2 * Copyright (C) 2015 The Android Open Source Project
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 package com.android.server.pm;
19 import android.Manifest;
20 import android.app.DownloadManager;
21 import android.app.admin.DevicePolicyManager;
22 import android.content.Intent;
23 import android.content.pm.ApplicationInfo;
24 import android.content.pm.PackageManager;
25 import android.content.pm.PackageManagerInternal.PackagesProvider;
26 import android.content.pm.PackageManagerInternal.SyncAdapterPackagesProvider;
27 import android.content.pm.PackageParser;
28 import android.content.pm.ProviderInfo;
29 import android.content.pm.ResolveInfo;
30 import android.net.Uri;
31 import android.os.Build;
32 import android.os.UserHandle;
33 import android.provider.CalendarContract;
34 import android.provider.ContactsContract;
35 import android.provider.MediaStore;
36 import android.provider.Telephony.Sms.Intents;
37 import android.util.ArraySet;
38 import android.util.Log;
41 import java.util.ArrayList;
42 import java.util.List;
45 import static android.os.Process.FIRST_APPLICATION_UID;
48 * This class is the policy for granting runtime permissions to
49 * platform components and default handlers in the system such
50 * that the device is usable out-of-the-box. For example, the
51 * shell UID is a part of the system and the Phone app should
52 * have phone related permission by default.
54 final class DefaultPermissionGrantPolicy {
55 private static final String TAG = "DefaultPermGrantPolicy"; // must be <= 23 chars
56 private static final boolean DEBUG = false;
58 private static final String AUDIO_MIME_TYPE = "audio/mpeg";
60 private static final Set<String> PHONE_PERMISSIONS = new ArraySet<>();
62 PHONE_PERMISSIONS.add(Manifest.permission.READ_PHONE_STATE);
63 PHONE_PERMISSIONS.add(Manifest.permission.CALL_PHONE);
64 PHONE_PERMISSIONS.add(Manifest.permission.READ_CALL_LOG);
65 PHONE_PERMISSIONS.add(Manifest.permission.WRITE_CALL_LOG);
66 PHONE_PERMISSIONS.add(Manifest.permission.ADD_VOICEMAIL);
67 PHONE_PERMISSIONS.add(Manifest.permission.USE_SIP);
68 PHONE_PERMISSIONS.add(Manifest.permission.PROCESS_OUTGOING_CALLS);
71 private static final Set<String> CONTACTS_PERMISSIONS = new ArraySet<>();
73 CONTACTS_PERMISSIONS.add(Manifest.permission.READ_CONTACTS);
74 CONTACTS_PERMISSIONS.add(Manifest.permission.WRITE_CONTACTS);
75 CONTACTS_PERMISSIONS.add(Manifest.permission.GET_ACCOUNTS);
78 private static final Set<String> LOCATION_PERMISSIONS = new ArraySet<>();
80 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_FINE_LOCATION);
81 LOCATION_PERMISSIONS.add(Manifest.permission.ACCESS_COARSE_LOCATION);
84 private static final Set<String> CALENDAR_PERMISSIONS = new ArraySet<>();
86 CALENDAR_PERMISSIONS.add(Manifest.permission.READ_CALENDAR);
87 CALENDAR_PERMISSIONS.add(Manifest.permission.WRITE_CALENDAR);
90 private static final Set<String> SMS_PERMISSIONS = new ArraySet<>();
92 SMS_PERMISSIONS.add(Manifest.permission.SEND_SMS);
93 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_SMS);
94 SMS_PERMISSIONS.add(Manifest.permission.READ_SMS);
95 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_WAP_PUSH);
96 SMS_PERMISSIONS.add(Manifest.permission.RECEIVE_MMS);
97 SMS_PERMISSIONS.add(Manifest.permission.READ_CELL_BROADCASTS);
100 private static final Set<String> MICROPHONE_PERMISSIONS = new ArraySet<>();
102 MICROPHONE_PERMISSIONS.add(Manifest.permission.RECORD_AUDIO);
105 private static final Set<String> CAMERA_PERMISSIONS = new ArraySet<>();
107 CAMERA_PERMISSIONS.add(Manifest.permission.CAMERA);
110 private static final Set<String> SENSORS_PERMISSIONS = new ArraySet<>();
112 SENSORS_PERMISSIONS.add(Manifest.permission.BODY_SENSORS);
115 private static final Set<String> STORAGE_PERMISSIONS = new ArraySet<>();
117 STORAGE_PERMISSIONS.add(Manifest.permission.READ_EXTERNAL_STORAGE);
118 STORAGE_PERMISSIONS.add(Manifest.permission.WRITE_EXTERNAL_STORAGE);
121 private final PackageManagerService mService;
123 private PackagesProvider mImePackagesProvider;
124 private PackagesProvider mLocationPackagesProvider;
125 private PackagesProvider mVoiceInteractionPackagesProvider;
126 private PackagesProvider mSmsAppPackagesProvider;
127 private PackagesProvider mDialerAppPackagesProvider;
128 private SyncAdapterPackagesProvider mSyncAdapterPackagesProvider;
130 public DefaultPermissionGrantPolicy(PackageManagerService service) {
134 public void setImePackagesProviderLPr(PackagesProvider provider) {
135 mImePackagesProvider = provider;
138 public void setLocationPackagesProviderLPw(PackagesProvider provider) {
139 mLocationPackagesProvider = provider;
142 public void setVoiceInteractionPackagesProviderLPw(PackagesProvider provider) {
143 mVoiceInteractionPackagesProvider = provider;
146 public void setSmsAppPackagesProviderLPw(PackagesProvider provider) {
147 mSmsAppPackagesProvider = provider;
150 public void setDialerAppPackagesProviderLPw(PackagesProvider provider) {
151 mDialerAppPackagesProvider = provider;
154 public void setSyncAdapterPackagesProviderLPw(SyncAdapterPackagesProvider provider) {
155 mSyncAdapterPackagesProvider = provider;
158 public void grantDefaultPermissions(int userId) {
159 grantPermissionsToSysComponentsAndPrivApps(userId);
160 grantDefaultSystemHandlerPermissions(userId);
163 private void grantPermissionsToSysComponentsAndPrivApps(int userId) {
164 Log.i(TAG, "Granting permissions to platform components for user " + userId);
166 synchronized (mService.mPackages) {
167 for (PackageParser.Package pkg : mService.mPackages.values()) {
168 if (!isSysComponentOrPersistentPlatformSignedPrivAppLPr(pkg)
169 || !doesPackageSupportRuntimePermissions(pkg)
170 || pkg.requestedPermissions.isEmpty()) {
173 Set<String> permissions = new ArraySet<>();
174 final int permissionCount = pkg.requestedPermissions.size();
175 for (int i = 0; i < permissionCount; i++) {
176 String permission = pkg.requestedPermissions.get(i);
177 BasePermission bp = mService.mSettings.mPermissions.get(permission);
178 if (bp != null && bp.isRuntime()) {
179 permissions.add(permission);
182 if (!permissions.isEmpty()) {
183 grantRuntimePermissionsLPw(pkg, permissions, true, userId);
189 private void grantDefaultSystemHandlerPermissions(int userId) {
190 Log.i(TAG, "Granting permissions to default platform handlers for user " + userId);
192 final PackagesProvider imePackagesProvider;
193 final PackagesProvider locationPackagesProvider;
194 final PackagesProvider voiceInteractionPackagesProvider;
195 final PackagesProvider smsAppPackagesProvider;
196 final PackagesProvider dialerAppPackagesProvider;
197 final SyncAdapterPackagesProvider syncAdapterPackagesProvider;
199 synchronized (mService.mPackages) {
200 imePackagesProvider = mImePackagesProvider;
201 locationPackagesProvider = mLocationPackagesProvider;
202 voiceInteractionPackagesProvider = mVoiceInteractionPackagesProvider;
203 smsAppPackagesProvider = mSmsAppPackagesProvider;
204 dialerAppPackagesProvider = mDialerAppPackagesProvider;
205 syncAdapterPackagesProvider = mSyncAdapterPackagesProvider;
208 String[] imePackageNames = (imePackagesProvider != null)
209 ? imePackagesProvider.getPackages(userId) : null;
210 String[] voiceInteractPackageNames = (voiceInteractionPackagesProvider != null)
211 ? voiceInteractionPackagesProvider.getPackages(userId) : null;
212 String[] locationPackageNames = (locationPackagesProvider != null)
213 ? locationPackagesProvider.getPackages(userId) : null;
214 String[] smsAppPackageNames = (smsAppPackagesProvider != null)
215 ? smsAppPackagesProvider.getPackages(userId) : null;
216 String[] dialerAppPackageNames = (dialerAppPackagesProvider != null)
217 ? dialerAppPackagesProvider.getPackages(userId) : null;
218 String[] contactsSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
219 syncAdapterPackagesProvider.getPackages(ContactsContract.AUTHORITY, userId) : null;
220 String[] calendarSyncAdapterPackages = (syncAdapterPackagesProvider != null) ?
221 syncAdapterPackagesProvider.getPackages(CalendarContract.AUTHORITY, userId) : null;
223 synchronized (mService.mPackages) {
225 PackageParser.Package installerPackage = getSystemPackageLPr(
226 mService.mRequiredInstallerPackage);
227 if (installerPackage != null
228 && doesPackageSupportRuntimePermissions(installerPackage)) {
229 grantRuntimePermissionsLPw(installerPackage, STORAGE_PERMISSIONS, true, userId);
233 PackageParser.Package verifierPackage = getSystemPackageLPr(
234 mService.mRequiredVerifierPackage);
235 if (verifierPackage != null
236 && doesPackageSupportRuntimePermissions(verifierPackage)) {
237 grantRuntimePermissionsLPw(verifierPackage, STORAGE_PERMISSIONS, true, userId);
241 Intent setupIntent = new Intent(Intent.ACTION_MAIN);
242 setupIntent.addCategory(Intent.CATEGORY_SETUP_WIZARD);
243 PackageParser.Package setupPackage = getDefaultSystemHandlerActivityPackageLPr(
244 setupIntent, userId);
245 if (setupPackage != null
246 && doesPackageSupportRuntimePermissions(setupPackage)) {
247 grantRuntimePermissionsLPw(setupPackage, PHONE_PERMISSIONS, userId);
248 grantRuntimePermissionsLPw(setupPackage, CONTACTS_PERMISSIONS, userId);
252 Intent cameraIntent = new Intent(MediaStore.ACTION_IMAGE_CAPTURE);
253 PackageParser.Package cameraPackage = getDefaultSystemHandlerActivityPackageLPr(
254 cameraIntent, userId);
255 if (cameraPackage != null
256 && doesPackageSupportRuntimePermissions(cameraPackage)) {
257 grantRuntimePermissionsLPw(cameraPackage, CAMERA_PERMISSIONS, userId);
258 grantRuntimePermissionsLPw(cameraPackage, MICROPHONE_PERMISSIONS, userId);
259 grantRuntimePermissionsLPw(cameraPackage, STORAGE_PERMISSIONS, userId);
263 PackageParser.Package mediaStorePackage = getDefaultProviderAuthorityPackageLPr(
264 MediaStore.AUTHORITY, userId);
265 if (mediaStorePackage != null) {
266 grantRuntimePermissionsLPw(mediaStorePackage, STORAGE_PERMISSIONS, true, userId);
269 // Downloads provider
270 PackageParser.Package downloadsPackage = getDefaultProviderAuthorityPackageLPr(
271 "downloads", userId);
272 if (downloadsPackage != null) {
273 grantRuntimePermissionsLPw(downloadsPackage, STORAGE_PERMISSIONS, true, userId);
277 Intent downloadsUiIntent = new Intent(DownloadManager.ACTION_VIEW_DOWNLOADS);
278 PackageParser.Package downloadsUiPackage = getDefaultSystemHandlerActivityPackageLPr(
279 downloadsUiIntent, userId);
280 if (downloadsUiPackage != null
281 && doesPackageSupportRuntimePermissions(downloadsUiPackage)) {
282 grantRuntimePermissionsLPw(downloadsUiPackage, STORAGE_PERMISSIONS, true, userId);
286 PackageParser.Package storagePackage = getDefaultProviderAuthorityPackageLPr(
287 "com.android.externalstorage.documents", userId);
288 if (storagePackage != null) {
289 grantRuntimePermissionsLPw(storagePackage, STORAGE_PERMISSIONS, userId);
293 if (dialerAppPackageNames == null) {
294 Intent dialerIntent = new Intent(Intent.ACTION_DIAL);
295 PackageParser.Package dialerPackage = getDefaultSystemHandlerActivityPackageLPr(
296 dialerIntent, userId);
297 if (dialerPackage != null) {
298 grantDefaultPermissionsToDefaultSystemDialerAppLPr(dialerPackage, userId);
301 for (String dialerAppPackageName : dialerAppPackageNames) {
302 PackageParser.Package dialerPackage = getSystemPackageLPr(dialerAppPackageName);
303 if (dialerPackage != null) {
304 grantDefaultPermissionsToDefaultSystemDialerAppLPr(dialerPackage, userId);
310 if (smsAppPackageNames == null) {
311 Intent smsIntent = new Intent(Intent.ACTION_MAIN);
312 smsIntent.addCategory(Intent.CATEGORY_APP_MESSAGING);
313 PackageParser.Package smsPackage = getDefaultSystemHandlerActivityPackageLPr(
315 if (smsPackage != null) {
316 grantDefaultPermissionsToDefaultSystemSmsAppLPr(smsPackage, userId);
319 for (String smsPackageName : smsAppPackageNames) {
320 PackageParser.Package smsPackage = getSystemPackageLPr(smsPackageName);
321 if (smsPackage != null) {
322 grantDefaultPermissionsToDefaultSystemSmsAppLPr(smsPackage, userId);
327 // Cell Broadcast Receiver
328 Intent cbrIntent = new Intent(Intents.SMS_CB_RECEIVED_ACTION);
329 PackageParser.Package cbrPackage =
330 getDefaultSystemHandlerActivityPackageLPr(cbrIntent, userId);
331 if (cbrPackage != null && doesPackageSupportRuntimePermissions(cbrPackage)) {
332 grantRuntimePermissionsLPw(cbrPackage, SMS_PERMISSIONS, false, userId);
336 Intent calendarIntent = new Intent(Intent.ACTION_MAIN);
337 calendarIntent.addCategory(Intent.CATEGORY_APP_CALENDAR);
338 PackageParser.Package calendarPackage = getDefaultSystemHandlerActivityPackageLPr(
339 calendarIntent, userId);
340 if (calendarPackage != null
341 && doesPackageSupportRuntimePermissions(calendarPackage)) {
342 grantRuntimePermissionsLPw(calendarPackage, CALENDAR_PERMISSIONS, userId);
343 grantRuntimePermissionsLPw(calendarPackage, CONTACTS_PERMISSIONS, userId);
347 PackageParser.Package calendarProviderPackage = getDefaultProviderAuthorityPackageLPr(
348 CalendarContract.AUTHORITY, userId);
349 if (calendarProviderPackage != null) {
350 grantRuntimePermissionsLPw(calendarProviderPackage, CONTACTS_PERMISSIONS, userId);
351 grantRuntimePermissionsLPw(calendarProviderPackage, CALENDAR_PERMISSIONS,
353 grantRuntimePermissionsLPw(calendarProviderPackage, STORAGE_PERMISSIONS, userId);
356 // Calendar provider sync adapters
357 List<PackageParser.Package> calendarSyncAdapters = getHeadlessSyncAdapterPackagesLPr(
358 calendarSyncAdapterPackages, userId);
359 final int calendarSyncAdapterCount = calendarSyncAdapters.size();
360 for (int i = 0; i < calendarSyncAdapterCount; i++) {
361 PackageParser.Package calendarSyncAdapter = calendarSyncAdapters.get(i);
362 if (doesPackageSupportRuntimePermissions(calendarSyncAdapter)) {
363 grantRuntimePermissionsLPw(calendarSyncAdapter, CALENDAR_PERMISSIONS, userId);
368 Intent contactsIntent = new Intent(Intent.ACTION_MAIN);
369 contactsIntent.addCategory(Intent.CATEGORY_APP_CONTACTS);
370 PackageParser.Package contactsPackage = getDefaultSystemHandlerActivityPackageLPr(
371 contactsIntent, userId);
372 if (contactsPackage != null
373 && doesPackageSupportRuntimePermissions(contactsPackage)) {
374 grantRuntimePermissionsLPw(contactsPackage, CONTACTS_PERMISSIONS, userId);
375 grantRuntimePermissionsLPw(contactsPackage, PHONE_PERMISSIONS, userId);
378 // Contacts provider sync adapters
379 List<PackageParser.Package> contactsSyncAdapters = getHeadlessSyncAdapterPackagesLPr(
380 contactsSyncAdapterPackages, userId);
381 final int contactsSyncAdapterCount = contactsSyncAdapters.size();
382 for (int i = 0; i < contactsSyncAdapterCount; i++) {
383 PackageParser.Package contactsSyncAdapter = contactsSyncAdapters.get(i);
384 if (doesPackageSupportRuntimePermissions(contactsSyncAdapter)) {
385 grantRuntimePermissionsLPw(contactsSyncAdapter, CONTACTS_PERMISSIONS, userId);
390 PackageParser.Package contactsProviderPackage = getDefaultProviderAuthorityPackageLPr(
391 ContactsContract.AUTHORITY, userId);
392 if (contactsProviderPackage != null) {
393 grantRuntimePermissionsLPw(contactsProviderPackage, CONTACTS_PERMISSIONS,
395 grantRuntimePermissionsLPw(contactsProviderPackage, PHONE_PERMISSIONS,
397 grantRuntimePermissionsLPw(contactsProviderPackage, STORAGE_PERMISSIONS, userId);
400 // Device provisioning
401 Intent deviceProvisionIntent = new Intent(
402 DevicePolicyManager.ACTION_PROVISION_MANAGED_DEVICE);
403 PackageParser.Package deviceProvisionPackage =
404 getDefaultSystemHandlerActivityPackageLPr(deviceProvisionIntent, userId);
405 if (deviceProvisionPackage != null
406 && doesPackageSupportRuntimePermissions(deviceProvisionPackage)) {
407 grantRuntimePermissionsLPw(deviceProvisionPackage, CONTACTS_PERMISSIONS, userId);
411 Intent mapsIntent = new Intent(Intent.ACTION_MAIN);
412 mapsIntent.addCategory(Intent.CATEGORY_APP_MAPS);
413 PackageParser.Package mapsPackage = getDefaultSystemHandlerActivityPackageLPr(
415 if (mapsPackage != null
416 && doesPackageSupportRuntimePermissions(mapsPackage)) {
417 grantRuntimePermissionsLPw(mapsPackage, LOCATION_PERMISSIONS, userId);
421 Intent galleryIntent = new Intent(Intent.ACTION_MAIN);
422 galleryIntent.addCategory(Intent.CATEGORY_APP_GALLERY);
423 PackageParser.Package galleryPackage = getDefaultSystemHandlerActivityPackageLPr(
424 galleryIntent, userId);
425 if (galleryPackage != null
426 && doesPackageSupportRuntimePermissions(galleryPackage)) {
427 grantRuntimePermissionsLPw(galleryPackage, STORAGE_PERMISSIONS, userId);
431 Intent emailIntent = new Intent(Intent.ACTION_MAIN);
432 emailIntent.addCategory(Intent.CATEGORY_APP_EMAIL);
433 PackageParser.Package emailPackage = getDefaultSystemHandlerActivityPackageLPr(
434 emailIntent, userId);
435 if (emailPackage != null
436 && doesPackageSupportRuntimePermissions(emailPackage)) {
437 grantRuntimePermissionsLPw(emailPackage, CONTACTS_PERMISSIONS, userId);
441 PackageParser.Package browserPackage = null;
442 String defaultBrowserPackage = mService.getDefaultBrowserPackageName(userId);
443 if (defaultBrowserPackage != null) {
444 browserPackage = getPackageLPr(defaultBrowserPackage);
446 if (browserPackage == null) {
447 Intent browserIntent = new Intent(Intent.ACTION_MAIN);
448 browserIntent.addCategory(Intent.CATEGORY_APP_BROWSER);
449 browserPackage = getDefaultSystemHandlerActivityPackageLPr(
450 browserIntent, userId);
452 if (browserPackage != null
453 && doesPackageSupportRuntimePermissions(browserPackage)) {
454 grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, userId);
458 if (imePackageNames != null) {
459 for (String imePackageName : imePackageNames) {
460 PackageParser.Package imePackage = getSystemPackageLPr(imePackageName);
461 if (imePackage != null
462 && doesPackageSupportRuntimePermissions(imePackage)) {
463 grantRuntimePermissionsLPw(imePackage, CONTACTS_PERMISSIONS, userId);
469 if (voiceInteractPackageNames != null) {
470 for (String voiceInteractPackageName : voiceInteractPackageNames) {
471 PackageParser.Package voiceInteractPackage = getSystemPackageLPr(
472 voiceInteractPackageName);
473 if (voiceInteractPackage != null
474 && doesPackageSupportRuntimePermissions(voiceInteractPackage)) {
475 grantRuntimePermissionsLPw(voiceInteractPackage,
476 CONTACTS_PERMISSIONS, userId);
477 grantRuntimePermissionsLPw(voiceInteractPackage,
478 CALENDAR_PERMISSIONS, userId);
479 grantRuntimePermissionsLPw(voiceInteractPackage,
480 MICROPHONE_PERMISSIONS, userId);
481 grantRuntimePermissionsLPw(voiceInteractPackage,
482 PHONE_PERMISSIONS, userId);
483 grantRuntimePermissionsLPw(voiceInteractPackage,
484 SMS_PERMISSIONS, userId);
485 grantRuntimePermissionsLPw(voiceInteractPackage,
486 LOCATION_PERMISSIONS, userId);
492 Intent voiceRecoIntent = new Intent("android.speech.RecognitionService");
493 voiceRecoIntent.addCategory(Intent.CATEGORY_DEFAULT);
494 PackageParser.Package voiceRecoPackage = getDefaultSystemHandlerServicePackageLPr(
495 voiceRecoIntent, userId);
496 if (voiceRecoPackage != null
497 && doesPackageSupportRuntimePermissions(voiceRecoPackage)) {
498 grantRuntimePermissionsLPw(voiceRecoPackage, MICROPHONE_PERMISSIONS, userId);
502 if (locationPackageNames != null) {
503 for (String packageName : locationPackageNames) {
504 PackageParser.Package locationPackage = getSystemPackageLPr(packageName);
505 if (locationPackage != null
506 && doesPackageSupportRuntimePermissions(locationPackage)) {
507 grantRuntimePermissionsLPw(locationPackage, CONTACTS_PERMISSIONS, userId);
508 grantRuntimePermissionsLPw(locationPackage, CALENDAR_PERMISSIONS, userId);
509 grantRuntimePermissionsLPw(locationPackage, MICROPHONE_PERMISSIONS, userId);
510 grantRuntimePermissionsLPw(locationPackage, PHONE_PERMISSIONS, userId);
511 grantRuntimePermissionsLPw(locationPackage, SMS_PERMISSIONS, userId);
512 grantRuntimePermissionsLPw(locationPackage, LOCATION_PERMISSIONS,
514 grantRuntimePermissionsLPw(locationPackage, CAMERA_PERMISSIONS, userId);
515 grantRuntimePermissionsLPw(locationPackage, SENSORS_PERMISSIONS, userId);
516 grantRuntimePermissionsLPw(locationPackage, STORAGE_PERMISSIONS, userId);
522 Intent musicIntent = new Intent(Intent.ACTION_VIEW);
523 musicIntent.addCategory(Intent.CATEGORY_DEFAULT);
524 musicIntent.setDataAndType(Uri.fromFile(new File("foo.mp3")),
526 PackageParser.Package musicPackage = getDefaultSystemHandlerActivityPackageLPr(
527 musicIntent, userId);
528 if (musicPackage != null
529 && doesPackageSupportRuntimePermissions(musicPackage)) {
530 grantRuntimePermissionsLPw(musicPackage, STORAGE_PERMISSIONS, userId);
533 mService.mSettings.onDefaultRuntimePermissionsGrantedLPr(userId);
537 private void grantDefaultPermissionsToDefaultSystemDialerAppLPr(
538 PackageParser.Package dialerPackage, int userId) {
539 if (doesPackageSupportRuntimePermissions(dialerPackage)) {
540 grantRuntimePermissionsLPw(dialerPackage, PHONE_PERMISSIONS, userId);
541 grantRuntimePermissionsLPw(dialerPackage, CONTACTS_PERMISSIONS, userId);
542 grantRuntimePermissionsLPw(dialerPackage, SMS_PERMISSIONS, userId);
543 grantRuntimePermissionsLPw(dialerPackage, MICROPHONE_PERMISSIONS, userId);
548 private void grantDefaultPermissionsToDefaultSystemSmsAppLPr(
549 PackageParser.Package smsPackage, int userId) {
550 if (doesPackageSupportRuntimePermissions(smsPackage)) {
551 grantRuntimePermissionsLPw(smsPackage, PHONE_PERMISSIONS, userId);
552 grantRuntimePermissionsLPw(smsPackage, CONTACTS_PERMISSIONS, userId);
553 grantRuntimePermissionsLPw(smsPackage, SMS_PERMISSIONS, userId);
558 public void grantDefaultPermissionsToDefaultSmsAppLPr(String packageName, int userId) {
559 Log.i(TAG, "Granting permissions to default sms app for user:" + userId);
560 if (packageName == null) {
563 PackageParser.Package smsPackage = getPackageLPr(packageName);
564 if (smsPackage != null && doesPackageSupportRuntimePermissions(smsPackage)) {
565 grantRuntimePermissionsLPw(smsPackage, PHONE_PERMISSIONS, false, true, userId);
566 grantRuntimePermissionsLPw(smsPackage, CONTACTS_PERMISSIONS, false, true, userId);
567 grantRuntimePermissionsLPw(smsPackage, SMS_PERMISSIONS, false, true, userId);
571 public void grantDefaultPermissionsToDefaultDialerAppLPr(String packageName, int userId) {
572 Log.i(TAG, "Granting permissions to default dialer app for user:" + userId);
573 if (packageName == null) {
576 PackageParser.Package dialerPackage = getPackageLPr(packageName);
577 if (dialerPackage != null
578 && doesPackageSupportRuntimePermissions(dialerPackage)) {
579 grantRuntimePermissionsLPw(dialerPackage, PHONE_PERMISSIONS, false, true, userId);
580 grantRuntimePermissionsLPw(dialerPackage, CONTACTS_PERMISSIONS, false, true, userId);
581 grantRuntimePermissionsLPw(dialerPackage, SMS_PERMISSIONS, false, true, userId);
582 grantRuntimePermissionsLPw(dialerPackage, MICROPHONE_PERMISSIONS, false, true, userId);
586 public void grantDefaultPermissionsToEnabledCarrierAppsLPr(String[] packageNames, int userId) {
587 Log.i(TAG, "Granting permissions to enabled carrier apps for user:" + userId);
588 if (packageNames == null) {
591 for (String packageName : packageNames) {
592 PackageParser.Package carrierPackage = getSystemPackageLPr(packageName);
593 if (carrierPackage != null
594 && doesPackageSupportRuntimePermissions(carrierPackage)) {
595 grantRuntimePermissionsLPw(carrierPackage, PHONE_PERMISSIONS, userId);
596 grantRuntimePermissionsLPw(carrierPackage, LOCATION_PERMISSIONS, userId);
601 public void grantDefaultPermissionsToDefaultBrowserLPr(String packageName, int userId) {
602 Log.i(TAG, "Granting permissions to default browser for user:" + userId);
603 if (packageName == null) {
606 PackageParser.Package browserPackage = getSystemPackageLPr(packageName);
607 if (browserPackage != null
608 && doesPackageSupportRuntimePermissions(browserPackage)) {
609 grantRuntimePermissionsLPw(browserPackage, LOCATION_PERMISSIONS, false, false, userId);
613 private PackageParser.Package getDefaultSystemHandlerActivityPackageLPr(
614 Intent intent, int userId) {
615 List<ResolveInfo> handlers = mService.mActivities.queryIntent(intent,
616 intent.resolveType(mService.mContext.getContentResolver()),
617 PackageManager.GET_DISABLED_COMPONENTS, userId);
618 if (handlers == null) {
621 final int handlerCount = handlers.size();
622 for (int i = 0; i < handlerCount; i++) {
623 ResolveInfo handler = handlers.get(i);
624 PackageParser.Package handlerPackage = getSystemPackageLPr(
625 handler.activityInfo.packageName);
626 if (handlerPackage != null) {
627 return handlerPackage;
633 private PackageParser.Package getDefaultSystemHandlerServicePackageLPr(
634 Intent intent, int userId) {
635 List<ResolveInfo> handlers = mService.queryIntentServices(intent,
636 intent.resolveType(mService.mContext.getContentResolver()),
637 PackageManager.GET_DISABLED_COMPONENTS, userId);
638 if (handlers == null) {
641 final int handlerCount = handlers.size();
642 for (int i = 0; i < handlerCount; i++) {
643 ResolveInfo handler = handlers.get(i);
644 PackageParser.Package handlerPackage = getSystemPackageLPr(
645 handler.serviceInfo.packageName);
646 if (handlerPackage != null) {
647 return handlerPackage;
653 private List<PackageParser.Package> getHeadlessSyncAdapterPackagesLPr(
654 String[] syncAdapterPackageNames, int userId) {
655 List<PackageParser.Package> syncAdapterPackages = new ArrayList<>();
657 Intent homeIntent = new Intent(Intent.ACTION_MAIN);
658 homeIntent.addCategory(Intent.CATEGORY_HOME);
660 for (String syncAdapterPackageName : syncAdapterPackageNames) {
661 homeIntent.setPackage(syncAdapterPackageName);
663 List<ResolveInfo> homeActivities = mService.mActivities.queryIntent(homeIntent,
664 homeIntent.resolveType(mService.mContext.getContentResolver()),
665 PackageManager.GET_DISABLED_COMPONENTS, userId);
666 if (!homeActivities.isEmpty()) {
670 PackageParser.Package syncAdapterPackage = getSystemPackageLPr(syncAdapterPackageName);
671 if (syncAdapterPackage != null) {
672 syncAdapterPackages.add(syncAdapterPackage);
676 return syncAdapterPackages;
679 private PackageParser.Package getDefaultProviderAuthorityPackageLPr(
680 String authority, int userId) {
681 ProviderInfo provider = mService.resolveContentProvider(authority, 0, userId);
682 if (provider != null) {
683 return getSystemPackageLPr(provider.packageName);
688 private PackageParser.Package getPackageLPr(String packageName) {
689 return mService.mPackages.get(packageName);
692 private PackageParser.Package getSystemPackageLPr(String packageName) {
693 PackageParser.Package pkg = getPackageLPr(packageName);
694 if (pkg != null && pkg.isSystemApp()) {
695 return !isSysComponentOrPersistentPlatformSignedPrivAppLPr(pkg) ? pkg : null;
700 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions,
702 grantRuntimePermissionsLPw(pkg, permissions, false, false, userId);
705 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions,
706 boolean systemFixed, int userId) {
707 grantRuntimePermissionsLPw(pkg, permissions, systemFixed, false, userId);
710 private void grantRuntimePermissionsLPw(PackageParser.Package pkg, Set<String> permissions,
711 boolean systemFixed, boolean overrideUserChoice, int userId) {
712 if (pkg.requestedPermissions.isEmpty()) {
716 List<String> requestedPermissions = pkg.requestedPermissions;
717 Set<String> grantablePermissions = null;
719 if (pkg.isUpdatedSystemApp()) {
720 PackageSetting sysPs = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName);
722 if (sysPs.pkg.requestedPermissions.isEmpty()) {
725 if (!requestedPermissions.equals(sysPs.pkg.requestedPermissions)) {
726 grantablePermissions = new ArraySet<>(requestedPermissions);
727 requestedPermissions = sysPs.pkg.requestedPermissions;
732 final int grantablePermissionCount = requestedPermissions.size();
733 for (int i = 0; i < grantablePermissionCount; i++) {
734 String permission = requestedPermissions.get(i);
736 // If there is a disabled system app it may request a permission the updated
737 // version ot the data partition doesn't, In this case skip the permission.
738 if (grantablePermissions != null && !grantablePermissions.contains(permission)) {
742 if (permissions.contains(permission)) {
743 final int flags = mService.getPermissionFlags(permission, pkg.packageName, userId);
745 // If any flags are set to the permission, then it is either set in
746 // its current state by the system or device/profile owner or the user.
747 // In all these cases we do not want to clobber the current state.
748 // Unless the caller wants to override user choices. The override is
749 // to make sure we can grant the needed permission to the default
750 // sms and phone apps after the user chooses this in the UI.
751 if (flags == 0 || overrideUserChoice) {
752 // Never clobber policy or system.
753 final int fixedFlags = PackageManager.FLAG_PERMISSION_SYSTEM_FIXED
754 | PackageManager.FLAG_PERMISSION_POLICY_FIXED;
755 if ((flags & fixedFlags) != 0) {
759 mService.grantRuntimePermission(pkg.packageName, permission, userId);
761 Log.i(TAG, "Granted " + permission + " to default handler "
765 int newFlags = PackageManager.FLAG_PERMISSION_GRANTED_BY_DEFAULT;
767 newFlags |= PackageManager.FLAG_PERMISSION_SYSTEM_FIXED;
770 mService.updatePermissionFlags(permission, pkg.packageName,
771 newFlags, newFlags, userId);
777 private boolean isSysComponentOrPersistentPlatformSignedPrivAppLPr(PackageParser.Package pkg) {
778 if (UserHandle.getAppId(pkg.applicationInfo.uid) < FIRST_APPLICATION_UID) {
781 if (!pkg.isPrivilegedApp()) {
784 PackageSetting sysPkg = mService.mSettings.getDisabledSystemPkgLPr(pkg.packageName);
785 if (sysPkg != null) {
786 if ((sysPkg.pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
789 } else if ((pkg.applicationInfo.flags & ApplicationInfo.FLAG_PERSISTENT) == 0) {
792 return PackageManagerService.compareSignatures(mService.mPlatformPackage.mSignatures,
793 pkg.mSignatures) == PackageManager.SIGNATURE_MATCH;
796 private static boolean doesPackageSupportRuntimePermissions(PackageParser.Package pkg) {
797 return pkg.applicationInfo.targetSdkVersion > Build.VERSION_CODES.LOLLIPOP_MR1;