diff options
| author | 2011-02-01 13:46:50 -0500 | |
|---|---|---|
| committer | 2011-02-01 13:46:50 -0500 | |
| commit | a8e3a898a2bc004ca1fcd278b68f5da5c344afbb (patch) | |
| tree | 6c7a17ff0e23dc2e542b7a363f5a0cc463c8754c | |
| parent | 9f1f586f805f4510b2518b98b2bfbee0abbcc016 (diff) | |
UsbService: Add support for blacklisting certain USB busses
This can be used to prevent applications from connecting to
sensitive internal USB devices (like the modem)
Change-Id: I6587f58018e3f8d8f78405d4004cce64db23b628
Signed-off-by: Mike Lockwood <lockwood@android.com>
| -rw-r--r-- | core/res/res/values/config.xml | 8 | ||||
| -rw-r--r-- | services/java/com/android/server/UsbService.java | 23 |
2 files changed, 31 insertions, 0 deletions
diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml index e0c26d4771d2..47ebedfdf9b8 100644 --- a/core/res/res/values/config.xml +++ b/core/res/res/values/config.xml @@ -284,6 +284,14 @@ <!-- Indicate whether the device has USB host support. --> <bool name="config_hasUsbHostSupport">false</bool> + <!-- List of file paths for USB host busses to exclude from USB host support. + For example, if the first USB bus on the device is used to communicate + with the modem or some other restricted hardware, add "/dev/bus/usb/001/" + to this list. If this is empty, no parts of the host USB bus will be excluded. + --> + <string-array name="config_usbHostBlacklist"> + </string-array> + <!-- Vibrator pattern for feedback about a long screen/key press --> <integer-array name="config_longPressVibePattern"> <item>0</item> diff --git a/services/java/com/android/server/UsbService.java b/services/java/com/android/server/UsbService.java index 5c03fb2a76e4..45b0fcfe6821 100644 --- a/services/java/com/android/server/UsbService.java +++ b/services/java/com/android/server/UsbService.java @@ -83,6 +83,9 @@ class UsbService extends IUsbManager.Stub { private final HashMap<String,UsbDevice> mDevices = new HashMap<String,UsbDevice>(); + // USB busses to exclude from USB host support + private final String[] mHostBlacklist; + private boolean mSystemReady; private final Context mContext; @@ -143,6 +146,9 @@ class UsbService extends IUsbManager.Stub { public UsbService(Context context) { mContext = context; + mHostBlacklist = context.getResources().getStringArray( + com.android.internal.R.array.config_usbHostBlacklist); + init(); // set initial status if (mConfiguration >= 0) { @@ -197,6 +203,16 @@ class UsbService extends IUsbManager.Stub { } } + private boolean isBlackListed(String deviceName) { + int count = mHostBlacklist.length; + for (int i = 0; i < count; i++) { + if (deviceName.startsWith(mHostBlacklist[i])) { + return true; + } + } + return false; + } + // called from JNI in monitorUsbHostBus() private void usbDeviceAdded(String deviceName, int vendorID, int productID, int deviceClass, int deviceSubclass, int deviceProtocol, @@ -212,6 +228,10 @@ class UsbService extends IUsbManager.Stub { return; } + if (isBlackListed(deviceName)) { + return; + } + synchronized (mDevices) { if (mDevices.get(deviceName) != null) { Log.w(TAG, "device already on mDevices list: " + deviceName); @@ -328,6 +348,9 @@ class UsbService extends IUsbManager.Stub { } public ParcelFileDescriptor openDevice(String deviceName) { + if (isBlackListed(deviceName)) { + throw new SecurityException("USB device is on a restricted bus"); + } mContext.enforceCallingOrSelfPermission(android.Manifest.permission.ACCESS_USB, null); return nativeOpenDevice(deviceName); } |