE_PERMISSIONS, userId); 582 grantRuntimePermissionsLPw(carrierPackage, LOCATION_PERMISSIONS, userId); 583 } 584 } 585 } 586 587 public void grantDefaultPermissionsToDefaultBrowserLPr(String packageName, int userId) { 588 Log.i(TAG, "Granting permissions to default browser for user:" + userId); 589 if (packageName == null) { 590 return; 591 } 592 PackageParser.Package browserPackage = getSystemPackageLPr(packageName); 593 if (browserPackage != null 594 && doesPackageSupportRuntimePermissions(browserPackage)) { 595 grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, userId); 596 } 597 } 598 599 private List<PackageParser.Package> getPrivilegedHandlerReceiverPackagesLPr( 600 Intent intent, int userId) { 601 List<ResolveInfo> handlers = mService.queryIntentReceivers( 602 intent, intent.resolveTypeIfNeeded(mService.mContext.getContentResolver()), 603 0, userId); 604 return getPrivilegedPackages(handlers); 605 } 606 607 private List<PackageParser.Package> getPrivilegedHandlerActivityPackagesLPr( 608 Intent intent, int userId) { 609 List<ResolveInfo> handlers = mService.queryIntentActivities( 610 intent, intent.resolveTypeIfNeeded(mService.mContext.getContentResolver()), 611 0, userId); 612 return getPrivilegedPackages(handlers); 613 } 614 615 private List<PackageParser.Package> getPrivilegedPackages(List<ResolveInfo> resolveInfos) { 616 List<PackageParser.Package> handlerPackages = new ArrayList<>(); 617 final int handlerCount = resolveInfos.size(); 618 for (int i = 0; i < handlerCount; i++) { 619 ResolveInfo handler = resolveInfos.get(i); 620 PackageParser.Package handlerPackage = getPrivilegedPackageLPr( 621 handler.activityInfo.packageName); 622 if (handlerPackage != null) { 623 handlerPackages.add(handlerPackage); 624 } 625 } 626 return handlerPackages; 627 } 628 629 private PackageParser.Package getDefaultSystemHandlerActivityPackageLPr( 630 Intent intent, int userId) { 631 List<ResolveInfo> handlers = mService.queryIntentActivities(intent, null, 0, userId); 632 final int handlerCount = handlers.size(); 633 for (int i = 0; i < handlerCount; i++) { 634 ResolveInfo handler = handlers.get(i); 635 // TODO: This is a temporary hack to figure out the setup app. 636 PackageParser.Package handlerPackage = getSystemPackageLPr( 637 handler.activityInfo.packageName); 638 if (handlerPackage != null) { 639 return handlerPackage; 640 } 641 } 642 return null; 643 } 644 645 private List<PackageParser.Package> getHeadlessSyncAdapterPackagesLPr( 646 String[] syncAdapterPackageNames, int userId) { 647 List<PackageParser.Package> syncAdapterPackages = new ArrayList<>(); 648 649 Intent homeIntent = new Intent(Intent.ACTION_MAIN); 650 homeIntent.addCategory(Intent.CATEGORY_HOME); 651 652 for (String syncAdapterPackageName : syncAdapterPackageNames) { 653 homeIntent.setPackage(syncAdapterPackageName); 654 655 List<ResolveInfo> homeActivities = mService.queryIntentActivities(homeIntent, 656 homeIntent.resolveType(mService.mContext.getContentResolver()), 0, userId); 657 if (!homeActivities.isEmpty()) { 658 continue; 659 } 660 661 PackageParser.Package syncAdapterPackage = getSystemPackageLPr(syncAdapterPackageName); 662 if (syncAdapterPackage != null) { 663 syncAdapterPackages.add(syncAdapterPackage); 664 } 665 } 666 667 return syncAdapterPackages; 668 } 669 670 private PackageParser.Package getDefaultProviderAuthorityPackageLPr( 671 String authority, int userId) { 672 ProviderInfo provider = mService.resolveContentProvider(authority, 0, userId); 673 if (provider != null) { 674 return getSystemPackageLPr(provider.packageName); 675 } 676 return null; 677 } 678 679 private PackageParser.Package getPackageLPr(String packageName) { 680 return mService.mPackages.get(packageName); 681 } 682 683 private PackageParser.Package getSystemPackageLPr(String packageName) { 684 PackageParser.Package pkg = getPackageLPr(packageName); 685 if (pkg != null && pkg.isSystemApp()) { 686 return !isSysComponentOrPersistentPrivApp(pkg) ? pkg : null; 687 } 688 return null; 689 } 690 691 private PackageParser.Package getPrivilegedPackageLPr(String packageName) { 692 PackageParser.Package pkg = mService.mPackages.get(packageName); 693 if (pkg != null && pkg.applicationInfo.isPrivilegedApp()) { 694 return !isSysComponentOrPersistentPrivApp(pkg) ? pkg : null; 695 } 696 return null; 697 } 698 699 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 700 int userId) { 701 grantRuntimePermissionsLPw(pkg, permissions, false, userId); 702 703 } 704 705 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 706 boolean systemFixed, int userId) { 707 List<String> requestedPermissions = pkg.requestedPermissions; 708 709 if (pkg.isUpdatedSystemApp()) { 710 PackageSetting sysPs = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName); 711 if (sysPs != null) { 712 requestedPermissions = sysPs.pkg.requestedPermissions; 713 } 714 } 715 716 final int permissionCount = requestedPermissions.size(); 717 for (int i = 0; i < permissionCount; i++) { 718 String permission = requestedPermissions.get(i); 719 if (permissions.contains(permission)) { 720 final int flags = mService.getPermissionFlags(permission, pkg.packageName, userId); 721 722 // If any flags are set to the permission, then it is either set in 723 // its current state by the system or device/profile owner or the user. 724 // In all these cases we do not want to clobber the current state. 725 if (flags == 0) { 726 mService.grantRuntimePermission(pkg.packageName, permission, userId); 727 if (DEBUG) { 728 Log.i(TAG, "Granted " + permission + " to default handler " 729 + pkg.packageName); 730 } 731 732 if (systemFixed) { 733 mService.updatePermissionFlags(permission, pkg.packageName, 734 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 735 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, userId); 736 } 737 } 738 } 739 } 740 } 741 742 private void grantInstallPermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 743 int userId) { 744 List<String> requestedPermissions = pkg.requestedPermissions; 745 746 if (pkg.isUpdatedSystemApp()) { 747 PackageSetting sysPs = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName); 748 if (sysPs != null) { 749 requestedPermissions = sysPs.pkg.requestedPermissions; 750 } 751 } 752 753 final int permissionCount = requestedPermissions.size(); 754 for (int i = 0; i < permissionCount; i++) { 755 String permission = requestedPermissions.get(i); 756 if (permissions.contains(permission)) { 757 final int flags = mService.getPermissionFlags(permission, pkg.packageName, userId); 758 759 // If any flags are set to the permission, then it is either set in 760 // its current state by the system or device/profile owner or the user. 761 // In all these cases we do not want to clobber the current state. 762 if (flags == 0) { 763 mService.grantInstallPermissionLPw(permission, pkg); 764 if (DEBUG) { 765 Log.i(TAG, "Granted install " + permission + " to " + pkg.packageName); 766 } 767 } 768 } 769 } 770 } 771 772 private static boolean isSysComponentOrPersistentPrivApp(PackageParser.Package pkg) { 773 return UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID 774 || ((pkg.applicationInfo.privateFlags 775 & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) != 0 776 && (pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) != 0); 777 } 778 779 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) { 780 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1; 781 } 782} 783