DefaultPermissionGrantPolicy.java revision 143e118fa90bbeb8cf558ec0d303639d15ee7db7
1/* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.pm; 18 19import android.Manifest; 20import android.app.DownloadManager; 21import android.content.Intent; 22import android.content.pm.ApplicationInfo; 23import android.content.pm.PackageManager; 24import android.content.pm.PackageManagerInternal.PackagesProvider; 25import android.content.pm.PackageParser; 26import android.content.pm.ProviderInfo; 27import android.content.pm.ResolveInfo; 28import android.net.Uri; 29import android.os.Build; 30import android.os.UserHandle; 31import android.provider.MediaStore; 32import android.util.ArraySet; 33import android.util.Log; 34 35import java.io.File; 36import java.util.ArrayList; 37import java.util.List; 38import java.util.Set; 39 40import static android.os.Process.FIRST_APPLICATION_UID; 41 42/** 43 * This class is the policy for granting runtime permissions to 44 * platform components and default handlers in the system such 45 * that the device is usable out-of-the-box. For example, the 46 * shell UID is a part of the system and the Phone app should 47 * have phone related permission by default. 48 */ 49final class DefaultPermissionGrantPolicy { 50 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars 51 private static final boolean DEBUG = false; 52 53 private static final String PACKAGE_MIME_TYPE = "application/vnd.android.package-archive"; 54 55 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>(); 56 static { 57 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE); 58 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE); 59 PHONE_PERMISSIONS.add( Manifest.permission.READ_CALL_LOG); 60 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG); 61 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL); 62 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP); 63 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS); 64 } 65 66 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>(); 67 static { 68 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS); 69 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS); 70 } 71 72 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>(); 73 static { 74 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION); 75 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION); 76 } 77 78 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>(); 79 static { 80 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR); 81 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR); 82 } 83 84 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>(); 85 static { 86 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS); 87 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS); 88 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS); 89 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH); 90 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS); 91 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS); 92 } 93 94 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>(); 95 static { 96 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO); 97 } 98 99 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>(); 100 static { 101 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA); 102 } 103 104 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>(); 105 static { 106 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS); 107 } 108 109 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>(); 110 static { 111 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE); 112 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE); 113 } 114 115 private static final Set<String> SETTINGS_PERMISSIONS = new ArraySet<>(); 116 static { 117 SETTINGS_PERMISSIONS.add(Manifest.permission.WRITE_SETTINGS); 118 } 119 120 private static final Set<String> INSTALLER_PERMISSIONS = new ArraySet<>(); 121 static { 122 INSTALLER_PERMISSIONS.add(Manifest.permission.GRANT_REVOKE_PERMISSIONS); 123 INSTALLER_PERMISSIONS.add(Manifest.permission.INTERACT_ACROSS_USERS_FULL); 124 INSTALLER_PERMISSIONS.add(Manifest.permission.CLEAR_APP_USER_DATA); 125 INSTALLER_PERMISSIONS.add(Manifest.permission.KILL_UID); 126 } 127 128 private static final Set<String> VERIFIER_PERMISSIONS = new ArraySet<>(); 129 static { 130 INSTALLER_PERMISSIONS.add(Manifest.permission.GRANT_REVOKE_PERMISSIONS); 131 } 132 133 private final PackageManagerService mService; 134 135 private PackagesProvider mImePackagesProvider; 136 private PackagesProvider mLocationPackagesProvider; 137 private PackagesProvider mVoiceInteractionPackagesProvider; 138 private PackagesProvider mCarrierAppPackagesProvider; 139 140 public DefaultPermissionGrantPolicy(PackageManagerService service) { 141 mService = service; 142 } 143 144 public void setImePackagesProviderLPr(PackagesProvider provider) { 145 mImePackagesProvider = provider; 146 } 147 148 public void setLocationPackagesProviderLPw(PackagesProvider provider) { 149 mLocationPackagesProvider = provider; 150 } 151 152 public void setVoiceInteractionPackagesProviderLPw(PackagesProvider provider) { 153 mVoiceInteractionPackagesProvider = provider; 154 } 155 156 public void setCarrierAppPackagesProviderLPw(PackagesProvider provider) { 157 mCarrierAppPackagesProvider = provider; 158 } 159 160 public void grantDefaultPermissions(int userId) { 161 grantPermissionsToSysComponentsAndPrivApps(userId); 162 grantDefaultSystemHandlerPermissions(userId); 163 } 164 165 private void grantPermissionsToSysComponentsAndPrivApps(int userId) { 166 Log.i(TAG, "Granting permissions to platform components"); 167 168 synchronized (mService.mPackages) { 169 for (PackageParser.Package pkg : mService.mPackages.values()) { 170 if (!isSysComponentOrPersistentPrivApp(pkg) 171 || !doesPackageSupportRuntimePermissions(pkg)) { 172 continue; 173 } 174 final int permissionCount = pkg.requestedPermissions.size(); 175 for (int i = 0; i < permissionCount; i++) { 176 String permission = pkg.requestedPermissions.get(i); 177 BasePermission bp = mService.mSettings.mPermissions.get(permission); 178 if (bp != null && bp.isRuntime()) { 179 final int flags = mService.getPermissionFlags(permission, 180 pkg.packageName, userId); 181 if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) == 0) { 182 mService.grantRuntimePermission(pkg.packageName, permission, userId); 183 mService.updatePermissionFlags(permission, pkg.packageName, 184 PackageManager.MASK_PERMISSION_FLAGS, 185 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, userId); 186 if (DEBUG) { 187 Log.i(TAG, "Granted " + permission + " to system component " 188 + pkg.packageName); 189 } 190 } 191 } 192 } 193 } 194 } 195 } 196 197 private void grantDefaultSystemHandlerPermissions(int userId) { 198 Log.i(TAG, "Granting permissions to default platform handlers"); 199 200 final PackagesProvider imePackagesProvider; 201 final PackagesProvider locationPackagesProvider; 202 final PackagesProvider voiceInteractionPackagesProvider; 203 final PackagesProvider carrierAppPackagesProvider; 204 205 synchronized (mService.mPackages) { 206 imePackagesProvider = mImePackagesProvider; 207 locationPackagesProvider = mLocationPackagesProvider; 208 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider; 209 carrierAppPackagesProvider = mCarrierAppPackagesProvider; 210 } 211 212 String[] imePackageNames = (imePackagesProvider != null) 213 ? imePackagesProvider.getPackages(userId) : null; 214 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null) 215 ? voiceInteractionPackagesProvider.getPackages(userId) : null; 216 String[] locationPackageNames = (locationPackagesProvider != null) 217 ? locationPackagesProvider.getPackages(userId) : null; 218 String[] carrierAppPackageNames = (carrierAppPackagesProvider != null) 219 ? carrierAppPackagesProvider.getPackages(userId) : null; 220 221 synchronized (mService.mPackages) { 222 // Installers 223 Intent installerIntent = new Intent(Intent.ACTION_INSTALL_PACKAGE); 224 installerIntent.addCategory(Intent.CATEGORY_DEFAULT); 225 installerIntent.setDataAndType(Uri.fromFile(new File("foo.apk")), 226 PACKAGE_MIME_TYPE); 227 List<PackageParser.Package> installerPackages = 228 getPrivilegedHandlerActivityPackagesLPr(installerIntent, userId); 229 final int installerCount = installerPackages.size(); 230 for (int i = 0; i < installerCount; i++) { 231 PackageParser.Package installPackage = installerPackages.get(i); 232 grantInstallPermissionsLPw(installPackage, INSTALLER_PERMISSIONS, userId); 233 grantRuntimePermissionsLPw(installPackage, STORAGE_PERMISSIONS, userId); 234 } 235 236 // Verifiers 237 Intent verifierIntent = new Intent(Intent.ACTION_PACKAGE_NEEDS_VERIFICATION); 238 verifierIntent.setType(PACKAGE_MIME_TYPE); 239 List<PackageParser.Package> verifierPackages = 240 getPrivilegedHandlerReceiverPackagesLPr(verifierIntent, userId); 241 final int verifierCount = verifierPackages.size(); 242 for (int i = 0; i < verifierCount; i++) { 243 PackageParser.Package verifierPackage = verifierPackages.get(i); 244 grantInstallPermissionsLPw(verifierPackage, VERIFIER_PERMISSIONS, userId); 245 grantRuntimePermissionsLPw(verifierPackage, STORAGE_PERMISSIONS, userId); 246 } 247 248 // SetupWizard 249 Intent setupIntent = new Intent(Intent.ACTION_MAIN); 250 setupIntent.addCategory(Intent.CATEGORY_HOME); 251 PackageParser.Package setupPackage = getDefaultSystemHandlerActvityPackageLPr( 252 setupIntent, userId); 253 if (setupPackage != null 254 && doesPackageSupportRuntimePermissions(setupPackage)) { 255 grantRuntimePermissionsLPw(setupPackage, PHONE_PERMISSIONS, userId); 256 grantRuntimePermissionsLPw(setupPackage, CONTACTS_PERMISSIONS, userId); 257 grantRuntimePermissionsLPw(setupPackage, SETTINGS_PERMISSIONS, userId); 258 } 259 260 // Phone 261 Intent dialerIntent = new Intent(Intent.ACTION_DIAL); 262 PackageParser.Package dialerPackage = getDefaultSystemHandlerActvityPackageLPr( 263 dialerIntent, userId); 264 if (dialerPackage != null 265 && doesPackageSupportRuntimePermissions(dialerPackage)) { 266 grantRuntimePermissionsLPw(dialerPackage, PHONE_PERMISSIONS, userId); 267 grantRuntimePermissionsLPw(dialerPackage, CONTACTS_PERMISSIONS, userId); 268 grantRuntimePermissionsLPw(dialerPackage, SMS_PERMISSIONS, userId); 269 grantRuntimePermissionsLPw(dialerPackage, MICROPHONE_PERMISSIONS, userId); 270 } 271 272 // Camera 273 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE); 274 PackageParser.Package cameraPackage = getDefaultSystemHandlerActvityPackageLPr( 275 cameraIntent, userId); 276 if (cameraPackage != null 277 && doesPackageSupportRuntimePermissions(cameraPackage)) { 278 grantRuntimePermissionsLPw(cameraPackage, CAMERA_PERMISSIONS, userId); 279 grantRuntimePermissionsLPw(cameraPackage, MICROPHONE_PERMISSIONS, userId); 280 grantRuntimePermissionsLPw(cameraPackage, STORAGE_PERMISSIONS, userId); 281 } 282 283 // Media provider 284 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackageLPr( 285 MediaStore.AUTHORITY, userId); 286 if (mediaStorePackage != null) { 287 grantRuntimePermissionsLPw(mediaStorePackage, STORAGE_PERMISSIONS, userId); 288 } 289 290 // Downloads provider 291 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackageLPr( 292 "downloads", userId); 293 if (downloadsPackage != null) { 294 grantRuntimePermissionsLPw(downloadsPackage, STORAGE_PERMISSIONS, userId); 295 } 296 297 // Downloads UI 298 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS); 299 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActvityPackageLPr( 300 downloadsUiIntent, userId); 301 if (downloadsUiPackage != null 302 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) { 303 grantRuntimePermissionsLPw(downloadsUiPackage, STORAGE_PERMISSIONS, userId); 304 } 305 306 // Messaging 307 Intent messagingIntent = new Intent(Intent.ACTION_MAIN); 308 messagingIntent.addCategory(Intent.CATEGORY_APP_MESSAGING); 309 PackageParser.Package messagingPackage = getDefaultSystemHandlerActvityPackageLPr( 310 messagingIntent, userId); 311 if (messagingPackage != null 312 && doesPackageSupportRuntimePermissions(messagingPackage)) { 313 grantRuntimePermissionsLPw(messagingPackage, PHONE_PERMISSIONS, userId); 314 grantRuntimePermissionsLPw(messagingPackage, CONTACTS_PERMISSIONS, userId); 315 grantRuntimePermissionsLPw(messagingPackage, SMS_PERMISSIONS, userId); 316 } 317 318 // Calendar 319 Intent calendarIntent = new Intent(Intent.ACTION_MAIN); 320 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR); 321 PackageParser.Package calendarPackage = getDefaultSystemHandlerActvityPackageLPr( 322 calendarIntent, userId); 323 if (calendarPackage != null 324 && doesPackageSupportRuntimePermissions(calendarPackage)) { 325 grantRuntimePermissionsLPw(calendarPackage, CALENDAR_PERMISSIONS, userId); 326 grantRuntimePermissionsLPw(calendarPackage, CONTACTS_PERMISSIONS, userId); 327 } 328 329 // Contacts 330 Intent contactsIntent = new Intent(Intent.ACTION_MAIN); 331 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS); 332 PackageParser.Package contactsPackage = getDefaultSystemHandlerActvityPackageLPr( 333 contactsIntent, userId); 334 if (contactsPackage != null 335 && doesPackageSupportRuntimePermissions(contactsPackage)) { 336 grantRuntimePermissionsLPw(contactsPackage, CONTACTS_PERMISSIONS, userId); 337 grantRuntimePermissionsLPw(contactsPackage, PHONE_PERMISSIONS, userId); 338 } 339 340 // Maps 341 Intent mapsIntent = new Intent(Intent.ACTION_MAIN); 342 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS); 343 PackageParser.Package mapsPackage = getDefaultSystemHandlerActvityPackageLPr( 344 mapsIntent, userId); 345 if (mapsPackage != null 346 && doesPackageSupportRuntimePermissions(mapsPackage)) { 347 grantRuntimePermissionsLPw(mapsPackage, LOCATION_PERMISSIONS, userId); 348 } 349 350 // Email 351 Intent emailIntent = new Intent(Intent.ACTION_MAIN); 352 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL); 353 PackageParser.Package emailPackage = getDefaultSystemHandlerActvityPackageLPr( 354 emailIntent, userId); 355 if (emailPackage != null 356 && doesPackageSupportRuntimePermissions(emailPackage)) { 357 grantRuntimePermissionsLPw(emailPackage, CONTACTS_PERMISSIONS, userId); 358 } 359 360 // Browser 361 Intent browserIntent = new Intent(Intent.ACTION_MAIN); 362 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER); 363 PackageParser.Package browserPackage = getDefaultSystemHandlerActvityPackageLPr( 364 browserIntent, userId); 365 if (browserPackage != null 366 && doesPackageSupportRuntimePermissions(browserPackage)) { 367 grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, userId); 368 } 369 370 // IME 371 if (imePackageNames != null) { 372 for (String imePackageName : imePackageNames) { 373 PackageParser.Package imePackage = getSystemPackageLPr(imePackageName); 374 if (imePackage != null 375 && doesPackageSupportRuntimePermissions(imePackage)) { 376 grantRuntimePermissionsLPw(imePackage, CONTACTS_PERMISSIONS, userId); 377 } 378 } 379 } 380 381 // Voice interaction 382 if (voiceInteractPackageNames != null) { 383 for (String voiceInteractPackageName : voiceInteractPackageNames) { 384 PackageParser.Package voiceInteractPackage = getSystemPackageLPr( 385 voiceInteractPackageName); 386 if (voiceInteractPackage != null 387 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) { 388 grantRuntimePermissionsLPw(voiceInteractPackage, 389 CONTACTS_PERMISSIONS, userId); 390 grantRuntimePermissionsLPw(voiceInteractPackage, 391 CALENDAR_PERMISSIONS, userId); 392 grantRuntimePermissionsLPw(voiceInteractPackage, 393 MICROPHONE_PERMISSIONS, userId); 394 grantRuntimePermissionsLPw(voiceInteractPackage, 395 PHONE_PERMISSIONS, userId); 396 grantRuntimePermissionsLPw(voiceInteractPackage, 397 SMS_PERMISSIONS, userId); 398 grantRuntimePermissionsLPw(voiceInteractPackage, 399 LOCATION_PERMISSIONS, userId); 400 } 401 } 402 } 403 404 // Location 405 if (locationPackageNames != null) { 406 for (String packageName : locationPackageNames) { 407 PackageParser.Package locationPackage = getSystemPackageLPr(packageName); 408 if (locationPackage != null 409 && doesPackageSupportRuntimePermissions(locationPackage)) { 410 grantRuntimePermissionsLPw(locationPackage, CONTACTS_PERMISSIONS, userId); 411 grantRuntimePermissionsLPw(locationPackage, CALENDAR_PERMISSIONS, userId); 412 grantRuntimePermissionsLPw(locationPackage, MICROPHONE_PERMISSIONS, userId); 413 grantRuntimePermissionsLPw(locationPackage, PHONE_PERMISSIONS, userId); 414 grantRuntimePermissionsLPw(locationPackage, SMS_PERMISSIONS, userId); 415 grantRuntimePermissionsLPw(locationPackage, LOCATION_PERMISSIONS, userId); 416 grantRuntimePermissionsLPw(locationPackage, CAMERA_PERMISSIONS, userId); 417 grantRuntimePermissionsLPw(locationPackage, SENSORS_PERMISSIONS, userId); 418 grantRuntimePermissionsLPw(locationPackage, STORAGE_PERMISSIONS, userId); 419 } 420 } 421 } 422 423 // Carrier apps 424 if (carrierAppPackageNames != null) { 425 for (String packageName : carrierAppPackageNames) { 426 PackageParser.Package carrierPackage = getSystemPackageLPr(packageName); 427 if (carrierPackage != null 428 && doesPackageSupportRuntimePermissions(carrierPackage)) { 429 grantRuntimePermissionsLPw(carrierPackage, PHONE_PERMISSIONS, userId); 430 grantRuntimePermissionsLPw(carrierPackage, LOCATION_PERMISSIONS, userId); 431 } 432 } 433 } 434 435 mService.mSettings.onDefaultRuntimePermissionsGrantedLPr(userId); 436 } 437 } 438 439 private List<PackageParser.Package> getPrivilegedHandlerReceiverPackagesLPr( 440 Intent intent, int userId) { 441 List<ResolveInfo> handlers = mService.queryIntentReceivers( 442 intent, intent.resolveTypeIfNeeded(mService.mContext.getContentResolver()), 443 0, userId); 444 return getPrivilegedPackages(handlers); 445 } 446 447 private List<PackageParser.Package> getPrivilegedHandlerActivityPackagesLPr( 448 Intent intent, int userId) { 449 List<ResolveInfo> handlers = mService.queryIntentActivities( 450 intent, intent.resolveTypeIfNeeded(mService.mContext.getContentResolver()), 451 0, userId); 452 return getPrivilegedPackages(handlers); 453 } 454 455 private List<PackageParser.Package> getPrivilegedPackages(List<ResolveInfo> resolveInfos) { 456 List<PackageParser.Package> handlerPackages = new ArrayList<>(); 457 final int handlerCount = resolveInfos.size(); 458 for (int i = 0; i < handlerCount; i++) { 459 ResolveInfo handler = resolveInfos.get(i); 460 PackageParser.Package handlerPackage = getPrivilegedPackageLPr( 461 handler.activityInfo.packageName); 462 if (handlerPackage != null) { 463 handlerPackages.add(handlerPackage); 464 } 465 } 466 return handlerPackages; 467 } 468 469 private PackageParser.Package getDefaultSystemHandlerActvityPackageLPr( 470 Intent intent, int userId) { 471 List<ResolveInfo> handlers = mService.queryIntentActivities(intent, null, 0, userId); 472 final int handlerCount = handlers.size(); 473 for (int i = 0; i < handlerCount; i++) { 474 ResolveInfo handler = handlers.get(i); 475 // TODO: This is a temporary hack to figure out the setup app. 476 PackageParser.Package handlerPackage = getSystemPackageLPr( 477 handler.activityInfo.packageName); 478 if (handlerPackage != null) { 479 return handlerPackage; 480 } 481 } 482 return null; 483 } 484 485 private PackageParser.Package getDefaultProviderAuthorityPackageLPr( 486 String authority, int userId) { 487 ProviderInfo provider = mService.resolveContentProvider(authority, 0, userId); 488 if (provider != null) { 489 return getSystemPackageLPr(provider.packageName); 490 } 491 return null; 492 } 493 494 private PackageParser.Package getSystemPackageLPr(String packageName) { 495 PackageParser.Package pkg = mService.mPackages.get(packageName); 496 if (pkg != null && pkg.isSystemApp()) { 497 return !isSysComponentOrPersistentPrivApp(pkg) ? pkg : null; 498 } 499 return null; 500 } 501 502 private PackageParser.Package getPrivilegedPackageLPr(String packageName) { 503 PackageParser.Package pkg = mService.mPackages.get(packageName); 504 if (pkg != null && pkg.applicationInfo.isPrivilegedApp()) { 505 return !isSysComponentOrPersistentPrivApp(pkg) ? pkg : null; 506 } 507 return null; 508 } 509 510 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 511 int userId) { 512 List<String> requestedPermissions = pkg.requestedPermissions; 513 514 if (pkg.isUpdatedSystemApp()) { 515 PackageSetting sysPs = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName); 516 if (sysPs != null) { 517 requestedPermissions = sysPs.pkg.requestedPermissions; 518 } 519 } 520 521 final int permissionCount = requestedPermissions.size(); 522 for (int i = 0; i < permissionCount; i++) { 523 String permission = requestedPermissions.get(i); 524 if (permissions.contains(permission)) { 525 final int flags = mService.getPermissionFlags(permission, pkg.packageName, userId); 526 527 // If any flags are set to the permission, then it is either set in 528 // its current state by the system or device/profile owner or the user. 529 // In all these cases we do not want to clobber the current state. 530 if (flags == 0) { 531 mService.grantRuntimePermission(pkg.packageName, permission, userId); 532 if (DEBUG) { 533 Log.i(TAG, "Granted " + permission + " to default handler " 534 + pkg.packageName); 535 } 536 } 537 } 538 } 539 } 540 541 private void grantInstallPermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 542 int userId) { 543 List<String> requestedPermissions = pkg.requestedPermissions; 544 545 if (pkg.isUpdatedSystemApp()) { 546 PackageSetting sysPs = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName); 547 if (sysPs != null) { 548 requestedPermissions = sysPs.pkg.requestedPermissions; 549 } 550 } 551 552 final int permissionCount = requestedPermissions.size(); 553 for (int i = 0; i < permissionCount; i++) { 554 String permission = requestedPermissions.get(i); 555 if (permissions.contains(permission)) { 556 final int flags = mService.getPermissionFlags(permission, pkg.packageName, userId); 557 558 // If any flags are set to the permission, then it is either set in 559 // its current state by the system or device/profile owner or the user. 560 // In all these cases we do not want to clobber the current state. 561 if (flags == 0) { 562 mService.grantInstallPermissionLPw(permission, pkg); 563 if (DEBUG) { 564 Log.i(TAG, "Granted install " + permission + " to " + pkg.packageName); 565 } 566 } 567 } 568 } 569 } 570 571 private static boolean isSysComponentOrPersistentPrivApp(PackageParser.Package pkg) { 572 return UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID 573 || ((pkg.applicationInfo.privateFlags 574 & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) != 0 575 && (pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) != 0); 576 } 577 578 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) { 579 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1; 580 } 581} 582