1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.server.pm; 18 19 import android.Manifest; 20 import android.annotation.NonNull; 21 import android.app.DownloadManager; 22 import android.app.admin.DevicePolicyManager; 23 import android.content.Intent; 24 import android.content.pm.ActivityInfo; 25 import android.content.pm.ApplicationInfo; 26 import android.content.pm.PackageManager; 27 import android.content.pm.PackageManagerInternal.PackagesProvider; 28 import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider; 29 import android.content.pm.PackageParser; 30 import android.content.pm.ProviderInfo; 31 import android.content.pm.ResolveInfo; 32 import android.net.Uri; 33 import android.os.Build; 34 import android.os.Environment; 35 import android.os.Handler; 36 import android.os.Message; 37 import android.os.UserHandle; 38 import android.os.storage.StorageManager; 39 import android.print.PrintManager; 40 import android.provider.CalendarContract; 41 import android.provider.ContactsContract; 42 import android.provider.MediaStore; 43 import android.provider.Telephony.Sms.Intents; 44 import android.telephony.TelephonyManager; 45 import android.security.Credentials; 46 import android.util.ArrayMap; 47 import android.util.ArraySet; 48 import android.util.Log; 49 import android.util.Slog; 50 import android.util.Xml; 51 import com.android.internal.util.XmlUtils; 52 import org.xmlpull.v1.XmlPullParser; 53 import org.xmlpull.v1.XmlPullParserException; 54 55 import java.io.BufferedInputStream; 56 import java.io.File; 57 import java.io.FileInputStream; 58 import java.io.IOException; 59 import java.io.InputStream; 60 import java.util.ArrayList; 61 import java.util.List; 62 import java.util.Map; 63 import java.util.Set; 64 65 import static android.os.Process.FIRST_APPLICATION_UID; 66 67 /** 68 * This class is the policy for granting runtime permissions to 69 * platform components and default handlers in the system such 70 * that the device is usable out-of-the-box. For example, the 71 * shell UID is a part of the system and the Phone app should 72 * have phone related permission by default. 73 */ 74 final class DefaultPermissionGrantPolicy { 75 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars 76 private static final boolean DEBUG = false; 77 78 private static final int DEFAULT_FLAGS = PackageManager.MATCH_DIRECT_BOOT_AWARE 79 | PackageManager.MATCH_DIRECT_BOOT_UNAWARE; 80 81 private static final String AUDIO_MIME_TYPE = "audio/mpeg"; 82 83 private static final String TAG_EXCEPTIONS = "exceptions"; 84 private static final String TAG_EXCEPTION = "exception"; 85 private static final String TAG_PERMISSION = "permission"; 86 private static final String ATTR_PACKAGE = "package"; 87 private static final String ATTR_NAME = "name"; 88 private static final String ATTR_FIXED = "fixed"; 89 90 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>(); 91 static { 92 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE); 93 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE); 94 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG); 95 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG); 96 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL); 97 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP); 98 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS); 99 } 100 101 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>(); 102 static { 103 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS); 104 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS); 105 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS); 106 } 107 108 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>(); 109 static { 110 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION); 111 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION); 112 } 113 114 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>(); 115 static { 116 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR); 117 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR); 118 } 119 120 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>(); 121 static { 122 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS); 123 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS); 124 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS); 125 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH); 126 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS); 127 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS); 128 } 129 130 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>(); 131 static { 132 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO); 133 } 134 135 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>(); 136 static { 137 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA); 138 } 139 140 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>(); 141 static { 142 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS); 143 } 144 145 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>(); 146 static { 147 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE); 148 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE); 149 } 150 151 private static final int MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS = 1; 152 153 private final PackageManagerService mService; 154 private final Handler mHandler; 155 156 private PackagesProvider mLocationPackagesProvider; 157 private PackagesProvider mVoiceInteractionPackagesProvider; 158 private PackagesProvider mSmsAppPackagesProvider; 159 private PackagesProvider mDialerAppPackagesProvider; 160 private PackagesProvider mSimCallManagerPackagesProvider; 161 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider; 162 163 private ArrayMap<String, List<DefaultPermissionGrant>> mGrantExceptions; 164 DefaultPermissionGrantPolicy(PackageManagerService service)165 public DefaultPermissionGrantPolicy(PackageManagerService service) { 166 mService = service; 167 mHandler = new Handler(mService.mHandlerThread.getLooper()) { 168 @Override 169 public void handleMessage(Message msg) { 170 if (msg.what == MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS) { 171 synchronized (mService.mPackages) { 172 if (mGrantExceptions == null) { 173 mGrantExceptions = readDefaultPermissionExceptionsLPw(); 174 } 175 } 176 } 177 } 178 }; 179 } 180 setLocationPackagesProviderLPw(PackagesProvider provider)181 public void setLocationPackagesProviderLPw(PackagesProvider provider) { 182 mLocationPackagesProvider = provider; 183 } 184 setVoiceInteractionPackagesProviderLPw(PackagesProvider provider)185 public void setVoiceInteractionPackagesProviderLPw(PackagesProvider provider) { 186 mVoiceInteractionPackagesProvider = provider; 187 } 188 setSmsAppPackagesProviderLPw(PackagesProvider provider)189 public void setSmsAppPackagesProviderLPw(PackagesProvider provider) { 190 mSmsAppPackagesProvider = provider; 191 } 192 setDialerAppPackagesProviderLPw(PackagesProvider provider)193 public void setDialerAppPackagesProviderLPw(PackagesProvider provider) { 194 mDialerAppPackagesProvider = provider; 195 } 196 setSimCallManagerPackagesProviderLPw(PackagesProvider provider)197 public void setSimCallManagerPackagesProviderLPw(PackagesProvider provider) { 198 mSimCallManagerPackagesProvider = provider; 199 } 200 setSyncAdapterPackagesProviderLPw(SyncAdapterPackagesProvider provider)201 public void setSyncAdapterPackagesProviderLPw(SyncAdapterPackagesProvider provider) { 202 mSyncAdapterPackagesProvider = provider; 203 } 204 grantDefaultPermissions(int userId)205 public void grantDefaultPermissions(int userId) { 206 grantPermissionsToSysComponentsAndPrivApps(userId); 207 grantDefaultSystemHandlerPermissions(userId); 208 grantDefaultPermissionExceptions(userId); 209 } 210 scheduleReadDefaultPermissionExceptions()211 public void scheduleReadDefaultPermissionExceptions() { 212 mHandler.sendEmptyMessage(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS); 213 } 214 grantPermissionsToSysComponentsAndPrivApps(int userId)215 private void grantPermissionsToSysComponentsAndPrivApps(int userId) { 216 Log.i(TAG, "Granting permissions to platform components for user " + userId); 217 218 synchronized (mService.mPackages) { 219 for (PackageParser.Package pkg : mService.mPackages.values()) { 220 if (!isSysComponentOrPersistentPlatformSignedPrivAppLPr(pkg) 221 || !doesPackageSupportRuntimePermissions(pkg) 222 || pkg.requestedPermissions.isEmpty()) { 223 continue; 224 } 225 Set<String> permissions = new ArraySet<>(); 226 final int permissionCount = pkg.requestedPermissions.size(); 227 for (int i = 0; i < permissionCount; i++) { 228 String permission = pkg.requestedPermissions.get(i); 229 BasePermission bp = mService.mSettings.mPermissions.get(permission); 230 if (bp != null && bp.isRuntime()) { 231 permissions.add(permission); 232 } 233 } 234 if (!permissions.isEmpty()) { 235 grantRuntimePermissionsLPw(pkg, permissions, true, userId); 236 } 237 } 238 } 239 } 240 grantDefaultSystemHandlerPermissions(int userId)241 private void grantDefaultSystemHandlerPermissions(int userId) { 242 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId); 243 244 final PackagesProvider locationPackagesProvider; 245 final PackagesProvider voiceInteractionPackagesProvider; 246 final PackagesProvider smsAppPackagesProvider; 247 final PackagesProvider dialerAppPackagesProvider; 248 final PackagesProvider simCallManagerPackagesProvider; 249 final SyncAdapterPackagesProvider syncAdapterPackagesProvider; 250 251 synchronized (mService.mPackages) { 252 locationPackagesProvider = mLocationPackagesProvider; 253 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider; 254 smsAppPackagesProvider = mSmsAppPackagesProvider; 255 dialerAppPackagesProvider = mDialerAppPackagesProvider; 256 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider; 257 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider; 258 } 259 260 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null) 261 ? voiceInteractionPackagesProvider.getPackages(userId) : null; 262 String[] locationPackageNames = (locationPackagesProvider != null) 263 ? locationPackagesProvider.getPackages(userId) : null; 264 String[] smsAppPackageNames = (smsAppPackagesProvider != null) 265 ? smsAppPackagesProvider.getPackages(userId) : null; 266 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null) 267 ? dialerAppPackagesProvider.getPackages(userId) : null; 268 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null) 269 ? simCallManagerPackagesProvider.getPackages(userId) : null; 270 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 271 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null; 272 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 273 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null; 274 275 synchronized (mService.mPackages) { 276 // Installer 277 PackageParser.Package installerPackage = getSystemPackageLPr( 278 mService.mRequiredInstallerPackage); 279 if (installerPackage != null 280 && doesPackageSupportRuntimePermissions(installerPackage)) { 281 grantRuntimePermissionsLPw(installerPackage, STORAGE_PERMISSIONS, true, userId); 282 } 283 284 // Verifier 285 PackageParser.Package verifierPackage = getSystemPackageLPr( 286 mService.mRequiredVerifierPackage); 287 if (verifierPackage != null 288 && doesPackageSupportRuntimePermissions(verifierPackage)) { 289 grantRuntimePermissionsLPw(verifierPackage, STORAGE_PERMISSIONS, true, userId); 290 grantRuntimePermissionsLPw(verifierPackage, PHONE_PERMISSIONS, false, userId); 291 grantRuntimePermissionsLPw(verifierPackage, SMS_PERMISSIONS, false, userId); 292 } 293 294 // SetupWizard 295 PackageParser.Package setupPackage = getSystemPackageLPr( 296 mService.mSetupWizardPackage); 297 if (setupPackage != null 298 && doesPackageSupportRuntimePermissions(setupPackage)) { 299 grantRuntimePermissionsLPw(setupPackage, PHONE_PERMISSIONS, userId); 300 grantRuntimePermissionsLPw(setupPackage, CONTACTS_PERMISSIONS, userId); 301 grantRuntimePermissionsLPw(setupPackage, LOCATION_PERMISSIONS, userId); 302 grantRuntimePermissionsLPw(setupPackage, CAMERA_PERMISSIONS, userId); 303 } 304 305 // Camera 306 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE); 307 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackageLPr( 308 cameraIntent, userId); 309 if (cameraPackage != null 310 && doesPackageSupportRuntimePermissions(cameraPackage)) { 311 grantRuntimePermissionsLPw(cameraPackage, CAMERA_PERMISSIONS, userId); 312 grantRuntimePermissionsLPw(cameraPackage, MICROPHONE_PERMISSIONS, userId); 313 grantRuntimePermissionsLPw(cameraPackage, STORAGE_PERMISSIONS, userId); 314 } 315 316 // Media provider 317 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackageLPr( 318 MediaStore.AUTHORITY, userId); 319 if (mediaStorePackage != null) { 320 grantRuntimePermissionsLPw(mediaStorePackage, STORAGE_PERMISSIONS, true, userId); 321 } 322 323 // Downloads provider 324 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackageLPr( 325 "downloads", userId); 326 if (downloadsPackage != null) { 327 grantRuntimePermissionsLPw(downloadsPackage, STORAGE_PERMISSIONS, true, userId); 328 } 329 330 // Downloads UI 331 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS); 332 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackageLPr( 333 downloadsUiIntent, userId); 334 if (downloadsUiPackage != null 335 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) { 336 grantRuntimePermissionsLPw(downloadsUiPackage, STORAGE_PERMISSIONS, true, userId); 337 } 338 339 // Storage provider 340 PackageParser.Package storagePackage = getDefaultProviderAuthorityPackageLPr( 341 "com.android.externalstorage.documents", userId); 342 if (storagePackage != null) { 343 grantRuntimePermissionsLPw(storagePackage, STORAGE_PERMISSIONS, true, userId); 344 } 345 346 // CertInstaller 347 Intent certInstallerIntent = new Intent(Credentials.INSTALL_ACTION); 348 PackageParser.Package certInstallerPackage = getDefaultSystemHandlerActivityPackageLPr( 349 certInstallerIntent, userId); 350 if (certInstallerPackage != null 351 && doesPackageSupportRuntimePermissions(certInstallerPackage)) { 352 grantRuntimePermissionsLPw(certInstallerPackage, STORAGE_PERMISSIONS, true, userId); 353 } 354 355 // Dialer 356 if (dialerAppPackageNames == null) { 357 Intent dialerIntent = new Intent(Intent.ACTION_DIAL); 358 PackageParser.Package dialerPackage = getDefaultSystemHandlerActivityPackageLPr( 359 dialerIntent, userId); 360 if (dialerPackage != null) { 361 grantDefaultPermissionsToDefaultSystemDialerAppLPr(dialerPackage, userId); 362 } 363 } else { 364 for (String dialerAppPackageName : dialerAppPackageNames) { 365 PackageParser.Package dialerPackage = getSystemPackageLPr(dialerAppPackageName); 366 if (dialerPackage != null) { 367 grantDefaultPermissionsToDefaultSystemDialerAppLPr(dialerPackage, userId); 368 } 369 } 370 } 371 372 // Sim call manager 373 if (simCallManagerPackageNames != null) { 374 for (String simCallManagerPackageName : simCallManagerPackageNames) { 375 PackageParser.Package simCallManagerPackage = 376 getSystemPackageLPr(simCallManagerPackageName); 377 if (simCallManagerPackage != null) { 378 grantDefaultPermissionsToDefaultSimCallManagerLPr(simCallManagerPackage, 379 userId); 380 } 381 } 382 } 383 384 // SMS 385 if (smsAppPackageNames == null) { 386 Intent smsIntent = new Intent(Intent.ACTION_MAIN); 387 smsIntent.addCategory(Intent.CATEGORY_APP_MESSAGING); 388 PackageParser.Package smsPackage = getDefaultSystemHandlerActivityPackageLPr( 389 smsIntent, userId); 390 if (smsPackage != null) { 391 grantDefaultPermissionsToDefaultSystemSmsAppLPr(smsPackage, userId); 392 } 393 } else { 394 for (String smsPackageName : smsAppPackageNames) { 395 PackageParser.Package smsPackage = getSystemPackageLPr(smsPackageName); 396 if (smsPackage != null) { 397 grantDefaultPermissionsToDefaultSystemSmsAppLPr(smsPackage, userId); 398 } 399 } 400 } 401 402 // Cell Broadcast Receiver 403 Intent cbrIntent = new Intent(Intents.SMS_CB_RECEIVED_ACTION); 404 PackageParser.Package cbrPackage = 405 getDefaultSystemHandlerActivityPackageLPr(cbrIntent, userId); 406 if (cbrPackage != null && doesPackageSupportRuntimePermissions(cbrPackage)) { 407 grantRuntimePermissionsLPw(cbrPackage, SMS_PERMISSIONS, userId); 408 } 409 410 // Carrier Provisioning Service 411 Intent carrierProvIntent = new Intent(Intents.SMS_CARRIER_PROVISION_ACTION); 412 PackageParser.Package carrierProvPackage = 413 getDefaultSystemHandlerServicePackageLPr(carrierProvIntent, userId); 414 if (carrierProvPackage != null && doesPackageSupportRuntimePermissions(carrierProvPackage)) { 415 grantRuntimePermissionsLPw(carrierProvPackage, SMS_PERMISSIONS, false, userId); 416 } 417 418 // Calendar 419 Intent calendarIntent = new Intent(Intent.ACTION_MAIN); 420 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR); 421 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackageLPr( 422 calendarIntent, userId); 423 if (calendarPackage != null 424 && doesPackageSupportRuntimePermissions(calendarPackage)) { 425 grantRuntimePermissionsLPw(calendarPackage, CALENDAR_PERMISSIONS, userId); 426 grantRuntimePermissionsLPw(calendarPackage, CONTACTS_PERMISSIONS, userId); 427 } 428 429 // Calendar provider 430 PackageParser.Package calendarProviderPackage = getDefaultProviderAuthorityPackageLPr( 431 CalendarContract.AUTHORITY, userId); 432 if (calendarProviderPackage != null) { 433 grantRuntimePermissionsLPw(calendarProviderPackage, CONTACTS_PERMISSIONS, userId); 434 grantRuntimePermissionsLPw(calendarProviderPackage, CALENDAR_PERMISSIONS, 435 true, userId); 436 grantRuntimePermissionsLPw(calendarProviderPackage, STORAGE_PERMISSIONS, userId); 437 } 438 439 // Calendar provider sync adapters 440 List<PackageParser.Package> calendarSyncAdapters = getHeadlessSyncAdapterPackagesLPr( 441 calendarSyncAdapterPackages, userId); 442 final int calendarSyncAdapterCount = calendarSyncAdapters.size(); 443 for (int i = 0; i < calendarSyncAdapterCount; i++) { 444 PackageParser.Package calendarSyncAdapter = calendarSyncAdapters.get(i); 445 if (doesPackageSupportRuntimePermissions(calendarSyncAdapter)) { 446 grantRuntimePermissionsLPw(calendarSyncAdapter, CALENDAR_PERMISSIONS, userId); 447 } 448 } 449 450 // Contacts 451 Intent contactsIntent = new Intent(Intent.ACTION_MAIN); 452 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS); 453 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackageLPr( 454 contactsIntent, userId); 455 if (contactsPackage != null 456 && doesPackageSupportRuntimePermissions(contactsPackage)) { 457 grantRuntimePermissionsLPw(contactsPackage, CONTACTS_PERMISSIONS, userId); 458 grantRuntimePermissionsLPw(contactsPackage, PHONE_PERMISSIONS, userId); 459 } 460 461 // Contacts provider sync adapters 462 List<PackageParser.Package> contactsSyncAdapters = getHeadlessSyncAdapterPackagesLPr( 463 contactsSyncAdapterPackages, userId); 464 final int contactsSyncAdapterCount = contactsSyncAdapters.size(); 465 for (int i = 0; i < contactsSyncAdapterCount; i++) { 466 PackageParser.Package contactsSyncAdapter = contactsSyncAdapters.get(i); 467 if (doesPackageSupportRuntimePermissions(contactsSyncAdapter)) { 468 grantRuntimePermissionsLPw(contactsSyncAdapter, CONTACTS_PERMISSIONS, userId); 469 } 470 } 471 472 // Contacts provider 473 PackageParser.Package contactsProviderPackage = getDefaultProviderAuthorityPackageLPr( 474 ContactsContract.AUTHORITY, userId); 475 if (contactsProviderPackage != null) { 476 grantRuntimePermissionsLPw(contactsProviderPackage, CONTACTS_PERMISSIONS, 477 true, userId); 478 grantRuntimePermissionsLPw(contactsProviderPackage, PHONE_PERMISSIONS, 479 true, userId); 480 grantRuntimePermissionsLPw(contactsProviderPackage, STORAGE_PERMISSIONS, userId); 481 } 482 483 // Device provisioning 484 Intent deviceProvisionIntent = new Intent( 485 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE); 486 PackageParser.Package deviceProvisionPackage = 487 getDefaultSystemHandlerActivityPackageLPr(deviceProvisionIntent, userId); 488 if (deviceProvisionPackage != null 489 && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) { 490 grantRuntimePermissionsLPw(deviceProvisionPackage, CONTACTS_PERMISSIONS, userId); 491 } 492 493 // Maps 494 Intent mapsIntent = new Intent(Intent.ACTION_MAIN); 495 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS); 496 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackageLPr( 497 mapsIntent, userId); 498 if (mapsPackage != null 499 && doesPackageSupportRuntimePermissions(mapsPackage)) { 500 grantRuntimePermissionsLPw(mapsPackage, LOCATION_PERMISSIONS, userId); 501 } 502 503 // Gallery 504 Intent galleryIntent = new Intent(Intent.ACTION_MAIN); 505 galleryIntent.addCategory(Intent.CATEGORY_APP_GALLERY); 506 PackageParser.Package galleryPackage = getDefaultSystemHandlerActivityPackageLPr( 507 galleryIntent, userId); 508 if (galleryPackage != null 509 && doesPackageSupportRuntimePermissions(galleryPackage)) { 510 grantRuntimePermissionsLPw(galleryPackage, STORAGE_PERMISSIONS, userId); 511 } 512 513 // Email 514 Intent emailIntent = new Intent(Intent.ACTION_MAIN); 515 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL); 516 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackageLPr( 517 emailIntent, userId); 518 if (emailPackage != null 519 && doesPackageSupportRuntimePermissions(emailPackage)) { 520 grantRuntimePermissionsLPw(emailPackage, CONTACTS_PERMISSIONS, userId); 521 grantRuntimePermissionsLPw(emailPackage, CALENDAR_PERMISSIONS, userId); 522 } 523 524 // Browser 525 PackageParser.Package browserPackage = null; 526 String defaultBrowserPackage = mService.getDefaultBrowserPackageName(userId); 527 if (defaultBrowserPackage != null) { 528 browserPackage = getPackageLPr(defaultBrowserPackage); 529 } 530 if (browserPackage == null) { 531 Intent browserIntent = new Intent(Intent.ACTION_MAIN); 532 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER); 533 browserPackage = getDefaultSystemHandlerActivityPackageLPr( 534 browserIntent, userId); 535 } 536 if (browserPackage != null 537 && doesPackageSupportRuntimePermissions(browserPackage)) { 538 grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, userId); 539 } 540 541 // Voice interaction 542 if (voiceInteractPackageNames != null) { 543 for (String voiceInteractPackageName : voiceInteractPackageNames) { 544 PackageParser.Package voiceInteractPackage = getSystemPackageLPr( 545 voiceInteractPackageName); 546 if (voiceInteractPackage != null 547 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) { 548 grantRuntimePermissionsLPw(voiceInteractPackage, 549 CONTACTS_PERMISSIONS, userId); 550 grantRuntimePermissionsLPw(voiceInteractPackage, 551 CALENDAR_PERMISSIONS, userId); 552 grantRuntimePermissionsLPw(voiceInteractPackage, 553 MICROPHONE_PERMISSIONS, userId); 554 grantRuntimePermissionsLPw(voiceInteractPackage, 555 PHONE_PERMISSIONS, userId); 556 grantRuntimePermissionsLPw(voiceInteractPackage, 557 SMS_PERMISSIONS, userId); 558 grantRuntimePermissionsLPw(voiceInteractPackage, 559 LOCATION_PERMISSIONS, userId); 560 } 561 } 562 } 563 564 // Voice recognition 565 Intent voiceRecoIntent = new Intent("android.speech.RecognitionService"); 566 voiceRecoIntent.addCategory(Intent.CATEGORY_DEFAULT); 567 PackageParser.Package voiceRecoPackage = getDefaultSystemHandlerServicePackageLPr( 568 voiceRecoIntent, userId); 569 if (voiceRecoPackage != null 570 && doesPackageSupportRuntimePermissions(voiceRecoPackage)) { 571 grantRuntimePermissionsLPw(voiceRecoPackage, MICROPHONE_PERMISSIONS, userId); 572 } 573 574 // Location 575 if (locationPackageNames != null) { 576 for (String packageName : locationPackageNames) { 577 PackageParser.Package locationPackage = getSystemPackageLPr(packageName); 578 if (locationPackage != null 579 && doesPackageSupportRuntimePermissions(locationPackage)) { 580 grantRuntimePermissionsLPw(locationPackage, CONTACTS_PERMISSIONS, userId); 581 grantRuntimePermissionsLPw(locationPackage, CALENDAR_PERMISSIONS, userId); 582 grantRuntimePermissionsLPw(locationPackage, MICROPHONE_PERMISSIONS, userId); 583 grantRuntimePermissionsLPw(locationPackage, PHONE_PERMISSIONS, userId); 584 grantRuntimePermissionsLPw(locationPackage, SMS_PERMISSIONS, userId); 585 grantRuntimePermissionsLPw(locationPackage, LOCATION_PERMISSIONS, 586 true, userId); 587 grantRuntimePermissionsLPw(locationPackage, CAMERA_PERMISSIONS, userId); 588 grantRuntimePermissionsLPw(locationPackage, SENSORS_PERMISSIONS, userId); 589 grantRuntimePermissionsLPw(locationPackage, STORAGE_PERMISSIONS, userId); 590 } 591 } 592 } 593 594 // Music 595 Intent musicIntent = new Intent(Intent.ACTION_VIEW); 596 musicIntent.addCategory(Intent.CATEGORY_DEFAULT); 597 musicIntent.setDataAndType(Uri.fromFile(new File("foo.mp3")), 598 AUDIO_MIME_TYPE); 599 PackageParser.Package musicPackage = getDefaultSystemHandlerActivityPackageLPr( 600 musicIntent, userId); 601 if (musicPackage != null 602 && doesPackageSupportRuntimePermissions(musicPackage)) { 603 grantRuntimePermissionsLPw(musicPackage, STORAGE_PERMISSIONS, userId); 604 } 605 606 // Android Wear Home 607 if (mService.hasSystemFeature(PackageManager.FEATURE_WATCH, 0)) { 608 Intent homeIntent = new Intent(Intent.ACTION_MAIN); 609 homeIntent.addCategory(Intent.CATEGORY_HOME_MAIN); 610 611 PackageParser.Package wearHomePackage = getDefaultSystemHandlerActivityPackageLPr( 612 homeIntent, userId); 613 614 if (wearHomePackage != null 615 && doesPackageSupportRuntimePermissions(wearHomePackage)) { 616 grantRuntimePermissionsLPw(wearHomePackage, CONTACTS_PERMISSIONS, false, 617 userId); 618 grantRuntimePermissionsLPw(wearHomePackage, PHONE_PERMISSIONS, true, userId); 619 grantRuntimePermissionsLPw(wearHomePackage, MICROPHONE_PERMISSIONS, false, 620 userId); 621 grantRuntimePermissionsLPw(wearHomePackage, LOCATION_PERMISSIONS, false, 622 userId); 623 } 624 } 625 626 // Print Spooler 627 PackageParser.Package printSpoolerPackage = getSystemPackageLPr( 628 PrintManager.PRINT_SPOOLER_PACKAGE_NAME); 629 if (printSpoolerPackage != null 630 && doesPackageSupportRuntimePermissions(printSpoolerPackage)) { 631 grantRuntimePermissionsLPw(printSpoolerPackage, LOCATION_PERMISSIONS, true, userId); 632 } 633 634 // EmergencyInfo 635 Intent emergencyInfoIntent = new Intent(TelephonyManager.ACTION_EMERGENCY_ASSISTANCE); 636 PackageParser.Package emergencyInfoPckg = getDefaultSystemHandlerActivityPackageLPr( 637 emergencyInfoIntent, userId); 638 if (emergencyInfoPckg != null 639 && doesPackageSupportRuntimePermissions(emergencyInfoPckg)) { 640 grantRuntimePermissionsLPw(emergencyInfoPckg, CONTACTS_PERMISSIONS, true, userId); 641 grantRuntimePermissionsLPw(emergencyInfoPckg, PHONE_PERMISSIONS, true, userId); 642 } 643 644 // NFC Tag viewer 645 Intent nfcTagIntent = new Intent(Intent.ACTION_VIEW); 646 nfcTagIntent.setType("vnd.android.cursor.item/ndef_msg"); 647 PackageParser.Package nfcTagPkg = getDefaultSystemHandlerActivityPackageLPr( 648 nfcTagIntent, userId); 649 if (nfcTagPkg != null 650 && doesPackageSupportRuntimePermissions(nfcTagPkg)) { 651 grantRuntimePermissionsLPw(nfcTagPkg, CONTACTS_PERMISSIONS, false, userId); 652 grantRuntimePermissionsLPw(nfcTagPkg, PHONE_PERMISSIONS, false, userId); 653 } 654 655 // Storage Manager 656 Intent storageManagerIntent = new Intent(StorageManager.ACTION_MANAGE_STORAGE); 657 PackageParser.Package storageManagerPckg = getDefaultSystemHandlerActivityPackageLPr( 658 storageManagerIntent, userId); 659 if (storageManagerPckg != null 660 && doesPackageSupportRuntimePermissions(storageManagerPckg)) { 661 grantRuntimePermissionsLPw(storageManagerPckg, STORAGE_PERMISSIONS, true, userId); 662 } 663 mService.mSettings.onDefaultRuntimePermissionsGrantedLPr(userId); 664 } 665 } 666 grantDefaultPermissionsToDefaultSystemDialerAppLPr( PackageParser.Package dialerPackage, int userId)667 private void grantDefaultPermissionsToDefaultSystemDialerAppLPr( 668 PackageParser.Package dialerPackage, int userId) { 669 if (doesPackageSupportRuntimePermissions(dialerPackage)) { 670 boolean isPhonePermFixed = 671 mService.hasSystemFeature(PackageManager.FEATURE_WATCH, 0); 672 grantRuntimePermissionsLPw( 673 dialerPackage, PHONE_PERMISSIONS, isPhonePermFixed, userId); 674 grantRuntimePermissionsLPw(dialerPackage, CONTACTS_PERMISSIONS, userId); 675 grantRuntimePermissionsLPw(dialerPackage, SMS_PERMISSIONS, userId); 676 grantRuntimePermissionsLPw(dialerPackage, MICROPHONE_PERMISSIONS, userId); 677 grantRuntimePermissionsLPw(dialerPackage, CAMERA_PERMISSIONS, userId); 678 } 679 } 680 grantDefaultPermissionsToDefaultSystemSmsAppLPr( PackageParser.Package smsPackage, int userId)681 private void grantDefaultPermissionsToDefaultSystemSmsAppLPr( 682 PackageParser.Package smsPackage, int userId) { 683 if (doesPackageSupportRuntimePermissions(smsPackage)) { 684 grantRuntimePermissionsLPw(smsPackage, PHONE_PERMISSIONS, userId); 685 grantRuntimePermissionsLPw(smsPackage, CONTACTS_PERMISSIONS, userId); 686 grantRuntimePermissionsLPw(smsPackage, SMS_PERMISSIONS, userId); 687 } 688 } 689 grantDefaultPermissionsToDefaultSmsAppLPr(String packageName, int userId)690 public void grantDefaultPermissionsToDefaultSmsAppLPr(String packageName, int userId) { 691 Log.i(TAG, "Granting permissions to default sms app for user:" + userId); 692 if (packageName == null) { 693 return; 694 } 695 PackageParser.Package smsPackage = getPackageLPr(packageName); 696 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) { 697 grantRuntimePermissionsLPw(smsPackage, PHONE_PERMISSIONS, false, true, userId); 698 grantRuntimePermissionsLPw(smsPackage, CONTACTS_PERMISSIONS, false, true, userId); 699 grantRuntimePermissionsLPw(smsPackage, SMS_PERMISSIONS, false, true, userId); 700 } 701 } 702 grantDefaultPermissionsToDefaultDialerAppLPr(String packageName, int userId)703 public void grantDefaultPermissionsToDefaultDialerAppLPr(String packageName, int userId) { 704 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId); 705 if (packageName == null) { 706 return; 707 } 708 PackageParser.Package dialerPackage = getPackageLPr(packageName); 709 if (dialerPackage != null 710 && doesPackageSupportRuntimePermissions(dialerPackage)) { 711 grantRuntimePermissionsLPw(dialerPackage, PHONE_PERMISSIONS, false, true, userId); 712 grantRuntimePermissionsLPw(dialerPackage, CONTACTS_PERMISSIONS, false, true, userId); 713 grantRuntimePermissionsLPw(dialerPackage, SMS_PERMISSIONS, false, true, userId); 714 grantRuntimePermissionsLPw(dialerPackage, MICROPHONE_PERMISSIONS, false, true, userId); 715 grantRuntimePermissionsLPw(dialerPackage, CAMERA_PERMISSIONS, false, true, userId); 716 } 717 } 718 grantDefaultPermissionsToDefaultSimCallManagerLPr( PackageParser.Package simCallManagerPackage, int userId)719 private void grantDefaultPermissionsToDefaultSimCallManagerLPr( 720 PackageParser.Package simCallManagerPackage, int userId) { 721 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId); 722 if (doesPackageSupportRuntimePermissions(simCallManagerPackage)) { 723 grantRuntimePermissionsLPw(simCallManagerPackage, PHONE_PERMISSIONS, userId); 724 grantRuntimePermissionsLPw(simCallManagerPackage, MICROPHONE_PERMISSIONS, userId); 725 } 726 } 727 grantDefaultPermissionsToDefaultSimCallManagerLPr(String packageName, int userId)728 public void grantDefaultPermissionsToDefaultSimCallManagerLPr(String packageName, int userId) { 729 if (packageName == null) { 730 return; 731 } 732 PackageParser.Package simCallManagerPackage = getPackageLPr(packageName); 733 if (simCallManagerPackage != null) { 734 grantDefaultPermissionsToDefaultSimCallManagerLPr(simCallManagerPackage, userId); 735 } 736 } 737 grantDefaultPermissionsToEnabledCarrierAppsLPr(String[] packageNames, int userId)738 public void grantDefaultPermissionsToEnabledCarrierAppsLPr(String[] packageNames, int userId) { 739 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId); 740 if (packageNames == null) { 741 return; 742 } 743 for (String packageName : packageNames) { 744 PackageParser.Package carrierPackage = getSystemPackageLPr(packageName); 745 if (carrierPackage != null 746 && doesPackageSupportRuntimePermissions(carrierPackage)) { 747 grantRuntimePermissionsLPw(carrierPackage, PHONE_PERMISSIONS, userId); 748 grantRuntimePermissionsLPw(carrierPackage, LOCATION_PERMISSIONS, userId); 749 grantRuntimePermissionsLPw(carrierPackage, SMS_PERMISSIONS, userId); 750 } 751 } 752 } 753 grantDefaultPermissionsToDefaultBrowserLPr(String packageName, int userId)754 public void grantDefaultPermissionsToDefaultBrowserLPr(String packageName, int userId) { 755 Log.i(TAG, "Granting permissions to default browser for user:" + userId); 756 if (packageName == null) { 757 return; 758 } 759 PackageParser.Package browserPackage = getSystemPackageLPr(packageName); 760 if (browserPackage != null 761 && doesPackageSupportRuntimePermissions(browserPackage)) { 762 grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, false, false, userId); 763 } 764 } 765 getDefaultSystemHandlerActivityPackageLPr( Intent intent, int userId)766 private PackageParser.Package getDefaultSystemHandlerActivityPackageLPr( 767 Intent intent, int userId) { 768 ResolveInfo handler = mService.resolveIntent(intent, 769 intent.resolveType(mService.mContext.getContentResolver()), DEFAULT_FLAGS, userId); 770 if (handler == null || handler.activityInfo == null) { 771 return null; 772 } 773 ActivityInfo activityInfo = handler.activityInfo; 774 if (activityInfo.packageName.equals(mService.mResolveActivity.packageName) 775 && activityInfo.name.equals(mService.mResolveActivity.name)) { 776 return null; 777 } 778 return getSystemPackageLPr(handler.activityInfo.packageName); 779 } 780 getDefaultSystemHandlerServicePackageLPr( Intent intent, int userId)781 private PackageParser.Package getDefaultSystemHandlerServicePackageLPr( 782 Intent intent, int userId) { 783 List<ResolveInfo> handlers = mService.queryIntentServices(intent, 784 intent.resolveType(mService.mContext.getContentResolver()), DEFAULT_FLAGS, userId) 785 .getList(); 786 if (handlers == null) { 787 return null; 788 } 789 final int handlerCount = handlers.size(); 790 for (int i = 0; i < handlerCount; i++) { 791 ResolveInfo handler = handlers.get(i); 792 PackageParser.Package handlerPackage = getSystemPackageLPr( 793 handler.serviceInfo.packageName); 794 if (handlerPackage != null) { 795 return handlerPackage; 796 } 797 } 798 return null; 799 } 800 getHeadlessSyncAdapterPackagesLPr( String[] syncAdapterPackageNames, int userId)801 private List<PackageParser.Package> getHeadlessSyncAdapterPackagesLPr( 802 String[] syncAdapterPackageNames, int userId) { 803 List<PackageParser.Package> syncAdapterPackages = new ArrayList<>(); 804 805 Intent homeIntent = new Intent(Intent.ACTION_MAIN); 806 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER); 807 808 for (String syncAdapterPackageName : syncAdapterPackageNames) { 809 homeIntent.setPackage(syncAdapterPackageName); 810 811 ResolveInfo homeActivity = mService.resolveIntent(homeIntent, 812 homeIntent.resolveType(mService.mContext.getContentResolver()), DEFAULT_FLAGS, 813 userId); 814 if (homeActivity != null) { 815 continue; 816 } 817 818 PackageParser.Package syncAdapterPackage = getSystemPackageLPr(syncAdapterPackageName); 819 if (syncAdapterPackage != null) { 820 syncAdapterPackages.add(syncAdapterPackage); 821 } 822 } 823 824 return syncAdapterPackages; 825 } 826 getDefaultProviderAuthorityPackageLPr( String authority, int userId)827 private PackageParser.Package getDefaultProviderAuthorityPackageLPr( 828 String authority, int userId) { 829 ProviderInfo provider = mService.resolveContentProvider(authority, DEFAULT_FLAGS, userId); 830 if (provider != null) { 831 return getSystemPackageLPr(provider.packageName); 832 } 833 return null; 834 } 835 getPackageLPr(String packageName)836 private PackageParser.Package getPackageLPr(String packageName) { 837 return mService.mPackages.get(packageName); 838 } 839 getSystemPackageLPr(String packageName)840 private PackageParser.Package getSystemPackageLPr(String packageName) { 841 PackageParser.Package pkg = getPackageLPr(packageName); 842 if (pkg != null && pkg.isSystemApp()) { 843 return !isSysComponentOrPersistentPlatformSignedPrivAppLPr(pkg) ? pkg : null; 844 } 845 return null; 846 } 847 grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, int userId)848 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 849 int userId) { 850 grantRuntimePermissionsLPw(pkg, permissions, false, false, userId); 851 } 852 grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, boolean systemFixed, int userId)853 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 854 boolean systemFixed, int userId) { 855 grantRuntimePermissionsLPw(pkg, permissions, systemFixed, false, userId); 856 } 857 grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, boolean systemFixed, boolean isDefaultPhoneOrSms, int userId)858 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 859 boolean systemFixed, boolean isDefaultPhoneOrSms, int userId) { 860 if (pkg.requestedPermissions.isEmpty()) { 861 return; 862 } 863 864 List<String> requestedPermissions = pkg.requestedPermissions; 865 Set<String> grantablePermissions = null; 866 867 // If this is the default Phone or SMS app we grant permissions regardless 868 // whether the version on the system image declares the permission as used since 869 // selecting the app as the default Phone or SMS the user makes a deliberate 870 // choice to grant this app the permissions needed to function. For all other 871 // apps, (default grants on first boot and user creation) we don't grant default 872 // permissions if the version on the system image does not declare them. 873 if (!isDefaultPhoneOrSms && pkg.isUpdatedSystemApp()) { 874 PackageSetting sysPs = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName); 875 if (sysPs != null) { 876 if (sysPs.pkg.requestedPermissions.isEmpty()) { 877 return; 878 } 879 if (!requestedPermissions.equals(sysPs.pkg.requestedPermissions)) { 880 grantablePermissions = new ArraySet<>(requestedPermissions); 881 requestedPermissions = sysPs.pkg.requestedPermissions; 882 } 883 } 884 } 885 886 final int grantablePermissionCount = requestedPermissions.size(); 887 for (int i = 0; i < grantablePermissionCount; i++) { 888 String permission = requestedPermissions.get(i); 889 890 // If there is a disabled system app it may request a permission the updated 891 // version ot the data partition doesn't, In this case skip the permission. 892 if (grantablePermissions != null && !grantablePermissions.contains(permission)) { 893 continue; 894 } 895 896 if (permissions.contains(permission)) { 897 final int flags = mService.getPermissionFlags(permission, pkg.packageName, userId); 898 899 // If any flags are set to the permission, then it is either set in 900 // its current state by the system or device/profile owner or the user. 901 // In all these cases we do not want to clobber the current state. 902 // Unless the caller wants to override user choices. The override is 903 // to make sure we can grant the needed permission to the default 904 // sms and phone apps after the user chooses this in the UI. 905 if (flags == 0 || isDefaultPhoneOrSms) { 906 // Never clobber policy or system. 907 final int fixedFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED 908 | PackageManager.FLAG_PERMISSION_POLICY_FIXED; 909 if ((flags & fixedFlags) != 0) { 910 continue; 911 } 912 913 mService.grantRuntimePermission(pkg.packageName, permission, userId); 914 if (DEBUG) { 915 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ") 916 + permission + " to default handler " + pkg.packageName); 917 } 918 919 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT; 920 if (systemFixed) { 921 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; 922 } 923 924 mService.updatePermissionFlags(permission, pkg.packageName, 925 newFlags, newFlags, userId); 926 } 927 928 // If a component gets a permission for being the default handler A 929 // and also default handler B, we grant the weaker grant form. 930 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0 931 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 932 && !systemFixed) { 933 if (DEBUG) { 934 Log.i(TAG, "Granted not fixed " + permission + " to default handler " 935 + pkg.packageName); 936 } 937 mService.updatePermissionFlags(permission, pkg.packageName, 938 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, userId); 939 } 940 } 941 } 942 } 943 isSysComponentOrPersistentPlatformSignedPrivAppLPr(PackageParser.Package pkg)944 private boolean isSysComponentOrPersistentPlatformSignedPrivAppLPr(PackageParser.Package pkg) { 945 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) { 946 return true; 947 } 948 if (!pkg.isPrivilegedApp()) { 949 return false; 950 } 951 PackageSetting sysPkg = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName); 952 if (sysPkg != null && sysPkg.pkg != null) { 953 if ((sysPkg.pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 954 return false; 955 } 956 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 957 return false; 958 } 959 return PackageManagerService.compareSignatures(mService.mPlatformPackage.mSignatures, 960 pkg.mSignatures) == PackageManager.SIGNATURE_MATCH; 961 } 962 grantDefaultPermissionExceptions(int userId)963 private void grantDefaultPermissionExceptions(int userId) { 964 synchronized (mService.mPackages) { 965 mHandler.removeMessages(MSG_READ_DEFAULT_PERMISSION_EXCEPTIONS); 966 967 if (mGrantExceptions == null) { 968 mGrantExceptions = readDefaultPermissionExceptionsLPw(); 969 } 970 971 // mGrantExceptions is null only before the first read and then 972 // it serves as a cache of the default grants that should be 973 // performed for every user. If there is an entry then the app 974 // is on the system image and supports runtime permissions. 975 Set<String> permissions = null; 976 final int exceptionCount = mGrantExceptions.size(); 977 for (int i = 0; i < exceptionCount; i++) { 978 String packageName = mGrantExceptions.keyAt(i); 979 PackageParser.Package pkg = getSystemPackageLPr(packageName); 980 List<DefaultPermissionGrant> permissionGrants = mGrantExceptions.valueAt(i); 981 final int permissionGrantCount = permissionGrants.size(); 982 for (int j = 0; j < permissionGrantCount; j++) { 983 DefaultPermissionGrant permissionGrant = permissionGrants.get(j); 984 if (permissions == null) { 985 permissions = new ArraySet<>(); 986 } else { 987 permissions.clear(); 988 } 989 permissions.add(permissionGrant.name); 990 grantRuntimePermissionsLPw(pkg, permissions, false, 991 permissionGrant.fixed, userId); 992 } 993 } 994 } 995 } 996 997 private @NonNull ArrayMap<String, List<DefaultPermissionGrant>> readDefaultPermissionExceptionsLPw()998 readDefaultPermissionExceptionsLPw() { 999 File dir = new File(Environment.getRootDirectory(), "etc/default-permissions"); 1000 if (!dir.exists() || !dir.isDirectory() || !dir.canRead()) { 1001 return new ArrayMap<>(0); 1002 } 1003 1004 File[] files = dir.listFiles(); 1005 if (files == null) { 1006 return new ArrayMap<>(0); 1007 } 1008 1009 ArrayMap<String, List<DefaultPermissionGrant>> grantExceptions = new ArrayMap<>(); 1010 1011 // Iterate over the files in the directory and scan .xml files 1012 for (File file : files) { 1013 if (!file.getPath().endsWith(".xml")) { 1014 Slog.i(TAG, "Non-xml file " + file + " in " + dir + " directory, ignoring"); 1015 continue; 1016 } 1017 if (!file.canRead()) { 1018 Slog.w(TAG, "Default permissions file " + file + " cannot be read"); 1019 continue; 1020 } 1021 try ( 1022 InputStream str = new BufferedInputStream(new FileInputStream(file)) 1023 ) { 1024 XmlPullParser parser = Xml.newPullParser(); 1025 parser.setInput(str, null); 1026 parse(parser, grantExceptions); 1027 } catch (XmlPullParserException | IOException e) { 1028 Slog.w(TAG, "Error reading default permissions file " + file, e); 1029 } 1030 } 1031 1032 return grantExceptions; 1033 } 1034 parse(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>> outGrantExceptions)1035 private void parse(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>> 1036 outGrantExceptions) throws IOException, XmlPullParserException { 1037 final int outerDepth = parser.getDepth(); 1038 int type; 1039 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1040 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1041 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1042 continue; 1043 } 1044 if (TAG_EXCEPTIONS.equals(parser.getName())) { 1045 parseExceptions(parser, outGrantExceptions); 1046 } else { 1047 Log.e(TAG, "Unknown tag " + parser.getName()); 1048 } 1049 } 1050 } 1051 parseExceptions(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>> outGrantExceptions)1052 private void parseExceptions(XmlPullParser parser, Map<String, List<DefaultPermissionGrant>> 1053 outGrantExceptions) throws IOException, XmlPullParserException { 1054 final int outerDepth = parser.getDepth(); 1055 int type; 1056 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1057 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1058 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1059 continue; 1060 } 1061 if (TAG_EXCEPTION.equals(parser.getName())) { 1062 String packageName = parser.getAttributeValue(null, ATTR_PACKAGE); 1063 1064 List<DefaultPermissionGrant> packageExceptions = 1065 outGrantExceptions.get(packageName); 1066 if (packageExceptions == null) { 1067 // The package must be on the system image 1068 PackageParser.Package pkg = getSystemPackageLPr(packageName); 1069 if (pkg == null) { 1070 Log.w(TAG, "Unknown package:" + packageName); 1071 XmlUtils.skipCurrentTag(parser); 1072 continue; 1073 } 1074 1075 // The package must support runtime permissions 1076 if (!doesPackageSupportRuntimePermissions(pkg)) { 1077 Log.w(TAG, "Skipping non supporting runtime permissions package:" 1078 + packageName); 1079 XmlUtils.skipCurrentTag(parser); 1080 continue; 1081 } 1082 packageExceptions = new ArrayList<>(); 1083 outGrantExceptions.put(packageName, packageExceptions); 1084 } 1085 1086 parsePermission(parser, packageExceptions); 1087 } else { 1088 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exceptions>"); 1089 } 1090 } 1091 } 1092 parsePermission(XmlPullParser parser, List<DefaultPermissionGrant> outPackageExceptions)1093 private void parsePermission(XmlPullParser parser, List<DefaultPermissionGrant> 1094 outPackageExceptions) throws IOException, XmlPullParserException { 1095 final int outerDepth = parser.getDepth(); 1096 int type; 1097 while ((type = parser.next()) != XmlPullParser.END_DOCUMENT 1098 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) { 1099 if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) { 1100 continue; 1101 } 1102 1103 if (TAG_PERMISSION.contains(parser.getName())) { 1104 String name = parser.getAttributeValue(null, ATTR_NAME); 1105 if (name == null) { 1106 Log.w(TAG, "Mandatory name attribute missing for permission tag"); 1107 XmlUtils.skipCurrentTag(parser); 1108 continue; 1109 } 1110 1111 final boolean fixed = XmlUtils.readBooleanAttribute(parser, ATTR_FIXED); 1112 1113 DefaultPermissionGrant exception = new DefaultPermissionGrant(name, fixed); 1114 outPackageExceptions.add(exception); 1115 } else { 1116 Log.e(TAG, "Unknown tag " + parser.getName() + "under <exception>"); 1117 } 1118 } 1119 } 1120 doesPackageSupportRuntimePermissions(PackageParser.Package pkg)1121 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) { 1122 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1; 1123 } 1124 1125 private static final class DefaultPermissionGrant { 1126 final String name; 1127 final boolean fixed; 1128 DefaultPermissionGrant(String name, boolean fixed)1129 public DefaultPermissionGrant(String name, boolean fixed) { 1130 this.name = name; 1131 this.fixed = fixed; 1132 } 1133 } 1134 } 1135