DefaultPermissionGrantPolicy.java revision 6a166af8fd25445c1b9a4d7869d87557fcb79cf9
1/* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.pm; 18 19import android.Manifest; 20import android.app.DownloadManager; 21import android.app.admin.DevicePolicyManager; 22import android.content.Intent; 23import android.content.pm.ApplicationInfo; 24import android.content.pm.PackageManager; 25import android.content.pm.PackageManagerInternal.PackagesProvider; 26import android.content.pm.PackageParser; 27import android.content.pm.ProviderInfo; 28import android.content.pm.ResolveInfo; 29import android.net.Uri; 30import android.os.Build; 31import android.os.UserHandle; 32import android.provider.CalendarContract; 33import android.provider.ContactsContract; 34import android.provider.MediaStore; 35import android.util.ArraySet; 36import android.util.Log; 37 38import java.io.File; 39import java.util.ArrayList; 40import java.util.List; 41import java.util.Set; 42 43import static android.os.Process.FIRST_APPLICATION_UID; 44 45/** 46 * This class is the policy for granting runtime permissions to 47 * platform components and default handlers in the system such 48 * that the device is usable out-of-the-box. For example, the 49 * shell UID is a part of the system and the Phone app should 50 * have phone related permission by default. 51 */ 52final class DefaultPermissionGrantPolicy { 53 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars 54 private static final boolean DEBUG = false; 55 56 private static final String PACKAGE_MIME_TYPE = "application/vnd.android.package-archive"; 57 58 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>(); 59 static { 60 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE); 61 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE); 62 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG); 63 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG); 64 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL); 65 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP); 66 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS); 67 } 68 69 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>(); 70 static { 71 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS); 72 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS); 73 } 74 75 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>(); 76 static { 77 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION); 78 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION); 79 } 80 81 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>(); 82 static { 83 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR); 84 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR); 85 } 86 87 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>(); 88 static { 89 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS); 90 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS); 91 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS); 92 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH); 93 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS); 94 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS); 95 } 96 97 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>(); 98 static { 99 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO); 100 } 101 102 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>(); 103 static { 104 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA); 105 } 106 107 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>(); 108 static { 109 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS); 110 } 111 112 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>(); 113 static { 114 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE); 115 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE); 116 } 117 118 private static final Set<String> ACCOUNTS_PERMISSIONS = new ArraySet<>(); 119 static { 120 ACCOUNTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS); 121 } 122 123 private static final Set<String> SETTINGS_PERMISSIONS = new ArraySet<>(); 124 static { 125 SETTINGS_PERMISSIONS.add(Manifest.permission.WRITE_SETTINGS); 126 } 127 128 private static final Set<String> INSTALLER_PERMISSIONS = new ArraySet<>(); 129 static { 130 INSTALLER_PERMISSIONS.add(Manifest.permission.GRANT_REVOKE_PERMISSIONS); 131 INSTALLER_PERMISSIONS.add(Manifest.permission.INTERACT_ACROSS_USERS_FULL); 132 INSTALLER_PERMISSIONS.add(Manifest.permission.CLEAR_APP_USER_DATA); 133 INSTALLER_PERMISSIONS.add(Manifest.permission.KILL_UID); 134 } 135 136 private static final Set<String> VERIFIER_PERMISSIONS = new ArraySet<>(); 137 static { 138 INSTALLER_PERMISSIONS.add(Manifest.permission.GRANT_REVOKE_PERMISSIONS); 139 } 140 141 private final PackageManagerService mService; 142 143 private PackagesProvider mImePackagesProvider; 144 private PackagesProvider mLocationPackagesProvider; 145 private PackagesProvider mVoiceInteractionPackagesProvider; 146 private PackagesProvider mSmsAppPackagesProvider; 147 private PackagesProvider mDialerAppPackagesProvider; 148 149 public DefaultPermissionGrantPolicy(PackageManagerService service) { 150 mService = service; 151 } 152 153 public void setImePackagesProviderLPr(PackagesProvider provider) { 154 mImePackagesProvider = provider; 155 } 156 157 public void setLocationPackagesProviderLPw(PackagesProvider provider) { 158 mLocationPackagesProvider = provider; 159 } 160 161 public void setVoiceInteractionPackagesProviderLPw(PackagesProvider provider) { 162 mVoiceInteractionPackagesProvider = provider; 163 } 164 165 public void setSmsAppPackagesProviderLPw(PackagesProvider provider) { 166 mSmsAppPackagesProvider = provider; 167 } 168 169 public void setDialerAppPackagesProviderLPw(PackagesProvider provider) { 170 mDialerAppPackagesProvider = provider; 171 } 172 173 public void grantDefaultPermissions(int userId) { 174 grantPermissionsToSysComponentsAndPrivApps(userId); 175 grantDefaultSystemHandlerPermissions(userId); 176 } 177 178 private void grantPermissionsToSysComponentsAndPrivApps(int userId) { 179 Log.i(TAG, "Granting permissions to platform components for user" + userId); 180 181 synchronized (mService.mPackages) { 182 for (PackageParser.Package pkg : mService.mPackages.values()) { 183 if (!isSysComponentOrPersistentPrivApp(pkg) 184 || !doesPackageSupportRuntimePermissions(pkg)) { 185 continue; 186 } 187 final int permissionCount = pkg.requestedPermissions.size(); 188 for (int i = 0; i < permissionCount; i++) { 189 String permission = pkg.requestedPermissions.get(i); 190 BasePermission bp = mService.mSettings.mPermissions.get(permission); 191 if (bp != null && bp.isRuntime()) { 192 final int flags = mService.getPermissionFlags(permission, 193 pkg.packageName, userId); 194 if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) == 0) { 195 mService.grantRuntimePermission(pkg.packageName, permission, userId); 196 mService.updatePermissionFlags(permission, pkg.packageName, 197 PackageManager.MASK_PERMISSION_FLAGS, 198 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, userId); 199 if (DEBUG) { 200 Log.i(TAG, "Granted " + permission + " to system component " 201 + pkg.packageName); 202 } 203 } 204 } 205 } 206 } 207 } 208 } 209 210 private void grantDefaultSystemHandlerPermissions(int userId) { 211 Log.i(TAG, "Granting permissions to default platform handlers for user:" + userId); 212 213 final PackagesProvider imePackagesProvider; 214 final PackagesProvider locationPackagesProvider; 215 final PackagesProvider voiceInteractionPackagesProvider; 216 final PackagesProvider smsAppPackagesProvider; 217 final PackagesProvider dialerAppPackagesProvider; 218 219 synchronized (mService.mPackages) { 220 imePackagesProvider = mImePackagesProvider; 221 locationPackagesProvider = mLocationPackagesProvider; 222 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider; 223 smsAppPackagesProvider = mSmsAppPackagesProvider; 224 dialerAppPackagesProvider = mDialerAppPackagesProvider; 225 } 226 227 String[] imePackageNames = (imePackagesProvider != null) 228 ? imePackagesProvider.getPackages(userId) : null; 229 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null) 230 ? voiceInteractionPackagesProvider.getPackages(userId) : null; 231 String[] locationPackageNames = (locationPackagesProvider != null) 232 ? locationPackagesProvider.getPackages(userId) : null; 233 String[] smsAppPackageNames = (smsAppPackagesProvider != null) 234 ? smsAppPackagesProvider.getPackages(userId) : null; 235 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null) 236 ? dialerAppPackagesProvider.getPackages(userId) : null; 237 238 synchronized (mService.mPackages) { 239 // Installers 240 Intent installerIntent = new Intent(Intent.ACTION_INSTALL_PACKAGE); 241 installerIntent.addCategory(Intent.CATEGORY_DEFAULT); 242 installerIntent.setDataAndType(Uri.fromFile(new File("foo.apk")), 243 PACKAGE_MIME_TYPE); 244 List<PackageParser.Package> installerPackages = 245 getPrivilegedHandlerActivityPackagesLPr(installerIntent, userId); 246 final int installerCount = installerPackages.size(); 247 for (int i = 0; i < installerCount; i++) { 248 PackageParser.Package installPackage = installerPackages.get(i); 249 grantInstallPermissionsLPw(installPackage, INSTALLER_PERMISSIONS, userId); 250 grantRuntimePermissionsLPw(installPackage, STORAGE_PERMISSIONS, true, userId); 251 } 252 253 // Verifiers 254 Intent verifierIntent = new Intent(Intent.ACTION_PACKAGE_NEEDS_VERIFICATION); 255 verifierIntent.setType(PACKAGE_MIME_TYPE); 256 List<PackageParser.Package> verifierPackages = 257 getPrivilegedHandlerReceiverPackagesLPr(verifierIntent, userId); 258 final int verifierCount = verifierPackages.size(); 259 for (int i = 0; i < verifierCount; i++) { 260 PackageParser.Package verifierPackage = verifierPackages.get(i); 261 grantInstallPermissionsLPw(verifierPackage, VERIFIER_PERMISSIONS, userId); 262 grantRuntimePermissionsLPw(verifierPackage, STORAGE_PERMISSIONS, userId); 263 } 264 265 // SetupWizard 266 Intent setupIntent = new Intent(Intent.ACTION_MAIN); 267 setupIntent.addCategory(Intent.CATEGORY_HOME); 268 PackageParser.Package setupPackage = getDefaultSystemHandlerActivityPackageLPr( 269 setupIntent, userId); 270 if (setupPackage != null 271 && doesPackageSupportRuntimePermissions(setupPackage)) { 272 grantRuntimePermissionsLPw(setupPackage, PHONE_PERMISSIONS, userId); 273 grantRuntimePermissionsLPw(setupPackage, CONTACTS_PERMISSIONS, userId); 274 grantRuntimePermissionsLPw(setupPackage, SETTINGS_PERMISSIONS, userId); 275 } 276 277 // Dialer 278 if (dialerAppPackageNames != null) { 279 for (String dialerAppPackageName : dialerAppPackageNames) { 280 PackageParser.Package dialerPackage = getPackageLPr(dialerAppPackageName); 281 if (dialerPackage != null 282 && doesPackageSupportRuntimePermissions(dialerPackage)) { 283 grantRuntimePermissionsLPw(dialerPackage, PHONE_PERMISSIONS, userId); 284 grantRuntimePermissionsLPw(dialerPackage, CONTACTS_PERMISSIONS, userId); 285 grantRuntimePermissionsLPw(dialerPackage, SMS_PERMISSIONS, userId); 286 grantRuntimePermissionsLPw(dialerPackage, MICROPHONE_PERMISSIONS, userId); 287 } 288 } 289 } 290 291 // Camera 292 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE); 293 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackageLPr( 294 cameraIntent, userId); 295 if (cameraPackage != null 296 && doesPackageSupportRuntimePermissions(cameraPackage)) { 297 grantRuntimePermissionsLPw(cameraPackage, CAMERA_PERMISSIONS, userId); 298 grantRuntimePermissionsLPw(cameraPackage, MICROPHONE_PERMISSIONS, userId); 299 grantRuntimePermissionsLPw(cameraPackage, STORAGE_PERMISSIONS, userId); 300 } 301 302 // Media provider 303 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackageLPr( 304 MediaStore.AUTHORITY, userId); 305 if (mediaStorePackage != null) { 306 grantRuntimePermissionsLPw(mediaStorePackage, STORAGE_PERMISSIONS, userId); 307 } 308 309 // Downloads provider 310 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackageLPr( 311 "downloads", userId); 312 if (downloadsPackage != null) { 313 grantRuntimePermissionsLPw(downloadsPackage, STORAGE_PERMISSIONS, userId); 314 } 315 316 // Downloads UI 317 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS); 318 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackageLPr( 319 downloadsUiIntent, userId); 320 if (downloadsUiPackage != null 321 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) { 322 grantRuntimePermissionsLPw(downloadsUiPackage, STORAGE_PERMISSIONS, userId); 323 } 324 325 // SMS 326 if (smsAppPackageNames != null) { 327 for (String smsPackageName : smsAppPackageNames) { 328 PackageParser.Package smsPackage = getPackageLPr(smsPackageName); 329 if (smsPackage != null 330 && doesPackageSupportRuntimePermissions(smsPackage)) { 331 grantRuntimePermissionsLPw(smsPackage, PHONE_PERMISSIONS, userId); 332 grantRuntimePermissionsLPw(smsPackage, CONTACTS_PERMISSIONS, userId); 333 grantRuntimePermissionsLPw(smsPackage, SMS_PERMISSIONS, userId); 334 } 335 } 336 } 337 338 // Calendar 339 Intent calendarIntent = new Intent(Intent.ACTION_MAIN); 340 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR); 341 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackageLPr( 342 calendarIntent, userId); 343 if (calendarPackage != null 344 && doesPackageSupportRuntimePermissions(calendarPackage)) { 345 grantRuntimePermissionsLPw(calendarPackage, CALENDAR_PERMISSIONS, userId); 346 grantRuntimePermissionsLPw(calendarPackage, CONTACTS_PERMISSIONS, userId); 347 grantRuntimePermissionsLPw(calendarPackage, ACCOUNTS_PERMISSIONS, userId); 348 } 349 350 // Calendar provider 351 PackageParser.Package calendarProviderPackage = getDefaultProviderAuthorityPackageLPr( 352 CalendarContract.AUTHORITY, userId); 353 if (calendarProviderPackage != null) { 354 grantRuntimePermissionsLPw(calendarProviderPackage, CONTACTS_PERMISSIONS, userId); 355 grantRuntimePermissionsLPw(calendarProviderPackage, CALENDAR_PERMISSIONS, userId); 356 grantRuntimePermissionsLPw(calendarProviderPackage, ACCOUNTS_PERMISSIONS, userId); 357 grantRuntimePermissionsLPw(calendarProviderPackage, STORAGE_PERMISSIONS, userId); 358 } 359 360 // Contacts 361 Intent contactsIntent = new Intent(Intent.ACTION_MAIN); 362 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS); 363 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackageLPr( 364 contactsIntent, userId); 365 if (contactsPackage != null 366 && doesPackageSupportRuntimePermissions(contactsPackage)) { 367 grantRuntimePermissionsLPw(contactsPackage, CONTACTS_PERMISSIONS, userId); 368 grantRuntimePermissionsLPw(contactsPackage, PHONE_PERMISSIONS, userId); 369 grantRuntimePermissionsLPw(contactsPackage, ACCOUNTS_PERMISSIONS, userId); 370 } 371 372 // Contacts provider 373 PackageParser.Package contactsProviderPackage = getDefaultProviderAuthorityPackageLPr( 374 ContactsContract.AUTHORITY, userId); 375 if (contactsProviderPackage != null) { 376 grantRuntimePermissionsLPw(contactsProviderPackage, CONTACTS_PERMISSIONS, userId); 377 grantRuntimePermissionsLPw(contactsProviderPackage, ACCOUNTS_PERMISSIONS, userId); 378 grantRuntimePermissionsLPw(contactsProviderPackage, STORAGE_PERMISSIONS, userId); 379 } 380 381 // Device provisioning 382 Intent deviceProvisionIntent = new Intent( 383 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE); 384 PackageParser.Package deviceProvisionPackage = 385 getDefaultSystemHandlerActivityPackageLPr(deviceProvisionIntent, userId); 386 if (deviceProvisionPackage != null 387 && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) { 388 grantRuntimePermissionsLPw(contactsPackage, ACCOUNTS_PERMISSIONS, userId); 389 } 390 391 // Maps 392 Intent mapsIntent = new Intent(Intent.ACTION_MAIN); 393 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS); 394 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackageLPr( 395 mapsIntent, userId); 396 if (mapsPackage != null 397 && doesPackageSupportRuntimePermissions(mapsPackage)) { 398 grantRuntimePermissionsLPw(mapsPackage, LOCATION_PERMISSIONS, userId); 399 } 400 401 // Email 402 Intent emailIntent = new Intent(Intent.ACTION_MAIN); 403 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL); 404 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackageLPr( 405 emailIntent, userId); 406 if (emailPackage != null 407 && doesPackageSupportRuntimePermissions(emailPackage)) { 408 grantRuntimePermissionsLPw(emailPackage, CONTACTS_PERMISSIONS, userId); 409 } 410 411 // Browser 412 PackageParser.Package browserPackage = null; 413 String defaultBrowserPackage = mService.getDefaultBrowserPackageName(userId); 414 if (defaultBrowserPackage != null) { 415 browserPackage = getPackageLPr(defaultBrowserPackage); 416 } 417 if (browserPackage == null) { 418 Intent browserIntent = new Intent(Intent.ACTION_MAIN); 419 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER); 420 browserPackage = getDefaultSystemHandlerActivityPackageLPr( 421 browserIntent, userId); 422 } 423 if (browserPackage != null 424 && doesPackageSupportRuntimePermissions(browserPackage)) { 425 grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, userId); 426 } 427 428 // IME 429 if (imePackageNames != null) { 430 for (String imePackageName : imePackageNames) { 431 PackageParser.Package imePackage = getSystemPackageLPr(imePackageName); 432 if (imePackage != null 433 && doesPackageSupportRuntimePermissions(imePackage)) { 434 grantRuntimePermissionsLPw(imePackage, CONTACTS_PERMISSIONS, userId); 435 } 436 } 437 } 438 439 // Voice interaction 440 if (voiceInteractPackageNames != null) { 441 for (String voiceInteractPackageName : voiceInteractPackageNames) { 442 PackageParser.Package voiceInteractPackage = getSystemPackageLPr( 443 voiceInteractPackageName); 444 if (voiceInteractPackage != null 445 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) { 446 grantRuntimePermissionsLPw(voiceInteractPackage, 447 CONTACTS_PERMISSIONS, userId); 448 grantRuntimePermissionsLPw(voiceInteractPackage, 449 CALENDAR_PERMISSIONS, userId); 450 grantRuntimePermissionsLPw(voiceInteractPackage, 451 MICROPHONE_PERMISSIONS, userId); 452 grantRuntimePermissionsLPw(voiceInteractPackage, 453 PHONE_PERMISSIONS, userId); 454 grantRuntimePermissionsLPw(voiceInteractPackage, 455 SMS_PERMISSIONS, userId); 456 grantRuntimePermissionsLPw(voiceInteractPackage, 457 LOCATION_PERMISSIONS, userId); 458 } 459 } 460 } 461 462 // Location 463 if (locationPackageNames != null) { 464 for (String packageName : locationPackageNames) { 465 PackageParser.Package locationPackage = getSystemPackageLPr(packageName); 466 if (locationPackage != null 467 && doesPackageSupportRuntimePermissions(locationPackage)) { 468 grantRuntimePermissionsLPw(locationPackage, CONTACTS_PERMISSIONS, userId); 469 grantRuntimePermissionsLPw(locationPackage, CALENDAR_PERMISSIONS, userId); 470 grantRuntimePermissionsLPw(locationPackage, MICROPHONE_PERMISSIONS, userId); 471 grantRuntimePermissionsLPw(locationPackage, PHONE_PERMISSIONS, userId); 472 grantRuntimePermissionsLPw(locationPackage, SMS_PERMISSIONS, userId); 473 grantRuntimePermissionsLPw(locationPackage, LOCATION_PERMISSIONS, userId); 474 grantRuntimePermissionsLPw(locationPackage, CAMERA_PERMISSIONS, userId); 475 grantRuntimePermissionsLPw(locationPackage, SENSORS_PERMISSIONS, userId); 476 grantRuntimePermissionsLPw(locationPackage, STORAGE_PERMISSIONS, userId); 477 } 478 } 479 } 480 481 mService.mSettings.onDefaultRuntimePermissionsGrantedLPr(userId); 482 } 483 } 484 485 public void grantDefaultPermissionsToDefaultSmsAppLPr(String packageName, int userId) { 486 Log.i(TAG, "Granting permissions to default sms app for user:" + userId); 487 if (packageName == null) { 488 return; 489 } 490 PackageParser.Package smsPackage = getPackageLPr(packageName); 491 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) { 492 grantRuntimePermissionsLPw(smsPackage, PHONE_PERMISSIONS, userId); 493 grantRuntimePermissionsLPw(smsPackage, CONTACTS_PERMISSIONS, userId); 494 grantRuntimePermissionsLPw(smsPackage, SMS_PERMISSIONS, userId); 495 } 496 } 497 498 public void grantDefaultPermissionsToDefaultDialerAppLPr(String packageName, int userId) { 499 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId); 500 if (packageName == null) { 501 return; 502 } 503 PackageParser.Package dialerPackage = getPackageLPr(packageName); 504 if (dialerPackage != null 505 && doesPackageSupportRuntimePermissions(dialerPackage)) { 506 grantRuntimePermissionsLPw(dialerPackage, PHONE_PERMISSIONS, userId); 507 grantRuntimePermissionsLPw(dialerPackage, CONTACTS_PERMISSIONS, userId); 508 grantRuntimePermissionsLPw(dialerPackage, SMS_PERMISSIONS, userId); 509 grantRuntimePermissionsLPw(dialerPackage, MICROPHONE_PERMISSIONS, userId); 510 } 511 } 512 513 public void grantDefaultPermissionsToEnabledCarrierAppsLPr(String[] packageNames, int userId) { 514 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId); 515 if (packageNames == null) { 516 return; 517 } 518 for (String packageName : packageNames) { 519 PackageParser.Package carrierPackage = getSystemPackageLPr(packageName); 520 if (carrierPackage != null 521 && doesPackageSupportRuntimePermissions(carrierPackage)) { 522 grantRuntimePermissionsLPw(carrierPackage, PHONE_PERMISSIONS, userId); 523 grantRuntimePermissionsLPw(carrierPackage, LOCATION_PERMISSIONS, userId); 524 } 525 } 526 } 527 528 public void grantDefaultPermissionsToDefaultBrowserLPr(String packageName, int userId) { 529 Log.i(TAG, "Granting permissions to default browser for user:" + userId); 530 if (packageName == null) { 531 return; 532 } 533 PackageParser.Package browserPackage = getSystemPackageLPr(packageName); 534 if (browserPackage != null 535 && doesPackageSupportRuntimePermissions(browserPackage)) { 536 grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, userId); 537 } 538 } 539 540 private List<PackageParser.Package> getPrivilegedHandlerReceiverPackagesLPr( 541 Intent intent, int userId) { 542 List<ResolveInfo> handlers = mService.queryIntentReceivers( 543 intent, intent.resolveTypeIfNeeded(mService.mContext.getContentResolver()), 544 0, userId); 545 return getPrivilegedPackages(handlers); 546 } 547 548 private List<PackageParser.Package> getPrivilegedHandlerActivityPackagesLPr( 549 Intent intent, int userId) { 550 List<ResolveInfo> handlers = mService.queryIntentActivities( 551 intent, intent.resolveTypeIfNeeded(mService.mContext.getContentResolver()), 552 0, userId); 553 return getPrivilegedPackages(handlers); 554 } 555 556 private List<PackageParser.Package> getPrivilegedPackages(List<ResolveInfo> resolveInfos) { 557 List<PackageParser.Package> handlerPackages = new ArrayList<>(); 558 final int handlerCount = resolveInfos.size(); 559 for (int i = 0; i < handlerCount; i++) { 560 ResolveInfo handler = resolveInfos.get(i); 561 PackageParser.Package handlerPackage = getPrivilegedPackageLPr( 562 handler.activityInfo.packageName); 563 if (handlerPackage != null) { 564 handlerPackages.add(handlerPackage); 565 } 566 } 567 return handlerPackages; 568 } 569 570 private PackageParser.Package getDefaultSystemHandlerActivityPackageLPr( 571 Intent intent, int userId) { 572 List<ResolveInfo> handlers = mService.queryIntentActivities(intent, null, 0, userId); 573 final int handlerCount = handlers.size(); 574 for (int i = 0; i < handlerCount; i++) { 575 ResolveInfo handler = handlers.get(i); 576 // TODO: This is a temporary hack to figure out the setup app. 577 PackageParser.Package handlerPackage = getSystemPackageLPr( 578 handler.activityInfo.packageName); 579 if (handlerPackage != null) { 580 return handlerPackage; 581 } 582 } 583 return null; 584 } 585 586 private PackageParser.Package getDefaultProviderAuthorityPackageLPr( 587 String authority, int userId) { 588 ProviderInfo provider = mService.resolveContentProvider(authority, 0, userId); 589 if (provider != null) { 590 return getSystemPackageLPr(provider.packageName); 591 } 592 return null; 593 } 594 595 private PackageParser.Package getPackageLPr(String packageName) { 596 return mService.mPackages.get(packageName); 597 } 598 599 private PackageParser.Package getSystemPackageLPr(String packageName) { 600 PackageParser.Package pkg = getPackageLPr(packageName); 601 if (pkg != null && pkg.isSystemApp()) { 602 return !isSysComponentOrPersistentPrivApp(pkg) ? pkg : null; 603 } 604 return null; 605 } 606 607 private PackageParser.Package getPrivilegedPackageLPr(String packageName) { 608 PackageParser.Package pkg = mService.mPackages.get(packageName); 609 if (pkg != null && pkg.applicationInfo.isPrivilegedApp()) { 610 return !isSysComponentOrPersistentPrivApp(pkg) ? pkg : null; 611 } 612 return null; 613 } 614 615 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 616 int userId) { 617 grantRuntimePermissionsLPw(pkg, permissions, false, userId); 618 619 } 620 621 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 622 boolean systemFixed, int userId) { 623 List<String> requestedPermissions = pkg.requestedPermissions; 624 625 if (pkg.isUpdatedSystemApp()) { 626 PackageSetting sysPs = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName); 627 if (sysPs != null) { 628 requestedPermissions = sysPs.pkg.requestedPermissions; 629 } 630 } 631 632 final int permissionCount = requestedPermissions.size(); 633 for (int i = 0; i < permissionCount; i++) { 634 String permission = requestedPermissions.get(i); 635 if (permissions.contains(permission)) { 636 final int flags = mService.getPermissionFlags(permission, pkg.packageName, userId); 637 638 // If any flags are set to the permission, then it is either set in 639 // its current state by the system or device/profile owner or the user. 640 // In all these cases we do not want to clobber the current state. 641 if (flags == 0) { 642 mService.grantRuntimePermission(pkg.packageName, permission, userId); 643 if (DEBUG) { 644 Log.i(TAG, "Granted " + permission + " to default handler " 645 + pkg.packageName); 646 } 647 648 if (systemFixed) { 649 mService.updatePermissionFlags(permission, pkg.packageName, 650 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 651 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, userId); 652 } 653 } 654 } 655 } 656 } 657 658 private void grantInstallPermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 659 int userId) { 660 List<String> requestedPermissions = pkg.requestedPermissions; 661 662 if (pkg.isUpdatedSystemApp()) { 663 PackageSetting sysPs = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName); 664 if (sysPs != null) { 665 requestedPermissions = sysPs.pkg.requestedPermissions; 666 } 667 } 668 669 final int permissionCount = requestedPermissions.size(); 670 for (int i = 0; i < permissionCount; i++) { 671 String permission = requestedPermissions.get(i); 672 if (permissions.contains(permission)) { 673 final int flags = mService.getPermissionFlags(permission, pkg.packageName, userId); 674 675 // If any flags are set to the permission, then it is either set in 676 // its current state by the system or device/profile owner or the user. 677 // In all these cases we do not want to clobber the current state. 678 if (flags == 0) { 679 mService.grantInstallPermissionLPw(permission, pkg); 680 if (DEBUG) { 681 Log.i(TAG, "Granted install " + permission + " to " + pkg.packageName); 682 } 683 } 684 } 685 } 686 } 687 688 private static boolean isSysComponentOrPersistentPrivApp(PackageParser.Package pkg) { 689 return UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID 690 || ((pkg.applicationInfo.privateFlags 691 & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) != 0 692 && (pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) != 0); 693 } 694 695 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) { 696 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1; 697 } 698} 699