1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.server.pm.permission; 18 19 import static android.os.Process.FIRST_APPLICATION_UID; 20 21 import android.Manifest; 22 import android.annotation.NonNull; 23 import android.annotation.Nullable; 24 import android.app.ActivityManager; 25 import android.app.AppOpsManager; 26 import android.app.DownloadManager; 27 import android.app.SearchManager; 28 import android.app.admin.DevicePolicyManager; 29 import android.companion.CompanionDeviceManager; 30 import android.content.Context; 31 import android.content.Intent; 32 import android.content.pm.ApplicationInfo; 33 import android.content.pm.PackageInfo; 34 import android.content.pm.PackageManager; 35 import android.content.pm.PackageManager.NameNotFoundException; 36 import android.content.pm.PackageManagerInternal; 37 import android.content.pm.PackageManagerInternal.PackagesProvider; 38 import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider; 39 import android.content.pm.PermissionInfo; 40 import android.content.pm.ProviderInfo; 41 import android.content.pm.ResolveInfo; 42 import android.media.RingtoneManager; 43 import android.net.Uri; 44 import android.os.Build; 45 import android.os.Environment; 46 import android.os.Handler; 47 import android.os.Looper; 48 import android.os.Message; 49 import android.os.UserHandle; 50 import android.os.storage.StorageManager; 51 import android.permission.PermissionManager; 52 import android.print.PrintManager; 53 import android.provider.CalendarContract; 54 import android.provider.ContactsContract; 55 import android.provider.MediaStore; 56 import android.provider.Telephony.Sms.Intents; 57 import android.security.Credentials; 58 import android.speech.RecognitionService; 59 import android.telephony.TelephonyManager; 60 import android.text.TextUtils; 61 import android.util.ArrayMap; 62 import android.util.ArraySet; 63 import android.util.Log; 64 import android.util.Slog; 65 import android.util.SparseIntArray; 66 import android.util.Xml; 67 68 import com.android.internal.annotations.GuardedBy; 69 import com.android.internal.util.ArrayUtils; 70 import com.android.internal.util.XmlUtils; 71 import com.android.server.LocalServices; 72 73 import org.xmlpull.v1.XmlPullParser; 74 import org.xmlpull.v1.XmlPullParserException; 75 76 import java.io.BufferedInputStream; 77 import java.io.File; 78 import java.io.FileInputStream; 79 import java.io.IOException; 80 import java.io.InputStream; 81 import java.util.ArrayList; 82 import java.util.Arrays; 83 import java.util.Collections; 84 import java.util.List; 85 import java.util.Map; 86 import java.util.Set; 87 88 /** 89 * This class is the policy for granting runtime permissions to 90 * platform components and default handlers in the system such 91 * that the device is usable out-of-the-box. For example, the 92 * shell UID is a part of the system and the Phone app should 93 * have phone related permission by default. 94 * <p> 95 * NOTE: This class is at the wrong abstraction level. It is a part of the package manager 96 * service but knows about lots of higher level subsystems. The correct way to do this is 97 * to have an interface defined in the package manager but have the impl next to other 98 * policy stuff like PhoneWindowManager 99 */ 100 public final class DefaultPermissionGrantPolicy { 101 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars 102 private static final boolean DEBUG = false; 103 104 @PackageManager.ResolveInfoFlags 105 private static final int DEFAULT_INTENT_QUERY_FLAGS = 106 PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE 107 | PackageManager.MATCH_UNINSTALLED_PACKAGES; 108 109 @PackageManager.PackageInfoFlags 110 private static final int DEFAULT_PACKAGE_INFO_QUERY_FLAGS = 111 PackageManager.MATCH_UNINSTALLED_PACKAGES 112 | PackageManager.MATCH_DISABLED_UNTIL_USED_COMPONENTS 113 | PackageManager.MATCH_HIDDEN_UNTIL_INSTALLED_COMPONENTS 114 | PackageManager.GET_PERMISSIONS; 115 116 private static final String AUDIO_MIME_TYPE = "audio/mpeg"; 117 118 private static final String TAG_EXCEPTIONS = "exceptions"; 119 private static final String TAG_EXCEPTION = "exception"; 120 private static final String TAG_PERMISSION = "permission"; 121 private static final String ATTR_PACKAGE = "package"; 122 private static final String ATTR_NAME = "name"; 123 private static final String ATTR_FIXED = "fixed"; 124 private static final String ATTR_WHITELISTED = "whitelisted"; 125 126 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>(); 127 128 129 static { 130 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE); 131 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE); 132 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG); 133 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG); 134 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL); 135 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP); 136 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS); 137 } 138 139 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>(); 140 static { 141 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS); 142 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS); 143 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS); 144 } 145 146 private static final Set<String> ALWAYS_LOCATION_PERMISSIONS = new ArraySet<>(); 147 static { 148 ALWAYS_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION); 149 ALWAYS_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION); 150 ALWAYS_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_BACKGROUND_LOCATION); 151 } 152 153 private static final Set<String> ACTIVITY_RECOGNITION_PERMISSIONS = new ArraySet<>(); 154 static { 155 ACTIVITY_RECOGNITION_PERMISSIONS.add(Manifest.permission.ACTIVITY_RECOGNITION); 156 } 157 158 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>(); 159 static { 160 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR); 161 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR); 162 } 163 164 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>(); 165 static { 166 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS); 167 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS); 168 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS); 169 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH); 170 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS); 171 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS); 172 } 173 174 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>(); 175 static { 176 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO); 177 } 178 179 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>(); 180 static { 181 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA); 182 } 183 184 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>(); 185 static { 186 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS); 187 } 188 189 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>(); 190 static { 191 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE); 192 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE); 193 } 194 195 private static final int MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS = 1; 196 197 private static final String ACTION_TRACK = "com.android.fitness.TRACK"; 198 199 private final Handler mHandler; 200 201 private PackagesProvider mLocationPackagesProvider; 202 private PackagesProvider mLocationExtraPackagesProvider; 203 private PackagesProvider mVoiceInteractionPackagesProvider; 204 private PackagesProvider mSmsAppPackagesProvider; 205 private PackagesProvider mDialerAppPackagesProvider; 206 private PackagesProvider mSimCallManagerPackagesProvider; 207 private PackagesProvider mUseOpenWifiAppPackagesProvider; 208 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider; 209 210 private ArrayMap<String, List<DefaultPermissionGrant>> mGrantExceptions; 211 private final Context mContext; 212 private final Object mLock = new Object(); 213 private final PackageManagerInternal mServiceInternal; 214 private final PermissionManagerService mPermissionManager; 215 216 @GuardedBy("mLock") 217 private SparseIntArray mDefaultPermissionsGrantedUsers = new SparseIntArray(); 218 DefaultPermissionGrantPolicy(Context context, Looper looper, @NonNull PermissionManagerService permissionManager)219 DefaultPermissionGrantPolicy(Context context, Looper looper, 220 @NonNull PermissionManagerService permissionManager) { 221 mContext = context; 222 mHandler = new Handler(looper) { 223 @Override 224 public void handleMessage(Message msg) { 225 if (msg.what == MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS) { 226 synchronized (mLock) { 227 if (mGrantExceptions == null) { 228 mGrantExceptions = readDefaultPermissionExceptionsLocked(); 229 } 230 } 231 } 232 } 233 }; 234 mPermissionManager = permissionManager; 235 mServiceInternal = LocalServices.getService(PackageManagerInternal.class); 236 } 237 setLocationPackagesProvider(PackagesProvider provider)238 public void setLocationPackagesProvider(PackagesProvider provider) { 239 synchronized (mLock) { 240 mLocationPackagesProvider = provider; 241 } 242 } 243 244 /** Sets the provider for loction extra packages. */ setLocationExtraPackagesProvider(PackagesProvider provider)245 public void setLocationExtraPackagesProvider(PackagesProvider provider) { 246 synchronized (mLock) { 247 mLocationExtraPackagesProvider = provider; 248 } 249 } 250 setVoiceInteractionPackagesProvider(PackagesProvider provider)251 public void setVoiceInteractionPackagesProvider(PackagesProvider provider) { 252 synchronized (mLock) { 253 mVoiceInteractionPackagesProvider = provider; 254 } 255 } 256 setSmsAppPackagesProvider(PackagesProvider provider)257 public void setSmsAppPackagesProvider(PackagesProvider provider) { 258 synchronized (mLock) { 259 mSmsAppPackagesProvider = provider; 260 } 261 } 262 setDialerAppPackagesProvider(PackagesProvider provider)263 public void setDialerAppPackagesProvider(PackagesProvider provider) { 264 synchronized (mLock) { 265 mDialerAppPackagesProvider = provider; 266 } 267 } 268 setSimCallManagerPackagesProvider(PackagesProvider provider)269 public void setSimCallManagerPackagesProvider(PackagesProvider provider) { 270 synchronized (mLock) { 271 mSimCallManagerPackagesProvider = provider; 272 } 273 } 274 setUseOpenWifiAppPackagesProvider(PackagesProvider provider)275 public void setUseOpenWifiAppPackagesProvider(PackagesProvider provider) { 276 synchronized (mLock) { 277 mUseOpenWifiAppPackagesProvider = provider; 278 } 279 } 280 setSyncAdapterPackagesProvider(SyncAdapterPackagesProvider provider)281 public void setSyncAdapterPackagesProvider(SyncAdapterPackagesProvider provider) { 282 synchronized (mLock) { 283 mSyncAdapterPackagesProvider = provider; 284 } 285 } 286 wereDefaultPermissionsGrantedSinceBoot(int userId)287 public boolean wereDefaultPermissionsGrantedSinceBoot(int userId) { 288 synchronized (mLock) { 289 return mDefaultPermissionsGrantedUsers.indexOfKey(userId) >= 0; 290 } 291 } 292 grantDefaultPermissions(int userId)293 public void grantDefaultPermissions(int userId) { 294 grantPermissionsToSysComponentsAndPrivApps(userId); 295 grantDefaultSystemHandlerPermissions(userId); 296 grantDefaultPermissionExceptions(userId); 297 synchronized (mLock) { 298 mDefaultPermissionsGrantedUsers.put(userId, userId); 299 } 300 } 301 grantRuntimePermissionsForSystemPackage(int userId, PackageInfo pkg)302 private void grantRuntimePermissionsForSystemPackage(int userId, PackageInfo pkg) { 303 Set<String> permissions = new ArraySet<>(); 304 for (String permission : pkg.requestedPermissions) { 305 final BasePermission bp = mPermissionManager.getPermission(permission); 306 if (bp == null) { 307 continue; 308 } 309 if (bp.isRuntime()) { 310 permissions.add(permission); 311 } 312 } 313 if (!permissions.isEmpty()) { 314 grantRuntimePermissions(pkg, permissions, true /*systemFixed*/, userId); 315 } 316 } 317 scheduleReadDefaultPermissionExceptions()318 public void scheduleReadDefaultPermissionExceptions() { 319 mHandler.sendEmptyMessage(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS); 320 } 321 grantPermissionsToSysComponentsAndPrivApps(int userId)322 private void grantPermissionsToSysComponentsAndPrivApps(int userId) { 323 Log.i(TAG, "Granting permissions to platform components for user " + userId); 324 List<PackageInfo> packages = mContext.getPackageManager().getInstalledPackagesAsUser( 325 DEFAULT_PACKAGE_INFO_QUERY_FLAGS, UserHandle.USER_SYSTEM); 326 for (PackageInfo pkg : packages) { 327 if (pkg == null) { 328 continue; 329 } 330 if (!isSysComponentOrPersistentPlatformSignedPrivApp(pkg) 331 || !doesPackageSupportRuntimePermissions(pkg) 332 || ArrayUtils.isEmpty(pkg.requestedPermissions)) { 333 continue; 334 } 335 grantRuntimePermissionsForSystemPackage(userId, pkg); 336 } 337 } 338 339 @SafeVarargs grantIgnoringSystemPackage(String packageName, int userId, Set<String>... permissionGroups)340 private final void grantIgnoringSystemPackage(String packageName, int userId, 341 Set<String>... permissionGroups) { 342 grantPermissionsToPackage(packageName, userId, true /* ignoreSystemPackage */, 343 true /*whitelistRestrictedPermissions*/, permissionGroups); 344 } 345 346 @SafeVarargs grantSystemFixedPermissionsToSystemPackage(String packageName, int userId, Set<String>... permissionGroups)347 private final void grantSystemFixedPermissionsToSystemPackage(String packageName, int userId, 348 Set<String>... permissionGroups) { 349 grantPermissionsToSystemPackage( 350 packageName, userId, true /* systemFixed */, permissionGroups); 351 } 352 353 @SafeVarargs grantPermissionsToSystemPackage( String packageName, int userId, Set<String>... permissionGroups)354 private final void grantPermissionsToSystemPackage( 355 String packageName, int userId, Set<String>... permissionGroups) { 356 grantPermissionsToSystemPackage( 357 packageName, userId, false /* systemFixed */, permissionGroups); 358 } 359 360 @SafeVarargs grantPermissionsToSystemPackage(String packageName, int userId, boolean systemFixed, Set<String>... permissionGroups)361 private final void grantPermissionsToSystemPackage(String packageName, int userId, 362 boolean systemFixed, Set<String>... permissionGroups) { 363 if (!isSystemPackage(packageName)) { 364 return; 365 } 366 grantPermissionsToPackage(getSystemPackageInfo(packageName), 367 userId, systemFixed, false /* ignoreSystemPackage */, 368 true /*whitelistRestrictedPermissions*/, permissionGroups); 369 } 370 371 @SafeVarargs grantPermissionsToPackage(String packageName, int userId, boolean ignoreSystemPackage, boolean whitelistRestrictedPermissions, Set<String>... permissionGroups)372 private final void grantPermissionsToPackage(String packageName, int userId, 373 boolean ignoreSystemPackage, boolean whitelistRestrictedPermissions, 374 Set<String>... permissionGroups) { 375 grantPermissionsToPackage(getPackageInfo(packageName), 376 userId, false /* systemFixed */, ignoreSystemPackage, 377 whitelistRestrictedPermissions, permissionGroups); 378 } 379 380 @SafeVarargs grantPermissionsToPackage(PackageInfo packageInfo, int userId, boolean systemFixed, boolean ignoreSystemPackage, boolean whitelistRestrictedPermissions, Set<String>... permissionGroups)381 private final void grantPermissionsToPackage(PackageInfo packageInfo, int userId, 382 boolean systemFixed, boolean ignoreSystemPackage, 383 boolean whitelistRestrictedPermissions, Set<String>... permissionGroups) { 384 if (packageInfo == null) { 385 return; 386 } 387 if (doesPackageSupportRuntimePermissions(packageInfo)) { 388 for (Set<String> permissionGroup : permissionGroups) { 389 grantRuntimePermissions(packageInfo, permissionGroup, systemFixed, 390 ignoreSystemPackage, whitelistRestrictedPermissions, userId); 391 } 392 } 393 } 394 grantDefaultSystemHandlerPermissions(int userId)395 private void grantDefaultSystemHandlerPermissions(int userId) { 396 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId); 397 398 final PackagesProvider locationPackagesProvider; 399 final PackagesProvider locationExtraPackagesProvider; 400 final PackagesProvider voiceInteractionPackagesProvider; 401 final PackagesProvider smsAppPackagesProvider; 402 final PackagesProvider dialerAppPackagesProvider; 403 final PackagesProvider simCallManagerPackagesProvider; 404 final PackagesProvider useOpenWifiAppPackagesProvider; 405 final SyncAdapterPackagesProvider syncAdapterPackagesProvider; 406 407 synchronized (mLock) { 408 locationPackagesProvider = mLocationPackagesProvider; 409 locationExtraPackagesProvider = mLocationExtraPackagesProvider; 410 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider; 411 smsAppPackagesProvider = mSmsAppPackagesProvider; 412 dialerAppPackagesProvider = mDialerAppPackagesProvider; 413 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider; 414 useOpenWifiAppPackagesProvider = mUseOpenWifiAppPackagesProvider; 415 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider; 416 } 417 418 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null) 419 ? voiceInteractionPackagesProvider.getPackages(userId) : null; 420 String[] locationPackageNames = (locationPackagesProvider != null) 421 ? locationPackagesProvider.getPackages(userId) : null; 422 String[] locationExtraPackageNames = (locationExtraPackagesProvider != null) 423 ? locationExtraPackagesProvider.getPackages(userId) : null; 424 String[] smsAppPackageNames = (smsAppPackagesProvider != null) 425 ? smsAppPackagesProvider.getPackages(userId) : null; 426 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null) 427 ? dialerAppPackagesProvider.getPackages(userId) : null; 428 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null) 429 ? simCallManagerPackagesProvider.getPackages(userId) : null; 430 String[] useOpenWifiAppPackageNames = (useOpenWifiAppPackagesProvider != null) 431 ? useOpenWifiAppPackagesProvider.getPackages(userId) : null; 432 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 433 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null; 434 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 435 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null; 436 437 // Installer 438 grantSystemFixedPermissionsToSystemPackage( 439 getKnownPackage(PackageManagerInternal.PACKAGE_INSTALLER, userId), 440 userId, STORAGE_PERMISSIONS); 441 442 // Verifier 443 final String verifier = getKnownPackage(PackageManagerInternal.PACKAGE_VERIFIER, userId); 444 grantSystemFixedPermissionsToSystemPackage(verifier, userId, STORAGE_PERMISSIONS); 445 grantPermissionsToSystemPackage(verifier, userId, PHONE_PERMISSIONS, SMS_PERMISSIONS); 446 447 // SetupWizard 448 grantPermissionsToSystemPackage( 449 getKnownPackage(PackageManagerInternal.PACKAGE_SETUP_WIZARD, userId), userId, 450 PHONE_PERMISSIONS, CONTACTS_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS, 451 CAMERA_PERMISSIONS); 452 453 // Camera 454 grantPermissionsToSystemPackage( 455 getDefaultSystemHandlerActivityPackage(MediaStore.ACTION_IMAGE_CAPTURE, userId), 456 userId, CAMERA_PERMISSIONS, MICROPHONE_PERMISSIONS, STORAGE_PERMISSIONS); 457 458 // Sound recorder 459 grantPermissionsToSystemPackage( 460 getDefaultSystemHandlerActivityPackage( 461 MediaStore.Audio.Media.RECORD_SOUND_ACTION, userId), 462 userId, MICROPHONE_PERMISSIONS); 463 464 // Media provider 465 grantSystemFixedPermissionsToSystemPackage( 466 getDefaultProviderAuthorityPackage(MediaStore.AUTHORITY, userId), userId, 467 STORAGE_PERMISSIONS, PHONE_PERMISSIONS); 468 469 // Downloads provider 470 grantSystemFixedPermissionsToSystemPackage( 471 getDefaultProviderAuthorityPackage("downloads", userId), userId, 472 STORAGE_PERMISSIONS); 473 474 // Downloads UI 475 grantSystemFixedPermissionsToSystemPackage( 476 getDefaultSystemHandlerActivityPackage( 477 DownloadManager.ACTION_VIEW_DOWNLOADS, userId), 478 userId, STORAGE_PERMISSIONS); 479 480 // Storage provider 481 grantSystemFixedPermissionsToSystemPackage( 482 getDefaultProviderAuthorityPackage("com.android.externalstorage.documents", userId), 483 userId, STORAGE_PERMISSIONS); 484 485 // CertInstaller 486 grantSystemFixedPermissionsToSystemPackage( 487 getDefaultSystemHandlerActivityPackage(Credentials.INSTALL_ACTION, userId), userId, 488 STORAGE_PERMISSIONS); 489 490 // Dialer 491 if (dialerAppPackageNames == null) { 492 String dialerPackage = 493 getDefaultSystemHandlerActivityPackage(Intent.ACTION_DIAL, userId); 494 grantDefaultPermissionsToDefaultSystemDialerApp(dialerPackage, userId); 495 } else { 496 for (String dialerAppPackageName : dialerAppPackageNames) { 497 grantDefaultPermissionsToDefaultSystemDialerApp(dialerAppPackageName, userId); 498 } 499 } 500 501 // Sim call manager 502 if (simCallManagerPackageNames != null) { 503 for (String simCallManagerPackageName : simCallManagerPackageNames) { 504 grantDefaultPermissionsToDefaultSystemSimCallManager( 505 simCallManagerPackageName, userId); 506 } 507 } 508 509 // Use Open Wifi 510 if (useOpenWifiAppPackageNames != null) { 511 for (String useOpenWifiPackageName : useOpenWifiAppPackageNames) { 512 grantDefaultPermissionsToDefaultSystemUseOpenWifiApp( 513 useOpenWifiPackageName, userId); 514 } 515 } 516 517 // SMS 518 if (smsAppPackageNames == null) { 519 String smsPackage = getDefaultSystemHandlerActivityPackageForCategory( 520 Intent.CATEGORY_APP_MESSAGING, userId); 521 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId); 522 } else { 523 for (String smsPackage : smsAppPackageNames) { 524 grantDefaultPermissionsToDefaultSystemSmsApp(smsPackage, userId); 525 } 526 } 527 528 // Cell Broadcast Receiver 529 grantSystemFixedPermissionsToSystemPackage( 530 getDefaultSystemHandlerActivityPackage(Intents.SMS_CB_RECEIVED_ACTION, userId), 531 userId, SMS_PERMISSIONS); 532 533 // Carrier Provisioning Service 534 grantPermissionsToSystemPackage( 535 getDefaultSystemHandlerServicePackage(Intents.SMS_CARRIER_PROVISION_ACTION, userId), 536 userId, SMS_PERMISSIONS); 537 538 // Calendar 539 grantPermissionsToSystemPackage( 540 getDefaultSystemHandlerActivityPackageForCategory( 541 Intent.CATEGORY_APP_CALENDAR, userId), 542 userId, CALENDAR_PERMISSIONS, CONTACTS_PERMISSIONS); 543 544 // Calendar provider 545 String calendarProvider = 546 getDefaultProviderAuthorityPackage(CalendarContract.AUTHORITY, userId); 547 grantPermissionsToSystemPackage(calendarProvider, userId, 548 CONTACTS_PERMISSIONS, STORAGE_PERMISSIONS); 549 grantSystemFixedPermissionsToSystemPackage(calendarProvider, userId, CALENDAR_PERMISSIONS); 550 551 // Calendar provider sync adapters 552 grantPermissionToEachSystemPackage( 553 getHeadlessSyncAdapterPackages(calendarSyncAdapterPackages, userId), 554 userId, CALENDAR_PERMISSIONS); 555 556 // Contacts 557 grantPermissionsToSystemPackage( 558 getDefaultSystemHandlerActivityPackageForCategory( 559 Intent.CATEGORY_APP_CONTACTS, userId), 560 userId, CONTACTS_PERMISSIONS, PHONE_PERMISSIONS); 561 562 // Contacts provider sync adapters 563 grantPermissionToEachSystemPackage( 564 getHeadlessSyncAdapterPackages(contactsSyncAdapterPackages, userId), 565 userId, CONTACTS_PERMISSIONS); 566 567 // Contacts provider 568 String contactsProviderPackage = 569 getDefaultProviderAuthorityPackage(ContactsContract.AUTHORITY, userId); 570 grantSystemFixedPermissionsToSystemPackage(contactsProviderPackage, userId, 571 CONTACTS_PERMISSIONS, PHONE_PERMISSIONS); 572 grantPermissionsToSystemPackage(contactsProviderPackage, userId, STORAGE_PERMISSIONS); 573 574 // Device provisioning 575 grantPermissionsToSystemPackage( 576 getDefaultSystemHandlerActivityPackage( 577 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE, userId), 578 userId, CONTACTS_PERMISSIONS); 579 580 // Maps 581 grantPermissionsToSystemPackage( 582 getDefaultSystemHandlerActivityPackageForCategory(Intent.CATEGORY_APP_MAPS, userId), 583 userId, ALWAYS_LOCATION_PERMISSIONS); 584 585 // Gallery 586 grantPermissionsToSystemPackage( 587 getDefaultSystemHandlerActivityPackageForCategory( 588 Intent.CATEGORY_APP_GALLERY, userId), 589 userId, STORAGE_PERMISSIONS); 590 591 // Email 592 grantPermissionsToSystemPackage( 593 getDefaultSystemHandlerActivityPackageForCategory( 594 Intent.CATEGORY_APP_EMAIL, userId), 595 userId, CONTACTS_PERMISSIONS, CALENDAR_PERMISSIONS); 596 597 // Browser 598 String browserPackage = getKnownPackage(PackageManagerInternal.PACKAGE_BROWSER, userId); 599 if (browserPackage == null) { 600 browserPackage = getDefaultSystemHandlerActivityPackageForCategory( 601 Intent.CATEGORY_APP_BROWSER, userId); 602 if (!isSystemPackage(browserPackage)) { 603 browserPackage = null; 604 } 605 } 606 grantPermissionsToPackage(browserPackage, userId, false /* ignoreSystemPackage */, 607 true /*whitelistRestrictedPermissions*/, ALWAYS_LOCATION_PERMISSIONS); 608 609 // Voice interaction 610 if (voiceInteractPackageNames != null) { 611 for (String voiceInteractPackageName : voiceInteractPackageNames) { 612 grantPermissionsToSystemPackage(voiceInteractPackageName, userId, 613 CONTACTS_PERMISSIONS, CALENDAR_PERMISSIONS, MICROPHONE_PERMISSIONS, 614 PHONE_PERMISSIONS, SMS_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS); 615 } 616 } 617 618 if (ActivityManager.isLowRamDeviceStatic()) { 619 // Allow voice search on low-ram devices 620 grantPermissionsToSystemPackage( 621 getDefaultSystemHandlerActivityPackage( 622 SearchManager.INTENT_ACTION_GLOBAL_SEARCH, userId), 623 userId, MICROPHONE_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS); 624 } 625 626 // Voice recognition 627 Intent voiceRecoIntent = new Intent(RecognitionService.SERVICE_INTERFACE) 628 .addCategory(Intent.CATEGORY_DEFAULT); 629 grantPermissionsToSystemPackage( 630 getDefaultSystemHandlerServicePackage(voiceRecoIntent, userId), userId, 631 MICROPHONE_PERMISSIONS); 632 633 // Location 634 if (locationPackageNames != null) { 635 for (String packageName : locationPackageNames) { 636 grantPermissionsToSystemPackage(packageName, userId, 637 CONTACTS_PERMISSIONS, CALENDAR_PERMISSIONS, MICROPHONE_PERMISSIONS, 638 PHONE_PERMISSIONS, SMS_PERMISSIONS, CAMERA_PERMISSIONS, 639 SENSORS_PERMISSIONS, STORAGE_PERMISSIONS); 640 grantSystemFixedPermissionsToSystemPackage(packageName, userId, 641 ALWAYS_LOCATION_PERMISSIONS, ACTIVITY_RECOGNITION_PERMISSIONS); 642 } 643 } 644 if (locationExtraPackageNames != null) { 645 // Also grant location permission to location extra packages. 646 for (String packageName : locationExtraPackageNames) { 647 grantPermissionsToSystemPackage(packageName, userId, ALWAYS_LOCATION_PERMISSIONS); 648 } 649 } 650 651 // Music 652 Intent musicIntent = new Intent(Intent.ACTION_VIEW) 653 .addCategory(Intent.CATEGORY_DEFAULT) 654 .setDataAndType(Uri.fromFile(new File("foo.mp3")), AUDIO_MIME_TYPE); 655 grantPermissionsToSystemPackage( 656 getDefaultSystemHandlerActivityPackage(musicIntent, userId), userId, 657 STORAGE_PERMISSIONS); 658 659 // Home 660 Intent homeIntent = new Intent(Intent.ACTION_MAIN) 661 .addCategory(Intent.CATEGORY_HOME) 662 .addCategory(Intent.CATEGORY_LAUNCHER_APP); 663 grantPermissionsToSystemPackage( 664 getDefaultSystemHandlerActivityPackage(homeIntent, userId), userId, 665 ALWAYS_LOCATION_PERMISSIONS); 666 667 // Watches 668 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0)) { 669 // Home application on watches 670 671 String wearPackage = getDefaultSystemHandlerActivityPackageForCategory( 672 Intent.CATEGORY_HOME_MAIN, userId); 673 grantPermissionsToSystemPackage(wearPackage, userId, 674 CONTACTS_PERMISSIONS, MICROPHONE_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS); 675 grantSystemFixedPermissionsToSystemPackage(wearPackage, userId, PHONE_PERMISSIONS); 676 677 // Fitness tracking on watches 678 grantPermissionsToSystemPackage( 679 getDefaultSystemHandlerActivityPackage(ACTION_TRACK, userId), userId, 680 SENSORS_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS); 681 } 682 683 // Print Spooler 684 grantSystemFixedPermissionsToSystemPackage(PrintManager.PRINT_SPOOLER_PACKAGE_NAME, userId, 685 ALWAYS_LOCATION_PERMISSIONS); 686 687 // EmergencyInfo 688 grantSystemFixedPermissionsToSystemPackage( 689 getDefaultSystemHandlerActivityPackage( 690 TelephonyManager.ACTION_EMERGENCY_ASSISTANCE, userId), 691 userId, CONTACTS_PERMISSIONS, PHONE_PERMISSIONS); 692 693 // NFC Tag viewer 694 Intent nfcTagIntent = new Intent(Intent.ACTION_VIEW) 695 .setType("vnd.android.cursor.item/ndef_msg"); 696 grantPermissionsToSystemPackage( 697 getDefaultSystemHandlerActivityPackage(nfcTagIntent, userId), userId, 698 CONTACTS_PERMISSIONS, PHONE_PERMISSIONS); 699 700 // Storage Manager 701 grantSystemFixedPermissionsToSystemPackage( 702 getDefaultSystemHandlerActivityPackage( 703 StorageManager.ACTION_MANAGE_STORAGE, userId), 704 userId, STORAGE_PERMISSIONS); 705 706 // Companion devices 707 grantSystemFixedPermissionsToSystemPackage( 708 CompanionDeviceManager.COMPANION_DEVICE_DISCOVERY_PACKAGE_NAME, userId, 709 ALWAYS_LOCATION_PERMISSIONS); 710 711 // Ringtone Picker 712 grantSystemFixedPermissionsToSystemPackage( 713 getDefaultSystemHandlerActivityPackage( 714 RingtoneManager.ACTION_RINGTONE_PICKER, userId), 715 userId, STORAGE_PERMISSIONS); 716 717 // TextClassifier Service 718 String textClassifierPackageName = 719 mContext.getPackageManager().getSystemTextClassifierPackageName(); 720 if (!TextUtils.isEmpty(textClassifierPackageName)) { 721 grantPermissionsToSystemPackage(textClassifierPackageName, userId, 722 PHONE_PERMISSIONS, SMS_PERMISSIONS, CALENDAR_PERMISSIONS, 723 ALWAYS_LOCATION_PERMISSIONS, CONTACTS_PERMISSIONS); 724 } 725 726 // Atthention Service 727 String attentionServicePackageName = 728 mContext.getPackageManager().getAttentionServicePackageName(); 729 if (!TextUtils.isEmpty(attentionServicePackageName)) { 730 grantPermissionsToSystemPackage(attentionServicePackageName, userId, 731 CAMERA_PERMISSIONS); 732 } 733 734 // There is no real "marker" interface to identify the shared storage backup, it is 735 // hardcoded in BackupManagerService.SHARED_BACKUP_AGENT_PACKAGE. 736 grantSystemFixedPermissionsToSystemPackage("com.android.sharedstoragebackup", userId, 737 STORAGE_PERMISSIONS); 738 739 // System Captions Service 740 String systemCaptionsServicePackageName = 741 mContext.getPackageManager().getSystemCaptionsServicePackageName(); 742 if (!TextUtils.isEmpty(systemCaptionsServicePackageName)) { 743 grantPermissionsToSystemPackage(systemCaptionsServicePackageName, userId, 744 MICROPHONE_PERMISSIONS); 745 } 746 } 747 getDefaultSystemHandlerActivityPackageForCategory(String category, int userId)748 private String getDefaultSystemHandlerActivityPackageForCategory(String category, int userId) { 749 return getDefaultSystemHandlerActivityPackage( 750 new Intent(Intent.ACTION_MAIN).addCategory(category), userId); 751 } 752 753 @SafeVarargs grantPermissionToEachSystemPackage( ArrayList<String> packages, int userId, Set<String>... permissions)754 private final void grantPermissionToEachSystemPackage( 755 ArrayList<String> packages, int userId, Set<String>... permissions) { 756 if (packages == null) return; 757 final int count = packages.size(); 758 for (int i = 0; i < count; i++) { 759 grantPermissionsToSystemPackage(packages.get(i), userId, permissions); 760 } 761 } 762 getKnownPackage(int knownPkgId, int userId)763 private String getKnownPackage(int knownPkgId, int userId) { 764 return mServiceInternal.getKnownPackageName(knownPkgId, userId); 765 } 766 grantDefaultPermissionsToDefaultSystemDialerApp( String dialerPackage, int userId)767 private void grantDefaultPermissionsToDefaultSystemDialerApp( 768 String dialerPackage, int userId) { 769 if (dialerPackage == null) { 770 return; 771 } 772 boolean isPhonePermFixed = 773 mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0); 774 if (isPhonePermFixed) { 775 grantSystemFixedPermissionsToSystemPackage(dialerPackage, userId, PHONE_PERMISSIONS); 776 } else { 777 grantPermissionsToSystemPackage(dialerPackage, userId, PHONE_PERMISSIONS); 778 } 779 grantPermissionsToSystemPackage(dialerPackage, userId, 780 CONTACTS_PERMISSIONS, SMS_PERMISSIONS, MICROPHONE_PERMISSIONS, CAMERA_PERMISSIONS); 781 } 782 grantDefaultPermissionsToDefaultSystemSmsApp(String smsPackage, int userId)783 private void grantDefaultPermissionsToDefaultSystemSmsApp(String smsPackage, int userId) { 784 grantPermissionsToSystemPackage(smsPackage, userId, 785 PHONE_PERMISSIONS, CONTACTS_PERMISSIONS, SMS_PERMISSIONS, 786 STORAGE_PERMISSIONS, MICROPHONE_PERMISSIONS, CAMERA_PERMISSIONS); 787 } 788 grantDefaultPermissionsToDefaultSystemUseOpenWifiApp( String useOpenWifiPackage, int userId)789 private void grantDefaultPermissionsToDefaultSystemUseOpenWifiApp( 790 String useOpenWifiPackage, int userId) { 791 grantPermissionsToSystemPackage(useOpenWifiPackage, userId, ALWAYS_LOCATION_PERMISSIONS); 792 } 793 grantDefaultPermissionsToDefaultUseOpenWifiApp(String packageName, int userId)794 public void grantDefaultPermissionsToDefaultUseOpenWifiApp(String packageName, int userId) { 795 Log.i(TAG, "Granting permissions to default Use Open WiFi app for user:" + userId); 796 grantIgnoringSystemPackage(packageName, userId, ALWAYS_LOCATION_PERMISSIONS); 797 } 798 grantDefaultPermissionsToDefaultSimCallManager(String packageName, int userId)799 public void grantDefaultPermissionsToDefaultSimCallManager(String packageName, int userId) { 800 if (packageName == null) { 801 return; 802 } 803 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId); 804 grantPermissionsToPackage(packageName, userId, false /* ignoreSystemPackage */, 805 true /*whitelistRestrictedPermissions*/, PHONE_PERMISSIONS, MICROPHONE_PERMISSIONS); 806 } 807 grantDefaultPermissionsToDefaultSystemSimCallManager( String packageName, int userId)808 private void grantDefaultPermissionsToDefaultSystemSimCallManager( 809 String packageName, int userId) { 810 if (isSystemPackage(packageName)) { 811 grantDefaultPermissionsToDefaultSimCallManager(packageName, userId); 812 } 813 } 814 grantDefaultPermissionsToEnabledCarrierApps(String[] packageNames, int userId)815 public void grantDefaultPermissionsToEnabledCarrierApps(String[] packageNames, int userId) { 816 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId); 817 if (packageNames == null) { 818 return; 819 } 820 for (String packageName : packageNames) { 821 grantPermissionsToSystemPackage(packageName, userId, 822 PHONE_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS, SMS_PERMISSIONS); 823 } 824 } 825 grantDefaultPermissionsToEnabledImsServices(String[] packageNames, int userId)826 public void grantDefaultPermissionsToEnabledImsServices(String[] packageNames, int userId) { 827 Log.i(TAG, "Granting permissions to enabled ImsServices for user:" + userId); 828 if (packageNames == null) { 829 return; 830 } 831 for (String packageName : packageNames) { 832 grantPermissionsToSystemPackage(packageName, userId, 833 PHONE_PERMISSIONS, MICROPHONE_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS, 834 CAMERA_PERMISSIONS, CONTACTS_PERMISSIONS); 835 } 836 } 837 grantDefaultPermissionsToEnabledTelephonyDataServices( String[] packageNames, int userId)838 public void grantDefaultPermissionsToEnabledTelephonyDataServices( 839 String[] packageNames, int userId) { 840 Log.i(TAG, "Granting permissions to enabled data services for user:" + userId); 841 if (packageNames == null) { 842 return; 843 } 844 for (String packageName : packageNames) { 845 // Grant these permissions as system-fixed, so that nobody can accidentally 846 // break cellular data. 847 grantSystemFixedPermissionsToSystemPackage(packageName, userId, 848 PHONE_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS); 849 } 850 } 851 revokeDefaultPermissionsFromDisabledTelephonyDataServices( String[] packageNames, int userId)852 public void revokeDefaultPermissionsFromDisabledTelephonyDataServices( 853 String[] packageNames, int userId) { 854 Log.i(TAG, "Revoking permissions from disabled data services for user:" + userId); 855 if (packageNames == null) { 856 return; 857 } 858 for (String packageName : packageNames) { 859 PackageInfo pkg = getSystemPackageInfo(packageName); 860 if (isSystemPackage(pkg) && doesPackageSupportRuntimePermissions(pkg)) { 861 revokeRuntimePermissions(packageName, PHONE_PERMISSIONS, true, userId); 862 revokeRuntimePermissions(packageName, ALWAYS_LOCATION_PERMISSIONS, true, userId); 863 } 864 } 865 } 866 grantDefaultPermissionsToActiveLuiApp(String packageName, int userId)867 public void grantDefaultPermissionsToActiveLuiApp(String packageName, int userId) { 868 Log.i(TAG, "Granting permissions to active LUI app for user:" + userId); 869 grantSystemFixedPermissionsToSystemPackage(packageName, userId, CAMERA_PERMISSIONS); 870 } 871 revokeDefaultPermissionsFromLuiApps(String[] packageNames, int userId)872 public void revokeDefaultPermissionsFromLuiApps(String[] packageNames, int userId) { 873 Log.i(TAG, "Revoke permissions from LUI apps for user:" + userId); 874 if (packageNames == null) { 875 return; 876 } 877 for (String packageName : packageNames) { 878 PackageInfo pkg = getSystemPackageInfo(packageName); 879 if (isSystemPackage(pkg) && doesPackageSupportRuntimePermissions(pkg)) { 880 revokeRuntimePermissions(packageName, CAMERA_PERMISSIONS, true, userId); 881 } 882 } 883 } 884 grantDefaultPermissionsToDefaultBrowser(String packageName, int userId)885 public void grantDefaultPermissionsToDefaultBrowser(String packageName, int userId) { 886 Log.i(TAG, "Granting permissions to default browser for user:" + userId); 887 grantPermissionsToSystemPackage(packageName, userId, ALWAYS_LOCATION_PERMISSIONS); 888 } 889 getDefaultSystemHandlerActivityPackage(String intentAction, int userId)890 private String getDefaultSystemHandlerActivityPackage(String intentAction, int userId) { 891 return getDefaultSystemHandlerActivityPackage(new Intent(intentAction), userId); 892 } 893 getDefaultSystemHandlerActivityPackage(Intent intent, int userId)894 private String getDefaultSystemHandlerActivityPackage(Intent intent, int userId) { 895 ResolveInfo handler = mContext.getPackageManager().resolveActivityAsUser( 896 intent, DEFAULT_INTENT_QUERY_FLAGS, userId); 897 if (handler == null || handler.activityInfo == null) { 898 return null; 899 } 900 if (mServiceInternal.isResolveActivityComponent(handler.activityInfo)) { 901 return null; 902 } 903 String packageName = handler.activityInfo.packageName; 904 return isSystemPackage(packageName) ? packageName : null; 905 } 906 getDefaultSystemHandlerServicePackage(String intentAction, int userId)907 private String getDefaultSystemHandlerServicePackage(String intentAction, int userId) { 908 return getDefaultSystemHandlerServicePackage(new Intent(intentAction), userId); 909 } 910 getDefaultSystemHandlerServicePackage( Intent intent, int userId)911 private String getDefaultSystemHandlerServicePackage( 912 Intent intent, int userId) { 913 List<ResolveInfo> handlers = mContext.getPackageManager().queryIntentServicesAsUser( 914 intent, DEFAULT_INTENT_QUERY_FLAGS, userId); 915 if (handlers == null) { 916 return null; 917 } 918 final int handlerCount = handlers.size(); 919 for (int i = 0; i < handlerCount; i++) { 920 ResolveInfo handler = handlers.get(i); 921 String handlerPackage = handler.serviceInfo.packageName; 922 if (isSystemPackage(handlerPackage)) { 923 return handlerPackage; 924 } 925 } 926 return null; 927 } 928 getHeadlessSyncAdapterPackages( String[] syncAdapterPackageNames, int userId)929 private ArrayList<String> getHeadlessSyncAdapterPackages( 930 String[] syncAdapterPackageNames, int userId) { 931 ArrayList<String> syncAdapterPackages = new ArrayList<>(); 932 933 Intent homeIntent = new Intent(Intent.ACTION_MAIN).addCategory(Intent.CATEGORY_LAUNCHER); 934 935 for (String syncAdapterPackageName : syncAdapterPackageNames) { 936 homeIntent.setPackage(syncAdapterPackageName); 937 938 ResolveInfo homeActivity = mContext.getPackageManager().resolveActivityAsUser( 939 homeIntent, DEFAULT_INTENT_QUERY_FLAGS, userId); 940 if (homeActivity != null) { 941 continue; 942 } 943 944 if (isSystemPackage(syncAdapterPackageName)) { 945 syncAdapterPackages.add(syncAdapterPackageName); 946 } 947 } 948 949 return syncAdapterPackages; 950 } 951 getDefaultProviderAuthorityPackage(String authority, int userId)952 private String getDefaultProviderAuthorityPackage(String authority, int userId) { 953 ProviderInfo provider = mContext.getPackageManager().resolveContentProviderAsUser( 954 authority, DEFAULT_INTENT_QUERY_FLAGS, userId); 955 if (provider != null) { 956 return provider.packageName; 957 } 958 return null; 959 } 960 isSystemPackage(String packageName)961 private boolean isSystemPackage(String packageName) { 962 return isSystemPackage(getPackageInfo(packageName)); 963 } 964 isSystemPackage(PackageInfo pkg)965 private boolean isSystemPackage(PackageInfo pkg) { 966 if (pkg == null) { 967 return false; 968 } 969 return pkg.applicationInfo.isSystemApp() 970 && !isSysComponentOrPersistentPlatformSignedPrivApp(pkg); 971 } 972 grantRuntimePermissions(PackageInfo pkg, Set<String> permissions, boolean systemFixed, int userId)973 private void grantRuntimePermissions(PackageInfo pkg, Set<String> permissions, 974 boolean systemFixed, int userId) { 975 grantRuntimePermissions(pkg, permissions, systemFixed, false, 976 true /*whitelistRestrictedPermissions*/, userId); 977 } 978 revokeRuntimePermissions(String packageName, Set<String> permissions, boolean systemFixed, int userId)979 private void revokeRuntimePermissions(String packageName, Set<String> permissions, 980 boolean systemFixed, int userId) { 981 PackageInfo pkg = getSystemPackageInfo(packageName); 982 if (ArrayUtils.isEmpty(pkg.requestedPermissions)) { 983 return; 984 } 985 Set<String> revokablePermissions = new ArraySet<>(Arrays.asList(pkg.requestedPermissions)); 986 987 for (String permission : permissions) { 988 // We can't revoke what wasn't requested. 989 if (!revokablePermissions.contains(permission)) { 990 continue; 991 } 992 993 UserHandle user = UserHandle.of(userId); 994 final int flags = mContext.getPackageManager() 995 .getPermissionFlags(permission, packageName, user); 996 997 // We didn't get this through the default grant policy. Move along. 998 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) == 0) { 999 continue; 1000 } 1001 // We aren't going to clobber device policy with a DefaultGrant. 1002 if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) { 1003 continue; 1004 } 1005 // Do not revoke system fixed permissions unless caller set them that way; 1006 // there is no refcount for the number of sources of this, so there 1007 // should be at most one grantor doing SYSTEM_FIXED for any given package. 1008 if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 && !systemFixed) { 1009 continue; 1010 } 1011 mContext.getPackageManager().revokeRuntimePermission(packageName, permission, user); 1012 1013 if (DEBUG) { 1014 Log.i(TAG, "revoked " + (systemFixed ? "fixed " : "not fixed ") 1015 + permission + " to " + packageName); 1016 } 1017 1018 // Remove the GRANTED_BY_DEFAULT flag without touching the others. 1019 // Note that we do not revoke FLAG_PERMISSION_SYSTEM_FIXED. That bit remains 1020 // sticky once set. 1021 mContext.getPackageManager().updatePermissionFlags(permission, packageName, 1022 PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT, 0, user); 1023 } 1024 } 1025 1026 /** 1027 * Check if a permission is already fixed or is set by the user. 1028 * 1029 * <p>A permission should not be set by the default policy if the user or other policies already 1030 * set the permission. 1031 * 1032 * @param flags The flags of the permission 1033 * 1034 * @return {@code true} iff the permission can be set without violating a policy of the users 1035 * intention 1036 */ isFixedOrUserSet(int flags)1037 private boolean isFixedOrUserSet(int flags) { 1038 return (flags & (PackageManager.FLAG_PERMISSION_USER_SET 1039 | PackageManager.FLAG_PERMISSION_USER_FIXED 1040 | PackageManager.FLAG_PERMISSION_POLICY_FIXED 1041 | PackageManager.FLAG_PERMISSION_SYSTEM_FIXED)) != 0; 1042 } 1043 1044 /** 1045 * Return the background permission for a permission. 1046 * 1047 * @param permission The name of the foreground permission 1048 * 1049 * @return The name of the background permission or {@code null} if the permission has no 1050 * background permission 1051 */ getBackgroundPermission(@onNull String permission)1052 private @Nullable String getBackgroundPermission(@NonNull String permission) { 1053 try { 1054 return mContext.getPackageManager().getPermissionInfo(permission, 1055 0).backgroundPermission; 1056 } catch (NameNotFoundException e) { 1057 return null; 1058 } 1059 } 1060 grantRuntimePermissions(PackageInfo pkg, Set<String> permissionsWithoutSplits, boolean systemFixed, boolean ignoreSystemPackage, boolean whitelistRestrictedPermissions, int userId)1061 private void grantRuntimePermissions(PackageInfo pkg, Set<String> permissionsWithoutSplits, 1062 boolean systemFixed, boolean ignoreSystemPackage, 1063 boolean whitelistRestrictedPermissions, int userId) { 1064 UserHandle user = UserHandle.of(userId); 1065 if (pkg == null) { 1066 return; 1067 } 1068 1069 String[] requestedPermissions = pkg.requestedPermissions; 1070 if (ArrayUtils.isEmpty(requestedPermissions)) { 1071 return; 1072 } 1073 1074 // Intersect the requestedPermissions for a factory image with that of its current update 1075 // in case the latter one removed a <uses-permission> 1076 String[] requestedByNonSystemPackage = getPackageInfo(pkg.packageName).requestedPermissions; 1077 int size = requestedPermissions.length; 1078 for (int i = 0; i < size; i++) { 1079 if (!ArrayUtils.contains(requestedByNonSystemPackage, requestedPermissions[i])) { 1080 requestedPermissions[i] = null; 1081 } 1082 } 1083 requestedPermissions = ArrayUtils.filterNotNull(requestedPermissions, String[]::new); 1084 1085 PackageManager pm; 1086 try { 1087 pm = mContext.createPackageContextAsUser(mContext.getPackageName(), 0, 1088 user).getPackageManager(); 1089 } catch (NameNotFoundException doesNotHappen) { 1090 throw new IllegalStateException(doesNotHappen); 1091 } 1092 1093 final ArraySet<String> permissions = new ArraySet<>(permissionsWithoutSplits); 1094 ApplicationInfo applicationInfo = pkg.applicationInfo; 1095 1096 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT; 1097 if (systemFixed) { 1098 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; 1099 } 1100 1101 // Automatically attempt to grant split permissions to older APKs 1102 final List<PermissionManager.SplitPermissionInfo> splitPermissions = 1103 mContext.getSystemService(PermissionManager.class).getSplitPermissions(); 1104 final int numSplitPerms = splitPermissions.size(); 1105 for (int splitPermNum = 0; splitPermNum < numSplitPerms; splitPermNum++) { 1106 final PermissionManager.SplitPermissionInfo splitPerm = 1107 splitPermissions.get(splitPermNum); 1108 1109 if (applicationInfo != null 1110 && applicationInfo.targetSdkVersion < splitPerm.getTargetSdk() 1111 && permissionsWithoutSplits.contains(splitPerm.getSplitPermission())) { 1112 permissions.addAll(splitPerm.getNewPermissions()); 1113 } 1114 } 1115 1116 Set<String> grantablePermissions = null; 1117 1118 // In some cases, like for the Phone or SMS app, we grant permissions regardless 1119 // of if the version on the system image declares the permission as used since 1120 // selecting the app as the default for that function the user makes a deliberate 1121 // choice to grant this app the permissions needed to function. For all other 1122 // apps, (default grants on first boot and user creation) we don't grant default 1123 // permissions if the version on the system image does not declare them. 1124 if (!ignoreSystemPackage 1125 && applicationInfo != null 1126 && applicationInfo.isUpdatedSystemApp()) { 1127 final PackageInfo disabledPkg = getSystemPackageInfo( 1128 mServiceInternal.getDisabledSystemPackageName(pkg.packageName)); 1129 if (disabledPkg != null) { 1130 if (ArrayUtils.isEmpty(disabledPkg.requestedPermissions)) { 1131 return; 1132 } 1133 if (!Arrays.equals(requestedPermissions, disabledPkg.requestedPermissions)) { 1134 grantablePermissions = new ArraySet<>(Arrays.asList(requestedPermissions)); 1135 requestedPermissions = disabledPkg.requestedPermissions; 1136 } 1137 } 1138 } 1139 1140 final int numRequestedPermissions = requestedPermissions.length; 1141 1142 // Sort requested permissions so that all permissions that are a foreground permission (i.e. 1143 // permissions that have a background permission) are before their background permissions. 1144 final String[] sortedRequestedPermissions = new String[numRequestedPermissions]; 1145 int numForeground = 0; 1146 int numOther = 0; 1147 for (int i = 0; i < numRequestedPermissions; i++) { 1148 String permission = requestedPermissions[i]; 1149 if (getBackgroundPermission(permission) != null) { 1150 sortedRequestedPermissions[numForeground] = permission; 1151 numForeground++; 1152 } else { 1153 sortedRequestedPermissions[numRequestedPermissions - 1 - numOther] = 1154 permission; 1155 numOther++; 1156 } 1157 } 1158 1159 for (int requestedPermissionNum = 0; requestedPermissionNum < numRequestedPermissions; 1160 requestedPermissionNum++) { 1161 String permission = requestedPermissions[requestedPermissionNum]; 1162 1163 // If there is a disabled system app it may request a permission the updated 1164 // version ot the data partition doesn't, In this case skip the permission. 1165 if (grantablePermissions != null && !grantablePermissions.contains(permission)) { 1166 continue; 1167 } 1168 1169 if (permissions.contains(permission)) { 1170 final int flags = mContext.getPackageManager().getPermissionFlags( 1171 permission, pkg.packageName, user); 1172 1173 // If we are trying to grant as system fixed and already system fixed 1174 // then the system can change the system fixed grant state. 1175 final boolean changingGrantForSystemFixed = systemFixed 1176 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0; 1177 1178 // Certain flags imply that the permission's current state by the system or 1179 // device/profile owner or the user. In these cases we do not want to clobber the 1180 // current state. 1181 // 1182 // Unless the caller wants to override user choices. The override is 1183 // to make sure we can grant the needed permission to the default 1184 // sms and phone apps after the user chooses this in the UI. 1185 if (!isFixedOrUserSet(flags) || ignoreSystemPackage 1186 || changingGrantForSystemFixed) { 1187 // Never clobber policy fixed permissions. 1188 // We must allow the grant of a system-fixed permission because 1189 // system-fixed is sticky, but the permission itself may be revoked. 1190 if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) { 1191 continue; 1192 } 1193 1194 // Preserve whitelisting flags. 1195 newFlags |= (flags & PackageManager.FLAGS_PERMISSION_RESTRICTION_ANY_EXEMPT); 1196 1197 // If we are whitelisting the permission, update the exempt flag before grant. 1198 if (whitelistRestrictedPermissions && isPermissionRestricted(permission)) { 1199 mContext.getPackageManager().updatePermissionFlags(permission, 1200 pkg.packageName, 1201 PackageManager.FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT, 1202 PackageManager.FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT, user); 1203 } 1204 1205 // If the system tries to change a system fixed permission from one fixed 1206 // state to another we need to drop the fixed flag to allow the grant. 1207 if (changingGrantForSystemFixed) { 1208 mContext.getPackageManager().updatePermissionFlags(permission, 1209 pkg.packageName, flags, 1210 flags & ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, user); 1211 } 1212 1213 if (pm.checkPermission(permission, pkg.packageName) 1214 != PackageManager.PERMISSION_GRANTED) { 1215 mContext.getPackageManager() 1216 .grantRuntimePermission(pkg.packageName, permission, user); 1217 } 1218 1219 mContext.getPackageManager().updatePermissionFlags(permission, pkg.packageName, 1220 newFlags, newFlags, user); 1221 1222 int uid = UserHandle.getUid(userId, 1223 UserHandle.getAppId(pkg.applicationInfo.uid)); 1224 1225 List<String> fgPerms = mPermissionManager.getBackgroundPermissions() 1226 .get(permission); 1227 if (fgPerms != null) { 1228 int numFgPerms = fgPerms.size(); 1229 for (int fgPermNum = 0; fgPermNum < numFgPerms; fgPermNum++) { 1230 String fgPerm = fgPerms.get(fgPermNum); 1231 1232 if (pm.checkPermission(fgPerm, pkg.packageName) 1233 == PackageManager.PERMISSION_GRANTED) { 1234 // Upgrade the app-op state of the fg permission to allow bg access 1235 // TODO: Dont' call app ops from package manager code. 1236 mContext.getSystemService(AppOpsManager.class).setUidMode( 1237 AppOpsManager.permissionToOp(fgPerm), uid, 1238 AppOpsManager.MODE_ALLOWED); 1239 1240 break; 1241 } 1242 } 1243 } 1244 1245 String bgPerm = getBackgroundPermission(permission); 1246 String op = AppOpsManager.permissionToOp(permission); 1247 if (bgPerm == null) { 1248 if (op != null) { 1249 // TODO: Dont' call app ops from package manager code. 1250 mContext.getSystemService(AppOpsManager.class).setUidMode(op, uid, 1251 AppOpsManager.MODE_ALLOWED); 1252 } 1253 } else { 1254 int mode; 1255 if (pm.checkPermission(bgPerm, pkg.packageName) 1256 == PackageManager.PERMISSION_GRANTED) { 1257 mode = AppOpsManager.MODE_ALLOWED; 1258 } else { 1259 mode = AppOpsManager.MODE_FOREGROUND; 1260 } 1261 1262 mContext.getSystemService(AppOpsManager.class).setUidMode(op, uid, mode); 1263 } 1264 1265 if (DEBUG) { 1266 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ") 1267 + permission + " to default handler " + pkg); 1268 1269 int appOp = AppOpsManager.permissionToOpCode(permission); 1270 if (appOp != AppOpsManager.OP_NONE 1271 && AppOpsManager.opToDefaultMode(appOp) 1272 != AppOpsManager.MODE_ALLOWED) { 1273 // Permission has a corresponding appop which is not allowed by default 1274 // We must allow it as well, as it's usually checked alongside the 1275 // permission 1276 if (DEBUG) { 1277 Log.i(TAG, "Granting OP_" + AppOpsManager.opToName(appOp) 1278 + " to " + pkg.packageName); 1279 } 1280 mContext.getSystemService(AppOpsManager.class).setUidMode( 1281 appOp, pkg.applicationInfo.uid, AppOpsManager.MODE_ALLOWED); 1282 } 1283 } 1284 } 1285 1286 // If a component gets a permission for being the default handler A 1287 // and also default handler B, we grant the weaker grant form. 1288 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0 1289 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 1290 && !systemFixed) { 1291 if (DEBUG) { 1292 Log.i(TAG, "Granted not fixed " + permission + " to default handler " 1293 + pkg); 1294 } 1295 mContext.getPackageManager().updatePermissionFlags(permission, pkg.packageName, 1296 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, user); 1297 } 1298 } 1299 } 1300 } 1301 getSystemPackageInfo(String pkg)1302 private PackageInfo getSystemPackageInfo(String pkg) { 1303 return getPackageInfo(pkg, PackageManager.MATCH_SYSTEM_ONLY); 1304 } 1305 getPackageInfo(String pkg)1306 private PackageInfo getPackageInfo(String pkg) { 1307 return getPackageInfo(pkg, 0 /* extraFlags */); 1308 } 1309 getPackageInfo(String pkg, @PackageManager.PackageInfoFlags int extraFlags)1310 private PackageInfo getPackageInfo(String pkg, 1311 @PackageManager.PackageInfoFlags int extraFlags) { 1312 if (pkg == null) { 1313 return null; 1314 } 1315 try { 1316 return mContext.getPackageManager().getPackageInfo(pkg, 1317 DEFAULT_PACKAGE_INFO_QUERY_FLAGS | extraFlags); 1318 } catch (NameNotFoundException e) { 1319 Slog.e(TAG, "PackageNot found: " + pkg, e); 1320 return null; 1321 } 1322 } 1323 isSysComponentOrPersistentPlatformSignedPrivApp(PackageInfo pkg)1324 private boolean isSysComponentOrPersistentPlatformSignedPrivApp(PackageInfo pkg) { 1325 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) { 1326 return true; 1327 } 1328 if (!pkg.applicationInfo.isPrivilegedApp()) { 1329 return false; 1330 } 1331 final PackageInfo disabledPkg = getSystemPackageInfo( 1332 mServiceInternal.getDisabledSystemPackageName(pkg.applicationInfo.packageName)); 1333 if (disabledPkg != null) { 1334 ApplicationInfo disabledPackageAppInfo = disabledPkg.applicationInfo; 1335 if (disabledPackageAppInfo != null 1336 && (disabledPackageAppInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 1337 return false; 1338 } 1339 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 1340 return false; 1341 } 1342 return mServiceInternal.isPlatformSigned(pkg.packageName); 1343 } 1344 grantDefaultPermissionExceptions(int userId)1345 private void grantDefaultPermissionExceptions(int userId) { 1346 mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS); 1347 1348 synchronized (mLock) { 1349 // mGrantExceptions is null only before the first read and then 1350 // it serves as a cache of the default grants that should be 1351 // performed for every user. If there is an entry then the app 1352 // is on the system image and supports runtime permissions. 1353 if (mGrantExceptions == null) { 1354 mGrantExceptions = readDefaultPermissionExceptionsLocked(); 1355 } 1356 } 1357 1358 Set<String> permissions = null; 1359 final int exceptionCount = mGrantExceptions.size(); 1360 for (int i = 0; i < exceptionCount; i++) { 1361 String packageName = mGrantExceptions.keyAt(i); 1362 PackageInfo pkg = getSystemPackageInfo(packageName); 1363 List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i); 1364 final int permissionGrantCount = permissionGrants.size(); 1365 for (int j = 0; j < permissionGrantCount; j++) { 1366 DefaultPermissionGrant permissionGrant = permissionGrants.get(j); 1367 if (!isPermissionDangerous(permissionGrant.name)) { 1368 Log.w(TAG, "Ignoring permission " + permissionGrant.name 1369 + " which isn't dangerous"); 1370 continue; 1371 } 1372 if (permissions == null) { 1373 permissions = new ArraySet<>(); 1374 } else { 1375 permissions.clear(); 1376 } 1377 permissions.add(permissionGrant.name); 1378 1379 1380 grantRuntimePermissions(pkg, permissions, permissionGrant.fixed, 1381 permissionGrant.whitelisted, true /*whitelistRestrictedPermissions*/, 1382 userId); 1383 } 1384 } 1385 } 1386 getDefaultPermissionFiles()1387 private File[] getDefaultPermissionFiles() { 1388 ArrayList<File> ret = new ArrayList<File>(); 1389 File dir = new File(Environment.getRootDirectory(), "etc/default-permissions"); 1390 if (dir.isDirectory() && dir.canRead()) { 1391 Collections.addAll(ret, dir.listFiles()); 1392 } 1393 dir = new File(Environment.getVendorDirectory(), "etc/default-permissions"); 1394 if (dir.isDirectory() && dir.canRead()) { 1395 Collections.addAll(ret, dir.listFiles()); 1396 } 1397 dir = new File(Environment.getOdmDirectory(), "etc/default-permissions"); 1398 if (dir.isDirectory() && dir.canRead()) { 1399 Collections.addAll(ret, dir.listFiles()); 1400 } 1401 dir = new File(Environment.getProductDirectory(), "etc/default-permissions"); 1402 if (dir.isDirectory() && dir.canRead()) { 1403 Collections.addAll(ret, dir.listFiles()); 1404 } 1405 dir = new File(Environment.getProductServicesDirectory(), 1406 "etc/default-permissions"); 1407 if (dir.isDirectory() && dir.canRead()) { 1408 Collections.addAll(ret, dir.listFiles()); 1409 } 1410 // For IoT devices, we check the oem partition for default permissions for each app. 1411 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) { 1412 dir = new File(Environment.getOemDirectory(), "etc/default-permissions"); 1413 if (dir.isDirectory() && dir.canRead()) { 1414 Collections.addAll(ret, dir.listFiles()); 1415 } 1416 } 1417 return ret.isEmpty() ? null : ret.toArray(new File[0]); 1418 } 1419 1420 private @NonNull ArrayMap<String, List<DefaultPermissionGrant>> readDefaultPermissionExceptionsLocked()1421 readDefaultPermissionExceptionsLocked() { 1422 File[] files = getDefaultPermissionFiles(); 1423 if (files == null) { 1424 return new ArrayMap<>(0); 1425 } 1426 1427 ArrayMap<String, List<DefaultPermissionGrant>> grantExceptions = new ArrayMap<>(); 1428 1429 // Iterate over the files in the directory and scan .xml files 1430 for (File file : files) { 1431 if (!file.getPath().endsWith(".xml")) { 1432 Slog.i(TAG, "Non-xml file " + file 1433 + " in " + file.getParent() + " directory, ignoring"); 1434 continue; 1435 } 1436 if (!file.canRead()) { 1437 Slog.w(TAG, "Default permissions file " + file + " cannot be read"); 1438 continue; 1439 } 1440 try ( 1441 InputStream str = new BufferedInputStream(new FileInputStream(file)) 1442 ) { 1443 XmlPullParser parser = Xml.newPullParser(); 1444 parser.setInput(str, null); 1445 parse(parser, grantExceptions); 1446 } catch (XmlPullParserException | IOException e) { 1447 Slog.w(TAG, "Error reading default permissions file " + file, e); 1448 } 1449 } 1450 1451 return grantExceptions; 1452 } 1453 parse(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>> outGrantExceptions)1454 private void parse(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>> 1455 outGrantExceptions) throws IOException, XmlPullParserException { 1456 final int outerDepth = parser.getDepth(); 1457 int type; 1458 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1459 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1460 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1461 continue; 1462 } 1463 if (TAG_EXCEPTIONS.equals(parser.getName())) { 1464 parseExceptions(parser, outGrantExceptions); 1465 } else { 1466 Log.e(TAG, "Unknown tag " + parser.getName()); 1467 } 1468 } 1469 } 1470 parseExceptions(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>> outGrantExceptions)1471 private void parseExceptions(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>> 1472 outGrantExceptions) throws IOException, XmlPullParserException { 1473 final int outerDepth = parser.getDepth(); 1474 int type; 1475 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1476 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1477 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1478 continue; 1479 } 1480 if (TAG_EXCEPTION.equals(parser.getName())) { 1481 String packageName = parser.getAttributeValue(null, ATTR_PACKAGE); 1482 1483 List<DefaultPermissionGrant> packageExceptions = 1484 outGrantExceptions.get(packageName); 1485 if (packageExceptions == null) { 1486 // The package must be on the system image 1487 PackageInfo packageInfo = getSystemPackageInfo(packageName); 1488 1489 if (packageInfo == null) { 1490 Log.w(TAG, "No such package:" + packageName); 1491 XmlUtils.skipCurrentTag(parser); 1492 continue; 1493 } 1494 1495 if (!isSystemPackage(packageInfo)) { 1496 Log.w(TAG, "Unknown system package:" + packageName); 1497 XmlUtils.skipCurrentTag(parser); 1498 continue; 1499 } 1500 1501 // The package must support runtime permissions 1502 if (!doesPackageSupportRuntimePermissions(packageInfo)) { 1503 Log.w(TAG, "Skipping non supporting runtime permissions package:" 1504 + packageName); 1505 XmlUtils.skipCurrentTag(parser); 1506 continue; 1507 } 1508 packageExceptions = new ArrayList<>(); 1509 outGrantExceptions.put(packageName, packageExceptions); 1510 } 1511 1512 parsePermission(parser, packageExceptions); 1513 } else { 1514 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exceptions>"); 1515 } 1516 } 1517 } 1518 parsePermission(XmlPullParser parser, List<DefaultPermissionGrant> outPackageExceptions)1519 private void parsePermission(XmlPullParser parser, List<DefaultPermissionGrant> 1520 outPackageExceptions) throws IOException, XmlPullParserException { 1521 final int outerDepth = parser.getDepth(); 1522 int type; 1523 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1524 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1525 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1526 continue; 1527 } 1528 1529 if (TAG_PERMISSION.contains(parser.getName())) { 1530 String name = parser.getAttributeValue(null, ATTR_NAME); 1531 if (name == null) { 1532 Log.w(TAG, "Mandatory name attribute missing for permission tag"); 1533 XmlUtils.skipCurrentTag(parser); 1534 continue; 1535 } 1536 1537 final boolean fixed = XmlUtils.readBooleanAttribute(parser, ATTR_FIXED); 1538 final boolean whitelisted = XmlUtils.readBooleanAttribute(parser, ATTR_WHITELISTED); 1539 1540 DefaultPermissionGrant exception = new DefaultPermissionGrant( 1541 name, fixed, whitelisted); 1542 outPackageExceptions.add(exception); 1543 } else { 1544 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exception>"); 1545 } 1546 } 1547 } 1548 doesPackageSupportRuntimePermissions(PackageInfo pkg)1549 private static boolean doesPackageSupportRuntimePermissions(PackageInfo pkg) { 1550 return pkg.applicationInfo != null 1551 && pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1; 1552 } 1553 isPermissionRestricted(String name)1554 private boolean isPermissionRestricted(String name) { 1555 try { 1556 return mContext.getPackageManager().getPermissionInfo(name, 0).isRestricted(); 1557 } catch (NameNotFoundException e) { 1558 return false; 1559 } 1560 } 1561 isPermissionDangerous(String name)1562 private boolean isPermissionDangerous(String name) { 1563 try { 1564 final PermissionInfo pi = mContext.getPackageManager().getPermissionInfo(name, 0); 1565 return (pi.getProtection() == PermissionInfo.PROTECTION_DANGEROUS); 1566 } catch (NameNotFoundException e) { 1567 // When unknown assume it's dangerous to be on the safe side 1568 return true; 1569 } 1570 } 1571 1572 private static final class DefaultPermissionGrant { 1573 final String name; 1574 final boolean fixed; 1575 final boolean whitelisted; 1576 DefaultPermissionGrant(String name, boolean fixed, boolean whitelisted)1577 public DefaultPermissionGrant(String name, boolean fixed, 1578 boolean whitelisted) { 1579 this.name = name; 1580 this.fixed = fixed; 1581 this.whitelisted = whitelisted; 1582 } 1583 } 1584 } 1585