Fix USB access control when adb is disabled.

When adb is disabled, the default usb mode would be "none", which
would turn off the driver and prevent UsbDeviceManager from receiving
any new USB connect / disconnect messages. This prevents the user
from ever enabling MTP and sharing data when adb is turned off.

As discussed in bug 21429947, we work around this problem by keeping
the USB driver in MTP mode most of the time, so that we continue to
receive USB connect / disconnect messages.

To avoid leaking confidential user photos, this change introduces an
unlocked state. Setting the mtp enabled function is now decoupled from
exposing data on the USB connection. Only if MTP is enabled and
USB data has been unlocked is confidential user data allowed to be
shared.

Bug: 21429947
Change-Id: Iefb5c7e22dc4962bf5226f2ed3d0155b5c7b413c

2 files changed, 50 insertions, 0 deletions

diff --git a/core/java/android/hardware/usb/IUsbManager.aidl b/core/java/android/hardware/usb/IUsbManager.aidl
index 881dc0f..31a6a96 100644
--- a/core/java/android/hardware/usb/IUsbManager.aidl
+++ b/core/java/android/hardware/usb/IUsbManager.aidl
@@ -85,6 +85,16 @@ interface IUsbManager
     /* Sets the current USB function. */
     void setCurrentFunction(String function);
 
+    /* Sets whether USB data (for example, MTP exposed pictures) should be made
+     * available on the USB connection. Unlocking data should only be done with
+     * user involvement, since exposing pictures or other data could leak sensitive
+     * user information.
+     */
+    void setUsbDataUnlocked(boolean unlock);
+
+    /* Returns true iff sensitive user data is exposed on the USB connection. */
+    boolean isUsbDataUnlocked();
+
     /* Allow USB debugging from the attached host. If alwaysAllow is true, add the
      * the public key to list of host keys that the user has approved.
      */
diff --git a/core/java/android/hardware/usb/UsbManager.java b/core/java/android/hardware/usb/UsbManager.java
index 000d41f..c83f466 100644
--- a/core/java/android/hardware/usb/UsbManager.java
+++ b/core/java/android/hardware/usb/UsbManager.java
@@ -142,6 +142,16 @@ public class UsbManager {
     public static final String USB_CONFIGURED = "configured";
 
     /**
+     * Boolean extra indicating whether confidential user data, such as photos, should be
+     * made available on the USB connection. This variable will only be set when the user
+     * has explicitly asked for this data to be unlocked.
+     * Used in extras for the {@link #ACTION_USB_STATE} broadcast.
+     *
+     * {@hide}
+     */
+    public static final String USB_DATA_UNLOCKED = "unlocked";
+
+    /**
      * Name of the USB mass storage USB function.
      * Used in extras for the {@link #ACTION_USB_STATE} broadcast
      *
@@ -464,4 +474,34 @@ public class UsbManager {
             Log.e(TAG, "RemoteException in setCurrentFunction", e);
         }
     }
+
+    /**
+     * Sets whether USB data (for example, MTP exposed pictures) should be made available
+     * on the USB connection. Unlocking usb data should only be done with user involvement,
+     * since exposing pictures or other data could leak sensitive user information.
+     *
+     * {@hide}
+     */
+    public void setUsbDataUnlocked(boolean unlocked) {
+        try {
+            mService.setUsbDataUnlocked(unlocked);
+        } catch (RemoteException e) {
+            Log.e(TAG, "RemoteException in setUsbDataUnlocked", e);
+        }
+    }
+
+    /**
+     * Returns {@code true} iff access to sensitive USB data is currently allowed.
+     *
+     * {@hide}
+     */
+    public boolean isUsbDataUnlocked() {
+        try {
+            return mService.isUsbDataUnlocked();
+        } catch (RemoteException e) {
+            Log.e(TAG, "RemoteException in isUsbDataUnlocked", e);
+        }
+        return false;
+    }
+
 }