summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--services/usb/java/com/android/server/usb/UsbHostManager.java4
-rw-r--r--services/usb/java/com/android/server/usb/UsbSerialReader.java2
-rw-r--r--services/usb/java/com/android/server/usb/UsbService.java9
-rw-r--r--services/usb/java/com/android/server/usb/UsbUserPermissionManager.java22
4 files changed, 22 insertions, 15 deletions
diff --git a/services/usb/java/com/android/server/usb/UsbHostManager.java b/services/usb/java/com/android/server/usb/UsbHostManager.java
index 047fcecd5a5b..9967bebf20b8 100644
--- a/services/usb/java/com/android/server/usb/UsbHostManager.java
+++ b/services/usb/java/com/android/server/usb/UsbHostManager.java
@@ -488,7 +488,7 @@ public class UsbHostManager {
* Opens the specified USB device
*/
public ParcelFileDescriptor openDevice(String deviceAddress,
- UsbUserPermissionManager permissions, String packageName, int uid) {
+ UsbUserPermissionManager permissions, String packageName, int pid, int uid) {
synchronized (mLock) {
if (isBlackListed(deviceAddress)) {
throw new SecurityException("USB device is on a restricted bus");
@@ -500,7 +500,7 @@ public class UsbHostManager {
"device " + deviceAddress + " does not exist or is restricted");
}
- permissions.checkPermission(device, packageName, uid);
+ permissions.checkPermission(device, packageName, pid, uid);
return nativeOpenDevice(deviceAddress);
}
}
diff --git a/services/usb/java/com/android/server/usb/UsbSerialReader.java b/services/usb/java/com/android/server/usb/UsbSerialReader.java
index 3151679eb545..86016bb6036f 100644
--- a/services/usb/java/com/android/server/usb/UsbSerialReader.java
+++ b/services/usb/java/com/android/server/usb/UsbSerialReader.java
@@ -93,7 +93,7 @@ class UsbSerialReader extends IUsbSerialReader.Stub {
int userId = UserHandle.getUserId(uid);
if (mDevice instanceof UsbDevice) {
mPermissionManager.getPermissionsForUser(userId)
- .checkPermission((UsbDevice) mDevice, packageName, uid);
+ .checkPermission((UsbDevice) mDevice, packageName, pid, uid);
} else {
mPermissionManager.getPermissionsForUser(userId)
.checkPermission((UsbAccessory) mDevice, uid);
diff --git a/services/usb/java/com/android/server/usb/UsbService.java b/services/usb/java/com/android/server/usb/UsbService.java
index 04936377bbfb..275319491e39 100644
--- a/services/usb/java/com/android/server/usb/UsbService.java
+++ b/services/usb/java/com/android/server/usb/UsbService.java
@@ -262,6 +262,7 @@ public class UsbService extends IUsbManager.Stub {
if (mHostManager != null) {
if (deviceName != null) {
int uid = Binder.getCallingUid();
+ int pid = Binder.getCallingPid();
int user = UserHandle.getUserId(uid);
long ident = clearCallingIdentity();
@@ -269,7 +270,7 @@ public class UsbService extends IUsbManager.Stub {
synchronized (mLock) {
if (mUserManager.isSameProfileGroup(user, mCurrentUserId)) {
fd = mHostManager.openDevice(deviceName, getPermissionsForUser(user),
- packageName, uid);
+ packageName, pid, uid);
} else {
Slog.w(TAG, "Cannot open " + deviceName + " for user " + user
+ " as user is not active.");
@@ -469,11 +470,12 @@ public class UsbService extends IUsbManager.Stub {
@Override
public boolean hasDevicePermission(UsbDevice device, String packageName) {
final int uid = Binder.getCallingUid();
+ final int pid = Binder.getCallingPid();
final int userId = UserHandle.getUserId(uid);
final long token = Binder.clearCallingIdentity();
try {
- return getPermissionsForUser(userId).hasPermission(device, packageName, uid);
+ return getPermissionsForUser(userId).hasPermission(device, packageName, pid, uid);
} finally {
Binder.restoreCallingIdentity(token);
}
@@ -495,11 +497,12 @@ public class UsbService extends IUsbManager.Stub {
@Override
public void requestDevicePermission(UsbDevice device, String packageName, PendingIntent pi) {
final int uid = Binder.getCallingUid();
+ final int pid = Binder.getCallingPid();
final int userId = UserHandle.getUserId(uid);
final long token = Binder.clearCallingIdentity();
try {
- getPermissionsForUser(userId).requestPermission(device, packageName, pi, uid);
+ getPermissionsForUser(userId).requestPermission(device, packageName, pi, pid, uid);
} finally {
Binder.restoreCallingIdentity(token);
}
diff --git a/services/usb/java/com/android/server/usb/UsbUserPermissionManager.java b/services/usb/java/com/android/server/usb/UsbUserPermissionManager.java
index e700f19adbd4..58f5484657c5 100644
--- a/services/usb/java/com/android/server/usb/UsbUserPermissionManager.java
+++ b/services/usb/java/com/android/server/usb/UsbUserPermissionManager.java
@@ -186,12 +186,14 @@ class UsbUserPermissionManager {
* Returns true if package with uid has permission to access the device.
*
* @param device to check permission for
+ * @param pid to check permission for
* @param uid to check permission for
* @return {@code true} if package with uid has permission
*/
- boolean hasPermission(@NonNull UsbDevice device, @NonNull String packageName, int uid) {
+ boolean hasPermission(@NonNull UsbDevice device, @NonNull String packageName, int pid,
+ int uid) {
if (isCameraDevicePresent(device)) {
- if (!isCameraPermissionGranted(packageName, uid)) {
+ if (!isCameraPermissionGranted(packageName, pid, uid)) {
return false;
}
}
@@ -615,10 +617,11 @@ class UsbUserPermissionManager {
* Check for camera permission of the calling process.
*
* @param packageName Package name of the caller.
+ * @param pid Linux pid of the calling process.
* @param uid Linux uid of the calling process.
* @return True in case camera permission is available, False otherwise.
*/
- private boolean isCameraPermissionGranted(String packageName, int uid) {
+ private boolean isCameraPermissionGranted(String packageName, int pid, int uid) {
int targetSdkVersion = android.os.Build.VERSION_CODES.P;
try {
ApplicationInfo aInfo = mContext.getPackageManager().getApplicationInfo(packageName, 0);
@@ -634,7 +637,7 @@ class UsbUserPermissionManager {
}
if (targetSdkVersion >= android.os.Build.VERSION_CODES.P) {
- int allowed = mContext.checkCallingPermission(android.Manifest.permission.CAMERA);
+ int allowed = mContext.checkPermission(android.Manifest.permission.CAMERA, pid, uid);
if (android.content.pm.PackageManager.PERMISSION_DENIED == allowed) {
Slog.i(TAG, "Camera permission required for USB video class devices");
return false;
@@ -644,8 +647,8 @@ class UsbUserPermissionManager {
return true;
}
- public void checkPermission(UsbDevice device, String packageName, int uid) {
- if (!hasPermission(device, packageName, uid)) {
+ public void checkPermission(UsbDevice device, String packageName, int pid, int uid) {
+ if (!hasPermission(device, packageName, pid, uid)) {
throw new SecurityException("User has not given " + uid + "/" + packageName
+ " permission to access device " + device.getDeviceName());
}
@@ -678,11 +681,12 @@ class UsbUserPermissionManager {
requestPermissionDialog(device, accessory, canBeDefault, packageName, uid, mContext, pi);
}
- public void requestPermission(UsbDevice device, String packageName, PendingIntent pi, int uid) {
+ public void requestPermission(UsbDevice device, String packageName, PendingIntent pi, int pid,
+ int uid) {
Intent intent = new Intent();
// respond immediately if permission has already been granted
- if (hasPermission(device, packageName, uid)) {
+ if (hasPermission(device, packageName, pid, uid)) {
intent.putExtra(UsbManager.EXTRA_DEVICE, device);
intent.putExtra(UsbManager.EXTRA_PERMISSION_GRANTED, true);
try {
@@ -693,7 +697,7 @@ class UsbUserPermissionManager {
return;
}
if (isCameraDevicePresent(device)) {
- if (!isCameraPermissionGranted(packageName, uid)) {
+ if (!isCameraPermissionGranted(packageName, pid, uid)) {
intent.putExtra(UsbManager.EXTRA_DEVICE, device);
intent.putExtra(UsbManager.EXTRA_PERMISSION_GRANTED, false);
try {
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 06:23:03 +0000