1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.server.pm.permission; 18 19 import static android.os.Process.FIRST_APPLICATION_UID; 20 21 import android.Manifest; 22 import android.annotation.NonNull; 23 import android.annotation.Nullable; 24 import android.app.ActivityManager; 25 import android.app.DownloadManager; 26 import android.app.admin.DevicePolicyManager; 27 import android.companion.CompanionDeviceManager; 28 import android.content.ComponentName; 29 import android.content.Context; 30 import android.content.Intent; 31 import android.content.pm.ApplicationInfo; 32 import android.content.pm.PackageList; 33 import android.content.pm.PackageManager; 34 import android.content.pm.PackageManagerInternal; 35 import android.content.pm.PackageManagerInternal.PackagesProvider; 36 import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider; 37 import android.content.pm.PackageParser; 38 import android.content.pm.ProviderInfo; 39 import android.content.pm.ResolveInfo; 40 import android.media.RingtoneManager; 41 import android.net.Uri; 42 import android.os.Binder; 43 import android.os.Build; 44 import android.os.Environment; 45 import android.os.Handler; 46 import android.os.Looper; 47 import android.os.Message; 48 import android.os.UserHandle; 49 import android.os.storage.StorageManager; 50 import android.print.PrintManager; 51 import android.provider.CalendarContract; 52 import android.provider.ContactsContract; 53 import android.provider.MediaStore; 54 import android.provider.Telephony.Sms.Intents; 55 import android.security.Credentials; 56 import android.service.textclassifier.TextClassifierService; 57 import android.telephony.TelephonyManager; 58 import android.text.TextUtils; 59 import android.util.ArrayMap; 60 import android.util.ArraySet; 61 import android.util.Log; 62 import android.util.Slog; 63 import android.util.Xml; 64 65 import com.android.internal.util.XmlUtils; 66 import com.android.server.LocalServices; 67 import com.android.server.pm.PackageManagerService; 68 69 import org.xmlpull.v1.XmlPullParser; 70 import org.xmlpull.v1.XmlPullParserException; 71 72 import java.io.BufferedInputStream; 73 import java.io.File; 74 import java.io.FileInputStream; 75 import java.io.IOException; 76 import java.io.InputStream; 77 import java.util.ArrayList; 78 import java.util.Collections; 79 import java.util.List; 80 import java.util.Map; 81 import java.util.Set; 82 83 /** 84 * This class is the policy for granting runtime permissions to 85 * platform components and default handlers in the system such 86 * that the device is usable out-of-the-box. For example, the 87 * shell UID is a part of the system and the Phone app should 88 * have phone related permission by default. 89 * <p> 90 * NOTE: This class is at the wrong abstraction level. It is a part of the package manager 91 * service but knows about lots of higher level subsystems. The correct way to do this is 92 * to have an interface defined in the package manager but have the impl next to other 93 * policy stuff like PhoneWindowManager 94 */ 95 public final class DefaultPermissionGrantPolicy { 96 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars 97 private static final boolean DEBUG = false; 98 99 private static final int DEFAULT_FLAGS = 100 PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE 101 | PackageManager.MATCH_UNINSTALLED_PACKAGES; 102 103 private static final String AUDIO_MIME_TYPE = "audio/mpeg"; 104 105 private static final String TAG_EXCEPTIONS = "exceptions"; 106 private static final String TAG_EXCEPTION = "exception"; 107 private static final String TAG_PERMISSION = "permission"; 108 private static final String ATTR_PACKAGE = "package"; 109 private static final String ATTR_NAME = "name"; 110 private static final String ATTR_FIXED = "fixed"; 111 112 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>(); 113 static { 114 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE); 115 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE); 116 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG); 117 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG); 118 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL); 119 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP); 120 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS); 121 } 122 123 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>(); 124 static { 125 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS); 126 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS); 127 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS); 128 } 129 130 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>(); 131 static { 132 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION); 133 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION); 134 } 135 136 private static final Set<String> COARSE_LOCATION_PERMISSIONS = new ArraySet<>(); 137 static { 138 COARSE_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION); 139 } 140 141 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>(); 142 static { 143 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR); 144 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR); 145 } 146 147 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>(); 148 static { 149 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS); 150 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS); 151 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS); 152 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH); 153 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS); 154 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS); 155 } 156 157 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>(); 158 static { 159 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO); 160 } 161 162 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>(); 163 static { 164 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA); 165 } 166 167 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>(); 168 static { 169 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS); 170 } 171 172 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>(); 173 static { 174 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE); 175 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE); 176 } 177 178 private static final int MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS = 1; 179 180 private static final String ACTION_TRACK = "com.android.fitness.TRACK"; 181 182 private final Handler mHandler; 183 184 private PackagesProvider mLocationPackagesProvider; 185 private PackagesProvider mVoiceInteractionPackagesProvider; 186 private PackagesProvider mSmsAppPackagesProvider; 187 private PackagesProvider mDialerAppPackagesProvider; 188 private PackagesProvider mSimCallManagerPackagesProvider; 189 private PackagesProvider mUseOpenWifiAppPackagesProvider; 190 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider; 191 192 private ArrayMap<String, List<DefaultPermissionGrant>> mGrantExceptions; 193 private final Context mContext; 194 private final Object mLock = new Object(); 195 private final PackageManagerInternal mServiceInternal; 196 private final PermissionManagerService mPermissionManager; 197 private final DefaultPermissionGrantedCallback mPermissionGrantedCallback; 198 public interface DefaultPermissionGrantedCallback { 199 /** Callback when permissions have been granted */ 200 public void onDefaultRuntimePermissionsGranted(int userId); 201 } 202 203 public DefaultPermissionGrantPolicy(Context context, Looper looper, 204 @Nullable DefaultPermissionGrantedCallback callback, 205 @NonNull PermissionManagerService permissionManager) { 206 mContext = context; 207 mHandler = new Handler(looper) { 208 @Override 209 public void handleMessage(Message msg) { 210 if (msg.what == MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS) { 211 synchronized (mLock) { 212 if (mGrantExceptions == null) { 213 mGrantExceptions = readDefaultPermissionExceptionsLocked(); 214 } 215 } 216 } 217 } 218 }; 219 mPermissionGrantedCallback = callback; 220 mPermissionManager = permissionManager; 221 mServiceInternal = LocalServices.getService(PackageManagerInternal.class); 222 } 223 224 public void setLocationPackagesProvider(PackagesProvider provider) { 225 synchronized (mLock) { 226 mLocationPackagesProvider = provider; 227 } 228 } 229 230 public void setVoiceInteractionPackagesProvider(PackagesProvider provider) { 231 synchronized (mLock) { 232 mVoiceInteractionPackagesProvider = provider; 233 } 234 } 235 236 public void setSmsAppPackagesProvider(PackagesProvider provider) { 237 synchronized (mLock) { 238 mSmsAppPackagesProvider = provider; 239 } 240 } 241 242 public void setDialerAppPackagesProvider(PackagesProvider provider) { 243 synchronized (mLock) { 244 mDialerAppPackagesProvider = provider; 245 } 246 } 247 248 public void setSimCallManagerPackagesProvider(PackagesProvider provider) { 249 synchronized (mLock) { 250 mSimCallManagerPackagesProvider = provider; 251 } 252 } 253 254 public void setUseOpenWifiAppPackagesProvider(PackagesProvider provider) { 255 synchronized (mLock) { 256 mUseOpenWifiAppPackagesProvider = provider; 257 } 258 } 259 260 public void setSyncAdapterPackagesProvider(SyncAdapterPackagesProvider provider) { 261 synchronized (mLock) { 262 mSyncAdapterPackagesProvider = provider; 263 } 264 } 265 266 public void grantDefaultPermissions(int userId) { 267 grantPermissionsToSysComponentsAndPrivApps(userId); 268 grantDefaultSystemHandlerPermissions(userId); 269 grantDefaultPermissionExceptions(userId); 270 } 271 272 private void grantRuntimePermissionsForPackage(int userId, PackageParser.Package pkg) { 273 Set<String> permissions = new ArraySet<>(); 274 for (String permission : pkg.requestedPermissions) { 275 final BasePermission bp = mPermissionManager.getPermission(permission); 276 if (bp == null) { 277 continue; 278 } 279 if (bp.isRuntime()) { 280 permissions.add(permission); 281 } 282 } 283 if (!permissions.isEmpty()) { 284 grantRuntimePermissions(pkg, permissions, true, userId); 285 } 286 } 287 288 private void grantAllRuntimePermissions(int userId) { 289 Log.i(TAG, "Granting all runtime permissions for user " + userId); 290 final PackageList packageList = mServiceInternal.getPackageList(); 291 for (String packageName : packageList.getPackageNames()) { 292 final PackageParser.Package pkg = mServiceInternal.getPackage(packageName); 293 if (pkg == null) { 294 continue; 295 } 296 grantRuntimePermissionsForPackage(userId, pkg); 297 } 298 } 299 300 public void scheduleReadDefaultPermissionExceptions() { 301 mHandler.sendEmptyMessage(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS); 302 } 303 304 private void grantPermissionsToSysComponentsAndPrivApps(int userId) { 305 Log.i(TAG, "Granting permissions to platform components for user " + userId); 306 final PackageList packageList = mServiceInternal.getPackageList(); 307 for (String packageName : packageList.getPackageNames()) { 308 final PackageParser.Package pkg = mServiceInternal.getPackage(packageName); 309 if (pkg == null) { 310 continue; 311 } 312 if (!isSysComponentOrPersistentPlatformSignedPrivApp(pkg) 313 || !doesPackageSupportRuntimePermissions(pkg) 314 || pkg.requestedPermissions.isEmpty()) { 315 continue; 316 } 317 grantRuntimePermissionsForPackage(userId, pkg); 318 } 319 } 320 321 private void grantDefaultSystemHandlerPermissions(int userId) { 322 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId); 323 324 final PackagesProvider locationPackagesProvider; 325 final PackagesProvider voiceInteractionPackagesProvider; 326 final PackagesProvider smsAppPackagesProvider; 327 final PackagesProvider dialerAppPackagesProvider; 328 final PackagesProvider simCallManagerPackagesProvider; 329 final PackagesProvider useOpenWifiAppPackagesProvider; 330 final SyncAdapterPackagesProvider syncAdapterPackagesProvider; 331 332 synchronized (mLock) { 333 locationPackagesProvider = mLocationPackagesProvider; 334 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider; 335 smsAppPackagesProvider = mSmsAppPackagesProvider; 336 dialerAppPackagesProvider = mDialerAppPackagesProvider; 337 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider; 338 useOpenWifiAppPackagesProvider = mUseOpenWifiAppPackagesProvider; 339 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider; 340 } 341 342 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null) 343 ? voiceInteractionPackagesProvider.getPackages(userId) : null; 344 String[] locationPackageNames = (locationPackagesProvider != null) 345 ? locationPackagesProvider.getPackages(userId) : null; 346 String[] smsAppPackageNames = (smsAppPackagesProvider != null) 347 ? smsAppPackagesProvider.getPackages(userId) : null; 348 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null) 349 ? dialerAppPackagesProvider.getPackages(userId) : null; 350 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null) 351 ? simCallManagerPackagesProvider.getPackages(userId) : null; 352 String[] useOpenWifiAppPackageNames = (useOpenWifiAppPackagesProvider != null) 353 ? useOpenWifiAppPackagesProvider.getPackages(userId) : null; 354 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 355 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null; 356 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 357 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null; 358 359 // Installer 360 final String installerPackageName = mServiceInternal.getKnownPackageName( 361 PackageManagerInternal.PACKAGE_INSTALLER, userId); 362 PackageParser.Package installerPackage = getSystemPackage(installerPackageName); 363 if (installerPackage != null 364 && doesPackageSupportRuntimePermissions(installerPackage)) { 365 grantRuntimePermissions(installerPackage, STORAGE_PERMISSIONS, true, userId); 366 } 367 368 // Verifier 369 final String verifierPackageName = mServiceInternal.getKnownPackageName( 370 PackageManagerInternal.PACKAGE_VERIFIER, userId); 371 PackageParser.Package verifierPackage = getSystemPackage(verifierPackageName); 372 if (verifierPackage != null 373 && doesPackageSupportRuntimePermissions(verifierPackage)) { 374 grantRuntimePermissions(verifierPackage, STORAGE_PERMISSIONS, true, userId); 375 grantRuntimePermissions(verifierPackage, PHONE_PERMISSIONS, false, userId); 376 grantRuntimePermissions(verifierPackage, SMS_PERMISSIONS, false, userId); 377 } 378 379 // SetupWizard 380 final String setupWizardPackageName = mServiceInternal.getKnownPackageName( 381 PackageManagerInternal.PACKAGE_SETUP_WIZARD, userId); 382 PackageParser.Package setupPackage = getSystemPackage(setupWizardPackageName); 383 if (setupPackage != null 384 && doesPackageSupportRuntimePermissions(setupPackage)) { 385 grantRuntimePermissions(setupPackage, PHONE_PERMISSIONS, userId); 386 grantRuntimePermissions(setupPackage, CONTACTS_PERMISSIONS, userId); 387 grantRuntimePermissions(setupPackage, LOCATION_PERMISSIONS, userId); 388 grantRuntimePermissions(setupPackage, CAMERA_PERMISSIONS, userId); 389 } 390 391 // Camera 392 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE); 393 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackage( 394 cameraIntent, userId); 395 if (cameraPackage != null 396 && doesPackageSupportRuntimePermissions(cameraPackage)) { 397 grantRuntimePermissions(cameraPackage, CAMERA_PERMISSIONS, userId); 398 grantRuntimePermissions(cameraPackage, MICROPHONE_PERMISSIONS, userId); 399 grantRuntimePermissions(cameraPackage, STORAGE_PERMISSIONS, userId); 400 } 401 402 // Media provider 403 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackage( 404 MediaStore.AUTHORITY, userId); 405 if (mediaStorePackage != null) { 406 grantRuntimePermissions(mediaStorePackage, STORAGE_PERMISSIONS, true, userId); 407 grantRuntimePermissions(mediaStorePackage, PHONE_PERMISSIONS, true, userId); 408 } 409 410 // Downloads provider 411 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackage( 412 "downloads", userId); 413 if (downloadsPackage != null) { 414 grantRuntimePermissions(downloadsPackage, STORAGE_PERMISSIONS, true, userId); 415 } 416 417 // Downloads UI 418 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS); 419 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackage( 420 downloadsUiIntent, userId); 421 if (downloadsUiPackage != null 422 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) { 423 grantRuntimePermissions(downloadsUiPackage, STORAGE_PERMISSIONS, true, userId); 424 } 425 426 // Storage provider 427 PackageParser.Package storagePackage = getDefaultProviderAuthorityPackage( 428 "com.android.externalstorage.documents", userId); 429 if (storagePackage != null) { 430 grantRuntimePermissions(storagePackage, STORAGE_PERMISSIONS, true, userId); 431 } 432 433 // Container service 434 PackageParser.Package containerPackage = getSystemPackage( 435 PackageManagerService.DEFAULT_CONTAINER_PACKAGE); 436 if (containerPackage != null) { 437 grantRuntimePermissions(containerPackage, STORAGE_PERMISSIONS, true, userId); 438 } 439 440 // CertInstaller 441 Intent certInstallerIntent = new Intent(Credentials.INSTALL_ACTION); 442 PackageParser.Package certInstallerPackage = getDefaultSystemHandlerActivityPackage( 443 certInstallerIntent, userId); 444 if (certInstallerPackage != null 445 && doesPackageSupportRuntimePermissions(certInstallerPackage)) { 446 grantRuntimePermissions(certInstallerPackage, STORAGE_PERMISSIONS, true, userId); 447 } 448 449 // Dialer 450 if (dialerAppPackageNames == null) { 451 Intent dialerIntent = new Intent(Intent.ACTION_DIAL); 452 PackageParser.Package dialerPackage = getDefaultSystemHandlerActivityPackage( 453 dialerIntent, userId); 454 if (dialerPackage != null) { 455 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId); 456 } 457 } else { 458 for (String dialerAppPackageName : dialerAppPackageNames) { 459 PackageParser.Package dialerPackage = getSystemPackage(dialerAppPackageName); 460 if (dialerPackage != null) { 461 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId); 462 } 463 } 464 } 465 466 // Sim call manager 467 if (simCallManagerPackageNames != null) { 468 for (String simCallManagerPackageName : simCallManagerPackageNames) { 469 PackageParser.Package simCallManagerPackage = 470 getSystemPackage(simCallManagerPackageName); 471 if (simCallManagerPackage != null) { 472 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage, 473 userId); 474 } 475 } 476 } 477 478 // Use Open Wifi 479 if (useOpenWifiAppPackageNames != null) { 480 for (String useOpenWifiPackageName : useOpenWifiAppPackageNames) { 481 PackageParser.Package useOpenWifiPackage = 482 getSystemPackage(useOpenWifiPackageName); 483 if (useOpenWifiPackage != null) { 484 grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(useOpenWifiPackage, 485 userId); 486 } 487 } 488 } 489 490 // SMS 491 if (smsAppPackageNames == null) { 492 Intent smsIntent = new Intent(Intent.ACTION_MAIN); 493 smsIntent.addCategory(Intent.CATEGORY_APP_MESSAGING); 494 PackageParser.Package smsPackage = getDefaultSystemHandlerActivityPackage( 495 smsIntent, userId); 496 if (smsPackage != null) { 497 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId); 498 } 499 } else { 500 for (String smsPackageName : smsAppPackageNames) { 501 PackageParser.Package smsPackage = getSystemPackage(smsPackageName); 502 if (smsPackage != null) { 503 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId); 504 } 505 } 506 } 507 508 // Cell Broadcast Receiver 509 Intent cbrIntent = new Intent(Intents.SMS_CB_RECEIVED_ACTION); 510 PackageParser.Package cbrPackage = 511 getDefaultSystemHandlerActivityPackage(cbrIntent, userId); 512 if (cbrPackage != null && doesPackageSupportRuntimePermissions(cbrPackage)) { 513 grantRuntimePermissions(cbrPackage, SMS_PERMISSIONS, userId); 514 } 515 516 // Carrier Provisioning Service 517 Intent carrierProvIntent = new Intent(Intents.SMS_CARRIER_PROVISION_ACTION); 518 PackageParser.Package carrierProvPackage = 519 getDefaultSystemHandlerServicePackage(carrierProvIntent, userId); 520 if (carrierProvPackage != null 521 && doesPackageSupportRuntimePermissions(carrierProvPackage)) { 522 grantRuntimePermissions(carrierProvPackage, SMS_PERMISSIONS, false, userId); 523 } 524 525 // Calendar 526 Intent calendarIntent = new Intent(Intent.ACTION_MAIN); 527 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR); 528 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackage( 529 calendarIntent, userId); 530 if (calendarPackage != null 531 && doesPackageSupportRuntimePermissions(calendarPackage)) { 532 grantRuntimePermissions(calendarPackage, CALENDAR_PERMISSIONS, userId); 533 grantRuntimePermissions(calendarPackage, CONTACTS_PERMISSIONS, userId); 534 } 535 536 // Calendar provider 537 PackageParser.Package calendarProviderPackage = getDefaultProviderAuthorityPackage( 538 CalendarContract.AUTHORITY, userId); 539 if (calendarProviderPackage != null) { 540 grantRuntimePermissions(calendarProviderPackage, CONTACTS_PERMISSIONS, userId); 541 grantRuntimePermissions(calendarProviderPackage, CALENDAR_PERMISSIONS, 542 true, userId); 543 grantRuntimePermissions(calendarProviderPackage, STORAGE_PERMISSIONS, userId); 544 } 545 546 // Calendar provider sync adapters 547 List<PackageParser.Package> calendarSyncAdapters = getHeadlessSyncAdapterPackages( 548 calendarSyncAdapterPackages, userId); 549 final int calendarSyncAdapterCount = calendarSyncAdapters.size(); 550 for (int i = 0; i < calendarSyncAdapterCount; i++) { 551 PackageParser.Package calendarSyncAdapter = calendarSyncAdapters.get(i); 552 if (doesPackageSupportRuntimePermissions(calendarSyncAdapter)) { 553 grantRuntimePermissions(calendarSyncAdapter, CALENDAR_PERMISSIONS, userId); 554 } 555 } 556 557 // Contacts 558 Intent contactsIntent = new Intent(Intent.ACTION_MAIN); 559 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS); 560 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackage( 561 contactsIntent, userId); 562 if (contactsPackage != null 563 && doesPackageSupportRuntimePermissions(contactsPackage)) { 564 grantRuntimePermissions(contactsPackage, CONTACTS_PERMISSIONS, userId); 565 grantRuntimePermissions(contactsPackage, PHONE_PERMISSIONS, userId); 566 } 567 568 // Contacts provider sync adapters 569 List<PackageParser.Package> contactsSyncAdapters = getHeadlessSyncAdapterPackages( 570 contactsSyncAdapterPackages, userId); 571 final int contactsSyncAdapterCount = contactsSyncAdapters.size(); 572 for (int i = 0; i < contactsSyncAdapterCount; i++) { 573 PackageParser.Package contactsSyncAdapter = contactsSyncAdapters.get(i); 574 if (doesPackageSupportRuntimePermissions(contactsSyncAdapter)) { 575 grantRuntimePermissions(contactsSyncAdapter, CONTACTS_PERMISSIONS, userId); 576 } 577 } 578 579 // Contacts provider 580 PackageParser.Package contactsProviderPackage = getDefaultProviderAuthorityPackage( 581 ContactsContract.AUTHORITY, userId); 582 if (contactsProviderPackage != null) { 583 grantRuntimePermissions(contactsProviderPackage, CONTACTS_PERMISSIONS, 584 true, userId); 585 grantRuntimePermissions(contactsProviderPackage, PHONE_PERMISSIONS, 586 true, userId); 587 grantRuntimePermissions(contactsProviderPackage, STORAGE_PERMISSIONS, userId); 588 } 589 590 // Device provisioning 591 Intent deviceProvisionIntent = new Intent( 592 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE); 593 PackageParser.Package deviceProvisionPackage = 594 getDefaultSystemHandlerActivityPackage(deviceProvisionIntent, userId); 595 if (deviceProvisionPackage != null 596 && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) { 597 grantRuntimePermissions(deviceProvisionPackage, CONTACTS_PERMISSIONS, userId); 598 } 599 600 // Maps 601 Intent mapsIntent = new Intent(Intent.ACTION_MAIN); 602 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS); 603 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackage( 604 mapsIntent, userId); 605 if (mapsPackage != null 606 && doesPackageSupportRuntimePermissions(mapsPackage)) { 607 grantRuntimePermissions(mapsPackage, LOCATION_PERMISSIONS, userId); 608 } 609 610 // Gallery 611 Intent galleryIntent = new Intent(Intent.ACTION_MAIN); 612 galleryIntent.addCategory(Intent.CATEGORY_APP_GALLERY); 613 PackageParser.Package galleryPackage = getDefaultSystemHandlerActivityPackage( 614 galleryIntent, userId); 615 if (galleryPackage != null 616 && doesPackageSupportRuntimePermissions(galleryPackage)) { 617 grantRuntimePermissions(galleryPackage, STORAGE_PERMISSIONS, userId); 618 } 619 620 // Email 621 Intent emailIntent = new Intent(Intent.ACTION_MAIN); 622 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL); 623 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackage( 624 emailIntent, userId); 625 if (emailPackage != null 626 && doesPackageSupportRuntimePermissions(emailPackage)) { 627 grantRuntimePermissions(emailPackage, CONTACTS_PERMISSIONS, userId); 628 grantRuntimePermissions(emailPackage, CALENDAR_PERMISSIONS, userId); 629 } 630 631 // Browser 632 PackageParser.Package browserPackage = null; 633 String defaultBrowserPackage = mServiceInternal.getKnownPackageName( 634 PackageManagerInternal.PACKAGE_BROWSER, userId); 635 if (defaultBrowserPackage != null) { 636 browserPackage = getPackage(defaultBrowserPackage); 637 } 638 if (browserPackage == null) { 639 Intent browserIntent = new Intent(Intent.ACTION_MAIN); 640 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER); 641 browserPackage = getDefaultSystemHandlerActivityPackage( 642 browserIntent, userId); 643 } 644 if (browserPackage != null 645 && doesPackageSupportRuntimePermissions(browserPackage)) { 646 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, userId); 647 } 648 649 // Voice interaction 650 if (voiceInteractPackageNames != null) { 651 for (String voiceInteractPackageName : voiceInteractPackageNames) { 652 PackageParser.Package voiceInteractPackage = getSystemPackage( 653 voiceInteractPackageName); 654 if (voiceInteractPackage != null 655 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) { 656 grantRuntimePermissions(voiceInteractPackage, 657 CONTACTS_PERMISSIONS, userId); 658 grantRuntimePermissions(voiceInteractPackage, 659 CALENDAR_PERMISSIONS, userId); 660 grantRuntimePermissions(voiceInteractPackage, 661 MICROPHONE_PERMISSIONS, userId); 662 grantRuntimePermissions(voiceInteractPackage, 663 PHONE_PERMISSIONS, userId); 664 grantRuntimePermissions(voiceInteractPackage, 665 SMS_PERMISSIONS, userId); 666 grantRuntimePermissions(voiceInteractPackage, 667 LOCATION_PERMISSIONS, userId); 668 } 669 } 670 } 671 672 if (ActivityManager.isLowRamDeviceStatic()) { 673 // Allow voice search on low-ram devices 674 Intent globalSearchIntent = new Intent("android.search.action.GLOBAL_SEARCH"); 675 PackageParser.Package globalSearchPickerPackage = 676 getDefaultSystemHandlerActivityPackage(globalSearchIntent, userId); 677 678 if (globalSearchPickerPackage != null 679 && doesPackageSupportRuntimePermissions(globalSearchPickerPackage)) { 680 grantRuntimePermissions(globalSearchPickerPackage, 681 MICROPHONE_PERMISSIONS, false, userId); 682 grantRuntimePermissions(globalSearchPickerPackage, 683 LOCATION_PERMISSIONS, false, userId); 684 } 685 } 686 687 // Voice recognition 688 Intent voiceRecoIntent = new Intent("android.speech.RecognitionService"); 689 voiceRecoIntent.addCategory(Intent.CATEGORY_DEFAULT); 690 PackageParser.Package voiceRecoPackage = getDefaultSystemHandlerServicePackage( 691 voiceRecoIntent, userId); 692 if (voiceRecoPackage != null 693 && doesPackageSupportRuntimePermissions(voiceRecoPackage)) { 694 grantRuntimePermissions(voiceRecoPackage, MICROPHONE_PERMISSIONS, userId); 695 } 696 697 // Location 698 if (locationPackageNames != null) { 699 for (String packageName : locationPackageNames) { 700 PackageParser.Package locationPackage = getSystemPackage(packageName); 701 if (locationPackage != null 702 && doesPackageSupportRuntimePermissions(locationPackage)) { 703 grantRuntimePermissions(locationPackage, CONTACTS_PERMISSIONS, userId); 704 grantRuntimePermissions(locationPackage, CALENDAR_PERMISSIONS, userId); 705 grantRuntimePermissions(locationPackage, MICROPHONE_PERMISSIONS, userId); 706 grantRuntimePermissions(locationPackage, PHONE_PERMISSIONS, userId); 707 grantRuntimePermissions(locationPackage, SMS_PERMISSIONS, userId); 708 grantRuntimePermissions(locationPackage, LOCATION_PERMISSIONS, 709 true, userId); 710 grantRuntimePermissions(locationPackage, CAMERA_PERMISSIONS, userId); 711 grantRuntimePermissions(locationPackage, SENSORS_PERMISSIONS, userId); 712 grantRuntimePermissions(locationPackage, STORAGE_PERMISSIONS, userId); 713 } 714 } 715 } 716 717 // Music 718 Intent musicIntent = new Intent(Intent.ACTION_VIEW); 719 musicIntent.addCategory(Intent.CATEGORY_DEFAULT); 720 musicIntent.setDataAndType(Uri.fromFile(new File("foo.mp3")), 721 AUDIO_MIME_TYPE); 722 PackageParser.Package musicPackage = getDefaultSystemHandlerActivityPackage( 723 musicIntent, userId); 724 if (musicPackage != null 725 && doesPackageSupportRuntimePermissions(musicPackage)) { 726 grantRuntimePermissions(musicPackage, STORAGE_PERMISSIONS, userId); 727 } 728 729 // Home 730 Intent homeIntent = new Intent(Intent.ACTION_MAIN); 731 homeIntent.addCategory(Intent.CATEGORY_HOME); 732 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER_APP); 733 PackageParser.Package homePackage = getDefaultSystemHandlerActivityPackage( 734 homeIntent, userId); 735 if (homePackage != null 736 && doesPackageSupportRuntimePermissions(homePackage)) { 737 grantRuntimePermissions(homePackage, LOCATION_PERMISSIONS, false, userId); 738 } 739 740 // Watches 741 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0)) { 742 // Home application on watches 743 Intent wearHomeIntent = new Intent(Intent.ACTION_MAIN); 744 wearHomeIntent.addCategory(Intent.CATEGORY_HOME_MAIN); 745 746 PackageParser.Package wearHomePackage = getDefaultSystemHandlerActivityPackage( 747 wearHomeIntent, userId); 748 749 if (wearHomePackage != null 750 && doesPackageSupportRuntimePermissions(wearHomePackage)) { 751 grantRuntimePermissions(wearHomePackage, CONTACTS_PERMISSIONS, false, 752 userId); 753 grantRuntimePermissions(wearHomePackage, PHONE_PERMISSIONS, true, userId); 754 grantRuntimePermissions(wearHomePackage, MICROPHONE_PERMISSIONS, false, 755 userId); 756 grantRuntimePermissions(wearHomePackage, LOCATION_PERMISSIONS, false, 757 userId); 758 } 759 760 // Fitness tracking on watches 761 Intent trackIntent = new Intent(ACTION_TRACK); 762 PackageParser.Package trackPackage = getDefaultSystemHandlerActivityPackage( 763 trackIntent, userId); 764 if (trackPackage != null 765 && doesPackageSupportRuntimePermissions(trackPackage)) { 766 grantRuntimePermissions(trackPackage, SENSORS_PERMISSIONS, false, userId); 767 grantRuntimePermissions(trackPackage, LOCATION_PERMISSIONS, false, userId); 768 } 769 } 770 771 // Print Spooler 772 PackageParser.Package printSpoolerPackage = getSystemPackage( 773 PrintManager.PRINT_SPOOLER_PACKAGE_NAME); 774 if (printSpoolerPackage != null 775 && doesPackageSupportRuntimePermissions(printSpoolerPackage)) { 776 grantRuntimePermissions(printSpoolerPackage, LOCATION_PERMISSIONS, true, userId); 777 } 778 779 // EmergencyInfo 780 Intent emergencyInfoIntent = new Intent(TelephonyManager.ACTION_EMERGENCY_ASSISTANCE); 781 PackageParser.Package emergencyInfoPckg = getDefaultSystemHandlerActivityPackage( 782 emergencyInfoIntent, userId); 783 if (emergencyInfoPckg != null 784 && doesPackageSupportRuntimePermissions(emergencyInfoPckg)) { 785 grantRuntimePermissions(emergencyInfoPckg, CONTACTS_PERMISSIONS, true, userId); 786 grantRuntimePermissions(emergencyInfoPckg, PHONE_PERMISSIONS, true, userId); 787 } 788 789 // NFC Tag viewer 790 Intent nfcTagIntent = new Intent(Intent.ACTION_VIEW); 791 nfcTagIntent.setType("vnd.android.cursor.item/ndef_msg"); 792 PackageParser.Package nfcTagPkg = getDefaultSystemHandlerActivityPackage( 793 nfcTagIntent, userId); 794 if (nfcTagPkg != null 795 && doesPackageSupportRuntimePermissions(nfcTagPkg)) { 796 grantRuntimePermissions(nfcTagPkg, CONTACTS_PERMISSIONS, false, userId); 797 grantRuntimePermissions(nfcTagPkg, PHONE_PERMISSIONS, false, userId); 798 } 799 800 // Storage Manager 801 Intent storageManagerIntent = new Intent(StorageManager.ACTION_MANAGE_STORAGE); 802 PackageParser.Package storageManagerPckg = getDefaultSystemHandlerActivityPackage( 803 storageManagerIntent, userId); 804 if (storageManagerPckg != null 805 && doesPackageSupportRuntimePermissions(storageManagerPckg)) { 806 grantRuntimePermissions(storageManagerPckg, STORAGE_PERMISSIONS, true, userId); 807 } 808 809 // Companion devices 810 PackageParser.Package companionDeviceDiscoveryPackage = getSystemPackage( 811 CompanionDeviceManager.COMPANION_DEVICE_DISCOVERY_PACKAGE_NAME); 812 if (companionDeviceDiscoveryPackage != null 813 && doesPackageSupportRuntimePermissions(companionDeviceDiscoveryPackage)) { 814 grantRuntimePermissions(companionDeviceDiscoveryPackage, 815 LOCATION_PERMISSIONS, true, userId); 816 } 817 818 // Ringtone Picker 819 Intent ringtonePickerIntent = new Intent(RingtoneManager.ACTION_RINGTONE_PICKER); 820 PackageParser.Package ringtonePickerPackage = 821 getDefaultSystemHandlerActivityPackage(ringtonePickerIntent, userId); 822 if (ringtonePickerPackage != null 823 && doesPackageSupportRuntimePermissions(ringtonePickerPackage)) { 824 grantRuntimePermissions(ringtonePickerPackage, 825 STORAGE_PERMISSIONS, true, userId); 826 } 827 828 // TextClassifier Service 829 String textClassifierPackageName = 830 mContext.getPackageManager().getSystemTextClassifierPackageName(); 831 if (!TextUtils.isEmpty(textClassifierPackageName)) { 832 PackageParser.Package textClassifierPackage = 833 getSystemPackage(textClassifierPackageName); 834 if (textClassifierPackage != null 835 && doesPackageSupportRuntimePermissions(textClassifierPackage)) { 836 grantRuntimePermissions(textClassifierPackage, PHONE_PERMISSIONS, false, userId); 837 grantRuntimePermissions(textClassifierPackage, SMS_PERMISSIONS, false, userId); 838 grantRuntimePermissions(textClassifierPackage, CALENDAR_PERMISSIONS, false, userId); 839 grantRuntimePermissions(textClassifierPackage, LOCATION_PERMISSIONS, false, userId); 840 grantRuntimePermissions(textClassifierPackage, CONTACTS_PERMISSIONS, false, userId); 841 } 842 } 843 844 // There is no real "marker" interface to identify the shared storage backup, it is 845 // hardcoded in BackupManagerService.SHARED_BACKUP_AGENT_PACKAGE. 846 PackageParser.Package sharedStorageBackupPackage = getSystemPackage( 847 "com.android.sharedstoragebackup"); 848 if (sharedStorageBackupPackage != null) { 849 grantRuntimePermissions(sharedStorageBackupPackage, STORAGE_PERMISSIONS, true, userId); 850 } 851 852 if (mPermissionGrantedCallback != null) { 853 mPermissionGrantedCallback.onDefaultRuntimePermissionsGranted(userId); 854 } 855 } 856 857 private void grantDefaultPermissionsToDefaultSystemDialerApp( 858 PackageParser.Package dialerPackage, int userId) { 859 if (doesPackageSupportRuntimePermissions(dialerPackage)) { 860 boolean isPhonePermFixed = 861 mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0); 862 grantRuntimePermissions( 863 dialerPackage, PHONE_PERMISSIONS, isPhonePermFixed, userId); 864 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, userId); 865 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, userId); 866 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, userId); 867 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, userId); 868 } 869 } 870 871 private void grantDefaultPermissionsToDefaultSystemSmsApp( 872 PackageParser.Package smsPackage, int userId) { 873 if (doesPackageSupportRuntimePermissions(smsPackage)) { 874 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, userId); 875 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, userId); 876 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, userId); 877 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, userId); 878 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, userId); 879 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, userId); 880 } 881 } 882 883 private void grantDefaultPermissionsToDefaultSystemUseOpenWifiApp( 884 PackageParser.Package useOpenWifiPackage, int userId) { 885 if (doesPackageSupportRuntimePermissions(useOpenWifiPackage)) { 886 grantRuntimePermissions(useOpenWifiPackage, COARSE_LOCATION_PERMISSIONS, userId); 887 } 888 } 889 890 public void grantDefaultPermissionsToDefaultSmsApp(String packageName, int userId) { 891 Log.i(TAG, "Granting permissions to default sms app for user:" + userId); 892 if (packageName == null) { 893 return; 894 } 895 PackageParser.Package smsPackage = getPackage(packageName); 896 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) { 897 grantRuntimePermissions(smsPackage, PHONE_PERMISSIONS, false, true, userId); 898 grantRuntimePermissions(smsPackage, CONTACTS_PERMISSIONS, false, true, userId); 899 grantRuntimePermissions(smsPackage, SMS_PERMISSIONS, false, true, userId); 900 grantRuntimePermissions(smsPackage, STORAGE_PERMISSIONS, false, true, userId); 901 grantRuntimePermissions(smsPackage, MICROPHONE_PERMISSIONS, false, true, userId); 902 grantRuntimePermissions(smsPackage, CAMERA_PERMISSIONS, false, true, userId); 903 } 904 } 905 906 public void grantDefaultPermissionsToDefaultDialerApp(String packageName, int userId) { 907 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId); 908 if (packageName == null) { 909 return; 910 } 911 PackageParser.Package dialerPackage = getPackage(packageName); 912 if (dialerPackage != null 913 && doesPackageSupportRuntimePermissions(dialerPackage)) { 914 grantRuntimePermissions(dialerPackage, PHONE_PERMISSIONS, false, true, userId); 915 grantRuntimePermissions(dialerPackage, CONTACTS_PERMISSIONS, false, true, userId); 916 grantRuntimePermissions(dialerPackage, SMS_PERMISSIONS, false, true, userId); 917 grantRuntimePermissions(dialerPackage, MICROPHONE_PERMISSIONS, false, true, userId); 918 grantRuntimePermissions(dialerPackage, CAMERA_PERMISSIONS, false, true, userId); 919 } 920 } 921 922 public void grantDefaultPermissionsToDefaultUseOpenWifiApp(String packageName, int userId) { 923 Log.i(TAG, "Granting permissions to default Use Open WiFi app for user:" + userId); 924 if (packageName == null) { 925 return; 926 } 927 PackageParser.Package useOpenWifiPackage = getPackage(packageName); 928 if (useOpenWifiPackage != null 929 && doesPackageSupportRuntimePermissions(useOpenWifiPackage)) { 930 grantRuntimePermissions( 931 useOpenWifiPackage, COARSE_LOCATION_PERMISSIONS, false, true, userId); 932 } 933 } 934 935 private void grantDefaultPermissionsToDefaultSimCallManager( 936 PackageParser.Package simCallManagerPackage, int userId) { 937 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId); 938 if (doesPackageSupportRuntimePermissions(simCallManagerPackage)) { 939 grantRuntimePermissions(simCallManagerPackage, PHONE_PERMISSIONS, userId); 940 grantRuntimePermissions(simCallManagerPackage, MICROPHONE_PERMISSIONS, userId); 941 } 942 } 943 944 public void grantDefaultPermissionsToDefaultSimCallManager(String packageName, int userId) { 945 if (packageName == null) { 946 return; 947 } 948 PackageParser.Package simCallManagerPackage = getPackage(packageName); 949 if (simCallManagerPackage != null) { 950 grantDefaultPermissionsToDefaultSimCallManager(simCallManagerPackage, userId); 951 } 952 } 953 954 public void grantDefaultPermissionsToEnabledCarrierApps(String[] packageNames, int userId) { 955 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId); 956 if (packageNames == null) { 957 return; 958 } 959 for (String packageName : packageNames) { 960 PackageParser.Package carrierPackage = getSystemPackage(packageName); 961 if (carrierPackage != null 962 && doesPackageSupportRuntimePermissions(carrierPackage)) { 963 grantRuntimePermissions(carrierPackage, PHONE_PERMISSIONS, userId); 964 grantRuntimePermissions(carrierPackage, LOCATION_PERMISSIONS, userId); 965 grantRuntimePermissions(carrierPackage, SMS_PERMISSIONS, userId); 966 } 967 } 968 } 969 970 public void grantDefaultPermissionsToEnabledImsServices(String[] packageNames, int userId) { 971 Log.i(TAG, "Granting permissions to enabled ImsServices for user:" + userId); 972 if (packageNames == null) { 973 return; 974 } 975 for (String packageName : packageNames) { 976 PackageParser.Package imsServicePackage = getSystemPackage(packageName); 977 if (imsServicePackage != null 978 && doesPackageSupportRuntimePermissions(imsServicePackage)) { 979 grantRuntimePermissions(imsServicePackage, PHONE_PERMISSIONS, userId); 980 grantRuntimePermissions(imsServicePackage, MICROPHONE_PERMISSIONS, userId); 981 grantRuntimePermissions(imsServicePackage, LOCATION_PERMISSIONS, userId); 982 grantRuntimePermissions(imsServicePackage, CAMERA_PERMISSIONS, userId); 983 grantRuntimePermissions(imsServicePackage, CONTACTS_PERMISSIONS, userId); 984 } 985 } 986 } 987 988 public void grantDefaultPermissionsToEnabledTelephonyDataServices( 989 String[] packageNames, int userId) { 990 Log.i(TAG, "Granting permissions to enabled data services for user:" + userId); 991 if (packageNames == null) { 992 return; 993 } 994 for (String packageName : packageNames) { 995 PackageParser.Package dataServicePackage = getSystemPackage(packageName); 996 if (dataServicePackage != null 997 && doesPackageSupportRuntimePermissions(dataServicePackage)) { 998 // Grant these permissions as system-fixed, so that nobody can accidentally 999 // break cellular data. 1000 grantRuntimePermissions(dataServicePackage, PHONE_PERMISSIONS, true, userId); 1001 grantRuntimePermissions(dataServicePackage, LOCATION_PERMISSIONS, true, userId); 1002 } 1003 } 1004 } 1005 1006 public void revokeDefaultPermissionsFromDisabledTelephonyDataServices( 1007 String[] packageNames, int userId) { 1008 Log.i(TAG, "Revoking permissions from disabled data services for user:" + userId); 1009 if (packageNames == null) { 1010 return; 1011 } 1012 for (String packageName : packageNames) { 1013 PackageParser.Package dataServicePackage = getSystemPackage(packageName); 1014 if (dataServicePackage != null 1015 && doesPackageSupportRuntimePermissions(dataServicePackage)) { 1016 revokeRuntimePermissions(dataServicePackage, PHONE_PERMISSIONS, true, userId); 1017 revokeRuntimePermissions(dataServicePackage, LOCATION_PERMISSIONS, true, userId); 1018 } 1019 } 1020 } 1021 1022 public void grantDefaultPermissionsToActiveLuiApp(String packageName, int userId) { 1023 Log.i(TAG, "Granting permissions to active LUI app for user:" + userId); 1024 if (packageName == null) { 1025 return; 1026 } 1027 PackageParser.Package luiAppPackage = getSystemPackage(packageName); 1028 if (luiAppPackage != null 1029 && doesPackageSupportRuntimePermissions(luiAppPackage)) { 1030 grantRuntimePermissions(luiAppPackage, CAMERA_PERMISSIONS, true, userId); 1031 } 1032 } 1033 1034 public void revokeDefaultPermissionsFromLuiApps(String[] packageNames, int userId) { 1035 Log.i(TAG, "Revoke permissions from LUI apps for user:" + userId); 1036 if (packageNames == null) { 1037 return; 1038 } 1039 for (String packageName : packageNames) { 1040 PackageParser.Package luiAppPackage = getSystemPackage(packageName); 1041 if (luiAppPackage != null 1042 && doesPackageSupportRuntimePermissions(luiAppPackage)) { 1043 revokeRuntimePermissions(luiAppPackage, CAMERA_PERMISSIONS, true, userId); 1044 } 1045 } 1046 } 1047 1048 public void grantDefaultPermissionsToDefaultBrowser(String packageName, int userId) { 1049 Log.i(TAG, "Granting permissions to default browser for user:" + userId); 1050 if (packageName == null) { 1051 return; 1052 } 1053 PackageParser.Package browserPackage = getSystemPackage(packageName); 1054 if (browserPackage != null 1055 && doesPackageSupportRuntimePermissions(browserPackage)) { 1056 grantRuntimePermissions(browserPackage, LOCATION_PERMISSIONS, false, false, userId); 1057 } 1058 } 1059 1060 private PackageParser.Package getDefaultSystemHandlerActivityPackage( 1061 Intent intent, int userId) { 1062 ResolveInfo handler = mServiceInternal.resolveIntent(intent, 1063 intent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS, userId, false, 1064 Binder.getCallingUid()); 1065 if (handler == null || handler.activityInfo == null) { 1066 return null; 1067 } 1068 if (mServiceInternal.isResolveActivityComponent(handler.activityInfo)) { 1069 return null; 1070 } 1071 return getSystemPackage(handler.activityInfo.packageName); 1072 } 1073 1074 private PackageParser.Package getDefaultSystemHandlerServicePackage( 1075 Intent intent, int userId) { 1076 List<ResolveInfo> handlers = mServiceInternal.queryIntentServices( 1077 intent, DEFAULT_FLAGS, Binder.getCallingUid(), userId); 1078 if (handlers == null) { 1079 return null; 1080 } 1081 final int handlerCount = handlers.size(); 1082 for (int i = 0; i < handlerCount; i++) { 1083 ResolveInfo handler = handlers.get(i); 1084 PackageParser.Package handlerPackage = getSystemPackage( 1085 handler.serviceInfo.packageName); 1086 if (handlerPackage != null) { 1087 return handlerPackage; 1088 } 1089 } 1090 return null; 1091 } 1092 1093 private List<PackageParser.Package> getHeadlessSyncAdapterPackages( 1094 String[] syncAdapterPackageNames, int userId) { 1095 List<PackageParser.Package> syncAdapterPackages = new ArrayList<>(); 1096 1097 Intent homeIntent = new Intent(Intent.ACTION_MAIN); 1098 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER); 1099 1100 for (String syncAdapterPackageName : syncAdapterPackageNames) { 1101 homeIntent.setPackage(syncAdapterPackageName); 1102 1103 ResolveInfo homeActivity = mServiceInternal.resolveIntent(homeIntent, 1104 homeIntent.resolveType(mContext.getContentResolver()), DEFAULT_FLAGS, 1105 userId, false, Binder.getCallingUid()); 1106 if (homeActivity != null) { 1107 continue; 1108 } 1109 1110 PackageParser.Package syncAdapterPackage = getSystemPackage(syncAdapterPackageName); 1111 if (syncAdapterPackage != null) { 1112 syncAdapterPackages.add(syncAdapterPackage); 1113 } 1114 } 1115 1116 return syncAdapterPackages; 1117 } 1118 1119 private PackageParser.Package getDefaultProviderAuthorityPackage( 1120 String authority, int userId) { 1121 ProviderInfo provider = 1122 mServiceInternal.resolveContentProvider(authority, DEFAULT_FLAGS, userId); 1123 if (provider != null) { 1124 return getSystemPackage(provider.packageName); 1125 } 1126 return null; 1127 } 1128 1129 private PackageParser.Package getPackage(String packageName) { 1130 return mServiceInternal.getPackage(packageName); 1131 } 1132 1133 private PackageParser.Package getSystemPackage(String packageName) { 1134 PackageParser.Package pkg = getPackage(packageName); 1135 if (pkg != null && pkg.isSystem()) { 1136 return !isSysComponentOrPersistentPlatformSignedPrivApp(pkg) ? pkg : null; 1137 } 1138 return null; 1139 } 1140 1141 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions, 1142 int userId) { 1143 grantRuntimePermissions(pkg, permissions, false, false, userId); 1144 } 1145 1146 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions, 1147 boolean systemFixed, int userId) { 1148 grantRuntimePermissions(pkg, permissions, systemFixed, false, userId); 1149 } 1150 1151 private void revokeRuntimePermissions(PackageParser.Package pkg, Set<String> permissions, 1152 boolean systemFixed, int userId) { 1153 if (pkg.requestedPermissions.isEmpty()) { 1154 return; 1155 } 1156 Set<String> revokablePermissions = new ArraySet<>(pkg.requestedPermissions); 1157 1158 for (String permission : permissions) { 1159 // We can't revoke what wasn't requested. 1160 if (!revokablePermissions.contains(permission)) { 1161 continue; 1162 } 1163 1164 final int flags = mServiceInternal.getPermissionFlagsTEMP( 1165 permission, pkg.packageName, userId); 1166 1167 // We didn't get this through the default grant policy. Move along. 1168 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) == 0) { 1169 continue; 1170 } 1171 // We aren't going to clobber device policy with a DefaultGrant. 1172 if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) { 1173 continue; 1174 } 1175 // Do not revoke system fixed permissions unless caller set them that way; 1176 // there is no refcount for the number of sources of this, so there 1177 // should be at most one grantor doing SYSTEM_FIXED for any given package. 1178 if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 && !systemFixed) { 1179 continue; 1180 } 1181 mServiceInternal.revokeRuntimePermission(pkg.packageName, permission, userId, false); 1182 1183 if (DEBUG) { 1184 Log.i(TAG, "revoked " + (systemFixed ? "fixed " : "not fixed ") 1185 + permission + " to " + pkg.packageName); 1186 } 1187 1188 // Remove the GRANTED_BY_DEFAULT flag without touching the others. 1189 // Note that we do not revoke FLAG_PERMISSION_SYSTEM_FIXED. That bit remains 1190 // sticky once set. 1191 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName, 1192 PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT, 0, userId); 1193 } 1194 } 1195 1196 private void grantRuntimePermissions(PackageParser.Package pkg, Set<String> permissions, 1197 boolean systemFixed, boolean ignoreSystemPackage, int userId) { 1198 if (pkg.requestedPermissions.isEmpty()) { 1199 return; 1200 } 1201 1202 List<String> requestedPermissions = pkg.requestedPermissions; 1203 Set<String> grantablePermissions = null; 1204 1205 // In some cases, like for the Phone or SMS app, we grant permissions regardless 1206 // of if the version on the system image declares the permission as used since 1207 // selecting the app as the default for that function the user makes a deliberate 1208 // choice to grant this app the permissions needed to function. For all other 1209 // apps, (default grants on first boot and user creation) we don't grant default 1210 // permissions if the version on the system image does not declare them. 1211 if (!ignoreSystemPackage && pkg.isUpdatedSystemApp()) { 1212 final PackageParser.Package disabledPkg = 1213 mServiceInternal.getDisabledPackage(pkg.packageName); 1214 if (disabledPkg != null) { 1215 if (disabledPkg.requestedPermissions.isEmpty()) { 1216 return; 1217 } 1218 if (!requestedPermissions.equals(disabledPkg.requestedPermissions)) { 1219 grantablePermissions = new ArraySet<>(requestedPermissions); 1220 requestedPermissions = disabledPkg.requestedPermissions; 1221 } 1222 } 1223 } 1224 1225 final int grantablePermissionCount = requestedPermissions.size(); 1226 for (int i = 0; i < grantablePermissionCount; i++) { 1227 String permission = requestedPermissions.get(i); 1228 1229 // If there is a disabled system app it may request a permission the updated 1230 // version ot the data partition doesn't, In this case skip the permission. 1231 if (grantablePermissions != null && !grantablePermissions.contains(permission)) { 1232 continue; 1233 } 1234 1235 if (permissions.contains(permission)) { 1236 final int flags = mServiceInternal.getPermissionFlagsTEMP( 1237 permission, pkg.packageName, userId); 1238 1239 // If any flags are set to the permission, then it is either set in 1240 // its current state by the system or device/profile owner or the user. 1241 // In all these cases we do not want to clobber the current state. 1242 // Unless the caller wants to override user choices. The override is 1243 // to make sure we can grant the needed permission to the default 1244 // sms and phone apps after the user chooses this in the UI. 1245 if (flags == 0 || ignoreSystemPackage) { 1246 // Never clobber policy fixed permissions. 1247 // We must allow the grant of a system-fixed permission because 1248 // system-fixed is sticky, but the permission itself may be revoked. 1249 if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) { 1250 continue; 1251 } 1252 1253 mServiceInternal.grantRuntimePermission( 1254 pkg.packageName, permission, userId, false); 1255 if (DEBUG) { 1256 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ") 1257 + permission + " to default handler " + pkg.packageName); 1258 } 1259 1260 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT; 1261 if (systemFixed) { 1262 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; 1263 } 1264 1265 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName, 1266 newFlags, newFlags, userId); 1267 } 1268 1269 // If a component gets a permission for being the default handler A 1270 // and also default handler B, we grant the weaker grant form. 1271 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0 1272 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 1273 && !systemFixed) { 1274 if (DEBUG) { 1275 Log.i(TAG, "Granted not fixed " + permission + " to default handler " 1276 + pkg.packageName); 1277 } 1278 mServiceInternal.updatePermissionFlagsTEMP(permission, pkg.packageName, 1279 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, userId); 1280 } 1281 } 1282 } 1283 } 1284 1285 private boolean isSysComponentOrPersistentPlatformSignedPrivApp(PackageParser.Package pkg) { 1286 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) { 1287 return true; 1288 } 1289 if (!pkg.isPrivileged()) { 1290 return false; 1291 } 1292 final PackageParser.Package disabledPkg = 1293 mServiceInternal.getDisabledPackage(pkg.packageName); 1294 if (disabledPkg != null) { 1295 if ((disabledPkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 1296 return false; 1297 } 1298 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 1299 return false; 1300 } 1301 final String systemPackageName = mServiceInternal.getKnownPackageName( 1302 PackageManagerInternal.PACKAGE_SYSTEM, UserHandle.USER_SYSTEM); 1303 final PackageParser.Package systemPackage = getPackage(systemPackageName); 1304 return pkg.mSigningDetails.hasAncestorOrSelf(systemPackage.mSigningDetails) 1305 || systemPackage.mSigningDetails.checkCapability(pkg.mSigningDetails, 1306 PackageParser.SigningDetails.CertCapabilities.PERMISSION); 1307 } 1308 1309 private void grantDefaultPermissionExceptions(int userId) { 1310 mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS); 1311 1312 synchronized (mLock) { 1313 // mGrantExceptions is null only before the first read and then 1314 // it serves as a cache of the default grants that should be 1315 // performed for every user. If there is an entry then the app 1316 // is on the system image and supports runtime permissions. 1317 if (mGrantExceptions == null) { 1318 mGrantExceptions = readDefaultPermissionExceptionsLocked(); 1319 } 1320 } 1321 1322 Set<String> permissions = null; 1323 final int exceptionCount = mGrantExceptions.size(); 1324 for (int i = 0; i < exceptionCount; i++) { 1325 String packageName = mGrantExceptions.keyAt(i); 1326 PackageParser.Package pkg = getSystemPackage(packageName); 1327 List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i); 1328 final int permissionGrantCount = permissionGrants.size(); 1329 for (int j = 0; j < permissionGrantCount; j++) { 1330 DefaultPermissionGrant permissionGrant = permissionGrants.get(j); 1331 if (permissions == null) { 1332 permissions = new ArraySet<>(); 1333 } else { 1334 permissions.clear(); 1335 } 1336 permissions.add(permissionGrant.name); 1337 grantRuntimePermissions(pkg, permissions, 1338 permissionGrant.fixed, userId); 1339 } 1340 } 1341 } 1342 1343 private File[] getDefaultPermissionFiles() { 1344 ArrayList<File> ret = new ArrayList<File>(); 1345 File dir = new File(Environment.getRootDirectory(), "etc/default-permissions"); 1346 if (dir.isDirectory() && dir.canRead()) { 1347 Collections.addAll(ret, dir.listFiles()); 1348 } 1349 dir = new File(Environment.getVendorDirectory(), "etc/default-permissions"); 1350 if (dir.isDirectory() && dir.canRead()) { 1351 Collections.addAll(ret, dir.listFiles()); 1352 } 1353 dir = new File(Environment.getOdmDirectory(), "etc/default-permissions"); 1354 if (dir.isDirectory() && dir.canRead()) { 1355 Collections.addAll(ret, dir.listFiles()); 1356 } 1357 dir = new File(Environment.getProductDirectory(), "etc/default-permissions"); 1358 if (dir.isDirectory() && dir.canRead()) { 1359 Collections.addAll(ret, dir.listFiles()); 1360 } 1361 // For IoT devices, we check the oem partition for default permissions for each app. 1362 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) { 1363 dir = new File(Environment.getOemDirectory(), "etc/default-permissions"); 1364 if (dir.isDirectory() && dir.canRead()) { 1365 Collections.addAll(ret, dir.listFiles()); 1366 } 1367 } 1368 return ret.isEmpty() ? null : ret.toArray(new File[0]); 1369 } 1370 1371 private @NonNull ArrayMap<String, List<DefaultPermissionGrant>> 1372 readDefaultPermissionExceptionsLocked() { 1373 File[] files = getDefaultPermissionFiles(); 1374 if (files == null) { 1375 return new ArrayMap<>(0); 1376 } 1377 1378 ArrayMap<String, List<DefaultPermissionGrant>> grantExceptions = new ArrayMap<>(); 1379 1380 // Iterate over the files in the directory and scan .xml files 1381 for (File file : files) { 1382 if (!file.getPath().endsWith(".xml")) { 1383 Slog.i(TAG, "Non-xml file " + file 1384 + " in " + file.getParent() + " directory, ignoring"); 1385 continue; 1386 } 1387 if (!file.canRead()) { 1388 Slog.w(TAG, "Default permissions file " + file + " cannot be read"); 1389 continue; 1390 } 1391 try ( 1392 InputStream str = new BufferedInputStream(new FileInputStream(file)) 1393 ) { 1394 XmlPullParser parser = Xml.newPullParser(); 1395 parser.setInput(str, null); 1396 parse(parser, grantExceptions); 1397 } catch (XmlPullParserException | IOException e) { 1398 Slog.w(TAG, "Error reading default permissions file " + file, e); 1399 } 1400 } 1401 1402 return grantExceptions; 1403 } 1404 1405 private void parse(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>> 1406 outGrantExceptions) throws IOException, XmlPullParserException { 1407 final int outerDepth = parser.getDepth(); 1408 int type; 1409 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1410 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1411 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1412 continue; 1413 } 1414 if (TAG_EXCEPTIONS.equals(parser.getName())) { 1415 parseExceptions(parser, outGrantExceptions); 1416 } else { 1417 Log.e(TAG, "Unknown tag " + parser.getName()); 1418 } 1419 } 1420 } 1421 1422 private void parseExceptions(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>> 1423 outGrantExceptions) throws IOException, XmlPullParserException { 1424 final int outerDepth = parser.getDepth(); 1425 int type; 1426 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1427 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1428 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1429 continue; 1430 } 1431 if (TAG_EXCEPTION.equals(parser.getName())) { 1432 String packageName = parser.getAttributeValue(null, ATTR_PACKAGE); 1433 1434 List<DefaultPermissionGrant> packageExceptions = 1435 outGrantExceptions.get(packageName); 1436 if (packageExceptions == null) { 1437 // The package must be on the system image 1438 PackageParser.Package pkg = getSystemPackage(packageName); 1439 if (pkg == null) { 1440 Log.w(TAG, "Unknown package:" + packageName); 1441 XmlUtils.skipCurrentTag(parser); 1442 continue; 1443 } 1444 1445 // The package must support runtime permissions 1446 if (!doesPackageSupportRuntimePermissions(pkg)) { 1447 Log.w(TAG, "Skipping non supporting runtime permissions package:" 1448 + packageName); 1449 XmlUtils.skipCurrentTag(parser); 1450 continue; 1451 } 1452 packageExceptions = new ArrayList<>(); 1453 outGrantExceptions.put(packageName, packageExceptions); 1454 } 1455 1456 parsePermission(parser, packageExceptions); 1457 } else { 1458 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exceptions>"); 1459 } 1460 } 1461 } 1462 1463 private void parsePermission(XmlPullParser parser, List<DefaultPermissionGrant> 1464 outPackageExceptions) throws IOException, XmlPullParserException { 1465 final int outerDepth = parser.getDepth(); 1466 int type; 1467 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1468 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1469 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1470 continue; 1471 } 1472 1473 if (TAG_PERMISSION.contains(parser.getName())) { 1474 String name = parser.getAttributeValue(null, ATTR_NAME); 1475 if (name == null) { 1476 Log.w(TAG, "Mandatory name attribute missing for permission tag"); 1477 XmlUtils.skipCurrentTag(parser); 1478 continue; 1479 } 1480 1481 final boolean fixed = XmlUtils.readBooleanAttribute(parser, ATTR_FIXED); 1482 1483 DefaultPermissionGrant exception = new DefaultPermissionGrant(name, fixed); 1484 outPackageExceptions.add(exception); 1485 } else { 1486 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exception>"); 1487 } 1488 } 1489 } 1490 1491 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) { 1492 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1; 1493 } 1494 1495 private static final class DefaultPermissionGrant { 1496 final String name; 1497 final boolean fixed; 1498 1499 public DefaultPermissionGrant(String name, boolean fixed) { 1500 this.name = name; 1501 this.fixed = fixed; 1502 } 1503 } 1504 } 1505