1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.server.pm.permission; 18 19 import static android.os.Process.FIRST_APPLICATION_UID; 20 21 import android.Manifest; 22 import android.annotation.NonNull; 23 import android.annotation.Nullable; 24 import android.annotation.UserIdInt; 25 import android.app.ActivityManager; 26 import android.app.DownloadManager; 27 import android.app.SearchManager; 28 import android.app.admin.DevicePolicyManager; 29 import android.companion.CompanionDeviceManager; 30 import android.content.Context; 31 import android.content.Intent; 32 import android.content.pm.ApplicationInfo; 33 import android.content.pm.PackageInfo; 34 import android.content.pm.PackageManager; 35 import android.content.pm.PackageManager.NameNotFoundException; 36 import android.content.pm.PackageManagerInternal; 37 import android.content.pm.PermissionInfo; 38 import android.content.pm.ProviderInfo; 39 import android.content.pm.ResolveInfo; 40 import android.media.RingtoneManager; 41 import android.media.midi.MidiManager; 42 import android.net.Uri; 43 import android.os.Build; 44 import android.os.Environment; 45 import android.os.Handler; 46 import android.os.HandlerThread; 47 import android.os.Message; 48 import android.os.Process; 49 import android.os.UserHandle; 50 import android.os.storage.StorageManager; 51 import android.permission.PermissionManager; 52 import android.print.PrintManager; 53 import android.provider.CalendarContract; 54 import android.provider.ContactsContract; 55 import android.provider.MediaStore; 56 import android.provider.Telephony.Sms.Intents; 57 import android.security.Credentials; 58 import android.speech.RecognitionService; 59 import android.telephony.TelephonyManager; 60 import android.util.ArrayMap; 61 import android.util.ArraySet; 62 import android.util.Log; 63 import android.util.Slog; 64 import android.util.SparseArray; 65 import android.util.TypedXmlPullParser; 66 import android.util.Xml; 67 68 import com.android.internal.R; 69 import com.android.internal.util.ArrayUtils; 70 import com.android.internal.util.XmlUtils; 71 import com.android.server.LocalServices; 72 import com.android.server.ServiceThread; 73 import com.android.server.pm.KnownPackages; 74 import com.android.server.pm.permission.LegacyPermissionManagerInternal.PackagesProvider; 75 import com.android.server.pm.permission.LegacyPermissionManagerInternal.SyncAdapterPackagesProvider; 76 77 import org.xmlpull.v1.XmlPullParser; 78 import org.xmlpull.v1.XmlPullParserException; 79 80 import java.io.File; 81 import java.io.FileInputStream; 82 import java.io.IOException; 83 import java.io.InputStream; 84 import java.util.ArrayList; 85 import java.util.Arrays; 86 import java.util.Collections; 87 import java.util.List; 88 import java.util.Map; 89 import java.util.Set; 90 91 /** 92 * This class is the policy for granting runtime permissions to 93 * platform components and default handlers in the system such 94 * that the device is usable out-of-the-box. For example, the 95 * shell UID is a part of the system and the Phone app should 96 * have phone related permission by default. 97 * <p> 98 * NOTE: This class is at the wrong abstraction level. It is a part of the package manager 99 * service but knows about lots of higher level subsystems. The correct way to do this is 100 * to have an interface defined in the package manager but have the impl next to other 101 * policy stuff like PhoneWindowManager 102 */ 103 final class DefaultPermissionGrantPolicy { 104 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars 105 private static final boolean DEBUG = false; 106 107 @PackageManager.ResolveInfoFlagsBits 108 private static final int DEFAULT_INTENT_QUERY_FLAGS = 109 PackageManager.MATCH_DIRECT_BOOT_AWARE | PackageManager.MATCH_DIRECT_BOOT_UNAWARE 110 | PackageManager.MATCH_UNINSTALLED_PACKAGES; 111 112 @PackageManager.PackageInfoFlagsBits 113 private static final int DEFAULT_PACKAGE_INFO_QUERY_FLAGS = 114 PackageManager.MATCH_UNINSTALLED_PACKAGES 115 | PackageManager.MATCH_DISABLED_UNTIL_USED_COMPONENTS 116 | PackageManager.MATCH_HIDDEN_UNTIL_INSTALLED_COMPONENTS 117 | PackageManager.GET_PERMISSIONS; 118 119 private static final String AUDIO_MIME_TYPE = "audio/mpeg"; 120 121 private static final String TAG_EXCEPTIONS = "exceptions"; 122 private static final String TAG_EXCEPTION = "exception"; 123 private static final String TAG_PERMISSION = "permission"; 124 private static final String ATTR_PACKAGE = "package"; 125 private static final String ATTR_NAME = "name"; 126 private static final String ATTR_FIXED = "fixed"; 127 private static final String ATTR_WHITELISTED = "whitelisted"; 128 129 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>(); 130 131 132 static { 133 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE); 134 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE); 135 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG); 136 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG); 137 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL); 138 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP); 139 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS); 140 } 141 142 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>(); 143 static { 144 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS); 145 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS); 146 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS); 147 } 148 149 private static final Set<String> ALWAYS_LOCATION_PERMISSIONS = new ArraySet<>(); 150 static { 151 ALWAYS_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION); 152 ALWAYS_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION); 153 ALWAYS_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_BACKGROUND_LOCATION); 154 } 155 156 private static final Set<String> FOREGROUND_LOCATION_PERMISSIONS = new ArraySet<>(); 157 static { 158 FOREGROUND_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION); 159 FOREGROUND_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION); 160 } 161 162 private static final Set<String> COARSE_BACKGROUND_LOCATION_PERMISSIONS = new ArraySet<>(); 163 static { 164 COARSE_BACKGROUND_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION); 165 COARSE_BACKGROUND_LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_BACKGROUND_LOCATION); 166 } 167 168 private static final Set<String> ACTIVITY_RECOGNITION_PERMISSIONS = new ArraySet<>(); 169 static { 170 ACTIVITY_RECOGNITION_PERMISSIONS.add(Manifest.permission.ACTIVITY_RECOGNITION); 171 } 172 173 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>(); 174 static { 175 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR); 176 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR); 177 } 178 179 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>(); 180 static { 181 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS); 182 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS); 183 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS); 184 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH); 185 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS); 186 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS); 187 } 188 189 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>(); 190 static { 191 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO); 192 } 193 194 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>(); 195 static { 196 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA); 197 } 198 199 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>(); 200 static { 201 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS); 202 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS_BACKGROUND); 203 } 204 205 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>(); 206 static { 207 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE); 208 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE); 209 STORAGE_PERMISSIONS.add(Manifest.permission.ACCESS_MEDIA_LOCATION); 210 STORAGE_PERMISSIONS.add(Manifest.permission.READ_MEDIA_AUDIO); 211 STORAGE_PERMISSIONS.add(Manifest.permission.READ_MEDIA_VIDEO); 212 STORAGE_PERMISSIONS.add(Manifest.permission.READ_MEDIA_IMAGES); 213 } 214 215 private static final Set<String> NEARBY_DEVICES_PERMISSIONS = new ArraySet<>(); 216 static { 217 NEARBY_DEVICES_PERMISSIONS.add(Manifest.permission.BLUETOOTH_ADVERTISE); 218 NEARBY_DEVICES_PERMISSIONS.add(Manifest.permission.BLUETOOTH_CONNECT); 219 NEARBY_DEVICES_PERMISSIONS.add(Manifest.permission.BLUETOOTH_SCAN); 220 NEARBY_DEVICES_PERMISSIONS.add(Manifest.permission.UWB_RANGING); 221 NEARBY_DEVICES_PERMISSIONS.add(Manifest.permission.NEARBY_WIFI_DEVICES); 222 } 223 224 private static final Set<String> NOTIFICATION_PERMISSIONS = new ArraySet<>(); 225 static { 226 NOTIFICATION_PERMISSIONS.add(Manifest.permission.POST_NOTIFICATIONS); 227 } 228 229 private static final int MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS = 1; 230 231 private static final String ACTION_TRACK = "com.android.fitness.TRACK"; 232 233 private final Handler mHandler; 234 235 private PackagesProvider mLocationPackagesProvider; 236 private PackagesProvider mLocationExtraPackagesProvider; 237 private PackagesProvider mVoiceInteractionPackagesProvider; 238 private PackagesProvider mSmsAppPackagesProvider; 239 private PackagesProvider mDialerAppPackagesProvider; 240 private PackagesProvider mSimCallManagerPackagesProvider; 241 private PackagesProvider mUseOpenWifiAppPackagesProvider; 242 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider; 243 244 private ArrayMap<String, List<DefaultPermissionGrant>> mGrantExceptions; 245 private final Context mContext; 246 private final Object mLock = new Object(); 247 private final PackageManagerInternal mServiceInternal; 248 249 /** Directly interact with the PackageManger */ 250 private final PackageManagerWrapper NO_PM_CACHE = new PackageManagerWrapper() { 251 @Override 252 public int getPermissionFlags(@NonNull String permission, @NonNull PackageInfo pkg, 253 @NonNull UserHandle user) { 254 return mContext.getPackageManager().getPermissionFlags(permission, pkg.packageName, 255 user); 256 } 257 258 @Override 259 public void updatePermissionFlags(@NonNull String permission, @NonNull PackageInfo pkg, 260 int flagMask, int flagValues, @NonNull UserHandle user) { 261 mContext.getPackageManager().updatePermissionFlags(permission, pkg.packageName, 262 flagMask, flagValues, user); 263 } 264 265 @Override 266 public void grantPermission(@NonNull String permission, @NonNull PackageInfo pkg, 267 @NonNull UserHandle user) { 268 mContext.getPackageManager().grantRuntimePermission(pkg.packageName, permission, 269 user); 270 } 271 272 @Override 273 public void revokePermission(@NonNull String permission, @NonNull PackageInfo pkg, 274 @NonNull UserHandle user) { 275 mContext.getPackageManager().revokeRuntimePermission(pkg.packageName, permission, 276 user); 277 } 278 279 @Override 280 public boolean isGranted(@NonNull String permission, @NonNull PackageInfo pkg, 281 @NonNull UserHandle user) { 282 return mContext.createContextAsUser(user, 0).getPackageManager().checkPermission( 283 permission, pkg.packageName) == PackageManager.PERMISSION_GRANTED; 284 } 285 286 @Override 287 public @Nullable PermissionInfo getPermissionInfo(@NonNull String permissionName) { 288 if (permissionName == null) { 289 return null; 290 } 291 292 try { 293 return mContext.getPackageManager().getPermissionInfo(permissionName, 0); 294 } catch (NameNotFoundException e) { 295 Slog.w(TAG, "Permission not found: " + permissionName); 296 return null; 297 } 298 } 299 300 @Override 301 public @Nullable PackageInfo getPackageInfo(@NonNull String pkg) { 302 if (pkg == null) { 303 return null; 304 } 305 306 try { 307 return mContext.getPackageManager().getPackageInfo(pkg, 308 DEFAULT_PACKAGE_INFO_QUERY_FLAGS); 309 } catch (NameNotFoundException e) { 310 Slog.e(TAG, "Package not found: " + pkg); 311 return null; 312 } 313 } 314 }; 315 DefaultPermissionGrantPolicy(@onNull Context context)316 DefaultPermissionGrantPolicy(@NonNull Context context) { 317 mContext = context; 318 HandlerThread handlerThread = new ServiceThread(TAG, 319 Process.THREAD_PRIORITY_BACKGROUND, true /*allowIo*/); 320 handlerThread.start(); 321 mHandler = new Handler(handlerThread.getLooper()) { 322 @Override 323 public void handleMessage(Message msg) { 324 if (msg.what == MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS) { 325 synchronized (mLock) { 326 if (mGrantExceptions == null) { 327 mGrantExceptions = readDefaultPermissionExceptionsLocked(NO_PM_CACHE); 328 } 329 } 330 } 331 } 332 }; 333 mServiceInternal = LocalServices.getService(PackageManagerInternal.class); 334 } 335 setLocationPackagesProvider(PackagesProvider provider)336 public void setLocationPackagesProvider(PackagesProvider provider) { 337 synchronized (mLock) { 338 mLocationPackagesProvider = provider; 339 } 340 } 341 342 /** Sets the provider for loction extra packages. */ setLocationExtraPackagesProvider(PackagesProvider provider)343 public void setLocationExtraPackagesProvider(PackagesProvider provider) { 344 synchronized (mLock) { 345 mLocationExtraPackagesProvider = provider; 346 } 347 } 348 setVoiceInteractionPackagesProvider(PackagesProvider provider)349 public void setVoiceInteractionPackagesProvider(PackagesProvider provider) { 350 synchronized (mLock) { 351 mVoiceInteractionPackagesProvider = provider; 352 } 353 } 354 setSmsAppPackagesProvider(PackagesProvider provider)355 public void setSmsAppPackagesProvider(PackagesProvider provider) { 356 synchronized (mLock) { 357 mSmsAppPackagesProvider = provider; 358 } 359 } 360 setDialerAppPackagesProvider(PackagesProvider provider)361 public void setDialerAppPackagesProvider(PackagesProvider provider) { 362 synchronized (mLock) { 363 mDialerAppPackagesProvider = provider; 364 } 365 } 366 setSimCallManagerPackagesProvider(PackagesProvider provider)367 public void setSimCallManagerPackagesProvider(PackagesProvider provider) { 368 synchronized (mLock) { 369 mSimCallManagerPackagesProvider = provider; 370 } 371 } 372 setUseOpenWifiAppPackagesProvider(PackagesProvider provider)373 public void setUseOpenWifiAppPackagesProvider(PackagesProvider provider) { 374 synchronized (mLock) { 375 mUseOpenWifiAppPackagesProvider = provider; 376 } 377 } 378 setSyncAdapterPackagesProvider(SyncAdapterPackagesProvider provider)379 public void setSyncAdapterPackagesProvider(SyncAdapterPackagesProvider provider) { 380 synchronized (mLock) { 381 mSyncAdapterPackagesProvider = provider; 382 } 383 } 384 grantDefaultPermissions(int userId)385 public void grantDefaultPermissions(int userId) { 386 DelayingPackageManagerCache pm = new DelayingPackageManagerCache(); 387 388 grantPermissionsToSysComponentsAndPrivApps(pm, userId); 389 grantDefaultSystemHandlerPermissions(pm, userId); 390 grantSignatureAppsNotificationPermissions(pm, userId); 391 grantDefaultPermissionExceptions(pm, userId); 392 393 // Apply delayed state 394 pm.apply(); 395 } 396 grantSignatureAppsNotificationPermissions(PackageManagerWrapper pm, int userId)397 private void grantSignatureAppsNotificationPermissions(PackageManagerWrapper pm, int userId) { 398 Log.i(TAG, "Granting Notification permissions to platform signature apps for user " 399 + userId); 400 List<PackageInfo> packages = mContext.getPackageManager().getInstalledPackagesAsUser( 401 DEFAULT_PACKAGE_INFO_QUERY_FLAGS, UserHandle.USER_SYSTEM); 402 for (PackageInfo pkg : packages) { 403 if (pkg == null || !pkg.applicationInfo.isSystemApp() 404 || !pkg.applicationInfo.isSignedWithPlatformKey()) { 405 continue; 406 } 407 grantRuntimePermissionsForSystemPackage(pm, userId, pkg, NOTIFICATION_PERMISSIONS); 408 } 409 410 } 411 grantRuntimePermissionsForSystemPackage(PackageManagerWrapper pm, int userId, PackageInfo pkg)412 private void grantRuntimePermissionsForSystemPackage(PackageManagerWrapper pm, 413 int userId, PackageInfo pkg) { 414 grantRuntimePermissionsForSystemPackage(pm, userId, pkg, null); 415 } 416 grantRuntimePermissionsForSystemPackage(PackageManagerWrapper pm, int userId, PackageInfo pkg, Set<String> filterPermissions)417 private void grantRuntimePermissionsForSystemPackage(PackageManagerWrapper pm, 418 int userId, PackageInfo pkg, Set<String> filterPermissions) { 419 if (ArrayUtils.isEmpty(pkg.requestedPermissions)) { 420 return; 421 } 422 Set<String> permissions = new ArraySet<>(); 423 for (String permission : pkg.requestedPermissions) { 424 final PermissionInfo perm = pm.getPermissionInfo(permission); 425 if (perm == null 426 || (filterPermissions != null && !filterPermissions.contains(permission))) { 427 continue; 428 } 429 if (perm.isRuntime()) { 430 permissions.add(permission); 431 } 432 } 433 if (!permissions.isEmpty()) { 434 grantRuntimePermissions(pm, pkg, permissions, true /*systemFixed*/, userId); 435 } 436 } 437 scheduleReadDefaultPermissionExceptions()438 public void scheduleReadDefaultPermissionExceptions() { 439 mHandler.sendEmptyMessage(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS); 440 } 441 grantPermissionsToSysComponentsAndPrivApps(DelayingPackageManagerCache pm, int userId)442 private void grantPermissionsToSysComponentsAndPrivApps(DelayingPackageManagerCache pm, 443 int userId) { 444 Log.i(TAG, "Granting permissions to platform components for user " + userId); 445 List<PackageInfo> packages = mContext.getPackageManager().getInstalledPackagesAsUser( 446 DEFAULT_PACKAGE_INFO_QUERY_FLAGS, UserHandle.USER_SYSTEM); 447 for (PackageInfo pkg : packages) { 448 if (pkg == null) { 449 continue; 450 } 451 452 // Package info is already loaded, cache it 453 pm.addPackageInfo(pkg.packageName, pkg); 454 455 if (!pm.isSysComponentOrPersistentPlatformSignedPrivApp(pkg) 456 || !doesPackageSupportRuntimePermissions(pkg) 457 || ArrayUtils.isEmpty(pkg.requestedPermissions)) { 458 continue; 459 } 460 grantRuntimePermissionsForSystemPackage(pm, userId, pkg); 461 } 462 463 // Re-grant READ_PHONE_STATE as non-fixed to all system apps that have 464 // READ_PRIVILEGED_PHONE_STATE and READ_PHONE_STATE granted -- this is to undo the fixed 465 // grant from R. 466 for (PackageInfo pkg : packages) { 467 if (pkg == null 468 || !doesPackageSupportRuntimePermissions(pkg) 469 || ArrayUtils.isEmpty(pkg.requestedPermissions) 470 || !pm.isGranted(Manifest.permission.READ_PRIVILEGED_PHONE_STATE, 471 pkg, UserHandle.of(userId)) 472 || !pm.isGranted(Manifest.permission.READ_PHONE_STATE, pkg, 473 UserHandle.of(userId)) 474 || pm.isSysComponentOrPersistentPlatformSignedPrivApp(pkg)) { 475 continue; 476 } 477 478 pm.updatePermissionFlags(Manifest.permission.READ_PHONE_STATE, pkg, 479 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 480 0, 481 UserHandle.of(userId)); 482 } 483 484 } 485 486 @SafeVarargs grantIgnoringSystemPackage(PackageManagerWrapper pm, String packageName, int userId, Set<String>... permissionGroups)487 private final void grantIgnoringSystemPackage(PackageManagerWrapper pm, String packageName, 488 int userId, Set<String>... permissionGroups) { 489 grantPermissionsToPackage(pm, packageName, userId, true /* ignoreSystemPackage */, 490 true /*whitelistRestrictedPermissions*/, permissionGroups); 491 } 492 493 @SafeVarargs grantSystemFixedPermissionsToSystemPackage(PackageManagerWrapper pm, String packageName, int userId, Set<String>... permissionGroups)494 private final void grantSystemFixedPermissionsToSystemPackage(PackageManagerWrapper pm, 495 String packageName, int userId, Set<String>... permissionGroups) { 496 grantPermissionsToSystemPackage(pm, packageName, userId, true /* systemFixed */, 497 permissionGroups); 498 } 499 500 @SafeVarargs grantPermissionsToSystemPackage(PackageManagerWrapper pm, String packageName, int userId, Set<String>... permissionGroups)501 private final void grantPermissionsToSystemPackage(PackageManagerWrapper pm, 502 String packageName, int userId, Set<String>... permissionGroups) { 503 grantPermissionsToSystemPackage(pm, packageName, userId, false /* systemFixed */, 504 permissionGroups); 505 } 506 507 @SafeVarargs grantPermissionsToSystemPackage(PackageManagerWrapper pm, String packageName, int userId, boolean systemFixed, Set<String>... permissionGroups)508 private final void grantPermissionsToSystemPackage(PackageManagerWrapper pm, String packageName, 509 int userId, boolean systemFixed, Set<String>... permissionGroups) { 510 if (!pm.isSystemPackage(packageName)) { 511 return; 512 } 513 grantPermissionsToPackage(pm, pm.getSystemPackageInfo(packageName), 514 userId, systemFixed, false /* ignoreSystemPackage */, 515 true /*whitelistRestrictedPermissions*/, permissionGroups); 516 } 517 518 @SafeVarargs grantPermissionsToPackage(PackageManagerWrapper pm, String packageName, int userId, boolean ignoreSystemPackage, boolean whitelistRestrictedPermissions, Set<String>... permissionGroups)519 private final void grantPermissionsToPackage(PackageManagerWrapper pm, String packageName, 520 int userId, boolean ignoreSystemPackage, boolean whitelistRestrictedPermissions, 521 Set<String>... permissionGroups) { 522 grantPermissionsToPackage(pm, pm.getPackageInfo(packageName), 523 userId, false /* systemFixed */, ignoreSystemPackage, 524 whitelistRestrictedPermissions, permissionGroups); 525 } 526 527 @SafeVarargs grantPermissionsToPackage(PackageManagerWrapper pm, PackageInfo packageInfo, int userId, boolean systemFixed, boolean ignoreSystemPackage, boolean whitelistRestrictedPermissions, Set<String>... permissionGroups)528 private final void grantPermissionsToPackage(PackageManagerWrapper pm, PackageInfo packageInfo, 529 int userId, boolean systemFixed, boolean ignoreSystemPackage, 530 boolean whitelistRestrictedPermissions, Set<String>... permissionGroups) { 531 if (packageInfo == null) { 532 return; 533 } 534 if (doesPackageSupportRuntimePermissions(packageInfo)) { 535 for (Set<String> permissionGroup : permissionGroups) { 536 grantRuntimePermissions(pm, packageInfo, permissionGroup, systemFixed, 537 ignoreSystemPackage, whitelistRestrictedPermissions, userId); 538 } 539 } 540 } 541 grantDefaultSystemHandlerPermissions(PackageManagerWrapper pm, int userId)542 private void grantDefaultSystemHandlerPermissions(PackageManagerWrapper pm, int userId) { 543 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId); 544 545 final PackagesProvider locationPackagesProvider; 546 final PackagesProvider locationExtraPackagesProvider; 547 final PackagesProvider voiceInteractionPackagesProvider; 548 final PackagesProvider smsAppPackagesProvider; 549 final PackagesProvider dialerAppPackagesProvider; 550 final PackagesProvider simCallManagerPackagesProvider; 551 final PackagesProvider useOpenWifiAppPackagesProvider; 552 final SyncAdapterPackagesProvider syncAdapterPackagesProvider; 553 554 synchronized (mLock) { 555 locationPackagesProvider = mLocationPackagesProvider; 556 locationExtraPackagesProvider = mLocationExtraPackagesProvider; 557 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider; 558 smsAppPackagesProvider = mSmsAppPackagesProvider; 559 dialerAppPackagesProvider = mDialerAppPackagesProvider; 560 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider; 561 useOpenWifiAppPackagesProvider = mUseOpenWifiAppPackagesProvider; 562 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider; 563 } 564 565 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null) 566 ? voiceInteractionPackagesProvider.getPackages(userId) : null; 567 String[] locationPackageNames = (locationPackagesProvider != null) 568 ? locationPackagesProvider.getPackages(userId) : null; 569 String[] locationExtraPackageNames = (locationExtraPackagesProvider != null) 570 ? locationExtraPackagesProvider.getPackages(userId) : null; 571 String[] smsAppPackageNames = (smsAppPackagesProvider != null) 572 ? smsAppPackagesProvider.getPackages(userId) : null; 573 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null) 574 ? dialerAppPackagesProvider.getPackages(userId) : null; 575 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null) 576 ? simCallManagerPackagesProvider.getPackages(userId) : null; 577 String[] useOpenWifiAppPackageNames = (useOpenWifiAppPackagesProvider != null) 578 ? useOpenWifiAppPackagesProvider.getPackages(userId) : null; 579 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 580 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null; 581 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 582 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null; 583 584 // PermissionController 585 grantSystemFixedPermissionsToSystemPackage(pm, 586 mContext.getPackageManager().getPermissionControllerPackageName(), userId, 587 NOTIFICATION_PERMISSIONS); 588 589 // Installer 590 grantSystemFixedPermissionsToSystemPackage(pm, 591 ArrayUtils.firstOrNull(getKnownPackages( 592 KnownPackages.PACKAGE_INSTALLER, userId)), 593 userId, STORAGE_PERMISSIONS, NOTIFICATION_PERMISSIONS); 594 595 // Verifier 596 final String verifier = ArrayUtils.firstOrNull(getKnownPackages( 597 KnownPackages.PACKAGE_VERIFIER, userId)); 598 grantSystemFixedPermissionsToSystemPackage(pm, verifier, userId, STORAGE_PERMISSIONS); 599 grantPermissionsToSystemPackage(pm, verifier, userId, PHONE_PERMISSIONS, SMS_PERMISSIONS, 600 NOTIFICATION_PERMISSIONS); 601 602 // SetupWizard 603 final String setupWizardPackage = ArrayUtils.firstOrNull(getKnownPackages( 604 KnownPackages.PACKAGE_SETUP_WIZARD, userId)); 605 grantPermissionsToSystemPackage(pm, setupWizardPackage, userId, PHONE_PERMISSIONS, 606 CONTACTS_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS, CAMERA_PERMISSIONS, 607 NEARBY_DEVICES_PERMISSIONS); 608 grantSystemFixedPermissionsToSystemPackage(pm, setupWizardPackage, userId, 609 NOTIFICATION_PERMISSIONS); 610 611 // SearchSelector 612 grantPermissionsToSystemPackage(pm, getDefaultSearchSelectorPackage(), userId, 613 NOTIFICATION_PERMISSIONS); 614 615 // Captive Portal Login 616 grantPermissionsToSystemPackage(pm, getDefaultCaptivePortalLoginPackage(), userId, 617 NOTIFICATION_PERMISSIONS); 618 619 // Dock Manager 620 grantPermissionsToSystemPackage(pm, getDefaultDockManagerPackage(), userId, 621 NOTIFICATION_PERMISSIONS); 622 623 // Camera 624 grantPermissionsToSystemPackage(pm, 625 getDefaultSystemHandlerActivityPackage(pm, MediaStore.ACTION_IMAGE_CAPTURE, userId), 626 userId, CAMERA_PERMISSIONS, MICROPHONE_PERMISSIONS, STORAGE_PERMISSIONS); 627 628 // Sound recorder 629 grantPermissionsToSystemPackage(pm, 630 getDefaultSystemHandlerActivityPackage(pm, 631 MediaStore.Audio.Media.RECORD_SOUND_ACTION, userId), 632 userId, MICROPHONE_PERMISSIONS); 633 634 // Media provider 635 grantSystemFixedPermissionsToSystemPackage(pm, 636 getDefaultProviderAuthorityPackage(MediaStore.AUTHORITY, userId), userId, 637 STORAGE_PERMISSIONS, NOTIFICATION_PERMISSIONS); 638 639 // Downloads provider 640 grantSystemFixedPermissionsToSystemPackage(pm, 641 getDefaultProviderAuthorityPackage("downloads", userId), userId, 642 STORAGE_PERMISSIONS, NOTIFICATION_PERMISSIONS); 643 644 // Downloads UI 645 grantSystemFixedPermissionsToSystemPackage(pm, 646 getDefaultSystemHandlerActivityPackage(pm, 647 DownloadManager.ACTION_VIEW_DOWNLOADS, userId), 648 userId, STORAGE_PERMISSIONS); 649 650 // Storage provider 651 grantSystemFixedPermissionsToSystemPackage(pm, 652 getDefaultProviderAuthorityPackage("com.android.externalstorage.documents", userId), 653 userId, STORAGE_PERMISSIONS); 654 655 // CertInstaller 656 grantSystemFixedPermissionsToSystemPackage(pm, 657 getDefaultSystemHandlerActivityPackage(pm, Credentials.INSTALL_ACTION, userId), 658 userId, STORAGE_PERMISSIONS); 659 660 // Dialer 661 if (dialerAppPackageNames == null) { 662 String dialerPackage = 663 getDefaultSystemHandlerActivityPackage(pm, Intent.ACTION_DIAL, userId); 664 grantDefaultPermissionsToDefaultSystemDialerApp(pm, dialerPackage, userId); 665 } else { 666 for (String dialerAppPackageName : dialerAppPackageNames) { 667 grantDefaultPermissionsToDefaultSystemDialerApp(pm, dialerAppPackageName, userId); 668 } 669 } 670 671 // Sim call manager 672 if (simCallManagerPackageNames != null) { 673 for (String simCallManagerPackageName : simCallManagerPackageNames) { 674 grantDefaultPermissionsToDefaultSystemSimCallManager(pm, 675 simCallManagerPackageName, userId); 676 } 677 } 678 679 // Use Open Wifi 680 if (useOpenWifiAppPackageNames != null) { 681 for (String useOpenWifiPackageName : useOpenWifiAppPackageNames) { 682 grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(pm, 683 useOpenWifiPackageName, userId); 684 } 685 } 686 687 // SMS 688 if (smsAppPackageNames == null) { 689 String smsPackage = getDefaultSystemHandlerActivityPackageForCategory(pm, 690 Intent.CATEGORY_APP_MESSAGING, userId); 691 grantDefaultPermissionsToDefaultSystemSmsApp(pm, smsPackage, userId); 692 } else { 693 for (String smsPackage : smsAppPackageNames) { 694 grantDefaultPermissionsToDefaultSystemSmsApp(pm, smsPackage, userId); 695 } 696 } 697 698 // Cell Broadcast Receiver 699 grantSystemFixedPermissionsToSystemPackage(pm, 700 getDefaultSystemHandlerActivityPackage(pm, Intents.SMS_CB_RECEIVED_ACTION, userId), 701 userId, SMS_PERMISSIONS, NEARBY_DEVICES_PERMISSIONS, NOTIFICATION_PERMISSIONS); 702 703 // Carrier Provisioning Service 704 grantPermissionsToSystemPackage(pm, 705 getDefaultSystemHandlerServicePackage(pm, Intents.SMS_CARRIER_PROVISION_ACTION, 706 userId), 707 userId, SMS_PERMISSIONS); 708 709 // Calendar 710 grantPermissionsToSystemPackage(pm, 711 getDefaultSystemHandlerActivityPackageForCategory(pm, 712 Intent.CATEGORY_APP_CALENDAR, userId), 713 userId, CALENDAR_PERMISSIONS, CONTACTS_PERMISSIONS, NOTIFICATION_PERMISSIONS); 714 715 // Calendar provider 716 String calendarProvider = 717 getDefaultProviderAuthorityPackage(CalendarContract.AUTHORITY, userId); 718 grantPermissionsToSystemPackage(pm, calendarProvider, userId, 719 CONTACTS_PERMISSIONS, STORAGE_PERMISSIONS); 720 grantSystemFixedPermissionsToSystemPackage(pm, calendarProvider, userId, 721 CALENDAR_PERMISSIONS); 722 723 // Calendar provider sync adapters 724 if (calendarSyncAdapterPackages != null) { 725 grantPermissionToEachSystemPackage(pm, 726 getHeadlessSyncAdapterPackages(pm, calendarSyncAdapterPackages, userId), 727 userId, CALENDAR_PERMISSIONS); 728 } 729 730 // Contacts 731 grantPermissionsToSystemPackage(pm, 732 getDefaultSystemHandlerActivityPackageForCategory(pm, 733 Intent.CATEGORY_APP_CONTACTS, userId), 734 userId, CONTACTS_PERMISSIONS, PHONE_PERMISSIONS); 735 736 // Contacts provider sync adapters 737 if (contactsSyncAdapterPackages != null) { 738 grantPermissionToEachSystemPackage(pm, 739 getHeadlessSyncAdapterPackages(pm, contactsSyncAdapterPackages, userId), 740 userId, CONTACTS_PERMISSIONS); 741 } 742 743 // Contacts provider 744 String contactsProviderPackage = 745 getDefaultProviderAuthorityPackage(ContactsContract.AUTHORITY, userId); 746 grantSystemFixedPermissionsToSystemPackage(pm, contactsProviderPackage, userId, 747 CONTACTS_PERMISSIONS, PHONE_PERMISSIONS); 748 grantPermissionsToSystemPackage(pm, contactsProviderPackage, userId, STORAGE_PERMISSIONS); 749 750 // Device provisioning 751 grantPermissionsToSystemPackage(pm, 752 getDefaultSystemHandlerActivityPackage(pm, 753 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE, userId), 754 userId, CONTACTS_PERMISSIONS, NOTIFICATION_PERMISSIONS); 755 756 // Maps 757 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE, 0)) { 758 grantPermissionsToSystemPackage(pm, 759 getDefaultSystemHandlerActivityPackageForCategory(pm, 760 Intent.CATEGORY_APP_MAPS, userId), 761 userId, FOREGROUND_LOCATION_PERMISSIONS); 762 } 763 764 // Email 765 grantPermissionsToSystemPackage(pm, 766 getDefaultSystemHandlerActivityPackageForCategory(pm, 767 Intent.CATEGORY_APP_EMAIL, userId), 768 userId, CONTACTS_PERMISSIONS, CALENDAR_PERMISSIONS); 769 770 // Browser 771 String browserPackage = ArrayUtils.firstOrNull(getKnownPackages( 772 KnownPackages.PACKAGE_BROWSER, userId)); 773 if (browserPackage == null) { 774 browserPackage = getDefaultSystemHandlerActivityPackageForCategory(pm, 775 Intent.CATEGORY_APP_BROWSER, userId); 776 if (!pm.isSystemPackage(browserPackage)) { 777 browserPackage = null; 778 } 779 } 780 grantPermissionsToPackage(pm, browserPackage, userId, false /* ignoreSystemPackage */, 781 true /*whitelistRestrictedPermissions*/, FOREGROUND_LOCATION_PERMISSIONS); 782 783 // Voice interaction 784 if (voiceInteractPackageNames != null) { 785 for (String voiceInteractPackageName : voiceInteractPackageNames) { 786 grantPermissionsToSystemPackage(pm, voiceInteractPackageName, userId, 787 CONTACTS_PERMISSIONS, CALENDAR_PERMISSIONS, MICROPHONE_PERMISSIONS, 788 PHONE_PERMISSIONS, SMS_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS, 789 NEARBY_DEVICES_PERMISSIONS, NOTIFICATION_PERMISSIONS); 790 } 791 } 792 793 if (ActivityManager.isLowRamDeviceStatic()) { 794 // Allow voice search on low-ram devices 795 grantPermissionsToSystemPackage(pm, 796 getDefaultSystemHandlerActivityPackage(pm, 797 SearchManager.INTENT_ACTION_GLOBAL_SEARCH, userId), 798 userId, MICROPHONE_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS, 799 NOTIFICATION_PERMISSIONS); 800 } 801 802 // Voice recognition 803 Intent voiceRecoIntent = new Intent(RecognitionService.SERVICE_INTERFACE) 804 .addCategory(Intent.CATEGORY_DEFAULT); 805 grantPermissionsToSystemPackage(pm, 806 getDefaultSystemHandlerServicePackage(pm, voiceRecoIntent, userId), userId, 807 MICROPHONE_PERMISSIONS); 808 809 // Location 810 if (locationPackageNames != null) { 811 for (String packageName : locationPackageNames) { 812 grantPermissionsToSystemPackage(pm, packageName, userId, 813 CONTACTS_PERMISSIONS, CALENDAR_PERMISSIONS, MICROPHONE_PERMISSIONS, 814 PHONE_PERMISSIONS, SMS_PERMISSIONS, CAMERA_PERMISSIONS, 815 SENSORS_PERMISSIONS, STORAGE_PERMISSIONS, NEARBY_DEVICES_PERMISSIONS, 816 NOTIFICATION_PERMISSIONS); 817 grantSystemFixedPermissionsToSystemPackage(pm, packageName, userId, 818 ALWAYS_LOCATION_PERMISSIONS, ACTIVITY_RECOGNITION_PERMISSIONS); 819 } 820 } 821 if (locationExtraPackageNames != null) { 822 // Also grant location and activity recognition permission to location extra packages. 823 for (String packageName : locationExtraPackageNames) { 824 grantPermissionsToSystemPackage(pm, packageName, userId, 825 ALWAYS_LOCATION_PERMISSIONS, NEARBY_DEVICES_PERMISSIONS); 826 grantSystemFixedPermissionsToSystemPackage(pm, packageName, userId, 827 ACTIVITY_RECOGNITION_PERMISSIONS); 828 } 829 } 830 831 // Music 832 Intent musicIntent = new Intent(Intent.ACTION_VIEW) 833 .addCategory(Intent.CATEGORY_DEFAULT) 834 .setDataAndType(Uri.fromFile(new File("foo.mp3")), AUDIO_MIME_TYPE); 835 grantPermissionsToSystemPackage(pm, 836 getDefaultSystemHandlerActivityPackage(pm, musicIntent, userId), userId, 837 STORAGE_PERMISSIONS); 838 839 // Home 840 Intent homeIntent = new Intent(Intent.ACTION_MAIN) 841 .addCategory(Intent.CATEGORY_HOME) 842 .addCategory(Intent.CATEGORY_LAUNCHER_APP); 843 grantPermissionsToSystemPackage(pm, 844 getDefaultSystemHandlerActivityPackage(pm, homeIntent, userId), userId, 845 ALWAYS_LOCATION_PERMISSIONS, NOTIFICATION_PERMISSIONS); 846 847 // Watches 848 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0)) { 849 // Home application on watches 850 851 String wearPackage = getDefaultSystemHandlerActivityPackageForCategory(pm, 852 Intent.CATEGORY_HOME_MAIN, userId); 853 grantPermissionsToSystemPackage(pm, wearPackage, userId, 854 CONTACTS_PERMISSIONS, MICROPHONE_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS); 855 grantSystemFixedPermissionsToSystemPackage(pm, wearPackage, userId, PHONE_PERMISSIONS); 856 857 // Fitness tracking on watches 858 if (mContext.getResources().getBoolean(R.bool.config_trackerAppNeedsPermissions)) { 859 Log.d(TAG, "Wear: Skipping permission grant for Default fitness tracker app : " 860 + wearPackage); 861 } else { 862 grantPermissionsToSystemPackage(pm, 863 getDefaultSystemHandlerActivityPackage(pm, ACTION_TRACK, userId), userId, 864 SENSORS_PERMISSIONS); 865 } 866 } 867 868 // Print Spooler 869 grantSystemFixedPermissionsToSystemPackage(pm, PrintManager.PRINT_SPOOLER_PACKAGE_NAME, 870 userId, ALWAYS_LOCATION_PERMISSIONS, NOTIFICATION_PERMISSIONS); 871 872 // EmergencyInfo 873 grantSystemFixedPermissionsToSystemPackage(pm, 874 getDefaultSystemHandlerActivityPackage(pm, 875 TelephonyManager.ACTION_EMERGENCY_ASSISTANCE, userId), 876 userId, CONTACTS_PERMISSIONS, PHONE_PERMISSIONS); 877 878 // NFC Tag viewer 879 Intent nfcTagIntent = new Intent(Intent.ACTION_VIEW) 880 .setType("vnd.android.cursor.item/ndef_msg"); 881 grantPermissionsToSystemPackage(pm, 882 getDefaultSystemHandlerActivityPackage(pm, nfcTagIntent, userId), userId, 883 CONTACTS_PERMISSIONS, PHONE_PERMISSIONS); 884 885 // Storage Manager 886 grantSystemFixedPermissionsToSystemPackage(pm, 887 getDefaultSystemHandlerActivityPackage(pm, 888 StorageManager.ACTION_MANAGE_STORAGE, userId), 889 userId, STORAGE_PERMISSIONS); 890 891 // Companion devices 892 grantSystemFixedPermissionsToSystemPackage(pm, 893 CompanionDeviceManager.COMPANION_DEVICE_DISCOVERY_PACKAGE_NAME, userId, 894 ALWAYS_LOCATION_PERMISSIONS, NEARBY_DEVICES_PERMISSIONS); 895 896 // Ringtone Picker 897 grantSystemFixedPermissionsToSystemPackage(pm, 898 getDefaultSystemHandlerActivityPackage(pm, 899 RingtoneManager.ACTION_RINGTONE_PICKER, userId), 900 userId, STORAGE_PERMISSIONS); 901 902 // TextClassifier Service 903 for (String textClassifierPackage : 904 getKnownPackages(KnownPackages.PACKAGE_SYSTEM_TEXT_CLASSIFIER, userId)) { 905 grantPermissionsToSystemPackage(pm, textClassifierPackage, userId, 906 COARSE_BACKGROUND_LOCATION_PERMISSIONS, CONTACTS_PERMISSIONS); 907 } 908 909 // There is no real "marker" interface to identify the shared storage backup, it is 910 // hardcoded in BackupManagerService.SHARED_BACKUP_AGENT_PACKAGE. 911 grantSystemFixedPermissionsToSystemPackage(pm, "com.android.sharedstoragebackup", userId, 912 STORAGE_PERMISSIONS); 913 914 // Bluetooth MIDI Service 915 grantSystemFixedPermissionsToSystemPackage(pm, 916 MidiManager.BLUETOOTH_MIDI_SERVICE_PACKAGE, userId, 917 NEARBY_DEVICES_PERMISSIONS); 918 919 // Ad Service 920 String commonServiceAction = "android.adservices.AD_SERVICES_COMMON_SERVICE"; 921 grantPermissionsToSystemPackage(pm, getDefaultSystemHandlerServicePackage(pm, 922 commonServiceAction, userId), userId, NOTIFICATION_PERMISSIONS); 923 } 924 getDefaultSystemHandlerActivityPackageForCategory(PackageManagerWrapper pm, String category, int userId)925 private String getDefaultSystemHandlerActivityPackageForCategory(PackageManagerWrapper pm, 926 String category, int userId) { 927 return getDefaultSystemHandlerActivityPackage(pm, 928 new Intent(Intent.ACTION_MAIN).addCategory(category), userId); 929 } 930 getDefaultSearchSelectorPackage()931 private String getDefaultSearchSelectorPackage() { 932 return mContext.getString(R.string.config_defaultSearchSelectorPackageName); 933 } 934 getDefaultCaptivePortalLoginPackage()935 private String getDefaultCaptivePortalLoginPackage() { 936 return mContext.getString(R.string.config_defaultCaptivePortalLoginPackageName); 937 } 938 getDefaultDockManagerPackage()939 private String getDefaultDockManagerPackage() { 940 return mContext.getString(R.string.config_defaultDockManagerPackageName); 941 } 942 943 @SafeVarargs grantPermissionToEachSystemPackage(PackageManagerWrapper pm, ArrayList<String> packages, int userId, Set<String>... permissions)944 private final void grantPermissionToEachSystemPackage(PackageManagerWrapper pm, 945 ArrayList<String> packages, int userId, Set<String>... permissions) { 946 if (packages == null) return; 947 final int count = packages.size(); 948 for (int i = 0; i < count; i++) { 949 grantPermissionsToSystemPackage(pm, packages.get(i), userId, permissions); 950 } 951 } 952 getKnownPackages(int knownPkgId, int userId)953 private @NonNull String[] getKnownPackages(int knownPkgId, int userId) { 954 return mServiceInternal.getKnownPackageNames(knownPkgId, userId); 955 } 956 grantDefaultPermissionsToDefaultSystemDialerApp(PackageManagerWrapper pm, String dialerPackage, int userId)957 private void grantDefaultPermissionsToDefaultSystemDialerApp(PackageManagerWrapper pm, 958 String dialerPackage, int userId) { 959 if (dialerPackage == null) { 960 return; 961 } 962 boolean isPhonePermFixed = 963 mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_WATCH, 0); 964 if (isPhonePermFixed) { 965 grantSystemFixedPermissionsToSystemPackage(pm, dialerPackage, userId, 966 PHONE_PERMISSIONS, NOTIFICATION_PERMISSIONS); 967 } else { 968 grantPermissionsToSystemPackage(pm, dialerPackage, userId, PHONE_PERMISSIONS); 969 } 970 grantPermissionsToSystemPackage(pm, dialerPackage, userId, 971 CONTACTS_PERMISSIONS, SMS_PERMISSIONS, MICROPHONE_PERMISSIONS, CAMERA_PERMISSIONS, 972 NOTIFICATION_PERMISSIONS); 973 boolean isAndroidAutomotive = 974 mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE, 0); 975 if (isAndroidAutomotive) { 976 grantPermissionsToSystemPackage(pm, dialerPackage, userId, NEARBY_DEVICES_PERMISSIONS); 977 } 978 } 979 grantDefaultPermissionsToDefaultSystemSmsApp(PackageManagerWrapper pm, String smsPackage, int userId)980 private void grantDefaultPermissionsToDefaultSystemSmsApp(PackageManagerWrapper pm, 981 String smsPackage, int userId) { 982 grantPermissionsToSystemPackage(pm, smsPackage, userId, 983 PHONE_PERMISSIONS, CONTACTS_PERMISSIONS, SMS_PERMISSIONS, 984 STORAGE_PERMISSIONS, MICROPHONE_PERMISSIONS, CAMERA_PERMISSIONS, 985 NOTIFICATION_PERMISSIONS); 986 } 987 grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(PackageManagerWrapper pm, String useOpenWifiPackage, int userId)988 private void grantDefaultPermissionsToDefaultSystemUseOpenWifiApp(PackageManagerWrapper pm, 989 String useOpenWifiPackage, int userId) { 990 grantPermissionsToSystemPackage(pm, useOpenWifiPackage, userId, 991 ALWAYS_LOCATION_PERMISSIONS); 992 } 993 grantDefaultPermissionsToDefaultUseOpenWifiApp(String packageName, int userId)994 public void grantDefaultPermissionsToDefaultUseOpenWifiApp(String packageName, int userId) { 995 Log.i(TAG, "Granting permissions to default Use Open WiFi app for user:" + userId); 996 grantIgnoringSystemPackage(NO_PM_CACHE, packageName, userId, ALWAYS_LOCATION_PERMISSIONS); 997 } 998 grantDefaultPermissionsToDefaultSimCallManager(String packageName, int userId)999 public void grantDefaultPermissionsToDefaultSimCallManager(String packageName, int userId) { 1000 grantDefaultPermissionsToDefaultSimCallManager(NO_PM_CACHE, packageName, userId); 1001 } 1002 grantDefaultPermissionsToDefaultSimCallManager(PackageManagerWrapper pm, String packageName, int userId)1003 private void grantDefaultPermissionsToDefaultSimCallManager(PackageManagerWrapper pm, 1004 String packageName, int userId) { 1005 if (packageName == null) { 1006 return; 1007 } 1008 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId); 1009 grantPermissionsToPackage(pm, packageName, userId, false /* ignoreSystemPackage */, 1010 true /*whitelistRestrictedPermissions*/, PHONE_PERMISSIONS, MICROPHONE_PERMISSIONS); 1011 } 1012 grantDefaultPermissionsToDefaultSystemSimCallManager(PackageManagerWrapper pm, String packageName, int userId)1013 private void grantDefaultPermissionsToDefaultSystemSimCallManager(PackageManagerWrapper pm, 1014 String packageName, int userId) { 1015 if (pm.isSystemPackage(packageName)) { 1016 grantDefaultPermissionsToDefaultSimCallManager(pm, packageName, userId); 1017 } 1018 } 1019 grantDefaultPermissionsToEnabledCarrierApps(String[] packageNames, int userId)1020 public void grantDefaultPermissionsToEnabledCarrierApps(String[] packageNames, int userId) { 1021 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId); 1022 if (packageNames == null) { 1023 return; 1024 } 1025 for (String packageName : packageNames) { 1026 grantPermissionsToSystemPackage(NO_PM_CACHE, packageName, userId, 1027 PHONE_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS, SMS_PERMISSIONS); 1028 } 1029 } 1030 grantDefaultPermissionsToEnabledImsServices(String[] packageNames, int userId)1031 public void grantDefaultPermissionsToEnabledImsServices(String[] packageNames, int userId) { 1032 Log.i(TAG, "Granting permissions to enabled ImsServices for user:" + userId); 1033 if (packageNames == null) { 1034 return; 1035 } 1036 for (String packageName : packageNames) { 1037 grantPermissionsToSystemPackage(NO_PM_CACHE, packageName, userId, 1038 PHONE_PERMISSIONS, MICROPHONE_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS, 1039 CAMERA_PERMISSIONS, CONTACTS_PERMISSIONS); 1040 } 1041 } 1042 grantDefaultPermissionsToEnabledTelephonyDataServices( String[] packageNames, int userId)1043 public void grantDefaultPermissionsToEnabledTelephonyDataServices( 1044 String[] packageNames, int userId) { 1045 Log.i(TAG, "Granting permissions to enabled data services for user:" + userId); 1046 if (packageNames == null) { 1047 return; 1048 } 1049 for (String packageName : packageNames) { 1050 // Grant these permissions as system-fixed, so that nobody can accidentally 1051 // break cellular data. 1052 grantSystemFixedPermissionsToSystemPackage(NO_PM_CACHE, packageName, userId, 1053 PHONE_PERMISSIONS, ALWAYS_LOCATION_PERMISSIONS); 1054 } 1055 } 1056 revokeDefaultPermissionsFromDisabledTelephonyDataServices( String[] packageNames, int userId)1057 public void revokeDefaultPermissionsFromDisabledTelephonyDataServices( 1058 String[] packageNames, int userId) { 1059 Log.i(TAG, "Revoking permissions from disabled data services for user:" + userId); 1060 if (packageNames == null) { 1061 return; 1062 } 1063 for (String packageName : packageNames) { 1064 PackageInfo pkg = NO_PM_CACHE.getSystemPackageInfo(packageName); 1065 if (NO_PM_CACHE.isSystemPackage(pkg) && doesPackageSupportRuntimePermissions(pkg)) { 1066 revokeRuntimePermissions(NO_PM_CACHE, packageName, PHONE_PERMISSIONS, true, 1067 userId); 1068 revokeRuntimePermissions(NO_PM_CACHE, packageName, ALWAYS_LOCATION_PERMISSIONS, 1069 true, userId); 1070 } 1071 } 1072 } 1073 grantDefaultPermissionsToActiveLuiApp(String packageName, int userId)1074 public void grantDefaultPermissionsToActiveLuiApp(String packageName, int userId) { 1075 Log.i(TAG, "Granting permissions to active LUI app for user:" + userId); 1076 grantSystemFixedPermissionsToSystemPackage(NO_PM_CACHE, packageName, userId, 1077 CAMERA_PERMISSIONS); 1078 } 1079 revokeDefaultPermissionsFromLuiApps(String[] packageNames, int userId)1080 public void revokeDefaultPermissionsFromLuiApps(String[] packageNames, int userId) { 1081 Log.i(TAG, "Revoke permissions from LUI apps for user:" + userId); 1082 if (packageNames == null) { 1083 return; 1084 } 1085 for (String packageName : packageNames) { 1086 PackageInfo pkg = NO_PM_CACHE.getSystemPackageInfo(packageName); 1087 if (NO_PM_CACHE.isSystemPackage(pkg) && doesPackageSupportRuntimePermissions(pkg)) { 1088 revokeRuntimePermissions(NO_PM_CACHE, packageName, CAMERA_PERMISSIONS, true, 1089 userId); 1090 } 1091 } 1092 } 1093 grantDefaultPermissionsToCarrierServiceApp(@onNull String packageName, @UserIdInt int userId)1094 public void grantDefaultPermissionsToCarrierServiceApp(@NonNull String packageName, 1095 @UserIdInt int userId) { 1096 Log.i(TAG, "Grant permissions to Carrier Service app " + packageName + " for user:" 1097 + userId); 1098 grantPermissionsToPackage(NO_PM_CACHE, packageName, userId, /* ignoreSystemPackage */ false, 1099 /* whitelistRestricted */ true, NOTIFICATION_PERMISSIONS); 1100 } 1101 getDefaultSystemHandlerActivityPackage(PackageManagerWrapper pm, String intentAction, int userId)1102 private String getDefaultSystemHandlerActivityPackage(PackageManagerWrapper pm, 1103 String intentAction, int userId) { 1104 return getDefaultSystemHandlerActivityPackage(pm, new Intent(intentAction), userId); 1105 } 1106 getDefaultSystemHandlerActivityPackage(PackageManagerWrapper pm, Intent intent, int userId)1107 private String getDefaultSystemHandlerActivityPackage(PackageManagerWrapper pm, Intent intent, 1108 int userId) { 1109 ResolveInfo handler = mContext.getPackageManager().resolveActivityAsUser( 1110 intent, DEFAULT_INTENT_QUERY_FLAGS, userId); 1111 if (handler == null || handler.activityInfo == null) { 1112 return null; 1113 } 1114 if (mServiceInternal.isResolveActivityComponent(handler.activityInfo)) { 1115 return null; 1116 } 1117 String packageName = handler.activityInfo.packageName; 1118 return pm.isSystemPackage(packageName) ? packageName : null; 1119 } 1120 getDefaultSystemHandlerServicePackage(PackageManagerWrapper pm, String intentAction, int userId)1121 private String getDefaultSystemHandlerServicePackage(PackageManagerWrapper pm, 1122 String intentAction, int userId) { 1123 return getDefaultSystemHandlerServicePackage(pm, new Intent(intentAction), userId); 1124 } 1125 getDefaultSystemHandlerServicePackage(PackageManagerWrapper pm, Intent intent, int userId)1126 private String getDefaultSystemHandlerServicePackage(PackageManagerWrapper pm, 1127 Intent intent, int userId) { 1128 List<ResolveInfo> handlers = mContext.getPackageManager().queryIntentServicesAsUser( 1129 intent, DEFAULT_INTENT_QUERY_FLAGS, userId); 1130 if (handlers == null) { 1131 return null; 1132 } 1133 final int handlerCount = handlers.size(); 1134 for (int i = 0; i < handlerCount; i++) { 1135 ResolveInfo handler = handlers.get(i); 1136 String handlerPackage = handler.serviceInfo.packageName; 1137 if (pm.isSystemPackage(handlerPackage)) { 1138 return handlerPackage; 1139 } 1140 } 1141 return null; 1142 } 1143 getHeadlessSyncAdapterPackages(PackageManagerWrapper pm, String[] syncAdapterPackageNames, int userId)1144 private ArrayList<String> getHeadlessSyncAdapterPackages(PackageManagerWrapper pm, 1145 String[] syncAdapterPackageNames, int userId) { 1146 ArrayList<String> syncAdapterPackages = new ArrayList<>(); 1147 1148 Intent homeIntent = new Intent(Intent.ACTION_MAIN).addCategory(Intent.CATEGORY_LAUNCHER); 1149 1150 for (String syncAdapterPackageName : syncAdapterPackageNames) { 1151 homeIntent.setPackage(syncAdapterPackageName); 1152 1153 ResolveInfo homeActivity = mContext.getPackageManager().resolveActivityAsUser( 1154 homeIntent, DEFAULT_INTENT_QUERY_FLAGS, userId); 1155 if (homeActivity != null) { 1156 continue; 1157 } 1158 1159 if (pm.isSystemPackage(syncAdapterPackageName)) { 1160 syncAdapterPackages.add(syncAdapterPackageName); 1161 } 1162 } 1163 1164 return syncAdapterPackages; 1165 } 1166 getDefaultProviderAuthorityPackage(String authority, int userId)1167 private String getDefaultProviderAuthorityPackage(String authority, int userId) { 1168 ProviderInfo provider = mContext.getPackageManager().resolveContentProviderAsUser( 1169 authority, DEFAULT_INTENT_QUERY_FLAGS, userId); 1170 if (provider != null) { 1171 return provider.packageName; 1172 } 1173 return null; 1174 } 1175 grantRuntimePermissions(PackageManagerWrapper pm, PackageInfo pkg, Set<String> permissions, boolean systemFixed, int userId)1176 private void grantRuntimePermissions(PackageManagerWrapper pm, PackageInfo pkg, 1177 Set<String> permissions, boolean systemFixed, int userId) { 1178 grantRuntimePermissions(pm, pkg, permissions, systemFixed, false, 1179 true /*whitelistRestrictedPermissions*/, userId); 1180 } 1181 revokeRuntimePermissions(PackageManagerWrapper pm, String packageName, Set<String> permissions, boolean systemFixed, int userId)1182 private void revokeRuntimePermissions(PackageManagerWrapper pm, String packageName, 1183 Set<String> permissions, boolean systemFixed, int userId) { 1184 PackageInfo pkg = pm.getSystemPackageInfo(packageName); 1185 if (pkg == null || ArrayUtils.isEmpty(pkg.requestedPermissions)) { 1186 return; 1187 } 1188 Set<String> revokablePermissions = new ArraySet<>(Arrays.asList(pkg.requestedPermissions)); 1189 1190 for (String permission : permissions) { 1191 // We can't revoke what wasn't requested. 1192 if (!revokablePermissions.contains(permission)) { 1193 continue; 1194 } 1195 1196 UserHandle user = UserHandle.of(userId); 1197 final int flags = pm.getPermissionFlags(permission, pm.getPackageInfo(packageName), 1198 user); 1199 1200 // We didn't get this through the default grant policy. Move along. 1201 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) == 0) { 1202 continue; 1203 } 1204 // We aren't going to clobber device policy with a DefaultGrant. 1205 if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) { 1206 continue; 1207 } 1208 // Do not revoke system fixed permissions unless caller set them that way; 1209 // there is no refcount for the number of sources of this, so there 1210 // should be at most one grantor doing SYSTEM_FIXED for any given package. 1211 if ((flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 && !systemFixed) { 1212 continue; 1213 } 1214 pm.revokePermission(permission, pkg, user); 1215 1216 if (DEBUG) { 1217 Log.i(TAG, "revoked " + (systemFixed ? "fixed " : "not fixed ") 1218 + permission + " to " + packageName); 1219 } 1220 1221 // Remove the GRANTED_BY_DEFAULT flag without touching the others. 1222 // Note that we do not revoke FLAG_PERMISSION_SYSTEM_FIXED. That bit remains 1223 // sticky once set. 1224 pm.updatePermissionFlags(permission, pkg, 1225 PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT, 0, user); 1226 } 1227 } 1228 1229 /** 1230 * Check if a permission is already fixed or is set by the user. 1231 * 1232 * <p>A permission should not be set by the default policy if the user or other policies already 1233 * set the permission. 1234 * 1235 * @param flags The flags of the permission 1236 * 1237 * @return {@code true} iff the permission can be set without violating a policy of the users 1238 * intention 1239 */ isFixedOrUserSet(int flags)1240 private boolean isFixedOrUserSet(int flags) { 1241 return (flags & (PackageManager.FLAG_PERMISSION_USER_SET 1242 | PackageManager.FLAG_PERMISSION_USER_FIXED 1243 | PackageManager.FLAG_PERMISSION_POLICY_FIXED 1244 | PackageManager.FLAG_PERMISSION_SYSTEM_FIXED)) != 0; 1245 } 1246 grantRuntimePermissions(PackageManagerWrapper pm, PackageInfo pkg, Set<String> permissionsWithoutSplits, boolean systemFixed, boolean ignoreSystemPackage, boolean whitelistRestrictedPermissions, int userId)1247 private void grantRuntimePermissions(PackageManagerWrapper pm, PackageInfo pkg, 1248 Set<String> permissionsWithoutSplits, boolean systemFixed, boolean ignoreSystemPackage, 1249 boolean whitelistRestrictedPermissions, int userId) { 1250 UserHandle user = UserHandle.of(userId); 1251 if (pkg == null) { 1252 return; 1253 } 1254 1255 String[] requestedPermissions = pkg.requestedPermissions; 1256 if (ArrayUtils.isEmpty(requestedPermissions)) { 1257 return; 1258 } 1259 1260 // Intersect the requestedPermissions for a factory image with that of its current update 1261 // in case the latter one removed a <uses-permission> 1262 String[] requestedByNonSystemPackage = pm.getPackageInfo(pkg.packageName) 1263 .requestedPermissions; 1264 int size = requestedPermissions.length; 1265 for (int i = 0; i < size; i++) { 1266 if (!ArrayUtils.contains(requestedByNonSystemPackage, requestedPermissions[i])) { 1267 requestedPermissions[i] = null; 1268 } 1269 } 1270 requestedPermissions = ArrayUtils.filterNotNull(requestedPermissions, String[]::new); 1271 1272 final ArraySet<String> permissions = new ArraySet<>(permissionsWithoutSplits); 1273 ApplicationInfo applicationInfo = pkg.applicationInfo; 1274 1275 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT; 1276 if (systemFixed) { 1277 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; 1278 } 1279 1280 // Automatically attempt to grant split permissions to older APKs 1281 final List<PermissionManager.SplitPermissionInfo> splitPermissions = 1282 mContext.getSystemService(PermissionManager.class).getSplitPermissions(); 1283 final int numSplitPerms = splitPermissions.size(); 1284 for (int splitPermNum = 0; splitPermNum < numSplitPerms; splitPermNum++) { 1285 final PermissionManager.SplitPermissionInfo splitPerm = 1286 splitPermissions.get(splitPermNum); 1287 1288 if (applicationInfo != null 1289 && applicationInfo.targetSdkVersion < splitPerm.getTargetSdk() 1290 && permissionsWithoutSplits.contains(splitPerm.getSplitPermission())) { 1291 permissions.addAll(splitPerm.getNewPermissions()); 1292 } 1293 } 1294 1295 Set<String> grantablePermissions = null; 1296 1297 // In some cases, like for the Phone or SMS app, we grant permissions regardless 1298 // of if the version on the system image declares the permission as used since 1299 // selecting the app as the default for that function the user makes a deliberate 1300 // choice to grant this app the permissions needed to function. For all other 1301 // apps, (default grants on first boot and user creation) we don't grant default 1302 // permissions if the version on the system image does not declare them. 1303 if (!ignoreSystemPackage 1304 && applicationInfo != null 1305 && applicationInfo.isUpdatedSystemApp()) { 1306 final PackageInfo disabledPkg = pm.getSystemPackageInfo( 1307 mServiceInternal.getDisabledSystemPackageName(pkg.packageName)); 1308 if (disabledPkg != null) { 1309 if (ArrayUtils.isEmpty(disabledPkg.requestedPermissions)) { 1310 return; 1311 } 1312 if (!Arrays.equals(requestedPermissions, disabledPkg.requestedPermissions)) { 1313 grantablePermissions = new ArraySet<>(Arrays.asList(requestedPermissions)); 1314 requestedPermissions = disabledPkg.requestedPermissions; 1315 } 1316 } 1317 } 1318 1319 final int numRequestedPermissions = requestedPermissions.length; 1320 1321 // Sort requested permissions so that all permissions that are a foreground permission (i.e. 1322 // permissions that have a background permission) are before their background permissions. 1323 final String[] sortedRequestedPermissions = new String[numRequestedPermissions]; 1324 int numForeground = 0; 1325 int numOther = 0; 1326 for (int i = 0; i < numRequestedPermissions; i++) { 1327 String permission = requestedPermissions[i]; 1328 if (pm.getBackgroundPermission(permission) != null) { 1329 sortedRequestedPermissions[numForeground] = permission; 1330 numForeground++; 1331 } else { 1332 sortedRequestedPermissions[numRequestedPermissions - 1 - numOther] = 1333 permission; 1334 numOther++; 1335 } 1336 } 1337 1338 for (int requestedPermissionNum = 0; requestedPermissionNum < numRequestedPermissions; 1339 requestedPermissionNum++) { 1340 String permission = requestedPermissions[requestedPermissionNum]; 1341 1342 // If there is a disabled system app it may request a permission the updated 1343 // version ot the data partition doesn't, In this case skip the permission. 1344 if (grantablePermissions != null && !grantablePermissions.contains(permission)) { 1345 continue; 1346 } 1347 1348 if (permissions.contains(permission)) { 1349 final int flags = pm.getPermissionFlags(permission, pkg, user); 1350 1351 // If we are trying to grant as system fixed and already system fixed 1352 // then the system can change the system fixed grant state. 1353 final boolean changingGrantForSystemFixed = systemFixed 1354 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0; 1355 1356 // Certain flags imply that the permission's current state by the system or 1357 // device/profile owner or the user. In these cases we do not want to clobber the 1358 // current state. 1359 // 1360 // Unless the caller wants to override user choices. The override is 1361 // to make sure we can grant the needed permission to the default 1362 // sms and phone apps after the user chooses this in the UI. 1363 if (!isFixedOrUserSet(flags) || ignoreSystemPackage 1364 || changingGrantForSystemFixed) { 1365 // Never clobber policy fixed permissions. 1366 // We must allow the grant of a system-fixed permission because 1367 // system-fixed is sticky, but the permission itself may be revoked. 1368 if ((flags & PackageManager.FLAG_PERMISSION_POLICY_FIXED) != 0) { 1369 continue; 1370 } 1371 1372 // Preserve allowlisting flags. 1373 newFlags |= (flags & PackageManager.FLAGS_PERMISSION_RESTRICTION_ANY_EXEMPT); 1374 1375 // If we are allowlisting the permission, update the exempt flag before grant. 1376 if (whitelistRestrictedPermissions && pm.isPermissionRestricted(permission)) { 1377 pm.updatePermissionFlags(permission, pkg, 1378 PackageManager.FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT, 1379 PackageManager.FLAG_PERMISSION_RESTRICTION_SYSTEM_EXEMPT, user); 1380 } 1381 1382 // If the system tries to change a system fixed permission from one fixed 1383 // state to another we need to drop the fixed flag to allow the grant. 1384 if (changingGrantForSystemFixed) { 1385 pm.updatePermissionFlags(permission, pkg, flags, 1386 flags & ~PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, user); 1387 } 1388 1389 if (!pm.isGranted(permission, pkg, user)) { 1390 pm.grantPermission(permission, pkg, user); 1391 } 1392 1393 // clear the REVIEW_REQUIRED flag, if set 1394 int flagMask = newFlags | PackageManager.FLAG_PERMISSION_REVIEW_REQUIRED; 1395 pm.updatePermissionFlags(permission, pkg, flagMask, newFlags, user); 1396 } 1397 1398 // If a component gets a permission for being the default handler A 1399 // and also default handler B, we grant the weaker grant form. 1400 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0 1401 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 1402 && !systemFixed) { 1403 if (DEBUG) { 1404 Log.i(TAG, "Granted not fixed " + permission + " to default handler " 1405 + pkg); 1406 } 1407 pm.updatePermissionFlags(permission, pkg, 1408 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, user); 1409 } 1410 } 1411 } 1412 } 1413 grantDefaultPermissionExceptions(PackageManagerWrapper pm, int userId)1414 private void grantDefaultPermissionExceptions(PackageManagerWrapper pm, int userId) { 1415 mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS); 1416 1417 synchronized (mLock) { 1418 // mGrantExceptions is null only before the first read and then 1419 // it serves as a cache of the default grants that should be 1420 // performed for every user. If there is an entry then the app 1421 // is on the system image and supports runtime permissions. 1422 if (mGrantExceptions == null) { 1423 mGrantExceptions = readDefaultPermissionExceptionsLocked(pm); 1424 } 1425 } 1426 1427 Set<String> permissions = null; 1428 final int exceptionCount = mGrantExceptions.size(); 1429 for (int i = 0; i < exceptionCount; i++) { 1430 String packageName = mGrantExceptions.keyAt(i); 1431 PackageInfo pkg = pm.getSystemPackageInfo(packageName); 1432 List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i); 1433 final int permissionGrantCount = permissionGrants.size(); 1434 for (int j = 0; j < permissionGrantCount; j++) { 1435 DefaultPermissionGrant permissionGrant = permissionGrants.get(j); 1436 if (!pm.isPermissionDangerous(permissionGrant.name)) { 1437 Log.w(TAG, "Ignoring permission " + permissionGrant.name 1438 + " which isn't dangerous"); 1439 continue; 1440 } 1441 if (permissions == null) { 1442 permissions = new ArraySet<>(); 1443 } else { 1444 permissions.clear(); 1445 } 1446 permissions.add(permissionGrant.name); 1447 1448 1449 grantRuntimePermissions(pm, pkg, permissions, permissionGrant.fixed, 1450 permissionGrant.whitelisted, true /*whitelistRestrictedPermissions*/, 1451 userId); 1452 } 1453 } 1454 } 1455 getDefaultPermissionFiles()1456 private File[] getDefaultPermissionFiles() { 1457 ArrayList<File> ret = new ArrayList<File>(); 1458 File dir = new File(Environment.getRootDirectory(), "etc/default-permissions"); 1459 if (dir.isDirectory() && dir.canRead()) { 1460 Collections.addAll(ret, dir.listFiles()); 1461 } 1462 dir = new File(Environment.getVendorDirectory(), "etc/default-permissions"); 1463 if (dir.isDirectory() && dir.canRead()) { 1464 Collections.addAll(ret, dir.listFiles()); 1465 } 1466 dir = new File(Environment.getOdmDirectory(), "etc/default-permissions"); 1467 if (dir.isDirectory() && dir.canRead()) { 1468 Collections.addAll(ret, dir.listFiles()); 1469 } 1470 dir = new File(Environment.getProductDirectory(), "etc/default-permissions"); 1471 if (dir.isDirectory() && dir.canRead()) { 1472 Collections.addAll(ret, dir.listFiles()); 1473 } 1474 dir = new File(Environment.getSystemExtDirectory(), "etc/default-permissions"); 1475 if (dir.isDirectory() && dir.canRead()) { 1476 Collections.addAll(ret, dir.listFiles()); 1477 } 1478 // For IoT devices, we check the oem partition for default permissions for each app. 1479 if (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_EMBEDDED, 0)) { 1480 dir = new File(Environment.getOemDirectory(), "etc/default-permissions"); 1481 if (dir.isDirectory() && dir.canRead()) { 1482 Collections.addAll(ret, dir.listFiles()); 1483 } 1484 } 1485 return ret.isEmpty() ? null : ret.toArray(new File[0]); 1486 } 1487 1488 private @NonNull ArrayMap<String, List<DefaultPermissionGrant>> readDefaultPermissionExceptionsLocked(PackageManagerWrapper pm)1489 readDefaultPermissionExceptionsLocked(PackageManagerWrapper pm) { 1490 File[] files = getDefaultPermissionFiles(); 1491 if (files == null) { 1492 return new ArrayMap<>(0); 1493 } 1494 1495 ArrayMap<String, List<DefaultPermissionGrant>> grantExceptions = new ArrayMap<>(); 1496 1497 // Iterate over the files in the directory and scan .xml files 1498 for (File file : files) { 1499 if (!file.getPath().endsWith(".xml")) { 1500 Slog.i(TAG, "Non-xml file " + file 1501 + " in " + file.getParent() + " directory, ignoring"); 1502 continue; 1503 } 1504 if (!file.canRead()) { 1505 Slog.w(TAG, "Default permissions file " + file + " cannot be read"); 1506 continue; 1507 } 1508 try (InputStream str = new FileInputStream(file)) { 1509 TypedXmlPullParser parser = Xml.resolvePullParser(str); 1510 parse(pm, parser, grantExceptions); 1511 } catch (XmlPullParserException | IOException e) { 1512 Slog.w(TAG, "Error reading default permissions file " + file, e); 1513 } 1514 } 1515 1516 return grantExceptions; 1517 } 1518 parse(PackageManagerWrapper pm, TypedXmlPullParser parser, Map<String, List<DefaultPermissionGrant>> outGrantExceptions)1519 private void parse(PackageManagerWrapper pm, TypedXmlPullParser parser, 1520 Map<String, List<DefaultPermissionGrant>> outGrantExceptions) 1521 throws IOException, XmlPullParserException { 1522 final int outerDepth = parser.getDepth(); 1523 int type; 1524 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1525 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1526 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1527 continue; 1528 } 1529 if (TAG_EXCEPTIONS.equals(parser.getName())) { 1530 parseExceptions(pm, parser, outGrantExceptions); 1531 } else { 1532 Log.e(TAG, "Unknown tag " + parser.getName()); 1533 } 1534 } 1535 } 1536 parseExceptions(PackageManagerWrapper pm, TypedXmlPullParser parser, Map<String, List<DefaultPermissionGrant>> outGrantExceptions)1537 private void parseExceptions(PackageManagerWrapper pm, TypedXmlPullParser parser, 1538 Map<String, List<DefaultPermissionGrant>> outGrantExceptions) 1539 throws IOException, XmlPullParserException { 1540 final int outerDepth = parser.getDepth(); 1541 int type; 1542 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1543 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1544 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1545 continue; 1546 } 1547 if (TAG_EXCEPTION.equals(parser.getName())) { 1548 String packageName = parser.getAttributeValue(null, ATTR_PACKAGE); 1549 1550 List<DefaultPermissionGrant> packageExceptions = 1551 outGrantExceptions.get(packageName); 1552 if (packageExceptions == null) { 1553 // The package must be on the system image 1554 PackageInfo packageInfo = pm.getSystemPackageInfo(packageName); 1555 1556 if (packageInfo == null) { 1557 Log.w(TAG, "No such package:" + packageName); 1558 XmlUtils.skipCurrentTag(parser); 1559 continue; 1560 } 1561 1562 if (!pm.isSystemPackage(packageInfo)) { 1563 Log.w(TAG, "Unknown system package:" + packageName); 1564 XmlUtils.skipCurrentTag(parser); 1565 continue; 1566 } 1567 1568 // The package must support runtime permissions 1569 if (!doesPackageSupportRuntimePermissions(packageInfo)) { 1570 Log.w(TAG, "Skipping non supporting runtime permissions package:" 1571 + packageName); 1572 XmlUtils.skipCurrentTag(parser); 1573 continue; 1574 } 1575 packageExceptions = new ArrayList<>(); 1576 outGrantExceptions.put(packageName, packageExceptions); 1577 } 1578 1579 parsePermission(parser, packageExceptions); 1580 } else { 1581 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exceptions>"); 1582 } 1583 } 1584 } 1585 parsePermission(TypedXmlPullParser parser, List<DefaultPermissionGrant> outPackageExceptions)1586 private void parsePermission(TypedXmlPullParser parser, List<DefaultPermissionGrant> 1587 outPackageExceptions) throws IOException, XmlPullParserException { 1588 final int outerDepth = parser.getDepth(); 1589 int type; 1590 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1591 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1592 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1593 continue; 1594 } 1595 1596 if (TAG_PERMISSION.contains(parser.getName())) { 1597 String name = parser.getAttributeValue(null, ATTR_NAME); 1598 if (name == null) { 1599 Log.w(TAG, "Mandatory name attribute missing for permission tag"); 1600 XmlUtils.skipCurrentTag(parser); 1601 continue; 1602 } 1603 1604 final boolean fixed = 1605 parser.getAttributeBoolean(null, ATTR_FIXED, false); 1606 final boolean whitelisted = 1607 parser.getAttributeBoolean(null, ATTR_WHITELISTED, false); 1608 1609 DefaultPermissionGrant exception = new DefaultPermissionGrant( 1610 name, fixed, whitelisted); 1611 outPackageExceptions.add(exception); 1612 } else { 1613 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exception>"); 1614 } 1615 } 1616 } 1617 doesPackageSupportRuntimePermissions(PackageInfo pkg)1618 private static boolean doesPackageSupportRuntimePermissions(PackageInfo pkg) { 1619 return pkg.applicationInfo != null 1620 && pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1; 1621 } 1622 1623 /** 1624 * A wrapper for package manager calls done by this class 1625 */ 1626 private abstract class PackageManagerWrapper { getPermissionFlags(@onNull String permission, @NonNull PackageInfo pkg, @NonNull UserHandle user)1627 abstract int getPermissionFlags(@NonNull String permission, @NonNull PackageInfo pkg, 1628 @NonNull UserHandle user); 1629 updatePermissionFlags(@onNull String permission, @NonNull PackageInfo pkg, int flagMask, int flagValues, @NonNull UserHandle user)1630 abstract void updatePermissionFlags(@NonNull String permission, @NonNull PackageInfo pkg, 1631 int flagMask, int flagValues, @NonNull UserHandle user); 1632 grantPermission(@onNull String permission, @NonNull PackageInfo pkg, @NonNull UserHandle user)1633 abstract void grantPermission(@NonNull String permission, @NonNull PackageInfo pkg, 1634 @NonNull UserHandle user); 1635 revokePermission(@onNull String permission, @NonNull PackageInfo pkg, @NonNull UserHandle user)1636 abstract void revokePermission(@NonNull String permission, @NonNull PackageInfo pkg, 1637 @NonNull UserHandle user); 1638 isGranted(@onNull String permission, @NonNull PackageInfo pkg, @NonNull UserHandle user)1639 abstract boolean isGranted(@NonNull String permission, @NonNull PackageInfo pkg, 1640 @NonNull UserHandle user); 1641 getPermissionInfo(@onNull String permissionName)1642 abstract @Nullable PermissionInfo getPermissionInfo(@NonNull String permissionName); 1643 getPackageInfo(@onNull String pkg)1644 abstract @Nullable PackageInfo getPackageInfo(@NonNull String pkg); 1645 getSystemPackageInfo(@onNull String pkg)1646 @Nullable PackageInfo getSystemPackageInfo(@NonNull String pkg) { 1647 PackageInfo pi = getPackageInfo(pkg); 1648 if (pi == null || !pi.applicationInfo.isSystemApp()) { 1649 return null; 1650 } 1651 return pi; 1652 } 1653 isPermissionRestricted(@onNull String name)1654 boolean isPermissionRestricted(@NonNull String name) { 1655 PermissionInfo pi = getPermissionInfo(name); 1656 if (pi == null) { 1657 return false; 1658 } 1659 1660 return pi.isRestricted(); 1661 } 1662 isPermissionDangerous(@onNull String name)1663 boolean isPermissionDangerous(@NonNull String name) { 1664 PermissionInfo pi = getPermissionInfo(name); 1665 if (pi == null) { 1666 return false; 1667 } 1668 1669 return pi.getProtection() == PermissionInfo.PROTECTION_DANGEROUS; 1670 } 1671 1672 /** 1673 * Return the background permission for a permission. 1674 * 1675 * @param permission The name of the foreground permission 1676 * 1677 * @return The name of the background permission or {@code null} if the permission has no 1678 * background permission 1679 */ getBackgroundPermission(@onNull String permission)1680 @Nullable String getBackgroundPermission(@NonNull String permission) { 1681 PermissionInfo pi = getPermissionInfo(permission); 1682 if (pi == null) { 1683 return null; 1684 } 1685 1686 return pi.backgroundPermission; 1687 } 1688 isSystemPackage(@ullable String packageName)1689 boolean isSystemPackage(@Nullable String packageName) { 1690 return isSystemPackage(getPackageInfo(packageName)); 1691 } 1692 isSystemPackage(@ullable PackageInfo pkg)1693 boolean isSystemPackage(@Nullable PackageInfo pkg) { 1694 if (pkg == null) { 1695 return false; 1696 } 1697 return pkg.applicationInfo.isSystemApp() 1698 && !isSysComponentOrPersistentPlatformSignedPrivApp(pkg); 1699 } 1700 isSysComponentOrPersistentPlatformSignedPrivApp(@onNull PackageInfo pkg)1701 boolean isSysComponentOrPersistentPlatformSignedPrivApp(@NonNull PackageInfo pkg) { 1702 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) { 1703 return true; 1704 } 1705 if (!pkg.applicationInfo.isPrivilegedApp()) { 1706 return false; 1707 } 1708 final PackageInfo disabledPkg = getSystemPackageInfo( 1709 mServiceInternal.getDisabledSystemPackageName(pkg.applicationInfo.packageName)); 1710 if (disabledPkg != null) { 1711 ApplicationInfo disabledPackageAppInfo = disabledPkg.applicationInfo; 1712 if (disabledPackageAppInfo != null 1713 && (disabledPackageAppInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 1714 return false; 1715 } 1716 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 1717 return false; 1718 } 1719 return mServiceInternal.isPlatformSigned(pkg.packageName); 1720 } 1721 } 1722 1723 /** 1724 * Do package manager calls but cache state and delay any change until {@link #apply()} is 1725 * called 1726 */ 1727 private class DelayingPackageManagerCache extends PackageManagerWrapper { 1728 /** uid -> permission -> isGranted, flags */ 1729 private SparseArray<ArrayMap<String, PermissionState>> mDelayedPermissionState = 1730 new SparseArray<>(); 1731 /** userId -> context */ 1732 private SparseArray<Context> mUserContexts = new SparseArray<>(); 1733 /** Permission name -> info */ 1734 private ArrayMap<String, PermissionInfo> mPermissionInfos = new ArrayMap<>(); 1735 /** Package name -> info */ 1736 private ArrayMap<String, PackageInfo> mPackageInfos = new ArrayMap<>(); 1737 1738 /** 1739 * Apply the cached state 1740 */ apply()1741 void apply() { 1742 PackageManager.corkPackageInfoCache(); 1743 for (int uidIdx = 0; uidIdx < mDelayedPermissionState.size(); uidIdx++) { 1744 for (int permIdx = 0; permIdx < mDelayedPermissionState.valueAt(uidIdx).size(); 1745 permIdx++) { 1746 try { 1747 mDelayedPermissionState.valueAt(uidIdx).valueAt(permIdx).apply(); 1748 } catch (IllegalArgumentException e) { 1749 Slog.w(TAG, "Cannot set permission " + mDelayedPermissionState.valueAt( 1750 uidIdx).keyAt(permIdx) + " of uid " + mDelayedPermissionState.keyAt( 1751 uidIdx), e); 1752 } 1753 } 1754 } 1755 PackageManager.uncorkPackageInfoCache(); 1756 } 1757 addPackageInfo(@onNull String packageName, @NonNull PackageInfo pkg)1758 void addPackageInfo(@NonNull String packageName, @NonNull PackageInfo pkg) { 1759 mPackageInfos.put(packageName, pkg); 1760 } 1761 createContextAsUser(@onNull UserHandle user)1762 private @NonNull Context createContextAsUser(@NonNull UserHandle user) { 1763 int index = mUserContexts.indexOfKey(user.getIdentifier()); 1764 if (index >= 0) { 1765 return mUserContexts.valueAt(index); 1766 } 1767 1768 Context uc = mContext.createContextAsUser(user, 0); 1769 1770 mUserContexts.put(user.getIdentifier(), uc); 1771 1772 return uc; 1773 } 1774 getPermissionState(@onNull String permission, @NonNull PackageInfo pkg, @NonNull UserHandle user)1775 private @NonNull PermissionState getPermissionState(@NonNull String permission, 1776 @NonNull PackageInfo pkg, @NonNull UserHandle user) { 1777 int uid = UserHandle.getUid(user.getIdentifier(), 1778 UserHandle.getAppId(pkg.applicationInfo.uid)); 1779 int uidIdx = mDelayedPermissionState.indexOfKey(uid); 1780 1781 ArrayMap<String, PermissionState> uidState; 1782 if (uidIdx >= 0) { 1783 uidState = mDelayedPermissionState.valueAt(uidIdx); 1784 } else { 1785 uidState = new ArrayMap<>(); 1786 mDelayedPermissionState.put(uid, uidState); 1787 } 1788 1789 int permIdx = uidState.indexOfKey(permission); 1790 1791 PermissionState permState; 1792 if (permIdx >= 0) { 1793 permState = uidState.valueAt(permIdx); 1794 } else { 1795 permState = new PermissionState(permission, pkg, user); 1796 uidState.put(permission, permState); 1797 } 1798 1799 return permState; 1800 } 1801 1802 @Override getPermissionFlags(@onNull String permission, @NonNull PackageInfo pkg, @NonNull UserHandle user)1803 public int getPermissionFlags(@NonNull String permission, @NonNull PackageInfo pkg, 1804 @NonNull UserHandle user) { 1805 PermissionState state = getPermissionState(permission, pkg, user); 1806 state.initFlags(); 1807 return state.newFlags; 1808 } 1809 1810 @Override updatePermissionFlags(@onNull String permission, @NonNull PackageInfo pkg, int flagMask, int flagValues, @NonNull UserHandle user)1811 public void updatePermissionFlags(@NonNull String permission, @NonNull PackageInfo pkg, 1812 int flagMask, int flagValues, @NonNull UserHandle user) { 1813 PermissionState state = getPermissionState(permission, pkg, user); 1814 state.initFlags(); 1815 state.newFlags = (state.newFlags & ~flagMask) | (flagValues & flagMask); 1816 } 1817 1818 @Override grantPermission(@onNull String permission, @NonNull PackageInfo pkg, @NonNull UserHandle user)1819 public void grantPermission(@NonNull String permission, @NonNull PackageInfo pkg, 1820 @NonNull UserHandle user) { 1821 if (PermissionManager.DEBUG_TRACE_GRANTS 1822 && PermissionManager.shouldTraceGrant( 1823 pkg.packageName, permission, user.getIdentifier())) { 1824 Log.i(PermissionManager.LOG_TAG_TRACE_GRANTS, 1825 "PregrantPolicy is granting " + pkg.packageName + " " 1826 + permission + " for user " + user.getIdentifier(), 1827 new RuntimeException()); 1828 } 1829 PermissionState state = getPermissionState(permission, pkg, user); 1830 state.initGranted(); 1831 state.newGranted = true; 1832 } 1833 1834 @Override revokePermission(@onNull String permission, @NonNull PackageInfo pkg, @NonNull UserHandle user)1835 public void revokePermission(@NonNull String permission, @NonNull PackageInfo pkg, 1836 @NonNull UserHandle user) { 1837 PermissionState state = getPermissionState(permission, pkg, user); 1838 state.initGranted(); 1839 state.newGranted = false; 1840 } 1841 1842 @Override isGranted(@onNull String permission, @NonNull PackageInfo pkg, @NonNull UserHandle user)1843 public boolean isGranted(@NonNull String permission, @NonNull PackageInfo pkg, 1844 @NonNull UserHandle user) { 1845 PermissionState state = getPermissionState(permission, pkg, user); 1846 state.initGranted(); 1847 return state.newGranted; 1848 } 1849 1850 @Override getPermissionInfo(@onNull String permissionName)1851 public @Nullable PermissionInfo getPermissionInfo(@NonNull String permissionName) { 1852 int index = mPermissionInfos.indexOfKey(permissionName); 1853 if (index >= 0) { 1854 return mPermissionInfos.valueAt(index); 1855 } 1856 1857 PermissionInfo pi = NO_PM_CACHE.getPermissionInfo(permissionName); 1858 mPermissionInfos.put(permissionName, pi); 1859 1860 return pi; 1861 } 1862 1863 @Override getPackageInfo(@onNull String pkg)1864 public @Nullable PackageInfo getPackageInfo(@NonNull String pkg) { 1865 int index = mPackageInfos.indexOfKey(pkg); 1866 if (index >= 0) { 1867 return mPackageInfos.valueAt(index); 1868 } 1869 1870 PackageInfo pi = NO_PM_CACHE.getPackageInfo(pkg); 1871 mPackageInfos.put(pkg, pi); 1872 1873 return pi; 1874 } 1875 1876 /** 1877 * State of a single permission belonging to a single uid 1878 */ 1879 private class PermissionState { 1880 private final @NonNull String mPermission; 1881 private final @NonNull PackageInfo mPkgRequestingPerm; 1882 private final @NonNull UserHandle mUser; 1883 1884 /** Permission flags when the state was created */ 1885 private @Nullable Integer mOriginalFlags; 1886 /** Altered permission flags or {@code null} if no change was requested */ 1887 @Nullable Integer newFlags; 1888 1889 /** Grant state when the state was created */ 1890 private @Nullable Boolean mOriginalGranted; 1891 /** Altered grant state or {@code null} if no change was requested */ 1892 @Nullable Boolean newGranted; 1893 PermissionState(@onNull String permission, @NonNull PackageInfo pkgRequestingPerm, @NonNull UserHandle user)1894 private PermissionState(@NonNull String permission, 1895 @NonNull PackageInfo pkgRequestingPerm, @NonNull UserHandle user) { 1896 mPermission = permission; 1897 mPkgRequestingPerm = pkgRequestingPerm; 1898 mUser = user; 1899 } 1900 1901 /** 1902 * Apply the changes to the permission to the system 1903 */ apply()1904 void apply() { 1905 if (DEBUG) { 1906 Slog.i(TAG, "Granting " + mPermission + " to user " + mUser.getIdentifier() 1907 + " pkg=" + mPkgRequestingPerm.packageName + " granted=" + newGranted 1908 + " flags=" + Integer.toBinaryString(newFlags)); 1909 } 1910 1911 int flagsToAdd = 0; 1912 int flagsToRemove = 0; 1913 if (newFlags != null) { 1914 flagsToAdd = newFlags & ~mOriginalFlags; 1915 flagsToRemove = mOriginalFlags & ~newFlags; 1916 } 1917 1918 // Need to remove e.g. SYSTEM_FIXED flags first as otherwise permission cannot be 1919 // changed 1920 if (flagsToRemove != 0) { 1921 NO_PM_CACHE.updatePermissionFlags(mPermission, mPkgRequestingPerm, 1922 flagsToRemove, 0, mUser); 1923 } 1924 1925 // Need to unrestrict first as otherwise permission grants might fail 1926 if ((flagsToAdd & PackageManager.FLAGS_PERMISSION_RESTRICTION_ANY_EXEMPT) != 0) { 1927 int newRestrictionExcemptFlags = 1928 flagsToAdd & PackageManager.FLAGS_PERMISSION_RESTRICTION_ANY_EXEMPT; 1929 1930 NO_PM_CACHE.updatePermissionFlags(mPermission, 1931 mPkgRequestingPerm, newRestrictionExcemptFlags, -1, mUser); 1932 } 1933 1934 if (newGranted != null && newGranted != mOriginalGranted) { 1935 if (newGranted) { 1936 NO_PM_CACHE.grantPermission(mPermission, mPkgRequestingPerm, mUser); 1937 } else { 1938 NO_PM_CACHE.revokePermission(mPermission, mPkgRequestingPerm, mUser); 1939 } 1940 } 1941 1942 if ((flagsToAdd & ~PackageManager.FLAGS_PERMISSION_RESTRICTION_ANY_EXEMPT) != 0) { 1943 int newFlags = 1944 flagsToAdd & ~PackageManager.FLAGS_PERMISSION_RESTRICTION_ANY_EXEMPT; 1945 1946 NO_PM_CACHE.updatePermissionFlags(mPermission, mPkgRequestingPerm, newFlags, 1947 -1, mUser); 1948 } 1949 } 1950 1951 /** 1952 * Load the state of the flags before first use 1953 */ initFlags()1954 void initFlags() { 1955 if (newFlags == null) { 1956 mOriginalFlags = NO_PM_CACHE.getPermissionFlags(mPermission, mPkgRequestingPerm, 1957 mUser); 1958 newFlags = mOriginalFlags; 1959 } 1960 } 1961 1962 /** 1963 * Load the grant state before first use 1964 */ initGranted()1965 void initGranted() { 1966 if (newGranted == null) { 1967 // Don't call NO_PM_CACHE here so that contexts are reused 1968 mOriginalGranted = createContextAsUser(mUser).getPackageManager() 1969 .checkPermission(mPermission, mPkgRequestingPerm.packageName) 1970 == PackageManager.PERMISSION_GRANTED; 1971 newGranted = mOriginalGranted; 1972 } 1973 } 1974 } 1975 } 1976 1977 private static final class DefaultPermissionGrant { 1978 final String name; 1979 final boolean fixed; 1980 final boolean whitelisted; 1981 DefaultPermissionGrant(String name, boolean fixed, boolean whitelisted)1982 public DefaultPermissionGrant(String name, boolean fixed, 1983 boolean whitelisted) { 1984 this.name = name; 1985 this.fixed = fixed; 1986 this.whitelisted = whitelisted; 1987 } 1988 } 1989 } 1990