DefaultPermissionGrantPolicy.java revision 27067df9aa05df825bccc11fa3e3fc5be451944d
1/* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.pm.permission; 18 19import android.Manifest; 20import android.annotation.NonNull; 21import android.annotation.Nullable; 22import android.app.ActivityManager; 23import android.app.DownloadManager; 24import android.app.admin.DevicePolicyManager; 25import android.companion.CompanionDeviceManager; 26import android.content.Context; 27import android.content.Intent; 28import android.content.pm.ActivityInfo; 29import android.content.pm.ApplicationInfo; 30import android.content.pm.IPackageManager; 31import android.content.pm.PackageManager; 32import android.content.pm.PackageManagerInternal; 33import android.content.pm.PackageParser; 34import android.content.pm.ProviderInfo; 35import android.content.pm.ResolveInfo; 36import android.content.pm.PackageManagerInternal.PackagesProvider; 37import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider; 38import android.media.RingtoneManager; 39import android.net.Uri; 40import android.os.Binder; 41import android.os.Build; 42import android.os.Environment; 43import android.os.Handler; 44import android.os.Looper; 45import android.os.Message; 46import android.os.UserHandle; 47import android.os.storage.StorageManager; 48import android.print.PrintManager; 49import android.provider.CalendarContract; 50import android.provider.ContactsContract; 51import android.provider.MediaStore; 52import android.provider.Telephony.Sms.Intents; 53import android.telephony.TelephonyManager; 54import android.security.Credentials; 55import android.util.ArrayMap; 56import android.util.ArraySet; 57import android.util.Log; 58import android.util.Slog; 59import android.util.Xml; 60import com.android.internal.util.XmlUtils; 61import com.android.server.LocalServices; 62import com.android.server.pm.PackageManagerService; 63import com.android.server.pm.PackageSetting; 64 65import org.xmlpull.v1.XmlPullParser; 66import org.xmlpull.v1.XmlPullParserException; 67 68import java.io.BufferedInputStream; 69import java.io.File; 70import java.io.FileInputStream; 71import java.io.IOException; 72import java.io.InputStream; 73import java.util.ArrayList; 74import java.util.Collection; 75import java.util.Collections; 76import java.util.List; 77import java.util.Map; 78import java.util.Set; 79 80import static android.os.Process.FIRST_APPLICATION_UID; 81 82/** 83 * This class is the policy for granting runtime permissions to 84 * platform components and default handlers in the system such 85 * that the device is usable out-of-the-box. For example, the 86 * shell UID is a part of the system and the Phone app should 87 * have phone related permission by default. 88 * <p> 89 * NOTE: This class is at the wrong abstraction level. It is a part of the package manager 90 * service but knows about lots of higher level subsystems. The correct way to do this is 91 * to have an interface defined in the package manager but have the impl next to other 92 * policy stuff like PhoneWindowManager 93 */ 94public final class DefaultPermissionGrantPolicy { 95 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars 96 private static final boolean DEBUG = false; 97 98 private static final int DEFAULT_FLAGS = 99 PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE 100 | PackageManager.MATCH_UNINSTALLED_PACKAGES; 101 102 private static final String AUDIO_MIME_TYPE = "audio/mpeg"; 103 104 private static final String TAG_EXCEPTIONS = "exceptions"; 105 private static final String TAG_EXCEPTION = "exception"; 106 private static final String TAG_PERMISSION = "permission"; 107 private static final String ATTR_PACKAGE = "package"; 108 private static final String ATTR_NAME = "name"; 109 private static final String ATTR_FIXED = "fixed"; 110 111 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>(); 112 static { 113 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE); 114 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE); 115 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG); 116 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG); 117 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL); 118 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP); 119 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS); 120 } 121 122 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>(); 123 static { 124 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS); 125 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS); 126 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS); 127 } 128 129 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>(); 130 static { 131 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION); 132 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION); 133 } 134 135 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>(); 136 static { 137 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR); 138 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR); 139 } 140 141 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>(); 142 static { 143 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS); 144 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS); 145 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS); 146 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH); 147 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS); 148 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS); 149 } 150 151 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>(); 152 static { 153 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO); 154 } 155 156 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>(); 157 static { 158 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA); 159 } 160 161 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>(); 162 static { 163 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS); 164 } 165 166 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>(); 167 static { 168 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE); 169 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE); 170 } 171 172 private static final int MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS = 1; 173 174 private static final String ACTION_TRACK = "com.android.fitness.TRACK"; 175 176 private final Handler mHandler; 177 178 private PackagesProvider mLocationPackagesProvider; 179 private PackagesProvider mVoiceInteractionPackagesProvider; 180 private PackagesProvider mSmsAppPackagesProvider; 181 private PackagesProvider mDialerAppPackagesProvider; 182 private PackagesProvider mSimCallManagerPackagesProvider; 183 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider; 184 185 private ArrayMap<String, List<DefaultPermissionGrant>> mGrantExceptions; 186 private final Context mContext; 187 private final Object mLock = new Object(); 188 private final PackageManagerInternal mServiceInternal; 189 private final PermissionManagerService mPermissionManager; 190 private final DefaultPermissionGrantedCallback mPermissionGrantedCallback; 191 public interface DefaultPermissionGrantedCallback { 192 /** Callback when permissions have been granted */ 193 public void onDefaultRuntimePermissionsGranted(int userId); 194 } 195 196 public DefaultPermissionGrantPolicy(Context context, Looper looper, 197 @Nullable DefaultPermissionGrantedCallback callback, 198 @NonNull PermissionManagerService permissionManager) { 199 mContext = context; 200 mHandler = new Handler(looper) { 201 @Override 202 public void handleMessage(Message msg) { 203 if (msg.what == MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS) { 204 synchronized (mLock) { 205 if (mGrantExceptions == null) { 206 mGrantExceptions = readDefaultPermissionExceptionsLocked(); 207 } 208 } 209 } 210 } 211 }; 212 mPermissionGrantedCallback = callback; 213 mPermissionManager = permissionManager; 214 mServiceInternal = LocalServices.getService(PackageManagerInternal.class); 215 } 216 217 public void setLocationPackagesProvider(PackagesProvider provider) { 218 synchronized (mLock) { 219 mLocationPackagesProvider = provider; 220 } 221 } 222 223 public void setVoiceInteractionPackagesProvider(PackagesProvider provider) { 224 synchronized (mLock) { 225 mVoiceInteractionPackagesProvider = provider; 226 } 227 } 228 229 public void setSmsAppPackagesProvider(PackagesProvider provider) { 230 synchronized (mLock) { 231 mSmsAppPackagesProvider = provider; 232 } 233 } 234 235 public void setDialerAppPackagesProvider(PackagesProvider provider) { 236 synchronized (mLock) { 237 mDialerAppPackagesProvider = provider; 238 } 239 } 240 241 public void setSimCallManagerPackagesProvider(PackagesProvider provider) { 242 synchronized (mLock) { 243 mSimCallManagerPackagesProvider = provider; 244 } 245 } 246 247 public void setSyncAdapterPackagesProvider(SyncAdapterPackagesProvider provider) { 248 synchronized (mLock) { 249 mSyncAdapterPackagesProvider = provider; 250 } 251 } 252 253 public void grantDefaultPermissions(Collection<PackageParser.Package> packages, int userId) { 254 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) { 255 grantAllRuntimePermissions(packages, userId); 256 } else { 257 grantPermissionsToSysComponentsAndPrivApps(packages, userId); 258 grantDefaultSystemHandlerPermissions(userId); 259 grantDefaultPermissionExceptions(userId); 260 } 261 } 262 263 private void grantRuntimePermissionsForPackage(int userId, PackageParser.Package pkg) { 264 Set<String> permissions = new ArraySet<>(); 265 for (String permission : pkg.requestedPermissions) { 266 final BasePermission bp = mPermissionManager.getPermission(permission); 267 if (bp == null) { 268 continue; 269 } 270 if (bp.isRuntime()) { 271 permissions.add(permission); 272 } 273 } 274 if (!permissions.isEmpty()) { 275 grantRuntimePermissions(pkg, permissions, true, userId); 276 } 277 } 278 279 private void grantAllRuntimePermissions( 280 Collection<PackageParser.Package> packages, int userId) { 281 Log.i(TAG, "Granting all runtime permissions for user " + userId); 282 for (PackageParser.Package pkg : packages) { 283 grantRuntimePermissionsForPackage(userId, pkg); 284 } 285 } 286 287 public void scheduleReadDefaultPermissionExceptions() { 288 mHandler.sendEmptyMessage(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS); 289 } 290 291 private void grantPermissionsToSysComponentsAndPrivApps( 292 Collection<PackageParser.Package> packages, int userId) { 293 Log.i(TAG, "Granting permissions to platform components for user " + userId); 294 for (PackageParser.Package pkg : packages) { 295 if (!isSysComponentOrPersistentPlatformSignedPrivApp(pkg) 296 || !doesPackageSupportRuntimePermissions(pkg) 297 || pkg.requestedPermissions.isEmpty()) { 298 continue; 299 } 300 grantRuntimePermissionsForPackage(userId, pkg); 301 } 302 } 303 304 private void grantDefaultSystemHandlerPermissions(int userId) { 305 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId); 306 307 final PackagesProvider locationPackagesProvider; 308 final PackagesProvider voiceInteractionPackagesProvider; 309 final PackagesProvider smsAppPackagesProvider; 310 final PackagesProvider dialerAppPackagesProvider; 311 final PackagesProvider simCallManagerPackagesProvider; 312 final SyncAdapterPackagesProvider syncAdapterPackagesProvider; 313 314 synchronized (mLock) { 315 locationPackagesProvider = mLocationPackagesProvider; 316 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider; 317 smsAppPackagesProvider = mSmsAppPackagesProvider; 318 dialerAppPackagesProvider = mDialerAppPackagesProvider; 319 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider; 320 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider; 321 } 322 323 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null) 324 ? voiceInteractionPackagesProvider.getPackages(userId) : null; 325 String[] locationPackageNames = (locationPackagesProvider != null) 326 ? locationPackagesProvider.getPackages(userId) : null; 327 String[] smsAppPackageNames = (smsAppPackagesProvider != null) 328 ? smsAppPackagesProvider.getPackages(userId) : null; 329 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null) 330 ? dialerAppPackagesProvider.getPackages(userId) : null; 331 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null) 332 ? simCallManagerPackagesProvider.getPackages(userId) : null; 333 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 334 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null; 335 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 336 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null; 337 338 // Installer 339 final String installerPackageName = mServiceInternal.getKnownPackageName( 340 PackageManagerInternal.PACKAGE_INSTALLER, userId); 341 PackageParser.Package installerPackage = getSystemPackage(installerPackageName); 342 if (installerPackage != null 343 && doesPackageSupportRuntimePermissions(installerPackage)) { 344 grantRuntimePermissions(installerPackage, STORAGE_PERMISSIONS, true, userId); 345 } 346 347 // Verifier 348 final String verifierPackageName = mServiceInternal.getKnownPackageName( 349 PackageManagerInternal.PACKAGE_VERIFIER, userId); 350 PackageParser.Package verifierPackage = getSystemPackage(verifierPackageName); 351 if (verifierPackage != null 352 && doesPackageSupportRuntimePermissions(verifierPackage)) { 353 grantRuntimePermissions(verifierPackage, STORAGE_PERMISSIONS, true, userId); 354 grantRuntimePermissions(verifierPackage, PHONE_PERMISSIONS, false, userId); 355 grantRuntimePermissions(verifierPackage, SMS_PERMISSIONS, false, userId); 356 } 357 358 // SetupWizard 359 final String setupWizardPackageName = mServiceInternal.getKnownPackageName( 360 PackageManagerInternal.PACKAGE_SETUP_WIZARD, userId); 361 PackageParser.Package setupPackage = getSystemPackage(setupWizardPackageName); 362 if (setupPackage != null 363 && doesPackageSupportRuntimePermissions(setupPackage)) { 364 grantRuntimePermissions(setupPackage, PHONE_PERMISSIONS, userId); 365 grantRuntimePermissions(setupPackage, CONTACTS_PERMISSIONS, userId); 366 grantRuntimePermissions(setupPackage, LOCATION_PERMISSIONS, userId); 367 grantRuntimePermissions(setupPackage, CAMERA_PERMISSIONS, userId); 368 } 369 370 // Camera 371 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE); 372 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackage( 373 cameraIntent, userId); 374 if (cameraPackage != null 375 && doesPackageSupportRuntimePermissions(cameraPackage)) { 376 grantRuntimePermissions(cameraPackage, CAMERA_PERMISSIONS, userId); 377 grantRuntimePermissions(cameraPackage, MICROPHONE_PERMISSIONS, userId); 378 grantRuntimePermissions(cameraPackage, STORAGE_PERMISSIONS, userId); 379 } 380 381 // Media provider 382 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackage( 383 MediaStore.AUTHORITY, userId); 384 if (mediaStorePackage != null) { 385 grantRuntimePermissions(mediaStorePackage, STORAGE_PERMISSIONS, true, userId); 386 grantRuntimePermissions(mediaStorePackage, PHONE_PERMISSIONS, true, userId); 387 } 388 389 // Downloads provider 390 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackage( 391 "downloads", userId); 392 if (downloadsPackage != null) { 393 grantRuntimePermissions(downloadsPackage, STORAGE_PERMISSIONS, true, userId); 394 } 395 396 // Downloads UI 397 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS); 398 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackage( 399 downloadsUiIntent, userId); 400 if (downloadsUiPackage != null 401 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) { 402 grantRuntimePermissions(downloadsUiPackage, STORAGE_PERMISSIONS, true, userId); 403 } 404 405 // Storage provider 406 PackageParser.Package storagePackage = getDefaultProviderAuthorityPackage( 407 "com.android.externalstorage.documents", userId); 408 if (storagePackage != null) { 409 grantRuntimePermissions(storagePackage, STORAGE_PERMISSIONS, true, userId); 410 } 411 412 // CertInstaller 413 Intent certInstallerIntent = new Intent(Credentials.INSTALL_ACTION); 414 PackageParser.Package certInstallerPackage = getDefaultSystemHandlerActivityPackage( 415 certInstallerIntent, userId); 416 if (certInstallerPackage != null 417 && doesPackageSupportRuntimePermissions(certInstallerPackage)) { 418 grantRuntimePermissions(certInstallerPackage, STORAGE_PERMISSIONS, true, userId); 419 } 420 421 // Dialer 422 if (dialerAppPackageNames == null) { 423 Intent dialerIntent = new Intent(Intent.ACTION_DIAL); 424 PackageParser.Package dialerPackage = getDefaultSystemHandlerActivityPackage( 425 dialerIntent, userId); 426 if (dialerPackage != null) { 427 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId); 428 } 429 } else { 430 for (String dialerAppPackageName : dialerAppPackageNames) { 431 PackageParser.Package dialerPackage = getSystemPackage(dialerAppPackageName); 432 if (dialerPackage != null) { 433 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId); 434 } 435 } 436 } 437 438 // Sim call manager 439 if (simCallManagerPackageNames != null) { 440 for (String simCallManagerPackageName : simCallManagerPackageNames) { 441 PackageParser.Package simCallManagerPackage = 442 getSystemPackage(simCallManagerPackageName); 443 if (simCallManagerPackage != null) { 444 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage, 445 userId); 446 } 447 } 448 } 449 450 // SMS 451 if (smsAppPackageNames == null) { 452 Intent smsIntent = new Intent(Intent.ACTION_MAIN); 453 smsIntent.addCategory(Intent.CATEGORY_APP_MESSAGING); 454 PackageParser.Package smsPackage = getDefaultSystemHandlerActivityPackage( 455 smsIntent, userId); 456 if (smsPackage != null) { 457 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId); 458 } 459 } else { 460 for (String smsPackageName : smsAppPackageNames) { 461 PackageParser.Package smsPackage = getSystemPackage(smsPackageName); 462 if (smsPackage != null) { 463 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId); 464 } 465 } 466 } 467 468 // Cell Broadcast Receiver 469 Intent cbrIntent = new Intent(Intents.SMS_CB_RECEIVED_ACTION); 470 PackageParser.Package cbrPackage = 471 getDefaultSystemHandlerActivityPackage(cbrIntent, userId); 472 if (cbrPackage != null && doesPackageSupportRuntimePermissions(cbrPackage)) { 473 grantRuntimePermissions(cbrPackage, SMS_PERMISSIONS, userId); 474 } 475 476 // Carrier Provisioning Service 477 Intent carrierProvIntent = new Intent(Intents.SMS_CARRIER_PROVISION_ACTION); 478 PackageParser.Package carrierProvPackage = 479 getDefaultSystemHandlerServicePackage(carrierProvIntent, userId); 480 if (carrierProvPackage != null 481 && doesPackageSupportRuntimePermissions(carrierProvPackage)) { 482 grantRuntimePermissions(carrierProvPackage, SMS_PERMISSIONS, false, userId); 483 } 484 485 // Calendar 486 Intent calendarIntent = new Intent(Intent.ACTION_MAIN); 487 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR); 488 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackage( 489 calendarIntent, userId); 490 if (calendarPackage != null 491 && doesPackageSupportRuntimePermissions(calendarPackage)) { 492 grantRuntimePermissions(calendarPackage, CALENDAR_PERMISSIONS, userId); 493 grantRuntimePermissions(calendarPackage, CONTACTS_PERMISSIONS, userId); 494 } 495 496 // Calendar provider 497 PackageParser.Package calendarProviderPackage = getDefaultProviderAuthorityPackage( 498 CalendarContract.AUTHORITY, userId); 499 if (calendarProviderPackage != null) { 500 grantRuntimePermissions(calendarProviderPackage, CONTACTS_PERMISSIONS, userId); 501 grantRuntimePermissions(calendarProviderPackage, CALENDAR_PERMISSIONS, 502 true, userId); 503 grantRuntimePermissions(calendarProviderPackage, STORAGE_PERMISSIONS, userId); 504 } 505 506 // Calendar provider sync adapters 507 List<PackageParser.Package> calendarSyncAdapters = getHeadlessSyncAdapterPackages( 508 calendarSyncAdapterPackages, userId); 509 final int calendarSyncAdapterCount = calendarSyncAdapters.size(); 510 for (int i = 0; i < calendarSyncAdapterCount; i++) { 511 PackageParser.Package calendarSyncAdapter = calendarSyncAdapters.get(i); 512 if (doesPackageSupportRuntimePermissions(calendarSyncAdapter)) { 513 grantRuntimePermissions(calendarSyncAdapter, CALENDAR_PERMISSIONS, userId); 514 } 515 } 516 517 // Contacts 518 Intent contactsIntent = new Intent(Intent.ACTION_MAIN); 519 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS); 520 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackage( 521 contactsIntent, userId); 522 if (contactsPackage != null 523 && doesPackageSupportRuntimePermissions(contactsPackage)) { 524 grantRuntimePermissions(contactsPackage, CONTACTS_PERMISSIONS, userId); 525 grantRuntimePermissions(contactsPackage, PHONE_PERMISSIONS, userId); 526 } 527 528 // Contacts provider sync adapters 529 List<PackageParser.Package> contactsSyncAdapters = getHeadlessSyncAdapterPackages( 530 contactsSyncAdapterPackages, userId); 531 final int contactsSyncAdapterCount = contactsSyncAdapters.size(); 532 for (int i = 0; i < contactsSyncAdapterCount; i++) { 533 PackageParser.Package contactsSyncAdapter = contactsSyncAdapters.get(i); 534 if (doesPackageSupportRuntimePermissions(contactsSyncAdapter)) { 535 grantRuntimePermissions(contactsSyncAdapter, CONTACTS_PERMISSIONS, userId); 536 } 537 } 538 539 // Contacts provider 540 PackageParser.Package contactsProviderPackage = getDefaultProviderAuthorityPackage( 541 ContactsContract.AUTHORITY, userId); 542 if (contactsProviderPackage != null) { 543 grantRuntimePermissions(contactsProviderPackage, CONTACTS_PERMISSIONS, 544 true, userId); 545 grantRuntimePermissions(contactsProviderPackage, PHONE_PERMISSIONS, 546 true, userId); 547 grantRuntimePermissions(contactsProviderPackage, STORAGE_PERMISSIONS, userId); 548 } 549 550 // Device provisioning 551 Intent deviceProvisionIntent = new Intent( 552 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE); 553 PackageParser.Package deviceProvisionPackage = 554 getDefaultSystemHandlerActivityPackage(deviceProvisionIntent, userId); 555 if (deviceProvisionPackage != null 556 && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) { 557 grantRuntimePermissions(deviceProvisionPackage, CONTACTS_PERMISSIONS, userId); 558 } 559 560 // Maps 561 Intent mapsIntent = new Intent(Intent.ACTION_MAIN); 562 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS); 563 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackage( 564 mapsIntent, userId); 565 if (mapsPackage != null 566 && doesPackageSupportRuntimePermissions(mapsPackage)) { 567 grantRuntimePermissions(mapsPackage, LOCATION_PERMISSIONS, userId); 568 } 569 570 // Gallery 571 Intent galleryIntent = new Intent(Intent.ACTION_MAIN); 572 galleryIntent.addCategory(Intent.CATEGORY_APP_GALLERY); 573 PackageParser.Package galleryPackage = getDefaultSystemHandlerActivityPackage( 574 galleryIntent, userId); 575 if (galleryPackage != null 576 && doesPackageSupportRuntimePermissions(galleryPackage)) { 577 grantRuntimePermissions(galleryPackage, STORAGE_PERMISSIONS, userId); 578 } 579 580 // Email 581 Intent emailIntent = new Intent(Intent.ACTION_MAIN); 582 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL); 583 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackage( 584 emailIntent, userId); 585 if (emailPackage != null 586 && doesPackageSupportRuntimePermissions(emailPackage)) { 587 grantRuntimePermissions(emailPackage, CONTACTS_PERMISSIONS, userId); 588 grantRuntimePermissions(emailPackage, CALENDAR_PERMISSIONS, userId); 589 } 590 591 // Browser 592 PackageParser.Package browserPackage = null; 593 String defaultBrowserPackage = mServiceInternal.getKnownPackageName( 594 PackageManagerInternal.PACKAGE_BROWSER, userId); 595 if (defaultBrowserPackage != null) { 596 browserPackage = getPackage(defaultBrowserPackage); 597 } 598 if (browserPackage == null) { 599 Intent browserIntent = new Intent(Intent.ACTION_MAIN); 600 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER); 601 browserPackage = getDefaultSystemHandlerActivityPackage( 602 browserIntent, userId); 603 } 604 if (browserPackage != null 605 && doesPackageSupportRuntimePermissions(browserPackage)) { 606 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, userId); 607 } 608 609 // Voice interaction 610 if (voiceInteractPackageNames != null) { 611 for (String voiceInteractPackageName : voiceInteractPackageNames) { 612 PackageParser.Package voiceInteractPackage = getSystemPackage( 613 voiceInteractPackageName); 614 if (voiceInteractPackage != null 615 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) { 616 grantRuntimePermissions(voiceInteractPackage, 617 CONTACTS_PERMISSIONS, userId); 618 grantRuntimePermissions(voiceInteractPackage, 619 CALENDAR_PERMISSIONS, userId); 620 grantRuntimePermissions(voiceInteractPackage, 621 MICROPHONE_PERMISSIONS, userId); 622 grantRuntimePermissions(voiceInteractPackage, 623 PHONE_PERMISSIONS, userId); 624 grantRuntimePermissions(voiceInteractPackage, 625 SMS_PERMISSIONS, userId); 626 grantRuntimePermissions(voiceInteractPackage, 627 LOCATION_PERMISSIONS, userId); 628 } 629 } 630 } 631 632 if (ActivityManager.isLowRamDeviceStatic()) { 633 // Allow voice search on low-ram devices 634 Intent globalSearchIntent = new Intent("android.search.action.GLOBAL_SEARCH"); 635 PackageParser.Package globalSearchPickerPackage = 636 getDefaultSystemHandlerActivityPackage(globalSearchIntent, userId); 637 638 if (globalSearchPickerPackage != null 639 && doesPackageSupportRuntimePermissions(globalSearchPickerPackage)) { 640 grantRuntimePermissions(globalSearchPickerPackage, 641 MICROPHONE_PERMISSIONS, true, userId); 642 grantRuntimePermissions(globalSearchPickerPackage, 643 LOCATION_PERMISSIONS, true, userId); 644 } 645 } 646 647 // Voice recognition 648 Intent voiceRecoIntent = new Intent("android.speech.RecognitionService"); 649 voiceRecoIntent.addCategory(Intent.CATEGORY_DEFAULT); 650 PackageParser.Package voiceRecoPackage = getDefaultSystemHandlerServicePackage( 651 voiceRecoIntent, userId); 652 if (voiceRecoPackage != null 653 && doesPackageSupportRuntimePermissions(voiceRecoPackage)) { 654 grantRuntimePermissions(voiceRecoPackage, MICROPHONE_PERMISSIONS, userId); 655 } 656 657 // Location 658 if (locationPackageNames != null) { 659 for (String packageName : locationPackageNames) { 660 PackageParser.Package locationPackage = getSystemPackage(packageName); 661 if (locationPackage != null 662 && doesPackageSupportRuntimePermissions(locationPackage)) { 663 grantRuntimePermissions(locationPackage, CONTACTS_PERMISSIONS, userId); 664 grantRuntimePermissions(locationPackage, CALENDAR_PERMISSIONS, userId); 665 grantRuntimePermissions(locationPackage, MICROPHONE_PERMISSIONS, userId); 666 grantRuntimePermissions(locationPackage, PHONE_PERMISSIONS, userId); 667 grantRuntimePermissions(locationPackage, SMS_PERMISSIONS, userId); 668 grantRuntimePermissions(locationPackage, LOCATION_PERMISSIONS, 669 true, userId); 670 grantRuntimePermissions(locationPackage, CAMERA_PERMISSIONS, userId); 671 grantRuntimePermissions(locationPackage, SENSORS_PERMISSIONS, userId); 672 grantRuntimePermissions(locationPackage, STORAGE_PERMISSIONS, userId); 673 } 674 } 675 } 676 677 // Music 678 Intent musicIntent = new Intent(Intent.ACTION_VIEW); 679 musicIntent.addCategory(Intent.CATEGORY_DEFAULT); 680 musicIntent.setDataAndType(Uri.fromFile(new File("foo.mp3")), 681 AUDIO_MIME_TYPE); 682 PackageParser.Package musicPackage = getDefaultSystemHandlerActivityPackage( 683 musicIntent, userId); 684 if (musicPackage != null 685 && doesPackageSupportRuntimePermissions(musicPackage)) { 686 grantRuntimePermissions(musicPackage, STORAGE_PERMISSIONS, userId); 687 } 688 689 // Home 690 Intent homeIntent = new Intent(Intent.ACTION_MAIN); 691 homeIntent.addCategory(Intent.CATEGORY_HOME); 692 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER_APP); 693 PackageParser.Package homePackage = getDefaultSystemHandlerActivityPackage( 694 homeIntent, userId); 695 if (homePackage != null 696 && doesPackageSupportRuntimePermissions(homePackage)) { 697 grantRuntimePermissions(homePackage, LOCATION_PERMISSIONS, false, userId); 698 } 699 700 // Watches 701 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0)) { 702 // Home application on watches 703 Intent wearHomeIntent = new Intent(Intent.ACTION_MAIN); 704 wearHomeIntent.addCategory(Intent.CATEGORY_HOME_MAIN); 705 706 PackageParser.Package wearHomePackage = getDefaultSystemHandlerActivityPackage( 707 wearHomeIntent, userId); 708 709 if (wearHomePackage != null 710 && doesPackageSupportRuntimePermissions(wearHomePackage)) { 711 grantRuntimePermissions(wearHomePackage, CONTACTS_PERMISSIONS, false, 712 userId); 713 grantRuntimePermissions(wearHomePackage, PHONE_PERMISSIONS, true, userId); 714 grantRuntimePermissions(wearHomePackage, MICROPHONE_PERMISSIONS, false, 715 userId); 716 grantRuntimePermissions(wearHomePackage, LOCATION_PERMISSIONS, false, 717 userId); 718 } 719 720 // Fitness tracking on watches 721 Intent trackIntent = new Intent(ACTION_TRACK); 722 PackageParser.Package trackPackage = getDefaultSystemHandlerActivityPackage( 723 trackIntent, userId); 724 if (trackPackage != null 725 && doesPackageSupportRuntimePermissions(trackPackage)) { 726 grantRuntimePermissions(trackPackage, SENSORS_PERMISSIONS, false, userId); 727 grantRuntimePermissions(trackPackage, LOCATION_PERMISSIONS, false, userId); 728 } 729 } 730 731 // Print Spooler 732 PackageParser.Package printSpoolerPackage = getSystemPackage( 733 PrintManager.PRINT_SPOOLER_PACKAGE_NAME); 734 if (printSpoolerPackage != null 735 && doesPackageSupportRuntimePermissions(printSpoolerPackage)) { 736 grantRuntimePermissions(printSpoolerPackage, LOCATION_PERMISSIONS, true, userId); 737 } 738 739 // EmergencyInfo 740 Intent emergencyInfoIntent = new Intent(TelephonyManager.ACTION_EMERGENCY_ASSISTANCE); 741 PackageParser.Package emergencyInfoPckg = getDefaultSystemHandlerActivityPackage( 742 emergencyInfoIntent, userId); 743 if (emergencyInfoPckg != null 744 && doesPackageSupportRuntimePermissions(emergencyInfoPckg)) { 745 grantRuntimePermissions(emergencyInfoPckg, CONTACTS_PERMISSIONS, true, userId); 746 grantRuntimePermissions(emergencyInfoPckg, PHONE_PERMISSIONS, true, userId); 747 } 748 749 // NFC Tag viewer 750 Intent nfcTagIntent = new Intent(Intent.ACTION_VIEW); 751 nfcTagIntent.setType("vnd.android.cursor.item/ndef_msg"); 752 PackageParser.Package nfcTagPkg = getDefaultSystemHandlerActivityPackage( 753 nfcTagIntent, userId); 754 if (nfcTagPkg != null 755 && doesPackageSupportRuntimePermissions(nfcTagPkg)) { 756 grantRuntimePermissions(nfcTagPkg, CONTACTS_PERMISSIONS, false, userId); 757 grantRuntimePermissions(nfcTagPkg, PHONE_PERMISSIONS, false, userId); 758 } 759 760 // Storage Manager 761 Intent storageManagerIntent = new Intent(StorageManager.ACTION_MANAGE_STORAGE); 762 PackageParser.Package storageManagerPckg = getDefaultSystemHandlerActivityPackage( 763 storageManagerIntent, userId); 764 if (storageManagerPckg != null 765 && doesPackageSupportRuntimePermissions(storageManagerPckg)) { 766 grantRuntimePermissions(storageManagerPckg, STORAGE_PERMISSIONS, true, userId); 767 } 768 769 // Companion devices 770 PackageParser.Package companionDeviceDiscoveryPackage = getSystemPackage( 771 CompanionDeviceManager.COMPANION_DEVICE_DISCOVERY_PACKAGE_NAME); 772 if (companionDeviceDiscoveryPackage != null 773 && doesPackageSupportRuntimePermissions(companionDeviceDiscoveryPackage)) { 774 grantRuntimePermissions(companionDeviceDiscoveryPackage, 775 LOCATION_PERMISSIONS, true, userId); 776 } 777 778 // Ringtone Picker 779 Intent ringtonePickerIntent = new Intent(RingtoneManager.ACTION_RINGTONE_PICKER); 780 PackageParser.Package ringtonePickerPackage = 781 getDefaultSystemHandlerActivityPackage(ringtonePickerIntent, userId); 782 if (ringtonePickerPackage != null 783 && doesPackageSupportRuntimePermissions(ringtonePickerPackage)) { 784 grantRuntimePermissions(ringtonePickerPackage, 785 STORAGE_PERMISSIONS, true, userId); 786 } 787 788 if (mPermissionGrantedCallback != null) { 789 mPermissionGrantedCallback.onDefaultRuntimePermissionsGranted(userId); 790 } 791 } 792 793 private void grantDefaultPermissionsToDefaultSystemDialerApp( 794 PackageParser.Package dialerPackage, int userId) { 795 if (doesPackageSupportRuntimePermissions(dialerPackage)) { 796 boolean isPhonePermFixed = 797 mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0); 798 grantRuntimePermissions( 799 dialerPackage, PHONE_PERMISSIONS, isPhonePermFixed, userId); 800 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, userId); 801 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, userId); 802 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, userId); 803 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, userId); 804 } 805 } 806 807 private void grantDefaultPermissionsToDefaultSystemSmsApp( 808 PackageParser.Package smsPackage, int userId) { 809 if (doesPackageSupportRuntimePermissions(smsPackage)) { 810 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, userId); 811 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, userId); 812 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, userId); 813 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, userId); 814 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, userId); 815 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, userId); 816 } 817 } 818 819 public void grantDefaultPermissionsToDefaultSmsApp(String packageName, int userId) { 820 Log.i(TAG, "Granting permissions to default sms app for user:" + userId); 821 if (packageName == null) { 822 return; 823 } 824 PackageParser.Package smsPackage = getPackage(packageName); 825 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) { 826 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, false, true, userId); 827 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, false, true, userId); 828 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, false, true, userId); 829 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, false, true, userId); 830 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, false, true, userId); 831 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, false, true, userId); 832 } 833 } 834 835 public void grantDefaultPermissionsToDefaultDialerApp(String packageName, int userId) { 836 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId); 837 if (packageName == null) { 838 return; 839 } 840 PackageParser.Package dialerPackage = getPackage(packageName); 841 if (dialerPackage != null 842 && doesPackageSupportRuntimePermissions(dialerPackage)) { 843 grantRuntimePermissions(dialerPackage, PHONE_PERMISSIONS, false, true, userId); 844 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, false, true, userId); 845 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, false, true, userId); 846 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, false, true, userId); 847 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, false, true, userId); 848 } 849 } 850 851 private void grantDefaultPermissionsToDefaultSimCallManager( 852 PackageParser.Package simCallManagerPackage, int userId) { 853 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId); 854 if (doesPackageSupportRuntimePermissions(simCallManagerPackage)) { 855 grantRuntimePermissions(simCallManagerPackage, PHONE_PERMISSIONS, userId); 856 grantRuntimePermissions(simCallManagerPackage, MICROPHONE_PERMISSIONS, userId); 857 } 858 } 859 860 public void grantDefaultPermissionsToDefaultSimCallManager(String packageName, int userId) { 861 if (packageName == null) { 862 return; 863 } 864 PackageParser.Package simCallManagerPackage = getPackage(packageName); 865 if (simCallManagerPackage != null) { 866 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage, userId); 867 } 868 } 869 870 public void grantDefaultPermissionsToEnabledCarrierApps(String[] packageNames, int userId) { 871 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId); 872 if (packageNames == null) { 873 return; 874 } 875 for (String packageName : packageNames) { 876 PackageParser.Package carrierPackage = getSystemPackage(packageName); 877 if (carrierPackage != null 878 && doesPackageSupportRuntimePermissions(carrierPackage)) { 879 grantRuntimePermissions(carrierPackage, PHONE_PERMISSIONS, userId); 880 grantRuntimePermissions(carrierPackage, LOCATION_PERMISSIONS, userId); 881 grantRuntimePermissions(carrierPackage, SMS_PERMISSIONS, userId); 882 } 883 } 884 } 885 886 public void grantDefaultPermissionsToEnabledImsServices(String[] packageNames, int userId) { 887 Log.i(TAG, "Granting permissions to enabled ImsServices for user:" + userId); 888 if (packageNames == null) { 889 return; 890 } 891 for (String packageName : packageNames) { 892 PackageParser.Package imsServicePackage = getSystemPackage(packageName); 893 if (imsServicePackage != null 894 && doesPackageSupportRuntimePermissions(imsServicePackage)) { 895 grantRuntimePermissions(imsServicePackage, PHONE_PERMISSIONS, userId); 896 grantRuntimePermissions(imsServicePackage, MICROPHONE_PERMISSIONS, userId); 897 grantRuntimePermissions(imsServicePackage, LOCATION_PERMISSIONS, userId); 898 grantRuntimePermissions(imsServicePackage, CAMERA_PERMISSIONS, userId); 899 } 900 } 901 } 902 903 public void grantDefaultPermissionsToDefaultBrowser(String packageName, int userId) { 904 Log.i(TAG, "Granting permissions to default browser for user:" + userId); 905 if (packageName == null) { 906 return; 907 } 908 PackageParser.Package browserPackage = getSystemPackage(packageName); 909 if (browserPackage != null 910 && doesPackageSupportRuntimePermissions(browserPackage)) { 911 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, false, false, userId); 912 } 913 } 914 915 private PackageParser.Package getDefaultSystemHandlerActivityPackage( 916 Intent intent, int userId) { 917 ResolveInfo handler = mServiceInternal.resolveIntent(intent, 918 intent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS, userId, false); 919 if (handler == null || handler.activityInfo == null) { 920 return null; 921 } 922 if (mServiceInternal.isResolveActivityComponent(handler.activityInfo)) { 923 return null; 924 } 925 return getSystemPackage(handler.activityInfo.packageName); 926 } 927 928 private PackageParser.Package getDefaultSystemHandlerServicePackage( 929 Intent intent, int userId) { 930 List<ResolveInfo> handlers = mServiceInternal.queryIntentServices( 931 intent, DEFAULT_FLAGS, Binder.getCallingUid(), userId); 932 if (handlers == null) { 933 return null; 934 } 935 final int handlerCount = handlers.size(); 936 for (int i = 0; i < handlerCount; i++) { 937 ResolveInfo handler = handlers.get(i); 938 PackageParser.Package handlerPackage = getSystemPackage( 939 handler.serviceInfo.packageName); 940 if (handlerPackage != null) { 941 return handlerPackage; 942 } 943 } 944 return null; 945 } 946 947 private List<PackageParser.Package> getHeadlessSyncAdapterPackages( 948 String[] syncAdapterPackageNames, int userId) { 949 List<PackageParser.Package> syncAdapterPackages = new ArrayList<>(); 950 951 Intent homeIntent = new Intent(Intent.ACTION_MAIN); 952 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER); 953 954 for (String syncAdapterPackageName : syncAdapterPackageNames) { 955 homeIntent.setPackage(syncAdapterPackageName); 956 957 ResolveInfo homeActivity = mServiceInternal.resolveIntent(homeIntent, 958 homeIntent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS, 959 userId, false); 960 if (homeActivity != null) { 961 continue; 962 } 963 964 PackageParser.Package syncAdapterPackage = getSystemPackage(syncAdapterPackageName); 965 if (syncAdapterPackage != null) { 966 syncAdapterPackages.add(syncAdapterPackage); 967 } 968 } 969 970 return syncAdapterPackages; 971 } 972 973 private PackageParser.Package getDefaultProviderAuthorityPackage( 974 String authority, int userId) { 975 ProviderInfo provider = 976 mServiceInternal.resolveContentProvider(authority, DEFAULT_FLAGS, userId); 977 if (provider != null) { 978 return getSystemPackage(provider.packageName); 979 } 980 return null; 981 } 982 983 private PackageParser.Package getPackage(String packageName) { 984 return mServiceInternal.getPackage(packageName); 985 } 986 987 private PackageParser.Package getSystemPackage(String packageName) { 988 PackageParser.Package pkg = getPackage(packageName); 989 if (pkg != null && pkg.isSystemApp()) { 990 return !isSysComponentOrPersistentPlatformSignedPrivApp(pkg) ? pkg : null; 991 } 992 return null; 993 } 994 995 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions, 996 int userId) { 997 grantRuntimePermissions(pkg, permissions, false, false, userId); 998 } 999 1000 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions, 1001 boolean systemFixed, int userId) { 1002 grantRuntimePermissions(pkg, permissions, systemFixed, false, userId); 1003 } 1004 1005 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions, 1006 boolean systemFixed, boolean isDefaultPhoneOrSms, int userId) { 1007 if (pkg.requestedPermissions.isEmpty()) { 1008 return; 1009 } 1010 1011 List<String> requestedPermissions = pkg.requestedPermissions; 1012 Set<String> grantablePermissions = null; 1013 1014 // If this is the default Phone or SMS app we grant permissions regardless 1015 // whether the version on the system image declares the permission as used since 1016 // selecting the app as the default Phone or SMS the user makes a deliberate 1017 // choice to grant this app the permissions needed to function. For all other 1018 // apps, (default grants on first boot and user creation) we don't grant default 1019 // permissions if the version on the system image does not declare them. 1020 if (!isDefaultPhoneOrSms && pkg.isUpdatedSystemApp()) { 1021 final PackageParser.Package disabledPkg = 1022 mServiceInternal.getDisabledPackage(pkg.packageName); 1023 if (disabledPkg != null) { 1024 if (disabledPkg.requestedPermissions.isEmpty()) { 1025 return; 1026 } 1027 if (!requestedPermissions.equals(disabledPkg.requestedPermissions)) { 1028 grantablePermissions = new ArraySet<>(requestedPermissions); 1029 requestedPermissions = disabledPkg.requestedPermissions; 1030 } 1031 } 1032 } 1033 1034 final int grantablePermissionCount = requestedPermissions.size(); 1035 for (int i = 0; i < grantablePermissionCount; i++) { 1036 String permission = requestedPermissions.get(i); 1037 1038 // If there is a disabled system app it may request a permission the updated 1039 // version ot the data partition doesn't, In this case skip the permission. 1040 if (grantablePermissions != null && !grantablePermissions.contains(permission)) { 1041 continue; 1042 } 1043 1044 if (permissions.contains(permission)) { 1045 final int flags = mServiceInternal.getPermissionFlagsTEMP( 1046 permission, pkg.packageName, userId); 1047 1048 // If any flags are set to the permission, then it is either set in 1049 // its current state by the system or device/profile owner or the user. 1050 // In all these cases we do not want to clobber the current state. 1051 // Unless the caller wants to override user choices. The override is 1052 // to make sure we can grant the needed permission to the default 1053 // sms and phone apps after the user chooses this in the UI. 1054 if (flags == 0 || isDefaultPhoneOrSms) { 1055 // Never clobber policy or system. 1056 final int fixedFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED 1057 | PackageManager.FLAG_PERMISSION_POLICY_FIXED; 1058 if ((flags & fixedFlags) != 0) { 1059 continue; 1060 } 1061 1062 mServiceInternal.grantRuntimePermission( 1063 pkg.packageName, permission, userId, false); 1064 if (DEBUG) { 1065 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ") 1066 + permission + " to default handler " + pkg.packageName); 1067 } 1068 1069 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT; 1070 if (systemFixed) { 1071 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; 1072 } 1073 1074 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName, 1075 newFlags, newFlags, userId); 1076 } 1077 1078 // If a component gets a permission for being the default handler A 1079 // and also default handler B, we grant the weaker grant form. 1080 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0 1081 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 1082 && !systemFixed) { 1083 if (DEBUG) { 1084 Log.i(TAG, "Granted not fixed " + permission + " to default handler " 1085 + pkg.packageName); 1086 } 1087 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName, 1088 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, userId); 1089 } 1090 } 1091 } 1092 } 1093 1094 private boolean isSysComponentOrPersistentPlatformSignedPrivApp(PackageParser.Package pkg) { 1095 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) { 1096 return true; 1097 } 1098 if (!pkg.isPrivilegedApp()) { 1099 return false; 1100 } 1101 final PackageParser.Package disabledPkg = 1102 mServiceInternal.getDisabledPackage(pkg.packageName); 1103 if (disabledPkg != null) { 1104 if ((disabledPkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 1105 return false; 1106 } 1107 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 1108 return false; 1109 } 1110 final String systemPackageName = mServiceInternal.getKnownPackageName( 1111 PackageManagerInternal.PACKAGE_SYSTEM, UserHandle.USER_SYSTEM); 1112 final PackageParser.Package systemPackage = getPackage(systemPackageName); 1113 return PackageManagerService.compareSignatures(systemPackage.mSignatures, 1114 pkg.mSignatures) == PackageManager.SIGNATURE_MATCH; 1115 } 1116 1117 private void grantDefaultPermissionExceptions(int userId) { 1118 mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS); 1119 1120 synchronized (mLock) { 1121 // mGrantExceptions is null only before the first read and then 1122 // it serves as a cache of the default grants that should be 1123 // performed for every user. If there is an entry then the app 1124 // is on the system image and supports runtime permissions. 1125 if (mGrantExceptions == null) { 1126 mGrantExceptions = readDefaultPermissionExceptionsLocked(); 1127 } 1128 } 1129 1130 Set<String> permissions = null; 1131 final int exceptionCount = mGrantExceptions.size(); 1132 for (int i = 0; i < exceptionCount; i++) { 1133 String packageName = mGrantExceptions.keyAt(i); 1134 PackageParser.Package pkg = getSystemPackage(packageName); 1135 List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i); 1136 final int permissionGrantCount = permissionGrants.size(); 1137 for (int j = 0; j < permissionGrantCount; j++) { 1138 DefaultPermissionGrant permissionGrant = permissionGrants.get(j); 1139 if (permissions == null) { 1140 permissions = new ArraySet<>(); 1141 } else { 1142 permissions.clear(); 1143 } 1144 permissions.add(permissionGrant.name); 1145 grantRuntimePermissions(pkg, permissions, 1146 permissionGrant.fixed, userId); 1147 } 1148 } 1149 } 1150 1151 private File[] getDefaultPermissionFiles() { 1152 ArrayList<File> ret = new ArrayList<File>(); 1153 File dir = new File(Environment.getRootDirectory(), "etc/default-permissions"); 1154 if (dir.isDirectory() && dir.canRead()) { 1155 Collections.addAll(ret, dir.listFiles()); 1156 } 1157 dir = new File(Environment.getVendorDirectory(), "etc/default-permissions"); 1158 if (dir.isDirectory() && dir.canRead()) { 1159 Collections.addAll(ret, dir.listFiles()); 1160 } 1161 return ret.isEmpty() ? null : ret.toArray(new File[0]); 1162 } 1163 1164 private @NonNull ArrayMap<String, List<DefaultPermissionGrant>> 1165 readDefaultPermissionExceptionsLocked() { 1166 File[] files = getDefaultPermissionFiles(); 1167 if (files == null) { 1168 return new ArrayMap<>(0); 1169 } 1170 1171 ArrayMap<String, List<DefaultPermissionGrant>> grantExceptions = new ArrayMap<>(); 1172 1173 // Iterate over the files in the directory and scan .xml files 1174 for (File file : files) { 1175 if (!file.getPath().endsWith(".xml")) { 1176 Slog.i(TAG, "Non-xml file " + file 1177 + " in " + file.getParent() + " directory, ignoring"); 1178 continue; 1179 } 1180 if (!file.canRead()) { 1181 Slog.w(TAG, "Default permissions file " + file + " cannot be read"); 1182 continue; 1183 } 1184 try ( 1185 InputStream str = new BufferedInputStream(new FileInputStream(file)) 1186 ) { 1187 XmlPullParser parser = Xml.newPullParser(); 1188 parser.setInput(str, null); 1189 parse(parser, grantExceptions); 1190 } catch (XmlPullParserException | IOException e) { 1191 Slog.w(TAG, "Error reading default permissions file " + file, e); 1192 } 1193 } 1194 1195 return grantExceptions; 1196 } 1197 1198 private void parse(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>> 1199 outGrantExceptions) throws IOException, XmlPullParserException { 1200 final int outerDepth = parser.getDepth(); 1201 int type; 1202 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1203 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1204 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1205 continue; 1206 } 1207 if (TAG_EXCEPTIONS.equals(parser.getName())) { 1208 parseExceptions(parser, outGrantExceptions); 1209 } else { 1210 Log.e(TAG, "Unknown tag " + parser.getName()); 1211 } 1212 } 1213 } 1214 1215 private void parseExceptions(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>> 1216 outGrantExceptions) throws IOException, XmlPullParserException { 1217 final int outerDepth = parser.getDepth(); 1218 int type; 1219 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1220 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1221 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1222 continue; 1223 } 1224 if (TAG_EXCEPTION.equals(parser.getName())) { 1225 String packageName = parser.getAttributeValue(null, ATTR_PACKAGE); 1226 1227 List<DefaultPermissionGrant> packageExceptions = 1228 outGrantExceptions.get(packageName); 1229 if (packageExceptions == null) { 1230 // The package must be on the system image 1231 PackageParser.Package pkg = getSystemPackage(packageName); 1232 if (pkg == null) { 1233 Log.w(TAG, "Unknown package:" + packageName); 1234 XmlUtils.skipCurrentTag(parser); 1235 continue; 1236 } 1237 1238 // The package must support runtime permissions 1239 if (!doesPackageSupportRuntimePermissions(pkg)) { 1240 Log.w(TAG, "Skipping non supporting runtime permissions package:" 1241 + packageName); 1242 XmlUtils.skipCurrentTag(parser); 1243 continue; 1244 } 1245 packageExceptions = new ArrayList<>(); 1246 outGrantExceptions.put(packageName, packageExceptions); 1247 } 1248 1249 parsePermission(parser, packageExceptions); 1250 } else { 1251 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exceptions>"); 1252 } 1253 } 1254 } 1255 1256 private void parsePermission(XmlPullParser parser, List<DefaultPermissionGrant> 1257 outPackageExceptions) throws IOException, XmlPullParserException { 1258 final int outerDepth = parser.getDepth(); 1259 int type; 1260 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1261 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1262 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1263 continue; 1264 } 1265 1266 if (TAG_PERMISSION.contains(parser.getName())) { 1267 String name = parser.getAttributeValue(null, ATTR_NAME); 1268 if (name == null) { 1269 Log.w(TAG, "Mandatory name attribute missing for permission tag"); 1270 XmlUtils.skipCurrentTag(parser); 1271 continue; 1272 } 1273 1274 final boolean fixed = XmlUtils.readBooleanAttribute(parser, ATTR_FIXED); 1275 1276 DefaultPermissionGrant exception = new DefaultPermissionGrant(name, fixed); 1277 outPackageExceptions.add(exception); 1278 } else { 1279 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exception>"); 1280 } 1281 } 1282 } 1283 1284 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) { 1285 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1; 1286 } 1287 1288 private static final class DefaultPermissionGrant { 1289 final String name; 1290 final boolean fixed; 1291 1292 public DefaultPermissionGrant(String name, boolean fixed) { 1293 this.name = name; 1294 this.fixed = fixed; 1295 } 1296 } 1297} 1298