DefaultPermissionGrantPolicy.java revision 1713d9e97aada3dc695800c18b1025238a11629d
1/* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.pm.permission; 18 19import static com.android.server.pm.PackageManagerServiceUtils.compareSignatures; 20 21import android.Manifest; 22import android.annotation.NonNull; 23import android.annotation.Nullable; 24import android.app.ActivityManager; 25import android.app.DownloadManager; 26import android.app.admin.DevicePolicyManager; 27import android.companion.CompanionDeviceManager; 28import android.content.Context; 29import android.content.Intent; 30import android.content.pm.ApplicationInfo; 31import android.content.pm.IPackageManager; 32import android.content.pm.PackageList; 33import android.content.pm.PackageManager; 34import android.content.pm.PackageManagerInternal; 35import android.content.pm.PackageParser; 36import android.content.pm.ProviderInfo; 37import android.content.pm.ResolveInfo; 38import android.content.pm.PackageManagerInternal.PackagesProvider; 39import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider; 40import android.media.RingtoneManager; 41import android.net.Uri; 42import android.os.Binder; 43import android.os.Build; 44import android.os.Environment; 45import android.os.Handler; 46import android.os.Looper; 47import android.os.Message; 48import android.os.UserHandle; 49import android.os.storage.StorageManager; 50import android.print.PrintManager; 51import android.provider.CalendarContract; 52import android.provider.ContactsContract; 53import android.provider.MediaStore; 54import android.provider.Telephony.Sms.Intents; 55import android.telephony.TelephonyManager; 56import android.security.Credentials; 57import android.util.ArrayMap; 58import android.util.ArraySet; 59import android.util.Log; 60import android.util.Slog; 61import android.util.Xml; 62import com.android.internal.util.XmlUtils; 63import com.android.server.LocalServices; 64 65import org.xmlpull.v1.XmlPullParser; 66import org.xmlpull.v1.XmlPullParserException; 67 68import java.io.BufferedInputStream; 69import java.io.File; 70import java.io.FileInputStream; 71import java.io.IOException; 72import java.io.InputStream; 73import java.util.ArrayList; 74import java.util.Collection; 75import java.util.Collections; 76import java.util.List; 77import java.util.Map; 78import java.util.Set; 79 80import static android.os.Process.FIRST_APPLICATION_UID; 81 82/** 83 * This class is the policy for granting runtime permissions to 84 * platform components and default handlers in the system such 85 * that the device is usable out-of-the-box. For example, the 86 * shell UID is a part of the system and the Phone app should 87 * have phone related permission by default. 88 * <p> 89 * NOTE: This class is at the wrong abstraction level. It is a part of the package manager 90 * service but knows about lots of higher level subsystems. The correct way to do this is 91 * to have an interface defined in the package manager but have the impl next to other 92 * policy stuff like PhoneWindowManager 93 */ 94public final class DefaultPermissionGrantPolicy { 95 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars 96 private static final boolean DEBUG = false; 97 98 private static final int DEFAULT_FLAGS = 99 PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE 100 | PackageManager.MATCH_UNINSTALLED_PACKAGES; 101 102 private static final String AUDIO_MIME_TYPE = "audio/mpeg"; 103 104 private static final String TAG_EXCEPTIONS = "exceptions"; 105 private static final String TAG_EXCEPTION = "exception"; 106 private static final String TAG_PERMISSION = "permission"; 107 private static final String ATTR_PACKAGE = "package"; 108 private static final String ATTR_NAME = "name"; 109 private static final String ATTR_FIXED = "fixed"; 110 111 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>(); 112 static { 113 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE); 114 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE); 115 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG); 116 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG); 117 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL); 118 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP); 119 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS); 120 } 121 122 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>(); 123 static { 124 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS); 125 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS); 126 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS); 127 } 128 129 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>(); 130 static { 131 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION); 132 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION); 133 } 134 135 private static final Set<String> COARSE_LOCATION_PERMISSIONS = new ArraySet<>(); 136 static { 137 COARSE_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION); 138 } 139 140 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>(); 141 static { 142 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR); 143 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR); 144 } 145 146 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>(); 147 static { 148 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS); 149 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS); 150 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS); 151 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH); 152 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS); 153 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS); 154 } 155 156 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>(); 157 static { 158 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO); 159 } 160 161 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>(); 162 static { 163 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA); 164 } 165 166 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>(); 167 static { 168 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS); 169 } 170 171 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>(); 172 static { 173 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE); 174 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE); 175 } 176 177 private static final int MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS = 1; 178 179 private static final String ACTION_TRACK = "com.android.fitness.TRACK"; 180 181 private final Handler mHandler; 182 183 private PackagesProvider mLocationPackagesProvider; 184 private PackagesProvider mVoiceInteractionPackagesProvider; 185 private PackagesProvider mSmsAppPackagesProvider; 186 private PackagesProvider mDialerAppPackagesProvider; 187 private PackagesProvider mSimCallManagerPackagesProvider; 188 private PackagesProvider mUseOpenWifiAppPackagesProvider; 189 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider; 190 191 private ArrayMap<String, List<DefaultPermissionGrant>> mGrantExceptions; 192 private final Context mContext; 193 private final Object mLock = new Object(); 194 private final PackageManagerInternal mServiceInternal; 195 private final PermissionManagerService mPermissionManager; 196 private final DefaultPermissionGrantedCallback mPermissionGrantedCallback; 197 public interface DefaultPermissionGrantedCallback { 198 /** Callback when permissions have been granted */ 199 public void onDefaultRuntimePermissionsGranted(int userId); 200 } 201 202 public DefaultPermissionGrantPolicy(Context context, Looper looper, 203 @Nullable DefaultPermissionGrantedCallback callback, 204 @NonNull PermissionManagerService permissionManager) { 205 mContext = context; 206 mHandler = new Handler(looper) { 207 @Override 208 public void handleMessage(Message msg) { 209 if (msg.what == MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS) { 210 synchronized (mLock) { 211 if (mGrantExceptions == null) { 212 mGrantExceptions = readDefaultPermissionExceptionsLocked(); 213 } 214 } 215 } 216 } 217 }; 218 mPermissionGrantedCallback = callback; 219 mPermissionManager = permissionManager; 220 mServiceInternal = LocalServices.getService(PackageManagerInternal.class); 221 } 222 223 public void setLocationPackagesProvider(PackagesProvider provider) { 224 synchronized (mLock) { 225 mLocationPackagesProvider = provider; 226 } 227 } 228 229 public void setVoiceInteractionPackagesProvider(PackagesProvider provider) { 230 synchronized (mLock) { 231 mVoiceInteractionPackagesProvider = provider; 232 } 233 } 234 235 public void setSmsAppPackagesProvider(PackagesProvider provider) { 236 synchronized (mLock) { 237 mSmsAppPackagesProvider = provider; 238 } 239 } 240 241 public void setDialerAppPackagesProvider(PackagesProvider provider) { 242 synchronized (mLock) { 243 mDialerAppPackagesProvider = provider; 244 } 245 } 246 247 public void setSimCallManagerPackagesProvider(PackagesProvider provider) { 248 synchronized (mLock) { 249 mSimCallManagerPackagesProvider = provider; 250 } 251 } 252 253 public void setUseOpenWifiAppPackagesProvider(PackagesProvider provider) { 254 synchronized (mLock) { 255 mUseOpenWifiAppPackagesProvider = provider; 256 } 257 } 258 259 public void setSyncAdapterPackagesProvider(SyncAdapterPackagesProvider provider) { 260 synchronized (mLock) { 261 mSyncAdapterPackagesProvider = provider; 262 } 263 } 264 265 public void grantDefaultPermissions(int userId) { 266 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) { 267 grantAllRuntimePermissions(userId); 268 } else { 269 grantPermissionsToSysComponentsAndPrivApps(userId); 270 grantDefaultSystemHandlerPermissions(userId); 271 grantDefaultPermissionExceptions(userId); 272 } 273 } 274 275 private void grantRuntimePermissionsForPackage(int userId, PackageParser.Package pkg) { 276 Set<String> permissions = new ArraySet<>(); 277 for (String permission : pkg.requestedPermissions) { 278 final BasePermission bp = mPermissionManager.getPermission(permission); 279 if (bp == null) { 280 continue; 281 } 282 if (bp.isRuntime()) { 283 permissions.add(permission); 284 } 285 } 286 if (!permissions.isEmpty()) { 287 grantRuntimePermissions(pkg, permissions, true, userId); 288 } 289 } 290 291 private void grantAllRuntimePermissions(int userId) { 292 Log.i(TAG, "Granting all runtime permissions for user " + userId); 293 final PackageList packageList = mServiceInternal.getPackageList(); 294 for (String packageName : packageList.getPackageNames()) { 295 final PackageParser.Package pkg = mServiceInternal.getPackage(packageName); 296 if (pkg == null) { 297 continue; 298 } 299 grantRuntimePermissionsForPackage(userId, pkg); 300 } 301 } 302 303 public void scheduleReadDefaultPermissionExceptions() { 304 mHandler.sendEmptyMessage(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS); 305 } 306 307 private void grantPermissionsToSysComponentsAndPrivApps(int userId) { 308 Log.i(TAG, "Granting permissions to platform components for user " + userId); 309 final PackageList packageList = mServiceInternal.getPackageList(); 310 for (String packageName : packageList.getPackageNames()) { 311 final PackageParser.Package pkg = mServiceInternal.getPackage(packageName); 312 if (pkg == null) { 313 continue; 314 } 315 if (!isSysComponentOrPersistentPlatformSignedPrivApp(pkg) 316 || !doesPackageSupportRuntimePermissions(pkg) 317 || pkg.requestedPermissions.isEmpty()) { 318 continue; 319 } 320 grantRuntimePermissionsForPackage(userId, pkg); 321 } 322 } 323 324 private void grantDefaultSystemHandlerPermissions(int userId) { 325 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId); 326 327 final PackagesProvider locationPackagesProvider; 328 final PackagesProvider voiceInteractionPackagesProvider; 329 final PackagesProvider smsAppPackagesProvider; 330 final PackagesProvider dialerAppPackagesProvider; 331 final PackagesProvider simCallManagerPackagesProvider; 332 final PackagesProvider useOpenWifiAppPackagesProvider; 333 final SyncAdapterPackagesProvider syncAdapterPackagesProvider; 334 335 synchronized (mLock) { 336 locationPackagesProvider = mLocationPackagesProvider; 337 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider; 338 smsAppPackagesProvider = mSmsAppPackagesProvider; 339 dialerAppPackagesProvider = mDialerAppPackagesProvider; 340 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider; 341 useOpenWifiAppPackagesProvider = mUseOpenWifiAppPackagesProvider; 342 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider; 343 } 344 345 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null) 346 ? voiceInteractionPackagesProvider.getPackages(userId) : null; 347 String[] locationPackageNames = (locationPackagesProvider != null) 348 ? locationPackagesProvider.getPackages(userId) : null; 349 String[] smsAppPackageNames = (smsAppPackagesProvider != null) 350 ? smsAppPackagesProvider.getPackages(userId) : null; 351 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null) 352 ? dialerAppPackagesProvider.getPackages(userId) : null; 353 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null) 354 ? simCallManagerPackagesProvider.getPackages(userId) : null; 355 String[] useOpenWifiAppPackageNames = (useOpenWifiAppPackagesProvider != null) 356 ? useOpenWifiAppPackagesProvider.getPackages(userId) : null; 357 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 358 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null; 359 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 360 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null; 361 362 // Installer 363 final String installerPackageName = mServiceInternal.getKnownPackageName( 364 PackageManagerInternal.PACKAGE_INSTALLER, userId); 365 PackageParser.Package installerPackage = getSystemPackage(installerPackageName); 366 if (installerPackage != null 367 && doesPackageSupportRuntimePermissions(installerPackage)) { 368 grantRuntimePermissions(installerPackage, STORAGE_PERMISSIONS, true, userId); 369 } 370 371 // Verifier 372 final String verifierPackageName = mServiceInternal.getKnownPackageName( 373 PackageManagerInternal.PACKAGE_VERIFIER, userId); 374 PackageParser.Package verifierPackage = getSystemPackage(verifierPackageName); 375 if (verifierPackage != null 376 && doesPackageSupportRuntimePermissions(verifierPackage)) { 377 grantRuntimePermissions(verifierPackage, STORAGE_PERMISSIONS, true, userId); 378 grantRuntimePermissions(verifierPackage, PHONE_PERMISSIONS, false, userId); 379 grantRuntimePermissions(verifierPackage, SMS_PERMISSIONS, false, userId); 380 } 381 382 // SetupWizard 383 final String setupWizardPackageName = mServiceInternal.getKnownPackageName( 384 PackageManagerInternal.PACKAGE_SETUP_WIZARD, userId); 385 PackageParser.Package setupPackage = getSystemPackage(setupWizardPackageName); 386 if (setupPackage != null 387 && doesPackageSupportRuntimePermissions(setupPackage)) { 388 grantRuntimePermissions(setupPackage, PHONE_PERMISSIONS, userId); 389 grantRuntimePermissions(setupPackage, CONTACTS_PERMISSIONS, userId); 390 grantRuntimePermissions(setupPackage, LOCATION_PERMISSIONS, userId); 391 grantRuntimePermissions(setupPackage, CAMERA_PERMISSIONS, userId); 392 } 393 394 // Camera 395 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE); 396 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackage( 397 cameraIntent, userId); 398 if (cameraPackage != null 399 && doesPackageSupportRuntimePermissions(cameraPackage)) { 400 grantRuntimePermissions(cameraPackage, CAMERA_PERMISSIONS, userId); 401 grantRuntimePermissions(cameraPackage, MICROPHONE_PERMISSIONS, userId); 402 grantRuntimePermissions(cameraPackage, STORAGE_PERMISSIONS, userId); 403 } 404 405 // Media provider 406 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackage( 407 MediaStore.AUTHORITY, userId); 408 if (mediaStorePackage != null) { 409 grantRuntimePermissions(mediaStorePackage, STORAGE_PERMISSIONS, true, userId); 410 grantRuntimePermissions(mediaStorePackage, PHONE_PERMISSIONS, true, userId); 411 } 412 413 // Downloads provider 414 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackage( 415 "downloads", userId); 416 if (downloadsPackage != null) { 417 grantRuntimePermissions(downloadsPackage, STORAGE_PERMISSIONS, true, userId); 418 } 419 420 // Downloads UI 421 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS); 422 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackage( 423 downloadsUiIntent, userId); 424 if (downloadsUiPackage != null 425 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) { 426 grantRuntimePermissions(downloadsUiPackage, STORAGE_PERMISSIONS, true, userId); 427 } 428 429 // Storage provider 430 PackageParser.Package storagePackage = getDefaultProviderAuthorityPackage( 431 "com.android.externalstorage.documents", userId); 432 if (storagePackage != null) { 433 grantRuntimePermissions(storagePackage, STORAGE_PERMISSIONS, true, userId); 434 } 435 436 // CertInstaller 437 Intent certInstallerIntent = new Intent(Credentials.INSTALL_ACTION); 438 PackageParser.Package certInstallerPackage = getDefaultSystemHandlerActivityPackage( 439 certInstallerIntent, userId); 440 if (certInstallerPackage != null 441 && doesPackageSupportRuntimePermissions(certInstallerPackage)) { 442 grantRuntimePermissions(certInstallerPackage, STORAGE_PERMISSIONS, true, userId); 443 } 444 445 // Dialer 446 if (dialerAppPackageNames == null) { 447 Intent dialerIntent = new Intent(Intent.ACTION_DIAL); 448 PackageParser.Package dialerPackage = getDefaultSystemHandlerActivityPackage( 449 dialerIntent, userId); 450 if (dialerPackage != null) { 451 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId); 452 } 453 } else { 454 for (String dialerAppPackageName : dialerAppPackageNames) { 455 PackageParser.Package dialerPackage = getSystemPackage(dialerAppPackageName); 456 if (dialerPackage != null) { 457 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId); 458 } 459 } 460 } 461 462 // Sim call manager 463 if (simCallManagerPackageNames != null) { 464 for (String simCallManagerPackageName : simCallManagerPackageNames) { 465 PackageParser.Package simCallManagerPackage = 466 getSystemPackage(simCallManagerPackageName); 467 if (simCallManagerPackage != null) { 468 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage, 469 userId); 470 } 471 } 472 } 473 474 // Use Open Wifi 475 if (useOpenWifiAppPackageNames != null) { 476 for (String useOpenWifiPackageName : useOpenWifiAppPackageNames) { 477 PackageParser.Package useOpenWifiPackage = 478 getSystemPackage(useOpenWifiPackageName); 479 if (useOpenWifiPackage != null) { 480 grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(useOpenWifiPackage, 481 userId); 482 } 483 } 484 } 485 486 // SMS 487 if (smsAppPackageNames == null) { 488 Intent smsIntent = new Intent(Intent.ACTION_MAIN); 489 smsIntent.addCategory(Intent.CATEGORY_APP_MESSAGING); 490 PackageParser.Package smsPackage = getDefaultSystemHandlerActivityPackage( 491 smsIntent, userId); 492 if (smsPackage != null) { 493 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId); 494 } 495 } else { 496 for (String smsPackageName : smsAppPackageNames) { 497 PackageParser.Package smsPackage = getSystemPackage(smsPackageName); 498 if (smsPackage != null) { 499 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId); 500 } 501 } 502 } 503 504 // Cell Broadcast Receiver 505 Intent cbrIntent = new Intent(Intents.SMS_CB_RECEIVED_ACTION); 506 PackageParser.Package cbrPackage = 507 getDefaultSystemHandlerActivityPackage(cbrIntent, userId); 508 if (cbrPackage != null && doesPackageSupportRuntimePermissions(cbrPackage)) { 509 grantRuntimePermissions(cbrPackage, SMS_PERMISSIONS, userId); 510 } 511 512 // Carrier Provisioning Service 513 Intent carrierProvIntent = new Intent(Intents.SMS_CARRIER_PROVISION_ACTION); 514 PackageParser.Package carrierProvPackage = 515 getDefaultSystemHandlerServicePackage(carrierProvIntent, userId); 516 if (carrierProvPackage != null 517 && doesPackageSupportRuntimePermissions(carrierProvPackage)) { 518 grantRuntimePermissions(carrierProvPackage, SMS_PERMISSIONS, false, userId); 519 } 520 521 // Calendar 522 Intent calendarIntent = new Intent(Intent.ACTION_MAIN); 523 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR); 524 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackage( 525 calendarIntent, userId); 526 if (calendarPackage != null 527 && doesPackageSupportRuntimePermissions(calendarPackage)) { 528 grantRuntimePermissions(calendarPackage, CALENDAR_PERMISSIONS, userId); 529 grantRuntimePermissions(calendarPackage, CONTACTS_PERMISSIONS, userId); 530 } 531 532 // Calendar provider 533 PackageParser.Package calendarProviderPackage = getDefaultProviderAuthorityPackage( 534 CalendarContract.AUTHORITY, userId); 535 if (calendarProviderPackage != null) { 536 grantRuntimePermissions(calendarProviderPackage, CONTACTS_PERMISSIONS, userId); 537 grantRuntimePermissions(calendarProviderPackage, CALENDAR_PERMISSIONS, 538 true, userId); 539 grantRuntimePermissions(calendarProviderPackage, STORAGE_PERMISSIONS, userId); 540 } 541 542 // Calendar provider sync adapters 543 List<PackageParser.Package> calendarSyncAdapters = getHeadlessSyncAdapterPackages( 544 calendarSyncAdapterPackages, userId); 545 final int calendarSyncAdapterCount = calendarSyncAdapters.size(); 546 for (int i = 0; i < calendarSyncAdapterCount; i++) { 547 PackageParser.Package calendarSyncAdapter = calendarSyncAdapters.get(i); 548 if (doesPackageSupportRuntimePermissions(calendarSyncAdapter)) { 549 grantRuntimePermissions(calendarSyncAdapter, CALENDAR_PERMISSIONS, userId); 550 } 551 } 552 553 // Contacts 554 Intent contactsIntent = new Intent(Intent.ACTION_MAIN); 555 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS); 556 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackage( 557 contactsIntent, userId); 558 if (contactsPackage != null 559 && doesPackageSupportRuntimePermissions(contactsPackage)) { 560 grantRuntimePermissions(contactsPackage, CONTACTS_PERMISSIONS, userId); 561 grantRuntimePermissions(contactsPackage, PHONE_PERMISSIONS, userId); 562 } 563 564 // Contacts provider sync adapters 565 List<PackageParser.Package> contactsSyncAdapters = getHeadlessSyncAdapterPackages( 566 contactsSyncAdapterPackages, userId); 567 final int contactsSyncAdapterCount = contactsSyncAdapters.size(); 568 for (int i = 0; i < contactsSyncAdapterCount; i++) { 569 PackageParser.Package contactsSyncAdapter = contactsSyncAdapters.get(i); 570 if (doesPackageSupportRuntimePermissions(contactsSyncAdapter)) { 571 grantRuntimePermissions(contactsSyncAdapter, CONTACTS_PERMISSIONS, userId); 572 } 573 } 574 575 // Contacts provider 576 PackageParser.Package contactsProviderPackage = getDefaultProviderAuthorityPackage( 577 ContactsContract.AUTHORITY, userId); 578 if (contactsProviderPackage != null) { 579 grantRuntimePermissions(contactsProviderPackage, CONTACTS_PERMISSIONS, 580 true, userId); 581 grantRuntimePermissions(contactsProviderPackage, PHONE_PERMISSIONS, 582 true, userId); 583 grantRuntimePermissions(contactsProviderPackage, STORAGE_PERMISSIONS, userId); 584 } 585 586 // Device provisioning 587 Intent deviceProvisionIntent = new Intent( 588 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE); 589 PackageParser.Package deviceProvisionPackage = 590 getDefaultSystemHandlerActivityPackage(deviceProvisionIntent, userId); 591 if (deviceProvisionPackage != null 592 && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) { 593 grantRuntimePermissions(deviceProvisionPackage, CONTACTS_PERMISSIONS, userId); 594 } 595 596 // Maps 597 Intent mapsIntent = new Intent(Intent.ACTION_MAIN); 598 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS); 599 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackage( 600 mapsIntent, userId); 601 if (mapsPackage != null 602 && doesPackageSupportRuntimePermissions(mapsPackage)) { 603 grantRuntimePermissions(mapsPackage, LOCATION_PERMISSIONS, userId); 604 } 605 606 // Gallery 607 Intent galleryIntent = new Intent(Intent.ACTION_MAIN); 608 galleryIntent.addCategory(Intent.CATEGORY_APP_GALLERY); 609 PackageParser.Package galleryPackage = getDefaultSystemHandlerActivityPackage( 610 galleryIntent, userId); 611 if (galleryPackage != null 612 && doesPackageSupportRuntimePermissions(galleryPackage)) { 613 grantRuntimePermissions(galleryPackage, STORAGE_PERMISSIONS, userId); 614 } 615 616 // Email 617 Intent emailIntent = new Intent(Intent.ACTION_MAIN); 618 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL); 619 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackage( 620 emailIntent, userId); 621 if (emailPackage != null 622 && doesPackageSupportRuntimePermissions(emailPackage)) { 623 grantRuntimePermissions(emailPackage, CONTACTS_PERMISSIONS, userId); 624 grantRuntimePermissions(emailPackage, CALENDAR_PERMISSIONS, userId); 625 } 626 627 // Browser 628 PackageParser.Package browserPackage = null; 629 String defaultBrowserPackage = mServiceInternal.getKnownPackageName( 630 PackageManagerInternal.PACKAGE_BROWSER, userId); 631 if (defaultBrowserPackage != null) { 632 browserPackage = getPackage(defaultBrowserPackage); 633 } 634 if (browserPackage == null) { 635 Intent browserIntent = new Intent(Intent.ACTION_MAIN); 636 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER); 637 browserPackage = getDefaultSystemHandlerActivityPackage( 638 browserIntent, userId); 639 } 640 if (browserPackage != null 641 && doesPackageSupportRuntimePermissions(browserPackage)) { 642 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, userId); 643 } 644 645 // Voice interaction 646 if (voiceInteractPackageNames != null) { 647 for (String voiceInteractPackageName : voiceInteractPackageNames) { 648 PackageParser.Package voiceInteractPackage = getSystemPackage( 649 voiceInteractPackageName); 650 if (voiceInteractPackage != null 651 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) { 652 grantRuntimePermissions(voiceInteractPackage, 653 CONTACTS_PERMISSIONS, userId); 654 grantRuntimePermissions(voiceInteractPackage, 655 CALENDAR_PERMISSIONS, userId); 656 grantRuntimePermissions(voiceInteractPackage, 657 MICROPHONE_PERMISSIONS, userId); 658 grantRuntimePermissions(voiceInteractPackage, 659 PHONE_PERMISSIONS, userId); 660 grantRuntimePermissions(voiceInteractPackage, 661 SMS_PERMISSIONS, userId); 662 grantRuntimePermissions(voiceInteractPackage, 663 LOCATION_PERMISSIONS, userId); 664 } 665 } 666 } 667 668 if (ActivityManager.isLowRamDeviceStatic()) { 669 // Allow voice search on low-ram devices 670 Intent globalSearchIntent = new Intent("android.search.action.GLOBAL_SEARCH"); 671 PackageParser.Package globalSearchPickerPackage = 672 getDefaultSystemHandlerActivityPackage(globalSearchIntent, userId); 673 674 if (globalSearchPickerPackage != null 675 && doesPackageSupportRuntimePermissions(globalSearchPickerPackage)) { 676 grantRuntimePermissions(globalSearchPickerPackage, 677 MICROPHONE_PERMISSIONS, false, userId); 678 grantRuntimePermissions(globalSearchPickerPackage, 679 LOCATION_PERMISSIONS, false, userId); 680 } 681 } 682 683 // Voice recognition 684 Intent voiceRecoIntent = new Intent("android.speech.RecognitionService"); 685 voiceRecoIntent.addCategory(Intent.CATEGORY_DEFAULT); 686 PackageParser.Package voiceRecoPackage = getDefaultSystemHandlerServicePackage( 687 voiceRecoIntent, userId); 688 if (voiceRecoPackage != null 689 && doesPackageSupportRuntimePermissions(voiceRecoPackage)) { 690 grantRuntimePermissions(voiceRecoPackage, MICROPHONE_PERMISSIONS, userId); 691 } 692 693 // Location 694 if (locationPackageNames != null) { 695 for (String packageName : locationPackageNames) { 696 PackageParser.Package locationPackage = getSystemPackage(packageName); 697 if (locationPackage != null 698 && doesPackageSupportRuntimePermissions(locationPackage)) { 699 grantRuntimePermissions(locationPackage, CONTACTS_PERMISSIONS, userId); 700 grantRuntimePermissions(locationPackage, CALENDAR_PERMISSIONS, userId); 701 grantRuntimePermissions(locationPackage, MICROPHONE_PERMISSIONS, userId); 702 grantRuntimePermissions(locationPackage, PHONE_PERMISSIONS, userId); 703 grantRuntimePermissions(locationPackage, SMS_PERMISSIONS, userId); 704 grantRuntimePermissions(locationPackage, LOCATION_PERMISSIONS, 705 true, userId); 706 grantRuntimePermissions(locationPackage, CAMERA_PERMISSIONS, userId); 707 grantRuntimePermissions(locationPackage, SENSORS_PERMISSIONS, userId); 708 grantRuntimePermissions(locationPackage, STORAGE_PERMISSIONS, userId); 709 } 710 } 711 } 712 713 // Music 714 Intent musicIntent = new Intent(Intent.ACTION_VIEW); 715 musicIntent.addCategory(Intent.CATEGORY_DEFAULT); 716 musicIntent.setDataAndType(Uri.fromFile(new File("foo.mp3")), 717 AUDIO_MIME_TYPE); 718 PackageParser.Package musicPackage = getDefaultSystemHandlerActivityPackage( 719 musicIntent, userId); 720 if (musicPackage != null 721 && doesPackageSupportRuntimePermissions(musicPackage)) { 722 grantRuntimePermissions(musicPackage, STORAGE_PERMISSIONS, userId); 723 } 724 725 // Home 726 Intent homeIntent = new Intent(Intent.ACTION_MAIN); 727 homeIntent.addCategory(Intent.CATEGORY_HOME); 728 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER_APP); 729 PackageParser.Package homePackage = getDefaultSystemHandlerActivityPackage( 730 homeIntent, userId); 731 if (homePackage != null 732 && doesPackageSupportRuntimePermissions(homePackage)) { 733 grantRuntimePermissions(homePackage, LOCATION_PERMISSIONS, false, userId); 734 } 735 736 // Watches 737 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0)) { 738 // Home application on watches 739 Intent wearHomeIntent = new Intent(Intent.ACTION_MAIN); 740 wearHomeIntent.addCategory(Intent.CATEGORY_HOME_MAIN); 741 742 PackageParser.Package wearHomePackage = getDefaultSystemHandlerActivityPackage( 743 wearHomeIntent, userId); 744 745 if (wearHomePackage != null 746 && doesPackageSupportRuntimePermissions(wearHomePackage)) { 747 grantRuntimePermissions(wearHomePackage, CONTACTS_PERMISSIONS, false, 748 userId); 749 grantRuntimePermissions(wearHomePackage, PHONE_PERMISSIONS, true, userId); 750 grantRuntimePermissions(wearHomePackage, MICROPHONE_PERMISSIONS, false, 751 userId); 752 grantRuntimePermissions(wearHomePackage, LOCATION_PERMISSIONS, false, 753 userId); 754 } 755 756 // Fitness tracking on watches 757 Intent trackIntent = new Intent(ACTION_TRACK); 758 PackageParser.Package trackPackage = getDefaultSystemHandlerActivityPackage( 759 trackIntent, userId); 760 if (trackPackage != null 761 && doesPackageSupportRuntimePermissions(trackPackage)) { 762 grantRuntimePermissions(trackPackage, SENSORS_PERMISSIONS, false, userId); 763 grantRuntimePermissions(trackPackage, LOCATION_PERMISSIONS, false, userId); 764 } 765 } 766 767 // Print Spooler 768 PackageParser.Package printSpoolerPackage = getSystemPackage( 769 PrintManager.PRINT_SPOOLER_PACKAGE_NAME); 770 if (printSpoolerPackage != null 771 && doesPackageSupportRuntimePermissions(printSpoolerPackage)) { 772 grantRuntimePermissions(printSpoolerPackage, LOCATION_PERMISSIONS, true, userId); 773 } 774 775 // EmergencyInfo 776 Intent emergencyInfoIntent = new Intent(TelephonyManager.ACTION_EMERGENCY_ASSISTANCE); 777 PackageParser.Package emergencyInfoPckg = getDefaultSystemHandlerActivityPackage( 778 emergencyInfoIntent, userId); 779 if (emergencyInfoPckg != null 780 && doesPackageSupportRuntimePermissions(emergencyInfoPckg)) { 781 grantRuntimePermissions(emergencyInfoPckg, CONTACTS_PERMISSIONS, true, userId); 782 grantRuntimePermissions(emergencyInfoPckg, PHONE_PERMISSIONS, true, userId); 783 } 784 785 // NFC Tag viewer 786 Intent nfcTagIntent = new Intent(Intent.ACTION_VIEW); 787 nfcTagIntent.setType("vnd.android.cursor.item/ndef_msg"); 788 PackageParser.Package nfcTagPkg = getDefaultSystemHandlerActivityPackage( 789 nfcTagIntent, userId); 790 if (nfcTagPkg != null 791 && doesPackageSupportRuntimePermissions(nfcTagPkg)) { 792 grantRuntimePermissions(nfcTagPkg, CONTACTS_PERMISSIONS, false, userId); 793 grantRuntimePermissions(nfcTagPkg, PHONE_PERMISSIONS, false, userId); 794 } 795 796 // Storage Manager 797 Intent storageManagerIntent = new Intent(StorageManager.ACTION_MANAGE_STORAGE); 798 PackageParser.Package storageManagerPckg = getDefaultSystemHandlerActivityPackage( 799 storageManagerIntent, userId); 800 if (storageManagerPckg != null 801 && doesPackageSupportRuntimePermissions(storageManagerPckg)) { 802 grantRuntimePermissions(storageManagerPckg, STORAGE_PERMISSIONS, true, userId); 803 } 804 805 // Companion devices 806 PackageParser.Package companionDeviceDiscoveryPackage = getSystemPackage( 807 CompanionDeviceManager.COMPANION_DEVICE_DISCOVERY_PACKAGE_NAME); 808 if (companionDeviceDiscoveryPackage != null 809 && doesPackageSupportRuntimePermissions(companionDeviceDiscoveryPackage)) { 810 grantRuntimePermissions(companionDeviceDiscoveryPackage, 811 LOCATION_PERMISSIONS, true, userId); 812 } 813 814 // Ringtone Picker 815 Intent ringtonePickerIntent = new Intent(RingtoneManager.ACTION_RINGTONE_PICKER); 816 PackageParser.Package ringtonePickerPackage = 817 getDefaultSystemHandlerActivityPackage(ringtonePickerIntent, userId); 818 if (ringtonePickerPackage != null 819 && doesPackageSupportRuntimePermissions(ringtonePickerPackage)) { 820 grantRuntimePermissions(ringtonePickerPackage, 821 STORAGE_PERMISSIONS, true, userId); 822 } 823 824 if (mPermissionGrantedCallback != null) { 825 mPermissionGrantedCallback.onDefaultRuntimePermissionsGranted(userId); 826 } 827 } 828 829 private void grantDefaultPermissionsToDefaultSystemDialerApp( 830 PackageParser.Package dialerPackage, int userId) { 831 if (doesPackageSupportRuntimePermissions(dialerPackage)) { 832 boolean isPhonePermFixed = 833 mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0); 834 grantRuntimePermissions( 835 dialerPackage, PHONE_PERMISSIONS, isPhonePermFixed, userId); 836 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, userId); 837 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, userId); 838 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, userId); 839 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, userId); 840 } 841 } 842 843 private void grantDefaultPermissionsToDefaultSystemSmsApp( 844 PackageParser.Package smsPackage, int userId) { 845 if (doesPackageSupportRuntimePermissions(smsPackage)) { 846 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, userId); 847 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, userId); 848 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, userId); 849 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, userId); 850 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, userId); 851 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, userId); 852 } 853 } 854 855 private void grantDefaultPermissionsToDefaultSystemUseOpenWifiApp( 856 PackageParser.Package useOpenWifiPackage, int userId) { 857 if (doesPackageSupportRuntimePermissions(useOpenWifiPackage)) { 858 grantRuntimePermissions(useOpenWifiPackage, COARSE_LOCATION_PERMISSIONS, userId); 859 } 860 } 861 862 public void grantDefaultPermissionsToDefaultSmsApp(String packageName, int userId) { 863 Log.i(TAG, "Granting permissions to default sms app for user:" + userId); 864 if (packageName == null) { 865 return; 866 } 867 PackageParser.Package smsPackage = getPackage(packageName); 868 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) { 869 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, false, true, userId); 870 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, false, true, userId); 871 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, false, true, userId); 872 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, false, true, userId); 873 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, false, true, userId); 874 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, false, true, userId); 875 } 876 } 877 878 public void grantDefaultPermissionsToDefaultDialerApp(String packageName, int userId) { 879 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId); 880 if (packageName == null) { 881 return; 882 } 883 PackageParser.Package dialerPackage = getPackage(packageName); 884 if (dialerPackage != null 885 && doesPackageSupportRuntimePermissions(dialerPackage)) { 886 grantRuntimePermissions(dialerPackage, PHONE_PERMISSIONS, false, true, userId); 887 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, false, true, userId); 888 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, false, true, userId); 889 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, false, true, userId); 890 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, false, true, userId); 891 } 892 } 893 894 public void grantDefaultPermissionsToDefaultUseOpenWifiApp(String packageName, int userId) { 895 Log.i(TAG, "Granting permissions to default Use Open WiFi app for user:" + userId); 896 if (packageName == null) { 897 return; 898 } 899 PackageParser.Package useOpenWifiPackage = getPackage(packageName); 900 if (useOpenWifiPackage != null 901 && doesPackageSupportRuntimePermissions(useOpenWifiPackage)) { 902 grantRuntimePermissions( 903 useOpenWifiPackage, COARSE_LOCATION_PERMISSIONS, false, true, userId); 904 } 905 } 906 907 private void grantDefaultPermissionsToDefaultSimCallManager( 908 PackageParser.Package simCallManagerPackage, int userId) { 909 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId); 910 if (doesPackageSupportRuntimePermissions(simCallManagerPackage)) { 911 grantRuntimePermissions(simCallManagerPackage, PHONE_PERMISSIONS, userId); 912 grantRuntimePermissions(simCallManagerPackage, MICROPHONE_PERMISSIONS, userId); 913 } 914 } 915 916 public void grantDefaultPermissionsToDefaultSimCallManager(String packageName, int userId) { 917 if (packageName == null) { 918 return; 919 } 920 PackageParser.Package simCallManagerPackage = getPackage(packageName); 921 if (simCallManagerPackage != null) { 922 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage, userId); 923 } 924 } 925 926 public void grantDefaultPermissionsToEnabledCarrierApps(String[] packageNames, int userId) { 927 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId); 928 if (packageNames == null) { 929 return; 930 } 931 for (String packageName : packageNames) { 932 PackageParser.Package carrierPackage = getSystemPackage(packageName); 933 if (carrierPackage != null 934 && doesPackageSupportRuntimePermissions(carrierPackage)) { 935 grantRuntimePermissions(carrierPackage, PHONE_PERMISSIONS, userId); 936 grantRuntimePermissions(carrierPackage, LOCATION_PERMISSIONS, userId); 937 grantRuntimePermissions(carrierPackage, SMS_PERMISSIONS, userId); 938 } 939 } 940 } 941 942 public void grantDefaultPermissionsToEnabledImsServices(String[] packageNames, int userId) { 943 Log.i(TAG, "Granting permissions to enabled ImsServices for user:" + userId); 944 if (packageNames == null) { 945 return; 946 } 947 for (String packageName : packageNames) { 948 PackageParser.Package imsServicePackage = getSystemPackage(packageName); 949 if (imsServicePackage != null 950 && doesPackageSupportRuntimePermissions(imsServicePackage)) { 951 grantRuntimePermissions(imsServicePackage, PHONE_PERMISSIONS, userId); 952 grantRuntimePermissions(imsServicePackage, MICROPHONE_PERMISSIONS, userId); 953 grantRuntimePermissions(imsServicePackage, LOCATION_PERMISSIONS, userId); 954 grantRuntimePermissions(imsServicePackage, CAMERA_PERMISSIONS, userId); 955 } 956 } 957 } 958 959 public void grantDefaultPermissionsToDefaultBrowser(String packageName, int userId) { 960 Log.i(TAG, "Granting permissions to default browser for user:" + userId); 961 if (packageName == null) { 962 return; 963 } 964 PackageParser.Package browserPackage = getSystemPackage(packageName); 965 if (browserPackage != null 966 && doesPackageSupportRuntimePermissions(browserPackage)) { 967 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, false, false, userId); 968 } 969 } 970 971 private PackageParser.Package getDefaultSystemHandlerActivityPackage( 972 Intent intent, int userId) { 973 ResolveInfo handler = mServiceInternal.resolveIntent(intent, 974 intent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS, userId, false); 975 if (handler == null || handler.activityInfo == null) { 976 return null; 977 } 978 if (mServiceInternal.isResolveActivityComponent(handler.activityInfo)) { 979 return null; 980 } 981 return getSystemPackage(handler.activityInfo.packageName); 982 } 983 984 private PackageParser.Package getDefaultSystemHandlerServicePackage( 985 Intent intent, int userId) { 986 List<ResolveInfo> handlers = mServiceInternal.queryIntentServices( 987 intent, DEFAULT_FLAGS, Binder.getCallingUid(), userId); 988 if (handlers == null) { 989 return null; 990 } 991 final int handlerCount = handlers.size(); 992 for (int i = 0; i < handlerCount; i++) { 993 ResolveInfo handler = handlers.get(i); 994 PackageParser.Package handlerPackage = getSystemPackage( 995 handler.serviceInfo.packageName); 996 if (handlerPackage != null) { 997 return handlerPackage; 998 } 999 } 1000 return null; 1001 } 1002 1003 private List<PackageParser.Package> getHeadlessSyncAdapterPackages( 1004 String[] syncAdapterPackageNames, int userId) { 1005 List<PackageParser.Package> syncAdapterPackages = new ArrayList<>(); 1006 1007 Intent homeIntent = new Intent(Intent.ACTION_MAIN); 1008 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER); 1009 1010 for (String syncAdapterPackageName : syncAdapterPackageNames) { 1011 homeIntent.setPackage(syncAdapterPackageName); 1012 1013 ResolveInfo homeActivity = mServiceInternal.resolveIntent(homeIntent, 1014 homeIntent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS, 1015 userId, false); 1016 if (homeActivity != null) { 1017 continue; 1018 } 1019 1020 PackageParser.Package syncAdapterPackage = getSystemPackage(syncAdapterPackageName); 1021 if (syncAdapterPackage != null) { 1022 syncAdapterPackages.add(syncAdapterPackage); 1023 } 1024 } 1025 1026 return syncAdapterPackages; 1027 } 1028 1029 private PackageParser.Package getDefaultProviderAuthorityPackage( 1030 String authority, int userId) { 1031 ProviderInfo provider = 1032 mServiceInternal.resolveContentProvider(authority, DEFAULT_FLAGS, userId); 1033 if (provider != null) { 1034 return getSystemPackage(provider.packageName); 1035 } 1036 return null; 1037 } 1038 1039 private PackageParser.Package getPackage(String packageName) { 1040 return mServiceInternal.getPackage(packageName); 1041 } 1042 1043 private PackageParser.Package getSystemPackage(String packageName) { 1044 PackageParser.Package pkg = getPackage(packageName); 1045 if (pkg != null && pkg.isSystem()) { 1046 return !isSysComponentOrPersistentPlatformSignedPrivApp(pkg) ? pkg : null; 1047 } 1048 return null; 1049 } 1050 1051 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions, 1052 int userId) { 1053 grantRuntimePermissions(pkg, permissions, false, false, userId); 1054 } 1055 1056 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions, 1057 boolean systemFixed, int userId) { 1058 grantRuntimePermissions(pkg, permissions, systemFixed, false, userId); 1059 } 1060 1061 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions, 1062 boolean systemFixed, boolean ignoreSystemPackage, int userId) { 1063 if (pkg.requestedPermissions.isEmpty()) { 1064 return; 1065 } 1066 1067 List<String> requestedPermissions = pkg.requestedPermissions; 1068 Set<String> grantablePermissions = null; 1069 1070 // In some cases, like for the Phone or SMS app, we grant permissions regardless 1071 // of if the version on the system image declares the permission as used since 1072 // selecting the app as the default for that function the user makes a deliberate 1073 // choice to grant this app the permissions needed to function. For all other 1074 // apps, (default grants on first boot and user creation) we don't grant default 1075 // permissions if the version on the system image does not declare them. 1076 if (!ignoreSystemPackage && pkg.isUpdatedSystemApp()) { 1077 final PackageParser.Package disabledPkg = 1078 mServiceInternal.getDisabledPackage(pkg.packageName); 1079 if (disabledPkg != null) { 1080 if (disabledPkg.requestedPermissions.isEmpty()) { 1081 return; 1082 } 1083 if (!requestedPermissions.equals(disabledPkg.requestedPermissions)) { 1084 grantablePermissions = new ArraySet<>(requestedPermissions); 1085 requestedPermissions = disabledPkg.requestedPermissions; 1086 } 1087 } 1088 } 1089 1090 final int grantablePermissionCount = requestedPermissions.size(); 1091 for (int i = 0; i < grantablePermissionCount; i++) { 1092 String permission = requestedPermissions.get(i); 1093 1094 // If there is a disabled system app it may request a permission the updated 1095 // version ot the data partition doesn't, In this case skip the permission. 1096 if (grantablePermissions != null && !grantablePermissions.contains(permission)) { 1097 continue; 1098 } 1099 1100 if (permissions.contains(permission)) { 1101 final int flags = mServiceInternal.getPermissionFlagsTEMP( 1102 permission, pkg.packageName, userId); 1103 1104 // If any flags are set to the permission, then it is either set in 1105 // its current state by the system or device/profile owner or the user. 1106 // In all these cases we do not want to clobber the current state. 1107 // Unless the caller wants to override user choices. The override is 1108 // to make sure we can grant the needed permission to the default 1109 // sms and phone apps after the user chooses this in the UI. 1110 if (flags == 0 || ignoreSystemPackage) { 1111 // Never clobber policy or system. 1112 final int fixedFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED 1113 | PackageManager.FLAG_PERMISSION_POLICY_FIXED; 1114 if ((flags & fixedFlags) != 0) { 1115 continue; 1116 } 1117 1118 mServiceInternal.grantRuntimePermission( 1119 pkg.packageName, permission, userId, false); 1120 if (DEBUG) { 1121 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ") 1122 + permission + " to default handler " + pkg.packageName); 1123 } 1124 1125 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT; 1126 if (systemFixed) { 1127 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; 1128 } 1129 1130 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName, 1131 newFlags, newFlags, userId); 1132 } 1133 1134 // If a component gets a permission for being the default handler A 1135 // and also default handler B, we grant the weaker grant form. 1136 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0 1137 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 1138 && !systemFixed) { 1139 if (DEBUG) { 1140 Log.i(TAG, "Granted not fixed " + permission + " to default handler " 1141 + pkg.packageName); 1142 } 1143 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName, 1144 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, userId); 1145 } 1146 } 1147 } 1148 } 1149 1150 private boolean isSysComponentOrPersistentPlatformSignedPrivApp(PackageParser.Package pkg) { 1151 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) { 1152 return true; 1153 } 1154 if (!pkg.isPrivileged()) { 1155 return false; 1156 } 1157 final PackageParser.Package disabledPkg = 1158 mServiceInternal.getDisabledPackage(pkg.packageName); 1159 if (disabledPkg != null) { 1160 if ((disabledPkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 1161 return false; 1162 } 1163 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 1164 return false; 1165 } 1166 final String systemPackageName = mServiceInternal.getKnownPackageName( 1167 PackageManagerInternal.PACKAGE_SYSTEM, UserHandle.USER_SYSTEM); 1168 final PackageParser.Package systemPackage = getPackage(systemPackageName); 1169 return compareSignatures(systemPackage.mSigningDetails.signatures, 1170 pkg.mSigningDetails.signatures) 1171 == PackageManager.SIGNATURE_MATCH; 1172 } 1173 1174 private void grantDefaultPermissionExceptions(int userId) { 1175 mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS); 1176 1177 synchronized (mLock) { 1178 // mGrantExceptions is null only before the first read and then 1179 // it serves as a cache of the default grants that should be 1180 // performed for every user. If there is an entry then the app 1181 // is on the system image and supports runtime permissions. 1182 if (mGrantExceptions == null) { 1183 mGrantExceptions = readDefaultPermissionExceptionsLocked(); 1184 } 1185 } 1186 1187 Set<String> permissions = null; 1188 final int exceptionCount = mGrantExceptions.size(); 1189 for (int i = 0; i < exceptionCount; i++) { 1190 String packageName = mGrantExceptions.keyAt(i); 1191 PackageParser.Package pkg = getSystemPackage(packageName); 1192 List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i); 1193 final int permissionGrantCount = permissionGrants.size(); 1194 for (int j = 0; j < permissionGrantCount; j++) { 1195 DefaultPermissionGrant permissionGrant = permissionGrants.get(j); 1196 if (permissions == null) { 1197 permissions = new ArraySet<>(); 1198 } else { 1199 permissions.clear(); 1200 } 1201 permissions.add(permissionGrant.name); 1202 grantRuntimePermissions(pkg, permissions, 1203 permissionGrant.fixed, userId); 1204 } 1205 } 1206 } 1207 1208 private File[] getDefaultPermissionFiles() { 1209 ArrayList<File> ret = new ArrayList<File>(); 1210 File dir = new File(Environment.getRootDirectory(), "etc/default-permissions"); 1211 if (dir.isDirectory() && dir.canRead()) { 1212 Collections.addAll(ret, dir.listFiles()); 1213 } 1214 dir = new File(Environment.getVendorDirectory(), "etc/default-permissions"); 1215 if (dir.isDirectory() && dir.canRead()) { 1216 Collections.addAll(ret, dir.listFiles()); 1217 } 1218 dir = new File(Environment.getProductDirectory(), "etc/default-permissions"); 1219 if (dir.isDirectory() && dir.canRead()) { 1220 Collections.addAll(ret, dir.listFiles()); 1221 } 1222 return ret.isEmpty() ? null : ret.toArray(new File[0]); 1223 } 1224 1225 private @NonNull ArrayMap<String, List<DefaultPermissionGrant>> 1226 readDefaultPermissionExceptionsLocked() { 1227 File[] files = getDefaultPermissionFiles(); 1228 if (files == null) { 1229 return new ArrayMap<>(0); 1230 } 1231 1232 ArrayMap<String, List<DefaultPermissionGrant>> grantExceptions = new ArrayMap<>(); 1233 1234 // Iterate over the files in the directory and scan .xml files 1235 for (File file : files) { 1236 if (!file.getPath().endsWith(".xml")) { 1237 Slog.i(TAG, "Non-xml file " + file 1238 + " in " + file.getParent() + " directory, ignoring"); 1239 continue; 1240 } 1241 if (!file.canRead()) { 1242 Slog.w(TAG, "Default permissions file " + file + " cannot be read"); 1243 continue; 1244 } 1245 try ( 1246 InputStream str = new BufferedInputStream(new FileInputStream(file)) 1247 ) { 1248 XmlPullParser parser = Xml.newPullParser(); 1249 parser.setInput(str, null); 1250 parse(parser, grantExceptions); 1251 } catch (XmlPullParserException | IOException e) { 1252 Slog.w(TAG, "Error reading default permissions file " + file, e); 1253 } 1254 } 1255 1256 return grantExceptions; 1257 } 1258 1259 private void parse(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>> 1260 outGrantExceptions) throws IOException, XmlPullParserException { 1261 final int outerDepth = parser.getDepth(); 1262 int type; 1263 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1264 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1265 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1266 continue; 1267 } 1268 if (TAG_EXCEPTIONS.equals(parser.getName())) { 1269 parseExceptions(parser, outGrantExceptions); 1270 } else { 1271 Log.e(TAG, "Unknown tag " + parser.getName()); 1272 } 1273 } 1274 } 1275 1276 private void parseExceptions(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>> 1277 outGrantExceptions) throws IOException, XmlPullParserException { 1278 final int outerDepth = parser.getDepth(); 1279 int type; 1280 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1281 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1282 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1283 continue; 1284 } 1285 if (TAG_EXCEPTION.equals(parser.getName())) { 1286 String packageName = parser.getAttributeValue(null, ATTR_PACKAGE); 1287 1288 List<DefaultPermissionGrant> packageExceptions = 1289 outGrantExceptions.get(packageName); 1290 if (packageExceptions == null) { 1291 // The package must be on the system image 1292 PackageParser.Package pkg = getSystemPackage(packageName); 1293 if (pkg == null) { 1294 Log.w(TAG, "Unknown package:" + packageName); 1295 XmlUtils.skipCurrentTag(parser); 1296 continue; 1297 } 1298 1299 // The package must support runtime permissions 1300 if (!doesPackageSupportRuntimePermissions(pkg)) { 1301 Log.w(TAG, "Skipping non supporting runtime permissions package:" 1302 + packageName); 1303 XmlUtils.skipCurrentTag(parser); 1304 continue; 1305 } 1306 packageExceptions = new ArrayList<>(); 1307 outGrantExceptions.put(packageName, packageExceptions); 1308 } 1309 1310 parsePermission(parser, packageExceptions); 1311 } else { 1312 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exceptions>"); 1313 } 1314 } 1315 } 1316 1317 private void parsePermission(XmlPullParser parser, List<DefaultPermissionGrant> 1318 outPackageExceptions) throws IOException, XmlPullParserException { 1319 final int outerDepth = parser.getDepth(); 1320 int type; 1321 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1322 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1323 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1324 continue; 1325 } 1326 1327 if (TAG_PERMISSION.contains(parser.getName())) { 1328 String name = parser.getAttributeValue(null, ATTR_NAME); 1329 if (name == null) { 1330 Log.w(TAG, "Mandatory name attribute missing for permission tag"); 1331 XmlUtils.skipCurrentTag(parser); 1332 continue; 1333 } 1334 1335 final boolean fixed = XmlUtils.readBooleanAttribute(parser, ATTR_FIXED); 1336 1337 DefaultPermissionGrant exception = new DefaultPermissionGrant(name, fixed); 1338 outPackageExceptions.add(exception); 1339 } else { 1340 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exception>"); 1341 } 1342 } 1343 } 1344 1345 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) { 1346 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1; 1347 } 1348 1349 private static final class DefaultPermissionGrant { 1350 final String name; 1351 final boolean fixed; 1352 1353 public DefaultPermissionGrant(String name, boolean fixed) { 1354 this.name = name; 1355 this.fixed = fixed; 1356 } 1357 } 1358} 1359