diff options
| author | 2016-09-14 13:24:52 -0700 | |
|---|---|---|
| committer | 2016-09-14 13:29:45 -0700 | |
| commit | ec3cbb2a66cfd4923b15f7eee0e78bfddb517997 (patch) | |
| tree | 1918a58417e88c6c987daa84016c4ac07806464d | |
| parent | 0bef88f3c708db0c3ba250a3accf2a14303351b2 (diff) | |
Do not access MTP devices when disabled.
The USB data transfer is disabled we should not allow access MTP devices (e.g.
usb sticks). We have two ways of accessing them: Either by mounting them
or by creating a MTPDevice in an app.
Of course an app could implement implement their own MTPDevice
implementation. In this case we cannot enforce the policy without
completely suppressing all MTP USB devices which would be too
restrictive.
Note: When the policy is set we do _not_ disconnect already connected
MTP devices
Fixes: 31472955
Change-Id: I6080c48c49657102774b2b3b4d89ff030245a266
| -rw-r--r-- | core/java/android/hardware/usb/UsbDeviceConnection.java | 17 | ||||
| -rw-r--r-- | core/java/android/hardware/usb/UsbManager.java | 2 | ||||
| -rw-r--r-- | media/java/android/mtp/MtpDevice.java | 14 | ||||
| -rw-r--r-- | services/core/java/com/android/server/MountService.java | 17 |
4 files changed, 43 insertions, 7 deletions
diff --git a/core/java/android/hardware/usb/UsbDeviceConnection.java b/core/java/android/hardware/usb/UsbDeviceConnection.java index 6f3993578d84..1f09a9aa7848 100644 --- a/core/java/android/hardware/usb/UsbDeviceConnection.java +++ b/core/java/android/hardware/usb/UsbDeviceConnection.java @@ -16,7 +16,10 @@ package android.hardware.usb; +import android.annotation.NonNull; +import android.annotation.Nullable; import android.annotation.SystemApi; +import android.content.Context; import android.os.ParcelFileDescriptor; import dalvik.system.CloseGuard; @@ -33,6 +36,8 @@ public class UsbDeviceConnection { private final UsbDevice mDevice; + private Context mContext; + // used by the JNI code private long mNativeContext; @@ -46,7 +51,8 @@ public class UsbDeviceConnection { mDevice = device; } - /* package */ boolean open(String name, ParcelFileDescriptor pfd) { + /* package */ boolean open(String name, ParcelFileDescriptor pfd, @NonNull Context context) { + mContext = context.getApplicationContext(); boolean wasOpened = native_open(name, pfd.getFileDescriptor()); if (wasOpened) { @@ -57,6 +63,15 @@ public class UsbDeviceConnection { } /** + * @return The application context the connection was created for. + * + * @hide + */ + public @Nullable Context getContext() { + return mContext; + } + + /** * Releases all system resources related to the device. * Once the object is closed it cannot be used again. * The client must call {@link UsbManager#openDevice} again diff --git a/core/java/android/hardware/usb/UsbManager.java b/core/java/android/hardware/usb/UsbManager.java index df4785ee45d9..1d20c78cdc97 100644 --- a/core/java/android/hardware/usb/UsbManager.java +++ b/core/java/android/hardware/usb/UsbManager.java @@ -332,7 +332,7 @@ public class UsbManager { ParcelFileDescriptor pfd = mService.openDevice(deviceName); if (pfd != null) { UsbDeviceConnection connection = new UsbDeviceConnection(device); - boolean result = connection.open(deviceName, pfd); + boolean result = connection.open(deviceName, pfd, mContext); pfd.close(); if (result) { return connection; diff --git a/media/java/android/mtp/MtpDevice.java b/media/java/android/mtp/MtpDevice.java index 6970cffa2c6e..4e7551c1e855 100644 --- a/media/java/android/mtp/MtpDevice.java +++ b/media/java/android/mtp/MtpDevice.java @@ -18,11 +18,13 @@ package android.mtp; import android.annotation.NonNull; import android.annotation.Nullable; +import android.content.Context; import android.hardware.usb.UsbDevice; import android.hardware.usb.UsbDeviceConnection; import android.os.CancellationSignal; import android.os.ParcelFileDescriptor; +import android.os.UserManager; import com.android.internal.util.Preconditions; import java.io.IOException; @@ -63,7 +65,17 @@ public final class MtpDevice { * @return true if the device was successfully opened. */ public boolean open(@NonNull UsbDeviceConnection connection) { - boolean result = native_open(mDevice.getDeviceName(), connection.getFileDescriptor()); + boolean result = false; + + Context context = connection.getContext(); + if (context != null) { + UserManager userManager = (UserManager) context.getSystemService(Context.USER_SERVICE); + + if (!userManager.hasUserRestriction(UserManager.DISALLOW_USB_FILE_TRANSFER)) { + result = native_open(mDevice.getDeviceName(), connection.getFileDescriptor()); + } + } + if (!result) { connection.close(); } diff --git a/services/core/java/com/android/server/MountService.java b/services/core/java/com/android/server/MountService.java index dc48cea98e6c..b9a483138520 100644 --- a/services/core/java/com/android/server/MountService.java +++ b/services/core/java/com/android/server/MountService.java @@ -1437,13 +1437,22 @@ class MountService extends IMountService.Stub * Decide if volume is mountable per device policies. */ private boolean isMountDisallowed(VolumeInfo vol) { + UserManager userManager = mContext.getSystemService(UserManager.class); + + boolean isUsbRestricted = false; + if (vol.disk != null && vol.disk.isUsb()) { + isUsbRestricted = userManager.hasUserRestriction(UserManager.DISALLOW_USB_FILE_TRANSFER, + Binder.getCallingUserHandle()); + } + + boolean isTypeRestricted = false; if (vol.type == VolumeInfo.TYPE_PUBLIC || vol.type == VolumeInfo.TYPE_PRIVATE) { - final UserManager userManager = mContext.getSystemService(UserManager.class); - return userManager.hasUserRestriction(UserManager.DISALLOW_MOUNT_PHYSICAL_MEDIA, + isTypeRestricted = userManager + .hasUserRestriction(UserManager.DISALLOW_MOUNT_PHYSICAL_MEDIA, Binder.getCallingUserHandle()); - } else { - return false; } + + return isUsbRestricted || isTypeRestricted; } private void enforceAdminUser() { |