1/* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.pm; 18 19import android.Manifest; 20import android.annotation.NonNull; 21import android.app.DownloadManager; 22import android.app.admin.DevicePolicyManager; 23import android.companion.CompanionDeviceManager; 24import android.content.Intent; 25import android.content.pm.ActivityInfo; 26import android.content.pm.ApplicationInfo; 27import android.content.pm.PackageManager; 28import android.content.pm.PackageManagerInternal.PackagesProvider; 29import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider; 30import android.content.pm.PackageParser; 31import android.content.pm.ProviderInfo; 32import android.content.pm.ResolveInfo; 33import android.net.Uri; 34import android.os.Build; 35import android.os.Environment; 36import android.os.Handler; 37import android.os.Message; 38import android.os.UserHandle; 39import android.os.storage.StorageManager; 40import android.print.PrintManager; 41import android.provider.CalendarContract; 42import android.provider.ContactsContract; 43import android.provider.MediaStore; 44import android.provider.Telephony.Sms.Intents; 45import android.telephony.TelephonyManager; 46import android.security.Credentials; 47import android.util.ArrayMap; 48import android.util.ArraySet; 49import android.util.Log; 50import android.util.Slog; 51import android.util.Xml; 52import com.android.internal.util.XmlUtils; 53import org.xmlpull.v1.XmlPullParser; 54import org.xmlpull.v1.XmlPullParserException; 55 56import java.io.BufferedInputStream; 57import java.io.File; 58import java.io.FileInputStream; 59import java.io.IOException; 60import java.io.InputStream; 61import java.util.ArrayList; 62import java.util.Collections; 63import java.util.List; 64import java.util.Map; 65import java.util.Set; 66 67import static android.os.Process.FIRST_APPLICATION_UID; 68 69/** 70 * This class is the policy for granting runtime permissions to 71 * platform components and default handlers in the system such 72 * that the device is usable out-of-the-box. For example, the 73 * shell UID is a part of the system and the Phone app should 74 * have phone related permission by default. 75 */ 76final class DefaultPermissionGrantPolicy { 77 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars 78 private static final boolean DEBUG = false; 79 80 private static final int DEFAULT_FLAGS = 81 PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE 82 | PackageManager.MATCH_UNINSTALLED_PACKAGES; 83 84 private static final String AUDIO_MIME_TYPE = "audio/mpeg"; 85 86 private static final String TAG_EXCEPTIONS = "exceptions"; 87 private static final String TAG_EXCEPTION = "exception"; 88 private static final String TAG_PERMISSION = "permission"; 89 private static final String ATTR_PACKAGE = "package"; 90 private static final String ATTR_NAME = "name"; 91 private static final String ATTR_FIXED = "fixed"; 92 93 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>(); 94 static { 95 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE); 96 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE); 97 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG); 98 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG); 99 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL); 100 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP); 101 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS); 102 } 103 104 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>(); 105 static { 106 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS); 107 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS); 108 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS); 109 } 110 111 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>(); 112 static { 113 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION); 114 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION); 115 } 116 117 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>(); 118 static { 119 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR); 120 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR); 121 } 122 123 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>(); 124 static { 125 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS); 126 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS); 127 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS); 128 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH); 129 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS); 130 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS); 131 } 132 133 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>(); 134 static { 135 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO); 136 } 137 138 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>(); 139 static { 140 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA); 141 } 142 143 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>(); 144 static { 145 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS); 146 } 147 148 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>(); 149 static { 150 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE); 151 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE); 152 } 153 154 private static final int MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS = 1; 155 156 private static final String ACTION_TRACK = "com.android.fitness.TRACK"; 157 158 private final PackageManagerService mService; 159 private final Handler mHandler; 160 161 private PackagesProvider mLocationPackagesProvider; 162 private PackagesProvider mVoiceInteractionPackagesProvider; 163 private PackagesProvider mSmsAppPackagesProvider; 164 private PackagesProvider mDialerAppPackagesProvider; 165 private PackagesProvider mSimCallManagerPackagesProvider; 166 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider; 167 168 private ArrayMap<String, List<DefaultPermissionGrant>> mGrantExceptions; 169 170 public DefaultPermissionGrantPolicy(PackageManagerService service) { 171 mService = service; 172 mHandler = new Handler(mService.mHandlerThread.getLooper()) { 173 @Override 174 public void handleMessage(Message msg) { 175 if (msg.what == MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS) { 176 synchronized (mService.mPackages) { 177 if (mGrantExceptions == null) { 178 mGrantExceptions = readDefaultPermissionExceptionsLPw(); 179 } 180 } 181 } 182 } 183 }; 184 } 185 186 public void setLocationPackagesProviderLPw(PackagesProvider provider) { 187 mLocationPackagesProvider = provider; 188 } 189 190 public void setVoiceInteractionPackagesProviderLPw(PackagesProvider provider) { 191 mVoiceInteractionPackagesProvider = provider; 192 } 193 194 public void setSmsAppPackagesProviderLPw(PackagesProvider provider) { 195 mSmsAppPackagesProvider = provider; 196 } 197 198 public void setDialerAppPackagesProviderLPw(PackagesProvider provider) { 199 mDialerAppPackagesProvider = provider; 200 } 201 202 public void setSimCallManagerPackagesProviderLPw(PackagesProvider provider) { 203 mSimCallManagerPackagesProvider = provider; 204 } 205 206 public void setSyncAdapterPackagesProviderLPw(SyncAdapterPackagesProvider provider) { 207 mSyncAdapterPackagesProvider = provider; 208 } 209 210 public void grantDefaultPermissions(int userId) { 211 if (mService.hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) { 212 grantAllRuntimePermissions(userId); 213 } else { 214 grantPermissionsToSysComponentsAndPrivApps(userId); 215 grantDefaultSystemHandlerPermissions(userId); 216 grantDefaultPermissionExceptions(userId); 217 } 218 } 219 220 private void grantRuntimePermissionsForPackageLocked(int userId, PackageParser.Package pkg) { 221 Set<String> permissions = new ArraySet<>(); 222 for (String permission : pkg.requestedPermissions) { 223 BasePermission bp = mService.mSettings.mPermissions.get(permission); 224 if (bp != null && bp.isRuntime()) { 225 permissions.add(permission); 226 } 227 } 228 if (!permissions.isEmpty()) { 229 grantRuntimePermissionsLPw(pkg, permissions, true, userId); 230 } 231 } 232 233 private void grantAllRuntimePermissions(int userId) { 234 Log.i(TAG, "Granting all runtime permissions for user " + userId); 235 synchronized (mService.mPackages) { 236 for (PackageParser.Package pkg : mService.mPackages.values()) { 237 grantRuntimePermissionsForPackageLocked(userId, pkg); 238 } 239 } 240 } 241 242 public void scheduleReadDefaultPermissionExceptions() { 243 mHandler.sendEmptyMessage(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS); 244 } 245 246 private void grantPermissionsToSysComponentsAndPrivApps(int userId) { 247 Log.i(TAG, "Granting permissions to platform components for user " + userId); 248 249 synchronized (mService.mPackages) { 250 for (PackageParser.Package pkg : mService.mPackages.values()) { 251 if (!isSysComponentOrPersistentPlatformSignedPrivAppLPr(pkg) 252 || !doesPackageSupportRuntimePermissions(pkg) 253 || pkg.requestedPermissions.isEmpty()) { 254 continue; 255 } 256 grantRuntimePermissionsForPackageLocked(userId, pkg); 257 } 258 } 259 } 260 261 private void grantDefaultSystemHandlerPermissions(int userId) { 262 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId); 263 264 final PackagesProvider locationPackagesProvider; 265 final PackagesProvider voiceInteractionPackagesProvider; 266 final PackagesProvider smsAppPackagesProvider; 267 final PackagesProvider dialerAppPackagesProvider; 268 final PackagesProvider simCallManagerPackagesProvider; 269 final SyncAdapterPackagesProvider syncAdapterPackagesProvider; 270 271 synchronized (mService.mPackages) { 272 locationPackagesProvider = mLocationPackagesProvider; 273 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider; 274 smsAppPackagesProvider = mSmsAppPackagesProvider; 275 dialerAppPackagesProvider = mDialerAppPackagesProvider; 276 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider; 277 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider; 278 } 279 280 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null) 281 ? voiceInteractionPackagesProvider.getPackages(userId) : null; 282 String[] locationPackageNames = (locationPackagesProvider != null) 283 ? locationPackagesProvider.getPackages(userId) : null; 284 String[] smsAppPackageNames = (smsAppPackagesProvider != null) 285 ? smsAppPackagesProvider.getPackages(userId) : null; 286 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null) 287 ? dialerAppPackagesProvider.getPackages(userId) : null; 288 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null) 289 ? simCallManagerPackagesProvider.getPackages(userId) : null; 290 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 291 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null; 292 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 293 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null; 294 295 synchronized (mService.mPackages) { 296 // Installer 297 PackageParser.Package installerPackage = getSystemPackageLPr( 298 mService.mRequiredInstallerPackage); 299 if (installerPackage != null 300 && doesPackageSupportRuntimePermissions(installerPackage)) { 301 grantRuntimePermissionsLPw(installerPackage, STORAGE_PERMISSIONS, true, userId); 302 } 303 304 // Verifier 305 PackageParser.Package verifierPackage = getSystemPackageLPr( 306 mService.mRequiredVerifierPackage); 307 if (verifierPackage != null 308 && doesPackageSupportRuntimePermissions(verifierPackage)) { 309 grantRuntimePermissionsLPw(verifierPackage, STORAGE_PERMISSIONS, true, userId); 310 grantRuntimePermissionsLPw(verifierPackage, PHONE_PERMISSIONS, false, userId); 311 grantRuntimePermissionsLPw(verifierPackage, SMS_PERMISSIONS, false, userId); 312 } 313 314 // SetupWizard 315 PackageParser.Package setupPackage = getSystemPackageLPr( 316 mService.mSetupWizardPackage); 317 if (setupPackage != null 318 && doesPackageSupportRuntimePermissions(setupPackage)) { 319 grantRuntimePermissionsLPw(setupPackage, PHONE_PERMISSIONS, userId); 320 grantRuntimePermissionsLPw(setupPackage, CONTACTS_PERMISSIONS, userId); 321 grantRuntimePermissionsLPw(setupPackage, LOCATION_PERMISSIONS, userId); 322 grantRuntimePermissionsLPw(setupPackage, CAMERA_PERMISSIONS, userId); 323 } 324 325 // Camera 326 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE); 327 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackageLPr( 328 cameraIntent, userId); 329 if (cameraPackage != null 330 && doesPackageSupportRuntimePermissions(cameraPackage)) { 331 grantRuntimePermissionsLPw(cameraPackage, CAMERA_PERMISSIONS, userId); 332 grantRuntimePermissionsLPw(cameraPackage, MICROPHONE_PERMISSIONS, userId); 333 grantRuntimePermissionsLPw(cameraPackage, STORAGE_PERMISSIONS, userId); 334 } 335 336 // Media provider 337 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackageLPr( 338 MediaStore.AUTHORITY, userId); 339 if (mediaStorePackage != null) { 340 grantRuntimePermissionsLPw(mediaStorePackage, STORAGE_PERMISSIONS, true, userId); 341 } 342 343 // Downloads provider 344 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackageLPr( 345 "downloads", userId); 346 if (downloadsPackage != null) { 347 grantRuntimePermissionsLPw(downloadsPackage, STORAGE_PERMISSIONS, true, userId); 348 } 349 350 // Downloads UI 351 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS); 352 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackageLPr( 353 downloadsUiIntent, userId); 354 if (downloadsUiPackage != null 355 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) { 356 grantRuntimePermissionsLPw(downloadsUiPackage, STORAGE_PERMISSIONS, true, userId); 357 } 358 359 // Storage provider 360 PackageParser.Package storagePackage = getDefaultProviderAuthorityPackageLPr( 361 "com.android.externalstorage.documents", userId); 362 if (storagePackage != null) { 363 grantRuntimePermissionsLPw(storagePackage, STORAGE_PERMISSIONS, true, userId); 364 } 365 366 // CertInstaller 367 Intent certInstallerIntent = new Intent(Credentials.INSTALL_ACTION); 368 PackageParser.Package certInstallerPackage = getDefaultSystemHandlerActivityPackageLPr( 369 certInstallerIntent, userId); 370 if (certInstallerPackage != null 371 && doesPackageSupportRuntimePermissions(certInstallerPackage)) { 372 grantRuntimePermissionsLPw(certInstallerPackage, STORAGE_PERMISSIONS, true, userId); 373 } 374 375 // Dialer 376 if (dialerAppPackageNames == null) { 377 Intent dialerIntent = new Intent(Intent.ACTION_DIAL); 378 PackageParser.Package dialerPackage = getDefaultSystemHandlerActivityPackageLPr( 379 dialerIntent, userId); 380 if (dialerPackage != null) { 381 grantDefaultPermissionsToDefaultSystemDialerAppLPr(dialerPackage, userId); 382 } 383 } else { 384 for (String dialerAppPackageName : dialerAppPackageNames) { 385 PackageParser.Package dialerPackage = getSystemPackageLPr(dialerAppPackageName); 386 if (dialerPackage != null) { 387 grantDefaultPermissionsToDefaultSystemDialerAppLPr(dialerPackage, userId); 388 } 389 } 390 } 391 392 // Sim call manager 393 if (simCallManagerPackageNames != null) { 394 for (String simCallManagerPackageName : simCallManagerPackageNames) { 395 PackageParser.Package simCallManagerPackage = 396 getSystemPackageLPr(simCallManagerPackageName); 397 if (simCallManagerPackage != null) { 398 grantDefaultPermissionsToDefaultSimCallManagerLPr(simCallManagerPackage, 399 userId); 400 } 401 } 402 } 403 404 // SMS 405 if (smsAppPackageNames == null) { 406 Intent smsIntent = new Intent(Intent.ACTION_MAIN); 407 smsIntent.addCategory(Intent.CATEGORY_APP_MESSAGING); 408 PackageParser.Package smsPackage = getDefaultSystemHandlerActivityPackageLPr( 409 smsIntent, userId); 410 if (smsPackage != null) { 411 grantDefaultPermissionsToDefaultSystemSmsAppLPr(smsPackage, userId); 412 } 413 } else { 414 for (String smsPackageName : smsAppPackageNames) { 415 PackageParser.Package smsPackage = getSystemPackageLPr(smsPackageName); 416 if (smsPackage != null) { 417 grantDefaultPermissionsToDefaultSystemSmsAppLPr(smsPackage, userId); 418 } 419 } 420 } 421 422 // Cell Broadcast Receiver 423 Intent cbrIntent = new Intent(Intents.SMS_CB_RECEIVED_ACTION); 424 PackageParser.Package cbrPackage = 425 getDefaultSystemHandlerActivityPackageLPr(cbrIntent, userId); 426 if (cbrPackage != null && doesPackageSupportRuntimePermissions(cbrPackage)) { 427 grantRuntimePermissionsLPw(cbrPackage, SMS_PERMISSIONS, userId); 428 } 429 430 // Carrier Provisioning Service 431 Intent carrierProvIntent = new Intent(Intents.SMS_CARRIER_PROVISION_ACTION); 432 PackageParser.Package carrierProvPackage = 433 getDefaultSystemHandlerServicePackageLPr(carrierProvIntent, userId); 434 if (carrierProvPackage != null && doesPackageSupportRuntimePermissions(carrierProvPackage)) { 435 grantRuntimePermissionsLPw(carrierProvPackage, SMS_PERMISSIONS, false, userId); 436 } 437 438 // Calendar 439 Intent calendarIntent = new Intent(Intent.ACTION_MAIN); 440 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR); 441 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackageLPr( 442 calendarIntent, userId); 443 if (calendarPackage != null 444 && doesPackageSupportRuntimePermissions(calendarPackage)) { 445 grantRuntimePermissionsLPw(calendarPackage, CALENDAR_PERMISSIONS, userId); 446 grantRuntimePermissionsLPw(calendarPackage, CONTACTS_PERMISSIONS, userId); 447 } 448 449 // Calendar provider 450 PackageParser.Package calendarProviderPackage = getDefaultProviderAuthorityPackageLPr( 451 CalendarContract.AUTHORITY, userId); 452 if (calendarProviderPackage != null) { 453 grantRuntimePermissionsLPw(calendarProviderPackage, CONTACTS_PERMISSIONS, userId); 454 grantRuntimePermissionsLPw(calendarProviderPackage, CALENDAR_PERMISSIONS, 455 true, userId); 456 grantRuntimePermissionsLPw(calendarProviderPackage, STORAGE_PERMISSIONS, userId); 457 } 458 459 // Calendar provider sync adapters 460 List<PackageParser.Package> calendarSyncAdapters = getHeadlessSyncAdapterPackagesLPr( 461 calendarSyncAdapterPackages, userId); 462 final int calendarSyncAdapterCount = calendarSyncAdapters.size(); 463 for (int i = 0; i < calendarSyncAdapterCount; i++) { 464 PackageParser.Package calendarSyncAdapter = calendarSyncAdapters.get(i); 465 if (doesPackageSupportRuntimePermissions(calendarSyncAdapter)) { 466 grantRuntimePermissionsLPw(calendarSyncAdapter, CALENDAR_PERMISSIONS, userId); 467 } 468 } 469 470 // Contacts 471 Intent contactsIntent = new Intent(Intent.ACTION_MAIN); 472 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS); 473 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackageLPr( 474 contactsIntent, userId); 475 if (contactsPackage != null 476 && doesPackageSupportRuntimePermissions(contactsPackage)) { 477 grantRuntimePermissionsLPw(contactsPackage, CONTACTS_PERMISSIONS, userId); 478 grantRuntimePermissionsLPw(contactsPackage, PHONE_PERMISSIONS, userId); 479 } 480 481 // Contacts provider sync adapters 482 List<PackageParser.Package> contactsSyncAdapters = getHeadlessSyncAdapterPackagesLPr( 483 contactsSyncAdapterPackages, userId); 484 final int contactsSyncAdapterCount = contactsSyncAdapters.size(); 485 for (int i = 0; i < contactsSyncAdapterCount; i++) { 486 PackageParser.Package contactsSyncAdapter = contactsSyncAdapters.get(i); 487 if (doesPackageSupportRuntimePermissions(contactsSyncAdapter)) { 488 grantRuntimePermissionsLPw(contactsSyncAdapter, CONTACTS_PERMISSIONS, userId); 489 } 490 } 491 492 // Contacts provider 493 PackageParser.Package contactsProviderPackage = getDefaultProviderAuthorityPackageLPr( 494 ContactsContract.AUTHORITY, userId); 495 if (contactsProviderPackage != null) { 496 grantRuntimePermissionsLPw(contactsProviderPackage, CONTACTS_PERMISSIONS, 497 true, userId); 498 grantRuntimePermissionsLPw(contactsProviderPackage, PHONE_PERMISSIONS, 499 true, userId); 500 grantRuntimePermissionsLPw(contactsProviderPackage, STORAGE_PERMISSIONS, userId); 501 } 502 503 // Device provisioning 504 Intent deviceProvisionIntent = new Intent( 505 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE); 506 PackageParser.Package deviceProvisionPackage = 507 getDefaultSystemHandlerActivityPackageLPr(deviceProvisionIntent, userId); 508 if (deviceProvisionPackage != null 509 && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) { 510 grantRuntimePermissionsLPw(deviceProvisionPackage, CONTACTS_PERMISSIONS, userId); 511 } 512 513 // Maps 514 Intent mapsIntent = new Intent(Intent.ACTION_MAIN); 515 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS); 516 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackageLPr( 517 mapsIntent, userId); 518 if (mapsPackage != null 519 && doesPackageSupportRuntimePermissions(mapsPackage)) { 520 grantRuntimePermissionsLPw(mapsPackage, LOCATION_PERMISSIONS, userId); 521 } 522 523 // Gallery 524 Intent galleryIntent = new Intent(Intent.ACTION_MAIN); 525 galleryIntent.addCategory(Intent.CATEGORY_APP_GALLERY); 526 PackageParser.Package galleryPackage = getDefaultSystemHandlerActivityPackageLPr( 527 galleryIntent, userId); 528 if (galleryPackage != null 529 && doesPackageSupportRuntimePermissions(galleryPackage)) { 530 grantRuntimePermissionsLPw(galleryPackage, STORAGE_PERMISSIONS, userId); 531 } 532 533 // Email 534 Intent emailIntent = new Intent(Intent.ACTION_MAIN); 535 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL); 536 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackageLPr( 537 emailIntent, userId); 538 if (emailPackage != null 539 && doesPackageSupportRuntimePermissions(emailPackage)) { 540 grantRuntimePermissionsLPw(emailPackage, CONTACTS_PERMISSIONS, userId); 541 grantRuntimePermissionsLPw(emailPackage, CALENDAR_PERMISSIONS, userId); 542 } 543 544 // Browser 545 PackageParser.Package browserPackage = null; 546 String defaultBrowserPackage = mService.getDefaultBrowserPackageName(userId); 547 if (defaultBrowserPackage != null) { 548 browserPackage = getPackageLPr(defaultBrowserPackage); 549 } 550 if (browserPackage == null) { 551 Intent browserIntent = new Intent(Intent.ACTION_MAIN); 552 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER); 553 browserPackage = getDefaultSystemHandlerActivityPackageLPr( 554 browserIntent, userId); 555 } 556 if (browserPackage != null 557 && doesPackageSupportRuntimePermissions(browserPackage)) { 558 grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, userId); 559 } 560 561 // Voice interaction 562 if (voiceInteractPackageNames != null) { 563 for (String voiceInteractPackageName : voiceInteractPackageNames) { 564 PackageParser.Package voiceInteractPackage = getSystemPackageLPr( 565 voiceInteractPackageName); 566 if (voiceInteractPackage != null 567 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) { 568 grantRuntimePermissionsLPw(voiceInteractPackage, 569 CONTACTS_PERMISSIONS, userId); 570 grantRuntimePermissionsLPw(voiceInteractPackage, 571 CALENDAR_PERMISSIONS, userId); 572 grantRuntimePermissionsLPw(voiceInteractPackage, 573 MICROPHONE_PERMISSIONS, userId); 574 grantRuntimePermissionsLPw(voiceInteractPackage, 575 PHONE_PERMISSIONS, userId); 576 grantRuntimePermissionsLPw(voiceInteractPackage, 577 SMS_PERMISSIONS, userId); 578 grantRuntimePermissionsLPw(voiceInteractPackage, 579 LOCATION_PERMISSIONS, userId); 580 } 581 } 582 } 583 584 // Voice recognition 585 Intent voiceRecoIntent = new Intent("android.speech.RecognitionService"); 586 voiceRecoIntent.addCategory(Intent.CATEGORY_DEFAULT); 587 PackageParser.Package voiceRecoPackage = getDefaultSystemHandlerServicePackageLPr( 588 voiceRecoIntent, userId); 589 if (voiceRecoPackage != null 590 && doesPackageSupportRuntimePermissions(voiceRecoPackage)) { 591 grantRuntimePermissionsLPw(voiceRecoPackage, MICROPHONE_PERMISSIONS, userId); 592 } 593 594 // Location 595 if (locationPackageNames != null) { 596 for (String packageName : locationPackageNames) { 597 PackageParser.Package locationPackage = getSystemPackageLPr(packageName); 598 if (locationPackage != null 599 && doesPackageSupportRuntimePermissions(locationPackage)) { 600 grantRuntimePermissionsLPw(locationPackage, CONTACTS_PERMISSIONS, userId); 601 grantRuntimePermissionsLPw(locationPackage, CALENDAR_PERMISSIONS, userId); 602 grantRuntimePermissionsLPw(locationPackage, MICROPHONE_PERMISSIONS, userId); 603 grantRuntimePermissionsLPw(locationPackage, PHONE_PERMISSIONS, userId); 604 grantRuntimePermissionsLPw(locationPackage, SMS_PERMISSIONS, userId); 605 grantRuntimePermissionsLPw(locationPackage, LOCATION_PERMISSIONS, 606 true, userId); 607 grantRuntimePermissionsLPw(locationPackage, CAMERA_PERMISSIONS, userId); 608 grantRuntimePermissionsLPw(locationPackage, SENSORS_PERMISSIONS, userId); 609 grantRuntimePermissionsLPw(locationPackage, STORAGE_PERMISSIONS, userId); 610 } 611 } 612 } 613 614 // Music 615 Intent musicIntent = new Intent(Intent.ACTION_VIEW); 616 musicIntent.addCategory(Intent.CATEGORY_DEFAULT); 617 musicIntent.setDataAndType(Uri.fromFile(new File("foo.mp3")), 618 AUDIO_MIME_TYPE); 619 PackageParser.Package musicPackage = getDefaultSystemHandlerActivityPackageLPr( 620 musicIntent, userId); 621 if (musicPackage != null 622 && doesPackageSupportRuntimePermissions(musicPackage)) { 623 grantRuntimePermissionsLPw(musicPackage, STORAGE_PERMISSIONS, userId); 624 } 625 626 // Watches 627 if (mService.hasSystemFeature(PackageManager.FEATURE_WATCH, 0)) { 628 // Home application on watches 629 Intent homeIntent = new Intent(Intent.ACTION_MAIN); 630 homeIntent.addCategory(Intent.CATEGORY_HOME_MAIN); 631 632 PackageParser.Package wearHomePackage = getDefaultSystemHandlerActivityPackageLPr( 633 homeIntent, userId); 634 635 if (wearHomePackage != null 636 && doesPackageSupportRuntimePermissions(wearHomePackage)) { 637 grantRuntimePermissionsLPw(wearHomePackage, CONTACTS_PERMISSIONS, false, 638 userId); 639 grantRuntimePermissionsLPw(wearHomePackage, PHONE_PERMISSIONS, true, userId); 640 grantRuntimePermissionsLPw(wearHomePackage, MICROPHONE_PERMISSIONS, false, 641 userId); 642 grantRuntimePermissionsLPw(wearHomePackage, LOCATION_PERMISSIONS, false, 643 userId); 644 } 645 646 // Fitness tracking on watches 647 Intent trackIntent = new Intent(ACTION_TRACK); 648 PackageParser.Package trackPackage = getDefaultSystemHandlerActivityPackageLPr( 649 trackIntent, userId); 650 if (trackPackage != null 651 && doesPackageSupportRuntimePermissions(trackPackage)) { 652 grantRuntimePermissionsLPw(trackPackage, SENSORS_PERMISSIONS, false, userId); 653 grantRuntimePermissionsLPw(trackPackage, LOCATION_PERMISSIONS, false, userId); 654 } 655 } 656 657 // Print Spooler 658 PackageParser.Package printSpoolerPackage = getSystemPackageLPr( 659 PrintManager.PRINT_SPOOLER_PACKAGE_NAME); 660 if (printSpoolerPackage != null 661 && doesPackageSupportRuntimePermissions(printSpoolerPackage)) { 662 grantRuntimePermissionsLPw(printSpoolerPackage, LOCATION_PERMISSIONS, true, userId); 663 } 664 665 // EmergencyInfo 666 Intent emergencyInfoIntent = new Intent(TelephonyManager.ACTION_EMERGENCY_ASSISTANCE); 667 PackageParser.Package emergencyInfoPckg = getDefaultSystemHandlerActivityPackageLPr( 668 emergencyInfoIntent, userId); 669 if (emergencyInfoPckg != null 670 && doesPackageSupportRuntimePermissions(emergencyInfoPckg)) { 671 grantRuntimePermissionsLPw(emergencyInfoPckg, CONTACTS_PERMISSIONS, true, userId); 672 grantRuntimePermissionsLPw(emergencyInfoPckg, PHONE_PERMISSIONS, true, userId); 673 } 674 675 // NFC Tag viewer 676 Intent nfcTagIntent = new Intent(Intent.ACTION_VIEW); 677 nfcTagIntent.setType("vnd.android.cursor.item/ndef_msg"); 678 PackageParser.Package nfcTagPkg = getDefaultSystemHandlerActivityPackageLPr( 679 nfcTagIntent, userId); 680 if (nfcTagPkg != null 681 && doesPackageSupportRuntimePermissions(nfcTagPkg)) { 682 grantRuntimePermissionsLPw(nfcTagPkg, CONTACTS_PERMISSIONS, false, userId); 683 grantRuntimePermissionsLPw(nfcTagPkg, PHONE_PERMISSIONS, false, userId); 684 } 685 686 // Storage Manager 687 Intent storageManagerIntent = new Intent(StorageManager.ACTION_MANAGE_STORAGE); 688 PackageParser.Package storageManagerPckg = getDefaultSystemHandlerActivityPackageLPr( 689 storageManagerIntent, userId); 690 if (storageManagerPckg != null 691 && doesPackageSupportRuntimePermissions(storageManagerPckg)) { 692 grantRuntimePermissionsLPw(storageManagerPckg, STORAGE_PERMISSIONS, true, userId); 693 } 694 695 // Companion devices 696 PackageParser.Package companionDeviceDiscoveryPackage = getSystemPackageLPr( 697 CompanionDeviceManager.COMPANION_DEVICE_DISCOVERY_PACKAGE_NAME); 698 if (companionDeviceDiscoveryPackage != null 699 && doesPackageSupportRuntimePermissions(companionDeviceDiscoveryPackage)) { 700 grantRuntimePermissionsLPw(companionDeviceDiscoveryPackage, 701 LOCATION_PERMISSIONS, true, userId); 702 } 703 704 mService.mSettings.onDefaultRuntimePermissionsGrantedLPr(userId); 705 } 706 } 707 708 private void grantDefaultPermissionsToDefaultSystemDialerAppLPr( 709 PackageParser.Package dialerPackage, int userId) { 710 if (doesPackageSupportRuntimePermissions(dialerPackage)) { 711 boolean isPhonePermFixed = 712 mService.hasSystemFeature(PackageManager.FEATURE_WATCH, 0); 713 grantRuntimePermissionsLPw( 714 dialerPackage, PHONE_PERMISSIONS, isPhonePermFixed, userId); 715 grantRuntimePermissionsLPw(dialerPackage, CONTACTS_PERMISSIONS, userId); 716 grantRuntimePermissionsLPw(dialerPackage, SMS_PERMISSIONS, userId); 717 grantRuntimePermissionsLPw(dialerPackage, MICROPHONE_PERMISSIONS, userId); 718 grantRuntimePermissionsLPw(dialerPackage, CAMERA_PERMISSIONS, userId); 719 } 720 } 721 722 private void grantDefaultPermissionsToDefaultSystemSmsAppLPr( 723 PackageParser.Package smsPackage, int userId) { 724 if (doesPackageSupportRuntimePermissions(smsPackage)) { 725 grantRuntimePermissionsLPw(smsPackage, PHONE_PERMISSIONS, userId); 726 grantRuntimePermissionsLPw(smsPackage, CONTACTS_PERMISSIONS, userId); 727 grantRuntimePermissionsLPw(smsPackage, SMS_PERMISSIONS, userId); 728 grantRuntimePermissionsLPw(smsPackage, STORAGE_PERMISSIONS, userId); 729 grantRuntimePermissionsLPw(smsPackage, MICROPHONE_PERMISSIONS, userId); 730 grantRuntimePermissionsLPw(smsPackage, CAMERA_PERMISSIONS, userId); 731 } 732 } 733 734 public void grantDefaultPermissionsToDefaultSmsAppLPr(String packageName, int userId) { 735 Log.i(TAG, "Granting permissions to default sms app for user:" + userId); 736 if (packageName == null) { 737 return; 738 } 739 PackageParser.Package smsPackage = getPackageLPr(packageName); 740 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) { 741 grantRuntimePermissionsLPw(smsPackage, PHONE_PERMISSIONS, false, true, userId); 742 grantRuntimePermissionsLPw(smsPackage, CONTACTS_PERMISSIONS, false, true, userId); 743 grantRuntimePermissionsLPw(smsPackage, SMS_PERMISSIONS, false, true, userId); 744 grantRuntimePermissionsLPw(smsPackage, STORAGE_PERMISSIONS, false, true, userId); 745 grantRuntimePermissionsLPw(smsPackage, MICROPHONE_PERMISSIONS, false, true, userId); 746 grantRuntimePermissionsLPw(smsPackage, CAMERA_PERMISSIONS, false, true, userId); 747 } 748 } 749 750 public void grantDefaultPermissionsToDefaultDialerAppLPr(String packageName, int userId) { 751 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId); 752 if (packageName == null) { 753 return; 754 } 755 PackageParser.Package dialerPackage = getPackageLPr(packageName); 756 if (dialerPackage != null 757 && doesPackageSupportRuntimePermissions(dialerPackage)) { 758 grantRuntimePermissionsLPw(dialerPackage, PHONE_PERMISSIONS, false, true, userId); 759 grantRuntimePermissionsLPw(dialerPackage, CONTACTS_PERMISSIONS, false, true, userId); 760 grantRuntimePermissionsLPw(dialerPackage, SMS_PERMISSIONS, false, true, userId); 761 grantRuntimePermissionsLPw(dialerPackage, MICROPHONE_PERMISSIONS, false, true, userId); 762 grantRuntimePermissionsLPw(dialerPackage, CAMERA_PERMISSIONS, false, true, userId); 763 } 764 } 765 766 private void grantDefaultPermissionsToDefaultSimCallManagerLPr( 767 PackageParser.Package simCallManagerPackage, int userId) { 768 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId); 769 if (doesPackageSupportRuntimePermissions(simCallManagerPackage)) { 770 grantRuntimePermissionsLPw(simCallManagerPackage, PHONE_PERMISSIONS, userId); 771 grantRuntimePermissionsLPw(simCallManagerPackage, MICROPHONE_PERMISSIONS, userId); 772 } 773 } 774 775 public void grantDefaultPermissionsToDefaultSimCallManagerLPr(String packageName, int userId) { 776 if (packageName == null) { 777 return; 778 } 779 PackageParser.Package simCallManagerPackage = getPackageLPr(packageName); 780 if (simCallManagerPackage != null) { 781 grantDefaultPermissionsToDefaultSimCallManagerLPr(simCallManagerPackage, userId); 782 } 783 } 784 785 public void grantDefaultPermissionsToEnabledCarrierAppsLPr(String[] packageNames, int userId) { 786 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId); 787 if (packageNames == null) { 788 return; 789 } 790 for (String packageName : packageNames) { 791 PackageParser.Package carrierPackage = getSystemPackageLPr(packageName); 792 if (carrierPackage != null 793 && doesPackageSupportRuntimePermissions(carrierPackage)) { 794 grantRuntimePermissionsLPw(carrierPackage, PHONE_PERMISSIONS, userId); 795 grantRuntimePermissionsLPw(carrierPackage, LOCATION_PERMISSIONS, userId); 796 grantRuntimePermissionsLPw(carrierPackage, SMS_PERMISSIONS, userId); 797 } 798 } 799 } 800 801 public void grantDefaultPermissionsToEnabledImsServicesLPr(String[] packageNames, int userId) { 802 Log.i(TAG, "Granting permissions to enabled ImsServices for user:" + userId); 803 if (packageNames == null) { 804 return; 805 } 806 for (String packageName : packageNames) { 807 PackageParser.Package imsServicePackage = getSystemPackageLPr(packageName); 808 if (imsServicePackage != null 809 && doesPackageSupportRuntimePermissions(imsServicePackage)) { 810 grantRuntimePermissionsLPw(imsServicePackage, PHONE_PERMISSIONS, userId); 811 grantRuntimePermissionsLPw(imsServicePackage, MICROPHONE_PERMISSIONS, userId); 812 grantRuntimePermissionsLPw(imsServicePackage, LOCATION_PERMISSIONS, userId); 813 grantRuntimePermissionsLPw(imsServicePackage, CAMERA_PERMISSIONS, userId); 814 } 815 } 816 } 817 818 public void grantDefaultPermissionsToDefaultBrowserLPr(String packageName, int userId) { 819 Log.i(TAG, "Granting permissions to default browser for user:" + userId); 820 if (packageName == null) { 821 return; 822 } 823 PackageParser.Package browserPackage = getSystemPackageLPr(packageName); 824 if (browserPackage != null 825 && doesPackageSupportRuntimePermissions(browserPackage)) { 826 grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, false, false, userId); 827 } 828 } 829 830 private PackageParser.Package getDefaultSystemHandlerActivityPackageLPr( 831 Intent intent, int userId) { 832 ResolveInfo handler = mService.resolveIntent(intent, 833 intent.resolveType(mService.mContext.getContentResolver()), DEFAULT_FLAGS, userId); 834 if (handler == null || handler.activityInfo == null) { 835 return null; 836 } 837 ActivityInfo activityInfo = handler.activityInfo; 838 if (activityInfo.packageName.equals(mService.mResolveActivity.packageName) 839 && activityInfo.name.equals(mService.mResolveActivity.name)) { 840 return null; 841 } 842 return getSystemPackageLPr(handler.activityInfo.packageName); 843 } 844 845 private PackageParser.Package getDefaultSystemHandlerServicePackageLPr( 846 Intent intent, int userId) { 847 List<ResolveInfo> handlers = mService.queryIntentServices(intent, 848 intent.resolveType(mService.mContext.getContentResolver()), DEFAULT_FLAGS, userId) 849 .getList(); 850 if (handlers == null) { 851 return null; 852 } 853 final int handlerCount = handlers.size(); 854 for (int i = 0; i < handlerCount; i++) { 855 ResolveInfo handler = handlers.get(i); 856 PackageParser.Package handlerPackage = getSystemPackageLPr( 857 handler.serviceInfo.packageName); 858 if (handlerPackage != null) { 859 return handlerPackage; 860 } 861 } 862 return null; 863 } 864 865 private List<PackageParser.Package> getHeadlessSyncAdapterPackagesLPr( 866 String[] syncAdapterPackageNames, int userId) { 867 List<PackageParser.Package> syncAdapterPackages = new ArrayList<>(); 868 869 Intent homeIntent = new Intent(Intent.ACTION_MAIN); 870 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER); 871 872 for (String syncAdapterPackageName : syncAdapterPackageNames) { 873 homeIntent.setPackage(syncAdapterPackageName); 874 875 ResolveInfo homeActivity = mService.resolveIntent(homeIntent, 876 homeIntent.resolveType(mService.mContext.getContentResolver()), DEFAULT_FLAGS, 877 userId); 878 if (homeActivity != null) { 879 continue; 880 } 881 882 PackageParser.Package syncAdapterPackage = getSystemPackageLPr(syncAdapterPackageName); 883 if (syncAdapterPackage != null) { 884 syncAdapterPackages.add(syncAdapterPackage); 885 } 886 } 887 888 return syncAdapterPackages; 889 } 890 891 private PackageParser.Package getDefaultProviderAuthorityPackageLPr( 892 String authority, int userId) { 893 ProviderInfo provider = mService.resolveContentProvider(authority, DEFAULT_FLAGS, userId); 894 if (provider != null) { 895 return getSystemPackageLPr(provider.packageName); 896 } 897 return null; 898 } 899 900 private PackageParser.Package getPackageLPr(String packageName) { 901 return mService.mPackages.get(packageName); 902 } 903 904 private PackageParser.Package getSystemPackageLPr(String packageName) { 905 PackageParser.Package pkg = getPackageLPr(packageName); 906 if (pkg != null && pkg.isSystemApp()) { 907 return !isSysComponentOrPersistentPlatformSignedPrivAppLPr(pkg) ? pkg : null; 908 } 909 return null; 910 } 911 912 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 913 int userId) { 914 grantRuntimePermissionsLPw(pkg, permissions, false, false, userId); 915 } 916 917 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 918 boolean systemFixed, int userId) { 919 grantRuntimePermissionsLPw(pkg, permissions, systemFixed, false, userId); 920 } 921 922 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 923 boolean systemFixed, boolean isDefaultPhoneOrSms, int userId) { 924 if (pkg.requestedPermissions.isEmpty()) { 925 return; 926 } 927 928 List<String> requestedPermissions = pkg.requestedPermissions; 929 Set<String> grantablePermissions = null; 930 931 // If this is the default Phone or SMS app we grant permissions regardless 932 // whether the version on the system image declares the permission as used since 933 // selecting the app as the default Phone or SMS the user makes a deliberate 934 // choice to grant this app the permissions needed to function. For all other 935 // apps, (default grants on first boot and user creation) we don't grant default 936 // permissions if the version on the system image does not declare them. 937 if (!isDefaultPhoneOrSms && pkg.isUpdatedSystemApp()) { 938 PackageSetting sysPs = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName); 939 if (sysPs != null && sysPs.pkg != null) { 940 if (sysPs.pkg.requestedPermissions.isEmpty()) { 941 return; 942 } 943 if (!requestedPermissions.equals(sysPs.pkg.requestedPermissions)) { 944 grantablePermissions = new ArraySet<>(requestedPermissions); 945 requestedPermissions = sysPs.pkg.requestedPermissions; 946 } 947 } 948 } 949 950 final int grantablePermissionCount = requestedPermissions.size(); 951 for (int i = 0; i < grantablePermissionCount; i++) { 952 String permission = requestedPermissions.get(i); 953 954 // If there is a disabled system app it may request a permission the updated 955 // version ot the data partition doesn't, In this case skip the permission. 956 if (grantablePermissions != null && !grantablePermissions.contains(permission)) { 957 continue; 958 } 959 960 if (permissions.contains(permission)) { 961 final int flags = mService.getPermissionFlags(permission, pkg.packageName, userId); 962 963 // If any flags are set to the permission, then it is either set in 964 // its current state by the system or device/profile owner or the user. 965 // In all these cases we do not want to clobber the current state. 966 // Unless the caller wants to override user choices. The override is 967 // to make sure we can grant the needed permission to the default 968 // sms and phone apps after the user chooses this in the UI. 969 if (flags == 0 || isDefaultPhoneOrSms) { 970 // Never clobber policy or system. 971 final int fixedFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED 972 | PackageManager.FLAG_PERMISSION_POLICY_FIXED; 973 if ((flags & fixedFlags) != 0) { 974 continue; 975 } 976 977 mService.grantRuntimePermission(pkg.packageName, permission, userId); 978 if (DEBUG) { 979 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ") 980 + permission + " to default handler " + pkg.packageName); 981 } 982 983 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT; 984 if (systemFixed) { 985 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; 986 } 987 988 mService.updatePermissionFlags(permission, pkg.packageName, 989 newFlags, newFlags, userId); 990 } 991 992 // If a component gets a permission for being the default handler A 993 // and also default handler B, we grant the weaker grant form. 994 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0 995 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 996 && !systemFixed) { 997 if (DEBUG) { 998 Log.i(TAG, "Granted not fixed " + permission + " to default handler " 999 + pkg.packageName); 1000 } 1001 mService.updatePermissionFlags(permission, pkg.packageName, 1002 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, userId); 1003 } 1004 } 1005 } 1006 } 1007 1008 private boolean isSysComponentOrPersistentPlatformSignedPrivAppLPr(PackageParser.Package pkg) { 1009 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) { 1010 return true; 1011 } 1012 if (!pkg.isPrivilegedApp()) { 1013 return false; 1014 } 1015 PackageSetting sysPkg = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName); 1016 if (sysPkg != null && sysPkg.pkg != null) { 1017 if ((sysPkg.pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 1018 return false; 1019 } 1020 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 1021 return false; 1022 } 1023 return PackageManagerService.compareSignatures(mService.mPlatformPackage.mSignatures, 1024 pkg.mSignatures) == PackageManager.SIGNATURE_MATCH; 1025 } 1026 1027 private void grantDefaultPermissionExceptions(int userId) { 1028 synchronized (mService.mPackages) { 1029 mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS); 1030 1031 if (mGrantExceptions == null) { 1032 mGrantExceptions = readDefaultPermissionExceptionsLPw(); 1033 } 1034 1035 // mGrantExceptions is null only before the first read and then 1036 // it serves as a cache of the default grants that should be 1037 // performed for every user. If there is an entry then the app 1038 // is on the system image and supports runtime permissions. 1039 Set<String> permissions = null; 1040 final int exceptionCount = mGrantExceptions.size(); 1041 for (int i = 0; i < exceptionCount; i++) { 1042 String packageName = mGrantExceptions.keyAt(i); 1043 PackageParser.Package pkg = getSystemPackageLPr(packageName); 1044 List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i); 1045 final int permissionGrantCount = permissionGrants.size(); 1046 for (int j = 0; j < permissionGrantCount; j++) { 1047 DefaultPermissionGrant permissionGrant = permissionGrants.get(j); 1048 if (permissions == null) { 1049 permissions = new ArraySet<>(); 1050 } else { 1051 permissions.clear(); 1052 } 1053 permissions.add(permissionGrant.name); 1054 grantRuntimePermissionsLPw(pkg, permissions, 1055 permissionGrant.fixed, userId); 1056 } 1057 } 1058 } 1059 } 1060 1061 private File[] getDefaultPermissionFiles() { 1062 ArrayList<File> ret = new ArrayList<File>(); 1063 File dir = new File(Environment.getRootDirectory(), "etc/default-permissions"); 1064 if (dir.isDirectory() && dir.canRead()) { 1065 Collections.addAll(ret, dir.listFiles()); 1066 } 1067 dir = new File(Environment.getVendorDirectory(), "etc/default-permissions"); 1068 if (dir.isDirectory() && dir.canRead()) { 1069 Collections.addAll(ret, dir.listFiles()); 1070 } 1071 return ret.isEmpty() ? null : ret.toArray(new File[0]); 1072 } 1073 1074 private @NonNull ArrayMap<String, List<DefaultPermissionGrant>> 1075 readDefaultPermissionExceptionsLPw() { 1076 File[] files = getDefaultPermissionFiles(); 1077 if (files == null) { 1078 return new ArrayMap<>(0); 1079 } 1080 1081 ArrayMap<String, List<DefaultPermissionGrant>> grantExceptions = new ArrayMap<>(); 1082 1083 // Iterate over the files in the directory and scan .xml files 1084 for (File file : files) { 1085 if (!file.getPath().endsWith(".xml")) { 1086 Slog.i(TAG, "Non-xml file " + file + " in " + file.getParent() + " directory, ignoring"); 1087 continue; 1088 } 1089 if (!file.canRead()) { 1090 Slog.w(TAG, "Default permissions file " + file + " cannot be read"); 1091 continue; 1092 } 1093 try ( 1094 InputStream str = new BufferedInputStream(new FileInputStream(file)) 1095 ) { 1096 XmlPullParser parser = Xml.newPullParser(); 1097 parser.setInput(str, null); 1098 parse(parser, grantExceptions); 1099 } catch (XmlPullParserException | IOException e) { 1100 Slog.w(TAG, "Error reading default permissions file " + file, e); 1101 } 1102 } 1103 1104 return grantExceptions; 1105 } 1106 1107 private void parse(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>> 1108 outGrantExceptions) throws IOException, XmlPullParserException { 1109 final int outerDepth = parser.getDepth(); 1110 int type; 1111 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1112 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1113 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1114 continue; 1115 } 1116 if (TAG_EXCEPTIONS.equals(parser.getName())) { 1117 parseExceptions(parser, outGrantExceptions); 1118 } else { 1119 Log.e(TAG, "Unknown tag " + parser.getName()); 1120 } 1121 } 1122 } 1123 1124 private void parseExceptions(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>> 1125 outGrantExceptions) throws IOException, XmlPullParserException { 1126 final int outerDepth = parser.getDepth(); 1127 int type; 1128 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1129 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1130 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1131 continue; 1132 } 1133 if (TAG_EXCEPTION.equals(parser.getName())) { 1134 String packageName = parser.getAttributeValue(null, ATTR_PACKAGE); 1135 1136 List<DefaultPermissionGrant> packageExceptions = 1137 outGrantExceptions.get(packageName); 1138 if (packageExceptions == null) { 1139 // The package must be on the system image 1140 PackageParser.Package pkg = getSystemPackageLPr(packageName); 1141 if (pkg == null) { 1142 Log.w(TAG, "Unknown package:" + packageName); 1143 XmlUtils.skipCurrentTag(parser); 1144 continue; 1145 } 1146 1147 // The package must support runtime permissions 1148 if (!doesPackageSupportRuntimePermissions(pkg)) { 1149 Log.w(TAG, "Skipping non supporting runtime permissions package:" 1150 + packageName); 1151 XmlUtils.skipCurrentTag(parser); 1152 continue; 1153 } 1154 packageExceptions = new ArrayList<>(); 1155 outGrantExceptions.put(packageName, packageExceptions); 1156 } 1157 1158 parsePermission(parser, packageExceptions); 1159 } else { 1160 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exceptions>"); 1161 } 1162 } 1163 } 1164 1165 private void parsePermission(XmlPullParser parser, List<DefaultPermissionGrant> 1166 outPackageExceptions) throws IOException, XmlPullParserException { 1167 final int outerDepth = parser.getDepth(); 1168 int type; 1169 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1170 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1171 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1172 continue; 1173 } 1174 1175 if (TAG_PERMISSION.contains(parser.getName())) { 1176 String name = parser.getAttributeValue(null, ATTR_NAME); 1177 if (name == null) { 1178 Log.w(TAG, "Mandatory name attribute missing for permission tag"); 1179 XmlUtils.skipCurrentTag(parser); 1180 continue; 1181 } 1182 1183 final boolean fixed = XmlUtils.readBooleanAttribute(parser, ATTR_FIXED); 1184 1185 DefaultPermissionGrant exception = new DefaultPermissionGrant(name, fixed); 1186 outPackageExceptions.add(exception); 1187 } else { 1188 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exception>"); 1189 } 1190 } 1191 } 1192 1193 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) { 1194 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1; 1195 } 1196 1197 private static final class DefaultPermissionGrant { 1198 final String name; 1199 final boolean fixed; 1200 1201 public DefaultPermissionGrant(String name, boolean fixed) { 1202 this.name = name; 1203 this.fixed = fixed; 1204 } 1205 } 1206} 1207