Loading services/usb/java/com/android/server/usb/UsbHostManager.java +2 −2 Original line number Diff line number Diff line Loading @@ -488,7 +488,7 @@ public class UsbHostManager { * Opens the specified USB device */ public ParcelFileDescriptor openDevice(String deviceAddress, UsbUserPermissionManager permissions, String packageName, int uid) { UsbUserPermissionManager permissions, String packageName, int pid, int uid) { synchronized (mLock) { if (isBlackListed(deviceAddress)) { throw new SecurityException("USB device is on a restricted bus"); Loading @@ -500,7 +500,7 @@ public class UsbHostManager { "device " + deviceAddress + " does not exist or is restricted"); } permissions.checkPermission(device, packageName, uid); permissions.checkPermission(device, packageName, pid, uid); return nativeOpenDevice(deviceAddress); } } Loading services/usb/java/com/android/server/usb/UsbSerialReader.java +1 −1 Original line number Diff line number Diff line Loading @@ -93,7 +93,7 @@ class UsbSerialReader extends IUsbSerialReader.Stub { int userId = UserHandle.getUserId(uid); if (mDevice instanceof UsbDevice) { mPermissionManager.getPermissionsForUser(userId) .checkPermission((UsbDevice) mDevice, packageName, uid); .checkPermission((UsbDevice) mDevice, packageName, pid, uid); } else { mPermissionManager.getPermissionsForUser(userId) .checkPermission((UsbAccessory) mDevice, uid); Loading services/usb/java/com/android/server/usb/UsbService.java +6 −3 Original line number Diff line number Diff line Loading @@ -262,6 +262,7 @@ public class UsbService extends IUsbManager.Stub { if (mHostManager != null) { if (deviceName != null) { int uid = Binder.getCallingUid(); int pid = Binder.getCallingPid(); int user = UserHandle.getUserId(uid); long ident = clearCallingIdentity(); Loading @@ -269,7 +270,7 @@ public class UsbService extends IUsbManager.Stub { synchronized (mLock) { if (mUserManager.isSameProfileGroup(user, mCurrentUserId)) { fd = mHostManager.openDevice(deviceName, getPermissionsForUser(user), packageName, uid); packageName, pid, uid); } else { Slog.w(TAG, "Cannot open " + deviceName + " for user " + user + " as user is not active."); Loading Loading @@ -469,11 +470,12 @@ public class UsbService extends IUsbManager.Stub { @Override public boolean hasDevicePermission(UsbDevice device, String packageName) { final int uid = Binder.getCallingUid(); final int pid = Binder.getCallingPid(); final int userId = UserHandle.getUserId(uid); final long token = Binder.clearCallingIdentity(); try { return getPermissionsForUser(userId).hasPermission(device, packageName, uid); return getPermissionsForUser(userId).hasPermission(device, packageName, pid, uid); } finally { Binder.restoreCallingIdentity(token); } Loading @@ -495,11 +497,12 @@ public class UsbService extends IUsbManager.Stub { @Override public void requestDevicePermission(UsbDevice device, String packageName, PendingIntent pi) { final int uid = Binder.getCallingUid(); final int pid = Binder.getCallingPid(); final int userId = UserHandle.getUserId(uid); final long token = Binder.clearCallingIdentity(); try { getPermissionsForUser(userId).requestPermission(device, packageName, pi, uid); getPermissionsForUser(userId).requestPermission(device, packageName, pi, pid, uid); } finally { Binder.restoreCallingIdentity(token); } Loading services/usb/java/com/android/server/usb/UsbUserPermissionManager.java +13 −9 Original line number Diff line number Diff line Loading @@ -186,12 +186,14 @@ class UsbUserPermissionManager { * Returns true if package with uid has permission to access the device. * * @param device to check permission for * @param pid to check permission for * @param uid to check permission for * @return {@code true} if package with uid has permission */ boolean hasPermission(@NonNull UsbDevice device, @NonNull String packageName, int uid) { boolean hasPermission(@NonNull UsbDevice device, @NonNull String packageName, int pid, int uid) { if (isCameraDevicePresent(device)) { if (!isCameraPermissionGranted(packageName, uid)) { if (!isCameraPermissionGranted(packageName, pid, uid)) { return false; } } Loading Loading @@ -615,10 +617,11 @@ class UsbUserPermissionManager { * Check for camera permission of the calling process. * * @param packageName Package name of the caller. * @param pid Linux pid of the calling process. * @param uid Linux uid of the calling process. * @return True in case camera permission is available, False otherwise. */ private boolean isCameraPermissionGranted(String packageName, int uid) { private boolean isCameraPermissionGranted(String packageName, int pid, int uid) { int targetSdkVersion = android.os.Build.VERSION_CODES.P; try { ApplicationInfo aInfo = mContext.getPackageManager().getApplicationInfo(packageName, 0); Loading @@ -634,7 +637,7 @@ class UsbUserPermissionManager { } if (targetSdkVersion >= android.os.Build.VERSION_CODES.P) { int allowed = mContext.checkCallingPermission(android.Manifest.permission.CAMERA); int allowed = mContext.checkPermission(android.Manifest.permission.CAMERA, pid, uid); if (android.content.pm.PackageManager.PERMISSION_DENIED == allowed) { Slog.i(TAG, "Camera permission required for USB video class devices"); return false; Loading @@ -644,8 +647,8 @@ class UsbUserPermissionManager { return true; } public void checkPermission(UsbDevice device, String packageName, int uid) { if (!hasPermission(device, packageName, uid)) { public void checkPermission(UsbDevice device, String packageName, int pid, int uid) { if (!hasPermission(device, packageName, pid, uid)) { throw new SecurityException("User has not given " + uid + "/" + packageName + " permission to access device " + device.getDeviceName()); } Loading Loading @@ -678,11 +681,12 @@ class UsbUserPermissionManager { requestPermissionDialog(device, accessory, canBeDefault, packageName, uid, mContext, pi); } public void requestPermission(UsbDevice device, String packageName, PendingIntent pi, int uid) { public void requestPermission(UsbDevice device, String packageName, PendingIntent pi, int pid, int uid) { Intent intent = new Intent(); // respond immediately if permission has already been granted if (hasPermission(device, packageName, uid)) { if (hasPermission(device, packageName, pid, uid)) { intent.putExtra(UsbManager.EXTRA_DEVICE, device); intent.putExtra(UsbManager.EXTRA_PERMISSION_GRANTED, true); try { Loading @@ -693,7 +697,7 @@ class UsbUserPermissionManager { return; } if (isCameraDevicePresent(device)) { if (!isCameraPermissionGranted(packageName, uid)) { if (!isCameraPermissionGranted(packageName, pid, uid)) { intent.putExtra(UsbManager.EXTRA_DEVICE, device); intent.putExtra(UsbManager.EXTRA_PERMISSION_GRANTED, false); try { Loading Loading
services/usb/java/com/android/server/usb/UsbHostManager.java +2 −2 Original line number Diff line number Diff line Loading @@ -488,7 +488,7 @@ public class UsbHostManager { * Opens the specified USB device */ public ParcelFileDescriptor openDevice(String deviceAddress, UsbUserPermissionManager permissions, String packageName, int uid) { UsbUserPermissionManager permissions, String packageName, int pid, int uid) { synchronized (mLock) { if (isBlackListed(deviceAddress)) { throw new SecurityException("USB device is on a restricted bus"); Loading @@ -500,7 +500,7 @@ public class UsbHostManager { "device " + deviceAddress + " does not exist or is restricted"); } permissions.checkPermission(device, packageName, uid); permissions.checkPermission(device, packageName, pid, uid); return nativeOpenDevice(deviceAddress); } } Loading
services/usb/java/com/android/server/usb/UsbSerialReader.java +1 −1 Original line number Diff line number Diff line Loading @@ -93,7 +93,7 @@ class UsbSerialReader extends IUsbSerialReader.Stub { int userId = UserHandle.getUserId(uid); if (mDevice instanceof UsbDevice) { mPermissionManager.getPermissionsForUser(userId) .checkPermission((UsbDevice) mDevice, packageName, uid); .checkPermission((UsbDevice) mDevice, packageName, pid, uid); } else { mPermissionManager.getPermissionsForUser(userId) .checkPermission((UsbAccessory) mDevice, uid); Loading
services/usb/java/com/android/server/usb/UsbService.java +6 −3 Original line number Diff line number Diff line Loading @@ -262,6 +262,7 @@ public class UsbService extends IUsbManager.Stub { if (mHostManager != null) { if (deviceName != null) { int uid = Binder.getCallingUid(); int pid = Binder.getCallingPid(); int user = UserHandle.getUserId(uid); long ident = clearCallingIdentity(); Loading @@ -269,7 +270,7 @@ public class UsbService extends IUsbManager.Stub { synchronized (mLock) { if (mUserManager.isSameProfileGroup(user, mCurrentUserId)) { fd = mHostManager.openDevice(deviceName, getPermissionsForUser(user), packageName, uid); packageName, pid, uid); } else { Slog.w(TAG, "Cannot open " + deviceName + " for user " + user + " as user is not active."); Loading Loading @@ -469,11 +470,12 @@ public class UsbService extends IUsbManager.Stub { @Override public boolean hasDevicePermission(UsbDevice device, String packageName) { final int uid = Binder.getCallingUid(); final int pid = Binder.getCallingPid(); final int userId = UserHandle.getUserId(uid); final long token = Binder.clearCallingIdentity(); try { return getPermissionsForUser(userId).hasPermission(device, packageName, uid); return getPermissionsForUser(userId).hasPermission(device, packageName, pid, uid); } finally { Binder.restoreCallingIdentity(token); } Loading @@ -495,11 +497,12 @@ public class UsbService extends IUsbManager.Stub { @Override public void requestDevicePermission(UsbDevice device, String packageName, PendingIntent pi) { final int uid = Binder.getCallingUid(); final int pid = Binder.getCallingPid(); final int userId = UserHandle.getUserId(uid); final long token = Binder.clearCallingIdentity(); try { getPermissionsForUser(userId).requestPermission(device, packageName, pi, uid); getPermissionsForUser(userId).requestPermission(device, packageName, pi, pid, uid); } finally { Binder.restoreCallingIdentity(token); } Loading
services/usb/java/com/android/server/usb/UsbUserPermissionManager.java +13 −9 Original line number Diff line number Diff line Loading @@ -186,12 +186,14 @@ class UsbUserPermissionManager { * Returns true if package with uid has permission to access the device. * * @param device to check permission for * @param pid to check permission for * @param uid to check permission for * @return {@code true} if package with uid has permission */ boolean hasPermission(@NonNull UsbDevice device, @NonNull String packageName, int uid) { boolean hasPermission(@NonNull UsbDevice device, @NonNull String packageName, int pid, int uid) { if (isCameraDevicePresent(device)) { if (!isCameraPermissionGranted(packageName, uid)) { if (!isCameraPermissionGranted(packageName, pid, uid)) { return false; } } Loading Loading @@ -615,10 +617,11 @@ class UsbUserPermissionManager { * Check for camera permission of the calling process. * * @param packageName Package name of the caller. * @param pid Linux pid of the calling process. * @param uid Linux uid of the calling process. * @return True in case camera permission is available, False otherwise. */ private boolean isCameraPermissionGranted(String packageName, int uid) { private boolean isCameraPermissionGranted(String packageName, int pid, int uid) { int targetSdkVersion = android.os.Build.VERSION_CODES.P; try { ApplicationInfo aInfo = mContext.getPackageManager().getApplicationInfo(packageName, 0); Loading @@ -634,7 +637,7 @@ class UsbUserPermissionManager { } if (targetSdkVersion >= android.os.Build.VERSION_CODES.P) { int allowed = mContext.checkCallingPermission(android.Manifest.permission.CAMERA); int allowed = mContext.checkPermission(android.Manifest.permission.CAMERA, pid, uid); if (android.content.pm.PackageManager.PERMISSION_DENIED == allowed) { Slog.i(TAG, "Camera permission required for USB video class devices"); return false; Loading @@ -644,8 +647,8 @@ class UsbUserPermissionManager { return true; } public void checkPermission(UsbDevice device, String packageName, int uid) { if (!hasPermission(device, packageName, uid)) { public void checkPermission(UsbDevice device, String packageName, int pid, int uid) { if (!hasPermission(device, packageName, pid, uid)) { throw new SecurityException("User has not given " + uid + "/" + packageName + " permission to access device " + device.getDeviceName()); } Loading Loading @@ -678,11 +681,12 @@ class UsbUserPermissionManager { requestPermissionDialog(device, accessory, canBeDefault, packageName, uid, mContext, pi); } public void requestPermission(UsbDevice device, String packageName, PendingIntent pi, int uid) { public void requestPermission(UsbDevice device, String packageName, PendingIntent pi, int pid, int uid) { Intent intent = new Intent(); // respond immediately if permission has already been granted if (hasPermission(device, packageName, uid)) { if (hasPermission(device, packageName, pid, uid)) { intent.putExtra(UsbManager.EXTRA_DEVICE, device); intent.putExtra(UsbManager.EXTRA_PERMISSION_GRANTED, true); try { Loading @@ -693,7 +697,7 @@ class UsbUserPermissionManager { return; } if (isCameraDevicePresent(device)) { if (!isCameraPermissionGranted(packageName, uid)) { if (!isCameraPermissionGranted(packageName, pid, uid)) { intent.putExtra(UsbManager.EXTRA_DEVICE, device); intent.putExtra(UsbManager.EXTRA_PERMISSION_GRANTED, false); try { Loading
