DefaultPermissionGrantPolicy.java revision 0eb9738d1708d9aa7846782046e6828ffc9fe901
1/* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.pm.permission; 18 19import android.Manifest; 20import android.annotation.NonNull; 21import android.annotation.Nullable; 22import android.app.ActivityManager; 23import android.app.DownloadManager; 24import android.app.admin.DevicePolicyManager; 25import android.companion.CompanionDeviceManager; 26import android.content.Context; 27import android.content.Intent; 28import android.content.pm.ActivityInfo; 29import android.content.pm.ApplicationInfo; 30import android.content.pm.IPackageManager; 31import android.content.pm.PackageManager; 32import android.content.pm.PackageManagerInternal; 33import android.content.pm.PackageParser; 34import android.content.pm.ProviderInfo; 35import android.content.pm.ResolveInfo; 36import android.content.pm.PackageManagerInternal.PackagesProvider; 37import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider; 38import android.media.RingtoneManager; 39import android.net.Uri; 40import android.os.Binder; 41import android.os.Build; 42import android.os.Environment; 43import android.os.Handler; 44import android.os.Looper; 45import android.os.Message; 46import android.os.UserHandle; 47import android.os.storage.StorageManager; 48import android.print.PrintManager; 49import android.provider.CalendarContract; 50import android.provider.ContactsContract; 51import android.provider.MediaStore; 52import android.provider.Telephony.Sms.Intents; 53import android.telephony.TelephonyManager; 54import android.security.Credentials; 55import android.util.ArrayMap; 56import android.util.ArraySet; 57import android.util.Log; 58import android.util.Slog; 59import android.util.Xml; 60import com.android.internal.util.XmlUtils; 61import com.android.server.LocalServices; 62import com.android.server.pm.PackageManagerService; 63import com.android.server.pm.PackageSetting; 64 65import org.xmlpull.v1.XmlPullParser; 66import org.xmlpull.v1.XmlPullParserException; 67 68import java.io.BufferedInputStream; 69import java.io.File; 70import java.io.FileInputStream; 71import java.io.IOException; 72import java.io.InputStream; 73import java.util.ArrayList; 74import java.util.Collection; 75import java.util.Collections; 76import java.util.List; 77import java.util.Map; 78import java.util.Set; 79 80import static android.os.Process.FIRST_APPLICATION_UID; 81 82/** 83 * This class is the policy for granting runtime permissions to 84 * platform components and default handlers in the system such 85 * that the device is usable out-of-the-box. For example, the 86 * shell UID is a part of the system and the Phone app should 87 * have phone related permission by default. 88 * <p> 89 * NOTE: This class is at the wrong abstraction level. It is a part of the package manager 90 * service but knows about lots of higher level subsystems. The correct way to do this is 91 * to have an interface defined in the package manager but have the impl next to other 92 * policy stuff like PhoneWindowManager 93 */ 94public final class DefaultPermissionGrantPolicy { 95 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars 96 private static final boolean DEBUG = false; 97 98 private static final int DEFAULT_FLAGS = 99 PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE 100 | PackageManager.MATCH_UNINSTALLED_PACKAGES; 101 102 private static final String AUDIO_MIME_TYPE = "audio/mpeg"; 103 104 private static final String TAG_EXCEPTIONS = "exceptions"; 105 private static final String TAG_EXCEPTION = "exception"; 106 private static final String TAG_PERMISSION = "permission"; 107 private static final String ATTR_PACKAGE = "package"; 108 private static final String ATTR_NAME = "name"; 109 private static final String ATTR_FIXED = "fixed"; 110 111 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>(); 112 static { 113 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE); 114 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE); 115 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG); 116 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG); 117 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL); 118 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP); 119 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS); 120 } 121 122 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>(); 123 static { 124 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS); 125 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS); 126 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS); 127 } 128 129 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>(); 130 static { 131 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION); 132 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION); 133 } 134 135 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>(); 136 static { 137 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR); 138 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR); 139 } 140 141 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>(); 142 static { 143 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS); 144 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS); 145 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS); 146 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH); 147 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS); 148 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS); 149 } 150 151 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>(); 152 static { 153 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO); 154 } 155 156 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>(); 157 static { 158 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA); 159 } 160 161 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>(); 162 static { 163 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS); 164 } 165 166 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>(); 167 static { 168 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE); 169 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE); 170 } 171 172 private static final int MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS = 1; 173 174 private static final String ACTION_TRACK = "com.android.fitness.TRACK"; 175 176 private final Handler mHandler; 177 178 private PackagesProvider mLocationPackagesProvider; 179 private PackagesProvider mVoiceInteractionPackagesProvider; 180 private PackagesProvider mSmsAppPackagesProvider; 181 private PackagesProvider mDialerAppPackagesProvider; 182 private PackagesProvider mSimCallManagerPackagesProvider; 183 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider; 184 185 private ArrayMap<String, List<DefaultPermissionGrant>> mGrantExceptions; 186 private final Context mContext; 187 private final Object mLock = new Object(); 188 private final PackageManagerInternal mServiceInternal; 189 private final PermissionManagerService mPermissionManager; 190 private final DefaultPermissionGrantedCallback mPermissionGrantedCallback; 191 public interface DefaultPermissionGrantedCallback { 192 /** Callback when permissions have been granted */ 193 public void onDefaultRuntimePermissionsGranted(int userId); 194 } 195 196 public DefaultPermissionGrantPolicy(Context context, Looper looper, 197 @Nullable DefaultPermissionGrantedCallback callback, 198 @NonNull PermissionManagerService permissionManager) { 199 mContext = context; 200 mHandler = new Handler(looper) { 201 @Override 202 public void handleMessage(Message msg) { 203 if (msg.what == MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS) { 204 synchronized (mLock) { 205 if (mGrantExceptions == null) { 206 mGrantExceptions = readDefaultPermissionExceptionsLocked(); 207 } 208 } 209 } 210 } 211 }; 212 mPermissionGrantedCallback = callback; 213 mPermissionManager = permissionManager; 214 mServiceInternal = LocalServices.getService(PackageManagerInternal.class); 215 } 216 217 public void setLocationPackagesProvider(PackagesProvider provider) { 218 synchronized (mLock) { 219 mLocationPackagesProvider = provider; 220 } 221 } 222 223 public void setVoiceInteractionPackagesProvider(PackagesProvider provider) { 224 synchronized (mLock) { 225 mVoiceInteractionPackagesProvider = provider; 226 } 227 } 228 229 public void setSmsAppPackagesProvider(PackagesProvider provider) { 230 synchronized (mLock) { 231 mSmsAppPackagesProvider = provider; 232 } 233 } 234 235 public void setDialerAppPackagesProvider(PackagesProvider provider) { 236 synchronized (mLock) { 237 mDialerAppPackagesProvider = provider; 238 } 239 } 240 241 public void setSimCallManagerPackagesProvider(PackagesProvider provider) { 242 synchronized (mLock) { 243 mSimCallManagerPackagesProvider = provider; 244 } 245 } 246 247 public void setSyncAdapterPackagesProvider(SyncAdapterPackagesProvider provider) { 248 synchronized (mLock) { 249 mSyncAdapterPackagesProvider = provider; 250 } 251 } 252 253 public void grantDefaultPermissions(Collection<PackageParser.Package> packages, int userId) { 254 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) { 255 grantAllRuntimePermissions(packages, userId); 256 } else { 257 grantPermissionsToSysComponentsAndPrivApps(packages, userId); 258 grantDefaultSystemHandlerPermissions(userId); 259 grantDefaultPermissionExceptions(userId); 260 } 261 } 262 263 private void grantRuntimePermissionsForPackage(int userId, PackageParser.Package pkg) { 264 Set<String> permissions = new ArraySet<>(); 265 for (String permission : pkg.requestedPermissions) { 266 final BasePermission bp = mPermissionManager.getPermission(permission); 267 if (bp == null) { 268 continue; 269 } 270 if (bp.isRuntime()) { 271 permissions.add(permission); 272 } 273 } 274 if (!permissions.isEmpty()) { 275 grantRuntimePermissions(pkg, permissions, true, userId); 276 } 277 } 278 279 private void grantAllRuntimePermissions( 280 Collection<PackageParser.Package> packages, int userId) { 281 Log.i(TAG, "Granting all runtime permissions for user " + userId); 282 for (PackageParser.Package pkg : packages) { 283 grantRuntimePermissionsForPackage(userId, pkg); 284 } 285 } 286 287 public void scheduleReadDefaultPermissionExceptions() { 288 mHandler.sendEmptyMessage(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS); 289 } 290 291 private void grantPermissionsToSysComponentsAndPrivApps( 292 Collection<PackageParser.Package> packages, int userId) { 293 Log.i(TAG, "Granting permissions to platform components for user " + userId); 294 for (PackageParser.Package pkg : packages) { 295 if (!isSysComponentOrPersistentPlatformSignedPrivApp(pkg) 296 || !doesPackageSupportRuntimePermissions(pkg) 297 || pkg.requestedPermissions.isEmpty()) { 298 continue; 299 } 300 grantRuntimePermissionsForPackage(userId, pkg); 301 } 302 } 303 304 private void grantDefaultSystemHandlerPermissions(int userId) { 305 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId); 306 307 final PackagesProvider locationPackagesProvider; 308 final PackagesProvider voiceInteractionPackagesProvider; 309 final PackagesProvider smsAppPackagesProvider; 310 final PackagesProvider dialerAppPackagesProvider; 311 final PackagesProvider simCallManagerPackagesProvider; 312 final SyncAdapterPackagesProvider syncAdapterPackagesProvider; 313 314 synchronized (mLock) { 315 locationPackagesProvider = mLocationPackagesProvider; 316 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider; 317 smsAppPackagesProvider = mSmsAppPackagesProvider; 318 dialerAppPackagesProvider = mDialerAppPackagesProvider; 319 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider; 320 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider; 321 } 322 323 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null) 324 ? voiceInteractionPackagesProvider.getPackages(userId) : null; 325 String[] locationPackageNames = (locationPackagesProvider != null) 326 ? locationPackagesProvider.getPackages(userId) : null; 327 String[] smsAppPackageNames = (smsAppPackagesProvider != null) 328 ? smsAppPackagesProvider.getPackages(userId) : null; 329 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null) 330 ? dialerAppPackagesProvider.getPackages(userId) : null; 331 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null) 332 ? simCallManagerPackagesProvider.getPackages(userId) : null; 333 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 334 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null; 335 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 336 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null; 337 338 // Installer 339 final String installerPackageName = mServiceInternal.getKnownPackageName( 340 PackageManagerInternal.PACKAGE_INSTALLER, userId); 341 PackageParser.Package installerPackage = getSystemPackage(installerPackageName); 342 if (installerPackage != null 343 && doesPackageSupportRuntimePermissions(installerPackage)) { 344 grantRuntimePermissions(installerPackage, STORAGE_PERMISSIONS, true, userId); 345 } 346 347 // Verifier 348 final String verifierPackageName = mServiceInternal.getKnownPackageName( 349 PackageManagerInternal.PACKAGE_VERIFIER, userId); 350 PackageParser.Package verifierPackage = getSystemPackage(verifierPackageName); 351 if (verifierPackage != null 352 && doesPackageSupportRuntimePermissions(verifierPackage)) { 353 grantRuntimePermissions(verifierPackage, STORAGE_PERMISSIONS, true, userId); 354 grantRuntimePermissions(verifierPackage, PHONE_PERMISSIONS, false, userId); 355 grantRuntimePermissions(verifierPackage, SMS_PERMISSIONS, false, userId); 356 } 357 358 // SetupWizard 359 final String setupWizardPackageName = mServiceInternal.getKnownPackageName( 360 PackageManagerInternal.PACKAGE_SETUP_WIZARD, userId); 361 PackageParser.Package setupPackage = getSystemPackage(setupWizardPackageName); 362 if (setupPackage != null 363 && doesPackageSupportRuntimePermissions(setupPackage)) { 364 grantRuntimePermissions(setupPackage, PHONE_PERMISSIONS, userId); 365 grantRuntimePermissions(setupPackage, CONTACTS_PERMISSIONS, userId); 366 grantRuntimePermissions(setupPackage, LOCATION_PERMISSIONS, userId); 367 grantRuntimePermissions(setupPackage, CAMERA_PERMISSIONS, userId); 368 } 369 370 // Camera 371 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE); 372 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackage( 373 cameraIntent, userId); 374 if (cameraPackage != null 375 && doesPackageSupportRuntimePermissions(cameraPackage)) { 376 grantRuntimePermissions(cameraPackage, CAMERA_PERMISSIONS, userId); 377 grantRuntimePermissions(cameraPackage, MICROPHONE_PERMISSIONS, userId); 378 grantRuntimePermissions(cameraPackage, STORAGE_PERMISSIONS, userId); 379 } 380 381 // Media provider 382 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackage( 383 MediaStore.AUTHORITY, userId); 384 if (mediaStorePackage != null) { 385 grantRuntimePermissions(mediaStorePackage, STORAGE_PERMISSIONS, true, userId); 386 } 387 388 // Downloads provider 389 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackage( 390 "downloads", userId); 391 if (downloadsPackage != null) { 392 grantRuntimePermissions(downloadsPackage, STORAGE_PERMISSIONS, true, userId); 393 } 394 395 // Downloads UI 396 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS); 397 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackage( 398 downloadsUiIntent, userId); 399 if (downloadsUiPackage != null 400 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) { 401 grantRuntimePermissions(downloadsUiPackage, STORAGE_PERMISSIONS, true, userId); 402 } 403 404 // Storage provider 405 PackageParser.Package storagePackage = getDefaultProviderAuthorityPackage( 406 "com.android.externalstorage.documents", userId); 407 if (storagePackage != null) { 408 grantRuntimePermissions(storagePackage, STORAGE_PERMISSIONS, true, userId); 409 } 410 411 // CertInstaller 412 Intent certInstallerIntent = new Intent(Credentials.INSTALL_ACTION); 413 PackageParser.Package certInstallerPackage = getDefaultSystemHandlerActivityPackage( 414 certInstallerIntent, userId); 415 if (certInstallerPackage != null 416 && doesPackageSupportRuntimePermissions(certInstallerPackage)) { 417 grantRuntimePermissions(certInstallerPackage, STORAGE_PERMISSIONS, true, userId); 418 } 419 420 // Dialer 421 if (dialerAppPackageNames == null) { 422 Intent dialerIntent = new Intent(Intent.ACTION_DIAL); 423 PackageParser.Package dialerPackage = getDefaultSystemHandlerActivityPackage( 424 dialerIntent, userId); 425 if (dialerPackage != null) { 426 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId); 427 } 428 } else { 429 for (String dialerAppPackageName : dialerAppPackageNames) { 430 PackageParser.Package dialerPackage = getSystemPackage(dialerAppPackageName); 431 if (dialerPackage != null) { 432 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId); 433 } 434 } 435 } 436 437 // Sim call manager 438 if (simCallManagerPackageNames != null) { 439 for (String simCallManagerPackageName : simCallManagerPackageNames) { 440 PackageParser.Package simCallManagerPackage = 441 getSystemPackage(simCallManagerPackageName); 442 if (simCallManagerPackage != null) { 443 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage, 444 userId); 445 } 446 } 447 } 448 449 // SMS 450 if (smsAppPackageNames == null) { 451 Intent smsIntent = new Intent(Intent.ACTION_MAIN); 452 smsIntent.addCategory(Intent.CATEGORY_APP_MESSAGING); 453 PackageParser.Package smsPackage = getDefaultSystemHandlerActivityPackage( 454 smsIntent, userId); 455 if (smsPackage != null) { 456 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId); 457 } 458 } else { 459 for (String smsPackageName : smsAppPackageNames) { 460 PackageParser.Package smsPackage = getSystemPackage(smsPackageName); 461 if (smsPackage != null) { 462 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId); 463 } 464 } 465 } 466 467 // Cell Broadcast Receiver 468 Intent cbrIntent = new Intent(Intents.SMS_CB_RECEIVED_ACTION); 469 PackageParser.Package cbrPackage = 470 getDefaultSystemHandlerActivityPackage(cbrIntent, userId); 471 if (cbrPackage != null && doesPackageSupportRuntimePermissions(cbrPackage)) { 472 grantRuntimePermissions(cbrPackage, SMS_PERMISSIONS, userId); 473 } 474 475 // Carrier Provisioning Service 476 Intent carrierProvIntent = new Intent(Intents.SMS_CARRIER_PROVISION_ACTION); 477 PackageParser.Package carrierProvPackage = 478 getDefaultSystemHandlerServicePackage(carrierProvIntent, userId); 479 if (carrierProvPackage != null 480 && doesPackageSupportRuntimePermissions(carrierProvPackage)) { 481 grantRuntimePermissions(carrierProvPackage, SMS_PERMISSIONS, false, userId); 482 } 483 484 // Calendar 485 Intent calendarIntent = new Intent(Intent.ACTION_MAIN); 486 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR); 487 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackage( 488 calendarIntent, userId); 489 if (calendarPackage != null 490 && doesPackageSupportRuntimePermissions(calendarPackage)) { 491 grantRuntimePermissions(calendarPackage, CALENDAR_PERMISSIONS, userId); 492 grantRuntimePermissions(calendarPackage, CONTACTS_PERMISSIONS, userId); 493 } 494 495 // Calendar provider 496 PackageParser.Package calendarProviderPackage = getDefaultProviderAuthorityPackage( 497 CalendarContract.AUTHORITY, userId); 498 if (calendarProviderPackage != null) { 499 grantRuntimePermissions(calendarProviderPackage, CONTACTS_PERMISSIONS, userId); 500 grantRuntimePermissions(calendarProviderPackage, CALENDAR_PERMISSIONS, 501 true, userId); 502 grantRuntimePermissions(calendarProviderPackage, STORAGE_PERMISSIONS, userId); 503 } 504 505 // Calendar provider sync adapters 506 List<PackageParser.Package> calendarSyncAdapters = getHeadlessSyncAdapterPackages( 507 calendarSyncAdapterPackages, userId); 508 final int calendarSyncAdapterCount = calendarSyncAdapters.size(); 509 for (int i = 0; i < calendarSyncAdapterCount; i++) { 510 PackageParser.Package calendarSyncAdapter = calendarSyncAdapters.get(i); 511 if (doesPackageSupportRuntimePermissions(calendarSyncAdapter)) { 512 grantRuntimePermissions(calendarSyncAdapter, CALENDAR_PERMISSIONS, userId); 513 } 514 } 515 516 // Contacts 517 Intent contactsIntent = new Intent(Intent.ACTION_MAIN); 518 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS); 519 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackage( 520 contactsIntent, userId); 521 if (contactsPackage != null 522 && doesPackageSupportRuntimePermissions(contactsPackage)) { 523 grantRuntimePermissions(contactsPackage, CONTACTS_PERMISSIONS, userId); 524 grantRuntimePermissions(contactsPackage, PHONE_PERMISSIONS, userId); 525 } 526 527 // Contacts provider sync adapters 528 List<PackageParser.Package> contactsSyncAdapters = getHeadlessSyncAdapterPackages( 529 contactsSyncAdapterPackages, userId); 530 final int contactsSyncAdapterCount = contactsSyncAdapters.size(); 531 for (int i = 0; i < contactsSyncAdapterCount; i++) { 532 PackageParser.Package contactsSyncAdapter = contactsSyncAdapters.get(i); 533 if (doesPackageSupportRuntimePermissions(contactsSyncAdapter)) { 534 grantRuntimePermissions(contactsSyncAdapter, CONTACTS_PERMISSIONS, userId); 535 } 536 } 537 538 // Contacts provider 539 PackageParser.Package contactsProviderPackage = getDefaultProviderAuthorityPackage( 540 ContactsContract.AUTHORITY, userId); 541 if (contactsProviderPackage != null) { 542 grantRuntimePermissions(contactsProviderPackage, CONTACTS_PERMISSIONS, 543 true, userId); 544 grantRuntimePermissions(contactsProviderPackage, PHONE_PERMISSIONS, 545 true, userId); 546 grantRuntimePermissions(contactsProviderPackage, STORAGE_PERMISSIONS, userId); 547 } 548 549 // Device provisioning 550 Intent deviceProvisionIntent = new Intent( 551 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE); 552 PackageParser.Package deviceProvisionPackage = 553 getDefaultSystemHandlerActivityPackage(deviceProvisionIntent, userId); 554 if (deviceProvisionPackage != null 555 && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) { 556 grantRuntimePermissions(deviceProvisionPackage, CONTACTS_PERMISSIONS, userId); 557 } 558 559 // Maps 560 Intent mapsIntent = new Intent(Intent.ACTION_MAIN); 561 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS); 562 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackage( 563 mapsIntent, userId); 564 if (mapsPackage != null 565 && doesPackageSupportRuntimePermissions(mapsPackage)) { 566 grantRuntimePermissions(mapsPackage, LOCATION_PERMISSIONS, userId); 567 } 568 569 // Gallery 570 Intent galleryIntent = new Intent(Intent.ACTION_MAIN); 571 galleryIntent.addCategory(Intent.CATEGORY_APP_GALLERY); 572 PackageParser.Package galleryPackage = getDefaultSystemHandlerActivityPackage( 573 galleryIntent, userId); 574 if (galleryPackage != null 575 && doesPackageSupportRuntimePermissions(galleryPackage)) { 576 grantRuntimePermissions(galleryPackage, STORAGE_PERMISSIONS, userId); 577 } 578 579 // Email 580 Intent emailIntent = new Intent(Intent.ACTION_MAIN); 581 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL); 582 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackage( 583 emailIntent, userId); 584 if (emailPackage != null 585 && doesPackageSupportRuntimePermissions(emailPackage)) { 586 grantRuntimePermissions(emailPackage, CONTACTS_PERMISSIONS, userId); 587 grantRuntimePermissions(emailPackage, CALENDAR_PERMISSIONS, userId); 588 } 589 590 // Browser 591 PackageParser.Package browserPackage = null; 592 String defaultBrowserPackage = mServiceInternal.getKnownPackageName( 593 PackageManagerInternal.PACKAGE_BROWSER, userId); 594 if (defaultBrowserPackage != null) { 595 browserPackage = getPackage(defaultBrowserPackage); 596 } 597 if (browserPackage == null) { 598 Intent browserIntent = new Intent(Intent.ACTION_MAIN); 599 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER); 600 browserPackage = getDefaultSystemHandlerActivityPackage( 601 browserIntent, userId); 602 } 603 if (browserPackage != null 604 && doesPackageSupportRuntimePermissions(browserPackage)) { 605 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, userId); 606 } 607 608 // Voice interaction 609 if (voiceInteractPackageNames != null) { 610 for (String voiceInteractPackageName : voiceInteractPackageNames) { 611 PackageParser.Package voiceInteractPackage = getSystemPackage( 612 voiceInteractPackageName); 613 if (voiceInteractPackage != null 614 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) { 615 grantRuntimePermissions(voiceInteractPackage, 616 CONTACTS_PERMISSIONS, userId); 617 grantRuntimePermissions(voiceInteractPackage, 618 CALENDAR_PERMISSIONS, userId); 619 grantRuntimePermissions(voiceInteractPackage, 620 MICROPHONE_PERMISSIONS, userId); 621 grantRuntimePermissions(voiceInteractPackage, 622 PHONE_PERMISSIONS, userId); 623 grantRuntimePermissions(voiceInteractPackage, 624 SMS_PERMISSIONS, userId); 625 grantRuntimePermissions(voiceInteractPackage, 626 LOCATION_PERMISSIONS, userId); 627 } 628 } 629 } 630 631 if (ActivityManager.isLowRamDeviceStatic()) { 632 // Allow voice search on low-ram devices 633 Intent globalSearchIntent = new Intent("android.search.action.GLOBAL_SEARCH"); 634 PackageParser.Package globalSearchPickerPackage = 635 getDefaultSystemHandlerActivityPackage(globalSearchIntent, userId); 636 637 if (globalSearchPickerPackage != null 638 && doesPackageSupportRuntimePermissions(globalSearchPickerPackage)) { 639 grantRuntimePermissions(globalSearchPickerPackage, 640 MICROPHONE_PERMISSIONS, true, userId); 641 grantRuntimePermissions(globalSearchPickerPackage, 642 LOCATION_PERMISSIONS, true, userId); 643 } 644 } 645 646 // Voice recognition 647 Intent voiceRecoIntent = new Intent("android.speech.RecognitionService"); 648 voiceRecoIntent.addCategory(Intent.CATEGORY_DEFAULT); 649 PackageParser.Package voiceRecoPackage = getDefaultSystemHandlerServicePackage( 650 voiceRecoIntent, userId); 651 if (voiceRecoPackage != null 652 && doesPackageSupportRuntimePermissions(voiceRecoPackage)) { 653 grantRuntimePermissions(voiceRecoPackage, MICROPHONE_PERMISSIONS, userId); 654 } 655 656 // Location 657 if (locationPackageNames != null) { 658 for (String packageName : locationPackageNames) { 659 PackageParser.Package locationPackage = getSystemPackage(packageName); 660 if (locationPackage != null 661 && doesPackageSupportRuntimePermissions(locationPackage)) { 662 grantRuntimePermissions(locationPackage, CONTACTS_PERMISSIONS, userId); 663 grantRuntimePermissions(locationPackage, CALENDAR_PERMISSIONS, userId); 664 grantRuntimePermissions(locationPackage, MICROPHONE_PERMISSIONS, userId); 665 grantRuntimePermissions(locationPackage, PHONE_PERMISSIONS, userId); 666 grantRuntimePermissions(locationPackage, SMS_PERMISSIONS, userId); 667 grantRuntimePermissions(locationPackage, LOCATION_PERMISSIONS, 668 true, userId); 669 grantRuntimePermissions(locationPackage, CAMERA_PERMISSIONS, userId); 670 grantRuntimePermissions(locationPackage, SENSORS_PERMISSIONS, userId); 671 grantRuntimePermissions(locationPackage, STORAGE_PERMISSIONS, userId); 672 } 673 } 674 } 675 676 // Music 677 Intent musicIntent = new Intent(Intent.ACTION_VIEW); 678 musicIntent.addCategory(Intent.CATEGORY_DEFAULT); 679 musicIntent.setDataAndType(Uri.fromFile(new File("foo.mp3")), 680 AUDIO_MIME_TYPE); 681 PackageParser.Package musicPackage = getDefaultSystemHandlerActivityPackage( 682 musicIntent, userId); 683 if (musicPackage != null 684 && doesPackageSupportRuntimePermissions(musicPackage)) { 685 grantRuntimePermissions(musicPackage, STORAGE_PERMISSIONS, userId); 686 } 687 688 // Home 689 Intent homeIntent = new Intent(Intent.ACTION_MAIN); 690 homeIntent.addCategory(Intent.CATEGORY_HOME); 691 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER_APP); 692 PackageParser.Package homePackage = getDefaultSystemHandlerActivityPackage( 693 homeIntent, userId); 694 if (homePackage != null 695 && doesPackageSupportRuntimePermissions(homePackage)) { 696 grantRuntimePermissions(homePackage, LOCATION_PERMISSIONS, false, userId); 697 } 698 699 // Watches 700 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0)) { 701 // Home application on watches 702 Intent wearHomeIntent = new Intent(Intent.ACTION_MAIN); 703 wearHomeIntent.addCategory(Intent.CATEGORY_HOME_MAIN); 704 705 PackageParser.Package wearHomePackage = getDefaultSystemHandlerActivityPackage( 706 wearHomeIntent, userId); 707 708 if (wearHomePackage != null 709 && doesPackageSupportRuntimePermissions(wearHomePackage)) { 710 grantRuntimePermissions(wearHomePackage, CONTACTS_PERMISSIONS, false, 711 userId); 712 grantRuntimePermissions(wearHomePackage, PHONE_PERMISSIONS, true, userId); 713 grantRuntimePermissions(wearHomePackage, MICROPHONE_PERMISSIONS, false, 714 userId); 715 grantRuntimePermissions(wearHomePackage, LOCATION_PERMISSIONS, false, 716 userId); 717 } 718 719 // Fitness tracking on watches 720 Intent trackIntent = new Intent(ACTION_TRACK); 721 PackageParser.Package trackPackage = getDefaultSystemHandlerActivityPackage( 722 trackIntent, userId); 723 if (trackPackage != null 724 && doesPackageSupportRuntimePermissions(trackPackage)) { 725 grantRuntimePermissions(trackPackage, SENSORS_PERMISSIONS, false, userId); 726 grantRuntimePermissions(trackPackage, LOCATION_PERMISSIONS, false, userId); 727 } 728 } 729 730 // Print Spooler 731 PackageParser.Package printSpoolerPackage = getSystemPackage( 732 PrintManager.PRINT_SPOOLER_PACKAGE_NAME); 733 if (printSpoolerPackage != null 734 && doesPackageSupportRuntimePermissions(printSpoolerPackage)) { 735 grantRuntimePermissions(printSpoolerPackage, LOCATION_PERMISSIONS, true, userId); 736 } 737 738 // EmergencyInfo 739 Intent emergencyInfoIntent = new Intent(TelephonyManager.ACTION_EMERGENCY_ASSISTANCE); 740 PackageParser.Package emergencyInfoPckg = getDefaultSystemHandlerActivityPackage( 741 emergencyInfoIntent, userId); 742 if (emergencyInfoPckg != null 743 && doesPackageSupportRuntimePermissions(emergencyInfoPckg)) { 744 grantRuntimePermissions(emergencyInfoPckg, CONTACTS_PERMISSIONS, true, userId); 745 grantRuntimePermissions(emergencyInfoPckg, PHONE_PERMISSIONS, true, userId); 746 } 747 748 // NFC Tag viewer 749 Intent nfcTagIntent = new Intent(Intent.ACTION_VIEW); 750 nfcTagIntent.setType("vnd.android.cursor.item/ndef_msg"); 751 PackageParser.Package nfcTagPkg = getDefaultSystemHandlerActivityPackage( 752 nfcTagIntent, userId); 753 if (nfcTagPkg != null 754 && doesPackageSupportRuntimePermissions(nfcTagPkg)) { 755 grantRuntimePermissions(nfcTagPkg, CONTACTS_PERMISSIONS, false, userId); 756 grantRuntimePermissions(nfcTagPkg, PHONE_PERMISSIONS, false, userId); 757 } 758 759 // Storage Manager 760 Intent storageManagerIntent = new Intent(StorageManager.ACTION_MANAGE_STORAGE); 761 PackageParser.Package storageManagerPckg = getDefaultSystemHandlerActivityPackage( 762 storageManagerIntent, userId); 763 if (storageManagerPckg != null 764 && doesPackageSupportRuntimePermissions(storageManagerPckg)) { 765 grantRuntimePermissions(storageManagerPckg, STORAGE_PERMISSIONS, true, userId); 766 } 767 768 // Companion devices 769 PackageParser.Package companionDeviceDiscoveryPackage = getSystemPackage( 770 CompanionDeviceManager.COMPANION_DEVICE_DISCOVERY_PACKAGE_NAME); 771 if (companionDeviceDiscoveryPackage != null 772 && doesPackageSupportRuntimePermissions(companionDeviceDiscoveryPackage)) { 773 grantRuntimePermissions(companionDeviceDiscoveryPackage, 774 LOCATION_PERMISSIONS, true, userId); 775 } 776 777 // Ringtone Picker 778 Intent ringtonePickerIntent = new Intent(RingtoneManager.ACTION_RINGTONE_PICKER); 779 PackageParser.Package ringtonePickerPackage = 780 getDefaultSystemHandlerActivityPackage(ringtonePickerIntent, userId); 781 if (ringtonePickerPackage != null 782 && doesPackageSupportRuntimePermissions(ringtonePickerPackage)) { 783 grantRuntimePermissions(ringtonePickerPackage, 784 STORAGE_PERMISSIONS, true, userId); 785 } 786 787 if (mPermissionGrantedCallback != null) { 788 mPermissionGrantedCallback.onDefaultRuntimePermissionsGranted(userId); 789 } 790 } 791 792 private void grantDefaultPermissionsToDefaultSystemDialerApp( 793 PackageParser.Package dialerPackage, int userId) { 794 if (doesPackageSupportRuntimePermissions(dialerPackage)) { 795 boolean isPhonePermFixed = 796 mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0); 797 grantRuntimePermissions( 798 dialerPackage, PHONE_PERMISSIONS, isPhonePermFixed, userId); 799 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, userId); 800 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, userId); 801 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, userId); 802 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, userId); 803 } 804 } 805 806 private void grantDefaultPermissionsToDefaultSystemSmsApp( 807 PackageParser.Package smsPackage, int userId) { 808 if (doesPackageSupportRuntimePermissions(smsPackage)) { 809 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, userId); 810 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, userId); 811 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, userId); 812 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, userId); 813 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, userId); 814 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, userId); 815 } 816 } 817 818 public void grantDefaultPermissionsToDefaultSmsApp(String packageName, int userId) { 819 Log.i(TAG, "Granting permissions to default sms app for user:" + userId); 820 if (packageName == null) { 821 return; 822 } 823 PackageParser.Package smsPackage = getPackage(packageName); 824 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) { 825 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, false, true, userId); 826 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, false, true, userId); 827 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, false, true, userId); 828 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, false, true, userId); 829 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, false, true, userId); 830 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, false, true, userId); 831 } 832 } 833 834 public void grantDefaultPermissionsToDefaultDialerApp(String packageName, int userId) { 835 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId); 836 if (packageName == null) { 837 return; 838 } 839 PackageParser.Package dialerPackage = getPackage(packageName); 840 if (dialerPackage != null 841 && doesPackageSupportRuntimePermissions(dialerPackage)) { 842 grantRuntimePermissions(dialerPackage, PHONE_PERMISSIONS, false, true, userId); 843 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, false, true, userId); 844 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, false, true, userId); 845 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, false, true, userId); 846 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, false, true, userId); 847 } 848 } 849 850 private void grantDefaultPermissionsToDefaultSimCallManager( 851 PackageParser.Package simCallManagerPackage, int userId) { 852 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId); 853 if (doesPackageSupportRuntimePermissions(simCallManagerPackage)) { 854 grantRuntimePermissions(simCallManagerPackage, PHONE_PERMISSIONS, userId); 855 grantRuntimePermissions(simCallManagerPackage, MICROPHONE_PERMISSIONS, userId); 856 } 857 } 858 859 public void grantDefaultPermissionsToDefaultSimCallManager(String packageName, int userId) { 860 if (packageName == null) { 861 return; 862 } 863 PackageParser.Package simCallManagerPackage = getPackage(packageName); 864 if (simCallManagerPackage != null) { 865 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage, userId); 866 } 867 } 868 869 public void grantDefaultPermissionsToEnabledCarrierApps(String[] packageNames, int userId) { 870 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId); 871 if (packageNames == null) { 872 return; 873 } 874 for (String packageName : packageNames) { 875 PackageParser.Package carrierPackage = getSystemPackage(packageName); 876 if (carrierPackage != null 877 && doesPackageSupportRuntimePermissions(carrierPackage)) { 878 grantRuntimePermissions(carrierPackage, PHONE_PERMISSIONS, userId); 879 grantRuntimePermissions(carrierPackage, LOCATION_PERMISSIONS, userId); 880 grantRuntimePermissions(carrierPackage, SMS_PERMISSIONS, userId); 881 } 882 } 883 } 884 885 public void grantDefaultPermissionsToEnabledImsServices(String[] packageNames, int userId) { 886 Log.i(TAG, "Granting permissions to enabled ImsServices for user:" + userId); 887 if (packageNames == null) { 888 return; 889 } 890 for (String packageName : packageNames) { 891 PackageParser.Package imsServicePackage = getSystemPackage(packageName); 892 if (imsServicePackage != null 893 && doesPackageSupportRuntimePermissions(imsServicePackage)) { 894 grantRuntimePermissions(imsServicePackage, PHONE_PERMISSIONS, userId); 895 grantRuntimePermissions(imsServicePackage, MICROPHONE_PERMISSIONS, userId); 896 grantRuntimePermissions(imsServicePackage, LOCATION_PERMISSIONS, userId); 897 grantRuntimePermissions(imsServicePackage, CAMERA_PERMISSIONS, userId); 898 } 899 } 900 } 901 902 public void grantDefaultPermissionsToDefaultBrowser(String packageName, int userId) { 903 Log.i(TAG, "Granting permissions to default browser for user:" + userId); 904 if (packageName == null) { 905 return; 906 } 907 PackageParser.Package browserPackage = getSystemPackage(packageName); 908 if (browserPackage != null 909 && doesPackageSupportRuntimePermissions(browserPackage)) { 910 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, false, false, userId); 911 } 912 } 913 914 private PackageParser.Package getDefaultSystemHandlerActivityPackage( 915 Intent intent, int userId) { 916 ResolveInfo handler = mServiceInternal.resolveIntent(intent, 917 intent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS, userId, false); 918 if (handler == null || handler.activityInfo == null) { 919 return null; 920 } 921 if (mServiceInternal.isResolveActivityComponent(handler.activityInfo)) { 922 return null; 923 } 924 return getSystemPackage(handler.activityInfo.packageName); 925 } 926 927 private PackageParser.Package getDefaultSystemHandlerServicePackage( 928 Intent intent, int userId) { 929 List<ResolveInfo> handlers = mServiceInternal.queryIntentServices( 930 intent, DEFAULT_FLAGS, Binder.getCallingUid(), userId); 931 if (handlers == null) { 932 return null; 933 } 934 final int handlerCount = handlers.size(); 935 for (int i = 0; i < handlerCount; i++) { 936 ResolveInfo handler = handlers.get(i); 937 PackageParser.Package handlerPackage = getSystemPackage( 938 handler.serviceInfo.packageName); 939 if (handlerPackage != null) { 940 return handlerPackage; 941 } 942 } 943 return null; 944 } 945 946 private List<PackageParser.Package> getHeadlessSyncAdapterPackages( 947 String[] syncAdapterPackageNames, int userId) { 948 List<PackageParser.Package> syncAdapterPackages = new ArrayList<>(); 949 950 Intent homeIntent = new Intent(Intent.ACTION_MAIN); 951 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER); 952 953 for (String syncAdapterPackageName : syncAdapterPackageNames) { 954 homeIntent.setPackage(syncAdapterPackageName); 955 956 ResolveInfo homeActivity = mServiceInternal.resolveIntent(homeIntent, 957 homeIntent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS, 958 userId, false); 959 if (homeActivity != null) { 960 continue; 961 } 962 963 PackageParser.Package syncAdapterPackage = getSystemPackage(syncAdapterPackageName); 964 if (syncAdapterPackage != null) { 965 syncAdapterPackages.add(syncAdapterPackage); 966 } 967 } 968 969 return syncAdapterPackages; 970 } 971 972 private PackageParser.Package getDefaultProviderAuthorityPackage( 973 String authority, int userId) { 974 ProviderInfo provider = 975 mServiceInternal.resolveContentProvider(authority, DEFAULT_FLAGS, userId); 976 if (provider != null) { 977 return getSystemPackage(provider.packageName); 978 } 979 return null; 980 } 981 982 private PackageParser.Package getPackage(String packageName) { 983 return mServiceInternal.getPackage(packageName); 984 } 985 986 private PackageParser.Package getSystemPackage(String packageName) { 987 PackageParser.Package pkg = getPackage(packageName); 988 if (pkg != null && pkg.isSystemApp()) { 989 return !isSysComponentOrPersistentPlatformSignedPrivApp(pkg) ? pkg : null; 990 } 991 return null; 992 } 993 994 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions, 995 int userId) { 996 grantRuntimePermissions(pkg, permissions, false, false, userId); 997 } 998 999 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions, 1000 boolean systemFixed, int userId) { 1001 grantRuntimePermissions(pkg, permissions, systemFixed, false, userId); 1002 } 1003 1004 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions, 1005 boolean systemFixed, boolean isDefaultPhoneOrSms, int userId) { 1006 if (pkg.requestedPermissions.isEmpty()) { 1007 return; 1008 } 1009 1010 List<String> requestedPermissions = pkg.requestedPermissions; 1011 Set<String> grantablePermissions = null; 1012 1013 // If this is the default Phone or SMS app we grant permissions regardless 1014 // whether the version on the system image declares the permission as used since 1015 // selecting the app as the default Phone or SMS the user makes a deliberate 1016 // choice to grant this app the permissions needed to function. For all other 1017 // apps, (default grants on first boot and user creation) we don't grant default 1018 // permissions if the version on the system image does not declare them. 1019 if (!isDefaultPhoneOrSms && pkg.isUpdatedSystemApp()) { 1020 final PackageParser.Package disabledPkg = 1021 mServiceInternal.getDisabledPackage(pkg.packageName); 1022 if (disabledPkg != null) { 1023 if (disabledPkg.requestedPermissions.isEmpty()) { 1024 return; 1025 } 1026 if (!requestedPermissions.equals(disabledPkg.requestedPermissions)) { 1027 grantablePermissions = new ArraySet<>(requestedPermissions); 1028 requestedPermissions = disabledPkg.requestedPermissions; 1029 } 1030 } 1031 } 1032 1033 final int grantablePermissionCount = requestedPermissions.size(); 1034 for (int i = 0; i < grantablePermissionCount; i++) { 1035 String permission = requestedPermissions.get(i); 1036 1037 // If there is a disabled system app it may request a permission the updated 1038 // version ot the data partition doesn't, In this case skip the permission. 1039 if (grantablePermissions != null && !grantablePermissions.contains(permission)) { 1040 continue; 1041 } 1042 1043 if (permissions.contains(permission)) { 1044 final int flags = mServiceInternal.getPermissionFlagsTEMP( 1045 permission, pkg.packageName, userId); 1046 1047 // If any flags are set to the permission, then it is either set in 1048 // its current state by the system or device/profile owner or the user. 1049 // In all these cases we do not want to clobber the current state. 1050 // Unless the caller wants to override user choices. The override is 1051 // to make sure we can grant the needed permission to the default 1052 // sms and phone apps after the user chooses this in the UI. 1053 if (flags == 0 || isDefaultPhoneOrSms) { 1054 // Never clobber policy or system. 1055 final int fixedFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED 1056 | PackageManager.FLAG_PERMISSION_POLICY_FIXED; 1057 if ((flags & fixedFlags) != 0) { 1058 continue; 1059 } 1060 1061 mServiceInternal.grantRuntimePermission( 1062 pkg.packageName, permission, userId, false); 1063 if (DEBUG) { 1064 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ") 1065 + permission + " to default handler " + pkg.packageName); 1066 } 1067 1068 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT; 1069 if (systemFixed) { 1070 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; 1071 } 1072 1073 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName, 1074 newFlags, newFlags, userId); 1075 } 1076 1077 // If a component gets a permission for being the default handler A 1078 // and also default handler B, we grant the weaker grant form. 1079 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0 1080 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 1081 && !systemFixed) { 1082 if (DEBUG) { 1083 Log.i(TAG, "Granted not fixed " + permission + " to default handler " 1084 + pkg.packageName); 1085 } 1086 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName, 1087 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, userId); 1088 } 1089 } 1090 } 1091 } 1092 1093 private boolean isSysComponentOrPersistentPlatformSignedPrivApp(PackageParser.Package pkg) { 1094 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) { 1095 return true; 1096 } 1097 if (!pkg.isPrivilegedApp()) { 1098 return false; 1099 } 1100 final PackageParser.Package disabledPkg = 1101 mServiceInternal.getDisabledPackage(pkg.packageName); 1102 if (disabledPkg != null) { 1103 if ((disabledPkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 1104 return false; 1105 } 1106 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 1107 return false; 1108 } 1109 final String systemPackageName = mServiceInternal.getKnownPackageName( 1110 PackageManagerInternal.PACKAGE_SYSTEM, UserHandle.USER_SYSTEM); 1111 final PackageParser.Package systemPackage = getPackage(systemPackageName); 1112 return PackageManagerService.compareSignatures(systemPackage.mSignatures, 1113 pkg.mSignatures) == PackageManager.SIGNATURE_MATCH; 1114 } 1115 1116 private void grantDefaultPermissionExceptions(int userId) { 1117 mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS); 1118 1119 synchronized (mLock) { 1120 // mGrantExceptions is null only before the first read and then 1121 // it serves as a cache of the default grants that should be 1122 // performed for every user. If there is an entry then the app 1123 // is on the system image and supports runtime permissions. 1124 if (mGrantExceptions == null) { 1125 mGrantExceptions = readDefaultPermissionExceptionsLocked(); 1126 } 1127 } 1128 1129 Set<String> permissions = null; 1130 final int exceptionCount = mGrantExceptions.size(); 1131 for (int i = 0; i < exceptionCount; i++) { 1132 String packageName = mGrantExceptions.keyAt(i); 1133 PackageParser.Package pkg = getSystemPackage(packageName); 1134 List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i); 1135 final int permissionGrantCount = permissionGrants.size(); 1136 for (int j = 0; j < permissionGrantCount; j++) { 1137 DefaultPermissionGrant permissionGrant = permissionGrants.get(j); 1138 if (permissions == null) { 1139 permissions = new ArraySet<>(); 1140 } else { 1141 permissions.clear(); 1142 } 1143 permissions.add(permissionGrant.name); 1144 grantRuntimePermissions(pkg, permissions, 1145 permissionGrant.fixed, userId); 1146 } 1147 } 1148 } 1149 1150 private File[] getDefaultPermissionFiles() { 1151 ArrayList<File> ret = new ArrayList<File>(); 1152 File dir = new File(Environment.getRootDirectory(), "etc/default-permissions"); 1153 if (dir.isDirectory() && dir.canRead()) { 1154 Collections.addAll(ret, dir.listFiles()); 1155 } 1156 dir = new File(Environment.getVendorDirectory(), "etc/default-permissions"); 1157 if (dir.isDirectory() && dir.canRead()) { 1158 Collections.addAll(ret, dir.listFiles()); 1159 } 1160 return ret.isEmpty() ? null : ret.toArray(new File[0]); 1161 } 1162 1163 private @NonNull ArrayMap<String, List<DefaultPermissionGrant>> 1164 readDefaultPermissionExceptionsLocked() { 1165 File[] files = getDefaultPermissionFiles(); 1166 if (files == null) { 1167 return new ArrayMap<>(0); 1168 } 1169 1170 ArrayMap<String, List<DefaultPermissionGrant>> grantExceptions = new ArrayMap<>(); 1171 1172 // Iterate over the files in the directory and scan .xml files 1173 for (File file : files) { 1174 if (!file.getPath().endsWith(".xml")) { 1175 Slog.i(TAG, "Non-xml file " + file 1176 + " in " + file.getParent() + " directory, ignoring"); 1177 continue; 1178 } 1179 if (!file.canRead()) { 1180 Slog.w(TAG, "Default permissions file " + file + " cannot be read"); 1181 continue; 1182 } 1183 try ( 1184 InputStream str = new BufferedInputStream(new FileInputStream(file)) 1185 ) { 1186 XmlPullParser parser = Xml.newPullParser(); 1187 parser.setInput(str, null); 1188 parse(parser, grantExceptions); 1189 } catch (XmlPullParserException | IOException e) { 1190 Slog.w(TAG, "Error reading default permissions file " + file, e); 1191 } 1192 } 1193 1194 return grantExceptions; 1195 } 1196 1197 private void parse(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>> 1198 outGrantExceptions) throws IOException, XmlPullParserException { 1199 final int outerDepth = parser.getDepth(); 1200 int type; 1201 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1202 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1203 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1204 continue; 1205 } 1206 if (TAG_EXCEPTIONS.equals(parser.getName())) { 1207 parseExceptions(parser, outGrantExceptions); 1208 } else { 1209 Log.e(TAG, "Unknown tag " + parser.getName()); 1210 } 1211 } 1212 } 1213 1214 private void parseExceptions(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>> 1215 outGrantExceptions) throws IOException, XmlPullParserException { 1216 final int outerDepth = parser.getDepth(); 1217 int type; 1218 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1219 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1220 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1221 continue; 1222 } 1223 if (TAG_EXCEPTION.equals(parser.getName())) { 1224 String packageName = parser.getAttributeValue(null, ATTR_PACKAGE); 1225 1226 List<DefaultPermissionGrant> packageExceptions = 1227 outGrantExceptions.get(packageName); 1228 if (packageExceptions == null) { 1229 // The package must be on the system image 1230 PackageParser.Package pkg = getSystemPackage(packageName); 1231 if (pkg == null) { 1232 Log.w(TAG, "Unknown package:" + packageName); 1233 XmlUtils.skipCurrentTag(parser); 1234 continue; 1235 } 1236 1237 // The package must support runtime permissions 1238 if (!doesPackageSupportRuntimePermissions(pkg)) { 1239 Log.w(TAG, "Skipping non supporting runtime permissions package:" 1240 + packageName); 1241 XmlUtils.skipCurrentTag(parser); 1242 continue; 1243 } 1244 packageExceptions = new ArrayList<>(); 1245 outGrantExceptions.put(packageName, packageExceptions); 1246 } 1247 1248 parsePermission(parser, packageExceptions); 1249 } else { 1250 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exceptions>"); 1251 } 1252 } 1253 } 1254 1255 private void parsePermission(XmlPullParser parser, List<DefaultPermissionGrant> 1256 outPackageExceptions) throws IOException, XmlPullParserException { 1257 final int outerDepth = parser.getDepth(); 1258 int type; 1259 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1260 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1261 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1262 continue; 1263 } 1264 1265 if (TAG_PERMISSION.contains(parser.getName())) { 1266 String name = parser.getAttributeValue(null, ATTR_NAME); 1267 if (name == null) { 1268 Log.w(TAG, "Mandatory name attribute missing for permission tag"); 1269 XmlUtils.skipCurrentTag(parser); 1270 continue; 1271 } 1272 1273 final boolean fixed = XmlUtils.readBooleanAttribute(parser, ATTR_FIXED); 1274 1275 DefaultPermissionGrant exception = new DefaultPermissionGrant(name, fixed); 1276 outPackageExceptions.add(exception); 1277 } else { 1278 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exception>"); 1279 } 1280 } 1281 } 1282 1283 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) { 1284 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1; 1285 } 1286 1287 private static final class DefaultPermissionGrant { 1288 final String name; 1289 final boolean fixed; 1290 1291 public DefaultPermissionGrant(String name, boolean fixed) { 1292 this.name = name; 1293 this.fixed = fixed; 1294 } 1295 } 1296} 1297