UsbService: Add support for blacklisting certain USB busses
This can be used to prevent applications from connecting to
sensitive internal USB devices (like the modem)
Change-Id: I6587f58018e3f8d8f78405d4004cce64db23b628
Signed-off-by: Mike Lockwood <lockwood@android.com>
diff --git a/services/java/com/android/server/UsbService.java b/services/java/com/android/server/UsbService.java
index 5c03fb2..45b0fcf 100644
--- a/services/java/com/android/server/UsbService.java
+++ b/services/java/com/android/server/UsbService.java
@@ -83,6 +83,9 @@
private final HashMap<String,UsbDevice> mDevices = new HashMap<String,UsbDevice>();
+ // USB busses to exclude from USB host support
+ private final String[] mHostBlacklist;
+
private boolean mSystemReady;
private final Context mContext;
@@ -143,6 +146,9 @@
public UsbService(Context context) {
mContext = context;
+ mHostBlacklist = context.getResources().getStringArray(
+ com.android.internal.R.array.config_usbHostBlacklist);
+
init(); // set initial status
if (mConfiguration >= 0) {
@@ -197,6 +203,16 @@
}
}
+ private boolean isBlackListed(String deviceName) {
+ int count = mHostBlacklist.length;
+ for (int i = 0; i < count; i++) {
+ if (deviceName.startsWith(mHostBlacklist[i])) {
+ return true;
+ }
+ }
+ return false;
+ }
+
// called from JNI in monitorUsbHostBus()
private void usbDeviceAdded(String deviceName, int vendorID, int productID,
int deviceClass, int deviceSubclass, int deviceProtocol,
@@ -212,6 +228,10 @@
return;
}
+ if (isBlackListed(deviceName)) {
+ return;
+ }
+
synchronized (mDevices) {
if (mDevices.get(deviceName) != null) {
Log.w(TAG, "device already on mDevices list: " + deviceName);
@@ -328,6 +348,9 @@
}
public ParcelFileDescriptor openDevice(String deviceName) {
+ if (isBlackListed(deviceName)) {
+ throw new SecurityException("USB device is on a restricted bus");
+ }
mContext.enforceCallingOrSelfPermission(android.Manifest.permission.ACCESS_USB, null);
return nativeOpenDevice(deviceName);
}