DefaultPermissionGrantPolicy.java revision 3d70a03aa9e10382f385da0a26592d56eaf9cc96
1/* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.pm.permission; 18 19import static com.android.server.pm.PackageManagerServiceUtils.compareSignatures; 20 21import android.Manifest; 22import android.annotation.NonNull; 23import android.annotation.Nullable; 24import android.app.ActivityManager; 25import android.app.DownloadManager; 26import android.app.admin.DevicePolicyManager; 27import android.companion.CompanionDeviceManager; 28import android.content.Context; 29import android.content.Intent; 30import android.content.pm.ActivityInfo; 31import android.content.pm.ApplicationInfo; 32import android.content.pm.IPackageManager; 33import android.content.pm.PackageList; 34import android.content.pm.PackageManager; 35import android.content.pm.PackageManagerInternal; 36import android.content.pm.PackageParser; 37import android.content.pm.ProviderInfo; 38import android.content.pm.ResolveInfo; 39import android.content.pm.PackageManagerInternal.PackagesProvider; 40import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider; 41import android.media.RingtoneManager; 42import android.net.Uri; 43import android.os.Binder; 44import android.os.Build; 45import android.os.Environment; 46import android.os.Handler; 47import android.os.Looper; 48import android.os.Message; 49import android.os.UserHandle; 50import android.os.storage.StorageManager; 51import android.print.PrintManager; 52import android.provider.CalendarContract; 53import android.provider.ContactsContract; 54import android.provider.MediaStore; 55import android.provider.Telephony.Sms.Intents; 56import android.telephony.TelephonyManager; 57import android.security.Credentials; 58import android.util.ArrayMap; 59import android.util.ArraySet; 60import android.util.Log; 61import android.util.Slog; 62import android.util.Xml; 63import com.android.internal.util.XmlUtils; 64import com.android.server.LocalServices; 65import com.android.server.pm.PackageManagerService; 66import com.android.server.pm.PackageSetting; 67 68import org.xmlpull.v1.XmlPullParser; 69import org.xmlpull.v1.XmlPullParserException; 70 71import java.io.BufferedInputStream; 72import java.io.File; 73import java.io.FileInputStream; 74import java.io.IOException; 75import java.io.InputStream; 76import java.util.ArrayList; 77import java.util.Collection; 78import java.util.Collections; 79import java.util.List; 80import java.util.Map; 81import java.util.Set; 82 83import static android.os.Process.FIRST_APPLICATION_UID; 84 85/** 86 * This class is the policy for granting runtime permissions to 87 * platform components and default handlers in the system such 88 * that the device is usable out-of-the-box. For example, the 89 * shell UID is a part of the system and the Phone app should 90 * have phone related permission by default. 91 * <p> 92 * NOTE: This class is at the wrong abstraction level. It is a part of the package manager 93 * service but knows about lots of higher level subsystems. The correct way to do this is 94 * to have an interface defined in the package manager but have the impl next to other 95 * policy stuff like PhoneWindowManager 96 */ 97public final class DefaultPermissionGrantPolicy { 98 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars 99 private static final boolean DEBUG = false; 100 101 private static final int DEFAULT_FLAGS = 102 PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE 103 | PackageManager.MATCH_UNINSTALLED_PACKAGES; 104 105 private static final String AUDIO_MIME_TYPE = "audio/mpeg"; 106 107 private static final String TAG_EXCEPTIONS = "exceptions"; 108 private static final String TAG_EXCEPTION = "exception"; 109 private static final String TAG_PERMISSION = "permission"; 110 private static final String ATTR_PACKAGE = "package"; 111 private static final String ATTR_NAME = "name"; 112 private static final String ATTR_FIXED = "fixed"; 113 114 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>(); 115 static { 116 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE); 117 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE); 118 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG); 119 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG); 120 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL); 121 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP); 122 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS); 123 } 124 125 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>(); 126 static { 127 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS); 128 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS); 129 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS); 130 } 131 132 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>(); 133 static { 134 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION); 135 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION); 136 } 137 138 private static final Set<String> COARSE_LOCATION_PERMISSIONS = new ArraySet<>(); 139 static { 140 COARSE_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION); 141 } 142 143 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>(); 144 static { 145 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR); 146 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR); 147 } 148 149 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>(); 150 static { 151 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS); 152 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS); 153 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS); 154 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH); 155 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS); 156 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS); 157 } 158 159 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>(); 160 static { 161 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO); 162 } 163 164 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>(); 165 static { 166 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA); 167 } 168 169 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>(); 170 static { 171 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS); 172 } 173 174 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>(); 175 static { 176 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE); 177 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE); 178 } 179 180 private static final int MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS = 1; 181 182 private static final String ACTION_TRACK = "com.android.fitness.TRACK"; 183 184 private final Handler mHandler; 185 186 private PackagesProvider mLocationPackagesProvider; 187 private PackagesProvider mVoiceInteractionPackagesProvider; 188 private PackagesProvider mSmsAppPackagesProvider; 189 private PackagesProvider mDialerAppPackagesProvider; 190 private PackagesProvider mSimCallManagerPackagesProvider; 191 private PackagesProvider mUseOpenWifiAppPackagesProvider; 192 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider; 193 194 private ArrayMap<String, List<DefaultPermissionGrant>> mGrantExceptions; 195 private final Context mContext; 196 private final Object mLock = new Object(); 197 private final PackageManagerInternal mServiceInternal; 198 private final PermissionManagerService mPermissionManager; 199 private final DefaultPermissionGrantedCallback mPermissionGrantedCallback; 200 public interface DefaultPermissionGrantedCallback { 201 /** Callback when permissions have been granted */ 202 public void onDefaultRuntimePermissionsGranted(int userId); 203 } 204 205 public DefaultPermissionGrantPolicy(Context context, Looper looper, 206 @Nullable DefaultPermissionGrantedCallback callback, 207 @NonNull PermissionManagerService permissionManager) { 208 mContext = context; 209 mHandler = new Handler(looper) { 210 @Override 211 public void handleMessage(Message msg) { 212 if (msg.what == MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS) { 213 synchronized (mLock) { 214 if (mGrantExceptions == null) { 215 mGrantExceptions = readDefaultPermissionExceptionsLocked(); 216 } 217 } 218 } 219 } 220 }; 221 mPermissionGrantedCallback = callback; 222 mPermissionManager = permissionManager; 223 mServiceInternal = LocalServices.getService(PackageManagerInternal.class); 224 } 225 226 public void setLocationPackagesProvider(PackagesProvider provider) { 227 synchronized (mLock) { 228 mLocationPackagesProvider = provider; 229 } 230 } 231 232 public void setVoiceInteractionPackagesProvider(PackagesProvider provider) { 233 synchronized (mLock) { 234 mVoiceInteractionPackagesProvider = provider; 235 } 236 } 237 238 public void setSmsAppPackagesProvider(PackagesProvider provider) { 239 synchronized (mLock) { 240 mSmsAppPackagesProvider = provider; 241 } 242 } 243 244 public void setDialerAppPackagesProvider(PackagesProvider provider) { 245 synchronized (mLock) { 246 mDialerAppPackagesProvider = provider; 247 } 248 } 249 250 public void setSimCallManagerPackagesProvider(PackagesProvider provider) { 251 synchronized (mLock) { 252 mSimCallManagerPackagesProvider = provider; 253 } 254 } 255 256 public void setUseOpenWifiAppPackagesProvider(PackagesProvider provider) { 257 synchronized (mLock) { 258 mUseOpenWifiAppPackagesProvider = provider; 259 } 260 } 261 262 public void setSyncAdapterPackagesProvider(SyncAdapterPackagesProvider provider) { 263 synchronized (mLock) { 264 mSyncAdapterPackagesProvider = provider; 265 } 266 } 267 268 public void grantDefaultPermissions(int userId) { 269 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) { 270 grantAllRuntimePermissions(userId); 271 } else { 272 grantPermissionsToSysComponentsAndPrivApps(userId); 273 grantDefaultSystemHandlerPermissions(userId); 274 grantDefaultPermissionExceptions(userId); 275 } 276 } 277 278 private void grantRuntimePermissionsForPackage(int userId, PackageParser.Package pkg) { 279 Set<String> permissions = new ArraySet<>(); 280 for (String permission : pkg.requestedPermissions) { 281 final BasePermission bp = mPermissionManager.getPermission(permission); 282 if (bp == null) { 283 continue; 284 } 285 if (bp.isRuntime()) { 286 permissions.add(permission); 287 } 288 } 289 if (!permissions.isEmpty()) { 290 grantRuntimePermissions(pkg, permissions, true, userId); 291 } 292 } 293 294 private void grantAllRuntimePermissions(int userId) { 295 Log.i(TAG, "Granting all runtime permissions for user " + userId); 296 final PackageList packageList = mServiceInternal.getPackageList(); 297 for (String packageName : packageList.getPackageNames()) { 298 final PackageParser.Package pkg = mServiceInternal.getPackage(packageName); 299 if (pkg == null) { 300 continue; 301 } 302 grantRuntimePermissionsForPackage(userId, pkg); 303 } 304 } 305 306 public void scheduleReadDefaultPermissionExceptions() { 307 mHandler.sendEmptyMessage(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS); 308 } 309 310 private void grantPermissionsToSysComponentsAndPrivApps(int userId) { 311 Log.i(TAG, "Granting permissions to platform components for user " + userId); 312 final PackageList packageList = mServiceInternal.getPackageList(); 313 for (String packageName : packageList.getPackageNames()) { 314 final PackageParser.Package pkg = mServiceInternal.getPackage(packageName); 315 if (pkg == null) { 316 continue; 317 } 318 if (!isSysComponentOrPersistentPlatformSignedPrivApp(pkg) 319 || !doesPackageSupportRuntimePermissions(pkg) 320 || pkg.requestedPermissions.isEmpty()) { 321 continue; 322 } 323 grantRuntimePermissionsForPackage(userId, pkg); 324 } 325 } 326 327 private void grantDefaultSystemHandlerPermissions(int userId) { 328 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId); 329 330 final PackagesProvider locationPackagesProvider; 331 final PackagesProvider voiceInteractionPackagesProvider; 332 final PackagesProvider smsAppPackagesProvider; 333 final PackagesProvider dialerAppPackagesProvider; 334 final PackagesProvider simCallManagerPackagesProvider; 335 final PackagesProvider useOpenWifiAppPackagesProvider; 336 final SyncAdapterPackagesProvider syncAdapterPackagesProvider; 337 338 synchronized (mLock) { 339 locationPackagesProvider = mLocationPackagesProvider; 340 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider; 341 smsAppPackagesProvider = mSmsAppPackagesProvider; 342 dialerAppPackagesProvider = mDialerAppPackagesProvider; 343 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider; 344 useOpenWifiAppPackagesProvider = mUseOpenWifiAppPackagesProvider; 345 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider; 346 } 347 348 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null) 349 ? voiceInteractionPackagesProvider.getPackages(userId) : null; 350 String[] locationPackageNames = (locationPackagesProvider != null) 351 ? locationPackagesProvider.getPackages(userId) : null; 352 String[] smsAppPackageNames = (smsAppPackagesProvider != null) 353 ? smsAppPackagesProvider.getPackages(userId) : null; 354 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null) 355 ? dialerAppPackagesProvider.getPackages(userId) : null; 356 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null) 357 ? simCallManagerPackagesProvider.getPackages(userId) : null; 358 String[] useOpenWifiAppPackageNames = (useOpenWifiAppPackagesProvider != null) 359 ? useOpenWifiAppPackagesProvider.getPackages(userId) : null; 360 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 361 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null; 362 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 363 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null; 364 365 // Installer 366 final String installerPackageName = mServiceInternal.getKnownPackageName( 367 PackageManagerInternal.PACKAGE_INSTALLER, userId); 368 PackageParser.Package installerPackage = getSystemPackage(installerPackageName); 369 if (installerPackage != null 370 && doesPackageSupportRuntimePermissions(installerPackage)) { 371 grantRuntimePermissions(installerPackage, STORAGE_PERMISSIONS, true, userId); 372 } 373 374 // Verifier 375 final String verifierPackageName = mServiceInternal.getKnownPackageName( 376 PackageManagerInternal.PACKAGE_VERIFIER, userId); 377 PackageParser.Package verifierPackage = getSystemPackage(verifierPackageName); 378 if (verifierPackage != null 379 && doesPackageSupportRuntimePermissions(verifierPackage)) { 380 grantRuntimePermissions(verifierPackage, STORAGE_PERMISSIONS, true, userId); 381 grantRuntimePermissions(verifierPackage, PHONE_PERMISSIONS, false, userId); 382 grantRuntimePermissions(verifierPackage, SMS_PERMISSIONS, false, userId); 383 } 384 385 // SetupWizard 386 final String setupWizardPackageName = mServiceInternal.getKnownPackageName( 387 PackageManagerInternal.PACKAGE_SETUP_WIZARD, userId); 388 PackageParser.Package setupPackage = getSystemPackage(setupWizardPackageName); 389 if (setupPackage != null 390 && doesPackageSupportRuntimePermissions(setupPackage)) { 391 grantRuntimePermissions(setupPackage, PHONE_PERMISSIONS, userId); 392 grantRuntimePermissions(setupPackage, CONTACTS_PERMISSIONS, userId); 393 grantRuntimePermissions(setupPackage, LOCATION_PERMISSIONS, userId); 394 grantRuntimePermissions(setupPackage, CAMERA_PERMISSIONS, userId); 395 } 396 397 // Camera 398 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE); 399 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackage( 400 cameraIntent, userId); 401 if (cameraPackage != null 402 && doesPackageSupportRuntimePermissions(cameraPackage)) { 403 grantRuntimePermissions(cameraPackage, CAMERA_PERMISSIONS, userId); 404 grantRuntimePermissions(cameraPackage, MICROPHONE_PERMISSIONS, userId); 405 grantRuntimePermissions(cameraPackage, STORAGE_PERMISSIONS, userId); 406 } 407 408 // Media provider 409 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackage( 410 MediaStore.AUTHORITY, userId); 411 if (mediaStorePackage != null) { 412 grantRuntimePermissions(mediaStorePackage, STORAGE_PERMISSIONS, true, userId); 413 grantRuntimePermissions(mediaStorePackage, PHONE_PERMISSIONS, true, userId); 414 } 415 416 // Downloads provider 417 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackage( 418 "downloads", userId); 419 if (downloadsPackage != null) { 420 grantRuntimePermissions(downloadsPackage, STORAGE_PERMISSIONS, true, userId); 421 } 422 423 // Downloads UI 424 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS); 425 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackage( 426 downloadsUiIntent, userId); 427 if (downloadsUiPackage != null 428 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) { 429 grantRuntimePermissions(downloadsUiPackage, STORAGE_PERMISSIONS, true, userId); 430 } 431 432 // Storage provider 433 PackageParser.Package storagePackage = getDefaultProviderAuthorityPackage( 434 "com.android.externalstorage.documents", userId); 435 if (storagePackage != null) { 436 grantRuntimePermissions(storagePackage, STORAGE_PERMISSIONS, true, userId); 437 } 438 439 // CertInstaller 440 Intent certInstallerIntent = new Intent(Credentials.INSTALL_ACTION); 441 PackageParser.Package certInstallerPackage = getDefaultSystemHandlerActivityPackage( 442 certInstallerIntent, userId); 443 if (certInstallerPackage != null 444 && doesPackageSupportRuntimePermissions(certInstallerPackage)) { 445 grantRuntimePermissions(certInstallerPackage, STORAGE_PERMISSIONS, true, userId); 446 } 447 448 // Dialer 449 if (dialerAppPackageNames == null) { 450 Intent dialerIntent = new Intent(Intent.ACTION_DIAL); 451 PackageParser.Package dialerPackage = getDefaultSystemHandlerActivityPackage( 452 dialerIntent, userId); 453 if (dialerPackage != null) { 454 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId); 455 } 456 } else { 457 for (String dialerAppPackageName : dialerAppPackageNames) { 458 PackageParser.Package dialerPackage = getSystemPackage(dialerAppPackageName); 459 if (dialerPackage != null) { 460 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId); 461 } 462 } 463 } 464 465 // Sim call manager 466 if (simCallManagerPackageNames != null) { 467 for (String simCallManagerPackageName : simCallManagerPackageNames) { 468 PackageParser.Package simCallManagerPackage = 469 getSystemPackage(simCallManagerPackageName); 470 if (simCallManagerPackage != null) { 471 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage, 472 userId); 473 } 474 } 475 } 476 477 // Use Open Wifi 478 if (useOpenWifiAppPackageNames != null) { 479 for (String useOpenWifiPackageName : useOpenWifiAppPackageNames) { 480 PackageParser.Package useOpenWifiPackage = 481 getSystemPackage(useOpenWifiPackageName); 482 if (useOpenWifiPackage != null) { 483 grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(useOpenWifiPackage, 484 userId); 485 } 486 } 487 } 488 489 // SMS 490 if (smsAppPackageNames == null) { 491 Intent smsIntent = new Intent(Intent.ACTION_MAIN); 492 smsIntent.addCategory(Intent.CATEGORY_APP_MESSAGING); 493 PackageParser.Package smsPackage = getDefaultSystemHandlerActivityPackage( 494 smsIntent, userId); 495 if (smsPackage != null) { 496 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId); 497 } 498 } else { 499 for (String smsPackageName : smsAppPackageNames) { 500 PackageParser.Package smsPackage = getSystemPackage(smsPackageName); 501 if (smsPackage != null) { 502 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId); 503 } 504 } 505 } 506 507 // Cell Broadcast Receiver 508 Intent cbrIntent = new Intent(Intents.SMS_CB_RECEIVED_ACTION); 509 PackageParser.Package cbrPackage = 510 getDefaultSystemHandlerActivityPackage(cbrIntent, userId); 511 if (cbrPackage != null && doesPackageSupportRuntimePermissions(cbrPackage)) { 512 grantRuntimePermissions(cbrPackage, SMS_PERMISSIONS, userId); 513 } 514 515 // Carrier Provisioning Service 516 Intent carrierProvIntent = new Intent(Intents.SMS_CARRIER_PROVISION_ACTION); 517 PackageParser.Package carrierProvPackage = 518 getDefaultSystemHandlerServicePackage(carrierProvIntent, userId); 519 if (carrierProvPackage != null 520 && doesPackageSupportRuntimePermissions(carrierProvPackage)) { 521 grantRuntimePermissions(carrierProvPackage, SMS_PERMISSIONS, false, userId); 522 } 523 524 // Calendar 525 Intent calendarIntent = new Intent(Intent.ACTION_MAIN); 526 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR); 527 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackage( 528 calendarIntent, userId); 529 if (calendarPackage != null 530 && doesPackageSupportRuntimePermissions(calendarPackage)) { 531 grantRuntimePermissions(calendarPackage, CALENDAR_PERMISSIONS, userId); 532 grantRuntimePermissions(calendarPackage, CONTACTS_PERMISSIONS, userId); 533 } 534 535 // Calendar provider 536 PackageParser.Package calendarProviderPackage = getDefaultProviderAuthorityPackage( 537 CalendarContract.AUTHORITY, userId); 538 if (calendarProviderPackage != null) { 539 grantRuntimePermissions(calendarProviderPackage, CONTACTS_PERMISSIONS, userId); 540 grantRuntimePermissions(calendarProviderPackage, CALENDAR_PERMISSIONS, 541 true, userId); 542 grantRuntimePermissions(calendarProviderPackage, STORAGE_PERMISSIONS, userId); 543 } 544 545 // Calendar provider sync adapters 546 List<PackageParser.Package> calendarSyncAdapters = getHeadlessSyncAdapterPackages( 547 calendarSyncAdapterPackages, userId); 548 final int calendarSyncAdapterCount = calendarSyncAdapters.size(); 549 for (int i = 0; i < calendarSyncAdapterCount; i++) { 550 PackageParser.Package calendarSyncAdapter = calendarSyncAdapters.get(i); 551 if (doesPackageSupportRuntimePermissions(calendarSyncAdapter)) { 552 grantRuntimePermissions(calendarSyncAdapter, CALENDAR_PERMISSIONS, userId); 553 } 554 } 555 556 // Contacts 557 Intent contactsIntent = new Intent(Intent.ACTION_MAIN); 558 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS); 559 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackage( 560 contactsIntent, userId); 561 if (contactsPackage != null 562 && doesPackageSupportRuntimePermissions(contactsPackage)) { 563 grantRuntimePermissions(contactsPackage, CONTACTS_PERMISSIONS, userId); 564 grantRuntimePermissions(contactsPackage, PHONE_PERMISSIONS, userId); 565 } 566 567 // Contacts provider sync adapters 568 List<PackageParser.Package> contactsSyncAdapters = getHeadlessSyncAdapterPackages( 569 contactsSyncAdapterPackages, userId); 570 final int contactsSyncAdapterCount = contactsSyncAdapters.size(); 571 for (int i = 0; i < contactsSyncAdapterCount; i++) { 572 PackageParser.Package contactsSyncAdapter = contactsSyncAdapters.get(i); 573 if (doesPackageSupportRuntimePermissions(contactsSyncAdapter)) { 574 grantRuntimePermissions(contactsSyncAdapter, CONTACTS_PERMISSIONS, userId); 575 } 576 } 577 578 // Contacts provider 579 PackageParser.Package contactsProviderPackage = getDefaultProviderAuthorityPackage( 580 ContactsContract.AUTHORITY, userId); 581 if (contactsProviderPackage != null) { 582 grantRuntimePermissions(contactsProviderPackage, CONTACTS_PERMISSIONS, 583 true, userId); 584 grantRuntimePermissions(contactsProviderPackage, PHONE_PERMISSIONS, 585 true, userId); 586 grantRuntimePermissions(contactsProviderPackage, STORAGE_PERMISSIONS, userId); 587 } 588 589 // Device provisioning 590 Intent deviceProvisionIntent = new Intent( 591 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE); 592 PackageParser.Package deviceProvisionPackage = 593 getDefaultSystemHandlerActivityPackage(deviceProvisionIntent, userId); 594 if (deviceProvisionPackage != null 595 && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) { 596 grantRuntimePermissions(deviceProvisionPackage, CONTACTS_PERMISSIONS, userId); 597 } 598 599 // Maps 600 Intent mapsIntent = new Intent(Intent.ACTION_MAIN); 601 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS); 602 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackage( 603 mapsIntent, userId); 604 if (mapsPackage != null 605 && doesPackageSupportRuntimePermissions(mapsPackage)) { 606 grantRuntimePermissions(mapsPackage, LOCATION_PERMISSIONS, userId); 607 } 608 609 // Gallery 610 Intent galleryIntent = new Intent(Intent.ACTION_MAIN); 611 galleryIntent.addCategory(Intent.CATEGORY_APP_GALLERY); 612 PackageParser.Package galleryPackage = getDefaultSystemHandlerActivityPackage( 613 galleryIntent, userId); 614 if (galleryPackage != null 615 && doesPackageSupportRuntimePermissions(galleryPackage)) { 616 grantRuntimePermissions(galleryPackage, STORAGE_PERMISSIONS, userId); 617 } 618 619 // Email 620 Intent emailIntent = new Intent(Intent.ACTION_MAIN); 621 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL); 622 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackage( 623 emailIntent, userId); 624 if (emailPackage != null 625 && doesPackageSupportRuntimePermissions(emailPackage)) { 626 grantRuntimePermissions(emailPackage, CONTACTS_PERMISSIONS, userId); 627 grantRuntimePermissions(emailPackage, CALENDAR_PERMISSIONS, userId); 628 } 629 630 // Browser 631 PackageParser.Package browserPackage = null; 632 String defaultBrowserPackage = mServiceInternal.getKnownPackageName( 633 PackageManagerInternal.PACKAGE_BROWSER, userId); 634 if (defaultBrowserPackage != null) { 635 browserPackage = getPackage(defaultBrowserPackage); 636 } 637 if (browserPackage == null) { 638 Intent browserIntent = new Intent(Intent.ACTION_MAIN); 639 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER); 640 browserPackage = getDefaultSystemHandlerActivityPackage( 641 browserIntent, userId); 642 } 643 if (browserPackage != null 644 && doesPackageSupportRuntimePermissions(browserPackage)) { 645 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, userId); 646 } 647 648 // Voice interaction 649 if (voiceInteractPackageNames != null) { 650 for (String voiceInteractPackageName : voiceInteractPackageNames) { 651 PackageParser.Package voiceInteractPackage = getSystemPackage( 652 voiceInteractPackageName); 653 if (voiceInteractPackage != null 654 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) { 655 grantRuntimePermissions(voiceInteractPackage, 656 CONTACTS_PERMISSIONS, userId); 657 grantRuntimePermissions(voiceInteractPackage, 658 CALENDAR_PERMISSIONS, userId); 659 grantRuntimePermissions(voiceInteractPackage, 660 MICROPHONE_PERMISSIONS, userId); 661 grantRuntimePermissions(voiceInteractPackage, 662 PHONE_PERMISSIONS, userId); 663 grantRuntimePermissions(voiceInteractPackage, 664 SMS_PERMISSIONS, userId); 665 grantRuntimePermissions(voiceInteractPackage, 666 LOCATION_PERMISSIONS, userId); 667 } 668 } 669 } 670 671 if (ActivityManager.isLowRamDeviceStatic()) { 672 // Allow voice search on low-ram devices 673 Intent globalSearchIntent = new Intent("android.search.action.GLOBAL_SEARCH"); 674 PackageParser.Package globalSearchPickerPackage = 675 getDefaultSystemHandlerActivityPackage(globalSearchIntent, userId); 676 677 if (globalSearchPickerPackage != null 678 && doesPackageSupportRuntimePermissions(globalSearchPickerPackage)) { 679 grantRuntimePermissions(globalSearchPickerPackage, 680 MICROPHONE_PERMISSIONS, false, userId); 681 grantRuntimePermissions(globalSearchPickerPackage, 682 LOCATION_PERMISSIONS, false, userId); 683 } 684 } 685 686 // Voice recognition 687 Intent voiceRecoIntent = new Intent("android.speech.RecognitionService"); 688 voiceRecoIntent.addCategory(Intent.CATEGORY_DEFAULT); 689 PackageParser.Package voiceRecoPackage = getDefaultSystemHandlerServicePackage( 690 voiceRecoIntent, userId); 691 if (voiceRecoPackage != null 692 && doesPackageSupportRuntimePermissions(voiceRecoPackage)) { 693 grantRuntimePermissions(voiceRecoPackage, MICROPHONE_PERMISSIONS, userId); 694 } 695 696 // Location 697 if (locationPackageNames != null) { 698 for (String packageName : locationPackageNames) { 699 PackageParser.Package locationPackage = getSystemPackage(packageName); 700 if (locationPackage != null 701 && doesPackageSupportRuntimePermissions(locationPackage)) { 702 grantRuntimePermissions(locationPackage, CONTACTS_PERMISSIONS, userId); 703 grantRuntimePermissions(locationPackage, CALENDAR_PERMISSIONS, userId); 704 grantRuntimePermissions(locationPackage, MICROPHONE_PERMISSIONS, userId); 705 grantRuntimePermissions(locationPackage, PHONE_PERMISSIONS, userId); 706 grantRuntimePermissions(locationPackage, SMS_PERMISSIONS, userId); 707 grantRuntimePermissions(locationPackage, LOCATION_PERMISSIONS, 708 true, userId); 709 grantRuntimePermissions(locationPackage, CAMERA_PERMISSIONS, userId); 710 grantRuntimePermissions(locationPackage, SENSORS_PERMISSIONS, userId); 711 grantRuntimePermissions(locationPackage, STORAGE_PERMISSIONS, userId); 712 } 713 } 714 } 715 716 // Music 717 Intent musicIntent = new Intent(Intent.ACTION_VIEW); 718 musicIntent.addCategory(Intent.CATEGORY_DEFAULT); 719 musicIntent.setDataAndType(Uri.fromFile(new File("foo.mp3")), 720 AUDIO_MIME_TYPE); 721 PackageParser.Package musicPackage = getDefaultSystemHandlerActivityPackage( 722 musicIntent, userId); 723 if (musicPackage != null 724 && doesPackageSupportRuntimePermissions(musicPackage)) { 725 grantRuntimePermissions(musicPackage, STORAGE_PERMISSIONS, userId); 726 } 727 728 // Home 729 Intent homeIntent = new Intent(Intent.ACTION_MAIN); 730 homeIntent.addCategory(Intent.CATEGORY_HOME); 731 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER_APP); 732 PackageParser.Package homePackage = getDefaultSystemHandlerActivityPackage( 733 homeIntent, userId); 734 if (homePackage != null 735 && doesPackageSupportRuntimePermissions(homePackage)) { 736 grantRuntimePermissions(homePackage, LOCATION_PERMISSIONS, false, userId); 737 } 738 739 // Watches 740 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0)) { 741 // Home application on watches 742 Intent wearHomeIntent = new Intent(Intent.ACTION_MAIN); 743 wearHomeIntent.addCategory(Intent.CATEGORY_HOME_MAIN); 744 745 PackageParser.Package wearHomePackage = getDefaultSystemHandlerActivityPackage( 746 wearHomeIntent, userId); 747 748 if (wearHomePackage != null 749 && doesPackageSupportRuntimePermissions(wearHomePackage)) { 750 grantRuntimePermissions(wearHomePackage, CONTACTS_PERMISSIONS, false, 751 userId); 752 grantRuntimePermissions(wearHomePackage, PHONE_PERMISSIONS, true, userId); 753 grantRuntimePermissions(wearHomePackage, MICROPHONE_PERMISSIONS, false, 754 userId); 755 grantRuntimePermissions(wearHomePackage, LOCATION_PERMISSIONS, false, 756 userId); 757 } 758 759 // Fitness tracking on watches 760 Intent trackIntent = new Intent(ACTION_TRACK); 761 PackageParser.Package trackPackage = getDefaultSystemHandlerActivityPackage( 762 trackIntent, userId); 763 if (trackPackage != null 764 && doesPackageSupportRuntimePermissions(trackPackage)) { 765 grantRuntimePermissions(trackPackage, SENSORS_PERMISSIONS, false, userId); 766 grantRuntimePermissions(trackPackage, LOCATION_PERMISSIONS, false, userId); 767 } 768 } 769 770 // Print Spooler 771 PackageParser.Package printSpoolerPackage = getSystemPackage( 772 PrintManager.PRINT_SPOOLER_PACKAGE_NAME); 773 if (printSpoolerPackage != null 774 && doesPackageSupportRuntimePermissions(printSpoolerPackage)) { 775 grantRuntimePermissions(printSpoolerPackage, LOCATION_PERMISSIONS, true, userId); 776 } 777 778 // EmergencyInfo 779 Intent emergencyInfoIntent = new Intent(TelephonyManager.ACTION_EMERGENCY_ASSISTANCE); 780 PackageParser.Package emergencyInfoPckg = getDefaultSystemHandlerActivityPackage( 781 emergencyInfoIntent, userId); 782 if (emergencyInfoPckg != null 783 && doesPackageSupportRuntimePermissions(emergencyInfoPckg)) { 784 grantRuntimePermissions(emergencyInfoPckg, CONTACTS_PERMISSIONS, true, userId); 785 grantRuntimePermissions(emergencyInfoPckg, PHONE_PERMISSIONS, true, userId); 786 } 787 788 // NFC Tag viewer 789 Intent nfcTagIntent = new Intent(Intent.ACTION_VIEW); 790 nfcTagIntent.setType("vnd.android.cursor.item/ndef_msg"); 791 PackageParser.Package nfcTagPkg = getDefaultSystemHandlerActivityPackage( 792 nfcTagIntent, userId); 793 if (nfcTagPkg != null 794 && doesPackageSupportRuntimePermissions(nfcTagPkg)) { 795 grantRuntimePermissions(nfcTagPkg, CONTACTS_PERMISSIONS, false, userId); 796 grantRuntimePermissions(nfcTagPkg, PHONE_PERMISSIONS, false, userId); 797 } 798 799 // Storage Manager 800 Intent storageManagerIntent = new Intent(StorageManager.ACTION_MANAGE_STORAGE); 801 PackageParser.Package storageManagerPckg = getDefaultSystemHandlerActivityPackage( 802 storageManagerIntent, userId); 803 if (storageManagerPckg != null 804 && doesPackageSupportRuntimePermissions(storageManagerPckg)) { 805 grantRuntimePermissions(storageManagerPckg, STORAGE_PERMISSIONS, true, userId); 806 } 807 808 // Companion devices 809 PackageParser.Package companionDeviceDiscoveryPackage = getSystemPackage( 810 CompanionDeviceManager.COMPANION_DEVICE_DISCOVERY_PACKAGE_NAME); 811 if (companionDeviceDiscoveryPackage != null 812 && doesPackageSupportRuntimePermissions(companionDeviceDiscoveryPackage)) { 813 grantRuntimePermissions(companionDeviceDiscoveryPackage, 814 LOCATION_PERMISSIONS, true, userId); 815 } 816 817 // Ringtone Picker 818 Intent ringtonePickerIntent = new Intent(RingtoneManager.ACTION_RINGTONE_PICKER); 819 PackageParser.Package ringtonePickerPackage = 820 getDefaultSystemHandlerActivityPackage(ringtonePickerIntent, userId); 821 if (ringtonePickerPackage != null 822 && doesPackageSupportRuntimePermissions(ringtonePickerPackage)) { 823 grantRuntimePermissions(ringtonePickerPackage, 824 STORAGE_PERMISSIONS, true, userId); 825 } 826 827 if (mPermissionGrantedCallback != null) { 828 mPermissionGrantedCallback.onDefaultRuntimePermissionsGranted(userId); 829 } 830 } 831 832 private void grantDefaultPermissionsToDefaultSystemDialerApp( 833 PackageParser.Package dialerPackage, int userId) { 834 if (doesPackageSupportRuntimePermissions(dialerPackage)) { 835 boolean isPhonePermFixed = 836 mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0); 837 grantRuntimePermissions( 838 dialerPackage, PHONE_PERMISSIONS, isPhonePermFixed, userId); 839 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, userId); 840 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, userId); 841 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, userId); 842 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, userId); 843 } 844 } 845 846 private void grantDefaultPermissionsToDefaultSystemSmsApp( 847 PackageParser.Package smsPackage, int userId) { 848 if (doesPackageSupportRuntimePermissions(smsPackage)) { 849 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, userId); 850 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, userId); 851 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, userId); 852 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, userId); 853 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, userId); 854 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, userId); 855 } 856 } 857 858 private void grantDefaultPermissionsToDefaultSystemUseOpenWifiApp( 859 PackageParser.Package useOpenWifiPackage, int userId) { 860 if (doesPackageSupportRuntimePermissions(useOpenWifiPackage)) { 861 grantRuntimePermissions(useOpenWifiPackage, COARSE_LOCATION_PERMISSIONS, userId); 862 } 863 } 864 865 public void grantDefaultPermissionsToDefaultSmsApp(String packageName, int userId) { 866 Log.i(TAG, "Granting permissions to default sms app for user:" + userId); 867 if (packageName == null) { 868 return; 869 } 870 PackageParser.Package smsPackage = getPackage(packageName); 871 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) { 872 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, false, true, userId); 873 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, false, true, userId); 874 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, false, true, userId); 875 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, false, true, userId); 876 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, false, true, userId); 877 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, false, true, userId); 878 } 879 } 880 881 public void grantDefaultPermissionsToDefaultDialerApp(String packageName, int userId) { 882 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId); 883 if (packageName == null) { 884 return; 885 } 886 PackageParser.Package dialerPackage = getPackage(packageName); 887 if (dialerPackage != null 888 && doesPackageSupportRuntimePermissions(dialerPackage)) { 889 grantRuntimePermissions(dialerPackage, PHONE_PERMISSIONS, false, true, userId); 890 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, false, true, userId); 891 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, false, true, userId); 892 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, false, true, userId); 893 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, false, true, userId); 894 } 895 } 896 897 public void grantDefaultPermissionsToDefaultUseOpenWifiApp(String packageName, int userId) { 898 Log.i(TAG, "Granting permissions to default Use Open WiFi app for user:" + userId); 899 if (packageName == null) { 900 return; 901 } 902 PackageParser.Package useOpenWifiPackage = getPackage(packageName); 903 if (useOpenWifiPackage != null 904 && doesPackageSupportRuntimePermissions(useOpenWifiPackage)) { 905 grantRuntimePermissions( 906 useOpenWifiPackage, COARSE_LOCATION_PERMISSIONS, false, true, userId); 907 } 908 } 909 910 private void grantDefaultPermissionsToDefaultSimCallManager( 911 PackageParser.Package simCallManagerPackage, int userId) { 912 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId); 913 if (doesPackageSupportRuntimePermissions(simCallManagerPackage)) { 914 grantRuntimePermissions(simCallManagerPackage, PHONE_PERMISSIONS, userId); 915 grantRuntimePermissions(simCallManagerPackage, MICROPHONE_PERMISSIONS, userId); 916 } 917 } 918 919 public void grantDefaultPermissionsToDefaultSimCallManager(String packageName, int userId) { 920 if (packageName == null) { 921 return; 922 } 923 PackageParser.Package simCallManagerPackage = getPackage(packageName); 924 if (simCallManagerPackage != null) { 925 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage, userId); 926 } 927 } 928 929 public void grantDefaultPermissionsToEnabledCarrierApps(String[] packageNames, int userId) { 930 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId); 931 if (packageNames == null) { 932 return; 933 } 934 for (String packageName : packageNames) { 935 PackageParser.Package carrierPackage = getSystemPackage(packageName); 936 if (carrierPackage != null 937 && doesPackageSupportRuntimePermissions(carrierPackage)) { 938 grantRuntimePermissions(carrierPackage, PHONE_PERMISSIONS, userId); 939 grantRuntimePermissions(carrierPackage, LOCATION_PERMISSIONS, userId); 940 grantRuntimePermissions(carrierPackage, SMS_PERMISSIONS, userId); 941 } 942 } 943 } 944 945 public void grantDefaultPermissionsToEnabledImsServices(String[] packageNames, int userId) { 946 Log.i(TAG, "Granting permissions to enabled ImsServices for user:" + userId); 947 if (packageNames == null) { 948 return; 949 } 950 for (String packageName : packageNames) { 951 PackageParser.Package imsServicePackage = getSystemPackage(packageName); 952 if (imsServicePackage != null 953 && doesPackageSupportRuntimePermissions(imsServicePackage)) { 954 grantRuntimePermissions(imsServicePackage, PHONE_PERMISSIONS, userId); 955 grantRuntimePermissions(imsServicePackage, MICROPHONE_PERMISSIONS, userId); 956 grantRuntimePermissions(imsServicePackage, LOCATION_PERMISSIONS, userId); 957 grantRuntimePermissions(imsServicePackage, CAMERA_PERMISSIONS, userId); 958 } 959 } 960 } 961 962 public void grantDefaultPermissionsToDefaultBrowser(String packageName, int userId) { 963 Log.i(TAG, "Granting permissions to default browser for user:" + userId); 964 if (packageName == null) { 965 return; 966 } 967 PackageParser.Package browserPackage = getSystemPackage(packageName); 968 if (browserPackage != null 969 && doesPackageSupportRuntimePermissions(browserPackage)) { 970 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, false, false, userId); 971 } 972 } 973 974 private PackageParser.Package getDefaultSystemHandlerActivityPackage( 975 Intent intent, int userId) { 976 ResolveInfo handler = mServiceInternal.resolveIntent(intent, 977 intent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS, userId, false); 978 if (handler == null || handler.activityInfo == null) { 979 return null; 980 } 981 if (mServiceInternal.isResolveActivityComponent(handler.activityInfo)) { 982 return null; 983 } 984 return getSystemPackage(handler.activityInfo.packageName); 985 } 986 987 private PackageParser.Package getDefaultSystemHandlerServicePackage( 988 Intent intent, int userId) { 989 List<ResolveInfo> handlers = mServiceInternal.queryIntentServices( 990 intent, DEFAULT_FLAGS, Binder.getCallingUid(), userId); 991 if (handlers == null) { 992 return null; 993 } 994 final int handlerCount = handlers.size(); 995 for (int i = 0; i < handlerCount; i++) { 996 ResolveInfo handler = handlers.get(i); 997 PackageParser.Package handlerPackage = getSystemPackage( 998 handler.serviceInfo.packageName); 999 if (handlerPackage != null) { 1000 return handlerPackage; 1001 } 1002 } 1003 return null; 1004 } 1005 1006 private List<PackageParser.Package> getHeadlessSyncAdapterPackages( 1007 String[] syncAdapterPackageNames, int userId) { 1008 List<PackageParser.Package> syncAdapterPackages = new ArrayList<>(); 1009 1010 Intent homeIntent = new Intent(Intent.ACTION_MAIN); 1011 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER); 1012 1013 for (String syncAdapterPackageName : syncAdapterPackageNames) { 1014 homeIntent.setPackage(syncAdapterPackageName); 1015 1016 ResolveInfo homeActivity = mServiceInternal.resolveIntent(homeIntent, 1017 homeIntent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS, 1018 userId, false); 1019 if (homeActivity != null) { 1020 continue; 1021 } 1022 1023 PackageParser.Package syncAdapterPackage = getSystemPackage(syncAdapterPackageName); 1024 if (syncAdapterPackage != null) { 1025 syncAdapterPackages.add(syncAdapterPackage); 1026 } 1027 } 1028 1029 return syncAdapterPackages; 1030 } 1031 1032 private PackageParser.Package getDefaultProviderAuthorityPackage( 1033 String authority, int userId) { 1034 ProviderInfo provider = 1035 mServiceInternal.resolveContentProvider(authority, DEFAULT_FLAGS, userId); 1036 if (provider != null) { 1037 return getSystemPackage(provider.packageName); 1038 } 1039 return null; 1040 } 1041 1042 private PackageParser.Package getPackage(String packageName) { 1043 return mServiceInternal.getPackage(packageName); 1044 } 1045 1046 private PackageParser.Package getSystemPackage(String packageName) { 1047 PackageParser.Package pkg = getPackage(packageName); 1048 if (pkg != null && pkg.isSystem()) { 1049 return !isSysComponentOrPersistentPlatformSignedPrivApp(pkg) ? pkg : null; 1050 } 1051 return null; 1052 } 1053 1054 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions, 1055 int userId) { 1056 grantRuntimePermissions(pkg, permissions, false, false, userId); 1057 } 1058 1059 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions, 1060 boolean systemFixed, int userId) { 1061 grantRuntimePermissions(pkg, permissions, systemFixed, false, userId); 1062 } 1063 1064 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions, 1065 boolean systemFixed, boolean ignoreSystemPackage, int userId) { 1066 if (pkg.requestedPermissions.isEmpty()) { 1067 return; 1068 } 1069 1070 List<String> requestedPermissions = pkg.requestedPermissions; 1071 Set<String> grantablePermissions = null; 1072 1073 // In some cases, like for the Phone or SMS app, we grant permissions regardless 1074 // of if the version on the system image declares the permission as used since 1075 // selecting the app as the default for that function the user makes a deliberate 1076 // choice to grant this app the permissions needed to function. For all other 1077 // apps, (default grants on first boot and user creation) we don't grant default 1078 // permissions if the version on the system image does not declare them. 1079 if (!ignoreSystemPackage && pkg.isUpdatedSystemApp()) { 1080 final PackageParser.Package disabledPkg = 1081 mServiceInternal.getDisabledPackage(pkg.packageName); 1082 if (disabledPkg != null) { 1083 if (disabledPkg.requestedPermissions.isEmpty()) { 1084 return; 1085 } 1086 if (!requestedPermissions.equals(disabledPkg.requestedPermissions)) { 1087 grantablePermissions = new ArraySet<>(requestedPermissions); 1088 requestedPermissions = disabledPkg.requestedPermissions; 1089 } 1090 } 1091 } 1092 1093 final int grantablePermissionCount = requestedPermissions.size(); 1094 for (int i = 0; i < grantablePermissionCount; i++) { 1095 String permission = requestedPermissions.get(i); 1096 1097 // If there is a disabled system app it may request a permission the updated 1098 // version ot the data partition doesn't, In this case skip the permission. 1099 if (grantablePermissions != null && !grantablePermissions.contains(permission)) { 1100 continue; 1101 } 1102 1103 if (permissions.contains(permission)) { 1104 final int flags = mServiceInternal.getPermissionFlagsTEMP( 1105 permission, pkg.packageName, userId); 1106 1107 // If any flags are set to the permission, then it is either set in 1108 // its current state by the system or device/profile owner or the user. 1109 // In all these cases we do not want to clobber the current state. 1110 // Unless the caller wants to override user choices. The override is 1111 // to make sure we can grant the needed permission to the default 1112 // sms and phone apps after the user chooses this in the UI. 1113 if (flags == 0 || ignoreSystemPackage) { 1114 // Never clobber policy or system. 1115 final int fixedFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED 1116 | PackageManager.FLAG_PERMISSION_POLICY_FIXED; 1117 if ((flags & fixedFlags) != 0) { 1118 continue; 1119 } 1120 1121 mServiceInternal.grantRuntimePermission( 1122 pkg.packageName, permission, userId, false); 1123 if (DEBUG) { 1124 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ") 1125 + permission + " to default handler " + pkg.packageName); 1126 } 1127 1128 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT; 1129 if (systemFixed) { 1130 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; 1131 } 1132 1133 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName, 1134 newFlags, newFlags, userId); 1135 } 1136 1137 // If a component gets a permission for being the default handler A 1138 // and also default handler B, we grant the weaker grant form. 1139 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0 1140 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 1141 && !systemFixed) { 1142 if (DEBUG) { 1143 Log.i(TAG, "Granted not fixed " + permission + " to default handler " 1144 + pkg.packageName); 1145 } 1146 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName, 1147 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, userId); 1148 } 1149 } 1150 } 1151 } 1152 1153 private boolean isSysComponentOrPersistentPlatformSignedPrivApp(PackageParser.Package pkg) { 1154 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) { 1155 return true; 1156 } 1157 if (!pkg.isPrivileged()) { 1158 return false; 1159 } 1160 final PackageParser.Package disabledPkg = 1161 mServiceInternal.getDisabledPackage(pkg.packageName); 1162 if (disabledPkg != null) { 1163 if ((disabledPkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 1164 return false; 1165 } 1166 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 1167 return false; 1168 } 1169 final String systemPackageName = mServiceInternal.getKnownPackageName( 1170 PackageManagerInternal.PACKAGE_SYSTEM, UserHandle.USER_SYSTEM); 1171 final PackageParser.Package systemPackage = getPackage(systemPackageName); 1172 return compareSignatures(systemPackage.mSignatures, pkg.mSignatures) 1173 == PackageManager.SIGNATURE_MATCH; 1174 } 1175 1176 private void grantDefaultPermissionExceptions(int userId) { 1177 mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS); 1178 1179 synchronized (mLock) { 1180 // mGrantExceptions is null only before the first read and then 1181 // it serves as a cache of the default grants that should be 1182 // performed for every user. If there is an entry then the app 1183 // is on the system image and supports runtime permissions. 1184 if (mGrantExceptions == null) { 1185 mGrantExceptions = readDefaultPermissionExceptionsLocked(); 1186 } 1187 } 1188 1189 Set<String> permissions = null; 1190 final int exceptionCount = mGrantExceptions.size(); 1191 for (int i = 0; i < exceptionCount; i++) { 1192 String packageName = mGrantExceptions.keyAt(i); 1193 PackageParser.Package pkg = getSystemPackage(packageName); 1194 List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i); 1195 final int permissionGrantCount = permissionGrants.size(); 1196 for (int j = 0; j < permissionGrantCount; j++) { 1197 DefaultPermissionGrant permissionGrant = permissionGrants.get(j); 1198 if (permissions == null) { 1199 permissions = new ArraySet<>(); 1200 } else { 1201 permissions.clear(); 1202 } 1203 permissions.add(permissionGrant.name); 1204 grantRuntimePermissions(pkg, permissions, 1205 permissionGrant.fixed, userId); 1206 } 1207 } 1208 } 1209 1210 private File[] getDefaultPermissionFiles() { 1211 ArrayList<File> ret = new ArrayList<File>(); 1212 File dir = new File(Environment.getRootDirectory(), "etc/default-permissions"); 1213 if (dir.isDirectory() && dir.canRead()) { 1214 Collections.addAll(ret, dir.listFiles()); 1215 } 1216 dir = new File(Environment.getVendorDirectory(), "etc/default-permissions"); 1217 if (dir.isDirectory() && dir.canRead()) { 1218 Collections.addAll(ret, dir.listFiles()); 1219 } 1220 return ret.isEmpty() ? null : ret.toArray(new File[0]); 1221 } 1222 1223 private @NonNull ArrayMap<String, List<DefaultPermissionGrant>> 1224 readDefaultPermissionExceptionsLocked() { 1225 File[] files = getDefaultPermissionFiles(); 1226 if (files == null) { 1227 return new ArrayMap<>(0); 1228 } 1229 1230 ArrayMap<String, List<DefaultPermissionGrant>> grantExceptions = new ArrayMap<>(); 1231 1232 // Iterate over the files in the directory and scan .xml files 1233 for (File file : files) { 1234 if (!file.getPath().endsWith(".xml")) { 1235 Slog.i(TAG, "Non-xml file " + file 1236 + " in " + file.getParent() + " directory, ignoring"); 1237 continue; 1238 } 1239 if (!file.canRead()) { 1240 Slog.w(TAG, "Default permissions file " + file + " cannot be read"); 1241 continue; 1242 } 1243 try ( 1244 InputStream str = new BufferedInputStream(new FileInputStream(file)) 1245 ) { 1246 XmlPullParser parser = Xml.newPullParser(); 1247 parser.setInput(str, null); 1248 parse(parser, grantExceptions); 1249 } catch (XmlPullParserException | IOException e) { 1250 Slog.w(TAG, "Error reading default permissions file " + file, e); 1251 } 1252 } 1253 1254 return grantExceptions; 1255 } 1256 1257 private void parse(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>> 1258 outGrantExceptions) throws IOException, XmlPullParserException { 1259 final int outerDepth = parser.getDepth(); 1260 int type; 1261 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1262 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1263 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1264 continue; 1265 } 1266 if (TAG_EXCEPTIONS.equals(parser.getName())) { 1267 parseExceptions(parser, outGrantExceptions); 1268 } else { 1269 Log.e(TAG, "Unknown tag " + parser.getName()); 1270 } 1271 } 1272 } 1273 1274 private void parseExceptions(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>> 1275 outGrantExceptions) throws IOException, XmlPullParserException { 1276 final int outerDepth = parser.getDepth(); 1277 int type; 1278 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1279 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1280 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1281 continue; 1282 } 1283 if (TAG_EXCEPTION.equals(parser.getName())) { 1284 String packageName = parser.getAttributeValue(null, ATTR_PACKAGE); 1285 1286 List<DefaultPermissionGrant> packageExceptions = 1287 outGrantExceptions.get(packageName); 1288 if (packageExceptions == null) { 1289 // The package must be on the system image 1290 PackageParser.Package pkg = getSystemPackage(packageName); 1291 if (pkg == null) { 1292 Log.w(TAG, "Unknown package:" + packageName); 1293 XmlUtils.skipCurrentTag(parser); 1294 continue; 1295 } 1296 1297 // The package must support runtime permissions 1298 if (!doesPackageSupportRuntimePermissions(pkg)) { 1299 Log.w(TAG, "Skipping non supporting runtime permissions package:" 1300 + packageName); 1301 XmlUtils.skipCurrentTag(parser); 1302 continue; 1303 } 1304 packageExceptions = new ArrayList<>(); 1305 outGrantExceptions.put(packageName, packageExceptions); 1306 } 1307 1308 parsePermission(parser, packageExceptions); 1309 } else { 1310 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exceptions>"); 1311 } 1312 } 1313 } 1314 1315 private void parsePermission(XmlPullParser parser, List<DefaultPermissionGrant> 1316 outPackageExceptions) throws IOException, XmlPullParserException { 1317 final int outerDepth = parser.getDepth(); 1318 int type; 1319 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1320 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1321 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1322 continue; 1323 } 1324 1325 if (TAG_PERMISSION.contains(parser.getName())) { 1326 String name = parser.getAttributeValue(null, ATTR_NAME); 1327 if (name == null) { 1328 Log.w(TAG, "Mandatory name attribute missing for permission tag"); 1329 XmlUtils.skipCurrentTag(parser); 1330 continue; 1331 } 1332 1333 final boolean fixed = XmlUtils.readBooleanAttribute(parser, ATTR_FIXED); 1334 1335 DefaultPermissionGrant exception = new DefaultPermissionGrant(name, fixed); 1336 outPackageExceptions.add(exception); 1337 } else { 1338 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exception>"); 1339 } 1340 } 1341 } 1342 1343 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) { 1344 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1; 1345 } 1346 1347 private static final class DefaultPermissionGrant { 1348 final String name; 1349 final boolean fixed; 1350 1351 public DefaultPermissionGrant(String name, boolean fixed) { 1352 this.name = name; 1353 this.fixed = fixed; 1354 } 1355 } 1356} 1357