diff options
| author | 2024-02-17 00:08:37 +0000 | |
|---|---|---|
| committer | 2024-02-28 05:44:02 +0000 | |
| commit | dbd2410fd1431aba65d6e3b6b6a937f91dad6e47 (patch) | |
| tree | bc60118bc0bd51c7855452ec86f4551e8168dce1 | |
| parent | b8e8bee312bbaf3d2986f5109a3ef8cc93d2f9ed (diff) | |
Allow toggling USB data access in lockdown mode
This change introduces a toggle within lockdown mode settings to enable/disable USB data access while maintaining other security restrictions.
Bug: 287498482
Test: manual testing
Change-Id: I32db2a5892aa6e132a15e5a5729baef5e78cda48
| -rw-r--r-- | services/usb/java/com/android/server/usb/UsbService.java | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/services/usb/java/com/android/server/usb/UsbService.java b/services/usb/java/com/android/server/usb/UsbService.java index d66fbe2206e9..3576da463739 100644 --- a/services/usb/java/com/android/server/usb/UsbService.java +++ b/services/usb/java/com/android/server/usb/UsbService.java @@ -48,6 +48,7 @@ import android.hardware.usb.UsbPort; import android.hardware.usb.UsbPortStatus; import android.os.Binder; import android.os.Bundle; +import android.os.Looper; import android.os.ParcelFileDescriptor; import android.os.RemoteException; import android.os.UserHandle; @@ -65,6 +66,7 @@ import com.android.internal.util.DumpUtils; import com.android.internal.util.IndentingPrintWriter; import com.android.internal.util.Preconditions; import com.android.internal.util.dump.DualDumpOutputStream; +import com.android.internal.widget.LockPatternUtils; import com.android.server.FgThread; import com.android.server.SystemServerInitThreadPool; import com.android.server.SystemService; @@ -151,6 +153,7 @@ public class UsbService extends IUsbManager.Stub { private final UsbPermissionManager mPermissionManager; static final int PACKAGE_MONITOR_OPERATION_ID = 1; + static final int STRONG_AUTH_OPERATION_ID = 2; /** * The user id of the current user. There might be several profiles (with separate user ids) * per user. @@ -272,6 +275,10 @@ public class UsbService extends IUsbManager.Stub { if (android.hardware.usb.flags.Flags.enableUsbDataSignalStaking()) { new PackageUninstallMonitor() .register(mContext, UserHandle.ALL, BackgroundThread.getHandler()); + + new LockPatternUtils(mContext) + .registerStrongAuthTracker(new StrongAuthTracker(mContext, + BackgroundThread.getHandler().getLooper())); } } @@ -1394,4 +1401,33 @@ public class UsbService extends IUsbManager.Stub { } } } + + /** + * Implements a callback within StrongAuthTracker to disable USB data signaling + * when the device enters lockdown mode. This likely involves updating a state + * that controls USB data behavior. + */ + private class StrongAuthTracker extends LockPatternUtils.StrongAuthTracker { + private boolean mLockdownModeStatus; + + StrongAuthTracker(Context context, Looper looper) { + super(context, looper); + } + + @Override + public synchronized void onStrongAuthRequiredChanged(int userId) { + + boolean lockDownTriggeredByUser = (getStrongAuthForUser(userId) + & STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN) != 0; + //if it goes into the same lockdown status, no change is needed + if (mLockdownModeStatus == lockDownTriggeredByUser) { + return; + } + mLockdownModeStatus = lockDownTriggeredByUser; + for (UsbPort port: mPortManager.getPorts()) { + enableUsbData(port.getId(), !lockDownTriggeredByUser, STRONG_AUTH_OPERATION_ID, + new IUsbOperationInternal.Default()); + } + } + } } |