Loading services/usb/java/com/android/server/usb/UsbHostManager.java +2 −2 Original line number Original line Diff line number Diff line Loading @@ -488,7 +488,7 @@ public class UsbHostManager { * Opens the specified USB device * Opens the specified USB device */ */ public ParcelFileDescriptor openDevice(String deviceAddress, public ParcelFileDescriptor openDevice(String deviceAddress, UsbUserPermissionManager permissions, String packageName, int uid) { UsbUserPermissionManager permissions, String packageName, int pid, int uid) { synchronized (mLock) { synchronized (mLock) { if (isBlackListed(deviceAddress)) { if (isBlackListed(deviceAddress)) { throw new SecurityException("USB device is on a restricted bus"); throw new SecurityException("USB device is on a restricted bus"); Loading @@ -500,7 +500,7 @@ public class UsbHostManager { "device " + deviceAddress + " does not exist or is restricted"); "device " + deviceAddress + " does not exist or is restricted"); } } permissions.checkPermission(device, packageName, uid); permissions.checkPermission(device, packageName, pid, uid); return nativeOpenDevice(deviceAddress); return nativeOpenDevice(deviceAddress); } } } } Loading services/usb/java/com/android/server/usb/UsbSerialReader.java +1 −1 Original line number Original line Diff line number Diff line Loading @@ -93,7 +93,7 @@ class UsbSerialReader extends IUsbSerialReader.Stub { int userId = UserHandle.getUserId(uid); int userId = UserHandle.getUserId(uid); if (mDevice instanceof UsbDevice) { if (mDevice instanceof UsbDevice) { mPermissionManager.getPermissionsForUser(userId) mPermissionManager.getPermissionsForUser(userId) .checkPermission((UsbDevice) mDevice, packageName, uid); .checkPermission((UsbDevice) mDevice, packageName, pid, uid); } else { } else { mPermissionManager.getPermissionsForUser(userId) mPermissionManager.getPermissionsForUser(userId) .checkPermission((UsbAccessory) mDevice, uid); .checkPermission((UsbAccessory) mDevice, uid); Loading services/usb/java/com/android/server/usb/UsbService.java +6 −3 Original line number Original line Diff line number Diff line Loading @@ -262,6 +262,7 @@ public class UsbService extends IUsbManager.Stub { if (mHostManager != null) { if (mHostManager != null) { if (deviceName != null) { if (deviceName != null) { int uid = Binder.getCallingUid(); int uid = Binder.getCallingUid(); int pid = Binder.getCallingPid(); int user = UserHandle.getUserId(uid); int user = UserHandle.getUserId(uid); long ident = clearCallingIdentity(); long ident = clearCallingIdentity(); Loading @@ -269,7 +270,7 @@ public class UsbService extends IUsbManager.Stub { synchronized (mLock) { synchronized (mLock) { if (mUserManager.isSameProfileGroup(user, mCurrentUserId)) { if (mUserManager.isSameProfileGroup(user, mCurrentUserId)) { fd = mHostManager.openDevice(deviceName, getPermissionsForUser(user), fd = mHostManager.openDevice(deviceName, getPermissionsForUser(user), packageName, uid); packageName, pid, uid); } else { } else { Slog.w(TAG, "Cannot open " + deviceName + " for user " + user Slog.w(TAG, "Cannot open " + deviceName + " for user " + user + " as user is not active."); + " as user is not active."); Loading Loading @@ -469,11 +470,12 @@ public class UsbService extends IUsbManager.Stub { @Override @Override public boolean hasDevicePermission(UsbDevice device, String packageName) { public boolean hasDevicePermission(UsbDevice device, String packageName) { final int uid = Binder.getCallingUid(); final int uid = Binder.getCallingUid(); final int pid = Binder.getCallingPid(); final int userId = UserHandle.getUserId(uid); final int userId = UserHandle.getUserId(uid); final long token = Binder.clearCallingIdentity(); final long token = Binder.clearCallingIdentity(); try { try { return getPermissionsForUser(userId).hasPermission(device, packageName, uid); return getPermissionsForUser(userId).hasPermission(device, packageName, pid, uid); } finally { } finally { Binder.restoreCallingIdentity(token); Binder.restoreCallingIdentity(token); } } Loading @@ -495,11 +497,12 @@ public class UsbService extends IUsbManager.Stub { @Override @Override public void requestDevicePermission(UsbDevice device, String packageName, PendingIntent pi) { public void requestDevicePermission(UsbDevice device, String packageName, PendingIntent pi) { final int uid = Binder.getCallingUid(); final int uid = Binder.getCallingUid(); final int pid = Binder.getCallingPid(); final int userId = UserHandle.getUserId(uid); final int userId = UserHandle.getUserId(uid); final long token = Binder.clearCallingIdentity(); final long token = Binder.clearCallingIdentity(); try { try { getPermissionsForUser(userId).requestPermission(device, packageName, pi, uid); getPermissionsForUser(userId).requestPermission(device, packageName, pi, pid, uid); } finally { } finally { Binder.restoreCallingIdentity(token); Binder.restoreCallingIdentity(token); } } Loading services/usb/java/com/android/server/usb/UsbUserPermissionManager.java +13 −9 Original line number Original line Diff line number Diff line Loading @@ -186,12 +186,14 @@ class UsbUserPermissionManager { * Returns true if package with uid has permission to access the device. * Returns true if package with uid has permission to access the device. * * * @param device to check permission for * @param device to check permission for * @param pid to check permission for * @param uid to check permission for * @param uid to check permission for * @return {@code true} if package with uid has permission * @return {@code true} if package with uid has permission */ */ boolean hasPermission(@NonNull UsbDevice device, @NonNull String packageName, int uid) { boolean hasPermission(@NonNull UsbDevice device, @NonNull String packageName, int pid, int uid) { if (isCameraDevicePresent(device)) { if (isCameraDevicePresent(device)) { if (!isCameraPermissionGranted(packageName, uid)) { if (!isCameraPermissionGranted(packageName, pid, uid)) { return false; return false; } } } } Loading Loading @@ -615,10 +617,11 @@ class UsbUserPermissionManager { * Check for camera permission of the calling process. * Check for camera permission of the calling process. * * * @param packageName Package name of the caller. * @param packageName Package name of the caller. * @param pid Linux pid of the calling process. * @param uid Linux uid of the calling process. * @param uid Linux uid of the calling process. * @return True in case camera permission is available, False otherwise. * @return True in case camera permission is available, False otherwise. */ */ private boolean isCameraPermissionGranted(String packageName, int uid) { private boolean isCameraPermissionGranted(String packageName, int pid, int uid) { int targetSdkVersion = android.os.Build.VERSION_CODES.P; int targetSdkVersion = android.os.Build.VERSION_CODES.P; try { try { ApplicationInfo aInfo = mContext.getPackageManager().getApplicationInfo(packageName, 0); ApplicationInfo aInfo = mContext.getPackageManager().getApplicationInfo(packageName, 0); Loading @@ -634,7 +637,7 @@ class UsbUserPermissionManager { } } if (targetSdkVersion >= android.os.Build.VERSION_CODES.P) { if (targetSdkVersion >= android.os.Build.VERSION_CODES.P) { int allowed = mContext.checkCallingPermission(android.Manifest.permission.CAMERA); int allowed = mContext.checkPermission(android.Manifest.permission.CAMERA, pid, uid); if (android.content.pm.PackageManager.PERMISSION_DENIED == allowed) { if (android.content.pm.PackageManager.PERMISSION_DENIED == allowed) { Slog.i(TAG, "Camera permission required for USB video class devices"); Slog.i(TAG, "Camera permission required for USB video class devices"); return false; return false; Loading @@ -644,8 +647,8 @@ class UsbUserPermissionManager { return true; return true; } } public void checkPermission(UsbDevice device, String packageName, int uid) { public void checkPermission(UsbDevice device, String packageName, int pid, int uid) { if (!hasPermission(device, packageName, uid)) { if (!hasPermission(device, packageName, pid, uid)) { throw new SecurityException("User has not given " + uid + "/" + packageName throw new SecurityException("User has not given " + uid + "/" + packageName + " permission to access device " + device.getDeviceName()); + " permission to access device " + device.getDeviceName()); } } Loading Loading @@ -678,11 +681,12 @@ class UsbUserPermissionManager { requestPermissionDialog(device, accessory, canBeDefault, packageName, uid, mContext, pi); requestPermissionDialog(device, accessory, canBeDefault, packageName, uid, mContext, pi); } } public void requestPermission(UsbDevice device, String packageName, PendingIntent pi, int uid) { public void requestPermission(UsbDevice device, String packageName, PendingIntent pi, int pid, int uid) { Intent intent = new Intent(); Intent intent = new Intent(); // respond immediately if permission has already been granted // respond immediately if permission has already been granted if (hasPermission(device, packageName, uid)) { if (hasPermission(device, packageName, pid, uid)) { intent.putExtra(UsbManager.EXTRA_DEVICE, device); intent.putExtra(UsbManager.EXTRA_DEVICE, device); intent.putExtra(UsbManager.EXTRA_PERMISSION_GRANTED, true); intent.putExtra(UsbManager.EXTRA_PERMISSION_GRANTED, true); try { try { Loading @@ -693,7 +697,7 @@ class UsbUserPermissionManager { return; return; } } if (isCameraDevicePresent(device)) { if (isCameraDevicePresent(device)) { if (!isCameraPermissionGranted(packageName, uid)) { if (!isCameraPermissionGranted(packageName, pid, uid)) { intent.putExtra(UsbManager.EXTRA_DEVICE, device); intent.putExtra(UsbManager.EXTRA_DEVICE, device); intent.putExtra(UsbManager.EXTRA_PERMISSION_GRANTED, false); intent.putExtra(UsbManager.EXTRA_PERMISSION_GRANTED, false); try { try { Loading Loading
services/usb/java/com/android/server/usb/UsbHostManager.java +2 −2 Original line number Original line Diff line number Diff line Loading @@ -488,7 +488,7 @@ public class UsbHostManager { * Opens the specified USB device * Opens the specified USB device */ */ public ParcelFileDescriptor openDevice(String deviceAddress, public ParcelFileDescriptor openDevice(String deviceAddress, UsbUserPermissionManager permissions, String packageName, int uid) { UsbUserPermissionManager permissions, String packageName, int pid, int uid) { synchronized (mLock) { synchronized (mLock) { if (isBlackListed(deviceAddress)) { if (isBlackListed(deviceAddress)) { throw new SecurityException("USB device is on a restricted bus"); throw new SecurityException("USB device is on a restricted bus"); Loading @@ -500,7 +500,7 @@ public class UsbHostManager { "device " + deviceAddress + " does not exist or is restricted"); "device " + deviceAddress + " does not exist or is restricted"); } } permissions.checkPermission(device, packageName, uid); permissions.checkPermission(device, packageName, pid, uid); return nativeOpenDevice(deviceAddress); return nativeOpenDevice(deviceAddress); } } } } Loading
services/usb/java/com/android/server/usb/UsbSerialReader.java +1 −1 Original line number Original line Diff line number Diff line Loading @@ -93,7 +93,7 @@ class UsbSerialReader extends IUsbSerialReader.Stub { int userId = UserHandle.getUserId(uid); int userId = UserHandle.getUserId(uid); if (mDevice instanceof UsbDevice) { if (mDevice instanceof UsbDevice) { mPermissionManager.getPermissionsForUser(userId) mPermissionManager.getPermissionsForUser(userId) .checkPermission((UsbDevice) mDevice, packageName, uid); .checkPermission((UsbDevice) mDevice, packageName, pid, uid); } else { } else { mPermissionManager.getPermissionsForUser(userId) mPermissionManager.getPermissionsForUser(userId) .checkPermission((UsbAccessory) mDevice, uid); .checkPermission((UsbAccessory) mDevice, uid); Loading
services/usb/java/com/android/server/usb/UsbService.java +6 −3 Original line number Original line Diff line number Diff line Loading @@ -262,6 +262,7 @@ public class UsbService extends IUsbManager.Stub { if (mHostManager != null) { if (mHostManager != null) { if (deviceName != null) { if (deviceName != null) { int uid = Binder.getCallingUid(); int uid = Binder.getCallingUid(); int pid = Binder.getCallingPid(); int user = UserHandle.getUserId(uid); int user = UserHandle.getUserId(uid); long ident = clearCallingIdentity(); long ident = clearCallingIdentity(); Loading @@ -269,7 +270,7 @@ public class UsbService extends IUsbManager.Stub { synchronized (mLock) { synchronized (mLock) { if (mUserManager.isSameProfileGroup(user, mCurrentUserId)) { if (mUserManager.isSameProfileGroup(user, mCurrentUserId)) { fd = mHostManager.openDevice(deviceName, getPermissionsForUser(user), fd = mHostManager.openDevice(deviceName, getPermissionsForUser(user), packageName, uid); packageName, pid, uid); } else { } else { Slog.w(TAG, "Cannot open " + deviceName + " for user " + user Slog.w(TAG, "Cannot open " + deviceName + " for user " + user + " as user is not active."); + " as user is not active."); Loading Loading @@ -469,11 +470,12 @@ public class UsbService extends IUsbManager.Stub { @Override @Override public boolean hasDevicePermission(UsbDevice device, String packageName) { public boolean hasDevicePermission(UsbDevice device, String packageName) { final int uid = Binder.getCallingUid(); final int uid = Binder.getCallingUid(); final int pid = Binder.getCallingPid(); final int userId = UserHandle.getUserId(uid); final int userId = UserHandle.getUserId(uid); final long token = Binder.clearCallingIdentity(); final long token = Binder.clearCallingIdentity(); try { try { return getPermissionsForUser(userId).hasPermission(device, packageName, uid); return getPermissionsForUser(userId).hasPermission(device, packageName, pid, uid); } finally { } finally { Binder.restoreCallingIdentity(token); Binder.restoreCallingIdentity(token); } } Loading @@ -495,11 +497,12 @@ public class UsbService extends IUsbManager.Stub { @Override @Override public void requestDevicePermission(UsbDevice device, String packageName, PendingIntent pi) { public void requestDevicePermission(UsbDevice device, String packageName, PendingIntent pi) { final int uid = Binder.getCallingUid(); final int uid = Binder.getCallingUid(); final int pid = Binder.getCallingPid(); final int userId = UserHandle.getUserId(uid); final int userId = UserHandle.getUserId(uid); final long token = Binder.clearCallingIdentity(); final long token = Binder.clearCallingIdentity(); try { try { getPermissionsForUser(userId).requestPermission(device, packageName, pi, uid); getPermissionsForUser(userId).requestPermission(device, packageName, pi, pid, uid); } finally { } finally { Binder.restoreCallingIdentity(token); Binder.restoreCallingIdentity(token); } } Loading
services/usb/java/com/android/server/usb/UsbUserPermissionManager.java +13 −9 Original line number Original line Diff line number Diff line Loading @@ -186,12 +186,14 @@ class UsbUserPermissionManager { * Returns true if package with uid has permission to access the device. * Returns true if package with uid has permission to access the device. * * * @param device to check permission for * @param device to check permission for * @param pid to check permission for * @param uid to check permission for * @param uid to check permission for * @return {@code true} if package with uid has permission * @return {@code true} if package with uid has permission */ */ boolean hasPermission(@NonNull UsbDevice device, @NonNull String packageName, int uid) { boolean hasPermission(@NonNull UsbDevice device, @NonNull String packageName, int pid, int uid) { if (isCameraDevicePresent(device)) { if (isCameraDevicePresent(device)) { if (!isCameraPermissionGranted(packageName, uid)) { if (!isCameraPermissionGranted(packageName, pid, uid)) { return false; return false; } } } } Loading Loading @@ -615,10 +617,11 @@ class UsbUserPermissionManager { * Check for camera permission of the calling process. * Check for camera permission of the calling process. * * * @param packageName Package name of the caller. * @param packageName Package name of the caller. * @param pid Linux pid of the calling process. * @param uid Linux uid of the calling process. * @param uid Linux uid of the calling process. * @return True in case camera permission is available, False otherwise. * @return True in case camera permission is available, False otherwise. */ */ private boolean isCameraPermissionGranted(String packageName, int uid) { private boolean isCameraPermissionGranted(String packageName, int pid, int uid) { int targetSdkVersion = android.os.Build.VERSION_CODES.P; int targetSdkVersion = android.os.Build.VERSION_CODES.P; try { try { ApplicationInfo aInfo = mContext.getPackageManager().getApplicationInfo(packageName, 0); ApplicationInfo aInfo = mContext.getPackageManager().getApplicationInfo(packageName, 0); Loading @@ -634,7 +637,7 @@ class UsbUserPermissionManager { } } if (targetSdkVersion >= android.os.Build.VERSION_CODES.P) { if (targetSdkVersion >= android.os.Build.VERSION_CODES.P) { int allowed = mContext.checkCallingPermission(android.Manifest.permission.CAMERA); int allowed = mContext.checkPermission(android.Manifest.permission.CAMERA, pid, uid); if (android.content.pm.PackageManager.PERMISSION_DENIED == allowed) { if (android.content.pm.PackageManager.PERMISSION_DENIED == allowed) { Slog.i(TAG, "Camera permission required for USB video class devices"); Slog.i(TAG, "Camera permission required for USB video class devices"); return false; return false; Loading @@ -644,8 +647,8 @@ class UsbUserPermissionManager { return true; return true; } } public void checkPermission(UsbDevice device, String packageName, int uid) { public void checkPermission(UsbDevice device, String packageName, int pid, int uid) { if (!hasPermission(device, packageName, uid)) { if (!hasPermission(device, packageName, pid, uid)) { throw new SecurityException("User has not given " + uid + "/" + packageName throw new SecurityException("User has not given " + uid + "/" + packageName + " permission to access device " + device.getDeviceName()); + " permission to access device " + device.getDeviceName()); } } Loading Loading @@ -678,11 +681,12 @@ class UsbUserPermissionManager { requestPermissionDialog(device, accessory, canBeDefault, packageName, uid, mContext, pi); requestPermissionDialog(device, accessory, canBeDefault, packageName, uid, mContext, pi); } } public void requestPermission(UsbDevice device, String packageName, PendingIntent pi, int uid) { public void requestPermission(UsbDevice device, String packageName, PendingIntent pi, int pid, int uid) { Intent intent = new Intent(); Intent intent = new Intent(); // respond immediately if permission has already been granted // respond immediately if permission has already been granted if (hasPermission(device, packageName, uid)) { if (hasPermission(device, packageName, pid, uid)) { intent.putExtra(UsbManager.EXTRA_DEVICE, device); intent.putExtra(UsbManager.EXTRA_DEVICE, device); intent.putExtra(UsbManager.EXTRA_PERMISSION_GRANTED, true); intent.putExtra(UsbManager.EXTRA_PERMISSION_GRANTED, true); try { try { Loading @@ -693,7 +697,7 @@ class UsbUserPermissionManager { return; return; } } if (isCameraDevicePresent(device)) { if (isCameraDevicePresent(device)) { if (!isCameraPermissionGranted(packageName, uid)) { if (!isCameraPermissionGranted(packageName, pid, uid)) { intent.putExtra(UsbManager.EXTRA_DEVICE, device); intent.putExtra(UsbManager.EXTRA_DEVICE, device); intent.putExtra(UsbManager.EXTRA_PERMISSION_GRANTED, false); intent.putExtra(UsbManager.EXTRA_PERMISSION_GRANTED, false); try { try { Loading
