Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Unverified Commit 9b41dbbe authored by Oliver Scott's avatar Oliver Scott Committed by Michael Bestas
Browse files

UsbDeviceManager: Implement trust USB restriction



The way it works now
* 0, do not restrict, do nothing / keep USB enabled.
* 2 (new), always restrict, keep USB disabled.
* 1 (default), restrict when locked.
  If unlocked, do not restrict.
  If locked but USB connected (presumably when unlocked),
  do not restrict to avoid ejecting that device, instead
  restricting USB once the device has been disconnected.

Co-Authored-By: default avatarjabashque <jabashque@gmail.com>
Co-Authored-By: default avatarChirayu Desai <chirayu@calyxinstitute.org>
Change-Id: Ib997db7427960444a4c84a35d3c0db506840abdd
parent e51769ac
Loading
Loading
Loading
Loading
+1 −0
Original line number Diff line number Diff line
@@ -26,6 +26,7 @@ java_library_static {
        "android.hardware.usb.gadget-V1.1-java",
        "android.hardware.usb.gadget-V1.2-java",
        "android.hardware.usb.gadget-V1-java",
        "org.lineageos.platform.internal",
    ],

    static_libs: [
+54 −3
Original line number Diff line number Diff line
@@ -43,6 +43,7 @@ import android.content.ServiceConnection;
import android.content.SharedPreferences;
import android.content.pm.PackageManager;
import android.content.res.Resources;
import android.database.ContentObserver;
import android.debug.AdbManagerInternal;
import android.debug.AdbNotifications;
import android.debug.AdbTransportType;
@@ -102,10 +103,13 @@ import com.android.server.usb.hal.gadget.UsbGadgetHalInstance;
import com.android.server.utils.EventLogger;
import com.android.server.wm.ActivityTaskManagerInternal;

import lineageos.providers.LineageSettings;

import java.io.File;
import java.io.FileDescriptor;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.lang.RuntimeException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
@@ -317,7 +321,7 @@ public class UsbDeviceManager implements ActivityTaskManagerInternal.ScreenObser
                    + " user:" + userHandle);
        }
        // We are unlocked when the keyguard is down or non-secure.
        mHandler.sendMessage(MSG_UPDATE_SCREEN_LOCK, (isShowing && secure));
        mHandler.sendMessage(MSG_UPDATE_SCREEN_LOCK, isShowing, secure);
    }

    @Override
@@ -465,6 +469,17 @@ public class UsbDeviceManager implements ActivityTaskManagerInternal.ScreenObser
        }

        sEventLogger = new EventLogger(DUMPSYS_LOG_BUFFER, "UsbDeviceManager activity");

        mContentResolver.registerContentObserver(
                LineageSettings.Global.getUriFor(LineageSettings.Global.TRUST_RESTRICT_USB),
                false,
                new ContentObserver(null) {
                    @Override
                    public void onChange(boolean selfChange) {
                        mHandler.setTrustRestrictUsb();
                    }
                }
        );
    }

    UsbProfileGroupSettingsManager getCurrentSettings() {
@@ -605,6 +620,7 @@ public class UsbDeviceManager implements ActivityTaskManagerInternal.ScreenObser
        private boolean mHideUsbNotification;
        private boolean mSupportsAllCombinations;
        private boolean mScreenLocked;
        private boolean mIsKeyguardShowing;
        private boolean mSystemReady;
        private Intent mBroadcastedIntent;
        private boolean mPendingBootBroadcast;
@@ -680,6 +696,7 @@ public class UsbDeviceManager implements ActivityTaskManagerInternal.ScreenObser

            mCurrentUser = ActivityManager.getCurrentUser();
            mScreenLocked = true;
            mIsKeyguardShowing = true;

            mSettings = getPinnedSharedPrefs(mContext);
            if (mSettings == null) {
@@ -1196,6 +1213,9 @@ public class UsbDeviceManager implements ActivityTaskManagerInternal.ScreenObser
                        Slog.i(TAG, "handleMessage MSG_UPDATE_STATE " + "mConnected:" + mConnected
                               + " mConfigured:" + mConfigured);
                    }

                    setTrustRestrictUsb();

                    updateUsbNotification(false);
                    updateAdbNotification(false);
                    if (mBootCompleted) {
@@ -1268,6 +1288,8 @@ public class UsbDeviceManager implements ActivityTaskManagerInternal.ScreenObser
                        mInHostModeWithNoAccessoryConnected = false;
                    }

                    setTrustRestrictUsb();

                    mAudioAccessorySupported = port.isModeSupported(MODE_AUDIO_ACCESSORY);

                    args.recycle();
@@ -1349,10 +1371,13 @@ public class UsbDeviceManager implements ActivityTaskManagerInternal.ScreenObser
                    break;
                case MSG_UPDATE_SCREEN_LOCK:
                    operationId = sUsbOperationCount.incrementAndGet();
                    if (msg.arg1 == 1 == mScreenLocked) {
                    mIsKeyguardShowing = msg.arg1 == 1;
                    boolean secure = msg.arg2 == 1;
                    setTrustRestrictUsb();
                    if ((mIsKeyguardShowing && secure) == mScreenLocked) {
                        break;
                    }
                    mScreenLocked = msg.arg1 == 1;
                    mScreenLocked = (mIsKeyguardShowing && secure);
                    if (!mBootCompleted) {
                        break;
                    }
@@ -1482,6 +1507,9 @@ public class UsbDeviceManager implements ActivityTaskManagerInternal.ScreenObser
        protected void finishBoot(int operationId) {
            if (mBootCompleted && mCurrentUsbFunctionsReceived && mSystemReady) {
                if (DEBUG) Slog.d(TAG, "finishBoot all flags true");

                setTrustRestrictUsb();

                if (mPendingBootBroadcast) {
                    updateUsbStateBroadcastIfNeeded(getAppliedFunctions(mCurrentFunctions));
                    mPendingBootBroadcast = false;
@@ -1855,6 +1883,29 @@ public class UsbDeviceManager implements ActivityTaskManagerInternal.ScreenObser
        public abstract void getUsbSpeedCb(int speed);

        public abstract void resetCb(int status);

        public void setTrustRestrictUsb() {
            final int restrictUsb = LineageSettings.Global.getInt(mContentResolver,
                    LineageSettings.Global.TRUST_RESTRICT_USB, 0);
            // Effective immediately, ejects any connected USB devices.
            // If the restriction is set to "only when locked", only execute once USB is
            // disconnected and keyguard is showing, to avoid ejecting connected devices
            // on lock
            final boolean usbConnected = mConnected || mHostConnected;
            final boolean shouldRestrict = (restrictUsb == 1 && mIsKeyguardShowing && !usbConnected)
                    || restrictUsb == 2;

            UsbManager usbManager = mContext.getSystemService(UsbManager.class);
            try {
                if (usbManager != null &&
                        usbManager.getUsbHalVersion() >= UsbManager.USB_HAL_V1_3) {
                    usbManager.enableUsbDataSignal(!shouldRestrict);
                }
            } catch (RuntimeException ignore) {
                // Can't get USB Hal version. Assume it's an unsupported version and
                // don't try using UsbManager to toggle USB data.
            }
        }
    }

    private static final class UsbHandlerLegacy extends UsbHandler {