Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a8e3a898 authored by Mike Lockwood's avatar Mike Lockwood
Browse files

UsbService: Add support for blacklisting certain USB busses 



This can be used to prevent applications from connecting to
sensitive internal USB devices (like the modem)

Change-Id: I6587f58018e3f8d8f78405d4004cce64db23b628
Signed-off-by: default avatarMike Lockwood <lockwood@android.com>
parent 9f1f586f

core/res/res/values/config.xml

+8 −0
Original line number Diff line number Diff line
@@ -284,6 +284,14 @@ 
    <!-- Indicate whether the device has USB host support. -->

    <bool name="config_hasUsbHostSupport">false</bool>



    <!-- List of file paths for USB host busses to exclude from USB host support.

         For example, if the first USB bus on the device is used to communicate

         with the modem or some other restricted hardware, add "/dev/bus/usb/001/"

         to this list.  If this is empty, no parts of the host USB bus will be excluded.

    -->

    <string-array name="config_usbHostBlacklist">

    </string-array>



    <!-- Vibrator pattern for feedback about a long screen/key press -->

    <integer-array name="config_longPressVibePattern">

        <item>0</item>

services/java/com/android/server/UsbService.java

+23 −0
Original line number Diff line number Diff line
@@ -83,6 +83,9 @@ class UsbService extends IUsbManager.Stub { 


    private final HashMap<String,UsbDevice> mDevices = new HashMap<String,UsbDevice>();



    // USB busses to exclude from USB host support

    private final String[] mHostBlacklist;



    private boolean mSystemReady;



    private final Context mContext;
@@ -143,6 +146,9 @@ class UsbService extends IUsbManager.Stub { 


    public UsbService(Context context) {

        mContext = context;

        mHostBlacklist = context.getResources().getStringArray(

                com.android.internal.R.array.config_usbHostBlacklist);



        init();  // set initial status



        if (mConfiguration >= 0) {
@@ -197,6 +203,16 @@ class UsbService extends IUsbManager.Stub { 
        }

    }



    private boolean isBlackListed(String deviceName) {

        int count = mHostBlacklist.length;

        for (int i = 0; i < count; i++) {

            if (deviceName.startsWith(mHostBlacklist[i])) {

                return true;

            }

        }

        return false;

    }



    // called from JNI in monitorUsbHostBus()

    private void usbDeviceAdded(String deviceName, int vendorID, int productID,

            int deviceClass, int deviceSubclass, int deviceProtocol,
@@ -212,6 +228,10 @@ class UsbService extends IUsbManager.Stub { 
            return;

        }



        if (isBlackListed(deviceName)) {

            return;

        }



        synchronized (mDevices) {

            if (mDevices.get(deviceName) != null) {

                Log.w(TAG, "device already on mDevices list: " + deviceName);
@@ -328,6 +348,9 @@ class UsbService extends IUsbManager.Stub { 
    }



    public ParcelFileDescriptor openDevice(String deviceName) {

        if (isBlackListed(deviceName)) {

            throw new SecurityException("USB device is on a restricted bus");

        }

        mContext.enforceCallingOrSelfPermission(android.Manifest.permission.ACCESS_USB, null);

        return nativeOpenDevice(deviceName);

    }