1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.server.pm; 18 19 import android.Manifest; 20 import android.app.DownloadManager; 21 import android.app.admin.DevicePolicyManager; 22 import android.content.Intent; 23 import android.content.pm.ApplicationInfo; 24 import android.content.pm.PackageManager; 25 import android.content.pm.PackageManagerInternal.PackagesProvider; 26 import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider; 27 import android.content.pm.PackageParser; 28 import android.content.pm.ProviderInfo; 29 import android.content.pm.ResolveInfo; 30 import android.net.Uri; 31 import android.os.Build; 32 import android.os.UserHandle; 33 import android.provider.CalendarContract; 34 import android.provider.ContactsContract; 35 import android.provider.MediaStore; 36 import android.provider.Telephony.Sms.Intents; 37 import android.security.Credentials; 38 import android.util.ArraySet; 39 import android.util.Log; 40 41 import java.io.File; 42 import java.util.ArrayList; 43 import java.util.List; 44 import java.util.Set; 45 46 import static android.os.Process.FIRST_APPLICATION_UID; 47 48 /** 49 * This class is the policy for granting runtime permissions to 50 * platform components and default handlers in the system such 51 * that the device is usable out-of-the-box. For example, the 52 * shell UID is a part of the system and the Phone app should 53 * have phone related permission by default. 54 */ 55 final class DefaultPermissionGrantPolicy { 56 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars 57 private static final boolean DEBUG = false; 58 59 private static final String AUDIO_MIME_TYPE = "audio/mpeg"; 60 61 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>(); 62 static { 63 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE); 64 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE); 65 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG); 66 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG); 67 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL); 68 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP); 69 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS); 70 } 71 72 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>(); 73 static { 74 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS); 75 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS); 76 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS); 77 } 78 79 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>(); 80 static { 81 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION); 82 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION); 83 } 84 85 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>(); 86 static { 87 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR); 88 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR); 89 } 90 91 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>(); 92 static { 93 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS); 94 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS); 95 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS); 96 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH); 97 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS); 98 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS); 99 } 100 101 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>(); 102 static { 103 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO); 104 } 105 106 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>(); 107 static { 108 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA); 109 } 110 111 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>(); 112 static { 113 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS); 114 } 115 116 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>(); 117 static { 118 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE); 119 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE); 120 } 121 122 private final PackageManagerService mService; 123 124 private PackagesProvider mImePackagesProvider; 125 private PackagesProvider mLocationPackagesProvider; 126 private PackagesProvider mVoiceInteractionPackagesProvider; 127 private PackagesProvider mSmsAppPackagesProvider; 128 private PackagesProvider mDialerAppPackagesProvider; 129 private PackagesProvider mSimCallManagerPackagesProvider; 130 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider; 131 DefaultPermissionGrantPolicy(PackageManagerService service)132 public DefaultPermissionGrantPolicy(PackageManagerService service) { 133 mService = service; 134 } 135 setImePackagesProviderLPr(PackagesProvider provider)136 public void setImePackagesProviderLPr(PackagesProvider provider) { 137 mImePackagesProvider = provider; 138 } 139 setLocationPackagesProviderLPw(PackagesProvider provider)140 public void setLocationPackagesProviderLPw(PackagesProvider provider) { 141 mLocationPackagesProvider = provider; 142 } 143 setVoiceInteractionPackagesProviderLPw(PackagesProvider provider)144 public void setVoiceInteractionPackagesProviderLPw(PackagesProvider provider) { 145 mVoiceInteractionPackagesProvider = provider; 146 } 147 setSmsAppPackagesProviderLPw(PackagesProvider provider)148 public void setSmsAppPackagesProviderLPw(PackagesProvider provider) { 149 mSmsAppPackagesProvider = provider; 150 } 151 setDialerAppPackagesProviderLPw(PackagesProvider provider)152 public void setDialerAppPackagesProviderLPw(PackagesProvider provider) { 153 mDialerAppPackagesProvider = provider; 154 } 155 setSimCallManagerPackagesProviderLPw(PackagesProvider provider)156 public void setSimCallManagerPackagesProviderLPw(PackagesProvider provider) { 157 mSimCallManagerPackagesProvider = provider; 158 } 159 setSyncAdapterPackagesProviderLPw(SyncAdapterPackagesProvider provider)160 public void setSyncAdapterPackagesProviderLPw(SyncAdapterPackagesProvider provider) { 161 mSyncAdapterPackagesProvider = provider; 162 } 163 grantDefaultPermissions(int userId)164 public void grantDefaultPermissions(int userId) { 165 grantPermissionsToSysComponentsAndPrivApps(userId); 166 grantDefaultSystemHandlerPermissions(userId); 167 } 168 grantPermissionsToSysComponentsAndPrivApps(int userId)169 private void grantPermissionsToSysComponentsAndPrivApps(int userId) { 170 Log.i(TAG, "Granting permissions to platform components for user " + userId); 171 172 synchronized (mService.mPackages) { 173 for (PackageParser.Package pkg : mService.mPackages.values()) { 174 if (!isSysComponentOrPersistentPlatformSignedPrivAppLPr(pkg) 175 || !doesPackageSupportRuntimePermissions(pkg) 176 || pkg.requestedPermissions.isEmpty()) { 177 continue; 178 } 179 Set<String> permissions = new ArraySet<>(); 180 final int permissionCount = pkg.requestedPermissions.size(); 181 for (int i = 0; i < permissionCount; i++) { 182 String permission = pkg.requestedPermissions.get(i); 183 BasePermission bp = mService.mSettings.mPermissions.get(permission); 184 if (bp != null && bp.isRuntime()) { 185 permissions.add(permission); 186 } 187 } 188 if (!permissions.isEmpty()) { 189 grantRuntimePermissionsLPw(pkg, permissions, true, userId); 190 } 191 } 192 } 193 } 194 grantDefaultSystemHandlerPermissions(int userId)195 private void grantDefaultSystemHandlerPermissions(int userId) { 196 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId); 197 198 final PackagesProvider imePackagesProvider; 199 final PackagesProvider locationPackagesProvider; 200 final PackagesProvider voiceInteractionPackagesProvider; 201 final PackagesProvider smsAppPackagesProvider; 202 final PackagesProvider dialerAppPackagesProvider; 203 final PackagesProvider simCallManagerPackagesProvider; 204 final SyncAdapterPackagesProvider syncAdapterPackagesProvider; 205 206 synchronized (mService.mPackages) { 207 imePackagesProvider = mImePackagesProvider; 208 locationPackagesProvider = mLocationPackagesProvider; 209 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider; 210 smsAppPackagesProvider = mSmsAppPackagesProvider; 211 dialerAppPackagesProvider = mDialerAppPackagesProvider; 212 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider; 213 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider; 214 } 215 216 String[] imePackageNames = (imePackagesProvider != null) 217 ? imePackagesProvider.getPackages(userId) : null; 218 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null) 219 ? voiceInteractionPackagesProvider.getPackages(userId) : null; 220 String[] locationPackageNames = (locationPackagesProvider != null) 221 ? locationPackagesProvider.getPackages(userId) : null; 222 String[] smsAppPackageNames = (smsAppPackagesProvider != null) 223 ? smsAppPackagesProvider.getPackages(userId) : null; 224 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null) 225 ? dialerAppPackagesProvider.getPackages(userId) : null; 226 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null) 227 ? simCallManagerPackagesProvider.getPackages(userId) : null; 228 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 229 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null; 230 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 231 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null; 232 233 synchronized (mService.mPackages) { 234 // Installer 235 PackageParser.Package installerPackage = getSystemPackageLPr( 236 mService.mRequiredInstallerPackage); 237 if (installerPackage != null 238 && doesPackageSupportRuntimePermissions(installerPackage)) { 239 grantRuntimePermissionsLPw(installerPackage, STORAGE_PERMISSIONS, true, userId); 240 } 241 242 // Verifier 243 PackageParser.Package verifierPackage = getSystemPackageLPr( 244 mService.mRequiredVerifierPackage); 245 if (verifierPackage != null 246 && doesPackageSupportRuntimePermissions(verifierPackage)) { 247 grantRuntimePermissionsLPw(verifierPackage, STORAGE_PERMISSIONS, true, userId); 248 grantRuntimePermissionsLPw(verifierPackage, PHONE_PERMISSIONS, false, userId); 249 grantRuntimePermissionsLPw(verifierPackage, SMS_PERMISSIONS, false, userId); 250 } 251 252 // SetupWizard 253 Intent setupIntent = new Intent(Intent.ACTION_MAIN); 254 setupIntent.addCategory(Intent.CATEGORY_SETUP_WIZARD); 255 PackageParser.Package setupPackage = getDefaultSystemHandlerActivityPackageLPr( 256 setupIntent, userId); 257 if (setupPackage != null 258 && doesPackageSupportRuntimePermissions(setupPackage)) { 259 grantRuntimePermissionsLPw(setupPackage, PHONE_PERMISSIONS, userId); 260 grantRuntimePermissionsLPw(setupPackage, CONTACTS_PERMISSIONS, userId); 261 } 262 263 // Camera 264 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE); 265 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackageLPr( 266 cameraIntent, userId); 267 if (cameraPackage != null 268 && doesPackageSupportRuntimePermissions(cameraPackage)) { 269 grantRuntimePermissionsLPw(cameraPackage, CAMERA_PERMISSIONS, userId); 270 grantRuntimePermissionsLPw(cameraPackage, MICROPHONE_PERMISSIONS, userId); 271 grantRuntimePermissionsLPw(cameraPackage, STORAGE_PERMISSIONS, userId); 272 } 273 274 // Media provider 275 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackageLPr( 276 MediaStore.AUTHORITY, userId); 277 if (mediaStorePackage != null) { 278 grantRuntimePermissionsLPw(mediaStorePackage, STORAGE_PERMISSIONS, true, userId); 279 } 280 281 // Downloads provider 282 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackageLPr( 283 "downloads", userId); 284 if (downloadsPackage != null) { 285 grantRuntimePermissionsLPw(downloadsPackage, STORAGE_PERMISSIONS, true, userId); 286 } 287 288 // Downloads UI 289 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS); 290 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackageLPr( 291 downloadsUiIntent, userId); 292 if (downloadsUiPackage != null 293 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) { 294 grantRuntimePermissionsLPw(downloadsUiPackage, STORAGE_PERMISSIONS, true, userId); 295 } 296 297 // Storage provider 298 PackageParser.Package storagePackage = getDefaultProviderAuthorityPackageLPr( 299 "com.android.externalstorage.documents", userId); 300 if (storagePackage != null) { 301 grantRuntimePermissionsLPw(storagePackage, STORAGE_PERMISSIONS, true, userId); 302 } 303 304 // CertInstaller 305 Intent certInstallerIntent = new Intent(Credentials.INSTALL_ACTION); 306 PackageParser.Package certInstallerPackage = getDefaultSystemHandlerActivityPackageLPr( 307 certInstallerIntent, userId); 308 if (certInstallerPackage != null 309 && doesPackageSupportRuntimePermissions(certInstallerPackage)) { 310 grantRuntimePermissionsLPw(certInstallerPackage, STORAGE_PERMISSIONS, true, userId); 311 } 312 313 // Dialer 314 if (dialerAppPackageNames == null) { 315 Intent dialerIntent = new Intent(Intent.ACTION_DIAL); 316 PackageParser.Package dialerPackage = getDefaultSystemHandlerActivityPackageLPr( 317 dialerIntent, userId); 318 if (dialerPackage != null) { 319 grantDefaultPermissionsToDefaultSystemDialerAppLPr(dialerPackage, userId); 320 } 321 } else { 322 for (String dialerAppPackageName : dialerAppPackageNames) { 323 PackageParser.Package dialerPackage = getSystemPackageLPr(dialerAppPackageName); 324 if (dialerPackage != null) { 325 grantDefaultPermissionsToDefaultSystemDialerAppLPr(dialerPackage, userId); 326 } 327 } 328 } 329 330 // Sim call manager 331 if (simCallManagerPackageNames != null) { 332 for (String simCallManagerPackageName : simCallManagerPackageNames) { 333 PackageParser.Package simCallManagerPackage = 334 getSystemPackageLPr(simCallManagerPackageName); 335 if (simCallManagerPackage != null) { 336 grantDefaultPermissionsToDefaultSimCallManagerLPr(simCallManagerPackage, 337 userId); 338 } 339 } 340 } 341 342 // SMS 343 if (smsAppPackageNames == null) { 344 Intent smsIntent = new Intent(Intent.ACTION_MAIN); 345 smsIntent.addCategory(Intent.CATEGORY_APP_MESSAGING); 346 PackageParser.Package smsPackage = getDefaultSystemHandlerActivityPackageLPr( 347 smsIntent, userId); 348 if (smsPackage != null) { 349 grantDefaultPermissionsToDefaultSystemSmsAppLPr(smsPackage, userId); 350 } 351 } else { 352 for (String smsPackageName : smsAppPackageNames) { 353 PackageParser.Package smsPackage = getSystemPackageLPr(smsPackageName); 354 if (smsPackage != null) { 355 grantDefaultPermissionsToDefaultSystemSmsAppLPr(smsPackage, userId); 356 } 357 } 358 } 359 360 // Cell Broadcast Receiver 361 Intent cbrIntent = new Intent(Intents.SMS_CB_RECEIVED_ACTION); 362 PackageParser.Package cbrPackage = 363 getDefaultSystemHandlerActivityPackageLPr(cbrIntent, userId); 364 if (cbrPackage != null && doesPackageSupportRuntimePermissions(cbrPackage)) { 365 grantRuntimePermissionsLPw(cbrPackage, SMS_PERMISSIONS, userId); 366 } 367 368 // Carrier Provisioning Service 369 Intent carrierProvIntent = new Intent(Intents.SMS_CARRIER_PROVISION_ACTION); 370 PackageParser.Package carrierProvPackage = 371 getDefaultSystemHandlerServicePackageLPr(carrierProvIntent, userId); 372 if (carrierProvPackage != null && doesPackageSupportRuntimePermissions(carrierProvPackage)) { 373 grantRuntimePermissionsLPw(carrierProvPackage, SMS_PERMISSIONS, false, userId); 374 } 375 376 // Calendar 377 Intent calendarIntent = new Intent(Intent.ACTION_MAIN); 378 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR); 379 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackageLPr( 380 calendarIntent, userId); 381 if (calendarPackage != null 382 && doesPackageSupportRuntimePermissions(calendarPackage)) { 383 grantRuntimePermissionsLPw(calendarPackage, CALENDAR_PERMISSIONS, userId); 384 grantRuntimePermissionsLPw(calendarPackage, CONTACTS_PERMISSIONS, userId); 385 } 386 387 // Calendar provider 388 PackageParser.Package calendarProviderPackage = getDefaultProviderAuthorityPackageLPr( 389 CalendarContract.AUTHORITY, userId); 390 if (calendarProviderPackage != null) { 391 grantRuntimePermissionsLPw(calendarProviderPackage, CONTACTS_PERMISSIONS, userId); 392 grantRuntimePermissionsLPw(calendarProviderPackage, CALENDAR_PERMISSIONS, 393 true, userId); 394 grantRuntimePermissionsLPw(calendarProviderPackage, STORAGE_PERMISSIONS, userId); 395 } 396 397 // Calendar provider sync adapters 398 List<PackageParser.Package> calendarSyncAdapters = getHeadlessSyncAdapterPackagesLPr( 399 calendarSyncAdapterPackages, userId); 400 final int calendarSyncAdapterCount = calendarSyncAdapters.size(); 401 for (int i = 0; i < calendarSyncAdapterCount; i++) { 402 PackageParser.Package calendarSyncAdapter = calendarSyncAdapters.get(i); 403 if (doesPackageSupportRuntimePermissions(calendarSyncAdapter)) { 404 grantRuntimePermissionsLPw(calendarSyncAdapter, CALENDAR_PERMISSIONS, userId); 405 } 406 } 407 408 // Contacts 409 Intent contactsIntent = new Intent(Intent.ACTION_MAIN); 410 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS); 411 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackageLPr( 412 contactsIntent, userId); 413 if (contactsPackage != null 414 && doesPackageSupportRuntimePermissions(contactsPackage)) { 415 grantRuntimePermissionsLPw(contactsPackage, CONTACTS_PERMISSIONS, userId); 416 grantRuntimePermissionsLPw(contactsPackage, PHONE_PERMISSIONS, userId); 417 } 418 419 // Contacts provider sync adapters 420 List<PackageParser.Package> contactsSyncAdapters = getHeadlessSyncAdapterPackagesLPr( 421 contactsSyncAdapterPackages, userId); 422 final int contactsSyncAdapterCount = contactsSyncAdapters.size(); 423 for (int i = 0; i < contactsSyncAdapterCount; i++) { 424 PackageParser.Package contactsSyncAdapter = contactsSyncAdapters.get(i); 425 if (doesPackageSupportRuntimePermissions(contactsSyncAdapter)) { 426 grantRuntimePermissionsLPw(contactsSyncAdapter, CONTACTS_PERMISSIONS, userId); 427 } 428 } 429 430 // Contacts provider 431 PackageParser.Package contactsProviderPackage = getDefaultProviderAuthorityPackageLPr( 432 ContactsContract.AUTHORITY, userId); 433 if (contactsProviderPackage != null) { 434 grantRuntimePermissionsLPw(contactsProviderPackage, CONTACTS_PERMISSIONS, 435 true, userId); 436 grantRuntimePermissionsLPw(contactsProviderPackage, PHONE_PERMISSIONS, 437 true, userId); 438 grantRuntimePermissionsLPw(contactsProviderPackage, STORAGE_PERMISSIONS, userId); 439 } 440 441 // Device provisioning 442 Intent deviceProvisionIntent = new Intent( 443 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE); 444 PackageParser.Package deviceProvisionPackage = 445 getDefaultSystemHandlerActivityPackageLPr(deviceProvisionIntent, userId); 446 if (deviceProvisionPackage != null 447 && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) { 448 grantRuntimePermissionsLPw(deviceProvisionPackage, CONTACTS_PERMISSIONS, userId); 449 } 450 451 // Maps 452 Intent mapsIntent = new Intent(Intent.ACTION_MAIN); 453 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS); 454 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackageLPr( 455 mapsIntent, userId); 456 if (mapsPackage != null 457 && doesPackageSupportRuntimePermissions(mapsPackage)) { 458 grantRuntimePermissionsLPw(mapsPackage, LOCATION_PERMISSIONS, userId); 459 } 460 461 // Gallery 462 Intent galleryIntent = new Intent(Intent.ACTION_MAIN); 463 galleryIntent.addCategory(Intent.CATEGORY_APP_GALLERY); 464 PackageParser.Package galleryPackage = getDefaultSystemHandlerActivityPackageLPr( 465 galleryIntent, userId); 466 if (galleryPackage != null 467 && doesPackageSupportRuntimePermissions(galleryPackage)) { 468 grantRuntimePermissionsLPw(galleryPackage, STORAGE_PERMISSIONS, userId); 469 } 470 471 // Email 472 Intent emailIntent = new Intent(Intent.ACTION_MAIN); 473 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL); 474 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackageLPr( 475 emailIntent, userId); 476 if (emailPackage != null 477 && doesPackageSupportRuntimePermissions(emailPackage)) { 478 grantRuntimePermissionsLPw(emailPackage, CONTACTS_PERMISSIONS, userId); 479 } 480 481 // Browser 482 PackageParser.Package browserPackage = null; 483 String defaultBrowserPackage = mService.getDefaultBrowserPackageName(userId); 484 if (defaultBrowserPackage != null) { 485 browserPackage = getPackageLPr(defaultBrowserPackage); 486 } 487 if (browserPackage == null) { 488 Intent browserIntent = new Intent(Intent.ACTION_MAIN); 489 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER); 490 browserPackage = getDefaultSystemHandlerActivityPackageLPr( 491 browserIntent, userId); 492 } 493 if (browserPackage != null 494 && doesPackageSupportRuntimePermissions(browserPackage)) { 495 grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, userId); 496 } 497 498 // IME 499 if (imePackageNames != null) { 500 for (String imePackageName : imePackageNames) { 501 PackageParser.Package imePackage = getSystemPackageLPr(imePackageName); 502 if (imePackage != null 503 && doesPackageSupportRuntimePermissions(imePackage)) { 504 grantRuntimePermissionsLPw(imePackage, CONTACTS_PERMISSIONS, userId); 505 } 506 } 507 } 508 509 // Voice interaction 510 if (voiceInteractPackageNames != null) { 511 for (String voiceInteractPackageName : voiceInteractPackageNames) { 512 PackageParser.Package voiceInteractPackage = getSystemPackageLPr( 513 voiceInteractPackageName); 514 if (voiceInteractPackage != null 515 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) { 516 grantRuntimePermissionsLPw(voiceInteractPackage, 517 CONTACTS_PERMISSIONS, userId); 518 grantRuntimePermissionsLPw(voiceInteractPackage, 519 CALENDAR_PERMISSIONS, userId); 520 grantRuntimePermissionsLPw(voiceInteractPackage, 521 MICROPHONE_PERMISSIONS, userId); 522 grantRuntimePermissionsLPw(voiceInteractPackage, 523 PHONE_PERMISSIONS, userId); 524 grantRuntimePermissionsLPw(voiceInteractPackage, 525 SMS_PERMISSIONS, userId); 526 grantRuntimePermissionsLPw(voiceInteractPackage, 527 LOCATION_PERMISSIONS, userId); 528 } 529 } 530 } 531 532 // Voice recognition 533 Intent voiceRecoIntent = new Intent("android.speech.RecognitionService"); 534 voiceRecoIntent.addCategory(Intent.CATEGORY_DEFAULT); 535 PackageParser.Package voiceRecoPackage = getDefaultSystemHandlerServicePackageLPr( 536 voiceRecoIntent, userId); 537 if (voiceRecoPackage != null 538 && doesPackageSupportRuntimePermissions(voiceRecoPackage)) { 539 grantRuntimePermissionsLPw(voiceRecoPackage, MICROPHONE_PERMISSIONS, userId); 540 } 541 542 // Location 543 if (locationPackageNames != null) { 544 for (String packageName : locationPackageNames) { 545 PackageParser.Package locationPackage = getSystemPackageLPr(packageName); 546 if (locationPackage != null 547 && doesPackageSupportRuntimePermissions(locationPackage)) { 548 grantRuntimePermissionsLPw(locationPackage, CONTACTS_PERMISSIONS, userId); 549 grantRuntimePermissionsLPw(locationPackage, CALENDAR_PERMISSIONS, userId); 550 grantRuntimePermissionsLPw(locationPackage, MICROPHONE_PERMISSIONS, userId); 551 grantRuntimePermissionsLPw(locationPackage, PHONE_PERMISSIONS, userId); 552 grantRuntimePermissionsLPw(locationPackage, SMS_PERMISSIONS, userId); 553 grantRuntimePermissionsLPw(locationPackage, LOCATION_PERMISSIONS, 554 true, userId); 555 grantRuntimePermissionsLPw(locationPackage, CAMERA_PERMISSIONS, userId); 556 grantRuntimePermissionsLPw(locationPackage, SENSORS_PERMISSIONS, userId); 557 grantRuntimePermissionsLPw(locationPackage, STORAGE_PERMISSIONS, userId); 558 } 559 } 560 } 561 562 // Music 563 Intent musicIntent = new Intent(Intent.ACTION_VIEW); 564 musicIntent.addCategory(Intent.CATEGORY_DEFAULT); 565 musicIntent.setDataAndType(Uri.fromFile(new File("foo.mp3")), 566 AUDIO_MIME_TYPE); 567 PackageParser.Package musicPackage = getDefaultSystemHandlerActivityPackageLPr( 568 musicIntent, userId); 569 if (musicPackage != null 570 && doesPackageSupportRuntimePermissions(musicPackage)) { 571 grantRuntimePermissionsLPw(musicPackage, STORAGE_PERMISSIONS, userId); 572 } 573 574 mService.mSettings.onDefaultRuntimePermissionsGrantedLPr(userId); 575 } 576 } 577 grantDefaultPermissionsToDefaultSystemDialerAppLPr( PackageParser.Package dialerPackage, int userId)578 private void grantDefaultPermissionsToDefaultSystemDialerAppLPr( 579 PackageParser.Package dialerPackage, int userId) { 580 if (doesPackageSupportRuntimePermissions(dialerPackage)) { 581 grantRuntimePermissionsLPw(dialerPackage, PHONE_PERMISSIONS, userId); 582 grantRuntimePermissionsLPw(dialerPackage, CONTACTS_PERMISSIONS, userId); 583 grantRuntimePermissionsLPw(dialerPackage, SMS_PERMISSIONS, userId); 584 grantRuntimePermissionsLPw(dialerPackage, MICROPHONE_PERMISSIONS, userId); 585 } 586 } 587 588 grantDefaultPermissionsToDefaultSystemSmsAppLPr( PackageParser.Package smsPackage, int userId)589 private void grantDefaultPermissionsToDefaultSystemSmsAppLPr( 590 PackageParser.Package smsPackage, int userId) { 591 if (doesPackageSupportRuntimePermissions(smsPackage)) { 592 grantRuntimePermissionsLPw(smsPackage, PHONE_PERMISSIONS, userId); 593 grantRuntimePermissionsLPw(smsPackage, CONTACTS_PERMISSIONS, userId); 594 grantRuntimePermissionsLPw(smsPackage, SMS_PERMISSIONS, userId); 595 } 596 } 597 598 grantDefaultPermissionsToDefaultSmsAppLPr(String packageName, int userId)599 public void grantDefaultPermissionsToDefaultSmsAppLPr(String packageName, int userId) { 600 Log.i(TAG, "Granting permissions to default sms app for user:" + userId); 601 if (packageName == null) { 602 return; 603 } 604 PackageParser.Package smsPackage = getPackageLPr(packageName); 605 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) { 606 grantRuntimePermissionsLPw(smsPackage, PHONE_PERMISSIONS, false, true, userId); 607 grantRuntimePermissionsLPw(smsPackage, CONTACTS_PERMISSIONS, false, true, userId); 608 grantRuntimePermissionsLPw(smsPackage, SMS_PERMISSIONS, false, true, userId); 609 } 610 } 611 grantDefaultPermissionsToDefaultDialerAppLPr(String packageName, int userId)612 public void grantDefaultPermissionsToDefaultDialerAppLPr(String packageName, int userId) { 613 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId); 614 if (packageName == null) { 615 return; 616 } 617 PackageParser.Package dialerPackage = getPackageLPr(packageName); 618 if (dialerPackage != null 619 && doesPackageSupportRuntimePermissions(dialerPackage)) { 620 grantRuntimePermissionsLPw(dialerPackage, PHONE_PERMISSIONS, false, true, userId); 621 grantRuntimePermissionsLPw(dialerPackage, CONTACTS_PERMISSIONS, false, true, userId); 622 grantRuntimePermissionsLPw(dialerPackage, SMS_PERMISSIONS, false, true, userId); 623 grantRuntimePermissionsLPw(dialerPackage, MICROPHONE_PERMISSIONS, false, true, userId); 624 } 625 } 626 grantDefaultPermissionsToDefaultSimCallManagerLPr( PackageParser.Package simCallManagerPackage, int userId)627 private void grantDefaultPermissionsToDefaultSimCallManagerLPr( 628 PackageParser.Package simCallManagerPackage, int userId) { 629 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId); 630 if (doesPackageSupportRuntimePermissions(simCallManagerPackage)) { 631 grantRuntimePermissionsLPw(simCallManagerPackage, PHONE_PERMISSIONS, userId); 632 grantRuntimePermissionsLPw(simCallManagerPackage, MICROPHONE_PERMISSIONS, userId); 633 } 634 } 635 grantDefaultPermissionsToDefaultSimCallManagerLPr(String packageName, int userId)636 public void grantDefaultPermissionsToDefaultSimCallManagerLPr(String packageName, int userId) { 637 if (packageName == null) { 638 return; 639 } 640 PackageParser.Package simCallManagerPackage = getPackageLPr(packageName); 641 if (simCallManagerPackage != null) { 642 grantDefaultPermissionsToDefaultSimCallManagerLPr(simCallManagerPackage, userId); 643 } 644 } 645 grantDefaultPermissionsToEnabledCarrierAppsLPr(String[] packageNames, int userId)646 public void grantDefaultPermissionsToEnabledCarrierAppsLPr(String[] packageNames, int userId) { 647 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId); 648 if (packageNames == null) { 649 return; 650 } 651 for (String packageName : packageNames) { 652 PackageParser.Package carrierPackage = getSystemPackageLPr(packageName); 653 if (carrierPackage != null 654 && doesPackageSupportRuntimePermissions(carrierPackage)) { 655 grantRuntimePermissionsLPw(carrierPackage, PHONE_PERMISSIONS, userId); 656 grantRuntimePermissionsLPw(carrierPackage, LOCATION_PERMISSIONS, userId); 657 grantRuntimePermissionsLPw(carrierPackage, SMS_PERMISSIONS, userId); 658 } 659 } 660 } 661 grantDefaultPermissionsToDefaultBrowserLPr(String packageName, int userId)662 public void grantDefaultPermissionsToDefaultBrowserLPr(String packageName, int userId) { 663 Log.i(TAG, "Granting permissions to default browser for user:" + userId); 664 if (packageName == null) { 665 return; 666 } 667 PackageParser.Package browserPackage = getSystemPackageLPr(packageName); 668 if (browserPackage != null 669 && doesPackageSupportRuntimePermissions(browserPackage)) { 670 grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, false, false, userId); 671 } 672 } 673 getDefaultSystemHandlerActivityPackageLPr( Intent intent, int userId)674 private PackageParser.Package getDefaultSystemHandlerActivityPackageLPr( 675 Intent intent, int userId) { 676 List<ResolveInfo> handlers = mService.mActivities.queryIntent(intent, 677 intent.resolveType(mService.mContext.getContentResolver()), 678 PackageManager.GET_DISABLED_COMPONENTS, userId); 679 if (handlers == null) { 680 return null; 681 } 682 final int handlerCount = handlers.size(); 683 for (int i = 0; i < handlerCount; i++) { 684 ResolveInfo handler = handlers.get(i); 685 PackageParser.Package handlerPackage = getSystemPackageLPr( 686 handler.activityInfo.packageName); 687 if (handlerPackage != null) { 688 return handlerPackage; 689 } 690 } 691 return null; 692 } 693 getDefaultSystemHandlerServicePackageLPr( Intent intent, int userId)694 private PackageParser.Package getDefaultSystemHandlerServicePackageLPr( 695 Intent intent, int userId) { 696 List<ResolveInfo> handlers = mService.queryIntentServices(intent, 697 intent.resolveType(mService.mContext.getContentResolver()), 698 PackageManager.GET_DISABLED_COMPONENTS, userId); 699 if (handlers == null) { 700 return null; 701 } 702 final int handlerCount = handlers.size(); 703 for (int i = 0; i < handlerCount; i++) { 704 ResolveInfo handler = handlers.get(i); 705 PackageParser.Package handlerPackage = getSystemPackageLPr( 706 handler.serviceInfo.packageName); 707 if (handlerPackage != null) { 708 return handlerPackage; 709 } 710 } 711 return null; 712 } 713 getHeadlessSyncAdapterPackagesLPr( String[] syncAdapterPackageNames, int userId)714 private List<PackageParser.Package> getHeadlessSyncAdapterPackagesLPr( 715 String[] syncAdapterPackageNames, int userId) { 716 List<PackageParser.Package> syncAdapterPackages = new ArrayList<>(); 717 718 Intent homeIntent = new Intent(Intent.ACTION_MAIN); 719 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER); 720 721 for (String syncAdapterPackageName : syncAdapterPackageNames) { 722 homeIntent.setPackage(syncAdapterPackageName); 723 724 List<ResolveInfo> homeActivities = mService.mActivities.queryIntent(homeIntent, 725 homeIntent.resolveType(mService.mContext.getContentResolver()), 726 PackageManager.GET_DISABLED_COMPONENTS, userId); 727 if (!homeActivities.isEmpty()) { 728 continue; 729 } 730 731 PackageParser.Package syncAdapterPackage = getSystemPackageLPr(syncAdapterPackageName); 732 if (syncAdapterPackage != null) { 733 syncAdapterPackages.add(syncAdapterPackage); 734 } 735 } 736 737 return syncAdapterPackages; 738 } 739 getDefaultProviderAuthorityPackageLPr( String authority, int userId)740 private PackageParser.Package getDefaultProviderAuthorityPackageLPr( 741 String authority, int userId) { 742 ProviderInfo provider = mService.resolveContentProvider(authority, 0, userId); 743 if (provider != null) { 744 return getSystemPackageLPr(provider.packageName); 745 } 746 return null; 747 } 748 getPackageLPr(String packageName)749 private PackageParser.Package getPackageLPr(String packageName) { 750 return mService.mPackages.get(packageName); 751 } 752 getSystemPackageLPr(String packageName)753 private PackageParser.Package getSystemPackageLPr(String packageName) { 754 PackageParser.Package pkg = getPackageLPr(packageName); 755 if (pkg != null && pkg.isSystemApp()) { 756 return !isSysComponentOrPersistentPlatformSignedPrivAppLPr(pkg) ? pkg : null; 757 } 758 return null; 759 } 760 grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, int userId)761 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 762 int userId) { 763 grantRuntimePermissionsLPw(pkg, permissions, false, false, userId); 764 } 765 grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, boolean systemFixed, int userId)766 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 767 boolean systemFixed, int userId) { 768 grantRuntimePermissionsLPw(pkg, permissions, systemFixed, false, userId); 769 } 770 grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, boolean systemFixed, boolean overrideUserChoice, int userId)771 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 772 boolean systemFixed, boolean overrideUserChoice, int userId) { 773 if (pkg.requestedPermissions.isEmpty()) { 774 return; 775 } 776 777 List<String> requestedPermissions = pkg.requestedPermissions; 778 Set<String> grantablePermissions = null; 779 780 if (pkg.isUpdatedSystemApp()) { 781 PackageSetting sysPs = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName); 782 if (sysPs != null) { 783 if (sysPs.pkg.requestedPermissions.isEmpty()) { 784 return; 785 } 786 if (!requestedPermissions.equals(sysPs.pkg.requestedPermissions)) { 787 grantablePermissions = new ArraySet<>(requestedPermissions); 788 requestedPermissions = sysPs.pkg.requestedPermissions; 789 } 790 } 791 } 792 793 final int grantablePermissionCount = requestedPermissions.size(); 794 for (int i = 0; i < grantablePermissionCount; i++) { 795 String permission = requestedPermissions.get(i); 796 797 // If there is a disabled system app it may request a permission the updated 798 // version ot the data partition doesn't, In this case skip the permission. 799 if (grantablePermissions != null && !grantablePermissions.contains(permission)) { 800 continue; 801 } 802 803 if (permissions.contains(permission)) { 804 final int flags = mService.getPermissionFlags(permission, pkg.packageName, userId); 805 806 // If any flags are set to the permission, then it is either set in 807 // its current state by the system or device/profile owner or the user. 808 // In all these cases we do not want to clobber the current state. 809 // Unless the caller wants to override user choices. The override is 810 // to make sure we can grant the needed permission to the default 811 // sms and phone apps after the user chooses this in the UI. 812 if (flags == 0 || overrideUserChoice) { 813 // Never clobber policy or system. 814 final int fixedFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED 815 | PackageManager.FLAG_PERMISSION_POLICY_FIXED; 816 if ((flags & fixedFlags) != 0) { 817 continue; 818 } 819 820 mService.grantRuntimePermission(pkg.packageName, permission, userId); 821 if (DEBUG) { 822 Log.i(TAG, "Granted " + permission + " to default handler " 823 + pkg.packageName); 824 } 825 826 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT; 827 if (systemFixed) { 828 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; 829 } 830 831 mService.updatePermissionFlags(permission, pkg.packageName, 832 newFlags, newFlags, userId); 833 } 834 } 835 } 836 } 837 isSysComponentOrPersistentPlatformSignedPrivAppLPr(PackageParser.Package pkg)838 private boolean isSysComponentOrPersistentPlatformSignedPrivAppLPr(PackageParser.Package pkg) { 839 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) { 840 return true; 841 } 842 if (!pkg.isPrivilegedApp()) { 843 return false; 844 } 845 PackageSetting sysPkg = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName); 846 if (sysPkg != null) { 847 if ((sysPkg.pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 848 return false; 849 } 850 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 851 return false; 852 } 853 return PackageManagerService.compareSignatures(mService.mPlatformPackage.mSignatures, 854 pkg.mSignatures) == PackageManager.SIGNATURE_MATCH; 855 } 856 doesPackageSupportRuntimePermissions(PackageParser.Package pkg)857 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) { 858 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1; 859 } 860 } 861