DefaultPermissionGrantPolicy.java revision cdfd230a392d0f0557a3a5bada221b7a05113392
1/* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.pm; 18 19import android.Manifest; 20import android.app.DownloadManager; 21import android.content.Intent; 22import android.content.pm.ApplicationInfo; 23import android.content.pm.PackageManager; 24import android.content.pm.PackageManagerInternal.PackagesProvider; 25import android.content.pm.PackageParser; 26import android.content.pm.ProviderInfo; 27import android.content.pm.ResolveInfo; 28import android.net.Uri; 29import android.os.Build; 30import android.os.UserHandle; 31import android.provider.MediaStore; 32import android.util.ArraySet; 33import android.util.Log; 34 35import java.io.File; 36import java.util.ArrayList; 37import java.util.List; 38import java.util.Set; 39 40import static android.os.Process.FIRST_APPLICATION_UID; 41 42/** 43 * This class is the policy for granting runtime permissions to 44 * platform components and default handlers in the system such 45 * that the device is usable out-of-the-box. For example, the 46 * shell UID is a part of the system and the Phone app should 47 * have phone related permission by default. 48 */ 49final class DefaultPermissionGrantPolicy { 50 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars 51 private static final boolean DEBUG = false; 52 53 private static final String PACKAGE_MIME_TYPE = "application/vnd.android.package-archive"; 54 55 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>(); 56 static { 57 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE); 58 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE); 59 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG); 60 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG); 61 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL); 62 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP); 63 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS); 64 } 65 66 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>(); 67 static { 68 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS); 69 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS); 70 } 71 72 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>(); 73 static { 74 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION); 75 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION); 76 } 77 78 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>(); 79 static { 80 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR); 81 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR); 82 } 83 84 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>(); 85 static { 86 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS); 87 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS); 88 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS); 89 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH); 90 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS); 91 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS); 92 } 93 94 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>(); 95 static { 96 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO); 97 } 98 99 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>(); 100 static { 101 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA); 102 } 103 104 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>(); 105 static { 106 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS); 107 } 108 109 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>(); 110 static { 111 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE); 112 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE); 113 } 114 115 private static final Set<String> SETTINGS_PERMISSIONS = new ArraySet<>(); 116 static { 117 SETTINGS_PERMISSIONS.add(Manifest.permission.WRITE_SETTINGS); 118 } 119 120 private static final Set<String> INSTALLER_PERMISSIONS = new ArraySet<>(); 121 static { 122 INSTALLER_PERMISSIONS.add(Manifest.permission.GRANT_REVOKE_PERMISSIONS); 123 INSTALLER_PERMISSIONS.add(Manifest.permission.INTERACT_ACROSS_USERS_FULL); 124 INSTALLER_PERMISSIONS.add(Manifest.permission.CLEAR_APP_USER_DATA); 125 INSTALLER_PERMISSIONS.add(Manifest.permission.KILL_UID); 126 } 127 128 private static final Set<String> VERIFIER_PERMISSIONS = new ArraySet<>(); 129 static { 130 INSTALLER_PERMISSIONS.add(Manifest.permission.GRANT_REVOKE_PERMISSIONS); 131 } 132 133 private final PackageManagerService mService; 134 135 private PackagesProvider mImePackagesProvider; 136 private PackagesProvider mLocationPackagesProvider; 137 private PackagesProvider mVoiceInteractionPackagesProvider; 138 private PackagesProvider mSmsAppPackagesProvider; 139 private PackagesProvider mDialerAppPackagesProvider; 140 141 public DefaultPermissionGrantPolicy(PackageManagerService service) { 142 mService = service; 143 } 144 145 public void setImePackagesProviderLPr(PackagesProvider provider) { 146 mImePackagesProvider = provider; 147 } 148 149 public void setLocationPackagesProviderLPw(PackagesProvider provider) { 150 mLocationPackagesProvider = provider; 151 } 152 153 public void setVoiceInteractionPackagesProviderLPw(PackagesProvider provider) { 154 mVoiceInteractionPackagesProvider = provider; 155 } 156 157 public void setSmsAppPackagesProviderLPw(PackagesProvider provider) { 158 mSmsAppPackagesProvider = provider; 159 } 160 161 public void setDialerAppPackagesProviderLPw(PackagesProvider provider) { 162 mDialerAppPackagesProvider = provider; 163 } 164 165 public void grantDefaultPermissions(int userId) { 166 grantPermissionsToSysComponentsAndPrivApps(userId); 167 grantDefaultSystemHandlerPermissions(userId); 168 } 169 170 private void grantPermissionsToSysComponentsAndPrivApps(int userId) { 171 Log.i(TAG, "Granting permissions to platform components for user" + userId); 172 173 synchronized (mService.mPackages) { 174 for (PackageParser.Package pkg : mService.mPackages.values()) { 175 if (!isSysComponentOrPersistentPrivApp(pkg) 176 || !doesPackageSupportRuntimePermissions(pkg)) { 177 continue; 178 } 179 final int permissionCount = pkg.requestedPermissions.size(); 180 for (int i = 0; i < permissionCount; i++) { 181 String permission = pkg.requestedPermissions.get(i); 182 BasePermission bp = mService.mSettings.mPermissions.get(permission); 183 if (bp != null && bp.isRuntime()) { 184 final int flags = mService.getPermissionFlags(permission, 185 pkg.packageName, userId); 186 if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) == 0) { 187 mService.grantRuntimePermission(pkg.packageName, permission, userId); 188 mService.updatePermissionFlags(permission, pkg.packageName, 189 PackageManager.MASK_PERMISSION_FLAGS, 190 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, userId); 191 if (DEBUG) { 192 Log.i(TAG, "Granted " + permission + " to system component " 193 + pkg.packageName); 194 } 195 } 196 } 197 } 198 } 199 } 200 } 201 202 private void grantDefaultSystemHandlerPermissions(int userId) { 203 Log.i(TAG, "Granting permissions to default platform handlers for user:" + userId); 204 205 final PackagesProvider imePackagesProvider; 206 final PackagesProvider locationPackagesProvider; 207 final PackagesProvider voiceInteractionPackagesProvider; 208 final PackagesProvider smsAppPackagesProvider; 209 final PackagesProvider dialerAppPackagesProvider; 210 211 synchronized (mService.mPackages) { 212 imePackagesProvider = mImePackagesProvider; 213 locationPackagesProvider = mLocationPackagesProvider; 214 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider; 215 smsAppPackagesProvider = mSmsAppPackagesProvider; 216 dialerAppPackagesProvider = mDialerAppPackagesProvider; 217 } 218 219 String[] imePackageNames = (imePackagesProvider != null) 220 ? imePackagesProvider.getPackages(userId) : null; 221 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null) 222 ? voiceInteractionPackagesProvider.getPackages(userId) : null; 223 String[] locationPackageNames = (locationPackagesProvider != null) 224 ? locationPackagesProvider.getPackages(userId) : null; 225 String[] smsAppPackageNames = (smsAppPackagesProvider != null) 226 ? smsAppPackagesProvider.getPackages(userId) : null; 227 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null) 228 ? dialerAppPackagesProvider.getPackages(userId) : null; 229 230 synchronized (mService.mPackages) { 231 // Installers 232 Intent installerIntent = new Intent(Intent.ACTION_INSTALL_PACKAGE); 233 installerIntent.addCategory(Intent.CATEGORY_DEFAULT); 234 installerIntent.setDataAndType(Uri.fromFile(new File("foo.apk")), 235 PACKAGE_MIME_TYPE); 236 List<PackageParser.Package> installerPackages = 237 getPrivilegedHandlerActivityPackagesLPr(installerIntent, userId); 238 final int installerCount = installerPackages.size(); 239 for (int i = 0; i < installerCount; i++) { 240 PackageParser.Package installPackage = installerPackages.get(i); 241 grantInstallPermissionsLPw(installPackage, INSTALLER_PERMISSIONS, userId); 242 grantRuntimePermissionsLPw(installPackage, STORAGE_PERMISSIONS, userId); 243 } 244 245 // Verifiers 246 Intent verifierIntent = new Intent(Intent.ACTION_PACKAGE_NEEDS_VERIFICATION); 247 verifierIntent.setType(PACKAGE_MIME_TYPE); 248 List<PackageParser.Package> verifierPackages = 249 getPrivilegedHandlerReceiverPackagesLPr(verifierIntent, userId); 250 final int verifierCount = verifierPackages.size(); 251 for (int i = 0; i < verifierCount; i++) { 252 PackageParser.Package verifierPackage = verifierPackages.get(i); 253 grantInstallPermissionsLPw(verifierPackage, VERIFIER_PERMISSIONS, userId); 254 grantRuntimePermissionsLPw(verifierPackage, STORAGE_PERMISSIONS, userId); 255 } 256 257 // SetupWizard 258 Intent setupIntent = new Intent(Intent.ACTION_MAIN); 259 setupIntent.addCategory(Intent.CATEGORY_HOME); 260 PackageParser.Package setupPackage = getDefaultSystemHandlerActivityPackageLPr( 261 setupIntent, userId); 262 if (setupPackage != null 263 && doesPackageSupportRuntimePermissions(setupPackage)) { 264 grantRuntimePermissionsLPw(setupPackage, PHONE_PERMISSIONS, userId); 265 grantRuntimePermissionsLPw(setupPackage, CONTACTS_PERMISSIONS, userId); 266 grantRuntimePermissionsLPw(setupPackage, SETTINGS_PERMISSIONS, userId); 267 } 268 269 // Dialer 270 if (dialerAppPackageNames != null) { 271 for (String dialerAppPackageName : dialerAppPackageNames) { 272 PackageParser.Package dialerPackage = getPackageLPr(dialerAppPackageName); 273 if (dialerPackage != null 274 && doesPackageSupportRuntimePermissions(dialerPackage)) { 275 grantRuntimePermissionsLPw(dialerPackage, PHONE_PERMISSIONS, userId); 276 grantRuntimePermissionsLPw(dialerPackage, CONTACTS_PERMISSIONS, userId); 277 grantRuntimePermissionsLPw(dialerPackage, SMS_PERMISSIONS, userId); 278 grantRuntimePermissionsLPw(dialerPackage, MICROPHONE_PERMISSIONS, userId); 279 } 280 } 281 } 282 283 // Camera 284 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE); 285 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackageLPr( 286 cameraIntent, userId); 287 if (cameraPackage != null 288 && doesPackageSupportRuntimePermissions(cameraPackage)) { 289 grantRuntimePermissionsLPw(cameraPackage, CAMERA_PERMISSIONS, userId); 290 grantRuntimePermissionsLPw(cameraPackage, MICROPHONE_PERMISSIONS, userId); 291 grantRuntimePermissionsLPw(cameraPackage, STORAGE_PERMISSIONS, userId); 292 } 293 294 // Media provider 295 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackageLPr( 296 MediaStore.AUTHORITY, userId); 297 if (mediaStorePackage != null) { 298 grantRuntimePermissionsLPw(mediaStorePackage, STORAGE_PERMISSIONS, userId); 299 } 300 301 // Downloads provider 302 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackageLPr( 303 "downloads", userId); 304 if (downloadsPackage != null) { 305 grantRuntimePermissionsLPw(downloadsPackage, STORAGE_PERMISSIONS, userId); 306 } 307 308 // Downloads UI 309 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS); 310 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackageLPr( 311 downloadsUiIntent, userId); 312 if (downloadsUiPackage != null 313 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) { 314 grantRuntimePermissionsLPw(downloadsUiPackage, STORAGE_PERMISSIONS, userId); 315 } 316 317 // SMS 318 if (smsAppPackageNames != null) { 319 for (String smsPackageName : smsAppPackageNames) { 320 PackageParser.Package smsPackage = getPackageLPr(smsPackageName); 321 if (smsPackage != null 322 && doesPackageSupportRuntimePermissions(smsPackage)) { 323 grantRuntimePermissionsLPw(smsPackage, PHONE_PERMISSIONS, userId); 324 grantRuntimePermissionsLPw(smsPackage, CONTACTS_PERMISSIONS, userId); 325 grantRuntimePermissionsLPw(smsPackage, SMS_PERMISSIONS, userId); 326 } 327 } 328 } 329 330 // Calendar 331 Intent calendarIntent = new Intent(Intent.ACTION_MAIN); 332 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR); 333 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackageLPr( 334 calendarIntent, userId); 335 if (calendarPackage != null 336 && doesPackageSupportRuntimePermissions(calendarPackage)) { 337 grantRuntimePermissionsLPw(calendarPackage, CALENDAR_PERMISSIONS, userId); 338 grantRuntimePermissionsLPw(calendarPackage, CONTACTS_PERMISSIONS, userId); 339 } 340 341 // Contacts 342 Intent contactsIntent = new Intent(Intent.ACTION_MAIN); 343 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS); 344 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackageLPr( 345 contactsIntent, userId); 346 if (contactsPackage != null 347 && doesPackageSupportRuntimePermissions(contactsPackage)) { 348 grantRuntimePermissionsLPw(contactsPackage, CONTACTS_PERMISSIONS, userId); 349 grantRuntimePermissionsLPw(contactsPackage, PHONE_PERMISSIONS, userId); 350 } 351 352 // Maps 353 Intent mapsIntent = new Intent(Intent.ACTION_MAIN); 354 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS); 355 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackageLPr( 356 mapsIntent, userId); 357 if (mapsPackage != null 358 && doesPackageSupportRuntimePermissions(mapsPackage)) { 359 grantRuntimePermissionsLPw(mapsPackage, LOCATION_PERMISSIONS, userId); 360 } 361 362 // Email 363 Intent emailIntent = new Intent(Intent.ACTION_MAIN); 364 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL); 365 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackageLPr( 366 emailIntent, userId); 367 if (emailPackage != null 368 && doesPackageSupportRuntimePermissions(emailPackage)) { 369 grantRuntimePermissionsLPw(emailPackage, CONTACTS_PERMISSIONS, userId); 370 } 371 372 // Browser 373 PackageParser.Package browserPackage = null; 374 String defaultBrowserPackage = mService.getDefaultBrowserPackageName(userId); 375 if (defaultBrowserPackage != null) { 376 browserPackage = getPackageLPr(defaultBrowserPackage); 377 } 378 if (browserPackage == null) { 379 Intent browserIntent = new Intent(Intent.ACTION_MAIN); 380 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER); 381 browserPackage = getDefaultSystemHandlerActivityPackageLPr( 382 browserIntent, userId); 383 } 384 if (browserPackage != null 385 && doesPackageSupportRuntimePermissions(browserPackage)) { 386 grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, userId); 387 } 388 389 // IME 390 if (imePackageNames != null) { 391 for (String imePackageName : imePackageNames) { 392 PackageParser.Package imePackage = getSystemPackageLPr(imePackageName); 393 if (imePackage != null 394 && doesPackageSupportRuntimePermissions(imePackage)) { 395 grantRuntimePermissionsLPw(imePackage, CONTACTS_PERMISSIONS, userId); 396 } 397 } 398 } 399 400 // Voice interaction 401 if (voiceInteractPackageNames != null) { 402 for (String voiceInteractPackageName : voiceInteractPackageNames) { 403 PackageParser.Package voiceInteractPackage = getSystemPackageLPr( 404 voiceInteractPackageName); 405 if (voiceInteractPackage != null 406 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) { 407 grantRuntimePermissionsLPw(voiceInteractPackage, 408 CONTACTS_PERMISSIONS, userId); 409 grantRuntimePermissionsLPw(voiceInteractPackage, 410 CALENDAR_PERMISSIONS, userId); 411 grantRuntimePermissionsLPw(voiceInteractPackage, 412 MICROPHONE_PERMISSIONS, userId); 413 grantRuntimePermissionsLPw(voiceInteractPackage, 414 PHONE_PERMISSIONS, userId); 415 grantRuntimePermissionsLPw(voiceInteractPackage, 416 SMS_PERMISSIONS, userId); 417 grantRuntimePermissionsLPw(voiceInteractPackage, 418 LOCATION_PERMISSIONS, userId); 419 } 420 } 421 } 422 423 // Location 424 if (locationPackageNames != null) { 425 for (String packageName : locationPackageNames) { 426 PackageParser.Package locationPackage = getSystemPackageLPr(packageName); 427 if (locationPackage != null 428 && doesPackageSupportRuntimePermissions(locationPackage)) { 429 grantRuntimePermissionsLPw(locationPackage, CONTACTS_PERMISSIONS, userId); 430 grantRuntimePermissionsLPw(locationPackage, CALENDAR_PERMISSIONS, userId); 431 grantRuntimePermissionsLPw(locationPackage, MICROPHONE_PERMISSIONS, userId); 432 grantRuntimePermissionsLPw(locationPackage, PHONE_PERMISSIONS, userId); 433 grantRuntimePermissionsLPw(locationPackage, SMS_PERMISSIONS, userId); 434 grantRuntimePermissionsLPw(locationPackage, LOCATION_PERMISSIONS, userId); 435 grantRuntimePermissionsLPw(locationPackage, CAMERA_PERMISSIONS, userId); 436 grantRuntimePermissionsLPw(locationPackage, SENSORS_PERMISSIONS, userId); 437 grantRuntimePermissionsLPw(locationPackage, STORAGE_PERMISSIONS, userId); 438 } 439 } 440 } 441 442 mService.mSettings.onDefaultRuntimePermissionsGrantedLPr(userId); 443 } 444 } 445 446 public void grantDefaultPermissionsToDefaultSmsAppLPr(String packageName, int userId) { 447 Log.i(TAG, "Granting permissions to default sms app for user:" + userId); 448 if (packageName == null) { 449 return; 450 } 451 PackageParser.Package smsPackage = getPackageLPr(packageName); 452 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) { 453 grantRuntimePermissionsLPw(smsPackage, PHONE_PERMISSIONS, userId); 454 grantRuntimePermissionsLPw(smsPackage, CONTACTS_PERMISSIONS, userId); 455 grantRuntimePermissionsLPw(smsPackage, SMS_PERMISSIONS, userId); 456 } 457 } 458 459 public void grantDefaultPermissionsToDefaultDialerAppLPr(String packageName, int userId) { 460 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId); 461 if (packageName == null) { 462 return; 463 } 464 PackageParser.Package dialerPackage = getPackageLPr(packageName); 465 if (dialerPackage != null 466 && doesPackageSupportRuntimePermissions(dialerPackage)) { 467 grantRuntimePermissionsLPw(dialerPackage, PHONE_PERMISSIONS, userId); 468 grantRuntimePermissionsLPw(dialerPackage, CONTACTS_PERMISSIONS, userId); 469 grantRuntimePermissionsLPw(dialerPackage, SMS_PERMISSIONS, userId); 470 grantRuntimePermissionsLPw(dialerPackage, MICROPHONE_PERMISSIONS, userId); 471 } 472 } 473 474 public void grantDefaultPermissionsToEnabledCarrierAppsLPr(String[] packageNames, int userId) { 475 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId); 476 if (packageNames == null) { 477 return; 478 } 479 for (String packageName : packageNames) { 480 PackageParser.Package carrierPackage = getSystemPackageLPr(packageName); 481 if (carrierPackage != null 482 && doesPackageSupportRuntimePermissions(carrierPackage)) { 483 grantRuntimePermissionsLPw(carrierPackage, PHONE_PERMISSIONS, userId); 484 grantRuntimePermissionsLPw(carrierPackage, LOCATION_PERMISSIONS, userId); 485 } 486 } 487 } 488 489 public void grantDefaultPermissionsToDefaultBrowserLPr(String packageName, int userId) { 490 Log.i(TAG, "Granting permissions to default browser for user:" + userId); 491 if (packageName == null) { 492 return; 493 } 494 PackageParser.Package browserPackage = getSystemPackageLPr(packageName); 495 if (browserPackage != null 496 && doesPackageSupportRuntimePermissions(browserPackage)) { 497 grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, userId); 498 } 499 } 500 501 private List<PackageParser.Package> getPrivilegedHandlerReceiverPackagesLPr( 502 Intent intent, int userId) { 503 List<ResolveInfo> handlers = mService.queryIntentReceivers( 504 intent, intent.resolveTypeIfNeeded(mService.mContext.getContentResolver()), 505 0, userId); 506 return getPrivilegedPackages(handlers); 507 } 508 509 private List<PackageParser.Package> getPrivilegedHandlerActivityPackagesLPr( 510 Intent intent, int userId) { 511 List<ResolveInfo> handlers = mService.queryIntentActivities( 512 intent, intent.resolveTypeIfNeeded(mService.mContext.getContentResolver()), 513 0, userId); 514 return getPrivilegedPackages(handlers); 515 } 516 517 private List<PackageParser.Package> getPrivilegedPackages(List<ResolveInfo> resolveInfos) { 518 List<PackageParser.Package> handlerPackages = new ArrayList<>(); 519 final int handlerCount = resolveInfos.size(); 520 for (int i = 0; i < handlerCount; i++) { 521 ResolveInfo handler = resolveInfos.get(i); 522 PackageParser.Package handlerPackage = getPrivilegedPackageLPr( 523 handler.activityInfo.packageName); 524 if (handlerPackage != null) { 525 handlerPackages.add(handlerPackage); 526 } 527 } 528 return handlerPackages; 529 } 530 531 private PackageParser.Package getDefaultSystemHandlerActivityPackageLPr( 532 Intent intent, int userId) { 533 List<ResolveInfo> handlers = mService.queryIntentActivities(intent, null, 0, userId); 534 final int handlerCount = handlers.size(); 535 for (int i = 0; i < handlerCount; i++) { 536 ResolveInfo handler = handlers.get(i); 537 // TODO: This is a temporary hack to figure out the setup app. 538 PackageParser.Package handlerPackage = getSystemPackageLPr( 539 handler.activityInfo.packageName); 540 if (handlerPackage != null) { 541 return handlerPackage; 542 } 543 } 544 return null; 545 } 546 547 private PackageParser.Package getDefaultProviderAuthorityPackageLPr( 548 String authority, int userId) { 549 ProviderInfo provider = mService.resolveContentProvider(authority, 0, userId); 550 if (provider != null) { 551 return getSystemPackageLPr(provider.packageName); 552 } 553 return null; 554 } 555 556 private PackageParser.Package getPackageLPr(String packageName) { 557 return mService.mPackages.get(packageName); 558 } 559 560 private PackageParser.Package getSystemPackageLPr(String packageName) { 561 PackageParser.Package pkg = getPackageLPr(packageName); 562 if (pkg != null && pkg.isSystemApp()) { 563 return !isSysComponentOrPersistentPrivApp(pkg) ? pkg : null; 564 } 565 return null; 566 } 567 568 private PackageParser.Package getPrivilegedPackageLPr(String packageName) { 569 PackageParser.Package pkg = mService.mPackages.get(packageName); 570 if (pkg != null && pkg.applicationInfo.isPrivilegedApp()) { 571 return !isSysComponentOrPersistentPrivApp(pkg) ? pkg : null; 572 } 573 return null; 574 } 575 576 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 577 int userId) { 578 List<String> requestedPermissions = pkg.requestedPermissions; 579 580 if (pkg.isUpdatedSystemApp()) { 581 PackageSetting sysPs = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName); 582 if (sysPs != null) { 583 requestedPermissions = sysPs.pkg.requestedPermissions; 584 } 585 } 586 587 final int permissionCount = requestedPermissions.size(); 588 for (int i = 0; i < permissionCount; i++) { 589 String permission = requestedPermissions.get(i); 590 if (permissions.contains(permission)) { 591 final int flags = mService.getPermissionFlags(permission, pkg.packageName, userId); 592 593 // If any flags are set to the permission, then it is either set in 594 // its current state by the system or device/profile owner or the user. 595 // In all these cases we do not want to clobber the current state. 596 if (flags == 0) { 597 mService.grantRuntimePermission(pkg.packageName, permission, userId); 598 if (DEBUG) { 599 Log.i(TAG, "Granted " + permission + " to default handler " 600 + pkg.packageName); 601 } 602 } 603 } 604 } 605 } 606 607 private void grantInstallPermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 608 int userId) { 609 List<String> requestedPermissions = pkg.requestedPermissions; 610 611 if (pkg.isUpdatedSystemApp()) { 612 PackageSetting sysPs = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName); 613 if (sysPs != null) { 614 requestedPermissions = sysPs.pkg.requestedPermissions; 615 } 616 } 617 618 final int permissionCount = requestedPermissions.size(); 619 for (int i = 0; i < permissionCount; i++) { 620 String permission = requestedPermissions.get(i); 621 if (permissions.contains(permission)) { 622 final int flags = mService.getPermissionFlags(permission, pkg.packageName, userId); 623 624 // If any flags are set to the permission, then it is either set in 625 // its current state by the system or device/profile owner or the user. 626 // In all these cases we do not want to clobber the current state. 627 if (flags == 0) { 628 mService.grantInstallPermissionLPw(permission, pkg); 629 if (DEBUG) { 630 Log.i(TAG, "Granted install " + permission + " to " + pkg.packageName); 631 } 632 } 633 } 634 } 635 } 636 637 private static boolean isSysComponentOrPersistentPrivApp(PackageParser.Package pkg) { 638 return UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID 639 || ((pkg.applicationInfo.privateFlags 640 & ApplicationInfo.PRIVATE_FLAG_PRIVILEGED) != 0 641 && (pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) != 0); 642 } 643 644 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) { 645 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1; 646 } 647} 648