DefaultPermissionGrantPolicy.java revision 76ad1a3c212d09a2c843c1d845c20a4ec5bfd6e4
1/* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package com.android.server.pm.permission; 18 19import static android.os.Process.FIRST_APPLICATION_UID; 20 21import android.Manifest; 22import android.annotation.NonNull; 23import android.annotation.Nullable; 24import android.app.ActivityManager; 25import android.app.DownloadManager; 26import android.app.admin.DevicePolicyManager; 27import android.companion.CompanionDeviceManager; 28import android.content.ComponentName; 29import android.content.Context; 30import android.content.Intent; 31import android.content.pm.ApplicationInfo; 32import android.content.pm.PackageList; 33import android.content.pm.PackageManager; 34import android.content.pm.PackageManagerInternal; 35import android.content.pm.PackageManagerInternal.PackagesProvider; 36import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider; 37import android.content.pm.PackageParser; 38import android.content.pm.ProviderInfo; 39import android.content.pm.ResolveInfo; 40import android.media.RingtoneManager; 41import android.net.Uri; 42import android.os.Binder; 43import android.os.Build; 44import android.os.Environment; 45import android.os.Handler; 46import android.os.Looper; 47import android.os.Message; 48import android.os.UserHandle; 49import android.os.storage.StorageManager; 50import android.print.PrintManager; 51import android.provider.CalendarContract; 52import android.provider.ContactsContract; 53import android.provider.MediaStore; 54import android.provider.Telephony.Sms.Intents; 55import android.security.Credentials; 56import android.service.textclassifier.TextClassifierService; 57import android.telephony.TelephonyManager; 58import android.text.TextUtils; 59import android.util.ArrayMap; 60import android.util.ArraySet; 61import android.util.Log; 62import android.util.Slog; 63import android.util.Xml; 64 65import com.android.internal.util.XmlUtils; 66import com.android.server.LocalServices; 67import com.android.server.pm.PackageManagerService; 68 69import org.xmlpull.v1.XmlPullParser; 70import org.xmlpull.v1.XmlPullParserException; 71 72import java.io.BufferedInputStream; 73import java.io.File; 74import java.io.FileInputStream; 75import java.io.IOException; 76import java.io.InputStream; 77import java.util.ArrayList; 78import java.util.Collections; 79import java.util.List; 80import java.util.Map; 81import java.util.Set; 82 83/** 84 * This class is the policy for granting runtime permissions to 85 * platform components and default handlers in the system such 86 * that the device is usable out-of-the-box. For example, the 87 * shell UID is a part of the system and the Phone app should 88 * have phone related permission by default. 89 * <p> 90 * NOTE: This class is at the wrong abstraction level. It is a part of the package manager 91 * service but knows about lots of higher level subsystems. The correct way to do this is 92 * to have an interface defined in the package manager but have the impl next to other 93 * policy stuff like PhoneWindowManager 94 */ 95public final class DefaultPermissionGrantPolicy { 96 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars 97 private static final boolean DEBUG = false; 98 99 private static final int DEFAULT_FLAGS = 100 PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE 101 | PackageManager.MATCH_UNINSTALLED_PACKAGES; 102 103 private static final String AUDIO_MIME_TYPE = "audio/mpeg"; 104 105 private static final String TAG_EXCEPTIONS = "exceptions"; 106 private static final String TAG_EXCEPTION = "exception"; 107 private static final String TAG_PERMISSION = "permission"; 108 private static final String ATTR_PACKAGE = "package"; 109 private static final String ATTR_NAME = "name"; 110 private static final String ATTR_FIXED = "fixed"; 111 112 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>(); 113 static { 114 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE); 115 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE); 116 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG); 117 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG); 118 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL); 119 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP); 120 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS); 121 } 122 123 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>(); 124 static { 125 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS); 126 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS); 127 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS); 128 } 129 130 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>(); 131 static { 132 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION); 133 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION); 134 } 135 136 private static final Set<String> COARSE_LOCATION_PERMISSIONS = new ArraySet<>(); 137 static { 138 COARSE_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION); 139 } 140 141 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>(); 142 static { 143 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR); 144 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR); 145 } 146 147 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>(); 148 static { 149 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS); 150 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS); 151 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS); 152 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH); 153 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS); 154 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS); 155 } 156 157 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>(); 158 static { 159 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO); 160 } 161 162 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>(); 163 static { 164 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA); 165 } 166 167 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>(); 168 static { 169 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS); 170 } 171 172 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>(); 173 static { 174 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE); 175 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE); 176 } 177 178 private static final int MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS = 1; 179 180 private static final String ACTION_TRACK = "com.android.fitness.TRACK"; 181 182 private final Handler mHandler; 183 184 private PackagesProvider mLocationPackagesProvider; 185 private PackagesProvider mVoiceInteractionPackagesProvider; 186 private PackagesProvider mSmsAppPackagesProvider; 187 private PackagesProvider mDialerAppPackagesProvider; 188 private PackagesProvider mSimCallManagerPackagesProvider; 189 private PackagesProvider mUseOpenWifiAppPackagesProvider; 190 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider; 191 192 private ArrayMap<String, List<DefaultPermissionGrant>> mGrantExceptions; 193 private final Context mContext; 194 private final Object mLock = new Object(); 195 private final PackageManagerInternal mServiceInternal; 196 private final PermissionManagerService mPermissionManager; 197 private final DefaultPermissionGrantedCallback mPermissionGrantedCallback; 198 public interface DefaultPermissionGrantedCallback { 199 /** Callback when permissions have been granted */ 200 public void onDefaultRuntimePermissionsGranted(int userId); 201 } 202 203 public DefaultPermissionGrantPolicy(Context context, Looper looper, 204 @Nullable DefaultPermissionGrantedCallback callback, 205 @NonNull PermissionManagerService permissionManager) { 206 mContext = context; 207 mHandler = new Handler(looper) { 208 @Override 209 public void handleMessage(Message msg) { 210 if (msg.what == MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS) { 211 synchronized (mLock) { 212 if (mGrantExceptions == null) { 213 mGrantExceptions = readDefaultPermissionExceptionsLocked(); 214 } 215 } 216 } 217 } 218 }; 219 mPermissionGrantedCallback = callback; 220 mPermissionManager = permissionManager; 221 mServiceInternal = LocalServices.getService(PackageManagerInternal.class); 222 } 223 224 public void setLocationPackagesProvider(PackagesProvider provider) { 225 synchronized (mLock) { 226 mLocationPackagesProvider = provider; 227 } 228 } 229 230 public void setVoiceInteractionPackagesProvider(PackagesProvider provider) { 231 synchronized (mLock) { 232 mVoiceInteractionPackagesProvider = provider; 233 } 234 } 235 236 public void setSmsAppPackagesProvider(PackagesProvider provider) { 237 synchronized (mLock) { 238 mSmsAppPackagesProvider = provider; 239 } 240 } 241 242 public void setDialerAppPackagesProvider(PackagesProvider provider) { 243 synchronized (mLock) { 244 mDialerAppPackagesProvider = provider; 245 } 246 } 247 248 public void setSimCallManagerPackagesProvider(PackagesProvider provider) { 249 synchronized (mLock) { 250 mSimCallManagerPackagesProvider = provider; 251 } 252 } 253 254 public void setUseOpenWifiAppPackagesProvider(PackagesProvider provider) { 255 synchronized (mLock) { 256 mUseOpenWifiAppPackagesProvider = provider; 257 } 258 } 259 260 public void setSyncAdapterPackagesProvider(SyncAdapterPackagesProvider provider) { 261 synchronized (mLock) { 262 mSyncAdapterPackagesProvider = provider; 263 } 264 } 265 266 public void grantDefaultPermissions(int userId) { 267 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) { 268 grantAllRuntimePermissions(userId); 269 } else { 270 grantPermissionsToSysComponentsAndPrivApps(userId); 271 grantDefaultSystemHandlerPermissions(userId); 272 grantDefaultPermissionExceptions(userId); 273 } 274 } 275 276 private void grantRuntimePermissionsForPackage(int userId, PackageParser.Package pkg) { 277 Set<String> permissions = new ArraySet<>(); 278 for (String permission : pkg.requestedPermissions) { 279 final BasePermission bp = mPermissionManager.getPermission(permission); 280 if (bp == null) { 281 continue; 282 } 283 if (bp.isRuntime()) { 284 permissions.add(permission); 285 } 286 } 287 if (!permissions.isEmpty()) { 288 grantRuntimePermissions(pkg, permissions, true, userId); 289 } 290 } 291 292 private void grantAllRuntimePermissions(int userId) { 293 Log.i(TAG, "Granting all runtime permissions for user " + userId); 294 final PackageList packageList = mServiceInternal.getPackageList(); 295 for (String packageName : packageList.getPackageNames()) { 296 final PackageParser.Package pkg = mServiceInternal.getPackage(packageName); 297 if (pkg == null) { 298 continue; 299 } 300 grantRuntimePermissionsForPackage(userId, pkg); 301 } 302 } 303 304 public void scheduleReadDefaultPermissionExceptions() { 305 mHandler.sendEmptyMessage(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS); 306 } 307 308 private void grantPermissionsToSysComponentsAndPrivApps(int userId) { 309 Log.i(TAG, "Granting permissions to platform components for user " + userId); 310 final PackageList packageList = mServiceInternal.getPackageList(); 311 for (String packageName : packageList.getPackageNames()) { 312 final PackageParser.Package pkg = mServiceInternal.getPackage(packageName); 313 if (pkg == null) { 314 continue; 315 } 316 if (!isSysComponentOrPersistentPlatformSignedPrivApp(pkg) 317 || !doesPackageSupportRuntimePermissions(pkg) 318 || pkg.requestedPermissions.isEmpty()) { 319 continue; 320 } 321 grantRuntimePermissionsForPackage(userId, pkg); 322 } 323 } 324 325 private void grantDefaultSystemHandlerPermissions(int userId) { 326 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId); 327 328 final PackagesProvider locationPackagesProvider; 329 final PackagesProvider voiceInteractionPackagesProvider; 330 final PackagesProvider smsAppPackagesProvider; 331 final PackagesProvider dialerAppPackagesProvider; 332 final PackagesProvider simCallManagerPackagesProvider; 333 final PackagesProvider useOpenWifiAppPackagesProvider; 334 final SyncAdapterPackagesProvider syncAdapterPackagesProvider; 335 336 synchronized (mLock) { 337 locationPackagesProvider = mLocationPackagesProvider; 338 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider; 339 smsAppPackagesProvider = mSmsAppPackagesProvider; 340 dialerAppPackagesProvider = mDialerAppPackagesProvider; 341 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider; 342 useOpenWifiAppPackagesProvider = mUseOpenWifiAppPackagesProvider; 343 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider; 344 } 345 346 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null) 347 ? voiceInteractionPackagesProvider.getPackages(userId) : null; 348 String[] locationPackageNames = (locationPackagesProvider != null) 349 ? locationPackagesProvider.getPackages(userId) : null; 350 String[] smsAppPackageNames = (smsAppPackagesProvider != null) 351 ? smsAppPackagesProvider.getPackages(userId) : null; 352 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null) 353 ? dialerAppPackagesProvider.getPackages(userId) : null; 354 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null) 355 ? simCallManagerPackagesProvider.getPackages(userId) : null; 356 String[] useOpenWifiAppPackageNames = (useOpenWifiAppPackagesProvider != null) 357 ? useOpenWifiAppPackagesProvider.getPackages(userId) : null; 358 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 359 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null; 360 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 361 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null; 362 363 // Installer 364 final String installerPackageName = mServiceInternal.getKnownPackageName( 365 PackageManagerInternal.PACKAGE_INSTALLER, userId); 366 PackageParser.Package installerPackage = getSystemPackage(installerPackageName); 367 if (installerPackage != null 368 && doesPackageSupportRuntimePermissions(installerPackage)) { 369 grantRuntimePermissions(installerPackage, STORAGE_PERMISSIONS, true, userId); 370 } 371 372 // Verifier 373 final String verifierPackageName = mServiceInternal.getKnownPackageName( 374 PackageManagerInternal.PACKAGE_VERIFIER, userId); 375 PackageParser.Package verifierPackage = getSystemPackage(verifierPackageName); 376 if (verifierPackage != null 377 && doesPackageSupportRuntimePermissions(verifierPackage)) { 378 grantRuntimePermissions(verifierPackage, STORAGE_PERMISSIONS, true, userId); 379 grantRuntimePermissions(verifierPackage, PHONE_PERMISSIONS, false, userId); 380 grantRuntimePermissions(verifierPackage, SMS_PERMISSIONS, false, userId); 381 } 382 383 // SetupWizard 384 final String setupWizardPackageName = mServiceInternal.getKnownPackageName( 385 PackageManagerInternal.PACKAGE_SETUP_WIZARD, userId); 386 PackageParser.Package setupPackage = getSystemPackage(setupWizardPackageName); 387 if (setupPackage != null 388 && doesPackageSupportRuntimePermissions(setupPackage)) { 389 grantRuntimePermissions(setupPackage, PHONE_PERMISSIONS, userId); 390 grantRuntimePermissions(setupPackage, CONTACTS_PERMISSIONS, userId); 391 grantRuntimePermissions(setupPackage, LOCATION_PERMISSIONS, userId); 392 grantRuntimePermissions(setupPackage, CAMERA_PERMISSIONS, userId); 393 } 394 395 // Camera 396 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE); 397 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackage( 398 cameraIntent, userId); 399 if (cameraPackage != null 400 && doesPackageSupportRuntimePermissions(cameraPackage)) { 401 grantRuntimePermissions(cameraPackage, CAMERA_PERMISSIONS, userId); 402 grantRuntimePermissions(cameraPackage, MICROPHONE_PERMISSIONS, userId); 403 grantRuntimePermissions(cameraPackage, STORAGE_PERMISSIONS, userId); 404 } 405 406 // Media provider 407 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackage( 408 MediaStore.AUTHORITY, userId); 409 if (mediaStorePackage != null) { 410 grantRuntimePermissions(mediaStorePackage, STORAGE_PERMISSIONS, true, userId); 411 grantRuntimePermissions(mediaStorePackage, PHONE_PERMISSIONS, true, userId); 412 } 413 414 // Downloads provider 415 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackage( 416 "downloads", userId); 417 if (downloadsPackage != null) { 418 grantRuntimePermissions(downloadsPackage, STORAGE_PERMISSIONS, true, userId); 419 } 420 421 // Downloads UI 422 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS); 423 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackage( 424 downloadsUiIntent, userId); 425 if (downloadsUiPackage != null 426 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) { 427 grantRuntimePermissions(downloadsUiPackage, STORAGE_PERMISSIONS, true, userId); 428 } 429 430 // Storage provider 431 PackageParser.Package storagePackage = getDefaultProviderAuthorityPackage( 432 "com.android.externalstorage.documents", userId); 433 if (storagePackage != null) { 434 grantRuntimePermissions(storagePackage, STORAGE_PERMISSIONS, true, userId); 435 } 436 437 // Container service 438 PackageParser.Package containerPackage = getSystemPackage( 439 PackageManagerService.DEFAULT_CONTAINER_PACKAGE); 440 if (containerPackage != null) { 441 grantRuntimePermissions(containerPackage, STORAGE_PERMISSIONS, true, userId); 442 } 443 444 // CertInstaller 445 Intent certInstallerIntent = new Intent(Credentials.INSTALL_ACTION); 446 PackageParser.Package certInstallerPackage = getDefaultSystemHandlerActivityPackage( 447 certInstallerIntent, userId); 448 if (certInstallerPackage != null 449 && doesPackageSupportRuntimePermissions(certInstallerPackage)) { 450 grantRuntimePermissions(certInstallerPackage, STORAGE_PERMISSIONS, true, userId); 451 } 452 453 // Dialer 454 if (dialerAppPackageNames == null) { 455 Intent dialerIntent = new Intent(Intent.ACTION_DIAL); 456 PackageParser.Package dialerPackage = getDefaultSystemHandlerActivityPackage( 457 dialerIntent, userId); 458 if (dialerPackage != null) { 459 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId); 460 } 461 } else { 462 for (String dialerAppPackageName : dialerAppPackageNames) { 463 PackageParser.Package dialerPackage = getSystemPackage(dialerAppPackageName); 464 if (dialerPackage != null) { 465 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId); 466 } 467 } 468 } 469 470 // Sim call manager 471 if (simCallManagerPackageNames != null) { 472 for (String simCallManagerPackageName : simCallManagerPackageNames) { 473 PackageParser.Package simCallManagerPackage = 474 getSystemPackage(simCallManagerPackageName); 475 if (simCallManagerPackage != null) { 476 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage, 477 userId); 478 } 479 } 480 } 481 482 // Use Open Wifi 483 if (useOpenWifiAppPackageNames != null) { 484 for (String useOpenWifiPackageName : useOpenWifiAppPackageNames) { 485 PackageParser.Package useOpenWifiPackage = 486 getSystemPackage(useOpenWifiPackageName); 487 if (useOpenWifiPackage != null) { 488 grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(useOpenWifiPackage, 489 userId); 490 } 491 } 492 } 493 494 // SMS 495 if (smsAppPackageNames == null) { 496 Intent smsIntent = new Intent(Intent.ACTION_MAIN); 497 smsIntent.addCategory(Intent.CATEGORY_APP_MESSAGING); 498 PackageParser.Package smsPackage = getDefaultSystemHandlerActivityPackage( 499 smsIntent, userId); 500 if (smsPackage != null) { 501 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId); 502 } 503 } else { 504 for (String smsPackageName : smsAppPackageNames) { 505 PackageParser.Package smsPackage = getSystemPackage(smsPackageName); 506 if (smsPackage != null) { 507 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId); 508 } 509 } 510 } 511 512 // Cell Broadcast Receiver 513 Intent cbrIntent = new Intent(Intents.SMS_CB_RECEIVED_ACTION); 514 PackageParser.Package cbrPackage = 515 getDefaultSystemHandlerActivityPackage(cbrIntent, userId); 516 if (cbrPackage != null && doesPackageSupportRuntimePermissions(cbrPackage)) { 517 grantRuntimePermissions(cbrPackage, SMS_PERMISSIONS, userId); 518 } 519 520 // Carrier Provisioning Service 521 Intent carrierProvIntent = new Intent(Intents.SMS_CARRIER_PROVISION_ACTION); 522 PackageParser.Package carrierProvPackage = 523 getDefaultSystemHandlerServicePackage(carrierProvIntent, userId); 524 if (carrierProvPackage != null 525 && doesPackageSupportRuntimePermissions(carrierProvPackage)) { 526 grantRuntimePermissions(carrierProvPackage, SMS_PERMISSIONS, false, userId); 527 } 528 529 // Calendar 530 Intent calendarIntent = new Intent(Intent.ACTION_MAIN); 531 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR); 532 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackage( 533 calendarIntent, userId); 534 if (calendarPackage != null 535 && doesPackageSupportRuntimePermissions(calendarPackage)) { 536 grantRuntimePermissions(calendarPackage, CALENDAR_PERMISSIONS, userId); 537 grantRuntimePermissions(calendarPackage, CONTACTS_PERMISSIONS, userId); 538 } 539 540 // Calendar provider 541 PackageParser.Package calendarProviderPackage = getDefaultProviderAuthorityPackage( 542 CalendarContract.AUTHORITY, userId); 543 if (calendarProviderPackage != null) { 544 grantRuntimePermissions(calendarProviderPackage, CONTACTS_PERMISSIONS, userId); 545 grantRuntimePermissions(calendarProviderPackage, CALENDAR_PERMISSIONS, 546 true, userId); 547 grantRuntimePermissions(calendarProviderPackage, STORAGE_PERMISSIONS, userId); 548 } 549 550 // Calendar provider sync adapters 551 List<PackageParser.Package> calendarSyncAdapters = getHeadlessSyncAdapterPackages( 552 calendarSyncAdapterPackages, userId); 553 final int calendarSyncAdapterCount = calendarSyncAdapters.size(); 554 for (int i = 0; i < calendarSyncAdapterCount; i++) { 555 PackageParser.Package calendarSyncAdapter = calendarSyncAdapters.get(i); 556 if (doesPackageSupportRuntimePermissions(calendarSyncAdapter)) { 557 grantRuntimePermissions(calendarSyncAdapter, CALENDAR_PERMISSIONS, userId); 558 } 559 } 560 561 // Contacts 562 Intent contactsIntent = new Intent(Intent.ACTION_MAIN); 563 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS); 564 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackage( 565 contactsIntent, userId); 566 if (contactsPackage != null 567 && doesPackageSupportRuntimePermissions(contactsPackage)) { 568 grantRuntimePermissions(contactsPackage, CONTACTS_PERMISSIONS, userId); 569 grantRuntimePermissions(contactsPackage, PHONE_PERMISSIONS, userId); 570 } 571 572 // Contacts provider sync adapters 573 List<PackageParser.Package> contactsSyncAdapters = getHeadlessSyncAdapterPackages( 574 contactsSyncAdapterPackages, userId); 575 final int contactsSyncAdapterCount = contactsSyncAdapters.size(); 576 for (int i = 0; i < contactsSyncAdapterCount; i++) { 577 PackageParser.Package contactsSyncAdapter = contactsSyncAdapters.get(i); 578 if (doesPackageSupportRuntimePermissions(contactsSyncAdapter)) { 579 grantRuntimePermissions(contactsSyncAdapter, CONTACTS_PERMISSIONS, userId); 580 } 581 } 582 583 // Contacts provider 584 PackageParser.Package contactsProviderPackage = getDefaultProviderAuthorityPackage( 585 ContactsContract.AUTHORITY, userId); 586 if (contactsProviderPackage != null) { 587 grantRuntimePermissions(contactsProviderPackage, CONTACTS_PERMISSIONS, 588 true, userId); 589 grantRuntimePermissions(contactsProviderPackage, PHONE_PERMISSIONS, 590 true, userId); 591 grantRuntimePermissions(contactsProviderPackage, STORAGE_PERMISSIONS, userId); 592 } 593 594 // Device provisioning 595 Intent deviceProvisionIntent = new Intent( 596 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE); 597 PackageParser.Package deviceProvisionPackage = 598 getDefaultSystemHandlerActivityPackage(deviceProvisionIntent, userId); 599 if (deviceProvisionPackage != null 600 && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) { 601 grantRuntimePermissions(deviceProvisionPackage, CONTACTS_PERMISSIONS, userId); 602 } 603 604 // Maps 605 Intent mapsIntent = new Intent(Intent.ACTION_MAIN); 606 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS); 607 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackage( 608 mapsIntent, userId); 609 if (mapsPackage != null 610 && doesPackageSupportRuntimePermissions(mapsPackage)) { 611 grantRuntimePermissions(mapsPackage, LOCATION_PERMISSIONS, userId); 612 } 613 614 // Gallery 615 Intent galleryIntent = new Intent(Intent.ACTION_MAIN); 616 galleryIntent.addCategory(Intent.CATEGORY_APP_GALLERY); 617 PackageParser.Package galleryPackage = getDefaultSystemHandlerActivityPackage( 618 galleryIntent, userId); 619 if (galleryPackage != null 620 && doesPackageSupportRuntimePermissions(galleryPackage)) { 621 grantRuntimePermissions(galleryPackage, STORAGE_PERMISSIONS, userId); 622 } 623 624 // Email 625 Intent emailIntent = new Intent(Intent.ACTION_MAIN); 626 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL); 627 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackage( 628 emailIntent, userId); 629 if (emailPackage != null 630 && doesPackageSupportRuntimePermissions(emailPackage)) { 631 grantRuntimePermissions(emailPackage, CONTACTS_PERMISSIONS, userId); 632 grantRuntimePermissions(emailPackage, CALENDAR_PERMISSIONS, userId); 633 } 634 635 // Browser 636 PackageParser.Package browserPackage = null; 637 String defaultBrowserPackage = mServiceInternal.getKnownPackageName( 638 PackageManagerInternal.PACKAGE_BROWSER, userId); 639 if (defaultBrowserPackage != null) { 640 browserPackage = getPackage(defaultBrowserPackage); 641 } 642 if (browserPackage == null) { 643 Intent browserIntent = new Intent(Intent.ACTION_MAIN); 644 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER); 645 browserPackage = getDefaultSystemHandlerActivityPackage( 646 browserIntent, userId); 647 } 648 if (browserPackage != null 649 && doesPackageSupportRuntimePermissions(browserPackage)) { 650 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, userId); 651 } 652 653 // Voice interaction 654 if (voiceInteractPackageNames != null) { 655 for (String voiceInteractPackageName : voiceInteractPackageNames) { 656 PackageParser.Package voiceInteractPackage = getSystemPackage( 657 voiceInteractPackageName); 658 if (voiceInteractPackage != null 659 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) { 660 grantRuntimePermissions(voiceInteractPackage, 661 CONTACTS_PERMISSIONS, userId); 662 grantRuntimePermissions(voiceInteractPackage, 663 CALENDAR_PERMISSIONS, userId); 664 grantRuntimePermissions(voiceInteractPackage, 665 MICROPHONE_PERMISSIONS, userId); 666 grantRuntimePermissions(voiceInteractPackage, 667 PHONE_PERMISSIONS, userId); 668 grantRuntimePermissions(voiceInteractPackage, 669 SMS_PERMISSIONS, userId); 670 grantRuntimePermissions(voiceInteractPackage, 671 LOCATION_PERMISSIONS, userId); 672 } 673 } 674 } 675 676 if (ActivityManager.isLowRamDeviceStatic()) { 677 // Allow voice search on low-ram devices 678 Intent globalSearchIntent = new Intent("android.search.action.GLOBAL_SEARCH"); 679 PackageParser.Package globalSearchPickerPackage = 680 getDefaultSystemHandlerActivityPackage(globalSearchIntent, userId); 681 682 if (globalSearchPickerPackage != null 683 && doesPackageSupportRuntimePermissions(globalSearchPickerPackage)) { 684 grantRuntimePermissions(globalSearchPickerPackage, 685 MICROPHONE_PERMISSIONS, false, userId); 686 grantRuntimePermissions(globalSearchPickerPackage, 687 LOCATION_PERMISSIONS, false, userId); 688 } 689 } 690 691 // Voice recognition 692 Intent voiceRecoIntent = new Intent("android.speech.RecognitionService"); 693 voiceRecoIntent.addCategory(Intent.CATEGORY_DEFAULT); 694 PackageParser.Package voiceRecoPackage = getDefaultSystemHandlerServicePackage( 695 voiceRecoIntent, userId); 696 if (voiceRecoPackage != null 697 && doesPackageSupportRuntimePermissions(voiceRecoPackage)) { 698 grantRuntimePermissions(voiceRecoPackage, MICROPHONE_PERMISSIONS, userId); 699 } 700 701 // Location 702 if (locationPackageNames != null) { 703 for (String packageName : locationPackageNames) { 704 PackageParser.Package locationPackage = getSystemPackage(packageName); 705 if (locationPackage != null 706 && doesPackageSupportRuntimePermissions(locationPackage)) { 707 grantRuntimePermissions(locationPackage, CONTACTS_PERMISSIONS, userId); 708 grantRuntimePermissions(locationPackage, CALENDAR_PERMISSIONS, userId); 709 grantRuntimePermissions(locationPackage, MICROPHONE_PERMISSIONS, userId); 710 grantRuntimePermissions(locationPackage, PHONE_PERMISSIONS, userId); 711 grantRuntimePermissions(locationPackage, SMS_PERMISSIONS, userId); 712 grantRuntimePermissions(locationPackage, LOCATION_PERMISSIONS, 713 true, userId); 714 grantRuntimePermissions(locationPackage, CAMERA_PERMISSIONS, userId); 715 grantRuntimePermissions(locationPackage, SENSORS_PERMISSIONS, userId); 716 grantRuntimePermissions(locationPackage, STORAGE_PERMISSIONS, userId); 717 } 718 } 719 } 720 721 // Music 722 Intent musicIntent = new Intent(Intent.ACTION_VIEW); 723 musicIntent.addCategory(Intent.CATEGORY_DEFAULT); 724 musicIntent.setDataAndType(Uri.fromFile(new File("foo.mp3")), 725 AUDIO_MIME_TYPE); 726 PackageParser.Package musicPackage = getDefaultSystemHandlerActivityPackage( 727 musicIntent, userId); 728 if (musicPackage != null 729 && doesPackageSupportRuntimePermissions(musicPackage)) { 730 grantRuntimePermissions(musicPackage, STORAGE_PERMISSIONS, userId); 731 } 732 733 // Home 734 Intent homeIntent = new Intent(Intent.ACTION_MAIN); 735 homeIntent.addCategory(Intent.CATEGORY_HOME); 736 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER_APP); 737 PackageParser.Package homePackage = getDefaultSystemHandlerActivityPackage( 738 homeIntent, userId); 739 if (homePackage != null 740 && doesPackageSupportRuntimePermissions(homePackage)) { 741 grantRuntimePermissions(homePackage, LOCATION_PERMISSIONS, false, userId); 742 } 743 744 // Watches 745 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0)) { 746 // Home application on watches 747 Intent wearHomeIntent = new Intent(Intent.ACTION_MAIN); 748 wearHomeIntent.addCategory(Intent.CATEGORY_HOME_MAIN); 749 750 PackageParser.Package wearHomePackage = getDefaultSystemHandlerActivityPackage( 751 wearHomeIntent, userId); 752 753 if (wearHomePackage != null 754 && doesPackageSupportRuntimePermissions(wearHomePackage)) { 755 grantRuntimePermissions(wearHomePackage, CONTACTS_PERMISSIONS, false, 756 userId); 757 grantRuntimePermissions(wearHomePackage, PHONE_PERMISSIONS, true, userId); 758 grantRuntimePermissions(wearHomePackage, MICROPHONE_PERMISSIONS, false, 759 userId); 760 grantRuntimePermissions(wearHomePackage, LOCATION_PERMISSIONS, false, 761 userId); 762 } 763 764 // Fitness tracking on watches 765 Intent trackIntent = new Intent(ACTION_TRACK); 766 PackageParser.Package trackPackage = getDefaultSystemHandlerActivityPackage( 767 trackIntent, userId); 768 if (trackPackage != null 769 && doesPackageSupportRuntimePermissions(trackPackage)) { 770 grantRuntimePermissions(trackPackage, SENSORS_PERMISSIONS, false, userId); 771 grantRuntimePermissions(trackPackage, LOCATION_PERMISSIONS, false, userId); 772 } 773 } 774 775 // Print Spooler 776 PackageParser.Package printSpoolerPackage = getSystemPackage( 777 PrintManager.PRINT_SPOOLER_PACKAGE_NAME); 778 if (printSpoolerPackage != null 779 && doesPackageSupportRuntimePermissions(printSpoolerPackage)) { 780 grantRuntimePermissions(printSpoolerPackage, LOCATION_PERMISSIONS, true, userId); 781 } 782 783 // EmergencyInfo 784 Intent emergencyInfoIntent = new Intent(TelephonyManager.ACTION_EMERGENCY_ASSISTANCE); 785 PackageParser.Package emergencyInfoPckg = getDefaultSystemHandlerActivityPackage( 786 emergencyInfoIntent, userId); 787 if (emergencyInfoPckg != null 788 && doesPackageSupportRuntimePermissions(emergencyInfoPckg)) { 789 grantRuntimePermissions(emergencyInfoPckg, CONTACTS_PERMISSIONS, true, userId); 790 grantRuntimePermissions(emergencyInfoPckg, PHONE_PERMISSIONS, true, userId); 791 } 792 793 // NFC Tag viewer 794 Intent nfcTagIntent = new Intent(Intent.ACTION_VIEW); 795 nfcTagIntent.setType("vnd.android.cursor.item/ndef_msg"); 796 PackageParser.Package nfcTagPkg = getDefaultSystemHandlerActivityPackage( 797 nfcTagIntent, userId); 798 if (nfcTagPkg != null 799 && doesPackageSupportRuntimePermissions(nfcTagPkg)) { 800 grantRuntimePermissions(nfcTagPkg, CONTACTS_PERMISSIONS, false, userId); 801 grantRuntimePermissions(nfcTagPkg, PHONE_PERMISSIONS, false, userId); 802 } 803 804 // Storage Manager 805 Intent storageManagerIntent = new Intent(StorageManager.ACTION_MANAGE_STORAGE); 806 PackageParser.Package storageManagerPckg = getDefaultSystemHandlerActivityPackage( 807 storageManagerIntent, userId); 808 if (storageManagerPckg != null 809 && doesPackageSupportRuntimePermissions(storageManagerPckg)) { 810 grantRuntimePermissions(storageManagerPckg, STORAGE_PERMISSIONS, true, userId); 811 } 812 813 // Companion devices 814 PackageParser.Package companionDeviceDiscoveryPackage = getSystemPackage( 815 CompanionDeviceManager.COMPANION_DEVICE_DISCOVERY_PACKAGE_NAME); 816 if (companionDeviceDiscoveryPackage != null 817 && doesPackageSupportRuntimePermissions(companionDeviceDiscoveryPackage)) { 818 grantRuntimePermissions(companionDeviceDiscoveryPackage, 819 LOCATION_PERMISSIONS, true, userId); 820 } 821 822 // Ringtone Picker 823 Intent ringtonePickerIntent = new Intent(RingtoneManager.ACTION_RINGTONE_PICKER); 824 PackageParser.Package ringtonePickerPackage = 825 getDefaultSystemHandlerActivityPackage(ringtonePickerIntent, userId); 826 if (ringtonePickerPackage != null 827 && doesPackageSupportRuntimePermissions(ringtonePickerPackage)) { 828 grantRuntimePermissions(ringtonePickerPackage, 829 STORAGE_PERMISSIONS, true, userId); 830 } 831 832 // TextClassifier Service 833 String textClassifierPackageName = 834 mContext.getPackageManager().getSystemTextClassifierPackageName(); 835 if (!TextUtils.isEmpty(textClassifierPackageName)) { 836 PackageParser.Package textClassifierPackage = 837 getSystemPackage(textClassifierPackageName); 838 if (textClassifierPackage != null 839 && doesPackageSupportRuntimePermissions(textClassifierPackage)) { 840 grantRuntimePermissions(textClassifierPackage, PHONE_PERMISSIONS, true, userId); 841 grantRuntimePermissions(textClassifierPackage, SMS_PERMISSIONS, true, userId); 842 grantRuntimePermissions(textClassifierPackage, CALENDAR_PERMISSIONS, true, userId); 843 grantRuntimePermissions(textClassifierPackage, LOCATION_PERMISSIONS, true, userId); 844 grantRuntimePermissions(textClassifierPackage, CONTACTS_PERMISSIONS, true, userId); 845 } 846 } 847 848 if (mPermissionGrantedCallback != null) { 849 mPermissionGrantedCallback.onDefaultRuntimePermissionsGranted(userId); 850 } 851 } 852 853 private void grantDefaultPermissionsToDefaultSystemDialerApp( 854 PackageParser.Package dialerPackage, int userId) { 855 if (doesPackageSupportRuntimePermissions(dialerPackage)) { 856 boolean isPhonePermFixed = 857 mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0); 858 grantRuntimePermissions( 859 dialerPackage, PHONE_PERMISSIONS, isPhonePermFixed, userId); 860 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, userId); 861 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, userId); 862 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, userId); 863 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, userId); 864 } 865 } 866 867 private void grantDefaultPermissionsToDefaultSystemSmsApp( 868 PackageParser.Package smsPackage, int userId) { 869 if (doesPackageSupportRuntimePermissions(smsPackage)) { 870 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, userId); 871 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, userId); 872 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, userId); 873 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, userId); 874 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, userId); 875 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, userId); 876 } 877 } 878 879 private void grantDefaultPermissionsToDefaultSystemUseOpenWifiApp( 880 PackageParser.Package useOpenWifiPackage, int userId) { 881 if (doesPackageSupportRuntimePermissions(useOpenWifiPackage)) { 882 grantRuntimePermissions(useOpenWifiPackage, COARSE_LOCATION_PERMISSIONS, userId); 883 } 884 } 885 886 public void grantDefaultPermissionsToDefaultSmsApp(String packageName, int userId) { 887 Log.i(TAG, "Granting permissions to default sms app for user:" + userId); 888 if (packageName == null) { 889 return; 890 } 891 PackageParser.Package smsPackage = getPackage(packageName); 892 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) { 893 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, false, true, userId); 894 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, false, true, userId); 895 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, false, true, userId); 896 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, false, true, userId); 897 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, false, true, userId); 898 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, false, true, userId); 899 } 900 } 901 902 public void grantDefaultPermissionsToDefaultDialerApp(String packageName, int userId) { 903 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId); 904 if (packageName == null) { 905 return; 906 } 907 PackageParser.Package dialerPackage = getPackage(packageName); 908 if (dialerPackage != null 909 && doesPackageSupportRuntimePermissions(dialerPackage)) { 910 grantRuntimePermissions(dialerPackage, PHONE_PERMISSIONS, false, true, userId); 911 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, false, true, userId); 912 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, false, true, userId); 913 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, false, true, userId); 914 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, false, true, userId); 915 } 916 } 917 918 public void grantDefaultPermissionsToDefaultUseOpenWifiApp(String packageName, int userId) { 919 Log.i(TAG, "Granting permissions to default Use Open WiFi app for user:" + userId); 920 if (packageName == null) { 921 return; 922 } 923 PackageParser.Package useOpenWifiPackage = getPackage(packageName); 924 if (useOpenWifiPackage != null 925 && doesPackageSupportRuntimePermissions(useOpenWifiPackage)) { 926 grantRuntimePermissions( 927 useOpenWifiPackage, COARSE_LOCATION_PERMISSIONS, false, true, userId); 928 } 929 } 930 931 private void grantDefaultPermissionsToDefaultSimCallManager( 932 PackageParser.Package simCallManagerPackage, int userId) { 933 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId); 934 if (doesPackageSupportRuntimePermissions(simCallManagerPackage)) { 935 grantRuntimePermissions(simCallManagerPackage, PHONE_PERMISSIONS, userId); 936 grantRuntimePermissions(simCallManagerPackage, MICROPHONE_PERMISSIONS, userId); 937 } 938 } 939 940 public void grantDefaultPermissionsToDefaultSimCallManager(String packageName, int userId) { 941 if (packageName == null) { 942 return; 943 } 944 PackageParser.Package simCallManagerPackage = getPackage(packageName); 945 if (simCallManagerPackage != null) { 946 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage, userId); 947 } 948 } 949 950 public void grantDefaultPermissionsToEnabledCarrierApps(String[] packageNames, int userId) { 951 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId); 952 if (packageNames == null) { 953 return; 954 } 955 for (String packageName : packageNames) { 956 PackageParser.Package carrierPackage = getSystemPackage(packageName); 957 if (carrierPackage != null 958 && doesPackageSupportRuntimePermissions(carrierPackage)) { 959 grantRuntimePermissions(carrierPackage, PHONE_PERMISSIONS, userId); 960 grantRuntimePermissions(carrierPackage, LOCATION_PERMISSIONS, userId); 961 grantRuntimePermissions(carrierPackage, SMS_PERMISSIONS, userId); 962 } 963 } 964 } 965 966 public void grantDefaultPermissionsToEnabledImsServices(String[] packageNames, int userId) { 967 Log.i(TAG, "Granting permissions to enabled ImsServices for user:" + userId); 968 if (packageNames == null) { 969 return; 970 } 971 for (String packageName : packageNames) { 972 PackageParser.Package imsServicePackage = getSystemPackage(packageName); 973 if (imsServicePackage != null 974 && doesPackageSupportRuntimePermissions(imsServicePackage)) { 975 grantRuntimePermissions(imsServicePackage, PHONE_PERMISSIONS, userId); 976 grantRuntimePermissions(imsServicePackage, MICROPHONE_PERMISSIONS, userId); 977 grantRuntimePermissions(imsServicePackage, LOCATION_PERMISSIONS, userId); 978 grantRuntimePermissions(imsServicePackage, CAMERA_PERMISSIONS, userId); 979 } 980 } 981 } 982 983 public void grantDefaultPermissionsToEnabledTelephonyDataServices( 984 String[] packageNames, int userId) { 985 Log.i(TAG, "Granting permissions to enabled data services for user:" + userId); 986 if (packageNames == null) { 987 return; 988 } 989 for (String packageName : packageNames) { 990 PackageParser.Package dataServicePackage = getSystemPackage(packageName); 991 if (dataServicePackage != null 992 && doesPackageSupportRuntimePermissions(dataServicePackage)) { 993 // Grant these permissions as system-fixed, so that nobody can accidentally 994 // break cellular data. 995 grantRuntimePermissions(dataServicePackage, PHONE_PERMISSIONS, true, userId); 996 grantRuntimePermissions(dataServicePackage, LOCATION_PERMISSIONS, true, userId); 997 } 998 } 999 } 1000 1001 public void revokeDefaultPermissionsFromDisabledTelephonyDataServices( 1002 String[] packageNames, int userId) { 1003 Log.i(TAG, "Revoking permissions from disabled data services for user:" + userId); 1004 if (packageNames == null) { 1005 return; 1006 } 1007 for (String packageName : packageNames) { 1008 PackageParser.Package dataServicePackage = getSystemPackage(packageName); 1009 if (dataServicePackage != null 1010 && doesPackageSupportRuntimePermissions(dataServicePackage)) { 1011 revokeRuntimePermissions(dataServicePackage, PHONE_PERMISSIONS, true, userId); 1012 revokeRuntimePermissions(dataServicePackage, LOCATION_PERMISSIONS, true, userId); 1013 } 1014 } 1015 } 1016 1017 public void grantDefaultPermissionsToDefaultBrowser(String packageName, int userId) { 1018 Log.i(TAG, "Granting permissions to default browser for user:" + userId); 1019 if (packageName == null) { 1020 return; 1021 } 1022 PackageParser.Package browserPackage = getSystemPackage(packageName); 1023 if (browserPackage != null 1024 && doesPackageSupportRuntimePermissions(browserPackage)) { 1025 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, false, false, userId); 1026 } 1027 } 1028 1029 private PackageParser.Package getDefaultSystemHandlerActivityPackage( 1030 Intent intent, int userId) { 1031 ResolveInfo handler = mServiceInternal.resolveIntent(intent, 1032 intent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS, userId, false); 1033 if (handler == null || handler.activityInfo == null) { 1034 return null; 1035 } 1036 if (mServiceInternal.isResolveActivityComponent(handler.activityInfo)) { 1037 return null; 1038 } 1039 return getSystemPackage(handler.activityInfo.packageName); 1040 } 1041 1042 private PackageParser.Package getDefaultSystemHandlerServicePackage( 1043 Intent intent, int userId) { 1044 List<ResolveInfo> handlers = mServiceInternal.queryIntentServices( 1045 intent, DEFAULT_FLAGS, Binder.getCallingUid(), userId); 1046 if (handlers == null) { 1047 return null; 1048 } 1049 final int handlerCount = handlers.size(); 1050 for (int i = 0; i < handlerCount; i++) { 1051 ResolveInfo handler = handlers.get(i); 1052 PackageParser.Package handlerPackage = getSystemPackage( 1053 handler.serviceInfo.packageName); 1054 if (handlerPackage != null) { 1055 return handlerPackage; 1056 } 1057 } 1058 return null; 1059 } 1060 1061 private List<PackageParser.Package> getHeadlessSyncAdapterPackages( 1062 String[] syncAdapterPackageNames, int userId) { 1063 List<PackageParser.Package> syncAdapterPackages = new ArrayList<>(); 1064 1065 Intent homeIntent = new Intent(Intent.ACTION_MAIN); 1066 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER); 1067 1068 for (String syncAdapterPackageName : syncAdapterPackageNames) { 1069 homeIntent.setPackage(syncAdapterPackageName); 1070 1071 ResolveInfo homeActivity = mServiceInternal.resolveIntent(homeIntent, 1072 homeIntent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS, 1073 userId, false); 1074 if (homeActivity != null) { 1075 continue; 1076 } 1077 1078 PackageParser.Package syncAdapterPackage = getSystemPackage(syncAdapterPackageName); 1079 if (syncAdapterPackage != null) { 1080 syncAdapterPackages.add(syncAdapterPackage); 1081 } 1082 } 1083 1084 return syncAdapterPackages; 1085 } 1086 1087 private PackageParser.Package getDefaultProviderAuthorityPackage( 1088 String authority, int userId) { 1089 ProviderInfo provider = 1090 mServiceInternal.resolveContentProvider(authority, DEFAULT_FLAGS, userId); 1091 if (provider != null) { 1092 return getSystemPackage(provider.packageName); 1093 } 1094 return null; 1095 } 1096 1097 private PackageParser.Package getPackage(String packageName) { 1098 return mServiceInternal.getPackage(packageName); 1099 } 1100 1101 private PackageParser.Package getSystemPackage(String packageName) { 1102 PackageParser.Package pkg = getPackage(packageName); 1103 if (pkg != null && pkg.isSystem()) { 1104 return !isSysComponentOrPersistentPlatformSignedPrivApp(pkg) ? pkg : null; 1105 } 1106 return null; 1107 } 1108 1109 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions, 1110 int userId) { 1111 grantRuntimePermissions(pkg, permissions, false, false, userId); 1112 } 1113 1114 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions, 1115 boolean systemFixed, int userId) { 1116 grantRuntimePermissions(pkg, permissions, systemFixed, false, userId); 1117 } 1118 1119 private void revokeRuntimePermissions(PackageParser.Package pkg, Set<String> permissions, 1120 boolean systemFixed, int userId) { 1121 if (pkg.requestedPermissions.isEmpty()) { 1122 return; 1123 } 1124 Set<String> revokablePermissions = new ArraySet<>(pkg.requestedPermissions); 1125 1126 for (String permission : permissions) { 1127 // We can't revoke what wasn't requested. 1128 if (!revokablePermissions.contains(permission)) { 1129 continue; 1130 } 1131 1132 final int flags = mServiceInternal.getPermissionFlagsTEMP( 1133 permission, pkg.packageName, userId); 1134 1135 // We didn't get this through the default grant policy. Move along. 1136 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) == 0) { 1137 continue; 1138 } 1139 // We aren't going to clobber device policy with a DefaultGrant. 1140 if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) { 1141 continue; 1142 } 1143 // Do not revoke system fixed permissions unless caller set them that way; 1144 // there is no refcount for the number of sources of this, so there 1145 // should be at most one grantor doing SYSTEM_FIXED for any given package. 1146 if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 && !systemFixed) { 1147 continue; 1148 } 1149 mServiceInternal.revokeRuntimePermission(pkg.packageName, permission, userId, false); 1150 1151 if (DEBUG) { 1152 Log.i(TAG, "revoked " + (systemFixed ? "fixed " : "not fixed ") 1153 + permission + " to " + pkg.packageName); 1154 } 1155 1156 // Remove the GRANTED_BY_DEFAULT flag without touching the others. 1157 // Note that we do not revoke FLAG_PERMISSION_SYSTEM_FIXED. That bit remains 1158 // sticky once set. 1159 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName, 1160 PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT, 0, userId); 1161 } 1162 } 1163 1164 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions, 1165 boolean systemFixed, boolean ignoreSystemPackage, int userId) { 1166 if (pkg.requestedPermissions.isEmpty()) { 1167 return; 1168 } 1169 1170 List<String> requestedPermissions = pkg.requestedPermissions; 1171 Set<String> grantablePermissions = null; 1172 1173 // In some cases, like for the Phone or SMS app, we grant permissions regardless 1174 // of if the version on the system image declares the permission as used since 1175 // selecting the app as the default for that function the user makes a deliberate 1176 // choice to grant this app the permissions needed to function. For all other 1177 // apps, (default grants on first boot and user creation) we don't grant default 1178 // permissions if the version on the system image does not declare them. 1179 if (!ignoreSystemPackage && pkg.isUpdatedSystemApp()) { 1180 final PackageParser.Package disabledPkg = 1181 mServiceInternal.getDisabledPackage(pkg.packageName); 1182 if (disabledPkg != null) { 1183 if (disabledPkg.requestedPermissions.isEmpty()) { 1184 return; 1185 } 1186 if (!requestedPermissions.equals(disabledPkg.requestedPermissions)) { 1187 grantablePermissions = new ArraySet<>(requestedPermissions); 1188 requestedPermissions = disabledPkg.requestedPermissions; 1189 } 1190 } 1191 } 1192 1193 final int grantablePermissionCount = requestedPermissions.size(); 1194 for (int i = 0; i < grantablePermissionCount; i++) { 1195 String permission = requestedPermissions.get(i); 1196 1197 // If there is a disabled system app it may request a permission the updated 1198 // version ot the data partition doesn't, In this case skip the permission. 1199 if (grantablePermissions != null && !grantablePermissions.contains(permission)) { 1200 continue; 1201 } 1202 1203 if (permissions.contains(permission)) { 1204 final int flags = mServiceInternal.getPermissionFlagsTEMP( 1205 permission, pkg.packageName, userId); 1206 1207 // If any flags are set to the permission, then it is either set in 1208 // its current state by the system or device/profile owner or the user. 1209 // In all these cases we do not want to clobber the current state. 1210 // Unless the caller wants to override user choices. The override is 1211 // to make sure we can grant the needed permission to the default 1212 // sms and phone apps after the user chooses this in the UI. 1213 if (flags == 0 || ignoreSystemPackage) { 1214 // Never clobber policy fixed permissions. 1215 // We must allow the grant of a system-fixed permission because 1216 // system-fixed is sticky, but the permission itself may be revoked. 1217 if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) { 1218 continue; 1219 } 1220 1221 mServiceInternal.grantRuntimePermission( 1222 pkg.packageName, permission, userId, false); 1223 if (DEBUG) { 1224 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ") 1225 + permission + " to default handler " + pkg.packageName); 1226 } 1227 1228 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT; 1229 if (systemFixed) { 1230 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; 1231 } 1232 1233 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName, 1234 newFlags, newFlags, userId); 1235 } 1236 1237 // If a component gets a permission for being the default handler A 1238 // and also default handler B, we grant the weaker grant form. 1239 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0 1240 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 1241 && !systemFixed) { 1242 if (DEBUG) { 1243 Log.i(TAG, "Granted not fixed " + permission + " to default handler " 1244 + pkg.packageName); 1245 } 1246 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName, 1247 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, userId); 1248 } 1249 } 1250 } 1251 } 1252 1253 private boolean isSysComponentOrPersistentPlatformSignedPrivApp(PackageParser.Package pkg) { 1254 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) { 1255 return true; 1256 } 1257 if (!pkg.isPrivileged()) { 1258 return false; 1259 } 1260 final PackageParser.Package disabledPkg = 1261 mServiceInternal.getDisabledPackage(pkg.packageName); 1262 if (disabledPkg != null) { 1263 if ((disabledPkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 1264 return false; 1265 } 1266 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 1267 return false; 1268 } 1269 final String systemPackageName = mServiceInternal.getKnownPackageName( 1270 PackageManagerInternal.PACKAGE_SYSTEM, UserHandle.USER_SYSTEM); 1271 final PackageParser.Package systemPackage = getPackage(systemPackageName); 1272 return pkg.mSigningDetails.hasAncestorOrSelf(systemPackage.mSigningDetails) 1273 || systemPackage.mSigningDetails.checkCapability(pkg.mSigningDetails, 1274 PackageParser.SigningDetails.CertCapabilities.PERMISSION); 1275 } 1276 1277 private void grantDefaultPermissionExceptions(int userId) { 1278 mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS); 1279 1280 synchronized (mLock) { 1281 // mGrantExceptions is null only before the first read and then 1282 // it serves as a cache of the default grants that should be 1283 // performed for every user. If there is an entry then the app 1284 // is on the system image and supports runtime permissions. 1285 if (mGrantExceptions == null) { 1286 mGrantExceptions = readDefaultPermissionExceptionsLocked(); 1287 } 1288 } 1289 1290 Set<String> permissions = null; 1291 final int exceptionCount = mGrantExceptions.size(); 1292 for (int i = 0; i < exceptionCount; i++) { 1293 String packageName = mGrantExceptions.keyAt(i); 1294 PackageParser.Package pkg = getSystemPackage(packageName); 1295 List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i); 1296 final int permissionGrantCount = permissionGrants.size(); 1297 for (int j = 0; j < permissionGrantCount; j++) { 1298 DefaultPermissionGrant permissionGrant = permissionGrants.get(j); 1299 if (permissions == null) { 1300 permissions = new ArraySet<>(); 1301 } else { 1302 permissions.clear(); 1303 } 1304 permissions.add(permissionGrant.name); 1305 grantRuntimePermissions(pkg, permissions, 1306 permissionGrant.fixed, userId); 1307 } 1308 } 1309 } 1310 1311 private File[] getDefaultPermissionFiles() { 1312 ArrayList<File> ret = new ArrayList<File>(); 1313 File dir = new File(Environment.getRootDirectory(), "etc/default-permissions"); 1314 if (dir.isDirectory() && dir.canRead()) { 1315 Collections.addAll(ret, dir.listFiles()); 1316 } 1317 dir = new File(Environment.getVendorDirectory(), "etc/default-permissions"); 1318 if (dir.isDirectory() && dir.canRead()) { 1319 Collections.addAll(ret, dir.listFiles()); 1320 } 1321 dir = new File(Environment.getOdmDirectory(), "etc/default-permissions"); 1322 if (dir.isDirectory() && dir.canRead()) { 1323 Collections.addAll(ret, dir.listFiles()); 1324 } 1325 dir = new File(Environment.getProductDirectory(), "etc/default-permissions"); 1326 if (dir.isDirectory() && dir.canRead()) { 1327 Collections.addAll(ret, dir.listFiles()); 1328 } 1329 return ret.isEmpty() ? null : ret.toArray(new File[0]); 1330 } 1331 1332 private @NonNull ArrayMap<String, List<DefaultPermissionGrant>> 1333 readDefaultPermissionExceptionsLocked() { 1334 File[] files = getDefaultPermissionFiles(); 1335 if (files == null) { 1336 return new ArrayMap<>(0); 1337 } 1338 1339 ArrayMap<String, List<DefaultPermissionGrant>> grantExceptions = new ArrayMap<>(); 1340 1341 // Iterate over the files in the directory and scan .xml files 1342 for (File file : files) { 1343 if (!file.getPath().endsWith(".xml")) { 1344 Slog.i(TAG, "Non-xml file " + file 1345 + " in " + file.getParent() + " directory, ignoring"); 1346 continue; 1347 } 1348 if (!file.canRead()) { 1349 Slog.w(TAG, "Default permissions file " + file + " cannot be read"); 1350 continue; 1351 } 1352 try ( 1353 InputStream str = new BufferedInputStream(new FileInputStream(file)) 1354 ) { 1355 XmlPullParser parser = Xml.newPullParser(); 1356 parser.setInput(str, null); 1357 parse(parser, grantExceptions); 1358 } catch (XmlPullParserException | IOException e) { 1359 Slog.w(TAG, "Error reading default permissions file " + file, e); 1360 } 1361 } 1362 1363 return grantExceptions; 1364 } 1365 1366 private void parse(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>> 1367 outGrantExceptions) throws IOException, XmlPullParserException { 1368 final int outerDepth = parser.getDepth(); 1369 int type; 1370 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1371 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1372 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1373 continue; 1374 } 1375 if (TAG_EXCEPTIONS.equals(parser.getName())) { 1376 parseExceptions(parser, outGrantExceptions); 1377 } else { 1378 Log.e(TAG, "Unknown tag " + parser.getName()); 1379 } 1380 } 1381 } 1382 1383 private void parseExceptions(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>> 1384 outGrantExceptions) throws IOException, XmlPullParserException { 1385 final int outerDepth = parser.getDepth(); 1386 int type; 1387 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1388 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1389 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1390 continue; 1391 } 1392 if (TAG_EXCEPTION.equals(parser.getName())) { 1393 String packageName = parser.getAttributeValue(null, ATTR_PACKAGE); 1394 1395 List<DefaultPermissionGrant> packageExceptions = 1396 outGrantExceptions.get(packageName); 1397 if (packageExceptions == null) { 1398 // The package must be on the system image 1399 PackageParser.Package pkg = getSystemPackage(packageName); 1400 if (pkg == null) { 1401 Log.w(TAG, "Unknown package:" + packageName); 1402 XmlUtils.skipCurrentTag(parser); 1403 continue; 1404 } 1405 1406 // The package must support runtime permissions 1407 if (!doesPackageSupportRuntimePermissions(pkg)) { 1408 Log.w(TAG, "Skipping non supporting runtime permissions package:" 1409 + packageName); 1410 XmlUtils.skipCurrentTag(parser); 1411 continue; 1412 } 1413 packageExceptions = new ArrayList<>(); 1414 outGrantExceptions.put(packageName, packageExceptions); 1415 } 1416 1417 parsePermission(parser, packageExceptions); 1418 } else { 1419 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exceptions>"); 1420 } 1421 } 1422 } 1423 1424 private void parsePermission(XmlPullParser parser, List<DefaultPermissionGrant> 1425 outPackageExceptions) throws IOException, XmlPullParserException { 1426 final int outerDepth = parser.getDepth(); 1427 int type; 1428 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1429 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1430 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1431 continue; 1432 } 1433 1434 if (TAG_PERMISSION.contains(parser.getName())) { 1435 String name = parser.getAttributeValue(null, ATTR_NAME); 1436 if (name == null) { 1437 Log.w(TAG, "Mandatory name attribute missing for permission tag"); 1438 XmlUtils.skipCurrentTag(parser); 1439 continue; 1440 } 1441 1442 final boolean fixed = XmlUtils.readBooleanAttribute(parser, ATTR_FIXED); 1443 1444 DefaultPermissionGrant exception = new DefaultPermissionGrant(name, fixed); 1445 outPackageExceptions.add(exception); 1446 } else { 1447 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exception>"); 1448 } 1449 } 1450 } 1451 1452 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) { 1453 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1; 1454 } 1455 1456 private static final class DefaultPermissionGrant { 1457 final String name; 1458 final boolean fixed; 1459 1460 public DefaultPermissionGrant(String name, boolean fixed) { 1461 this.name = name; 1462 this.fixed = fixed; 1463 } 1464 } 1465} 1466