DefaultPermissionGrantPolicy.java revision 2a9e3f8e6813716ab88ca54fd04ae047dc9aaaeb
1/* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.pm; 18 19import android.Manifest; 20import android.app.DownloadManager; 21import android.app.admin.DevicePolicyManager; 22import android.content.Intent; 23import android.content.pm.ActivityInfo; 24import android.content.pm.ApplicationInfo; 25import android.content.pm.PackageManager; 26import android.content.pm.PackageManagerInternal.PackagesProvider; 27import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider; 28import android.content.pm.PackageParser; 29import android.content.pm.ProviderInfo; 30import android.content.pm.ResolveInfo; 31import android.net.Uri; 32import android.os.Build; 33import android.os.UserHandle; 34import android.provider.CalendarContract; 35import android.provider.ContactsContract; 36import android.provider.MediaStore; 37import android.provider.Telephony.Sms.Intents; 38import android.security.Credentials; 39import android.util.ArraySet; 40import android.util.Log; 41 42import java.io.File; 43import java.util.ArrayList; 44import java.util.List; 45import java.util.Set; 46 47import static android.os.Process.FIRST_APPLICATION_UID; 48 49/** 50 * This class is the policy for granting runtime permissions to 51 * platform components and default handlers in the system such 52 * that the device is usable out-of-the-box. For example, the 53 * shell UID is a part of the system and the Phone app should 54 * have phone related permission by default. 55 */ 56final class DefaultPermissionGrantPolicy { 57 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars 58 private static final boolean DEBUG = false; 59 60 private static final int DEFAULT_FLAGS = PackageManager.MATCH_ENCRYPTION_AWARE_AND_UNAWARE; 61 62 private static final String AUDIO_MIME_TYPE = "audio/mpeg"; 63 64 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>(); 65 static { 66 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE); 67 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE); 68 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG); 69 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG); 70 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL); 71 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP); 72 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS); 73 } 74 75 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>(); 76 static { 77 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS); 78 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS); 79 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS); 80 } 81 82 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>(); 83 static { 84 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION); 85 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION); 86 } 87 88 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>(); 89 static { 90 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR); 91 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR); 92 } 93 94 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>(); 95 static { 96 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS); 97 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS); 98 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS); 99 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH); 100 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS); 101 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS); 102 } 103 104 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>(); 105 static { 106 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO); 107 } 108 109 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>(); 110 static { 111 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA); 112 } 113 114 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>(); 115 static { 116 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS); 117 } 118 119 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>(); 120 static { 121 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE); 122 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE); 123 } 124 125 private final PackageManagerService mService; 126 127 private PackagesProvider mImePackagesProvider; 128 private PackagesProvider mLocationPackagesProvider; 129 private PackagesProvider mVoiceInteractionPackagesProvider; 130 private PackagesProvider mSmsAppPackagesProvider; 131 private PackagesProvider mDialerAppPackagesProvider; 132 private PackagesProvider mSimCallManagerPackagesProvider; 133 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider; 134 135 public DefaultPermissionGrantPolicy(PackageManagerService service) { 136 mService = service; 137 } 138 139 public void setImePackagesProviderLPr(PackagesProvider provider) { 140 mImePackagesProvider = provider; 141 } 142 143 public void setLocationPackagesProviderLPw(PackagesProvider provider) { 144 mLocationPackagesProvider = provider; 145 } 146 147 public void setVoiceInteractionPackagesProviderLPw(PackagesProvider provider) { 148 mVoiceInteractionPackagesProvider = provider; 149 } 150 151 public void setSmsAppPackagesProviderLPw(PackagesProvider provider) { 152 mSmsAppPackagesProvider = provider; 153 } 154 155 public void setDialerAppPackagesProviderLPw(PackagesProvider provider) { 156 mDialerAppPackagesProvider = provider; 157 } 158 159 public void setSimCallManagerPackagesProviderLPw(PackagesProvider provider) { 160 mSimCallManagerPackagesProvider = provider; 161 } 162 163 public void setSyncAdapterPackagesProviderLPw(SyncAdapterPackagesProvider provider) { 164 mSyncAdapterPackagesProvider = provider; 165 } 166 167 public void grantDefaultPermissions(int userId) { 168 grantPermissionsToSysComponentsAndPrivApps(userId); 169 grantDefaultSystemHandlerPermissions(userId); 170 } 171 172 private void grantPermissionsToSysComponentsAndPrivApps(int userId) { 173 Log.i(TAG, "Granting permissions to platform components for user " + userId); 174 175 synchronized (mService.mPackages) { 176 for (PackageParser.Package pkg : mService.mPackages.values()) { 177 if (!isSysComponentOrPersistentPlatformSignedPrivAppLPr(pkg) 178 || !doesPackageSupportRuntimePermissions(pkg) 179 || pkg.requestedPermissions.isEmpty()) { 180 continue; 181 } 182 Set<String> permissions = new ArraySet<>(); 183 final int permissionCount = pkg.requestedPermissions.size(); 184 for (int i = 0; i < permissionCount; i++) { 185 String permission = pkg.requestedPermissions.get(i); 186 BasePermission bp = mService.mSettings.mPermissions.get(permission); 187 if (bp != null && bp.isRuntime()) { 188 permissions.add(permission); 189 } 190 } 191 if (!permissions.isEmpty()) { 192 grantRuntimePermissionsLPw(pkg, permissions, true, userId); 193 } 194 } 195 } 196 } 197 198 private void grantDefaultSystemHandlerPermissions(int userId) { 199 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId); 200 201 final PackagesProvider imePackagesProvider; 202 final PackagesProvider locationPackagesProvider; 203 final PackagesProvider voiceInteractionPackagesProvider; 204 final PackagesProvider smsAppPackagesProvider; 205 final PackagesProvider dialerAppPackagesProvider; 206 final PackagesProvider simCallManagerPackagesProvider; 207 final SyncAdapterPackagesProvider syncAdapterPackagesProvider; 208 209 synchronized (mService.mPackages) { 210 imePackagesProvider = mImePackagesProvider; 211 locationPackagesProvider = mLocationPackagesProvider; 212 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider; 213 smsAppPackagesProvider = mSmsAppPackagesProvider; 214 dialerAppPackagesProvider = mDialerAppPackagesProvider; 215 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider; 216 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider; 217 } 218 219 String[] imePackageNames = (imePackagesProvider != null) 220 ? imePackagesProvider.getPackages(userId) : null; 221 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null) 222 ? voiceInteractionPackagesProvider.getPackages(userId) : null; 223 String[] locationPackageNames = (locationPackagesProvider != null) 224 ? locationPackagesProvider.getPackages(userId) : null; 225 String[] smsAppPackageNames = (smsAppPackagesProvider != null) 226 ? smsAppPackagesProvider.getPackages(userId) : null; 227 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null) 228 ? dialerAppPackagesProvider.getPackages(userId) : null; 229 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null) 230 ? simCallManagerPackagesProvider.getPackages(userId) : null; 231 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 232 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null; 233 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 234 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null; 235 236 synchronized (mService.mPackages) { 237 // Installer 238 PackageParser.Package installerPackage = getSystemPackageLPr( 239 mService.mRequiredInstallerPackage); 240 if (installerPackage != null 241 && doesPackageSupportRuntimePermissions(installerPackage)) { 242 grantRuntimePermissionsLPw(installerPackage, STORAGE_PERMISSIONS, true, userId); 243 } 244 245 // Verifier 246 PackageParser.Package verifierPackage = getSystemPackageLPr( 247 mService.mRequiredVerifierPackage); 248 if (verifierPackage != null 249 && doesPackageSupportRuntimePermissions(verifierPackage)) { 250 grantRuntimePermissionsLPw(verifierPackage, STORAGE_PERMISSIONS, true, userId); 251 grantRuntimePermissionsLPw(verifierPackage, PHONE_PERMISSIONS, false, userId); 252 grantRuntimePermissionsLPw(verifierPackage, SMS_PERMISSIONS, false, userId); 253 } 254 255 // SetupWizard 256 Intent setupIntent = new Intent(Intent.ACTION_MAIN); 257 setupIntent.addCategory(Intent.CATEGORY_SETUP_WIZARD); 258 PackageParser.Package setupPackage = getDefaultSystemHandlerActivityPackageLPr( 259 setupIntent, userId); 260 if (setupPackage != null 261 && doesPackageSupportRuntimePermissions(setupPackage)) { 262 grantRuntimePermissionsLPw(setupPackage, PHONE_PERMISSIONS, userId); 263 grantRuntimePermissionsLPw(setupPackage, CONTACTS_PERMISSIONS, userId); 264 } 265 266 // Camera 267 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE); 268 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackageLPr( 269 cameraIntent, userId); 270 if (cameraPackage != null 271 && doesPackageSupportRuntimePermissions(cameraPackage)) { 272 grantRuntimePermissionsLPw(cameraPackage, CAMERA_PERMISSIONS, userId); 273 grantRuntimePermissionsLPw(cameraPackage, MICROPHONE_PERMISSIONS, userId); 274 grantRuntimePermissionsLPw(cameraPackage, STORAGE_PERMISSIONS, userId); 275 } 276 277 // Media provider 278 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackageLPr( 279 MediaStore.AUTHORITY, userId); 280 if (mediaStorePackage != null) { 281 grantRuntimePermissionsLPw(mediaStorePackage, STORAGE_PERMISSIONS, true, userId); 282 } 283 284 // Downloads provider 285 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackageLPr( 286 "downloads", userId); 287 if (downloadsPackage != null) { 288 grantRuntimePermissionsLPw(downloadsPackage, STORAGE_PERMISSIONS, true, userId); 289 } 290 291 // Downloads UI 292 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS); 293 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackageLPr( 294 downloadsUiIntent, userId); 295 if (downloadsUiPackage != null 296 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) { 297 grantRuntimePermissionsLPw(downloadsUiPackage, STORAGE_PERMISSIONS, true, userId); 298 } 299 300 // Storage provider 301 PackageParser.Package storagePackage = getDefaultProviderAuthorityPackageLPr( 302 "com.android.externalstorage.documents", userId); 303 if (storagePackage != null) { 304 grantRuntimePermissionsLPw(storagePackage, STORAGE_PERMISSIONS, true, userId); 305 } 306 307 // CertInstaller 308 Intent certInstallerIntent = new Intent(Credentials.INSTALL_ACTION); 309 PackageParser.Package certInstallerPackage = getDefaultSystemHandlerActivityPackageLPr( 310 certInstallerIntent, userId); 311 if (certInstallerPackage != null 312 && doesPackageSupportRuntimePermissions(certInstallerPackage)) { 313 grantRuntimePermissionsLPw(certInstallerPackage, STORAGE_PERMISSIONS, true, userId); 314 } 315 316 // Dialer 317 if (dialerAppPackageNames == null) { 318 Intent dialerIntent = new Intent(Intent.ACTION_DIAL); 319 PackageParser.Package dialerPackage = getDefaultSystemHandlerActivityPackageLPr( 320 dialerIntent, userId); 321 if (dialerPackage != null) { 322 grantDefaultPermissionsToDefaultSystemDialerAppLPr(dialerPackage, userId); 323 } 324 } else { 325 for (String dialerAppPackageName : dialerAppPackageNames) { 326 PackageParser.Package dialerPackage = getSystemPackageLPr(dialerAppPackageName); 327 if (dialerPackage != null) { 328 grantDefaultPermissionsToDefaultSystemDialerAppLPr(dialerPackage, userId); 329 } 330 } 331 } 332 333 // Sim call manager 334 if (simCallManagerPackageNames != null) { 335 for (String simCallManagerPackageName : simCallManagerPackageNames) { 336 PackageParser.Package simCallManagerPackage = 337 getSystemPackageLPr(simCallManagerPackageName); 338 if (simCallManagerPackage != null) { 339 grantDefaultPermissionsToDefaultSimCallManagerLPr(simCallManagerPackage, 340 userId); 341 } 342 } 343 } 344 345 // SMS 346 if (smsAppPackageNames == null) { 347 Intent smsIntent = new Intent(Intent.ACTION_MAIN); 348 smsIntent.addCategory(Intent.CATEGORY_APP_MESSAGING); 349 PackageParser.Package smsPackage = getDefaultSystemHandlerActivityPackageLPr( 350 smsIntent, userId); 351 if (smsPackage != null) { 352 grantDefaultPermissionsToDefaultSystemSmsAppLPr(smsPackage, userId); 353 } 354 } else { 355 for (String smsPackageName : smsAppPackageNames) { 356 PackageParser.Package smsPackage = getSystemPackageLPr(smsPackageName); 357 if (smsPackage != null) { 358 grantDefaultPermissionsToDefaultSystemSmsAppLPr(smsPackage, userId); 359 } 360 } 361 } 362 363 // Cell Broadcast Receiver 364 Intent cbrIntent = new Intent(Intents.SMS_CB_RECEIVED_ACTION); 365 PackageParser.Package cbrPackage = 366 getDefaultSystemHandlerActivityPackageLPr(cbrIntent, userId); 367 if (cbrPackage != null && doesPackageSupportRuntimePermissions(cbrPackage)) { 368 grantRuntimePermissionsLPw(cbrPackage, SMS_PERMISSIONS, userId); 369 } 370 371 // Carrier Provisioning Service 372 Intent carrierProvIntent = new Intent(Intents.SMS_CARRIER_PROVISION_ACTION); 373 PackageParser.Package carrierProvPackage = 374 getDefaultSystemHandlerServicePackageLPr(carrierProvIntent, userId); 375 if (carrierProvPackage != null && doesPackageSupportRuntimePermissions(carrierProvPackage)) { 376 grantRuntimePermissionsLPw(carrierProvPackage, SMS_PERMISSIONS, false, userId); 377 } 378 379 // Calendar 380 Intent calendarIntent = new Intent(Intent.ACTION_MAIN); 381 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR); 382 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackageLPr( 383 calendarIntent, userId); 384 if (calendarPackage != null 385 && doesPackageSupportRuntimePermissions(calendarPackage)) { 386 grantRuntimePermissionsLPw(calendarPackage, CALENDAR_PERMISSIONS, userId); 387 grantRuntimePermissionsLPw(calendarPackage, CONTACTS_PERMISSIONS, userId); 388 } 389 390 // Calendar provider 391 PackageParser.Package calendarProviderPackage = getDefaultProviderAuthorityPackageLPr( 392 CalendarContract.AUTHORITY, userId); 393 if (calendarProviderPackage != null) { 394 grantRuntimePermissionsLPw(calendarProviderPackage, CONTACTS_PERMISSIONS, userId); 395 grantRuntimePermissionsLPw(calendarProviderPackage, CALENDAR_PERMISSIONS, 396 true, userId); 397 grantRuntimePermissionsLPw(calendarProviderPackage, STORAGE_PERMISSIONS, userId); 398 } 399 400 // Calendar provider sync adapters 401 List<PackageParser.Package> calendarSyncAdapters = getHeadlessSyncAdapterPackagesLPr( 402 calendarSyncAdapterPackages, userId); 403 final int calendarSyncAdapterCount = calendarSyncAdapters.size(); 404 for (int i = 0; i < calendarSyncAdapterCount; i++) { 405 PackageParser.Package calendarSyncAdapter = calendarSyncAdapters.get(i); 406 if (doesPackageSupportRuntimePermissions(calendarSyncAdapter)) { 407 grantRuntimePermissionsLPw(calendarSyncAdapter, CALENDAR_PERMISSIONS, userId); 408 } 409 } 410 411 // Contacts 412 Intent contactsIntent = new Intent(Intent.ACTION_MAIN); 413 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS); 414 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackageLPr( 415 contactsIntent, userId); 416 if (contactsPackage != null 417 && doesPackageSupportRuntimePermissions(contactsPackage)) { 418 grantRuntimePermissionsLPw(contactsPackage, CONTACTS_PERMISSIONS, userId); 419 grantRuntimePermissionsLPw(contactsPackage, PHONE_PERMISSIONS, userId); 420 } 421 422 // Contacts provider sync adapters 423 List<PackageParser.Package> contactsSyncAdapters = getHeadlessSyncAdapterPackagesLPr( 424 contactsSyncAdapterPackages, userId); 425 final int contactsSyncAdapterCount = contactsSyncAdapters.size(); 426 for (int i = 0; i < contactsSyncAdapterCount; i++) { 427 PackageParser.Package contactsSyncAdapter = contactsSyncAdapters.get(i); 428 if (doesPackageSupportRuntimePermissions(contactsSyncAdapter)) { 429 grantRuntimePermissionsLPw(contactsSyncAdapter, CONTACTS_PERMISSIONS, userId); 430 } 431 } 432 433 // Contacts provider 434 PackageParser.Package contactsProviderPackage = getDefaultProviderAuthorityPackageLPr( 435 ContactsContract.AUTHORITY, userId); 436 if (contactsProviderPackage != null) { 437 grantRuntimePermissionsLPw(contactsProviderPackage, CONTACTS_PERMISSIONS, 438 true, userId); 439 grantRuntimePermissionsLPw(contactsProviderPackage, PHONE_PERMISSIONS, 440 true, userId); 441 grantRuntimePermissionsLPw(contactsProviderPackage, STORAGE_PERMISSIONS, userId); 442 } 443 444 // Device provisioning 445 Intent deviceProvisionIntent = new Intent( 446 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE); 447 PackageParser.Package deviceProvisionPackage = 448 getDefaultSystemHandlerActivityPackageLPr(deviceProvisionIntent, userId); 449 if (deviceProvisionPackage != null 450 && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) { 451 grantRuntimePermissionsLPw(deviceProvisionPackage, CONTACTS_PERMISSIONS, userId); 452 } 453 454 // Maps 455 Intent mapsIntent = new Intent(Intent.ACTION_MAIN); 456 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS); 457 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackageLPr( 458 mapsIntent, userId); 459 if (mapsPackage != null 460 && doesPackageSupportRuntimePermissions(mapsPackage)) { 461 grantRuntimePermissionsLPw(mapsPackage, LOCATION_PERMISSIONS, userId); 462 } 463 464 // Gallery 465 Intent galleryIntent = new Intent(Intent.ACTION_MAIN); 466 galleryIntent.addCategory(Intent.CATEGORY_APP_GALLERY); 467 PackageParser.Package galleryPackage = getDefaultSystemHandlerActivityPackageLPr( 468 galleryIntent, userId); 469 if (galleryPackage != null 470 && doesPackageSupportRuntimePermissions(galleryPackage)) { 471 grantRuntimePermissionsLPw(galleryPackage, STORAGE_PERMISSIONS, userId); 472 } 473 474 // Email 475 Intent emailIntent = new Intent(Intent.ACTION_MAIN); 476 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL); 477 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackageLPr( 478 emailIntent, userId); 479 if (emailPackage != null 480 && doesPackageSupportRuntimePermissions(emailPackage)) { 481 grantRuntimePermissionsLPw(emailPackage, CONTACTS_PERMISSIONS, userId); 482 } 483 484 // Browser 485 PackageParser.Package browserPackage = null; 486 String defaultBrowserPackage = mService.getDefaultBrowserPackageName(userId); 487 if (defaultBrowserPackage != null) { 488 browserPackage = getPackageLPr(defaultBrowserPackage); 489 } 490 if (browserPackage == null) { 491 Intent browserIntent = new Intent(Intent.ACTION_MAIN); 492 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER); 493 browserPackage = getDefaultSystemHandlerActivityPackageLPr( 494 browserIntent, userId); 495 } 496 if (browserPackage != null 497 && doesPackageSupportRuntimePermissions(browserPackage)) { 498 grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, userId); 499 } 500 501 // IME 502 if (imePackageNames != null) { 503 for (String imePackageName : imePackageNames) { 504 PackageParser.Package imePackage = getSystemPackageLPr(imePackageName); 505 if (imePackage != null 506 && doesPackageSupportRuntimePermissions(imePackage)) { 507 grantRuntimePermissionsLPw(imePackage, CONTACTS_PERMISSIONS, userId); 508 } 509 } 510 } 511 512 // Voice interaction 513 if (voiceInteractPackageNames != null) { 514 for (String voiceInteractPackageName : voiceInteractPackageNames) { 515 PackageParser.Package voiceInteractPackage = getSystemPackageLPr( 516 voiceInteractPackageName); 517 if (voiceInteractPackage != null 518 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) { 519 grantRuntimePermissionsLPw(voiceInteractPackage, 520 CONTACTS_PERMISSIONS, userId); 521 grantRuntimePermissionsLPw(voiceInteractPackage, 522 CALENDAR_PERMISSIONS, userId); 523 grantRuntimePermissionsLPw(voiceInteractPackage, 524 MICROPHONE_PERMISSIONS, userId); 525 grantRuntimePermissionsLPw(voiceInteractPackage, 526 PHONE_PERMISSIONS, userId); 527 grantRuntimePermissionsLPw(voiceInteractPackage, 528 SMS_PERMISSIONS, userId); 529 grantRuntimePermissionsLPw(voiceInteractPackage, 530 LOCATION_PERMISSIONS, userId); 531 } 532 } 533 } 534 535 // Voice recognition 536 Intent voiceRecoIntent = new Intent("android.speech.RecognitionService"); 537 voiceRecoIntent.addCategory(Intent.CATEGORY_DEFAULT); 538 PackageParser.Package voiceRecoPackage = getDefaultSystemHandlerServicePackageLPr( 539 voiceRecoIntent, userId); 540 if (voiceRecoPackage != null 541 && doesPackageSupportRuntimePermissions(voiceRecoPackage)) { 542 grantRuntimePermissionsLPw(voiceRecoPackage, MICROPHONE_PERMISSIONS, userId); 543 } 544 545 // Location 546 if (locationPackageNames != null) { 547 for (String packageName : locationPackageNames) { 548 PackageParser.Package locationPackage = getSystemPackageLPr(packageName); 549 if (locationPackage != null 550 && doesPackageSupportRuntimePermissions(locationPackage)) { 551 grantRuntimePermissionsLPw(locationPackage, CONTACTS_PERMISSIONS, userId); 552 grantRuntimePermissionsLPw(locationPackage, CALENDAR_PERMISSIONS, userId); 553 grantRuntimePermissionsLPw(locationPackage, MICROPHONE_PERMISSIONS, userId); 554 grantRuntimePermissionsLPw(locationPackage, PHONE_PERMISSIONS, userId); 555 grantRuntimePermissionsLPw(locationPackage, SMS_PERMISSIONS, userId); 556 grantRuntimePermissionsLPw(locationPackage, LOCATION_PERMISSIONS, 557 true, userId); 558 grantRuntimePermissionsLPw(locationPackage, CAMERA_PERMISSIONS, userId); 559 grantRuntimePermissionsLPw(locationPackage, SENSORS_PERMISSIONS, userId); 560 grantRuntimePermissionsLPw(locationPackage, STORAGE_PERMISSIONS, userId); 561 } 562 } 563 } 564 565 // Music 566 Intent musicIntent = new Intent(Intent.ACTION_VIEW); 567 musicIntent.addCategory(Intent.CATEGORY_DEFAULT); 568 musicIntent.setDataAndType(Uri.fromFile(new File("foo.mp3")), 569 AUDIO_MIME_TYPE); 570 PackageParser.Package musicPackage = getDefaultSystemHandlerActivityPackageLPr( 571 musicIntent, userId); 572 if (musicPackage != null 573 && doesPackageSupportRuntimePermissions(musicPackage)) { 574 grantRuntimePermissionsLPw(musicPackage, STORAGE_PERMISSIONS, userId); 575 } 576 577 // Android Wear Home 578 if (mService.hasSystemFeature(PackageManager.FEATURE_WATCH)) { 579 Intent homeIntent = new Intent(Intent.ACTION_MAIN); 580 homeIntent.addCategory(Intent.CATEGORY_HOME_MAIN); 581 582 PackageParser.Package wearHomePackage = getDefaultSystemHandlerActivityPackageLPr( 583 homeIntent, userId); 584 585 if (wearHomePackage != null 586 && doesPackageSupportRuntimePermissions(wearHomePackage)) { 587 grantRuntimePermissionsLPw(wearHomePackage, CONTACTS_PERMISSIONS, false, 588 userId); 589 grantRuntimePermissionsLPw(wearHomePackage, PHONE_PERMISSIONS, true, userId); 590 grantRuntimePermissionsLPw(wearHomePackage, MICROPHONE_PERMISSIONS, false, 591 userId); 592 grantRuntimePermissionsLPw(wearHomePackage, LOCATION_PERMISSIONS, false, 593 userId); 594 } 595 } 596 597 mService.mSettings.onDefaultRuntimePermissionsGrantedLPr(userId); 598 } 599 } 600 601 private void grantDefaultPermissionsToDefaultSystemDialerAppLPr( 602 PackageParser.Package dialerPackage, int userId) { 603 if (doesPackageSupportRuntimePermissions(dialerPackage)) { 604 boolean isPhonePermFixed = 605 mService.hasSystemFeature(PackageManager.FEATURE_WATCH); 606 grantRuntimePermissionsLPw( 607 dialerPackage, PHONE_PERMISSIONS, isPhonePermFixed, userId); 608 grantRuntimePermissionsLPw(dialerPackage, CONTACTS_PERMISSIONS, userId); 609 grantRuntimePermissionsLPw(dialerPackage, SMS_PERMISSIONS, userId); 610 grantRuntimePermissionsLPw(dialerPackage, MICROPHONE_PERMISSIONS, userId); 611 } 612 } 613 614 private void grantDefaultPermissionsToDefaultSystemSmsAppLPr( 615 PackageParser.Package smsPackage, int userId) { 616 if (doesPackageSupportRuntimePermissions(smsPackage)) { 617 grantRuntimePermissionsLPw(smsPackage, PHONE_PERMISSIONS, userId); 618 grantRuntimePermissionsLPw(smsPackage, CONTACTS_PERMISSIONS, userId); 619 grantRuntimePermissionsLPw(smsPackage, SMS_PERMISSIONS, userId); 620 } 621 } 622 623 public void grantDefaultPermissionsToDefaultSmsAppLPr(String packageName, int userId) { 624 Log.i(TAG, "Granting permissions to default sms app for user:" + userId); 625 if (packageName == null) { 626 return; 627 } 628 PackageParser.Package smsPackage = getPackageLPr(packageName); 629 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) { 630 grantRuntimePermissionsLPw(smsPackage, PHONE_PERMISSIONS, false, true, userId); 631 grantRuntimePermissionsLPw(smsPackage, CONTACTS_PERMISSIONS, false, true, userId); 632 grantRuntimePermissionsLPw(smsPackage, SMS_PERMISSIONS, false, true, userId); 633 } 634 } 635 636 public void grantDefaultPermissionsToDefaultDialerAppLPr(String packageName, int userId) { 637 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId); 638 if (packageName == null) { 639 return; 640 } 641 PackageParser.Package dialerPackage = getPackageLPr(packageName); 642 if (dialerPackage != null 643 && doesPackageSupportRuntimePermissions(dialerPackage)) { 644 grantRuntimePermissionsLPw(dialerPackage, PHONE_PERMISSIONS, false, true, userId); 645 grantRuntimePermissionsLPw(dialerPackage, CONTACTS_PERMISSIONS, false, true, userId); 646 grantRuntimePermissionsLPw(dialerPackage, SMS_PERMISSIONS, false, true, userId); 647 grantRuntimePermissionsLPw(dialerPackage, MICROPHONE_PERMISSIONS, false, true, userId); 648 } 649 } 650 651 private void grantDefaultPermissionsToDefaultSimCallManagerLPr( 652 PackageParser.Package simCallManagerPackage, int userId) { 653 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId); 654 if (doesPackageSupportRuntimePermissions(simCallManagerPackage)) { 655 grantRuntimePermissionsLPw(simCallManagerPackage, PHONE_PERMISSIONS, userId); 656 grantRuntimePermissionsLPw(simCallManagerPackage, MICROPHONE_PERMISSIONS, userId); 657 } 658 } 659 660 public void grantDefaultPermissionsToDefaultSimCallManagerLPr(String packageName, int userId) { 661 if (packageName == null) { 662 return; 663 } 664 PackageParser.Package simCallManagerPackage = getPackageLPr(packageName); 665 if (simCallManagerPackage != null) { 666 grantDefaultPermissionsToDefaultSimCallManagerLPr(simCallManagerPackage, userId); 667 } 668 } 669 670 public void grantDefaultPermissionsToEnabledCarrierAppsLPr(String[] packageNames, int userId) { 671 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId); 672 if (packageNames == null) { 673 return; 674 } 675 for (String packageName : packageNames) { 676 PackageParser.Package carrierPackage = getSystemPackageLPr(packageName); 677 if (carrierPackage != null 678 && doesPackageSupportRuntimePermissions(carrierPackage)) { 679 grantRuntimePermissionsLPw(carrierPackage, PHONE_PERMISSIONS, userId); 680 grantRuntimePermissionsLPw(carrierPackage, LOCATION_PERMISSIONS, userId); 681 grantRuntimePermissionsLPw(carrierPackage, SMS_PERMISSIONS, userId); 682 } 683 } 684 } 685 686 public void grantDefaultPermissionsToDefaultBrowserLPr(String packageName, int userId) { 687 Log.i(TAG, "Granting permissions to default browser for user:" + userId); 688 if (packageName == null) { 689 return; 690 } 691 PackageParser.Package browserPackage = getSystemPackageLPr(packageName); 692 if (browserPackage != null 693 && doesPackageSupportRuntimePermissions(browserPackage)) { 694 grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, false, false, userId); 695 } 696 } 697 698 private PackageParser.Package getDefaultSystemHandlerActivityPackageLPr( 699 Intent intent, int userId) { 700 ResolveInfo handler = mService.resolveIntent(intent, 701 intent.resolveType(mService.mContext.getContentResolver()), DEFAULT_FLAGS, userId); 702 if (handler == null || handler.activityInfo == null) { 703 return null; 704 } 705 ActivityInfo activityInfo = handler.activityInfo; 706 if (activityInfo.packageName.equals(mService.mResolveActivity.packageName) 707 && activityInfo.name.equals(mService.mResolveActivity.name)) { 708 return null; 709 } 710 return getSystemPackageLPr(handler.activityInfo.packageName); 711 } 712 713 private PackageParser.Package getDefaultSystemHandlerServicePackageLPr( 714 Intent intent, int userId) { 715 List<ResolveInfo> handlers = mService.queryIntentServices(intent, 716 intent.resolveType(mService.mContext.getContentResolver()), DEFAULT_FLAGS, userId); 717 if (handlers == null) { 718 return null; 719 } 720 final int handlerCount = handlers.size(); 721 for (int i = 0; i < handlerCount; i++) { 722 ResolveInfo handler = handlers.get(i); 723 PackageParser.Package handlerPackage = getSystemPackageLPr( 724 handler.serviceInfo.packageName); 725 if (handlerPackage != null) { 726 return handlerPackage; 727 } 728 } 729 return null; 730 } 731 732 private List<PackageParser.Package> getHeadlessSyncAdapterPackagesLPr( 733 String[] syncAdapterPackageNames, int userId) { 734 List<PackageParser.Package> syncAdapterPackages = new ArrayList<>(); 735 736 Intent homeIntent = new Intent(Intent.ACTION_MAIN); 737 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER); 738 739 for (String syncAdapterPackageName : syncAdapterPackageNames) { 740 homeIntent.setPackage(syncAdapterPackageName); 741 742 ResolveInfo homeActivity = mService.resolveIntent(homeIntent, 743 homeIntent.resolveType(mService.mContext.getContentResolver()), DEFAULT_FLAGS, 744 userId); 745 if (homeActivity != null) { 746 continue; 747 } 748 749 PackageParser.Package syncAdapterPackage = getSystemPackageLPr(syncAdapterPackageName); 750 if (syncAdapterPackage != null) { 751 syncAdapterPackages.add(syncAdapterPackage); 752 } 753 } 754 755 return syncAdapterPackages; 756 } 757 758 private PackageParser.Package getDefaultProviderAuthorityPackageLPr( 759 String authority, int userId) { 760 ProviderInfo provider = mService.resolveContentProvider(authority, DEFAULT_FLAGS, userId); 761 if (provider != null) { 762 return getSystemPackageLPr(provider.packageName); 763 } 764 return null; 765 } 766 767 private PackageParser.Package getPackageLPr(String packageName) { 768 return mService.mPackages.get(packageName); 769 } 770 771 private PackageParser.Package getSystemPackageLPr(String packageName) { 772 PackageParser.Package pkg = getPackageLPr(packageName); 773 if (pkg != null && pkg.isSystemApp()) { 774 return !isSysComponentOrPersistentPlatformSignedPrivAppLPr(pkg) ? pkg : null; 775 } 776 return null; 777 } 778 779 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 780 int userId) { 781 grantRuntimePermissionsLPw(pkg, permissions, false, false, userId); 782 } 783 784 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 785 boolean systemFixed, int userId) { 786 grantRuntimePermissionsLPw(pkg, permissions, systemFixed, false, userId); 787 } 788 789 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 790 boolean systemFixed, boolean overrideUserChoice, int userId) { 791 if (pkg.requestedPermissions.isEmpty()) { 792 return; 793 } 794 795 List<String> requestedPermissions = pkg.requestedPermissions; 796 Set<String> grantablePermissions = null; 797 798 if (pkg.isUpdatedSystemApp()) { 799 PackageSetting sysPs = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName); 800 if (sysPs != null) { 801 if (sysPs.pkg.requestedPermissions.isEmpty()) { 802 return; 803 } 804 if (!requestedPermissions.equals(sysPs.pkg.requestedPermissions)) { 805 grantablePermissions = new ArraySet<>(requestedPermissions); 806 requestedPermissions = sysPs.pkg.requestedPermissions; 807 } 808 } 809 } 810 811 final int grantablePermissionCount = requestedPermissions.size(); 812 for (int i = 0; i < grantablePermissionCount; i++) { 813 String permission = requestedPermissions.get(i); 814 815 // If there is a disabled system app it may request a permission the updated 816 // version ot the data partition doesn't, In this case skip the permission. 817 if (grantablePermissions != null && !grantablePermissions.contains(permission)) { 818 continue; 819 } 820 821 if (permissions.contains(permission)) { 822 final int flags = mService.getPermissionFlags(permission, pkg.packageName, userId); 823 824 // If any flags are set to the permission, then it is either set in 825 // its current state by the system or device/profile owner or the user. 826 // In all these cases we do not want to clobber the current state. 827 // Unless the caller wants to override user choices. The override is 828 // to make sure we can grant the needed permission to the default 829 // sms and phone apps after the user chooses this in the UI. 830 if (flags == 0 || overrideUserChoice) { 831 // Never clobber policy or system. 832 final int fixedFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED 833 | PackageManager.FLAG_PERMISSION_POLICY_FIXED; 834 if ((flags & fixedFlags) != 0) { 835 continue; 836 } 837 838 mService.grantRuntimePermission(pkg.packageName, permission, userId); 839 if (DEBUG) { 840 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ") 841 + permission + " to default handler " + pkg.packageName); 842 } 843 844 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT; 845 if (systemFixed) { 846 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; 847 } 848 849 mService.updatePermissionFlags(permission, pkg.packageName, 850 newFlags, newFlags, userId); 851 } 852 853 // If a component gets a permission for being the default handler A 854 // and also default handler B, we grant the weaker grant form. 855 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0 856 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 857 && !systemFixed) { 858 if (DEBUG) { 859 Log.i(TAG, "Granted not fixed " + permission + " to default handler " 860 + pkg.packageName); 861 } 862 mService.updatePermissionFlags(permission, pkg.packageName, 863 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, userId); 864 } 865 } 866 } 867 } 868 869 private boolean isSysComponentOrPersistentPlatformSignedPrivAppLPr(PackageParser.Package pkg) { 870 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) { 871 return true; 872 } 873 if (!pkg.isPrivilegedApp()) { 874 return false; 875 } 876 PackageSetting sysPkg = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName); 877 if (sysPkg != null && sysPkg.pkg != null) { 878 if ((sysPkg.pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 879 return false; 880 } 881 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 882 return false; 883 } 884 return PackageManagerService.compareSignatures(mService.mPlatformPackage.mSignatures, 885 pkg.mSignatures) == PackageManager.SIGNATURE_MATCH; 886 } 887 888 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) { 889 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1; 890 } 891} 892