DefaultPermissionGrantPolicy.java revision a9b62e13305d9cb43f53831f0b92d72bd490c1ae
1/* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.pm; 18 19import android.Manifest; 20import android.app.DownloadManager; 21import android.app.admin.DevicePolicyManager; 22import android.content.Intent; 23import android.content.pm.ApplicationInfo; 24import android.content.pm.PackageManager; 25import android.content.pm.PackageManagerInternal.PackagesProvider; 26import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider; 27import android.content.pm.PackageParser; 28import android.content.pm.ProviderInfo; 29import android.content.pm.ResolveInfo; 30import android.net.Uri; 31import android.os.Build; 32import android.os.UserHandle; 33import android.provider.CalendarContract; 34import android.provider.ContactsContract; 35import android.provider.MediaStore; 36import android.provider.Telephony.Sms.Intents; 37import android.security.Credentials; 38import android.util.ArraySet; 39import android.util.Log; 40 41import java.io.File; 42import java.util.ArrayList; 43import java.util.List; 44import java.util.Set; 45 46import static android.os.Process.FIRST_APPLICATION_UID; 47 48/** 49 * This class is the policy for granting runtime permissions to 50 * platform components and default handlers in the system such 51 * that the device is usable out-of-the-box. For example, the 52 * shell UID is a part of the system and the Phone app should 53 * have phone related permission by default. 54 */ 55final class DefaultPermissionGrantPolicy { 56 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars 57 private static final boolean DEBUG = false; 58 59 private static final String AUDIO_MIME_TYPE = "audio/mpeg"; 60 61 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>(); 62 static { 63 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE); 64 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE); 65 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG); 66 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG); 67 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL); 68 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP); 69 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS); 70 } 71 72 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>(); 73 static { 74 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS); 75 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS); 76 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS); 77 } 78 79 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>(); 80 static { 81 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION); 82 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION); 83 } 84 85 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>(); 86 static { 87 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR); 88 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR); 89 } 90 91 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>(); 92 static { 93 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS); 94 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS); 95 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS); 96 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH); 97 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS); 98 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS); 99 } 100 101 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>(); 102 static { 103 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO); 104 } 105 106 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>(); 107 static { 108 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA); 109 } 110 111 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>(); 112 static { 113 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS); 114 } 115 116 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>(); 117 static { 118 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE); 119 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE); 120 } 121 122 private final PackageManagerService mService; 123 124 private PackagesProvider mImePackagesProvider; 125 private PackagesProvider mLocationPackagesProvider; 126 private PackagesProvider mVoiceInteractionPackagesProvider; 127 private PackagesProvider mSmsAppPackagesProvider; 128 private PackagesProvider mDialerAppPackagesProvider; 129 private PackagesProvider mSimCallManagerPackagesProvider; 130 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider; 131 132 public DefaultPermissionGrantPolicy(PackageManagerService service) { 133 mService = service; 134 } 135 136 public void setImePackagesProviderLPr(PackagesProvider provider) { 137 mImePackagesProvider = provider; 138 } 139 140 public void setLocationPackagesProviderLPw(PackagesProvider provider) { 141 mLocationPackagesProvider = provider; 142 } 143 144 public void setVoiceInteractionPackagesProviderLPw(PackagesProvider provider) { 145 mVoiceInteractionPackagesProvider = provider; 146 } 147 148 public void setSmsAppPackagesProviderLPw(PackagesProvider provider) { 149 mSmsAppPackagesProvider = provider; 150 } 151 152 public void setDialerAppPackagesProviderLPw(PackagesProvider provider) { 153 mDialerAppPackagesProvider = provider; 154 } 155 156 public void setSimCallManagerPackagesProviderLPw(PackagesProvider provider) { 157 mSimCallManagerPackagesProvider = provider; 158 } 159 160 public void setSyncAdapterPackagesProviderLPw(SyncAdapterPackagesProvider provider) { 161 mSyncAdapterPackagesProvider = provider; 162 } 163 164 public void grantDefaultPermissions(int userId) { 165 grantPermissionsToSysComponentsAndPrivApps(userId); 166 grantDefaultSystemHandlerPermissions(userId); 167 } 168 169 private void grantPermissionsToSysComponentsAndPrivApps(int userId) { 170 Log.i(TAG, "Granting permissions to platform components for user " + userId); 171 172 synchronized (mService.mPackages) { 173 for (PackageParser.Package pkg : mService.mPackages.values()) { 174 if (!isSysComponentOrPersistentPlatformSignedPrivAppLPr(pkg) 175 || !doesPackageSupportRuntimePermissions(pkg) 176 || pkg.requestedPermissions.isEmpty()) { 177 continue; 178 } 179 Set<String> permissions = new ArraySet<>(); 180 final int permissionCount = pkg.requestedPermissions.size(); 181 for (int i = 0; i < permissionCount; i++) { 182 String permission = pkg.requestedPermissions.get(i); 183 BasePermission bp = mService.mSettings.mPermissions.get(permission); 184 if (bp != null && bp.isRuntime()) { 185 permissions.add(permission); 186 } 187 } 188 if (!permissions.isEmpty()) { 189 grantRuntimePermissionsLPw(pkg, permissions, true, userId); 190 } 191 } 192 } 193 } 194 195 private void grantDefaultSystemHandlerPermissions(int userId) { 196 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId); 197 198 final PackagesProvider imePackagesProvider; 199 final PackagesProvider locationPackagesProvider; 200 final PackagesProvider voiceInteractionPackagesProvider; 201 final PackagesProvider smsAppPackagesProvider; 202 final PackagesProvider dialerAppPackagesProvider; 203 final PackagesProvider simCallManagerPackagesProvider; 204 final SyncAdapterPackagesProvider syncAdapterPackagesProvider; 205 206 synchronized (mService.mPackages) { 207 imePackagesProvider = mImePackagesProvider; 208 locationPackagesProvider = mLocationPackagesProvider; 209 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider; 210 smsAppPackagesProvider = mSmsAppPackagesProvider; 211 dialerAppPackagesProvider = mDialerAppPackagesProvider; 212 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider; 213 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider; 214 } 215 216 String[] imePackageNames = (imePackagesProvider != null) 217 ? imePackagesProvider.getPackages(userId) : null; 218 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null) 219 ? voiceInteractionPackagesProvider.getPackages(userId) : null; 220 String[] locationPackageNames = (locationPackagesProvider != null) 221 ? locationPackagesProvider.getPackages(userId) : null; 222 String[] smsAppPackageNames = (smsAppPackagesProvider != null) 223 ? smsAppPackagesProvider.getPackages(userId) : null; 224 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null) 225 ? dialerAppPackagesProvider.getPackages(userId) : null; 226 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null) 227 ? simCallManagerPackagesProvider.getPackages(userId) : null; 228 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 229 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null; 230 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 231 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null; 232 233 synchronized (mService.mPackages) { 234 // Installer 235 PackageParser.Package installerPackage = getSystemPackageLPr( 236 mService.mRequiredInstallerPackage); 237 if (installerPackage != null 238 && doesPackageSupportRuntimePermissions(installerPackage)) { 239 grantRuntimePermissionsLPw(installerPackage, STORAGE_PERMISSIONS, true, userId); 240 } 241 242 // Verifier 243 PackageParser.Package verifierPackage = getSystemPackageLPr( 244 mService.mRequiredVerifierPackage); 245 if (verifierPackage != null 246 && doesPackageSupportRuntimePermissions(verifierPackage)) { 247 grantRuntimePermissionsLPw(verifierPackage, STORAGE_PERMISSIONS, true, userId); 248 grantRuntimePermissionsLPw(verifierPackage, PHONE_PERMISSIONS, false, userId); 249 grantRuntimePermissionsLPw(verifierPackage, SMS_PERMISSIONS, false, userId); 250 } 251 252 // SetupWizard 253 Intent setupIntent = new Intent(Intent.ACTION_MAIN); 254 setupIntent.addCategory(Intent.CATEGORY_SETUP_WIZARD); 255 PackageParser.Package setupPackage = getDefaultSystemHandlerActivityPackageLPr( 256 setupIntent, userId); 257 if (setupPackage != null 258 && doesPackageSupportRuntimePermissions(setupPackage)) { 259 grantRuntimePermissionsLPw(setupPackage, PHONE_PERMISSIONS, userId); 260 grantRuntimePermissionsLPw(setupPackage, CONTACTS_PERMISSIONS, userId); 261 } 262 263 // Camera 264 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE); 265 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackageLPr( 266 cameraIntent, userId); 267 if (cameraPackage != null 268 && doesPackageSupportRuntimePermissions(cameraPackage)) { 269 grantRuntimePermissionsLPw(cameraPackage, CAMERA_PERMISSIONS, userId); 270 grantRuntimePermissionsLPw(cameraPackage, MICROPHONE_PERMISSIONS, userId); 271 grantRuntimePermissionsLPw(cameraPackage, STORAGE_PERMISSIONS, userId); 272 } 273 274 // Media provider 275 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackageLPr( 276 MediaStore.AUTHORITY, userId); 277 if (mediaStorePackage != null) { 278 grantRuntimePermissionsLPw(mediaStorePackage, STORAGE_PERMISSIONS, true, userId); 279 } 280 281 // Downloads provider 282 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackageLPr( 283 "downloads", userId); 284 if (downloadsPackage != null) { 285 grantRuntimePermissionsLPw(downloadsPackage, STORAGE_PERMISSIONS, true, userId); 286 } 287 288 // Downloads UI 289 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS); 290 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackageLPr( 291 downloadsUiIntent, userId); 292 if (downloadsUiPackage != null 293 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) { 294 grantRuntimePermissionsLPw(downloadsUiPackage, STORAGE_PERMISSIONS, true, userId); 295 } 296 297 // Storage provider 298 PackageParser.Package storagePackage = getDefaultProviderAuthorityPackageLPr( 299 "com.android.externalstorage.documents", userId); 300 if (storagePackage != null) { 301 grantRuntimePermissionsLPw(storagePackage, STORAGE_PERMISSIONS, true, userId); 302 } 303 304 // CertInstaller 305 Intent certInstallerIntent = new Intent(Credentials.INSTALL_ACTION); 306 PackageParser.Package certInstallerPackage = getDefaultSystemHandlerActivityPackageLPr( 307 certInstallerIntent, userId); 308 if (certInstallerPackage != null 309 && doesPackageSupportRuntimePermissions(certInstallerPackage)) { 310 grantRuntimePermissionsLPw(certInstallerPackage, STORAGE_PERMISSIONS, true, userId); 311 } 312 313 // Dialer 314 if (dialerAppPackageNames == null) { 315 Intent dialerIntent = new Intent(Intent.ACTION_DIAL); 316 PackageParser.Package dialerPackage = getDefaultSystemHandlerActivityPackageLPr( 317 dialerIntent, userId); 318 if (dialerPackage != null) { 319 grantDefaultPermissionsToDefaultSystemDialerAppLPr(dialerPackage, userId); 320 } 321 } else { 322 for (String dialerAppPackageName : dialerAppPackageNames) { 323 PackageParser.Package dialerPackage = getSystemPackageLPr(dialerAppPackageName); 324 if (dialerPackage != null) { 325 grantDefaultPermissionsToDefaultSystemDialerAppLPr(dialerPackage, userId); 326 } 327 } 328 } 329 330 // Sim call manager 331 if (simCallManagerPackageNames != null) { 332 for (String simCallManagerPackageName : simCallManagerPackageNames) { 333 PackageParser.Package simCallManagerPackage = 334 getSystemPackageLPr(simCallManagerPackageName); 335 if (simCallManagerPackage != null) { 336 grantDefaultPermissionsToDefaultSimCallManagerLPr(simCallManagerPackage, 337 userId); 338 } 339 } 340 } 341 342 // SMS 343 if (smsAppPackageNames == null) { 344 Intent smsIntent = new Intent(Intent.ACTION_MAIN); 345 smsIntent.addCategory(Intent.CATEGORY_APP_MESSAGING); 346 PackageParser.Package smsPackage = getDefaultSystemHandlerActivityPackageLPr( 347 smsIntent, userId); 348 if (smsPackage != null) { 349 grantDefaultPermissionsToDefaultSystemSmsAppLPr(smsPackage, userId); 350 } 351 } else { 352 for (String smsPackageName : smsAppPackageNames) { 353 PackageParser.Package smsPackage = getSystemPackageLPr(smsPackageName); 354 if (smsPackage != null) { 355 grantDefaultPermissionsToDefaultSystemSmsAppLPr(smsPackage, userId); 356 } 357 } 358 } 359 360 // Cell Broadcast Receiver 361 Intent cbrIntent = new Intent(Intents.SMS_CB_RECEIVED_ACTION); 362 PackageParser.Package cbrPackage = 363 getDefaultSystemHandlerActivityPackageLPr(cbrIntent, userId); 364 if (cbrPackage != null && doesPackageSupportRuntimePermissions(cbrPackage)) { 365 grantRuntimePermissionsLPw(cbrPackage, SMS_PERMISSIONS, userId); 366 } 367 368 // Carrier Provisioning Service 369 Intent carrierProvIntent = new Intent(Intents.SMS_CARRIER_PROVISION_ACTION); 370 PackageParser.Package carrierProvPackage = 371 getDefaultSystemHandlerServicePackageLPr(carrierProvIntent, userId); 372 if (carrierProvPackage != null && doesPackageSupportRuntimePermissions(carrierProvPackage)) { 373 grantRuntimePermissionsLPw(carrierProvPackage, SMS_PERMISSIONS, false, userId); 374 } 375 376 // Calendar 377 Intent calendarIntent = new Intent(Intent.ACTION_MAIN); 378 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR); 379 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackageLPr( 380 calendarIntent, userId); 381 if (calendarPackage != null 382 && doesPackageSupportRuntimePermissions(calendarPackage)) { 383 grantRuntimePermissionsLPw(calendarPackage, CALENDAR_PERMISSIONS, userId); 384 grantRuntimePermissionsLPw(calendarPackage, CONTACTS_PERMISSIONS, userId); 385 } 386 387 // Calendar provider 388 PackageParser.Package calendarProviderPackage = getDefaultProviderAuthorityPackageLPr( 389 CalendarContract.AUTHORITY, userId); 390 if (calendarProviderPackage != null) { 391 grantRuntimePermissionsLPw(calendarProviderPackage, CONTACTS_PERMISSIONS, userId); 392 grantRuntimePermissionsLPw(calendarProviderPackage, CALENDAR_PERMISSIONS, 393 true, userId); 394 grantRuntimePermissionsLPw(calendarProviderPackage, STORAGE_PERMISSIONS, userId); 395 } 396 397 // Calendar provider sync adapters 398 List<PackageParser.Package> calendarSyncAdapters = getHeadlessSyncAdapterPackagesLPr( 399 calendarSyncAdapterPackages, userId); 400 final int calendarSyncAdapterCount = calendarSyncAdapters.size(); 401 for (int i = 0; i < calendarSyncAdapterCount; i++) { 402 PackageParser.Package calendarSyncAdapter = calendarSyncAdapters.get(i); 403 if (doesPackageSupportRuntimePermissions(calendarSyncAdapter)) { 404 grantRuntimePermissionsLPw(calendarSyncAdapter, CALENDAR_PERMISSIONS, userId); 405 } 406 } 407 408 // Contacts 409 Intent contactsIntent = new Intent(Intent.ACTION_MAIN); 410 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS); 411 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackageLPr( 412 contactsIntent, userId); 413 if (contactsPackage != null 414 && doesPackageSupportRuntimePermissions(contactsPackage)) { 415 grantRuntimePermissionsLPw(contactsPackage, CONTACTS_PERMISSIONS, userId); 416 grantRuntimePermissionsLPw(contactsPackage, PHONE_PERMISSIONS, userId); 417 } 418 419 // Contacts provider sync adapters 420 List<PackageParser.Package> contactsSyncAdapters = getHeadlessSyncAdapterPackagesLPr( 421 contactsSyncAdapterPackages, userId); 422 final int contactsSyncAdapterCount = contactsSyncAdapters.size(); 423 for (int i = 0; i < contactsSyncAdapterCount; i++) { 424 PackageParser.Package contactsSyncAdapter = contactsSyncAdapters.get(i); 425 if (doesPackageSupportRuntimePermissions(contactsSyncAdapter)) { 426 grantRuntimePermissionsLPw(contactsSyncAdapter, CONTACTS_PERMISSIONS, userId); 427 } 428 } 429 430 // Contacts provider 431 PackageParser.Package contactsProviderPackage = getDefaultProviderAuthorityPackageLPr( 432 ContactsContract.AUTHORITY, userId); 433 if (contactsProviderPackage != null) { 434 grantRuntimePermissionsLPw(contactsProviderPackage, CONTACTS_PERMISSIONS, 435 true, userId); 436 grantRuntimePermissionsLPw(contactsProviderPackage, PHONE_PERMISSIONS, 437 true, userId); 438 grantRuntimePermissionsLPw(contactsProviderPackage, STORAGE_PERMISSIONS, userId); 439 } 440 441 // Device provisioning 442 Intent deviceProvisionIntent = new Intent( 443 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE); 444 PackageParser.Package deviceProvisionPackage = 445 getDefaultSystemHandlerActivityPackageLPr(deviceProvisionIntent, userId); 446 if (deviceProvisionPackage != null 447 && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) { 448 grantRuntimePermissionsLPw(deviceProvisionPackage, CONTACTS_PERMISSIONS, userId); 449 } 450 451 // Maps 452 Intent mapsIntent = new Intent(Intent.ACTION_MAIN); 453 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS); 454 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackageLPr( 455 mapsIntent, userId); 456 if (mapsPackage != null 457 && doesPackageSupportRuntimePermissions(mapsPackage)) { 458 grantRuntimePermissionsLPw(mapsPackage, LOCATION_PERMISSIONS, userId); 459 } 460 461 // Gallery 462 Intent galleryIntent = new Intent(Intent.ACTION_MAIN); 463 galleryIntent.addCategory(Intent.CATEGORY_APP_GALLERY); 464 PackageParser.Package galleryPackage = getDefaultSystemHandlerActivityPackageLPr( 465 galleryIntent, userId); 466 if (galleryPackage != null 467 && doesPackageSupportRuntimePermissions(galleryPackage)) { 468 grantRuntimePermissionsLPw(galleryPackage, STORAGE_PERMISSIONS, userId); 469 } 470 471 // Email 472 Intent emailIntent = new Intent(Intent.ACTION_MAIN); 473 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL); 474 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackageLPr( 475 emailIntent, userId); 476 if (emailPackage != null 477 && doesPackageSupportRuntimePermissions(emailPackage)) { 478 grantRuntimePermissionsLPw(emailPackage, CONTACTS_PERMISSIONS, userId); 479 } 480 481 // Browser 482 PackageParser.Package browserPackage = null; 483 String defaultBrowserPackage = mService.getDefaultBrowserPackageName(userId); 484 if (defaultBrowserPackage != null) { 485 browserPackage = getPackageLPr(defaultBrowserPackage); 486 } 487 if (browserPackage == null) { 488 Intent browserIntent = new Intent(Intent.ACTION_MAIN); 489 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER); 490 browserPackage = getDefaultSystemHandlerActivityPackageLPr( 491 browserIntent, userId); 492 } 493 if (browserPackage != null 494 && doesPackageSupportRuntimePermissions(browserPackage)) { 495 grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, userId); 496 } 497 498 // IME 499 if (imePackageNames != null) { 500 for (String imePackageName : imePackageNames) { 501 PackageParser.Package imePackage = getSystemPackageLPr(imePackageName); 502 if (imePackage != null 503 && doesPackageSupportRuntimePermissions(imePackage)) { 504 grantRuntimePermissionsLPw(imePackage, CONTACTS_PERMISSIONS, userId); 505 } 506 } 507 } 508 509 // Voice interaction 510 if (voiceInteractPackageNames != null) { 511 for (String voiceInteractPackageName : voiceInteractPackageNames) { 512 PackageParser.Package voiceInteractPackage = getSystemPackageLPr( 513 voiceInteractPackageName); 514 if (voiceInteractPackage != null 515 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) { 516 grantRuntimePermissionsLPw(voiceInteractPackage, 517 CONTACTS_PERMISSIONS, userId); 518 grantRuntimePermissionsLPw(voiceInteractPackage, 519 CALENDAR_PERMISSIONS, userId); 520 grantRuntimePermissionsLPw(voiceInteractPackage, 521 MICROPHONE_PERMISSIONS, userId); 522 grantRuntimePermissionsLPw(voiceInteractPackage, 523 PHONE_PERMISSIONS, userId); 524 grantRuntimePermissionsLPw(voiceInteractPackage, 525 SMS_PERMISSIONS, userId); 526 grantRuntimePermissionsLPw(voiceInteractPackage, 527 LOCATION_PERMISSIONS, userId); 528 } 529 } 530 } 531 532 // Voice recognition 533 Intent voiceRecoIntent = new Intent("android.speech.RecognitionService"); 534 voiceRecoIntent.addCategory(Intent.CATEGORY_DEFAULT); 535 PackageParser.Package voiceRecoPackage = getDefaultSystemHandlerServicePackageLPr( 536 voiceRecoIntent, userId); 537 if (voiceRecoPackage != null 538 && doesPackageSupportRuntimePermissions(voiceRecoPackage)) { 539 grantRuntimePermissionsLPw(voiceRecoPackage, MICROPHONE_PERMISSIONS, userId); 540 } 541 542 // Location 543 if (locationPackageNames != null) { 544 for (String packageName : locationPackageNames) { 545 PackageParser.Package locationPackage = getSystemPackageLPr(packageName); 546 if (locationPackage != null 547 && doesPackageSupportRuntimePermissions(locationPackage)) { 548 grantRuntimePermissionsLPw(locationPackage, CONTACTS_PERMISSIONS, userId); 549 grantRuntimePermissionsLPw(locationPackage, CALENDAR_PERMISSIONS, userId); 550 grantRuntimePermissionsLPw(locationPackage, MICROPHONE_PERMISSIONS, userId); 551 grantRuntimePermissionsLPw(locationPackage, PHONE_PERMISSIONS, userId); 552 grantRuntimePermissionsLPw(locationPackage, SMS_PERMISSIONS, userId); 553 grantRuntimePermissionsLPw(locationPackage, LOCATION_PERMISSIONS, 554 true, userId); 555 grantRuntimePermissionsLPw(locationPackage, CAMERA_PERMISSIONS, userId); 556 grantRuntimePermissionsLPw(locationPackage, SENSORS_PERMISSIONS, userId); 557 grantRuntimePermissionsLPw(locationPackage, STORAGE_PERMISSIONS, userId); 558 } 559 } 560 } 561 562 // Music 563 Intent musicIntent = new Intent(Intent.ACTION_VIEW); 564 musicIntent.addCategory(Intent.CATEGORY_DEFAULT); 565 musicIntent.setDataAndType(Uri.fromFile(new File("foo.mp3")), 566 AUDIO_MIME_TYPE); 567 PackageParser.Package musicPackage = getDefaultSystemHandlerActivityPackageLPr( 568 musicIntent, userId); 569 if (musicPackage != null 570 && doesPackageSupportRuntimePermissions(musicPackage)) { 571 grantRuntimePermissionsLPw(musicPackage, STORAGE_PERMISSIONS, userId); 572 } 573 574 // Android Wear Home 575 if (mService.hasSystemFeature(PackageManager.FEATURE_WATCH)) { 576 Intent homeIntent = new Intent(Intent.ACTION_MAIN); 577 homeIntent.addCategory(Intent.CATEGORY_HOME_MAIN); 578 579 PackageParser.Package wearHomePackage = getDefaultSystemHandlerActivityPackageLPr( 580 homeIntent, userId); 581 582 if (wearHomePackage != null 583 && doesPackageSupportRuntimePermissions(wearHomePackage)) { 584 grantRuntimePermissionsLPw(wearHomePackage, CONTACTS_PERMISSIONS, false, 585 userId); 586 grantRuntimePermissionsLPw(wearHomePackage, PHONE_PERMISSIONS, true, userId); 587 grantRuntimePermissionsLPw(wearHomePackage, MICROPHONE_PERMISSIONS, false, 588 userId); 589 grantRuntimePermissionsLPw(wearHomePackage, LOCATION_PERMISSIONS, false, 590 userId); 591 } 592 } 593 594 mService.mSettings.onDefaultRuntimePermissionsGrantedLPr(userId); 595 } 596 } 597 598 private void grantDefaultPermissionsToDefaultSystemDialerAppLPr( 599 PackageParser.Package dialerPackage, int userId) { 600 if (doesPackageSupportRuntimePermissions(dialerPackage)) { 601 boolean isPhonePermFixed = 602 mService.hasSystemFeature(PackageManager.FEATURE_WATCH); 603 grantRuntimePermissionsLPw( 604 dialerPackage, PHONE_PERMISSIONS, isPhonePermFixed, userId); 605 grantRuntimePermissionsLPw(dialerPackage, CONTACTS_PERMISSIONS, userId); 606 grantRuntimePermissionsLPw(dialerPackage, SMS_PERMISSIONS, userId); 607 grantRuntimePermissionsLPw(dialerPackage, MICROPHONE_PERMISSIONS, userId); 608 } 609 } 610 611 612 private void grantDefaultPermissionsToDefaultSystemSmsAppLPr( 613 PackageParser.Package smsPackage, int userId) { 614 if (doesPackageSupportRuntimePermissions(smsPackage)) { 615 grantRuntimePermissionsLPw(smsPackage, PHONE_PERMISSIONS, userId); 616 grantRuntimePermissionsLPw(smsPackage, CONTACTS_PERMISSIONS, userId); 617 grantRuntimePermissionsLPw(smsPackage, SMS_PERMISSIONS, userId); 618 } 619 } 620 621 622 public void grantDefaultPermissionsToDefaultSmsAppLPr(String packageName, int userId) { 623 Log.i(TAG, "Granting permissions to default sms app for user:" + userId); 624 if (packageName == null) { 625 return; 626 } 627 PackageParser.Package smsPackage = getPackageLPr(packageName); 628 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) { 629 grantRuntimePermissionsLPw(smsPackage, PHONE_PERMISSIONS, false, true, userId); 630 grantRuntimePermissionsLPw(smsPackage, CONTACTS_PERMISSIONS, false, true, userId); 631 grantRuntimePermissionsLPw(smsPackage, SMS_PERMISSIONS, false, true, userId); 632 } 633 } 634 635 public void grantDefaultPermissionsToDefaultDialerAppLPr(String packageName, int userId) { 636 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId); 637 if (packageName == null) { 638 return; 639 } 640 PackageParser.Package dialerPackage = getPackageLPr(packageName); 641 if (dialerPackage != null 642 && doesPackageSupportRuntimePermissions(dialerPackage)) { 643 grantRuntimePermissionsLPw(dialerPackage, PHONE_PERMISSIONS, false, true, userId); 644 grantRuntimePermissionsLPw(dialerPackage, CONTACTS_PERMISSIONS, false, true, userId); 645 grantRuntimePermissionsLPw(dialerPackage, SMS_PERMISSIONS, false, true, userId); 646 grantRuntimePermissionsLPw(dialerPackage, MICROPHONE_PERMISSIONS, false, true, userId); 647 } 648 } 649 650 private void grantDefaultPermissionsToDefaultSimCallManagerLPr( 651 PackageParser.Package simCallManagerPackage, int userId) { 652 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId); 653 if (doesPackageSupportRuntimePermissions(simCallManagerPackage)) { 654 grantRuntimePermissionsLPw(simCallManagerPackage, PHONE_PERMISSIONS, userId); 655 grantRuntimePermissionsLPw(simCallManagerPackage, MICROPHONE_PERMISSIONS, userId); 656 } 657 } 658 659 public void grantDefaultPermissionsToDefaultSimCallManagerLPr(String packageName, int userId) { 660 if (packageName == null) { 661 return; 662 } 663 PackageParser.Package simCallManagerPackage = getPackageLPr(packageName); 664 if (simCallManagerPackage != null) { 665 grantDefaultPermissionsToDefaultSimCallManagerLPr(simCallManagerPackage, userId); 666 } 667 } 668 669 public void grantDefaultPermissionsToEnabledCarrierAppsLPr(String[] packageNames, int userId) { 670 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId); 671 if (packageNames == null) { 672 return; 673 } 674 for (String packageName : packageNames) { 675 PackageParser.Package carrierPackage = getSystemPackageLPr(packageName); 676 if (carrierPackage != null 677 && doesPackageSupportRuntimePermissions(carrierPackage)) { 678 grantRuntimePermissionsLPw(carrierPackage, PHONE_PERMISSIONS, userId); 679 grantRuntimePermissionsLPw(carrierPackage, LOCATION_PERMISSIONS, userId); 680 grantRuntimePermissionsLPw(carrierPackage, SMS_PERMISSIONS, userId); 681 } 682 } 683 } 684 685 public void grantDefaultPermissionsToDefaultBrowserLPr(String packageName, int userId) { 686 Log.i(TAG, "Granting permissions to default browser for user:" + userId); 687 if (packageName == null) { 688 return; 689 } 690 PackageParser.Package browserPackage = getSystemPackageLPr(packageName); 691 if (browserPackage != null 692 && doesPackageSupportRuntimePermissions(browserPackage)) { 693 grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, false, false, userId); 694 } 695 } 696 697 private PackageParser.Package getDefaultSystemHandlerActivityPackageLPr( 698 Intent intent, int userId) { 699 List<ResolveInfo> handlers = mService.mActivities.queryIntent(intent, 700 intent.resolveType(mService.mContext.getContentResolver()), 701 PackageManager.GET_DISABLED_COMPONENTS, userId); 702 if (handlers == null) { 703 return null; 704 } 705 final int handlerCount = handlers.size(); 706 for (int i = 0; i < handlerCount; i++) { 707 ResolveInfo handler = handlers.get(i); 708 PackageParser.Package handlerPackage = getSystemPackageLPr( 709 handler.activityInfo.packageName); 710 if (handlerPackage != null) { 711 return handlerPackage; 712 } 713 } 714 return null; 715 } 716 717 private PackageParser.Package getDefaultSystemHandlerServicePackageLPr( 718 Intent intent, int userId) { 719 List<ResolveInfo> handlers = mService.queryIntentServices(intent, 720 intent.resolveType(mService.mContext.getContentResolver()), 721 PackageManager.GET_DISABLED_COMPONENTS, userId); 722 if (handlers == null) { 723 return null; 724 } 725 final int handlerCount = handlers.size(); 726 for (int i = 0; i < handlerCount; i++) { 727 ResolveInfo handler = handlers.get(i); 728 PackageParser.Package handlerPackage = getSystemPackageLPr( 729 handler.serviceInfo.packageName); 730 if (handlerPackage != null) { 731 return handlerPackage; 732 } 733 } 734 return null; 735 } 736 737 private List<PackageParser.Package> getHeadlessSyncAdapterPackagesLPr( 738 String[] syncAdapterPackageNames, int userId) { 739 List<PackageParser.Package> syncAdapterPackages = new ArrayList<>(); 740 741 Intent homeIntent = new Intent(Intent.ACTION_MAIN); 742 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER); 743 744 for (String syncAdapterPackageName : syncAdapterPackageNames) { 745 homeIntent.setPackage(syncAdapterPackageName); 746 747 List<ResolveInfo> homeActivities = mService.mActivities.queryIntent(homeIntent, 748 homeIntent.resolveType(mService.mContext.getContentResolver()), 749 PackageManager.GET_DISABLED_COMPONENTS, userId); 750 if (!homeActivities.isEmpty()) { 751 continue; 752 } 753 754 PackageParser.Package syncAdapterPackage = getSystemPackageLPr(syncAdapterPackageName); 755 if (syncAdapterPackage != null) { 756 syncAdapterPackages.add(syncAdapterPackage); 757 } 758 } 759 760 return syncAdapterPackages; 761 } 762 763 private PackageParser.Package getDefaultProviderAuthorityPackageLPr( 764 String authority, int userId) { 765 ProviderInfo provider = mService.resolveContentProvider(authority, 0, userId); 766 if (provider != null) { 767 return getSystemPackageLPr(provider.packageName); 768 } 769 return null; 770 } 771 772 private PackageParser.Package getPackageLPr(String packageName) { 773 return mService.mPackages.get(packageName); 774 } 775 776 private PackageParser.Package getSystemPackageLPr(String packageName) { 777 PackageParser.Package pkg = getPackageLPr(packageName); 778 if (pkg != null && pkg.isSystemApp()) { 779 return !isSysComponentOrPersistentPlatformSignedPrivAppLPr(pkg) ? pkg : null; 780 } 781 return null; 782 } 783 784 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 785 int userId) { 786 grantRuntimePermissionsLPw(pkg, permissions, false, false, userId); 787 } 788 789 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 790 boolean systemFixed, int userId) { 791 grantRuntimePermissionsLPw(pkg, permissions, systemFixed, false, userId); 792 } 793 794 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 795 boolean systemFixed, boolean overrideUserChoice, int userId) { 796 if (pkg.requestedPermissions.isEmpty()) { 797 return; 798 } 799 800 List<String> requestedPermissions = pkg.requestedPermissions; 801 Set<String> grantablePermissions = null; 802 803 if (pkg.isUpdatedSystemApp()) { 804 PackageSetting sysPs = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName); 805 if (sysPs != null) { 806 if (sysPs.pkg.requestedPermissions.isEmpty()) { 807 return; 808 } 809 if (!requestedPermissions.equals(sysPs.pkg.requestedPermissions)) { 810 grantablePermissions = new ArraySet<>(requestedPermissions); 811 requestedPermissions = sysPs.pkg.requestedPermissions; 812 } 813 } 814 } 815 816 final int grantablePermissionCount = requestedPermissions.size(); 817 for (int i = 0; i < grantablePermissionCount; i++) { 818 String permission = requestedPermissions.get(i); 819 820 // If there is a disabled system app it may request a permission the updated 821 // version ot the data partition doesn't, In this case skip the permission. 822 if (grantablePermissions != null && !grantablePermissions.contains(permission)) { 823 continue; 824 } 825 826 if (permissions.contains(permission)) { 827 final int flags = mService.getPermissionFlags(permission, pkg.packageName, userId); 828 829 // If any flags are set to the permission, then it is either set in 830 // its current state by the system or device/profile owner or the user. 831 // In all these cases we do not want to clobber the current state. 832 // Unless the caller wants to override user choices. The override is 833 // to make sure we can grant the needed permission to the default 834 // sms and phone apps after the user chooses this in the UI. 835 if (flags == 0 || overrideUserChoice) { 836 // Never clobber policy or system. 837 final int fixedFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED 838 | PackageManager.FLAG_PERMISSION_POLICY_FIXED; 839 if ((flags & fixedFlags) != 0) { 840 continue; 841 } 842 843 mService.grantRuntimePermission(pkg.packageName, permission, userId); 844 if (DEBUG) { 845 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ") 846 + permission + " to default handler " + pkg.packageName); 847 } 848 849 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT; 850 if (systemFixed) { 851 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; 852 } 853 854 mService.updatePermissionFlags(permission, pkg.packageName, 855 newFlags, newFlags, userId); 856 } 857 858 // If a component gets a permission for being the default handler A 859 // and also default handler B, we grant the weaker grant form. 860 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0 861 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 862 && !systemFixed) { 863 if (DEBUG) { 864 Log.i(TAG, "Granted not fixed " + permission + " to default handler " 865 + pkg.packageName); 866 } 867 mService.updatePermissionFlags(permission, pkg.packageName, 868 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, userId); 869 } 870 } 871 } 872 } 873 874 private boolean isSysComponentOrPersistentPlatformSignedPrivAppLPr(PackageParser.Package pkg) { 875 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) { 876 return true; 877 } 878 if (!pkg.isPrivilegedApp()) { 879 return false; 880 } 881 PackageSetting sysPkg = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName); 882 if (sysPkg != null) { 883 if ((sysPkg.pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 884 return false; 885 } 886 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 887 return false; 888 } 889 return PackageManagerService.compareSignatures(mService.mPlatformPackage.mSignatures, 890 pkg.mSignatures) == PackageManager.SIGNATURE_MATCH; 891 } 892 893 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) { 894 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1; 895 } 896} 897