1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.server.pm; 18 19 import android.Manifest; 20 import android.app.DownloadManager; 21 import android.app.admin.DevicePolicyManager; 22 import android.content.Intent; 23 import android.content.pm.ActivityInfo; 24 import android.content.pm.ApplicationInfo; 25 import android.content.pm.PackageManager; 26 import android.content.pm.PackageManagerInternal.PackagesProvider; 27 import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider; 28 import android.content.pm.PackageParser; 29 import android.content.pm.ProviderInfo; 30 import android.content.pm.ResolveInfo; 31 import android.net.Uri; 32 import android.os.Build; 33 import android.os.UserHandle; 34 import android.print.PrintManager; 35 import android.provider.CalendarContract; 36 import android.provider.ContactsContract; 37 import android.provider.MediaStore; 38 import android.provider.Telephony.Sms.Intents; 39 import android.telephony.TelephonyManager; 40 import android.security.Credentials; 41 import android.util.ArraySet; 42 import android.util.Log; 43 44 import java.io.File; 45 import java.util.ArrayList; 46 import java.util.List; 47 import java.util.Set; 48 49 import static android.os.Process.FIRST_APPLICATION_UID; 50 51 /** 52 * This class is the policy for granting runtime permissions to 53 * platform components and default handlers in the system such 54 * that the device is usable out-of-the-box. For example, the 55 * shell UID is a part of the system and the Phone app should 56 * have phone related permission by default. 57 */ 58 final class DefaultPermissionGrantPolicy { 59 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars 60 private static final boolean DEBUG = false; 61 62 private static final int DEFAULT_FLAGS = PackageManager.MATCH_DIRECT_BOOT_AWARE 63 | PackageManager.MATCH_DIRECT_BOOT_UNAWARE; 64 65 private static final String AUDIO_MIME_TYPE = "audio/mpeg"; 66 67 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>(); 68 static { 69 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE); 70 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE); 71 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG); 72 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG); 73 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL); 74 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP); 75 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS); 76 } 77 78 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>(); 79 static { 80 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS); 81 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS); 82 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS); 83 } 84 85 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>(); 86 static { 87 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION); 88 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION); 89 } 90 91 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>(); 92 static { 93 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR); 94 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR); 95 } 96 97 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>(); 98 static { 99 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS); 100 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS); 101 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS); 102 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH); 103 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS); 104 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS); 105 } 106 107 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>(); 108 static { 109 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO); 110 } 111 112 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>(); 113 static { 114 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA); 115 } 116 117 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>(); 118 static { 119 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS); 120 } 121 122 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>(); 123 static { 124 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE); 125 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE); 126 } 127 128 private final PackageManagerService mService; 129 130 private PackagesProvider mLocationPackagesProvider; 131 private PackagesProvider mVoiceInteractionPackagesProvider; 132 private PackagesProvider mSmsAppPackagesProvider; 133 private PackagesProvider mDialerAppPackagesProvider; 134 private PackagesProvider mSimCallManagerPackagesProvider; 135 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider; 136 DefaultPermissionGrantPolicy(PackageManagerService service)137 public DefaultPermissionGrantPolicy(PackageManagerService service) { 138 mService = service; 139 } 140 setLocationPackagesProviderLPw(PackagesProvider provider)141 public void setLocationPackagesProviderLPw(PackagesProvider provider) { 142 mLocationPackagesProvider = provider; 143 } 144 setVoiceInteractionPackagesProviderLPw(PackagesProvider provider)145 public void setVoiceInteractionPackagesProviderLPw(PackagesProvider provider) { 146 mVoiceInteractionPackagesProvider = provider; 147 } 148 setSmsAppPackagesProviderLPw(PackagesProvider provider)149 public void setSmsAppPackagesProviderLPw(PackagesProvider provider) { 150 mSmsAppPackagesProvider = provider; 151 } 152 setDialerAppPackagesProviderLPw(PackagesProvider provider)153 public void setDialerAppPackagesProviderLPw(PackagesProvider provider) { 154 mDialerAppPackagesProvider = provider; 155 } 156 setSimCallManagerPackagesProviderLPw(PackagesProvider provider)157 public void setSimCallManagerPackagesProviderLPw(PackagesProvider provider) { 158 mSimCallManagerPackagesProvider = provider; 159 } 160 setSyncAdapterPackagesProviderLPw(SyncAdapterPackagesProvider provider)161 public void setSyncAdapterPackagesProviderLPw(SyncAdapterPackagesProvider provider) { 162 mSyncAdapterPackagesProvider = provider; 163 } 164 grantDefaultPermissions(int userId)165 public void grantDefaultPermissions(int userId) { 166 grantPermissionsToSysComponentsAndPrivApps(userId); 167 grantDefaultSystemHandlerPermissions(userId); 168 } 169 grantPermissionsToSysComponentsAndPrivApps(int userId)170 private void grantPermissionsToSysComponentsAndPrivApps(int userId) { 171 Log.i(TAG, "Granting permissions to platform components for user " + userId); 172 173 synchronized (mService.mPackages) { 174 for (PackageParser.Package pkg : mService.mPackages.values()) { 175 if (!isSysComponentOrPersistentPlatformSignedPrivAppLPr(pkg) 176 || !doesPackageSupportRuntimePermissions(pkg) 177 || pkg.requestedPermissions.isEmpty()) { 178 continue; 179 } 180 Set<String> permissions = new ArraySet<>(); 181 final int permissionCount = pkg.requestedPermissions.size(); 182 for (int i = 0; i < permissionCount; i++) { 183 String permission = pkg.requestedPermissions.get(i); 184 BasePermission bp = mService.mSettings.mPermissions.get(permission); 185 if (bp != null && bp.isRuntime()) { 186 permissions.add(permission); 187 } 188 } 189 if (!permissions.isEmpty()) { 190 grantRuntimePermissionsLPw(pkg, permissions, true, userId); 191 } 192 } 193 } 194 } 195 grantDefaultSystemHandlerPermissions(int userId)196 private void grantDefaultSystemHandlerPermissions(int userId) { 197 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId); 198 199 final PackagesProvider locationPackagesProvider; 200 final PackagesProvider voiceInteractionPackagesProvider; 201 final PackagesProvider smsAppPackagesProvider; 202 final PackagesProvider dialerAppPackagesProvider; 203 final PackagesProvider simCallManagerPackagesProvider; 204 final SyncAdapterPackagesProvider syncAdapterPackagesProvider; 205 206 synchronized (mService.mPackages) { 207 locationPackagesProvider = mLocationPackagesProvider; 208 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider; 209 smsAppPackagesProvider = mSmsAppPackagesProvider; 210 dialerAppPackagesProvider = mDialerAppPackagesProvider; 211 simCallManagerPackagesProvider = mSimCallManagerPackagesProvider; 212 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider; 213 } 214 215 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null) 216 ? voiceInteractionPackagesProvider.getPackages(userId) : null; 217 String[] locationPackageNames = (locationPackagesProvider != null) 218 ? locationPackagesProvider.getPackages(userId) : null; 219 String[] smsAppPackageNames = (smsAppPackagesProvider != null) 220 ? smsAppPackagesProvider.getPackages(userId) : null; 221 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null) 222 ? dialerAppPackagesProvider.getPackages(userId) : null; 223 String[] simCallManagerPackageNames = (simCallManagerPackagesProvider != null) 224 ? simCallManagerPackagesProvider.getPackages(userId) : null; 225 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 226 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null; 227 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ? 228 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null; 229 230 synchronized (mService.mPackages) { 231 // Installer 232 PackageParser.Package installerPackage = getSystemPackageLPr( 233 mService.mRequiredInstallerPackage); 234 if (installerPackage != null 235 && doesPackageSupportRuntimePermissions(installerPackage)) { 236 grantRuntimePermissionsLPw(installerPackage, STORAGE_PERMISSIONS, true, userId); 237 } 238 239 // Verifier 240 PackageParser.Package verifierPackage = getSystemPackageLPr( 241 mService.mRequiredVerifierPackage); 242 if (verifierPackage != null 243 && doesPackageSupportRuntimePermissions(verifierPackage)) { 244 grantRuntimePermissionsLPw(verifierPackage, STORAGE_PERMISSIONS, true, userId); 245 grantRuntimePermissionsLPw(verifierPackage, PHONE_PERMISSIONS, false, userId); 246 grantRuntimePermissionsLPw(verifierPackage, SMS_PERMISSIONS, false, userId); 247 } 248 249 // SetupWizard 250 PackageParser.Package setupPackage = getSystemPackageLPr( 251 mService.mSetupWizardPackage); 252 if (setupPackage != null 253 && doesPackageSupportRuntimePermissions(setupPackage)) { 254 grantRuntimePermissionsLPw(setupPackage, PHONE_PERMISSIONS, userId); 255 grantRuntimePermissionsLPw(setupPackage, CONTACTS_PERMISSIONS, userId); 256 grantRuntimePermissionsLPw(setupPackage, LOCATION_PERMISSIONS, userId); 257 grantRuntimePermissionsLPw(setupPackage, CAMERA_PERMISSIONS, userId); 258 } 259 260 // Camera 261 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE); 262 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackageLPr( 263 cameraIntent, userId); 264 if (cameraPackage != null 265 && doesPackageSupportRuntimePermissions(cameraPackage)) { 266 grantRuntimePermissionsLPw(cameraPackage, CAMERA_PERMISSIONS, userId); 267 grantRuntimePermissionsLPw(cameraPackage, MICROPHONE_PERMISSIONS, userId); 268 grantRuntimePermissionsLPw(cameraPackage, STORAGE_PERMISSIONS, userId); 269 } 270 271 // Media provider 272 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackageLPr( 273 MediaStore.AUTHORITY, userId); 274 if (mediaStorePackage != null) { 275 grantRuntimePermissionsLPw(mediaStorePackage, STORAGE_PERMISSIONS, true, userId); 276 } 277 278 // Downloads provider 279 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackageLPr( 280 "downloads", userId); 281 if (downloadsPackage != null) { 282 grantRuntimePermissionsLPw(downloadsPackage, STORAGE_PERMISSIONS, true, userId); 283 } 284 285 // Downloads UI 286 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS); 287 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackageLPr( 288 downloadsUiIntent, userId); 289 if (downloadsUiPackage != null 290 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) { 291 grantRuntimePermissionsLPw(downloadsUiPackage, STORAGE_PERMISSIONS, true, userId); 292 } 293 294 // Storage provider 295 PackageParser.Package storagePackage = getDefaultProviderAuthorityPackageLPr( 296 "com.android.externalstorage.documents", userId); 297 if (storagePackage != null) { 298 grantRuntimePermissionsLPw(storagePackage, STORAGE_PERMISSIONS, true, userId); 299 } 300 301 // CertInstaller 302 Intent certInstallerIntent = new Intent(Credentials.INSTALL_ACTION); 303 PackageParser.Package certInstallerPackage = getDefaultSystemHandlerActivityPackageLPr( 304 certInstallerIntent, userId); 305 if (certInstallerPackage != null 306 && doesPackageSupportRuntimePermissions(certInstallerPackage)) { 307 grantRuntimePermissionsLPw(certInstallerPackage, STORAGE_PERMISSIONS, true, userId); 308 } 309 310 // Dialer 311 if (dialerAppPackageNames == null) { 312 Intent dialerIntent = new Intent(Intent.ACTION_DIAL); 313 PackageParser.Package dialerPackage = getDefaultSystemHandlerActivityPackageLPr( 314 dialerIntent, userId); 315 if (dialerPackage != null) { 316 grantDefaultPermissionsToDefaultSystemDialerAppLPr(dialerPackage, userId); 317 } 318 } else { 319 for (String dialerAppPackageName : dialerAppPackageNames) { 320 PackageParser.Package dialerPackage = getSystemPackageLPr(dialerAppPackageName); 321 if (dialerPackage != null) { 322 grantDefaultPermissionsToDefaultSystemDialerAppLPr(dialerPackage, userId); 323 } 324 } 325 } 326 327 // Sim call manager 328 if (simCallManagerPackageNames != null) { 329 for (String simCallManagerPackageName : simCallManagerPackageNames) { 330 PackageParser.Package simCallManagerPackage = 331 getSystemPackageLPr(simCallManagerPackageName); 332 if (simCallManagerPackage != null) { 333 grantDefaultPermissionsToDefaultSimCallManagerLPr(simCallManagerPackage, 334 userId); 335 } 336 } 337 } 338 339 // SMS 340 if (smsAppPackageNames == null) { 341 Intent smsIntent = new Intent(Intent.ACTION_MAIN); 342 smsIntent.addCategory(Intent.CATEGORY_APP_MESSAGING); 343 PackageParser.Package smsPackage = getDefaultSystemHandlerActivityPackageLPr( 344 smsIntent, userId); 345 if (smsPackage != null) { 346 grantDefaultPermissionsToDefaultSystemSmsAppLPr(smsPackage, userId); 347 } 348 } else { 349 for (String smsPackageName : smsAppPackageNames) { 350 PackageParser.Package smsPackage = getSystemPackageLPr(smsPackageName); 351 if (smsPackage != null) { 352 grantDefaultPermissionsToDefaultSystemSmsAppLPr(smsPackage, userId); 353 } 354 } 355 } 356 357 // Cell Broadcast Receiver 358 Intent cbrIntent = new Intent(Intents.SMS_CB_RECEIVED_ACTION); 359 PackageParser.Package cbrPackage = 360 getDefaultSystemHandlerActivityPackageLPr(cbrIntent, userId); 361 if (cbrPackage != null && doesPackageSupportRuntimePermissions(cbrPackage)) { 362 grantRuntimePermissionsLPw(cbrPackage, SMS_PERMISSIONS, userId); 363 } 364 365 // Carrier Provisioning Service 366 Intent carrierProvIntent = new Intent(Intents.SMS_CARRIER_PROVISION_ACTION); 367 PackageParser.Package carrierProvPackage = 368 getDefaultSystemHandlerServicePackageLPr(carrierProvIntent, userId); 369 if (carrierProvPackage != null && doesPackageSupportRuntimePermissions(carrierProvPackage)) { 370 grantRuntimePermissionsLPw(carrierProvPackage, SMS_PERMISSIONS, false, userId); 371 } 372 373 // Calendar 374 Intent calendarIntent = new Intent(Intent.ACTION_MAIN); 375 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR); 376 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackageLPr( 377 calendarIntent, userId); 378 if (calendarPackage != null 379 && doesPackageSupportRuntimePermissions(calendarPackage)) { 380 grantRuntimePermissionsLPw(calendarPackage, CALENDAR_PERMISSIONS, userId); 381 grantRuntimePermissionsLPw(calendarPackage, CONTACTS_PERMISSIONS, userId); 382 } 383 384 // Calendar provider 385 PackageParser.Package calendarProviderPackage = getDefaultProviderAuthorityPackageLPr( 386 CalendarContract.AUTHORITY, userId); 387 if (calendarProviderPackage != null) { 388 grantRuntimePermissionsLPw(calendarProviderPackage, CONTACTS_PERMISSIONS, userId); 389 grantRuntimePermissionsLPw(calendarProviderPackage, CALENDAR_PERMISSIONS, 390 true, userId); 391 grantRuntimePermissionsLPw(calendarProviderPackage, STORAGE_PERMISSIONS, userId); 392 } 393 394 // Calendar provider sync adapters 395 List<PackageParser.Package> calendarSyncAdapters = getHeadlessSyncAdapterPackagesLPr( 396 calendarSyncAdapterPackages, userId); 397 final int calendarSyncAdapterCount = calendarSyncAdapters.size(); 398 for (int i = 0; i < calendarSyncAdapterCount; i++) { 399 PackageParser.Package calendarSyncAdapter = calendarSyncAdapters.get(i); 400 if (doesPackageSupportRuntimePermissions(calendarSyncAdapter)) { 401 grantRuntimePermissionsLPw(calendarSyncAdapter, CALENDAR_PERMISSIONS, userId); 402 } 403 } 404 405 // Contacts 406 Intent contactsIntent = new Intent(Intent.ACTION_MAIN); 407 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS); 408 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackageLPr( 409 contactsIntent, userId); 410 if (contactsPackage != null 411 && doesPackageSupportRuntimePermissions(contactsPackage)) { 412 grantRuntimePermissionsLPw(contactsPackage, CONTACTS_PERMISSIONS, userId); 413 grantRuntimePermissionsLPw(contactsPackage, PHONE_PERMISSIONS, userId); 414 } 415 416 // Contacts provider sync adapters 417 List<PackageParser.Package> contactsSyncAdapters = getHeadlessSyncAdapterPackagesLPr( 418 contactsSyncAdapterPackages, userId); 419 final int contactsSyncAdapterCount = contactsSyncAdapters.size(); 420 for (int i = 0; i < contactsSyncAdapterCount; i++) { 421 PackageParser.Package contactsSyncAdapter = contactsSyncAdapters.get(i); 422 if (doesPackageSupportRuntimePermissions(contactsSyncAdapter)) { 423 grantRuntimePermissionsLPw(contactsSyncAdapter, CONTACTS_PERMISSIONS, userId); 424 } 425 } 426 427 // Contacts provider 428 PackageParser.Package contactsProviderPackage = getDefaultProviderAuthorityPackageLPr( 429 ContactsContract.AUTHORITY, userId); 430 if (contactsProviderPackage != null) { 431 grantRuntimePermissionsLPw(contactsProviderPackage, CONTACTS_PERMISSIONS, 432 true, userId); 433 grantRuntimePermissionsLPw(contactsProviderPackage, PHONE_PERMISSIONS, 434 true, userId); 435 grantRuntimePermissionsLPw(contactsProviderPackage, STORAGE_PERMISSIONS, userId); 436 } 437 438 // Device provisioning 439 Intent deviceProvisionIntent = new Intent( 440 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE); 441 PackageParser.Package deviceProvisionPackage = 442 getDefaultSystemHandlerActivityPackageLPr(deviceProvisionIntent, userId); 443 if (deviceProvisionPackage != null 444 && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) { 445 grantRuntimePermissionsLPw(deviceProvisionPackage, CONTACTS_PERMISSIONS, userId); 446 } 447 448 // Maps 449 Intent mapsIntent = new Intent(Intent.ACTION_MAIN); 450 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS); 451 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackageLPr( 452 mapsIntent, userId); 453 if (mapsPackage != null 454 && doesPackageSupportRuntimePermissions(mapsPackage)) { 455 grantRuntimePermissionsLPw(mapsPackage, LOCATION_PERMISSIONS, userId); 456 } 457 458 // Gallery 459 Intent galleryIntent = new Intent(Intent.ACTION_MAIN); 460 galleryIntent.addCategory(Intent.CATEGORY_APP_GALLERY); 461 PackageParser.Package galleryPackage = getDefaultSystemHandlerActivityPackageLPr( 462 galleryIntent, userId); 463 if (galleryPackage != null 464 && doesPackageSupportRuntimePermissions(galleryPackage)) { 465 grantRuntimePermissionsLPw(galleryPackage, STORAGE_PERMISSIONS, userId); 466 } 467 468 // Email 469 Intent emailIntent = new Intent(Intent.ACTION_MAIN); 470 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL); 471 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackageLPr( 472 emailIntent, userId); 473 if (emailPackage != null 474 && doesPackageSupportRuntimePermissions(emailPackage)) { 475 grantRuntimePermissionsLPw(emailPackage, CONTACTS_PERMISSIONS, userId); 476 } 477 478 // Browser 479 PackageParser.Package browserPackage = null; 480 String defaultBrowserPackage = mService.getDefaultBrowserPackageName(userId); 481 if (defaultBrowserPackage != null) { 482 browserPackage = getPackageLPr(defaultBrowserPackage); 483 } 484 if (browserPackage == null) { 485 Intent browserIntent = new Intent(Intent.ACTION_MAIN); 486 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER); 487 browserPackage = getDefaultSystemHandlerActivityPackageLPr( 488 browserIntent, userId); 489 } 490 if (browserPackage != null 491 && doesPackageSupportRuntimePermissions(browserPackage)) { 492 grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, userId); 493 } 494 495 // Voice interaction 496 if (voiceInteractPackageNames != null) { 497 for (String voiceInteractPackageName : voiceInteractPackageNames) { 498 PackageParser.Package voiceInteractPackage = getSystemPackageLPr( 499 voiceInteractPackageName); 500 if (voiceInteractPackage != null 501 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) { 502 grantRuntimePermissionsLPw(voiceInteractPackage, 503 CONTACTS_PERMISSIONS, userId); 504 grantRuntimePermissionsLPw(voiceInteractPackage, 505 CALENDAR_PERMISSIONS, userId); 506 grantRuntimePermissionsLPw(voiceInteractPackage, 507 MICROPHONE_PERMISSIONS, userId); 508 grantRuntimePermissionsLPw(voiceInteractPackage, 509 PHONE_PERMISSIONS, userId); 510 grantRuntimePermissionsLPw(voiceInteractPackage, 511 SMS_PERMISSIONS, userId); 512 grantRuntimePermissionsLPw(voiceInteractPackage, 513 LOCATION_PERMISSIONS, userId); 514 } 515 } 516 } 517 518 // Voice recognition 519 Intent voiceRecoIntent = new Intent("android.speech.RecognitionService"); 520 voiceRecoIntent.addCategory(Intent.CATEGORY_DEFAULT); 521 PackageParser.Package voiceRecoPackage = getDefaultSystemHandlerServicePackageLPr( 522 voiceRecoIntent, userId); 523 if (voiceRecoPackage != null 524 && doesPackageSupportRuntimePermissions(voiceRecoPackage)) { 525 grantRuntimePermissionsLPw(voiceRecoPackage, MICROPHONE_PERMISSIONS, userId); 526 } 527 528 // Location 529 if (locationPackageNames != null) { 530 for (String packageName : locationPackageNames) { 531 PackageParser.Package locationPackage = getSystemPackageLPr(packageName); 532 if (locationPackage != null 533 && doesPackageSupportRuntimePermissions(locationPackage)) { 534 grantRuntimePermissionsLPw(locationPackage, CONTACTS_PERMISSIONS, userId); 535 grantRuntimePermissionsLPw(locationPackage, CALENDAR_PERMISSIONS, userId); 536 grantRuntimePermissionsLPw(locationPackage, MICROPHONE_PERMISSIONS, userId); 537 grantRuntimePermissionsLPw(locationPackage, PHONE_PERMISSIONS, userId); 538 grantRuntimePermissionsLPw(locationPackage, SMS_PERMISSIONS, userId); 539 grantRuntimePermissionsLPw(locationPackage, LOCATION_PERMISSIONS, 540 true, userId); 541 grantRuntimePermissionsLPw(locationPackage, CAMERA_PERMISSIONS, userId); 542 grantRuntimePermissionsLPw(locationPackage, SENSORS_PERMISSIONS, userId); 543 grantRuntimePermissionsLPw(locationPackage, STORAGE_PERMISSIONS, userId); 544 } 545 } 546 } 547 548 // Music 549 Intent musicIntent = new Intent(Intent.ACTION_VIEW); 550 musicIntent.addCategory(Intent.CATEGORY_DEFAULT); 551 musicIntent.setDataAndType(Uri.fromFile(new File("foo.mp3")), 552 AUDIO_MIME_TYPE); 553 PackageParser.Package musicPackage = getDefaultSystemHandlerActivityPackageLPr( 554 musicIntent, userId); 555 if (musicPackage != null 556 && doesPackageSupportRuntimePermissions(musicPackage)) { 557 grantRuntimePermissionsLPw(musicPackage, STORAGE_PERMISSIONS, userId); 558 } 559 560 // Android Wear Home 561 if (mService.hasSystemFeature(PackageManager.FEATURE_WATCH, 0)) { 562 Intent homeIntent = new Intent(Intent.ACTION_MAIN); 563 homeIntent.addCategory(Intent.CATEGORY_HOME_MAIN); 564 565 PackageParser.Package wearHomePackage = getDefaultSystemHandlerActivityPackageLPr( 566 homeIntent, userId); 567 568 if (wearHomePackage != null 569 && doesPackageSupportRuntimePermissions(wearHomePackage)) { 570 grantRuntimePermissionsLPw(wearHomePackage, CONTACTS_PERMISSIONS, false, 571 userId); 572 grantRuntimePermissionsLPw(wearHomePackage, PHONE_PERMISSIONS, true, userId); 573 grantRuntimePermissionsLPw(wearHomePackage, MICROPHONE_PERMISSIONS, false, 574 userId); 575 grantRuntimePermissionsLPw(wearHomePackage, LOCATION_PERMISSIONS, false, 576 userId); 577 } 578 } 579 580 // Print Spooler 581 PackageParser.Package printSpoolerPackage = getSystemPackageLPr( 582 PrintManager.PRINT_SPOOLER_PACKAGE_NAME); 583 if (printSpoolerPackage != null 584 && doesPackageSupportRuntimePermissions(printSpoolerPackage)) { 585 grantRuntimePermissionsLPw(printSpoolerPackage, LOCATION_PERMISSIONS, true, userId); 586 } 587 588 // EmergencyInfo 589 Intent emergencyInfoIntent = new Intent(TelephonyManager.ACTION_EMERGENCY_ASSISTANCE); 590 PackageParser.Package emergencyInfoPckg = getDefaultSystemHandlerActivityPackageLPr( 591 emergencyInfoIntent, userId); 592 if (emergencyInfoPckg != null 593 && doesPackageSupportRuntimePermissions(emergencyInfoPckg)) { 594 grantRuntimePermissionsLPw(emergencyInfoPckg, CONTACTS_PERMISSIONS, true, userId); 595 grantRuntimePermissionsLPw(emergencyInfoPckg, PHONE_PERMISSIONS, true, userId); 596 } 597 598 // NFC Tag viewer 599 Intent nfcTagIntent = new Intent(Intent.ACTION_VIEW); 600 nfcTagIntent.setType("vnd.android.cursor.item/ndef_msg"); 601 PackageParser.Package nfcTagPkg = getDefaultSystemHandlerActivityPackageLPr( 602 nfcTagIntent, userId); 603 if (nfcTagPkg != null 604 && doesPackageSupportRuntimePermissions(nfcTagPkg)) { 605 grantRuntimePermissionsLPw(nfcTagPkg, CONTACTS_PERMISSIONS, false, userId); 606 grantRuntimePermissionsLPw(nfcTagPkg, PHONE_PERMISSIONS, false, userId); 607 } 608 mService.mSettings.onDefaultRuntimePermissionsGrantedLPr(userId); 609 } 610 } 611 grantDefaultPermissionsToDefaultSystemDialerAppLPr( PackageParser.Package dialerPackage, int userId)612 private void grantDefaultPermissionsToDefaultSystemDialerAppLPr( 613 PackageParser.Package dialerPackage, int userId) { 614 if (doesPackageSupportRuntimePermissions(dialerPackage)) { 615 boolean isPhonePermFixed = 616 mService.hasSystemFeature(PackageManager.FEATURE_WATCH, 0); 617 grantRuntimePermissionsLPw( 618 dialerPackage, PHONE_PERMISSIONS, isPhonePermFixed, userId); 619 grantRuntimePermissionsLPw(dialerPackage, CONTACTS_PERMISSIONS, userId); 620 grantRuntimePermissionsLPw(dialerPackage, SMS_PERMISSIONS, userId); 621 grantRuntimePermissionsLPw(dialerPackage, MICROPHONE_PERMISSIONS, userId); 622 } 623 } 624 grantDefaultPermissionsToDefaultSystemSmsAppLPr( PackageParser.Package smsPackage, int userId)625 private void grantDefaultPermissionsToDefaultSystemSmsAppLPr( 626 PackageParser.Package smsPackage, int userId) { 627 if (doesPackageSupportRuntimePermissions(smsPackage)) { 628 grantRuntimePermissionsLPw(smsPackage, PHONE_PERMISSIONS, userId); 629 grantRuntimePermissionsLPw(smsPackage, CONTACTS_PERMISSIONS, userId); 630 grantRuntimePermissionsLPw(smsPackage, SMS_PERMISSIONS, userId); 631 } 632 } 633 grantDefaultPermissionsToDefaultSmsAppLPr(String packageName, int userId)634 public void grantDefaultPermissionsToDefaultSmsAppLPr(String packageName, int userId) { 635 Log.i(TAG, "Granting permissions to default sms app for user:" + userId); 636 if (packageName == null) { 637 return; 638 } 639 PackageParser.Package smsPackage = getPackageLPr(packageName); 640 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) { 641 grantRuntimePermissionsLPw(smsPackage, PHONE_PERMISSIONS, false, true, userId); 642 grantRuntimePermissionsLPw(smsPackage, CONTACTS_PERMISSIONS, false, true, userId); 643 grantRuntimePermissionsLPw(smsPackage, SMS_PERMISSIONS, false, true, userId); 644 } 645 } 646 grantDefaultPermissionsToDefaultDialerAppLPr(String packageName, int userId)647 public void grantDefaultPermissionsToDefaultDialerAppLPr(String packageName, int userId) { 648 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId); 649 if (packageName == null) { 650 return; 651 } 652 PackageParser.Package dialerPackage = getPackageLPr(packageName); 653 if (dialerPackage != null 654 && doesPackageSupportRuntimePermissions(dialerPackage)) { 655 grantRuntimePermissionsLPw(dialerPackage, PHONE_PERMISSIONS, false, true, userId); 656 grantRuntimePermissionsLPw(dialerPackage, CONTACTS_PERMISSIONS, false, true, userId); 657 grantRuntimePermissionsLPw(dialerPackage, SMS_PERMISSIONS, false, true, userId); 658 grantRuntimePermissionsLPw(dialerPackage, MICROPHONE_PERMISSIONS, false, true, userId); 659 } 660 } 661 grantDefaultPermissionsToDefaultSimCallManagerLPr( PackageParser.Package simCallManagerPackage, int userId)662 private void grantDefaultPermissionsToDefaultSimCallManagerLPr( 663 PackageParser.Package simCallManagerPackage, int userId) { 664 Log.i(TAG, "Granting permissions to sim call manager for user:" + userId); 665 if (doesPackageSupportRuntimePermissions(simCallManagerPackage)) { 666 grantRuntimePermissionsLPw(simCallManagerPackage, PHONE_PERMISSIONS, userId); 667 grantRuntimePermissionsLPw(simCallManagerPackage, MICROPHONE_PERMISSIONS, userId); 668 } 669 } 670 grantDefaultPermissionsToDefaultSimCallManagerLPr(String packageName, int userId)671 public void grantDefaultPermissionsToDefaultSimCallManagerLPr(String packageName, int userId) { 672 if (packageName == null) { 673 return; 674 } 675 PackageParser.Package simCallManagerPackage = getPackageLPr(packageName); 676 if (simCallManagerPackage != null) { 677 grantDefaultPermissionsToDefaultSimCallManagerLPr(simCallManagerPackage, userId); 678 } 679 } 680 grantDefaultPermissionsToEnabledCarrierAppsLPr(String[] packageNames, int userId)681 public void grantDefaultPermissionsToEnabledCarrierAppsLPr(String[] packageNames, int userId) { 682 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId); 683 if (packageNames == null) { 684 return; 685 } 686 for (String packageName : packageNames) { 687 PackageParser.Package carrierPackage = getSystemPackageLPr(packageName); 688 if (carrierPackage != null 689 && doesPackageSupportRuntimePermissions(carrierPackage)) { 690 grantRuntimePermissionsLPw(carrierPackage, PHONE_PERMISSIONS, userId); 691 grantRuntimePermissionsLPw(carrierPackage, LOCATION_PERMISSIONS, userId); 692 grantRuntimePermissionsLPw(carrierPackage, SMS_PERMISSIONS, userId); 693 } 694 } 695 } 696 grantDefaultPermissionsToDefaultBrowserLPr(String packageName, int userId)697 public void grantDefaultPermissionsToDefaultBrowserLPr(String packageName, int userId) { 698 Log.i(TAG, "Granting permissions to default browser for user:" + userId); 699 if (packageName == null) { 700 return; 701 } 702 PackageParser.Package browserPackage = getSystemPackageLPr(packageName); 703 if (browserPackage != null 704 && doesPackageSupportRuntimePermissions(browserPackage)) { 705 grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, false, false, userId); 706 } 707 } 708 getDefaultSystemHandlerActivityPackageLPr( Intent intent, int userId)709 private PackageParser.Package getDefaultSystemHandlerActivityPackageLPr( 710 Intent intent, int userId) { 711 ResolveInfo handler = mService.resolveIntent(intent, 712 intent.resolveType(mService.mContext.getContentResolver()), DEFAULT_FLAGS, userId); 713 if (handler == null || handler.activityInfo == null) { 714 return null; 715 } 716 ActivityInfo activityInfo = handler.activityInfo; 717 if (activityInfo.packageName.equals(mService.mResolveActivity.packageName) 718 && activityInfo.name.equals(mService.mResolveActivity.name)) { 719 return null; 720 } 721 return getSystemPackageLPr(handler.activityInfo.packageName); 722 } 723 getDefaultSystemHandlerServicePackageLPr( Intent intent, int userId)724 private PackageParser.Package getDefaultSystemHandlerServicePackageLPr( 725 Intent intent, int userId) { 726 List<ResolveInfo> handlers = mService.queryIntentServices(intent, 727 intent.resolveType(mService.mContext.getContentResolver()), DEFAULT_FLAGS, userId) 728 .getList(); 729 if (handlers == null) { 730 return null; 731 } 732 final int handlerCount = handlers.size(); 733 for (int i = 0; i < handlerCount; i++) { 734 ResolveInfo handler = handlers.get(i); 735 PackageParser.Package handlerPackage = getSystemPackageLPr( 736 handler.serviceInfo.packageName); 737 if (handlerPackage != null) { 738 return handlerPackage; 739 } 740 } 741 return null; 742 } 743 getHeadlessSyncAdapterPackagesLPr( String[] syncAdapterPackageNames, int userId)744 private List<PackageParser.Package> getHeadlessSyncAdapterPackagesLPr( 745 String[] syncAdapterPackageNames, int userId) { 746 List<PackageParser.Package> syncAdapterPackages = new ArrayList<>(); 747 748 Intent homeIntent = new Intent(Intent.ACTION_MAIN); 749 homeIntent.addCategory(Intent.CATEGORY_LAUNCHER); 750 751 for (String syncAdapterPackageName : syncAdapterPackageNames) { 752 homeIntent.setPackage(syncAdapterPackageName); 753 754 ResolveInfo homeActivity = mService.resolveIntent(homeIntent, 755 homeIntent.resolveType(mService.mContext.getContentResolver()), DEFAULT_FLAGS, 756 userId); 757 if (homeActivity != null) { 758 continue; 759 } 760 761 PackageParser.Package syncAdapterPackage = getSystemPackageLPr(syncAdapterPackageName); 762 if (syncAdapterPackage != null) { 763 syncAdapterPackages.add(syncAdapterPackage); 764 } 765 } 766 767 return syncAdapterPackages; 768 } 769 getDefaultProviderAuthorityPackageLPr( String authority, int userId)770 private PackageParser.Package getDefaultProviderAuthorityPackageLPr( 771 String authority, int userId) { 772 ProviderInfo provider = mService.resolveContentProvider(authority, DEFAULT_FLAGS, userId); 773 if (provider != null) { 774 return getSystemPackageLPr(provider.packageName); 775 } 776 return null; 777 } 778 getPackageLPr(String packageName)779 private PackageParser.Package getPackageLPr(String packageName) { 780 return mService.mPackages.get(packageName); 781 } 782 getSystemPackageLPr(String packageName)783 private PackageParser.Package getSystemPackageLPr(String packageName) { 784 PackageParser.Package pkg = getPackageLPr(packageName); 785 if (pkg != null && pkg.isSystemApp()) { 786 return !isSysComponentOrPersistentPlatformSignedPrivAppLPr(pkg) ? pkg : null; 787 } 788 return null; 789 } 790 grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, int userId)791 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 792 int userId) { 793 grantRuntimePermissionsLPw(pkg, permissions, false, false, userId); 794 } 795 grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, boolean systemFixed, int userId)796 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 797 boolean systemFixed, int userId) { 798 grantRuntimePermissionsLPw(pkg, permissions, systemFixed, false, userId); 799 } 800 grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, boolean systemFixed, boolean isDefaultPhoneOrSms, int userId)801 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions, 802 boolean systemFixed, boolean isDefaultPhoneOrSms, int userId) { 803 if (pkg.requestedPermissions.isEmpty()) { 804 return; 805 } 806 807 List<String> requestedPermissions = pkg.requestedPermissions; 808 Set<String> grantablePermissions = null; 809 810 // If this is the default Phone or SMS app we grant permissions regardless 811 // whether the version on the system image declares the permission as used since 812 // selecting the app as the default Phone or SMS the user makes a deliberate 813 // choice to grant this app the permissions needed to function. For all other 814 // apps, (default grants on first boot and user creation) we don't grant default 815 // permissions if the version on the system image does not declare them. 816 if (!isDefaultPhoneOrSms && pkg.isUpdatedSystemApp()) { 817 PackageSetting sysPs = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName); 818 if (sysPs != null) { 819 if (sysPs.pkg.requestedPermissions.isEmpty()) { 820 return; 821 } 822 if (!requestedPermissions.equals(sysPs.pkg.requestedPermissions)) { 823 grantablePermissions = new ArraySet<>(requestedPermissions); 824 requestedPermissions = sysPs.pkg.requestedPermissions; 825 } 826 } 827 } 828 829 final int grantablePermissionCount = requestedPermissions.size(); 830 for (int i = 0; i < grantablePermissionCount; i++) { 831 String permission = requestedPermissions.get(i); 832 833 // If there is a disabled system app it may request a permission the updated 834 // version ot the data partition doesn't, In this case skip the permission. 835 if (grantablePermissions != null && !grantablePermissions.contains(permission)) { 836 continue; 837 } 838 839 if (permissions.contains(permission)) { 840 final int flags = mService.getPermissionFlags(permission, pkg.packageName, userId); 841 842 // If any flags are set to the permission, then it is either set in 843 // its current state by the system or device/profile owner or the user. 844 // In all these cases we do not want to clobber the current state. 845 // Unless the caller wants to override user choices. The override is 846 // to make sure we can grant the needed permission to the default 847 // sms and phone apps after the user chooses this in the UI. 848 if (flags == 0 || isDefaultPhoneOrSms) { 849 // Never clobber policy or system. 850 final int fixedFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED 851 | PackageManager.FLAG_PERMISSION_POLICY_FIXED; 852 if ((flags & fixedFlags) != 0) { 853 continue; 854 } 855 856 mService.grantRuntimePermission(pkg.packageName, permission, userId); 857 if (DEBUG) { 858 Log.i(TAG, "Granted " + (systemFixed ? "fixed " : "not fixed ") 859 + permission + " to default handler " + pkg.packageName); 860 } 861 862 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT; 863 if (systemFixed) { 864 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED; 865 } 866 867 mService.updatePermissionFlags(permission, pkg.packageName, 868 newFlags, newFlags, userId); 869 } 870 871 // If a component gets a permission for being the default handler A 872 // and also default handler B, we grant the weaker grant form. 873 if ((flags & PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT) != 0 874 && (flags & PackageManager.FLAG_PERMISSION_SYSTEM_FIXED) != 0 875 && !systemFixed) { 876 if (DEBUG) { 877 Log.i(TAG, "Granted not fixed " + permission + " to default handler " 878 + pkg.packageName); 879 } 880 mService.updatePermissionFlags(permission, pkg.packageName, 881 PackageManager.FLAG_PERMISSION_SYSTEM_FIXED, 0, userId); 882 } 883 } 884 } 885 } 886 isSysComponentOrPersistentPlatformSignedPrivAppLPr(PackageParser.Package pkg)887 private boolean isSysComponentOrPersistentPlatformSignedPrivAppLPr(PackageParser.Package pkg) { 888 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) { 889 return true; 890 } 891 if (!pkg.isPrivilegedApp()) { 892 return false; 893 } 894 PackageSetting sysPkg = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName); 895 if (sysPkg != null && sysPkg.pkg != null) { 896 if ((sysPkg.pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 897 return false; 898 } 899 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) { 900 return false; 901 } 902 return PackageManagerService.compareSignatures(mService.mPlatformPackage.mSignatures, 903 pkg.mSignatures) == PackageManager.SIGNATURE_MATCH; 904 } 905 doesPackageSupportRuntimePermissions(PackageParser.Package pkg)906 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) { 907 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1; 908 } 909 } 910