From dbd2410fd1431aba65d6e3b6b6a937f91dad6e47 Mon Sep 17 00:00:00 2001
From: Xiaozhen Lin <xiaozhenl@google.com>
Date: Sat, 17 Feb 2024 00:08:37 +0000
Subject: [PATCH] Allow toggling USB data access in lockdown mode
This change introduces a toggle within lockdown mode settings to enable/disable USB data access while maintaining other security restrictions.
Bug: 287498482
Test: manual testing
Change-Id: I32db2a5892aa6e132a15e5a5729baef5e78cda48
---
.../com/android/server/usb/UsbService.java | 36 +++++++++++++++++++
1 file changed, 36 insertions(+)
diff --git a/services/usb/java/com/android/server/usb/UsbService.java b/services/usb/java/com/android/server/usb/UsbService.java
index d66fbe2206e9..3576da463739 100644
--- a/services/usb/java/com/android/server/usb/UsbService.java
+++ b/services/usb/java/com/android/server/usb/UsbService.java
@@ -48,6 +48,7 @@ import android.hardware.usb.UsbPort;
import android.hardware.usb.UsbPortStatus;
import android.os.Binder;
import android.os.Bundle;
+import android.os.Looper;
import android.os.ParcelFileDescriptor;
import android.os.RemoteException;
import android.os.UserHandle;
@@ -65,6 +66,7 @@ import com.android.internal.util.DumpUtils;
import com.android.internal.util.IndentingPrintWriter;
import com.android.internal.util.Preconditions;
import com.android.internal.util.dump.DualDumpOutputStream;
+import com.android.internal.widget.LockPatternUtils;
import com.android.server.FgThread;
import com.android.server.SystemServerInitThreadPool;
import com.android.server.SystemService;
@@ -151,6 +153,7 @@ public class UsbService extends IUsbManager.Stub {
private final UsbPermissionManager mPermissionManager;
static final int PACKAGE_MONITOR_OPERATION_ID = 1;
+ static final int STRONG_AUTH_OPERATION_ID = 2;
/**
* The user id of the current user. There might be several profiles (with separate user ids)
* per user.
@@ -272,6 +275,10 @@ public class UsbService extends IUsbManager.Stub {
if (android.hardware.usb.flags.Flags.enableUsbDataSignalStaking()) {
new PackageUninstallMonitor()
.register(mContext, UserHandle.ALL, BackgroundThread.getHandler());
+
+ new LockPatternUtils(mContext)
+ .registerStrongAuthTracker(new StrongAuthTracker(mContext,
+ BackgroundThread.getHandler().getLooper()));
}
}
@@ -1394,4 +1401,33 @@ public class UsbService extends IUsbManager.Stub {
}
}
}
+
+ /**
+ * Implements a callback within StrongAuthTracker to disable USB data signaling
+ * when the device enters lockdown mode. This likely involves updating a state
+ * that controls USB data behavior.
+ */
+ private class StrongAuthTracker extends LockPatternUtils.StrongAuthTracker {
+ private boolean mLockdownModeStatus;
+
+ StrongAuthTracker(Context context, Looper looper) {
+ super(context, looper);
+ }
+
+ @Override
+ public synchronized void onStrongAuthRequiredChanged(int userId) {
+
+ boolean lockDownTriggeredByUser = (getStrongAuthForUser(userId)
+ & STRONG_AUTH_REQUIRED_AFTER_USER_LOCKDOWN) != 0;
+ //if it goes into the same lockdown status, no change is needed
+ if (mLockdownModeStatus == lockDownTriggeredByUser) {
+ return;
+ }
+ mLockdownModeStatus = lockDownTriggeredByUser;
+ for (UsbPort port: mPortManager.getPorts()) {
+ enableUsbData(port.getId(), !lockDownTriggeredByUser, STRONG_AUTH_OPERATION_ID,
+ new IUsbOperationInternal.Default());
+ }
+ }
+ }
}
--
GitLab