DefaultPermissionGrantPolicy.java revision b23346639b66783c1662fd8ffa5345ef5cef336c
1/* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.pm; 18 19import android.Manifest; 20import android.app.DownloadManager; 21import android.app.admin.DevicePolicyManager; 22import android.content.Intent; 23import android.content.pm.ActivityInfo; 24import android.content.pm.ApplicationInfo; 25import android.content.pm.PackageManager; 26import android.content.pm.PackageManagerInternal.PackagesProvider; 27import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider; 28import android.content.pm.PackageParser; 29import android.content.pm.ProviderInfo; 30import android.content.pm.ResolveInfo; 31import android.net.Uri; 32import android.os.Build; 33import android.os.UserHandle; 34import android.print.PrintManager; 35import android.provider.CalendarContract; 36import android.provider.ContactsContract; 37import android.provider.MediaStore; 38import android.provider.Telephony.Sms.Intents; 39import android.telephony.TelephonyManager; 40import android.security.Credentials; 41import android.util.ArraySet; 42import android.util.Log; 43 44import java.io.File; 45import java.util.ArrayList; 46import java.util.List; 47import java.util.Set; 48 49import static android.os.Process.FIRST_APPLICATION_UID; 50 51/** 52 * This class is the policy for granting runtime permissions to 53 * platform components and default handlers in the system such 54 * that the device is usable out-of-the-box. For example, the 55 * shell UID is a part of the system and the Phone app should 56 * have phone related permission by default. 57 */ 58final class DefaultPermissionGrantPolicy { 59 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars 60 private static final boolean DEBUG = false; 61 62 private static final int DEFAULT_FLAGS = PackageManager.MATCH_DIRECT_BOOT_AWARE 63 | PackageManager.MATCH_DIRECT_BOOT_UNAWARE; 64 65 private static final String AUDIO_MIME_TYPE = "audio/mpeg"; 66 67 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>(); 68 static { 69 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE); 70 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE); 71 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG); 72 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG); 73 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL); 74 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP); 75 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS); 76 } 77 78 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>(); 79 static { 80 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS); 81 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS); 82 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS); 83 } 84 85 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>(); 86 static { 87 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION); 88 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION); 89 } 90 91 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>(); 92 static { 93 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR); 94 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR); 95 } 96 97 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>(); 98 static { 99 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS); 100 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS); 101 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS); 102 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH); 103 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS); 104 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS); 105 } 106 107 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>(); 108 static { 109 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO); 110 } 111 112 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>(); 113 static { 114 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA); 115 } 116 117 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>(); 118 static { 119 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS); 120 } 121 122 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>(); 123 static { 124 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE); 125 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE); 126 } 127 128 private final PackageManagerService mService; 129 130 private PackagesProvider mLocationPackagesProvider; 131 private PackagesProvider mVoiceInteractionPackagesProvider; 132 private PackagesProvider mSmsAppPackagesProvider; 133 private PackagesProvider mDialerAppPackagesProvider; 134 private PackagesProvider mSimCallManagerPackagesProvider; 135 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider; 136 137 public DefaultPermissionGrantPolicy(PackageManagerService service) { 138 mService = service; 139 } 140 141 public void setLocationPackagesProviderLPw(PackagesProvider provider) { 142 mLocationPackagesProvider = provider; 143 } 144 145 public void setVoiceInteractionPackagesProviderLPw(PackagesProvider provider) { 146 mVoiceInteractionPackagesProvider = provider; 147 } 148 149 public void setSmsAppPackagesProviderLPw(PackagesProvider provider) { 150 mSmsAppPackagesProvider = provider; 151 } 152 153 public void setDialerAppPackagesProviderLPw(PackagesProvider provider) { 154 mDialerAppPackagesProvider = provider; 155 } 156 157 public void setSimCallManagerPackagesProviderLPw(PackagesProvider provider) { 158 mSimCallManagerPackagesProvider = provider; 159 } 160 161 public void setSyncAdapterPackagesProviderLPw(SyncAdapterPackagesProvider provider) { 162 mSyncAdapterPackagesProvider = provider; 163 } 164 165 public void grantDefaultPermissions(int userId) { 166 grantPermissionsToSysComponentsAndPrivApps(userId); 167 grantDefaultSystemHandlerPermissions(userId); 168 } 169 170 private void grantPermissionsToSysComponentsAndPrivApps(int userId) { 171 Log.i(TAG, "Granting permissions to platform components for user " + userId); 172 173 synchronized (mService.mPackages) { 174 for (PackageParser.Package pkg : mService.mPackages.values()) { 175 if (!isSysComponentOrPersistentPlatformSignedPrivAppLPr(pkg) 176 || !doesPackageSupportRuntimePermissions(pkg) 177 || pkg.requestedPermissions.isEmpty()) { 178 continue; 179 } 180 Set<String> permissions = new ArraySet<>(); 181 final int permissionCount = pkg.requestedPermissions.size(); 182 for (int i = 0; i < permissionCount; i++) { 183 String permission = pkg.requestedPermissions.get(i); 184 BasePermission bp = mService.mSettings.mPermissions.get(permission); 185 if (bp != null && bp.isRuntime()) { 186 permissions.add(permission); 187 } 188 } 189 if (!permissions.isEmpty()) { 190 grantRuntimePermissionsLPw(pkg, permissions, true, userId); 191 } 192 } 193 } 194 } 195 196 private void grantDefaultSystemHandlerPermissions(int userId) { 197 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId); 198 199 final PackagesProvider locationPackagesProvider; 200 final PackagesProvider voiceInteractionPackagesProvider; 201 final PackagesProvider smsAppPackagesProvider; 202 final PackagesProvider dialerAppPackagesProvider; 203 final PackagesProvider simCallManagerPackagesProvider; 204 final SyncAdapterPackagesProvider syncAdapterPackagesProvider; 205 206 synchronized (mService.mPackages) { 207 locationPackagesProvider = mLocationPackagesProvider; 208 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider; 209 smsAppPackagesProvider = mSmsAppPackagesProvider; 210 dialerAppPackagesProvider = mDialerAppPackagesProvider; 211 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider; 212 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider; 213 } 214 215 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null) 216 ? voiceInteractionPackagesProvider.getPackages(userId) : null; 217 String[] locationPackageNames = (locationPackagesProvider != null) 218 ? locationPackagesProvider.getPackages(userId) : null; 219 String[] smsAppPackageNames = (smsAppPackagesProvider != null) 220 ? smsAppPackagesProvider.getPackages(userId) : null; 221 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null) 222 ? dialerAppPackagesProvider.getPackages(userId) : null; 223 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null) 224 ? simCallManagerPackagesProvider.getPackages(userId) : null; 225 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 226 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null; 227 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 228 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null; 229 230 synchronized (mService.mPackages) { 231 // Installer 232 PackageParser.Package installerPackage = getSystemPackageLPr( 233 mService.mRequiredInstallerPackage); 234 if (installerPackage != null 235 && doesPackageSupportRuntimePermissions(installerPackage)) { 236 grantRuntimePermissionsLPw(installerPackage, STORAGE_PERMISSIONS, true, userId); 237 } 238 239 // Verifier 240 PackageParser.Package verifierPackage = getSystemPackageLPr( 241 mService.mRequiredVerifierPackage); 242 if (verifierPackage != null 243 && doesPackageSupportRuntimePermissions(verifierPackage)) { 244 grantRuntimePermissionsLPw(verifierPackage, STORAGE_PERMISSIONS, true, userId); 245 grantRuntimePermissionsLPw(verifierPackage, PHONE_PERMISSIONS, false, userId); 246 grantRuntimePermissionsLPw(verifierPackage, SMS_PERMISSIONS, false, userId); 247 } 248 249 // SetupWizard 250 PackageParser.Package setupPackage = getSystemPackageLPr( 251 mService.mSetupWizardPackage); 252 if (setupPackage != null 253 && doesPackageSupportRuntimePermissions(setupPackage)) { 254 grantRuntimePermissionsLPw(setupPackage, PHONE_PERMISSIONS, userId); 255 grantRuntimePermissionsLPw(setupPackage, CONTACTS_PERMISSIONS, userId); 256 grantRuntimePermissionsLPw(setupPackage, LOCATION_PERMISSIONS, userId); 257 grantRuntimePermissionsLPw(setupPackage, CAMERA_PERMISSIONS, userId); 258 } 259 260 // Camera 261 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE); 262 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackageLPr( 263 cameraIntent, userId); 264 if (cameraPackage != null 265 && doesPackageSupportRuntimePermissions(cameraPackage)) { 266 grantRuntimePermissionsLPw(cameraPackage, CAMERA_PERMISSIONS, userId); 267 grantRuntimePermissionsLPw(cameraPackage, MICROPHONE_PERMISSIONS, userId); 268 grantRuntimePermissionsLPw(cameraPackage, STORAGE_PERMISSIONS, userId); 269 } 270 271 // Media provider 272 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackageLPr( 273 MediaStore.AUTHORITY, userId); 274 if (mediaStorePackage != null) { 275 grantRuntimePermissionsLPw(mediaStorePackage, STORAGE_PERMISSIONS, true, userId); 276 } 277 278 // Downloads provider 279 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackageLPr( 280 "downloads", userId); 281 if (downloadsPackage != null) { 282 grantRuntimePermissionsLPw(downloadsPackage, STORAGE_PERMISSIONS, true, userId); 283 } 284 285 // Downloads UI 286 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS); 287 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackageLPr( 288 downloadsUiIntent, userId); 289 if (downloadsUiPackage != null 290 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) { 291 grantRuntimePermissionsLPw(downloadsUiPackage, STORAGE_PERMISSIONS, true, userId); 292 } 293 294 // Storage provider 295 PackageParser.Package storagePackage = getDefaultProviderAuthorityPackageLPr( 296 "com.android.externalstorage.documents", userId); 297 if (storagePackage != null) { 298 grantRuntimePermissionsLPw(storagePackage, STORAGE_PERMISSIONS, true, userId); 299 } 300 301 // CertInstaller 302 Intent certInstallerIntent = new Intent(Credentials.INSTALL_ACTION); 303 PackageParser.Package certInstallerPackage = getDefaultSystemHandlerActivityPackageLPr( 304 certInstallerIntent, userId); 305 if (certInstallerPackage != null 306 && doesPackageSupportRuntimePermissions(certInstallerPackage)) { 307 grantRuntimePermissionsLPw(certInstallerPackage, STORAGE_PERMISSIONS, true, userId); 308 } 309 310 // Dialer 311 if (dialerAppPackageNames == null) { 312 Intent dialerIntent = new Intent(Intent.ACTION_DIAL); 313 PackageParser.Package dialerPackage = getDefaultSystemHandlerActivityPackageLPr( 314 dialerIntent, userId); 315 if (dialerPackage != null) { 316 grantDefaultPermissionsToDefaultSystemDialerAppLPr(dialerPackage, userId); 317 } 318 } else { 319 for (String dialerAppPackageName : dialerAppPackageNames) { 320 PackageParser.Package dialerPackage = getSystemPackageLPr(dialerAppPackageName); 321 if (dialerPackage != null) { 322 grantDefaultPermissionsToDefaultSystemDialerAppLPr(dialerPackage, userId); 323 } 324 } 325 } 326 327 // Sim call manager 328 if (simCallManagerPackageNames != null) { 329 for (String simCallManagerPackageName : simCallManagerPackageNames) { 330 PackageParser.Package simCallManagerPackage = 331 getSystemPackageLPr(simCallManagerPackageName); 332 if (simCallManagerPackage != null) { 333 grantDefaultPermissionsToDefaultSimCallManagerLPr(simCallManagerPackage, 334 userId); 335 } 336 } 337 } 338 339 // SMS 340 if (smsAppPackageNames == null) { 341 Intent smsIntent = new Intent(Intent.ACTION_MAIN); 342 smsIntent.addCategory(Intent.CATEGORY_APP_MESSAGING); 343 PackageParser.Package smsPackage = getDefaultSystemHandlerActivityPackageLPr( 344 smsIntent, userId); 345 if (smsPackage != null) { 346 grantDefaultPermissionsToDefaultSystemSmsAppLPr(smsPackage, userId); 347 } 348 } else { 349 for (String smsPackageName : smsAppPackageNames) { 350 PackageParser.Package smsPackage = getSystemPackageLPr(smsPackageName); 351 if (smsPackage != null) { 352 grantDefaultPermissionsToDefaultSystemSmsAppLPr(smsPackage, userId); 353 } 354 } 355 } 356 357 // Cell Broadcast Receiver 358 Intent cbrIntent = new Intent(Intents.SMS_CB_RECEIVED_ACTION); 359 PackageParser.Package cbrPackage = 360 getDefaultSystemHandlerActivityPackageLPr(cbrIntent, userId); 361 if (cbrPackage != null && doesPackageSupportRuntimePermissions(cbrPackage)) { 362 grantRuntimePermissionsLPw(cbrPackage, SMS_PERMISSIONS, userId); 363 } 364 365 // Carrier Provisioning Service 366 Intent carrierProvIntent = new Intent(Intents.SMS_CARRIER_PROVISION_ACTION); 367 PackageParser.Package carrierProvPackage = 368 getDefaultSystemHandlerServicePackageLPr(carrierProvIntent, userId); 369 if (carrierProvPackage != null && doesPackageSupportRuntimePermissions(carrierProvPackage)) { 370 grantRuntimePermissionsLPw(carrierProvPackage, SMS_PERMISSIONS, false, userId); 371 } 372 373 // Calendar 374 Intent calendarIntent = new Intent(Intent.ACTION_MAIN); 375 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR); 376 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackageLPr( 377 calendarIntent, userId); 378 if (calendarPackage != null 379 && doesPackageSupportRuntimePermissions(calendarPackage)) { 380 grantRuntimePermissionsLPw(calendarPackage, CALENDAR_PERMISSIONS, userId); 381 grantRuntimePermissionsLPw(calendarPackage, CONTACTS_PERMISSIONS, userId); 382 } 383 384 // Calendar provider 385 PackageParser.Package calendarProviderPackage = getDefaultProviderAuthorityPackageLPr( 386 CalendarContract.AUTHORITY, userId); 387 if (calendarProviderPackage != null) { 388 grantRuntimePermissionsLPw(calendarProviderPackage, CONTACTS_PERMISSIONS, userId); 389 grantRuntimePermissionsLPw(calendarProviderPackage, CALENDAR_PERMISSIONS, 390 true, userId); 391 grantRuntimePermissionsLPw(calendarProviderPackage, STORAGE_PERMISSIONS, userId); 392 } 393 394 // Calendar provider sync adapters 395 List<PackageParser.Package> calendarSyncAdapters = getHeadlessSyncAdapterPackagesLPr( 396 calendarSyncAdapterPackages, userId); 397 final int calendarSyncAdapterCount = calendarSyncAdapters.size(); 398 for (int i = 0; i < calendarSyncAdapterCount; i++) { 399 PackageParser.Package calendarSyncAdapter = calendarSyncAdapters.get(i); 400 if (doesPackageSupportRuntimePermissions(calendarSyncAdapter)) { 401 grantRuntimePermissionsLPw(calendarSyncAdapter, CALENDAR_PERMISSIONS, userId); 402 } 403 } 404 405 // Contacts 406 Intent contactsIntent = new Intent(Intent.ACTION_MAIN); 407 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS); 408 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackageLPr( 409 contactsIntent, userId); 410 if (contactsPackage != null 411 && doesPackageSupportRuntimePermissions(contactsPackage)) { 412 grantRuntimePermissionsLPw(contactsPackage, CONTACTS_PERMISSIONS, userId); 413 grantRuntimePermissionsLPw(contactsPackage, PHONE_PERMISSIONS, userId); 414 } 415 416 // Contacts provider sync adapters 417 List<PackageParser.Package> contactsSyncAdapters = getHeadlessSyncAdapterPackagesLPr( 418 contactsSyncAdapterPackages, userId); 419 final int contactsSyncAdapterCount = contactsSyncAdapters.size(); 420 for (int i = 0; i < contactsSyncAdapterCount; i++) { 421 PackageParser.Package contactsSyncAdapter = contactsSyncAdapters.get(i); 422 if (doesPackageSupportRuntimePermissions(contactsSyncAdapter)) { 423 grantRuntimePermissionsLPw(contactsSyncAdapter, CONTACTS_PERMISSIONS, userId); 424 } 425 } 426 427 // Contacts provider 428 PackageParser.Package contactsProviderPackage = getDefaultProviderAuthorityPackageLPr( 429 ContactsContract.AUTHORITY, userId); 430 if (contactsProviderPackage != null) { 431 grantRuntimePermissionsLPw(contactsProviderPackage, CONTACTS_PERMISSIONS, 432 true, userId); 433 grantRuntimePermissionsLPw(contactsProviderPackage, PHONE_PERMISSIONS, 434 true, userId); 435 grantRuntimePermissionsLPw(contactsProviderPackage, STORAGE_PERMISSIONS, userId); 436 } 437 438 // Device provisioning 439 Intent deviceProvisionIntent = new Intent( 440 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE); 441 PackageParser.Package deviceProvisionPackage = 442 getDefaultSystemHandlerActivityPackageLPr(deviceProvisionIntent, userId); 443 if (deviceProvisionPackage != null 444 && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) { 445 grantRuntimePermissionsLPw(deviceProvisionPackage, CONTACTS_PERMISSIONS, userId); 446 } 447 448 // Maps 449 Intent mapsIntent = new Intent(Intent.ACTION_MAIN); 450 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS); 451 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackageLPr( 452 mapsIntent, userId); 453 if (mapsPackage != null 454 && doesPackageSupportRuntimePermissions(mapsPackage)) { 455 grantRuntimePermissionsLPw(mapsPackage, LOCATION_PERMISSIONS, userId); 456 } 457 458 // Gallery 459 Intent galleryIntent = new Intent(Intent.ACTION_MAIN); 460 galleryIntent.addCategory(Intent.CATEGORY_APP_GALLERY); 461 PackageParser.Package galleryPackage = getDefaultSystemHandlerActivityPackageLPr( 462 galleryIntent, userId); 463 if (galleryPackage != null 464 && doesPackageSupportRuntimePermissions(galleryPackage)) { 465 grantRuntimePermissionsLPw(galleryPackage, STORAGE_PERMISSIONS, userId); 466 } 467 468 // Email 469 Intent emailIntent = new Intent(Intent.ACTION_MAIN); 470 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL); 471 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackageLPr( 472 emailIntent, userId); 473 if (emailPackage != null 474 && doesPackageSupportRuntimePermissions(emailPackage)) { 475 grantRuntimePermissionsLPw(emailPackage, CONTACTS_PERMISSIONS, userId); 476 } 477 478 // Browser 479 PackageParser.Package browserPackage = null; 480 String defaultBrowserPackage = mService.getDefaultBrowserPackageName(userId); 481 if (defaultBrowserPackage != null) { 482 browserPackage = getPackageLPr(defaultBrowserPackage); 483 } 484 if (browserPackage == null) { 485 Intent browserIntent = new Intent(Intent.ACTION_MAIN); 486 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER); 487 browserPackage = getDefaultSystemHandlerActivityPackageLPr( 488 browserIntent, userId); 489 } 490 if (browserPackage != null 491 && doesPackageSupportRuntimePermissions(browserPackage)) { 492 grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, userId); 493 } 494 495 // Voice interaction 496 if (voiceInteractPackageNames != null) { 497 for (String voiceInteractPackageName : voiceInteractPackageNames) { 498 PackageParser.Package voiceInteractPackage = getSystemPackageLPr( 499 voiceInteractPackageName); 500 if (voiceInteractPackage != null 501 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) { 502 grantRuntimePermissionsLPw(voiceInteractPackage, 503 CONTACTS_PERMISSIONS, userId); 504 grantRuntimePermissionsLPw(voiceInteractPackage, 505 CALENDAR_PERMISSIONS, userId); 506 grantRuntimePermissionsLPw(voiceInteractPackage, 507 MICROPHONE_PERMISSIONS, userId); 508 grantRuntimePermissionsLPw(voiceInteractPackage, 509 PHONE_PERMISSIONS, userId); 510 grantRuntimePermissionsLPw(voiceInteractPackage, 511 SMS_PERMISSIONS, userId); 512 grantRuntimePermissionsLPw(voiceInteractPackage, 513 LOCATION_PERMISSIONS, userId); 514 } 515 } 516 } 517 518 // Voice recognition 519 Intent voiceRecoIntent = new Intent("android.speech.RecognitionService"); 520 voiceRecoIntent.addCategory(Intent.CATEGORY_DEFAULT); 521 PackageParser.Package voiceRecoPackage = getDefaultSystemHandlerServicePackageLPr( 522 voiceRecoIntent, userId); 523 if (voiceRecoPackage != null 524 && doesPackageSupportRuntimePermissions(voiceRecoPackage)) { 525 grantRuntimePermissionsLPw(voiceRecoPackage, MICROPHONE_PERMISSIONS, userId); 526 } 527 528 // Location 529 if (locationPackageNames != null) { 530 for (String packageName : locationPackageNames) { 531 PackageParser.Package locationPackage = getSystemPackageLPr(packageName); 532 if (locationPackage != null 533 && doesPackageSupportRuntimePermissions(locationPackage)) { 534 grantRuntimePermissionsLPw(locationPackage, CONTACTS_PERMISSIONS, userId); 535 grantRuntimePermissionsLPw(locationPackage, CALENDAR_PERMISSIONS, userId); 536 grantRuntimePermissionsLPw(locationPackage, MICROPHONE_PERMISSIONS, userId); 537 grantRuntimePermissionsLPw(locationPackage, PHONE_PERMISSIONS, userId); 538 grantRuntimePermissionsLPw(locationPackage, SMS_PERMISSIONS, userId); 539 grantRuntimePermissionsLPw(locationPackage, LOCATION_PERMISSIONS, 540 true, userId); 541 grantRuntimePermissionsLPw(locationPackage, CAMERA_PERMISSIONS, userId); 542 grantRuntimePermissionsLPw(locationPackage, SENSORS_PERMISSIONS, userId); 543 grantRuntimePermissionsLPw(locationPackage, STORAGE_PERMISSIONS, userId); 544 } 545 } 546 } 547 548 // Music 549 Intent musicIntent = new Intent(Intent.ACTION_VIEW); 550 musicIntent.addCategory(Intent.CATEGORY_DEFAULT); 551 musicIntent.setDataAndType(Uri.fromFile(new File("foo.mp3")), 552 AUDIO_MIME_TYPE); 553 PackageParser.Package musicPackage = getDefaultSystemHandlerActivityPackageLPr( 554 musicIntent, userId); 555 if (musicPackage != null 556 && doesPackageSupportRuntimePermissions(musicPackage)) { 557 grantRuntimePermissionsLPw(musicPackage, STORAGE_PERMISSIONS, userId); 558 } 559 560 // Android Wear Home 561 if (mService.hasSystemFeature(PackageManager.FEATURE_WATCH, 0)) { 562 Intent homeIntent = new Intent(Intent.ACTION_MAIN); 563 homeIntent.addCategory(Intent.CATEGORY_HOME_MAIN); 564 565 PackageParser.Package wearHomePackage = getDefaultSystemHandlerActivityPackageLPr( 566 homeIntent, userId); 567 568 if (wearHomePackage != null 569 && doesPackageSupportRuntimePermissions(wearHomePackage)) { 570 grantRuntimePermissionsLPw(wearHomePackage, CONTACTS_PERMISSIONS, false, 571 userId); 572 grantRuntimePermissionsLPw(wearHomePackage, PHONE_PERMISSIONS, true, userId); 573 grantRuntimePermissionsLPw(wearHomePackage, MICROPHONE_PERMISSIONS, false, 574 userId); 575 grantRuntimePermissionsLPw(wearHomePackage, LOCATION_PERMISSIONS, false, 576 userId); 577 } 578 } 579 580 // Print Spooler 581 PackageParser.Package printSpoolerPackage = getSystemPackageLPr( 582 PrintManager.PRINT_SPOOLER_PACKAGE_NAME); 583 if (printSpoolerPackage != null 584 && doesPackageSupportRuntimePermissions(printSpoolerPackage)) { 585 grantRuntimePermissionsLPw(printSpoolerPackage, LOCATION_PERMISSIONS, true, userId); 586 } 587 588 // EmergencyInfo 589 Intent emergencyInfoIntent = new Intent(TelephonyManager.ACTION_EMERGENCY_ASSISTANCE); 590 PackageParser.Package emergencyInfoPckg = getDefaultSystemHandlerActivityPackageLPr( 591 emergencyInfoIntent, userId); 592 if (emergencyInfoPckg != null 593 && doesPackageSupportRuntimePermissions(emergencyInfoPckg)) { 594 grantRuntimePermissionsLPw(emergencyInfoPckg, CONTACTS_PERMISSIONS, true, userId); 595 grantRuntimePermissionsLPw(emergencyInfoPckg, PHONE_PERMISSIONS, true, userId); 596 } 597 598 mService.mSettings.onDefaultRuntimePermissionsGrantedLPr(userId); 599 } 600 } 601 602 private void grantDefaultPermissionsToDefaultSystemDialerAppLPr( 603 PackageParser.Package dialerPackage, int userId) { 604 if (doesPackageSupportRuntimePermissions(dialerPackage)) { 605 boolean isPhonePermFixed = 606 mService.hasSystemFeature(PackageManager.FEATURE_WATCH, 0); 607 grantRuntimePermissionsLPw( 608 dialerPackage, PHONE_PERMISSIONS, isPhonePermFixed, userId); 609 grantRuntimePermissionsLPw(dialerPackage, CONTACTS_PERMISSIONS, userId); 610 grantRuntimePermissionsLPw(dialerPackage, SMS_PERMISSIONS, userId); 611 grantRuntimePermissionsLPw(dialerPackage, MICROPHONE_PERMISSIONS, userId); 612 } 613 } 614 615 private void grantDefaultPermissionsToDefaultSystemSmsAppLPr( 616 PackageParser.Package smsPackage, int userId) { 617 if (doesPackageSupportRuntimePermissions(smsPackage)) { 618 grantRuntimePermissionsLPw(smsPackage, PHONE_PERMISSIONS, userId); 619 grantRuntimePermissionsLPw(smsPackage, CONTACTS_PERMISSIONS, userId); 620 grantRuntimePermissionsLPw(smsPackage, SMS_PERMISSIONS, userId); 621 } 622 } 623 624 public void grantDefaultPermissionsToDefaultSmsAppLPr(String packageName, int userId) { 625 Log.i(TAG, "Granting permissions to default sms app for user:" + userId); 626 if (packageName == null) { 627 return; 628 } 629 PackageParser.Package smsPackage = getPackageLPr(packageName); 630 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) { 631 grantRuntimePermissionsLPw(smsPackage, PHONE_PERMISSIONS, false, true, userId); 632 grantRuntimePermissionsLPw(smsPackage, CONTACTS_PERMISSIONS, false, true, userId); 633 grantRuntimePermissionsLPw(smsPackage, SMS_PERMISSIONS, false, true, userId); 634 } 635 } 636 637 public void grantDefaultPermissionsToDefaultDialerAppLPr(String packageName, int userId) { 638 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId); 639 if (packageName == null) { 640 return; 641 } 642 PackageParser.Package dialerPackage = getPackageLPr(packageName); 643 if (dialerPackage != null 644 && doesPackageSupportRuntimePermissions(dialerPackage)) { 645 grantRuntimePermissionsLPw(dialerPackage, PHONE_PERMISSIONS, false, true, userId); 646 grantRuntimePermissionsLPw(dialerPackage, CONTACTS_PERMISSIONS, false, true, userId); 647 grantRuntimePermissionsLPw(dialerPackage, SMS_PERMISSIONS, false, true, userId); 648 grantRuntimePermissionsLPw(dialerPackage, MICROPHONE_PERMISSIONS, false, true, userId); 649 } 650 } 651 652 private void grantDefaultPermissionsToDefaultSimCallManagerLPr( 653 PackageParser.Package simCallManagerPackage, int userId) { 654 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId); 655 if (doesPackageSupportRuntimePermissions(simCallManagerPackage)) { 656 grantRuntimePermissionsLPw(simCallManagerPackage, PHONE_PERMISSIONS, userId); 657 grantRuntimePermissionsLPw(simCallManagerPackage, MICROPHONE_PERMISSIONS, userId); 658 } 659 } 660 661 public void grantDefaultPermissionsToDefaultSimCallManagerLPr(String packageName, int userId) { 662 if (packageName == null) { 663 return; 664 } 665 PackageParser.Package simCallManagerPackage = getPackageLPr(packageName); 666 if (simCallManagerPackage != null) { 667 grantDefaultPermissionsToDefaultSimCallManagerLPr(simCallManagerPackage, userId); 668 } 669 } 670 671 public void grantDefaultPermissionsToEnabledCarrierAppsLPr(String[] packageNames, int userId) { 672 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId); 673 if (packageNames == null) { 674 return; 675 } 676 for (String packageName : packageNames) { 677 PackageParser.Package carrierPackage = getSystemPackageLPr(packageName); 678 if (carrierPackage != null 679 && doesPackageSupportRuntimePermissions(carrierPackage)) { 680 grantRuntimePermissionsLPw(carrierPackage, PHONE_PERMISSIONS, userId); 681 grantRuntimePermissionsLPw(carrierPackage, LOCATION_PERMISSIONS, userId); 682 grantRuntimePermissionsLPw(carrierPackage, SMS_PERMISSIONS, userId); 683 } 684 } 685 } 686 687 public void grantDefaultPermissionsToDefaultBrowserLPr(String packageName, int userId) { 688 Log.i(TAG, "Granting permissions to default browser for user:" + userId); 689 if (packageName == null) { 690 return; 691 } 692 PackageParser.Package browserPackage = getSystemPackageLPr(packageName); 693 if (browserPackage != null 694 && doesPackageSupportRuntimePermissions(browserPackage)) { 695 grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, false, false, userId); 696 } 697 } 698 699 private PackageParser.Package getDefaultSystemHandlerActivityPackageLPr( 700 Intent intent, int userId) { 701 ResolveInfo handler = mService.resolveIntent(intent, 702 intent.resolveType(mService.mContext.getContentResolver()), DEFAULT_FLAGS, userId); 703 if (handler == null || handler.activityInfo == null) { 704 return null; 705 } 706 ActivityInfo activityInfo = handler.activityInfo; 707 if (activityInfo.packageName.equals(mService.mResolveActivity.packageName) 708 && activityInfo.name.equals(mService.mResolveActivity.name)) { 709 return null; 710 } 711 return getSystemPackageLPr(handler.activityInfo.packageName); 712 } 713 714 private PackageParser.Package getDefaultSystemHandlerServicePackageLPr( 715 Intent intent, int userId) { 716 List<ResolveInfo> handlers = mService.queryIntentServices(intent, 717 intent.resolveType(mService.mContext.getContentResolver()), DEFAULT_FLAGS, userId) 718 .getList(); 719 if (handlers == null) { 720 return null; 721 } 722 final int handlerCount = handlers.size(); 723 for (int i = 0; i < handlerCount; i++) { 724 ResolveInfo handler = handlers.get(i); 725 PackageParser.Package handlerPackage = getSystemPackageLPr( 726 handler.serviceInfo.packageName); 727 if (handlerPackage != null) { 728 return handlerPackage; 729 } 730 } 731 return null; 732 } 733 734 private List<PackageParser.Package> getHeadlessSyncAdapterPackagesLPr( 735 String[] syncAdapterPackageNames, int userId) { 736 List<PackageParser.Package> syncAdapterPackages = new ArrayList<>(); 737 738 Intent homeIntent = new Intent(Intent.ACTION_MAIN); 739 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER); 740 741 for (String syncAdapterPackageName : syncAdapterPackageNames) { 742 homeIntent.setPackage(syncAdapterPackageName); 743 744 ResolveInfo homeActivity = mService.resolveIntent(homeIntent, 745 homeIntent.resolveType(mService.mContext.getContentResolver()), DEFAULT_FLAGS, 746 userId); 747 if (homeActivity != null) { 748 continue; 749 } 750 751 PackageParser.Package syncAdapterPackage = getSystemPackageLPr(syncAdapterPackageName); 752 if (syncAdapterPackage != null) { 753 syncAdapterPackages.add(syncAdapterPackage); 754 } 755 } 756 757 return syncAdapterPackages; 758 } 759 760 private PackageParser.Package getDefaultProviderAuthorityPackageLPr( 761 String authority, int userId) { 762 ProviderInfo provider = mService.resolveContentProvider(authority, DEFAULT_FLAGS, userId); 763 if (provider != null) { 764 return getSystemPackageLPr(provider.packageName); 765 } 766 return null; 767 } 768 769 private PackageParser.Package getPackageLPr(String packageName) { 770 return mService.mPackages.get(packageName); 771 } 772 773 private PackageParser.Package getSystemPackageLPr(String packageName) { 774 PackageParser.Package pkg = getPackageLPr(packageName); 775 if (pkg != null && pkg.isSystemApp()) { 776 return !isSysComponentOrPersistentPlatformSignedPrivAppLPr(pkg) ? pkg : null; 777 } 778 return null; 779 } 780 781 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 782 int userId) { 783 grantRuntimePermissionsLPw(pkg, permissions, false, false, userId); 784 } 785 786 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 787 boolean systemFixed, int userId) { 788 grantRuntimePermissionsLPw(pkg, permissions, systemFixed, false, userId); 789 } 790 791 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 792 boolean systemFixed, boolean isDefaultPhoneOrSms, int userId) { 793 if (pkg.requestedPermissions.isEmpty()) { 794 return; 795 } 796 797 List<String> requestedPermissions = pkg.requestedPermissions; 798 Set<String> grantablePermissions = null; 799 800 // If this is the default Phone or SMS app we grant permissions regardless 801 // whether the version on the system image declares the permission as used since 802 // selecting the app as the default Phone or SMS the user makes a deliberate 803 // choice to grant this app the permissions needed to function. For all other 804 // apps, (default grants on first boot and user creation) we don't grant default 805 // permissions if the version on the system image does not declare them. 806 if (!isDefaultPhoneOrSms && pkg.isUpdatedSystemApp()) { 807 PackageSetting sysPs = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName); 808 if (sysPs != null) { 809 if (sysPs.pkg.requestedPermissions.isEmpty()) { 810 return; 811 } 812 if (!requestedPermissions.equals(sysPs.pkg.requestedPermissions)) { 813 grantablePermissions = new ArraySet<>(requestedPermissions); 814 requestedPermissions = sysPs.pkg.requestedPermissions; 815 } 816 } 817 } 818 819 final int grantablePermissionCount = requestedPermissions.size(); 820 for (int i = 0; i < grantablePermissionCount; i++) { 821 String permission = requestedPermissions.get(i); 822 823 // If there is a disabled system app it may request a permission the updated 824 // version ot the data partition doesn't, In this case skip the permission. 825 if (grantablePermissions != null && !grantablePermissions.contains(permission)) { 826 continue; 827 } 828 829 if (permissions.contains(permission)) { 830 final int flags = mService.getPermissionFlags(permission, pkg.packageName, userId); 831 832 // If any flags are set to the permission, then it is either set in 833 // its current state by the system or device/profile owner or the user. 834 // In all these cases we do not want to clobber the current state. 835 // Unless the caller wants to override user choices. The override is 836 // to make sure we can grant the needed permission to the default 837 // sms and phone apps after the user chooses this in the UI. 838 if (flags == 0 || isDefaultPhoneOrSms) { 839 // Never clobber policy or system. 840 final int fixedFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED 841 | PackageManager.FLAG_PERMISSION_POLICY_FIXED; 842 if ((flags & fixedFlags) != 0) { 843 continue; 844 } 845 846 mService.grantRuntimePermission(pkg.packageName, permission, userId); 847 if (DEBUG) { 848 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ") 849 + permission + " to default handler " + pkg.packageName); 850 } 851 852 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT; 853 if (systemFixed) { 854 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; 855 } 856 857 mService.updatePermissionFlags(permission, pkg.packageName, 858 newFlags, newFlags, userId); 859 } 860 861 // If a component gets a permission for being the default handler A 862 // and also default handler B, we grant the weaker grant form. 863 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0 864 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 865 && !systemFixed) { 866 if (DEBUG) { 867 Log.i(TAG, "Granted not fixed " + permission + " to default handler " 868 + pkg.packageName); 869 } 870 mService.updatePermissionFlags(permission, pkg.packageName, 871 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, userId); 872 } 873 } 874 } 875 } 876 877 private boolean isSysComponentOrPersistentPlatformSignedPrivAppLPr(PackageParser.Package pkg) { 878 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) { 879 return true; 880 } 881 if (!pkg.isPrivilegedApp()) { 882 return false; 883 } 884 PackageSetting sysPkg = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName); 885 if (sysPkg != null && sysPkg.pkg != null) { 886 if ((sysPkg.pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 887 return false; 888 } 889 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 890 return false; 891 } 892 return PackageManagerService.compareSignatures(mService.mPlatformPackage.mSignatures, 893 pkg.mSignatures) == PackageManager.SIGNATURE_MATCH; 894 } 895 896 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) { 897 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1; 898 } 899} 900