DefaultPermissionGrantPolicy.java revision f443384d9e30111aaa61dac75af1f40d19465e96
1/* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.pm; 18 19import android.Manifest; 20import android.app.DownloadManager; 21import android.app.admin.DevicePolicyManager; 22import android.content.Intent; 23import android.content.pm.ActivityInfo; 24import android.content.pm.ApplicationInfo; 25import android.content.pm.PackageManager; 26import android.content.pm.PackageManagerInternal.PackagesProvider; 27import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider; 28import android.content.pm.PackageParser; 29import android.content.pm.ProviderInfo; 30import android.content.pm.ResolveInfo; 31import android.net.Uri; 32import android.os.Build; 33import android.os.UserHandle; 34import android.provider.CalendarContract; 35import android.provider.ContactsContract; 36import android.provider.MediaStore; 37import android.provider.Telephony.Sms.Intents; 38import android.security.Credentials; 39import android.util.ArraySet; 40import android.util.Log; 41 42import java.io.File; 43import java.util.ArrayList; 44import java.util.List; 45import java.util.Set; 46 47import static android.os.Process.FIRST_APPLICATION_UID; 48 49/** 50 * This class is the policy for granting runtime permissions to 51 * platform components and default handlers in the system such 52 * that the device is usable out-of-the-box. For example, the 53 * shell UID is a part of the system and the Phone app should 54 * have phone related permission by default. 55 */ 56final class DefaultPermissionGrantPolicy { 57 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars 58 private static final boolean DEBUG = false; 59 60 private static final String AUDIO_MIME_TYPE = "audio/mpeg"; 61 62 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>(); 63 static { 64 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE); 65 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE); 66 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG); 67 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG); 68 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL); 69 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP); 70 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS); 71 } 72 73 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>(); 74 static { 75 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS); 76 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS); 77 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS); 78 } 79 80 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>(); 81 static { 82 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION); 83 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION); 84 } 85 86 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>(); 87 static { 88 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR); 89 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR); 90 } 91 92 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>(); 93 static { 94 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS); 95 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS); 96 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS); 97 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH); 98 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS); 99 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS); 100 } 101 102 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>(); 103 static { 104 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO); 105 } 106 107 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>(); 108 static { 109 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA); 110 } 111 112 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>(); 113 static { 114 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS); 115 } 116 117 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>(); 118 static { 119 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE); 120 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE); 121 } 122 123 private final PackageManagerService mService; 124 125 private PackagesProvider mImePackagesProvider; 126 private PackagesProvider mLocationPackagesProvider; 127 private PackagesProvider mVoiceInteractionPackagesProvider; 128 private PackagesProvider mSmsAppPackagesProvider; 129 private PackagesProvider mDialerAppPackagesProvider; 130 private PackagesProvider mSimCallManagerPackagesProvider; 131 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider; 132 133 public DefaultPermissionGrantPolicy(PackageManagerService service) { 134 mService = service; 135 } 136 137 public void setImePackagesProviderLPr(PackagesProvider provider) { 138 mImePackagesProvider = provider; 139 } 140 141 public void setLocationPackagesProviderLPw(PackagesProvider provider) { 142 mLocationPackagesProvider = provider; 143 } 144 145 public void setVoiceInteractionPackagesProviderLPw(PackagesProvider provider) { 146 mVoiceInteractionPackagesProvider = provider; 147 } 148 149 public void setSmsAppPackagesProviderLPw(PackagesProvider provider) { 150 mSmsAppPackagesProvider = provider; 151 } 152 153 public void setDialerAppPackagesProviderLPw(PackagesProvider provider) { 154 mDialerAppPackagesProvider = provider; 155 } 156 157 public void setSimCallManagerPackagesProviderLPw(PackagesProvider provider) { 158 mSimCallManagerPackagesProvider = provider; 159 } 160 161 public void setSyncAdapterPackagesProviderLPw(SyncAdapterPackagesProvider provider) { 162 mSyncAdapterPackagesProvider = provider; 163 } 164 165 public void grantDefaultPermissions(int userId) { 166 grantPermissionsToSysComponentsAndPrivApps(userId); 167 grantDefaultSystemHandlerPermissions(userId); 168 } 169 170 private void grantPermissionsToSysComponentsAndPrivApps(int userId) { 171 Log.i(TAG, "Granting permissions to platform components for user " + userId); 172 173 synchronized (mService.mPackages) { 174 for (PackageParser.Package pkg : mService.mPackages.values()) { 175 if (!isSysComponentOrPersistentPlatformSignedPrivAppLPr(pkg) 176 || !doesPackageSupportRuntimePermissions(pkg) 177 || pkg.requestedPermissions.isEmpty()) { 178 continue; 179 } 180 Set<String> permissions = new ArraySet<>(); 181 final int permissionCount = pkg.requestedPermissions.size(); 182 for (int i = 0; i < permissionCount; i++) { 183 String permission = pkg.requestedPermissions.get(i); 184 BasePermission bp = mService.mSettings.mPermissions.get(permission); 185 if (bp != null && bp.isRuntime()) { 186 permissions.add(permission); 187 } 188 } 189 if (!permissions.isEmpty()) { 190 grantRuntimePermissionsLPw(pkg, permissions, true, userId); 191 } 192 } 193 } 194 } 195 196 private void grantDefaultSystemHandlerPermissions(int userId) { 197 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId); 198 199 final PackagesProvider imePackagesProvider; 200 final PackagesProvider locationPackagesProvider; 201 final PackagesProvider voiceInteractionPackagesProvider; 202 final PackagesProvider smsAppPackagesProvider; 203 final PackagesProvider dialerAppPackagesProvider; 204 final PackagesProvider simCallManagerPackagesProvider; 205 final SyncAdapterPackagesProvider syncAdapterPackagesProvider; 206 207 synchronized (mService.mPackages) { 208 imePackagesProvider = mImePackagesProvider; 209 locationPackagesProvider = mLocationPackagesProvider; 210 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider; 211 smsAppPackagesProvider = mSmsAppPackagesProvider; 212 dialerAppPackagesProvider = mDialerAppPackagesProvider; 213 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider; 214 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider; 215 } 216 217 String[] imePackageNames = (imePackagesProvider != null) 218 ? imePackagesProvider.getPackages(userId) : null; 219 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null) 220 ? voiceInteractionPackagesProvider.getPackages(userId) : null; 221 String[] locationPackageNames = (locationPackagesProvider != null) 222 ? locationPackagesProvider.getPackages(userId) : null; 223 String[] smsAppPackageNames = (smsAppPackagesProvider != null) 224 ? smsAppPackagesProvider.getPackages(userId) : null; 225 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null) 226 ? dialerAppPackagesProvider.getPackages(userId) : null; 227 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null) 228 ? simCallManagerPackagesProvider.getPackages(userId) : null; 229 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 230 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null; 231 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 232 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null; 233 234 synchronized (mService.mPackages) { 235 // Installer 236 PackageParser.Package installerPackage = getSystemPackageLPr( 237 mService.mRequiredInstallerPackage); 238 if (installerPackage != null 239 && doesPackageSupportRuntimePermissions(installerPackage)) { 240 grantRuntimePermissionsLPw(installerPackage, STORAGE_PERMISSIONS, true, userId); 241 } 242 243 // Verifier 244 PackageParser.Package verifierPackage = getSystemPackageLPr( 245 mService.mRequiredVerifierPackage); 246 if (verifierPackage != null 247 && doesPackageSupportRuntimePermissions(verifierPackage)) { 248 grantRuntimePermissionsLPw(verifierPackage, STORAGE_PERMISSIONS, true, userId); 249 grantRuntimePermissionsLPw(verifierPackage, PHONE_PERMISSIONS, false, userId); 250 grantRuntimePermissionsLPw(verifierPackage, SMS_PERMISSIONS, false, userId); 251 } 252 253 // SetupWizard 254 Intent setupIntent = new Intent(Intent.ACTION_MAIN); 255 setupIntent.addCategory(Intent.CATEGORY_SETUP_WIZARD); 256 PackageParser.Package setupPackage = getDefaultSystemHandlerActivityPackageLPr( 257 setupIntent, userId); 258 if (setupPackage != null 259 && doesPackageSupportRuntimePermissions(setupPackage)) { 260 grantRuntimePermissionsLPw(setupPackage, PHONE_PERMISSIONS, userId); 261 grantRuntimePermissionsLPw(setupPackage, CONTACTS_PERMISSIONS, userId); 262 } 263 264 // Camera 265 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE); 266 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackageLPr( 267 cameraIntent, userId); 268 if (cameraPackage != null 269 && doesPackageSupportRuntimePermissions(cameraPackage)) { 270 grantRuntimePermissionsLPw(cameraPackage, CAMERA_PERMISSIONS, userId); 271 grantRuntimePermissionsLPw(cameraPackage, MICROPHONE_PERMISSIONS, userId); 272 grantRuntimePermissionsLPw(cameraPackage, STORAGE_PERMISSIONS, userId); 273 } 274 275 // Media provider 276 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackageLPr( 277 MediaStore.AUTHORITY, userId); 278 if (mediaStorePackage != null) { 279 grantRuntimePermissionsLPw(mediaStorePackage, STORAGE_PERMISSIONS, true, userId); 280 } 281 282 // Downloads provider 283 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackageLPr( 284 "downloads", userId); 285 if (downloadsPackage != null) { 286 grantRuntimePermissionsLPw(downloadsPackage, STORAGE_PERMISSIONS, true, userId); 287 } 288 289 // Downloads UI 290 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS); 291 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackageLPr( 292 downloadsUiIntent, userId); 293 if (downloadsUiPackage != null 294 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) { 295 grantRuntimePermissionsLPw(downloadsUiPackage, STORAGE_PERMISSIONS, true, userId); 296 } 297 298 // Storage provider 299 PackageParser.Package storagePackage = getDefaultProviderAuthorityPackageLPr( 300 "com.android.externalstorage.documents", userId); 301 if (storagePackage != null) { 302 grantRuntimePermissionsLPw(storagePackage, STORAGE_PERMISSIONS, true, userId); 303 } 304 305 // CertInstaller 306 Intent certInstallerIntent = new Intent(Credentials.INSTALL_ACTION); 307 PackageParser.Package certInstallerPackage = getDefaultSystemHandlerActivityPackageLPr( 308 certInstallerIntent, userId); 309 if (certInstallerPackage != null 310 && doesPackageSupportRuntimePermissions(certInstallerPackage)) { 311 grantRuntimePermissionsLPw(certInstallerPackage, STORAGE_PERMISSIONS, true, userId); 312 } 313 314 // Dialer 315 if (dialerAppPackageNames == null) { 316 Intent dialerIntent = new Intent(Intent.ACTION_DIAL); 317 PackageParser.Package dialerPackage = getDefaultSystemHandlerActivityPackageLPr( 318 dialerIntent, userId); 319 if (dialerPackage != null) { 320 grantDefaultPermissionsToDefaultSystemDialerAppLPr(dialerPackage, userId); 321 } 322 } else { 323 for (String dialerAppPackageName : dialerAppPackageNames) { 324 PackageParser.Package dialerPackage = getSystemPackageLPr(dialerAppPackageName); 325 if (dialerPackage != null) { 326 grantDefaultPermissionsToDefaultSystemDialerAppLPr(dialerPackage, userId); 327 } 328 } 329 } 330 331 // Sim call manager 332 if (simCallManagerPackageNames != null) { 333 for (String simCallManagerPackageName : simCallManagerPackageNames) { 334 PackageParser.Package simCallManagerPackage = 335 getSystemPackageLPr(simCallManagerPackageName); 336 if (simCallManagerPackage != null) { 337 grantDefaultPermissionsToDefaultSimCallManagerLPr(simCallManagerPackage, 338 userId); 339 } 340 } 341 } 342 343 // SMS 344 if (smsAppPackageNames == null) { 345 Intent smsIntent = new Intent(Intent.ACTION_MAIN); 346 smsIntent.addCategory(Intent.CATEGORY_APP_MESSAGING); 347 PackageParser.Package smsPackage = getDefaultSystemHandlerActivityPackageLPr( 348 smsIntent, userId); 349 if (smsPackage != null) { 350 grantDefaultPermissionsToDefaultSystemSmsAppLPr(smsPackage, userId); 351 } 352 } else { 353 for (String smsPackageName : smsAppPackageNames) { 354 PackageParser.Package smsPackage = getSystemPackageLPr(smsPackageName); 355 if (smsPackage != null) { 356 grantDefaultPermissionsToDefaultSystemSmsAppLPr(smsPackage, userId); 357 } 358 } 359 } 360 361 // Cell Broadcast Receiver 362 Intent cbrIntent = new Intent(Intents.SMS_CB_RECEIVED_ACTION); 363 PackageParser.Package cbrPackage = 364 getDefaultSystemHandlerActivityPackageLPr(cbrIntent, userId); 365 if (cbrPackage != null && doesPackageSupportRuntimePermissions(cbrPackage)) { 366 grantRuntimePermissionsLPw(cbrPackage, SMS_PERMISSIONS, userId); 367 } 368 369 // Carrier Provisioning Service 370 Intent carrierProvIntent = new Intent(Intents.SMS_CARRIER_PROVISION_ACTION); 371 PackageParser.Package carrierProvPackage = 372 getDefaultSystemHandlerServicePackageLPr(carrierProvIntent, userId); 373 if (carrierProvPackage != null && doesPackageSupportRuntimePermissions(carrierProvPackage)) { 374 grantRuntimePermissionsLPw(carrierProvPackage, SMS_PERMISSIONS, false, userId); 375 } 376 377 // Calendar 378 Intent calendarIntent = new Intent(Intent.ACTION_MAIN); 379 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR); 380 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackageLPr( 381 calendarIntent, userId); 382 if (calendarPackage != null 383 && doesPackageSupportRuntimePermissions(calendarPackage)) { 384 grantRuntimePermissionsLPw(calendarPackage, CALENDAR_PERMISSIONS, userId); 385 grantRuntimePermissionsLPw(calendarPackage, CONTACTS_PERMISSIONS, userId); 386 } 387 388 // Calendar provider 389 PackageParser.Package calendarProviderPackage = getDefaultProviderAuthorityPackageLPr( 390 CalendarContract.AUTHORITY, userId); 391 if (calendarProviderPackage != null) { 392 grantRuntimePermissionsLPw(calendarProviderPackage, CONTACTS_PERMISSIONS, userId); 393 grantRuntimePermissionsLPw(calendarProviderPackage, CALENDAR_PERMISSIONS, 394 true, userId); 395 grantRuntimePermissionsLPw(calendarProviderPackage, STORAGE_PERMISSIONS, userId); 396 } 397 398 // Calendar provider sync adapters 399 List<PackageParser.Package> calendarSyncAdapters = getHeadlessSyncAdapterPackagesLPr( 400 calendarSyncAdapterPackages, userId); 401 final int calendarSyncAdapterCount = calendarSyncAdapters.size(); 402 for (int i = 0; i < calendarSyncAdapterCount; i++) { 403 PackageParser.Package calendarSyncAdapter = calendarSyncAdapters.get(i); 404 if (doesPackageSupportRuntimePermissions(calendarSyncAdapter)) { 405 grantRuntimePermissionsLPw(calendarSyncAdapter, CALENDAR_PERMISSIONS, userId); 406 } 407 } 408 409 // Contacts 410 Intent contactsIntent = new Intent(Intent.ACTION_MAIN); 411 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS); 412 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackageLPr( 413 contactsIntent, userId); 414 if (contactsPackage != null 415 && doesPackageSupportRuntimePermissions(contactsPackage)) { 416 grantRuntimePermissionsLPw(contactsPackage, CONTACTS_PERMISSIONS, userId); 417 grantRuntimePermissionsLPw(contactsPackage, PHONE_PERMISSIONS, userId); 418 } 419 420 // Contacts provider sync adapters 421 List<PackageParser.Package> contactsSyncAdapters = getHeadlessSyncAdapterPackagesLPr( 422 contactsSyncAdapterPackages, userId); 423 final int contactsSyncAdapterCount = contactsSyncAdapters.size(); 424 for (int i = 0; i < contactsSyncAdapterCount; i++) { 425 PackageParser.Package contactsSyncAdapter = contactsSyncAdapters.get(i); 426 if (doesPackageSupportRuntimePermissions(contactsSyncAdapter)) { 427 grantRuntimePermissionsLPw(contactsSyncAdapter, CONTACTS_PERMISSIONS, userId); 428 } 429 } 430 431 // Contacts provider 432 PackageParser.Package contactsProviderPackage = getDefaultProviderAuthorityPackageLPr( 433 ContactsContract.AUTHORITY, userId); 434 if (contactsProviderPackage != null) { 435 grantRuntimePermissionsLPw(contactsProviderPackage, CONTACTS_PERMISSIONS, 436 true, userId); 437 grantRuntimePermissionsLPw(contactsProviderPackage, PHONE_PERMISSIONS, 438 true, userId); 439 grantRuntimePermissionsLPw(contactsProviderPackage, STORAGE_PERMISSIONS, userId); 440 } 441 442 // Device provisioning 443 Intent deviceProvisionIntent = new Intent( 444 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE); 445 PackageParser.Package deviceProvisionPackage = 446 getDefaultSystemHandlerActivityPackageLPr(deviceProvisionIntent, userId); 447 if (deviceProvisionPackage != null 448 && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) { 449 grantRuntimePermissionsLPw(deviceProvisionPackage, CONTACTS_PERMISSIONS, userId); 450 } 451 452 // Maps 453 Intent mapsIntent = new Intent(Intent.ACTION_MAIN); 454 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS); 455 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackageLPr( 456 mapsIntent, userId); 457 if (mapsPackage != null 458 && doesPackageSupportRuntimePermissions(mapsPackage)) { 459 grantRuntimePermissionsLPw(mapsPackage, LOCATION_PERMISSIONS, userId); 460 } 461 462 // Gallery 463 Intent galleryIntent = new Intent(Intent.ACTION_MAIN); 464 galleryIntent.addCategory(Intent.CATEGORY_APP_GALLERY); 465 PackageParser.Package galleryPackage = getDefaultSystemHandlerActivityPackageLPr( 466 galleryIntent, userId); 467 if (galleryPackage != null 468 && doesPackageSupportRuntimePermissions(galleryPackage)) { 469 grantRuntimePermissionsLPw(galleryPackage, STORAGE_PERMISSIONS, userId); 470 } 471 472 // Email 473 Intent emailIntent = new Intent(Intent.ACTION_MAIN); 474 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL); 475 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackageLPr( 476 emailIntent, userId); 477 if (emailPackage != null 478 && doesPackageSupportRuntimePermissions(emailPackage)) { 479 grantRuntimePermissionsLPw(emailPackage, CONTACTS_PERMISSIONS, userId); 480 } 481 482 // Browser 483 PackageParser.Package browserPackage = null; 484 String defaultBrowserPackage = mService.getDefaultBrowserPackageName(userId); 485 if (defaultBrowserPackage != null) { 486 browserPackage = getPackageLPr(defaultBrowserPackage); 487 } 488 if (browserPackage == null) { 489 Intent browserIntent = new Intent(Intent.ACTION_MAIN); 490 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER); 491 browserPackage = getDefaultSystemHandlerActivityPackageLPr( 492 browserIntent, userId); 493 } 494 if (browserPackage != null 495 && doesPackageSupportRuntimePermissions(browserPackage)) { 496 grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, userId); 497 } 498 499 // IME 500 if (imePackageNames != null) { 501 for (String imePackageName : imePackageNames) { 502 PackageParser.Package imePackage = getSystemPackageLPr(imePackageName); 503 if (imePackage != null 504 && doesPackageSupportRuntimePermissions(imePackage)) { 505 grantRuntimePermissionsLPw(imePackage, CONTACTS_PERMISSIONS, userId); 506 } 507 } 508 } 509 510 // Voice interaction 511 if (voiceInteractPackageNames != null) { 512 for (String voiceInteractPackageName : voiceInteractPackageNames) { 513 PackageParser.Package voiceInteractPackage = getSystemPackageLPr( 514 voiceInteractPackageName); 515 if (voiceInteractPackage != null 516 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) { 517 grantRuntimePermissionsLPw(voiceInteractPackage, 518 CONTACTS_PERMISSIONS, userId); 519 grantRuntimePermissionsLPw(voiceInteractPackage, 520 CALENDAR_PERMISSIONS, userId); 521 grantRuntimePermissionsLPw(voiceInteractPackage, 522 MICROPHONE_PERMISSIONS, userId); 523 grantRuntimePermissionsLPw(voiceInteractPackage, 524 PHONE_PERMISSIONS, userId); 525 grantRuntimePermissionsLPw(voiceInteractPackage, 526 SMS_PERMISSIONS, userId); 527 grantRuntimePermissionsLPw(voiceInteractPackage, 528 LOCATION_PERMISSIONS, userId); 529 } 530 } 531 } 532 533 // Voice recognition 534 Intent voiceRecoIntent = new Intent("android.speech.RecognitionService"); 535 voiceRecoIntent.addCategory(Intent.CATEGORY_DEFAULT); 536 PackageParser.Package voiceRecoPackage = getDefaultSystemHandlerServicePackageLPr( 537 voiceRecoIntent, userId); 538 if (voiceRecoPackage != null 539 && doesPackageSupportRuntimePermissions(voiceRecoPackage)) { 540 grantRuntimePermissionsLPw(voiceRecoPackage, MICROPHONE_PERMISSIONS, userId); 541 } 542 543 // Location 544 if (locationPackageNames != null) { 545 for (String packageName : locationPackageNames) { 546 PackageParser.Package locationPackage = getSystemPackageLPr(packageName); 547 if (locationPackage != null 548 && doesPackageSupportRuntimePermissions(locationPackage)) { 549 grantRuntimePermissionsLPw(locationPackage, CONTACTS_PERMISSIONS, userId); 550 grantRuntimePermissionsLPw(locationPackage, CALENDAR_PERMISSIONS, userId); 551 grantRuntimePermissionsLPw(locationPackage, MICROPHONE_PERMISSIONS, userId); 552 grantRuntimePermissionsLPw(locationPackage, PHONE_PERMISSIONS, userId); 553 grantRuntimePermissionsLPw(locationPackage, SMS_PERMISSIONS, userId); 554 grantRuntimePermissionsLPw(locationPackage, LOCATION_PERMISSIONS, 555 true, userId); 556 grantRuntimePermissionsLPw(locationPackage, CAMERA_PERMISSIONS, userId); 557 grantRuntimePermissionsLPw(locationPackage, SENSORS_PERMISSIONS, userId); 558 grantRuntimePermissionsLPw(locationPackage, STORAGE_PERMISSIONS, userId); 559 } 560 } 561 } 562 563 // Music 564 Intent musicIntent = new Intent(Intent.ACTION_VIEW); 565 musicIntent.addCategory(Intent.CATEGORY_DEFAULT); 566 musicIntent.setDataAndType(Uri.fromFile(new File("foo.mp3")), 567 AUDIO_MIME_TYPE); 568 PackageParser.Package musicPackage = getDefaultSystemHandlerActivityPackageLPr( 569 musicIntent, userId); 570 if (musicPackage != null 571 && doesPackageSupportRuntimePermissions(musicPackage)) { 572 grantRuntimePermissionsLPw(musicPackage, STORAGE_PERMISSIONS, userId); 573 } 574 575 mService.mSettings.onDefaultRuntimePermissionsGrantedLPr(userId); 576 } 577 } 578 579 private void grantDefaultPermissionsToDefaultSystemDialerAppLPr( 580 PackageParser.Package dialerPackage, int userId) { 581 if (doesPackageSupportRuntimePermissions(dialerPackage)) { 582 grantRuntimePermissionsLPw(dialerPackage, PHONE_PERMISSIONS, userId); 583 grantRuntimePermissionsLPw(dialerPackage, CONTACTS_PERMISSIONS, userId); 584 grantRuntimePermissionsLPw(dialerPackage, SMS_PERMISSIONS, userId); 585 grantRuntimePermissionsLPw(dialerPackage, MICROPHONE_PERMISSIONS, userId); 586 } 587 } 588 589 private void grantDefaultPermissionsToDefaultSystemSmsAppLPr( 590 PackageParser.Package smsPackage, int userId) { 591 if (doesPackageSupportRuntimePermissions(smsPackage)) { 592 grantRuntimePermissionsLPw(smsPackage, PHONE_PERMISSIONS, userId); 593 grantRuntimePermissionsLPw(smsPackage, CONTACTS_PERMISSIONS, userId); 594 grantRuntimePermissionsLPw(smsPackage, SMS_PERMISSIONS, userId); 595 } 596 } 597 598 public void grantDefaultPermissionsToDefaultSmsAppLPr(String packageName, int userId) { 599 Log.i(TAG, "Granting permissions to default sms app for user:" + userId); 600 if (packageName == null) { 601 return; 602 } 603 PackageParser.Package smsPackage = getPackageLPr(packageName); 604 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) { 605 grantRuntimePermissionsLPw(smsPackage, PHONE_PERMISSIONS, false, true, userId); 606 grantRuntimePermissionsLPw(smsPackage, CONTACTS_PERMISSIONS, false, true, userId); 607 grantRuntimePermissionsLPw(smsPackage, SMS_PERMISSIONS, false, true, userId); 608 } 609 } 610 611 public void grantDefaultPermissionsToDefaultDialerAppLPr(String packageName, int userId) { 612 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId); 613 if (packageName == null) { 614 return; 615 } 616 PackageParser.Package dialerPackage = getPackageLPr(packageName); 617 if (dialerPackage != null 618 && doesPackageSupportRuntimePermissions(dialerPackage)) { 619 grantRuntimePermissionsLPw(dialerPackage, PHONE_PERMISSIONS, false, true, userId); 620 grantRuntimePermissionsLPw(dialerPackage, CONTACTS_PERMISSIONS, false, true, userId); 621 grantRuntimePermissionsLPw(dialerPackage, SMS_PERMISSIONS, false, true, userId); 622 grantRuntimePermissionsLPw(dialerPackage, MICROPHONE_PERMISSIONS, false, true, userId); 623 } 624 } 625 626 private void grantDefaultPermissionsToDefaultSimCallManagerLPr( 627 PackageParser.Package simCallManagerPackage, int userId) { 628 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId); 629 if (doesPackageSupportRuntimePermissions(simCallManagerPackage)) { 630 grantRuntimePermissionsLPw(simCallManagerPackage, PHONE_PERMISSIONS, userId); 631 grantRuntimePermissionsLPw(simCallManagerPackage, MICROPHONE_PERMISSIONS, userId); 632 } 633 } 634 635 public void grantDefaultPermissionsToDefaultSimCallManagerLPr(String packageName, int userId) { 636 if (packageName == null) { 637 return; 638 } 639 PackageParser.Package simCallManagerPackage = getPackageLPr(packageName); 640 if (simCallManagerPackage != null) { 641 grantDefaultPermissionsToDefaultSimCallManagerLPr(simCallManagerPackage, userId); 642 } 643 } 644 645 public void grantDefaultPermissionsToEnabledCarrierAppsLPr(String[] packageNames, int userId) { 646 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId); 647 if (packageNames == null) { 648 return; 649 } 650 for (String packageName : packageNames) { 651 PackageParser.Package carrierPackage = getSystemPackageLPr(packageName); 652 if (carrierPackage != null 653 && doesPackageSupportRuntimePermissions(carrierPackage)) { 654 grantRuntimePermissionsLPw(carrierPackage, PHONE_PERMISSIONS, userId); 655 grantRuntimePermissionsLPw(carrierPackage, LOCATION_PERMISSIONS, userId); 656 grantRuntimePermissionsLPw(carrierPackage, SMS_PERMISSIONS, userId); 657 } 658 } 659 } 660 661 public void grantDefaultPermissionsToDefaultBrowserLPr(String packageName, int userId) { 662 Log.i(TAG, "Granting permissions to default browser for user:" + userId); 663 if (packageName == null) { 664 return; 665 } 666 PackageParser.Package browserPackage = getSystemPackageLPr(packageName); 667 if (browserPackage != null 668 && doesPackageSupportRuntimePermissions(browserPackage)) { 669 grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, false, false, userId); 670 } 671 } 672 673 private PackageParser.Package getDefaultSystemHandlerActivityPackageLPr( 674 Intent intent, int userId) { 675 ResolveInfo handler = mService.resolveIntent(intent, 676 intent.resolveType(mService.mContext.getContentResolver()), 0, userId); 677 if (handler == null || handler.activityInfo == null) { 678 return null; 679 } 680 ActivityInfo activityInfo = handler.activityInfo; 681 if (activityInfo.packageName.equals(mService.mResolveActivity.packageName) 682 && activityInfo.name.equals(mService.mResolveActivity.name)) { 683 return null; 684 } 685 return getSystemPackageLPr(handler.activityInfo.packageName); 686 } 687 688 private PackageParser.Package getDefaultSystemHandlerServicePackageLPr( 689 Intent intent, int userId) { 690 List<ResolveInfo> handlers = mService.queryIntentServices(intent, 691 intent.resolveType(mService.mContext.getContentResolver()), 0, userId); 692 if (handlers == null) { 693 return null; 694 } 695 final int handlerCount = handlers.size(); 696 for (int i = 0; i < handlerCount; i++) { 697 ResolveInfo handler = handlers.get(i); 698 PackageParser.Package handlerPackage = getSystemPackageLPr( 699 handler.serviceInfo.packageName); 700 if (handlerPackage != null) { 701 return handlerPackage; 702 } 703 } 704 return null; 705 } 706 707 private List<PackageParser.Package> getHeadlessSyncAdapterPackagesLPr( 708 String[] syncAdapterPackageNames, int userId) { 709 List<PackageParser.Package> syncAdapterPackages = new ArrayList<>(); 710 711 Intent homeIntent = new Intent(Intent.ACTION_MAIN); 712 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER); 713 714 for (String syncAdapterPackageName : syncAdapterPackageNames) { 715 homeIntent.setPackage(syncAdapterPackageName); 716 717 ResolveInfo homeActivity = mService.resolveIntent(homeIntent, 718 homeIntent.resolveType(mService.mContext.getContentResolver()), 0, userId); 719 if (homeActivity != null) { 720 continue; 721 } 722 723 PackageParser.Package syncAdapterPackage = getSystemPackageLPr(syncAdapterPackageName); 724 if (syncAdapterPackage != null) { 725 syncAdapterPackages.add(syncAdapterPackage); 726 } 727 } 728 729 return syncAdapterPackages; 730 } 731 732 private PackageParser.Package getDefaultProviderAuthorityPackageLPr( 733 String authority, int userId) { 734 ProviderInfo provider = mService.resolveContentProvider(authority, 0, userId); 735 if (provider != null) { 736 return getSystemPackageLPr(provider.packageName); 737 } 738 return null; 739 } 740 741 private PackageParser.Package getPackageLPr(String packageName) { 742 return mService.mPackages.get(packageName); 743 } 744 745 private PackageParser.Package getSystemPackageLPr(String packageName) { 746 PackageParser.Package pkg = getPackageLPr(packageName); 747 if (pkg != null && pkg.isSystemApp()) { 748 return !isSysComponentOrPersistentPlatformSignedPrivAppLPr(pkg) ? pkg : null; 749 } 750 return null; 751 } 752 753 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 754 int userId) { 755 grantRuntimePermissionsLPw(pkg, permissions, false, false, userId); 756 } 757 758 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 759 boolean systemFixed, int userId) { 760 grantRuntimePermissionsLPw(pkg, permissions, systemFixed, false, userId); 761 } 762 763 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 764 boolean systemFixed, boolean overrideUserChoice, int userId) { 765 if (pkg.requestedPermissions.isEmpty()) { 766 return; 767 } 768 769 List<String> requestedPermissions = pkg.requestedPermissions; 770 Set<String> grantablePermissions = null; 771 772 if (pkg.isUpdatedSystemApp()) { 773 PackageSetting sysPs = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName); 774 if (sysPs != null) { 775 if (sysPs.pkg.requestedPermissions.isEmpty()) { 776 return; 777 } 778 if (!requestedPermissions.equals(sysPs.pkg.requestedPermissions)) { 779 grantablePermissions = new ArraySet<>(requestedPermissions); 780 requestedPermissions = sysPs.pkg.requestedPermissions; 781 } 782 } 783 } 784 785 final int grantablePermissionCount = requestedPermissions.size(); 786 for (int i = 0; i < grantablePermissionCount; i++) { 787 String permission = requestedPermissions.get(i); 788 789 // If there is a disabled system app it may request a permission the updated 790 // version ot the data partition doesn't, In this case skip the permission. 791 if (grantablePermissions != null && !grantablePermissions.contains(permission)) { 792 continue; 793 } 794 795 if (permissions.contains(permission)) { 796 final int flags = mService.getPermissionFlags(permission, pkg.packageName, userId); 797 798 // If any flags are set to the permission, then it is either set in 799 // its current state by the system or device/profile owner or the user. 800 // In all these cases we do not want to clobber the current state. 801 // Unless the caller wants to override user choices. The override is 802 // to make sure we can grant the needed permission to the default 803 // sms and phone apps after the user chooses this in the UI. 804 if (flags == 0 || overrideUserChoice) { 805 // Never clobber policy or system. 806 final int fixedFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED 807 | PackageManager.FLAG_PERMISSION_POLICY_FIXED; 808 if ((flags & fixedFlags) != 0) { 809 continue; 810 } 811 812 mService.grantRuntimePermission(pkg.packageName, permission, userId); 813 if (DEBUG) { 814 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ") 815 + permission + " to default handler " + pkg.packageName); 816 } 817 818 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT; 819 if (systemFixed) { 820 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; 821 } 822 823 mService.updatePermissionFlags(permission, pkg.packageName, 824 newFlags, newFlags, userId); 825 } 826 827 // If a component gets a permission for being the default handler A 828 // and also default handler B, we grant the weaker grant form. 829 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0 830 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 831 && !systemFixed) { 832 if (DEBUG) { 833 Log.i(TAG, "Granted not fixed " + permission + " to default handler " 834 + pkg.packageName); 835 } 836 mService.updatePermissionFlags(permission, pkg.packageName, 837 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, userId); 838 } 839 } 840 } 841 } 842 843 private boolean isSysComponentOrPersistentPlatformSignedPrivAppLPr(PackageParser.Package pkg) { 844 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) { 845 return true; 846 } 847 if (!pkg.isPrivilegedApp()) { 848 return false; 849 } 850 PackageSetting sysPkg = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName); 851 if (sysPkg != null && sysPkg.pkg != null) { 852 if ((sysPkg.pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 853 return false; 854 } 855 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 856 return false; 857 } 858 return PackageManagerService.compareSignatures(mService.mPlatformPackage.mSignatures, 859 pkg.mSignatures) == PackageManager.SIGNATURE_MATCH; 860 } 861 862 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) { 863 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1; 864 } 865} 866