Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2820e71d authored by George Chan's avatar George Chan
Browse files

Added coverage tests and fixed 2 additional issues: 

- Check if keyguard is locked before disabling USB upon enablement of feature.
- Fixed issue with UsbDataStatus value being treated as IntDef enum vs bitmask

Bug: 419815826
Test: manual testing, atest FrameworksMockingServicesTests
Flag: android.security.aapm_feature_usb_data_protection
Change-Id: I34f5fc7b30efa2e963da10ef1d3f0441da559464
parent 26e2563a

services/core/java/com/android/server/security/advancedprotection/features/UsbDataAdvancedProtectionHook.java

+43 −23
Original line number Diff line number Diff line
@@ -65,13 +65,13 @@ import android.content.pm.PackageManager; 


import com.android.server.LocalServices;

import java.lang.Runnable;



import android.security.advancedprotection.AdvancedProtectionFeature;

import android.security.advancedprotection.AdvancedProtectionProtoEnums;



import com.android.internal.R;

import com.android.internal.messages.nano.SystemMessageProto.SystemMessage;

import com.android.internal.util.FrameworkStatsLog;

import com.android.internal.annotations.VisibleForTesting;

import com.android.server.security.advancedprotection.AdvancedProtectionService;



import java.net.URISyntaxException;
@@ -152,15 +152,15 @@ public class UsbDataAdvancedProtectionHook extends AdvancedProtectionHook { 
                    NOTIFICATION_DATA,

                    R.string.usb_apm_usb_plugged_in_when_locked_replug_notification_text);



    private final Context mContext;



    // We use handlers for tasks that may need to be updated by broadcasts events.

    private final Handler mDelayedDisableHandler = new Handler(Looper.getMainLooper());

    private final Handler mDelayedNotificationHandler = new Handler(Looper.getMainLooper());

    private Handler mDelayedDisableHandler = new Handler(Looper.getMainLooper());

    private Handler mDelayedNotificationHandler = new Handler(Looper.getMainLooper());



    private AdvancedProtectionFeature mFeature =

            new AdvancedProtectionFeature(FEATURE_ID_DISALLOW_USB);



    private final Context mContext;



    private UsbManager mUsbManager;

    private IUsbManagerInternal mUsbManagerInternal;

    private BroadcastReceiver mUsbProtectionBroadcastReceiver;
@@ -203,6 +203,31 @@ public class UsbDataAdvancedProtectionHook extends AdvancedProtectionHook { 
        onAdvancedProtectionChanged(enabled);

    }



    @VisibleForTesting

    public UsbDataAdvancedProtectionHook(

            Context context,

            AdvancedProtectionService advancedProtectionService,

            UsbManager usbManager,

            IUsbManagerInternal usbManagerInternal,

            KeyguardManager keyguardManager,

            NotificationManager notificationManager,

            Handler delayDisableHandler,

            Handler delayedNotificationHandler,

            boolean canSetUsbDataSignal,

            boolean afterFirstUnlock) {

        super(context, false);

        mContext = context;

        mAdvancedProtectionService = advancedProtectionService;

        mUsbManager = usbManager;

        mUsbManagerInternal = usbManagerInternal;

        mKeyguardManager = keyguardManager;

        mNotificationManager = notificationManager;

        mDelayedNotificationHandler = delayedNotificationHandler;

        mDelayedDisableHandler = delayDisableHandler;

        mCanSetUsbDataSignal = canSetUsbDataSignal;

        mIsAfterFirstUnlock = afterFirstUnlock;

    }



    @Override

    public AdvancedProtectionFeature getFeature() {

        return mFeature;
@@ -216,7 +241,8 @@ public class UsbDataAdvancedProtectionHook extends AdvancedProtectionHook { 
            Slog.d(TAG, "USB data protection is disabled through system property");

        }

        return Flags.aapmFeatureUsbDataProtection()

                && (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_USB_HOST) || mContext.getPackageManager()

                && (mContext.getPackageManager().hasSystemFeature(PackageManager.FEATURE_USB_HOST)

                        || mContext.getPackageManager()

                                .hasSystemFeature(PackageManager.FEATURE_USB_ACCESSORY))

                && mAdvancedProtectionService.isUsbDataProtectionEnabled()

                && mCanSetUsbDataSignal
@@ -237,7 +263,9 @@ public class UsbDataAdvancedProtectionHook extends AdvancedProtectionHook { 
            if (!mBroadcastReceiverIsRegistered) {

                registerReceiver();

            }

            if (mKeyguardManager.isKeyguardLocked()) {

                setUsbDataSignalIfPossible(false);

            }

        } else {

            if (mBroadcastReceiverIsRegistered) {

                unregisterReceiver();
@@ -274,7 +302,6 @@ public class UsbDataAdvancedProtectionHook extends AdvancedProtectionHook { 
                                mDelayedDisableHandler.removeCallbacksAndMessages(null);

                                cleanUpNotificationHandlerTasks();

                                setUsbDataSignalIfPossible(true);



                            } else if (ACTION_SCREEN_OFF.equals(intent.getAction())

                                    && mKeyguardManager.isKeyguardLocked()) {

                                setUsbDataSignalIfPossible(false);
@@ -359,7 +386,7 @@ public class UsbDataAdvancedProtectionHook extends AdvancedProtectionHook { 


                    private void updateDelayedDisableTask(UsbPortStatus portStatus) {

                        // For recovered intermittent/unreliable USB connections

                        if (usbPortIsConnectedAndDataEnabled(portStatus)) {

                        if (usbPortIsConnectedWithPotentialDataUse(portStatus)) {

                            mDelayedDisableHandler.removeCallbacksAndMessages(null);

                        } else if (!mDelayedDisableHandler.hasMessagesOrCallbacks()) {

                            boolean taskPosted =
@@ -407,13 +434,6 @@ public class UsbDataAdvancedProtectionHook extends AdvancedProtectionHook { 
                        mDelayedNotificationHandler.removeCallbacksAndMessages(null);

                    }



                    private boolean usbPortIsConnectedAndDataEnabled(UsbPortStatus portStatus) {

                        return portStatus != null

                                && portStatus.isConnected()

                                && portStatus.getUsbDataStatus()

                                        != UsbPortStatus.DATA_STATUS_DISABLED_FORCE;

                    }



                    // TODO:(b/401540215) Remove this as part of pre-release cleanup

                    private void dumpUsbDevices(UsbPortStatus portStatus) {

                        Map<String, UsbDevice> portStatusMap = mUsbManager.getDeviceList();
@@ -550,9 +570,10 @@ public class UsbDataAdvancedProtectionHook extends AdvancedProtectionHook { 
    }



    private boolean usbPortIsConnectedWithDataDisabled(UsbPortStatus portStatus) {

        return portStatus != null

                && portStatus.isConnected()

                && portStatus.getUsbDataStatus() == DATA_STATUS_DISABLED_FORCE;

        if (portStatus != null && portStatus.isConnected()) {

            return (portStatus.getUsbDataStatus() & UsbPortStatus.DATA_STATUS_DISABLED_FORCE) != 0;

        }

        return false;

    }



    private void setUsbDataSignalIfPossible(boolean status) {
@@ -600,15 +621,14 @@ public class UsbDataAdvancedProtectionHook extends AdvancedProtectionHook { 
                                ? "null"

                                : usbPort.getStatus().toString());

            }

            if (usbPortIsConnectedWithDataEnabled(usbPort)) {

            if (usbPortIsConnectedWithPotentialDataUse(usbPort.getStatus())) {

                return true;

            }

        }

        return false;

    }



    private boolean usbPortIsConnectedWithDataEnabled(UsbPort usbPort) {

        UsbPortStatus usbPortStatus = usbPort.getStatus();

    private boolean usbPortIsConnectedWithPotentialDataUse(UsbPortStatus usbPortStatus) {

        return usbPortStatus != null

                && usbPortStatus.isConnected()

                && usbPortStatus.getCurrentDataRole() != DATA_ROLE_NONE;

services/tests/mockingservicestests/Android.bp

+7 −0
Original line number Diff line number Diff line
@@ -409,3 +409,10 @@ test_module_config { 
    test_suites: ["device-tests"],

    include_filters: ["com.android.server.BatteryServiceTest"],

}



test_module_config {

    name: "FrameworksMockingServicesTests_advanced_protection_mode",

    base: "FrameworksMockingServicesTests",

    test_suites: ["device-tests"],

    include_filters: ["com.android.server.security.advancedprotection.features.UsbDataAdvancedProtectionHookTest"],

}

services/tests/mockingservicestests/src/com/android/server/security/advancedprotection/features/OWNERS

0 → 100644
+1 −0
Original line number Diff line number Diff line 
per-file UsbDataAdvancedProtectionHookTest.java = georgechan@google.com, maunik@google.com
 
 No newline at end of file

services/tests/mockingservicestests/src/com/android/server/security/advancedprotection/features/UsbDataAdvancedProtectionHookTest.java

0 → 100644
+781 −0

File added.

Preview size limit exceeded, changes collapsed.