DefaultPermissionGrantPolicy.java revision a5a0d94023b2d9b7c9019fc40e7479995b82066c
1/* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.pm; 18 19import android.Manifest; 20import android.app.DownloadManager; 21import android.app.admin.DevicePolicyManager; 22import android.content.Intent; 23import android.content.pm.ApplicationInfo; 24import android.content.pm.PackageManager; 25import android.content.pm.PackageManagerInternal.PackagesProvider; 26import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider; 27import android.content.pm.PackageParser; 28import android.content.pm.ProviderInfo; 29import android.content.pm.ResolveInfo; 30import android.net.Uri; 31import android.os.Build; 32import android.os.UserHandle; 33import android.provider.CalendarContract; 34import android.provider.ContactsContract; 35import android.provider.MediaStore; 36import android.util.ArraySet; 37import android.util.Log; 38 39import java.io.File; 40import java.util.ArrayList; 41import java.util.List; 42import java.util.Set; 43 44import static android.os.Process.FIRST_APPLICATION_UID; 45 46/** 47 * This class is the policy for granting runtime permissions to 48 * platform components and default handlers in the system such 49 * that the device is usable out-of-the-box. For example, the 50 * shell UID is a part of the system and the Phone app should 51 * have phone related permission by default. 52 */ 53final class DefaultPermissionGrantPolicy { 54 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars 55 private static final boolean DEBUG = false; 56 57 private static final String PACKAGE_MIME_TYPE = "application/vnd.android.package-archive"; 58 private static final String AUDIO_MIME_TYPE = "audio/mpeg"; 59 60 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>(); 61 static { 62 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE); 63 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE); 64 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG); 65 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG); 66 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL); 67 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP); 68 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS); 69 } 70 71 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>(); 72 static { 73 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS); 74 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS); 75 } 76 77 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>(); 78 static { 79 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION); 80 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION); 81 } 82 83 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>(); 84 static { 85 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR); 86 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR); 87 } 88 89 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>(); 90 static { 91 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS); 92 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS); 93 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS); 94 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH); 95 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS); 96 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS); 97 } 98 99 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>(); 100 static { 101 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO); 102 } 103 104 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>(); 105 static { 106 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA); 107 } 108 109 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>(); 110 static { 111 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS); 112 } 113 114 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>(); 115 static { 116 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE); 117 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE); 118 } 119 120 private static final Set<String> ACCOUNTS_PERMISSIONS = new ArraySet<>(); 121 static { 122 //ACCOUNTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS); 123 } 124 125 private static final Set<String> SETTINGS_PERMISSIONS = new ArraySet<>(); 126 static { 127 SETTINGS_PERMISSIONS.add(Manifest.permission.WRITE_SETTINGS); 128 } 129 130 private static final Set<String> INSTALLER_PERMISSIONS = new ArraySet<>(); 131 static { 132 INSTALLER_PERMISSIONS.add(Manifest.permission.GRANT_REVOKE_PERMISSIONS); 133 INSTALLER_PERMISSIONS.add(Manifest.permission.INTERACT_ACROSS_USERS_FULL); 134 INSTALLER_PERMISSIONS.add(Manifest.permission.CLEAR_APP_USER_DATA); 135 INSTALLER_PERMISSIONS.add(Manifest.permission.KILL_UID); 136 } 137 138 private static final Set<String> VERIFIER_PERMISSIONS = new ArraySet<>(); 139 static { 140 INSTALLER_PERMISSIONS.add(Manifest.permission.GRANT_REVOKE_PERMISSIONS); 141 } 142 143 private final PackageManagerService mService; 144 145 private PackagesProvider mImePackagesProvider; 146 private PackagesProvider mLocationPackagesProvider; 147 private PackagesProvider mVoiceInteractionPackagesProvider; 148 private PackagesProvider mSmsAppPackagesProvider; 149 private PackagesProvider mDialerAppPackagesProvider; 150 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider; 151 152 public DefaultPermissionGrantPolicy(PackageManagerService service) { 153 mService = service; 154 } 155 156 public void setImePackagesProviderLPr(PackagesProvider provider) { 157 mImePackagesProvider = provider; 158 } 159 160 public void setLocationPackagesProviderLPw(PackagesProvider provider) { 161 mLocationPackagesProvider = provider; 162 } 163 164 public void setVoiceInteractionPackagesProviderLPw(PackagesProvider provider) { 165 mVoiceInteractionPackagesProvider = provider; 166 } 167 168 public void setSmsAppPackagesProviderLPw(PackagesProvider provider) { 169 mSmsAppPackagesProvider = provider; 170 } 171 172 public void setDialerAppPackagesProviderLPw(PackagesProvider provider) { 173 mDialerAppPackagesProvider = provider; 174 } 175 176 public void setSyncAdapterPackagesProviderrLPw(SyncAdapterPackagesProvider provider) { 177 mSyncAdapterPackagesProvider = provider; 178 } 179 180 public void grantDefaultPermissions(int userId) { 181 grantPermissionsToSysComponentsAndPrivApps(userId); 182 grantDefaultSystemHandlerPermissions(userId); 183 } 184 185 private void grantPermissionsToSysComponentsAndPrivApps(int userId) { 186 Log.i(TAG, "Granting permissions to platform components for user " + userId); 187 188 synchronized (mService.mPackages) { 189 for (PackageParser.Package pkg : mService.mPackages.values()) { 190 if (!isSysComponentOrPersistentPrivApp(pkg) 191 || !doesPackageSupportRuntimePermissions(pkg)) { 192 continue; 193 } 194 final int permissionCount = pkg.requestedPermissions.size(); 195 for (int i = 0; i < permissionCount; i++) { 196 String permission = pkg.requestedPermissions.get(i); 197 BasePermission bp = mService.mSettings.mPermissions.get(permission); 198 if (bp != null && bp.isRuntime()) { 199 final int flags = mService.getPermissionFlags(permission, 200 pkg.packageName, userId); 201 if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) == 0) { 202 mService.grantRuntimePermission(pkg.packageName, permission, userId); 203 mService.updatePermissionFlags(permission, pkg.packageName, 204 PackageManager.MASK_PERMISSION_FLAGS, 205 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, userId); 206 if (DEBUG) { 207 Log.i(TAG, "Granted " + permission + " to system component " 208 + pkg.packageName); 209 } 210 } 211 } 212 } 213 } 214 } 215 } 216 217 private void grantDefaultSystemHandlerPermissions(int userId) { 218 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId); 219 220 final PackagesProvider imePackagesProvider; 221 final PackagesProvider locationPackagesProvider; 222 final PackagesProvider voiceInteractionPackagesProvider; 223 final PackagesProvider smsAppPackagesProvider; 224 final PackagesProvider dialerAppPackagesProvider; 225 final SyncAdapterPackagesProvider syncAdapterPackagesProvider; 226 227 synchronized (mService.mPackages) { 228 imePackagesProvider = mImePackagesProvider; 229 locationPackagesProvider = mLocationPackagesProvider; 230 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider; 231 smsAppPackagesProvider = mSmsAppPackagesProvider; 232 dialerAppPackagesProvider = mDialerAppPackagesProvider; 233 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider; 234 } 235 236 String[] imePackageNames = (imePackagesProvider != null) 237 ? imePackagesProvider.getPackages(userId) : null; 238 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null) 239 ? voiceInteractionPackagesProvider.getPackages(userId) : null; 240 String[] locationPackageNames = (locationPackagesProvider != null) 241 ? locationPackagesProvider.getPackages(userId) : null; 242 String[] smsAppPackageNames = (smsAppPackagesProvider != null) 243 ? smsAppPackagesProvider.getPackages(userId) : null; 244 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null) 245 ? dialerAppPackagesProvider.getPackages(userId) : null; 246 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 247 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null; 248 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 249 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null; 250 251 synchronized (mService.mPackages) { 252 // Installers 253 Intent installerIntent = new Intent(Intent.ACTION_INSTALL_PACKAGE); 254 installerIntent.addCategory(Intent.CATEGORY_DEFAULT); 255 installerIntent.setDataAndType(Uri.fromFile(new File("foo.apk")), 256 PACKAGE_MIME_TYPE); 257 List<PackageParser.Package> installerPackages = 258 getPrivilegedHandlerActivityPackagesLPr(installerIntent, userId); 259 final int installerCount = installerPackages.size(); 260 for (int i = 0; i < installerCount; i++) { 261 PackageParser.Package installPackage = installerPackages.get(i); 262 grantInstallPermissionsLPw(installPackage, INSTALLER_PERMISSIONS, userId); 263 grantRuntimePermissionsLPw(installPackage, STORAGE_PERMISSIONS, true, userId); 264 } 265 266 // Verifiers 267 Intent verifierIntent = new Intent(Intent.ACTION_PACKAGE_NEEDS_VERIFICATION); 268 verifierIntent.setType(PACKAGE_MIME_TYPE); 269 List<PackageParser.Package> verifierPackages = 270 getPrivilegedHandlerReceiverPackagesLPr(verifierIntent, userId); 271 final int verifierCount = verifierPackages.size(); 272 for (int i = 0; i < verifierCount; i++) { 273 PackageParser.Package verifierPackage = verifierPackages.get(i); 274 grantInstallPermissionsLPw(verifierPackage, VERIFIER_PERMISSIONS, userId); 275 grantRuntimePermissionsLPw(verifierPackage, STORAGE_PERMISSIONS, userId); 276 } 277 278 // SetupWizard 279 Intent setupIntent = new Intent(Intent.ACTION_MAIN); 280 setupIntent.addCategory(Intent.CATEGORY_HOME); 281 PackageParser.Package setupPackage = getDefaultSystemHandlerActivityPackageLPr( 282 setupIntent, userId); 283 if (setupPackage != null 284 && doesPackageSupportRuntimePermissions(setupPackage)) { 285 grantRuntimePermissionsLPw(setupPackage, PHONE_PERMISSIONS, userId); 286 grantRuntimePermissionsLPw(setupPackage, CONTACTS_PERMISSIONS, userId); 287 grantRuntimePermissionsLPw(setupPackage, SETTINGS_PERMISSIONS, userId); 288 } 289 290 // Camera 291 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE); 292 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackageLPr( 293 cameraIntent, userId); 294 if (cameraPackage != null 295 && doesPackageSupportRuntimePermissions(cameraPackage)) { 296 grantRuntimePermissionsLPw(cameraPackage, CAMERA_PERMISSIONS, userId); 297 grantRuntimePermissionsLPw(cameraPackage, MICROPHONE_PERMISSIONS, userId); 298 grantRuntimePermissionsLPw(cameraPackage, STORAGE_PERMISSIONS, userId); 299 } 300 301 // Media provider 302 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackageLPr( 303 MediaStore.AUTHORITY, userId); 304 if (mediaStorePackage != null) { 305 grantRuntimePermissionsLPw(mediaStorePackage, STORAGE_PERMISSIONS, true, userId); 306 } 307 308 // Downloads provider 309 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackageLPr( 310 "downloads", userId); 311 if (downloadsPackage != null) { 312 grantRuntimePermissionsLPw(downloadsPackage, STORAGE_PERMISSIONS, true, userId); 313 } 314 315 // Downloads UI 316 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS); 317 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackageLPr( 318 downloadsUiIntent, userId); 319 if (downloadsUiPackage != null 320 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) { 321 grantRuntimePermissionsLPw(downloadsUiPackage, STORAGE_PERMISSIONS, true, userId); 322 } 323 324 // Storage provider 325 PackageParser.Package storagePackage = getDefaultProviderAuthorityPackageLPr( 326 "com.android.externalstorage.documents", userId); 327 if (storagePackage != null) { 328 grantRuntimePermissionsLPw(storagePackage, STORAGE_PERMISSIONS, userId); 329 } 330 331 // Dialer 332 if (dialerAppPackageNames == null) { 333 Intent dialerIntent = new Intent(Intent.ACTION_DIAL); 334 PackageParser.Package dialerPackage = getDefaultSystemHandlerActivityPackageLPr( 335 dialerIntent, userId); 336 if (dialerPackage != null) { 337 grantDefaultPermissionsToDefaultSystemDialerAppLPr(dialerPackage, userId); 338 } 339 } else { 340 for (String dialerAppPackageName : dialerAppPackageNames) { 341 PackageParser.Package dialerPackage = getSystemPackageLPr(dialerAppPackageName); 342 if (dialerPackage != null) { 343 grantDefaultPermissionsToDefaultSystemDialerAppLPr(dialerPackage, userId); 344 } 345 } 346 } 347 348 // SMS 349 if (smsAppPackageNames == null) { 350 Intent smsIntent = new Intent(Intent.ACTION_MAIN); 351 smsIntent.addCategory(Intent.CATEGORY_APP_MESSAGING); 352 PackageParser.Package smsPackage = getDefaultSystemHandlerActivityPackageLPr( 353 smsIntent, userId); 354 if (smsPackage != null) { 355 grantDefaultPermissionsToDefaultSystemSmsAppLPr(smsPackage, userId); 356 } 357 } else { 358 for (String smsPackageName : smsAppPackageNames) { 359 PackageParser.Package smsPackage = getSystemPackageLPr(smsPackageName); 360 if (smsPackage != null) { 361 grantDefaultPermissionsToDefaultSystemSmsAppLPr(smsPackage, userId); 362 } 363 } 364 } 365 366 // Calendar 367 Intent calendarIntent = new Intent(Intent.ACTION_MAIN); 368 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR); 369 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackageLPr( 370 calendarIntent, userId); 371 if (calendarPackage != null 372 && doesPackageSupportRuntimePermissions(calendarPackage)) { 373 grantRuntimePermissionsLPw(calendarPackage, CALENDAR_PERMISSIONS, userId); 374 grantRuntimePermissionsLPw(calendarPackage, CONTACTS_PERMISSIONS, userId); 375 grantRuntimePermissionsLPw(calendarPackage, ACCOUNTS_PERMISSIONS, userId); 376 } 377 378 // Calendar provider 379 PackageParser.Package calendarProviderPackage = getDefaultProviderAuthorityPackageLPr( 380 CalendarContract.AUTHORITY, userId); 381 if (calendarProviderPackage != null) { 382 grantRuntimePermissionsLPw(calendarProviderPackage, CONTACTS_PERMISSIONS, userId); 383 grantRuntimePermissionsLPw(calendarProviderPackage, CALENDAR_PERMISSIONS, 384 true, userId); 385 grantRuntimePermissionsLPw(calendarProviderPackage, ACCOUNTS_PERMISSIONS, userId); 386 grantRuntimePermissionsLPw(calendarProviderPackage, STORAGE_PERMISSIONS, userId); 387 } 388 389 // Calendar provider sync adapters 390 List<PackageParser.Package> calendarSyncAdapters = getHeadlessSyncAdapterPackagesLPr( 391 calendarSyncAdapterPackages, 392 userId); 393 final int calendarSyncAdapterCount = calendarSyncAdapters.size(); 394 for (int i = 0; i < calendarSyncAdapterCount; i++) { 395 PackageParser.Package calendarSyncAdapter = calendarSyncAdapters.get(i); 396 if (doesPackageSupportRuntimePermissions(calendarSyncAdapter)) { 397 grantRuntimePermissionsLPw(calendarSyncAdapter, CALENDAR_PERMISSIONS, userId); 398 } 399 } 400 401 // Contacts 402 Intent contactsIntent = new Intent(Intent.ACTION_MAIN); 403 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS); 404 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackageLPr( 405 contactsIntent, userId); 406 if (contactsPackage != null 407 && doesPackageSupportRuntimePermissions(contactsPackage)) { 408 grantRuntimePermissionsLPw(contactsPackage, CONTACTS_PERMISSIONS, userId); 409 grantRuntimePermissionsLPw(contactsPackage, PHONE_PERMISSIONS, userId); 410 grantRuntimePermissionsLPw(contactsPackage, ACCOUNTS_PERMISSIONS, userId); 411 } 412 413 // Contacts provider sync adapters 414 List<PackageParser.Package> contactsSyncAdapters = getHeadlessSyncAdapterPackagesLPr( 415 contactsSyncAdapterPackages, 416 userId); 417 final int contactsSyncAdapterCount = contactsSyncAdapters.size(); 418 for (int i = 0; i < contactsSyncAdapterCount; i++) { 419 PackageParser.Package contactsSyncAdapter = contactsSyncAdapters.get(i); 420 if (doesPackageSupportRuntimePermissions(contactsSyncAdapter)) { 421 grantRuntimePermissionsLPw(contactsSyncAdapter, CONTACTS_PERMISSIONS, userId); 422 } 423 } 424 425 // Contacts provider 426 PackageParser.Package contactsProviderPackage = getDefaultProviderAuthorityPackageLPr( 427 ContactsContract.AUTHORITY, userId); 428 if (contactsProviderPackage != null) { 429 grantRuntimePermissionsLPw(contactsProviderPackage, CONTACTS_PERMISSIONS, 430 true, userId); 431 grantRuntimePermissionsLPw(contactsProviderPackage, ACCOUNTS_PERMISSIONS, userId); 432 grantRuntimePermissionsLPw(contactsProviderPackage, STORAGE_PERMISSIONS, userId); 433 } 434 435 // Device provisioning 436 Intent deviceProvisionIntent = new Intent( 437 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE); 438 PackageParser.Package deviceProvisionPackage = 439 getDefaultSystemHandlerActivityPackageLPr(deviceProvisionIntent, userId); 440 if (deviceProvisionPackage != null 441 && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) { 442 grantRuntimePermissionsLPw(contactsPackage, ACCOUNTS_PERMISSIONS, userId); 443 } 444 445 // Maps 446 Intent mapsIntent = new Intent(Intent.ACTION_MAIN); 447 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS); 448 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackageLPr( 449 mapsIntent, userId); 450 if (mapsPackage != null 451 && doesPackageSupportRuntimePermissions(mapsPackage)) { 452 grantRuntimePermissionsLPw(mapsPackage, LOCATION_PERMISSIONS, userId); 453 } 454 455 // Email 456 Intent emailIntent = new Intent(Intent.ACTION_MAIN); 457 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL); 458 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackageLPr( 459 emailIntent, userId); 460 if (emailPackage != null 461 && doesPackageSupportRuntimePermissions(emailPackage)) { 462 grantRuntimePermissionsLPw(emailPackage, CONTACTS_PERMISSIONS, userId); 463 } 464 465 // Browser 466 PackageParser.Package browserPackage = null; 467 String defaultBrowserPackage = mService.getDefaultBrowserPackageName(userId); 468 if (defaultBrowserPackage != null) { 469 browserPackage = getPackageLPr(defaultBrowserPackage); 470 } 471 if (browserPackage == null) { 472 Intent browserIntent = new Intent(Intent.ACTION_MAIN); 473 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER); 474 browserPackage = getDefaultSystemHandlerActivityPackageLPr( 475 browserIntent, userId); 476 } 477 if (browserPackage != null 478 && doesPackageSupportRuntimePermissions(browserPackage)) { 479 grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, userId); 480 } 481 482 // IME 483 if (imePackageNames != null) { 484 for (String imePackageName : imePackageNames) { 485 PackageParser.Package imePackage = getSystemPackageLPr(imePackageName); 486 if (imePackage != null 487 && doesPackageSupportRuntimePermissions(imePackage)) { 488 grantRuntimePermissionsLPw(imePackage, CONTACTS_PERMISSIONS, userId); 489 } 490 } 491 } 492 493 // Voice interaction 494 if (voiceInteractPackageNames != null) { 495 for (String voiceInteractPackageName : voiceInteractPackageNames) { 496 PackageParser.Package voiceInteractPackage = getSystemPackageLPr( 497 voiceInteractPackageName); 498 if (voiceInteractPackage != null 499 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) { 500 grantRuntimePermissionsLPw(voiceInteractPackage, 501 CONTACTS_PERMISSIONS, userId); 502 grantRuntimePermissionsLPw(voiceInteractPackage, 503 CALENDAR_PERMISSIONS, userId); 504 grantRuntimePermissionsLPw(voiceInteractPackage, 505 MICROPHONE_PERMISSIONS, userId); 506 grantRuntimePermissionsLPw(voiceInteractPackage, 507 PHONE_PERMISSIONS, userId); 508 grantRuntimePermissionsLPw(voiceInteractPackage, 509 SMS_PERMISSIONS, userId); 510 grantRuntimePermissionsLPw(voiceInteractPackage, 511 LOCATION_PERMISSIONS, userId); 512 } 513 } 514 } 515 516 // Location 517 if (locationPackageNames != null) { 518 for (String packageName : locationPackageNames) { 519 PackageParser.Package locationPackage = getSystemPackageLPr(packageName); 520 if (locationPackage != null 521 && doesPackageSupportRuntimePermissions(locationPackage)) { 522 grantRuntimePermissionsLPw(locationPackage, CONTACTS_PERMISSIONS, userId); 523 grantRuntimePermissionsLPw(locationPackage, CALENDAR_PERMISSIONS, userId); 524 grantRuntimePermissionsLPw(locationPackage, MICROPHONE_PERMISSIONS, userId); 525 grantRuntimePermissionsLPw(locationPackage, PHONE_PERMISSIONS, userId); 526 grantRuntimePermissionsLPw(locationPackage, SMS_PERMISSIONS, userId); 527 grantRuntimePermissionsLPw(locationPackage, LOCATION_PERMISSIONS, 528 true, userId); 529 grantRuntimePermissionsLPw(locationPackage, CAMERA_PERMISSIONS, userId); 530 grantRuntimePermissionsLPw(locationPackage, SENSORS_PERMISSIONS, userId); 531 grantRuntimePermissionsLPw(locationPackage, STORAGE_PERMISSIONS, userId); 532 } 533 } 534 } 535 536 // Music 537 Intent musicIntent = new Intent(Intent.ACTION_VIEW); 538 musicIntent.addCategory(Intent.CATEGORY_DEFAULT); 539 musicIntent.setDataAndType(Uri.fromFile(new File("foo.mp3")), 540 AUDIO_MIME_TYPE); 541 PackageParser.Package musicPackage = getDefaultSystemHandlerActivityPackageLPr( 542 musicIntent, userId); 543 if (musicPackage != null 544 && doesPackageSupportRuntimePermissions(musicPackage)) { 545 grantRuntimePermissionsLPw(musicPackage, STORAGE_PERMISSIONS, userId); 546 } 547 548 mService.mSettings.onDefaultRuntimePermissionsGrantedLPr(userId); 549 } 550 } 551 552 private void grantDefaultPermissionsToDefaultSystemDialerAppLPr( 553 PackageParser.Package dialerPackage, int userId) { 554 if (doesPackageSupportRuntimePermissions(dialerPackage)) { 555 grantRuntimePermissionsLPw(dialerPackage, PHONE_PERMISSIONS, userId); 556 grantRuntimePermissionsLPw(dialerPackage, CONTACTS_PERMISSIONS, userId); 557 grantRuntimePermissionsLPw(dialerPackage, SMS_PERMISSIONS, userId); 558 grantRuntimePermissionsLPw(dialerPackage, MICROPHONE_PERMISSIONS, userId); 559 } 560 } 561 562 563 private void grantDefaultPermissionsToDefaultSystemSmsAppLPr( 564 PackageParser.Package smsPackage, int userId) { 565 if (doesPackageSupportRuntimePermissions(smsPackage)) { 566 grantRuntimePermissionsLPw(smsPackage, PHONE_PERMISSIONS, userId); 567 grantRuntimePermissionsLPw(smsPackage, CONTACTS_PERMISSIONS, userId); 568 grantRuntimePermissionsLPw(smsPackage, SMS_PERMISSIONS, userId); 569 } 570 } 571 572 573 public void grantDefaultPermissionsToDefaultSmsAppLPr(String packageName, int userId) { 574 Log.i(TAG, "Granting permissions to default sms app for user:" + userId); 575 if (packageName == null) { 576 return; 577 } 578 PackageParser.Package smsPackage = getPackageLPr(packageName); 579 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) { 580 grantRuntimePermissionsLPw(smsPackage, PHONE_PERMISSIONS, userId); 581 grantRuntimePermissionsLPw(smsPackage, CONTACTS_PERMISSIONS, userId); 582 grantRuntimePermissionsLPw(smsPackage, SMS_PERMISSIONS, userId); 583 } 584 } 585 586 public void grantDefaultPermissionsToDefaultDialerAppLPr(String packageName, int userId) { 587 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId); 588 if (packageName == null) { 589 return; 590 } 591 PackageParser.Package dialerPackage = getPackageLPr(packageName); 592 if (dialerPackage != null 593 && doesPackageSupportRuntimePermissions(dialerPackage)) { 594 grantRuntimePermissionsLPw(dialerPackage, PHONE_PERMISSIONS, userId); 595 grantRuntimePermissionsLPw(dialerPackage, CONTACTS_PERMISSIONS, userId); 596 grantRuntimePermissionsLPw(dialerPackage, SMS_PERMISSIONS, userId); 597 grantRuntimePermissionsLPw(dialerPackage, MICROPHONE_PERMISSIONS, userId); 598 } 599 } 600 601 public void grantDefaultPermissionsToEnabledCarrierAppsLPr(String[] packageNames, int userId) { 602 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId); 603 if (packageNames == null) { 604 return; 605 } 606 for (String packageName : packageNames) { 607 PackageParser.Package carrierPackage = getSystemPackageLPr(packageName); 608 if (carrierPackage != null 609 && doesPackageSupportRuntimePermissions(carrierPackage)) { 610 grantRuntimePermissionsLPw(carrierPackage, PHONE_PERMISSIONS, userId); 611 grantRuntimePermissionsLPw(carrierPackage, LOCATION_PERMISSIONS, userId); 612 } 613 } 614 } 615 616 public void grantDefaultPermissionsToDefaultBrowserLPr(String packageName, int userId) { 617 Log.i(TAG, "Granting permissions to default browser for user:" + userId); 618 if (packageName == null) { 619 return; 620 } 621 PackageParser.Package browserPackage = getSystemPackageLPr(packageName); 622 if (browserPackage != null 623 && doesPackageSupportRuntimePermissions(browserPackage)) { 624 grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, userId); 625 } 626 } 627 628 private List<PackageParser.Package> getPrivilegedHandlerReceiverPackagesLPr( 629 Intent intent, int userId) { 630 List<ResolveInfo> handlers = mService.queryIntentReceivers( 631 intent, intent.resolveTypeIfNeeded(mService.mContext.getContentResolver()), 632 0, userId); 633 return getPrivilegedPackages(handlers); 634 } 635 636 private List<PackageParser.Package> getPrivilegedHandlerActivityPackagesLPr( 637 Intent intent, int userId) { 638 List<ResolveInfo> handlers = mService.queryIntentActivities( 639 intent, intent.resolveTypeIfNeeded(mService.mContext.getContentResolver()), 640 0, userId); 641 return getPrivilegedPackages(handlers); 642 } 643 644 private List<PackageParser.Package> getPrivilegedPackages(List<ResolveInfo> resolveInfos) { 645 List<PackageParser.Package> handlerPackages = new ArrayList<>(); 646 final int handlerCount = resolveInfos.size(); 647 for (int i = 0; i < handlerCount; i++) { 648 ResolveInfo handler = resolveInfos.get(i); 649 PackageParser.Package handlerPackage = getPrivilegedPackageLPr( 650 handler.activityInfo.packageName); 651 if (handlerPackage != null) { 652 handlerPackages.add(handlerPackage); 653 } 654 } 655 return handlerPackages; 656 } 657 658 private PackageParser.Package getDefaultSystemHandlerActivityPackageLPr( 659 Intent intent, int userId) { 660 List<ResolveInfo> handlers = mService.queryIntentActivities(intent, null, 0, userId); 661 final int handlerCount = handlers.size(); 662 for (int i = 0; i < handlerCount; i++) { 663 ResolveInfo handler = handlers.get(i); 664 // TODO: This is a temporary hack to figure out the setup app. 665 PackageParser.Package handlerPackage = getSystemPackageLPr( 666 handler.activityInfo.packageName); 667 if (handlerPackage != null) { 668 return handlerPackage; 669 } 670 } 671 return null; 672 } 673 674 private List<PackageParser.Package> getHeadlessSyncAdapterPackagesLPr( 675 String[] syncAdapterPackageNames, int userId) { 676 List<PackageParser.Package> syncAdapterPackages = new ArrayList<>(); 677 678 Intent homeIntent = new Intent(Intent.ACTION_MAIN); 679 homeIntent.addCategory(Intent.CATEGORY_HOME); 680 681 for (String syncAdapterPackageName : syncAdapterPackageNames) { 682 homeIntent.setPackage(syncAdapterPackageName); 683 684 List<ResolveInfo> homeActivities = mService.queryIntentActivities(homeIntent, 685 homeIntent.resolveType(mService.mContext.getContentResolver()), 0, userId); 686 if (!homeActivities.isEmpty()) { 687 continue; 688 } 689 690 PackageParser.Package syncAdapterPackage = getSystemPackageLPr(syncAdapterPackageName); 691 if (syncAdapterPackage != null) { 692 syncAdapterPackages.add(syncAdapterPackage); 693 } 694 } 695 696 return syncAdapterPackages; 697 } 698 699 private PackageParser.Package getDefaultProviderAuthorityPackageLPr( 700 String authority, int userId) { 701 ProviderInfo provider = mService.resolveContentProvider(authority, 0, userId); 702 if (provider != null) { 703 return getSystemPackageLPr(provider.packageName); 704 } 705 return null; 706 } 707 708 private PackageParser.Package getPackageLPr(String packageName) { 709 return mService.mPackages.get(packageName); 710 } 711 712 private PackageParser.Package getSystemPackageLPr(String packageName) { 713 PackageParser.Package pkg = getPackageLPr(packageName); 714 if (pkg != null && pkg.isSystemApp()) { 715 return !isSysComponentOrPersistentPrivApp(pkg) ? pkg : null; 716 } 717 return null; 718 } 719 720 private PackageParser.Package getPrivilegedPackageLPr(String packageName) { 721 PackageParser.Package pkg = mService.mPackages.get(packageName); 722 if (pkg != null && pkg.applicationInfo.isPrivilegedApp()) { 723 return !isSysComponentOrPersistentPrivApp(pkg) ? pkg : null; 724 } 725 return null; 726 } 727 728 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 729 int userId) { 730 grantRuntimePermissionsLPw(pkg, permissions, false, userId); 731 732 } 733 734 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 735 boolean systemFixed, int userId) { 736 List<String> requestedPermissions = pkg.requestedPermissions; 737 738 if (pkg.isUpdatedSystemApp()) { 739 PackageSetting sysPs = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName); 740 if (sysPs != null) { 741 requestedPermissions = sysPs.pkg.requestedPermissions; 742 } 743 } 744 745 final int permissionCount = requestedPermissions.size(); 746 for (int i = 0; i < permissionCount; i++) { 747 String permission = requestedPermissions.get(i); 748 if (permissions.contains(permission)) { 749 final int flags = mService.getPermissionFlags(permission, pkg.packageName, userId); 750 751 // If any flags are set to the permission, then it is either set in 752 // its current state by the system or device/profile owner or the user. 753 // In all these cases we do not want to clobber the current state. 754 if (flags == 0) { 755 mService.grantRuntimePermission(pkg.packageName, permission, userId); 756 if (DEBUG) { 757 Log.i(TAG, "Granted " + permission + " to default handler " 758 + pkg.packageName); 759 } 760 761 if (systemFixed) { 762 mService.updatePermissionFlags(permission, pkg.packageName, 763 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 764 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, userId); 765 } 766 } 767 } 768 } 769 } 770 771 private void grantInstallPermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 772 int userId) { 773 List<String> requestedPermissions = pkg.requestedPermissions; 774 775 if (pkg.isUpdatedSystemApp()) { 776 PackageSetting sysPs = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName); 777 if (sysPs != null) { 778 requestedPermissions = sysPs.pkg.requestedPermissions; 779 } 780 } 781 782 final int permissionCount = requestedPermissions.size(); 783 for (int i = 0; i < permissionCount; i++) { 784 String permission = requestedPermissions.get(i); 785 if (permissions.contains(permission)) { 786 final int flags = mService.getPermissionFlags(permission, pkg.packageName, userId); 787 788 // If any flags are set to the permission, then it is either set in 789 // its current state by the system or device/profile owner or the user. 790 // In all these cases we do not want to clobber the current state. 791 if (flags == 0) { 792 mService.grantInstallPermissionLPw(permission, pkg); 793 if (DEBUG) { 794 Log.i(TAG, "Granted install " + permission + " to " + pkg.packageName); 795 } 796 } 797 } 798 } 799 } 800 801 private static boolean isSysComponentOrPersistentPrivApp(PackageParser.Package pkg) { 802 return UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID 803 || ((pkg.applicationInfo.privateFlags 804 & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) != 0 805 && (pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) != 0); 806 } 807 808 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) { 809 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1; 810 } 811} 812